GNUnet 0.26.2-20-ga2d76f2e4
 
Loading...
Searching...
No Matches
crypto_hpke.c
Go to the documentation of this file.
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2024 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
26#include "platform.h"
27#include "gnunet_common.h"
28#include <sodium.h>
29#include <stdint.h>
30#include "gnunet_util_lib.h"
31#include "sodium/crypto_scalarmult.h"
32#include "sodium/crypto_scalarmult_curve25519.h"
33#include "sodium/utils.h"
34
50static enum GNUNET_GenericReturnValue
51labeled_extract (const char *ctx_str,
52 const void *salt, size_t salt_len,
53 const void *label, size_t label_len,
54 const void *ikm, size_t ikm_len,
55 const uint8_t *suite_id, size_t suite_id_len,
56 struct GNUNET_ShortHashCode *prk)
57{
58 size_t labeled_ikm_len = strlen (ctx_str) + suite_id_len
59 + label_len + ikm_len;
60 uint8_t labeled_ikm[labeled_ikm_len];
61 uint8_t *tmp = labeled_ikm;
62
63 // labeled_ikm = concat("HPKE-v1", suite_id, label, ikm)
64 memcpy (tmp, ctx_str, strlen (ctx_str));
65 tmp += strlen (ctx_str);
66 memcpy (tmp, suite_id, suite_id_len);
67 tmp += suite_id_len;
68 memcpy (tmp, label, label_len);
69 tmp += label_len;
70 memcpy (tmp, ikm, ikm_len);
71 // return Extract(salt, labeled_ikm)
72 return GNUNET_CRYPTO_hkdf_extract (prk,
73 salt, salt_len,
74 labeled_ikm, labeled_ikm_len);
75}
76
77
93static enum GNUNET_GenericReturnValue
94labeled_expand (const char *ctx_str,
95 const struct GNUNET_ShortHashCode *prk,
96 const char *label, size_t label_len,
97 const void *info, size_t info_len,
98 const uint8_t *suite_id, size_t suite_id_len,
99 void *out_buf,
100 uint16_t out_len)
101{
102 uint8_t labeled_info[2 + strlen (ctx_str) + suite_id_len + label_len
103 + info_len];
104 uint8_t *tmp = labeled_info;
105 uint16_t out_len_nbo = htons (out_len);
106
107 // labeled_info = concat(I2OSP(L, 2), "HPKE-v1", suite_id,
108 // label, info)
109 memcpy (tmp, &out_len_nbo, 2);
110 tmp += 2;
111 memcpy (tmp, ctx_str, strlen (ctx_str));
112 tmp += strlen (ctx_str);
113 memcpy (tmp, suite_id, suite_id_len);
114 tmp += suite_id_len;
115 memcpy (tmp, label, label_len);
116 tmp += label_len;
117 memcpy (tmp, info, info_len);
118 return GNUNET_CRYPTO_hkdf_expand (
119 out_buf,
120 out_len,
121 prk,
122 GNUNET_CRYPTO_kdf_arg (labeled_info,
123 sizeof labeled_info));
124}
125
126
127static enum GNUNET_GenericReturnValue
128GNUNET_CRYPTO_hpke_labeled_extract_and_expand (const void *dh,
129 size_t dh_len,
130 const char *extract_ctx,
131 const char *expand_ctx,
132 const void*extract_lbl, size_t
133 extract_lbl_len,
134 const void*expand_lbl, size_t
135 expand_lbl_len,
136 const uint8_t *kem_context,
137 size_t kem_context_len,
138 const uint8_t *suite_id, size_t
139 suite_id_len,
140 struct GNUNET_ShortHashCode *
141 shared_secret)
142{
143 struct GNUNET_ShortHashCode prk;
144 // eae_prk = LabeledExtract("", "eae_prk", dh)
145 labeled_extract (extract_ctx,
146 NULL, 0,
147 extract_lbl, extract_lbl_len,
148 dh, dh_len,
149 suite_id, suite_id_len,
150 &prk);
151 return labeled_expand (expand_ctx,
152 &prk,
153 expand_lbl, expand_lbl_len,
154 kem_context, kem_context_len,
155 suite_id, suite_id_len,
156 shared_secret, sizeof *shared_secret);
157}
158
159
160// DHKEM(X25519, HKDF-256): kem_id = 32
161// concat("KEM", I2OSP(kem_id, 2))
162static uint8_t GNUNET_CRYPTO_HPKE_KEM_SUITE_ID[] = { 'K', 'E', 'M',
163 0x00, 0x20 };
164
165// DHKEM(X25519Elligator, HKDF-256): kem_id = 0x0022
166// concat("KEM", I2OSP(kem_id, 2))
167static uint8_t GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID[] = { 'K', 'E', 'M',
168 0x00, 0x22 };
169
170static enum GNUNET_GenericReturnValue
171kem_encaps_norand (uint8_t *suite_id, size_t suite_id_len,
172 const struct GNUNET_CRYPTO_HpkePublicKey *pkR,
173 const struct GNUNET_CRYPTO_HpkeEncapsulation *c,
174 const struct GNUNET_CRYPTO_HpkePrivateKey *skE,
175 struct GNUNET_ShortHashCode *shared_secret)
176{
177 struct GNUNET_CRYPTO_HpkePublicKey dh;
178 uint8_t kem_context[sizeof *c + sizeof pkR->ecdhe_key];
179
180 // dh = DH(skE, pkR)
181 if (GNUNET_OK != GNUNET_CRYPTO_ecdh_x25519 (
182 &skE->ecdhe_key,
183 &pkR->ecdhe_key,
184 &dh.ecdhe_key))
185 {
186 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
187 "HPKE KEM encaps: Validation error\n");
188 return GNUNET_SYSERR; // ValidationError
189 }
190 // enc = SerializePublicKey(pkE) is a NOP, see Section 7.1.1
191 // pkRm = SerializePublicKey(pkR) is a NOP, see Section 7.1.1
192 // kem_context = concat(enc, pkRm)
193 memcpy (kem_context, c, sizeof *c);
194 memcpy (kem_context + sizeof *c,
195 &pkR->ecdhe_key,
196 sizeof pkR->ecdhe_key);
197 // shared_secret = ExtractAndExpand(dh, kem_context)
198 return GNUNET_CRYPTO_hpke_labeled_extract_and_expand (
199 &dh.ecdhe_key, sizeof dh.ecdhe_key,
200 "HPKE-v1",
201 "HPKE-v1",
202 "eae_prk", strlen ("eae_prk"),
203 "shared_secret", strlen ("shared_secret"),
204 kem_context, sizeof kem_context,
205 suite_id, suite_id_len,
206 shared_secret);
207}
208
209
210enum GNUNET_GenericReturnValue
211GNUNET_CRYPTO_hpke_kem_encaps_norand (
212 const struct GNUNET_CRYPTO_HpkePublicKey *pkR,
213 struct GNUNET_CRYPTO_HpkeEncapsulation *enc,
214 const struct GNUNET_CRYPTO_HpkePrivateKey *skE,
215 struct GNUNET_ShortHashCode *shared_secret)
216{
217 struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pk;
218 // enc = SerializePublicKey(pkE) is a NOP, see Section 7.1.1
219 GNUNET_CRYPTO_ecdhe_key_get_public (
220 &skE->ecdhe_key,
221 &ecdh_pk);
222 GNUNET_memcpy (enc,
223 ecdh_pk.q_y,
224 sizeof ecdh_pk.q_y);
225 return kem_encaps_norand (GNUNET_CRYPTO_HPKE_KEM_SUITE_ID,
226 sizeof GNUNET_CRYPTO_HPKE_KEM_SUITE_ID,
227 pkR, enc, skE, shared_secret);
228}
229
230
231enum GNUNET_GenericReturnValue
232GNUNET_CRYPTO_hpke_kem_encaps (const struct GNUNET_CRYPTO_HpkePublicKey *
233 pub,
234 struct GNUNET_CRYPTO_HpkeEncapsulation *c,
235 struct GNUNET_ShortHashCode *shared_secret)
236{
237 struct GNUNET_CRYPTO_HpkePrivateKey skE;
238 // skE, pkE = GenerateKeyPair()
239 GNUNET_CRYPTO_ecdhe_key_create (&skE.ecdhe_key);
240
241 return GNUNET_CRYPTO_hpke_kem_encaps_norand (pub, c, &skE, shared_secret);
242}
243
244
245enum GNUNET_GenericReturnValue
246GNUNET_CRYPTO_eddsa_kem_encaps (const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
247 struct GNUNET_CRYPTO_HpkeEncapsulation *c,
248 struct GNUNET_ShortHashCode *shared_secret)
249{
250 struct GNUNET_CRYPTO_HpkePublicKey pkR;
251
252 // This maps the ed25519 point to X25519
253 if (0 != crypto_sign_ed25519_pk_to_curve25519 (pkR.ecdhe_key.q_y,
254 pub->q_y))
255 return GNUNET_SYSERR;
256
257 return GNUNET_CRYPTO_hpke_kem_encaps (&pkR, c, shared_secret);
258}
259
260
261enum GNUNET_GenericReturnValue
262GNUNET_CRYPTO_hpke_kem_decaps (const struct GNUNET_CRYPTO_HpkePrivateKey *
263 skR,
264 const struct GNUNET_CRYPTO_HpkeEncapsulation *c,
265 struct GNUNET_ShortHashCode *shared_secret)
266{
267 struct GNUNET_CRYPTO_HpkePublicKey dh;
268 uint8_t kem_context[sizeof *c + crypto_scalarmult_curve25519_BYTES];
269 uint8_t pkR[crypto_scalarmult_BYTES];
270
271 // pkE = DeserializePublicKey(enc) is a NOP, see Section 7.1.1
272 // dh = DH(skR, pkE)
273 if (GNUNET_OK !=
274 GNUNET_CRYPTO_x25519_ecdh (&skR->ecdhe_key,
275 (struct GNUNET_CRYPTO_EcdhePublicKey*) c,
276 &dh.ecdhe_key))
277 return GNUNET_SYSERR; // ValidationError
278
279 // pkRm = DeserializePublicKey(pk(skR)) is a NOP, see Section 7.1.1
280 crypto_scalarmult_curve25519_base (pkR,
281 skR->ecdhe_key.d);
282 // kem_context = concat(enc, pkRm)
283 memcpy (kem_context, c, sizeof *c);
284 memcpy (kem_context + sizeof *c, pkR, sizeof pkR);
285 // shared_secret = ExtractAndExpand(dh, kem_context)
286 return GNUNET_CRYPTO_hpke_labeled_extract_and_expand (
287 &dh.ecdhe_key, sizeof dh.ecdhe_key,
288 "HPKE-v1",
289 "HPKE-v1",
290 "eae_prk", strlen ("eae_prk"),
291 "shared_secret", strlen ("shared_secret"),
292 kem_context, sizeof kem_context,
293 GNUNET_CRYPTO_HPKE_KEM_SUITE_ID,
294 sizeof GNUNET_CRYPTO_HPKE_KEM_SUITE_ID,
295 shared_secret);
296}
297
298
299// FIXME use Ed -> Curve conversion???
300enum GNUNET_GenericReturnValue
301GNUNET_CRYPTO_eddsa_kem_decaps (const struct
302 GNUNET_CRYPTO_EddsaPrivateKey *priv,
303 const struct GNUNET_CRYPTO_HpkeEncapsulation *c,
304 struct GNUNET_ShortHashCode *shared_secret)
305{
306 struct GNUNET_CRYPTO_HpkePrivateKey skR;
307
308 // This maps the ed25519 point to X25519
309 if (0 != crypto_sign_ed25519_sk_to_curve25519 (skR.ecdhe_key.d,
310 priv->d))
311 return GNUNET_SYSERR;
312 return GNUNET_CRYPTO_hpke_kem_decaps (&skR, c, shared_secret);
313
314}
315
316
317enum GNUNET_GenericReturnValue
318GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand (
319 uint8_t random_tweak,
320 const struct GNUNET_CRYPTO_HpkePublicKey *pkR,
321 struct GNUNET_CRYPTO_HpkeEncapsulation *c,
322 const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *skE,
323 struct GNUNET_ShortHashCode *shared_secret)
324{
325 struct GNUNET_CRYPTO_HpkePublicKey pkE;
326 struct GNUNET_CRYPTO_HpkePrivateKey skE_hpke;
327 // skE, pkE = GenerateElligatorKeyPair()
328 // enc = SerializePublicKey(pkE) == c is the elligator representative
329 GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand (
330 random_tweak,
331 skE,
332 &pkE.ecdhe_key,
333 (struct GNUNET_CRYPTO_ElligatorRepresentative*) c);
334
335 GNUNET_memcpy (&skE_hpke.ecdhe_key,
336 skE,
337 sizeof *skE);
338 return kem_encaps_norand (GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID,
339 sizeof GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID,
340 pkR,
341 c,
342 &skE_hpke,
343 shared_secret);
344}
345
346
347enum GNUNET_GenericReturnValue
348GNUNET_CRYPTO_hpke_elligator_kem_encaps (
349 const struct GNUNET_CRYPTO_HpkePublicKey *pkR,
350 struct GNUNET_CRYPTO_HpkeEncapsulation *c,
351 struct GNUNET_ShortHashCode *shared_secret)
352{
353 uint8_t random_tweak;
354 struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey skE;
355
356 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
357 &random_tweak,
358 sizeof(uint8_t));
359
360 // skE, pkE = GenerateElligatorKeyPair()
361 GNUNET_CRYPTO_ecdhe_elligator_key_create (&skE);
362
363 return GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand (random_tweak, pkR, c,
364 &skE, shared_secret);
365}
366
367
368enum GNUNET_GenericReturnValue
369GNUNET_CRYPTO_hpke_elligator_kem_decaps (
370 const struct GNUNET_CRYPTO_HpkePrivateKey *skR,
371 const struct GNUNET_CRYPTO_HpkeEncapsulation *c,
372 struct GNUNET_ShortHashCode *shared_secret)
373{
374 struct GNUNET_CRYPTO_HpkePublicKey pkE;
375 struct GNUNET_CRYPTO_HpkePublicKey dh;
376 const struct GNUNET_CRYPTO_ElligatorRepresentative *r;
377 uint8_t kem_context[sizeof *r + crypto_scalarmult_curve25519_BYTES];
378 uint8_t pkR[crypto_scalarmult_BYTES];
379
380 r = (struct GNUNET_CRYPTO_ElligatorRepresentative*) c;
381 // pkE = DeserializePublicKey(enc) Elligator deserialize!
382 GNUNET_CRYPTO_ecdhe_elligator_decoding (
383 &pkE.ecdhe_key,
384 NULL,
385 r);
386 // dh = DH(skR, pkE)
387 GNUNET_assert (GNUNET_OK ==
388 GNUNET_CRYPTO_x25519_ecdh (
389 &skR->ecdhe_key,
390 &pkE.ecdhe_key,
391 &dh.ecdhe_key));
392 // pkRm = DeserializePublicKey(pk(skR)) is a NOP, see Section 7.1.1
393 crypto_scalarmult_curve25519_base (pkR,
394 skR->ecdhe_key.d);
395 memcpy (kem_context, r, sizeof *r);
396 memcpy (kem_context + sizeof *r, pkR, sizeof pkR);
397 // shared_secret = ExtractAndExpand(dh, kem_context)
398 return GNUNET_CRYPTO_hpke_labeled_extract_and_expand (
399 &dh.ecdhe_key, sizeof dh.ecdhe_key,
400 "HPKE-v1",
401 "HPKE-v1",
402 "eae_prk", strlen ("eae_prk"),
403 "shared_secret", strlen ("shared_secret"),
404 kem_context, sizeof kem_context,
405 GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID,
406 sizeof GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID,
407 shared_secret);
408}
409
410
411static enum GNUNET_GenericReturnValue
412verify_psk_inputs (enum GNUNET_CRYPTO_HpkeMode mode,
413 const uint8_t *psk, size_t psk_len,
414 const uint8_t *psk_id, size_t psk_id_len)
415{
416 bool got_psk;
417 bool got_psk_id;
418
419 got_psk = (0 != psk_len);
420 got_psk_id = (0 != psk_id_len);
421
422 if (got_psk != got_psk_id)
423 {
424 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
425 "Inconsistent PSK inputs\n");
426 return GNUNET_SYSERR;
427 }
428
429 if (got_psk &&
430 ((GNUNET_CRYPTO_HPKE_MODE_BASE == mode) ||
431 (GNUNET_CRYPTO_HPKE_MODE_AUTH == mode)))
432 {
433 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
434 "PSK input provided when not needed\n");
435 return GNUNET_SYSERR;
436 }
437 if (! got_psk &&
438 ((GNUNET_CRYPTO_HPKE_MODE_PSK == mode) ||
439 (GNUNET_CRYPTO_HPKE_MODE_AUTH_PSK == mode)))
440 {
441 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
442 "Missing required PSK input\n");
443 return GNUNET_SYSERR;
444 }
445 return GNUNET_OK;
446}
447
448
449static enum GNUNET_GenericReturnValue
450key_schedule (enum GNUNET_CRYPTO_HpkeRole role,
451 enum GNUNET_CRYPTO_HpkeMode mode,
452 const struct GNUNET_ShortHashCode *shared_secret,
453 const uint8_t *info, size_t info_len,
454 const uint8_t *psk, size_t psk_len,
455 const uint8_t *psk_id, size_t psk_id_len,
456 struct GNUNET_CRYPTO_HpkeContext *ctx)
457{
458 struct GNUNET_ShortHashCode psk_id_hash;
459 struct GNUNET_ShortHashCode info_hash;
460 struct GNUNET_ShortHashCode secret;
461 uint8_t key_schedule_context[1 + sizeof info_hash * 2];
462 uint8_t suite_id[4 + 3 * 2];
463 uint16_t kem_id = htons (32); // FIXME hardcode as constant
464 uint16_t kdf_id = htons (1); // HKDF-256 FIXME hardcode as constant
465 uint16_t aead_id = htons (3); // ChaCha20Poly1305 FIXME hardcode as constant
466
467 // DHKEM(X25519, HKDF-256): kem_id = 32
468 // concat("KEM", I2OSP(kem_id, 2))
469 memcpy (suite_id, "HPKE", 4);
470 memcpy (suite_id + 4, &kem_id, 2);
471 memcpy (suite_id + 6, &kdf_id, 2);
472 memcpy (suite_id + 8, &aead_id, 2);
473
474 if (GNUNET_OK != verify_psk_inputs (mode, psk, psk_len, psk_id, psk_id_len))
475 return GNUNET_SYSERR;
476
477 if (GNUNET_OK != labeled_extract ("HPKE-v1", NULL, 0,
478 "psk_id_hash", strlen ("psk_id_hash"),
479 psk_id, psk_id_len,
480 suite_id, sizeof suite_id, &psk_id_hash))
481 return GNUNET_SYSERR;
482 if (GNUNET_OK != labeled_extract ("HPKE-v1", NULL, 0,
483 "info_hash", strlen ("info_hash"),
484 info, info_len,
485 suite_id, sizeof suite_id, &info_hash))
486 return GNUNET_SYSERR;
487 memcpy (key_schedule_context, &mode, 1);
488 memcpy (key_schedule_context + 1, &psk_id_hash, sizeof psk_id_hash);
489 memcpy (key_schedule_context + 1 + sizeof psk_id_hash,
490 &info_hash, sizeof info_hash);
491 if (GNUNET_OK != labeled_extract ("HPKE-v1",
492 shared_secret, sizeof *shared_secret,
493 "secret", strlen ("secret"),
494 psk, psk_len,
495 suite_id, sizeof suite_id, &secret))
496 return GNUNET_SYSERR;
497 // key = LabeledExpand(secret, "key", key_schedule_context, Nk)
498 // Note: Nk == sizeof ctx->key
499 if (GNUNET_OK != labeled_expand ("HPKE-v1",
500 &secret,
501 "key", strlen ("key"),
502 &key_schedule_context,
503 sizeof key_schedule_context,
504 suite_id, sizeof suite_id,
505 ctx->key, sizeof ctx->key))
506 return GNUNET_SYSERR;
507 // base_nonce = LabeledExpand(secret, "base_nonce",
508 // key_schedule_context, Nn)
509 if (GNUNET_OK != labeled_expand ("HPKE-v1",
510 &secret,
511 "base_nonce", strlen ("base_nonce"),
512 &key_schedule_context,
513 sizeof key_schedule_context,
514 suite_id, sizeof suite_id,
515 ctx->base_nonce, sizeof ctx->base_nonce))
516 return GNUNET_SYSERR;
517 // exporter_secret = LabeledExpand(secret, "exp",
518 // key_schedule_context, Nh)
519 if (GNUNET_OK != labeled_expand ("HPKE-v1",
520 &secret,
521 "exp", strlen ("exp"),
522 &key_schedule_context,
523 sizeof key_schedule_context,
524 suite_id, sizeof suite_id,
525 &ctx->exporter_secret,
526 sizeof ctx->exporter_secret))
527 return GNUNET_SYSERR;
528 ctx->seq = 0;
529 ctx->role = role;
530 return GNUNET_OK;
531}
532
533
534enum GNUNET_GenericReturnValue
535GNUNET_CRYPTO_hpke_sender_setup2 (
536 enum GNUNET_CRYPTO_HpkeKem kem,
537 enum GNUNET_CRYPTO_HpkeMode mode,
538 struct GNUNET_CRYPTO_HpkePrivateKey *skE,
539 struct GNUNET_CRYPTO_HpkePrivateKey *skS,
540 const struct GNUNET_CRYPTO_HpkePublicKey *pkR,
541 const uint8_t *info, size_t info_len,
542 const uint8_t *psk, size_t psk_len,
543 const uint8_t *psk_id, size_t psk_id_len,
544 struct GNUNET_CRYPTO_HpkeEncapsulation *enc,
545 struct GNUNET_CRYPTO_HpkeContext *ctx)
546{
547 struct GNUNET_ShortHashCode shared_secret;
548
549 switch (mode)
550 {
551 case GNUNET_CRYPTO_HPKE_MODE_BASE:
552 case GNUNET_CRYPTO_HPKE_MODE_PSK:
553 if (kem == GNUNET_CRYPTO_HPKE_KEM_DH_X25519_HKDF256)
554 {
555 if (GNUNET_OK != GNUNET_CRYPTO_hpke_kem_encaps_norand (pkR, enc, skE,
556 &shared_secret))
557 return GNUNET_SYSERR;
558 break;
559 }
560 else if (kem ==
561 GNUNET_CRYPTO_HPKE_KEM_DH_X25519ELLIGATOR_HKDF256)
562 {
563 uint8_t random_tweak;
564 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
565 &random_tweak,
566 sizeof(uint8_t));
567 if (GNUNET_OK !=
568 GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand (random_tweak,
569 pkR,
570 enc,
571 (struct
572 GNUNET_CRYPTO_ElligatorEcdhePrivateKey
573 *) skE,
574 &shared_secret))
575 return GNUNET_SYSERR;
576 }
577 break;
578 default:
579 return GNUNET_SYSERR;
580 }
581 if (GNUNET_OK != key_schedule (GNUNET_CRYPTO_HPKE_ROLE_S,
582 mode,
583 &shared_secret,
584 info, info_len,
585 psk, psk_len,
586 psk_id, psk_id_len,
587 ctx))
588 return GNUNET_SYSERR;
589 return GNUNET_OK;
590}
591
592
593enum GNUNET_GenericReturnValue
594GNUNET_CRYPTO_hpke_sender_setup (const struct
595 GNUNET_CRYPTO_HpkePublicKey *pkR,
596 const uint8_t *info, size_t info_len,
597 struct GNUNET_CRYPTO_HpkeEncapsulation *enc,
598 struct GNUNET_CRYPTO_HpkeContext *ctx)
599{
600 struct GNUNET_CRYPTO_HpkePrivateKey sk;
601 // skE, pkE = GenerateKeyPair()
602 GNUNET_CRYPTO_ecdhe_key_create (&sk.ecdhe_key);
603
604 return GNUNET_CRYPTO_hpke_sender_setup2 (
605 GNUNET_CRYPTO_HPKE_KEM_DH_X25519_HKDF256,
606 GNUNET_CRYPTO_HPKE_MODE_BASE,
607 &sk, NULL,
608 pkR, info, info_len,
609 NULL, 0,
610 NULL, 0,
611 enc,
612 ctx);
613}
614
615
616enum GNUNET_GenericReturnValue
617GNUNET_CRYPTO_hpke_receiver_setup2 (
618 enum GNUNET_CRYPTO_HpkeKem kem,
619 enum GNUNET_CRYPTO_HpkeMode mode,
620 const struct GNUNET_CRYPTO_HpkeEncapsulation *enc,
621 const struct GNUNET_CRYPTO_HpkePrivateKey *skR,
622 const struct GNUNET_CRYPTO_HpkePublicKey *pkS,
623 const uint8_t *info, size_t info_len,
624 const uint8_t *psk, size_t psk_len,
625 const uint8_t *psk_id, size_t psk_id_len,
626 struct GNUNET_CRYPTO_HpkeContext *ctx)
627{
628 struct GNUNET_ShortHashCode shared_secret;
629
630 switch (mode)
631 {
632 case GNUNET_CRYPTO_HPKE_MODE_BASE:
633 case GNUNET_CRYPTO_HPKE_MODE_PSK:
634 if (kem == GNUNET_CRYPTO_HPKE_KEM_DH_X25519_HKDF256)
635 {
636 if (GNUNET_OK != GNUNET_CRYPTO_hpke_kem_decaps (skR, enc,
637 &shared_secret))
638 return GNUNET_SYSERR;
639 }
640 else if (kem ==
641 GNUNET_CRYPTO_HPKE_KEM_DH_X25519ELLIGATOR_HKDF256)
642 {
643 if (GNUNET_OK != GNUNET_CRYPTO_hpke_elligator_kem_decaps (skR,
644 enc,
645 &shared_secret))
646 return GNUNET_SYSERR;
647 }
648 break;
649 default:
650 return GNUNET_SYSERR;
651 }
652 if (GNUNET_OK != key_schedule (GNUNET_CRYPTO_HPKE_ROLE_R,
653 mode,
654 &shared_secret,
655 info, info_len,
656 psk, psk_len,
657 psk_id, psk_id_len,
658 ctx))
659 return GNUNET_SYSERR;
660 return GNUNET_OK;
661}
662
663
664enum GNUNET_GenericReturnValue
665GNUNET_CRYPTO_hpke_receiver_setup (
666 const struct GNUNET_CRYPTO_HpkeEncapsulation *enc,
667 const struct GNUNET_CRYPTO_HpkePrivateKey *skR,
668 const uint8_t *info, size_t info_len,
669 struct GNUNET_CRYPTO_HpkeContext *ctx)
670{
671 return GNUNET_CRYPTO_hpke_receiver_setup2 (
672 GNUNET_CRYPTO_HPKE_KEM_DH_X25519_HKDF256,
673 GNUNET_CRYPTO_HPKE_MODE_BASE,
674 enc, skR, NULL,
675 info, info_len,
676 NULL, 0, NULL, 0, ctx);
677}
678
679
680static enum GNUNET_GenericReturnValue
681increment_seq (struct GNUNET_CRYPTO_HpkeContext *ctx)
682{
683 if (ctx->seq >= UINT64_MAX)
684 {
685 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "MessageLimitReached\n");
686 return GNUNET_SYSERR;
687 }
688 ctx->seq = GNUNET_htonll (GNUNET_ntohll (ctx->seq) + 1);
689 return GNUNET_OK;
690}
691
692
693static void
694compute_nonce (struct GNUNET_CRYPTO_HpkeContext *ctx,
695 uint8_t *nonce)
696{
697 size_t offset = GNUNET_CRYPTO_HPKE_NONCE_LEN - sizeof ctx->seq;
698 int j = 0;
699 for (int i = 0; i < GNUNET_CRYPTO_HPKE_NONCE_LEN; i++)
700 {
701 // FIXME correct byte order?
702 if (i < offset)
703 memset (&nonce[i], ctx->base_nonce[i], 1);
704 else
705 nonce[i] = ctx->base_nonce[i] ^ ((uint8_t*) &ctx->seq)[j++];
706 }
707}
708
709
710enum GNUNET_GenericReturnValue
711GNUNET_CRYPTO_hpke_seal (struct GNUNET_CRYPTO_HpkeContext *ctx,
712 const uint8_t*aad, size_t aad_len,
713 const uint8_t *pt, size_t pt_len,
714 uint8_t *ct, unsigned long long *ct_len_p)
715{
716 uint8_t comp_nonce[GNUNET_CRYPTO_HPKE_NONCE_LEN];
717 if (ctx->role != GNUNET_CRYPTO_HPKE_ROLE_S)
718 {
719 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
720 "HPKE: Wrong role; called as receiver (%d)!\n",
721 ctx->role);
722 return GNUNET_SYSERR;
723 }
724 compute_nonce (ctx, comp_nonce);
725 crypto_aead_chacha20poly1305_ietf_encrypt (ct, ct_len_p,
726 pt, pt_len,
727 aad, aad_len,
728 NULL,
729 comp_nonce,
730 ctx->key);
731 if (GNUNET_OK != increment_seq (ctx))
732 {
733 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
734 "HPKE: Seq increment failed!\n");
735 return GNUNET_SYSERR;
736 }
737 return GNUNET_OK;
738}
739
740
741enum GNUNET_GenericReturnValue
742GNUNET_CRYPTO_hpke_open (struct GNUNET_CRYPTO_HpkeContext *ctx,
743 const uint8_t*aad, size_t aad_len,
744 const uint8_t *ct, size_t ct_len,
745 uint8_t *pt, unsigned long long *pt_len)
746{
747 uint8_t comp_nonce[GNUNET_CRYPTO_HPKE_NONCE_LEN];
748 if (ctx->role != GNUNET_CRYPTO_HPKE_ROLE_R)
749 {
750 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
751 "HPKE: Wrong role; called as sender (%d)!\n",
752 ctx->role);
753 return GNUNET_SYSERR;
754 }
755 compute_nonce (ctx, comp_nonce);
756 if (0 != crypto_aead_chacha20poly1305_ietf_decrypt (pt, pt_len,
757 NULL,
758 ct, ct_len,
759 aad, aad_len,
760 comp_nonce,
761 ctx->key))
762 {
763 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "OpenError\n");
764 return GNUNET_SYSERR;
765 }
766 if (GNUNET_OK != increment_seq (ctx))
767 {
768 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
769 "HPKE: Seq increment failed!\n");
770 return GNUNET_SYSERR;
771 }
772 return GNUNET_OK;
773}
774
775
776enum GNUNET_GenericReturnValue
777GNUNET_CRYPTO_hpke_seal_oneshot (const struct
778 GNUNET_CRYPTO_HpkePublicKey *pkR,
779 const uint8_t *info, size_t info_len,
780 const uint8_t*aad, size_t aad_len,
781 const uint8_t *pt, size_t pt_len,
782 uint8_t *ct, unsigned long long *ct_len_p)
783{
784 struct GNUNET_CRYPTO_HpkeContext ctx;
785 struct GNUNET_CRYPTO_HpkeEncapsulation *enc;
786 uint8_t *ct_off;
787
788 enc = (struct GNUNET_CRYPTO_HpkeEncapsulation*) ct;
789 ct_off = (uint8_t*) &enc[1];
790 if (GNUNET_OK != GNUNET_CRYPTO_hpke_sender_setup (pkR,
791 info, info_len,
792 enc, &ctx))
793 {
794 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
795 "HPKE: Sender setup failed!\n");
796 return GNUNET_SYSERR;
797 }
798 return GNUNET_CRYPTO_hpke_seal (&ctx,
799 aad, aad_len,
800 pt, pt_len,
801 ct_off,
802 ct_len_p);
803}
804
805
806enum GNUNET_GenericReturnValue
807GNUNET_CRYPTO_hpke_open_oneshot (
808 const struct GNUNET_CRYPTO_HpkePrivateKey *skR,
809 const uint8_t *info, size_t info_len,
810 const uint8_t*aad, size_t aad_len,
811 const uint8_t *ct, size_t ct_len,
812 uint8_t *pt, unsigned long long *pt_len_p)
813{
814 struct GNUNET_CRYPTO_HpkeContext ctx;
815 struct GNUNET_CRYPTO_HpkeEncapsulation *enc;
816 uint8_t *ct_off;
817
818 enc = (struct GNUNET_CRYPTO_HpkeEncapsulation*) ct;
819 ct_off = (uint8_t*) &enc[1];
820 if (GNUNET_OK != GNUNET_CRYPTO_hpke_receiver_setup (enc, skR,
821 info, info_len,
822 &ctx))
823 {
824 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
825 "HPKE: Receiver setup failed!\n");
826 return GNUNET_SYSERR;
827 }
828 return GNUNET_CRYPTO_hpke_open (&ctx,
829 aad, aad_len,
830 ct_off,
831 ct_len - sizeof *enc,
832 pt,
833 pt_len_p);
834}
835
836
837enum GNUNET_GenericReturnValue
838GNUNET_CRYPTO_hpke_pk_to_x25519 (const struct GNUNET_CRYPTO_BlindablePublicKey *
839 pk,
840 struct GNUNET_CRYPTO_HpkePublicKey *
841 x25519)
842{
843 switch (ntohl (pk->type))
844 {
845 case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
846 if (0 != crypto_sign_ed25519_pk_to_curve25519 (x25519->ecdhe_key.q_y,
847 pk->ecdsa_key.q_y))
848 return GNUNET_SYSERR;
849 x25519->type = htonl (GNUNET_CRYPTO_HPKE_KEY_TYPE_X25519);
850 return GNUNET_OK;
851 case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
852 if (0 != crypto_sign_ed25519_pk_to_curve25519 (x25519->ecdhe_key.q_y,
853 pk->eddsa_key.q_y))
854 return GNUNET_SYSERR;
855 x25519->type = htonl (GNUNET_CRYPTO_HPKE_KEY_TYPE_X25519);
856 return GNUNET_OK;
857 default:
858 return GNUNET_SYSERR;
859 }
860 return GNUNET_SYSERR;
861
862}
863
864
865enum GNUNET_GenericReturnValue
866GNUNET_CRYPTO_hpke_sk_to_x25519 (const struct
867 GNUNET_CRYPTO_BlindablePrivateKey *sk,
868 struct GNUNET_CRYPTO_HpkePrivateKey *
869 x25519)
870{
871 switch (ntohl (sk->type))
872 {
873 case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
874 memcpy (x25519->ecdhe_key.d,
875 sk->ecdsa_key.d,
876 sizeof sk->ecdsa_key.d);
877 x25519->type = htonl (GNUNET_CRYPTO_HPKE_KEY_TYPE_X25519);
878 return GNUNET_OK;
879 case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
880 if (0 != crypto_sign_ed25519_sk_to_curve25519 (x25519->ecdhe_key.d,
881 sk->eddsa_key.d))
882 return GNUNET_SYSERR;
883 x25519->type = htonl (GNUNET_CRYPTO_HPKE_KEY_TYPE_X25519);
884 return GNUNET_OK;
885 default:
886 return GNUNET_SYSERR;
887 }
888 return GNUNET_SYSERR;
889
890}
891
892
893ssize_t
894GNUNET_CRYPTO_hpke_pk_get_length (
895 const struct GNUNET_CRYPTO_HpkePublicKey *key)
896{
897 switch (ntohl (key->type))
898 {
899 case GNUNET_CRYPTO_HPKE_KEY_TYPE_X25519:
900 return sizeof (key->type) + sizeof (key->ecdhe_key);
901 default:
902 GNUNET_break (0);
903 }
904 return -1;
905}
906
907
908enum GNUNET_GenericReturnValue
909GNUNET_CRYPTO_read_hpke_pk_from_buffer (const void *buffer,
910 size_t len,
911 struct
912 GNUNET_CRYPTO_HpkePublicKey *key,
913 size_t *read)
914{
915 ssize_t length;
916 if (len < sizeof (key->type))
917 return GNUNET_SYSERR;
918 GNUNET_memcpy (&key->type,
919 buffer,
920 sizeof (key->type));
921 length = GNUNET_CRYPTO_hpke_pk_get_length (key);
922 if (len < length)
923 return GNUNET_SYSERR;
924 if (length < 0)
925 return GNUNET_SYSERR;
926 GNUNET_memcpy (&key->ecdhe_key,
927 buffer + sizeof (key->type),
928 length - sizeof (key->type));
929 *read = length;
930 return GNUNET_OK;
931}
932
933
934ssize_t
935GNUNET_CRYPTO_write_hpke_pk_to_buffer (const struct
936 GNUNET_CRYPTO_HpkePublicKey *key,
937 void*buffer,
938 size_t len)
939{
940 const ssize_t length = GNUNET_CRYPTO_hpke_pk_get_length (key);
941 if (len < length)
942 return -1;
943 if (length < 0)
944 return -2;
945 GNUNET_memcpy (buffer, &(key->type), sizeof (key->type));
946 GNUNET_memcpy (buffer + sizeof (key->type), &(key->ecdhe_key), length
947 - sizeof (key->type));
948 return length;
949}
950
951
952void
953GNUNET_CRYPTO_hpke_sk_clear (struct GNUNET_CRYPTO_HpkePrivateKey *key)
954{
955 switch (ntohl (key->type))
956 {
957 case GNUNET_CRYPTO_HPKE_KEY_TYPE_X25519:
958 GNUNET_CRYPTO_ecdhe_key_clear (&key->ecdhe_key);
959 break;
960 default:
961 GNUNET_break (0);
962 }
963}
964
965
966enum GNUNET_GenericReturnValue
967GNUNET_CRYPTO_hpke_sk_create2 (enum GNUNET_CRYPTO_HpkeKeyType type,
968 const char *ikm,
969 size_t ikm_len,
970 struct GNUNET_CRYPTO_HpkePrivateKey *sk)
971{
972 struct GNUNET_ShortHashCode dkp_prk;
973
974 if (type != GNUNET_CRYPTO_HPKE_KEY_TYPE_X25519)
975 {
976 GNUNET_break (0);
977 return GNUNET_SYSERR;
978 }
979 sk->type = htonl (type);
980
981 labeled_extract ("HPKE-v1",
982 "",
983 0,
984 "dkp_prk",
985 strlen ("dkp_prk"),
986 ikm,
987 ikm_len,
988 GNUNET_CRYPTO_HPKE_KEM_SUITE_ID,
989 sizeof GNUNET_CRYPTO_HPKE_KEM_SUITE_ID,
990 &dkp_prk);
991 labeled_expand ("HPKE-v1",
992 &dkp_prk,
993 "sk",
994 strlen ("sk"),
995 "",
996 0,
997 GNUNET_CRYPTO_HPKE_KEM_SUITE_ID,
998 sizeof GNUNET_CRYPTO_HPKE_KEM_SUITE_ID,
999 &sk->ecdhe_key,
1000 sizeof sk->ecdhe_key);
1001 // RFC 9180 Section 7.1.2 states SerializePrivateKey() MUST clamp its output for X25519.
1002 // https://www.rfc-editor.org/errata/eid7121
1003 sk->ecdhe_key.d[0] &= 248;
1004 sk->ecdhe_key.d[31] &= 127;
1005 sk->ecdhe_key.d[31] |= 64;
1006
1007 return GNUNET_OK;
1008
1009}
1010
1011
1012enum GNUNET_GenericReturnValue
1013GNUNET_CRYPTO_hpke_sk_create (enum GNUNET_CRYPTO_HpkeKeyType type,
1014 struct GNUNET_CRYPTO_HpkePrivateKey *pk)
1015{
1016 char ikm[64];
1017
1018 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
1019 ikm,
1020 sizeof(ikm));
1021
1022 return GNUNET_CRYPTO_hpke_sk_create2 (type,
1023 ikm,
1024 sizeof ikm,
1025 pk);
1026}
1027
1028
1029ssize_t
1030GNUNET_CRYPTO_hpke_sk_get_length (const struct
1031 GNUNET_CRYPTO_HpkePrivateKey *key)
1032{
1033 switch (ntohl (key->type))
1034 {
1035 case GNUNET_CRYPTO_HPKE_KEY_TYPE_X25519:
1036 return sizeof (key->type) + sizeof (key->ecdhe_key);
1037 break;
1038 default:
1039 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1040 "Got key type %u\n", ntohl (key->type));
1041 GNUNET_break (0);
1042 }
1043 return -1;
1044}
1045
1046
1047enum GNUNET_GenericReturnValue
1048GNUNET_CRYPTO_read_hpke_sk_from_buffer (const void *buffer,
1049 size_t len,
1050 struct
1051 GNUNET_CRYPTO_HpkePrivateKey *
1052 key,
1053 size_t *read)
1054{
1055 ssize_t length;
1056 if (len < sizeof (key->type))
1057 return GNUNET_SYSERR;
1058 GNUNET_memcpy (&key->type,
1059 buffer,
1060 sizeof (key->type));
1061 length = GNUNET_CRYPTO_hpke_sk_get_length (key);
1062 if (len < length)
1063 return GNUNET_SYSERR;
1064 if (length < 0)
1065 return GNUNET_SYSERR;
1066 GNUNET_memcpy (&key->ecdhe_key,
1067 buffer + sizeof (key->type),
1068 length - sizeof (key->type));
1069 *read = length;
1070 return GNUNET_OK;
1071}
1072
1073
1074ssize_t
1075GNUNET_CRYPTO_write_hpke_sk_to_buffer (const struct
1076 GNUNET_CRYPTO_HpkePrivateKey *
1077 key,
1078 void *buffer,
1079 size_t len)
1080{
1081 const ssize_t length = GNUNET_CRYPTO_hpke_sk_get_length (key);
1082 if (len < length)
1083 return -1;
1084 if (length < 0)
1085 return -2;
1086 GNUNET_memcpy (buffer, &(key->type), sizeof (key->type));
1087 GNUNET_memcpy (buffer + sizeof (key->type), &(key->ecdhe_key), length
1088 - sizeof (key->type));
1089 return length;
1090}
1091
1092
1093enum GNUNET_GenericReturnValue
1094GNUNET_CRYPTO_hpke_sk_get_public (const struct
1095 GNUNET_CRYPTO_HpkePrivateKey *
1096 privkey,
1097 struct GNUNET_CRYPTO_HpkePublicKey
1098 *key)
1099{
1100 key->type = privkey->type;
1101 switch (ntohl (privkey->type))
1102 {
1103 case GNUNET_CRYPTO_HPKE_KEY_TYPE_X25519:
1104 GNUNET_CRYPTO_ecdhe_key_get_public (&privkey->ecdhe_key,
1105 &key->ecdhe_key);
1106 break;
1107 default:
1108 GNUNET_break (0);
1109 return GNUNET_SYSERR;
1110 }
1111 return GNUNET_OK;
1112}
compute_nonce
static void compute_nonce(struct GNUNET_CRYPTO_HpkeContext *ctx, uint8_t *nonce)
Definition crypto_hpke.c:694
key_schedule
static enum GNUNET_GenericReturnValue key_schedule(enum GNUNET_CRYPTO_HpkeRole role, enum GNUNET_CRYPTO_HpkeMode mode, const struct GNUNET_ShortHashCode *shared_secret, const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len, const uint8_t *psk_id, size_t psk_id_len, struct GNUNET_CRYPTO_HpkeContext *ctx)
Definition crypto_hpke.c:450
increment_seq
static enum GNUNET_GenericReturnValue increment_seq(struct GNUNET_CRYPTO_HpkeContext *ctx)
Definition crypto_hpke.c:681
labeled_extract
static enum GNUNET_GenericReturnValue labeled_extract(const char *ctx_str, const void *salt, size_t salt_len, const void *label, size_t label_len, const void *ikm, size_t ikm_len, const uint8_t *suite_id, size_t suite_id_len, struct GNUNET_ShortHashCode *prk)
A RFC9180 inspired labeled extract.
Definition crypto_hpke.c:51
verify_psk_inputs
static enum GNUNET_GenericReturnValue verify_psk_inputs(enum GNUNET_CRYPTO_HpkeMode mode, const uint8_t *psk, size_t psk_len, const uint8_t *psk_id, size_t psk_id_len)
Definition crypto_hpke.c:412
GNUNET_CRYPTO_HPKE_KEM_SUITE_ID
static uint8_t GNUNET_CRYPTO_HPKE_KEM_SUITE_ID[]
Definition crypto_hpke.c:162
GNUNET_CRYPTO_hpke_labeled_extract_and_expand
static enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_labeled_extract_and_expand(const void *dh, size_t dh_len, const char *extract_ctx, const char *expand_ctx, const void *extract_lbl, size_t extract_lbl_len, const void *expand_lbl, size_t expand_lbl_len, const uint8_t *kem_context, size_t kem_context_len, const uint8_t *suite_id, size_t suite_id_len, struct GNUNET_ShortHashCode *shared_secret)
Definition crypto_hpke.c:128
labeled_expand
static enum GNUNET_GenericReturnValue labeled_expand(const char *ctx_str, const struct GNUNET_ShortHashCode *prk, const char *label, size_t label_len, const void *info, size_t info_len, const uint8_t *suite_id, size_t suite_id_len, void *out_buf, uint16_t out_len)
A RFC9180 inspired labeled extract.
Definition crypto_hpke.c:94
kem_encaps_norand
static enum GNUNET_GenericReturnValue kem_encaps_norand(uint8_t *suite_id, size_t suite_id_len, const struct GNUNET_CRYPTO_HpkePublicKey *pkR, const struct GNUNET_CRYPTO_HpkeEncapsulation *c, const struct GNUNET_CRYPTO_HpkePrivateKey *skE, struct GNUNET_ShortHashCode *shared_secret)
Definition crypto_hpke.c:171
GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID
static uint8_t GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID[]
Definition crypto_hpke.c:167
key
struct GNUNET_HashCode key
The key used in the DHT.
Definition gnunet-dht-put.c:37
ctx
static struct GNUNET_FS_Handle * ctx
Definition gnunet-download.c:40
enc
static OpusEncoder * enc
OPUS encoder.
Definition gnunet-helper-audio-record.c:206
pk
struct GNUNET_CRYPTO_BlindablePrivateKey pk
Private key from command line option, or NULL.
Definition gnunet-identity.c:126
type
static uint32_t type
Type string converted to DNS type value.
Definition gnunet-namestore.c:306
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition gnunet-scrypt.c:47
salt
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calculations.
Definition gnunet-scrypt.c:34
info
#define info
ikm
static unsigned char ikm[256/8]
The initial key material for the peer.
Definition gnunet-service-pils.c:78
gnunet_common.h
commonly used definitions; globals in this file are exempt from the rule that the module name ("commo...
mode
static enum @49 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
gnunet_util_lib.h
GNUNET_CRYPTO_ecdhe_key_create
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition crypto_ecc.c:454
GNUNET_CRYPTO_eddsa_kem_decaps
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_decaps(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *shared_secret)
Decapsulate a key for a private EdDSA key.
Definition crypto_hpke.c:301
GNUNET_CRYPTO_x25519_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_x25519_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *sk, const struct GNUNET_CRYPTO_EcdhePublicKey *pk, struct GNUNET_CRYPTO_EcdhePublicKey *dh)
Derive key material from a ECDH public key and a private X25519 key.
Definition crypto_ecc.c:767
GNUNET_CRYPTO_ecdhe_elligator_key_create
void GNUNET_CRYPTO_ecdhe_elligator_key_create(struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *sk)
Generates a private key for Curve25519.
Definition crypto_elligator.c:680
GNUNET_CRYPTO_hpke_elligator_kem_encaps
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_kem_encaps(const struct GNUNET_CRYPTO_HpkePublicKey *pkR, struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *shared_secret)
Carries out ecdh encapsulation with given public key and the private key from a freshly created ephem...
Definition crypto_hpke.c:348
GNUNET_CRYPTO_hpke_kem_decaps
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_kem_decaps(const struct GNUNET_CRYPTO_HpkePrivateKey *skR, const struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *shared_secret)
Decapsulate a key for a private X25519 key.
Definition crypto_hpke.c:262
GNUNET_CRYPTO_random_block
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Definition crypto_random.c:133
GNUNET_CRYPTO_hpke_kem_encaps_norand
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_kem_encaps_norand(const struct GNUNET_CRYPTO_HpkePublicKey *pkR, struct GNUNET_CRYPTO_HpkeEncapsulation *enc, const struct GNUNET_CRYPTO_HpkePrivateKey *skE, struct GNUNET_ShortHashCode *shared_secret)
Deterministic variant of GNUNET_CRYPTO_hpke_kem_encaps.
Definition crypto_hpke.c:211
GNUNET_CRYPTO_hpke_elligator_kem_decaps
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_kem_decaps(const struct GNUNET_CRYPTO_HpkePrivateKey *skR, const struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *shared_secret)
Carries out ecdh decapsulation with own private key and the representative of the received public key...
Definition crypto_hpke.c:369
GNUNET_CRYPTO_ecdhe_elligator_decoding
void GNUNET_CRYPTO_ecdhe_elligator_decoding(struct GNUNET_CRYPTO_EcdhePublicKey *point, bool *high_y, const struct GNUNET_CRYPTO_ElligatorRepresentative *representative)
Clears the most significant bit and second most significant bit of the serialized representaive befor...
Definition crypto_elligator.c:508
GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand(uint8_t random_tweak, const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *sk, struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_CRYPTO_ElligatorRepresentative *repr)
Generates a valid public key for elligator's inverse map by adding a lower order point to a prime ord...
Definition crypto_elligator.c:639
GNUNET_CRYPTO_hpke_kem_encaps
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_kem_encaps(const struct GNUNET_CRYPTO_HpkePublicKey *pub, struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *shared_secret)
Encapsulate key material for a X25519 public key.
Definition crypto_hpke.c:232
GNUNET_CRYPTO_ecdh_x25519
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_x25519(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_CRYPTO_EcdhePublicKey *dh)
Derive key material from a EdDSA public key and a private ECDH key.
Definition crypto_ecc.c:783
GNUNET_CRYPTO_eddsa_kem_encaps
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_encaps(const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *shared_secret)
Encapsulate key material for a EdDSA public key.
Definition crypto_hpke.c:246
GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand(uint8_t random_tweak, const struct GNUNET_CRYPTO_HpkePublicKey *pkR, struct GNUNET_CRYPTO_HpkeEncapsulation *c, const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *skE, struct GNUNET_ShortHashCode *shared_secret)
Carries out ecdh encapsulation with given public key and the private key from a freshly created ephem...
Definition crypto_hpke.c:318
GNUNET_CRYPTO_ecdhe_key_clear
void GNUNET_CRYPTO_ecdhe_key_clear(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Clear memory that was used to store a private key.
Definition crypto_ecc.c:433
GNUNET_CRYPTO_ecdhe_key_get_public
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition crypto_ecc.c:217
GNUNET_CRYPTO_QUALITY_NONCE
@ GNUNET_CRYPTO_QUALITY_NONCE
Randomness for IVs etc.
Definition gnunet_crypto_lib.h:104
GNUNET_CRYPTO_hkdf_extract
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_extract(struct GNUNET_ShortHashCode *prk, const void *salt, size_t salt_len, const void *ikm, size_t ikm_len)
HKDF-Extract using SHA256.
Definition crypto_hkdf.c:182
GNUNET_CRYPTO_hkdf_expand
#define GNUNET_CRYPTO_hkdf_expand(result, out_len, prk,...)
HKDF-Expand using SHA256.
Definition gnunet_crypto_lib.h:1490
GNUNET_CRYPTO_HpkeKem
GNUNET_CRYPTO_HpkeKem
HPKE KEM identifier TODO: Elligator KEM was requested at IANA; Number is currently a placeholder.
Definition gnunet_crypto_lib.h:2215
GNUNET_CRYPTO_write_hpke_pk_to_buffer
ssize_t GNUNET_CRYPTO_write_hpke_pk_to_buffer(const struct GNUNET_CRYPTO_HpkePublicKey *key, void *buffer, size_t len)
Writes a GNUNET_CRYPTO_HpkePublicKey to a compact buffer.
Definition crypto_hpke.c:935
GNUNET_log
#define GNUNET_log(kind,...)
Definition gnunet_common.h:551
GNUNET_CRYPTO_hpke_sk_get_length
ssize_t GNUNET_CRYPTO_hpke_sk_get_length(const struct GNUNET_CRYPTO_HpkePrivateKey *key)
Get the compacted length of a GNUNET_CRYPTO_HpkePrivateKey.
Definition crypto_hpke.c:1030
GNUNET_CRYPTO_read_hpke_pk_from_buffer
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_read_hpke_pk_from_buffer(const void *buffer, size_t len, struct GNUNET_CRYPTO_HpkePublicKey *key, size_t *read)
Reads a GNUNET_CRYPTO_HpkePublicKey from a compact buffer.
Definition crypto_hpke.c:909
GNUNET_CRYPTO_hpke_seal
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_seal(struct GNUNET_CRYPTO_HpkeContext *ctx, const uint8_t *aad, size_t aad_len, const uint8_t *pt, size_t pt_len, uint8_t *ct, unsigned long long *ct_len_p)
RFC9180 HPKE encryption.
Definition crypto_hpke.c:711
GNUNET_CRYPTO_hpke_sender_setup
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_sender_setup(const struct GNUNET_CRYPTO_HpkePublicKey *pkR, const uint8_t *info, size_t info_len, struct GNUNET_CRYPTO_HpkeEncapsulation *enc, struct GNUNET_CRYPTO_HpkeContext *ctx)
RFC9180 HPKE encryption.
Definition crypto_hpke.c:594
GNUNET_CRYPTO_hpke_pk_get_length
ssize_t GNUNET_CRYPTO_hpke_pk_get_length(const struct GNUNET_CRYPTO_HpkePublicKey *key)
Get the compacted length of a GNUNET_CRYPTO_HpkePublicKey.
Definition crypto_hpke.c:894
GNUNET_CRYPTO_hpke_seal_oneshot
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_seal_oneshot(const struct GNUNET_CRYPTO_HpkePublicKey *pkR, const uint8_t *info, size_t info_len, const uint8_t *aad, size_t aad_len, const uint8_t *pt, size_t pt_len, uint8_t *ct, unsigned long long *ct_len_p)
RFC9180 HPKE encryption.
Definition crypto_hpke.c:777
GNUNET_ntohll
uint64_t GNUNET_ntohll(uint64_t n)
Convert unsigned 64-bit integer to host byte order.
Definition common_endian.c:54
GNUNET_CRYPTO_write_hpke_sk_to_buffer
ssize_t GNUNET_CRYPTO_write_hpke_sk_to_buffer(const struct GNUNET_CRYPTO_HpkePrivateKey *key, void *buffer, size_t len)
Writes a GNUNET_CRYPTO_HpkePrivateKey to a compact buffer.
Definition crypto_hpke.c:1075
GNUNET_CRYPTO_hpke_sk_create
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_sk_create(enum GNUNET_CRYPTO_HpkeKeyType type, struct GNUNET_CRYPTO_HpkePrivateKey *pk)
Create a new GNUNET_CRYPTO_HpkePrivateKey of specific type.
Definition crypto_hpke.c:1013
GNUNET_CRYPTO_hpke_sk_to_x25519
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_sk_to_x25519(const struct GNUNET_CRYPTO_BlindablePrivateKey *sk, struct GNUNET_CRYPTO_HpkePrivateKey *x25519)
Convert a GNUnet identity key to a key sutiable for HPKE (X25519)
Definition crypto_hpke.c:866
GNUNET_CRYPTO_hpke_open_oneshot
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_open_oneshot(const struct GNUNET_CRYPTO_HpkePrivateKey *skR, const uint8_t *info, size_t info_len, const uint8_t *aad, size_t aad_len, const uint8_t *ct, size_t ct_len, uint8_t *pt, unsigned long long *pt_len_p)
RFC9180 HPKE encryption.
Definition crypto_hpke.c:807
GNUNET_CRYPTO_hpke_open
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_open(struct GNUNET_CRYPTO_HpkeContext *ctx, const uint8_t *aad, size_t aad_len, const uint8_t *ct, size_t ct_len, uint8_t *pt, unsigned long long *pt_len)
RFC9180 HPKE encryption.
Definition crypto_hpke.c:742
GNUNET_CRYPTO_hpke_sender_setup2
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_sender_setup2(enum GNUNET_CRYPTO_HpkeKem kem, enum GNUNET_CRYPTO_HpkeMode mode, struct GNUNET_CRYPTO_HpkePrivateKey *skE, struct GNUNET_CRYPTO_HpkePrivateKey *skS, const struct GNUNET_CRYPTO_HpkePublicKey *pkR, const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len, const uint8_t *psk_id, size_t psk_id_len, struct GNUNET_CRYPTO_HpkeEncapsulation *enc, struct GNUNET_CRYPTO_HpkeContext *ctx)
RFC9180 HPKE encryption.
Definition crypto_hpke.c:535
GNUNET_CRYPTO_hpke_receiver_setup2
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_receiver_setup2(enum GNUNET_CRYPTO_HpkeKem kem, enum GNUNET_CRYPTO_HpkeMode mode, const struct GNUNET_CRYPTO_HpkeEncapsulation *enc, const struct GNUNET_CRYPTO_HpkePrivateKey *skR, const struct GNUNET_CRYPTO_HpkePublicKey *pkS, const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len, const uint8_t *psk_id, size_t psk_id_len, struct GNUNET_CRYPTO_HpkeContext *ctx)
RFC9180 HPKE encryption.
Definition crypto_hpke.c:617
GNUNET_CRYPTO_hpke_sk_get_public
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_sk_get_public(const struct GNUNET_CRYPTO_HpkePrivateKey *privkey, struct GNUNET_CRYPTO_HpkePublicKey *key)
Retrieves the GNUNET_CRYPTO_HpkePublicKey representation of a GNUNET_CRYPTO_HpkePrivateKey.
Definition crypto_hpke.c:1094
GNUNET_htonll
uint64_t GNUNET_htonll(uint64_t n)
Convert unsigned 64-bit integer to network byte order.
Definition common_endian.c:37
GNUNET_CRYPTO_HPKE_NONCE_LEN
#define GNUNET_CRYPTO_HPKE_NONCE_LEN
Definition gnunet_crypto_lib.h:2161
GNUNET_CRYPTO_hpke_sk_clear
void GNUNET_CRYPTO_hpke_sk_clear(struct GNUNET_CRYPTO_HpkePrivateKey *key)
Clear memory that was used to store a GNUNET_CRYPTO_HpkePrivateKey.
Definition crypto_hpke.c:953
GNUNET_CRYPTO_kdf_arg
#define GNUNET_CRYPTO_kdf_arg(d, s)
Definition gnunet_crypto_lib.h:1376
GNUNET_memcpy
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
Definition gnunet_common.h:1320
GNUNET_CRYPTO_hpke_receiver_setup
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_receiver_setup(const struct GNUNET_CRYPTO_HpkeEncapsulation *enc, const struct GNUNET_CRYPTO_HpkePrivateKey *skR, const uint8_t *info, size_t info_len, struct GNUNET_CRYPTO_HpkeContext *ctx)
RFC9180 HPKE encryption.
Definition crypto_hpke.c:665
GNUNET_CRYPTO_HpkeMode
GNUNET_CRYPTO_HpkeMode
HPKE RFC 9180.
Definition gnunet_crypto_lib.h:2150
GNUNET_CRYPTO_hpke_sk_create2
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_sk_create2(enum GNUNET_CRYPTO_HpkeKeyType type, const char *ikm, size_t ikm_len, struct GNUNET_CRYPTO_HpkePrivateKey *sk)
Create a new GNUNET_CRYPTO_HpkePrivateKey of specific type.
Definition crypto_hpke.c:967
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition gnunet_common.h:111
GNUNET_CRYPTO_hpke_pk_to_x25519
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_pk_to_x25519(const struct GNUNET_CRYPTO_BlindablePublicKey *pk, struct GNUNET_CRYPTO_HpkePublicKey *x25519)
Convert a GNUnet identity key to a key sutiable for HPKE (X25519)
Definition crypto_hpke.c:838
GNUNET_CRYPTO_read_hpke_sk_from_buffer
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_read_hpke_sk_from_buffer(const void *buffer, size_t len, struct GNUNET_CRYPTO_HpkePrivateKey *key, size_t *read)
Reads a GNUNET_CRYPTO_HpkePrivateKey from a compact buffer.
Definition crypto_hpke.c:1048
GNUNET_CRYPTO_HpkeKeyType
GNUNET_CRYPTO_HpkeKeyType
Key type for the hpke public key union.
Definition gnunet_crypto_lib.h:398
GNUNET_CRYPTO_HpkeRole
GNUNET_CRYPTO_HpkeRole
Role of the HPKE participant.
Definition gnunet_crypto_lib.h:2181
GNUNET_CRYPTO_HPKE_KEM_DH_X25519_HKDF256
@ GNUNET_CRYPTO_HPKE_KEM_DH_X25519_HKDF256
Definition gnunet_crypto_lib.h:2217
GNUNET_CRYPTO_HPKE_KEM_DH_X25519ELLIGATOR_HKDF256
@ GNUNET_CRYPTO_HPKE_KEM_DH_X25519ELLIGATOR_HKDF256
Definition gnunet_crypto_lib.h:2219
GNUNET_PUBLIC_KEY_TYPE_EDDSA
@ GNUNET_PUBLIC_KEY_TYPE_EDDSA
EDDSA identity.
Definition gnunet_crypto_lib.h:391
GNUNET_PUBLIC_KEY_TYPE_ECDSA
@ GNUNET_PUBLIC_KEY_TYPE_ECDSA
The identity type.
Definition gnunet_crypto_lib.h:385
GNUNET_CRYPTO_HPKE_MODE_PSK
@ GNUNET_CRYPTO_HPKE_MODE_PSK
Definition gnunet_crypto_lib.h:2152
GNUNET_CRYPTO_HPKE_MODE_AUTH_PSK
@ GNUNET_CRYPTO_HPKE_MODE_AUTH_PSK
Definition gnunet_crypto_lib.h:2154
GNUNET_CRYPTO_HPKE_MODE_BASE
@ GNUNET_CRYPTO_HPKE_MODE_BASE
Definition gnunet_crypto_lib.h:2151
GNUNET_CRYPTO_HPKE_MODE_AUTH
@ GNUNET_CRYPTO_HPKE_MODE_AUTH
Definition gnunet_crypto_lib.h:2153
GNUNET_OK
@ GNUNET_OK
Definition gnunet_common.h:114
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition gnunet_common.h:112
GNUNET_CRYPTO_HPKE_KEY_TYPE_X25519
@ GNUNET_CRYPTO_HPKE_KEY_TYPE_X25519
Type for X25519 hybrid public key encryption.
Definition gnunet_crypto_lib.h:402
GNUNET_CRYPTO_HPKE_ROLE_R
@ GNUNET_CRYPTO_HPKE_ROLE_R
Definition gnunet_crypto_lib.h:2183
GNUNET_CRYPTO_HPKE_ROLE_S
@ GNUNET_CRYPTO_HPKE_ROLE_S
Definition gnunet_crypto_lib.h:2185
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition gnunet_common.h:960
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition gnunet_common.h:1045
GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_ERROR
Definition gnunet_common.h:417
GNUNET_CRYPTO_BlindablePrivateKey
A private key for an identity as per LSD0001.
Definition gnunet_crypto_lib.h:411
GNUNET_CRYPTO_BlindablePrivateKey::ecdsa_key
struct GNUNET_CRYPTO_EcdsaPrivateKey ecdsa_key
An ECDSA identity key.
Definition gnunet_crypto_lib.h:424
GNUNET_CRYPTO_BlindablePrivateKey::type
uint32_t type
Type of public key.
Definition gnunet_crypto_lib.h:417
GNUNET_CRYPTO_BlindablePrivateKey::eddsa_key
struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_key
AN EdDSA identtiy key.
Definition gnunet_crypto_lib.h:429
GNUNET_CRYPTO_BlindablePublicKey
An identity key as per LSD0001.
Definition gnunet_crypto_lib.h:438
GNUNET_CRYPTO_EcdhePrivateKey::d
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Definition gnunet_crypto_lib.h:258
GNUNET_CRYPTO_EcdhePublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Definition gnunet_crypto_lib.h:240
GNUNET_CRYPTO_EcdhePublicKey::q_y
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
Definition gnunet_crypto_lib.h:245
GNUNET_CRYPTO_EcdsaPrivateKey::d
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Definition gnunet_crypto_lib.h:270
GNUNET_CRYPTO_EddsaPrivateKey
Private ECC key encoded for transmission.
Definition gnunet_crypto_lib.h:278
GNUNET_CRYPTO_EddsaPrivateKey::d
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Definition gnunet_crypto_lib.h:282
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition gnunet_crypto_lib.h:202
GNUNET_CRYPTO_EddsaPublicKey::q_y
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Definition gnunet_crypto_lib.h:208
GNUNET_CRYPTO_ElligatorEcdhePrivateKey
Special private ECC key generated by GNUNET_CRYPTO_ecdhe_elligator_key_create.
Definition gnunet_crypto_lib.h:357
GNUNET_CRYPTO_ElligatorRepresentative
Elligator representative (always for Curve25519)
Definition gnunet_crypto_lib.h:368
GNUNET_CRYPTO_ElligatorRepresentative::r
uint8_t r[256/8]
Represents an element of Curve25519 finite field.
Definition gnunet_crypto_lib.h:373
GNUNET_CRYPTO_HpkeContext
HPKE crypto context.
Definition gnunet_crypto_lib.h:2193
GNUNET_CRYPTO_HpkeEncapsulation
HPKE DHKEM encapsulation (X25519) See RFC 9180.
Definition gnunet_crypto_lib.h:2228
GNUNET_CRYPTO_HpkePrivateKey
A public key used for decryption.
Definition gnunet_crypto_lib.h:465
GNUNET_CRYPTO_HpkePrivateKey::type
uint32_t type
Type of key.
Definition gnunet_crypto_lib.h:470
GNUNET_CRYPTO_HpkePrivateKey::ecdhe_key
struct GNUNET_CRYPTO_EcdhePrivateKey ecdhe_key
An ECDHE/X25519 key.
Definition gnunet_crypto_lib.h:477
GNUNET_CRYPTO_HpkePublicKey
A public key used for encryption.
Definition gnunet_crypto_lib.h:488
GNUNET_CRYPTO_HpkePublicKey::type
uint32_t type
Type of key.
Definition gnunet_crypto_lib.h:493
GNUNET_CRYPTO_HpkePublicKey::ecdhe_key
struct GNUNET_CRYPTO_EcdhePublicKey ecdhe_key
An ECDHE/X25519 key.
Definition gnunet_crypto_lib.h:500
GNUNET_ShortHashCode
A 256-bit hashcode.
Definition gnunet_common.h:297