GNUnet 0.22.2
gnunet-crypto-tvg.c File Reference
#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_signatures.h"
#include <jansson.h>
#include <gcrypt.h>
Include dependency graph for gnunet-crypto-tvg.c:

Go to the source code of this file.

Data Structures

struct  TestSignatureDataPS
 Sample signature struct. More...
 

Functions

static json_t * vec_for (json_t *vecs, const char *vecname)
 Create a fresh test vector for a given operation label. More...
 
static void d2j (json_t *vec, const char *label, const void *data, size_t size)
 Add a base32crockford encoded value to a test vector. More...
 
static void uint2j (json_t *vec, const char *label, unsigned int num)
 Add a number to a test vector. More...
 
static int expect_data_fixed (json_t *vec, const char *name, void *data, size_t expect_len)
 
static int expect_data_dynamic (json_t *vec, const char *name, void **data, size_t *ret_len)
 
static int checkvec (const char *operation, json_t *vec)
 Check a single vector. More...
 
static int check_vectors ()
 Check test vectors from stdin. More...
 
static int output_vectors ()
 Output test vectors. More...
 
static void run (void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
 Main function that will be run. More...
 
int main (int argc, char *const *argv)
 The main function of the test vector generation tool. More...
 

Variables

static GNUNET_NETWORK_STRUCT_END int verify_flag = GNUNET_NO
 Should we verify or output test vectors? More...
 
static int global_ret = 0
 Global exit code. More...
 

Function Documentation

◆ vec_for()

static json_t * vec_for ( json_t *  vecs,
const char *  vecname 
)
static

Create a fresh test vector for a given operation label.

Parameters
vecsarray of vectors to append the new vector to
vecnamelabel for the operation of the vector
Returns
the fresh test vector

Definition at line 93 of file gnunet-crypto-tvg.c.

94{
95 json_t *t = json_object ();
96
97 json_object_set_new (t,
98 "operation",
99 json_string (vecname));
100 json_array_append_new (vecs, t);
101 return t;
102}
static struct GNUNET_SCHEDULER_Task * t
Main task.

References t.

Referenced by output_vectors().

Here is the caller graph for this function:

◆ d2j()

static void d2j ( json_t *  vec,
const char *  label,
const void *  data,
size_t  size 
)
static

Add a base32crockford encoded value to a test vector.

Parameters
vectest vector to add to
labellabel for the value
datadata to add
sizesize of data

Definition at line 115 of file gnunet-crypto-tvg.c.

119{
120 char *buf;
121 json_t *json;
122
124 json = json_string (buf);
125 GNUNET_free (buf);
126 GNUNET_break (NULL != json);
127
128 json_object_set_new (vec, label, json);
129}
static char * data
The data to insert into the dht.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
#define GNUNET_free(ptr)
Wrapper around free.
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:787
static unsigned int size
Size of the "table".
Definition: peer.c:68

References data, GNUNET_break, GNUNET_free, GNUNET_STRINGS_data_to_string_alloc(), and size.

Referenced by output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ uint2j()

static void uint2j ( json_t *  vec,
const char *  label,
unsigned int  num 
)
static

Add a number to a test vector.

Parameters
vectest vector to add to
labellabel for the value
datadata to add
sizesize of data

Definition at line 141 of file gnunet-crypto-tvg.c.

144{
145 json_t *json = json_integer (num);
146
147 json_object_set_new (vec, label, json);
148}

Referenced by output_vectors().

Here is the caller graph for this function:

◆ expect_data_fixed()

static int expect_data_fixed ( json_t *  vec,
const char *  name,
void *  data,
size_t  expect_len 
)
static

Definition at line 152 of file gnunet-crypto-tvg.c.

156{
157 const char *s = json_string_value (json_object_get (vec, name));
158
159 if (NULL == s)
160 return GNUNET_NO;
161
163 strlen (s),
164 data,
165 expect_len))
166 return GNUNET_NO;
167 return GNUNET_OK;
168}
static char * name
Name (label) of the records to list.
@ GNUNET_OK
@ GNUNET_NO
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:812

References data, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_string_to_data(), and name.

Referenced by checkvec().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ expect_data_dynamic()

static int expect_data_dynamic ( json_t *  vec,
const char *  name,
void **  data,
size_t *  ret_len 
)
static

Definition at line 172 of file gnunet-crypto-tvg.c.

176{
177 const char *s = json_string_value (json_object_get (vec, name));
178 char *tmp;
179 size_t len;
180
181 if (NULL == s)
182 return GNUNET_NO;
183
184 len = (strlen (s) * 5) / 8;
185 if (NULL != ret_len)
186 *ret_len = len;
187 tmp = GNUNET_malloc (len);
188
189 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len))
190 {
191 GNUNET_free (tmp);
192 return GNUNET_NO;
193 }
194 *data = tmp;
195 return GNUNET_OK;
196}
#define GNUNET_malloc(size)
Wrapper around malloc.

References data, GNUNET_free, GNUNET_malloc, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_string_to_data(), and name.

Referenced by checkvec().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ checkvec()

static int checkvec ( const char *  operation,
json_t *  vec 
)
static

Check a single vector.

Parameters
operationoperator of the vector
vecthe vector, a JSON object.
Returns
GNUNET_OK if the vector is okay

Definition at line 208 of file gnunet-crypto-tvg.c.

210{
212 "checking %s\n", operation);
213
214 if (0 == strcmp (operation, "hash"))
215 {
216 void *data;
217 size_t data_len;
218 struct GNUNET_HashCode hash_out;
219 struct GNUNET_HashCode hc;
220
221 if (GNUNET_OK != expect_data_dynamic (vec,
222 "input",
223 &data,
224 &data_len))
225 {
226 GNUNET_break (0);
227 return GNUNET_SYSERR;
228 }
229 if (GNUNET_OK != expect_data_fixed (vec,
230 "output",
231 &hash_out,
232 sizeof (hash_out)))
233 {
235 GNUNET_break (0);
236 return GNUNET_NO;
237 }
238
239 GNUNET_CRYPTO_hash (data, data_len, &hc);
240
241 if (0 != GNUNET_memcmp (&hc, &hash_out))
242 {
244 GNUNET_break (0);
245 return GNUNET_NO;
246 }
248 }
249 else if (0 == strcmp (operation, "ecc_ecdh"))
250 {
254 struct GNUNET_HashCode skm;
255 struct GNUNET_HashCode skm_comp;
256
257 if (GNUNET_OK != expect_data_fixed (vec,
258 "priv1",
259 &priv1,
260 sizeof (priv1)))
261 {
262 GNUNET_break (0);
263 return GNUNET_NO;
264 }
265 if (GNUNET_OK != expect_data_fixed (vec,
266 "priv2",
267 &priv2,
268 sizeof (priv2)))
269 {
270 GNUNET_break (0);
271 return GNUNET_NO;
272 }
273 if (GNUNET_OK != expect_data_fixed (vec,
274 "pub1",
275 &pub1,
276 sizeof (pub1)))
277 {
278 GNUNET_break (0);
279 return GNUNET_NO;
280 }
281 if (GNUNET_OK != expect_data_fixed (vec,
282 "skm",
283 &skm,
284 sizeof (skm)))
285 {
286 GNUNET_break (0);
287 return GNUNET_NO;
288 }
291 &pub1,
292 &skm_comp));
293 if (0 != GNUNET_memcmp (&skm, &skm_comp))
294 {
295 GNUNET_break (0);
296 return GNUNET_NO;
297 }
298 }
299 else if (0 == strcmp (operation, "eddsa_key_derivation"))
300 {
303 struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
304
305 if (GNUNET_OK != expect_data_fixed (vec,
306 "priv",
307 &priv,
308 sizeof (priv)))
309 {
310 GNUNET_break (0);
311 return GNUNET_NO;
312 }
313
314 if (GNUNET_OK != expect_data_fixed (vec,
315 "pub",
316 &pub,
317 sizeof (pub)))
318 {
319 GNUNET_break (0);
320 return GNUNET_NO;
321 }
322
324 &pub_comp);
325 if (0 != GNUNET_memcmp (&pub, &pub_comp))
326 {
327 GNUNET_break (0);
328 return GNUNET_NO;
329 }
330
331 }
332 else if (0 == strcmp (operation, "eddsa_signing"))
333 {
336 struct TestSignatureDataPS data = { 0 };
338 struct GNUNET_CRYPTO_EddsaSignature sig_comp;
339
340 if (GNUNET_OK != expect_data_fixed (vec,
341 "priv",
342 &priv,
343 sizeof (priv)))
344 {
345 GNUNET_break (0);
346 return GNUNET_NO;
347 }
348
349 if (GNUNET_OK != expect_data_fixed (vec,
350 "pub",
351 &pub,
352 sizeof (pub)))
353 {
354 GNUNET_break (0);
355 return GNUNET_NO;
356 }
357
358 if (GNUNET_OK != expect_data_fixed (vec,
359 "data",
360 &data,
361 sizeof (data)))
362 {
363 GNUNET_break (0);
364 return GNUNET_NO;
365 }
366
367 if (GNUNET_OK != expect_data_fixed (vec,
368 "sig",
369 &sig,
370 sizeof (sig)))
371 {
372 GNUNET_break (0);
373 return GNUNET_NO;
374 }
375
377 &data,
378 &sig_comp);
381 &data,
382 &sig,
383 &pub));
384 if (0 != GNUNET_memcmp (&sig, &sig_comp))
385 {
386 GNUNET_break (0);
387 return GNUNET_NO;
388 }
389 }
390 else if (0 == strcmp (operation, "kdf"))
391 {
392 size_t out_len;
393 void *out;
394 size_t out_len_comp;
395 void *out_comp;
396 void *ikm;
397 size_t ikm_len;
398 void *salt;
399 size_t salt_len;
400 void *ctx;
401 size_t ctx_len;
402
403 if (GNUNET_OK != expect_data_dynamic (vec,
404 "out",
405 &out,
406 &out_len))
407 {
408 GNUNET_break (0);
409 return GNUNET_SYSERR;
410 }
411
412 out_len_comp = out_len;
413 out_comp = GNUNET_malloc (out_len_comp);
414
415 if (GNUNET_OK != expect_data_dynamic (vec,
416 "ikm",
417 &ikm,
418 &ikm_len))
419 {
420 GNUNET_free (out);
421 GNUNET_free (out_comp);
422 GNUNET_break (0);
423 return GNUNET_SYSERR;
424 }
425
426 if (GNUNET_OK != expect_data_dynamic (vec,
427 "salt",
428 &salt,
429 &salt_len))
430 {
431 GNUNET_free (out);
432 GNUNET_free (out_comp);
433 GNUNET_free (ikm);
434 GNUNET_break (0);
435 return GNUNET_SYSERR;
436 }
437
438 if (GNUNET_OK != expect_data_dynamic (vec,
439 "ctx",
440 &ctx,
441 &ctx_len))
442 {
443 GNUNET_free (out);
444 GNUNET_free (out_comp);
445 GNUNET_free (ikm);
447 GNUNET_break (0);
448 return GNUNET_SYSERR;
449 }
450
452 GNUNET_CRYPTO_kdf (out_comp,
453 out_len_comp,
454 salt,
455 salt_len,
456 ikm,
457 ikm_len,
458 ctx,
459 ctx_len,
460 NULL));
461
462 if (0 != memcmp (out, out_comp, out_len))
463 {
464 GNUNET_free (out);
465 GNUNET_free (out_comp);
466 GNUNET_free (ikm);
469 GNUNET_break (0);
470 return GNUNET_NO;
471 }
472 GNUNET_free (out);
473 GNUNET_free (out_comp);
474 GNUNET_free (ikm);
477 }
478 else if (0 == strcmp (operation, "eddsa_ecdh"))
479 {
480 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
481 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
482 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
483 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
484 struct GNUNET_HashCode key_material;
485 struct GNUNET_HashCode key_material_comp;
486
487 if (GNUNET_OK != expect_data_fixed (vec,
488 "priv_ecdhe",
489 &priv_ecdhe,
490 sizeof (priv_ecdhe)))
491 {
492 GNUNET_break (0);
493 return GNUNET_NO;
494 }
495
496 if (GNUNET_OK != expect_data_fixed (vec,
497 "pub_ecdhe",
498 &pub_ecdhe,
499 sizeof (pub_ecdhe)))
500 {
501 GNUNET_break (0);
502 return GNUNET_NO;
503 }
504
505 if (GNUNET_OK != expect_data_fixed (vec,
506 "priv_eddsa",
507 &priv_eddsa,
508 sizeof (priv_eddsa)))
509 {
510 GNUNET_break (0);
511 return GNUNET_NO;
512 }
513
514 if (GNUNET_OK != expect_data_fixed (vec,
515 "pub_eddsa",
516 &pub_eddsa,
517 sizeof (pub_eddsa)))
518 {
519 GNUNET_break (0);
520 return GNUNET_NO;
521 }
522
523 if (GNUNET_OK != expect_data_fixed (vec,
524 "key_material",
525 &key_material,
526 sizeof (key_material)))
527 {
528 GNUNET_break (0);
529 return GNUNET_NO;
530 }
531
532 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe,
533 &pub_eddsa,
534 &key_material_comp);
535
536 if (0 != GNUNET_memcmp (&key_material,
537 &key_material_comp))
538 {
539 GNUNET_break (0);
540 return GNUNET_NO;
541 }
542 }
543 else if (0 == strcmp (operation, "rsa_blind_signing"))
544 {
545 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
547 struct GNUNET_HashCode message_hash;
549 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
550 struct GNUNET_CRYPTO_RsaSignature *sig;
552 struct GNUNET_CRYPTO_RsaBlindedMessage bm_comp;
553 void *public_enc_data;
554 size_t public_enc_len;
555 void *secret_enc_data;
556 size_t secret_enc_len;
557 void *sig_enc_data;
558 size_t sig_enc_length;
559 void *sig_enc_data_comp;
560 size_t sig_enc_length_comp;
561
562 if (GNUNET_OK !=
564 "message_hash",
565 &message_hash,
566 sizeof (message_hash)))
567 {
568 GNUNET_break (0);
569 return GNUNET_SYSERR;
570 }
571
572 if (GNUNET_OK !=
574 "blinding_key_secret",
575 &bks,
576 sizeof (bks)))
577 {
578 GNUNET_break (0);
579 return GNUNET_SYSERR;
580 }
581
582 if (GNUNET_OK !=
584 "blinded_message",
585 &bm.blinded_msg,
586 &bm.blinded_msg_size))
587 {
588 GNUNET_break (0);
589 return GNUNET_SYSERR;
590 }
591 if (GNUNET_OK !=
593 "rsa_public_key",
594 &public_enc_data,
595 &public_enc_len))
596 {
598 GNUNET_break (0);
599 return GNUNET_SYSERR;
600 }
601 if (GNUNET_OK !=
603 "rsa_private_key",
604 &secret_enc_data,
605 &secret_enc_len))
606 {
608 GNUNET_free (public_enc_data);
609 GNUNET_break (0);
610 return GNUNET_SYSERR;
611 }
612 if (GNUNET_OK !=
614 "sig",
615 &sig_enc_data,
616 &sig_enc_length))
617 {
619 GNUNET_free (public_enc_data);
620 GNUNET_free (secret_enc_data);
621 GNUNET_break (0);
622 return GNUNET_SYSERR;
623 }
624
625 pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
626 public_enc_len);
627 GNUNET_assert (NULL != pkey);
628 skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
629 secret_enc_len);
630 GNUNET_assert (NULL != skey);
631
633 GNUNET_CRYPTO_rsa_blind (&message_hash,
634 sizeof (message_hash),
635 &bks,
636 pkey,
637 &bm_comp));
638 if ( (bm.blinded_msg_size !=
639 bm_comp.blinded_msg_size) ||
640 (0 != memcmp (bm.blinded_msg,
641 bm_comp.blinded_msg,
642 bm.blinded_msg_size)) )
643 {
646 GNUNET_free (public_enc_data);
647 GNUNET_free (secret_enc_data);
648 GNUNET_free (sig_enc_data);
651 GNUNET_break (0);
652 return GNUNET_NO;
653 }
654 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
655 &bm);
656 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
657 &bks,
658 pkey);
660 GNUNET_CRYPTO_rsa_verify (&message_hash,
661 sizeof (message_hash),
662 sig,
663 pkey));
664 GNUNET_free (public_enc_data);
666 &public_enc_data);
667 sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
668 &sig_enc_data_comp
669 );
670
671 if ( (sig_enc_length != sig_enc_length_comp) ||
672 (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
673 {
677 GNUNET_free (public_enc_data);
678 GNUNET_free (secret_enc_data);
679 GNUNET_free (sig_enc_data);
680 GNUNET_free (sig_enc_data_comp);
684 GNUNET_break (0);
685 return GNUNET_NO;
686 }
690 GNUNET_free (public_enc_data);
691 GNUNET_free (secret_enc_data);
692 GNUNET_free (sig_enc_data);
693 GNUNET_free (sig_enc_data_comp);
697 }
698 else if (0 == strcmp (operation, "cs_blind_signing"))
699 {
700 struct GNUNET_CRYPTO_CsPrivateKey priv;
703 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
704 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
705 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
706 struct GNUNET_CRYPTO_CsC c[2];
707 struct GNUNET_CRYPTO_CsS signature_scalar;
708 struct GNUNET_CRYPTO_CsBlindS blinded_s;
709 struct GNUNET_CRYPTO_CsSignature sig;
712 struct GNUNET_HashCode message_hash;
713 unsigned int b;
714
715 if (GNUNET_OK != expect_data_fixed (vec,
716 "message_hash",
717 &message_hash,
718 sizeof (message_hash)))
719 {
720 GNUNET_break (0);
721 return GNUNET_SYSERR;
722 }
723 if (GNUNET_OK != expect_data_fixed (vec,
724 "cs_public_key",
725 &pub,
726 sizeof (pub)))
727 {
728 GNUNET_break (0);
729 return GNUNET_SYSERR;
730 }
731
732 if (GNUNET_OK !=
734 "cs_private_key",
735 &priv,
736 sizeof (priv)))
737 {
738 GNUNET_break (0);
739 return GNUNET_SYSERR;
740 }
741 if (GNUNET_OK !=
743 "cs_nonce",
744 &snonce,
745 sizeof (snonce)))
746 {
747 GNUNET_break (0);
748 return GNUNET_SYSERR;
749 }
750 /* historically, the tvg used the same nonce for
751 both, which is HORRIBLE for production, but
752 maybe OK for TVG... */
753 memcpy (&bnonce,
754 &snonce,
755 sizeof (snonce));
756 if (GNUNET_OK !=
758 "cs_r_priv_0",
759 &r_priv[0],
760 sizeof (r_priv[0])))
761 {
762 GNUNET_break (0);
763 return GNUNET_SYSERR;
764 }
765 if (GNUNET_OK != expect_data_fixed (vec,
766 "cs_r_priv_1",
767 &r_priv[1],
768 sizeof (r_priv[1])))
769 {
770 GNUNET_break (0);
771 return GNUNET_SYSERR;
772 }
773 if (GNUNET_OK != expect_data_fixed (vec,
774 "cs_r_pub_0",
775 &r_pub[0],
776 sizeof (r_pub[0])))
777 {
778 GNUNET_break (0);
779 return GNUNET_SYSERR;
780 }
781 if (GNUNET_OK != expect_data_fixed (vec,
782 "cs_r_pub_1",
783 &r_pub[1],
784 sizeof (r_pub[1])))
785 {
786 GNUNET_break (0);
787 return GNUNET_SYSERR;
788 }
789
790 if (GNUNET_OK != expect_data_fixed (vec,
791 "cs_bs_alpha_0",
792 &bs[0].alpha,
793 sizeof (bs[0].alpha)))
794 {
795 GNUNET_break (0);
796 return GNUNET_SYSERR;
797 }
798 if (GNUNET_OK != expect_data_fixed (vec,
799 "cs_bs_alpha_1",
800 &bs[1].alpha,
801 sizeof (bs[1].alpha)))
802 {
803 GNUNET_break (0);
804 return GNUNET_SYSERR;
805 }
806 if (GNUNET_OK != expect_data_fixed (vec,
807 "cs_bs_beta_0",
808 &bs[0].beta,
809 sizeof (bs[0].beta)))
810 {
811 GNUNET_break (0);
812 return GNUNET_SYSERR;
813 }
814 if (GNUNET_OK !=
816 "cs_bs_beta_1",
817 &bs[1].beta,
818 sizeof (bs[1].beta)))
819 {
820 GNUNET_break (0);
821 return GNUNET_SYSERR;
822 }
823 if (GNUNET_OK !=
825 "cs_r_pub_blind_0",
826 &r_pub_blind.r_pub[0],
827 sizeof (r_pub_blind.r_pub[0])))
828 {
829 GNUNET_break (0);
830 return GNUNET_SYSERR;
831 }
832 if (GNUNET_OK !=
834 "cs_r_pub_blind_1",
835 &r_pub_blind.r_pub[1],
836 sizeof (r_pub_blind.r_pub[1])))
837 {
838 GNUNET_break (0);
839 return GNUNET_SYSERR;
840 }
841 if (GNUNET_OK !=
843 "cs_c_0",
844 &c[0],
845 sizeof (c[0])))
846 {
847 GNUNET_break (0);
848 return GNUNET_SYSERR;
849 }
850 if (GNUNET_OK != expect_data_fixed (vec,
851 "cs_c_1",
852 &c[1],
853 sizeof (c[1])))
854 {
855 GNUNET_break (0);
856 return GNUNET_SYSERR;
857 }
858 if (GNUNET_OK != expect_data_fixed (vec,
859 "cs_blind_s",
860 &blinded_s,
861 sizeof (blinded_s)))
862 {
863 GNUNET_break (0);
864 return GNUNET_SYSERR;
865 }
866 if (GNUNET_OK != expect_data_fixed (vec,
867 "cs_b",
868 &b,
869 sizeof (b)))
870 {
871 GNUNET_break (0);
872 return GNUNET_SYSERR;
873 }
874 if (GNUNET_OK != expect_data_fixed (vec,
875 "cs_sig_s",
876 &signature_scalar,
877 sizeof (signature_scalar)))
878 {
879 GNUNET_break (0);
880 return GNUNET_SYSERR;
881 }
882 sig.s_scalar = signature_scalar;
883 if (GNUNET_OK != expect_data_fixed (vec,
884 "cs_sig_R",
885 &sig.r_point,
886 sizeof (sig.r_point)))
887 {
888 GNUNET_break (0);
889 return GNUNET_SYSERR;
890 }
891
892 if ((b != 1) && (b != 0))
893 {
894 GNUNET_break (0);
895 return GNUNET_SYSERR;
896 }
897 {
898 struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2];
899 struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2];
900 struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2];
901 struct GNUNET_CRYPTO_CsC c_comp[2];
902 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind_comp;
903 struct GNUNET_CRYPTO_CsBlindSignature blinded_s_comp;
904 struct GNUNET_CRYPTO_CsS signature_scalar_comp;
905 struct GNUNET_CRYPTO_CsSignature sig_comp;
906
908 "rw",
909 &priv,
910 r_priv_comp);
911 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0],
912 &r_pub_comp[0]);
913 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1],
914 &r_pub_comp[1]);
915 GNUNET_assert (0 == memcmp (&r_priv_comp,
916 &r_priv,
917 sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2));
918 GNUNET_assert (0 == memcmp (&r_pub_comp,
919 &r_pub,
920 sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
921
923 bs_comp);
924 GNUNET_assert (0 ==
925 memcmp (&bs_comp,
926 &bs,
927 sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
928 * 2));
930 r_pub_comp,
931 &pub,
932 &message_hash,
933 sizeof(message_hash),
934 c_comp,
935 &r_pub_blind_comp);
936 GNUNET_assert (0 ==
937 memcmp (&c_comp,
938 &c,
939 sizeof(struct GNUNET_CRYPTO_CsC) * 2));
940 GNUNET_assert (0 ==
941 GNUNET_memcmp (&r_pub_blind_comp,
942 &r_pub_blind));
943 {
945 .c[0] = c_comp[0],
946 .c[1] = c_comp[1],
947 .nonce = snonce
948 };
949
951 r_priv_comp,
952 &bm,
953 &blinded_s_comp);
954 }
955 GNUNET_assert (0 ==
956 GNUNET_memcmp (&blinded_s_comp.s_scalar,
957 &blinded_s));
958 GNUNET_assert (b == blinded_s_comp.b);
959 GNUNET_CRYPTO_cs_unblind (&blinded_s_comp.s_scalar,
960 &bs_comp[b],
961 &signature_scalar_comp);
962 GNUNET_assert (0 ==
963 GNUNET_memcmp (&signature_scalar_comp,
964 &signature_scalar));
965 sig_comp.r_point = r_pub_blind_comp.r_pub[b];
966 sig_comp.s_scalar = signature_scalar_comp;
967 GNUNET_assert (0 == memcmp (&sig_comp,
968 &sig,
969 sizeof(sig_comp)));
970 if (GNUNET_OK !=
971 GNUNET_CRYPTO_cs_verify (&sig_comp,
972 &pub,
973 &message_hash,
974 sizeof(message_hash)))
975 {
976 GNUNET_break (0);
977 return GNUNET_SYSERR;
978 }
979 }
980 }
981 else
982 {
984 "unsupported operation '%s'\n", operation);
985 }
986
987 return GNUNET_OK;
988}
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
static struct GNUNET_FS_Handle * ctx
static char * pkey
Public key of the zone to look in, in ASCII.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:47
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calculations.
Definition: gnunet-scrypt.c:34
static float beta
Percentage of total peer number in the view to send random PULLs to.
static float alpha
Percentage of total peer number in the view to send random PUSHes to.
#define GNUNET_SIGNATURE_PURPOSE_TEST
WARNING: This header is generated! In order to add a signature purpose, you must register them in GAN...
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:732
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:201
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:823
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:62
#define GNUNET_log(kind,...)
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
Definition: crypto_rsa.c:1015
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_blind(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Blinds the given message with the given blinding key.
Definition: crypto_rsa.c:807
void GNUNET_CRYPTO_cs_r_get_public(const struct GNUNET_CRYPTO_CsRSecret *r_priv, struct GNUNET_CRYPTO_CsRPublic *r_pub)
Extract the public R of the given secret r.
Definition: crypto_cs.c:98
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:173
void GNUNET_CRYPTO_cs_r_derive(const struct GNUNET_CRYPTO_CsSessionNonce *nonce, const char *seed, const struct GNUNET_CRYPTO_CsPrivateKey *lts, struct GNUNET_CRYPTO_CsRSecret r[2])
Derive a new secret r pair r0 and r1.
Definition: crypto_cs.c:79
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:423
void GNUNET_CRYPTO_cs_unblind(const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, const struct GNUNET_CRYPTO_CsBlindingSecret *bs, struct GNUNET_CRYPTO_CsS *signature_scalar)
Unblind a blind-signed signature using a c that was blinded.
Definition: crypto_cs.c:318
void GNUNET_CRYPTO_rsa_blinded_message_free(struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Free memory occupied by blinded message.
Definition: crypto_rsa.c:799
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:204
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:268
void GNUNET_CRYPTO_cs_calc_blinded_c(const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], const struct GNUNET_CRYPTO_CsRPublic r_pub[2], const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len, struct GNUNET_CRYPTO_CsC blinded_c[2], struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind)
Calculate two blinded c's.
Definition: crypto_cs.c:240
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:325
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:1023
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Sign a blinded value, which must be a full domain hash of a message.
Definition: crypto_rsa.c:970
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify(const struct GNUNET_CRYPTO_CsSignature *sig, const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len)
Verify whether the given message corresponds to the given signature and the signature is valid with r...
Definition: crypto_cs.c:330
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
Definition: crypto_rsa.c:1118
void GNUNET_CRYPTO_cs_sign_derive(const struct GNUNET_CRYPTO_CsPrivateKey *priv, const struct GNUNET_CRYPTO_CsRSecret r[2], const struct GNUNET_CRYPTO_CsBlindedMessage *bm, struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig)
Sign a blinded c.
Definition: crypto_cs.c:284
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
Definition: crypto_rsa.c:1199
void GNUNET_CRYPTO_cs_blinding_secrets_derive(const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
Derives new random blinding factors.
Definition: crypto_cs.c:108
@ GNUNET_YES
@ GNUNET_SYSERR
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
@ GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_INFO
Pair of Public R values for Cs denominations.
blinded s in the signature
The Sign Answer for Clause Blind Schnorr signature.
CS Parameters derived from the message during blinding to create blinded signature.
struct GNUNET_CRYPTO_CsC c[2]
The Clause Schnorr c_0 and c_1 containing the blinded message.
Nonce for computing blinding factors.
Secret used for blinding (alpha and beta).
Schnorr c to be signed.
The private information of an Schnorr key pair.
The public information of an Schnorr key pair.
the public R (derived from r) used in c
the private r used in the signature
s in the signature
Nonce for the session, picked by client, shared with the signer.
CS Signtature containing scalar s and point R.
Private ECC key encoded for transmission.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Private ECC key encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
an ECC signature using EdDSA.
RSA Parameters to create blinded signature.
Constant-size pre-secret for blinding key generation.
The private information of an RSA key pair.
Definition: crypto_rsa.c:41
The public information of an RSA key pair.
Definition: crypto_rsa.c:53
an RSA signature
Definition: crypto_rsa.c:65
A 512-bit hashcode.
Sample signature struct.

References alpha, GNUNET_CRYPTO_CsBlindSignature::b, beta, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg_size, GNUNET_CRYPTO_CsBlindingNonce::bnonce, GNUNET_CRYPTO_CsBlindedMessage::c, ctx, data, expect_data_dynamic(), expect_data_fixed(), GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_cs_blinding_secrets_derive(), GNUNET_CRYPTO_cs_calc_blinded_c(), GNUNET_CRYPTO_cs_r_derive(), GNUNET_CRYPTO_cs_r_get_public(), GNUNET_CRYPTO_cs_sign_derive(), GNUNET_CRYPTO_cs_unblind(), GNUNET_CRYPTO_cs_verify(), GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_eddsa_sign, GNUNET_CRYPTO_eddsa_verify, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_kdf(), GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_blinded_message_free(), GNUNET_CRYPTO_rsa_private_key_decode(), GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_CRYPTO_rsa_public_key_decode(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_CRYPTO_rsa_public_key_free(), GNUNET_CRYPTO_rsa_sign_blinded(), GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_CRYPTO_rsa_signature_free(), GNUNET_CRYPTO_rsa_unblind(), GNUNET_CRYPTO_rsa_verify(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_free, GNUNET_log, GNUNET_malloc, GNUNET_memcmp, GNUNET_NO, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_TEST, GNUNET_SYSERR, GNUNET_YES, pkey, pub, GNUNET_CRYPTO_CsSignature::r_point, GNUNET_CRYPTO_CSPublicRPairP::r_pub, GNUNET_CRYPTO_CsSignature::s_scalar, GNUNET_CRYPTO_CsBlindSignature::s_scalar, salt, and GNUNET_CRYPTO_CsSessionNonce::snonce.

Referenced by check_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_vectors()

static int check_vectors ( )
static

Check test vectors from stdin.

Returns
global exit code

Definition at line 997 of file gnunet-crypto-tvg.c.

998{
999 json_error_t err;
1000 json_t *vecfile = json_loadf (stdin, 0, &err);
1001 const char *encoding;
1002 json_t *vectors;
1003
1004 if (NULL == vecfile)
1005 {
1006 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
1007 return 1;
1008 }
1009 encoding = json_string_value (json_object_get (vecfile,
1010 "encoding"));
1011 if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
1012 {
1013 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
1014 json_decref (vecfile);
1015 return 1;
1016 }
1017 vectors = json_object_get (vecfile, "vectors");
1018 if (! json_is_array (vectors))
1019 {
1020 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
1021 json_decref (vecfile);
1022 return 1;
1023 }
1024 {
1025 /* array is a JSON array */
1026 size_t index;
1027 json_t *value;
1029
1030 json_array_foreach (vectors, index, value) {
1031 const char *op = json_string_value (json_object_get (value,
1032 "operation"));
1033
1034 if (NULL == op)
1035 {
1037 "missing operation\n");
1039 break;
1040 }
1041 ret = checkvec (op, value);
1042 if (GNUNET_OK != ret)
1043 {
1045 "bad vector %u\n",
1046 (unsigned int) index);
1047 break;
1048 }
1049 }
1050 json_decref (vecfile);
1051 return (ret == GNUNET_OK) ? 0 : 1;
1052 }
1053}
static struct GNUNET_ARM_Operation * op
Current operation.
Definition: gnunet-arm.c:143
static int ret
Final status code.
Definition: gnunet-arm.c:93
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
static char * value
Value of the record to add/remove.
GNUNET_GenericReturnValue
Named constants for return values.

References checkvec(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, op, ret, and value.

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ output_vectors()

static int output_vectors ( )
static

Output test vectors.

Returns
global exit code

Definition at line 1062 of file gnunet-crypto-tvg.c.

1063{
1064 json_t *vecfile = json_object ();
1065 json_t *vecs = json_array ();
1066
1067 json_object_set_new (vecfile,
1068 "encoding",
1069 json_string ("base32crockford"));
1070 json_object_set_new (vecfile,
1071 "producer",
1072 json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
1073 json_object_set_new (vecfile,
1074 "vectors",
1075 vecs);
1076
1077 {
1078 json_t *vec = vec_for (vecs, "hash");
1079 struct GNUNET_HashCode hc;
1080 const char *str = "Hello, GNUnet";
1081
1082 GNUNET_CRYPTO_hash (str, strlen (str), &hc);
1083
1084 d2j (vec, "input", str, strlen (str));
1085 d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
1086 }
1087 {
1088 json_t *vec = vec_for (vecs, "ecc_ecdh");
1089 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
1090 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
1091 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
1092 struct GNUNET_HashCode skm;
1093
1097 &pub1);
1099 GNUNET_CRYPTO_ecc_ecdh (&priv2,
1100 &pub1,
1101 &skm));
1102
1103 d2j (vec,
1104 "priv1",
1105 &priv1,
1106 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1107 d2j (vec,
1108 "pub1",
1109 &pub1,
1110 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1111 d2j (vec,
1112 "priv2",
1113 &priv2,
1114 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1115 d2j (vec,
1116 "skm",
1117 &skm,
1118 sizeof (struct GNUNET_HashCode));
1119 }
1120
1121 {
1122 json_t *vec = vec_for (vecs, "eddsa_key_derivation");
1125
1128 &pub);
1129
1130 d2j (vec,
1131 "priv",
1132 &priv,
1133 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1134 d2j (vec,
1135 "pub",
1136 &pub,
1137 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1138 }
1139 {
1140 json_t *vec = vec_for (vecs, "eddsa_signing");
1144 struct TestSignatureDataPS data = { 0 };
1145
1148 &pub);
1149 data.purpose.size = htonl (sizeof (data));
1150 data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
1152 &data,
1153 &sig);
1156 &data,
1157 &sig,
1158 &pub));
1159
1160 d2j (vec,
1161 "priv",
1162 &priv,
1163 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1164 d2j (vec,
1165 "pub",
1166 &pub,
1167 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1168 d2j (vec,
1169 "data",
1170 &data,
1171 sizeof (struct TestSignatureDataPS));
1172 d2j (vec,
1173 "sig",
1174 &sig,
1175 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
1176 }
1177
1178 {
1179 json_t *vec = vec_for (vecs, "kdf");
1180 size_t out_len = 64;
1181 char out[out_len];
1182 const char *ikm = "I'm the secret input key material";
1183 const char *salt = "I'm very salty";
1184 const char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
1185
1187 GNUNET_CRYPTO_kdf (&out,
1188 out_len,
1189 salt,
1190 strlen (salt),
1191 ikm,
1192 strlen (ikm),
1193 ctx,
1194 strlen (ctx),
1195 NULL));
1196
1197 d2j (vec,
1198 "salt",
1199 salt,
1200 strlen (salt));
1201 d2j (vec,
1202 "ikm",
1203 ikm,
1204 strlen (ikm));
1205 d2j (vec,
1206 "ctx",
1207 ctx,
1208 strlen (ctx));
1209 uint2j (vec,
1210 "out_len",
1211 (unsigned int) out_len);
1212 d2j (vec,
1213 "out",
1214 out,
1215 out_len);
1216 }
1217 {
1218 json_t *vec = vec_for (vecs, "eddsa_ecdh");
1219 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
1220 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
1221 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
1222 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
1223 struct GNUNET_HashCode key_material;
1224
1225 GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
1226 GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
1227 GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
1228 GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
1229 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
1230
1231 d2j (vec, "priv_ecdhe",
1232 &priv_ecdhe,
1233 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1234 d2j (vec, "pub_ecdhe",
1235 &pub_ecdhe,
1236 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1237 d2j (vec, "priv_eddsa",
1238 &priv_eddsa,
1239 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1240 d2j (vec, "pub_eddsa",
1241 &pub_eddsa,
1242 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1243 d2j (vec, "key_material",
1244 &key_material,
1245 sizeof (struct GNUNET_HashCode));
1246 }
1247
1248 {
1249 json_t *vec = vec_for (vecs, "edx25519_derive");
1250 struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx;
1251 struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx;
1252 struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx;
1253 struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx;
1254 struct GNUNET_HashCode seed;
1255
1257 &seed,
1258 sizeof (struct GNUNET_HashCode));
1260 GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx);
1262 &seed,
1263 sizeof (seed),
1264 &priv2_edx);
1266 &seed,
1267 sizeof (seed),
1268 &pub2_edx);
1269
1270 d2j (vec, "priv1_edx",
1271 &priv1_edx,
1272 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1273 d2j (vec, "pub1_edx",
1274 &pub1_edx,
1275 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1276 d2j (vec, "seed",
1277 &seed,
1278 sizeof (struct GNUNET_HashCode));
1279 d2j (vec, "priv2_edx",
1280 &priv2_edx,
1281 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1282 d2j (vec, "pub2_edx",
1283 &pub2_edx,
1284 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1285 }
1286
1287 {
1288 json_t *vec = vec_for (vecs, "rsa_blind_signing");
1289
1290 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
1292 struct GNUNET_HashCode message_hash;
1294 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
1295 struct GNUNET_CRYPTO_RsaSignature *sig;
1297 void *public_enc_data;
1298 size_t public_enc_len;
1299 void *secret_enc_data;
1300 size_t secret_enc_len;
1301 void *blinded_sig_enc_data;
1302 size_t blinded_sig_enc_length;
1303 void *sig_enc_data;
1304 size_t sig_enc_length;
1305
1309 &message_hash,
1310 sizeof (struct GNUNET_HashCode));
1312 &bks,
1313 sizeof (struct
1316 GNUNET_CRYPTO_rsa_blind (&message_hash,
1317 sizeof (message_hash),
1318 &bks,
1319 pkey,
1320 &bm));
1321 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
1322 &bm);
1323 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
1324 &bks,
1325 pkey);
1327 GNUNET_CRYPTO_rsa_verify (&message_hash,
1328 sizeof (message_hash),
1329 sig,
1330 pkey));
1331 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
1332 &public_enc_data);
1333 secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
1334 &secret_enc_data);
1335 blinded_sig_enc_length
1337 &blinded_sig_enc_data);
1338 sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig,
1339 &sig_enc_data);
1340 d2j (vec,
1341 "message_hash",
1342 &message_hash,
1343 sizeof (struct GNUNET_HashCode));
1344 d2j (vec,
1345 "rsa_public_key",
1346 public_enc_data,
1347 public_enc_len);
1348 d2j (vec,
1349 "rsa_private_key",
1350 secret_enc_data,
1351 secret_enc_len);
1352 d2j (vec,
1353 "blinding_key_secret",
1354 &bks,
1355 sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
1356 d2j (vec,
1357 "blinded_message",
1358 bm.blinded_msg,
1359 bm.blinded_msg_size);
1360 d2j (vec,
1361 "blinded_sig",
1362 blinded_sig_enc_data,
1363 blinded_sig_enc_length);
1364 d2j (vec,
1365 "sig",
1366 sig_enc_data,
1367 sig_enc_length);
1372 GNUNET_free (public_enc_data);
1374 GNUNET_free (sig_enc_data);
1375 GNUNET_free (blinded_sig_enc_data);
1376 GNUNET_free (secret_enc_data);
1377 }
1378
1379 {
1380 json_t *vec = vec_for (vecs, "cs_blind_signing");
1381
1382 struct GNUNET_CRYPTO_CsPrivateKey priv;
1384 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
1385 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
1386 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
1387 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
1388 struct GNUNET_CRYPTO_CsC c[2];
1389 struct GNUNET_CRYPTO_CsS signature_scalar;
1390 struct GNUNET_CRYPTO_CsBlindSignature blinded_s;
1391 struct GNUNET_CRYPTO_CsSignature sig;
1394 struct GNUNET_HashCode message_hash;
1395
1397 &message_hash,
1398 sizeof (struct GNUNET_HashCode));
1399
1402 &pub);
1405 sizeof(snonce),
1406 "nonce",
1407 strlen ("nonce"),
1408 "nonce_secret",
1409 strlen ("nonce_secret"),
1410 NULL,
1411 0));
1412 /* NOTE: historically, we made the bad choice of
1413 making both nonces the same. Maybe barely OK
1414 for the TGV, not good for production! */
1415 memcpy (&bnonce,
1416 &snonce,
1417 sizeof (snonce));
1419 "rw",
1420 &priv,
1421 r_priv);
1423 &r_pub[0]);
1425 &r_pub[1]);
1427 bs);
1429 r_pub,
1430 &pub,
1431 &message_hash,
1432 sizeof(message_hash),
1433 c,
1434 &r_pub_blind);
1435 {
1436 struct GNUNET_CRYPTO_CsBlindedMessage bm = {
1437 .c[0] = c[0],
1438 .c[1] = c[1],
1439 .nonce = snonce
1440 };
1441
1443 r_priv,
1444 &bm,
1445 &blinded_s);
1446 }
1447 GNUNET_CRYPTO_cs_unblind (&blinded_s.s_scalar,
1448 &bs[blinded_s.b],
1449 &signature_scalar);
1450 sig.r_point = r_pub_blind.r_pub[blinded_s.b];
1451 sig.s_scalar = signature_scalar;
1452 if (GNUNET_OK !=
1454 &pub,
1455 &message_hash,
1456 sizeof(message_hash)))
1457 {
1458 GNUNET_break (0);
1459 return GNUNET_SYSERR;
1460 }
1461 d2j (vec,
1462 "message_hash",
1463 &message_hash,
1464 sizeof (struct GNUNET_HashCode));
1465 d2j (vec,
1466 "cs_public_key",
1467 &pub,
1468 sizeof(pub));
1469 d2j (vec,
1470 "cs_private_key",
1471 &priv,
1472 sizeof(priv));
1473 d2j (vec,
1474 "cs_nonce",
1475 &snonce,
1476 sizeof(snonce));
1477 d2j (vec,
1478 "cs_r_priv_0",
1479 &r_priv[0],
1480 sizeof(r_priv[0]));
1481 d2j (vec,
1482 "cs_r_priv_1",
1483 &r_priv[1],
1484 sizeof(r_priv[1]));
1485 d2j (vec,
1486 "cs_r_pub_0",
1487 &r_pub[0],
1488 sizeof(r_pub[0]));
1489 d2j (vec,
1490 "cs_r_pub_1",
1491 &r_pub[1],
1492 sizeof(r_pub[1]));
1493 d2j (vec,
1494 "cs_bs_alpha_0",
1495 &bs[0].alpha,
1496 sizeof(bs[0].alpha));
1497 d2j (vec,
1498 "cs_bs_alpha_1",
1499 &bs[1].alpha,
1500 sizeof(bs[1].alpha));
1501 d2j (vec,
1502 "cs_bs_beta_0",
1503 &bs[0].beta,
1504 sizeof(bs[0].beta));
1505 d2j (vec,
1506 "cs_bs_beta_1",
1507 &bs[1].beta,
1508 sizeof(bs[1].beta));
1509 d2j (vec,
1510 "cs_r_pub_blind_0",
1511 &r_pub_blind.r_pub[0],
1512 sizeof(r_pub_blind.r_pub[0]));
1513 d2j (vec,
1514 "cs_r_pub_blind_1",
1515 &r_pub_blind.r_pub[1],
1516 sizeof(r_pub_blind.r_pub[1]));
1517 d2j (vec,
1518 "cs_c_0",
1519 &c[0],
1520 sizeof(c[0]));
1521 d2j (vec,
1522 "cs_c_1",
1523 &c[1],
1524 sizeof(c[1]));
1525 d2j (vec,
1526 "cs_blind_s",
1527 &blinded_s,
1528 sizeof(blinded_s));
1529 d2j (vec,
1530 "cs_b",
1531 &blinded_s.b,
1532 sizeof(blinded_s.b));
1533 d2j (vec,
1534 "cs_sig_s",
1535 &signature_scalar,
1536 sizeof(signature_scalar));
1537 d2j (vec,
1538 "cs_sig_R",
1539 &r_pub_blind.r_pub[blinded_s.b],
1540 sizeof(r_pub_blind.r_pub[blinded_s.b]));
1541 }
1542
1543 json_dumpf (vecfile, stdout, JSON_INDENT (2));
1544 json_decref (vecfile);
1545 printf ("\n");
1546
1547 return 0;
1548}
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
static uint8_t seed
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:454
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
void GNUNET_CRYPTO_edx25519_private_key_derive(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
Derive a private scalar from a given private key and a label.
void GNUNET_CRYPTO_edx25519_public_key_derive(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
Derive a public key from a given public key and a label.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:480
void GNUNET_CRYPTO_edx25519_key_create(struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key.
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:217
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_gnunet(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
A peculiar HKDF instantiation that tried to mimic Truncated NMAC.
Definition: crypto_hkdf.c:199
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
Definition: crypto_rsa.c:144
void GNUNET_CRYPTO_cs_private_key_get_public(const struct GNUNET_CRYPTO_CsPrivateKey *priv, struct GNUNET_CRYPTO_CsPublicKey *pub)
Extract the public key of the given private key.
Definition: crypto_cs.c:52
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:233
void GNUNET_CRYPTO_cs_private_key_generate(struct GNUNET_CRYPTO_CsPrivateKey *priv)
Create a new random private key.
Definition: crypto_cs.c:45
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:181
Private ECC key material encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...

References alpha, GNUNET_CRYPTO_CsBlindSignature::b, beta, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg_size, GNUNET_CRYPTO_CsBlindingNonce::bnonce, GNUNET_CRYPTO_CsBlindedMessage::c, ctx, d2j(), data, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_cs_blinding_secrets_derive(), GNUNET_CRYPTO_cs_calc_blinded_c(), GNUNET_CRYPTO_cs_private_key_generate(), GNUNET_CRYPTO_cs_private_key_get_public(), GNUNET_CRYPTO_cs_r_derive(), GNUNET_CRYPTO_cs_r_get_public(), GNUNET_CRYPTO_cs_sign_derive(), GNUNET_CRYPTO_cs_unblind(), GNUNET_CRYPTO_cs_verify(), GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_eddsa_sign, GNUNET_CRYPTO_eddsa_verify, GNUNET_CRYPTO_edx25519_key_create(), GNUNET_CRYPTO_edx25519_key_get_public(), GNUNET_CRYPTO_edx25519_private_key_derive(), GNUNET_CRYPTO_edx25519_public_key_derive(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hkdf_gnunet(), GNUNET_CRYPTO_kdf(), GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_block(), GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_blinded_message_free(), GNUNET_CRYPTO_rsa_private_key_create(), GNUNET_CRYPTO_rsa_private_key_encode(), GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_CRYPTO_rsa_public_key_free(), GNUNET_CRYPTO_rsa_sign_blinded(), GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_CRYPTO_rsa_signature_free(), GNUNET_CRYPTO_rsa_unblind(), GNUNET_CRYPTO_rsa_verify(), GNUNET_free, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_TEST, GNUNET_SYSERR, GNUNET_YES, pkey, pub, GNUNET_CRYPTO_CsSignature::r_point, GNUNET_CRYPTO_CSPublicRPairP::r_pub, GNUNET_CRYPTO_CsSignature::s_scalar, GNUNET_CRYPTO_CsBlindSignature::s_scalar, salt, seed, GNUNET_CRYPTO_CsSessionNonce::snonce, uint2j(), and vec_for().

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ run()

static void run ( void *  cls,
char *const *  args,
const char *  cfgfile,
const struct GNUNET_CONFIGURATION_Handle cfg 
)
static

Main function that will be run.

Parameters
clsclosure
argsremaining command-line arguments
cfgfilename of the configuration file used (for saving, can be NULL!)
cfgconfiguration

Definition at line 1560 of file gnunet-crypto-tvg.c.

1564{
1565 if (GNUNET_YES == verify_flag)
1567 else
1569}
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
static int global_ret
Global exit code.
static int check_vectors()
Check test vectors from stdin.
static int output_vectors()
Output test vectors.

References check_vectors(), global_ret, GNUNET_YES, output_vectors(), and verify_flag.

Referenced by main().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ main()

int main ( int  argc,
char *const *  argv 
)

The main function of the test vector generation tool.

Parameters
argcnumber of arguments from the command line
argvcommand line arguments
Returns
0 ok, 1 on error

Definition at line 1580 of file gnunet-crypto-tvg.c.

1582{
1583 const struct GNUNET_GETOPT_CommandLineOption options[] = {
1585 "verify",
1586 gettext_noop (
1587 "verify a test vector from stdin"),
1588 &verify_flag),
1590 };
1591
1593 GNUNET_log_setup ("gnunet-crypto-tvg",
1594 "INFO",
1595 NULL));
1596 if (GNUNET_OK !=
1598 argc, argv,
1599 "gnunet-crypto-tvg",
1600 "Generate test vectors for cryptographic operations",
1601 options,
1602 &run, NULL))
1603 return 1;
1604 return global_ret;
1605}
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
#define gettext_noop(String)
Definition: gettext.h:74
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
enum GNUNET_GenericReturnValue GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
const struct GNUNET_OS_ProjectData * GNUNET_OS_project_data_gnunet(void)
Return default project data used by 'libgnunetutil' for GNUnet.
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(const struct GNUNET_OS_ProjectData *pd, int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
Definition: program.c:407
Definition of a command line option.

References gettext_noop, global_ret, GNUNET_assert, GNUNET_GETOPT_OPTION_END, GNUNET_GETOPT_option_flag(), GNUNET_log_setup(), GNUNET_OK, GNUNET_OS_project_data_gnunet(), GNUNET_PROGRAM_run(), options, run(), and verify_flag.

Here is the call graph for this function:

Variable Documentation

◆ verify_flag

GNUNET_NETWORK_STRUCT_END int verify_flag = GNUNET_NO
static

Should we verify or output test vectors?

Definition at line 76 of file gnunet-crypto-tvg.c.

Referenced by main(), and run().

◆ global_ret

int global_ret = 0
static

Global exit code.

Definition at line 82 of file gnunet-crypto-tvg.c.

Referenced by main(), and run().