GNUnet 0.21.1
gnunet-crypto-tvg.c File Reference
#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_signatures.h"
#include "gnunet_testing_lib.h"
#include <jansson.h>
#include <gcrypt.h>
Include dependency graph for gnunet-crypto-tvg.c:

Go to the source code of this file.

Data Structures

struct  TestSignatureDataPS
 Sample signature struct. More...
 

Functions

static json_t * vec_for (json_t *vecs, const char *vecname)
 Create a fresh test vector for a given operation label. More...
 
static void d2j (json_t *vec, const char *label, const void *data, size_t size)
 Add a base32crockford encoded value to a test vector. More...
 
static void uint2j (json_t *vec, const char *label, unsigned int num)
 Add a number to a test vector. More...
 
static int expect_data_fixed (json_t *vec, const char *name, void *data, size_t expect_len)
 
static int expect_data_dynamic (json_t *vec, const char *name, void **data, size_t *ret_len)
 
static int checkvec (const char *operation, json_t *vec)
 Check a single vector. More...
 
static int check_vectors ()
 Check test vectors from stdin. More...
 
static int output_vectors ()
 Output test vectors. More...
 
static void run (void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
 Main function that will be run. More...
 
int main (int argc, char *const *argv)
 The main function of the test vector generation tool. More...
 

Variables

static GNUNET_NETWORK_STRUCT_END int verify_flag = GNUNET_NO
 Should we verify or output test vectors? More...
 
static int global_ret = 0
 Global exit code. More...
 

Function Documentation

◆ vec_for()

static json_t * vec_for ( json_t *  vecs,
const char *  vecname 
)
static

Create a fresh test vector for a given operation label.

Parameters
vecsarray of vectors to append the new vector to
vecnamelabel for the operation of the vector
Returns
the fresh test vector

Definition at line 94 of file gnunet-crypto-tvg.c.

95{
96 json_t *t = json_object ();
97
98 json_object_set_new (t,
99 "operation",
100 json_string (vecname));
101 json_array_append_new (vecs, t);
102 return t;
103}
static struct GNUNET_SCHEDULER_Task * t
Main task.

References t.

Referenced by output_vectors().

Here is the caller graph for this function:

◆ d2j()

static void d2j ( json_t *  vec,
const char *  label,
const void *  data,
size_t  size 
)
static

Add a base32crockford encoded value to a test vector.

Parameters
vectest vector to add to
labellabel for the value
datadata to add
sizesize of data

Definition at line 116 of file gnunet-crypto-tvg.c.

120{
121 char *buf;
122 json_t *json;
123
125 json = json_string (buf);
126 GNUNET_free (buf);
127 GNUNET_break (NULL != json);
128
129 json_object_set_new (vec, label, json);
130}
static char * data
The data to insert into the dht.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
#define GNUNET_free(ptr)
Wrapper around free.
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:764
static unsigned int size
Size of the "table".
Definition: peer.c:68

References data, GNUNET_break, GNUNET_free, GNUNET_STRINGS_data_to_string_alloc(), and size.

Referenced by output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ uint2j()

static void uint2j ( json_t *  vec,
const char *  label,
unsigned int  num 
)
static

Add a number to a test vector.

Parameters
vectest vector to add to
labellabel for the value
datadata to add
sizesize of data

Definition at line 142 of file gnunet-crypto-tvg.c.

145{
146 json_t *json = json_integer (num);
147
148 json_object_set_new (vec, label, json);
149}

Referenced by output_vectors().

Here is the caller graph for this function:

◆ expect_data_fixed()

static int expect_data_fixed ( json_t *  vec,
const char *  name,
void *  data,
size_t  expect_len 
)
static

Definition at line 153 of file gnunet-crypto-tvg.c.

157{
158 const char *s = json_string_value (json_object_get (vec, name));
159
160 if (NULL == s)
161 return GNUNET_NO;
162
164 strlen (s),
165 data,
166 expect_len))
167 return GNUNET_NO;
168 return GNUNET_OK;
169}
static char * name
Name (label) of the records to list.
@ GNUNET_OK
@ GNUNET_NO
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:789

References data, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_string_to_data(), and name.

Referenced by checkvec().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ expect_data_dynamic()

static int expect_data_dynamic ( json_t *  vec,
const char *  name,
void **  data,
size_t *  ret_len 
)
static

Definition at line 173 of file gnunet-crypto-tvg.c.

177{
178 const char *s = json_string_value (json_object_get (vec, name));
179 char *tmp;
180 size_t len;
181
182 if (NULL == s)
183 return GNUNET_NO;
184
185 len = (strlen (s) * 5) / 8;
186 if (NULL != ret_len)
187 *ret_len = len;
188 tmp = GNUNET_malloc (len);
189
190 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len))
191 {
192 GNUNET_free (tmp);
193 return GNUNET_NO;
194 }
195 *data = tmp;
196 return GNUNET_OK;
197}
#define GNUNET_malloc(size)
Wrapper around malloc.

References data, GNUNET_free, GNUNET_malloc, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_string_to_data(), and name.

Referenced by checkvec().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ checkvec()

static int checkvec ( const char *  operation,
json_t *  vec 
)
static

Check a single vector.

Parameters
operationoperator of the vector
vecthe vector, a JSON object.
Returns
GNUNET_OK if the vector is okay

Definition at line 209 of file gnunet-crypto-tvg.c.

211{
213 "checking %s\n", operation);
214
215 if (0 == strcmp (operation, "hash"))
216 {
217 void *data;
218 size_t data_len;
219 struct GNUNET_HashCode hash_out;
220 struct GNUNET_HashCode hc;
221
222 if (GNUNET_OK != expect_data_dynamic (vec,
223 "input",
224 &data,
225 &data_len))
226 {
227 GNUNET_break (0);
228 return GNUNET_SYSERR;
229 }
230 if (GNUNET_OK != expect_data_fixed (vec,
231 "output",
232 &hash_out,
233 sizeof (hash_out)))
234 {
236 GNUNET_break (0);
237 return GNUNET_NO;
238 }
239
240 GNUNET_CRYPTO_hash (data, data_len, &hc);
241
242 if (0 != GNUNET_memcmp (&hc, &hash_out))
243 {
245 GNUNET_break (0);
246 return GNUNET_NO;
247 }
249 }
250 else if (0 == strcmp (operation, "ecc_ecdh"))
251 {
255 struct GNUNET_HashCode skm;
256 struct GNUNET_HashCode skm_comp;
257
258 if (GNUNET_OK != expect_data_fixed (vec,
259 "priv1",
260 &priv1,
261 sizeof (priv1)))
262 {
263 GNUNET_break (0);
264 return GNUNET_NO;
265 }
266 if (GNUNET_OK != expect_data_fixed (vec,
267 "priv2",
268 &priv2,
269 sizeof (priv2)))
270 {
271 GNUNET_break (0);
272 return GNUNET_NO;
273 }
274 if (GNUNET_OK != expect_data_fixed (vec,
275 "pub1",
276 &pub1,
277 sizeof (pub1)))
278 {
279 GNUNET_break (0);
280 return GNUNET_NO;
281 }
282 if (GNUNET_OK != expect_data_fixed (vec,
283 "skm",
284 &skm,
285 sizeof (skm)))
286 {
287 GNUNET_break (0);
288 return GNUNET_NO;
289 }
292 &pub1,
293 &skm_comp));
294 if (0 != GNUNET_memcmp (&skm, &skm_comp))
295 {
296 GNUNET_break (0);
297 return GNUNET_NO;
298 }
299 }
300 else if (0 == strcmp (operation, "eddsa_key_derivation"))
301 {
304 struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
305
306 if (GNUNET_OK != expect_data_fixed (vec,
307 "priv",
308 &priv,
309 sizeof (priv)))
310 {
311 GNUNET_break (0);
312 return GNUNET_NO;
313 }
314
315 if (GNUNET_OK != expect_data_fixed (vec,
316 "pub",
317 &pub,
318 sizeof (pub)))
319 {
320 GNUNET_break (0);
321 return GNUNET_NO;
322 }
323
325 &pub_comp);
326 if (0 != GNUNET_memcmp (&pub, &pub_comp))
327 {
328 GNUNET_break (0);
329 return GNUNET_NO;
330 }
331
332 }
333 else if (0 == strcmp (operation, "eddsa_signing"))
334 {
337 struct TestSignatureDataPS data = { 0 };
339 struct GNUNET_CRYPTO_EddsaSignature sig_comp;
340
341 if (GNUNET_OK != expect_data_fixed (vec,
342 "priv",
343 &priv,
344 sizeof (priv)))
345 {
346 GNUNET_break (0);
347 return GNUNET_NO;
348 }
349
350 if (GNUNET_OK != expect_data_fixed (vec,
351 "pub",
352 &pub,
353 sizeof (pub)))
354 {
355 GNUNET_break (0);
356 return GNUNET_NO;
357 }
358
359 if (GNUNET_OK != expect_data_fixed (vec,
360 "data",
361 &data,
362 sizeof (data)))
363 {
364 GNUNET_break (0);
365 return GNUNET_NO;
366 }
367
368 if (GNUNET_OK != expect_data_fixed (vec,
369 "sig",
370 &sig,
371 sizeof (sig)))
372 {
373 GNUNET_break (0);
374 return GNUNET_NO;
375 }
376
378 &data,
379 &sig_comp);
382 &data,
383 &sig,
384 &pub));
385 if (0 != GNUNET_memcmp (&sig, &sig_comp))
386 {
387 GNUNET_break (0);
388 return GNUNET_NO;
389 }
390 }
391 else if (0 == strcmp (operation, "kdf"))
392 {
393 size_t out_len;
394 void *out;
395 size_t out_len_comp;
396 void *out_comp;
397 void *ikm;
398 size_t ikm_len;
399 void *salt;
400 size_t salt_len;
401 void *ctx;
402 size_t ctx_len;
403
404 if (GNUNET_OK != expect_data_dynamic (vec,
405 "out",
406 &out,
407 &out_len))
408 {
409 GNUNET_break (0);
410 return GNUNET_SYSERR;
411 }
412
413 out_len_comp = out_len;
414 out_comp = GNUNET_malloc (out_len_comp);
415
416 if (GNUNET_OK != expect_data_dynamic (vec,
417 "ikm",
418 &ikm,
419 &ikm_len))
420 {
421 GNUNET_free (out);
422 GNUNET_free (out_comp);
423 GNUNET_break (0);
424 return GNUNET_SYSERR;
425 }
426
427 if (GNUNET_OK != expect_data_dynamic (vec,
428 "salt",
429 &salt,
430 &salt_len))
431 {
432 GNUNET_free (out);
433 GNUNET_free (out_comp);
434 GNUNET_free (ikm);
435 GNUNET_break (0);
436 return GNUNET_SYSERR;
437 }
438
439 if (GNUNET_OK != expect_data_dynamic (vec,
440 "ctx",
441 &ctx,
442 &ctx_len))
443 {
444 GNUNET_free (out);
445 GNUNET_free (out_comp);
446 GNUNET_free (ikm);
448 GNUNET_break (0);
449 return GNUNET_SYSERR;
450 }
451
453 GNUNET_CRYPTO_kdf (out_comp,
454 out_len_comp,
455 salt,
456 salt_len,
457 ikm,
458 ikm_len,
459 ctx,
460 ctx_len,
461 NULL));
462
463 if (0 != memcmp (out, out_comp, out_len))
464 {
465 GNUNET_free (out);
466 GNUNET_free (out_comp);
467 GNUNET_free (ikm);
470 GNUNET_break (0);
471 return GNUNET_NO;
472 }
473 GNUNET_free (out);
474 GNUNET_free (out_comp);
475 GNUNET_free (ikm);
478 }
479 else if (0 == strcmp (operation, "eddsa_ecdh"))
480 {
481 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
482 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
483 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
484 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
485 struct GNUNET_HashCode key_material;
486 struct GNUNET_HashCode key_material_comp;
487
488 if (GNUNET_OK != expect_data_fixed (vec,
489 "priv_ecdhe",
490 &priv_ecdhe,
491 sizeof (priv_ecdhe)))
492 {
493 GNUNET_break (0);
494 return GNUNET_NO;
495 }
496
497 if (GNUNET_OK != expect_data_fixed (vec,
498 "pub_ecdhe",
499 &pub_ecdhe,
500 sizeof (pub_ecdhe)))
501 {
502 GNUNET_break (0);
503 return GNUNET_NO;
504 }
505
506 if (GNUNET_OK != expect_data_fixed (vec,
507 "priv_eddsa",
508 &priv_eddsa,
509 sizeof (priv_eddsa)))
510 {
511 GNUNET_break (0);
512 return GNUNET_NO;
513 }
514
515 if (GNUNET_OK != expect_data_fixed (vec,
516 "pub_eddsa",
517 &pub_eddsa,
518 sizeof (pub_eddsa)))
519 {
520 GNUNET_break (0);
521 return GNUNET_NO;
522 }
523
524 if (GNUNET_OK != expect_data_fixed (vec,
525 "key_material",
526 &key_material,
527 sizeof (key_material)))
528 {
529 GNUNET_break (0);
530 return GNUNET_NO;
531 }
532
533 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe,
534 &pub_eddsa,
535 &key_material_comp);
536
537 if (0 != GNUNET_memcmp (&key_material,
538 &key_material_comp))
539 {
540 GNUNET_break (0);
541 return GNUNET_NO;
542 }
543 }
544 else if (0 == strcmp (operation, "rsa_blind_signing"))
545 {
546 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
548 struct GNUNET_HashCode message_hash;
550 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
551 struct GNUNET_CRYPTO_RsaSignature *sig;
553 struct GNUNET_CRYPTO_RsaBlindedMessage bm_comp;
554 void *public_enc_data;
555 size_t public_enc_len;
556 void *secret_enc_data;
557 size_t secret_enc_len;
558 void *sig_enc_data;
559 size_t sig_enc_length;
560 void *sig_enc_data_comp;
561 size_t sig_enc_length_comp;
562
563 if (GNUNET_OK !=
565 "message_hash",
566 &message_hash,
567 sizeof (message_hash)))
568 {
569 GNUNET_break (0);
570 return GNUNET_SYSERR;
571 }
572
573 if (GNUNET_OK !=
575 "blinding_key_secret",
576 &bks,
577 sizeof (bks)))
578 {
579 GNUNET_break (0);
580 return GNUNET_SYSERR;
581 }
582
583 if (GNUNET_OK !=
585 "blinded_message",
586 &bm.blinded_msg,
587 &bm.blinded_msg_size))
588 {
589 GNUNET_break (0);
590 return GNUNET_SYSERR;
591 }
592 if (GNUNET_OK !=
594 "rsa_public_key",
595 &public_enc_data,
596 &public_enc_len))
597 {
599 GNUNET_break (0);
600 return GNUNET_SYSERR;
601 }
602 if (GNUNET_OK !=
604 "rsa_private_key",
605 &secret_enc_data,
606 &secret_enc_len))
607 {
609 GNUNET_free (public_enc_data);
610 GNUNET_break (0);
611 return GNUNET_SYSERR;
612 }
613 if (GNUNET_OK !=
615 "sig",
616 &sig_enc_data,
617 &sig_enc_length))
618 {
620 GNUNET_free (public_enc_data);
621 GNUNET_free (secret_enc_data);
622 GNUNET_break (0);
623 return GNUNET_SYSERR;
624 }
625
626 pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
627 public_enc_len);
628 GNUNET_assert (NULL != pkey);
629 skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
630 secret_enc_len);
631 GNUNET_assert (NULL != skey);
632
634 GNUNET_CRYPTO_rsa_blind (&message_hash,
635 sizeof (message_hash),
636 &bks,
637 pkey,
638 &bm_comp));
639 if ( (bm.blinded_msg_size !=
640 bm_comp.blinded_msg_size) ||
641 (0 != memcmp (bm.blinded_msg,
642 bm_comp.blinded_msg,
643 bm.blinded_msg_size)) )
644 {
647 GNUNET_free (public_enc_data);
648 GNUNET_free (secret_enc_data);
649 GNUNET_free (sig_enc_data);
652 GNUNET_break (0);
653 return GNUNET_NO;
654 }
655 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
656 &bm);
657 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
658 &bks,
659 pkey);
661 GNUNET_CRYPTO_rsa_verify (&message_hash,
662 sizeof (message_hash),
663 sig,
664 pkey));
665 GNUNET_free (public_enc_data);
667 &public_enc_data);
668 sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
669 &sig_enc_data_comp);
670
671 if ( (sig_enc_length != sig_enc_length_comp) ||
672 (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
673 {
677 GNUNET_free (public_enc_data);
678 GNUNET_free (secret_enc_data);
679 GNUNET_free (sig_enc_data);
680 GNUNET_free (sig_enc_data_comp);
684 GNUNET_break (0);
685 return GNUNET_NO;
686 }
690 GNUNET_free (public_enc_data);
691 GNUNET_free (secret_enc_data);
692 GNUNET_free (sig_enc_data);
693 GNUNET_free (sig_enc_data_comp);
697 }
698 else if (0 == strcmp (operation, "cs_blind_signing"))
699 {
700 struct GNUNET_CRYPTO_CsPrivateKey priv;
703 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
704 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
705 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
706 struct GNUNET_CRYPTO_CsC c[2];
707 struct GNUNET_CRYPTO_CsS signature_scalar;
708 struct GNUNET_CRYPTO_CsBlindS blinded_s;
709 struct GNUNET_CRYPTO_CsSignature sig;
712 struct GNUNET_HashCode message_hash;
713 unsigned int b;
714
715 if (GNUNET_OK != expect_data_fixed (vec,
716 "message_hash",
717 &message_hash,
718 sizeof (message_hash)))
719 {
720 GNUNET_break (0);
721 return GNUNET_SYSERR;
722 }
723 if (GNUNET_OK != expect_data_fixed (vec,
724 "cs_public_key",
725 &pub,
726 sizeof (pub)))
727 {
728 GNUNET_break (0);
729 return GNUNET_SYSERR;
730 }
731
732 if (GNUNET_OK !=
734 "cs_private_key",
735 &priv,
736 sizeof (priv)))
737 {
738 GNUNET_break (0);
739 return GNUNET_SYSERR;
740 }
741 if (GNUNET_OK !=
743 "cs_nonce",
744 &snonce,
745 sizeof (snonce)))
746 {
747 GNUNET_break (0);
748 return GNUNET_SYSERR;
749 }
750 /* historically, the tvg used the same nonce for
751 both, which is HORRIBLE for production, but
752 maybe OK for TVG... */
753 memcpy (&bnonce,
754 &snonce,
755 sizeof (snonce));
756 if (GNUNET_OK !=
758 "cs_r_priv_0",
759 &r_priv[0],
760 sizeof (r_priv[0])))
761 {
762 GNUNET_break (0);
763 return GNUNET_SYSERR;
764 }
765 if (GNUNET_OK != expect_data_fixed (vec,
766 "cs_r_priv_1",
767 &r_priv[1],
768 sizeof (r_priv[1])))
769 {
770 GNUNET_break (0);
771 return GNUNET_SYSERR;
772 }
773 if (GNUNET_OK != expect_data_fixed (vec,
774 "cs_r_pub_0",
775 &r_pub[0],
776 sizeof (r_pub[0])))
777 {
778 GNUNET_break (0);
779 return GNUNET_SYSERR;
780 }
781 if (GNUNET_OK != expect_data_fixed (vec,
782 "cs_r_pub_1",
783 &r_pub[1],
784 sizeof (r_pub[1])))
785 {
786 GNUNET_break (0);
787 return GNUNET_SYSERR;
788 }
789
790 if (GNUNET_OK != expect_data_fixed (vec,
791 "cs_bs_alpha_0",
792 &bs[0].alpha,
793 sizeof (bs[0].alpha)))
794 {
795 GNUNET_break (0);
796 return GNUNET_SYSERR;
797 }
798 if (GNUNET_OK != expect_data_fixed (vec,
799 "cs_bs_alpha_1",
800 &bs[1].alpha,
801 sizeof (bs[1].alpha)))
802 {
803 GNUNET_break (0);
804 return GNUNET_SYSERR;
805 }
806 if (GNUNET_OK != expect_data_fixed (vec,
807 "cs_bs_beta_0",
808 &bs[0].beta,
809 sizeof (bs[0].beta)))
810 {
811 GNUNET_break (0);
812 return GNUNET_SYSERR;
813 }
814 if (GNUNET_OK !=
816 "cs_bs_beta_1",
817 &bs[1].beta,
818 sizeof (bs[1].beta)))
819 {
820 GNUNET_break (0);
821 return GNUNET_SYSERR;
822 }
823 if (GNUNET_OK !=
825 "cs_r_pub_blind_0",
826 &r_pub_blind.r_pub[0],
827 sizeof (r_pub_blind.r_pub[0])))
828 {
829 GNUNET_break (0);
830 return GNUNET_SYSERR;
831 }
832 if (GNUNET_OK !=
834 "cs_r_pub_blind_1",
835 &r_pub_blind.r_pub[1],
836 sizeof (r_pub_blind.r_pub[1])))
837 {
838 GNUNET_break (0);
839 return GNUNET_SYSERR;
840 }
841 if (GNUNET_OK !=
843 "cs_c_0",
844 &c[0],
845 sizeof (c[0])))
846 {
847 GNUNET_break (0);
848 return GNUNET_SYSERR;
849 }
850 if (GNUNET_OK != expect_data_fixed (vec,
851 "cs_c_1",
852 &c[1],
853 sizeof (c[1])))
854 {
855 GNUNET_break (0);
856 return GNUNET_SYSERR;
857 }
858 if (GNUNET_OK != expect_data_fixed (vec,
859 "cs_blind_s",
860 &blinded_s,
861 sizeof (blinded_s)))
862 {
863 GNUNET_break (0);
864 return GNUNET_SYSERR;
865 }
866 if (GNUNET_OK != expect_data_fixed (vec,
867 "cs_b",
868 &b,
869 sizeof (b)))
870 {
871 GNUNET_break (0);
872 return GNUNET_SYSERR;
873 }
874 if (GNUNET_OK != expect_data_fixed (vec,
875 "cs_sig_s",
876 &signature_scalar,
877 sizeof (signature_scalar)))
878 {
879 GNUNET_break (0);
880 return GNUNET_SYSERR;
881 }
882 sig.s_scalar = signature_scalar;
883 if (GNUNET_OK != expect_data_fixed (vec,
884 "cs_sig_R",
885 &sig.r_point,
886 sizeof (sig.r_point)))
887 {
888 GNUNET_break (0);
889 return GNUNET_SYSERR;
890 }
891
892 if ((b != 1) && (b != 0))
893 {
894 GNUNET_break (0);
895 return GNUNET_SYSERR;
896 }
897
898 struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2];
899 struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2];
900 struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2];
901 struct GNUNET_CRYPTO_CsC c_comp[2];
902 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind_comp;
903 struct GNUNET_CRYPTO_CsBlindSignature blinded_s_comp;
904 struct GNUNET_CRYPTO_CsS signature_scalar_comp;
905 struct GNUNET_CRYPTO_CsSignature sig_comp;
906
908 "rw",
909 &priv,
910 r_priv_comp);
911 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0],
912 &r_pub_comp[0]);
913 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1],
914 &r_pub_comp[1]);
915 GNUNET_assert (0 == memcmp (&r_priv_comp,
916 &r_priv,
917 sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2));
918 GNUNET_assert (0 == memcmp (&r_pub_comp,
919 &r_pub,
920 sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
921
923 bs_comp);
924 GNUNET_assert (0 ==
925 memcmp (&bs_comp,
926 &bs,
927 sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
928 * 2));
930 r_pub_comp,
931 &pub,
932 &message_hash,
933 sizeof(message_hash),
934 c_comp,
935 &r_pub_blind_comp);
936 GNUNET_assert (0 ==
937 memcmp (&c_comp,
938 &c,
939 sizeof(struct GNUNET_CRYPTO_CsC) * 2));
940 GNUNET_assert (0 ==
941 GNUNET_memcmp (&r_pub_blind_comp,
942 &r_pub_blind));
943 {
945 .c[0] = c_comp[0],
946 .c[1] = c_comp[1],
947 .nonce = snonce
948 };
949
951 r_priv_comp,
952 &bm,
953 &blinded_s_comp);
954 }
955 GNUNET_assert (0 ==
956 GNUNET_memcmp (&blinded_s_comp.s_scalar,
957 &blinded_s));
958 GNUNET_assert (b == blinded_s_comp.b);
959 GNUNET_CRYPTO_cs_unblind (&blinded_s_comp.s_scalar,
960 &bs_comp[b],
961 &signature_scalar_comp);
962 GNUNET_assert (0 ==
963 GNUNET_memcmp (&signature_scalar_comp,
964 &signature_scalar));
965 sig_comp.r_point = r_pub_blind_comp.r_pub[b];
966 sig_comp.s_scalar = signature_scalar_comp;
967 GNUNET_assert (0 == memcmp (&sig_comp,
968 &sig,
969 sizeof(sig_comp)));
970 if (GNUNET_OK !=
971 GNUNET_CRYPTO_cs_verify (&sig_comp,
972 &pub,
973 &message_hash,
974 sizeof(message_hash)))
975 {
976 GNUNET_break (0);
977 return GNUNET_SYSERR;
978 }
979 }
980 else
981 {
983 "unsupported operation '%s'\n", operation);
984 }
985
986 return GNUNET_OK;
987}
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
static struct GNUNET_FS_Handle * ctx
static char * pkey
Public key of the zone to look in, in ASCII.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:47
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
Definition: gnunet-scrypt.c:34
static float beta
Percentage of total peer number in the view to send random PULLs to.
static float alpha
Percentage of total peer number in the view to send random PUSHes to.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:729
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:198
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:792
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:70
#define GNUNET_log(kind,...)
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
Definition: crypto_rsa.c:1015
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_blind(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Blinds the given message with the given blinding key.
Definition: crypto_rsa.c:807
void GNUNET_CRYPTO_cs_r_get_public(const struct GNUNET_CRYPTO_CsRSecret *r_priv, struct GNUNET_CRYPTO_CsRPublic *r_pub)
Extract the public R of the given secret r.
Definition: crypto_cs.c:98
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:173
void GNUNET_CRYPTO_cs_r_derive(const struct GNUNET_CRYPTO_CsSessionNonce *nonce, const char *seed, const struct GNUNET_CRYPTO_CsPrivateKey *lts, struct GNUNET_CRYPTO_CsRSecret r[2])
Derive a new secret r pair r0 and r1.
Definition: crypto_cs.c:79
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:423
void GNUNET_CRYPTO_cs_unblind(const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, const struct GNUNET_CRYPTO_CsBlindingSecret *bs, struct GNUNET_CRYPTO_CsS *signature_scalar)
Unblind a blind-signed signature using a c that was blinded.
Definition: crypto_cs.c:321
void GNUNET_CRYPTO_rsa_blinded_message_free(struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Free memory occupied by blinded message.
Definition: crypto_rsa.c:799
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:204
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:268
void GNUNET_CRYPTO_cs_calc_blinded_c(const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], const struct GNUNET_CRYPTO_CsRPublic r_pub[2], const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len, struct GNUNET_CRYPTO_CsC blinded_c[2], struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind)
Calculate two blinded c's.
Definition: crypto_cs.c:241
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:325
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:1023
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Sign a blinded value, which must be a full domain hash of a message.
Definition: crypto_rsa.c:970
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify(const struct GNUNET_CRYPTO_CsSignature *sig, const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len)
Verify whether the given message corresponds to the given signature and the signature is valid with r...
Definition: crypto_cs.c:333
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
Definition: crypto_rsa.c:1118
void GNUNET_CRYPTO_cs_sign_derive(const struct GNUNET_CRYPTO_CsPrivateKey *priv, const struct GNUNET_CRYPTO_CsRSecret r[2], const struct GNUNET_CRYPTO_CsBlindedMessage *bm, struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig)
Sign a blinded c.
Definition: crypto_cs.c:285
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
Definition: crypto_rsa.c:1199
void GNUNET_CRYPTO_cs_blinding_secrets_derive(const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
Derives new random blinding factors.
Definition: crypto_cs.c:108
@ GNUNET_YES
@ GNUNET_SYSERR
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
@ GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_INFO
#define GNUNET_SIGNATURE_PURPOSE_TEST
WARNING: This header is generated! In order to add a signature purpose, you must register them in GAN...
Pair of Public R values for Cs denominations.
blinded s in the signature
The Sign Answer for Clause Blind Schnorr signature.
CS Parameters derived from the message during blinding to create blinded signature.
struct GNUNET_CRYPTO_CsC c[2]
The Clause Schnorr c_0 and c_1 containing the blinded message.
Nonce for computing blinding factors.
Secret used for blinding (alpha and beta).
Schnorr c to be signed.
The private information of an Schnorr key pair.
The public information of an Schnorr key pair.
the public R (derived from r) used in c
the private r used in the signature
s in the signature
Nonce for the session, picked by client, shared with the signer.
CS Signtature containing scalar s and point R.
Private ECC key encoded for transmission.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Private ECC key encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
an ECC signature using EdDSA.
RSA Parameters to create blinded signature.
Constant-size pre-secret for blinding key generation.
The private information of an RSA key pair.
Definition: crypto_rsa.c:41
The public information of an RSA key pair.
Definition: crypto_rsa.c:53
an RSA signature
Definition: crypto_rsa.c:65
A 512-bit hashcode.
Sample signature struct.

References alpha, GNUNET_CRYPTO_CsBlindSignature::b, beta, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg_size, GNUNET_CRYPTO_CsBlindingNonce::bnonce, GNUNET_CRYPTO_CsBlindedMessage::c, ctx, data, expect_data_dynamic(), expect_data_fixed(), GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_cs_blinding_secrets_derive(), GNUNET_CRYPTO_cs_calc_blinded_c(), GNUNET_CRYPTO_cs_r_derive(), GNUNET_CRYPTO_cs_r_get_public(), GNUNET_CRYPTO_cs_sign_derive(), GNUNET_CRYPTO_cs_unblind(), GNUNET_CRYPTO_cs_verify(), GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_eddsa_sign, GNUNET_CRYPTO_eddsa_verify, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_kdf(), GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_blinded_message_free(), GNUNET_CRYPTO_rsa_private_key_decode(), GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_CRYPTO_rsa_public_key_decode(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_CRYPTO_rsa_public_key_free(), GNUNET_CRYPTO_rsa_sign_blinded(), GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_CRYPTO_rsa_signature_free(), GNUNET_CRYPTO_rsa_unblind(), GNUNET_CRYPTO_rsa_verify(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_free, GNUNET_log, GNUNET_malloc, GNUNET_memcmp, GNUNET_NO, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_TEST, GNUNET_SYSERR, GNUNET_YES, pkey, pub, GNUNET_CRYPTO_CsSignature::r_point, GNUNET_CRYPTO_CSPublicRPairP::r_pub, GNUNET_CRYPTO_CsSignature::s_scalar, GNUNET_CRYPTO_CsBlindSignature::s_scalar, salt, and GNUNET_CRYPTO_CsSessionNonce::snonce.

Referenced by check_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_vectors()

static int check_vectors ( )
static

Check test vectors from stdin.

Returns
global exit code

Definition at line 996 of file gnunet-crypto-tvg.c.

997{
998 json_error_t err;
999 json_t *vecfile = json_loadf (stdin, 0, &err);
1000 const char *encoding;
1001 json_t *vectors;
1002
1003 if (NULL == vecfile)
1004 {
1005 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
1006 return 1;
1007 }
1008 encoding = json_string_value (json_object_get (vecfile,
1009 "encoding"));
1010 if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
1011 {
1012 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
1013 json_decref (vecfile);
1014 return 1;
1015 }
1016 vectors = json_object_get (vecfile, "vectors");
1017 if (! json_is_array (vectors))
1018 {
1019 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
1020 json_decref (vecfile);
1021 return 1;
1022 }
1023 {
1024 /* array is a JSON array */
1025 size_t index;
1026 json_t *value;
1028
1029 json_array_foreach (vectors, index, value) {
1030 const char *op = json_string_value (json_object_get (value,
1031 "operation"));
1032
1033 if (NULL == op)
1034 {
1036 "missing operation\n");
1038 break;
1039 }
1040 ret = checkvec (op, value);
1041 if (GNUNET_OK != ret)
1042 {
1044 "bad vector %u\n",
1045 (unsigned int) index);
1046 break;
1047 }
1048 }
1049 json_decref (vecfile);
1050 return (ret == GNUNET_OK) ? 0 : 1;
1051 }
1052}
static struct GNUNET_ARM_Operation * op
Current operation.
Definition: gnunet-arm.c:144
static int ret
Final status code.
Definition: gnunet-arm.c:94
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
static char * value
Value of the record to add/remove.
GNUNET_GenericReturnValue
Named constants for return values.

References checkvec(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, op, ret, and value.

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ output_vectors()

static int output_vectors ( )
static

Output test vectors.

Returns
global exit code

Definition at line 1061 of file gnunet-crypto-tvg.c.

1062{
1063 json_t *vecfile = json_object ();
1064 json_t *vecs = json_array ();
1065
1066 json_object_set_new (vecfile,
1067 "encoding",
1068 json_string ("base32crockford"));
1069 json_object_set_new (vecfile,
1070 "producer",
1071 json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
1072 json_object_set_new (vecfile,
1073 "vectors",
1074 vecs);
1075
1076 {
1077 json_t *vec = vec_for (vecs, "hash");
1078 struct GNUNET_HashCode hc;
1079 char *str = "Hello, GNUnet";
1080
1081 GNUNET_CRYPTO_hash (str, strlen (str), &hc);
1082
1083 d2j (vec, "input", str, strlen (str));
1084 d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
1085 }
1086 {
1087 json_t *vec = vec_for (vecs, "ecc_ecdh");
1088 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
1089 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
1090 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
1091 struct GNUNET_HashCode skm;
1092
1096 &pub1);
1098 GNUNET_CRYPTO_ecc_ecdh (&priv2,
1099 &pub1,
1100 &skm));
1101
1102 d2j (vec,
1103 "priv1",
1104 &priv1,
1105 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1106 d2j (vec,
1107 "pub1",
1108 &pub1,
1109 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1110 d2j (vec,
1111 "priv2",
1112 &priv2,
1113 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1114 d2j (vec,
1115 "skm",
1116 &skm,
1117 sizeof (struct GNUNET_HashCode));
1118 }
1119
1120 {
1121 json_t *vec = vec_for (vecs, "eddsa_key_derivation");
1124
1127 &pub);
1128
1129 d2j (vec,
1130 "priv",
1131 &priv,
1132 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1133 d2j (vec,
1134 "pub",
1135 &pub,
1136 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1137 }
1138 {
1139 json_t *vec = vec_for (vecs, "eddsa_signing");
1143 struct TestSignatureDataPS data = { 0 };
1144
1147 &pub);
1148 data.purpose.size = htonl (sizeof (data));
1149 data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
1151 &data,
1152 &sig);
1155 &data,
1156 &sig,
1157 &pub));
1158
1159 d2j (vec,
1160 "priv",
1161 &priv,
1162 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1163 d2j (vec,
1164 "pub",
1165 &pub,
1166 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1167 d2j (vec,
1168 "data",
1169 &data,
1170 sizeof (struct TestSignatureDataPS));
1171 d2j (vec,
1172 "sig",
1173 &sig,
1174 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
1175 }
1176
1177 {
1178 json_t *vec = vec_for (vecs, "kdf");
1179 size_t out_len = 64;
1180 char out[out_len];
1181 char *ikm = "I'm the secret input key material";
1182 char *salt = "I'm very salty";
1183 char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
1184
1186 GNUNET_CRYPTO_kdf (&out,
1187 out_len,
1188 salt,
1189 strlen (salt),
1190 ikm,
1191 strlen (ikm),
1192 ctx,
1193 strlen (ctx),
1194 NULL));
1195
1196 d2j (vec,
1197 "salt",
1198 salt,
1199 strlen (salt));
1200 d2j (vec,
1201 "ikm",
1202 ikm,
1203 strlen (ikm));
1204 d2j (vec,
1205 "ctx",
1206 ctx,
1207 strlen (ctx));
1208 uint2j (vec,
1209 "out_len",
1210 (unsigned int) out_len);
1211 d2j (vec,
1212 "out",
1213 out,
1214 out_len);
1215 }
1216 {
1217 json_t *vec = vec_for (vecs, "eddsa_ecdh");
1218 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
1219 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
1220 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
1221 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
1222 struct GNUNET_HashCode key_material;
1223
1224 GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
1225 GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
1226 GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
1227 GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
1228 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
1229
1230 d2j (vec, "priv_ecdhe",
1231 &priv_ecdhe,
1232 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1233 d2j (vec, "pub_ecdhe",
1234 &pub_ecdhe,
1235 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1236 d2j (vec, "priv_eddsa",
1237 &priv_eddsa,
1238 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1239 d2j (vec, "pub_eddsa",
1240 &pub_eddsa,
1241 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1242 d2j (vec, "key_material",
1243 &key_material,
1244 sizeof (struct GNUNET_HashCode));
1245 }
1246
1247 {
1248 json_t *vec = vec_for (vecs, "edx25519_derive");
1249 struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx;
1250 struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx;
1251 struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx;
1252 struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx;
1253 struct GNUNET_HashCode seed;
1254
1256 &seed,
1257 sizeof (struct GNUNET_HashCode));
1259 GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx);
1261 &seed,
1262 sizeof (seed),
1263 &priv2_edx);
1265 &seed,
1266 sizeof (seed),
1267 &pub2_edx);
1268
1269 d2j (vec, "priv1_edx",
1270 &priv1_edx,
1271 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1272 d2j (vec, "pub1_edx",
1273 &pub1_edx,
1274 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1275 d2j (vec, "seed",
1276 &seed,
1277 sizeof (struct GNUNET_HashCode));
1278 d2j (vec, "priv2_edx",
1279 &priv2_edx,
1280 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1281 d2j (vec, "pub2_edx",
1282 &pub2_edx,
1283 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1284 }
1285
1286 {
1287 json_t *vec = vec_for (vecs, "rsa_blind_signing");
1288
1289 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
1291 struct GNUNET_HashCode message_hash;
1293 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
1294 struct GNUNET_CRYPTO_RsaSignature *sig;
1296 void *public_enc_data;
1297 size_t public_enc_len;
1298 void *secret_enc_data;
1299 size_t secret_enc_len;
1300 void *blinded_sig_enc_data;
1301 size_t blinded_sig_enc_length;
1302 void *sig_enc_data;
1303 size_t sig_enc_length;
1304
1308 &message_hash,
1309 sizeof (struct GNUNET_HashCode));
1311 &bks,
1312 sizeof (struct
1315 GNUNET_CRYPTO_rsa_blind (&message_hash,
1316 sizeof (message_hash),
1317 &bks,
1318 pkey,
1319 &bm));
1320 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
1321 &bm);
1322 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
1323 &bks,
1324 pkey);
1326 GNUNET_CRYPTO_rsa_verify (&message_hash,
1327 sizeof (message_hash),
1328 sig,
1329 pkey));
1330 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
1331 &public_enc_data);
1332 secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
1333 &secret_enc_data);
1334 blinded_sig_enc_length
1336 &blinded_sig_enc_data);
1337 sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig,
1338 &sig_enc_data);
1339 d2j (vec,
1340 "message_hash",
1341 &message_hash,
1342 sizeof (struct GNUNET_HashCode));
1343 d2j (vec,
1344 "rsa_public_key",
1345 public_enc_data,
1346 public_enc_len);
1347 d2j (vec,
1348 "rsa_private_key",
1349 secret_enc_data,
1350 secret_enc_len);
1351 d2j (vec,
1352 "blinding_key_secret",
1353 &bks,
1354 sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
1355 d2j (vec,
1356 "blinded_message",
1357 bm.blinded_msg,
1358 bm.blinded_msg_size);
1359 d2j (vec,
1360 "blinded_sig",
1361 blinded_sig_enc_data,
1362 blinded_sig_enc_length);
1363 d2j (vec,
1364 "sig",
1365 sig_enc_data,
1366 sig_enc_length);
1371 GNUNET_free (public_enc_data);
1373 GNUNET_free (sig_enc_data);
1374 GNUNET_free (blinded_sig_enc_data);
1375 GNUNET_free (secret_enc_data);
1376 }
1377
1378 {
1379 json_t *vec = vec_for (vecs, "cs_blind_signing");
1380
1381 struct GNUNET_CRYPTO_CsPrivateKey priv;
1383 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
1384 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
1385 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
1386 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
1387 struct GNUNET_CRYPTO_CsC c[2];
1388 struct GNUNET_CRYPTO_CsS signature_scalar;
1389 struct GNUNET_CRYPTO_CsBlindSignature blinded_s;
1390 struct GNUNET_CRYPTO_CsSignature sig;
1393 struct GNUNET_HashCode message_hash;
1394
1396 &message_hash,
1397 sizeof (struct GNUNET_HashCode));
1398
1401 &pub);
1403 GNUNET_CRYPTO_hkdf (&snonce,
1404 sizeof(snonce),
1405 GCRY_MD_SHA512,
1406 GCRY_MD_SHA256,
1407 "nonce",
1408 strlen ("nonce"),
1409 "nonce_secret",
1410 strlen ("nonce_secret"),
1411 NULL,
1412 0));
1413 /* NOTE: historically, we made the bad choice of
1414 making both nonces the same. Maybe barely OK
1415 for the TGV, not good for production! */
1416 memcpy (&bnonce,
1417 &snonce,
1418 sizeof (snonce));
1420 "rw",
1421 &priv,
1422 r_priv);
1424 &r_pub[0]);
1426 &r_pub[1]);
1428 bs);
1430 r_pub,
1431 &pub,
1432 &message_hash,
1433 sizeof(message_hash),
1434 c,
1435 &r_pub_blind);
1436 {
1437 struct GNUNET_CRYPTO_CsBlindedMessage bm = {
1438 .c[0] = c[0],
1439 .c[1] = c[1],
1440 .nonce = snonce
1441 };
1442
1444 r_priv,
1445 &bm,
1446 &blinded_s);
1447 }
1448 GNUNET_CRYPTO_cs_unblind (&blinded_s.s_scalar,
1449 &bs[blinded_s.b],
1450 &signature_scalar);
1451 sig.r_point = r_pub_blind.r_pub[blinded_s.b];
1452 sig.s_scalar = signature_scalar;
1453 if (GNUNET_OK !=
1455 &pub,
1456 &message_hash,
1457 sizeof(message_hash)))
1458 {
1459 GNUNET_break (0);
1460 return GNUNET_SYSERR;
1461 }
1462 d2j (vec,
1463 "message_hash",
1464 &message_hash,
1465 sizeof (struct GNUNET_HashCode));
1466 d2j (vec,
1467 "cs_public_key",
1468 &pub,
1469 sizeof(pub));
1470 d2j (vec,
1471 "cs_private_key",
1472 &priv,
1473 sizeof(priv));
1474 d2j (vec,
1475 "cs_nonce",
1476 &snonce,
1477 sizeof(snonce));
1478 d2j (vec,
1479 "cs_r_priv_0",
1480 &r_priv[0],
1481 sizeof(r_priv[0]));
1482 d2j (vec,
1483 "cs_r_priv_1",
1484 &r_priv[1],
1485 sizeof(r_priv[1]));
1486 d2j (vec,
1487 "cs_r_pub_0",
1488 &r_pub[0],
1489 sizeof(r_pub[0]));
1490 d2j (vec,
1491 "cs_r_pub_1",
1492 &r_pub[1],
1493 sizeof(r_pub[1]));
1494 d2j (vec,
1495 "cs_bs_alpha_0",
1496 &bs[0].alpha,
1497 sizeof(bs[0].alpha));
1498 d2j (vec,
1499 "cs_bs_alpha_1",
1500 &bs[1].alpha,
1501 sizeof(bs[1].alpha));
1502 d2j (vec,
1503 "cs_bs_beta_0",
1504 &bs[0].beta,
1505 sizeof(bs[0].beta));
1506 d2j (vec,
1507 "cs_bs_beta_1",
1508 &bs[1].beta,
1509 sizeof(bs[1].beta));
1510 d2j (vec,
1511 "cs_r_pub_blind_0",
1512 &r_pub_blind.r_pub[0],
1513 sizeof(r_pub_blind.r_pub[0]));
1514 d2j (vec,
1515 "cs_r_pub_blind_1",
1516 &r_pub_blind.r_pub[1],
1517 sizeof(r_pub_blind.r_pub[1]));
1518 d2j (vec,
1519 "cs_c_0",
1520 &c[0],
1521 sizeof(c[0]));
1522 d2j (vec,
1523 "cs_c_1",
1524 &c[1],
1525 sizeof(c[1]));
1526 d2j (vec,
1527 "cs_blind_s",
1528 &blinded_s,
1529 sizeof(blinded_s));
1530 d2j (vec,
1531 "cs_b",
1532 &blinded_s.b,
1533 sizeof(blinded_s.b));
1534 d2j (vec,
1535 "cs_sig_s",
1536 &signature_scalar,
1537 sizeof(signature_scalar));
1538 d2j (vec,
1539 "cs_sig_R",
1540 &r_pub_blind.r_pub[blinded_s.b],
1541 sizeof(r_pub_blind.r_pub[blinded_s.b]));
1542 }
1543
1544 json_dumpf (vecfile, stdout, JSON_INDENT (2));
1545 json_decref (vecfile);
1546 printf ("\n");
1547
1548 return 0;
1549}
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:451
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
void GNUNET_CRYPTO_edx25519_private_key_derive(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
Derive a private scalar from a given private key and a label.
void GNUNET_CRYPTO_edx25519_public_key_derive(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
Derive a public key from a given public key and a label.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:477
void GNUNET_CRYPTO_edx25519_key_create(struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key.
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:214
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf(void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_hkdf.c:341
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
Definition: crypto_rsa.c:144
void GNUNET_CRYPTO_cs_private_key_get_public(const struct GNUNET_CRYPTO_CsPrivateKey *priv, struct GNUNET_CRYPTO_CsPublicKey *pub)
Extract the public key of the given private key.
Definition: crypto_cs.c:52
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:233
void GNUNET_CRYPTO_cs_private_key_generate(struct GNUNET_CRYPTO_CsPrivateKey *priv)
Create a new random private key.
Definition: crypto_cs.c:45
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:181
Private ECC key material encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...

References alpha, GNUNET_CRYPTO_CsBlindSignature::b, beta, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg_size, GNUNET_CRYPTO_CsBlindingNonce::bnonce, GNUNET_CRYPTO_CsBlindedMessage::c, ctx, d2j(), data, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_cs_blinding_secrets_derive(), GNUNET_CRYPTO_cs_calc_blinded_c(), GNUNET_CRYPTO_cs_private_key_generate(), GNUNET_CRYPTO_cs_private_key_get_public(), GNUNET_CRYPTO_cs_r_derive(), GNUNET_CRYPTO_cs_r_get_public(), GNUNET_CRYPTO_cs_sign_derive(), GNUNET_CRYPTO_cs_unblind(), GNUNET_CRYPTO_cs_verify(), GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_eddsa_sign, GNUNET_CRYPTO_eddsa_verify, GNUNET_CRYPTO_edx25519_key_create(), GNUNET_CRYPTO_edx25519_key_get_public(), GNUNET_CRYPTO_edx25519_private_key_derive(), GNUNET_CRYPTO_edx25519_public_key_derive(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hkdf(), GNUNET_CRYPTO_kdf(), GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_block(), GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_blinded_message_free(), GNUNET_CRYPTO_rsa_private_key_create(), GNUNET_CRYPTO_rsa_private_key_encode(), GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_CRYPTO_rsa_public_key_free(), GNUNET_CRYPTO_rsa_sign_blinded(), GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_CRYPTO_rsa_signature_free(), GNUNET_CRYPTO_rsa_unblind(), GNUNET_CRYPTO_rsa_verify(), GNUNET_free, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_TEST, GNUNET_SYSERR, GNUNET_YES, pkey, pub, GNUNET_CRYPTO_CsSignature::r_point, GNUNET_CRYPTO_CSPublicRPairP::r_pub, GNUNET_CRYPTO_CsSignature::s_scalar, GNUNET_CRYPTO_CsBlindSignature::s_scalar, salt, GNUNET_CRYPTO_CsSessionNonce::snonce, uint2j(), and vec_for().

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ run()

static void run ( void *  cls,
char *const *  args,
const char *  cfgfile,
const struct GNUNET_CONFIGURATION_Handle cfg 
)
static

Main function that will be run.

Parameters
clsclosure
argsremaining command-line arguments
cfgfilename of the configuration file used (for saving, can be NULL!)
cfgconfiguration

Definition at line 1561 of file gnunet-crypto-tvg.c.

1565{
1566 if (GNUNET_YES == verify_flag)
1568 else
1570}
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
static int global_ret
Global exit code.
static int check_vectors()
Check test vectors from stdin.
static int output_vectors()
Output test vectors.

References check_vectors(), global_ret, GNUNET_YES, output_vectors(), and verify_flag.

Referenced by main().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ main()

int main ( int  argc,
char *const *  argv 
)

The main function of the test vector generation tool.

Parameters
argcnumber of arguments from the command line
argvcommand line arguments
Returns
0 ok, 1 on error

Definition at line 1581 of file gnunet-crypto-tvg.c.

1583{
1584 const struct GNUNET_GETOPT_CommandLineOption options[] = {
1586 "verify",
1587 gettext_noop (
1588 "verify a test vector from stdin"),
1589 &verify_flag),
1591 };
1592
1594 GNUNET_log_setup ("gnunet-crypto-tvg",
1595 "INFO",
1596 NULL));
1597 if (GNUNET_OK !=
1598 GNUNET_PROGRAM_run (argc, argv,
1599 "gnunet-crypto-tvg",
1600 "Generate test vectors for cryptographic operations",
1601 options,
1602 &run, NULL))
1603 return 1;
1604 return global_ret;
1605}
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
#define gettext_noop(String)
Definition: gettext.h:70
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
enum GNUNET_GenericReturnValue GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
Definition: program.c:400
Definition of a command line option.

References gettext_noop, global_ret, GNUNET_assert, GNUNET_GETOPT_OPTION_END, GNUNET_GETOPT_option_flag(), GNUNET_log_setup(), GNUNET_OK, GNUNET_PROGRAM_run(), options, run(), and verify_flag.

Here is the call graph for this function:

Variable Documentation

◆ verify_flag

GNUNET_NETWORK_STRUCT_END int verify_flag = GNUNET_NO
static

Should we verify or output test vectors?

Definition at line 77 of file gnunet-crypto-tvg.c.

Referenced by main(), and run().

◆ global_ret

int global_ret = 0
static

Global exit code.

Definition at line 83 of file gnunet-crypto-tvg.c.

Referenced by main(), and run().