GNUnet 0.26.2-20-ga2d76f2e4
 
Loading...
Searching...
No Matches
Data Structures | Functions | Variables
gnunet-crypto-tvg.c File Reference
#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_signatures.h"
#include <jansson.h>
#include <gcrypt.h>
Include dependency graph for gnunet-crypto-tvg.c:

Go to the source code of this file.

Data Structures

struct  TestSignatureDataPS
 Sample signature struct. More...
 

Functions

static json_t * vec_for (json_t *vecs, const char *vecname)
 Create a fresh test vector for a given operation label.
 
static void d2j (json_t *vec, const char *label, const void *data, size_t size)
 Add a base32crockford encoded value to a test vector.
 
static void uint2j (json_t *vec, const char *label, unsigned int num)
 Add a number to a test vector.
 
static int expect_data_fixed (json_t *vec, const char *name, void *data, size_t expect_len)
 
static int expect_data_dynamic (json_t *vec, const char *name, void **data, size_t *ret_len)
 
static int checkvec (const char *operation, json_t *vec)
 Check a single vector.
 
static int check_vectors ()
 Check test vectors from stdin.
 
static int output_vectors ()
 Output test vectors.
 
static void run (void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
 Main function that will be run.
 
int main (int argc, char *const *argv)
 The main function of the test vector generation tool.
 

Variables

static GNUNET_NETWORK_STRUCT_END int verify_flag = GNUNET_NO
 Should we verify or output test vectors?
 
static int global_ret = 0
 Global exit code.
 

Function Documentation

◆ vec_for()

static json_t * vec_for ( json_t *  vecs,
const char *  vecname 
)
static

Create a fresh test vector for a given operation label.

Parameters
vecsarray of vectors to append the new vector to
vecnamelabel for the operation of the vector
Returns
the fresh test vector

Definition at line 93 of file gnunet-crypto-tvg.c.

94{
95 json_t *t = json_object ();
96
97 json_object_set_new (t,
98 "operation",
99 json_string (vecname));
100 json_array_append_new (vecs, t);
101 return t;
102}
t
static struct GNUNET_SCHEDULER_Task * t
Main task.
Definition gnunet-namestore-zonefile.c:302

References t.

Referenced by output_vectors().

Here is the caller graph for this function:

◆ d2j()

static void d2j ( json_t *  vec,
const char *  label,
const void *  data,
size_t  size 
)
static

Add a base32crockford encoded value to a test vector.

Parameters
vectest vector to add to
labellabel for the value
datadata to add
sizesize of data

Definition at line 115 of file gnunet-crypto-tvg.c.

119{
120 char *buf;
121 json_t *json;
122
123 buf = GNUNET_STRINGS_data_to_string_alloc (data, size);
124 json = json_string (buf);
125 GNUNET_free (buf);
126 GNUNET_break (NULL != json);
127
128 json_object_set_new (vec, label, json);
129}
data
static char * data
The data to insert into the dht.
Definition gnunet-dht-put.c:88
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition gnunet_common.h:1045
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition gnunet_common.h:1415
GNUNET_STRINGS_data_to_string_alloc
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition strings.c:812
size
static unsigned int size
Size of the "table".
Definition peer.c:68

References data, GNUNET_break, GNUNET_free, GNUNET_STRINGS_data_to_string_alloc(), and size.

Referenced by output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ uint2j()

static void uint2j ( json_t *  vec,
const char *  label,
unsigned int  num 
)
static

Add a number to a test vector.

Parameters
vectest vector to add to
labellabel for the value
datadata to add
sizesize of data

Definition at line 141 of file gnunet-crypto-tvg.c.

144{
145 json_t *json = json_integer (num);
146
147 json_object_set_new (vec, label, json);
148}

Referenced by output_vectors().

Here is the caller graph for this function:

◆ expect_data_fixed()

static int expect_data_fixed ( json_t *  vec,
const char *  name,
void *  data,
size_t  expect_len 
)
static

Definition at line 152 of file gnunet-crypto-tvg.c.

156{
157 const char *s = json_string_value (json_object_get (vec, name));
158
159 if (NULL == s)
160 return GNUNET_NO;
161
162 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s,
163 strlen (s),
164 data,
165 expect_len))
166 return GNUNET_NO;
167 return GNUNET_OK;
168}
name
static char * name
Name (label) of the records to list.
Definition gnunet-namecache.c:48
GNUNET_OK
@ GNUNET_OK
Definition gnunet_common.h:114
GNUNET_NO
@ GNUNET_NO
Definition gnunet_common.h:113
GNUNET_STRINGS_string_to_data
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition strings.c:837

References data, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_string_to_data(), and name.

Referenced by checkvec().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ expect_data_dynamic()

static int expect_data_dynamic ( json_t *  vec,
const char *  name,
void **  data,
size_t *  ret_len 
)
static

Definition at line 172 of file gnunet-crypto-tvg.c.

176{
177 const char *s = json_string_value (json_object_get (vec, name));
178 char *tmp;
179 size_t len;
180
181 if (NULL == s)
182 return GNUNET_NO;
183
184 len = (strlen (s) * 5) / 8;
185 if (NULL != ret_len)
186 *ret_len = len;
187 tmp = GNUNET_malloc (len);
188
189 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len))
190 {
191 GNUNET_free (tmp);
192 return GNUNET_NO;
193 }
194 *data = tmp;
195 return GNUNET_OK;
196}
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition gnunet_common.h:1355

References data, GNUNET_free, GNUNET_malloc, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_string_to_data(), and name.

Referenced by checkvec().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ checkvec()

static int checkvec ( const char *  operation,
json_t *  vec 
)
static

Check a single vector.

Parameters
operationoperator of the vector
vecthe vector, a JSON object.
Returns
GNUNET_OK if the vector is okay

Definition at line 208 of file gnunet-crypto-tvg.c.

210{
211 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
212 "checking %s\n", operation);
213
214 if (0 == strcmp (operation, "hash"))
215 {
216 void *data;
217 size_t data_len;
218 struct GNUNET_HashCode hash_out;
219 struct GNUNET_HashCode hc;
220
221 if (GNUNET_OK != expect_data_dynamic (vec,
222 "input",
223 &data,
224 &data_len))
225 {
226 GNUNET_break (0);
227 return GNUNET_SYSERR;
228 }
229 if (GNUNET_OK != expect_data_fixed (vec,
230 "output",
231 &hash_out,
232 sizeof (hash_out)))
233 {
234 GNUNET_free (data);
235 GNUNET_break (0);
236 return GNUNET_NO;
237 }
238
239 GNUNET_CRYPTO_hash (data, data_len, &hc);
240
241 if (0 != GNUNET_memcmp (&hc, &hash_out))
242 {
243 GNUNET_free (data);
244 GNUNET_break (0);
245 return GNUNET_NO;
246 }
247 GNUNET_free (data);
248 }
249 else if (0 == strcmp (operation, "ecc_ecdh"))
250 {
251 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
252 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
253 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
254 struct GNUNET_HashCode skm;
255 struct GNUNET_HashCode skm_comp;
256
257 if (GNUNET_OK != expect_data_fixed (vec,
258 "priv1",
259 &priv1,
260 sizeof (priv1)))
261 {
262 GNUNET_break (0);
263 return GNUNET_NO;
264 }
265 if (GNUNET_OK != expect_data_fixed (vec,
266 "priv2",
267 &priv2,
268 sizeof (priv2)))
269 {
270 GNUNET_break (0);
271 return GNUNET_NO;
272 }
273 if (GNUNET_OK != expect_data_fixed (vec,
274 "pub1",
275 &pub1,
276 sizeof (pub1)))
277 {
278 GNUNET_break (0);
279 return GNUNET_NO;
280 }
281 if (GNUNET_OK != expect_data_fixed (vec,
282 "skm",
283 &skm,
284 sizeof (skm)))
285 {
286 GNUNET_break (0);
287 return GNUNET_NO;
288 }
289 GNUNET_assert (GNUNET_OK ==
290 GNUNET_CRYPTO_ecc_ecdh (&priv2,
291 &pub1,
292 &skm_comp));
293 if (0 != GNUNET_memcmp (&skm, &skm_comp))
294 {
295 GNUNET_break (0);
296 return GNUNET_NO;
297 }
298 }
299 else if (0 == strcmp (operation, "eddsa_key_derivation"))
300 {
301 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
302 struct GNUNET_CRYPTO_EddsaPublicKey pub;
303 struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
304
305 if (GNUNET_OK != expect_data_fixed (vec,
306 "priv",
307 &priv,
308 sizeof (priv)))
309 {
310 GNUNET_break (0);
311 return GNUNET_NO;
312 }
313
314 if (GNUNET_OK != expect_data_fixed (vec,
315 "pub",
316 &pub,
317 sizeof (pub)))
318 {
319 GNUNET_break (0);
320 return GNUNET_NO;
321 }
322
323 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
324 &pub_comp);
325 if (0 != GNUNET_memcmp (&pub, &pub_comp))
326 {
327 GNUNET_break (0);
328 return GNUNET_NO;
329 }
330
331 }
332 else if (0 == strcmp (operation, "eddsa_signing"))
333 {
334 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
335 struct GNUNET_CRYPTO_EddsaPublicKey pub;
336 struct TestSignatureDataPS data = { 0 };
337 struct GNUNET_CRYPTO_EddsaSignature sig;
338 struct GNUNET_CRYPTO_EddsaSignature sig_comp;
339
340 if (GNUNET_OK != expect_data_fixed (vec,
341 "priv",
342 &priv,
343 sizeof (priv)))
344 {
345 GNUNET_break (0);
346 return GNUNET_NO;
347 }
348
349 if (GNUNET_OK != expect_data_fixed (vec,
350 "pub",
351 &pub,
352 sizeof (pub)))
353 {
354 GNUNET_break (0);
355 return GNUNET_NO;
356 }
357
358 if (GNUNET_OK != expect_data_fixed (vec,
359 "data",
360 &data,
361 sizeof (data)))
362 {
363 GNUNET_break (0);
364 return GNUNET_NO;
365 }
366
367 if (GNUNET_OK != expect_data_fixed (vec,
368 "sig",
369 &sig,
370 sizeof (sig)))
371 {
372 GNUNET_break (0);
373 return GNUNET_NO;
374 }
375
376 GNUNET_CRYPTO_eddsa_sign (&priv,
377 &data,
378 &sig_comp);
379 GNUNET_assert (GNUNET_OK ==
380 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
381 &data,
382 &sig,
383 &pub));
384 if (0 != GNUNET_memcmp (&sig, &sig_comp))
385 {
386 GNUNET_break (0);
387 return GNUNET_NO;
388 }
389 }
390 else if (0 == strcmp (operation, "kdf"))
391 {
392 size_t out_len;
393 void *out;
394 size_t out_len_comp;
395 void *out_comp;
396 void *ikm;
397 size_t ikm_len;
398 void *salt;
399 size_t salt_len;
400 void *ctx;
401 size_t ctx_len;
402
403 if (GNUNET_OK != expect_data_dynamic (vec,
404 "out",
405 &out,
406 &out_len))
407 {
408 GNUNET_break (0);
409 return GNUNET_SYSERR;
410 }
411
412 out_len_comp = out_len;
413 out_comp = GNUNET_malloc (out_len_comp);
414
415 if (GNUNET_OK != expect_data_dynamic (vec,
416 "ikm",
417 &ikm,
418 &ikm_len))
419 {
420 GNUNET_free (out);
421 GNUNET_free (out_comp);
422 GNUNET_break (0);
423 return GNUNET_SYSERR;
424 }
425
426 if (GNUNET_OK != expect_data_dynamic (vec,
427 "salt",
428 &salt,
429 &salt_len))
430 {
431 GNUNET_free (out);
432 GNUNET_free (out_comp);
433 GNUNET_free (ikm);
434 GNUNET_break (0);
435 return GNUNET_SYSERR;
436 }
437
438 if (GNUNET_OK != expect_data_dynamic (vec,
439 "ctx",
440 &ctx,
441 &ctx_len))
442 {
443 GNUNET_free (out);
444 GNUNET_free (out_comp);
445 GNUNET_free (ikm);
446 GNUNET_free (salt);
447 GNUNET_break (0);
448 return GNUNET_SYSERR;
449 }
450
451 GNUNET_assert (GNUNET_OK ==
452 GNUNET_CRYPTO_hkdf_gnunet (
453 out_comp,
454 out_len_comp,
455 salt,
456 salt_len,
457 ikm,
458 ikm_len,
459 GNUNET_CRYPTO_kdf_arg (ctx,
460 ctx_len)));
461
462 if (0 != memcmp (out, out_comp, out_len))
463 {
464 GNUNET_free (out);
465 GNUNET_free (out_comp);
466 GNUNET_free (ikm);
467 GNUNET_free (salt);
468 GNUNET_free (ctx);
469 GNUNET_break (0);
470 return GNUNET_NO;
471 }
472 GNUNET_free (out);
473 GNUNET_free (out_comp);
474 GNUNET_free (ikm);
475 GNUNET_free (salt);
476 GNUNET_free (ctx);
477 }
478 else if (0 == strcmp (operation, "eddsa_ecdh"))
479 {
480 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
481 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
482 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
483 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
484 struct GNUNET_HashCode key_material;
485 struct GNUNET_HashCode key_material_comp;
486
487 if (GNUNET_OK != expect_data_fixed (vec,
488 "priv_ecdhe",
489 &priv_ecdhe,
490 sizeof (priv_ecdhe)))
491 {
492 GNUNET_break (0);
493 return GNUNET_NO;
494 }
495
496 if (GNUNET_OK != expect_data_fixed (vec,
497 "pub_ecdhe",
498 &pub_ecdhe,
499 sizeof (pub_ecdhe)))
500 {
501 GNUNET_break (0);
502 return GNUNET_NO;
503 }
504
505 if (GNUNET_OK != expect_data_fixed (vec,
506 "priv_eddsa",
507 &priv_eddsa,
508 sizeof (priv_eddsa)))
509 {
510 GNUNET_break (0);
511 return GNUNET_NO;
512 }
513
514 if (GNUNET_OK != expect_data_fixed (vec,
515 "pub_eddsa",
516 &pub_eddsa,
517 sizeof (pub_eddsa)))
518 {
519 GNUNET_break (0);
520 return GNUNET_NO;
521 }
522
523 if (GNUNET_OK != expect_data_fixed (vec,
524 "key_material",
525 &key_material,
526 sizeof (key_material)))
527 {
528 GNUNET_break (0);
529 return GNUNET_NO;
530 }
531
532 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe,
533 &pub_eddsa,
534 &key_material_comp);
535
536 if (0 != GNUNET_memcmp (&key_material,
537 &key_material_comp))
538 {
539 GNUNET_break (0);
540 return GNUNET_NO;
541 }
542 }
543 else if (0 == strcmp (operation, "rsa_blind_signing"))
544 {
545 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
546 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
547 struct GNUNET_HashCode message_hash;
548 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
549 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
550 struct GNUNET_CRYPTO_RsaSignature *sig;
551 struct GNUNET_CRYPTO_RsaBlindedMessage bm;
552 struct GNUNET_CRYPTO_RsaBlindedMessage bm_comp;
553 void *public_enc_data;
554 size_t public_enc_len;
555 void *secret_enc_data;
556 size_t secret_enc_len;
557 void *sig_enc_data;
558 size_t sig_enc_length;
559 void *sig_enc_data_comp;
560 size_t sig_enc_length_comp;
561
562 if (GNUNET_OK !=
563 expect_data_fixed (vec,
564 "message_hash",
565 &message_hash,
566 sizeof (message_hash)))
567 {
568 GNUNET_break (0);
569 return GNUNET_SYSERR;
570 }
571
572 if (GNUNET_OK !=
573 expect_data_fixed (vec,
574 "blinding_key_secret",
575 &bks,
576 sizeof (bks)))
577 {
578 GNUNET_break (0);
579 return GNUNET_SYSERR;
580 }
581
582 if (GNUNET_OK !=
583 expect_data_dynamic (vec,
584 "blinded_message",
585 &bm.blinded_msg,
586 &bm.blinded_msg_size))
587 {
588 GNUNET_break (0);
589 return GNUNET_SYSERR;
590 }
591 if (GNUNET_OK !=
592 expect_data_dynamic (vec,
593 "rsa_public_key",
594 &public_enc_data,
595 &public_enc_len))
596 {
597 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
598 GNUNET_break (0);
599 return GNUNET_SYSERR;
600 }
601 if (GNUNET_OK !=
602 expect_data_dynamic (vec,
603 "rsa_private_key",
604 &secret_enc_data,
605 &secret_enc_len))
606 {
607 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
608 GNUNET_free (public_enc_data);
609 GNUNET_break (0);
610 return GNUNET_SYSERR;
611 }
612 if (GNUNET_OK !=
613 expect_data_dynamic (vec,
614 "sig",
615 &sig_enc_data,
616 &sig_enc_length))
617 {
618 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
619 GNUNET_free (public_enc_data);
620 GNUNET_free (secret_enc_data);
621 GNUNET_break (0);
622 return GNUNET_SYSERR;
623 }
624
625 pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
626 public_enc_len);
627 GNUNET_assert (NULL != pkey);
628 skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
629 secret_enc_len);
630 GNUNET_assert (NULL != skey);
631
632 GNUNET_assert (GNUNET_YES ==
633 GNUNET_CRYPTO_rsa_blind (&message_hash,
634 sizeof (message_hash),
635 &bks,
636 pkey,
637 &bm_comp));
638 if ( (bm.blinded_msg_size !=
639 bm_comp.blinded_msg_size) ||
640 (0 != memcmp (bm.blinded_msg,
641 bm_comp.blinded_msg,
642 bm.blinded_msg_size)) )
643 {
644 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
645 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
646 GNUNET_free (public_enc_data);
647 GNUNET_free (secret_enc_data);
648 GNUNET_free (sig_enc_data);
649 GNUNET_CRYPTO_rsa_private_key_free (skey);
650 GNUNET_CRYPTO_rsa_public_key_free (pkey);
651 GNUNET_break (0);
652 return GNUNET_NO;
653 }
654 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
655 &bm);
656 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
657 &bks,
658 pkey);
659 GNUNET_assert (GNUNET_YES ==
660 GNUNET_CRYPTO_rsa_verify (&message_hash,
661 sizeof (message_hash),
662 sig,
663 pkey));
664 GNUNET_free (public_enc_data);
665 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
666 &public_enc_data);
667 sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
668 &sig_enc_data_comp
669 );
670
671 if ( (sig_enc_length != sig_enc_length_comp) ||
672 (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
673 {
674 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
675 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
676 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
677 GNUNET_free (public_enc_data);
678 GNUNET_free (secret_enc_data);
679 GNUNET_free (sig_enc_data);
680 GNUNET_free (sig_enc_data_comp);
681 GNUNET_CRYPTO_rsa_private_key_free (skey);
682 GNUNET_CRYPTO_rsa_signature_free (sig);
683 GNUNET_CRYPTO_rsa_public_key_free (pkey);
684 GNUNET_break (0);
685 return GNUNET_NO;
686 }
687 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
688 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
689 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
690 GNUNET_free (public_enc_data);
691 GNUNET_free (secret_enc_data);
692 GNUNET_free (sig_enc_data);
693 GNUNET_free (sig_enc_data_comp);
694 GNUNET_CRYPTO_rsa_signature_free (sig);
695 GNUNET_CRYPTO_rsa_public_key_free (pkey);
696 GNUNET_CRYPTO_rsa_private_key_free (skey);
697 }
698 else if (0 == strcmp (operation, "cs_blind_signing"))
699 {
700 struct GNUNET_CRYPTO_CsPrivateKey priv;
701 struct GNUNET_CRYPTO_CsPublicKey pub;
702 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
703 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
704 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
705 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
706 struct GNUNET_CRYPTO_CsC c[2];
707 struct GNUNET_CRYPTO_CsS signature_scalar;
708 struct GNUNET_CRYPTO_CsBlindS blinded_s;
709 struct GNUNET_CRYPTO_CsSignature sig;
710 struct GNUNET_CRYPTO_CsSessionNonce snonce;
711 struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
712 struct GNUNET_HashCode message_hash;
713 unsigned int b;
714
715 if (GNUNET_OK != expect_data_fixed (vec,
716 "message_hash",
717 &message_hash,
718 sizeof (message_hash)))
719 {
720 GNUNET_break (0);
721 return GNUNET_SYSERR;
722 }
723 if (GNUNET_OK != expect_data_fixed (vec,
724 "cs_public_key",
725 &pub,
726 sizeof (pub)))
727 {
728 GNUNET_break (0);
729 return GNUNET_SYSERR;
730 }
731
732 if (GNUNET_OK !=
733 expect_data_fixed (vec,
734 "cs_private_key",
735 &priv,
736 sizeof (priv)))
737 {
738 GNUNET_break (0);
739 return GNUNET_SYSERR;
740 }
741 if (GNUNET_OK !=
742 expect_data_fixed (vec,
743 "cs_nonce",
744 &snonce,
745 sizeof (snonce)))
746 {
747 GNUNET_break (0);
748 return GNUNET_SYSERR;
749 }
750 /* historically, the tvg used the same nonce for
751 both, which is HORRIBLE for production, but
752 maybe OK for TVG... */
753 memcpy (&bnonce,
754 &snonce,
755 sizeof (snonce));
756 if (GNUNET_OK !=
757 expect_data_fixed (vec,
758 "cs_r_priv_0",
759 &r_priv[0],
760 sizeof (r_priv[0])))
761 {
762 GNUNET_break (0);
763 return GNUNET_SYSERR;
764 }
765 if (GNUNET_OK != expect_data_fixed (vec,
766 "cs_r_priv_1",
767 &r_priv[1],
768 sizeof (r_priv[1])))
769 {
770 GNUNET_break (0);
771 return GNUNET_SYSERR;
772 }
773 if (GNUNET_OK != expect_data_fixed (vec,
774 "cs_r_pub_0",
775 &r_pub[0],
776 sizeof (r_pub[0])))
777 {
778 GNUNET_break (0);
779 return GNUNET_SYSERR;
780 }
781 if (GNUNET_OK != expect_data_fixed (vec,
782 "cs_r_pub_1",
783 &r_pub[1],
784 sizeof (r_pub[1])))
785 {
786 GNUNET_break (0);
787 return GNUNET_SYSERR;
788 }
789
790 if (GNUNET_OK != expect_data_fixed (vec,
791 "cs_bs_alpha_0",
792 &bs[0].alpha,
793 sizeof (bs[0].alpha)))
794 {
795 GNUNET_break (0);
796 return GNUNET_SYSERR;
797 }
798 if (GNUNET_OK != expect_data_fixed (vec,
799 "cs_bs_alpha_1",
800 &bs[1].alpha,
801 sizeof (bs[1].alpha)))
802 {
803 GNUNET_break (0);
804 return GNUNET_SYSERR;
805 }
806 if (GNUNET_OK != expect_data_fixed (vec,
807 "cs_bs_beta_0",
808 &bs[0].beta,
809 sizeof (bs[0].beta)))
810 {
811 GNUNET_break (0);
812 return GNUNET_SYSERR;
813 }
814 if (GNUNET_OK !=
815 expect_data_fixed (vec,
816 "cs_bs_beta_1",
817 &bs[1].beta,
818 sizeof (bs[1].beta)))
819 {
820 GNUNET_break (0);
821 return GNUNET_SYSERR;
822 }
823 if (GNUNET_OK !=
824 expect_data_fixed (vec,
825 "cs_r_pub_blind_0",
826 &r_pub_blind.r_pub[0],
827 sizeof (r_pub_blind.r_pub[0])))
828 {
829 GNUNET_break (0);
830 return GNUNET_SYSERR;
831 }
832 if (GNUNET_OK !=
833 expect_data_fixed (vec,
834 "cs_r_pub_blind_1",
835 &r_pub_blind.r_pub[1],
836 sizeof (r_pub_blind.r_pub[1])))
837 {
838 GNUNET_break (0);
839 return GNUNET_SYSERR;
840 }
841 if (GNUNET_OK !=
842 expect_data_fixed (vec,
843 "cs_c_0",
844 &c[0],
845 sizeof (c[0])))
846 {
847 GNUNET_break (0);
848 return GNUNET_SYSERR;
849 }
850 if (GNUNET_OK != expect_data_fixed (vec,
851 "cs_c_1",
852 &c[1],
853 sizeof (c[1])))
854 {
855 GNUNET_break (0);
856 return GNUNET_SYSERR;
857 }
858 if (GNUNET_OK != expect_data_fixed (vec,
859 "cs_blind_s",
860 &blinded_s,
861 sizeof (blinded_s)))
862 {
863 GNUNET_break (0);
864 return GNUNET_SYSERR;
865 }
866 if (GNUNET_OK != expect_data_fixed (vec,
867 "cs_b",
868 &b,
869 sizeof (b)))
870 {
871 GNUNET_break (0);
872 return GNUNET_SYSERR;
873 }
874 if (GNUNET_OK != expect_data_fixed (vec,
875 "cs_sig_s",
876 &signature_scalar,
877 sizeof (signature_scalar)))
878 {
879 GNUNET_break (0);
880 return GNUNET_SYSERR;
881 }
882 sig.s_scalar = signature_scalar;
883 if (GNUNET_OK != expect_data_fixed (vec,
884 "cs_sig_R",
885 &sig.r_point,
886 sizeof (sig.r_point)))
887 {
888 GNUNET_break (0);
889 return GNUNET_SYSERR;
890 }
891
892 if ((b != 1) && (b != 0))
893 {
894 GNUNET_break (0);
895 return GNUNET_SYSERR;
896 }
897 {
898 struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2];
899 struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2];
900 struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2];
901 struct GNUNET_CRYPTO_CsC c_comp[2];
902 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind_comp;
903 struct GNUNET_CRYPTO_CsBlindSignature blinded_s_comp;
904 struct GNUNET_CRYPTO_CsS signature_scalar_comp;
905 struct GNUNET_CRYPTO_CsSignature sig_comp;
906
907 GNUNET_CRYPTO_cs_r_derive (&snonce,
908 "rw",
909 &priv,
910 r_priv_comp);
911 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0],
912 &r_pub_comp[0]);
913 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1],
914 &r_pub_comp[1]);
915 GNUNET_assert (0 == memcmp (&r_priv_comp,
916 &r_priv,
917 sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2));
918 GNUNET_assert (0 == memcmp (&r_pub_comp,
919 &r_pub,
920 sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
921
922 GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce,
923 bs_comp);
924 GNUNET_assert (0 ==
925 memcmp (&bs_comp,
926 &bs,
927 sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
928 * 2));
929 GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp,
930 r_pub_comp,
931 &pub,
932 &message_hash,
933 sizeof(message_hash),
934 c_comp,
935 &r_pub_blind_comp);
936 GNUNET_assert (0 ==
937 memcmp (&c_comp,
938 &c,
939 sizeof(struct GNUNET_CRYPTO_CsC) * 2));
940 GNUNET_assert (0 ==
941 GNUNET_memcmp (&r_pub_blind_comp,
942 &r_pub_blind));
943 {
944 struct GNUNET_CRYPTO_CsBlindedMessage bm = {
945 .c[0] = c_comp[0],
946 .c[1] = c_comp[1],
947 .nonce = snonce
948 };
949
950 GNUNET_CRYPTO_cs_sign_derive (&priv,
951 r_priv_comp,
952 &bm,
953 &blinded_s_comp);
954 }
955 GNUNET_assert (0 ==
956 GNUNET_memcmp (&blinded_s_comp.s_scalar,
957 &blinded_s));
958 GNUNET_assert (b == blinded_s_comp.b);
959 GNUNET_CRYPTO_cs_unblind (&blinded_s_comp.s_scalar,
960 &bs_comp[b],
961 &signature_scalar_comp);
962 GNUNET_assert (0 ==
963 GNUNET_memcmp (&signature_scalar_comp,
964 &signature_scalar));
965 sig_comp.r_point = r_pub_blind_comp.r_pub[b];
966 sig_comp.s_scalar = signature_scalar_comp;
967 GNUNET_assert (0 == memcmp (&sig_comp,
968 &sig,
969 sizeof(sig_comp)));
970 if (GNUNET_OK !=
971 GNUNET_CRYPTO_cs_verify (&sig_comp,
972 &pub,
973 &message_hash,
974 sizeof(message_hash)))
975 {
976 GNUNET_break (0);
977 return GNUNET_SYSERR;
978 }
979 }
980 }
981 else
982 {
983 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
984 "unsupported operation '%s'\n", operation);
985 }
986
987 return GNUNET_OK;
988}
expect_data_fixed
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
Definition gnunet-crypto-tvg.c:152
expect_data_dynamic
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
Definition gnunet-crypto-tvg.c:172
ctx
static struct GNUNET_FS_Handle * ctx
Definition gnunet-download.c:40
pkey
static char * pkey
Public key of the zone to look in, in ASCII.
Definition gnunet-namecache.c:58
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition gnunet-scrypt.c:47
salt
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calculations.
Definition gnunet-scrypt.c:34
ikm
static unsigned char ikm[256/8]
The initial key material for the peer.
Definition gnunet-service-pils.c:78
beta
static float beta
Percentage of total peer number in the view to send random PULLs to.
Definition gnunet-service-rps.c:494
alpha
static float alpha
Percentage of total peer number in the view to send random PUSHes to.
Definition gnunet-service-rps.c:488
GNUNET_SIGNATURE_PURPOSE_TEST
#define GNUNET_SIGNATURE_PURPOSE_TEST
WARNING: This header is generated! In order to add a signature purpose, you must register them in GAN...
Definition gnunet_signatures.h:52
GNUNET_CRYPTO_ecc_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition crypto_ecc.c:732
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition crypto_ecc.c:201
GNUNET_CRYPTO_ecdh_eddsa
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition crypto_ecc.c:823
GNUNET_CRYPTO_eddsa_sign
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
Definition gnunet_crypto_lib.h:2743
GNUNET_CRYPTO_eddsa_verify
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
Definition gnunet_crypto_lib.h:2905
GNUNET_CRYPTO_hash
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition crypto_hash.c:41
GNUNET_CRYPTO_hkdf_gnunet
#define GNUNET_CRYPTO_hkdf_gnunet(result, out_len, xts, xts_len, skm, skm_len,...)
A peculiar HKDF instantiation that tried to mimic Truncated NMAC.
Definition gnunet_crypto_lib.h:1449
GNUNET_log
#define GNUNET_log(kind,...)
Definition gnunet_common.h:551
GNUNET_CRYPTO_rsa_signature_free
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
Definition crypto_rsa.c:1015
GNUNET_CRYPTO_rsa_blind
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_blind(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Blinds the given message with the given blinding key.
Definition crypto_rsa.c:807
GNUNET_CRYPTO_cs_r_get_public
void GNUNET_CRYPTO_cs_r_get_public(const struct GNUNET_CRYPTO_CsRSecret *r_priv, struct GNUNET_CRYPTO_CsRPublic *r_pub)
Extract the public R of the given secret r.
Definition crypto_cs.c:97
GNUNET_CRYPTO_rsa_private_key_free
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition crypto_rsa.c:173
GNUNET_CRYPTO_cs_r_derive
void GNUNET_CRYPTO_cs_r_derive(const struct GNUNET_CRYPTO_CsSessionNonce *nonce, const char *seed, const struct GNUNET_CRYPTO_CsPrivateKey *lts, struct GNUNET_CRYPTO_CsRSecret r[2])
Derive a new secret r pair r0 and r1.
Definition crypto_cs.c:79
GNUNET_CRYPTO_rsa_public_key_decode
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format.
Definition crypto_rsa.c:423
GNUNET_CRYPTO_cs_unblind
void GNUNET_CRYPTO_cs_unblind(const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, const struct GNUNET_CRYPTO_CsBlindingSecret *bs, struct GNUNET_CRYPTO_CsS *signature_scalar)
Unblind a blind-signed signature using a c that was blinded.
Definition crypto_cs.c:313
GNUNET_CRYPTO_rsa_blinded_message_free
void GNUNET_CRYPTO_rsa_blinded_message_free(struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Free memory occupied by blinded message.
Definition crypto_rsa.c:799
GNUNET_CRYPTO_rsa_private_key_decode
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
Definition crypto_rsa.c:204
GNUNET_CRYPTO_rsa_public_key_free
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition crypto_rsa.c:268
GNUNET_CRYPTO_cs_calc_blinded_c
void GNUNET_CRYPTO_cs_calc_blinded_c(const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], const struct GNUNET_CRYPTO_CsRPublic r_pub[2], const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len, struct GNUNET_CRYPTO_CsC blinded_c[2], struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind)
Calculate two blinded c's.
Definition crypto_cs.c:237
GNUNET_CRYPTO_rsa_public_key_encode
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition crypto_rsa.c:325
GNUNET_memcmp
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
Definition gnunet_common.h:1250
GNUNET_CRYPTO_rsa_signature_encode
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition crypto_rsa.c:1023
GNUNET_CRYPTO_kdf_arg
#define GNUNET_CRYPTO_kdf_arg(d, s)
Definition gnunet_crypto_lib.h:1376
GNUNET_CRYPTO_rsa_sign_blinded
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Sign a blinded value, which must be a full domain hash of a message.
Definition crypto_rsa.c:970
GNUNET_CRYPTO_cs_verify
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify(const struct GNUNET_CRYPTO_CsSignature *sig, const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len)
Verify whether the given message corresponds to the given signature and the signature is valid with r...
Definition crypto_cs.c:325
GNUNET_CRYPTO_rsa_unblind
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
Definition crypto_rsa.c:1118
GNUNET_CRYPTO_cs_sign_derive
void GNUNET_CRYPTO_cs_sign_derive(const struct GNUNET_CRYPTO_CsPrivateKey *priv, const struct GNUNET_CRYPTO_CsRSecret r[2], const struct GNUNET_CRYPTO_CsBlindedMessage *bm, struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig)
Sign a blinded c.
Definition crypto_cs.c:281
GNUNET_CRYPTO_rsa_verify
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
Definition crypto_rsa.c:1199
GNUNET_CRYPTO_cs_blinding_secrets_derive
void GNUNET_CRYPTO_cs_blinding_secrets_derive(const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
Derives new random blinding factors.
Definition crypto_cs.c:107
GNUNET_YES
@ GNUNET_YES
Definition gnunet_common.h:116
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition gnunet_common.h:112
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition gnunet_common.h:960
GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_ERROR
Definition gnunet_common.h:417
GNUNET_ERROR_TYPE_INFO
@ GNUNET_ERROR_TYPE_INFO
Definition gnunet_common.h:423
GNUNET_CRYPTO_CSPublicRPairP
Pair of Public R values for Cs denominations.
Definition gnunet_crypto_lib.h:3840
GNUNET_CRYPTO_CsBlindS
blinded s in the signature
Definition gnunet_crypto_lib.h:729
GNUNET_CRYPTO_CsBlindSignature
The Sign Answer for Clause Blind Schnorr signature.
Definition gnunet_crypto_lib.h:3874
GNUNET_CRYPTO_CsBlindedMessage
CS Parameters derived from the message during blinding to create blinded signature.
Definition gnunet_crypto_lib.h:3822
GNUNET_CRYPTO_CsBlindedMessage::c
struct GNUNET_CRYPTO_CsC c[2]
The Clause Schnorr c_0 and c_1 containing the blinded message.
Definition gnunet_crypto_lib.h:3826
GNUNET_CRYPTO_CsBlindingNonce
Nonce for computing blinding factors.
Definition gnunet_crypto_lib.h:767
GNUNET_CRYPTO_CsBlindingNonce::bnonce
unsigned char bnonce[256/8]
Definition gnunet_crypto_lib.h:769
GNUNET_CRYPTO_CsBlindingSecret
Secret used for blinding (alpha and beta).
Definition gnunet_crypto_lib.h:683
GNUNET_CRYPTO_CsC
Schnorr c to be signed.
Definition gnunet_crypto_lib.h:711
GNUNET_CRYPTO_CsPrivateKey
The private information of an Schnorr key pair.
Definition gnunet_crypto_lib.h:665
GNUNET_CRYPTO_CsPublicKey
The public information of an Schnorr key pair.
Definition gnunet_crypto_lib.h:674
GNUNET_CRYPTO_CsRPublic
the public R (derived from r) used in c
Definition gnunet_crypto_lib.h:702
GNUNET_CRYPTO_CsRSecret
the private r used in the signature
Definition gnunet_crypto_lib.h:693
GNUNET_CRYPTO_CsS
s in the signature
Definition gnunet_crypto_lib.h:720
GNUNET_CRYPTO_CsSessionNonce
Nonce for the session, picked by client, shared with the signer.
Definition gnunet_crypto_lib.h:756
GNUNET_CRYPTO_CsSessionNonce::snonce
unsigned char snonce[256/8]
Definition gnunet_crypto_lib.h:758
GNUNET_CRYPTO_CsSignature
CS Signtature containing scalar s and point R.
Definition gnunet_crypto_lib.h:738
GNUNET_CRYPTO_EcdhePrivateKey
Private ECC key encoded for transmission.
Definition gnunet_crypto_lib.h:254
GNUNET_CRYPTO_EcdhePublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Definition gnunet_crypto_lib.h:240
GNUNET_CRYPTO_EddsaPrivateKey
Private ECC key encoded for transmission.
Definition gnunet_crypto_lib.h:278
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition gnunet_crypto_lib.h:202
GNUNET_CRYPTO_EddsaSignature
an ECC signature using EdDSA.
Definition gnunet_crypto_lib.h:165
GNUNET_CRYPTO_RsaBlindedMessage
RSA Parameters to create blinded signature.
Definition gnunet_crypto_lib.h:3597
GNUNET_CRYPTO_RsaBlindingKeySecret
Constant-size pre-secret for blinding key generation.
Definition gnunet_crypto_lib.h:3398
GNUNET_CRYPTO_RsaPrivateKey
The private information of an RSA key pair.
Definition crypto_rsa.c:41
GNUNET_CRYPTO_RsaPublicKey
The public information of an RSA key pair.
Definition crypto_rsa.c:53
GNUNET_CRYPTO_RsaSignature
an RSA signature
Definition crypto_rsa.c:65
GNUNET_HashCode
A 512-bit hashcode.
Definition gnunet_common.h:287
TestSignatureDataPS
Sample signature struct.
Definition gnunet-crypto-tvg.c:65

References alpha, GNUNET_CRYPTO_CsBlindSignature::b, beta, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg_size, GNUNET_CRYPTO_CsBlindingNonce::bnonce, GNUNET_CRYPTO_CsBlindedMessage::c, ctx, data, expect_data_dynamic(), expect_data_fixed(), GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_cs_blinding_secrets_derive(), GNUNET_CRYPTO_cs_calc_blinded_c(), GNUNET_CRYPTO_cs_r_derive(), GNUNET_CRYPTO_cs_r_get_public(), GNUNET_CRYPTO_cs_sign_derive(), GNUNET_CRYPTO_cs_unblind(), GNUNET_CRYPTO_cs_verify(), GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_eddsa_sign, GNUNET_CRYPTO_eddsa_verify, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hkdf_gnunet, GNUNET_CRYPTO_kdf_arg, GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_blinded_message_free(), GNUNET_CRYPTO_rsa_private_key_decode(), GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_CRYPTO_rsa_public_key_decode(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_CRYPTO_rsa_public_key_free(), GNUNET_CRYPTO_rsa_sign_blinded(), GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_CRYPTO_rsa_signature_free(), GNUNET_CRYPTO_rsa_unblind(), GNUNET_CRYPTO_rsa_verify(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_free, GNUNET_log, GNUNET_malloc, GNUNET_memcmp, GNUNET_NO, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_TEST, GNUNET_SYSERR, GNUNET_YES, ikm, pkey, pub, GNUNET_CRYPTO_CsSignature::r_point, GNUNET_CRYPTO_CSPublicRPairP::r_pub, GNUNET_CRYPTO_CsSignature::s_scalar, GNUNET_CRYPTO_CsBlindSignature::s_scalar, salt, and GNUNET_CRYPTO_CsSessionNonce::snonce.

Referenced by check_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_vectors()

static int check_vectors ( )
static

Check test vectors from stdin.

Returns
global exit code

Definition at line 997 of file gnunet-crypto-tvg.c.

998{
999 json_error_t err;
1000 json_t *vecfile = json_loadf (stdin, 0, &err);
1001 const char *encoding;
1002 json_t *vectors;
1003
1004 if (NULL == vecfile)
1005 {
1006 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
1007 return 1;
1008 }
1009 encoding = json_string_value (json_object_get (vecfile,
1010 "encoding"));
1011 if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
1012 {
1013 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
1014 json_decref (vecfile);
1015 return 1;
1016 }
1017 vectors = json_object_get (vecfile, "vectors");
1018 if (! json_is_array (vectors))
1019 {
1020 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
1021 json_decref (vecfile);
1022 return 1;
1023 }
1024 {
1025 /* array is a JSON array */
1026 size_t index;
1027 json_t *value;
1028 enum GNUNET_GenericReturnValue ret = GNUNET_OK;
1029
1030 json_array_foreach (vectors, index, value) {
1031 const char *op = json_string_value (json_object_get (value,
1032 "operation"));
1033
1034 if (NULL == op)
1035 {
1036 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1037 "missing operation\n");
1038 ret = GNUNET_SYSERR;
1039 break;
1040 }
1041 ret = checkvec (op, value);
1042 if (GNUNET_OK != ret)
1043 {
1044 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1045 "bad vector %u\n",
1046 (unsigned int) index);
1047 break;
1048 }
1049 }
1050 json_decref (vecfile);
1051 return (ret == GNUNET_OK) ? 0 : 1;
1052 }
1053}
op
static struct GNUNET_ARM_Operation * op
Current operation.
Definition gnunet-arm.c:143
ret
static int ret
Final status code.
Definition gnunet-arm.c:93
checkvec
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
Definition gnunet-crypto-tvg.c:208
value
static char * value
Value of the record to add/remove.
Definition gnunet-namestore.c:271
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition gnunet_common.h:111

References checkvec(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, op, ret, and value.

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ output_vectors()

static int output_vectors ( )
static

Output test vectors.

Returns
global exit code

Definition at line 1062 of file gnunet-crypto-tvg.c.

1063{
1064 json_t *vecfile = json_object ();
1065 json_t *vecs = json_array ();
1066
1067 json_object_set_new (vecfile,
1068 "encoding",
1069 json_string ("base32crockford"));
1070 json_object_set_new (vecfile,
1071 "producer",
1072 json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
1073 json_object_set_new (vecfile,
1074 "vectors",
1075 vecs);
1076
1077 {
1078 json_t *vec = vec_for (vecs, "hash");
1079 struct GNUNET_HashCode hc;
1080 const char *str = "Hello, GNUnet";
1081
1082 GNUNET_CRYPTO_hash (str, strlen (str), &hc);
1083
1084 d2j (vec, "input", str, strlen (str));
1085 d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
1086 }
1087 {
1088 json_t *vec = vec_for (vecs, "ecc_ecdh");
1089 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
1090 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
1091 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
1092 struct GNUNET_HashCode skm;
1093
1094 GNUNET_CRYPTO_ecdhe_key_create (&priv1);
1095 GNUNET_CRYPTO_ecdhe_key_create (&priv2);
1096 GNUNET_CRYPTO_ecdhe_key_get_public (&priv1,
1097 &pub1);
1098 GNUNET_assert (GNUNET_OK ==
1099 GNUNET_CRYPTO_ecc_ecdh (&priv2,
1100 &pub1,
1101 &skm));
1102
1103 d2j (vec,
1104 "priv1",
1105 &priv1,
1106 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1107 d2j (vec,
1108 "pub1",
1109 &pub1,
1110 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1111 d2j (vec,
1112 "priv2",
1113 &priv2,
1114 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1115 d2j (vec,
1116 "skm",
1117 &skm,
1118 sizeof (struct GNUNET_HashCode));
1119 }
1120
1121 {
1122 json_t *vec = vec_for (vecs, "eddsa_key_derivation");
1123 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1124 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1125
1126 GNUNET_CRYPTO_eddsa_key_create (&priv);
1127 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1128 &pub);
1129
1130 d2j (vec,
1131 "priv",
1132 &priv,
1133 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1134 d2j (vec,
1135 "pub",
1136 &pub,
1137 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1138 }
1139 {
1140 json_t *vec = vec_for (vecs, "eddsa_signing");
1141 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1142 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1143 struct GNUNET_CRYPTO_EddsaSignature sig;
1144 struct TestSignatureDataPS data = { 0 };
1145
1146 GNUNET_CRYPTO_eddsa_key_create (&priv);
1147 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1148 &pub);
1149 data.purpose.size = htonl (sizeof (data));
1150 data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
1151 GNUNET_CRYPTO_eddsa_sign (&priv,
1152 &data,
1153 &sig);
1154 GNUNET_assert (GNUNET_OK ==
1155 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
1156 &data,
1157 &sig,
1158 &pub));
1159
1160 d2j (vec,
1161 "priv",
1162 &priv,
1163 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1164 d2j (vec,
1165 "pub",
1166 &pub,
1167 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1168 d2j (vec,
1169 "data",
1170 &data,
1171 sizeof (struct TestSignatureDataPS));
1172 d2j (vec,
1173 "sig",
1174 &sig,
1175 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
1176 }
1177
1178 {
1179 json_t *vec = vec_for (vecs, "kdf");
1180 size_t out_len = 64;
1181 char out[out_len];
1182 const char *ikm = "I'm the secret input key material";
1183 const char *salt = "I'm very salty";
1184 const char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
1185
1186 GNUNET_assert (GNUNET_OK ==
1187 GNUNET_CRYPTO_hkdf_gnunet (
1188 &out,
1189 out_len,
1190 salt,
1191 strlen (salt),
1192 ikm,
1193 strlen (ikm),
1194 GNUNET_CRYPTO_kdf_arg_string (ctx)));
1195
1196 d2j (vec,
1197 "salt",
1198 salt,
1199 strlen (salt));
1200 d2j (vec,
1201 "ikm",
1202 ikm,
1203 strlen (ikm));
1204 d2j (vec,
1205 "ctx",
1206 ctx,
1207 strlen (ctx));
1208 uint2j (vec,
1209 "out_len",
1210 (unsigned int) out_len);
1211 d2j (vec,
1212 "out",
1213 out,
1214 out_len);
1215 }
1216 {
1217 json_t *vec = vec_for (vecs, "eddsa_ecdh");
1218 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
1219 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
1220 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
1221 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
1222 struct GNUNET_HashCode key_material;
1223
1224 GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
1225 GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
1226 GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
1227 GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
1228 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
1229
1230 d2j (vec, "priv_ecdhe",
1231 &priv_ecdhe,
1232 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1233 d2j (vec, "pub_ecdhe",
1234 &pub_ecdhe,
1235 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1236 d2j (vec, "priv_eddsa",
1237 &priv_eddsa,
1238 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1239 d2j (vec, "pub_eddsa",
1240 &pub_eddsa,
1241 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1242 d2j (vec, "key_material",
1243 &key_material,
1244 sizeof (struct GNUNET_HashCode));
1245 }
1246
1247 {
1248 json_t *vec = vec_for (vecs, "edx25519_derive");
1249 struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx;
1250 struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx;
1251 struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx;
1252 struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx;
1253 struct GNUNET_HashCode seed;
1254
1255 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1256 &seed,
1257 sizeof (struct GNUNET_HashCode));
1258 GNUNET_CRYPTO_edx25519_key_create (&priv1_edx);
1259 GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx);
1260 GNUNET_CRYPTO_edx25519_private_key_derive (&priv1_edx,
1261 &seed,
1262 sizeof (seed),
1263 &priv2_edx);
1264 GNUNET_CRYPTO_edx25519_public_key_derive (&pub1_edx,
1265 &seed,
1266 sizeof (seed),
1267 &pub2_edx);
1268
1269 d2j (vec, "priv1_edx",
1270 &priv1_edx,
1271 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1272 d2j (vec, "pub1_edx",
1273 &pub1_edx,
1274 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1275 d2j (vec, "seed",
1276 &seed,
1277 sizeof (struct GNUNET_HashCode));
1278 d2j (vec, "priv2_edx",
1279 &priv2_edx,
1280 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1281 d2j (vec, "pub2_edx",
1282 &pub2_edx,
1283 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1284 }
1285
1286 {
1287 json_t *vec = vec_for (vecs, "rsa_blind_signing");
1288
1289 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
1290 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
1291 struct GNUNET_HashCode message_hash;
1292 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
1293 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
1294 struct GNUNET_CRYPTO_RsaSignature *sig;
1295 struct GNUNET_CRYPTO_RsaBlindedMessage bm;
1296 void *public_enc_data;
1297 size_t public_enc_len;
1298 void *secret_enc_data;
1299 size_t secret_enc_len;
1300 void *blinded_sig_enc_data;
1301 size_t blinded_sig_enc_length;
1302 void *sig_enc_data;
1303 size_t sig_enc_length;
1304
1305 skey = GNUNET_CRYPTO_rsa_private_key_create (2048);
1306 pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey);
1307 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1308 &message_hash,
1309 sizeof (struct GNUNET_HashCode));
1310 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1311 &bks,
1312 sizeof (struct
1313 GNUNET_CRYPTO_RsaBlindingKeySecret));
1314 GNUNET_assert (GNUNET_YES ==
1315 GNUNET_CRYPTO_rsa_blind (&message_hash,
1316 sizeof (message_hash),
1317 &bks,
1318 pkey,
1319 &bm));
1320 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
1321 &bm);
1322 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
1323 &bks,
1324 pkey);
1325 GNUNET_assert (GNUNET_YES ==
1326 GNUNET_CRYPTO_rsa_verify (&message_hash,
1327 sizeof (message_hash),
1328 sig,
1329 pkey));
1330 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
1331 &public_enc_data);
1332 secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
1333 &secret_enc_data);
1334 blinded_sig_enc_length
1335 = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
1336 &blinded_sig_enc_data);
1337 sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig,
1338 &sig_enc_data);
1339 d2j (vec,
1340 "message_hash",
1341 &message_hash,
1342 sizeof (struct GNUNET_HashCode));
1343 d2j (vec,
1344 "rsa_public_key",
1345 public_enc_data,
1346 public_enc_len);
1347 d2j (vec,
1348 "rsa_private_key",
1349 secret_enc_data,
1350 secret_enc_len);
1351 d2j (vec,
1352 "blinding_key_secret",
1353 &bks,
1354 sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
1355 d2j (vec,
1356 "blinded_message",
1357 bm.blinded_msg,
1358 bm.blinded_msg_size);
1359 d2j (vec,
1360 "blinded_sig",
1361 blinded_sig_enc_data,
1362 blinded_sig_enc_length);
1363 d2j (vec,
1364 "sig",
1365 sig_enc_data,
1366 sig_enc_length);
1367 GNUNET_CRYPTO_rsa_private_key_free (skey);
1368 GNUNET_CRYPTO_rsa_public_key_free (pkey);
1369 GNUNET_CRYPTO_rsa_signature_free (sig);
1370 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
1371 GNUNET_free (public_enc_data);
1372 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
1373 GNUNET_free (sig_enc_data);
1374 GNUNET_free (blinded_sig_enc_data);
1375 GNUNET_free (secret_enc_data);
1376 }
1377
1378 {
1379 json_t *vec = vec_for (vecs, "cs_blind_signing");
1380
1381 struct GNUNET_CRYPTO_CsPrivateKey priv;
1382 struct GNUNET_CRYPTO_CsPublicKey pub;
1383 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
1384 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
1385 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
1386 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
1387 struct GNUNET_CRYPTO_CsC c[2];
1388 struct GNUNET_CRYPTO_CsS signature_scalar;
1389 struct GNUNET_CRYPTO_CsBlindSignature blinded_s;
1390 struct GNUNET_CRYPTO_CsSignature sig;
1391 struct GNUNET_CRYPTO_CsSessionNonce snonce;
1392 struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
1393 struct GNUNET_HashCode message_hash;
1394
1395 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1396 &message_hash,
1397 sizeof (struct GNUNET_HashCode));
1398
1399 GNUNET_CRYPTO_cs_private_key_generate (&priv);
1400 GNUNET_CRYPTO_cs_private_key_get_public (&priv,
1401 &pub);
1402 GNUNET_assert (GNUNET_YES ==
1403 GNUNET_CRYPTO_hkdf_gnunet (
1404 &snonce,
1405 sizeof(snonce),
1406 "nonce",
1407 strlen ("nonce"),
1408 "nonce_secret",
1409 strlen ("nonce_secret")));
1410 /* NOTE: historically, we made the bad choice of
1411 making both nonces the same. Maybe barely OK
1412 for the TGV, not good for production! */
1413 memcpy (&bnonce,
1414 &snonce,
1415 sizeof (snonce));
1416 GNUNET_CRYPTO_cs_r_derive (&snonce,
1417 "rw",
1418 &priv,
1419 r_priv);
1420 GNUNET_CRYPTO_cs_r_get_public (&r_priv[0],
1421 &r_pub[0]);
1422 GNUNET_CRYPTO_cs_r_get_public (&r_priv[1],
1423 &r_pub[1]);
1424 GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce,
1425 bs);
1426 GNUNET_CRYPTO_cs_calc_blinded_c (bs,
1427 r_pub,
1428 &pub,
1429 &message_hash,
1430 sizeof(message_hash),
1431 c,
1432 &r_pub_blind);
1433 {
1434 struct GNUNET_CRYPTO_CsBlindedMessage bm = {
1435 .c[0] = c[0],
1436 .c[1] = c[1],
1437 .nonce = snonce
1438 };
1439
1440 GNUNET_CRYPTO_cs_sign_derive (&priv,
1441 r_priv,
1442 &bm,
1443 &blinded_s);
1444 }
1445 GNUNET_CRYPTO_cs_unblind (&blinded_s.s_scalar,
1446 &bs[blinded_s.b],
1447 &signature_scalar);
1448 sig.r_point = r_pub_blind.r_pub[blinded_s.b];
1449 sig.s_scalar = signature_scalar;
1450 if (GNUNET_OK !=
1451 GNUNET_CRYPTO_cs_verify (&sig,
1452 &pub,
1453 &message_hash,
1454 sizeof(message_hash)))
1455 {
1456 GNUNET_break (0);
1457 return GNUNET_SYSERR;
1458 }
1459 d2j (vec,
1460 "message_hash",
1461 &message_hash,
1462 sizeof (struct GNUNET_HashCode));
1463 d2j (vec,
1464 "cs_public_key",
1465 &pub,
1466 sizeof(pub));
1467 d2j (vec,
1468 "cs_private_key",
1469 &priv,
1470 sizeof(priv));
1471 d2j (vec,
1472 "cs_nonce",
1473 &snonce,
1474 sizeof(snonce));
1475 d2j (vec,
1476 "cs_r_priv_0",
1477 &r_priv[0],
1478 sizeof(r_priv[0]));
1479 d2j (vec,
1480 "cs_r_priv_1",
1481 &r_priv[1],
1482 sizeof(r_priv[1]));
1483 d2j (vec,
1484 "cs_r_pub_0",
1485 &r_pub[0],
1486 sizeof(r_pub[0]));
1487 d2j (vec,
1488 "cs_r_pub_1",
1489 &r_pub[1],
1490 sizeof(r_pub[1]));
1491 d2j (vec,
1492 "cs_bs_alpha_0",
1493 &bs[0].alpha,
1494 sizeof(bs[0].alpha));
1495 d2j (vec,
1496 "cs_bs_alpha_1",
1497 &bs[1].alpha,
1498 sizeof(bs[1].alpha));
1499 d2j (vec,
1500 "cs_bs_beta_0",
1501 &bs[0].beta,
1502 sizeof(bs[0].beta));
1503 d2j (vec,
1504 "cs_bs_beta_1",
1505 &bs[1].beta,
1506 sizeof(bs[1].beta));
1507 d2j (vec,
1508 "cs_r_pub_blind_0",
1509 &r_pub_blind.r_pub[0],
1510 sizeof(r_pub_blind.r_pub[0]));
1511 d2j (vec,
1512 "cs_r_pub_blind_1",
1513 &r_pub_blind.r_pub[1],
1514 sizeof(r_pub_blind.r_pub[1]));
1515 d2j (vec,
1516 "cs_c_0",
1517 &c[0],
1518 sizeof(c[0]));
1519 d2j (vec,
1520 "cs_c_1",
1521 &c[1],
1522 sizeof(c[1]));
1523 d2j (vec,
1524 "cs_blind_s",
1525 &blinded_s,
1526 sizeof(blinded_s));
1527 d2j (vec,
1528 "cs_b",
1529 &blinded_s.b,
1530 sizeof(blinded_s.b));
1531 d2j (vec,
1532 "cs_sig_s",
1533 &signature_scalar,
1534 sizeof(signature_scalar));
1535 d2j (vec,
1536 "cs_sig_R",
1537 &r_pub_blind.r_pub[blinded_s.b],
1538 sizeof(r_pub_blind.r_pub[blinded_s.b]));
1539 }
1540
1541 json_dumpf (vecfile, stdout, JSON_INDENT (2));
1542 json_decref (vecfile);
1543 printf ("\n");
1544
1545 return 0;
1546}
vec_for
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
Definition gnunet-crypto-tvg.c:93
uint2j
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
Definition gnunet-crypto-tvg.c:141
d2j
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
Definition gnunet-crypto-tvg.c:115
seed
static uint8_t seed
Definition gnunet-elligator-tvg.c:32
GNUNET_CRYPTO_ecdhe_key_create
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition crypto_ecc.c:454
GNUNET_CRYPTO_edx25519_key_get_public
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
Definition crypto_edx25519.c:79
GNUNET_CRYPTO_edx25519_private_key_derive
void GNUNET_CRYPTO_edx25519_private_key_derive(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
Derive a private scalar from a given private key and a label.
Definition crypto_edx25519.c:244
GNUNET_CRYPTO_edx25519_public_key_derive
void GNUNET_CRYPTO_edx25519_public_key_derive(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
Derive a public key from a given public key and a label.
Definition crypto_edx25519.c:338
GNUNET_CRYPTO_random_block
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Definition crypto_random.c:133
GNUNET_CRYPTO_eddsa_key_create
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition crypto_ecc.c:480
GNUNET_CRYPTO_edx25519_key_create
void GNUNET_CRYPTO_edx25519_key_create(struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key.
Definition crypto_edx25519.c:65
GNUNET_CRYPTO_ecdhe_key_get_public
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition crypto_ecc.c:217
GNUNET_CRYPTO_QUALITY_WEAK
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
Definition gnunet_crypto_lib.h:92
GNUNET_CRYPTO_rsa_private_key_create
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
Definition crypto_rsa.c:144
GNUNET_CRYPTO_kdf_arg_string
#define GNUNET_CRYPTO_kdf_arg_string(d)
Definition gnunet_crypto_lib.h:1360
GNUNET_CRYPTO_cs_private_key_get_public
void GNUNET_CRYPTO_cs_private_key_get_public(const struct GNUNET_CRYPTO_CsPrivateKey *priv, struct GNUNET_CRYPTO_CsPublicKey *pub)
Extract the public key of the given private key.
Definition crypto_cs.c:52
GNUNET_CRYPTO_rsa_private_key_get_public
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition crypto_rsa.c:233
GNUNET_CRYPTO_cs_private_key_generate
void GNUNET_CRYPTO_cs_private_key_generate(struct GNUNET_CRYPTO_CsPrivateKey *priv)
Create a new random private key.
Definition crypto_cs.c:45
GNUNET_CRYPTO_rsa_private_key_encode
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition crypto_rsa.c:181
GNUNET_CRYPTO_Edx25519PrivateKey
Private ECC key material encoded for transmission.
Definition gnunet_crypto_lib.h:304
GNUNET_CRYPTO_Edx25519PublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition gnunet_crypto_lib.h:326
str
const char * str
Definition time.c:1252

References alpha, GNUNET_CRYPTO_CsBlindSignature::b, beta, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg, GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg_size, GNUNET_CRYPTO_CsBlindingNonce::bnonce, GNUNET_CRYPTO_CsBlindedMessage::c, ctx, d2j(), data, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_cs_blinding_secrets_derive(), GNUNET_CRYPTO_cs_calc_blinded_c(), GNUNET_CRYPTO_cs_private_key_generate(), GNUNET_CRYPTO_cs_private_key_get_public(), GNUNET_CRYPTO_cs_r_derive(), GNUNET_CRYPTO_cs_r_get_public(), GNUNET_CRYPTO_cs_sign_derive(), GNUNET_CRYPTO_cs_unblind(), GNUNET_CRYPTO_cs_verify(), GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_eddsa_sign, GNUNET_CRYPTO_eddsa_verify, GNUNET_CRYPTO_edx25519_key_create(), GNUNET_CRYPTO_edx25519_key_get_public(), GNUNET_CRYPTO_edx25519_private_key_derive(), GNUNET_CRYPTO_edx25519_public_key_derive(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hkdf_gnunet, GNUNET_CRYPTO_kdf_arg_string, GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_block(), GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_blinded_message_free(), GNUNET_CRYPTO_rsa_private_key_create(), GNUNET_CRYPTO_rsa_private_key_encode(), GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_CRYPTO_rsa_public_key_free(), GNUNET_CRYPTO_rsa_sign_blinded(), GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_CRYPTO_rsa_signature_free(), GNUNET_CRYPTO_rsa_unblind(), GNUNET_CRYPTO_rsa_verify(), GNUNET_free, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_TEST, GNUNET_SYSERR, GNUNET_YES, ikm, pkey, pub, GNUNET_CRYPTO_CsSignature::r_point, GNUNET_CRYPTO_CSPublicRPairP::r_pub, GNUNET_CRYPTO_CsSignature::s_scalar, GNUNET_CRYPTO_CsBlindSignature::s_scalar, salt, seed, GNUNET_CRYPTO_CsSessionNonce::snonce, str, uint2j(), and vec_for().

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ run()

static void run ( void *  cls,
char *const *  args,
const char *  cfgfile,
const struct GNUNET_CONFIGURATION_Handle cfg 
)
static

Main function that will be run.

Parameters
clsclosure
argsremaining command-line arguments
cfgfilename of the configuration file used (for saving, can be NULL!)
cfgconfiguration

Definition at line 1558 of file gnunet-crypto-tvg.c.

1562{
1563 if (GNUNET_YES == verify_flag)
1564 global_ret = check_vectors ();
1565 else
1566 global_ret = output_vectors ();
1567}
verify_flag
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
Definition gnunet-crypto-tvg.c:76
global_ret
static int global_ret
Global exit code.
Definition gnunet-crypto-tvg.c:82
check_vectors
static int check_vectors()
Check test vectors from stdin.
Definition gnunet-crypto-tvg.c:997
output_vectors
static int output_vectors()
Output test vectors.
Definition gnunet-crypto-tvg.c:1062

References check_vectors(), global_ret, GNUNET_YES, output_vectors(), and verify_flag.

Referenced by main().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ main()

int main ( int  argc,
char *const *  argv 
)

The main function of the test vector generation tool.

Parameters
argcnumber of arguments from the command line
argvcommand line arguments
Returns
0 ok, 1 on error

Definition at line 1578 of file gnunet-crypto-tvg.c.

1580{
1581 const struct GNUNET_GETOPT_CommandLineOption options[] = {
1582 GNUNET_GETOPT_option_flag ('V',
1583 "verify",
1584 gettext_noop (
1585 "verify a test vector from stdin"),
1586 &verify_flag),
1587 GNUNET_GETOPT_OPTION_END
1588 };
1589
1590 GNUNET_assert (GNUNET_OK ==
1591 GNUNET_log_setup ("gnunet-crypto-tvg",
1592 "INFO",
1593 NULL));
1594 if (GNUNET_OK !=
1595 GNUNET_PROGRAM_run (GNUNET_OS_project_data_gnunet (),
1596 argc, argv,
1597 "gnunet-crypto-tvg",
1598 "Generate test vectors for cryptographic operations",
1599 options,
1600 &run, NULL))
1601 return 1;
1602 return global_ret;
1603}
options
struct GNUNET_GETOPT_CommandLineOption options[]
Definition 002.c:5
gettext_noop
#define gettext_noop(String)
Definition gettext.h:74
run
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
Definition gnunet-crypto-tvg.c:1558
GNUNET_GETOPT_OPTION_END
#define GNUNET_GETOPT_OPTION_END
Marker for the end of the list of options.
Definition gnunet_getopt_lib.h:476
GNUNET_GETOPT_option_flag
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
Definition getopt_helpers.c:313
GNUNET_log_setup
enum GNUNET_GenericReturnValue GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
Definition common_logging.c:729
GNUNET_OS_project_data_gnunet
const struct GNUNET_OS_ProjectData * GNUNET_OS_project_data_gnunet(void)
Return default project data used by 'libgnunetutil' for GNUnet.
Definition os_installation.c:82
GNUNET_PROGRAM_run
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(const struct GNUNET_OS_ProjectData *pd, int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
Definition program.c:407
GNUNET_GETOPT_CommandLineOption
Definition of a command line option.
Definition gnunet_getopt_lib.h:110

References gettext_noop, global_ret, GNUNET_assert, GNUNET_GETOPT_OPTION_END, GNUNET_GETOPT_option_flag(), GNUNET_log_setup(), GNUNET_OK, GNUNET_OS_project_data_gnunet(), GNUNET_PROGRAM_run(), options, run(), and verify_flag.

Here is the call graph for this function:

Variable Documentation

◆ verify_flag

GNUNET_NETWORK_STRUCT_END int verify_flag = GNUNET_NO
static

Should we verify or output test vectors?

Definition at line 76 of file gnunet-crypto-tvg.c.

Referenced by main(), and run().

◆ global_ret

int global_ret = 0
static

Global exit code.

Definition at line 82 of file gnunet-crypto-tvg.c.

Referenced by main(), and run().