GNUnet  0.17.6
Data Structures | Functions | Variables
gnunet-crypto-tvg.c File Reference
#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_signatures.h"
#include "gnunet_testing_lib.h"
#include <jansson.h>
#include <gcrypt.h>
Include dependency graph for gnunet-crypto-tvg.c:

Go to the source code of this file.

Data Structures

struct  TestSignatureDataPS
 Sample signature struct. More...
 

Functions

static json_t * vec_for (json_t *vecs, const char *vecname)
 Create a fresh test vector for a given operation label. More...
 
static void d2j (json_t *vec, const char *label, const void *data, size_t size)
 Add a base32crockford encoded value to a test vector. More...
 
static void uint2j (json_t *vec, const char *label, unsigned int num)
 Add a number to a test vector. More...
 
static int expect_data_fixed (json_t *vec, const char *name, void *data, size_t expect_len)
 
static int expect_data_dynamic (json_t *vec, const char *name, void **data, size_t *ret_len)
 
static int checkvec (const char *operation, json_t *vec)
 Check a single vector. More...
 
static int check_vectors ()
 Check test vectors from stdin. More...
 
static int output_vectors ()
 Output test vectors. More...
 
static void run (void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
 Main function that will be run. More...
 
int main (int argc, char *const *argv)
 The main function of the test vector generation tool. More...
 

Variables

static GNUNET_NETWORK_STRUCT_END int verify_flag = GNUNET_NO
 Should we verify or output test vectors? More...
 
static int global_ret = 0
 Global exit code. More...
 

Function Documentation

◆ vec_for()

static json_t* vec_for ( json_t *  vecs,
const char *  vecname 
)
static

Create a fresh test vector for a given operation label.

Parameters
vecsarray of vectors to append the new vector to
vecnamelabel for the operation of the vector
Returns
the fresh test vector

Definition at line 93 of file gnunet-crypto-tvg.c.

94 {
95  json_t *t = json_object ();
96 
97  json_object_set_new (t,
98  "operation",
99  json_string (vecname));
100  json_array_append_new (vecs, t);
101  return t;
102 }
static struct GNUNET_SCHEDULER_Task * t
Main task.

References t.

Referenced by output_vectors().

Here is the caller graph for this function:

◆ d2j()

static void d2j ( json_t *  vec,
const char *  label,
const void *  data,
size_t  size 
)
static

Add a base32crockford encoded value to a test vector.

Parameters
vectest vector to add to
labellabel for the value
datadata to add
sizesize of data

Definition at line 115 of file gnunet-crypto-tvg.c.

119 {
120  char *buf;
121  json_t *json;
122 
124  json = json_string (buf);
125  GNUNET_free (buf);
126  GNUNET_break (NULL != json);
127 
128  json_object_set_new (vec, label, json);
129 }
uint32_t data
The data value.
static char buf[2048]
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
#define GNUNET_free(ptr)
Wrapper around free.
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:764
static unsigned int size
Size of the "table".
Definition: peer.c:67

References buf, data, GNUNET_break, GNUNET_free, GNUNET_STRINGS_data_to_string_alloc(), and size.

Referenced by output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ uint2j()

static void uint2j ( json_t *  vec,
const char *  label,
unsigned int  num 
)
static

Add a number to a test vector.

Parameters
vectest vector to add to
labellabel for the value
datadata to add
sizesize of data

Definition at line 141 of file gnunet-crypto-tvg.c.

144 {
145  json_t *json = json_integer (num);
146 
147  json_object_set_new (vec, label, json);
148 }

Referenced by output_vectors().

Here is the caller graph for this function:

◆ expect_data_fixed()

static int expect_data_fixed ( json_t *  vec,
const char *  name,
void *  data,
size_t  expect_len 
)
static

Definition at line 152 of file gnunet-crypto-tvg.c.

156 {
157  const char *s = json_string_value (json_object_get (vec, name));
158 
159  if (NULL == s)
160  return GNUNET_NO;
161 
163  strlen (s),
164  data,
165  expect_len))
166  return GNUNET_NO;
167  return GNUNET_OK;
168 }
@ GNUNET_OK
Definition: gnunet_common.h:99
@ GNUNET_NO
Definition: gnunet_common.h:98
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:789
const char * name

References data, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_string_to_data(), and name.

Referenced by checkvec().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ expect_data_dynamic()

static int expect_data_dynamic ( json_t *  vec,
const char *  name,
void **  data,
size_t *  ret_len 
)
static

Definition at line 172 of file gnunet-crypto-tvg.c.

176 {
177  const char *s = json_string_value (json_object_get (vec, name));
178  char *tmp;
179  size_t len;
180 
181  if (NULL == s)
182  return GNUNET_NO;
183 
184  len = (strlen (s) * 5) / 8;
185  if (NULL != ret_len)
186  *ret_len = len;
187  tmp = GNUNET_malloc (len);
188 
189  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len))
190  {
191  GNUNET_free (tmp);
192  return GNUNET_NO;
193  }
194  *data = tmp;
195  return GNUNET_OK;
196 }
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
#define GNUNET_malloc(size)
Wrapper around malloc.

References data, GNUNET_free, GNUNET_malloc, GNUNET_NO, GNUNET_OK, GNUNET_STRINGS_string_to_data(), len, and name.

Referenced by checkvec().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ checkvec()

static int checkvec ( const char *  operation,
json_t *  vec 
)
static

Check a single vector.

Parameters
operationoperator of the vector
vecthe vector, a JSON object.
Returns
GNUNET_OK if the vector is okay

Definition at line 208 of file gnunet-crypto-tvg.c.

210 {
212  "checking %s\n", operation);
213 
214  if (0 == strcmp (operation, "hash"))
215  {
216  void *data;
217  size_t data_len;
218  struct GNUNET_HashCode hash_out;
219  struct GNUNET_HashCode hc;
220 
221  if (GNUNET_OK != expect_data_dynamic (vec,
222  "input",
223  &data,
224  &data_len))
225  {
226  GNUNET_break (0);
227  return GNUNET_SYSERR;
228  }
229  if (GNUNET_OK != expect_data_fixed (vec,
230  "output",
231  &hash_out,
232  sizeof (hash_out)))
233  {
234  GNUNET_free (data);
235  GNUNET_break (0);
236  return GNUNET_NO;
237  }
238 
239  GNUNET_CRYPTO_hash (data, data_len, &hc);
240 
241  if (0 != GNUNET_memcmp (&hc, &hash_out))
242  {
243  GNUNET_free (data);
244  GNUNET_break (0);
245  return GNUNET_NO;
246  }
247  GNUNET_free (data);
248  }
249  else if (0 == strcmp (operation, "ecc_ecdh"))
250  {
251  struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
252  struct GNUNET_CRYPTO_EcdhePublicKey pub1;
253  struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
254  struct GNUNET_HashCode skm;
255  struct GNUNET_HashCode skm_comp;
256 
257  if (GNUNET_OK != expect_data_fixed (vec,
258  "priv1",
259  &priv1,
260  sizeof (priv1)))
261  {
262  GNUNET_break (0);
263  return GNUNET_NO;
264  }
265  if (GNUNET_OK != expect_data_fixed (vec,
266  "priv2",
267  &priv2,
268  sizeof (priv2)))
269  {
270  GNUNET_break (0);
271  return GNUNET_NO;
272  }
273  if (GNUNET_OK != expect_data_fixed (vec,
274  "pub1",
275  &pub1,
276  sizeof (pub1)))
277  {
278  GNUNET_break (0);
279  return GNUNET_NO;
280  }
281  if (GNUNET_OK != expect_data_fixed (vec,
282  "skm",
283  &skm,
284  sizeof (skm)))
285  {
286  GNUNET_break (0);
287  return GNUNET_NO;
288  }
290  GNUNET_CRYPTO_ecc_ecdh (&priv2,
291  &pub1,
292  &skm_comp));
293  if (0 != GNUNET_memcmp (&skm, &skm_comp))
294  {
295  GNUNET_break (0);
296  return GNUNET_NO;
297  }
298  }
299  else if (0 == strcmp (operation, "eddsa_key_derivation"))
300  {
301  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
303  struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
304 
305  if (GNUNET_OK != expect_data_fixed (vec,
306  "priv",
307  &priv,
308  sizeof (priv)))
309  {
310  GNUNET_break (0);
311  return GNUNET_NO;
312  }
313 
314  if (GNUNET_OK != expect_data_fixed (vec,
315  "pub",
316  &pub,
317  sizeof (pub)))
318  {
319  GNUNET_break (0);
320  return GNUNET_NO;
321  }
322 
324  &pub_comp);
325  if (0 != GNUNET_memcmp (&pub, &pub_comp))
326  {
327  GNUNET_break (0);
328  return GNUNET_NO;
329  }
330 
331  }
332  else if (0 == strcmp (operation, "eddsa_signing"))
333  {
334  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
336  struct TestSignatureDataPS data = { 0 };
337  struct GNUNET_CRYPTO_EddsaSignature sig;
338  struct GNUNET_CRYPTO_EddsaSignature sig_comp;
339 
340  if (GNUNET_OK != expect_data_fixed (vec,
341  "priv",
342  &priv,
343  sizeof (priv)))
344  {
345  GNUNET_break (0);
346  return GNUNET_NO;
347  }
348 
349  if (GNUNET_OK != expect_data_fixed (vec,
350  "pub",
351  &pub,
352  sizeof (pub)))
353  {
354  GNUNET_break (0);
355  return GNUNET_NO;
356  }
357 
358  if (GNUNET_OK != expect_data_fixed (vec,
359  "data",
360  &data,
361  sizeof (data)))
362  {
363  GNUNET_break (0);
364  return GNUNET_NO;
365  }
366 
367  if (GNUNET_OK != expect_data_fixed (vec,
368  "sig",
369  &sig,
370  sizeof (sig)))
371  {
372  GNUNET_break (0);
373  return GNUNET_NO;
374  }
375 
377  &data,
378  &sig_comp);
381  &data,
382  &sig,
383  &pub));
384  if (0 != GNUNET_memcmp (&sig, &sig_comp))
385  {
386  GNUNET_break (0);
387  return GNUNET_NO;
388  }
389  }
390  else if (0 == strcmp (operation, "kdf"))
391  {
392  size_t out_len;
393  void *out;
394  size_t out_len_comp;
395  void *out_comp;
396  void *ikm;
397  size_t ikm_len;
398  void *salt;
399  size_t salt_len;
400  void *ctx;
401  size_t ctx_len;
402 
403  if (GNUNET_OK != expect_data_dynamic (vec,
404  "out",
405  &out,
406  &out_len))
407  {
408  GNUNET_break (0);
409  return GNUNET_SYSERR;
410  }
411 
412  out_len_comp = out_len;
413  out_comp = GNUNET_malloc (out_len_comp);
414 
415  if (GNUNET_OK != expect_data_dynamic (vec,
416  "ikm",
417  &ikm,
418  &ikm_len))
419  {
420  GNUNET_free (out);
421  GNUNET_free (out_comp);
422  GNUNET_break (0);
423  return GNUNET_SYSERR;
424  }
425 
426  if (GNUNET_OK != expect_data_dynamic (vec,
427  "salt",
428  &salt,
429  &salt_len))
430  {
431  GNUNET_free (out);
432  GNUNET_free (out_comp);
433  GNUNET_free (ikm);
434  GNUNET_break (0);
435  return GNUNET_SYSERR;
436  }
437 
438  if (GNUNET_OK != expect_data_dynamic (vec,
439  "ctx",
440  &ctx,
441  &ctx_len))
442  {
443  GNUNET_free (out);
444  GNUNET_free (out_comp);
445  GNUNET_free (ikm);
446  GNUNET_free (salt);
447  GNUNET_break (0);
448  return GNUNET_SYSERR;
449  }
450 
452  GNUNET_CRYPTO_kdf (out_comp,
453  out_len_comp,
454  salt,
455  salt_len,
456  ikm,
457  ikm_len,
458  ctx,
459  ctx_len,
460  NULL));
461 
462  if (0 != memcmp (out, out_comp, out_len))
463  {
464  GNUNET_free (out);
465  GNUNET_free (out_comp);
466  GNUNET_free (ikm);
467  GNUNET_free (salt);
468  GNUNET_free (ctx);
469  GNUNET_break (0);
470  return GNUNET_NO;
471  }
472  GNUNET_free (out);
473  GNUNET_free (out_comp);
474  GNUNET_free (ikm);
475  GNUNET_free (salt);
476  GNUNET_free (ctx);
477  }
478  else if (0 == strcmp (operation, "eddsa_ecdh"))
479  {
480  struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
481  struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
482  struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
483  struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
484  struct GNUNET_HashCode key_material;
485  struct GNUNET_HashCode key_material_comp;
486 
487  if (GNUNET_OK != expect_data_fixed (vec,
488  "priv_ecdhe",
489  &priv_ecdhe,
490  sizeof (priv_ecdhe)))
491  {
492  GNUNET_break (0);
493  return GNUNET_NO;
494  }
495 
496  if (GNUNET_OK != expect_data_fixed (vec,
497  "pub_ecdhe",
498  &pub_ecdhe,
499  sizeof (pub_ecdhe)))
500  {
501  GNUNET_break (0);
502  return GNUNET_NO;
503  }
504 
505  if (GNUNET_OK != expect_data_fixed (vec,
506  "priv_eddsa",
507  &priv_eddsa,
508  sizeof (priv_eddsa)))
509  {
510  GNUNET_break (0);
511  return GNUNET_NO;
512  }
513 
514  if (GNUNET_OK != expect_data_fixed (vec,
515  "pub_eddsa",
516  &pub_eddsa,
517  sizeof (pub_eddsa)))
518  {
519  GNUNET_break (0);
520  return GNUNET_NO;
521  }
522 
523  if (GNUNET_OK != expect_data_fixed (vec,
524  "key_material",
525  &key_material,
526  sizeof (key_material)))
527  {
528  GNUNET_break (0);
529  return GNUNET_NO;
530  }
531 
532  GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material_comp);
533 
534  if (0 != GNUNET_memcmp (&key_material, &key_material_comp))
535  {
536  GNUNET_break (0);
537  return GNUNET_NO;
538  }
539  }
540  else if (0 == strcmp (operation, "rsa_blind_signing"))
541  {
542  struct GNUNET_CRYPTO_RsaPrivateKey *skey;
544  struct GNUNET_HashCode message_hash;
546  struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
547  struct GNUNET_CRYPTO_RsaSignature *sig;
548  void *blinded_data;
549  size_t blinded_len;
550  void *blinded_data_comp;
551  size_t blinded_len_comp;
552  void *public_enc_data;
553  size_t public_enc_len;
554  void *secret_enc_data;
555  size_t secret_enc_len;
556  void *sig_enc_data;
557  size_t sig_enc_length;
558  void *sig_enc_data_comp;
559  size_t sig_enc_length_comp;
560 
561  if (GNUNET_OK != expect_data_fixed (vec,
562  "message_hash",
563  &message_hash,
564  sizeof (message_hash)))
565  {
566  GNUNET_break (0);
567  return GNUNET_SYSERR;
568  }
569 
570  if (GNUNET_OK != expect_data_fixed (vec,
571  "blinding_key_secret",
572  &bks,
573  sizeof (bks)))
574  {
575  GNUNET_break (0);
576  return GNUNET_SYSERR;
577  }
578 
579  if (GNUNET_OK != expect_data_dynamic (vec,
580  "blinded_message",
581  &blinded_data,
582  &blinded_len))
583  {
584  GNUNET_break (0);
585  return GNUNET_SYSERR;
586  }
587 
588  if (GNUNET_OK != expect_data_dynamic (vec,
589  "rsa_public_key",
590  &public_enc_data,
591  &public_enc_len))
592  {
593  GNUNET_free (blinded_data);
594  GNUNET_break (0);
595  return GNUNET_SYSERR;
596  }
597 
598  if (GNUNET_OK != expect_data_dynamic (vec,
599  "rsa_private_key",
600  &secret_enc_data,
601  &secret_enc_len))
602  {
603  GNUNET_free (blinded_data);
604  GNUNET_free (public_enc_data);
605  GNUNET_break (0);
606  return GNUNET_SYSERR;
607  }
608 
609  if (GNUNET_OK != expect_data_dynamic (vec,
610  "sig",
611  &sig_enc_data,
612  &sig_enc_length))
613  {
614  GNUNET_free (blinded_data);
615  GNUNET_free (public_enc_data);
616  GNUNET_free (secret_enc_data);
617  GNUNET_break (0);
618  return GNUNET_SYSERR;
619  }
620 
621  pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
622  public_enc_len);
623  GNUNET_assert (NULL != pkey);
624  skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
625  secret_enc_len);
626  GNUNET_assert (NULL != skey);
627 
629  GNUNET_CRYPTO_rsa_blind (&message_hash,
630  &bks,
631  pkey,
632  &blinded_data_comp,
633  &blinded_len_comp));
634  if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data,
635  blinded_data_comp,
636  blinded_len)) )
637  {
638  GNUNET_free (blinded_data);
639  GNUNET_free (public_enc_data);
640  GNUNET_free (secret_enc_data);
641  GNUNET_free (sig_enc_data);
642  GNUNET_free (skey);
643  GNUNET_break (0);
644  return GNUNET_NO;
645  }
646  blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
647  blinded_len);
648  sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
649  GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
650  pkey));
651  public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
652  &public_enc_data);
653  sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
654  &sig_enc_data_comp);
655 
656  if ( (sig_enc_length != sig_enc_length_comp) ||
657  (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
658  {
659  GNUNET_free (blinded_sig);
660  GNUNET_free (blinded_data);
661  GNUNET_free (public_enc_data);
662  GNUNET_free (secret_enc_data);
663  GNUNET_free (sig_enc_data);
664  GNUNET_free (skey);
665  GNUNET_break (0);
666  return GNUNET_NO;
667  }
668  GNUNET_free (blinded_sig);
669  GNUNET_free (blinded_data);
670  GNUNET_free (public_enc_data);
671  GNUNET_free (secret_enc_data);
672  GNUNET_free (sig_enc_data);
673  GNUNET_free (skey);
674  }
675  else if (0 == strcmp (operation, "cs_blind_signing"))
676  {
677  struct GNUNET_CRYPTO_CsPrivateKey priv;
679  struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
680  struct GNUNET_CRYPTO_CsRSecret r_priv[2];
681  struct GNUNET_CRYPTO_CsRPublic r_pub[2];
682  struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2];
683  struct GNUNET_CRYPTO_CsC c[2];
684  struct GNUNET_CRYPTO_CsS signature_scalar;
685  struct GNUNET_CRYPTO_CsBlindS blinded_s;
686  struct GNUNET_CRYPTO_CsSignature sig;
688  struct GNUNET_HashCode message_hash;
689  unsigned int b;
690 
691  if (GNUNET_OK != expect_data_fixed (vec,
692  "message_hash",
693  &message_hash,
694  sizeof (message_hash)))
695  {
696  GNUNET_break (0);
697  return GNUNET_SYSERR;
698  }
699  if (GNUNET_OK != expect_data_fixed (vec,
700  "cs_public_key",
701  &pub,
702  sizeof (pub)))
703  {
704  GNUNET_break (0);
705  return GNUNET_SYSERR;
706  }
707 
708  if (GNUNET_OK != expect_data_fixed (vec,
709  "cs_private_key",
710  &priv,
711  sizeof (priv)))
712  {
713  GNUNET_break (0);
714  return GNUNET_SYSERR;
715  }
716  if (GNUNET_OK != expect_data_fixed (vec,
717  "cs_nonce",
718  &nonce,
719  sizeof (nonce)))
720  {
721  GNUNET_break (0);
722  return GNUNET_SYSERR;
723  }
724  if (GNUNET_OK != expect_data_fixed (vec,
725  "cs_r_priv_0",
726  &r_priv[0],
727  sizeof (r_priv[0])))
728  {
729  GNUNET_break (0);
730  return GNUNET_SYSERR;
731  }
732  if (GNUNET_OK != expect_data_fixed (vec,
733  "cs_r_priv_1",
734  &r_priv[1],
735  sizeof (r_priv[1])))
736  {
737  GNUNET_break (0);
738  return GNUNET_SYSERR;
739  }
740  if (GNUNET_OK != expect_data_fixed (vec,
741  "cs_r_pub_0",
742  &r_pub[0],
743  sizeof (r_pub[0])))
744  {
745  GNUNET_break (0);
746  return GNUNET_SYSERR;
747  }
748  if (GNUNET_OK != expect_data_fixed (vec,
749  "cs_r_pub_1",
750  &r_pub[1],
751  sizeof (r_pub[1])))
752  {
753  GNUNET_break (0);
754  return GNUNET_SYSERR;
755  }
756 
757  if (GNUNET_OK != expect_data_fixed (vec,
758  "cs_bs_alpha_0",
759  &bs[0].alpha,
760  sizeof (bs[0].alpha)))
761  {
762  GNUNET_break (0);
763  return GNUNET_SYSERR;
764  }
765  if (GNUNET_OK != expect_data_fixed (vec,
766  "cs_bs_alpha_1",
767  &bs[1].alpha,
768  sizeof (bs[1].alpha)))
769  {
770  GNUNET_break (0);
771  return GNUNET_SYSERR;
772  }
773  if (GNUNET_OK != expect_data_fixed (vec,
774  "cs_bs_beta_0",
775  &bs[0].beta,
776  sizeof (bs[0].beta)))
777  {
778  GNUNET_break (0);
779  return GNUNET_SYSERR;
780  }
781  if (GNUNET_OK != expect_data_fixed (vec,
782  "cs_bs_beta_1",
783  &bs[1].beta,
784  sizeof (bs[1].beta)))
785  {
786  GNUNET_break (0);
787  return GNUNET_SYSERR;
788  }
789  if (GNUNET_OK != expect_data_fixed (vec,
790  "cs_r_pub_blind_0",
791  &r_pub_blind[0],
792  sizeof (r_pub_blind[0])))
793  {
794  GNUNET_break (0);
795  return GNUNET_SYSERR;
796  }
797  if (GNUNET_OK != expect_data_fixed (vec,
798  "cs_r_pub_blind_1",
799  &r_pub_blind[1],
800  sizeof (r_pub_blind[1])))
801  {
802  GNUNET_break (0);
803  return GNUNET_SYSERR;
804  }
805  if (GNUNET_OK != expect_data_fixed (vec,
806  "cs_c_0",
807  &c[0],
808  sizeof (c[0])))
809  {
810  GNUNET_break (0);
811  return GNUNET_SYSERR;
812  }
813  if (GNUNET_OK != expect_data_fixed (vec,
814  "cs_c_1",
815  &c[1],
816  sizeof (c[1])))
817  {
818  GNUNET_break (0);
819  return GNUNET_SYSERR;
820  }
821  if (GNUNET_OK != expect_data_fixed (vec,
822  "cs_blind_s",
823  &blinded_s,
824  sizeof (blinded_s)))
825  {
826  GNUNET_break (0);
827  return GNUNET_SYSERR;
828  }
829  if (GNUNET_OK != expect_data_fixed (vec,
830  "cs_b",
831  &b,
832  sizeof (b)))
833  {
834  GNUNET_break (0);
835  return GNUNET_SYSERR;
836  }
837  if (GNUNET_OK != expect_data_fixed (vec,
838  "cs_sig_s",
839  &signature_scalar,
840  sizeof (signature_scalar)))
841  {
842  GNUNET_break (0);
843  return GNUNET_SYSERR;
844  }
845  sig.s_scalar = signature_scalar;
846  if (GNUNET_OK != expect_data_fixed (vec,
847  "cs_sig_R",
848  &sig.r_point,
849  sizeof (sig.r_point)))
850  {
851  GNUNET_break (0);
852  return GNUNET_SYSERR;
853  }
854 
855  if ((b != 1) && (b != 0))
856  {
857  GNUNET_break (0);
858  return GNUNET_SYSERR;
859  }
860 
861  struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2];
862  struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2];
863  struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2];
864  struct GNUNET_CRYPTO_CsC c_comp[2];
865  struct GNUNET_CRYPTO_CsRPublic r_pub_blind_comp[2];
866  struct GNUNET_CRYPTO_CsBlindS blinded_s_comp;
867  struct GNUNET_CRYPTO_CsS signature_scalar_comp;
868  struct GNUNET_CRYPTO_CsSignature sig_comp;
869  unsigned int b_comp;
870 
871 
873  "rw",
874  &priv,
875  r_priv_comp);
876  GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0],
877  &r_pub_comp[0]);
878  GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1],
879  &r_pub_comp[1]);
880  GNUNET_assert (0 == memcmp (&r_priv_comp,
881  &r_priv,
882  sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2));
883  GNUNET_assert (0 == memcmp (&r_pub_comp,
884  &r_pub,
885  sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
886 
888  bs_comp);
889  GNUNET_assert (0 == memcmp (&bs_comp,
890  &bs,
891  sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
892  * 2));
894  r_pub_comp,
895  &pub,
896  &message_hash,
897  sizeof(message_hash),
898  c_comp,
899  r_pub_blind_comp);
900  GNUNET_assert (0 == memcmp (&c_comp,
901  &c,
902  sizeof(struct GNUNET_CRYPTO_CsC) * 2));
903  GNUNET_assert (0 == memcmp (&r_pub_blind_comp,
904  &r_pub_blind,
905  sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
906  b_comp = GNUNET_CRYPTO_cs_sign_derive (&priv,
907  r_priv_comp,
908  c_comp,
909  &nonce,
910  &blinded_s_comp);
911  GNUNET_assert (0 == memcmp (&blinded_s_comp,
912  &blinded_s,
913  sizeof(blinded_s)));
914  GNUNET_assert (0 == memcmp (&b_comp,
915  &b,
916  sizeof(b)));
917  GNUNET_CRYPTO_cs_unblind (&blinded_s_comp,
918  &bs_comp[b_comp],
919  &signature_scalar_comp);
920  GNUNET_assert (0 == memcmp (&signature_scalar_comp,
921  &signature_scalar,
922  sizeof(signature_scalar_comp)));
923  sig_comp.r_point = r_pub_blind_comp[b_comp];
924  sig_comp.s_scalar = signature_scalar_comp;
925  GNUNET_assert (0 == memcmp (&sig_comp,
926  &sig,
927  sizeof(sig_comp)));
928  if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig_comp,
929  &pub,
930  &message_hash,
931  sizeof(message_hash)))
932  {
933  GNUNET_break (0);
934  return GNUNET_SYSERR;
935  }
936  }
937  else
938  {
940  "unsupported operation '%s'\n", operation);
941  }
942 
943  return GNUNET_OK;
944 }
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
static char * pkey
Public key of the zone to look in, in ASCII.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
static float beta
Percentage of total peer number in the view to send random PULLs to.
static float alpha
Percentage of total peer number in the view to send random PUSHes to.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
#define GNUNET_SIGNATURE_PURPOSE_TEST
WARNING: This header is generated! In order to add a signature purpose, you must register them in GAN...
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:726
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:779
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:69
#define GNUNET_log(kind,...)
void GNUNET_CRYPTO_cs_r_get_public(const struct GNUNET_CRYPTO_CsRSecret *r_priv, struct GNUNET_CRYPTO_CsRPublic *r_pub)
Extract the public R of the given secret r.
Definition: crypto_cs.c:96
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
Definition: crypto_rsa.c:1174
void GNUNET_CRYPTO_cs_blinding_secrets_derive(const struct GNUNET_CRYPTO_CsNonce *blind_seed, struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
Derives new random blinding factors.
Definition: crypto_cs.c:105
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:203
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
Definition: crypto_rsa.c:1093
void GNUNET_CRYPTO_cs_unblind(const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, const struct GNUNET_CRYPTO_CsBlindingSecret *bs, struct GNUNET_CRYPTO_CsS *signature_scalar)
Unblind a blind-signed signature using a c that was blinded.
Definition: crypto_cs.c:299
void GNUNET_CRYPTO_cs_r_derive(const struct GNUNET_CRYPTO_CsNonce *nonce, const char *seed, const struct GNUNET_CRYPTO_CsPrivateKey *lts, struct GNUNET_CRYPTO_CsRSecret r[2])
Derive a new secret r pair r0 and r1.
Definition: crypto_cs.c:77
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:422
void GNUNET_CRYPTO_cs_calc_blinded_c(const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], const struct GNUNET_CRYPTO_CsRPublic r_pub[2], const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len, struct GNUNET_CRYPTO_CsC blinded_c[2], struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2])
Calculate two blinded c's Comment: One would be insecure due to Wagner's algorithm solving ROS.
Definition: crypto_cs.c:230
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:324
unsigned int GNUNET_CRYPTO_cs_sign_derive(const struct GNUNET_CRYPTO_CsPrivateKey *priv, const struct GNUNET_CRYPTO_CsRSecret r[2], const struct GNUNET_CRYPTO_CsC c[2], const struct GNUNET_CRYPTO_CsNonce *nonce, struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar)
Sign a blinded c This function derives b from a nonce and a longterm secret In original papers b is g...
Definition: crypto_cs.c:260
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:998
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify(const struct GNUNET_CRYPTO_CsSignature *sig, const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len)
Verify whether the given message corresponds to the given signature and the signature is valid with r...
Definition: crypto_cs.c:311
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
Sign a blinded value, which must be a full domain hash of a message.
Definition: crypto_rsa.c:946
int GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, void **buf, size_t *buf_size)
Blinds the given message with the given blinding key.
Definition: crypto_rsa.c:789
@ GNUNET_YES
@ GNUNET_SYSERR
Definition: gnunet_common.h:97
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
@ GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_INFO
blinded s in the signature
Secret used for blinding (alpha and beta).
Schnorr c to be signed.
unsigned char nonce[256/8]
The private information of an Schnorr key pair.
The public information of an Schnorr key pair.
the public R (derived from r) used in c
the private r used in the signature
s in the signature
CS Signtature containing scalar s and point R.
Private ECC key encoded for transmission.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Private ECC key encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
an ECC signature using EdDSA.
Constant-size pre-secret for blinding key generation.
The private information of an RSA key pair.
Definition: crypto_rsa.c:40
The public information of an RSA key pair.
Definition: crypto_rsa.c:52
an RSA signature
Definition: crypto_rsa.c:64
A 512-bit hashcode.
Sample signature struct.

References alpha, beta, ctx, data, expect_data_dynamic(), expect_data_fixed(), GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_cs_blinding_secrets_derive(), GNUNET_CRYPTO_cs_calc_blinded_c(), GNUNET_CRYPTO_cs_r_derive(), GNUNET_CRYPTO_cs_r_get_public(), GNUNET_CRYPTO_cs_sign_derive(), GNUNET_CRYPTO_cs_unblind(), GNUNET_CRYPTO_cs_verify(), GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_eddsa_sign, GNUNET_CRYPTO_eddsa_verify, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_kdf(), GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_private_key_decode(), GNUNET_CRYPTO_rsa_public_key_decode(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_CRYPTO_rsa_sign_blinded(), GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_CRYPTO_rsa_unblind(), GNUNET_CRYPTO_rsa_verify(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_free, GNUNET_log, GNUNET_malloc, GNUNET_memcmp, GNUNET_NO, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_TEST, GNUNET_SYSERR, GNUNET_YES, GNUNET_CRYPTO_CsNonce::nonce, pkey, pub, GNUNET_CRYPTO_CsSignature::r_point, GNUNET_CRYPTO_CsSignature::s_scalar, and salt.

Referenced by check_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ check_vectors()

static int check_vectors ( )
static

Check test vectors from stdin.

Returns
global exit code

Definition at line 953 of file gnunet-crypto-tvg.c.

954 {
955  json_error_t err;
956  json_t *vecfile = json_loadf (stdin, 0, &err);
957  const char *encoding;
958  json_t *vectors;
959 
960  if (NULL == vecfile)
961  {
962  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
963  return 1;
964  }
965  encoding = json_string_value (json_object_get (vecfile,
966  "encoding"));
967  if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
968  {
969  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
970  json_decref (vecfile);
971  return 1;
972  }
973  vectors = json_object_get (vecfile, "vectors");
974  if (! json_is_array (vectors))
975  {
976  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
977  json_decref (vecfile);
978  return 1;
979  }
980  {
981  /* array is a JSON array */
982  size_t index;
983  json_t *value;
984  int ret;
985 
986  json_array_foreach (vectors, index, value) {
987  const char *op = json_string_value (json_object_get (value,
988  "operation"));
989 
990  if (NULL == op)
991  {
993  "missing operation\n");
994  ret = GNUNET_SYSERR;
995  break;
996  }
997  ret = checkvec (op, value);
998  if (GNUNET_OK != ret)
999  {
1001  "bad vector %u\n",
1002  (unsigned int) index);
1003  break;
1004  }
1005  }
1006  return (ret == GNUNET_OK) ? 0 : 1;
1007  }
1008 }
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static struct GNUNET_ARM_Operation * op
Current operation.
Definition: gnunet-arm.c:144
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
static char * value
Value of the record to add/remove.

References checkvec(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, op, ret, and value.

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ output_vectors()

static int output_vectors ( )
static

Output test vectors.

Returns
global exit code

Definition at line 1017 of file gnunet-crypto-tvg.c.

1018 {
1019  json_t *vecfile = json_object ();
1020  json_t *vecs = json_array ();
1021 
1022  json_object_set_new (vecfile,
1023  "encoding",
1024  json_string ("base32crockford"));
1025  json_object_set_new (vecfile,
1026  "producer",
1027  json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
1028  json_object_set_new (vecfile,
1029  "vectors",
1030  vecs);
1031 
1032  {
1033  json_t *vec = vec_for (vecs, "hash");
1034  struct GNUNET_HashCode hc;
1035  char *str = "Hello, GNUnet";
1036 
1037  GNUNET_CRYPTO_hash (str, strlen (str), &hc);
1038 
1039  d2j (vec, "input", str, strlen (str));
1040  d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
1041  }
1042  {
1043  json_t *vec = vec_for (vecs, "ecc_ecdh");
1044  struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
1045  struct GNUNET_CRYPTO_EcdhePublicKey pub1;
1046  struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
1047  struct GNUNET_HashCode skm;
1048 
1052  &pub1);
1054  GNUNET_CRYPTO_ecc_ecdh (&priv2,
1055  &pub1,
1056  &skm));
1057 
1058  d2j (vec,
1059  "priv1",
1060  &priv1,
1061  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1062  d2j (vec,
1063  "pub1",
1064  &pub1,
1065  sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1066  d2j (vec,
1067  "priv2",
1068  &priv2,
1069  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1070  d2j (vec,
1071  "skm",
1072  &skm,
1073  sizeof (struct GNUNET_HashCode));
1074  }
1075 
1076  {
1077  json_t *vec = vec_for (vecs, "eddsa_key_derivation");
1078  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1080 
1083  &pub);
1084 
1085  d2j (vec,
1086  "priv",
1087  &priv,
1088  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1089  d2j (vec,
1090  "pub",
1091  &pub,
1092  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1093  }
1094  {
1095  json_t *vec = vec_for (vecs, "eddsa_signing");
1096  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1098  struct GNUNET_CRYPTO_EddsaSignature sig;
1099  struct TestSignatureDataPS data = { 0 };
1100 
1103  &pub);
1104  data.purpose.size = htonl (sizeof (data));
1105  data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
1106  GNUNET_CRYPTO_eddsa_sign (&priv,
1107  &data,
1108  &sig);
1111  &data,
1112  &sig,
1113  &pub));
1114 
1115  d2j (vec,
1116  "priv",
1117  &priv,
1118  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1119  d2j (vec,
1120  "pub",
1121  &pub,
1122  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1123  d2j (vec,
1124  "data",
1125  &data,
1126  sizeof (struct TestSignatureDataPS));
1127  d2j (vec,
1128  "sig",
1129  &sig,
1130  sizeof (struct GNUNET_CRYPTO_EddsaSignature));
1131  }
1132 
1133  {
1134  json_t *vec = vec_for (vecs, "kdf");
1135  size_t out_len = 64;
1136  char out[out_len];
1137  char *ikm = "I'm the secret input key material";
1138  char *salt = "I'm very salty";
1139  char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
1140 
1142  GNUNET_CRYPTO_kdf (&out,
1143  out_len,
1144  salt,
1145  strlen (salt),
1146  ikm,
1147  strlen (ikm),
1148  ctx,
1149  strlen (ctx),
1150  NULL));
1151 
1152  d2j (vec,
1153  "salt",
1154  salt,
1155  strlen (salt));
1156  d2j (vec,
1157  "ikm",
1158  ikm,
1159  strlen (ikm));
1160  d2j (vec,
1161  "ctx",
1162  ctx,
1163  strlen (ctx));
1164  uint2j (vec,
1165  "out_len",
1166  (unsigned int) out_len);
1167  d2j (vec,
1168  "out",
1169  out,
1170  out_len);
1171  }
1172  {
1173  json_t *vec = vec_for (vecs, "eddsa_ecdh");
1174  struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
1175  struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
1176  struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
1177  struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
1178  struct GNUNET_HashCode key_material;
1179 
1180  GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
1181  GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
1182  GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
1183  GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
1184  GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
1185 
1186  d2j (vec, "priv_ecdhe",
1187  &priv_ecdhe,
1188  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1189  d2j (vec, "pub_ecdhe",
1190  &pub_ecdhe,
1191  sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1192  d2j (vec, "priv_eddsa",
1193  &priv_eddsa,
1194  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1195  d2j (vec, "pub_eddsa",
1196  &pub_eddsa,
1197  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1198  d2j (vec, "key_material",
1199  &key_material,
1200  sizeof (struct GNUNET_HashCode));
1201  }
1202 
1203  {
1204  json_t *vec = vec_for (vecs, "edx25519_derive");
1205  struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx;
1206  struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx;
1207  struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx;
1208  struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx;
1209  struct GNUNET_HashCode seed;
1210 
1212  &seed,
1213  sizeof (struct GNUNET_HashCode));
1214  GNUNET_CRYPTO_edx25519_key_create (&priv1_edx);
1215  GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx);
1217  &seed,
1218  sizeof (seed),
1219  &priv2_edx);
1221  &seed,
1222  sizeof (seed),
1223  &pub2_edx);
1224 
1225  d2j (vec, "priv1_edx",
1226  &priv1_edx,
1227  sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1228  d2j (vec, "pub1_edx",
1229  &pub1_edx,
1230  sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1231  d2j (vec, "seed",
1232  &seed,
1233  sizeof (struct GNUNET_HashCode));
1234  d2j (vec, "priv2_edx",
1235  &priv2_edx,
1236  sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1237  d2j (vec, "pub2_edx",
1238  &pub2_edx,
1239  sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1240  }
1241 
1242  {
1243  json_t *vec = vec_for (vecs, "rsa_blind_signing");
1244 
1245  struct GNUNET_CRYPTO_RsaPrivateKey *skey;
1247  struct GNUNET_HashCode message_hash;
1249  struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
1250  struct GNUNET_CRYPTO_RsaSignature *sig;
1251  void *blinded_data;
1252  size_t blinded_len;
1253  void *public_enc_data;
1254  size_t public_enc_len;
1255  void *secret_enc_data;
1256  size_t secret_enc_len;
1257  void *blinded_sig_enc_data;
1258  size_t blinded_sig_enc_length;
1259  void *sig_enc_data;
1260  size_t sig_enc_length;
1261 
1265  &message_hash,
1266  sizeof (struct GNUNET_HashCode));
1268  &bks,
1269  sizeof (struct
1272  GNUNET_CRYPTO_rsa_blind (&message_hash,
1273  &bks,
1274  pkey,
1275  &blinded_data,
1276  &blinded_len));
1277  blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
1278  blinded_len);
1279  sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
1280  GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
1281  pkey));
1282  public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
1283  &public_enc_data);
1284  secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
1285  &secret_enc_data);
1286  blinded_sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
1287  &
1288  blinded_sig_enc_data);
1289  sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data);
1290  d2j (vec,
1291  "message_hash",
1292  &message_hash,
1293  sizeof (struct GNUNET_HashCode));
1294  d2j (vec,
1295  "rsa_public_key",
1296  public_enc_data,
1297  public_enc_len);
1298  d2j (vec,
1299  "rsa_private_key",
1300  secret_enc_data,
1301  secret_enc_len);
1302  d2j (vec,
1303  "blinding_key_secret",
1304  &bks,
1305  sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
1306  d2j (vec,
1307  "blinded_message",
1308  blinded_data,
1309  blinded_len);
1310  d2j (vec,
1311  "blinded_sig",
1312  blinded_sig_enc_data,
1313  blinded_sig_enc_length);
1314  d2j (vec,
1315  "sig",
1316  sig_enc_data,
1317  sig_enc_length);
1321  GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
1322  GNUNET_free (public_enc_data);
1323  GNUNET_free (blinded_data);
1324  GNUNET_free (sig_enc_data);
1325  GNUNET_free (blinded_sig_enc_data);
1326  GNUNET_free (secret_enc_data);
1327  }
1328 
1329  {
1330  json_t *vec = vec_for (vecs, "cs_blind_signing");
1331 
1332  struct GNUNET_CRYPTO_CsPrivateKey priv;
1334  struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
1335  struct GNUNET_CRYPTO_CsRSecret r_priv[2];
1336  struct GNUNET_CRYPTO_CsRPublic r_pub[2];
1337  struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2];
1338  struct GNUNET_CRYPTO_CsC c[2];
1339  struct GNUNET_CRYPTO_CsS signature_scalar;
1340  struct GNUNET_CRYPTO_CsBlindS blinded_s;
1341  struct GNUNET_CRYPTO_CsSignature sig;
1343  unsigned int b;
1344  struct GNUNET_HashCode message_hash;
1345 
1347  &message_hash,
1348  sizeof (struct GNUNET_HashCode));
1349 
1352 
1353  GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_hkdf (nonce.nonce,
1354  sizeof(nonce.nonce),
1355  GCRY_MD_SHA512,
1356  GCRY_MD_SHA256,
1357  "nonce",
1358  strlen ("nonce"),
1359  "nonce_secret",
1360  strlen ("nonce_secret"),
1361  NULL,
1362  0));
1363  GNUNET_CRYPTO_cs_r_derive (&nonce,
1364  "rw",
1365  &priv,
1366  r_priv);
1367  GNUNET_CRYPTO_cs_r_get_public (&r_priv[0],
1368  &r_pub[0]);
1369  GNUNET_CRYPTO_cs_r_get_public (&r_priv[1],
1370  &r_pub[1]);
1372  bs);
1374  r_pub,
1375  &pub,
1376  &message_hash,
1377  sizeof(message_hash),
1378  c,
1379  r_pub_blind);
1380  b = GNUNET_CRYPTO_cs_sign_derive (&priv,
1381  r_priv,
1382  c,
1383  &nonce,
1384  &blinded_s);
1385  GNUNET_CRYPTO_cs_unblind (&blinded_s, &bs[b], &signature_scalar);
1386  sig.r_point = r_pub_blind[b];
1387  sig.s_scalar = signature_scalar;
1388  if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig,
1389  &pub,
1390  &message_hash,
1391  sizeof(message_hash)))
1392  {
1393  GNUNET_break (0);
1394  return GNUNET_SYSERR;
1395  }
1396  d2j (vec,
1397  "message_hash",
1398  &message_hash,
1399  sizeof (struct GNUNET_HashCode));
1400  d2j (vec,
1401  "cs_public_key",
1402  &pub,
1403  sizeof(pub));
1404  d2j (vec,
1405  "cs_private_key",
1406  &priv,
1407  sizeof(priv));
1408  d2j (vec,
1409  "cs_nonce",
1410  &nonce,
1411  sizeof(nonce));
1412  d2j (vec,
1413  "cs_r_priv_0",
1414  &r_priv[0],
1415  sizeof(r_priv[0]));
1416  d2j (vec,
1417  "cs_r_priv_1",
1418  &r_priv[1],
1419  sizeof(r_priv[1]));
1420  d2j (vec,
1421  "cs_r_pub_0",
1422  &r_pub[0],
1423  sizeof(r_pub[0]));
1424  d2j (vec,
1425  "cs_r_pub_1",
1426  &r_pub[1],
1427  sizeof(r_pub[1]));
1428  d2j (vec,
1429  "cs_bs_alpha_0",
1430  &bs[0].alpha,
1431  sizeof(bs[0].alpha));
1432  d2j (vec,
1433  "cs_bs_alpha_1",
1434  &bs[1].alpha,
1435  sizeof(bs[1].alpha));
1436  d2j (vec,
1437  "cs_bs_beta_0",
1438  &bs[0].beta,
1439  sizeof(bs[0].beta));
1440  d2j (vec,
1441  "cs_bs_beta_1",
1442  &bs[1].beta,
1443  sizeof(bs[1].beta));
1444  d2j (vec,
1445  "cs_r_pub_blind_0",
1446  &r_pub_blind[0],
1447  sizeof(r_pub_blind[0]));
1448  d2j (vec,
1449  "cs_r_pub_blind_1",
1450  &r_pub_blind[1],
1451  sizeof(r_pub_blind[1]));
1452  d2j (vec,
1453  "cs_c_0",
1454  &c[0],
1455  sizeof(c[0]));
1456  d2j (vec,
1457  "cs_c_1",
1458  &c[1],
1459  sizeof(c[1]));
1460  d2j (vec,
1461  "cs_blind_s",
1462  &blinded_s,
1463  sizeof(blinded_s));
1464  d2j (vec,
1465  "cs_b",
1466  &b,
1467  sizeof(b));
1468  d2j (vec,
1469  "cs_sig_s",
1470  &signature_scalar,
1471  sizeof(signature_scalar));
1472  d2j (vec,
1473  "cs_sig_R",
1474  &r_pub_blind[b],
1475  sizeof(r_pub_blind[b]));
1476  }
1477 
1478  json_dumpf (vecfile, stdout, JSON_INDENT (2));
1479  json_decref (vecfile);
1480  printf ("\n");
1481 
1482  return 0;
1483 }
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:435
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
void GNUNET_CRYPTO_edx25519_private_key_derive(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
Derive a private scalar from a given private key and a label.
void GNUNET_CRYPTO_edx25519_public_key_derive(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
Derive a public key from a given public key and a label.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:461
void GNUNET_CRYPTO_edx25519_key_create(struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key.
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:213
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf(void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_hkdf.c:340
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
Definition: crypto_rsa.c:990
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:172
void GNUNET_CRYPTO_cs_private_key_get_public(const struct GNUNET_CRYPTO_CsPrivateKey *priv, struct GNUNET_CRYPTO_CsPublicKey *pub)
Extract the public key of the given private key.
Definition: crypto_cs.c:51
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:267
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:232
void GNUNET_CRYPTO_cs_private_key_generate(struct GNUNET_CRYPTO_CsPrivateKey *priv)
Create a new random private key.
Definition: crypto_cs.c:44
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:180
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
Definition: crypto_rsa.c:143
Private ECC key material encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...

References alpha, beta, ctx, d2j(), data, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_cs_blinding_secrets_derive(), GNUNET_CRYPTO_cs_calc_blinded_c(), GNUNET_CRYPTO_cs_private_key_generate(), GNUNET_CRYPTO_cs_private_key_get_public(), GNUNET_CRYPTO_cs_r_derive(), GNUNET_CRYPTO_cs_r_get_public(), GNUNET_CRYPTO_cs_sign_derive(), GNUNET_CRYPTO_cs_unblind(), GNUNET_CRYPTO_cs_verify(), GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_eddsa_sign, GNUNET_CRYPTO_eddsa_verify, GNUNET_CRYPTO_edx25519_key_create(), GNUNET_CRYPTO_edx25519_key_get_public(), GNUNET_CRYPTO_edx25519_private_key_derive(), GNUNET_CRYPTO_edx25519_public_key_derive(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hkdf(), GNUNET_CRYPTO_kdf(), GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_block(), GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_private_key_create(), GNUNET_CRYPTO_rsa_private_key_encode(), GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_CRYPTO_rsa_public_key_free(), GNUNET_CRYPTO_rsa_sign_blinded(), GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_CRYPTO_rsa_signature_free(), GNUNET_CRYPTO_rsa_unblind(), GNUNET_CRYPTO_rsa_verify(), GNUNET_free, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_TEST, GNUNET_SYSERR, GNUNET_YES, GNUNET_CRYPTO_CsNonce::nonce, pkey, pub, GNUNET_CRYPTO_CsSignature::r_point, GNUNET_CRYPTO_CsSignature::s_scalar, salt, uint2j(), and vec_for().

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ run()

static void run ( void *  cls,
char *const *  args,
const char *  cfgfile,
const struct GNUNET_CONFIGURATION_Handle cfg 
)
static

Main function that will be run.

Parameters
clsclosure
argsremaining command-line arguments
cfgfilename of the configuration file used (for saving, can be NULL!)
cfgconfiguration

Definition at line 1495 of file gnunet-crypto-tvg.c.

1499 {
1500  if (GNUNET_YES == verify_flag)
1502  else
1504 }
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
static int global_ret
Global exit code.
static int check_vectors()
Check test vectors from stdin.
static int output_vectors()
Output test vectors.

References check_vectors(), global_ret, GNUNET_YES, output_vectors(), and verify_flag.

Here is the call graph for this function:

◆ main()

int main ( int  argc,
char *const *  argv 
)

The main function of the test vector generation tool.

Parameters
argcnumber of arguments from the command line
argvcommand line arguments
Returns
0 ok, 1 on error

Definition at line 1515 of file gnunet-crypto-tvg.c.

1517 {
1518  const struct GNUNET_GETOPT_CommandLineOption options[] = {
1520  "verify",
1521  gettext_noop (
1522  "verify a test vector from stdin"),
1523  &verify_flag),
1525  };
1526 
1528  GNUNET_log_setup ("gnunet-crypto-tvg",
1529  "INFO",
1530  NULL));
1531  if (GNUNET_OK !=
1532  GNUNET_PROGRAM_run (argc, argv,
1533  "gnunet-crypto-tvg",
1534  "Generate test vectors for cryptographic operations",
1535  options,
1536  &run, NULL))
1537  return 1;
1538  return global_ret;
1539 }
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
#define gettext_noop(String)
Definition: gettext.h:69
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
int GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
Definition: program.c:399
Definition of a command line option.

Variable Documentation

◆ verify_flag

GNUNET_NETWORK_STRUCT_END int verify_flag = GNUNET_NO
static

Should we verify or output test vectors?

Definition at line 76 of file gnunet-crypto-tvg.c.

Referenced by run().

◆ global_ret

int global_ret = 0
static

Global exit code.

Definition at line 82 of file gnunet-crypto-tvg.c.

Referenced by run().