GNUnet  0.11.x
gnunet-crypto-tvg.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2020 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
50 #include "platform.h"
51 #include "gnunet_util_lib.h"
52 #include "gnunet_signatures.h"
53 #include "gnunet_testing_lib.h"
54 #include <jansson.h>
55 #include <gcrypt.h>
56 
57 GNUNET_NETWORK_STRUCT_BEGIN
58 
64 struct TestSignatureDataPS
65 {
66  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
67  uint32_t testval;
68 };
69 
70 GNUNET_NETWORK_STRUCT_END
71 
72 
76 static int verify_flag = GNUNET_NO;
77 
78 
82 static int global_ret = 0;
83 
84 
92 static json_t *
93 vec_for (json_t *vecs, const char *vecname)
94 {
95  json_t *t = json_object ();
96 
97  json_object_set_new (t,
98  "operation",
99  json_string (vecname));
100  json_array_append_new (vecs, t);
101  return t;
102 }
103 
104 
114 static void
115 d2j (json_t *vec,
116  const char *label,
117  const void *data,
118  size_t size)
119 {
120  char *buf;
121  json_t *json;
122 
123  buf = GNUNET_STRINGS_data_to_string_alloc (data, size);
124  json = json_string (buf);
125  GNUNET_free (buf);
126  GNUNET_break (NULL != json);
127 
128  json_object_set_new (vec, label, json);
129 }
130 
139 static void
140 uint2j (json_t *vec,
141  const char *label,
142  unsigned int num)
143 {
144  json_t *json = json_integer (num);
145 
146  json_object_set_new (vec, label, json);
147 }
148 
149 
150 static int
151 expect_data_fixed (json_t *vec,
152  const char *name,
153  void *data,
154  size_t expect_len)
155 {
156  const char *s = json_string_value (json_object_get (vec, name));
157 
158  if (NULL == s)
159  return GNUNET_NO;
160 
161  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s,
162  strlen (s),
163  data,
164  expect_len))
165  return GNUNET_NO;
166  return GNUNET_OK;
167 }
168 
169 static int
170 expect_data_dynamic (json_t *vec,
171  const char *name,
172  void **data,
173  size_t *ret_len)
174 {
175  const char *s = json_string_value (json_object_get (vec, name));
176  size_t len;
177 
178  if (NULL == s)
179  return GNUNET_NO;
180 
181  len = (strlen (s) * 5) / 8;
182  if (NULL != ret_len)
183  *ret_len = len;
184  *data = GNUNET_malloc (len);
185 
186  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), *data, len))
187  return GNUNET_NO;
188  return GNUNET_OK;
189 }
190 
191 
200 static int
201 checkvec (const char *operation,
202  json_t *vec)
203 {
204  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
205  "checking %s\n", operation);
206 
207  if (0 == strcmp (operation, "hash"))
208  {
209  void *data;
210  size_t data_len;
211  struct GNUNET_HashCode hash_out;
212  struct GNUNET_HashCode hc;
213 
214  if (GNUNET_OK != expect_data_dynamic (vec,
215  "input",
216  &data,
217  &data_len))
218  {
219  GNUNET_break (0);
220  return GNUNET_SYSERR;
221  }
222  if (GNUNET_OK != expect_data_fixed (vec,
223  "output",
224  &hash_out,
225  sizeof (hash_out)))
226  {
227  GNUNET_break (0);
228  return GNUNET_NO;
229  }
230 
231  GNUNET_CRYPTO_hash (data, data_len, &hc);
232 
233  if (0 != GNUNET_memcmp (&hc, &hash_out))
234  {
235  GNUNET_break (0);
236  return GNUNET_NO;
237  }
238  }
239  else if (0 == strcmp (operation, "ecc_ecdh"))
240  {
241  struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
242  struct GNUNET_CRYPTO_EcdhePublicKey pub1;
243  struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
244  struct GNUNET_HashCode skm;
245  struct GNUNET_HashCode skm_comp;
246 
247  if (GNUNET_OK != expect_data_fixed (vec,
248  "priv1",
249  &priv1,
250  sizeof (priv1)))
251  {
252  GNUNET_break (0);
253  return GNUNET_NO;
254  }
255  if (GNUNET_OK != expect_data_fixed (vec,
256  "priv2",
257  &priv2,
258  sizeof (priv2)))
259  {
260  GNUNET_break (0);
261  return GNUNET_NO;
262  }
263  if (GNUNET_OK != expect_data_fixed (vec,
264  "pub1",
265  &pub1,
266  sizeof (pub1)))
267  {
268  GNUNET_break (0);
269  return GNUNET_NO;
270  }
271  if (GNUNET_OK != expect_data_fixed (vec,
272  "skm",
273  &skm,
274  sizeof (skm)))
275  {
276  GNUNET_break (0);
277  return GNUNET_NO;
278  }
279  GNUNET_assert (GNUNET_OK ==
280  GNUNET_CRYPTO_ecc_ecdh (&priv2,
281  &pub1,
282  &skm_comp));
283  if (0 != GNUNET_memcmp (&skm, &skm_comp))
284  {
285  GNUNET_break (0);
286  return GNUNET_NO;
287  }
288  }
289  else if (0 == strcmp (operation, "eddsa_key_derivation"))
290  {
291  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
292  struct GNUNET_CRYPTO_EddsaPublicKey pub;
293  struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
294 
295  if (GNUNET_OK != expect_data_fixed (vec,
296  "priv",
297  &priv,
298  sizeof (priv)))
299  {
300  GNUNET_break (0);
301  return GNUNET_NO;
302  }
303 
304  if (GNUNET_OK != expect_data_fixed (vec,
305  "pub",
306  &pub,
307  sizeof (pub)))
308  {
309  GNUNET_break (0);
310  return GNUNET_NO;
311  }
312 
313  GNUNET_CRYPTO_eddsa_key_get_public (&priv,
314  &pub_comp);
315  if (0 != GNUNET_memcmp (&pub, &pub_comp))
316  {
317  GNUNET_break (0);
318  return GNUNET_NO;
319  }
320 
321  }
322  else if (0 == strcmp (operation, "eddsa_signing"))
323  {
324  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
325  struct GNUNET_CRYPTO_EddsaPublicKey pub;
326  struct TestSignatureDataPS data = { 0 };
327  struct GNUNET_CRYPTO_EddsaSignature sig;
328  struct GNUNET_CRYPTO_EddsaSignature sig_comp;
329 
330  if (GNUNET_OK != expect_data_fixed (vec,
331  "priv",
332  &priv,
333  sizeof (priv)))
334  {
335  GNUNET_break (0);
336  return GNUNET_NO;
337  }
338 
339  if (GNUNET_OK != expect_data_fixed (vec,
340  "pub",
341  &pub,
342  sizeof (pub)))
343  {
344  GNUNET_break (0);
345  return GNUNET_NO;
346  }
347 
348  if (GNUNET_OK != expect_data_fixed (vec,
349  "data",
350  &data,
351  sizeof (data)))
352  {
353  GNUNET_break (0);
354  return GNUNET_NO;
355  }
356 
357  if (GNUNET_OK != expect_data_fixed (vec,
358  "sig",
359  &sig,
360  sizeof (sig)))
361  {
362  GNUNET_break (0);
363  return GNUNET_NO;
364  }
365 
366  GNUNET_CRYPTO_eddsa_sign (&priv,
367  &data,
368  &sig_comp);
369  GNUNET_assert (GNUNET_OK ==
370  GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
371  &data,
372  &sig,
373  &pub));
374  if (0 != GNUNET_memcmp (&sig, &sig_comp))
375  {
376  GNUNET_break (0);
377  return GNUNET_NO;
378  }
379  }
380  else if (0 == strcmp (operation, "kdf"))
381  {
382  size_t out_len;
383  void *out;
384  size_t out_len_comp;
385  void *out_comp;
386  void *ikm;
387  size_t ikm_len;
388  void *salt;
389  size_t salt_len;
390  void *ctx;
391  size_t ctx_len;
392 
393  if (GNUNET_OK != expect_data_dynamic (vec,
394  "out",
395  &out,
396  &out_len))
397  {
398  GNUNET_break (0);
399  return GNUNET_SYSERR;
400  }
401 
402  out_len_comp = out_len;
403  out_comp = GNUNET_malloc (out_len_comp);
404 
405  if (GNUNET_OK != expect_data_dynamic (vec,
406  "ikm",
407  &ikm,
408  &ikm_len))
409  {
410  GNUNET_break (0);
411  return GNUNET_SYSERR;
412  }
413 
414  if (GNUNET_OK != expect_data_dynamic (vec,
415  "salt",
416  &salt,
417  &salt_len))
418  {
419  GNUNET_break (0);
420  return GNUNET_SYSERR;
421  }
422 
423  if (GNUNET_OK != expect_data_dynamic (vec,
424  "ctx",
425  &ctx,
426  &ctx_len))
427  {
428  GNUNET_break (0);
429  return GNUNET_SYSERR;
430  }
431 
432  GNUNET_assert (GNUNET_OK ==
433  GNUNET_CRYPTO_kdf (out_comp,
434  out_len_comp,
435  salt,
436  salt_len,
437  ikm,
438  ikm_len,
439  ctx,
440  ctx_len,
441  NULL));
442 
443  if (0 != memcmp (out, out_comp, out_len))
444  {
445  GNUNET_break (0);
446  return GNUNET_NO;
447  }
448 
449  }
450  else if (0 == strcmp (operation, "eddsa_ecdh"))
451  {
452  struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
453  struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
454  struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
455  struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
456  struct GNUNET_HashCode key_material;
457  struct GNUNET_HashCode key_material_comp;
458 
459  if (GNUNET_OK != expect_data_fixed (vec,
460  "priv_ecdhe",
461  &priv_ecdhe,
462  sizeof (priv_ecdhe)))
463  {
464  GNUNET_break (0);
465  return GNUNET_NO;
466  }
467 
468  if (GNUNET_OK != expect_data_fixed (vec,
469  "pub_ecdhe",
470  &pub_ecdhe,
471  sizeof (pub_ecdhe)))
472  {
473  GNUNET_break (0);
474  return GNUNET_NO;
475  }
476 
477  if (GNUNET_OK != expect_data_fixed (vec,
478  "priv_eddsa",
479  &priv_eddsa,
480  sizeof (priv_eddsa)))
481  {
482  GNUNET_break (0);
483  return GNUNET_NO;
484  }
485 
486  if (GNUNET_OK != expect_data_fixed (vec,
487  "pub_eddsa",
488  &pub_eddsa,
489  sizeof (pub_eddsa)))
490  {
491  GNUNET_break (0);
492  return GNUNET_NO;
493  }
494 
495  if (GNUNET_OK != expect_data_fixed (vec,
496  "key_material",
497  &key_material,
498  sizeof (key_material)))
499  {
500  GNUNET_break (0);
501  return GNUNET_NO;
502  }
503 
504  GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material_comp);
505 
506  if (0 != GNUNET_memcmp (&key_material, &key_material_comp))
507  {
508  GNUNET_break (0);
509  return GNUNET_NO;
510  }
511  }
512  else if (0 == strcmp (operation, "rsa_blind_signing"))
513  {
514  struct GNUNET_CRYPTO_RsaPrivateKey *skey;
515  struct GNUNET_CRYPTO_RsaPublicKey *pkey;
516  struct GNUNET_HashCode message_hash;
517  struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
518  struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
519  struct GNUNET_CRYPTO_RsaSignature *sig;
520  void *blinded_data;
521  size_t blinded_len;
522  void *blinded_data_comp;
523  size_t blinded_len_comp;
524  void *public_enc_data;
525  size_t public_enc_len;
526  void *secret_enc_data;
527  size_t secret_enc_len;
528  void *sig_enc_data;
529  size_t sig_enc_length;
530  void *sig_enc_data_comp;
531  size_t sig_enc_length_comp;
532 
533  if (GNUNET_OK != expect_data_fixed (vec,
534  "message_hash",
535  &message_hash,
536  sizeof (message_hash)))
537  {
538  GNUNET_break (0);
539  return GNUNET_SYSERR;
540  }
541 
542  if (GNUNET_OK != expect_data_fixed (vec,
543  "blinding_key_secret",
544  &bks,
545  sizeof (bks)))
546  {
547  GNUNET_break (0);
548  return GNUNET_SYSERR;
549  }
550 
551  if (GNUNET_OK != expect_data_dynamic (vec,
552  "blinded_message",
553  &blinded_data,
554  &blinded_len))
555  {
556  GNUNET_break (0);
557  return GNUNET_SYSERR;
558  }
559 
560  if (GNUNET_OK != expect_data_dynamic (vec,
561  "rsa_public_key",
562  &public_enc_data,
563  &public_enc_len))
564  {
565  GNUNET_break (0);
566  return GNUNET_SYSERR;
567  }
568 
569  if (GNUNET_OK != expect_data_dynamic (vec,
570  "rsa_private_key",
571  &secret_enc_data,
572  &secret_enc_len))
573  {
574  GNUNET_break (0);
575  return GNUNET_SYSERR;
576  }
577 
578  if (GNUNET_OK != expect_data_dynamic (vec,
579  "sig",
580  &sig_enc_data,
581  &sig_enc_length))
582  {
583  GNUNET_break (0);
584  return GNUNET_SYSERR;
585  }
586 
587  pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
588  public_enc_len);
589  GNUNET_assert (NULL != pkey);
590  skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
591  secret_enc_len);
592  GNUNET_assert (NULL != skey);
593 
594  GNUNET_assert (GNUNET_YES ==
595  GNUNET_CRYPTO_rsa_blind (&message_hash,
596  &bks,
597  pkey,
598  &blinded_data_comp,
599  &blinded_len_comp));
600  if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data,
601  blinded_data_comp,
602  blinded_len)) )
603  {
604  GNUNET_break (0);
605  return GNUNET_NO;
606  }
607  blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
608  blinded_len);
609  sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
610  GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
611  pkey));
612  public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
613  &public_enc_data);
614  sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data_comp);
615 
616  if ( (sig_enc_length != sig_enc_length_comp) ||
617  (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
618  {
619  GNUNET_break (0);
620  return GNUNET_NO;
621  }
622  }
623  else
624  {
625  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
626  "unsupported operation '%s'\n", operation);
627  }
628 
629  return GNUNET_OK;
630 }
631 
637 static int
638 check_vectors ()
639 {
640  json_error_t err;
641  json_t *vecfile = json_loadf (stdin, 0, &err);
642  const char *encoding;
643  json_t *vectors;
644 
645  if (NULL == vecfile)
646  {
647  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
648  return 1;
649  }
650  encoding = json_string_value (json_object_get (vecfile,
651  "encoding"));
652  if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
653  {
654  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
655  json_decref (vecfile);
656  return 1;
657  }
658  vectors = json_object_get (vecfile, "vectors");
659  if (!json_is_array (vectors))
660  {
661  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
662  json_decref (vecfile);
663  return 1;
664  }
665  {
666  /* array is a JSON array */
667  size_t index;
668  json_t *value;
669  int ret;
670 
671  json_array_foreach (vectors, index, value) {
672  const char *op = json_string_value (json_object_get (value,
673  "operation"));
674 
675  if (NULL == op)
676  {
677  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
678  "missing operation\n");
679  ret = GNUNET_SYSERR;
680  break;
681  }
682  ret = checkvec (op, value);
683  if (GNUNET_OK != ret)
684  {
685  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
686  "bad vector %u\n",
687  (unsigned int) index);
688  break;
689  }
690  }
691  return (ret == GNUNET_OK) ? 0 : 1;
692  }
693 }
694 
700 static int
701 output_vectors ()
702 {
703  json_t *vecfile = json_object ();
704  json_t *vecs = json_array ();
705 
706  json_object_set_new (vecfile,
707  "encoding",
708  json_string ("base32crockford"));
709  json_object_set_new (vecfile,
710  "producer",
711  json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
712  json_object_set_new (vecfile,
713  "vectors",
714  vecs);
715 
716  {
717  json_t *vec = vec_for (vecs, "hash");
718  struct GNUNET_HashCode hc;
719  char *str = "Hello, GNUnet";
720 
721  GNUNET_CRYPTO_hash (str, strlen (str), &hc);
722 
723  d2j (vec, "input", str, strlen (str));
724  d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
725  }
726  {
727  json_t *vec = vec_for (vecs, "ecc_ecdh");
728  struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
729  struct GNUNET_CRYPTO_EcdhePublicKey pub1;
730  struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
731  struct GNUNET_HashCode skm;
732 
733  GNUNET_CRYPTO_ecdhe_key_create (&priv1);
734  GNUNET_CRYPTO_ecdhe_key_create (&priv2);
735  GNUNET_CRYPTO_ecdhe_key_get_public (&priv1,
736  &pub1);
737  GNUNET_assert (GNUNET_OK ==
738  GNUNET_CRYPTO_ecc_ecdh (&priv2,
739  &pub1,
740  &skm));
741 
742  d2j (vec,
743  "priv1",
744  &priv1,
745  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
746  d2j (vec,
747  "pub1",
748  &pub1,
749  sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
750  d2j (vec,
751  "priv2",
752  &priv2,
753  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
754  d2j (vec,
755  "skm",
756  &skm,
757  sizeof (struct GNUNET_HashCode));
758  }
759 
760  {
761  json_t *vec = vec_for (vecs, "eddsa_key_derivation");
762  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
763  struct GNUNET_CRYPTO_EddsaPublicKey pub;
764 
765  GNUNET_CRYPTO_eddsa_key_create (&priv);
766  GNUNET_CRYPTO_eddsa_key_get_public (&priv,
767  &pub);
768 
769  d2j (vec,
770  "priv",
771  &priv,
772  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
773  d2j (vec,
774  "pub",
775  &pub,
776  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
777  }
778  {
779  json_t *vec = vec_for (vecs, "eddsa_signing");
780  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
781  struct GNUNET_CRYPTO_EddsaPublicKey pub;
782  struct GNUNET_CRYPTO_EddsaSignature sig;
783  struct TestSignatureDataPS data = { 0 };
784 
785  GNUNET_CRYPTO_eddsa_key_create (&priv);
786  GNUNET_CRYPTO_eddsa_key_get_public (&priv,
787  &pub);
788  data.purpose.size = htonl (sizeof (data));
789  data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
790  GNUNET_CRYPTO_eddsa_sign (&priv,
791  &data,
792  &sig);
793  GNUNET_assert (GNUNET_OK ==
794  GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
795  &data,
796  &sig,
797  &pub));
798 
799  d2j (vec,
800  "priv",
801  &priv,
802  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
803  d2j (vec,
804  "pub",
805  &pub,
806  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
807  d2j (vec,
808  "data",
809  &data,
810  sizeof (struct TestSignatureDataPS));
811  d2j (vec,
812  "sig",
813  &sig,
814  sizeof (struct GNUNET_CRYPTO_EddsaSignature));
815  }
816 
817  {
818  json_t *vec = vec_for (vecs, "kdf");
819  size_t out_len = 64;
820  char out[out_len];
821  char *ikm = "I'm the secret input key material";
822  char *salt = "I'm very salty";
823  char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
824 
825  GNUNET_assert (GNUNET_OK ==
826  GNUNET_CRYPTO_kdf (&out,
827  out_len,
828  salt,
829  strlen (salt),
830  ikm,
831  strlen (ikm),
832  ctx,
833  strlen (ctx),
834  NULL));
835 
836  d2j (vec,
837  "salt",
838  salt,
839  strlen (salt));
840  d2j (vec,
841  "ikm",
842  ikm,
843  strlen (ikm));
844  d2j (vec,
845  "ctx",
846  ctx,
847  strlen (ctx));
848  uint2j (vec,
849  "out_len",
850  (unsigned int) out_len);
851  d2j (vec,
852  "out",
853  out,
854  out_len);
855  }
856  {
857  json_t *vec = vec_for (vecs, "eddsa_ecdh");
858  struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
859  struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
860  struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
861  struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
862  struct GNUNET_HashCode key_material;
863 
864  GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
865  GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
866  GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
867  GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
868  GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
869 
870  d2j (vec, "priv_ecdhe",
871  &priv_ecdhe,
872  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
873  d2j (vec, "pub_ecdhe",
874  &pub_ecdhe,
875  sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
876  d2j (vec, "priv_eddsa",
877  &priv_eddsa,
878  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
879  d2j (vec, "pub_eddsa",
880  &pub_eddsa,
881  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
882  d2j (vec, "key_material",
883  &key_material,
884  sizeof (struct GNUNET_HashCode));
885  }
886 
887  {
888  json_t *vec = vec_for (vecs, "rsa_blind_signing");
889 
890  struct GNUNET_CRYPTO_RsaPrivateKey *skey;
891  struct GNUNET_CRYPTO_RsaPublicKey *pkey;
892  struct GNUNET_HashCode message_hash;
893  struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
894  struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
895  struct GNUNET_CRYPTO_RsaSignature *sig;
896  void *blinded_data;
897  size_t blinded_len;
898  void *public_enc_data;
899  size_t public_enc_len;
900  void *secret_enc_data;
901  size_t secret_enc_len;
902  void *blinded_sig_enc_data;
903  size_t blinded_sig_enc_length;
904  void *sig_enc_data;
905  size_t sig_enc_length;
906 
907  skey = GNUNET_CRYPTO_rsa_private_key_create (2048);
908  pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey);
909  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
910  &message_hash,
911  sizeof (struct GNUNET_HashCode));
912  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
913  &bks,
914  sizeof (struct
915  GNUNET_CRYPTO_RsaBlindingKeySecret));
916  GNUNET_assert (GNUNET_YES ==
917  GNUNET_CRYPTO_rsa_blind (&message_hash,
918  &bks,
919  pkey,
920  &blinded_data,
921  &blinded_len));
922  blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
923  blinded_len);
924  sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
925  GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
926  pkey));
927  public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
928  &public_enc_data);
929  secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
930  &secret_enc_data);
931  blinded_sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
932  &
933  blinded_sig_enc_data);
934  sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data);
935  d2j (vec,
936  "message_hash",
937  &message_hash,
938  sizeof (struct GNUNET_HashCode));
939  d2j (vec,
940  "rsa_public_key",
941  public_enc_data,
942  public_enc_len);
943  d2j (vec,
944  "rsa_private_key",
945  secret_enc_data,
946  secret_enc_len);
947  d2j (vec,
948  "blinding_key_secret",
949  &bks,
950  sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
951  d2j (vec,
952  "blinded_message",
953  blinded_data,
954  blinded_len);
955  d2j (vec,
956  "blinded_sig",
957  blinded_sig_enc_data,
958  blinded_sig_enc_length);
959  d2j (vec,
960  "sig",
961  sig_enc_data,
962  sig_enc_length);
963  GNUNET_CRYPTO_rsa_private_key_free (skey);
964  GNUNET_CRYPTO_rsa_public_key_free (pkey);
965  GNUNET_CRYPTO_rsa_signature_free (sig);
966  GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
967  GNUNET_free (public_enc_data);
968  GNUNET_free (blinded_data);
969  GNUNET_free (sig_enc_data);
970  GNUNET_free (blinded_sig_enc_data);
971  }
972 
973  json_dumpf (vecfile, stdout, JSON_INDENT (2));
974  json_decref (vecfile);
975  printf ("\n");
976 
977  return 0;
978 }
979 
988 static void
989 run (void *cls,
990  char *const *args,
991  const char *cfgfile,
992  const struct GNUNET_CONFIGURATION_Handle *cfg)
993 {
994  if (GNUNET_YES == verify_flag)
995  global_ret = check_vectors ();
996  else
997  global_ret = output_vectors ();
998 }
999 
1000 
1008 int
1009 main (int argc,
1010  char *const *argv)
1011 {
1012  const struct GNUNET_GETOPT_CommandLineOption options[] = {
1013  GNUNET_GETOPT_option_flag ('V',
1014  "verify",
1015  gettext_noop (
1016  "verify a test vector from stdin"),
1017  &verify_flag),
1018  GNUNET_GETOPT_OPTION_END
1019  };
1020 
1021  GNUNET_assert (GNUNET_OK ==
1022  GNUNET_log_setup ("gnunet-crypto-tvg",
1023  "INFO",
1024  NULL));
1025  if (GNUNET_OK !=
1026  GNUNET_PROGRAM_run (argc, argv,
1027  "gnunet-crypto-tvg",
1028  "Generate test vectors for cryptographic operations",
1029  options,
1030  &run, NULL))
1031  return 1;
1032  return global_ret;
1033 }
1034 
1035 
1036 /* end of gnunet-crypto-tvg.c */
GNUNET_CRYPTO_rsa_private_key_decode
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:203
expect_data_dynamic
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
Definition: gnunet-crypto-tvg.c:170
GNUNET_CRYPTO_rsa_blind
int GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, void **buf, size_t *buf_size)
Blinds the given message with the given blinding key.
Definition: crypto_rsa.c:744
GNUNET_PROGRAM_run
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration, parse options).
Definition: program.c:363
cfg
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration we are using.
Definition: gnunet-abd.c:36
pkey
static char * pkey
Public key of the zone to look in, in ASCII.
Definition: gnunet-namecache.c:59
GNUNET_CRYPTO_eddsa_sign
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
Definition: gnunet_crypto_lib.h:1711
GNUNET_CRYPTO_RsaSignature
an RSA signature
Definition: crypto_rsa.c:63
GNUNET_CRYPTO_rsa_signature_free
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
Definition: crypto_rsa.c:944
GNUNET_CRYPTO_EccSignaturePurpose::purpose
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Definition: gnunet_crypto_lib.h:146
GNUNET_CRYPTO_rsa_verify
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
Definition: crypto_rsa.c:1128
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition: gnunet_common.h:853
ret
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
GNUNET_CRYPTO_rsa_signature_encode
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:952
verify_flag
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
Definition: gnunet-crypto-tvg.c:76
GNUNET_NO
Definition: gnunet_common.h:86
GNUNET_GETOPT_CommandLineOption
Definition of a command line option.
Definition: gnunet_getopt_lib.h:100
t
static struct GNUNET_SCHEDULER_Task * t
Main task.
Definition: gnunet-zonewalk.c:121
gnunet_util_lib.h
GNUNET_CRYPTO_rsa_private_key_create
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
Definition: crypto_rsa.c:143
GNUNET_CRYPTO_eddsa_verify
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
Definition: gnunet_crypto_lib.h:1811
expect_data_fixed
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
Definition: gnunet-crypto-tvg.c:151
GNUNET_CRYPTO_RsaPublicKey
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
d2j
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
Definition: gnunet-crypto-tvg.c:115
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
Definition: gnunet_common.h:934
GNUNET_GETOPT_OPTION_END
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
GNUNET_NETWORK_STRUCT_BEGIN
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won&#39;t work on W32.
Definition: gnunet_common.h:228
GNUNET_CRYPTO_rsa_private_key_encode
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:180
global_ret
static int global_ret
Global exit code.
Definition: gnunet-crypto-tvg.c:82
ctx
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
Definition: gnunet-zonewalk.c:86
GNUNET_CRYPTO_EccSignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition: gnunet_crypto_lib.h:131
GNUNET_CRYPTO_ecdhe_key_create
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:419
GNUNET_OK
Definition: gnunet_common.h:87
value
static char * value
Value of the record to add/remove.
Definition: gnunet-namestore.c:152
uint2j
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
Definition: gnunet-crypto-tvg.c:140
GNUNET_CRYPTO_ecdh_eddsa
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:867
GNUNET_CRYPTO_hash
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
GNUNET_CRYPTO_rsa_public_key_decode
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format. ...
Definition: crypto_rsa.c:383
GNUNET_CRYPTO_kdf
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:90
buf
static char buf[2048]
Definition: gnunet-service-testbed_meminfo.c:64
GNUNET_SIGNATURE_PURPOSE_TEST
#define GNUNET_SIGNATURE_PURPOSE_TEST
Test signature, not valid for anything other than writing a test.
Definition: gnunet_signatures.h:47
vec_for
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
Definition: gnunet-crypto-tvg.c:93
gnunet_signatures.h
GNUNET_CRYPTO_EccSignaturePurpose::size
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
Definition: gnunet_crypto_lib.h:138
GNUNET_SYSERR
Definition: gnunet_common.h:85
GNUNET_HashCode
A 512-bit hashcode.
Definition: gnunet_common.h:242
run
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
Definition: gnunet-crypto-tvg.c:989
GNUNET_CRYPTO_ecc_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:685
GNUNET_CRYPTO_rsa_unblind
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
Definition: crypto_rsa.c:1047
GNUNET_CRYPTO_EcdhePrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:244
main
int main(int argc, char *const *argv)
The main function of the test vector generation tool.
Definition: gnunet-crypto-tvg.c:1009
size
static unsigned int size
Size of the "table".
Definition: peer.c:67
GNUNET_CRYPTO_ecdhe_key_get_public
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
GNUNET_CRYPTO_eddsa_key_create
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:445
GNUNET_memcmp
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
Definition: gnunet_common.h:1134
GNUNET_CRYPTO_EddsaSignature
an ECC signature using EdDSA.
Definition: gnunet_crypto_lib.h:154
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:181
salt
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
Definition: gnunet-service-nse.c:119
GNUNET_NETWORK_STRUCT_END
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won&#39;t work on W32;.
Definition: gnunet_common.h:233
GNUNET_CRYPTO_EddsaPrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:268
GNUNET_CONFIGURATION_Handle
configuration data
Definition: configuration.c:84
GNUNET_ERROR_TYPE_INFO
Definition: gnunet_common.h:397
name
const char * name
Definition: plugin_gnsrecord_abd.c:271
output_vectors
static int output_vectors()
Output test vectors.
Definition: gnunet-crypto-tvg.c:701
GNUNET_CRYPTO_rsa_sign_blinded
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
Sign a blinded value, which must be a full domain hash of a message.
Definition: crypto_rsa.c:900
GNUNET_GETOPT_option_flag
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
Definition: getopt_helpers.c:338
GNUNET_CRYPTO_EcdhePublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Definition: gnunet_crypto_lib.h:230
GNUNET_log
#define GNUNET_log(kind,...)
Definition: gnunet_common.h:521
checkvec
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
Definition: gnunet-crypto-tvg.c:201
TestSignatureDataPS::purpose
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Definition: gnunet-crypto-tvg.c:66
GNUNET_CRYPTO_RsaPrivateKey
The private information of an RSA key pair.
Definition: crypto_rsa.c:39
GNUNET_CRYPTO_random_block
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Definition: crypto_random.c:134
GNUNET_CRYPTO_rsa_private_key_get_public
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:232
GNUNET_CRYPTO_RsaBlindingKeySecret
Constant-size pre-secret for blinding key generation.
Definition: gnunet_crypto_lib.h:2037
GNUNET_CRYPTO_rsa_public_key_free
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:267
GNUNET_ERROR_TYPE_ERROR
Definition: gnunet_common.h:391
GNUNET_CRYPTO_rsa_public_key_encode
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:300
GNUNET_STRINGS_data_to_string_alloc
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:937
GNUNET_log_setup
int GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
Definition: common_logging.c:708
op
static struct GNUNET_ARM_Operation * op
Current operation.
Definition: gnunet-arm.c:144
TestSignatureDataPS
Sample signature struct.
Definition: gnunet-crypto-tvg.c:64
check_vectors
static int check_vectors()
Check test vectors from stdin.
Definition: gnunet-crypto-tvg.c:638
gnunet_testing_lib.h
data
uint32_t data
The data value.
Definition: gnunet-helper-transport-wlan.c:90
GNUNET_YES
Definition: gnunet_common.h:89
GNUNET_CRYPTO_rsa_private_key_free
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:172
GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
Definition: gnunet_crypto_lib.h:82
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition: gnunet_common.h:1262
GNUNET_STRINGS_string_to_data
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:972
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition: gnunet_common.h:1322
len
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Definition: gnunet-helper-transport-wlan.c:85
gettext_noop
#define gettext_noop(String)
Definition: gettext.h:69
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition: gnunet_crypto_lib.h:191
Generated by   doxygen 1.8.13