GNUnet 0.21.2
gnunet-crypto-tvg.c
Go to the documentation of this file.
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2020 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
51#include "platform.h"
52#include "gnunet_util_lib.h"
53#include "gnunet_signatures.h"
54#include "gnunet_testing_lib.h"
55#include <jansson.h>
56#include <gcrypt.h>
57
58GNUNET_NETWORK_STRUCT_BEGIN
59
65struct TestSignatureDataPS
66{
67 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
68 uint32_t testval;
69};
70
71GNUNET_NETWORK_STRUCT_END
72
73
77static int verify_flag = GNUNET_NO;
78
79
83static int global_ret = 0;
84
85
93static json_t *
94vec_for (json_t *vecs, const char *vecname)
95{
96 json_t *t = json_object ();
97
98 json_object_set_new (t,
99 "operation",
100 json_string (vecname));
101 json_array_append_new (vecs, t);
102 return t;
103}
104
105
115static void
116d2j (json_t *vec,
117 const char *label,
118 const void *data,
119 size_t size)
120{
121 char *buf;
122 json_t *json;
123
124 buf = GNUNET_STRINGS_data_to_string_alloc (data, size);
125 json = json_string (buf);
126 GNUNET_free (buf);
127 GNUNET_break (NULL != json);
128
129 json_object_set_new (vec, label, json);
130}
131
132
141static void
142uint2j (json_t *vec,
143 const char *label,
144 unsigned int num)
145{
146 json_t *json = json_integer (num);
147
148 json_object_set_new (vec, label, json);
149}
150
151
152static int
153expect_data_fixed (json_t *vec,
154 const char *name,
155 void *data,
156 size_t expect_len)
157{
158 const char *s = json_string_value (json_object_get (vec, name));
159
160 if (NULL == s)
161 return GNUNET_NO;
162
163 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s,
164 strlen (s),
165 data,
166 expect_len))
167 return GNUNET_NO;
168 return GNUNET_OK;
169}
170
171
172static int
173expect_data_dynamic (json_t *vec,
174 const char *name,
175 void **data,
176 size_t *ret_len)
177{
178 const char *s = json_string_value (json_object_get (vec, name));
179 char *tmp;
180 size_t len;
181
182 if (NULL == s)
183 return GNUNET_NO;
184
185 len = (strlen (s) * 5) / 8;
186 if (NULL != ret_len)
187 *ret_len = len;
188 tmp = GNUNET_malloc (len);
189
190 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len))
191 {
192 GNUNET_free (tmp);
193 return GNUNET_NO;
194 }
195 *data = tmp;
196 return GNUNET_OK;
197}
198
199
208static int
209checkvec (const char *operation,
210 json_t *vec)
211{
212 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
213 "checking %s\n", operation);
214
215 if (0 == strcmp (operation, "hash"))
216 {
217 void *data;
218 size_t data_len;
219 struct GNUNET_HashCode hash_out;
220 struct GNUNET_HashCode hc;
221
222 if (GNUNET_OK != expect_data_dynamic (vec,
223 "input",
224 &data,
225 &data_len))
226 {
227 GNUNET_break (0);
228 return GNUNET_SYSERR;
229 }
230 if (GNUNET_OK != expect_data_fixed (vec,
231 "output",
232 &hash_out,
233 sizeof (hash_out)))
234 {
235 GNUNET_free (data);
236 GNUNET_break (0);
237 return GNUNET_NO;
238 }
239
240 GNUNET_CRYPTO_hash (data, data_len, &hc);
241
242 if (0 != GNUNET_memcmp (&hc, &hash_out))
243 {
244 GNUNET_free (data);
245 GNUNET_break (0);
246 return GNUNET_NO;
247 }
248 GNUNET_free (data);
249 }
250 else if (0 == strcmp (operation, "ecc_ecdh"))
251 {
252 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
253 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
254 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
255 struct GNUNET_HashCode skm;
256 struct GNUNET_HashCode skm_comp;
257
258 if (GNUNET_OK != expect_data_fixed (vec,
259 "priv1",
260 &priv1,
261 sizeof (priv1)))
262 {
263 GNUNET_break (0);
264 return GNUNET_NO;
265 }
266 if (GNUNET_OK != expect_data_fixed (vec,
267 "priv2",
268 &priv2,
269 sizeof (priv2)))
270 {
271 GNUNET_break (0);
272 return GNUNET_NO;
273 }
274 if (GNUNET_OK != expect_data_fixed (vec,
275 "pub1",
276 &pub1,
277 sizeof (pub1)))
278 {
279 GNUNET_break (0);
280 return GNUNET_NO;
281 }
282 if (GNUNET_OK != expect_data_fixed (vec,
283 "skm",
284 &skm,
285 sizeof (skm)))
286 {
287 GNUNET_break (0);
288 return GNUNET_NO;
289 }
290 GNUNET_assert (GNUNET_OK ==
291 GNUNET_CRYPTO_ecc_ecdh (&priv2,
292 &pub1,
293 &skm_comp));
294 if (0 != GNUNET_memcmp (&skm, &skm_comp))
295 {
296 GNUNET_break (0);
297 return GNUNET_NO;
298 }
299 }
300 else if (0 == strcmp (operation, "eddsa_key_derivation"))
301 {
302 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
303 struct GNUNET_CRYPTO_EddsaPublicKey pub;
304 struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
305
306 if (GNUNET_OK != expect_data_fixed (vec,
307 "priv",
308 &priv,
309 sizeof (priv)))
310 {
311 GNUNET_break (0);
312 return GNUNET_NO;
313 }
314
315 if (GNUNET_OK != expect_data_fixed (vec,
316 "pub",
317 &pub,
318 sizeof (pub)))
319 {
320 GNUNET_break (0);
321 return GNUNET_NO;
322 }
323
324 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
325 &pub_comp);
326 if (0 != GNUNET_memcmp (&pub, &pub_comp))
327 {
328 GNUNET_break (0);
329 return GNUNET_NO;
330 }
331
332 }
333 else if (0 == strcmp (operation, "eddsa_signing"))
334 {
335 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
336 struct GNUNET_CRYPTO_EddsaPublicKey pub;
337 struct TestSignatureDataPS data = { 0 };
338 struct GNUNET_CRYPTO_EddsaSignature sig;
339 struct GNUNET_CRYPTO_EddsaSignature sig_comp;
340
341 if (GNUNET_OK != expect_data_fixed (vec,
342 "priv",
343 &priv,
344 sizeof (priv)))
345 {
346 GNUNET_break (0);
347 return GNUNET_NO;
348 }
349
350 if (GNUNET_OK != expect_data_fixed (vec,
351 "pub",
352 &pub,
353 sizeof (pub)))
354 {
355 GNUNET_break (0);
356 return GNUNET_NO;
357 }
358
359 if (GNUNET_OK != expect_data_fixed (vec,
360 "data",
361 &data,
362 sizeof (data)))
363 {
364 GNUNET_break (0);
365 return GNUNET_NO;
366 }
367
368 if (GNUNET_OK != expect_data_fixed (vec,
369 "sig",
370 &sig,
371 sizeof (sig)))
372 {
373 GNUNET_break (0);
374 return GNUNET_NO;
375 }
376
377 GNUNET_CRYPTO_eddsa_sign (&priv,
378 &data,
379 &sig_comp);
380 GNUNET_assert (GNUNET_OK ==
381 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
382 &data,
383 &sig,
384 &pub));
385 if (0 != GNUNET_memcmp (&sig, &sig_comp))
386 {
387 GNUNET_break (0);
388 return GNUNET_NO;
389 }
390 }
391 else if (0 == strcmp (operation, "kdf"))
392 {
393 size_t out_len;
394 void *out;
395 size_t out_len_comp;
396 void *out_comp;
397 void *ikm;
398 size_t ikm_len;
399 void *salt;
400 size_t salt_len;
401 void *ctx;
402 size_t ctx_len;
403
404 if (GNUNET_OK != expect_data_dynamic (vec,
405 "out",
406 &out,
407 &out_len))
408 {
409 GNUNET_break (0);
410 return GNUNET_SYSERR;
411 }
412
413 out_len_comp = out_len;
414 out_comp = GNUNET_malloc (out_len_comp);
415
416 if (GNUNET_OK != expect_data_dynamic (vec,
417 "ikm",
418 &ikm,
419 &ikm_len))
420 {
421 GNUNET_free (out);
422 GNUNET_free (out_comp);
423 GNUNET_break (0);
424 return GNUNET_SYSERR;
425 }
426
427 if (GNUNET_OK != expect_data_dynamic (vec,
428 "salt",
429 &salt,
430 &salt_len))
431 {
432 GNUNET_free (out);
433 GNUNET_free (out_comp);
434 GNUNET_free (ikm);
435 GNUNET_break (0);
436 return GNUNET_SYSERR;
437 }
438
439 if (GNUNET_OK != expect_data_dynamic (vec,
440 "ctx",
441 &ctx,
442 &ctx_len))
443 {
444 GNUNET_free (out);
445 GNUNET_free (out_comp);
446 GNUNET_free (ikm);
447 GNUNET_free (salt);
448 GNUNET_break (0);
449 return GNUNET_SYSERR;
450 }
451
452 GNUNET_assert (GNUNET_OK ==
453 GNUNET_CRYPTO_kdf (out_comp,
454 out_len_comp,
455 salt,
456 salt_len,
457 ikm,
458 ikm_len,
459 ctx,
460 ctx_len,
461 NULL));
462
463 if (0 != memcmp (out, out_comp, out_len))
464 {
465 GNUNET_free (out);
466 GNUNET_free (out_comp);
467 GNUNET_free (ikm);
468 GNUNET_free (salt);
469 GNUNET_free (ctx);
470 GNUNET_break (0);
471 return GNUNET_NO;
472 }
473 GNUNET_free (out);
474 GNUNET_free (out_comp);
475 GNUNET_free (ikm);
476 GNUNET_free (salt);
477 GNUNET_free (ctx);
478 }
479 else if (0 == strcmp (operation, "eddsa_ecdh"))
480 {
481 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
482 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
483 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
484 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
485 struct GNUNET_HashCode key_material;
486 struct GNUNET_HashCode key_material_comp;
487
488 if (GNUNET_OK != expect_data_fixed (vec,
489 "priv_ecdhe",
490 &priv_ecdhe,
491 sizeof (priv_ecdhe)))
492 {
493 GNUNET_break (0);
494 return GNUNET_NO;
495 }
496
497 if (GNUNET_OK != expect_data_fixed (vec,
498 "pub_ecdhe",
499 &pub_ecdhe,
500 sizeof (pub_ecdhe)))
501 {
502 GNUNET_break (0);
503 return GNUNET_NO;
504 }
505
506 if (GNUNET_OK != expect_data_fixed (vec,
507 "priv_eddsa",
508 &priv_eddsa,
509 sizeof (priv_eddsa)))
510 {
511 GNUNET_break (0);
512 return GNUNET_NO;
513 }
514
515 if (GNUNET_OK != expect_data_fixed (vec,
516 "pub_eddsa",
517 &pub_eddsa,
518 sizeof (pub_eddsa)))
519 {
520 GNUNET_break (0);
521 return GNUNET_NO;
522 }
523
524 if (GNUNET_OK != expect_data_fixed (vec,
525 "key_material",
526 &key_material,
527 sizeof (key_material)))
528 {
529 GNUNET_break (0);
530 return GNUNET_NO;
531 }
532
533 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe,
534 &pub_eddsa,
535 &key_material_comp);
536
537 if (0 != GNUNET_memcmp (&key_material,
538 &key_material_comp))
539 {
540 GNUNET_break (0);
541 return GNUNET_NO;
542 }
543 }
544 else if (0 == strcmp (operation, "rsa_blind_signing"))
545 {
546 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
547 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
548 struct GNUNET_HashCode message_hash;
549 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
550 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
551 struct GNUNET_CRYPTO_RsaSignature *sig;
552 struct GNUNET_CRYPTO_RsaBlindedMessage bm;
553 struct GNUNET_CRYPTO_RsaBlindedMessage bm_comp;
554 void *public_enc_data;
555 size_t public_enc_len;
556 void *secret_enc_data;
557 size_t secret_enc_len;
558 void *sig_enc_data;
559 size_t sig_enc_length;
560 void *sig_enc_data_comp;
561 size_t sig_enc_length_comp;
562
563 if (GNUNET_OK !=
564 expect_data_fixed (vec,
565 "message_hash",
566 &message_hash,
567 sizeof (message_hash)))
568 {
569 GNUNET_break (0);
570 return GNUNET_SYSERR;
571 }
572
573 if (GNUNET_OK !=
574 expect_data_fixed (vec,
575 "blinding_key_secret",
576 &bks,
577 sizeof (bks)))
578 {
579 GNUNET_break (0);
580 return GNUNET_SYSERR;
581 }
582
583 if (GNUNET_OK !=
584 expect_data_dynamic (vec,
585 "blinded_message",
586 &bm.blinded_msg,
587 &bm.blinded_msg_size))
588 {
589 GNUNET_break (0);
590 return GNUNET_SYSERR;
591 }
592 if (GNUNET_OK !=
593 expect_data_dynamic (vec,
594 "rsa_public_key",
595 &public_enc_data,
596 &public_enc_len))
597 {
598 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
599 GNUNET_break (0);
600 return GNUNET_SYSERR;
601 }
602 if (GNUNET_OK !=
603 expect_data_dynamic (vec,
604 "rsa_private_key",
605 &secret_enc_data,
606 &secret_enc_len))
607 {
608 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
609 GNUNET_free (public_enc_data);
610 GNUNET_break (0);
611 return GNUNET_SYSERR;
612 }
613 if (GNUNET_OK !=
614 expect_data_dynamic (vec,
615 "sig",
616 &sig_enc_data,
617 &sig_enc_length))
618 {
619 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
620 GNUNET_free (public_enc_data);
621 GNUNET_free (secret_enc_data);
622 GNUNET_break (0);
623 return GNUNET_SYSERR;
624 }
625
626 pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
627 public_enc_len);
628 GNUNET_assert (NULL != pkey);
629 skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
630 secret_enc_len);
631 GNUNET_assert (NULL != skey);
632
633 GNUNET_assert (GNUNET_YES ==
634 GNUNET_CRYPTO_rsa_blind (&message_hash,
635 sizeof (message_hash),
636 &bks,
637 pkey,
638 &bm_comp));
639 if ( (bm.blinded_msg_size !=
640 bm_comp.blinded_msg_size) ||
641 (0 != memcmp (bm.blinded_msg,
642 bm_comp.blinded_msg,
643 bm.blinded_msg_size)) )
644 {
645 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
646 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
647 GNUNET_free (public_enc_data);
648 GNUNET_free (secret_enc_data);
649 GNUNET_free (sig_enc_data);
650 GNUNET_CRYPTO_rsa_private_key_free (skey);
651 GNUNET_CRYPTO_rsa_public_key_free (pkey);
652 GNUNET_break (0);
653 return GNUNET_NO;
654 }
655 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
656 &bm);
657 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
658 &bks,
659 pkey);
660 GNUNET_assert (GNUNET_YES ==
661 GNUNET_CRYPTO_rsa_verify (&message_hash,
662 sizeof (message_hash),
663 sig,
664 pkey));
665 GNUNET_free (public_enc_data);
666 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
667 &public_enc_data);
668 sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
669 &sig_enc_data_comp
670 );
671
672 if ( (sig_enc_length != sig_enc_length_comp) ||
673 (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
674 {
675 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
676 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
677 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
678 GNUNET_free (public_enc_data);
679 GNUNET_free (secret_enc_data);
680 GNUNET_free (sig_enc_data);
681 GNUNET_free (sig_enc_data_comp);
682 GNUNET_CRYPTO_rsa_private_key_free (skey);
683 GNUNET_CRYPTO_rsa_signature_free (sig);
684 GNUNET_CRYPTO_rsa_public_key_free (pkey);
685 GNUNET_break (0);
686 return GNUNET_NO;
687 }
688 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
689 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
690 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
691 GNUNET_free (public_enc_data);
692 GNUNET_free (secret_enc_data);
693 GNUNET_free (sig_enc_data);
694 GNUNET_free (sig_enc_data_comp);
695 GNUNET_CRYPTO_rsa_signature_free (sig);
696 GNUNET_CRYPTO_rsa_public_key_free (pkey);
697 GNUNET_CRYPTO_rsa_private_key_free (skey);
698 }
699 else if (0 == strcmp (operation, "cs_blind_signing"))
700 {
701 struct GNUNET_CRYPTO_CsPrivateKey priv;
702 struct GNUNET_CRYPTO_CsPublicKey pub;
703 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
704 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
705 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
706 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
707 struct GNUNET_CRYPTO_CsC c[2];
708 struct GNUNET_CRYPTO_CsS signature_scalar;
709 struct GNUNET_CRYPTO_CsBlindS blinded_s;
710 struct GNUNET_CRYPTO_CsSignature sig;
711 struct GNUNET_CRYPTO_CsSessionNonce snonce;
712 struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
713 struct GNUNET_HashCode message_hash;
714 unsigned int b;
715
716 if (GNUNET_OK != expect_data_fixed (vec,
717 "message_hash",
718 &message_hash,
719 sizeof (message_hash)))
720 {
721 GNUNET_break (0);
722 return GNUNET_SYSERR;
723 }
724 if (GNUNET_OK != expect_data_fixed (vec,
725 "cs_public_key",
726 &pub,
727 sizeof (pub)))
728 {
729 GNUNET_break (0);
730 return GNUNET_SYSERR;
731 }
732
733 if (GNUNET_OK !=
734 expect_data_fixed (vec,
735 "cs_private_key",
736 &priv,
737 sizeof (priv)))
738 {
739 GNUNET_break (0);
740 return GNUNET_SYSERR;
741 }
742 if (GNUNET_OK !=
743 expect_data_fixed (vec,
744 "cs_nonce",
745 &snonce,
746 sizeof (snonce)))
747 {
748 GNUNET_break (0);
749 return GNUNET_SYSERR;
750 }
751 /* historically, the tvg used the same nonce for
752 both, which is HORRIBLE for production, but
753 maybe OK for TVG... */
754 memcpy (&bnonce,
755 &snonce,
756 sizeof (snonce));
757 if (GNUNET_OK !=
758 expect_data_fixed (vec,
759 "cs_r_priv_0",
760 &r_priv[0],
761 sizeof (r_priv[0])))
762 {
763 GNUNET_break (0);
764 return GNUNET_SYSERR;
765 }
766 if (GNUNET_OK != expect_data_fixed (vec,
767 "cs_r_priv_1",
768 &r_priv[1],
769 sizeof (r_priv[1])))
770 {
771 GNUNET_break (0);
772 return GNUNET_SYSERR;
773 }
774 if (GNUNET_OK != expect_data_fixed (vec,
775 "cs_r_pub_0",
776 &r_pub[0],
777 sizeof (r_pub[0])))
778 {
779 GNUNET_break (0);
780 return GNUNET_SYSERR;
781 }
782 if (GNUNET_OK != expect_data_fixed (vec,
783 "cs_r_pub_1",
784 &r_pub[1],
785 sizeof (r_pub[1])))
786 {
787 GNUNET_break (0);
788 return GNUNET_SYSERR;
789 }
790
791 if (GNUNET_OK != expect_data_fixed (vec,
792 "cs_bs_alpha_0",
793 &bs[0].alpha,
794 sizeof (bs[0].alpha)))
795 {
796 GNUNET_break (0);
797 return GNUNET_SYSERR;
798 }
799 if (GNUNET_OK != expect_data_fixed (vec,
800 "cs_bs_alpha_1",
801 &bs[1].alpha,
802 sizeof (bs[1].alpha)))
803 {
804 GNUNET_break (0);
805 return GNUNET_SYSERR;
806 }
807 if (GNUNET_OK != expect_data_fixed (vec,
808 "cs_bs_beta_0",
809 &bs[0].beta,
810 sizeof (bs[0].beta)))
811 {
812 GNUNET_break (0);
813 return GNUNET_SYSERR;
814 }
815 if (GNUNET_OK !=
816 expect_data_fixed (vec,
817 "cs_bs_beta_1",
818 &bs[1].beta,
819 sizeof (bs[1].beta)))
820 {
821 GNUNET_break (0);
822 return GNUNET_SYSERR;
823 }
824 if (GNUNET_OK !=
825 expect_data_fixed (vec,
826 "cs_r_pub_blind_0",
827 &r_pub_blind.r_pub[0],
828 sizeof (r_pub_blind.r_pub[0])))
829 {
830 GNUNET_break (0);
831 return GNUNET_SYSERR;
832 }
833 if (GNUNET_OK !=
834 expect_data_fixed (vec,
835 "cs_r_pub_blind_1",
836 &r_pub_blind.r_pub[1],
837 sizeof (r_pub_blind.r_pub[1])))
838 {
839 GNUNET_break (0);
840 return GNUNET_SYSERR;
841 }
842 if (GNUNET_OK !=
843 expect_data_fixed (vec,
844 "cs_c_0",
845 &c[0],
846 sizeof (c[0])))
847 {
848 GNUNET_break (0);
849 return GNUNET_SYSERR;
850 }
851 if (GNUNET_OK != expect_data_fixed (vec,
852 "cs_c_1",
853 &c[1],
854 sizeof (c[1])))
855 {
856 GNUNET_break (0);
857 return GNUNET_SYSERR;
858 }
859 if (GNUNET_OK != expect_data_fixed (vec,
860 "cs_blind_s",
861 &blinded_s,
862 sizeof (blinded_s)))
863 {
864 GNUNET_break (0);
865 return GNUNET_SYSERR;
866 }
867 if (GNUNET_OK != expect_data_fixed (vec,
868 "cs_b",
869 &b,
870 sizeof (b)))
871 {
872 GNUNET_break (0);
873 return GNUNET_SYSERR;
874 }
875 if (GNUNET_OK != expect_data_fixed (vec,
876 "cs_sig_s",
877 &signature_scalar,
878 sizeof (signature_scalar)))
879 {
880 GNUNET_break (0);
881 return GNUNET_SYSERR;
882 }
883 sig.s_scalar = signature_scalar;
884 if (GNUNET_OK != expect_data_fixed (vec,
885 "cs_sig_R",
886 &sig.r_point,
887 sizeof (sig.r_point)))
888 {
889 GNUNET_break (0);
890 return GNUNET_SYSERR;
891 }
892
893 if ((b != 1) && (b != 0))
894 {
895 GNUNET_break (0);
896 return GNUNET_SYSERR;
897 }
898
899 struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2];
900 struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2];
901 struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2];
902 struct GNUNET_CRYPTO_CsC c_comp[2];
903 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind_comp;
904 struct GNUNET_CRYPTO_CsBlindSignature blinded_s_comp;
905 struct GNUNET_CRYPTO_CsS signature_scalar_comp;
906 struct GNUNET_CRYPTO_CsSignature sig_comp;
907
908 GNUNET_CRYPTO_cs_r_derive (&snonce,
909 "rw",
910 &priv,
911 r_priv_comp);
912 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0],
913 &r_pub_comp[0]);
914 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1],
915 &r_pub_comp[1]);
916 GNUNET_assert (0 == memcmp (&r_priv_comp,
917 &r_priv,
918 sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2));
919 GNUNET_assert (0 == memcmp (&r_pub_comp,
920 &r_pub,
921 sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
922
923 GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce,
924 bs_comp);
925 GNUNET_assert (0 ==
926 memcmp (&bs_comp,
927 &bs,
928 sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
929 * 2));
930 GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp,
931 r_pub_comp,
932 &pub,
933 &message_hash,
934 sizeof(message_hash),
935 c_comp,
936 &r_pub_blind_comp);
937 GNUNET_assert (0 ==
938 memcmp (&c_comp,
939 &c,
940 sizeof(struct GNUNET_CRYPTO_CsC) * 2));
941 GNUNET_assert (0 ==
942 GNUNET_memcmp (&r_pub_blind_comp,
943 &r_pub_blind));
944 {
945 struct GNUNET_CRYPTO_CsBlindedMessage bm = {
946 .c[0] = c_comp[0],
947 .c[1] = c_comp[1],
948 .nonce = snonce
949 };
950
951 GNUNET_CRYPTO_cs_sign_derive (&priv,
952 r_priv_comp,
953 &bm,
954 &blinded_s_comp);
955 }
956 GNUNET_assert (0 ==
957 GNUNET_memcmp (&blinded_s_comp.s_scalar,
958 &blinded_s));
959 GNUNET_assert (b == blinded_s_comp.b);
960 GNUNET_CRYPTO_cs_unblind (&blinded_s_comp.s_scalar,
961 &bs_comp[b],
962 &signature_scalar_comp);
963 GNUNET_assert (0 ==
964 GNUNET_memcmp (&signature_scalar_comp,
965 &signature_scalar));
966 sig_comp.r_point = r_pub_blind_comp.r_pub[b];
967 sig_comp.s_scalar = signature_scalar_comp;
968 GNUNET_assert (0 == memcmp (&sig_comp,
969 &sig,
970 sizeof(sig_comp)));
971 if (GNUNET_OK !=
972 GNUNET_CRYPTO_cs_verify (&sig_comp,
973 &pub,
974 &message_hash,
975 sizeof(message_hash)))
976 {
977 GNUNET_break (0);
978 return GNUNET_SYSERR;
979 }
980 }
981 else
982 {
983 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
984 "unsupported operation '%s'\n", operation);
985 }
986
987 return GNUNET_OK;
988}
989
990
996static int
997check_vectors ()
998{
999 json_error_t err;
1000 json_t *vecfile = json_loadf (stdin, 0, &err);
1001 const char *encoding;
1002 json_t *vectors;
1003
1004 if (NULL == vecfile)
1005 {
1006 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
1007 return 1;
1008 }
1009 encoding = json_string_value (json_object_get (vecfile,
1010 "encoding"));
1011 if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
1012 {
1013 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
1014 json_decref (vecfile);
1015 return 1;
1016 }
1017 vectors = json_object_get (vecfile, "vectors");
1018 if (! json_is_array (vectors))
1019 {
1020 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
1021 json_decref (vecfile);
1022 return 1;
1023 }
1024 {
1025 /* array is a JSON array */
1026 size_t index;
1027 json_t *value;
1028 enum GNUNET_GenericReturnValue ret = GNUNET_OK;
1029
1030 json_array_foreach (vectors, index, value) {
1031 const char *op = json_string_value (json_object_get (value,
1032 "operation"));
1033
1034 if (NULL == op)
1035 {
1036 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1037 "missing operation\n");
1038 ret = GNUNET_SYSERR;
1039 break;
1040 }
1041 ret = checkvec (op, value);
1042 if (GNUNET_OK != ret)
1043 {
1044 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1045 "bad vector %u\n",
1046 (unsigned int) index);
1047 break;
1048 }
1049 }
1050 json_decref (vecfile);
1051 return (ret == GNUNET_OK) ? 0 : 1;
1052 }
1053}
1054
1055
1061static int
1062output_vectors ()
1063{
1064 json_t *vecfile = json_object ();
1065 json_t *vecs = json_array ();
1066
1067 json_object_set_new (vecfile,
1068 "encoding",
1069 json_string ("base32crockford"));
1070 json_object_set_new (vecfile,
1071 "producer",
1072 json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
1073 json_object_set_new (vecfile,
1074 "vectors",
1075 vecs);
1076
1077 {
1078 json_t *vec = vec_for (vecs, "hash");
1079 struct GNUNET_HashCode hc;
1080 char *str = "Hello, GNUnet";
1081
1082 GNUNET_CRYPTO_hash (str, strlen (str), &hc);
1083
1084 d2j (vec, "input", str, strlen (str));
1085 d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
1086 }
1087 {
1088 json_t *vec = vec_for (vecs, "ecc_ecdh");
1089 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
1090 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
1091 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
1092 struct GNUNET_HashCode skm;
1093
1094 GNUNET_CRYPTO_ecdhe_key_create (&priv1);
1095 GNUNET_CRYPTO_ecdhe_key_create (&priv2);
1096 GNUNET_CRYPTO_ecdhe_key_get_public (&priv1,
1097 &pub1);
1098 GNUNET_assert (GNUNET_OK ==
1099 GNUNET_CRYPTO_ecc_ecdh (&priv2,
1100 &pub1,
1101 &skm));
1102
1103 d2j (vec,
1104 "priv1",
1105 &priv1,
1106 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1107 d2j (vec,
1108 "pub1",
1109 &pub1,
1110 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1111 d2j (vec,
1112 "priv2",
1113 &priv2,
1114 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1115 d2j (vec,
1116 "skm",
1117 &skm,
1118 sizeof (struct GNUNET_HashCode));
1119 }
1120
1121 {
1122 json_t *vec = vec_for (vecs, "eddsa_key_derivation");
1123 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1124 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1125
1126 GNUNET_CRYPTO_eddsa_key_create (&priv);
1127 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1128 &pub);
1129
1130 d2j (vec,
1131 "priv",
1132 &priv,
1133 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1134 d2j (vec,
1135 "pub",
1136 &pub,
1137 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1138 }
1139 {
1140 json_t *vec = vec_for (vecs, "eddsa_signing");
1141 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1142 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1143 struct GNUNET_CRYPTO_EddsaSignature sig;
1144 struct TestSignatureDataPS data = { 0 };
1145
1146 GNUNET_CRYPTO_eddsa_key_create (&priv);
1147 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1148 &pub);
1149 data.purpose.size = htonl (sizeof (data));
1150 data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
1151 GNUNET_CRYPTO_eddsa_sign (&priv,
1152 &data,
1153 &sig);
1154 GNUNET_assert (GNUNET_OK ==
1155 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
1156 &data,
1157 &sig,
1158 &pub));
1159
1160 d2j (vec,
1161 "priv",
1162 &priv,
1163 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1164 d2j (vec,
1165 "pub",
1166 &pub,
1167 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1168 d2j (vec,
1169 "data",
1170 &data,
1171 sizeof (struct TestSignatureDataPS));
1172 d2j (vec,
1173 "sig",
1174 &sig,
1175 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
1176 }
1177
1178 {
1179 json_t *vec = vec_for (vecs, "kdf");
1180 size_t out_len = 64;
1181 char out[out_len];
1182 char *ikm = "I'm the secret input key material";
1183 char *salt = "I'm very salty";
1184 char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
1185
1186 GNUNET_assert (GNUNET_OK ==
1187 GNUNET_CRYPTO_kdf (&out,
1188 out_len,
1189 salt,
1190 strlen (salt),
1191 ikm,
1192 strlen (ikm),
1193 ctx,
1194 strlen (ctx),
1195 NULL));
1196
1197 d2j (vec,
1198 "salt",
1199 salt,
1200 strlen (salt));
1201 d2j (vec,
1202 "ikm",
1203 ikm,
1204 strlen (ikm));
1205 d2j (vec,
1206 "ctx",
1207 ctx,
1208 strlen (ctx));
1209 uint2j (vec,
1210 "out_len",
1211 (unsigned int) out_len);
1212 d2j (vec,
1213 "out",
1214 out,
1215 out_len);
1216 }
1217 {
1218 json_t *vec = vec_for (vecs, "eddsa_ecdh");
1219 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
1220 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
1221 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
1222 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
1223 struct GNUNET_HashCode key_material;
1224
1225 GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
1226 GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
1227 GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
1228 GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
1229 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
1230
1231 d2j (vec, "priv_ecdhe",
1232 &priv_ecdhe,
1233 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1234 d2j (vec, "pub_ecdhe",
1235 &pub_ecdhe,
1236 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1237 d2j (vec, "priv_eddsa",
1238 &priv_eddsa,
1239 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1240 d2j (vec, "pub_eddsa",
1241 &pub_eddsa,
1242 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1243 d2j (vec, "key_material",
1244 &key_material,
1245 sizeof (struct GNUNET_HashCode));
1246 }
1247
1248 {
1249 json_t *vec = vec_for (vecs, "edx25519_derive");
1250 struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx;
1251 struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx;
1252 struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx;
1253 struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx;
1254 struct GNUNET_HashCode seed;
1255
1256 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1257 &seed,
1258 sizeof (struct GNUNET_HashCode));
1259 GNUNET_CRYPTO_edx25519_key_create (&priv1_edx);
1260 GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx);
1261 GNUNET_CRYPTO_edx25519_private_key_derive (&priv1_edx,
1262 &seed,
1263 sizeof (seed),
1264 &priv2_edx);
1265 GNUNET_CRYPTO_edx25519_public_key_derive (&pub1_edx,
1266 &seed,
1267 sizeof (seed),
1268 &pub2_edx);
1269
1270 d2j (vec, "priv1_edx",
1271 &priv1_edx,
1272 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1273 d2j (vec, "pub1_edx",
1274 &pub1_edx,
1275 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1276 d2j (vec, "seed",
1277 &seed,
1278 sizeof (struct GNUNET_HashCode));
1279 d2j (vec, "priv2_edx",
1280 &priv2_edx,
1281 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1282 d2j (vec, "pub2_edx",
1283 &pub2_edx,
1284 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1285 }
1286
1287 {
1288 json_t *vec = vec_for (vecs, "rsa_blind_signing");
1289
1290 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
1291 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
1292 struct GNUNET_HashCode message_hash;
1293 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
1294 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
1295 struct GNUNET_CRYPTO_RsaSignature *sig;
1296 struct GNUNET_CRYPTO_RsaBlindedMessage bm;
1297 void *public_enc_data;
1298 size_t public_enc_len;
1299 void *secret_enc_data;
1300 size_t secret_enc_len;
1301 void *blinded_sig_enc_data;
1302 size_t blinded_sig_enc_length;
1303 void *sig_enc_data;
1304 size_t sig_enc_length;
1305
1306 skey = GNUNET_CRYPTO_rsa_private_key_create (2048);
1307 pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey);
1308 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1309 &message_hash,
1310 sizeof (struct GNUNET_HashCode));
1311 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1312 &bks,
1313 sizeof (struct
1314 GNUNET_CRYPTO_RsaBlindingKeySecret));
1315 GNUNET_assert (GNUNET_YES ==
1316 GNUNET_CRYPTO_rsa_blind (&message_hash,
1317 sizeof (message_hash),
1318 &bks,
1319 pkey,
1320 &bm));
1321 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
1322 &bm);
1323 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
1324 &bks,
1325 pkey);
1326 GNUNET_assert (GNUNET_YES ==
1327 GNUNET_CRYPTO_rsa_verify (&message_hash,
1328 sizeof (message_hash),
1329 sig,
1330 pkey));
1331 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
1332 &public_enc_data);
1333 secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
1334 &secret_enc_data);
1335 blinded_sig_enc_length
1336 = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
1337 &blinded_sig_enc_data);
1338 sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig,
1339 &sig_enc_data);
1340 d2j (vec,
1341 "message_hash",
1342 &message_hash,
1343 sizeof (struct GNUNET_HashCode));
1344 d2j (vec,
1345 "rsa_public_key",
1346 public_enc_data,
1347 public_enc_len);
1348 d2j (vec,
1349 "rsa_private_key",
1350 secret_enc_data,
1351 secret_enc_len);
1352 d2j (vec,
1353 "blinding_key_secret",
1354 &bks,
1355 sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
1356 d2j (vec,
1357 "blinded_message",
1358 bm.blinded_msg,
1359 bm.blinded_msg_size);
1360 d2j (vec,
1361 "blinded_sig",
1362 blinded_sig_enc_data,
1363 blinded_sig_enc_length);
1364 d2j (vec,
1365 "sig",
1366 sig_enc_data,
1367 sig_enc_length);
1368 GNUNET_CRYPTO_rsa_private_key_free (skey);
1369 GNUNET_CRYPTO_rsa_public_key_free (pkey);
1370 GNUNET_CRYPTO_rsa_signature_free (sig);
1371 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
1372 GNUNET_free (public_enc_data);
1373 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
1374 GNUNET_free (sig_enc_data);
1375 GNUNET_free (blinded_sig_enc_data);
1376 GNUNET_free (secret_enc_data);
1377 }
1378
1379 {
1380 json_t *vec = vec_for (vecs, "cs_blind_signing");
1381
1382 struct GNUNET_CRYPTO_CsPrivateKey priv;
1383 struct GNUNET_CRYPTO_CsPublicKey pub;
1384 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
1385 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
1386 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
1387 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
1388 struct GNUNET_CRYPTO_CsC c[2];
1389 struct GNUNET_CRYPTO_CsS signature_scalar;
1390 struct GNUNET_CRYPTO_CsBlindSignature blinded_s;
1391 struct GNUNET_CRYPTO_CsSignature sig;
1392 struct GNUNET_CRYPTO_CsSessionNonce snonce;
1393 struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
1394 struct GNUNET_HashCode message_hash;
1395
1396 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1397 &message_hash,
1398 sizeof (struct GNUNET_HashCode));
1399
1400 GNUNET_CRYPTO_cs_private_key_generate (&priv);
1401 GNUNET_CRYPTO_cs_private_key_get_public (&priv,
1402 &pub);
1403 GNUNET_assert (GNUNET_YES ==
1404 GNUNET_CRYPTO_hkdf_gnunet (&snonce,
1405 sizeof(snonce),
1406 "nonce",
1407 strlen ("nonce"),
1408 "nonce_secret",
1409 strlen ("nonce_secret"),
1410 NULL,
1411 0));
1412 /* NOTE: historically, we made the bad choice of
1413 making both nonces the same. Maybe barely OK
1414 for the TGV, not good for production! */
1415 memcpy (&bnonce,
1416 &snonce,
1417 sizeof (snonce));
1418 GNUNET_CRYPTO_cs_r_derive (&snonce,
1419 "rw",
1420 &priv,
1421 r_priv);
1422 GNUNET_CRYPTO_cs_r_get_public (&r_priv[0],
1423 &r_pub[0]);
1424 GNUNET_CRYPTO_cs_r_get_public (&r_priv[1],
1425 &r_pub[1]);
1426 GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce,
1427 bs);
1428 GNUNET_CRYPTO_cs_calc_blinded_c (bs,
1429 r_pub,
1430 &pub,
1431 &message_hash,
1432 sizeof(message_hash),
1433 c,
1434 &r_pub_blind);
1435 {
1436 struct GNUNET_CRYPTO_CsBlindedMessage bm = {
1437 .c[0] = c[0],
1438 .c[1] = c[1],
1439 .nonce = snonce
1440 };
1441
1442 GNUNET_CRYPTO_cs_sign_derive (&priv,
1443 r_priv,
1444 &bm,
1445 &blinded_s);
1446 }
1447 GNUNET_CRYPTO_cs_unblind (&blinded_s.s_scalar,
1448 &bs[blinded_s.b],
1449 &signature_scalar);
1450 sig.r_point = r_pub_blind.r_pub[blinded_s.b];
1451 sig.s_scalar = signature_scalar;
1452 if (GNUNET_OK !=
1453 GNUNET_CRYPTO_cs_verify (&sig,
1454 &pub,
1455 &message_hash,
1456 sizeof(message_hash)))
1457 {
1458 GNUNET_break (0);
1459 return GNUNET_SYSERR;
1460 }
1461 d2j (vec,
1462 "message_hash",
1463 &message_hash,
1464 sizeof (struct GNUNET_HashCode));
1465 d2j (vec,
1466 "cs_public_key",
1467 &pub,
1468 sizeof(pub));
1469 d2j (vec,
1470 "cs_private_key",
1471 &priv,
1472 sizeof(priv));
1473 d2j (vec,
1474 "cs_nonce",
1475 &snonce,
1476 sizeof(snonce));
1477 d2j (vec,
1478 "cs_r_priv_0",
1479 &r_priv[0],
1480 sizeof(r_priv[0]));
1481 d2j (vec,
1482 "cs_r_priv_1",
1483 &r_priv[1],
1484 sizeof(r_priv[1]));
1485 d2j (vec,
1486 "cs_r_pub_0",
1487 &r_pub[0],
1488 sizeof(r_pub[0]));
1489 d2j (vec,
1490 "cs_r_pub_1",
1491 &r_pub[1],
1492 sizeof(r_pub[1]));
1493 d2j (vec,
1494 "cs_bs_alpha_0",
1495 &bs[0].alpha,
1496 sizeof(bs[0].alpha));
1497 d2j (vec,
1498 "cs_bs_alpha_1",
1499 &bs[1].alpha,
1500 sizeof(bs[1].alpha));
1501 d2j (vec,
1502 "cs_bs_beta_0",
1503 &bs[0].beta,
1504 sizeof(bs[0].beta));
1505 d2j (vec,
1506 "cs_bs_beta_1",
1507 &bs[1].beta,
1508 sizeof(bs[1].beta));
1509 d2j (vec,
1510 "cs_r_pub_blind_0",
1511 &r_pub_blind.r_pub[0],
1512 sizeof(r_pub_blind.r_pub[0]));
1513 d2j (vec,
1514 "cs_r_pub_blind_1",
1515 &r_pub_blind.r_pub[1],
1516 sizeof(r_pub_blind.r_pub[1]));
1517 d2j (vec,
1518 "cs_c_0",
1519 &c[0],
1520 sizeof(c[0]));
1521 d2j (vec,
1522 "cs_c_1",
1523 &c[1],
1524 sizeof(c[1]));
1525 d2j (vec,
1526 "cs_blind_s",
1527 &blinded_s,
1528 sizeof(blinded_s));
1529 d2j (vec,
1530 "cs_b",
1531 &blinded_s.b,
1532 sizeof(blinded_s.b));
1533 d2j (vec,
1534 "cs_sig_s",
1535 &signature_scalar,
1536 sizeof(signature_scalar));
1537 d2j (vec,
1538 "cs_sig_R",
1539 &r_pub_blind.r_pub[blinded_s.b],
1540 sizeof(r_pub_blind.r_pub[blinded_s.b]));
1541 }
1542
1543 json_dumpf (vecfile, stdout, JSON_INDENT (2));
1544 json_decref (vecfile);
1545 printf ("\n");
1546
1547 return 0;
1548}
1549
1550
1559static void
1560run (void *cls,
1561 char *const *args,
1562 const char *cfgfile,
1563 const struct GNUNET_CONFIGURATION_Handle *cfg)
1564{
1565 if (GNUNET_YES == verify_flag)
1566 global_ret = check_vectors ();
1567 else
1568 global_ret = output_vectors ();
1569}
1570
1571
1579int
1580main (int argc,
1581 char *const *argv)
1582{
1583 const struct GNUNET_GETOPT_CommandLineOption options[] = {
1584 GNUNET_GETOPT_option_flag ('V',
1585 "verify",
1586 gettext_noop (
1587 "verify a test vector from stdin"),
1588 &verify_flag),
1589 GNUNET_GETOPT_OPTION_END
1590 };
1591
1592 GNUNET_assert (GNUNET_OK ==
1593 GNUNET_log_setup ("gnunet-crypto-tvg",
1594 "INFO",
1595 NULL));
1596 if (GNUNET_OK !=
1597 GNUNET_PROGRAM_run (argc, argv,
1598 "gnunet-crypto-tvg",
1599 "Generate test vectors for cryptographic operations",
1600 options,
1601 &run, NULL))
1602 return 1;
1603 return global_ret;
1604}
1605
1606
1607/* end of gnunet-crypto-tvg.c */
GNUNET_GETOPT_OPTION_END
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
options
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
gettext_noop
#define gettext_noop(String)
Definition: gettext.h:74
op
static struct GNUNET_ARM_Operation * op
Current operation.
Definition: gnunet-arm.c:144
ret
static int ret
Final status code.
Definition: gnunet-arm.c:94
cfg
static struct GNUNET_CONFIGURATION_Handle * cfg
Our configuration.
Definition: gnunet-arm.c:109
expect_data_fixed
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
Definition: gnunet-crypto-tvg.c:153
verify_flag
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
Definition: gnunet-crypto-tvg.c:77
vec_for
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
Definition: gnunet-crypto-tvg.c:94
uint2j
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
Definition: gnunet-crypto-tvg.c:142
global_ret
static int global_ret
Global exit code.
Definition: gnunet-crypto-tvg.c:83
expect_data_dynamic
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
Definition: gnunet-crypto-tvg.c:173
d2j
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
Definition: gnunet-crypto-tvg.c:116
check_vectors
static int check_vectors()
Check test vectors from stdin.
Definition: gnunet-crypto-tvg.c:997
run
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
Definition: gnunet-crypto-tvg.c:1560
main
int main(int argc, char *const *argv)
The main function of the test vector generation tool.
Definition: gnunet-crypto-tvg.c:1580
output_vectors
static int output_vectors()
Output test vectors.
Definition: gnunet-crypto-tvg.c:1062
checkvec
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
Definition: gnunet-crypto-tvg.c:209
data
static char * data
The data to insert into the dht.
Definition: gnunet-dht-put.c:88
ctx
static struct GNUNET_FS_Handle * ctx
Definition: gnunet-download.c:40
pkey
static char * pkey
Public key of the zone to look in, in ASCII.
Definition: gnunet-namecache.c:58
name
static char * name
Name (label) of the records to list.
Definition: gnunet-namecache.c:48
value
static char * value
Value of the record to add/remove.
Definition: gnunet-namestore.c:271
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:47
salt
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calculations.
Definition: gnunet-scrypt.c:34
beta
static float beta
Percentage of total peer number in the view to send random PULLs to.
Definition: gnunet-service-rps.c:494
alpha
static float alpha
Percentage of total peer number in the view to send random PUSHes to.
Definition: gnunet-service-rps.c:488
t
static struct GNUNET_SCHEDULER_Task * t
Main task.
Definition: gnunet-zoneimport.c:293
gnunet_testing_lib.h
gnunet_util_lib.h
GNUNET_CRYPTO_ecc_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:732
GNUNET_CRYPTO_ecdhe_key_create
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:454
GNUNET_CRYPTO_edx25519_key_get_public
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_edx25519.c:79
GNUNET_CRYPTO_edx25519_private_key_derive
void GNUNET_CRYPTO_edx25519_private_key_derive(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
Derive a private scalar from a given private key and a label.
Definition: crypto_edx25519.c:239
GNUNET_CRYPTO_edx25519_public_key_derive
void GNUNET_CRYPTO_edx25519_public_key_derive(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
Derive a public key from a given public key and a label.
Definition: crypto_edx25519.c:333
GNUNET_CRYPTO_random_block
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Definition: crypto_random.c:133
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:201
GNUNET_CRYPTO_eddsa_key_create
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:480
GNUNET_CRYPTO_ecdh_eddsa
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:823
GNUNET_CRYPTO_edx25519_key_create
void GNUNET_CRYPTO_edx25519_key_create(struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key.
Definition: crypto_edx25519.c:65
GNUNET_CRYPTO_eddsa_sign
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
Definition: gnunet_crypto_lib.h:2793
GNUNET_CRYPTO_eddsa_verify
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
Definition: gnunet_crypto_lib.h:2955
GNUNET_CRYPTO_ecdhe_key_get_public
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:217
GNUNET_CRYPTO_QUALITY_WEAK
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
Definition: gnunet_crypto_lib.h:91
GNUNET_GETOPT_option_flag
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
Definition: getopt_helpers.c:303
GNUNET_CRYPTO_hash
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
GNUNET_CRYPTO_hkdf_gnunet
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_gnunet(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
A peculiar HKDF instantiation that tried to mimic Truncated NMAC.
Definition: crypto_hkdf.c:199
GNUNET_CRYPTO_kdf
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:62
GNUNET_NETWORK_STRUCT_BEGIN
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32.
Definition: gnunet_common.h:267
GNUNET_log
#define GNUNET_log(kind,...)
Definition: gnunet_common.h:569
GNUNET_CRYPTO_rsa_signature_free
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
Definition: crypto_rsa.c:1015
GNUNET_CRYPTO_rsa_blind
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_blind(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Blinds the given message with the given blinding key.
Definition: crypto_rsa.c:807
GNUNET_CRYPTO_cs_r_get_public
void GNUNET_CRYPTO_cs_r_get_public(const struct GNUNET_CRYPTO_CsRSecret *r_priv, struct GNUNET_CRYPTO_CsRPublic *r_pub)
Extract the public R of the given secret r.
Definition: crypto_cs.c:98
GNUNET_CRYPTO_rsa_private_key_create
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
Definition: crypto_rsa.c:144
GNUNET_CRYPTO_rsa_private_key_free
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:173
GNUNET_CRYPTO_cs_r_derive
void GNUNET_CRYPTO_cs_r_derive(const struct GNUNET_CRYPTO_CsSessionNonce *nonce, const char *seed, const struct GNUNET_CRYPTO_CsPrivateKey *lts, struct GNUNET_CRYPTO_CsRSecret r[2])
Derive a new secret r pair r0 and r1.
Definition: crypto_cs.c:79
GNUNET_CRYPTO_rsa_public_key_decode
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:423
GNUNET_CRYPTO_cs_private_key_get_public
void GNUNET_CRYPTO_cs_private_key_get_public(const struct GNUNET_CRYPTO_CsPrivateKey *priv, struct GNUNET_CRYPTO_CsPublicKey *pub)
Extract the public key of the given private key.
Definition: crypto_cs.c:52
GNUNET_CRYPTO_cs_unblind
void GNUNET_CRYPTO_cs_unblind(const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, const struct GNUNET_CRYPTO_CsBlindingSecret *bs, struct GNUNET_CRYPTO_CsS *signature_scalar)
Unblind a blind-signed signature using a c that was blinded.
Definition: crypto_cs.c:318
GNUNET_CRYPTO_rsa_blinded_message_free
void GNUNET_CRYPTO_rsa_blinded_message_free(struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Free memory occupied by blinded message.
Definition: crypto_rsa.c:799
GNUNET_CRYPTO_rsa_private_key_decode
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:204
GNUNET_CRYPTO_rsa_public_key_free
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:268
GNUNET_NETWORK_STRUCT_END
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32;.
Definition: gnunet_common.h:272
GNUNET_CRYPTO_cs_calc_blinded_c
void GNUNET_CRYPTO_cs_calc_blinded_c(const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], const struct GNUNET_CRYPTO_CsRPublic r_pub[2], const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len, struct GNUNET_CRYPTO_CsC blinded_c[2], struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind)
Calculate two blinded c's.
Definition: crypto_cs.c:240
GNUNET_CRYPTO_rsa_public_key_encode
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:325
GNUNET_memcmp
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
Definition: gnunet_common.h:1267
GNUNET_CRYPTO_rsa_signature_encode
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:1023
GNUNET_CRYPTO_rsa_sign_blinded
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Sign a blinded value, which must be a full domain hash of a message.
Definition: crypto_rsa.c:970
GNUNET_CRYPTO_cs_verify
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify(const struct GNUNET_CRYPTO_CsSignature *sig, const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len)
Verify whether the given message corresponds to the given signature and the signature is valid with r...
Definition: crypto_cs.c:330
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:106
GNUNET_CRYPTO_rsa_unblind
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
Definition: crypto_rsa.c:1118
GNUNET_CRYPTO_rsa_private_key_get_public
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:233
GNUNET_CRYPTO_cs_sign_derive
void GNUNET_CRYPTO_cs_sign_derive(const struct GNUNET_CRYPTO_CsPrivateKey *priv, const struct GNUNET_CRYPTO_CsRSecret r[2], const struct GNUNET_CRYPTO_CsBlindedMessage *bm, struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig)
Sign a blinded c.
Definition: crypto_cs.c:284
GNUNET_CRYPTO_cs_private_key_generate
void GNUNET_CRYPTO_cs_private_key_generate(struct GNUNET_CRYPTO_CsPrivateKey *priv)
Create a new random private key.
Definition: crypto_cs.c:45
GNUNET_CRYPTO_rsa_verify
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
Definition: crypto_rsa.c:1199
GNUNET_CRYPTO_rsa_private_key_encode
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:181
GNUNET_CRYPTO_cs_blinding_secrets_derive
void GNUNET_CRYPTO_cs_blinding_secrets_derive(const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
Derives new random blinding factors.
Definition: crypto_cs.c:108
GNUNET_OK
@ GNUNET_OK
Definition: gnunet_common.h:109
GNUNET_YES
@ GNUNET_YES
Definition: gnunet_common.h:111
GNUNET_NO
@ GNUNET_NO
Definition: gnunet_common.h:108
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition: gnunet_common.h:107
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition: gnunet_common.h:977
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition: gnunet_common.h:1062
GNUNET_log_setup
enum GNUNET_GenericReturnValue GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
Definition: common_logging.c:729
GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_ERROR
Definition: gnunet_common.h:435
GNUNET_ERROR_TYPE_INFO
@ GNUNET_ERROR_TYPE_INFO
Definition: gnunet_common.h:441
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition: gnunet_common.h:1398
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition: gnunet_common.h:1458
GNUNET_PROGRAM_run
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
Definition: program.c:400
GNUNET_STRINGS_data_to_string_alloc
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:764
GNUNET_STRINGS_string_to_data
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:789
size
static unsigned int size
Size of the "table".
Definition: peer.c:68
GNUNET_SIGNATURE_PURPOSE_TEST
#define GNUNET_SIGNATURE_PURPOSE_TEST
WARNING: This header is generated! In order to add a signature purpose, you must register them in GAN...
Definition: gnunet_signatures.h:52
GNUNET_CONFIGURATION_Handle
configuration data
Definition: configuration.c:149
GNUNET_CRYPTO_CSPublicRPairP
Pair of Public R values for Cs denominations.
Definition: gnunet_crypto_lib.h:3870
GNUNET_CRYPTO_CSPublicRPairP::r_pub
struct GNUNET_CRYPTO_CsRPublic r_pub[2]
Definition: gnunet_crypto_lib.h:3871
GNUNET_CRYPTO_CsBlindS
blinded s in the signature
Definition: gnunet_crypto_lib.h:661
GNUNET_CRYPTO_CsBlindSignature
The Sign Answer for Clause Blind Schnorr signature.
Definition: gnunet_crypto_lib.h:3904
GNUNET_CRYPTO_CsBlindSignature::s_scalar
struct GNUNET_CRYPTO_CsBlindS s_scalar
The blinded s scalar calculated from c_b.
Definition: gnunet_crypto_lib.h:3914
GNUNET_CRYPTO_CsBlindSignature::b
unsigned int b
To make ROS problem harder, the signer chooses an unpredictable b and only calculates signature of c_...
Definition: gnunet_crypto_lib.h:3909
GNUNET_CRYPTO_CsBlindedMessage
CS Parameters derived from the message during blinding to create blinded signature.
Definition: gnunet_crypto_lib.h:3852
GNUNET_CRYPTO_CsBlindedMessage::c
struct GNUNET_CRYPTO_CsC c[2]
The Clause Schnorr c_0 and c_1 containing the blinded message.
Definition: gnunet_crypto_lib.h:3856
GNUNET_CRYPTO_CsBlindingNonce
Nonce for computing blinding factors.
Definition: gnunet_crypto_lib.h:699
GNUNET_CRYPTO_CsBlindingNonce::bnonce
unsigned char bnonce[256/8]
Definition: gnunet_crypto_lib.h:701
GNUNET_CRYPTO_CsBlindingSecret
Secret used for blinding (alpha and beta).
Definition: gnunet_crypto_lib.h:615
GNUNET_CRYPTO_CsC
Schnorr c to be signed.
Definition: gnunet_crypto_lib.h:643
GNUNET_CRYPTO_CsPrivateKey
The private information of an Schnorr key pair.
Definition: gnunet_crypto_lib.h:597
GNUNET_CRYPTO_CsPublicKey
The public information of an Schnorr key pair.
Definition: gnunet_crypto_lib.h:606
GNUNET_CRYPTO_CsRPublic
the public R (derived from r) used in c
Definition: gnunet_crypto_lib.h:634
GNUNET_CRYPTO_CsRSecret
the private r used in the signature
Definition: gnunet_crypto_lib.h:625
GNUNET_CRYPTO_CsS
s in the signature
Definition: gnunet_crypto_lib.h:652
GNUNET_CRYPTO_CsSessionNonce
Nonce for the session, picked by client, shared with the signer.
Definition: gnunet_crypto_lib.h:688
GNUNET_CRYPTO_CsSessionNonce::snonce
unsigned char snonce[256/8]
Definition: gnunet_crypto_lib.h:690
GNUNET_CRYPTO_CsSignature
CS Signtature containing scalar s and point R.
Definition: gnunet_crypto_lib.h:670
GNUNET_CRYPTO_CsSignature::s_scalar
struct GNUNET_CRYPTO_CsS s_scalar
Schnorr signatures are composed of a scalar s and a curve point.
Definition: gnunet_crypto_lib.h:674
GNUNET_CRYPTO_CsSignature::r_point
struct GNUNET_CRYPTO_CsRPublic r_point
Curve point of the Schnorr signature.
Definition: gnunet_crypto_lib.h:679
GNUNET_CRYPTO_EccSignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition: gnunet_crypto_lib.h:141
GNUNET_CRYPTO_EcdhePrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:254
GNUNET_CRYPTO_EcdhePublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Definition: gnunet_crypto_lib.h:240
GNUNET_CRYPTO_EddsaPrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:278
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition: gnunet_crypto_lib.h:201
GNUNET_CRYPTO_EddsaSignature
an ECC signature using EdDSA.
Definition: gnunet_crypto_lib.h:164
GNUNET_CRYPTO_Edx25519PrivateKey
Private ECC key material encoded for transmission.
Definition: gnunet_crypto_lib.h:304
GNUNET_CRYPTO_Edx25519PublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition: gnunet_crypto_lib.h:326
GNUNET_CRYPTO_RsaBlindedMessage
RSA Parameters to create blinded signature.
Definition: gnunet_crypto_lib.h:3627
GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg_size
size_t blinded_msg_size
Size of the blinded_msg to be signed.
Definition: gnunet_crypto_lib.h:3637
GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg
void * blinded_msg
Blinded message to be signed Note: is malloc()'ed!
Definition: gnunet_crypto_lib.h:3632
GNUNET_CRYPTO_RsaBlindingKeySecret
Constant-size pre-secret for blinding key generation.
Definition: gnunet_crypto_lib.h:3428
GNUNET_CRYPTO_RsaPrivateKey
The private information of an RSA key pair.
Definition: crypto_rsa.c:41
GNUNET_CRYPTO_RsaPublicKey
The public information of an RSA key pair.
Definition: crypto_rsa.c:53
GNUNET_CRYPTO_RsaSignature
an RSA signature
Definition: crypto_rsa.c:65
GNUNET_GETOPT_CommandLineOption
Definition of a command line option.
Definition: gnunet_getopt_lib.h:110
GNUNET_HashCode
A 512-bit hashcode.
Definition: gnunet_common.h:282
TestSignatureDataPS
Sample signature struct.
Definition: gnunet-crypto-tvg.c:66
TestSignatureDataPS::purpose
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Definition: gnunet-crypto-tvg.c:67