52 #include "gnunet_signatures.h"
93 vec_for (json_t *vecs,
const char *vecname)
95 json_t *
t = json_object ();
97 json_object_set_new (
t,
99 json_string (vecname));
100 json_array_append_new (vecs,
t);
124 json = json_string (
buf);
128 json_object_set_new (vec, label, json);
145 json_t *json = json_integer (num);
147 json_object_set_new (vec, label, json);
157 const char *s = json_string_value (json_object_get (vec,
name));
177 const char *s = json_string_value (json_object_get (vec,
name));
184 len = (strlen (s) * 5) / 8;
212 "checking %s\n", operation);
214 if (0 == strcmp (operation,
"hash"))
249 else if (0 == strcmp (operation,
"ecc_ecdh"))
299 else if (0 == strcmp (operation,
"eddsa_key_derivation"))
332 else if (0 == strcmp (operation,
"eddsa_signing"))
390 else if (0 == strcmp (operation,
"kdf"))
412 out_len_comp = out_len;
462 if (0 != memcmp (out, out_comp, out_len))
478 else if (0 == strcmp (operation,
"eddsa_ecdh"))
490 sizeof (priv_ecdhe)))
508 sizeof (priv_eddsa)))
526 sizeof (key_material)))
540 else if (0 == strcmp (operation,
"rsa_blind_signing"))
550 void *blinded_data_comp;
551 size_t blinded_len_comp;
552 void *public_enc_data;
553 size_t public_enc_len;
554 void *secret_enc_data;
555 size_t secret_enc_len;
557 size_t sig_enc_length;
558 void *sig_enc_data_comp;
559 size_t sig_enc_length_comp;
564 sizeof (message_hash)))
571 "blinding_key_secret",
634 if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data,
656 if ( (sig_enc_length != sig_enc_length_comp) ||
657 (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
675 else if (0 == strcmp (operation,
"cs_blind_signing"))
694 sizeof (message_hash)))
760 sizeof (bs[0].
alpha)))
768 sizeof (bs[1].
alpha)))
776 sizeof (bs[0].
beta)))
784 sizeof (bs[1].
beta)))
792 sizeof (r_pub_blind[0])))
800 sizeof (r_pub_blind[1])))
840 sizeof (signature_scalar)))
855 if ((b != 1) && (b != 0))
897 sizeof(message_hash),
919 &signature_scalar_comp);
922 sizeof(signature_scalar_comp)));
923 sig_comp.
r_point = r_pub_blind_comp[b_comp];
924 sig_comp.
s_scalar = signature_scalar_comp;
931 sizeof(message_hash)))
940 "unsupported operation '%s'\n", operation);
956 json_t *vecfile = json_loadf (stdin, 0, &err);
957 const char *encoding;
965 encoding = json_string_value (json_object_get (vecfile,
967 if ( (NULL == encoding) || (0 != strcmp (encoding,
"base32crockford")) )
970 json_decref (vecfile);
973 vectors = json_object_get (vecfile,
"vectors");
974 if (! json_is_array (vectors))
977 json_decref (vecfile);
986 json_array_foreach (vectors, index,
value) {
987 const char *
op = json_string_value (json_object_get (
value,
993 "missing operation\n");
1002 (
unsigned int) index);
1019 json_t *vecfile = json_object ();
1020 json_t *vecs = json_array ();
1022 json_object_set_new (vecfile,
1024 json_string (
"base32crockford"));
1025 json_object_set_new (vecfile,
1027 json_string (
"GNUnet " PACKAGE_VERSION
" " VCS_VERSION));
1028 json_object_set_new (vecfile,
1033 json_t *vec =
vec_for (vecs,
"hash");
1035 char *str =
"Hello, GNUnet";
1039 d2j (vec,
"input", str, strlen (str));
1043 json_t *vec =
vec_for (vecs,
"ecc_ecdh");
1077 json_t *vec =
vec_for (vecs,
"eddsa_key_derivation");
1095 json_t *vec =
vec_for (vecs,
"eddsa_signing");
1104 data.purpose.size = htonl (
sizeof (
data));
1134 json_t *vec =
vec_for (vecs,
"kdf");
1135 size_t out_len = 64;
1137 char *ikm =
"I'm the secret input key material";
1138 char *
salt =
"I'm very salty";
1139 char *
ctx =
"I'm a context chunk, also known as 'info' in the RFC";
1166 (
unsigned int) out_len);
1173 json_t *vec =
vec_for (vecs,
"eddsa_ecdh");
1186 d2j (vec,
"priv_ecdhe",
1189 d2j (vec,
"pub_ecdhe",
1192 d2j (vec,
"priv_eddsa",
1195 d2j (vec,
"pub_eddsa",
1198 d2j (vec,
"key_material",
1204 json_t *vec =
vec_for (vecs,
"edx25519_derive");
1225 d2j (vec,
"priv1_edx",
1228 d2j (vec,
"pub1_edx",
1234 d2j (vec,
"priv2_edx",
1237 d2j (vec,
"pub2_edx",
1243 json_t *vec =
vec_for (vecs,
"rsa_blind_signing");
1253 void *public_enc_data;
1254 size_t public_enc_len;
1255 void *secret_enc_data;
1256 size_t secret_enc_len;
1257 void *blinded_sig_enc_data;
1258 size_t blinded_sig_enc_length;
1260 size_t sig_enc_length;
1288 blinded_sig_enc_data);
1303 "blinding_key_secret",
1312 blinded_sig_enc_data,
1313 blinded_sig_enc_length);
1330 json_t *vec =
vec_for (vecs,
"cs_blind_signing");
1354 sizeof(nonce.
nonce),
1360 strlen (
"nonce_secret"),
1377 sizeof(message_hash),
1391 sizeof(message_hash)))
1431 sizeof(bs[0].
alpha));
1435 sizeof(bs[1].
alpha));
1439 sizeof(bs[0].
beta));
1443 sizeof(bs[1].
beta));
1447 sizeof(r_pub_blind[0]));
1451 sizeof(r_pub_blind[1]));
1471 sizeof(signature_scalar));
1475 sizeof(r_pub_blind[b]));
1478 json_dumpf (vecfile, stdout, JSON_INDENT (2));
1479 json_decref (vecfile);
1497 const char *cfgfile,
1522 "verify a test vector from stdin"),
1533 "gnunet-crypto-tvg",
1534 "Generate test vectors for cryptographic operations",
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
struct GNUNET_GETOPT_CommandLineOption options[]
#define GNUNET_SIGNATURE_PURPOSE_TEST
WARNING: This header is generated! In order to add a signature purpose, you must register them in GAN...
#define gettext_noop(String)
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration we are using.
static int ret
Return value of the commandline.
static struct GNUNET_ARM_Operation * op
Current operation.
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
static int global_ret
Global exit code.
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
static int check_vectors()
Check test vectors from stdin.
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
int main(int argc, char *const *argv)
The main function of the test vector generation tool.
static int output_vectors()
Output test vectors.
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
uint32_t data
The data value.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
static char * pkey
Public key of the zone to look in, in ASCII.
static char * value
Value of the record to add/remove.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
static float beta
Percentage of total peer number in the view to send random PULLs to.
static float alpha
Percentage of total peer number in the view to send random PUSHes to.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_SCHEDULER_Task * t
Main task.
Convenience API for writing testcases for GNUnet.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
void GNUNET_CRYPTO_edx25519_private_key_derive(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
Derive a private scalar from a given private key and a label.
void GNUNET_CRYPTO_edx25519_public_key_derive(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
Derive a public key from a given public key and a label.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
void GNUNET_CRYPTO_edx25519_key_create(struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key.
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf(void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32.
#define GNUNET_log(kind,...)
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
void GNUNET_CRYPTO_cs_r_get_public(const struct GNUNET_CRYPTO_CsRSecret *r_priv, struct GNUNET_CRYPTO_CsRPublic *r_pub)
Extract the public R of the given secret r.
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
void GNUNET_CRYPTO_cs_blinding_secrets_derive(const struct GNUNET_CRYPTO_CsNonce *blind_seed, struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
Derives new random blinding factors.
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
void GNUNET_CRYPTO_cs_private_key_get_public(const struct GNUNET_CRYPTO_CsPrivateKey *priv, struct GNUNET_CRYPTO_CsPublicKey *pub)
Extract the public key of the given private key.
void GNUNET_CRYPTO_cs_unblind(const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, const struct GNUNET_CRYPTO_CsBlindingSecret *bs, struct GNUNET_CRYPTO_CsS *signature_scalar)
Unblind a blind-signed signature using a c that was blinded.
void GNUNET_CRYPTO_cs_r_derive(const struct GNUNET_CRYPTO_CsNonce *nonce, const char *seed, const struct GNUNET_CRYPTO_CsPrivateKey *lts, struct GNUNET_CRYPTO_CsRSecret r[2])
Derive a new secret r pair r0 and r1.
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format.
void GNUNET_CRYPTO_cs_calc_blinded_c(const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], const struct GNUNET_CRYPTO_CsRPublic r_pub[2], const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len, struct GNUNET_CRYPTO_CsC blinded_c[2], struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2])
Calculate two blinded c's Comment: One would be insecure due to Wagner's algorithm solving ROS.
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32;.
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
unsigned int GNUNET_CRYPTO_cs_sign_derive(const struct GNUNET_CRYPTO_CsPrivateKey *priv, const struct GNUNET_CRYPTO_CsRSecret r[2], const struct GNUNET_CRYPTO_CsC c[2], const struct GNUNET_CRYPTO_CsNonce *nonce, struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar)
Sign a blinded c This function derives b from a nonce and a longterm secret In original papers b is g...
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify(const struct GNUNET_CRYPTO_CsSignature *sig, const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len)
Verify whether the given message corresponds to the given signature and the signature is valid with r...
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
void GNUNET_CRYPTO_cs_private_key_generate(struct GNUNET_CRYPTO_CsPrivateKey *priv)
Create a new random private key.
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
Sign a blinded value, which must be a full domain hash of a message.
int GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, void **buf, size_t *buf_size)
Blinds the given message with the given blinding key.
int GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_ERROR
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
static unsigned int size
Size of the "table".
blinded s in the signature
Secret used for blinding (alpha and beta).
unsigned char nonce[256/8]
The private information of an Schnorr key pair.
The public information of an Schnorr key pair.
the public R (derived from r) used in c
the private r used in the signature
CS Signtature containing scalar s and point R.
struct GNUNET_CRYPTO_CsS s_scalar
Schnorr signatures are composed of a scalar s and a curve point.
struct GNUNET_CRYPTO_CsRPublic r_point
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Private ECC key encoded for transmission.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Private ECC key encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
an ECC signature using EdDSA.
Private ECC key material encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Constant-size pre-secret for blinding key generation.
The private information of an RSA key pair.
The public information of an RSA key pair.
Definition of a command line option.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
1.9.1