GNUnet  0.19.3
gnunet-crypto-tvg.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2020 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
51 #include "platform.h"
52 #include "gnunet_util_lib.h"
53 #include "gnunet_signatures.h"
54 #include "gnunet_testing_lib.h"
55 #include <jansson.h>
56 #include <gcrypt.h>
57 
59 
66 {
68  uint32_t testval;
69 };
70 
72 
73 
77 static int verify_flag = GNUNET_NO;
78 
79 
83 static int global_ret = 0;
84 
85 
93 static json_t *
94 vec_for (json_t *vecs, const char *vecname)
95 {
96  json_t *t = json_object ();
97 
98  json_object_set_new (t,
99  "operation",
100  json_string (vecname));
101  json_array_append_new (vecs, t);
102  return t;
103 }
104 
105 
115 static void
116 d2j (json_t *vec,
117  const char *label,
118  const void *data,
119  size_t size)
120 {
121  char *buf;
122  json_t *json;
123 
125  json = json_string (buf);
126  GNUNET_free (buf);
127  GNUNET_break (NULL != json);
128 
129  json_object_set_new (vec, label, json);
130 }
131 
132 
141 static void
142 uint2j (json_t *vec,
143  const char *label,
144  unsigned int num)
145 {
146  json_t *json = json_integer (num);
147 
148  json_object_set_new (vec, label, json);
149 }
150 
151 
152 static int
153 expect_data_fixed (json_t *vec,
154  const char *name,
155  void *data,
156  size_t expect_len)
157 {
158  const char *s = json_string_value (json_object_get (vec, name));
159 
160  if (NULL == s)
161  return GNUNET_NO;
162 
164  strlen (s),
165  data,
166  expect_len))
167  return GNUNET_NO;
168  return GNUNET_OK;
169 }
170 
171 
172 static int
173 expect_data_dynamic (json_t *vec,
174  const char *name,
175  void **data,
176  size_t *ret_len)
177 {
178  const char *s = json_string_value (json_object_get (vec, name));
179  char *tmp;
180  size_t len;
181 
182  if (NULL == s)
183  return GNUNET_NO;
184 
185  len = (strlen (s) * 5) / 8;
186  if (NULL != ret_len)
187  *ret_len = len;
188  tmp = GNUNET_malloc (len);
189 
190  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len))
191  {
192  GNUNET_free (tmp);
193  return GNUNET_NO;
194  }
195  *data = tmp;
196  return GNUNET_OK;
197 }
198 
199 
208 static int
209 checkvec (const char *operation,
210  json_t *vec)
211 {
213  "checking %s\n", operation);
214 
215  if (0 == strcmp (operation, "hash"))
216  {
217  void *data;
218  size_t data_len;
219  struct GNUNET_HashCode hash_out;
220  struct GNUNET_HashCode hc;
221 
222  if (GNUNET_OK != expect_data_dynamic (vec,
223  "input",
224  &data,
225  &data_len))
226  {
227  GNUNET_break (0);
228  return GNUNET_SYSERR;
229  }
230  if (GNUNET_OK != expect_data_fixed (vec,
231  "output",
232  &hash_out,
233  sizeof (hash_out)))
234  {
235  GNUNET_free (data);
236  GNUNET_break (0);
237  return GNUNET_NO;
238  }
239 
240  GNUNET_CRYPTO_hash (data, data_len, &hc);
241 
242  if (0 != GNUNET_memcmp (&hc, &hash_out))
243  {
244  GNUNET_free (data);
245  GNUNET_break (0);
246  return GNUNET_NO;
247  }
248  GNUNET_free (data);
249  }
250  else if (0 == strcmp (operation, "ecc_ecdh"))
251  {
252  struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
253  struct GNUNET_CRYPTO_EcdhePublicKey pub1;
254  struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
255  struct GNUNET_HashCode skm;
256  struct GNUNET_HashCode skm_comp;
257 
258  if (GNUNET_OK != expect_data_fixed (vec,
259  "priv1",
260  &priv1,
261  sizeof (priv1)))
262  {
263  GNUNET_break (0);
264  return GNUNET_NO;
265  }
266  if (GNUNET_OK != expect_data_fixed (vec,
267  "priv2",
268  &priv2,
269  sizeof (priv2)))
270  {
271  GNUNET_break (0);
272  return GNUNET_NO;
273  }
274  if (GNUNET_OK != expect_data_fixed (vec,
275  "pub1",
276  &pub1,
277  sizeof (pub1)))
278  {
279  GNUNET_break (0);
280  return GNUNET_NO;
281  }
282  if (GNUNET_OK != expect_data_fixed (vec,
283  "skm",
284  &skm,
285  sizeof (skm)))
286  {
287  GNUNET_break (0);
288  return GNUNET_NO;
289  }
291  GNUNET_CRYPTO_ecc_ecdh (&priv2,
292  &pub1,
293  &skm_comp));
294  if (0 != GNUNET_memcmp (&skm, &skm_comp))
295  {
296  GNUNET_break (0);
297  return GNUNET_NO;
298  }
299  }
300  else if (0 == strcmp (operation, "eddsa_key_derivation"))
301  {
302  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
304  struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
305 
306  if (GNUNET_OK != expect_data_fixed (vec,
307  "priv",
308  &priv,
309  sizeof (priv)))
310  {
311  GNUNET_break (0);
312  return GNUNET_NO;
313  }
314 
315  if (GNUNET_OK != expect_data_fixed (vec,
316  "pub",
317  &pub,
318  sizeof (pub)))
319  {
320  GNUNET_break (0);
321  return GNUNET_NO;
322  }
323 
325  &pub_comp);
326  if (0 != GNUNET_memcmp (&pub, &pub_comp))
327  {
328  GNUNET_break (0);
329  return GNUNET_NO;
330  }
331 
332  }
333  else if (0 == strcmp (operation, "eddsa_signing"))
334  {
335  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
337  struct TestSignatureDataPS data = { 0 };
338  struct GNUNET_CRYPTO_EddsaSignature sig;
339  struct GNUNET_CRYPTO_EddsaSignature sig_comp;
340 
341  if (GNUNET_OK != expect_data_fixed (vec,
342  "priv",
343  &priv,
344  sizeof (priv)))
345  {
346  GNUNET_break (0);
347  return GNUNET_NO;
348  }
349 
350  if (GNUNET_OK != expect_data_fixed (vec,
351  "pub",
352  &pub,
353  sizeof (pub)))
354  {
355  GNUNET_break (0);
356  return GNUNET_NO;
357  }
358 
359  if (GNUNET_OK != expect_data_fixed (vec,
360  "data",
361  &data,
362  sizeof (data)))
363  {
364  GNUNET_break (0);
365  return GNUNET_NO;
366  }
367 
368  if (GNUNET_OK != expect_data_fixed (vec,
369  "sig",
370  &sig,
371  sizeof (sig)))
372  {
373  GNUNET_break (0);
374  return GNUNET_NO;
375  }
376 
378  &data,
379  &sig_comp);
382  &data,
383  &sig,
384  &pub));
385  if (0 != GNUNET_memcmp (&sig, &sig_comp))
386  {
387  GNUNET_break (0);
388  return GNUNET_NO;
389  }
390  }
391  else if (0 == strcmp (operation, "kdf"))
392  {
393  size_t out_len;
394  void *out;
395  size_t out_len_comp;
396  void *out_comp;
397  void *ikm;
398  size_t ikm_len;
399  void *salt;
400  size_t salt_len;
401  void *ctx;
402  size_t ctx_len;
403 
404  if (GNUNET_OK != expect_data_dynamic (vec,
405  "out",
406  &out,
407  &out_len))
408  {
409  GNUNET_break (0);
410  return GNUNET_SYSERR;
411  }
412 
413  out_len_comp = out_len;
414  out_comp = GNUNET_malloc (out_len_comp);
415 
416  if (GNUNET_OK != expect_data_dynamic (vec,
417  "ikm",
418  &ikm,
419  &ikm_len))
420  {
421  GNUNET_free (out);
422  GNUNET_free (out_comp);
423  GNUNET_break (0);
424  return GNUNET_SYSERR;
425  }
426 
427  if (GNUNET_OK != expect_data_dynamic (vec,
428  "salt",
429  &salt,
430  &salt_len))
431  {
432  GNUNET_free (out);
433  GNUNET_free (out_comp);
434  GNUNET_free (ikm);
435  GNUNET_break (0);
436  return GNUNET_SYSERR;
437  }
438 
439  if (GNUNET_OK != expect_data_dynamic (vec,
440  "ctx",
441  &ctx,
442  &ctx_len))
443  {
444  GNUNET_free (out);
445  GNUNET_free (out_comp);
446  GNUNET_free (ikm);
447  GNUNET_free (salt);
448  GNUNET_break (0);
449  return GNUNET_SYSERR;
450  }
451 
453  GNUNET_CRYPTO_kdf (out_comp,
454  out_len_comp,
455  salt,
456  salt_len,
457  ikm,
458  ikm_len,
459  ctx,
460  ctx_len,
461  NULL));
462 
463  if (0 != memcmp (out, out_comp, out_len))
464  {
465  GNUNET_free (out);
466  GNUNET_free (out_comp);
467  GNUNET_free (ikm);
468  GNUNET_free (salt);
469  GNUNET_free (ctx);
470  GNUNET_break (0);
471  return GNUNET_NO;
472  }
473  GNUNET_free (out);
474  GNUNET_free (out_comp);
475  GNUNET_free (ikm);
476  GNUNET_free (salt);
477  GNUNET_free (ctx);
478  }
479  else if (0 == strcmp (operation, "eddsa_ecdh"))
480  {
481  struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
482  struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
483  struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
484  struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
485  struct GNUNET_HashCode key_material;
486  struct GNUNET_HashCode key_material_comp;
487 
488  if (GNUNET_OK != expect_data_fixed (vec,
489  "priv_ecdhe",
490  &priv_ecdhe,
491  sizeof (priv_ecdhe)))
492  {
493  GNUNET_break (0);
494  return GNUNET_NO;
495  }
496 
497  if (GNUNET_OK != expect_data_fixed (vec,
498  "pub_ecdhe",
499  &pub_ecdhe,
500  sizeof (pub_ecdhe)))
501  {
502  GNUNET_break (0);
503  return GNUNET_NO;
504  }
505 
506  if (GNUNET_OK != expect_data_fixed (vec,
507  "priv_eddsa",
508  &priv_eddsa,
509  sizeof (priv_eddsa)))
510  {
511  GNUNET_break (0);
512  return GNUNET_NO;
513  }
514 
515  if (GNUNET_OK != expect_data_fixed (vec,
516  "pub_eddsa",
517  &pub_eddsa,
518  sizeof (pub_eddsa)))
519  {
520  GNUNET_break (0);
521  return GNUNET_NO;
522  }
523 
524  if (GNUNET_OK != expect_data_fixed (vec,
525  "key_material",
526  &key_material,
527  sizeof (key_material)))
528  {
529  GNUNET_break (0);
530  return GNUNET_NO;
531  }
532 
533  GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material_comp);
534 
535  if (0 != GNUNET_memcmp (&key_material, &key_material_comp))
536  {
537  GNUNET_break (0);
538  return GNUNET_NO;
539  }
540  }
541  else if (0 == strcmp (operation, "rsa_blind_signing"))
542  {
543  struct GNUNET_CRYPTO_RsaPrivateKey *skey;
545  struct GNUNET_HashCode message_hash;
547  struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
548  struct GNUNET_CRYPTO_RsaSignature *sig;
549  void *blinded_data;
550  size_t blinded_len;
551  void *blinded_data_comp;
552  size_t blinded_len_comp;
553  void *public_enc_data;
554  size_t public_enc_len;
555  void *secret_enc_data;
556  size_t secret_enc_len;
557  void *sig_enc_data;
558  size_t sig_enc_length;
559  void *sig_enc_data_comp;
560  size_t sig_enc_length_comp;
561 
562  if (GNUNET_OK != expect_data_fixed (vec,
563  "message_hash",
564  &message_hash,
565  sizeof (message_hash)))
566  {
567  GNUNET_break (0);
568  return GNUNET_SYSERR;
569  }
570 
571  if (GNUNET_OK != expect_data_fixed (vec,
572  "blinding_key_secret",
573  &bks,
574  sizeof (bks)))
575  {
576  GNUNET_break (0);
577  return GNUNET_SYSERR;
578  }
579 
580  if (GNUNET_OK != expect_data_dynamic (vec,
581  "blinded_message",
582  &blinded_data,
583  &blinded_len))
584  {
585  GNUNET_break (0);
586  return GNUNET_SYSERR;
587  }
588 
589  if (GNUNET_OK != expect_data_dynamic (vec,
590  "rsa_public_key",
591  &public_enc_data,
592  &public_enc_len))
593  {
594  GNUNET_free (blinded_data);
595  GNUNET_break (0);
596  return GNUNET_SYSERR;
597  }
598 
599  if (GNUNET_OK != expect_data_dynamic (vec,
600  "rsa_private_key",
601  &secret_enc_data,
602  &secret_enc_len))
603  {
604  GNUNET_free (blinded_data);
605  GNUNET_free (public_enc_data);
606  GNUNET_break (0);
607  return GNUNET_SYSERR;
608  }
609 
610  if (GNUNET_OK != expect_data_dynamic (vec,
611  "sig",
612  &sig_enc_data,
613  &sig_enc_length))
614  {
615  GNUNET_free (blinded_data);
616  GNUNET_free (public_enc_data);
617  GNUNET_free (secret_enc_data);
618  GNUNET_break (0);
619  return GNUNET_SYSERR;
620  }
621 
622  pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
623  public_enc_len);
624  GNUNET_assert (NULL != pkey);
625  skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
626  secret_enc_len);
627  GNUNET_assert (NULL != skey);
628 
630  GNUNET_CRYPTO_rsa_blind (&message_hash,
631  &bks,
632  pkey,
633  &blinded_data_comp,
634  &blinded_len_comp));
635  if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data,
636  blinded_data_comp,
637  blinded_len)) )
638  {
639  GNUNET_free (blinded_data);
640  GNUNET_free (blinded_data_comp);
641  GNUNET_free (public_enc_data);
642  GNUNET_free (secret_enc_data);
643  GNUNET_free (sig_enc_data);
646  GNUNET_break (0);
647  return GNUNET_NO;
648  }
649  blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
650  blinded_len);
651  sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
652  GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
653  pkey));
654  GNUNET_free(public_enc_data);
655  public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
656  &public_enc_data);
657  sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
658  &sig_enc_data_comp);
659 
660  if ( (sig_enc_length != sig_enc_length_comp) ||
661  (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
662  {
663  GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
664  GNUNET_free (blinded_data);
665  GNUNET_free (blinded_data_comp);
666  GNUNET_free (public_enc_data);
667  GNUNET_free (secret_enc_data);
668  GNUNET_free (sig_enc_data);
669  GNUNET_free (sig_enc_data_comp);
673  GNUNET_break (0);
674  return GNUNET_NO;
675  }
676  GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
677  GNUNET_free (blinded_data);
678  GNUNET_free (blinded_data_comp);
679  GNUNET_free (public_enc_data);
680  GNUNET_free (secret_enc_data);
681  GNUNET_free (sig_enc_data);
682  GNUNET_free (sig_enc_data_comp);
686  }
687  else if (0 == strcmp (operation, "cs_blind_signing"))
688  {
689  struct GNUNET_CRYPTO_CsPrivateKey priv;
691  struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
692  struct GNUNET_CRYPTO_CsRSecret r_priv[2];
693  struct GNUNET_CRYPTO_CsRPublic r_pub[2];
694  struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2];
695  struct GNUNET_CRYPTO_CsC c[2];
696  struct GNUNET_CRYPTO_CsS signature_scalar;
697  struct GNUNET_CRYPTO_CsBlindS blinded_s;
698  struct GNUNET_CRYPTO_CsSignature sig;
700  struct GNUNET_HashCode message_hash;
701  unsigned int b;
702 
703  if (GNUNET_OK != expect_data_fixed (vec,
704  "message_hash",
705  &message_hash,
706  sizeof (message_hash)))
707  {
708  GNUNET_break (0);
709  return GNUNET_SYSERR;
710  }
711  if (GNUNET_OK != expect_data_fixed (vec,
712  "cs_public_key",
713  &pub,
714  sizeof (pub)))
715  {
716  GNUNET_break (0);
717  return GNUNET_SYSERR;
718  }
719 
720  if (GNUNET_OK != expect_data_fixed (vec,
721  "cs_private_key",
722  &priv,
723  sizeof (priv)))
724  {
725  GNUNET_break (0);
726  return GNUNET_SYSERR;
727  }
728  if (GNUNET_OK != expect_data_fixed (vec,
729  "cs_nonce",
730  &nonce,
731  sizeof (nonce)))
732  {
733  GNUNET_break (0);
734  return GNUNET_SYSERR;
735  }
736  if (GNUNET_OK != expect_data_fixed (vec,
737  "cs_r_priv_0",
738  &r_priv[0],
739  sizeof (r_priv[0])))
740  {
741  GNUNET_break (0);
742  return GNUNET_SYSERR;
743  }
744  if (GNUNET_OK != expect_data_fixed (vec,
745  "cs_r_priv_1",
746  &r_priv[1],
747  sizeof (r_priv[1])))
748  {
749  GNUNET_break (0);
750  return GNUNET_SYSERR;
751  }
752  if (GNUNET_OK != expect_data_fixed (vec,
753  "cs_r_pub_0",
754  &r_pub[0],
755  sizeof (r_pub[0])))
756  {
757  GNUNET_break (0);
758  return GNUNET_SYSERR;
759  }
760  if (GNUNET_OK != expect_data_fixed (vec,
761  "cs_r_pub_1",
762  &r_pub[1],
763  sizeof (r_pub[1])))
764  {
765  GNUNET_break (0);
766  return GNUNET_SYSERR;
767  }
768 
769  if (GNUNET_OK != expect_data_fixed (vec,
770  "cs_bs_alpha_0",
771  &bs[0].alpha,
772  sizeof (bs[0].alpha)))
773  {
774  GNUNET_break (0);
775  return GNUNET_SYSERR;
776  }
777  if (GNUNET_OK != expect_data_fixed (vec,
778  "cs_bs_alpha_1",
779  &bs[1].alpha,
780  sizeof (bs[1].alpha)))
781  {
782  GNUNET_break (0);
783  return GNUNET_SYSERR;
784  }
785  if (GNUNET_OK != expect_data_fixed (vec,
786  "cs_bs_beta_0",
787  &bs[0].beta,
788  sizeof (bs[0].beta)))
789  {
790  GNUNET_break (0);
791  return GNUNET_SYSERR;
792  }
793  if (GNUNET_OK != expect_data_fixed (vec,
794  "cs_bs_beta_1",
795  &bs[1].beta,
796  sizeof (bs[1].beta)))
797  {
798  GNUNET_break (0);
799  return GNUNET_SYSERR;
800  }
801  if (GNUNET_OK != expect_data_fixed (vec,
802  "cs_r_pub_blind_0",
803  &r_pub_blind[0],
804  sizeof (r_pub_blind[0])))
805  {
806  GNUNET_break (0);
807  return GNUNET_SYSERR;
808  }
809  if (GNUNET_OK != expect_data_fixed (vec,
810  "cs_r_pub_blind_1",
811  &r_pub_blind[1],
812  sizeof (r_pub_blind[1])))
813  {
814  GNUNET_break (0);
815  return GNUNET_SYSERR;
816  }
817  if (GNUNET_OK != expect_data_fixed (vec,
818  "cs_c_0",
819  &c[0],
820  sizeof (c[0])))
821  {
822  GNUNET_break (0);
823  return GNUNET_SYSERR;
824  }
825  if (GNUNET_OK != expect_data_fixed (vec,
826  "cs_c_1",
827  &c[1],
828  sizeof (c[1])))
829  {
830  GNUNET_break (0);
831  return GNUNET_SYSERR;
832  }
833  if (GNUNET_OK != expect_data_fixed (vec,
834  "cs_blind_s",
835  &blinded_s,
836  sizeof (blinded_s)))
837  {
838  GNUNET_break (0);
839  return GNUNET_SYSERR;
840  }
841  if (GNUNET_OK != expect_data_fixed (vec,
842  "cs_b",
843  &b,
844  sizeof (b)))
845  {
846  GNUNET_break (0);
847  return GNUNET_SYSERR;
848  }
849  if (GNUNET_OK != expect_data_fixed (vec,
850  "cs_sig_s",
851  &signature_scalar,
852  sizeof (signature_scalar)))
853  {
854  GNUNET_break (0);
855  return GNUNET_SYSERR;
856  }
857  sig.s_scalar = signature_scalar;
858  if (GNUNET_OK != expect_data_fixed (vec,
859  "cs_sig_R",
860  &sig.r_point,
861  sizeof (sig.r_point)))
862  {
863  GNUNET_break (0);
864  return GNUNET_SYSERR;
865  }
866 
867  if ((b != 1) && (b != 0))
868  {
869  GNUNET_break (0);
870  return GNUNET_SYSERR;
871  }
872 
873  struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2];
874  struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2];
875  struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2];
876  struct GNUNET_CRYPTO_CsC c_comp[2];
877  struct GNUNET_CRYPTO_CsRPublic r_pub_blind_comp[2];
878  struct GNUNET_CRYPTO_CsBlindS blinded_s_comp;
879  struct GNUNET_CRYPTO_CsS signature_scalar_comp;
880  struct GNUNET_CRYPTO_CsSignature sig_comp;
881  unsigned int b_comp;
882 
883 
885  "rw",
886  &priv,
887  r_priv_comp);
888  GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0],
889  &r_pub_comp[0]);
890  GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1],
891  &r_pub_comp[1]);
892  GNUNET_assert (0 == memcmp (&r_priv_comp,
893  &r_priv,
894  sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2));
895  GNUNET_assert (0 == memcmp (&r_pub_comp,
896  &r_pub,
897  sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
898 
900  bs_comp);
901  GNUNET_assert (0 == memcmp (&bs_comp,
902  &bs,
903  sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
904  * 2));
906  r_pub_comp,
907  &pub,
908  &message_hash,
909  sizeof(message_hash),
910  c_comp,
911  r_pub_blind_comp);
912  GNUNET_assert (0 == memcmp (&c_comp,
913  &c,
914  sizeof(struct GNUNET_CRYPTO_CsC) * 2));
915  GNUNET_assert (0 == memcmp (&r_pub_blind_comp,
916  &r_pub_blind,
917  sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
918  b_comp = GNUNET_CRYPTO_cs_sign_derive (&priv,
919  r_priv_comp,
920  c_comp,
921  &nonce,
922  &blinded_s_comp);
923  GNUNET_assert (0 == memcmp (&blinded_s_comp,
924  &blinded_s,
925  sizeof(blinded_s)));
926  GNUNET_assert (0 == memcmp (&b_comp,
927  &b,
928  sizeof(b)));
929  GNUNET_CRYPTO_cs_unblind (&blinded_s_comp,
930  &bs_comp[b_comp],
931  &signature_scalar_comp);
932  GNUNET_assert (0 == memcmp (&signature_scalar_comp,
933  &signature_scalar,
934  sizeof(signature_scalar_comp)));
935  sig_comp.r_point = r_pub_blind_comp[b_comp];
936  sig_comp.s_scalar = signature_scalar_comp;
937  GNUNET_assert (0 == memcmp (&sig_comp,
938  &sig,
939  sizeof(sig_comp)));
940  if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig_comp,
941  &pub,
942  &message_hash,
943  sizeof(message_hash)))
944  {
945  GNUNET_break (0);
946  return GNUNET_SYSERR;
947  }
948  }
949  else
950  {
952  "unsupported operation '%s'\n", operation);
953  }
954 
955  return GNUNET_OK;
956 }
957 
958 
964 static int
966 {
967  json_error_t err;
968  json_t *vecfile = json_loadf (stdin, 0, &err);
969  const char *encoding;
970  json_t *vectors;
971 
972  if (NULL == vecfile)
973  {
974  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
975  return 1;
976  }
977  encoding = json_string_value (json_object_get (vecfile,
978  "encoding"));
979  if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
980  {
981  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
982  json_decref (vecfile);
983  return 1;
984  }
985  vectors = json_object_get (vecfile, "vectors");
986  if (! json_is_array (vectors))
987  {
988  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
989  json_decref (vecfile);
990  return 1;
991  }
992  {
993  /* array is a JSON array */
994  size_t index;
995  json_t *value;
996  int ret;
997 
998  json_array_foreach (vectors, index, value) {
999  const char *op = json_string_value (json_object_get (value,
1000  "operation"));
1001 
1002  if (NULL == op)
1003  {
1005  "missing operation\n");
1006  ret = GNUNET_SYSERR;
1007  break;
1008  }
1009  ret = checkvec (op, value);
1010  if (GNUNET_OK != ret)
1011  {
1013  "bad vector %u\n",
1014  (unsigned int) index);
1015  break;
1016  }
1017  }
1018  json_decref (vecfile);
1019  return (ret == GNUNET_OK) ? 0 : 1;
1020  }
1021 }
1022 
1023 
1029 static int
1031 {
1032  json_t *vecfile = json_object ();
1033  json_t *vecs = json_array ();
1034 
1035  json_object_set_new (vecfile,
1036  "encoding",
1037  json_string ("base32crockford"));
1038  json_object_set_new (vecfile,
1039  "producer",
1040  json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
1041  json_object_set_new (vecfile,
1042  "vectors",
1043  vecs);
1044 
1045  {
1046  json_t *vec = vec_for (vecs, "hash");
1047  struct GNUNET_HashCode hc;
1048  char *str = "Hello, GNUnet";
1049 
1050  GNUNET_CRYPTO_hash (str, strlen (str), &hc);
1051 
1052  d2j (vec, "input", str, strlen (str));
1053  d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
1054  }
1055  {
1056  json_t *vec = vec_for (vecs, "ecc_ecdh");
1057  struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
1058  struct GNUNET_CRYPTO_EcdhePublicKey pub1;
1059  struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
1060  struct GNUNET_HashCode skm;
1061 
1065  &pub1);
1067  GNUNET_CRYPTO_ecc_ecdh (&priv2,
1068  &pub1,
1069  &skm));
1070 
1071  d2j (vec,
1072  "priv1",
1073  &priv1,
1074  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1075  d2j (vec,
1076  "pub1",
1077  &pub1,
1078  sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1079  d2j (vec,
1080  "priv2",
1081  &priv2,
1082  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1083  d2j (vec,
1084  "skm",
1085  &skm,
1086  sizeof (struct GNUNET_HashCode));
1087  }
1088 
1089  {
1090  json_t *vec = vec_for (vecs, "eddsa_key_derivation");
1091  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1093 
1096  &pub);
1097 
1098  d2j (vec,
1099  "priv",
1100  &priv,
1101  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1102  d2j (vec,
1103  "pub",
1104  &pub,
1105  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1106  }
1107  {
1108  json_t *vec = vec_for (vecs, "eddsa_signing");
1109  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1111  struct GNUNET_CRYPTO_EddsaSignature sig;
1112  struct TestSignatureDataPS data = { 0 };
1113 
1116  &pub);
1117  data.purpose.size = htonl (sizeof (data));
1118  data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
1119  GNUNET_CRYPTO_eddsa_sign (&priv,
1120  &data,
1121  &sig);
1124  &data,
1125  &sig,
1126  &pub));
1127 
1128  d2j (vec,
1129  "priv",
1130  &priv,
1131  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1132  d2j (vec,
1133  "pub",
1134  &pub,
1135  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1136  d2j (vec,
1137  "data",
1138  &data,
1139  sizeof (struct TestSignatureDataPS));
1140  d2j (vec,
1141  "sig",
1142  &sig,
1143  sizeof (struct GNUNET_CRYPTO_EddsaSignature));
1144  }
1145 
1146  {
1147  json_t *vec = vec_for (vecs, "kdf");
1148  size_t out_len = 64;
1149  char out[out_len];
1150  char *ikm = "I'm the secret input key material";
1151  char *salt = "I'm very salty";
1152  char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
1153 
1155  GNUNET_CRYPTO_kdf (&out,
1156  out_len,
1157  salt,
1158  strlen (salt),
1159  ikm,
1160  strlen (ikm),
1161  ctx,
1162  strlen (ctx),
1163  NULL));
1164 
1165  d2j (vec,
1166  "salt",
1167  salt,
1168  strlen (salt));
1169  d2j (vec,
1170  "ikm",
1171  ikm,
1172  strlen (ikm));
1173  d2j (vec,
1174  "ctx",
1175  ctx,
1176  strlen (ctx));
1177  uint2j (vec,
1178  "out_len",
1179  (unsigned int) out_len);
1180  d2j (vec,
1181  "out",
1182  out,
1183  out_len);
1184  }
1185  {
1186  json_t *vec = vec_for (vecs, "eddsa_ecdh");
1187  struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
1188  struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
1189  struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
1190  struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
1191  struct GNUNET_HashCode key_material;
1192 
1193  GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
1194  GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
1195  GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
1196  GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
1197  GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
1198 
1199  d2j (vec, "priv_ecdhe",
1200  &priv_ecdhe,
1201  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1202  d2j (vec, "pub_ecdhe",
1203  &pub_ecdhe,
1204  sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1205  d2j (vec, "priv_eddsa",
1206  &priv_eddsa,
1207  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1208  d2j (vec, "pub_eddsa",
1209  &pub_eddsa,
1210  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1211  d2j (vec, "key_material",
1212  &key_material,
1213  sizeof (struct GNUNET_HashCode));
1214  }
1215 
1216  {
1217  json_t *vec = vec_for (vecs, "edx25519_derive");
1218  struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx;
1219  struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx;
1220  struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx;
1221  struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx;
1222  struct GNUNET_HashCode seed;
1223 
1225  &seed,
1226  sizeof (struct GNUNET_HashCode));
1227  GNUNET_CRYPTO_edx25519_key_create (&priv1_edx);
1228  GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx);
1230  &seed,
1231  sizeof (seed),
1232  &priv2_edx);
1234  &seed,
1235  sizeof (seed),
1236  &pub2_edx);
1237 
1238  d2j (vec, "priv1_edx",
1239  &priv1_edx,
1240  sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1241  d2j (vec, "pub1_edx",
1242  &pub1_edx,
1243  sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1244  d2j (vec, "seed",
1245  &seed,
1246  sizeof (struct GNUNET_HashCode));
1247  d2j (vec, "priv2_edx",
1248  &priv2_edx,
1249  sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1250  d2j (vec, "pub2_edx",
1251  &pub2_edx,
1252  sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1253  }
1254 
1255  {
1256  json_t *vec = vec_for (vecs, "rsa_blind_signing");
1257 
1258  struct GNUNET_CRYPTO_RsaPrivateKey *skey;
1260  struct GNUNET_HashCode message_hash;
1262  struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
1263  struct GNUNET_CRYPTO_RsaSignature *sig;
1264  void *blinded_data;
1265  size_t blinded_len;
1266  void *public_enc_data;
1267  size_t public_enc_len;
1268  void *secret_enc_data;
1269  size_t secret_enc_len;
1270  void *blinded_sig_enc_data;
1271  size_t blinded_sig_enc_length;
1272  void *sig_enc_data;
1273  size_t sig_enc_length;
1274 
1278  &message_hash,
1279  sizeof (struct GNUNET_HashCode));
1281  &bks,
1282  sizeof (struct
1285  GNUNET_CRYPTO_rsa_blind (&message_hash,
1286  &bks,
1287  pkey,
1288  &blinded_data,
1289  &blinded_len));
1290  blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
1291  blinded_len);
1292  sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
1293  GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
1294  pkey));
1295  public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
1296  &public_enc_data);
1297  secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
1298  &secret_enc_data);
1299  blinded_sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
1300  &
1301  blinded_sig_enc_data);
1302  sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data);
1303  d2j (vec,
1304  "message_hash",
1305  &message_hash,
1306  sizeof (struct GNUNET_HashCode));
1307  d2j (vec,
1308  "rsa_public_key",
1309  public_enc_data,
1310  public_enc_len);
1311  d2j (vec,
1312  "rsa_private_key",
1313  secret_enc_data,
1314  secret_enc_len);
1315  d2j (vec,
1316  "blinding_key_secret",
1317  &bks,
1318  sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
1319  d2j (vec,
1320  "blinded_message",
1321  blinded_data,
1322  blinded_len);
1323  d2j (vec,
1324  "blinded_sig",
1325  blinded_sig_enc_data,
1326  blinded_sig_enc_length);
1327  d2j (vec,
1328  "sig",
1329  sig_enc_data,
1330  sig_enc_length);
1334  GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
1335  GNUNET_free (public_enc_data);
1336  GNUNET_free (blinded_data);
1337  GNUNET_free (sig_enc_data);
1338  GNUNET_free (blinded_sig_enc_data);
1339  GNUNET_free (secret_enc_data);
1340  }
1341 
1342  {
1343  json_t *vec = vec_for (vecs, "cs_blind_signing");
1344 
1345  struct GNUNET_CRYPTO_CsPrivateKey priv;
1347  struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
1348  struct GNUNET_CRYPTO_CsRSecret r_priv[2];
1349  struct GNUNET_CRYPTO_CsRPublic r_pub[2];
1350  struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2];
1351  struct GNUNET_CRYPTO_CsC c[2];
1352  struct GNUNET_CRYPTO_CsS signature_scalar;
1353  struct GNUNET_CRYPTO_CsBlindS blinded_s;
1354  struct GNUNET_CRYPTO_CsSignature sig;
1356  unsigned int b;
1357  struct GNUNET_HashCode message_hash;
1358 
1360  &message_hash,
1361  sizeof (struct GNUNET_HashCode));
1362 
1365 
1367  sizeof(nonce.nonce),
1368  GCRY_MD_SHA512,
1369  GCRY_MD_SHA256,
1370  "nonce",
1371  strlen ("nonce"),
1372  "nonce_secret",
1373  strlen ("nonce_secret"),
1374  NULL,
1375  0));
1376  GNUNET_CRYPTO_cs_r_derive (&nonce,
1377  "rw",
1378  &priv,
1379  r_priv);
1380  GNUNET_CRYPTO_cs_r_get_public (&r_priv[0],
1381  &r_pub[0]);
1382  GNUNET_CRYPTO_cs_r_get_public (&r_priv[1],
1383  &r_pub[1]);
1385  bs);
1387  r_pub,
1388  &pub,
1389  &message_hash,
1390  sizeof(message_hash),
1391  c,
1392  r_pub_blind);
1393  b = GNUNET_CRYPTO_cs_sign_derive (&priv,
1394  r_priv,
1395  c,
1396  &nonce,
1397  &blinded_s);
1398  GNUNET_CRYPTO_cs_unblind (&blinded_s, &bs[b], &signature_scalar);
1399  sig.r_point = r_pub_blind[b];
1400  sig.s_scalar = signature_scalar;
1401  if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig,
1402  &pub,
1403  &message_hash,
1404  sizeof(message_hash)))
1405  {
1406  GNUNET_break (0);
1407  return GNUNET_SYSERR;
1408  }
1409  d2j (vec,
1410  "message_hash",
1411  &message_hash,
1412  sizeof (struct GNUNET_HashCode));
1413  d2j (vec,
1414  "cs_public_key",
1415  &pub,
1416  sizeof(pub));
1417  d2j (vec,
1418  "cs_private_key",
1419  &priv,
1420  sizeof(priv));
1421  d2j (vec,
1422  "cs_nonce",
1423  &nonce,
1424  sizeof(nonce));
1425  d2j (vec,
1426  "cs_r_priv_0",
1427  &r_priv[0],
1428  sizeof(r_priv[0]));
1429  d2j (vec,
1430  "cs_r_priv_1",
1431  &r_priv[1],
1432  sizeof(r_priv[1]));
1433  d2j (vec,
1434  "cs_r_pub_0",
1435  &r_pub[0],
1436  sizeof(r_pub[0]));
1437  d2j (vec,
1438  "cs_r_pub_1",
1439  &r_pub[1],
1440  sizeof(r_pub[1]));
1441  d2j (vec,
1442  "cs_bs_alpha_0",
1443  &bs[0].alpha,
1444  sizeof(bs[0].alpha));
1445  d2j (vec,
1446  "cs_bs_alpha_1",
1447  &bs[1].alpha,
1448  sizeof(bs[1].alpha));
1449  d2j (vec,
1450  "cs_bs_beta_0",
1451  &bs[0].beta,
1452  sizeof(bs[0].beta));
1453  d2j (vec,
1454  "cs_bs_beta_1",
1455  &bs[1].beta,
1456  sizeof(bs[1].beta));
1457  d2j (vec,
1458  "cs_r_pub_blind_0",
1459  &r_pub_blind[0],
1460  sizeof(r_pub_blind[0]));
1461  d2j (vec,
1462  "cs_r_pub_blind_1",
1463  &r_pub_blind[1],
1464  sizeof(r_pub_blind[1]));
1465  d2j (vec,
1466  "cs_c_0",
1467  &c[0],
1468  sizeof(c[0]));
1469  d2j (vec,
1470  "cs_c_1",
1471  &c[1],
1472  sizeof(c[1]));
1473  d2j (vec,
1474  "cs_blind_s",
1475  &blinded_s,
1476  sizeof(blinded_s));
1477  d2j (vec,
1478  "cs_b",
1479  &b,
1480  sizeof(b));
1481  d2j (vec,
1482  "cs_sig_s",
1483  &signature_scalar,
1484  sizeof(signature_scalar));
1485  d2j (vec,
1486  "cs_sig_R",
1487  &r_pub_blind[b],
1488  sizeof(r_pub_blind[b]));
1489  }
1490 
1491  json_dumpf (vecfile, stdout, JSON_INDENT (2));
1492  json_decref (vecfile);
1493  printf ("\n");
1494 
1495  return 0;
1496 }
1497 
1498 
1507 static void
1508 run (void *cls,
1509  char *const *args,
1510  const char *cfgfile,
1511  const struct GNUNET_CONFIGURATION_Handle *cfg)
1512 {
1513  if (GNUNET_YES == verify_flag)
1515  else
1517 }
1518 
1519 
1527 int
1528 main (int argc,
1529  char *const *argv)
1530 {
1531  const struct GNUNET_GETOPT_CommandLineOption options[] = {
1533  "verify",
1534  gettext_noop (
1535  "verify a test vector from stdin"),
1536  &verify_flag),
1538  };
1539 
1541  GNUNET_log_setup ("gnunet-crypto-tvg",
1542  "INFO",
1543  NULL));
1544  if (GNUNET_OK !=
1545  GNUNET_PROGRAM_run (argc, argv,
1546  "gnunet-crypto-tvg",
1547  "Generate test vectors for cryptographic operations",
1548  options,
1549  &run, NULL))
1550  return 1;
1551  return global_ret;
1552 }
1553 
1554 
1555 /* end of gnunet-crypto-tvg.c */
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
#define GNUNET_SIGNATURE_PURPOSE_TEST
WARNING: This header is generated! In order to add a signature purpose, you must register them in GAN...
#define gettext_noop(String)
Definition: gettext.h:70
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration we are using.
Definition: gnunet-abd.c:36
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static struct GNUNET_ARM_Operation * op
Current operation.
Definition: gnunet-arm.c:144
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
static int global_ret
Global exit code.
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
static int check_vectors()
Check test vectors from stdin.
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
int main(int argc, char *const *argv)
The main function of the test vector generation tool.
static int output_vectors()
Output test vectors.
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
uint32_t data
The data value.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
static char * pkey
Public key of the zone to look in, in ASCII.
static char * value
Value of the record to add/remove.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:47
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
static float beta
Percentage of total peer number in the view to send random PULLs to.
static float alpha
Percentage of total peer number in the view to send random PUSHes to.
static char buf[2048]
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_SCHEDULER_Task * t
Main task.
Convenience API for writing testcases for GNUnet.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:726
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:435
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
void GNUNET_CRYPTO_edx25519_private_key_derive(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
Derive a private scalar from a given private key and a label.
void GNUNET_CRYPTO_edx25519_public_key_derive(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
Derive a public key from a given public key and a label.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:461
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:779
void GNUNET_CRYPTO_edx25519_key_create(struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key.
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:213
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf(void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_hkdf.c:341
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:70
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32.
#define GNUNET_log(kind,...)
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
Definition: crypto_rsa.c:991
void GNUNET_CRYPTO_cs_r_get_public(const struct GNUNET_CRYPTO_CsRSecret *r_priv, struct GNUNET_CRYPTO_CsRPublic *r_pub)
Extract the public R of the given secret r.
Definition: crypto_cs.c:97
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:173
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
Definition: crypto_rsa.c:1175
void GNUNET_CRYPTO_cs_blinding_secrets_derive(const struct GNUNET_CRYPTO_CsNonce *blind_seed, struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
Derives new random blinding factors.
Definition: crypto_cs.c:106
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:204
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
Definition: crypto_rsa.c:1094
void GNUNET_CRYPTO_cs_private_key_get_public(const struct GNUNET_CRYPTO_CsPrivateKey *priv, struct GNUNET_CRYPTO_CsPublicKey *pub)
Extract the public key of the given private key.
Definition: crypto_cs.c:52
void GNUNET_CRYPTO_cs_unblind(const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, const struct GNUNET_CRYPTO_CsBlindingSecret *bs, struct GNUNET_CRYPTO_CsS *signature_scalar)
Unblind a blind-signed signature using a c that was blinded.
Definition: crypto_cs.c:300
void GNUNET_CRYPTO_cs_r_derive(const struct GNUNET_CRYPTO_CsNonce *nonce, const char *seed, const struct GNUNET_CRYPTO_CsPrivateKey *lts, struct GNUNET_CRYPTO_CsRSecret r[2])
Derive a new secret r pair r0 and r1.
Definition: crypto_cs.c:78
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:268
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:423
void GNUNET_CRYPTO_cs_calc_blinded_c(const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], const struct GNUNET_CRYPTO_CsRPublic r_pub[2], const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len, struct GNUNET_CRYPTO_CsC blinded_c[2], struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2])
Calculate two blinded c's Comment: One would be insecure due to Wagner's algorithm solving ROS.
Definition: crypto_cs.c:231
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32;.
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:325
unsigned int GNUNET_CRYPTO_cs_sign_derive(const struct GNUNET_CRYPTO_CsPrivateKey *priv, const struct GNUNET_CRYPTO_CsRSecret r[2], const struct GNUNET_CRYPTO_CsC c[2], const struct GNUNET_CRYPTO_CsNonce *nonce, struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar)
Sign a blinded c This function derives b from a nonce and a longterm secret In original papers b is g...
Definition: crypto_cs.c:261
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:999
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify(const struct GNUNET_CRYPTO_CsSignature *sig, const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len)
Verify whether the given message corresponds to the given signature and the signature is valid with r...
Definition: crypto_cs.c:312
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:233
void GNUNET_CRYPTO_cs_private_key_generate(struct GNUNET_CRYPTO_CsPrivateKey *priv)
Create a new random private key.
Definition: crypto_cs.c:45
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:181
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
Definition: crypto_rsa.c:144
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
Sign a blinded value, which must be a full domain hash of a message.
Definition: crypto_rsa.c:947
int GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, void **buf, size_t *buf_size)
Blinds the given message with the given blinding key.
Definition: crypto_rsa.c:790
@ GNUNET_OK
@ GNUNET_YES
@ GNUNET_NO
@ GNUNET_SYSERR
int GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_INFO
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
Definition: program.c:400
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:763
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:788
static unsigned int size
Size of the "table".
Definition: peer.c:68
const char * name
blinded s in the signature
Secret used for blinding (alpha and beta).
Schnorr c to be signed.
unsigned char nonce[256/8]
The private information of an Schnorr key pair.
The public information of an Schnorr key pair.
the public R (derived from r) used in c
the private r used in the signature
s in the signature
CS Signtature containing scalar s and point R.
struct GNUNET_CRYPTO_CsS s_scalar
Schnorr signatures are composed of a scalar s and a curve point.
struct GNUNET_CRYPTO_CsRPublic r_point
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Private ECC key encoded for transmission.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Private ECC key encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
an ECC signature using EdDSA.
Private ECC key material encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Constant-size pre-secret for blinding key generation.
The private information of an RSA key pair.
Definition: crypto_rsa.c:41
The public information of an RSA key pair.
Definition: crypto_rsa.c:53
an RSA signature
Definition: crypto_rsa.c:65
Definition of a command line option.
A 512-bit hashcode.
Sample signature struct.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose