GNUnet debian-0.24.3-3-g2b3c3659e
gnunet-crypto-tvg.c
Go to the documentation of this file.
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2020 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
51#include "platform.h"
52#include "gnunet_util_lib.h"
53#include "gnunet_signatures.h"
54#include <jansson.h>
55#include <gcrypt.h>
56
57GNUNET_NETWORK_STRUCT_BEGIN
58
64struct TestSignatureDataPS
65{
66 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
67 uint32_t testval;
68};
69
70GNUNET_NETWORK_STRUCT_END
71
72
76static int verify_flag = GNUNET_NO;
77
78
82static int global_ret = 0;
83
84
92static json_t *
93vec_for (json_t *vecs, const char *vecname)
94{
95 json_t *t = json_object ();
96
97 json_object_set_new (t,
98 "operation",
99 json_string (vecname));
100 json_array_append_new (vecs, t);
101 return t;
102}
103
104
114static void
115d2j (json_t *vec,
116 const char *label,
117 const void *data,
118 size_t size)
119{
120 char *buf;
121 json_t *json;
122
123 buf = GNUNET_STRINGS_data_to_string_alloc (data, size);
124 json = json_string (buf);
125 GNUNET_free (buf);
126 GNUNET_break (NULL != json);
127
128 json_object_set_new (vec, label, json);
129}
130
131
140static void
141uint2j (json_t *vec,
142 const char *label,
143 unsigned int num)
144{
145 json_t *json = json_integer (num);
146
147 json_object_set_new (vec, label, json);
148}
149
150
151static int
152expect_data_fixed (json_t *vec,
153 const char *name,
154 void *data,
155 size_t expect_len)
156{
157 const char *s = json_string_value (json_object_get (vec, name));
158
159 if (NULL == s)
160 return GNUNET_NO;
161
162 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s,
163 strlen (s),
164 data,
165 expect_len))
166 return GNUNET_NO;
167 return GNUNET_OK;
168}
169
170
171static int
172expect_data_dynamic (json_t *vec,
173 const char *name,
174 void **data,
175 size_t *ret_len)
176{
177 const char *s = json_string_value (json_object_get (vec, name));
178 char *tmp;
179 size_t len;
180
181 if (NULL == s)
182 return GNUNET_NO;
183
184 len = (strlen (s) * 5) / 8;
185 if (NULL != ret_len)
186 *ret_len = len;
187 tmp = GNUNET_malloc (len);
188
189 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len))
190 {
191 GNUNET_free (tmp);
192 return GNUNET_NO;
193 }
194 *data = tmp;
195 return GNUNET_OK;
196}
197
198
207static int
208checkvec (const char *operation,
209 json_t *vec)
210{
211 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
212 "checking %s\n", operation);
213
214 if (0 == strcmp (operation, "hash"))
215 {
216 void *data;
217 size_t data_len;
218 struct GNUNET_HashCode hash_out;
219 struct GNUNET_HashCode hc;
220
221 if (GNUNET_OK != expect_data_dynamic (vec,
222 "input",
223 &data,
224 &data_len))
225 {
226 GNUNET_break (0);
227 return GNUNET_SYSERR;
228 }
229 if (GNUNET_OK != expect_data_fixed (vec,
230 "output",
231 &hash_out,
232 sizeof (hash_out)))
233 {
234 GNUNET_free (data);
235 GNUNET_break (0);
236 return GNUNET_NO;
237 }
238
239 GNUNET_CRYPTO_hash (data, data_len, &hc);
240
241 if (0 != GNUNET_memcmp (&hc, &hash_out))
242 {
243 GNUNET_free (data);
244 GNUNET_break (0);
245 return GNUNET_NO;
246 }
247 GNUNET_free (data);
248 }
249 else if (0 == strcmp (operation, "ecc_ecdh"))
250 {
251 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
252 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
253 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
254 struct GNUNET_HashCode skm;
255 struct GNUNET_HashCode skm_comp;
256
257 if (GNUNET_OK != expect_data_fixed (vec,
258 "priv1",
259 &priv1,
260 sizeof (priv1)))
261 {
262 GNUNET_break (0);
263 return GNUNET_NO;
264 }
265 if (GNUNET_OK != expect_data_fixed (vec,
266 "priv2",
267 &priv2,
268 sizeof (priv2)))
269 {
270 GNUNET_break (0);
271 return GNUNET_NO;
272 }
273 if (GNUNET_OK != expect_data_fixed (vec,
274 "pub1",
275 &pub1,
276 sizeof (pub1)))
277 {
278 GNUNET_break (0);
279 return GNUNET_NO;
280 }
281 if (GNUNET_OK != expect_data_fixed (vec,
282 "skm",
283 &skm,
284 sizeof (skm)))
285 {
286 GNUNET_break (0);
287 return GNUNET_NO;
288 }
289 GNUNET_assert (GNUNET_OK ==
290 GNUNET_CRYPTO_ecc_ecdh (&priv2,
291 &pub1,
292 &skm_comp));
293 if (0 != GNUNET_memcmp (&skm, &skm_comp))
294 {
295 GNUNET_break (0);
296 return GNUNET_NO;
297 }
298 }
299 else if (0 == strcmp (operation, "eddsa_key_derivation"))
300 {
301 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
302 struct GNUNET_CRYPTO_EddsaPublicKey pub;
303 struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
304
305 if (GNUNET_OK != expect_data_fixed (vec,
306 "priv",
307 &priv,
308 sizeof (priv)))
309 {
310 GNUNET_break (0);
311 return GNUNET_NO;
312 }
313
314 if (GNUNET_OK != expect_data_fixed (vec,
315 "pub",
316 &pub,
317 sizeof (pub)))
318 {
319 GNUNET_break (0);
320 return GNUNET_NO;
321 }
322
323 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
324 &pub_comp);
325 if (0 != GNUNET_memcmp (&pub, &pub_comp))
326 {
327 GNUNET_break (0);
328 return GNUNET_NO;
329 }
330
331 }
332 else if (0 == strcmp (operation, "eddsa_signing"))
333 {
334 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
335 struct GNUNET_CRYPTO_EddsaPublicKey pub;
336 struct TestSignatureDataPS data = { 0 };
337 struct GNUNET_CRYPTO_EddsaSignature sig;
338 struct GNUNET_CRYPTO_EddsaSignature sig_comp;
339
340 if (GNUNET_OK != expect_data_fixed (vec,
341 "priv",
342 &priv,
343 sizeof (priv)))
344 {
345 GNUNET_break (0);
346 return GNUNET_NO;
347 }
348
349 if (GNUNET_OK != expect_data_fixed (vec,
350 "pub",
351 &pub,
352 sizeof (pub)))
353 {
354 GNUNET_break (0);
355 return GNUNET_NO;
356 }
357
358 if (GNUNET_OK != expect_data_fixed (vec,
359 "data",
360 &data,
361 sizeof (data)))
362 {
363 GNUNET_break (0);
364 return GNUNET_NO;
365 }
366
367 if (GNUNET_OK != expect_data_fixed (vec,
368 "sig",
369 &sig,
370 sizeof (sig)))
371 {
372 GNUNET_break (0);
373 return GNUNET_NO;
374 }
375
376 GNUNET_CRYPTO_eddsa_sign (&priv,
377 &data,
378 &sig_comp);
379 GNUNET_assert (GNUNET_OK ==
380 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
381 &data,
382 &sig,
383 &pub));
384 if (0 != GNUNET_memcmp (&sig, &sig_comp))
385 {
386 GNUNET_break (0);
387 return GNUNET_NO;
388 }
389 }
390 else if (0 == strcmp (operation, "kdf"))
391 {
392 size_t out_len;
393 void *out;
394 size_t out_len_comp;
395 void *out_comp;
396 void *ikm;
397 size_t ikm_len;
398 void *salt;
399 size_t salt_len;
400 void *ctx;
401 size_t ctx_len;
402
403 if (GNUNET_OK != expect_data_dynamic (vec,
404 "out",
405 &out,
406 &out_len))
407 {
408 GNUNET_break (0);
409 return GNUNET_SYSERR;
410 }
411
412 out_len_comp = out_len;
413 out_comp = GNUNET_malloc (out_len_comp);
414
415 if (GNUNET_OK != expect_data_dynamic (vec,
416 "ikm",
417 &ikm,
418 &ikm_len))
419 {
420 GNUNET_free (out);
421 GNUNET_free (out_comp);
422 GNUNET_break (0);
423 return GNUNET_SYSERR;
424 }
425
426 if (GNUNET_OK != expect_data_dynamic (vec,
427 "salt",
428 &salt,
429 &salt_len))
430 {
431 GNUNET_free (out);
432 GNUNET_free (out_comp);
433 GNUNET_free (ikm);
434 GNUNET_break (0);
435 return GNUNET_SYSERR;
436 }
437
438 if (GNUNET_OK != expect_data_dynamic (vec,
439 "ctx",
440 &ctx,
441 &ctx_len))
442 {
443 GNUNET_free (out);
444 GNUNET_free (out_comp);
445 GNUNET_free (ikm);
446 GNUNET_free (salt);
447 GNUNET_break (0);
448 return GNUNET_SYSERR;
449 }
450
451 GNUNET_assert (GNUNET_OK ==
452 GNUNET_CRYPTO_kdf (out_comp,
453 out_len_comp,
454 salt,
455 salt_len,
456 ikm,
457 ikm_len,
458 ctx,
459 ctx_len,
460 NULL));
461
462 if (0 != memcmp (out, out_comp, out_len))
463 {
464 GNUNET_free (out);
465 GNUNET_free (out_comp);
466 GNUNET_free (ikm);
467 GNUNET_free (salt);
468 GNUNET_free (ctx);
469 GNUNET_break (0);
470 return GNUNET_NO;
471 }
472 GNUNET_free (out);
473 GNUNET_free (out_comp);
474 GNUNET_free (ikm);
475 GNUNET_free (salt);
476 GNUNET_free (ctx);
477 }
478 else if (0 == strcmp (operation, "eddsa_ecdh"))
479 {
480 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
481 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
482 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
483 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
484 struct GNUNET_HashCode key_material;
485 struct GNUNET_HashCode key_material_comp;
486
487 if (GNUNET_OK != expect_data_fixed (vec,
488 "priv_ecdhe",
489 &priv_ecdhe,
490 sizeof (priv_ecdhe)))
491 {
492 GNUNET_break (0);
493 return GNUNET_NO;
494 }
495
496 if (GNUNET_OK != expect_data_fixed (vec,
497 "pub_ecdhe",
498 &pub_ecdhe,
499 sizeof (pub_ecdhe)))
500 {
501 GNUNET_break (0);
502 return GNUNET_NO;
503 }
504
505 if (GNUNET_OK != expect_data_fixed (vec,
506 "priv_eddsa",
507 &priv_eddsa,
508 sizeof (priv_eddsa)))
509 {
510 GNUNET_break (0);
511 return GNUNET_NO;
512 }
513
514 if (GNUNET_OK != expect_data_fixed (vec,
515 "pub_eddsa",
516 &pub_eddsa,
517 sizeof (pub_eddsa)))
518 {
519 GNUNET_break (0);
520 return GNUNET_NO;
521 }
522
523 if (GNUNET_OK != expect_data_fixed (vec,
524 "key_material",
525 &key_material,
526 sizeof (key_material)))
527 {
528 GNUNET_break (0);
529 return GNUNET_NO;
530 }
531
532 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe,
533 &pub_eddsa,
534 &key_material_comp);
535
536 if (0 != GNUNET_memcmp (&key_material,
537 &key_material_comp))
538 {
539 GNUNET_break (0);
540 return GNUNET_NO;
541 }
542 }
543 else if (0 == strcmp (operation, "rsa_blind_signing"))
544 {
545 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
546 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
547 struct GNUNET_HashCode message_hash;
548 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
549 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
550 struct GNUNET_CRYPTO_RsaSignature *sig;
551 struct GNUNET_CRYPTO_RsaBlindedMessage bm;
552 struct GNUNET_CRYPTO_RsaBlindedMessage bm_comp;
553 void *public_enc_data;
554 size_t public_enc_len;
555 void *secret_enc_data;
556 size_t secret_enc_len;
557 void *sig_enc_data;
558 size_t sig_enc_length;
559 void *sig_enc_data_comp;
560 size_t sig_enc_length_comp;
561
562 if (GNUNET_OK !=
563 expect_data_fixed (vec,
564 "message_hash",
565 &message_hash,
566 sizeof (message_hash)))
567 {
568 GNUNET_break (0);
569 return GNUNET_SYSERR;
570 }
571
572 if (GNUNET_OK !=
573 expect_data_fixed (vec,
574 "blinding_key_secret",
575 &bks,
576 sizeof (bks)))
577 {
578 GNUNET_break (0);
579 return GNUNET_SYSERR;
580 }
581
582 if (GNUNET_OK !=
583 expect_data_dynamic (vec,
584 "blinded_message",
585 &bm.blinded_msg,
586 &bm.blinded_msg_size))
587 {
588 GNUNET_break (0);
589 return GNUNET_SYSERR;
590 }
591 if (GNUNET_OK !=
592 expect_data_dynamic (vec,
593 "rsa_public_key",
594 &public_enc_data,
595 &public_enc_len))
596 {
597 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
598 GNUNET_break (0);
599 return GNUNET_SYSERR;
600 }
601 if (GNUNET_OK !=
602 expect_data_dynamic (vec,
603 "rsa_private_key",
604 &secret_enc_data,
605 &secret_enc_len))
606 {
607 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
608 GNUNET_free (public_enc_data);
609 GNUNET_break (0);
610 return GNUNET_SYSERR;
611 }
612 if (GNUNET_OK !=
613 expect_data_dynamic (vec,
614 "sig",
615 &sig_enc_data,
616 &sig_enc_length))
617 {
618 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
619 GNUNET_free (public_enc_data);
620 GNUNET_free (secret_enc_data);
621 GNUNET_break (0);
622 return GNUNET_SYSERR;
623 }
624
625 pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
626 public_enc_len);
627 GNUNET_assert (NULL != pkey);
628 skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
629 secret_enc_len);
630 GNUNET_assert (NULL != skey);
631
632 GNUNET_assert (GNUNET_YES ==
633 GNUNET_CRYPTO_rsa_blind (&message_hash,
634 sizeof (message_hash),
635 &bks,
636 pkey,
637 &bm_comp));
638 if ( (bm.blinded_msg_size !=
639 bm_comp.blinded_msg_size) ||
640 (0 != memcmp (bm.blinded_msg,
641 bm_comp.blinded_msg,
642 bm.blinded_msg_size)) )
643 {
644 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
645 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
646 GNUNET_free (public_enc_data);
647 GNUNET_free (secret_enc_data);
648 GNUNET_free (sig_enc_data);
649 GNUNET_CRYPTO_rsa_private_key_free (skey);
650 GNUNET_CRYPTO_rsa_public_key_free (pkey);
651 GNUNET_break (0);
652 return GNUNET_NO;
653 }
654 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
655 &bm);
656 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
657 &bks,
658 pkey);
659 GNUNET_assert (GNUNET_YES ==
660 GNUNET_CRYPTO_rsa_verify (&message_hash,
661 sizeof (message_hash),
662 sig,
663 pkey));
664 GNUNET_free (public_enc_data);
665 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
666 &public_enc_data);
667 sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
668 &sig_enc_data_comp
669 );
670
671 if ( (sig_enc_length != sig_enc_length_comp) ||
672 (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
673 {
674 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
675 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
676 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
677 GNUNET_free (public_enc_data);
678 GNUNET_free (secret_enc_data);
679 GNUNET_free (sig_enc_data);
680 GNUNET_free (sig_enc_data_comp);
681 GNUNET_CRYPTO_rsa_private_key_free (skey);
682 GNUNET_CRYPTO_rsa_signature_free (sig);
683 GNUNET_CRYPTO_rsa_public_key_free (pkey);
684 GNUNET_break (0);
685 return GNUNET_NO;
686 }
687 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
688 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
689 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
690 GNUNET_free (public_enc_data);
691 GNUNET_free (secret_enc_data);
692 GNUNET_free (sig_enc_data);
693 GNUNET_free (sig_enc_data_comp);
694 GNUNET_CRYPTO_rsa_signature_free (sig);
695 GNUNET_CRYPTO_rsa_public_key_free (pkey);
696 GNUNET_CRYPTO_rsa_private_key_free (skey);
697 }
698 else if (0 == strcmp (operation, "cs_blind_signing"))
699 {
700 struct GNUNET_CRYPTO_CsPrivateKey priv;
701 struct GNUNET_CRYPTO_CsPublicKey pub;
702 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
703 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
704 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
705 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
706 struct GNUNET_CRYPTO_CsC c[2];
707 struct GNUNET_CRYPTO_CsS signature_scalar;
708 struct GNUNET_CRYPTO_CsBlindS blinded_s;
709 struct GNUNET_CRYPTO_CsSignature sig;
710 struct GNUNET_CRYPTO_CsSessionNonce snonce;
711 struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
712 struct GNUNET_HashCode message_hash;
713 unsigned int b;
714
715 if (GNUNET_OK != expect_data_fixed (vec,
716 "message_hash",
717 &message_hash,
718 sizeof (message_hash)))
719 {
720 GNUNET_break (0);
721 return GNUNET_SYSERR;
722 }
723 if (GNUNET_OK != expect_data_fixed (vec,
724 "cs_public_key",
725 &pub,
726 sizeof (pub)))
727 {
728 GNUNET_break (0);
729 return GNUNET_SYSERR;
730 }
731
732 if (GNUNET_OK !=
733 expect_data_fixed (vec,
734 "cs_private_key",
735 &priv,
736 sizeof (priv)))
737 {
738 GNUNET_break (0);
739 return GNUNET_SYSERR;
740 }
741 if (GNUNET_OK !=
742 expect_data_fixed (vec,
743 "cs_nonce",
744 &snonce,
745 sizeof (snonce)))
746 {
747 GNUNET_break (0);
748 return GNUNET_SYSERR;
749 }
750 /* historically, the tvg used the same nonce for
751 both, which is HORRIBLE for production, but
752 maybe OK for TVG... */
753 memcpy (&bnonce,
754 &snonce,
755 sizeof (snonce));
756 if (GNUNET_OK !=
757 expect_data_fixed (vec,
758 "cs_r_priv_0",
759 &r_priv[0],
760 sizeof (r_priv[0])))
761 {
762 GNUNET_break (0);
763 return GNUNET_SYSERR;
764 }
765 if (GNUNET_OK != expect_data_fixed (vec,
766 "cs_r_priv_1",
767 &r_priv[1],
768 sizeof (r_priv[1])))
769 {
770 GNUNET_break (0);
771 return GNUNET_SYSERR;
772 }
773 if (GNUNET_OK != expect_data_fixed (vec,
774 "cs_r_pub_0",
775 &r_pub[0],
776 sizeof (r_pub[0])))
777 {
778 GNUNET_break (0);
779 return GNUNET_SYSERR;
780 }
781 if (GNUNET_OK != expect_data_fixed (vec,
782 "cs_r_pub_1",
783 &r_pub[1],
784 sizeof (r_pub[1])))
785 {
786 GNUNET_break (0);
787 return GNUNET_SYSERR;
788 }
789
790 if (GNUNET_OK != expect_data_fixed (vec,
791 "cs_bs_alpha_0",
792 &bs[0].alpha,
793 sizeof (bs[0].alpha)))
794 {
795 GNUNET_break (0);
796 return GNUNET_SYSERR;
797 }
798 if (GNUNET_OK != expect_data_fixed (vec,
799 "cs_bs_alpha_1",
800 &bs[1].alpha,
801 sizeof (bs[1].alpha)))
802 {
803 GNUNET_break (0);
804 return GNUNET_SYSERR;
805 }
806 if (GNUNET_OK != expect_data_fixed (vec,
807 "cs_bs_beta_0",
808 &bs[0].beta,
809 sizeof (bs[0].beta)))
810 {
811 GNUNET_break (0);
812 return GNUNET_SYSERR;
813 }
814 if (GNUNET_OK !=
815 expect_data_fixed (vec,
816 "cs_bs_beta_1",
817 &bs[1].beta,
818 sizeof (bs[1].beta)))
819 {
820 GNUNET_break (0);
821 return GNUNET_SYSERR;
822 }
823 if (GNUNET_OK !=
824 expect_data_fixed (vec,
825 "cs_r_pub_blind_0",
826 &r_pub_blind.r_pub[0],
827 sizeof (r_pub_blind.r_pub[0])))
828 {
829 GNUNET_break (0);
830 return GNUNET_SYSERR;
831 }
832 if (GNUNET_OK !=
833 expect_data_fixed (vec,
834 "cs_r_pub_blind_1",
835 &r_pub_blind.r_pub[1],
836 sizeof (r_pub_blind.r_pub[1])))
837 {
838 GNUNET_break (0);
839 return GNUNET_SYSERR;
840 }
841 if (GNUNET_OK !=
842 expect_data_fixed (vec,
843 "cs_c_0",
844 &c[0],
845 sizeof (c[0])))
846 {
847 GNUNET_break (0);
848 return GNUNET_SYSERR;
849 }
850 if (GNUNET_OK != expect_data_fixed (vec,
851 "cs_c_1",
852 &c[1],
853 sizeof (c[1])))
854 {
855 GNUNET_break (0);
856 return GNUNET_SYSERR;
857 }
858 if (GNUNET_OK != expect_data_fixed (vec,
859 "cs_blind_s",
860 &blinded_s,
861 sizeof (blinded_s)))
862 {
863 GNUNET_break (0);
864 return GNUNET_SYSERR;
865 }
866 if (GNUNET_OK != expect_data_fixed (vec,
867 "cs_b",
868 &b,
869 sizeof (b)))
870 {
871 GNUNET_break (0);
872 return GNUNET_SYSERR;
873 }
874 if (GNUNET_OK != expect_data_fixed (vec,
875 "cs_sig_s",
876 &signature_scalar,
877 sizeof (signature_scalar)))
878 {
879 GNUNET_break (0);
880 return GNUNET_SYSERR;
881 }
882 sig.s_scalar = signature_scalar;
883 if (GNUNET_OK != expect_data_fixed (vec,
884 "cs_sig_R",
885 &sig.r_point,
886 sizeof (sig.r_point)))
887 {
888 GNUNET_break (0);
889 return GNUNET_SYSERR;
890 }
891
892 if ((b != 1) && (b != 0))
893 {
894 GNUNET_break (0);
895 return GNUNET_SYSERR;
896 }
897 {
898 struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2];
899 struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2];
900 struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2];
901 struct GNUNET_CRYPTO_CsC c_comp[2];
902 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind_comp;
903 struct GNUNET_CRYPTO_CsBlindSignature blinded_s_comp;
904 struct GNUNET_CRYPTO_CsS signature_scalar_comp;
905 struct GNUNET_CRYPTO_CsSignature sig_comp;
906
907 GNUNET_CRYPTO_cs_r_derive (&snonce,
908 "rw",
909 &priv,
910 r_priv_comp);
911 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0],
912 &r_pub_comp[0]);
913 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1],
914 &r_pub_comp[1]);
915 GNUNET_assert (0 == memcmp (&r_priv_comp,
916 &r_priv,
917 sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2));
918 GNUNET_assert (0 == memcmp (&r_pub_comp,
919 &r_pub,
920 sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
921
922 GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce,
923 bs_comp);
924 GNUNET_assert (0 ==
925 memcmp (&bs_comp,
926 &bs,
927 sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
928 * 2));
929 GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp,
930 r_pub_comp,
931 &pub,
932 &message_hash,
933 sizeof(message_hash),
934 c_comp,
935 &r_pub_blind_comp);
936 GNUNET_assert (0 ==
937 memcmp (&c_comp,
938 &c,
939 sizeof(struct GNUNET_CRYPTO_CsC) * 2));
940 GNUNET_assert (0 ==
941 GNUNET_memcmp (&r_pub_blind_comp,
942 &r_pub_blind));
943 {
944 struct GNUNET_CRYPTO_CsBlindedMessage bm = {
945 .c[0] = c_comp[0],
946 .c[1] = c_comp[1],
947 .nonce = snonce
948 };
949
950 GNUNET_CRYPTO_cs_sign_derive (&priv,
951 r_priv_comp,
952 &bm,
953 &blinded_s_comp);
954 }
955 GNUNET_assert (0 ==
956 GNUNET_memcmp (&blinded_s_comp.s_scalar,
957 &blinded_s));
958 GNUNET_assert (b == blinded_s_comp.b);
959 GNUNET_CRYPTO_cs_unblind (&blinded_s_comp.s_scalar,
960 &bs_comp[b],
961 &signature_scalar_comp);
962 GNUNET_assert (0 ==
963 GNUNET_memcmp (&signature_scalar_comp,
964 &signature_scalar));
965 sig_comp.r_point = r_pub_blind_comp.r_pub[b];
966 sig_comp.s_scalar = signature_scalar_comp;
967 GNUNET_assert (0 == memcmp (&sig_comp,
968 &sig,
969 sizeof(sig_comp)));
970 if (GNUNET_OK !=
971 GNUNET_CRYPTO_cs_verify (&sig_comp,
972 &pub,
973 &message_hash,
974 sizeof(message_hash)))
975 {
976 GNUNET_break (0);
977 return GNUNET_SYSERR;
978 }
979 }
980 }
981 else
982 {
983 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
984 "unsupported operation '%s'\n", operation);
985 }
986
987 return GNUNET_OK;
988}
989
990
996static int
997check_vectors ()
998{
999 json_error_t err;
1000 json_t *vecfile = json_loadf (stdin, 0, &err);
1001 const char *encoding;
1002 json_t *vectors;
1003
1004 if (NULL == vecfile)
1005 {
1006 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
1007 return 1;
1008 }
1009 encoding = json_string_value (json_object_get (vecfile,
1010 "encoding"));
1011 if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
1012 {
1013 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
1014 json_decref (vecfile);
1015 return 1;
1016 }
1017 vectors = json_object_get (vecfile, "vectors");
1018 if (! json_is_array (vectors))
1019 {
1020 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
1021 json_decref (vecfile);
1022 return 1;
1023 }
1024 {
1025 /* array is a JSON array */
1026 size_t index;
1027 json_t *value;
1028 enum GNUNET_GenericReturnValue ret = GNUNET_OK;
1029
1030 json_array_foreach (vectors, index, value) {
1031 const char *op = json_string_value (json_object_get (value,
1032 "operation"));
1033
1034 if (NULL == op)
1035 {
1036 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1037 "missing operation\n");
1038 ret = GNUNET_SYSERR;
1039 break;
1040 }
1041 ret = checkvec (op, value);
1042 if (GNUNET_OK != ret)
1043 {
1044 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1045 "bad vector %u\n",
1046 (unsigned int) index);
1047 break;
1048 }
1049 }
1050 json_decref (vecfile);
1051 return (ret == GNUNET_OK) ? 0 : 1;
1052 }
1053}
1054
1055
1061static int
1062output_vectors ()
1063{
1064 json_t *vecfile = json_object ();
1065 json_t *vecs = json_array ();
1066
1067 json_object_set_new (vecfile,
1068 "encoding",
1069 json_string ("base32crockford"));
1070 json_object_set_new (vecfile,
1071 "producer",
1072 json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
1073 json_object_set_new (vecfile,
1074 "vectors",
1075 vecs);
1076
1077 {
1078 json_t *vec = vec_for (vecs, "hash");
1079 struct GNUNET_HashCode hc;
1080 const char *str = "Hello, GNUnet";
1081
1082 GNUNET_CRYPTO_hash (str, strlen (str), &hc);
1083
1084 d2j (vec, "input", str, strlen (str));
1085 d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
1086 }
1087 {
1088 json_t *vec = vec_for (vecs, "ecc_ecdh");
1089 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
1090 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
1091 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
1092 struct GNUNET_HashCode skm;
1093
1094 GNUNET_CRYPTO_ecdhe_key_create (&priv1);
1095 GNUNET_CRYPTO_ecdhe_key_create (&priv2);
1096 GNUNET_CRYPTO_ecdhe_key_get_public (&priv1,
1097 &pub1);
1098 GNUNET_assert (GNUNET_OK ==
1099 GNUNET_CRYPTO_ecc_ecdh (&priv2,
1100 &pub1,
1101 &skm));
1102
1103 d2j (vec,
1104 "priv1",
1105 &priv1,
1106 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1107 d2j (vec,
1108 "pub1",
1109 &pub1,
1110 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1111 d2j (vec,
1112 "priv2",
1113 &priv2,
1114 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1115 d2j (vec,
1116 "skm",
1117 &skm,
1118 sizeof (struct GNUNET_HashCode));
1119 }
1120
1121 {
1122 json_t *vec = vec_for (vecs, "eddsa_key_derivation");
1123 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1124 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1125
1126 GNUNET_CRYPTO_eddsa_key_create (&priv);
1127 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1128 &pub);
1129
1130 d2j (vec,
1131 "priv",
1132 &priv,
1133 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1134 d2j (vec,
1135 "pub",
1136 &pub,
1137 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1138 }
1139 {
1140 json_t *vec = vec_for (vecs, "eddsa_signing");
1141 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1142 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1143 struct GNUNET_CRYPTO_EddsaSignature sig;
1144 struct TestSignatureDataPS data = { 0 };
1145
1146 GNUNET_CRYPTO_eddsa_key_create (&priv);
1147 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1148 &pub);
1149 data.purpose.size = htonl (sizeof (data));
1150 data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
1151 GNUNET_CRYPTO_eddsa_sign (&priv,
1152 &data,
1153 &sig);
1154 GNUNET_assert (GNUNET_OK ==
1155 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
1156 &data,
1157 &sig,
1158 &pub));
1159
1160 d2j (vec,
1161 "priv",
1162 &priv,
1163 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1164 d2j (vec,
1165 "pub",
1166 &pub,
1167 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1168 d2j (vec,
1169 "data",
1170 &data,
1171 sizeof (struct TestSignatureDataPS));
1172 d2j (vec,
1173 "sig",
1174 &sig,
1175 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
1176 }
1177
1178 {
1179 json_t *vec = vec_for (vecs, "kdf");
1180 size_t out_len = 64;
1181 char out[out_len];
1182 const char *ikm = "I'm the secret input key material";
1183 const char *salt = "I'm very salty";
1184 const char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
1185
1186 GNUNET_assert (GNUNET_OK ==
1187 GNUNET_CRYPTO_kdf (&out,
1188 out_len,
1189 salt,
1190 strlen (salt),
1191 ikm,
1192 strlen (ikm),
1193 ctx,
1194 strlen (ctx),
1195 NULL));
1196
1197 d2j (vec,
1198 "salt",
1199 salt,
1200 strlen (salt));
1201 d2j (vec,
1202 "ikm",
1203 ikm,
1204 strlen (ikm));
1205 d2j (vec,
1206 "ctx",
1207 ctx,
1208 strlen (ctx));
1209 uint2j (vec,
1210 "out_len",
1211 (unsigned int) out_len);
1212 d2j (vec,
1213 "out",
1214 out,
1215 out_len);
1216 }
1217 {
1218 json_t *vec = vec_for (vecs, "eddsa_ecdh");
1219 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
1220 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
1221 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
1222 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
1223 struct GNUNET_HashCode key_material;
1224
1225 GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
1226 GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
1227 GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
1228 GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
1229 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
1230
1231 d2j (vec, "priv_ecdhe",
1232 &priv_ecdhe,
1233 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1234 d2j (vec, "pub_ecdhe",
1235 &pub_ecdhe,
1236 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1237 d2j (vec, "priv_eddsa",
1238 &priv_eddsa,
1239 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1240 d2j (vec, "pub_eddsa",
1241 &pub_eddsa,
1242 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1243 d2j (vec, "key_material",
1244 &key_material,
1245 sizeof (struct GNUNET_HashCode));
1246 }
1247
1248 {
1249 json_t *vec = vec_for (vecs, "edx25519_derive");
1250 struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx;
1251 struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx;
1252 struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx;
1253 struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx;
1254 struct GNUNET_HashCode seed;
1255
1256 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1257 &seed,
1258 sizeof (struct GNUNET_HashCode));
1259 GNUNET_CRYPTO_edx25519_key_create (&priv1_edx);
1260 GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx);
1261 GNUNET_CRYPTO_edx25519_private_key_derive (&priv1_edx,
1262 &seed,
1263 sizeof (seed),
1264 &priv2_edx);
1265 GNUNET_CRYPTO_edx25519_public_key_derive (&pub1_edx,
1266 &seed,
1267 sizeof (seed),
1268 &pub2_edx);
1269
1270 d2j (vec, "priv1_edx",
1271 &priv1_edx,
1272 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1273 d2j (vec, "pub1_edx",
1274 &pub1_edx,
1275 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1276 d2j (vec, "seed",
1277 &seed,
1278 sizeof (struct GNUNET_HashCode));
1279 d2j (vec, "priv2_edx",
1280 &priv2_edx,
1281 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1282 d2j (vec, "pub2_edx",
1283 &pub2_edx,
1284 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1285 }
1286
1287 {
1288 json_t *vec = vec_for (vecs, "rsa_blind_signing");
1289
1290 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
1291 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
1292 struct GNUNET_HashCode message_hash;
1293 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
1294 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
1295 struct GNUNET_CRYPTO_RsaSignature *sig;
1296 struct GNUNET_CRYPTO_RsaBlindedMessage bm;
1297 void *public_enc_data;
1298 size_t public_enc_len;
1299 void *secret_enc_data;
1300 size_t secret_enc_len;
1301 void *blinded_sig_enc_data;
1302 size_t blinded_sig_enc_length;
1303 void *sig_enc_data;
1304 size_t sig_enc_length;
1305
1306 skey = GNUNET_CRYPTO_rsa_private_key_create (2048);
1307 pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey);
1308 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1309 &message_hash,
1310 sizeof (struct GNUNET_HashCode));
1311 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1312 &bks,
1313 sizeof (struct
1314 GNUNET_CRYPTO_RsaBlindingKeySecret));
1315 GNUNET_assert (GNUNET_YES ==
1316 GNUNET_CRYPTO_rsa_blind (&message_hash,
1317 sizeof (message_hash),
1318 &bks,
1319 pkey,
1320 &bm));
1321 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
1322 &bm);
1323 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
1324 &bks,
1325 pkey);
1326 GNUNET_assert (GNUNET_YES ==
1327 GNUNET_CRYPTO_rsa_verify (&message_hash,
1328 sizeof (message_hash),
1329 sig,
1330 pkey));
1331 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
1332 &public_enc_data);
1333 secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
1334 &secret_enc_data);
1335 blinded_sig_enc_length
1336 = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
1337 &blinded_sig_enc_data);
1338 sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig,
1339 &sig_enc_data);
1340 d2j (vec,
1341 "message_hash",
1342 &message_hash,
1343 sizeof (struct GNUNET_HashCode));
1344 d2j (vec,
1345 "rsa_public_key",
1346 public_enc_data,
1347 public_enc_len);
1348 d2j (vec,
1349 "rsa_private_key",
1350 secret_enc_data,
1351 secret_enc_len);
1352 d2j (vec,
1353 "blinding_key_secret",
1354 &bks,
1355 sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
1356 d2j (vec,
1357 "blinded_message",
1358 bm.blinded_msg,
1359 bm.blinded_msg_size);
1360 d2j (vec,
1361 "blinded_sig",
1362 blinded_sig_enc_data,
1363 blinded_sig_enc_length);
1364 d2j (vec,
1365 "sig",
1366 sig_enc_data,
1367 sig_enc_length);
1368 GNUNET_CRYPTO_rsa_private_key_free (skey);
1369 GNUNET_CRYPTO_rsa_public_key_free (pkey);
1370 GNUNET_CRYPTO_rsa_signature_free (sig);
1371 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
1372 GNUNET_free (public_enc_data);
1373 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
1374 GNUNET_free (sig_enc_data);
1375 GNUNET_free (blinded_sig_enc_data);
1376 GNUNET_free (secret_enc_data);
1377 }
1378
1379 {
1380 json_t *vec = vec_for (vecs, "cs_blind_signing");
1381
1382 struct GNUNET_CRYPTO_CsPrivateKey priv;
1383 struct GNUNET_CRYPTO_CsPublicKey pub;
1384 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
1385 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
1386 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
1387 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
1388 struct GNUNET_CRYPTO_CsC c[2];
1389 struct GNUNET_CRYPTO_CsS signature_scalar;
1390 struct GNUNET_CRYPTO_CsBlindSignature blinded_s;
1391 struct GNUNET_CRYPTO_CsSignature sig;
1392 struct GNUNET_CRYPTO_CsSessionNonce snonce;
1393 struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
1394 struct GNUNET_HashCode message_hash;
1395
1396 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1397 &message_hash,
1398 sizeof (struct GNUNET_HashCode));
1399
1400 GNUNET_CRYPTO_cs_private_key_generate (&priv);
1401 GNUNET_CRYPTO_cs_private_key_get_public (&priv,
1402 &pub);
1403 GNUNET_assert (GNUNET_YES ==
1404 GNUNET_CRYPTO_hkdf_gnunet (&snonce,
1405 sizeof(snonce),
1406 "nonce",
1407 strlen ("nonce"),
1408 "nonce_secret",
1409 strlen ("nonce_secret"),
1410 NULL,
1411 0));
1412 /* NOTE: historically, we made the bad choice of
1413 making both nonces the same. Maybe barely OK
1414 for the TGV, not good for production! */
1415 memcpy (&bnonce,
1416 &snonce,
1417 sizeof (snonce));
1418 GNUNET_CRYPTO_cs_r_derive (&snonce,
1419 "rw",
1420 &priv,
1421 r_priv);
1422 GNUNET_CRYPTO_cs_r_get_public (&r_priv[0],
1423 &r_pub[0]);
1424 GNUNET_CRYPTO_cs_r_get_public (&r_priv[1],
1425 &r_pub[1]);
1426 GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce,
1427 bs);
1428 GNUNET_CRYPTO_cs_calc_blinded_c (bs,
1429 r_pub,
1430 &pub,
1431 &message_hash,
1432 sizeof(message_hash),
1433 c,
1434 &r_pub_blind);
1435 {
1436 struct GNUNET_CRYPTO_CsBlindedMessage bm = {
1437 .c[0] = c[0],
1438 .c[1] = c[1],
1439 .nonce = snonce
1440 };
1441
1442 GNUNET_CRYPTO_cs_sign_derive (&priv,
1443 r_priv,
1444 &bm,
1445 &blinded_s);
1446 }
1447 GNUNET_CRYPTO_cs_unblind (&blinded_s.s_scalar,
1448 &bs[blinded_s.b],
1449 &signature_scalar);
1450 sig.r_point = r_pub_blind.r_pub[blinded_s.b];
1451 sig.s_scalar = signature_scalar;
1452 if (GNUNET_OK !=
1453 GNUNET_CRYPTO_cs_verify (&sig,
1454 &pub,
1455 &message_hash,
1456 sizeof(message_hash)))
1457 {
1458 GNUNET_break (0);
1459 return GNUNET_SYSERR;
1460 }
1461 d2j (vec,
1462 "message_hash",
1463 &message_hash,
1464 sizeof (struct GNUNET_HashCode));
1465 d2j (vec,
1466 "cs_public_key",
1467 &pub,
1468 sizeof(pub));
1469 d2j (vec,
1470 "cs_private_key",
1471 &priv,
1472 sizeof(priv));
1473 d2j (vec,
1474 "cs_nonce",
1475 &snonce,
1476 sizeof(snonce));
1477 d2j (vec,
1478 "cs_r_priv_0",
1479 &r_priv[0],
1480 sizeof(r_priv[0]));
1481 d2j (vec,
1482 "cs_r_priv_1",
1483 &r_priv[1],
1484 sizeof(r_priv[1]));
1485 d2j (vec,
1486 "cs_r_pub_0",
1487 &r_pub[0],
1488 sizeof(r_pub[0]));
1489 d2j (vec,
1490 "cs_r_pub_1",
1491 &r_pub[1],
1492 sizeof(r_pub[1]));
1493 d2j (vec,
1494 "cs_bs_alpha_0",
1495 &bs[0].alpha,
1496 sizeof(bs[0].alpha));
1497 d2j (vec,
1498 "cs_bs_alpha_1",
1499 &bs[1].alpha,
1500 sizeof(bs[1].alpha));
1501 d2j (vec,
1502 "cs_bs_beta_0",
1503 &bs[0].beta,
1504 sizeof(bs[0].beta));
1505 d2j (vec,
1506 "cs_bs_beta_1",
1507 &bs[1].beta,
1508 sizeof(bs[1].beta));
1509 d2j (vec,
1510 "cs_r_pub_blind_0",
1511 &r_pub_blind.r_pub[0],
1512 sizeof(r_pub_blind.r_pub[0]));
1513 d2j (vec,
1514 "cs_r_pub_blind_1",
1515 &r_pub_blind.r_pub[1],
1516 sizeof(r_pub_blind.r_pub[1]));
1517 d2j (vec,
1518 "cs_c_0",
1519 &c[0],
1520 sizeof(c[0]));
1521 d2j (vec,
1522 "cs_c_1",
1523 &c[1],
1524 sizeof(c[1]));
1525 d2j (vec,
1526 "cs_blind_s",
1527 &blinded_s,
1528 sizeof(blinded_s));
1529 d2j (vec,
1530 "cs_b",
1531 &blinded_s.b,
1532 sizeof(blinded_s.b));
1533 d2j (vec,
1534 "cs_sig_s",
1535 &signature_scalar,
1536 sizeof(signature_scalar));
1537 d2j (vec,
1538 "cs_sig_R",
1539 &r_pub_blind.r_pub[blinded_s.b],
1540 sizeof(r_pub_blind.r_pub[blinded_s.b]));
1541 }
1542
1543 json_dumpf (vecfile, stdout, JSON_INDENT (2));
1544 json_decref (vecfile);
1545 printf ("\n");
1546
1547 return 0;
1548}
1549
1550
1559static void
1560run (void *cls,
1561 char *const *args,
1562 const char *cfgfile,
1563 const struct GNUNET_CONFIGURATION_Handle *cfg)
1564{
1565 if (GNUNET_YES == verify_flag)
1566 global_ret = check_vectors ();
1567 else
1568 global_ret = output_vectors ();
1569}
1570
1571
1579int
1580main (int argc,
1581 char *const *argv)
1582{
1583 const struct GNUNET_GETOPT_CommandLineOption options[] = {
1584 GNUNET_GETOPT_option_flag ('V',
1585 "verify",
1586 gettext_noop (
1587 "verify a test vector from stdin"),
1588 &verify_flag),
1589 GNUNET_GETOPT_OPTION_END
1590 };
1591
1592 GNUNET_assert (GNUNET_OK ==
1593 GNUNET_log_setup ("gnunet-crypto-tvg",
1594 "INFO",
1595 NULL));
1596 if (GNUNET_OK !=
1597 GNUNET_PROGRAM_run (GNUNET_OS_project_data_gnunet (),
1598 argc, argv,
1599 "gnunet-crypto-tvg",
1600 "Generate test vectors for cryptographic operations",
1601 options,
1602 &run, NULL))
1603 return 1;
1604 return global_ret;
1605}
1606
1607
1608/* end of gnunet-crypto-tvg.c */
GNUNET_GETOPT_OPTION_END
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
options
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
gettext_noop
#define gettext_noop(String)
Definition: gettext.h:74
op
static struct GNUNET_ARM_Operation * op
Current operation.
Definition: gnunet-arm.c:143
ret
static int ret
Final status code.
Definition: gnunet-arm.c:93
cfg
static struct GNUNET_CONFIGURATION_Handle * cfg
Our configuration.
Definition: gnunet-arm.c:108
expect_data_fixed
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
Definition: gnunet-crypto-tvg.c:152
verify_flag
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
Definition: gnunet-crypto-tvg.c:76
vec_for
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
Definition: gnunet-crypto-tvg.c:93
uint2j
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
Definition: gnunet-crypto-tvg.c:141
global_ret
static int global_ret
Global exit code.
Definition: gnunet-crypto-tvg.c:82
expect_data_dynamic
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
Definition: gnunet-crypto-tvg.c:172
d2j
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
Definition: gnunet-crypto-tvg.c:115
check_vectors
static int check_vectors()
Check test vectors from stdin.
Definition: gnunet-crypto-tvg.c:997
run
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
Definition: gnunet-crypto-tvg.c:1560
main
int main(int argc, char *const *argv)
The main function of the test vector generation tool.
Definition: gnunet-crypto-tvg.c:1580
output_vectors
static int output_vectors()
Output test vectors.
Definition: gnunet-crypto-tvg.c:1062
checkvec
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
Definition: gnunet-crypto-tvg.c:208
data
static char * data
The data to insert into the dht.
Definition: gnunet-dht-put.c:88
ctx
static struct GNUNET_FS_Handle * ctx
Definition: gnunet-download.c:40
seed
static uint8_t seed
Definition: gnunet-elligator-tvg.c:32
pkey
static char * pkey
Public key of the zone to look in, in ASCII.
Definition: gnunet-namecache.c:58
name
static char * name
Name (label) of the records to list.
Definition: gnunet-namecache.c:48
value
static char * value
Value of the record to add/remove.
Definition: gnunet-namestore.c:271
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:47
salt
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calculations.
Definition: gnunet-scrypt.c:34
beta
static float beta
Percentage of total peer number in the view to send random PULLs to.
Definition: gnunet-service-rps.c:494
alpha
static float alpha
Percentage of total peer number in the view to send random PUSHes to.
Definition: gnunet-service-rps.c:488
t
static struct GNUNET_SCHEDULER_Task * t
Main task.
Definition: gnunet-zoneimport.c:293
gnunet_signatures.h
GNUNET_SIGNATURE_PURPOSE_TEST
#define GNUNET_SIGNATURE_PURPOSE_TEST
WARNING: This header is generated! In order to add a signature purpose, you must register them in GAN...
Definition: gnunet_signatures.h:52
gnunet_util_lib.h
GNUNET_CRYPTO_ecc_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:732
GNUNET_CRYPTO_ecdhe_key_create
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:454
GNUNET_CRYPTO_edx25519_key_get_public
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_edx25519.c:79
GNUNET_CRYPTO_edx25519_private_key_derive
void GNUNET_CRYPTO_edx25519_private_key_derive(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
Derive a private scalar from a given private key and a label.
Definition: crypto_edx25519.c:245
GNUNET_CRYPTO_edx25519_public_key_derive
void GNUNET_CRYPTO_edx25519_public_key_derive(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
Derive a public key from a given public key and a label.
Definition: crypto_edx25519.c:339
GNUNET_CRYPTO_random_block
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Definition: crypto_random.c:133
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:201
GNUNET_CRYPTO_eddsa_key_create
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:480
GNUNET_CRYPTO_ecdh_eddsa
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:823
GNUNET_CRYPTO_edx25519_key_create
void GNUNET_CRYPTO_edx25519_key_create(struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key.
Definition: crypto_edx25519.c:65
GNUNET_CRYPTO_eddsa_sign
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
Definition: gnunet_crypto_lib.h:2810
GNUNET_CRYPTO_eddsa_verify
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
Definition: gnunet_crypto_lib.h:2972
GNUNET_CRYPTO_ecdhe_key_get_public
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:217
GNUNET_CRYPTO_QUALITY_WEAK
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
Definition: gnunet_crypto_lib.h:91
GNUNET_GETOPT_option_flag
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
Definition: getopt_helpers.c:313
GNUNET_CRYPTO_hash
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
GNUNET_CRYPTO_hkdf_gnunet
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_gnunet(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
A peculiar HKDF instantiation that tried to mimic Truncated NMAC.
Definition: crypto_hkdf.c:199
GNUNET_CRYPTO_kdf
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:62
GNUNET_NETWORK_STRUCT_BEGIN
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32.
Definition: gnunet_common.h:269
GNUNET_log
#define GNUNET_log(kind,...)
Definition: gnunet_common.h:548
GNUNET_CRYPTO_rsa_signature_free
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
Definition: crypto_rsa.c:1015
GNUNET_CRYPTO_rsa_blind
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_blind(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Blinds the given message with the given blinding key.
Definition: crypto_rsa.c:807
GNUNET_CRYPTO_cs_r_get_public
void GNUNET_CRYPTO_cs_r_get_public(const struct GNUNET_CRYPTO_CsRSecret *r_priv, struct GNUNET_CRYPTO_CsRPublic *r_pub)
Extract the public R of the given secret r.
Definition: crypto_cs.c:98
GNUNET_CRYPTO_rsa_private_key_create
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
Definition: crypto_rsa.c:144
GNUNET_CRYPTO_rsa_private_key_free
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:173
GNUNET_CRYPTO_cs_r_derive
void GNUNET_CRYPTO_cs_r_derive(const struct GNUNET_CRYPTO_CsSessionNonce *nonce, const char *seed, const struct GNUNET_CRYPTO_CsPrivateKey *lts, struct GNUNET_CRYPTO_CsRSecret r[2])
Derive a new secret r pair r0 and r1.
Definition: crypto_cs.c:79
GNUNET_CRYPTO_rsa_public_key_decode
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:423
GNUNET_CRYPTO_cs_private_key_get_public
void GNUNET_CRYPTO_cs_private_key_get_public(const struct GNUNET_CRYPTO_CsPrivateKey *priv, struct GNUNET_CRYPTO_CsPublicKey *pub)
Extract the public key of the given private key.
Definition: crypto_cs.c:52
GNUNET_CRYPTO_cs_unblind
void GNUNET_CRYPTO_cs_unblind(const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, const struct GNUNET_CRYPTO_CsBlindingSecret *bs, struct GNUNET_CRYPTO_CsS *signature_scalar)
Unblind a blind-signed signature using a c that was blinded.
Definition: crypto_cs.c:318
GNUNET_CRYPTO_rsa_blinded_message_free
void GNUNET_CRYPTO_rsa_blinded_message_free(struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Free memory occupied by blinded message.
Definition: crypto_rsa.c:799
GNUNET_CRYPTO_rsa_private_key_decode
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:204
GNUNET_CRYPTO_rsa_public_key_free
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:268
GNUNET_NETWORK_STRUCT_END
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32;.
Definition: gnunet_common.h:274
GNUNET_CRYPTO_cs_calc_blinded_c
void GNUNET_CRYPTO_cs_calc_blinded_c(const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], const struct GNUNET_CRYPTO_CsRPublic r_pub[2], const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len, struct GNUNET_CRYPTO_CsC blinded_c[2], struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind)
Calculate two blinded c's.
Definition: crypto_cs.c:240
GNUNET_CRYPTO_rsa_public_key_encode
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:325
GNUNET_memcmp
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
Definition: gnunet_common.h:1247
GNUNET_CRYPTO_rsa_signature_encode
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:1023
GNUNET_CRYPTO_rsa_sign_blinded
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Sign a blinded value, which must be a full domain hash of a message.
Definition: crypto_rsa.c:970
GNUNET_CRYPTO_cs_verify
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify(const struct GNUNET_CRYPTO_CsSignature *sig, const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len)
Verify whether the given message corresponds to the given signature and the signature is valid with r...
Definition: crypto_cs.c:330
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:108
GNUNET_CRYPTO_rsa_unblind
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
Definition: crypto_rsa.c:1118
GNUNET_CRYPTO_rsa_private_key_get_public
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:233
GNUNET_CRYPTO_cs_sign_derive
void GNUNET_CRYPTO_cs_sign_derive(const struct GNUNET_CRYPTO_CsPrivateKey *priv, const struct GNUNET_CRYPTO_CsRSecret r[2], const struct GNUNET_CRYPTO_CsBlindedMessage *bm, struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig)
Sign a blinded c.
Definition: crypto_cs.c:284
GNUNET_CRYPTO_cs_private_key_generate
void GNUNET_CRYPTO_cs_private_key_generate(struct GNUNET_CRYPTO_CsPrivateKey *priv)
Create a new random private key.
Definition: crypto_cs.c:45
GNUNET_CRYPTO_rsa_verify
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
Definition: crypto_rsa.c:1199
GNUNET_CRYPTO_rsa_private_key_encode
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:181
GNUNET_CRYPTO_cs_blinding_secrets_derive
void GNUNET_CRYPTO_cs_blinding_secrets_derive(const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
Derives new random blinding factors.
Definition: crypto_cs.c:108
GNUNET_OK
@ GNUNET_OK
Definition: gnunet_common.h:111
GNUNET_YES
@ GNUNET_YES
Definition: gnunet_common.h:113
GNUNET_NO
@ GNUNET_NO
Definition: gnunet_common.h:110
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition: gnunet_common.h:109
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition: gnunet_common.h:957
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition: gnunet_common.h:1042
GNUNET_log_setup
enum GNUNET_GenericReturnValue GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
Definition: common_logging.c:729
GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_ERROR
Definition: gnunet_common.h:414
GNUNET_ERROR_TYPE_INFO
@ GNUNET_ERROR_TYPE_INFO
Definition: gnunet_common.h:420
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition: gnunet_common.h:1352
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition: gnunet_common.h:1412
GNUNET_OS_project_data_gnunet
const struct GNUNET_OS_ProjectData * GNUNET_OS_project_data_gnunet(void)
Return default project data used by 'libgnunetutil' for GNUnet.
Definition: os_installation.c:82
GNUNET_PROGRAM_run
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(const struct GNUNET_OS_ProjectData *pd, int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
Definition: program.c:407
GNUNET_STRINGS_data_to_string_alloc
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:793
GNUNET_STRINGS_string_to_data
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:818
size
static unsigned int size
Size of the "table".
Definition: peer.c:68
GNUNET_CONFIGURATION_Handle
configuration data
Definition: configuration.c:149
GNUNET_CRYPTO_CSPublicRPairP
Pair of Public R values for Cs denominations.
Definition: gnunet_crypto_lib.h:3907
GNUNET_CRYPTO_CSPublicRPairP::r_pub
struct GNUNET_CRYPTO_CsRPublic r_pub[2]
Definition: gnunet_crypto_lib.h:3908
GNUNET_CRYPTO_CsBlindS
blinded s in the signature
Definition: gnunet_crypto_lib.h:674
GNUNET_CRYPTO_CsBlindSignature
The Sign Answer for Clause Blind Schnorr signature.
Definition: gnunet_crypto_lib.h:3941
GNUNET_CRYPTO_CsBlindSignature::s_scalar
struct GNUNET_CRYPTO_CsBlindS s_scalar
The blinded s scalar calculated from c_b.
Definition: gnunet_crypto_lib.h:3951
GNUNET_CRYPTO_CsBlindSignature::b
unsigned int b
To make ROS problem harder, the signer chooses an unpredictable b and only calculates signature of c_...
Definition: gnunet_crypto_lib.h:3946
GNUNET_CRYPTO_CsBlindedMessage
CS Parameters derived from the message during blinding to create blinded signature.
Definition: gnunet_crypto_lib.h:3889
GNUNET_CRYPTO_CsBlindedMessage::c
struct GNUNET_CRYPTO_CsC c[2]
The Clause Schnorr c_0 and c_1 containing the blinded message.
Definition: gnunet_crypto_lib.h:3893
GNUNET_CRYPTO_CsBlindingNonce
Nonce for computing blinding factors.
Definition: gnunet_crypto_lib.h:712
GNUNET_CRYPTO_CsBlindingNonce::bnonce
unsigned char bnonce[256/8]
Definition: gnunet_crypto_lib.h:714
GNUNET_CRYPTO_CsBlindingSecret
Secret used for blinding (alpha and beta).
Definition: gnunet_crypto_lib.h:628
GNUNET_CRYPTO_CsC
Schnorr c to be signed.
Definition: gnunet_crypto_lib.h:656
GNUNET_CRYPTO_CsPrivateKey
The private information of an Schnorr key pair.
Definition: gnunet_crypto_lib.h:610
GNUNET_CRYPTO_CsPublicKey
The public information of an Schnorr key pair.
Definition: gnunet_crypto_lib.h:619
GNUNET_CRYPTO_CsRPublic
the public R (derived from r) used in c
Definition: gnunet_crypto_lib.h:647
GNUNET_CRYPTO_CsRSecret
the private r used in the signature
Definition: gnunet_crypto_lib.h:638
GNUNET_CRYPTO_CsS
s in the signature
Definition: gnunet_crypto_lib.h:665
GNUNET_CRYPTO_CsSessionNonce
Nonce for the session, picked by client, shared with the signer.
Definition: gnunet_crypto_lib.h:701
GNUNET_CRYPTO_CsSessionNonce::snonce
unsigned char snonce[256/8]
Definition: gnunet_crypto_lib.h:703
GNUNET_CRYPTO_CsSignature
CS Signtature containing scalar s and point R.
Definition: gnunet_crypto_lib.h:683
GNUNET_CRYPTO_CsSignature::s_scalar
struct GNUNET_CRYPTO_CsS s_scalar
Schnorr signatures are composed of a scalar s and a curve point.
Definition: gnunet_crypto_lib.h:687
GNUNET_CRYPTO_CsSignature::r_point
struct GNUNET_CRYPTO_CsRPublic r_point
Curve point of the Schnorr signature.
Definition: gnunet_crypto_lib.h:692
GNUNET_CRYPTO_EccSignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition: gnunet_crypto_lib.h:141
GNUNET_CRYPTO_EcdhePrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:254
GNUNET_CRYPTO_EcdhePublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Definition: gnunet_crypto_lib.h:240
GNUNET_CRYPTO_EddsaPrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:278
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition: gnunet_crypto_lib.h:201
GNUNET_CRYPTO_EddsaSignature
an ECC signature using EdDSA.
Definition: gnunet_crypto_lib.h:164
GNUNET_CRYPTO_Edx25519PrivateKey
Private ECC key material encoded for transmission.
Definition: gnunet_crypto_lib.h:304
GNUNET_CRYPTO_Edx25519PublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition: gnunet_crypto_lib.h:326
GNUNET_CRYPTO_RsaBlindedMessage
RSA Parameters to create blinded signature.
Definition: gnunet_crypto_lib.h:3664
GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg_size
size_t blinded_msg_size
Size of the blinded_msg to be signed.
Definition: gnunet_crypto_lib.h:3674
GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg
void * blinded_msg
Blinded message to be signed Note: is malloc()'ed!
Definition: gnunet_crypto_lib.h:3669
GNUNET_CRYPTO_RsaBlindingKeySecret
Constant-size pre-secret for blinding key generation.
Definition: gnunet_crypto_lib.h:3465
GNUNET_CRYPTO_RsaPrivateKey
The private information of an RSA key pair.
Definition: crypto_rsa.c:41
GNUNET_CRYPTO_RsaPublicKey
The public information of an RSA key pair.
Definition: crypto_rsa.c:53
GNUNET_CRYPTO_RsaSignature
an RSA signature
Definition: crypto_rsa.c:65
GNUNET_GETOPT_CommandLineOption
Definition of a command line option.
Definition: gnunet_getopt_lib.h:110
GNUNET_HashCode
A 512-bit hashcode.
Definition: gnunet_common.h:284
TestSignatureDataPS
Sample signature struct.
Definition: gnunet-crypto-tvg.c:65
TestSignatureDataPS::purpose
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Definition: gnunet-crypto-tvg.c:66