GNUnet 0.21.1
gnunet-crypto-tvg.c
Go to the documentation of this file.
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2020 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
51#include "platform.h"
52#include "gnunet_util_lib.h"
53#include "gnunet_signatures.h"
54#include "gnunet_testing_lib.h"
55#include <jansson.h>
56#include <gcrypt.h>
57
58GNUNET_NETWORK_STRUCT_BEGIN
59
65struct TestSignatureDataPS
66{
67 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
68 uint32_t testval;
69};
70
71GNUNET_NETWORK_STRUCT_END
72
73
77static int verify_flag = GNUNET_NO;
78
79
83static int global_ret = 0;
84
85
93static json_t *
94vec_for (json_t *vecs, const char *vecname)
95{
96 json_t *t = json_object ();
97
98 json_object_set_new (t,
99 "operation",
100 json_string (vecname));
101 json_array_append_new (vecs, t);
102 return t;
103}
104
105
115static void
116d2j (json_t *vec,
117 const char *label,
118 const void *data,
119 size_t size)
120{
121 char *buf;
122 json_t *json;
123
124 buf = GNUNET_STRINGS_data_to_string_alloc (data, size);
125 json = json_string (buf);
126 GNUNET_free (buf);
127 GNUNET_break (NULL != json);
128
129 json_object_set_new (vec, label, json);
130}
131
132
141static void
142uint2j (json_t *vec,
143 const char *label,
144 unsigned int num)
145{
146 json_t *json = json_integer (num);
147
148 json_object_set_new (vec, label, json);
149}
150
151
152static int
153expect_data_fixed (json_t *vec,
154 const char *name,
155 void *data,
156 size_t expect_len)
157{
158 const char *s = json_string_value (json_object_get (vec, name));
159
160 if (NULL == s)
161 return GNUNET_NO;
162
163 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s,
164 strlen (s),
165 data,
166 expect_len))
167 return GNUNET_NO;
168 return GNUNET_OK;
169}
170
171
172static int
173expect_data_dynamic (json_t *vec,
174 const char *name,
175 void **data,
176 size_t *ret_len)
177{
178 const char *s = json_string_value (json_object_get (vec, name));
179 char *tmp;
180 size_t len;
181
182 if (NULL == s)
183 return GNUNET_NO;
184
185 len = (strlen (s) * 5) / 8;
186 if (NULL != ret_len)
187 *ret_len = len;
188 tmp = GNUNET_malloc (len);
189
190 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len))
191 {
192 GNUNET_free (tmp);
193 return GNUNET_NO;
194 }
195 *data = tmp;
196 return GNUNET_OK;
197}
198
199
208static int
209checkvec (const char *operation,
210 json_t *vec)
211{
212 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
213 "checking %s\n", operation);
214
215 if (0 == strcmp (operation, "hash"))
216 {
217 void *data;
218 size_t data_len;
219 struct GNUNET_HashCode hash_out;
220 struct GNUNET_HashCode hc;
221
222 if (GNUNET_OK != expect_data_dynamic (vec,
223 "input",
224 &data,
225 &data_len))
226 {
227 GNUNET_break (0);
228 return GNUNET_SYSERR;
229 }
230 if (GNUNET_OK != expect_data_fixed (vec,
231 "output",
232 &hash_out,
233 sizeof (hash_out)))
234 {
235 GNUNET_free (data);
236 GNUNET_break (0);
237 return GNUNET_NO;
238 }
239
240 GNUNET_CRYPTO_hash (data, data_len, &hc);
241
242 if (0 != GNUNET_memcmp (&hc, &hash_out))
243 {
244 GNUNET_free (data);
245 GNUNET_break (0);
246 return GNUNET_NO;
247 }
248 GNUNET_free (data);
249 }
250 else if (0 == strcmp (operation, "ecc_ecdh"))
251 {
252 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
253 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
254 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
255 struct GNUNET_HashCode skm;
256 struct GNUNET_HashCode skm_comp;
257
258 if (GNUNET_OK != expect_data_fixed (vec,
259 "priv1",
260 &priv1,
261 sizeof (priv1)))
262 {
263 GNUNET_break (0);
264 return GNUNET_NO;
265 }
266 if (GNUNET_OK != expect_data_fixed (vec,
267 "priv2",
268 &priv2,
269 sizeof (priv2)))
270 {
271 GNUNET_break (0);
272 return GNUNET_NO;
273 }
274 if (GNUNET_OK != expect_data_fixed (vec,
275 "pub1",
276 &pub1,
277 sizeof (pub1)))
278 {
279 GNUNET_break (0);
280 return GNUNET_NO;
281 }
282 if (GNUNET_OK != expect_data_fixed (vec,
283 "skm",
284 &skm,
285 sizeof (skm)))
286 {
287 GNUNET_break (0);
288 return GNUNET_NO;
289 }
290 GNUNET_assert (GNUNET_OK ==
291 GNUNET_CRYPTO_ecc_ecdh (&priv2,
292 &pub1,
293 &skm_comp));
294 if (0 != GNUNET_memcmp (&skm, &skm_comp))
295 {
296 GNUNET_break (0);
297 return GNUNET_NO;
298 }
299 }
300 else if (0 == strcmp (operation, "eddsa_key_derivation"))
301 {
302 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
303 struct GNUNET_CRYPTO_EddsaPublicKey pub;
304 struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
305
306 if (GNUNET_OK != expect_data_fixed (vec,
307 "priv",
308 &priv,
309 sizeof (priv)))
310 {
311 GNUNET_break (0);
312 return GNUNET_NO;
313 }
314
315 if (GNUNET_OK != expect_data_fixed (vec,
316 "pub",
317 &pub,
318 sizeof (pub)))
319 {
320 GNUNET_break (0);
321 return GNUNET_NO;
322 }
323
324 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
325 &pub_comp);
326 if (0 != GNUNET_memcmp (&pub, &pub_comp))
327 {
328 GNUNET_break (0);
329 return GNUNET_NO;
330 }
331
332 }
333 else if (0 == strcmp (operation, "eddsa_signing"))
334 {
335 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
336 struct GNUNET_CRYPTO_EddsaPublicKey pub;
337 struct TestSignatureDataPS data = { 0 };
338 struct GNUNET_CRYPTO_EddsaSignature sig;
339 struct GNUNET_CRYPTO_EddsaSignature sig_comp;
340
341 if (GNUNET_OK != expect_data_fixed (vec,
342 "priv",
343 &priv,
344 sizeof (priv)))
345 {
346 GNUNET_break (0);
347 return GNUNET_NO;
348 }
349
350 if (GNUNET_OK != expect_data_fixed (vec,
351 "pub",
352 &pub,
353 sizeof (pub)))
354 {
355 GNUNET_break (0);
356 return GNUNET_NO;
357 }
358
359 if (GNUNET_OK != expect_data_fixed (vec,
360 "data",
361 &data,
362 sizeof (data)))
363 {
364 GNUNET_break (0);
365 return GNUNET_NO;
366 }
367
368 if (GNUNET_OK != expect_data_fixed (vec,
369 "sig",
370 &sig,
371 sizeof (sig)))
372 {
373 GNUNET_break (0);
374 return GNUNET_NO;
375 }
376
377 GNUNET_CRYPTO_eddsa_sign (&priv,
378 &data,
379 &sig_comp);
380 GNUNET_assert (GNUNET_OK ==
381 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
382 &data,
383 &sig,
384 &pub));
385 if (0 != GNUNET_memcmp (&sig, &sig_comp))
386 {
387 GNUNET_break (0);
388 return GNUNET_NO;
389 }
390 }
391 else if (0 == strcmp (operation, "kdf"))
392 {
393 size_t out_len;
394 void *out;
395 size_t out_len_comp;
396 void *out_comp;
397 void *ikm;
398 size_t ikm_len;
399 void *salt;
400 size_t salt_len;
401 void *ctx;
402 size_t ctx_len;
403
404 if (GNUNET_OK != expect_data_dynamic (vec,
405 "out",
406 &out,
407 &out_len))
408 {
409 GNUNET_break (0);
410 return GNUNET_SYSERR;
411 }
412
413 out_len_comp = out_len;
414 out_comp = GNUNET_malloc (out_len_comp);
415
416 if (GNUNET_OK != expect_data_dynamic (vec,
417 "ikm",
418 &ikm,
419 &ikm_len))
420 {
421 GNUNET_free (out);
422 GNUNET_free (out_comp);
423 GNUNET_break (0);
424 return GNUNET_SYSERR;
425 }
426
427 if (GNUNET_OK != expect_data_dynamic (vec,
428 "salt",
429 &salt,
430 &salt_len))
431 {
432 GNUNET_free (out);
433 GNUNET_free (out_comp);
434 GNUNET_free (ikm);
435 GNUNET_break (0);
436 return GNUNET_SYSERR;
437 }
438
439 if (GNUNET_OK != expect_data_dynamic (vec,
440 "ctx",
441 &ctx,
442 &ctx_len))
443 {
444 GNUNET_free (out);
445 GNUNET_free (out_comp);
446 GNUNET_free (ikm);
447 GNUNET_free (salt);
448 GNUNET_break (0);
449 return GNUNET_SYSERR;
450 }
451
452 GNUNET_assert (GNUNET_OK ==
453 GNUNET_CRYPTO_kdf (out_comp,
454 out_len_comp,
455 salt,
456 salt_len,
457 ikm,
458 ikm_len,
459 ctx,
460 ctx_len,
461 NULL));
462
463 if (0 != memcmp (out, out_comp, out_len))
464 {
465 GNUNET_free (out);
466 GNUNET_free (out_comp);
467 GNUNET_free (ikm);
468 GNUNET_free (salt);
469 GNUNET_free (ctx);
470 GNUNET_break (0);
471 return GNUNET_NO;
472 }
473 GNUNET_free (out);
474 GNUNET_free (out_comp);
475 GNUNET_free (ikm);
476 GNUNET_free (salt);
477 GNUNET_free (ctx);
478 }
479 else if (0 == strcmp (operation, "eddsa_ecdh"))
480 {
481 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
482 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
483 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
484 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
485 struct GNUNET_HashCode key_material;
486 struct GNUNET_HashCode key_material_comp;
487
488 if (GNUNET_OK != expect_data_fixed (vec,
489 "priv_ecdhe",
490 &priv_ecdhe,
491 sizeof (priv_ecdhe)))
492 {
493 GNUNET_break (0);
494 return GNUNET_NO;
495 }
496
497 if (GNUNET_OK != expect_data_fixed (vec,
498 "pub_ecdhe",
499 &pub_ecdhe,
500 sizeof (pub_ecdhe)))
501 {
502 GNUNET_break (0);
503 return GNUNET_NO;
504 }
505
506 if (GNUNET_OK != expect_data_fixed (vec,
507 "priv_eddsa",
508 &priv_eddsa,
509 sizeof (priv_eddsa)))
510 {
511 GNUNET_break (0);
512 return GNUNET_NO;
513 }
514
515 if (GNUNET_OK != expect_data_fixed (vec,
516 "pub_eddsa",
517 &pub_eddsa,
518 sizeof (pub_eddsa)))
519 {
520 GNUNET_break (0);
521 return GNUNET_NO;
522 }
523
524 if (GNUNET_OK != expect_data_fixed (vec,
525 "key_material",
526 &key_material,
527 sizeof (key_material)))
528 {
529 GNUNET_break (0);
530 return GNUNET_NO;
531 }
532
533 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe,
534 &pub_eddsa,
535 &key_material_comp);
536
537 if (0 != GNUNET_memcmp (&key_material,
538 &key_material_comp))
539 {
540 GNUNET_break (0);
541 return GNUNET_NO;
542 }
543 }
544 else if (0 == strcmp (operation, "rsa_blind_signing"))
545 {
546 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
547 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
548 struct GNUNET_HashCode message_hash;
549 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
550 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
551 struct GNUNET_CRYPTO_RsaSignature *sig;
552 struct GNUNET_CRYPTO_RsaBlindedMessage bm;
553 struct GNUNET_CRYPTO_RsaBlindedMessage bm_comp;
554 void *public_enc_data;
555 size_t public_enc_len;
556 void *secret_enc_data;
557 size_t secret_enc_len;
558 void *sig_enc_data;
559 size_t sig_enc_length;
560 void *sig_enc_data_comp;
561 size_t sig_enc_length_comp;
562
563 if (GNUNET_OK !=
564 expect_data_fixed (vec,
565 "message_hash",
566 &message_hash,
567 sizeof (message_hash)))
568 {
569 GNUNET_break (0);
570 return GNUNET_SYSERR;
571 }
572
573 if (GNUNET_OK !=
574 expect_data_fixed (vec,
575 "blinding_key_secret",
576 &bks,
577 sizeof (bks)))
578 {
579 GNUNET_break (0);
580 return GNUNET_SYSERR;
581 }
582
583 if (GNUNET_OK !=
584 expect_data_dynamic (vec,
585 "blinded_message",
586 &bm.blinded_msg,
587 &bm.blinded_msg_size))
588 {
589 GNUNET_break (0);
590 return GNUNET_SYSERR;
591 }
592 if (GNUNET_OK !=
593 expect_data_dynamic (vec,
594 "rsa_public_key",
595 &public_enc_data,
596 &public_enc_len))
597 {
598 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
599 GNUNET_break (0);
600 return GNUNET_SYSERR;
601 }
602 if (GNUNET_OK !=
603 expect_data_dynamic (vec,
604 "rsa_private_key",
605 &secret_enc_data,
606 &secret_enc_len))
607 {
608 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
609 GNUNET_free (public_enc_data);
610 GNUNET_break (0);
611 return GNUNET_SYSERR;
612 }
613 if (GNUNET_OK !=
614 expect_data_dynamic (vec,
615 "sig",
616 &sig_enc_data,
617 &sig_enc_length))
618 {
619 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
620 GNUNET_free (public_enc_data);
621 GNUNET_free (secret_enc_data);
622 GNUNET_break (0);
623 return GNUNET_SYSERR;
624 }
625
626 pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
627 public_enc_len);
628 GNUNET_assert (NULL != pkey);
629 skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
630 secret_enc_len);
631 GNUNET_assert (NULL != skey);
632
633 GNUNET_assert (GNUNET_YES ==
634 GNUNET_CRYPTO_rsa_blind (&message_hash,
635 sizeof (message_hash),
636 &bks,
637 pkey,
638 &bm_comp));
639 if ( (bm.blinded_msg_size !=
640 bm_comp.blinded_msg_size) ||
641 (0 != memcmp (bm.blinded_msg,
642 bm_comp.blinded_msg,
643 bm.blinded_msg_size)) )
644 {
645 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
646 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
647 GNUNET_free (public_enc_data);
648 GNUNET_free (secret_enc_data);
649 GNUNET_free (sig_enc_data);
650 GNUNET_CRYPTO_rsa_private_key_free (skey);
651 GNUNET_CRYPTO_rsa_public_key_free (pkey);
652 GNUNET_break (0);
653 return GNUNET_NO;
654 }
655 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
656 &bm);
657 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
658 &bks,
659 pkey);
660 GNUNET_assert (GNUNET_YES ==
661 GNUNET_CRYPTO_rsa_verify (&message_hash,
662 sizeof (message_hash),
663 sig,
664 pkey));
665 GNUNET_free (public_enc_data);
666 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
667 &public_enc_data);
668 sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
669 &sig_enc_data_comp);
670
671 if ( (sig_enc_length != sig_enc_length_comp) ||
672 (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
673 {
674 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
675 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
676 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
677 GNUNET_free (public_enc_data);
678 GNUNET_free (secret_enc_data);
679 GNUNET_free (sig_enc_data);
680 GNUNET_free (sig_enc_data_comp);
681 GNUNET_CRYPTO_rsa_private_key_free (skey);
682 GNUNET_CRYPTO_rsa_signature_free (sig);
683 GNUNET_CRYPTO_rsa_public_key_free (pkey);
684 GNUNET_break (0);
685 return GNUNET_NO;
686 }
687 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
688 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
689 GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp);
690 GNUNET_free (public_enc_data);
691 GNUNET_free (secret_enc_data);
692 GNUNET_free (sig_enc_data);
693 GNUNET_free (sig_enc_data_comp);
694 GNUNET_CRYPTO_rsa_signature_free (sig);
695 GNUNET_CRYPTO_rsa_public_key_free (pkey);
696 GNUNET_CRYPTO_rsa_private_key_free (skey);
697 }
698 else if (0 == strcmp (operation, "cs_blind_signing"))
699 {
700 struct GNUNET_CRYPTO_CsPrivateKey priv;
701 struct GNUNET_CRYPTO_CsPublicKey pub;
702 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
703 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
704 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
705 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
706 struct GNUNET_CRYPTO_CsC c[2];
707 struct GNUNET_CRYPTO_CsS signature_scalar;
708 struct GNUNET_CRYPTO_CsBlindS blinded_s;
709 struct GNUNET_CRYPTO_CsSignature sig;
710 struct GNUNET_CRYPTO_CsSessionNonce snonce;
711 struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
712 struct GNUNET_HashCode message_hash;
713 unsigned int b;
714
715 if (GNUNET_OK != expect_data_fixed (vec,
716 "message_hash",
717 &message_hash,
718 sizeof (message_hash)))
719 {
720 GNUNET_break (0);
721 return GNUNET_SYSERR;
722 }
723 if (GNUNET_OK != expect_data_fixed (vec,
724 "cs_public_key",
725 &pub,
726 sizeof (pub)))
727 {
728 GNUNET_break (0);
729 return GNUNET_SYSERR;
730 }
731
732 if (GNUNET_OK !=
733 expect_data_fixed (vec,
734 "cs_private_key",
735 &priv,
736 sizeof (priv)))
737 {
738 GNUNET_break (0);
739 return GNUNET_SYSERR;
740 }
741 if (GNUNET_OK !=
742 expect_data_fixed (vec,
743 "cs_nonce",
744 &snonce,
745 sizeof (snonce)))
746 {
747 GNUNET_break (0);
748 return GNUNET_SYSERR;
749 }
750 /* historically, the tvg used the same nonce for
751 both, which is HORRIBLE for production, but
752 maybe OK for TVG... */
753 memcpy (&bnonce,
754 &snonce,
755 sizeof (snonce));
756 if (GNUNET_OK !=
757 expect_data_fixed (vec,
758 "cs_r_priv_0",
759 &r_priv[0],
760 sizeof (r_priv[0])))
761 {
762 GNUNET_break (0);
763 return GNUNET_SYSERR;
764 }
765 if (GNUNET_OK != expect_data_fixed (vec,
766 "cs_r_priv_1",
767 &r_priv[1],
768 sizeof (r_priv[1])))
769 {
770 GNUNET_break (0);
771 return GNUNET_SYSERR;
772 }
773 if (GNUNET_OK != expect_data_fixed (vec,
774 "cs_r_pub_0",
775 &r_pub[0],
776 sizeof (r_pub[0])))
777 {
778 GNUNET_break (0);
779 return GNUNET_SYSERR;
780 }
781 if (GNUNET_OK != expect_data_fixed (vec,
782 "cs_r_pub_1",
783 &r_pub[1],
784 sizeof (r_pub[1])))
785 {
786 GNUNET_break (0);
787 return GNUNET_SYSERR;
788 }
789
790 if (GNUNET_OK != expect_data_fixed (vec,
791 "cs_bs_alpha_0",
792 &bs[0].alpha,
793 sizeof (bs[0].alpha)))
794 {
795 GNUNET_break (0);
796 return GNUNET_SYSERR;
797 }
798 if (GNUNET_OK != expect_data_fixed (vec,
799 "cs_bs_alpha_1",
800 &bs[1].alpha,
801 sizeof (bs[1].alpha)))
802 {
803 GNUNET_break (0);
804 return GNUNET_SYSERR;
805 }
806 if (GNUNET_OK != expect_data_fixed (vec,
807 "cs_bs_beta_0",
808 &bs[0].beta,
809 sizeof (bs[0].beta)))
810 {
811 GNUNET_break (0);
812 return GNUNET_SYSERR;
813 }
814 if (GNUNET_OK !=
815 expect_data_fixed (vec,
816 "cs_bs_beta_1",
817 &bs[1].beta,
818 sizeof (bs[1].beta)))
819 {
820 GNUNET_break (0);
821 return GNUNET_SYSERR;
822 }
823 if (GNUNET_OK !=
824 expect_data_fixed (vec,
825 "cs_r_pub_blind_0",
826 &r_pub_blind.r_pub[0],
827 sizeof (r_pub_blind.r_pub[0])))
828 {
829 GNUNET_break (0);
830 return GNUNET_SYSERR;
831 }
832 if (GNUNET_OK !=
833 expect_data_fixed (vec,
834 "cs_r_pub_blind_1",
835 &r_pub_blind.r_pub[1],
836 sizeof (r_pub_blind.r_pub[1])))
837 {
838 GNUNET_break (0);
839 return GNUNET_SYSERR;
840 }
841 if (GNUNET_OK !=
842 expect_data_fixed (vec,
843 "cs_c_0",
844 &c[0],
845 sizeof (c[0])))
846 {
847 GNUNET_break (0);
848 return GNUNET_SYSERR;
849 }
850 if (GNUNET_OK != expect_data_fixed (vec,
851 "cs_c_1",
852 &c[1],
853 sizeof (c[1])))
854 {
855 GNUNET_break (0);
856 return GNUNET_SYSERR;
857 }
858 if (GNUNET_OK != expect_data_fixed (vec,
859 "cs_blind_s",
860 &blinded_s,
861 sizeof (blinded_s)))
862 {
863 GNUNET_break (0);
864 return GNUNET_SYSERR;
865 }
866 if (GNUNET_OK != expect_data_fixed (vec,
867 "cs_b",
868 &b,
869 sizeof (b)))
870 {
871 GNUNET_break (0);
872 return GNUNET_SYSERR;
873 }
874 if (GNUNET_OK != expect_data_fixed (vec,
875 "cs_sig_s",
876 &signature_scalar,
877 sizeof (signature_scalar)))
878 {
879 GNUNET_break (0);
880 return GNUNET_SYSERR;
881 }
882 sig.s_scalar = signature_scalar;
883 if (GNUNET_OK != expect_data_fixed (vec,
884 "cs_sig_R",
885 &sig.r_point,
886 sizeof (sig.r_point)))
887 {
888 GNUNET_break (0);
889 return GNUNET_SYSERR;
890 }
891
892 if ((b != 1) && (b != 0))
893 {
894 GNUNET_break (0);
895 return GNUNET_SYSERR;
896 }
897
898 struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2];
899 struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2];
900 struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2];
901 struct GNUNET_CRYPTO_CsC c_comp[2];
902 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind_comp;
903 struct GNUNET_CRYPTO_CsBlindSignature blinded_s_comp;
904 struct GNUNET_CRYPTO_CsS signature_scalar_comp;
905 struct GNUNET_CRYPTO_CsSignature sig_comp;
906
907 GNUNET_CRYPTO_cs_r_derive (&snonce,
908 "rw",
909 &priv,
910 r_priv_comp);
911 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0],
912 &r_pub_comp[0]);
913 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1],
914 &r_pub_comp[1]);
915 GNUNET_assert (0 == memcmp (&r_priv_comp,
916 &r_priv,
917 sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2));
918 GNUNET_assert (0 == memcmp (&r_pub_comp,
919 &r_pub,
920 sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
921
922 GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce,
923 bs_comp);
924 GNUNET_assert (0 ==
925 memcmp (&bs_comp,
926 &bs,
927 sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
928 * 2));
929 GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp,
930 r_pub_comp,
931 &pub,
932 &message_hash,
933 sizeof(message_hash),
934 c_comp,
935 &r_pub_blind_comp);
936 GNUNET_assert (0 ==
937 memcmp (&c_comp,
938 &c,
939 sizeof(struct GNUNET_CRYPTO_CsC) * 2));
940 GNUNET_assert (0 ==
941 GNUNET_memcmp (&r_pub_blind_comp,
942 &r_pub_blind));
943 {
944 struct GNUNET_CRYPTO_CsBlindedMessage bm = {
945 .c[0] = c_comp[0],
946 .c[1] = c_comp[1],
947 .nonce = snonce
948 };
949
950 GNUNET_CRYPTO_cs_sign_derive (&priv,
951 r_priv_comp,
952 &bm,
953 &blinded_s_comp);
954 }
955 GNUNET_assert (0 ==
956 GNUNET_memcmp (&blinded_s_comp.s_scalar,
957 &blinded_s));
958 GNUNET_assert (b == blinded_s_comp.b);
959 GNUNET_CRYPTO_cs_unblind (&blinded_s_comp.s_scalar,
960 &bs_comp[b],
961 &signature_scalar_comp);
962 GNUNET_assert (0 ==
963 GNUNET_memcmp (&signature_scalar_comp,
964 &signature_scalar));
965 sig_comp.r_point = r_pub_blind_comp.r_pub[b];
966 sig_comp.s_scalar = signature_scalar_comp;
967 GNUNET_assert (0 == memcmp (&sig_comp,
968 &sig,
969 sizeof(sig_comp)));
970 if (GNUNET_OK !=
971 GNUNET_CRYPTO_cs_verify (&sig_comp,
972 &pub,
973 &message_hash,
974 sizeof(message_hash)))
975 {
976 GNUNET_break (0);
977 return GNUNET_SYSERR;
978 }
979 }
980 else
981 {
982 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
983 "unsupported operation '%s'\n", operation);
984 }
985
986 return GNUNET_OK;
987}
988
989
995static int
996check_vectors ()
997{
998 json_error_t err;
999 json_t *vecfile = json_loadf (stdin, 0, &err);
1000 const char *encoding;
1001 json_t *vectors;
1002
1003 if (NULL == vecfile)
1004 {
1005 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
1006 return 1;
1007 }
1008 encoding = json_string_value (json_object_get (vecfile,
1009 "encoding"));
1010 if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
1011 {
1012 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
1013 json_decref (vecfile);
1014 return 1;
1015 }
1016 vectors = json_object_get (vecfile, "vectors");
1017 if (! json_is_array (vectors))
1018 {
1019 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
1020 json_decref (vecfile);
1021 return 1;
1022 }
1023 {
1024 /* array is a JSON array */
1025 size_t index;
1026 json_t *value;
1027 enum GNUNET_GenericReturnValue ret = GNUNET_OK;
1028
1029 json_array_foreach (vectors, index, value) {
1030 const char *op = json_string_value (json_object_get (value,
1031 "operation"));
1032
1033 if (NULL == op)
1034 {
1035 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1036 "missing operation\n");
1037 ret = GNUNET_SYSERR;
1038 break;
1039 }
1040 ret = checkvec (op, value);
1041 if (GNUNET_OK != ret)
1042 {
1043 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1044 "bad vector %u\n",
1045 (unsigned int) index);
1046 break;
1047 }
1048 }
1049 json_decref (vecfile);
1050 return (ret == GNUNET_OK) ? 0 : 1;
1051 }
1052}
1053
1054
1060static int
1061output_vectors ()
1062{
1063 json_t *vecfile = json_object ();
1064 json_t *vecs = json_array ();
1065
1066 json_object_set_new (vecfile,
1067 "encoding",
1068 json_string ("base32crockford"));
1069 json_object_set_new (vecfile,
1070 "producer",
1071 json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
1072 json_object_set_new (vecfile,
1073 "vectors",
1074 vecs);
1075
1076 {
1077 json_t *vec = vec_for (vecs, "hash");
1078 struct GNUNET_HashCode hc;
1079 char *str = "Hello, GNUnet";
1080
1081 GNUNET_CRYPTO_hash (str, strlen (str), &hc);
1082
1083 d2j (vec, "input", str, strlen (str));
1084 d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
1085 }
1086 {
1087 json_t *vec = vec_for (vecs, "ecc_ecdh");
1088 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
1089 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
1090 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
1091 struct GNUNET_HashCode skm;
1092
1093 GNUNET_CRYPTO_ecdhe_key_create (&priv1);
1094 GNUNET_CRYPTO_ecdhe_key_create (&priv2);
1095 GNUNET_CRYPTO_ecdhe_key_get_public (&priv1,
1096 &pub1);
1097 GNUNET_assert (GNUNET_OK ==
1098 GNUNET_CRYPTO_ecc_ecdh (&priv2,
1099 &pub1,
1100 &skm));
1101
1102 d2j (vec,
1103 "priv1",
1104 &priv1,
1105 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1106 d2j (vec,
1107 "pub1",
1108 &pub1,
1109 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1110 d2j (vec,
1111 "priv2",
1112 &priv2,
1113 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1114 d2j (vec,
1115 "skm",
1116 &skm,
1117 sizeof (struct GNUNET_HashCode));
1118 }
1119
1120 {
1121 json_t *vec = vec_for (vecs, "eddsa_key_derivation");
1122 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1123 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1124
1125 GNUNET_CRYPTO_eddsa_key_create (&priv);
1126 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1127 &pub);
1128
1129 d2j (vec,
1130 "priv",
1131 &priv,
1132 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1133 d2j (vec,
1134 "pub",
1135 &pub,
1136 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1137 }
1138 {
1139 json_t *vec = vec_for (vecs, "eddsa_signing");
1140 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1141 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1142 struct GNUNET_CRYPTO_EddsaSignature sig;
1143 struct TestSignatureDataPS data = { 0 };
1144
1145 GNUNET_CRYPTO_eddsa_key_create (&priv);
1146 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1147 &pub);
1148 data.purpose.size = htonl (sizeof (data));
1149 data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
1150 GNUNET_CRYPTO_eddsa_sign (&priv,
1151 &data,
1152 &sig);
1153 GNUNET_assert (GNUNET_OK ==
1154 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
1155 &data,
1156 &sig,
1157 &pub));
1158
1159 d2j (vec,
1160 "priv",
1161 &priv,
1162 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1163 d2j (vec,
1164 "pub",
1165 &pub,
1166 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1167 d2j (vec,
1168 "data",
1169 &data,
1170 sizeof (struct TestSignatureDataPS));
1171 d2j (vec,
1172 "sig",
1173 &sig,
1174 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
1175 }
1176
1177 {
1178 json_t *vec = vec_for (vecs, "kdf");
1179 size_t out_len = 64;
1180 char out[out_len];
1181 char *ikm = "I'm the secret input key material";
1182 char *salt = "I'm very salty";
1183 char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
1184
1185 GNUNET_assert (GNUNET_OK ==
1186 GNUNET_CRYPTO_kdf (&out,
1187 out_len,
1188 salt,
1189 strlen (salt),
1190 ikm,
1191 strlen (ikm),
1192 ctx,
1193 strlen (ctx),
1194 NULL));
1195
1196 d2j (vec,
1197 "salt",
1198 salt,
1199 strlen (salt));
1200 d2j (vec,
1201 "ikm",
1202 ikm,
1203 strlen (ikm));
1204 d2j (vec,
1205 "ctx",
1206 ctx,
1207 strlen (ctx));
1208 uint2j (vec,
1209 "out_len",
1210 (unsigned int) out_len);
1211 d2j (vec,
1212 "out",
1213 out,
1214 out_len);
1215 }
1216 {
1217 json_t *vec = vec_for (vecs, "eddsa_ecdh");
1218 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
1219 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
1220 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
1221 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
1222 struct GNUNET_HashCode key_material;
1223
1224 GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
1225 GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
1226 GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
1227 GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
1228 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
1229
1230 d2j (vec, "priv_ecdhe",
1231 &priv_ecdhe,
1232 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1233 d2j (vec, "pub_ecdhe",
1234 &pub_ecdhe,
1235 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1236 d2j (vec, "priv_eddsa",
1237 &priv_eddsa,
1238 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1239 d2j (vec, "pub_eddsa",
1240 &pub_eddsa,
1241 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1242 d2j (vec, "key_material",
1243 &key_material,
1244 sizeof (struct GNUNET_HashCode));
1245 }
1246
1247 {
1248 json_t *vec = vec_for (vecs, "edx25519_derive");
1249 struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx;
1250 struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx;
1251 struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx;
1252 struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx;
1253 struct GNUNET_HashCode seed;
1254
1255 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1256 &seed,
1257 sizeof (struct GNUNET_HashCode));
1258 GNUNET_CRYPTO_edx25519_key_create (&priv1_edx);
1259 GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx);
1260 GNUNET_CRYPTO_edx25519_private_key_derive (&priv1_edx,
1261 &seed,
1262 sizeof (seed),
1263 &priv2_edx);
1264 GNUNET_CRYPTO_edx25519_public_key_derive (&pub1_edx,
1265 &seed,
1266 sizeof (seed),
1267 &pub2_edx);
1268
1269 d2j (vec, "priv1_edx",
1270 &priv1_edx,
1271 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1272 d2j (vec, "pub1_edx",
1273 &pub1_edx,
1274 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1275 d2j (vec, "seed",
1276 &seed,
1277 sizeof (struct GNUNET_HashCode));
1278 d2j (vec, "priv2_edx",
1279 &priv2_edx,
1280 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1281 d2j (vec, "pub2_edx",
1282 &pub2_edx,
1283 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1284 }
1285
1286 {
1287 json_t *vec = vec_for (vecs, "rsa_blind_signing");
1288
1289 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
1290 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
1291 struct GNUNET_HashCode message_hash;
1292 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
1293 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
1294 struct GNUNET_CRYPTO_RsaSignature *sig;
1295 struct GNUNET_CRYPTO_RsaBlindedMessage bm;
1296 void *public_enc_data;
1297 size_t public_enc_len;
1298 void *secret_enc_data;
1299 size_t secret_enc_len;
1300 void *blinded_sig_enc_data;
1301 size_t blinded_sig_enc_length;
1302 void *sig_enc_data;
1303 size_t sig_enc_length;
1304
1305 skey = GNUNET_CRYPTO_rsa_private_key_create (2048);
1306 pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey);
1307 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1308 &message_hash,
1309 sizeof (struct GNUNET_HashCode));
1310 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1311 &bks,
1312 sizeof (struct
1313 GNUNET_CRYPTO_RsaBlindingKeySecret));
1314 GNUNET_assert (GNUNET_YES ==
1315 GNUNET_CRYPTO_rsa_blind (&message_hash,
1316 sizeof (message_hash),
1317 &bks,
1318 pkey,
1319 &bm));
1320 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey,
1321 &bm);
1322 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig,
1323 &bks,
1324 pkey);
1325 GNUNET_assert (GNUNET_YES ==
1326 GNUNET_CRYPTO_rsa_verify (&message_hash,
1327 sizeof (message_hash),
1328 sig,
1329 pkey));
1330 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
1331 &public_enc_data);
1332 secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
1333 &secret_enc_data);
1334 blinded_sig_enc_length
1335 = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
1336 &blinded_sig_enc_data);
1337 sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig,
1338 &sig_enc_data);
1339 d2j (vec,
1340 "message_hash",
1341 &message_hash,
1342 sizeof (struct GNUNET_HashCode));
1343 d2j (vec,
1344 "rsa_public_key",
1345 public_enc_data,
1346 public_enc_len);
1347 d2j (vec,
1348 "rsa_private_key",
1349 secret_enc_data,
1350 secret_enc_len);
1351 d2j (vec,
1352 "blinding_key_secret",
1353 &bks,
1354 sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
1355 d2j (vec,
1356 "blinded_message",
1357 bm.blinded_msg,
1358 bm.blinded_msg_size);
1359 d2j (vec,
1360 "blinded_sig",
1361 blinded_sig_enc_data,
1362 blinded_sig_enc_length);
1363 d2j (vec,
1364 "sig",
1365 sig_enc_data,
1366 sig_enc_length);
1367 GNUNET_CRYPTO_rsa_private_key_free (skey);
1368 GNUNET_CRYPTO_rsa_public_key_free (pkey);
1369 GNUNET_CRYPTO_rsa_signature_free (sig);
1370 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
1371 GNUNET_free (public_enc_data);
1372 GNUNET_CRYPTO_rsa_blinded_message_free (&bm);
1373 GNUNET_free (sig_enc_data);
1374 GNUNET_free (blinded_sig_enc_data);
1375 GNUNET_free (secret_enc_data);
1376 }
1377
1378 {
1379 json_t *vec = vec_for (vecs, "cs_blind_signing");
1380
1381 struct GNUNET_CRYPTO_CsPrivateKey priv;
1382 struct GNUNET_CRYPTO_CsPublicKey pub;
1383 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
1384 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
1385 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
1386 struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind;
1387 struct GNUNET_CRYPTO_CsC c[2];
1388 struct GNUNET_CRYPTO_CsS signature_scalar;
1389 struct GNUNET_CRYPTO_CsBlindSignature blinded_s;
1390 struct GNUNET_CRYPTO_CsSignature sig;
1391 struct GNUNET_CRYPTO_CsSessionNonce snonce;
1392 struct GNUNET_CRYPTO_CsBlindingNonce bnonce;
1393 struct GNUNET_HashCode message_hash;
1394
1395 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1396 &message_hash,
1397 sizeof (struct GNUNET_HashCode));
1398
1399 GNUNET_CRYPTO_cs_private_key_generate (&priv);
1400 GNUNET_CRYPTO_cs_private_key_get_public (&priv,
1401 &pub);
1402 GNUNET_assert (GNUNET_YES ==
1403 GNUNET_CRYPTO_hkdf (&snonce,
1404 sizeof(snonce),
1405 GCRY_MD_SHA512,
1406 GCRY_MD_SHA256,
1407 "nonce",
1408 strlen ("nonce"),
1409 "nonce_secret",
1410 strlen ("nonce_secret"),
1411 NULL,
1412 0));
1413 /* NOTE: historically, we made the bad choice of
1414 making both nonces the same. Maybe barely OK
1415 for the TGV, not good for production! */
1416 memcpy (&bnonce,
1417 &snonce,
1418 sizeof (snonce));
1419 GNUNET_CRYPTO_cs_r_derive (&snonce,
1420 "rw",
1421 &priv,
1422 r_priv);
1423 GNUNET_CRYPTO_cs_r_get_public (&r_priv[0],
1424 &r_pub[0]);
1425 GNUNET_CRYPTO_cs_r_get_public (&r_priv[1],
1426 &r_pub[1]);
1427 GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce,
1428 bs);
1429 GNUNET_CRYPTO_cs_calc_blinded_c (bs,
1430 r_pub,
1431 &pub,
1432 &message_hash,
1433 sizeof(message_hash),
1434 c,
1435 &r_pub_blind);
1436 {
1437 struct GNUNET_CRYPTO_CsBlindedMessage bm = {
1438 .c[0] = c[0],
1439 .c[1] = c[1],
1440 .nonce = snonce
1441 };
1442
1443 GNUNET_CRYPTO_cs_sign_derive (&priv,
1444 r_priv,
1445 &bm,
1446 &blinded_s);
1447 }
1448 GNUNET_CRYPTO_cs_unblind (&blinded_s.s_scalar,
1449 &bs[blinded_s.b],
1450 &signature_scalar);
1451 sig.r_point = r_pub_blind.r_pub[blinded_s.b];
1452 sig.s_scalar = signature_scalar;
1453 if (GNUNET_OK !=
1454 GNUNET_CRYPTO_cs_verify (&sig,
1455 &pub,
1456 &message_hash,
1457 sizeof(message_hash)))
1458 {
1459 GNUNET_break (0);
1460 return GNUNET_SYSERR;
1461 }
1462 d2j (vec,
1463 "message_hash",
1464 &message_hash,
1465 sizeof (struct GNUNET_HashCode));
1466 d2j (vec,
1467 "cs_public_key",
1468 &pub,
1469 sizeof(pub));
1470 d2j (vec,
1471 "cs_private_key",
1472 &priv,
1473 sizeof(priv));
1474 d2j (vec,
1475 "cs_nonce",
1476 &snonce,
1477 sizeof(snonce));
1478 d2j (vec,
1479 "cs_r_priv_0",
1480 &r_priv[0],
1481 sizeof(r_priv[0]));
1482 d2j (vec,
1483 "cs_r_priv_1",
1484 &r_priv[1],
1485 sizeof(r_priv[1]));
1486 d2j (vec,
1487 "cs_r_pub_0",
1488 &r_pub[0],
1489 sizeof(r_pub[0]));
1490 d2j (vec,
1491 "cs_r_pub_1",
1492 &r_pub[1],
1493 sizeof(r_pub[1]));
1494 d2j (vec,
1495 "cs_bs_alpha_0",
1496 &bs[0].alpha,
1497 sizeof(bs[0].alpha));
1498 d2j (vec,
1499 "cs_bs_alpha_1",
1500 &bs[1].alpha,
1501 sizeof(bs[1].alpha));
1502 d2j (vec,
1503 "cs_bs_beta_0",
1504 &bs[0].beta,
1505 sizeof(bs[0].beta));
1506 d2j (vec,
1507 "cs_bs_beta_1",
1508 &bs[1].beta,
1509 sizeof(bs[1].beta));
1510 d2j (vec,
1511 "cs_r_pub_blind_0",
1512 &r_pub_blind.r_pub[0],
1513 sizeof(r_pub_blind.r_pub[0]));
1514 d2j (vec,
1515 "cs_r_pub_blind_1",
1516 &r_pub_blind.r_pub[1],
1517 sizeof(r_pub_blind.r_pub[1]));
1518 d2j (vec,
1519 "cs_c_0",
1520 &c[0],
1521 sizeof(c[0]));
1522 d2j (vec,
1523 "cs_c_1",
1524 &c[1],
1525 sizeof(c[1]));
1526 d2j (vec,
1527 "cs_blind_s",
1528 &blinded_s,
1529 sizeof(blinded_s));
1530 d2j (vec,
1531 "cs_b",
1532 &blinded_s.b,
1533 sizeof(blinded_s.b));
1534 d2j (vec,
1535 "cs_sig_s",
1536 &signature_scalar,
1537 sizeof(signature_scalar));
1538 d2j (vec,
1539 "cs_sig_R",
1540 &r_pub_blind.r_pub[blinded_s.b],
1541 sizeof(r_pub_blind.r_pub[blinded_s.b]));
1542 }
1543
1544 json_dumpf (vecfile, stdout, JSON_INDENT (2));
1545 json_decref (vecfile);
1546 printf ("\n");
1547
1548 return 0;
1549}
1550
1551
1560static void
1561run (void *cls,
1562 char *const *args,
1563 const char *cfgfile,
1564 const struct GNUNET_CONFIGURATION_Handle *cfg)
1565{
1566 if (GNUNET_YES == verify_flag)
1567 global_ret = check_vectors ();
1568 else
1569 global_ret = output_vectors ();
1570}
1571
1572
1580int
1581main (int argc,
1582 char *const *argv)
1583{
1584 const struct GNUNET_GETOPT_CommandLineOption options[] = {
1585 GNUNET_GETOPT_option_flag ('V',
1586 "verify",
1587 gettext_noop (
1588 "verify a test vector from stdin"),
1589 &verify_flag),
1590 GNUNET_GETOPT_OPTION_END
1591 };
1592
1593 GNUNET_assert (GNUNET_OK ==
1594 GNUNET_log_setup ("gnunet-crypto-tvg",
1595 "INFO",
1596 NULL));
1597 if (GNUNET_OK !=
1598 GNUNET_PROGRAM_run (argc, argv,
1599 "gnunet-crypto-tvg",
1600 "Generate test vectors for cryptographic operations",
1601 options,
1602 &run, NULL))
1603 return 1;
1604 return global_ret;
1605}
1606
1607
1608/* end of gnunet-crypto-tvg.c */
GNUNET_GETOPT_OPTION_END
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
options
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
gettext_noop
#define gettext_noop(String)
Definition: gettext.h:70
op
static struct GNUNET_ARM_Operation * op
Current operation.
Definition: gnunet-arm.c:144
ret
static int ret
Final status code.
Definition: gnunet-arm.c:94
cfg
static struct GNUNET_CONFIGURATION_Handle * cfg
Our configuration.
Definition: gnunet-arm.c:109
expect_data_fixed
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
Definition: gnunet-crypto-tvg.c:153
verify_flag
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
Definition: gnunet-crypto-tvg.c:77
vec_for
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
Definition: gnunet-crypto-tvg.c:94
uint2j
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
Definition: gnunet-crypto-tvg.c:142
global_ret
static int global_ret
Global exit code.
Definition: gnunet-crypto-tvg.c:83
expect_data_dynamic
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
Definition: gnunet-crypto-tvg.c:173
d2j
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
Definition: gnunet-crypto-tvg.c:116
check_vectors
static int check_vectors()
Check test vectors from stdin.
Definition: gnunet-crypto-tvg.c:996
run
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
Definition: gnunet-crypto-tvg.c:1561
main
int main(int argc, char *const *argv)
The main function of the test vector generation tool.
Definition: gnunet-crypto-tvg.c:1581
output_vectors
static int output_vectors()
Output test vectors.
Definition: gnunet-crypto-tvg.c:1061
checkvec
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
Definition: gnunet-crypto-tvg.c:209
data
static char * data
The data to insert into the dht.
Definition: gnunet-dht-put.c:88
ctx
static struct GNUNET_FS_Handle * ctx
Definition: gnunet-download.c:40
pkey
static char * pkey
Public key of the zone to look in, in ASCII.
Definition: gnunet-namecache.c:58
name
static char * name
Name (label) of the records to list.
Definition: gnunet-namecache.c:48
value
static char * value
Value of the record to add/remove.
Definition: gnunet-namestore.c:270
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:47
salt
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
Definition: gnunet-scrypt.c:34
beta
static float beta
Percentage of total peer number in the view to send random PULLs to.
Definition: gnunet-service-rps.c:494
alpha
static float alpha
Percentage of total peer number in the view to send random PUSHes to.
Definition: gnunet-service-rps.c:488
t
static struct GNUNET_SCHEDULER_Task * t
Main task.
Definition: gnunet-zoneimport.c:293
gnunet_testing_lib.h
Convenience API for writing testcases for GNUnet.
gnunet_util_lib.h
GNUNET_CRYPTO_ecc_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:714
GNUNET_CRYPTO_ecdhe_key_create
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:436
GNUNET_CRYPTO_edx25519_key_get_public
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_edx25519.c:79
GNUNET_CRYPTO_edx25519_private_key_derive
void GNUNET_CRYPTO_edx25519_private_key_derive(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
Derive a private scalar from a given private key and a label.
Definition: crypto_edx25519.c:239
GNUNET_CRYPTO_edx25519_public_key_derive
void GNUNET_CRYPTO_edx25519_public_key_derive(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
Derive a public key from a given public key and a label.
Definition: crypto_edx25519.c:333
GNUNET_CRYPTO_random_block
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Definition: crypto_random.c:133
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:198
GNUNET_CRYPTO_eddsa_key_create
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:462
GNUNET_CRYPTO_ecdh_eddsa
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:777
GNUNET_CRYPTO_edx25519_key_create
void GNUNET_CRYPTO_edx25519_key_create(struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key.
Definition: crypto_edx25519.c:65
GNUNET_CRYPTO_eddsa_sign
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
Definition: gnunet_crypto_lib.h:2217
GNUNET_CRYPTO_eddsa_verify
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
Definition: gnunet_crypto_lib.h:2379
GNUNET_CRYPTO_ecdhe_key_get_public
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:214
GNUNET_CRYPTO_QUALITY_WEAK
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
Definition: gnunet_crypto_lib.h:91
GNUNET_GETOPT_option_flag
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
Definition: getopt_helpers.c:303
GNUNET_CRYPTO_hash
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
GNUNET_CRYPTO_hkdf
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf(void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_hkdf.c:341
GNUNET_CRYPTO_kdf
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:70
GNUNET_NETWORK_STRUCT_BEGIN
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32.
Definition: gnunet_common.h:263
GNUNET_log
#define GNUNET_log(kind,...)
Definition: gnunet_common.h:562
GNUNET_CRYPTO_rsa_signature_free
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
Definition: crypto_rsa.c:1015
GNUNET_CRYPTO_rsa_blind
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_blind(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Blinds the given message with the given blinding key.
Definition: crypto_rsa.c:807
GNUNET_CRYPTO_cs_r_get_public
void GNUNET_CRYPTO_cs_r_get_public(const struct GNUNET_CRYPTO_CsRSecret *r_priv, struct GNUNET_CRYPTO_CsRPublic *r_pub)
Extract the public R of the given secret r.
Definition: crypto_cs.c:98
GNUNET_CRYPTO_rsa_private_key_create
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
Definition: crypto_rsa.c:144
GNUNET_CRYPTO_rsa_private_key_free
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:173
GNUNET_CRYPTO_cs_r_derive
void GNUNET_CRYPTO_cs_r_derive(const struct GNUNET_CRYPTO_CsSessionNonce *nonce, const char *seed, const struct GNUNET_CRYPTO_CsPrivateKey *lts, struct GNUNET_CRYPTO_CsRSecret r[2])
Derive a new secret r pair r0 and r1.
Definition: crypto_cs.c:79
GNUNET_CRYPTO_rsa_public_key_decode
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:423
GNUNET_CRYPTO_cs_private_key_get_public
void GNUNET_CRYPTO_cs_private_key_get_public(const struct GNUNET_CRYPTO_CsPrivateKey *priv, struct GNUNET_CRYPTO_CsPublicKey *pub)
Extract the public key of the given private key.
Definition: crypto_cs.c:52
GNUNET_CRYPTO_cs_unblind
void GNUNET_CRYPTO_cs_unblind(const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, const struct GNUNET_CRYPTO_CsBlindingSecret *bs, struct GNUNET_CRYPTO_CsS *signature_scalar)
Unblind a blind-signed signature using a c that was blinded.
Definition: crypto_cs.c:321
GNUNET_CRYPTO_rsa_blinded_message_free
void GNUNET_CRYPTO_rsa_blinded_message_free(struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Free memory occupied by blinded message.
Definition: crypto_rsa.c:799
GNUNET_CRYPTO_rsa_private_key_decode
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:204
GNUNET_CRYPTO_rsa_public_key_free
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:268
GNUNET_NETWORK_STRUCT_END
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32;.
Definition: gnunet_common.h:268
GNUNET_CRYPTO_cs_calc_blinded_c
void GNUNET_CRYPTO_cs_calc_blinded_c(const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], const struct GNUNET_CRYPTO_CsRPublic r_pub[2], const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len, struct GNUNET_CRYPTO_CsC blinded_c[2], struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind)
Calculate two blinded c's.
Definition: crypto_cs.c:241
GNUNET_CRYPTO_rsa_public_key_encode
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:325
GNUNET_memcmp
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
Definition: gnunet_common.h:1218
GNUNET_CRYPTO_rsa_signature_encode
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:1023
GNUNET_CRYPTO_rsa_sign_blinded
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_CRYPTO_RsaBlindedMessage *bm)
Sign a blinded value, which must be a full domain hash of a message.
Definition: crypto_rsa.c:970
GNUNET_CRYPTO_cs_verify
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify(const struct GNUNET_CRYPTO_CsSignature *sig, const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len)
Verify whether the given message corresponds to the given signature and the signature is valid with r...
Definition: crypto_cs.c:333
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:106
GNUNET_CRYPTO_rsa_unblind
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
Definition: crypto_rsa.c:1118
GNUNET_CRYPTO_rsa_private_key_get_public
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:233
GNUNET_CRYPTO_cs_sign_derive
void GNUNET_CRYPTO_cs_sign_derive(const struct GNUNET_CRYPTO_CsPrivateKey *priv, const struct GNUNET_CRYPTO_CsRSecret r[2], const struct GNUNET_CRYPTO_CsBlindedMessage *bm, struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig)
Sign a blinded c.
Definition: crypto_cs.c:285
GNUNET_CRYPTO_cs_private_key_generate
void GNUNET_CRYPTO_cs_private_key_generate(struct GNUNET_CRYPTO_CsPrivateKey *priv)
Create a new random private key.
Definition: crypto_cs.c:45
GNUNET_CRYPTO_rsa_verify
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const void *message, size_t message_size, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
Definition: crypto_rsa.c:1199
GNUNET_CRYPTO_rsa_private_key_encode
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:181
GNUNET_CRYPTO_cs_blinding_secrets_derive
void GNUNET_CRYPTO_cs_blinding_secrets_derive(const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
Derives new random blinding factors.
Definition: crypto_cs.c:108
GNUNET_OK
@ GNUNET_OK
Definition: gnunet_common.h:109
GNUNET_YES
@ GNUNET_YES
Definition: gnunet_common.h:111
GNUNET_NO
@ GNUNET_NO
Definition: gnunet_common.h:108
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition: gnunet_common.h:107
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition: gnunet_common.h:937
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition: gnunet_common.h:1018
GNUNET_log_setup
enum GNUNET_GenericReturnValue GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
Definition: common_logging.c:729
GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_ERROR
Definition: gnunet_common.h:431
GNUNET_ERROR_TYPE_INFO
@ GNUNET_ERROR_TYPE_INFO
Definition: gnunet_common.h:437
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition: gnunet_common.h:1346
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition: gnunet_common.h:1406
GNUNET_PROGRAM_run
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
Definition: program.c:400
GNUNET_STRINGS_data_to_string_alloc
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:764
GNUNET_STRINGS_string_to_data
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:789
size
static unsigned int size
Size of the "table".
Definition: peer.c:68
GNUNET_SIGNATURE_PURPOSE_TEST
#define GNUNET_SIGNATURE_PURPOSE_TEST
WARNING: This header is generated! In order to add a signature purpose, you must register them in GAN...
Definition: gnunet_signatures.h:52
GNUNET_CONFIGURATION_Handle
configuration data
Definition: configuration.c:149
GNUNET_CRYPTO_CSPublicRPairP
Pair of Public R values for Cs denominations.
Definition: gnunet_crypto_lib.h:3327
GNUNET_CRYPTO_CSPublicRPairP::r_pub
struct GNUNET_CRYPTO_CsRPublic r_pub[2]
Definition: gnunet_crypto_lib.h:3328
GNUNET_CRYPTO_CsBlindS
blinded s in the signature
Definition: gnunet_crypto_lib.h:661
GNUNET_CRYPTO_CsBlindSignature
The Sign Answer for Clause Blind Schnorr signature.
Definition: gnunet_crypto_lib.h:3361
GNUNET_CRYPTO_CsBlindSignature::s_scalar
struct GNUNET_CRYPTO_CsBlindS s_scalar
The blinded s scalar calculated from c_b.
Definition: gnunet_crypto_lib.h:3371
GNUNET_CRYPTO_CsBlindSignature::b
unsigned int b
To make ROS problem harder, the signer chooses an unpredictable b and only calculates signature of c_...
Definition: gnunet_crypto_lib.h:3366
GNUNET_CRYPTO_CsBlindedMessage
CS Parameters derived from the message during blinding to create blinded signature.
Definition: gnunet_crypto_lib.h:3309
GNUNET_CRYPTO_CsBlindedMessage::c
struct GNUNET_CRYPTO_CsC c[2]
The Clause Schnorr c_0 and c_1 containing the blinded message.
Definition: gnunet_crypto_lib.h:3313
GNUNET_CRYPTO_CsBlindingNonce
Nonce for computing blinding factors.
Definition: gnunet_crypto_lib.h:699
GNUNET_CRYPTO_CsBlindingNonce::bnonce
unsigned char bnonce[256/8]
Definition: gnunet_crypto_lib.h:701
GNUNET_CRYPTO_CsBlindingSecret
Secret used for blinding (alpha and beta).
Definition: gnunet_crypto_lib.h:615
GNUNET_CRYPTO_CsC
Schnorr c to be signed.
Definition: gnunet_crypto_lib.h:643
GNUNET_CRYPTO_CsPrivateKey
The private information of an Schnorr key pair.
Definition: gnunet_crypto_lib.h:597
GNUNET_CRYPTO_CsPublicKey
The public information of an Schnorr key pair.
Definition: gnunet_crypto_lib.h:606
GNUNET_CRYPTO_CsRPublic
the public R (derived from r) used in c
Definition: gnunet_crypto_lib.h:634
GNUNET_CRYPTO_CsRSecret
the private r used in the signature
Definition: gnunet_crypto_lib.h:625
GNUNET_CRYPTO_CsS
s in the signature
Definition: gnunet_crypto_lib.h:652
GNUNET_CRYPTO_CsSessionNonce
Nonce for the session, picked by client, shared with the signer.
Definition: gnunet_crypto_lib.h:688
GNUNET_CRYPTO_CsSessionNonce::snonce
unsigned char snonce[256/8]
Definition: gnunet_crypto_lib.h:690
GNUNET_CRYPTO_CsSignature
CS Signtature containing scalar s and point R.
Definition: gnunet_crypto_lib.h:670
GNUNET_CRYPTO_CsSignature::s_scalar
struct GNUNET_CRYPTO_CsS s_scalar
Schnorr signatures are composed of a scalar s and a curve point.
Definition: gnunet_crypto_lib.h:674
GNUNET_CRYPTO_CsSignature::r_point
struct GNUNET_CRYPTO_CsRPublic r_point
Curve point of the Schnorr signature.
Definition: gnunet_crypto_lib.h:679
GNUNET_CRYPTO_EccSignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition: gnunet_crypto_lib.h:141
GNUNET_CRYPTO_EcdhePrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:254
GNUNET_CRYPTO_EcdhePublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Definition: gnunet_crypto_lib.h:240
GNUNET_CRYPTO_EddsaPrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:278
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition: gnunet_crypto_lib.h:201
GNUNET_CRYPTO_EddsaSignature
an ECC signature using EdDSA.
Definition: gnunet_crypto_lib.h:164
GNUNET_CRYPTO_Edx25519PrivateKey
Private ECC key material encoded for transmission.
Definition: gnunet_crypto_lib.h:304
GNUNET_CRYPTO_Edx25519PublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition: gnunet_crypto_lib.h:326
GNUNET_CRYPTO_RsaBlindedMessage
RSA Parameters to create blinded signature.
Definition: gnunet_crypto_lib.h:3084
GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg_size
size_t blinded_msg_size
Size of the blinded_msg to be signed.
Definition: gnunet_crypto_lib.h:3094
GNUNET_CRYPTO_RsaBlindedMessage::blinded_msg
void * blinded_msg
Blinded message to be signed Note: is malloc()'ed!
Definition: gnunet_crypto_lib.h:3089
GNUNET_CRYPTO_RsaBlindingKeySecret
Constant-size pre-secret for blinding key generation.
Definition: gnunet_crypto_lib.h:2885
GNUNET_CRYPTO_RsaPrivateKey
The private information of an RSA key pair.
Definition: crypto_rsa.c:41
GNUNET_CRYPTO_RsaPublicKey
The public information of an RSA key pair.
Definition: crypto_rsa.c:53
GNUNET_CRYPTO_RsaSignature
an RSA signature
Definition: crypto_rsa.c:65
GNUNET_GETOPT_CommandLineOption
Definition of a command line option.
Definition: gnunet_getopt_lib.h:110
GNUNET_HashCode
A 512-bit hashcode.
Definition: gnunet_common.h:278
TestSignatureDataPS
Sample signature struct.
Definition: gnunet-crypto-tvg.c:66
TestSignatureDataPS::purpose
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Definition: gnunet-crypto-tvg.c:67