53 #include "gnunet_signatures.h"
94 vec_for (json_t *vecs,
const char *vecname)
96 json_t *
t = json_object ();
98 json_object_set_new (
t,
100 json_string (vecname));
101 json_array_append_new (vecs,
t);
125 json = json_string (
buf);
129 json_object_set_new (vec, label, json);
146 json_t *json = json_integer (num);
148 json_object_set_new (vec, label, json);
158 const char *s = json_string_value (json_object_get (vec,
name));
178 const char *s = json_string_value (json_object_get (vec,
name));
185 len = (strlen (s) * 5) / 8;
213 "checking %s\n", operation);
215 if (0 == strcmp (operation,
"hash"))
250 else if (0 == strcmp (operation,
"ecc_ecdh"))
300 else if (0 == strcmp (operation,
"eddsa_key_derivation"))
333 else if (0 == strcmp (operation,
"eddsa_signing"))
391 else if (0 == strcmp (operation,
"kdf"))
413 out_len_comp = out_len;
463 if (0 != memcmp (out, out_comp, out_len))
479 else if (0 == strcmp (operation,
"eddsa_ecdh"))
491 sizeof (priv_ecdhe)))
509 sizeof (priv_eddsa)))
527 sizeof (key_material)))
541 else if (0 == strcmp (operation,
"rsa_blind_signing"))
551 void *blinded_data_comp;
552 size_t blinded_len_comp;
553 void *public_enc_data;
554 size_t public_enc_len;
555 void *secret_enc_data;
556 size_t secret_enc_len;
558 size_t sig_enc_length;
559 void *sig_enc_data_comp;
560 size_t sig_enc_length_comp;
565 sizeof (message_hash)))
572 "blinding_key_secret",
635 if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data,
660 if ( (sig_enc_length != sig_enc_length_comp) ||
661 (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
687 else if (0 == strcmp (operation,
"cs_blind_signing"))
706 sizeof (message_hash)))
772 sizeof (bs[0].
alpha)))
780 sizeof (bs[1].
alpha)))
788 sizeof (bs[0].
beta)))
796 sizeof (bs[1].
beta)))
804 sizeof (r_pub_blind[0])))
812 sizeof (r_pub_blind[1])))
852 sizeof (signature_scalar)))
867 if ((b != 1) && (b != 0))
909 sizeof(message_hash),
931 &signature_scalar_comp);
934 sizeof(signature_scalar_comp)));
935 sig_comp.
r_point = r_pub_blind_comp[b_comp];
936 sig_comp.
s_scalar = signature_scalar_comp;
943 sizeof(message_hash)))
952 "unsupported operation '%s'\n", operation);
968 json_t *vecfile = json_loadf (stdin, 0, &err);
969 const char *encoding;
977 encoding = json_string_value (json_object_get (vecfile,
979 if ( (NULL == encoding) || (0 != strcmp (encoding,
"base32crockford")) )
982 json_decref (vecfile);
985 vectors = json_object_get (vecfile,
"vectors");
986 if (! json_is_array (vectors))
989 json_decref (vecfile);
998 json_array_foreach (vectors, index,
value) {
999 const char *
op = json_string_value (json_object_get (
value,
1005 "missing operation\n");
1014 (
unsigned int) index);
1018 json_decref (vecfile);
1032 json_t *vecfile = json_object ();
1033 json_t *vecs = json_array ();
1035 json_object_set_new (vecfile,
1037 json_string (
"base32crockford"));
1038 json_object_set_new (vecfile,
1040 json_string (
"GNUnet " PACKAGE_VERSION
" " VCS_VERSION));
1041 json_object_set_new (vecfile,
1046 json_t *vec =
vec_for (vecs,
"hash");
1048 char *str =
"Hello, GNUnet";
1052 d2j (vec,
"input", str, strlen (str));
1056 json_t *vec =
vec_for (vecs,
"ecc_ecdh");
1090 json_t *vec =
vec_for (vecs,
"eddsa_key_derivation");
1108 json_t *vec =
vec_for (vecs,
"eddsa_signing");
1117 data.purpose.size = htonl (
sizeof (
data));
1147 json_t *vec =
vec_for (vecs,
"kdf");
1148 size_t out_len = 64;
1150 char *ikm =
"I'm the secret input key material";
1151 char *
salt =
"I'm very salty";
1152 char *
ctx =
"I'm a context chunk, also known as 'info' in the RFC";
1179 (
unsigned int) out_len);
1186 json_t *vec =
vec_for (vecs,
"eddsa_ecdh");
1199 d2j (vec,
"priv_ecdhe",
1202 d2j (vec,
"pub_ecdhe",
1205 d2j (vec,
"priv_eddsa",
1208 d2j (vec,
"pub_eddsa",
1211 d2j (vec,
"key_material",
1217 json_t *vec =
vec_for (vecs,
"edx25519_derive");
1238 d2j (vec,
"priv1_edx",
1241 d2j (vec,
"pub1_edx",
1247 d2j (vec,
"priv2_edx",
1250 d2j (vec,
"pub2_edx",
1256 json_t *vec =
vec_for (vecs,
"rsa_blind_signing");
1266 void *public_enc_data;
1267 size_t public_enc_len;
1268 void *secret_enc_data;
1269 size_t secret_enc_len;
1270 void *blinded_sig_enc_data;
1271 size_t blinded_sig_enc_length;
1273 size_t sig_enc_length;
1301 blinded_sig_enc_data);
1316 "blinding_key_secret",
1325 blinded_sig_enc_data,
1326 blinded_sig_enc_length);
1343 json_t *vec =
vec_for (vecs,
"cs_blind_signing");
1367 sizeof(nonce.
nonce),
1373 strlen (
"nonce_secret"),
1390 sizeof(message_hash),
1404 sizeof(message_hash)))
1444 sizeof(bs[0].
alpha));
1448 sizeof(bs[1].
alpha));
1452 sizeof(bs[0].
beta));
1456 sizeof(bs[1].
beta));
1460 sizeof(r_pub_blind[0]));
1464 sizeof(r_pub_blind[1]));
1484 sizeof(signature_scalar));
1488 sizeof(r_pub_blind[b]));
1491 json_dumpf (vecfile, stdout, JSON_INDENT (2));
1492 json_decref (vecfile);
1510 const char *cfgfile,
1535 "verify a test vector from stdin"),
1546 "gnunet-crypto-tvg",
1547 "Generate test vectors for cryptographic operations",
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
struct GNUNET_GETOPT_CommandLineOption options[]
#define GNUNET_SIGNATURE_PURPOSE_TEST
WARNING: This header is generated! In order to add a signature purpose, you must register them in GAN...
#define gettext_noop(String)
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration we are using.
static int ret
Return value of the commandline.
static struct GNUNET_ARM_Operation * op
Current operation.
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
static int global_ret
Global exit code.
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
static int check_vectors()
Check test vectors from stdin.
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
int main(int argc, char *const *argv)
The main function of the test vector generation tool.
static int output_vectors()
Output test vectors.
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
uint32_t data
The data value.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
static char * pkey
Public key of the zone to look in, in ASCII.
static char * value
Value of the record to add/remove.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
static float beta
Percentage of total peer number in the view to send random PULLs to.
static float alpha
Percentage of total peer number in the view to send random PUSHes to.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_SCHEDULER_Task * t
Main task.
Convenience API for writing testcases for GNUnet.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
void GNUNET_CRYPTO_edx25519_private_key_derive(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
Derive a private scalar from a given private key and a label.
void GNUNET_CRYPTO_edx25519_public_key_derive(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
Derive a public key from a given public key and a label.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
void GNUNET_CRYPTO_edx25519_key_create(struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key.
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf(void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32.
#define GNUNET_log(kind,...)
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
void GNUNET_CRYPTO_cs_r_get_public(const struct GNUNET_CRYPTO_CsRSecret *r_priv, struct GNUNET_CRYPTO_CsRPublic *r_pub)
Extract the public R of the given secret r.
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, void **buf, size_t *buf_size)
Blinds the given message with the given blinding key.
void GNUNET_CRYPTO_cs_blinding_secrets_derive(const struct GNUNET_CRYPTO_CsNonce *blind_seed, struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
Derives new random blinding factors.
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
void GNUNET_CRYPTO_cs_private_key_get_public(const struct GNUNET_CRYPTO_CsPrivateKey *priv, struct GNUNET_CRYPTO_CsPublicKey *pub)
Extract the public key of the given private key.
void GNUNET_CRYPTO_cs_unblind(const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, const struct GNUNET_CRYPTO_CsBlindingSecret *bs, struct GNUNET_CRYPTO_CsS *signature_scalar)
Unblind a blind-signed signature using a c that was blinded.
void GNUNET_CRYPTO_cs_r_derive(const struct GNUNET_CRYPTO_CsNonce *nonce, const char *seed, const struct GNUNET_CRYPTO_CsPrivateKey *lts, struct GNUNET_CRYPTO_CsRSecret r[2])
Derive a new secret r pair r0 and r1.
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format.
void GNUNET_CRYPTO_cs_calc_blinded_c(const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], const struct GNUNET_CRYPTO_CsRPublic r_pub[2], const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len, struct GNUNET_CRYPTO_CsC blinded_c[2], struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2])
Calculate two blinded c's Comment: One would be insecure due to Wagner's algorithm solving ROS.
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32;.
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
unsigned int GNUNET_CRYPTO_cs_sign_derive(const struct GNUNET_CRYPTO_CsPrivateKey *priv, const struct GNUNET_CRYPTO_CsRSecret r[2], const struct GNUNET_CRYPTO_CsC c[2], const struct GNUNET_CRYPTO_CsNonce *nonce, struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar)
Sign a blinded c This function derives b from a nonce and a longterm secret In original papers b is g...
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify(const struct GNUNET_CRYPTO_CsSignature *sig, const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len)
Verify whether the given message corresponds to the given signature and the signature is valid with r...
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
void GNUNET_CRYPTO_cs_private_key_generate(struct GNUNET_CRYPTO_CsPrivateKey *priv)
Create a new random private key.
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
Sign a blinded value, which must be a full domain hash of a message.
int GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_ERROR
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
static unsigned int size
Size of the "table".
blinded s in the signature
Secret used for blinding (alpha and beta).
unsigned char nonce[256/8]
The private information of an Schnorr key pair.
The public information of an Schnorr key pair.
the public R (derived from r) used in c
the private r used in the signature
CS Signtature containing scalar s and point R.
struct GNUNET_CRYPTO_CsS s_scalar
Schnorr signatures are composed of a scalar s and a curve point.
struct GNUNET_CRYPTO_CsRPublic r_point
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Private ECC key encoded for transmission.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Private ECC key encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
an ECC signature using EdDSA.
Private ECC key material encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Constant-size pre-secret for blinding key generation.
The private information of an RSA key pair.
The public information of an RSA key pair.
Definition of a command line option.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
1.9.1