gnunet_crypto_lib.h File Reference

cryptographic primitives for GNUnet More...

#include <sodium.h>
#include "gnunet_common.h"
#include <gcrypt.h>

Include dependency graph for gnunet_crypto_lib.h:

Go to the source code of this file.

Data Structures
struct	GNUNET_CRYPTO_HashAsciiEncoded
	0-terminated ASCII encoding of a struct GNUNET_HashCode. More...
struct	GNUNET_CRYPTO_EccSignaturePurpose
	header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed data More...
struct	GNUNET_CRYPTO_EddsaSignature
	an ECC signature using EdDSA. More...
struct	GNUNET_CRYPTO_EcdsaSignature
	an ECC signature using ECDSA More...
struct	GNUNET_CRYPTO_EddsaPublicKey
	Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and EdDSA signatures. More...
struct	GNUNET_CRYPTO_EcdsaPublicKey
	Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDSA signatures. More...
struct	GNUNET_PeerIdentity
	The identity of the host (wraps the signing key of the peer). More...
struct	GNUNET_CRYPTO_EcdhePublicKey
	Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encryption (ECDH), See http://cr.yp.to/ecdh.html. More...
struct	GNUNET_CRYPTO_EcdhePrivateKey
	Private ECC key encoded for transmission. More...
struct	GNUNET_CRYPTO_EcdsaPrivateKey
	Private ECC key encoded for transmission. More...
struct	GNUNET_CRYPTO_EddsaPrivateKey
	Private ECC key encoded for transmission. More...
struct	GNUNET_CRYPTO_SymmetricSessionKey
	type for session keys More...
struct	ChallengeNonceP
	Type of a nonce used for challenges. More...
struct	GNUNET_CRYPTO_SymmetricInitializationVector
	IV for sym cipher. More...
struct	GNUNET_CRYPTO_AuthKey
	type for (message) authentication keys More...
struct	GNUNET_CRYPTO_PaillierPublicKey
	Paillier public key. More...
struct	GNUNET_CRYPTO_PaillierPrivateKey
	Paillier private key. More...
struct	GNUNET_CRYPTO_PaillierCiphertext
	Paillier ciphertext. More...
struct	GNUNET_CRYPTO_PowSalt
	Value for a salt for GNUNET_CRYPTO_pow_hash(). More...
struct	GNUNET_CRYPTO_EccPoint
	Point on a curve (always for Curve25519) encoded in a format suitable for network transmission (ECDH), see http://cr.yp.to/ecdh.html. More...
struct	GNUNET_CRYPTO_RsaBlindingKeySecret
	Constant-size pre-secret for blinding key generation. More...

Macros
#define	GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH   126
	Maximum length of an ECC signature. More...
#define	GNUNET_CRYPTO_AES_KEY_LENGTH   (256 / 8)
	length of the sessionkey in bytes (256 BIT sessionkey) More...
#define	GNUNET_CRYPTO_HASH_LENGTH   (512 / 8)
	Length of a hash value. More...
#define	GNUNET_CRYPTO_PKEY_ASCII_LENGTH   52
	How many characters (without 0-terminator) are our ASCII-encoded public keys (ECDSA/EDDSA/ECDHE). More...
#define	GNUNET_CRYPTO_PAILLIER_BITS   2048
	Size of paillier plain texts and public keys. More...
#define	GNUNET_CRYPTO_hash_from_string(enc, result)   GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result)
	Convert ASCII encoding back to struct GNUNET_HashCode More...
#define	GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
	EdDSA sign a given block. More...
#define	GNUNET_CRYPTO_ecdsa_sign(priv, ps, sig)
	ECDSA sign a given block. More...
#define	GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
	Verify EdDSA signature. More...
#define	GNUNET_CRYPTO_ecdsa_verify(purp, ps, sig, pub)
	Verify ECDSA signature. More...

Typedefs
typedef void(*	GNUNET_CRYPTO_HashCompletedCallback) (void *cls, const struct GNUNET_HashCode *res)
	Function called once the hash computation over the specified file has completed. More...

Enumerations
enum	GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_NONCE }
	Desired quality level for random numbers. More...

Functions
void	GNUNET_CRYPTO_seed_weak_random (int32_t seed)
	Seed a weak random generator. More...
uint8_t	GNUNET_CRYPTO_crc8_n (const void *buf, size_t len)
	Calculate the checksum of a buffer in one step. More...
uint32_t	GNUNET_CRYPTO_crc16_step (uint32_t sum, const void *buf, size_t len)
	Perform an incremental step in a CRC16 (for TCP/IP) calculation. More...
uint16_t	GNUNET_CRYPTO_crc16_finish (uint32_t sum)
	Convert results from GNUNET_CRYPTO_crc16_step to final crc16. More...
uint16_t	GNUNET_CRYPTO_crc16_n (const void *buf, size_t len)
	Calculate the checksum of a buffer in one step. More...
int32_t	GNUNET_CRYPTO_crc32_n (const void *buf, size_t len)
	Compute the CRC32 checksum for the first len bytes of the buffer. More...
void	GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
	Zero out buffer, securely against compiler optimizations. More...
void	GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
	Fill block with a random values. More...
uint32_t	GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
	Produce a random value. More...
uint64_t	GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
	Random on unsigned 64-bit values. More...
unsigned int *	GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
	Get an array with a random permutation of the numbers 0...n-1. More...
void	GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
	Create a new random session key. More...
ssize_t	GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
	Encrypt a block using a symmetric sessionkey. More...
ssize_t	GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
	Decrypt a given block using a symmetric sessionkey. More...
void	GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
	Derive an IV. More...
void	GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
	Derive an IV. More...
void	GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode *block, struct GNUNET_CRYPTO_HashAsciiEncoded *result)
	Convert hash to ASCII encoding. More...
enum GNUNET_GenericReturnValue	GNUNET_CRYPTO_hash_from_string2 (const char *enc, size_t enclen, struct GNUNET_HashCode *result)
	Convert ASCII encoding back to a 'struct GNUNET_HashCode'. More...
uint32_t	GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *b)
	Compute the distance between 2 hashcodes. More...
void	GNUNET_CRYPTO_hash (const void *block, size_t size, struct GNUNET_HashCode *ret)
	Compute hash of a given block. More...
void	GNUNET_CRYPTO_pow_hash (const struct GNUNET_CRYPTO_PowSalt *salt, const void *buf, size_t buf_len, struct GNUNET_HashCode *result)
	Calculate the 'proof-of-work' hash (an expensive hash). More...
struct GNUNET_HashContext *	GNUNET_CRYPTO_hash_context_start (void)
	Start incremental hashing operation. More...
void	GNUNET_CRYPTO_hash_context_read (struct GNUNET_HashContext *hc, const void *buf, size_t size)
	Add data to be hashed. More...
void	GNUNET_CRYPTO_hash_context_finish (struct GNUNET_HashContext *hc, struct GNUNET_HashCode *r_hash)
	Finish the hash computation. More...
void	GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc)
	Abort hashing, do not bother calculating final result. More...
void	GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
	Calculate HMAC of a message (RFC 2104) TODO: Shouldn' this be the standard hmac function and the above be renamed? More...
void	GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
	Calculate HMAC of a message (RFC 2104) More...
struct GNUNET_CRYPTO_FileHashContext *	GNUNET_CRYPTO_hash_file (enum GNUNET_SCHEDULER_Priority priority, const char *filename, size_t blocksize, GNUNET_CRYPTO_HashCompletedCallback callback, void *callback_cls)
	Compute the hash of an entire file. More...
void	GNUNET_CRYPTO_hash_file_cancel (struct GNUNET_CRYPTO_FileHashContext *fhc)
	Cancel a file hashing operation. More...
void	GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode, struct GNUNET_HashCode *result)
	Create a random hash code. More...
void	GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *b, struct GNUNET_HashCode *result)
	compute result = b - a More...
void	GNUNET_CRYPTO_hash_sum (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *delta, struct GNUNET_HashCode *result)
	compute result = a + delta More...
void	GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *b, struct GNUNET_HashCode *result)
	compute result = a ^ b More...
void	GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode *hc, struct GNUNET_CRYPTO_SymmetricSessionKey *skey, struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
	Convert a hashcode into a key. More...
int	GNUNET_CRYPTO_hash_get_bit_ltr (const struct GNUNET_HashCode *code, unsigned int bit)
	Obtain a bit from a hashcode. More...
int	GNUNET_CRYPTO_hash_get_bit_rtl (const struct GNUNET_HashCode *code, unsigned int bit)
	Obtain a bit from a hashcode. More...
unsigned int	GNUNET_CRYPTO_hash_matching_bits (const struct GNUNET_HashCode *first, const struct GNUNET_HashCode *second)
	Determine how many low order bits match in two struct GNUNET_HashCodes. More...
int	GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode *h1, const struct GNUNET_HashCode *h2)
	Compare function for HashCodes, producing a total ordering of all hashcodes. More...
int	GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode *h1, const struct GNUNET_HashCode *h2, const struct GNUNET_HashCode *target)
	Find out which of the two GNUNET_CRYPTO_hash codes is closer to target in the XOR metric (Kademlia). More...
void	GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len, va_list argp)
	Derive an authentication key. More...
void	GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len,...)
	Derive an authentication key. More...
int	GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
	Derive key. More...
int	GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
	Derive key. More...
int	GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
	Derive key. More...
void	GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
	Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi. More...
int	GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
	Derive key. More...
void	GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
	Extract the public key for the given private key. More...
void	GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
	Extract the public key for the given private key. More...
void	GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
	Extract the public key for the given private key. More...
char *	GNUNET_CRYPTO_ecdsa_public_key_to_string (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
	Convert a public key to a string. More...
char *	GNUNET_CRYPTO_ecdsa_private_key_to_string (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
	Convert a private key to a string. More...
char *	GNUNET_CRYPTO_eddsa_private_key_to_string (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
	Convert a private key to a string. More...
char *	GNUNET_CRYPTO_eddsa_public_key_to_string (const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
	Convert a public key to a string. More...
int	GNUNET_CRYPTO_ecdsa_public_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
	Convert a string representing a public key to a public key. More...
int	GNUNET_CRYPTO_eddsa_private_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey *pub)
	Convert a string representing a private key to a private key. More...
int	GNUNET_CRYPTO_eddsa_public_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
	Convert a string representing a public key to a public key. More...
int	GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
	Create a new private key by reading it from a file. More...
int	GNUNET_CRYPTO_eddsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
	Create a new private key by reading it from a file. More...
struct GNUNET_CRYPTO_EddsaPrivateKey *	GNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
	Create a new private key by reading our peer's key from the file specified in the configuration. More...
void	GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
	Create a new private key. More...
void	GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
	Create a new private key. More...
void	GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
	Create a new private key. More...
void	GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
	Clear memory that was used to store a private key. More...
void	GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
	Clear memory that was used to store a private key. More...
void	GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
	Clear memory that was used to store a private key. More...
const struct GNUNET_CRYPTO_EcdsaPrivateKey *	GNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
	Get the shared private key we use for anonymous users. More...
void	GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
	Setup a hostkey file for a peer given the name of the configuration file (!). More...
int	GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
	Retrieve the identity of the host's peer. More...
struct GNUNET_CRYPTO_EccDlogContext *	GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, unsigned int mem)
	Do pre-calculation for ECC discrete logarithm for small factors. More...
int	GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t input)
	Calculate ECC discrete logarithm for small factors. More...
gcry_mpi_point_t	GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, int val)
	Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
gcry_mpi_point_t	GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_t val)
	Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
gcry_mpi_point_t	GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t p, gcry_mpi_t val)
	Multiply the point p on the elliptic curve by val. More...
void	GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t point, struct GNUNET_CRYPTO_EccPoint *bin)
	Convert point value to binary representation. More...
gcry_mpi_point_t	GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc, const struct GNUNET_CRYPTO_EccPoint *bin)
	Convert binary representation of a point to computational representation. More...
gcry_mpi_point_t	GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t a, gcry_mpi_point_t b)
	Add two points on the elliptic curve. More...
void	GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t *r, gcry_mpi_point_t *r_inv)
	Obtain a random point on the curve and its additive inverse. More...
void	GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_t *r, gcry_mpi_t *r_inv)
	Obtain a random scalar for point multiplication on the curve and its multiplicative inverse. More...
gcry_mpi_t	GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc)
	Generate a random value mod n. More...
void	GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p)
	Free a point value returned by the API. More...
void	GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *dlc)
	Release precalculated values. More...
int	GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
	Derive key material from a public and a private ECC key. More...
int	GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
	Derive key material from a ECDH public key and a private EdDSA key. More...
int	GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
	Derive key material from a ECDH public key and a private ECDSA key. More...
int	GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
	Derive key material from a EdDSA public key and a private ECDH key. More...
int	GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
	Derive key material from a EcDSA public key and a private ECDH key. More...
int	GNUNET_CRYPTO_eddsa_sign_ (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
	EdDSA sign a given block. More...
int	GNUNET_CRYPTO_ecdsa_sign_ (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
	ECDSA Sign a given block. More...
int	GNUNET_CRYPTO_eddsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
	Verify EdDSA signature. More...
int	GNUNET_CRYPTO_ecdsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
	Verify ECDSA signature. More...
struct GNUNET_CRYPTO_EcdsaPrivateKey *	GNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
	Derive a private key from a given private key and a label. More...
void	GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
	Derive a public key from a given public key and a label. More...
void	GNUNET_CRYPTO_mpi_print_unsigned (void *buf, size_t size, gcry_mpi_t val)
	Output the given MPI value to the given buffer in network byte order. More...
void	GNUNET_CRYPTO_mpi_scan_unsigned (gcry_mpi_t *result, const void *data, size_t size)
	Convert data buffer into MPI value. More...
void	GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey *public_key, struct GNUNET_CRYPTO_PaillierPrivateKey *private_key)
	Create a freshly generated paillier public key. More...
int	GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const gcry_mpi_t m, int desired_ops, struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext)
	Encrypt a plaintext with a paillier public key. More...
void	GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key, const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext, gcry_mpi_t m)
	Decrypt a paillier ciphertext with a private key. More...
int	GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const struct GNUNET_CRYPTO_PaillierCiphertext *c1, const struct GNUNET_CRYPTO_PaillierCiphertext *c2, struct GNUNET_CRYPTO_PaillierCiphertext *result)
	Compute a ciphertext that represents the sum of the plaintext in x1 and x2. More...
int	GNUNET_CRYPTO_paillier_hom_get_remaining (const struct GNUNET_CRYPTO_PaillierCiphertext *c)
	Get the number of remaining supported homomorphic operations. More...
struct GNUNET_CRYPTO_RsaPrivateKey *	GNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
	Create a new private key. More...
void	GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
	Free memory occupied by the private key. More...
size_t	GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
	Encode the private key in a format suitable for storing it into a file. More...
struct GNUNET_CRYPTO_RsaPrivateKey *	GNUNET_CRYPTO_rsa_private_key_decode (const void *buf, size_t buf_size)
	Decode the private key from the data-format back to the "normal", internal format. More...
struct GNUNET_CRYPTO_RsaPrivateKey *	GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key)
	Duplicate the given private key. More...
struct GNUNET_CRYPTO_RsaPublicKey *	GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
	Extract the public key of the given private key. More...
void	GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, struct GNUNET_HashCode *hc)
	Compute hash over the public key. More...
unsigned int	GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key)
	Obtain the length of the RSA key in bits. More...
void	GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key)
	Free memory occupied by the public key. More...
size_t	GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
	Encode the public key in a format suitable for storing it into a file. More...
struct GNUNET_CRYPTO_RsaPublicKey *	GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, size_t len)
	Decode the public key from the data-format back to the "normal", internal format. More...
struct GNUNET_CRYPTO_RsaPublicKey *	GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
	Duplicate the given public key. More...
int	GNUNET_CRYPTO_rsa_signature_cmp (const struct GNUNET_CRYPTO_RsaSignature *s1, const struct GNUNET_CRYPTO_RsaSignature *s2)
	Compare the values of two signatures. More...
int	GNUNET_CRYPTO_rsa_private_key_cmp (const struct GNUNET_CRYPTO_RsaPrivateKey *p1, const struct GNUNET_CRYPTO_RsaPrivateKey *p2)
	Compare the values of two private keys. More...
int	GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1, const struct GNUNET_CRYPTO_RsaPublicKey *p2)
	Compare the values of two public keys. More...
int	GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, void **buf, size_t *buf_size)
	Blinds the given message with the given blinding key. More...
struct GNUNET_CRYPTO_RsaSignature *	GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
	Sign a blinded value, which must be a full domain hash of a message. More...
struct GNUNET_CRYPTO_RsaSignature *	GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_HashCode *hash)
	Create and sign a full domain hash of a message. More...
void	GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
	Free memory occupied by signature. More...
size_t	GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
	Encode the given signature in a format suitable for storing it into a file. More...
struct GNUNET_CRYPTO_RsaSignature *	GNUNET_CRYPTO_rsa_signature_decode (const void *buf, size_t buf_size)
	Decode the signature from the data-format back to the "normal", internal format. More...
struct GNUNET_CRYPTO_RsaSignature *	GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
	Duplicate the given rsa signature. More...
struct GNUNET_CRYPTO_RsaSignature *	GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
	Unblind a blind-signed signature. More...
int	GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
	Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key. More...

Detailed Description

cryptographic primitives for GNUnet

Author

Christian Grothoff

Krista Bennett

Gerd Knorr kraxe.nosp@m.l@by.nosp@m.tesex.nosp@m..org

Ioana Patrascu

Tzvetan Horozov

Jeffrey Burdges burdg.nosp@m.es@g.nosp@m.nunet.nosp@m..org

Definition in file gnunet_crypto_lib.h.

Macro Definition Documentation

GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH

#define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH   126

Maximum length of an ECC signature.

Note: round up to multiple of 8 minus 2 for alignment.

Definition at line 68 of file gnunet_crypto_lib.h.

GNUNET_CRYPTO_AES_KEY_LENGTH

#define GNUNET_CRYPTO_AES_KEY_LENGTH   (256 / 8)

length of the sessionkey in bytes (256 BIT sessionkey)

Definition at line 101 of file gnunet_crypto_lib.h.

Referenced by block_create_ecdsa(), block_decrypt_ecdsa(), derive_block_aes_key(), ecdsa_symmetric_decrypt(), ecdsa_symmetric_encrypt(), GNUNET_CRYPTO_symmetric_create_session_key(), and init_aes().

GNUNET_CRYPTO_HASH_LENGTH

#define GNUNET_CRYPTO_HASH_LENGTH   (512 / 8)

Length of a hash value.

Definition at line 106 of file gnunet_crypto_lib.h.

Referenced by RPS_sampler_elem_reinit().

GNUNET_CRYPTO_PKEY_ASCII_LENGTH

#define GNUNET_CRYPTO_PKEY_ASCII_LENGTH   52

How many characters (without 0-terminator) are our ASCII-encoded public keys (ECDSA/EDDSA/ECDHE).

Definition at line 112 of file gnunet_crypto_lib.h.

Referenced by uri_loc_parse().

GNUNET_CRYPTO_PAILLIER_BITS

#define GNUNET_CRYPTO_PAILLIER_BITS   2048

Size of paillier plain texts and public keys.

Private keys and ciphertexts are twice this size.

Definition at line 333 of file gnunet_crypto_lib.h.

Referenced by encrypt_fair(), get_fair_encryption_challenge(), GNUNET_CRYPTO_paillier_create(), GNUNET_CRYPTO_paillier_encrypt(), GNUNET_CRYPTO_paillier_encrypt1(), run(), and verify_fair().

Typedef Documentation

GNUNET_CRYPTO_HashCompletedCallback

typedef void(* GNUNET_CRYPTO_HashCompletedCallback) (void *cls, const struct GNUNET_HashCode *res)

Function called once the hash computation over the specified file has completed.

Parameters

cls	closure
res	resulting hash, NULL on error

Definition at line 785 of file gnunet_crypto_lib.h.

Function Documentation

GNUNET_CRYPTO_crc16_step()

uint32_t GNUNET_CRYPTO_crc16_step	(	uint32_t	sum,
		const void *	buf,
		size_t	len
	)

Perform an incremental step in a CRC16 (for TCP/IP) calculation.

Parameters

sum	current sum, initially 0
buf	buffer to calculate CRC over (must be 16-bit aligned)
len	number of bytes in buf, must be multiple of 2

Returns

updated crc sum (must be subjected to GNUNET_CRYPTO_crc16_finish to get actual crc16)

Parameters

sum	current sum, initially 0
buf	buffer to calculate CRC over (must be 16-bit aligned)
len	number of bytes in hdr, must be multiple of 2

Returns

updated crc sum (must be subjected to GNUNET_CRYPTO_crc16_finish() to get actual crc16)

Definition at line 125 of file crypto_crc.c.

References buf.

Referenced by GNUNET_CRYPTO_crc16_n(), GNUNET_TUN_calculate_icmp_checksum(), GNUNET_TUN_calculate_tcp4_checksum(), GNUNET_TUN_calculate_tcp6_checksum(), GNUNET_TUN_calculate_udp4_checksum(), and GNUNET_TUN_calculate_udp6_checksum().

{
  const uint16_t *hdr = buf;

  for (; len >= 2; len -= 2)
    sum += *(hdr++);
  if (len == 1)
    sum += (*hdr) & ntohs (0xFF00);
  return sum;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_crc16_finish()

uint16_t GNUNET_CRYPTO_crc16_finish

(

uint32_t

sum

)

Convert results from GNUNET_CRYPTO_crc16_step to final crc16.

Parameters

sum	cumulative sum

Returns

crc16 value

Convert results from GNUNET_CRYPTO_crc16_step to final crc16.

Parameters

sum	cumulative sum

Returns

crc16 value

Definition at line 144 of file crypto_crc.c.

Referenced by GNUNET_CRYPTO_crc16_n(), GNUNET_TUN_calculate_icmp_checksum(), GNUNET_TUN_calculate_tcp4_checksum(), GNUNET_TUN_calculate_tcp6_checksum(), GNUNET_TUN_calculate_udp4_checksum(), and GNUNET_TUN_calculate_udp6_checksum().

{
  sum = (sum >> 16) + (sum & 0xFFFF);
  sum += (sum >> 16);

  return ~sum;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_symmetric_derive_iv_v()

void GNUNET_CRYPTO_symmetric_derive_iv_v	(	struct GNUNET_CRYPTO_SymmetricInitializationVector *	iv,
		const struct GNUNET_CRYPTO_SymmetricSessionKey *	skey,
		const void *	salt,
		size_t	salt_len,
		va_list	argp
	)

Derive an IV.

Parameters

iv	initialization vector
skey	session key
salt	salt for the derivation
salt_len	size of the salt
argp	pairs of void * & size_t for context chunks, terminated by NULL
iv	initialization vector
skey	session key
salt	salt for the derivation
salt_len	size of the salt
argp	pairs of void * & size_t for context chunks, terminated by NULL

Definition at line 229 of file crypto_symmetric.c.

References GNUNET_CRYPTO_SymmetricInitializationVector::aes_iv, GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GNUNET_CRYPTO_kdf_v(), GNUNET_memcpy, GNUNET_CRYPTO_SymmetricInitializationVector::twofish_iv, and GNUNET_CRYPTO_SymmetricSessionKey::twofish_key.

Referenced by GNUNET_CRYPTO_symmetric_derive_iv().

{
  char aes_salt[salt_len + 4];
  char twofish_salt[salt_len + 4];

  GNUNET_memcpy (aes_salt, salt, salt_len);
  GNUNET_memcpy (&aes_salt[salt_len], "AES!", 4);
  GNUNET_memcpy (twofish_salt, salt, salt_len);
  GNUNET_memcpy (&twofish_salt[salt_len], "FISH", 4);
  GNUNET_CRYPTO_kdf_v (iv->aes_iv,
                       sizeof(iv->aes_iv),
                       aes_salt,
                       salt_len + 4,
                       skey->aes_key,
                       sizeof(skey->aes_key),
                       argp);
  GNUNET_CRYPTO_kdf_v (iv->twofish_iv,
                       sizeof(iv->twofish_iv),
                       twofish_salt,
                       salt_len + 4,
                       skey->twofish_key,
                       sizeof(skey->twofish_key),
                       argp);
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_pow_hash()

void GNUNET_CRYPTO_pow_hash	(	const struct GNUNET_CRYPTO_PowSalt *	salt,
		const void *	buf,
		size_t	buf_len,
		struct GNUNET_HashCode *	result
	)

Calculate the 'proof-of-work' hash (an expensive hash).

Parameters

salt	salt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long.
buf	data to hash
buf_len	number of bytes in buf
result	where to write the resulting hash

We're using a non-standard formula to avoid issues with ASICs appearing (see #3795).

Parameters

salt	salt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long.
buf	data to hash
buf_len	number of bytes in buf
result	where to write the resulting hash

Definition at line 41 of file crypto_pow.c.

References GNUNET_break.

Referenced by check_proof_of_work(), find_proof(), GNUNET_REVOCATION_check_pow(), and GNUNET_REVOCATION_pow_round().

{
  /* Threads hardcoded at 1 in libsodium */
  GNUNET_break (0 ==
                crypto_pwhash_argon2id ((unsigned char *) result,
                                        sizeof (struct GNUNET_HashCode),
                                        buf,
                                        buf_len,
                                        (unsigned char*) salt,
                                        3, /* iterations */
                                        1024 * 1024, /* memory (1 MiB) */
                                        crypto_pwhash_argon2id_ALG_ARGON2ID13));
}

Here is the caller graph for this function:

GNUNET_CRYPTO_hash_context_start()

struct GNUNET_HashContext* GNUNET_CRYPTO_hash_context_start

(

void

)

Start incremental hashing operation.

Returns

context for incremental hash computation

Definition at line 483 of file crypto_hash.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_new, and GNUNET_HashContext::hd.

Referenced by GCCH_hash_port(), GNUNET_SET_element_hash(), GNUNET_SETI_element_hash(), and GNUNET_SETU_element_hash().

{
  struct GNUNET_HashContext *hc;

  BENCHMARK_START (hash_context_start);

  hc = GNUNET_new (struct GNUNET_HashContext);
  GNUNET_assert (0 ==
                 gcry_md_open (&hc->hd,
                               GCRY_MD_SHA512,
                               0));

  BENCHMARK_END (hash_context_start);

  return hc;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_hash_context_read()

void GNUNET_CRYPTO_hash_context_read	(	struct GNUNET_HashContext *	hc,
		const void *	buf,
		size_t	size
	)

Add data to be hashed.

Parameters

hc	cumulative hash context
buf	data to add
size	number of bytes in buf

Definition at line 509 of file crypto_hash.c.

References BENCHMARK_END, BENCHMARK_START, and GNUNET_HashContext::hd.

Referenced by GCCH_hash_port(), GNUNET_SET_element_hash(), GNUNET_SETI_element_hash(), and GNUNET_SETU_element_hash().

{
  BENCHMARK_START (hash_context_read);
  gcry_md_write (hc->hd, buf, size);
  BENCHMARK_END (hash_context_read);
}

Here is the caller graph for this function:

GNUNET_CRYPTO_hash_context_finish()

void GNUNET_CRYPTO_hash_context_finish	(	struct GNUNET_HashContext *	hc,
		struct GNUNET_HashCode *	r_hash
	)

Finish the hash computation.

Parameters

hc	hash context to use, is freed in the process
r_hash	where to write the latest / final hash code
hc	hash context to use
r_hash	where to write the latest / final hash code

Definition at line 526 of file crypto_hash.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_CRYPTO_hash_context_abort(), GNUNET_memcpy, GNUNET_HashContext::hd, and res.

Referenced by GCCH_hash_port(), GNUNET_SET_element_hash(), GNUNET_SETI_element_hash(), and GNUNET_SETU_element_hash().

{
  const void *res = gcry_md_read (hc->hd, 0);

  BENCHMARK_START (hash_context_finish);

  GNUNET_assert (NULL != res);
  if (NULL != r_hash)
    GNUNET_memcpy (r_hash,
                   res,
                   sizeof(struct GNUNET_HashCode));
  GNUNET_CRYPTO_hash_context_abort (hc);
  BENCHMARK_END (hash_context_finish);
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_hash_context_abort()

void GNUNET_CRYPTO_hash_context_abort

(

struct GNUNET_HashContext *

hc

)

Abort hashing, do not bother calculating final result.

Parameters

hc	hash context to destroy

Definition at line 549 of file crypto_hash.c.

References GNUNET_free, and GNUNET_HashContext::hd.

Referenced by GNUNET_CRYPTO_hash_context_finish().

{
  gcry_md_close (hc->hd);
  GNUNET_free (hc);
}

Here is the caller graph for this function:

GNUNET_CRYPTO_hmac_raw()

void GNUNET_CRYPTO_hmac_raw	(	const void *	key,
		size_t	key_len,
		const void *	plaintext,
		size_t	plaintext_len,
		struct GNUNET_HashCode *	hmac
	)

Calculate HMAC of a message (RFC 2104) TODO: Shouldn' this be the standard hmac function and the above be renamed?

Parameters

key	secret key
key_len	secret key length
plaintext	input plaintext
plaintext_len	length of plaintext
hmac	where to store the hmac

Definition at line 420 of file crypto_hash.c.

References GNUNET_HashCode::bits, GNUNET_assert, GNUNET_memcpy, mc, and once.

Referenced by calculate_hmac(), GNUNET_CRYPTO_hmac(), and OIDC_generate_id_token().

{
  static int once;
  static gcry_md_hd_t md;
  const unsigned char *mc;

  if (! once)
  {
    once = 1;
    GNUNET_assert (GPG_ERR_NO_ERROR ==
                   gcry_md_open (&md, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC));
  }
  else
  {
    gcry_md_reset (md);
  }
  gcry_md_setkey (md, key, key_len);
  gcry_md_write (md, plaintext, plaintext_len);
  mc = gcry_md_read (md, GCRY_MD_SHA512);
  GNUNET_assert (NULL != mc);
  GNUNET_memcpy (hmac->bits, mc, sizeof(hmac->bits));
}

Here is the caller graph for this function:

GNUNET_CRYPTO_hash_file_cancel()

void GNUNET_CRYPTO_hash_file_cancel

(

struct GNUNET_CRYPTO_FileHashContext *

fhc

)

Cancel a file hashing operation.

Parameters

fhc	operation to cancel (callback must not yet have been invoked)

Definition at line 233 of file crypto_hash_file.c.

References GNUNET_CRYPTO_FileHashContext::fh, GNUNET_CRYPTO_FileHashContext::filename, GNUNET_break, GNUNET_DISK_file_close(), GNUNET_free, GNUNET_OK, GNUNET_SCHEDULER_cancel(), and GNUNET_CRYPTO_FileHashContext::task.

Referenced by client_disconnect_cb(), GNUNET_FS_indexing_done(), GNUNET_FS_unindex_signal_suspend_(), GNUNET_FS_unindex_stop(), and publish_cleanup().

{
  GNUNET_SCHEDULER_cancel (fhc->task);
  GNUNET_free (fhc->filename);
  GNUNET_break (GNUNET_OK ==
                GNUNET_DISK_file_close (fhc->fh));
  GNUNET_free (fhc);
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_hash_get_bit_rtl()

int GNUNET_CRYPTO_hash_get_bit_rtl	(	const struct GNUNET_HashCode *	code,
		unsigned int	bit
	)

Obtain a bit from a hashcode.

Parameters

code	the GNUNET_CRYPTO_hash to index bit-wise
bit	index into the hashcode, [0...511] where 0 is the rightmost bit (bytes in code interpreted little endian)

Returns

Bit bit from hashcode code, -1 for invalid index

Definition at line 268 of file crypto_hash.c.

References GNUNET_assert.

Referenced by get_distance(), and GNUNET_CRYPTO_hash_matching_bits().

{
  GNUNET_assert (bit < 8 * sizeof(struct GNUNET_HashCode));
  return (((unsigned char *) code)[bit >> 3] & (1 << (bit & 7))) > 0;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_kdf_v()

int GNUNET_CRYPTO_kdf_v	(	void *	result,
		size_t	out_len,
		const void *	xts,
		size_t	xts_len,
		const void *	skm,
		size_t	skm_len,
		va_list	argp
	)

Derive key.

Parameters

result	buffer for the derived key, allocated by caller
out_len	desired length of the derived key
xts	salt
xts_len	length of xts
skm	source key material
skm_len	length of skm
argp	va_list of void * & size_t pairs for context chunks

Returns

GNUNET_YES on success

Definition at line 47 of file crypto_kdf.c.

References GNUNET_CRYPTO_hkdf_v().

Referenced by GNUNET_CRYPTO_hmac_derive_key_v(), GNUNET_CRYPTO_kdf(), and GNUNET_CRYPTO_symmetric_derive_iv_v().

{
  /*
   * "Finally, we point out to a particularly advantageous instantiation using
   * HMAC-SHA512 as XTR and HMAC-SHA256 in PRF* (in which case the output from SHA-512 is
   * truncated to 256 bits). This makes sense in two ways: First, the extraction part is where we need a
   * stronger hash function due to the unconventional demand from the hash function in the extraction
   * setting. Second, as shown in Section 6, using HMAC with a truncated output as an extractor
   * allows to prove the security of HKDF under considerably weaker assumptions on the underlying
   * hash function."
   *
   * http://eprint.iacr.org/2010/264
   *///
  return GNUNET_CRYPTO_hkdf_v (result,
                               out_len,
                               GCRY_MD_SHA512,
                               GCRY_MD_SHA256,
                               xts,
                               xts_len,
                               skm,
                               skm_len,
                               argp);
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_kdf_mod_mpi()

void GNUNET_CRYPTO_kdf_mod_mpi	(	gcry_mpi_t *	r,
		gcry_mpi_t	n,
		const void *	xts,
		size_t	xts_len,
		const void *	skm,
		size_t	skm_len,
		const char *	ctx
	)

Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi.

Parameters

[out]	r	MPI value set to the FDH
	n	MPI to work modulo
	xts	salt
	xts_len	length of xts
	skm	source key material
	skm_len	length of skm
	ctx	context string

Definition at line 127 of file crypto_kdf.c.

References buf, GNUNET_assert, GNUNET_CRYPTO_kdf(), and GNUNET_YES.

Referenced by rsa_blinding_key_derive(), and rsa_full_domain_hash().

{
  gcry_error_t rc;
  unsigned int nbits;
  size_t rsize;
  uint16_t ctr;

  nbits = gcry_mpi_get_nbits (n);
  /* GNUNET_assert (nbits > 512); */

  ctr = 0;
  while (1)
  {
    /* Ain't clear if n is always divisible by 8 */
    uint8_t buf[ (nbits - 1) / 8 + 1 ];
    uint16_t ctr_nbo = htons (ctr);

    rc = GNUNET_CRYPTO_kdf (buf,
                            sizeof(buf),
                            xts, xts_len,
                            skm, skm_len,
                            ctx, strlen (ctx),
                            &ctr_nbo, sizeof(ctr_nbo),
                            NULL, 0);
    GNUNET_assert (GNUNET_YES == rc);

    rc = gcry_mpi_scan (r,
                        GCRYMPI_FMT_USG,
                        (const unsigned char *) buf,
                        sizeof(buf),
                        &rsize);
    GNUNET_assert (0 == rc);  /* Allocation error? */

    gcry_mpi_clear_highbit (*r, nbits);
    GNUNET_assert (0 == gcry_mpi_test_bit (*r, nbits));
    ++ctr;
    /* We reject this FDH if either *r > n and retry with another ctr */
    if (0 > gcry_mpi_cmp (*r, n))
      break;
    gcry_mpi_release (*r);
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_ecdsa_public_key_to_string()

char* GNUNET_CRYPTO_ecdsa_public_key_to_string

(

const struct GNUNET_CRYPTO_EcdsaPublicKey *

pub

)

Convert a public key to a string.

Parameters

pub	key to convert

Returns

string representing pub

Definition at line 232 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by abd_value_to_string(), delegation_chain_fw_resolution_start(), forward_resolution(), get_ego(), GNUNET_ABD_delegate_to_string(), handle_intermediate_result(), handle_verify_result(), print_deleset(), and store_cb().

{
  char *pubkeybuf;
  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
  char *end;

  if (keylen % 5 > 0)
    keylen += 5 - keylen % 5;
  keylen /= 5;
  pubkeybuf = GNUNET_malloc (keylen + 1);
  end =
    GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
                                   sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
                                   pubkeybuf,
                                   keylen);
  if (NULL == end)
  {
    GNUNET_free (pubkeybuf);
    return NULL;
  }
  *end = '\0';
  return pubkeybuf;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_ecdsa_private_key_to_string()

char* GNUNET_CRYPTO_ecdsa_private_key_to_string

(

const struct GNUNET_CRYPTO_EcdsaPrivateKey *

priv

)

Convert a private key to a string.

Parameters

priv	key to convert

Returns

string representing priv

Definition at line 331 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

{
  char *privkeybuf;
  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)) * 8;
  char *end;

  if (keylen % 5 > 0)
    keylen += 5 - keylen % 5;
  keylen /= 5;
  privkeybuf = GNUNET_malloc (keylen + 1);
  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
                                       sizeof(
                                         struct GNUNET_CRYPTO_EcdsaPrivateKey),
                                       privkeybuf,
                                       keylen);
  if (NULL == end)
  {
    GNUNET_free (privkeybuf);
    return NULL;
  }
  *end = '\0';
  return privkeybuf;
}

Here is the call graph for this function:

GNUNET_CRYPTO_eddsa_private_key_to_string()

char* GNUNET_CRYPTO_eddsa_private_key_to_string

(

const struct GNUNET_CRYPTO_EddsaPrivateKey *

priv

)

Convert a private key to a string.

Parameters

priv	key to convert

Returns

string representing pub

Definition at line 298 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by run().

{
  char *privkeybuf;
  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
  char *end;

  if (keylen % 5 > 0)
    keylen += 5 - keylen % 5;
  keylen /= 5;
  privkeybuf = GNUNET_malloc (keylen + 1);
  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
                                       sizeof(
                                         struct GNUNET_CRYPTO_EddsaPrivateKey),
                                       privkeybuf,
                                       keylen);
  if (NULL == end)
  {
    GNUNET_free (privkeybuf);
    return NULL;
  }
  *end = '\0';
  return privkeybuf;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_eddsa_public_key_to_string()

char* GNUNET_CRYPTO_eddsa_public_key_to_string

(

const struct GNUNET_CRYPTO_EddsaPublicKey *

pub

)

Convert a public key to a string.

Parameters

pub	key to convert

Returns

string representing pub

Definition at line 265 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by conversation_value_to_string(), create_keys(), GCP_2s(), GNUNET_FRIENDS_write(), GNUNET_HELLO_compose_uri(), GNUNET_i2s(), GNUNET_i2s2(), GNUNET_i2s_full(), main(), print_key(), run(), and uri_loc_to_string().

{
  char *pubkeybuf;
  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
  char *end;

  if (keylen % 5 > 0)
    keylen += 5 - keylen % 5;
  keylen /= 5;
  pubkeybuf = GNUNET_malloc (keylen + 1);
  end =
    GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
                                   sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
                                   pubkeybuf,
                                   keylen);
  if (NULL == end)
  {
    GNUNET_free (pubkeybuf);
    return NULL;
  }
  *end = '\0';
  return pubkeybuf;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_ecdsa_public_key_from_string()

int GNUNET_CRYPTO_ecdsa_public_key_from_string	(	const char *	enc,
		size_t	enclen,
		struct GNUNET_CRYPTO_EcdsaPublicKey *	pub
	)

Convert a string representing a public key to a public key.

Parameters

enc	encoded public key
enclen	number of bytes in enc (without 0-terminator)
pub	where to store the public key

Returns

GNUNET_OK on success

Definition at line 366 of file crypto_ecc.c.

References GNUNET_OK, GNUNET_STRINGS_string_to_data(), and GNUNET_SYSERR.

Referenced by abd_string_to_value(), access_handler_callback(), GNUNET_ABD_delegate_from_string(), identity_cb(), run(), and sign_cb().

{
  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;

  if (keylen % 5 > 0)
    keylen += 5 - keylen % 5;
  keylen /= 5;
  if (enclen != keylen)
    return GNUNET_SYSERR;

  if (GNUNET_OK !=
      GNUNET_STRINGS_string_to_data (enc,
                                     enclen,
                                     pub,
                                     sizeof(
                                       struct GNUNET_CRYPTO_EcdsaPublicKey)))
    return GNUNET_SYSERR;
  return GNUNET_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_eddsa_private_key_from_string()

int GNUNET_CRYPTO_eddsa_private_key_from_string	(	const char *	enc,
		size_t	enclen,
		struct GNUNET_CRYPTO_EddsaPrivateKey *	priv
	)

Convert a string representing a private key to a private key.

Parameters

enc	encoded public key
enclen	number of bytes in enc (without 0-terminator)
priv	where to store the private key

Returns

GNUNET_OK on success

Definition at line 432 of file crypto_ecc.c.

References GNUNET_break, GNUNET_OK, GNUNET_STRINGS_string_to_data(), and GNUNET_SYSERR.

{
  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;

  if (keylen % 5 > 0)
    keylen += 5 - keylen % 5;
  keylen /= 5;
  if (enclen != keylen)
    return GNUNET_SYSERR;

  if (GNUNET_OK !=
      GNUNET_STRINGS_string_to_data (enc,
                                     enclen,
                                     priv,
                                     sizeof(
                                       struct GNUNET_CRYPTO_EddsaPrivateKey)))
    return GNUNET_SYSERR;
#if CRYPTO_BUG
  if (GNUNET_OK != check_eddsa_key (priv))
  {
    GNUNET_break (0);
    return GNUNET_OK;
  }
#endif
  return GNUNET_OK;
}

Here is the call graph for this function:

GNUNET_CRYPTO_eddsa_public_key_from_string()

int GNUNET_CRYPTO_eddsa_public_key_from_string	(	const char *	enc,
		size_t	enclen,
		struct GNUNET_CRYPTO_EddsaPublicKey *	pub
	)

Convert a string representing a public key to a public key.

Parameters

enc	encoded public key
enclen	number of bytes in enc (without 0-terminator)
pub	where to store the public key

Returns

GNUNET_OK on success

Definition at line 399 of file crypto_ecc.c.

References GNUNET_OK, GNUNET_STRINGS_string_to_data(), and GNUNET_SYSERR.

Referenced by blacklist_cfg_iter(), conversation_string_to_value(), create_keys(), gns_string_to_value(), GNUNET_FRIENDS_parse(), hosts_directory_scan_callback(), on_identity(), run(), s2i_full(), server_parse_url(), show_peer(), and uri_loc_parse().

{
  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;

  if (keylen % 5 > 0)
    keylen += 5 - keylen % 5;
  keylen /= 5;
  if (enclen != keylen)
    return GNUNET_SYSERR;

  if (GNUNET_OK !=
      GNUNET_STRINGS_string_to_data (enc,
                                     enclen,
                                     pub,
                                     sizeof(
                                       struct GNUNET_CRYPTO_EddsaPublicKey)))
    return GNUNET_SYSERR;
  return GNUNET_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_ecc_dlog_prepare()

struct GNUNET_CRYPTO_EccDlogContext* GNUNET_CRYPTO_ecc_dlog_prepare	(	unsigned int	max,
		unsigned int	mem
	)

Do pre-calculation for ECC discrete logarithm for small factors.

Parameters

max	maximum value the factor can be
mem	memory to use (should be smaller than max), must not be zero.

Returns

NULL on error

Definition at line 157 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, CURVE, edc, extract_pk(), GNUNET_assert, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_create(), GNUNET_CONTAINER_multipeermap_put(), GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_CRYPTO_EccDlogContext::map, GNUNET_CRYPTO_EccDlogContext::max, and GNUNET_CRYPTO_EccDlogContext::mem.

Referenced by run().

{
  struct GNUNET_CRYPTO_EccDlogContext *edc;
  unsigned int K = ((max + (mem - 1)) / mem);
  gcry_mpi_point_t g;
  struct GNUNET_PeerIdentity key;
  gcry_mpi_point_t gKi;
  gcry_mpi_t fact;
  gcry_mpi_t n;
  unsigned int i;

  GNUNET_assert (max < INT32_MAX);
  edc = GNUNET_new (struct GNUNET_CRYPTO_EccDlogContext);
  edc->max = max;
  edc->mem = mem;

  edc->map = GNUNET_CONTAINER_multipeermap_create (mem * 2,
                                                   GNUNET_NO);

  GNUNET_assert (0 == gcry_mpi_ec_new (&edc->ctx,
                                       NULL,
                                       CURVE));
  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
  GNUNET_assert (NULL != g);
  fact = gcry_mpi_new (0);
  gKi = gcry_mpi_point_new (0);
  for (i = 0; i <= mem; i++)
  {
    gcry_mpi_set_ui (fact, i * K);
    gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
    extract_pk (gKi, edc->ctx, &key);
    GNUNET_assert (GNUNET_OK ==
                   GNUNET_CONTAINER_multipeermap_put (edc->map,
                                                      &key,
                                                      (void *) (long) i + max,
                                                      GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
  }
  /* negative values */
  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
  for (i = 1; i < mem; i++)
  {
    gcry_mpi_set_ui (fact, i * K);
    gcry_mpi_sub (fact, n, fact);
    gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
    extract_pk (gKi, edc->ctx, &key);
    GNUNET_assert (GNUNET_OK ==
                   GNUNET_CONTAINER_multipeermap_put (edc->map,
                                                      &key,
                                                      (void *) (long) max - i,
                                                      GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
  }
  gcry_mpi_release (fact);
  gcry_mpi_release (n);
  gcry_mpi_point_release (gKi);
  gcry_mpi_point_release (g);
  return edc;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_ecc_dlog()

int GNUNET_CRYPTO_ecc_dlog	(	struct GNUNET_CRYPTO_EccDlogContext *	edc,
		gcry_mpi_point_t	input
	)

Calculate ECC discrete logarithm for small factors.

Opposite of GNUNET_CRYPTO_ecc_dexp().

Parameters

dlc	precalculated values, determine range of factors
input	point on the curve to factor

Returns

INT_MAX if dlog failed, otherwise the factor

Parameters

edc	precalculated values, determine range of factors
input	point on the curve to factor

Returns

INT_MAX if dlog failed, otherwise the factor

Definition at line 225 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, extract_pk(), GNUNET_assert, GNUNET_CONTAINER_multipeermap_get(), INT_MAX, GNUNET_CRYPTO_EccDlogContext::map, GNUNET_CRYPTO_EccDlogContext::max, GNUNET_CRYPTO_EccDlogContext::mem, q, and res.

Referenced by compute_scalar_product().

{
  unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem);
  gcry_mpi_point_t g;
  struct GNUNET_PeerIdentity key;
  gcry_mpi_point_t q;
  unsigned int i;
  int res;
  void *retp;

  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
  GNUNET_assert (NULL != g);
  q = gcry_mpi_point_new (0);

  res = INT_MAX;
  for (i = 0; i <= edc->max / edc->mem; i++)
  {
    if (0 == i)
      extract_pk (input, edc->ctx, &key);
    else
      extract_pk (q, edc->ctx, &key);
    retp = GNUNET_CONTAINER_multipeermap_get (edc->map,
                                              &key);
    if (NULL != retp)
    {
      res = (((long) retp) - edc->max) * K - i;
      /* we continue the loop here to make the implementation
         "constant-time". If we do not care about this, we could just
         'break' here and do fewer operations... */
    }
    if (i == edc->max / edc->mem)
      break;
    /* q = q + g */
    if (0 == i)
      gcry_mpi_ec_add (q, input, g, edc->ctx);
    else
      gcry_mpi_ec_add (q, q, g, edc->ctx);
  }
  gcry_mpi_point_release (g);
  gcry_mpi_point_release (q);

  return res;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_ecc_dexp()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp	(	struct GNUNET_CRYPTO_EccDlogContext *	edc,
		int	val
	)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Afterwards, point addition will correspond to integer addition. GNUNET_CRYPTO_ecc_dlog() can be used to convert a point back to an integer (as long as the integer is smaller than the MAX of the edc context).

Parameters

edc	calculation context for ECC operations
val	value to encode into a point

Returns

representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 334 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

{
  gcry_mpi_t fact;
  gcry_mpi_t n;
  gcry_mpi_point_t g;
  gcry_mpi_point_t r;

  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
  GNUNET_assert (NULL != g);
  fact = gcry_mpi_new (0);
  if (val < 0)
  {
    n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
    gcry_mpi_set_ui (fact, -val);
    gcry_mpi_sub (fact, n, fact);
    gcry_mpi_release (n);
  }
  else
  {
    gcry_mpi_set_ui (fact, val);
  }
  r = gcry_mpi_point_new (0);
  gcry_mpi_ec_mul (r, fact, g, edc->ctx);
  gcry_mpi_release (fact);
  gcry_mpi_point_release (g);
  return r;
}

GNUNET_CRYPTO_ecc_dexp_mpi()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp_mpi	(	struct GNUNET_CRYPTO_EccDlogContext *	edc,
		gcry_mpi_t	val
	)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Parameters

edc	calculation context for ECC operations
val	(positive) value to encode into a point

Returns

representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 374 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

Referenced by send_alices_cryptodata_message().

{
  gcry_mpi_point_t g;
  gcry_mpi_point_t r;

  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
  GNUNET_assert (NULL != g);
  r = gcry_mpi_point_new (0);
  gcry_mpi_ec_mul (r, val, g, edc->ctx);
  gcry_mpi_point_release (g);
  return r;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_ecc_pmul_mpi()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_pmul_mpi	(	struct GNUNET_CRYPTO_EccDlogContext *	edc,
		gcry_mpi_point_t	p,
		gcry_mpi_t	val
	)

Multiply the point p on the elliptic curve by val.

Parameters

edc	calculation context for ECC operations
p	point to multiply
val	(positive) value to encode into a point

Returns

representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 420 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx.

Referenced by compute_scalar_product(), and handle_alices_cryptodata_message().

{
  gcry_mpi_point_t r;

  r = gcry_mpi_point_new (0);
  gcry_mpi_ec_mul (r, val, p, edc->ctx);
  return r;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_ecc_point_to_bin()

void GNUNET_CRYPTO_ecc_point_to_bin	(	struct GNUNET_CRYPTO_EccDlogContext *	edc,
		gcry_mpi_point_t	point,
		struct GNUNET_CRYPTO_EccPoint *	bin
	)

Convert point value to binary representation.

Parameters

	edc	calculation context for ECC operations
	point	computational point representation
[out]	bin	binary point representation

Definition at line 101 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), and GNUNET_CRYPTO_EccPoint::q_y.

Referenced by send_alices_cryptodata_message(), and transmit_bobs_cryptodata_message().

{
  gcry_mpi_t q_y;

  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", point, edc->ctx));
  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", edc->ctx, 0);
  GNUNET_assert (q_y);
  GNUNET_CRYPTO_mpi_print_unsigned (bin->q_y,
                                    sizeof(bin->q_y),
                                    q_y);
  gcry_mpi_release (q_y);
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_ecc_bin_to_point()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_bin_to_point	(	struct GNUNET_CRYPTO_EccDlogContext *	edc,
		const struct GNUNET_CRYPTO_EccPoint *	bin
	)

Convert binary representation of a point to computational representation.

Parameters

edc	calculation context for ECC operations
bin	binary point representation

Returns

computational representation

Definition at line 125 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, CURVE, GNUNET_assert, GNUNET_break, q, and GNUNET_CRYPTO_EccPoint::q_y.

Referenced by handle_alices_cryptodata_message(), and handle_bobs_cryptodata_message().

{
  gcry_sexp_t pub_sexpr;
  gcry_ctx_t ctx;
  gcry_mpi_point_t q;

  (void) edc;
  if (0 != gcry_sexp_build (&pub_sexpr, NULL,
                            "(public-key(ecc(curve " CURVE ")(q %b)))",
                            (int) sizeof(bin->q_y),
                            bin->q_y))
  {
    GNUNET_break (0);
    return NULL;
  }
  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
  gcry_sexp_release (pub_sexpr);
  q = gcry_mpi_ec_get_point ("q", ctx, 0);
  gcry_ctx_release (ctx);
  return q;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_ecc_add()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_add	(	struct GNUNET_CRYPTO_EccDlogContext *	edc,
		gcry_mpi_point_t	a,
		gcry_mpi_point_t	b
	)

Add two points on the elliptic curve.

Parameters

edc	calculation context for ECC operations
a	some value
b	some value

Returns

a + b, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 398 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx.

Referenced by compute_scalar_product(), and handle_alices_cryptodata_message().

{
  gcry_mpi_point_t r;

  r = gcry_mpi_point_new (0);
  gcry_mpi_ec_add (r, a, b, edc->ctx);
  return r;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_ecc_rnd()

void GNUNET_CRYPTO_ecc_rnd	(	struct GNUNET_CRYPTO_EccDlogContext *	edc,
		gcry_mpi_point_t *	r,
		gcry_mpi_point_t *	r_inv
	)

Obtain a random point on the curve and its additive inverse.

Both returned values must be freed using GNUNET_CRYPTO_ecc_free().

Parameters

	edc	calculation context for ECC operations
[out]	r	set to a random point on the curve
[out]	r_inv	set to the additive inverse of r

Definition at line 442 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_assert, and GNUNET_CRYPTO_ecc_random_mod_n().

{
  gcry_mpi_t fact;
  gcry_mpi_t n;
  gcry_mpi_point_t g;

  fact = GNUNET_CRYPTO_ecc_random_mod_n (edc);

  /* calculate 'r' */
  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
  GNUNET_assert (NULL != g);
  *r = gcry_mpi_point_new (0);
  gcry_mpi_ec_mul (*r, fact, g, edc->ctx);

  /* calculate 'r_inv' */
  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
  gcry_mpi_sub (fact, n, fact);  /* fact = n - fact = - fact */
  *r_inv = gcry_mpi_point_new (0);
  gcry_mpi_ec_mul (*r_inv, fact, g, edc->ctx);

  gcry_mpi_release (n);
  gcry_mpi_release (fact);
  gcry_mpi_point_release (g);
}

Here is the call graph for this function:

GNUNET_CRYPTO_ecc_rnd_mpi()

void GNUNET_CRYPTO_ecc_rnd_mpi	(	struct GNUNET_CRYPTO_EccDlogContext *	edc,
		gcry_mpi_t *	r,
		gcry_mpi_t *	r_inv
	)

Obtain a random scalar for point multiplication on the curve and its multiplicative inverse.

Parameters

	edc	calculation context for ECC operations
[out]	r	set to a random scalar on the curve
[out]	r_inv	set to the multiplicative inverse of r

Definition at line 479 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_CRYPTO_ecc_random_mod_n().

Referenced by run().

{
  gcry_mpi_t n;

  *r = GNUNET_CRYPTO_ecc_random_mod_n (edc);
  /* r_inv = n - r = - r */
  *r_inv = gcry_mpi_new (0);
  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
  gcry_mpi_sub (*r_inv, n, *r);
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_ecc_random_mod_n()

gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n

(

struct GNUNET_CRYPTO_EccDlogContext *

edc

)

Generate a random value mod n.

Parameters

edc	ECC context

Returns

random value mod n.

Definition at line 278 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

Referenced by GNUNET_CRYPTO_ecc_rnd(), GNUNET_CRYPTO_ecc_rnd_mpi(), and send_alices_cryptodata_message().

{
  gcry_mpi_t n;
  unsigned int highbit;
  gcry_mpi_t r;

  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);

  /* check public key for number of bits, bail out if key is all zeros */
  highbit = 256; /* Curve25519 */
  while ((! gcry_mpi_test_bit (n, highbit)) &&
         (0 != highbit))
    highbit--;
  GNUNET_assert (0 != highbit);
  /* generate fact < n (without bias) */
  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
  do
  {
    gcry_mpi_randomize (r,
                        highbit + 1,
                        GCRY_STRONG_RANDOM);
  }
  while (gcry_mpi_cmp (r, n) >= 0);
  gcry_mpi_release (n);
  return r;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_ecc_free()

void GNUNET_CRYPTO_ecc_free

(

gcry_mpi_point_t

p

)

Free a point value returned by the API.

Parameters

p	point to free

Definition at line 499 of file crypto_ecc_dlog.c.

{
  gcry_mpi_point_release (p);
}

GNUNET_CRYPTO_ecc_dlog_release()

void GNUNET_CRYPTO_ecc_dlog_release

(

struct GNUNET_CRYPTO_EccDlogContext *

edc

)

Release precalculated values.

Parameters

dlc	dlog context
edc	dlog context

Definition at line 312 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_CONTAINER_multipeermap_destroy(), GNUNET_free, and GNUNET_CRYPTO_EccDlogContext::map.

Referenced by shutdown_task().

{
  gcry_ctx_release (edc->ctx);
  GNUNET_CONTAINER_multipeermap_destroy (edc->map);
  GNUNET_free (edc);
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_mpi_print_unsigned()

void GNUNET_CRYPTO_mpi_print_unsigned	(	void *	buf,
		size_t	size,
		gcry_mpi_t	val
	)

Output the given MPI value to the given buffer in network byte order.

The MPI val may not be negative.

Parameters

buf	where to output to
size	number of bytes in buf
val	value to write to buf

Definition at line 78 of file crypto_mpi.c.

References adjust(), GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, GNUNET_memcpy, LOG_GCRY, p, and size.

Referenced by decrypt_conclude(), encrypt_fair(), extract_pk(), GNUNET_CRYPTO_ecc_point_to_bin(), GNUNET_CRYPTO_ecdsa_key_get_anonymous(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_CRYPTO_ecdsa_public_key_derive(), GNUNET_CRYPTO_ecdsa_sign_(), GNUNET_CRYPTO_paillier_create(), GNUNET_CRYPTO_paillier_encrypt(), GNUNET_CRYPTO_paillier_encrypt1(), GNUNET_CRYPTO_paillier_hom_add(), GNUNET_SECRETSHARING_encrypt(), GNUNET_SECRETSHARING_plaintext_generate_i(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), and keygen_round2_conclude().

{
  size_t rsize;
  int rc;

  if (gcry_mpi_get_flag (val, GCRYMPI_FLAG_OPAQUE))
  {
    /* Store opaque MPIs left aligned into the buffer.  */
    unsigned int nbits;
    const void *p;

    p = gcry_mpi_get_opaque (val, &nbits);
    GNUNET_assert (p);
    rsize = (nbits + 7) / 8;
    if (rsize > size)
      rsize = size;
    GNUNET_memcpy (buf, p, rsize);
    if (rsize < size)
      memset (buf + rsize, 0, size - rsize);
  }
  else
  {
    /* Store regular MPIs as unsigned integers right aligned into
       the buffer.  */
    rsize = size;
    if (0 !=
        (rc = gcry_mpi_print (GCRYMPI_FMT_USG,
                              buf,
                              rsize, &rsize,
                              val)))
    {
      LOG_GCRY (GNUNET_ERROR_TYPE_ERROR,
                "gcry_mpi_print",
                rc);
      GNUNET_assert (0);
    }
    adjust (buf, rsize, size);
  }
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_mpi_scan_unsigned()

void GNUNET_CRYPTO_mpi_scan_unsigned	(	gcry_mpi_t *	result,
		const void *	data,
		size_t	size
	)

Convert data buffer into MPI value.

The buffer is interpreted as network byte order, unsigned integer.

Parameters

result	where to store MPI value (allocated)
data	raw data (GCRYMPI_FMT_USG)
size	number of bytes in data

Definition at line 131 of file crypto_mpi.c.

References GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, and LOG_GCRY.

Referenced by decrypt_conclude(), decrypt_new_element(), derive_h(), encrypt_fair(), get_fair_encryption_challenge(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_CRYPTO_paillier_decrypt(), GNUNET_CRYPTO_paillier_encrypt(), GNUNET_CRYPTO_paillier_encrypt1(), GNUNET_CRYPTO_paillier_hom_add(), GNUNET_SECRETSHARING_encrypt(), insert_decrypt_element(), keygen_reveal_get_exp_coeff(), keygen_reveal_get_exp_preshare(), keygen_round1_new_element(), restore_fair(), and verify_fair().

{
  int rc;

  if (0 != (rc = gcry_mpi_scan (result,
                                GCRYMPI_FMT_USG,
                                data, size, &size)))
  {
    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR,
              "gcry_mpi_scan",
              rc);
    GNUNET_assert (0);
  }
}

Here is the caller graph for this function:

GNUNET_CRYPTO_paillier_create()

void GNUNET_CRYPTO_paillier_create	(	struct GNUNET_CRYPTO_PaillierPublicKey *	public_key,
		struct GNUNET_CRYPTO_PaillierPrivateKey *	private_key
	)

Create a freshly generated paillier public key.

Parameters

[out]	public_key	Where to store the public key?
[out]	private_key	Where to store the private key?

Definition at line 39 of file crypto_paillier.c.

References GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_CRYPTO_PaillierPrivateKey::lambda, GNUNET_CRYPTO_PaillierPrivateKey::mu, p, and q.

Referenced by handle_client_keygen(), and run().

{
  gcry_mpi_t p;
  gcry_mpi_t q;
  gcry_mpi_t phi;
  gcry_mpi_t mu;
  gcry_mpi_t n;

  /* Generate two distinct primes.  The probability that the loop body
     is executed more than once is very very low... */
  p = NULL;
  q = NULL;
  do
  {
    if (NULL != p)
      gcry_mpi_release (p);
    if (NULL != q)
      gcry_mpi_release (q);
    GNUNET_assert (0 ==
                   gcry_prime_generate (&p,
                                        GNUNET_CRYPTO_PAILLIER_BITS / 2,
                                        0, NULL, NULL, NULL,
                                        GCRY_STRONG_RANDOM, 0));
    GNUNET_assert (0 ==
                   gcry_prime_generate (&q,
                                        GNUNET_CRYPTO_PAILLIER_BITS / 2,
                                        0, NULL, NULL, NULL,
                                        GCRY_STRONG_RANDOM, 0));
  }
  while (0 == gcry_mpi_cmp (p, q));
  /* n = p * q */
  GNUNET_assert (NULL != (n = gcry_mpi_new (0)));
  gcry_mpi_mul (n,
                p,
                q);
  GNUNET_CRYPTO_mpi_print_unsigned (public_key,
                                    sizeof(struct
                                           GNUNET_CRYPTO_PaillierPublicKey),
                                    n);

  /* compute phi(n) = (p-1)(q-1) */
  GNUNET_assert (NULL != (phi = gcry_mpi_new (0)));
  gcry_mpi_sub_ui (p, p, 1);
  gcry_mpi_sub_ui (q, q, 1);
  gcry_mpi_mul (phi, p, q);
  gcry_mpi_release (p);
  gcry_mpi_release (q);

  /* lambda equals phi(n) in the simplified key generation */
  GNUNET_CRYPTO_mpi_print_unsigned (private_key->lambda,
                                    GNUNET_CRYPTO_PAILLIER_BITS / 8,
                                    phi);
  /* mu = phi^{-1} mod n, as we use g = n + 1 */
  GNUNET_assert (NULL != (mu = gcry_mpi_new (0)));
  GNUNET_assert (0 != gcry_mpi_invm (mu,
                                     phi,
                                     n));
  gcry_mpi_release (phi);
  gcry_mpi_release (n);
  GNUNET_CRYPTO_mpi_print_unsigned (private_key->mu,
                                    GNUNET_CRYPTO_PAILLIER_BITS / 8,
                                    mu);
  gcry_mpi_release (mu);
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_paillier_encrypt()

int GNUNET_CRYPTO_paillier_encrypt	(	const struct GNUNET_CRYPTO_PaillierPublicKey *	public_key,
		const gcry_mpi_t	m,
		int	desired_ops,
		struct GNUNET_CRYPTO_PaillierCiphertext *	ciphertext
	)

Encrypt a plaintext with a paillier public key.

Parameters

	public_key	Public key to use.
	m	Plaintext to encrypt.
	desired_ops	How many homomorphic ops the caller intends to use
[out]	ciphertext	Encryption of plaintext with public_key.

Returns

guaranteed number of supported homomorphic operations >= 1, or desired_ops, in case that is lower, or -1 if less than one homomorphic operation is possible

Definition at line 220 of file crypto_paillier.c.

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_assert, GNUNET_break_op, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_MIN, GNUNET_SYSERR, and GNUNET_CRYPTO_PaillierCiphertext::remaining_ops.

Referenced by compute_service_response(), and send_alices_cryptodata_message().

{
  int possible_opts;
  gcry_mpi_t n_square;
  gcry_mpi_t r;
  gcry_mpi_t rn;
  gcry_mpi_t g;
  gcry_mpi_t gm;
  gcry_mpi_t c;
  gcry_mpi_t n;
  gcry_mpi_t max_num;
  unsigned int highbit;

  /* set max_num = 2^{GNUNET_CRYPTO_PAILLIER_BITS}, the largest
     number we can have as a result */
  GNUNET_assert (NULL != (max_num = gcry_mpi_set_ui (NULL, 1)));
  gcry_mpi_mul_2exp (max_num,
                     max_num,
                     GNUNET_CRYPTO_PAILLIER_BITS);

  /* Determine how many operations we could allow, assuming the other
     number has the same length (or is smaller), by counting the
     number of possible operations.  We essentially divide max_num by
     2 until the result is no longer larger than 'm', incrementing the
     maximum number of operations in each round, starting at -2 */for (possible_opts = -2; gcry_mpi_cmp (max_num, m) > 0; possible_opts++)
    gcry_mpi_div (max_num,
                  NULL,
                  max_num,
                  GCRYMPI_CONST_TWO,
                  0);
  gcry_mpi_release (max_num);

  if (possible_opts < 1)
    possible_opts = 0;
  /* Enforce soft-cap by caller */
  possible_opts = GNUNET_MIN (desired_ops, possible_opts);
  ciphertext->remaining_ops = htonl (possible_opts);

  GNUNET_CRYPTO_mpi_scan_unsigned (&n,
                                   public_key,
                                   sizeof(struct
                                          GNUNET_CRYPTO_PaillierPublicKey));

  /* check public key for number of bits, bail out if key is all zeros */
  highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1;
  while ((! gcry_mpi_test_bit (n, highbit)) &&
         (0 != highbit))
    highbit--;
  if (0 == highbit)
  {
    /* invalid public key */
    GNUNET_break_op (0);
    gcry_mpi_release (n);
    return GNUNET_SYSERR;
  }

  /* generate r < n (without bias) */
  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
  do
  {
    gcry_mpi_randomize (r, highbit + 1, GCRY_STRONG_RANDOM);
  }
  while (gcry_mpi_cmp (r, n) >= 0);

  /* g = n + 1 */
  GNUNET_assert (0 != (g = gcry_mpi_new (0)));
  gcry_mpi_add_ui (g, n, 1);

  /* n_square = n^2 */
  GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
  gcry_mpi_mul (n_square,
                n,
                n);

  /* gm = g^m mod n^2 */
  GNUNET_assert (0 != (gm = gcry_mpi_new (0)));
  gcry_mpi_powm (gm, g, m, n_square);
  gcry_mpi_release (g);

  /* rn <- r^n mod n^2 */
  GNUNET_assert (0 != (rn = gcry_mpi_new (0)));
  gcry_mpi_powm (rn, r, n, n_square);
  gcry_mpi_release (r);
  gcry_mpi_release (n);

  /* c <- rn * gm mod n^2 */
  GNUNET_assert (0 != (c = gcry_mpi_new (0)));
  gcry_mpi_mulm (c, rn, gm, n_square);
  gcry_mpi_release (n_square);
  gcry_mpi_release (gm);
  gcry_mpi_release (rn);

  GNUNET_CRYPTO_mpi_print_unsigned (ciphertext->bits,
                                    sizeof(ciphertext->bits),
                                    c);
  gcry_mpi_release (c);

  return possible_opts;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_paillier_decrypt()

void GNUNET_CRYPTO_paillier_decrypt	(	const struct GNUNET_CRYPTO_PaillierPrivateKey *	private_key,
		const struct GNUNET_CRYPTO_PaillierPublicKey *	public_key,
		const struct GNUNET_CRYPTO_PaillierCiphertext *	ciphertext,
		gcry_mpi_t	m
	)

Decrypt a paillier ciphertext with a private key.

Parameters

	private_key	Private key to use for decryption.
	public_key	Public key to use for decryption.
	ciphertext	Ciphertext to decrypt.
[out]	m	Decryption of ciphertext with .
	private_key	Private key to use for decryption.
	public_key	Public key to use for encryption.
	ciphertext	Ciphertext to decrypt.
[out]	m	Decryption of ciphertext with .

Definition at line 335 of file crypto_paillier.c.

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PaillierPrivateKey::lambda, and GNUNET_CRYPTO_PaillierPrivateKey::mu.

Referenced by compute_scalar_product(), and keygen_round2_new_element().

{
  gcry_mpi_t mu;
  gcry_mpi_t lambda;
  gcry_mpi_t n;
  gcry_mpi_t n_square;
  gcry_mpi_t c;
  gcry_mpi_t cmu;
  gcry_mpi_t cmum1;
  gcry_mpi_t mod;

  GNUNET_CRYPTO_mpi_scan_unsigned (&lambda,
                                   private_key->lambda,
                                   sizeof(private_key->lambda));
  GNUNET_CRYPTO_mpi_scan_unsigned (&mu,
                                   private_key->mu,
                                   sizeof(private_key->mu));
  GNUNET_CRYPTO_mpi_scan_unsigned (&n,
                                   public_key,
                                   sizeof(struct
                                          GNUNET_CRYPTO_PaillierPublicKey));
  GNUNET_CRYPTO_mpi_scan_unsigned (&c,
                                   ciphertext->bits,
                                   sizeof(ciphertext->bits));

  /* n_square = n * n */
  GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
  gcry_mpi_mul (n_square, n, n);

  /* cmu = c^lambda mod n^2 */
  GNUNET_assert (0 != (cmu = gcry_mpi_new (0)));
  gcry_mpi_powm (cmu,
                 c,
                 lambda,
                 n_square);
  gcry_mpi_release (n_square);
  gcry_mpi_release (lambda);
  gcry_mpi_release (c);

  /* cmum1 = cmu - 1 */
  GNUNET_assert (0 != (cmum1 = gcry_mpi_new (0)));
  gcry_mpi_sub_ui (cmum1, cmu, 1);
  gcry_mpi_release (cmu);

  /* mod = cmum1 / n (mod n) */
  GNUNET_assert (0 != (mod = gcry_mpi_new (0)));
  gcry_mpi_div (mod, NULL, cmum1, n, 0);
  gcry_mpi_release (cmum1);

  /* m = mod * mu mod n */
  gcry_mpi_mulm (m, mod, mu, n);
  gcry_mpi_release (mod);
  gcry_mpi_release (mu);
  gcry_mpi_release (n);
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_paillier_hom_add()

int GNUNET_CRYPTO_paillier_hom_add	(	const struct GNUNET_CRYPTO_PaillierPublicKey *	public_key,
		const struct GNUNET_CRYPTO_PaillierCiphertext *	c1,
		const struct GNUNET_CRYPTO_PaillierCiphertext *	c2,
		struct GNUNET_CRYPTO_PaillierCiphertext *	result
	)

Compute a ciphertext that represents the sum of the plaintext in x1 and x2.

Note that this operation can only be done a finite number of times before an overflow occurs.

Parameters

	public_key	Public key to use for encryption.
	c1	Paillier cipher text.
	c2	Paillier cipher text.
[out]	result	Result of the homomorphic operation.

Returns

GNUNET_OK if the result could be computed, GNUNET_SYSERR if no more homomorphic operations are remaining.

Compute a ciphertext that represents the sum of the plaintext in x1 and x2.

Note that this operation can only be done a finite number of times before an overflow occurs.

Parameters

	public_key	Public key to use for encryption.
	c1	Paillier cipher text.
	c2	Paillier cipher text.
[out]	result	Result of the homomorphic operation.

Returns

GNUNET_OK if the result could be computed, GNUNET_SYSERR if no more homomorphic operations are remaining.

Definition at line 413 of file crypto_paillier.c.

References testconfigure::b, GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_assert, GNUNET_break_op, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_MIN, GNUNET_SYSERR, and GNUNET_CRYPTO_PaillierCiphertext::remaining_ops.

Referenced by compute_service_response().

{
  gcry_mpi_t a;
  gcry_mpi_t b;
  gcry_mpi_t c;
  gcry_mpi_t n;
  gcry_mpi_t n_square;
  int32_t o1;
  int32_t o2;

  o1 = (int32_t) ntohl (c1->remaining_ops);
  o2 = (int32_t) ntohl (c2->remaining_ops);
  if ((0 >= o1) || (0 >= o2))
  {
    GNUNET_break_op (0);
    return GNUNET_SYSERR;
  }

  GNUNET_CRYPTO_mpi_scan_unsigned (&a,
                                   c1->bits,
                                   sizeof(c1->bits));
  GNUNET_CRYPTO_mpi_scan_unsigned (&b,
                                   c2->bits,
                                   sizeof(c2->bits));
  GNUNET_CRYPTO_mpi_scan_unsigned (&n,
                                   public_key,
                                   sizeof(struct
                                          GNUNET_CRYPTO_PaillierPublicKey));

  /* n_square = n * n */
  GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
  gcry_mpi_mul (n_square, n, n);
  gcry_mpi_release (n);

  /* c = a * b mod n_square */
  GNUNET_assert (0 != (c = gcry_mpi_new (0)));
  gcry_mpi_mulm (c, a, b, n_square);
  gcry_mpi_release (n_square);
  gcry_mpi_release (a);
  gcry_mpi_release (b);

  result->remaining_ops = htonl (GNUNET_MIN (o1, o2) - 1);
  GNUNET_CRYPTO_mpi_print_unsigned (result->bits,
                                    sizeof(result->bits),
                                    c);
  gcry_mpi_release (c);
  return ntohl (result->remaining_ops);
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_paillier_hom_get_remaining()

int GNUNET_CRYPTO_paillier_hom_get_remaining

(

const struct GNUNET_CRYPTO_PaillierCiphertext *

c

)

Get the number of remaining supported homomorphic operations.

Parameters

c	Paillier cipher text.

Returns

the number of remaining homomorphic operations

Definition at line 476 of file crypto_paillier.c.

References GNUNET_assert, and GNUNET_CRYPTO_PaillierCiphertext::remaining_ops.

{
  GNUNET_assert (NULL != c);
  return ntohl (c->remaining_ops);
}

GNUNET_CRYPTO_rsa_private_key_create()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_create

(

unsigned int

len

)

Create a new private key.

Caller must free return value.

Parameters

len	length of the key in bits (i.e. 2048)

Returns

fresh private key

Definition at line 149 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_new, ret, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by run().

{
  struct GNUNET_CRYPTO_RsaPrivateKey *ret;
  gcry_sexp_t s_key;
  gcry_sexp_t s_keyparam;

  BENCHMARK_START (rsa_private_key_create);

  GNUNET_assert (0 ==
                 gcry_sexp_build (&s_keyparam,
                                  NULL,
                                  "(genkey(rsa(nbits %d)))",
                                  len));
  GNUNET_assert (0 ==
                 gcry_pk_genkey (&s_key,
                                 s_keyparam));
  gcry_sexp_release (s_keyparam);
#if EXTRA_CHECKS
  GNUNET_assert (0 ==
                 gcry_pk_testkey (s_key));
#endif
  ret = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
  ret->sexp = s_key;
  BENCHMARK_END (rsa_private_key_create);
  return ret;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_private_key_free()

void GNUNET_CRYPTO_rsa_private_key_free

(

struct GNUNET_CRYPTO_RsaPrivateKey *

key

)

Free memory occupied by the private key.

Parameters

key	pointer to the memory to free

Definition at line 183 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_private_key_decode(), and run().

{
  gcry_sexp_release (key->sexp);
  GNUNET_free (key);
}

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_private_key_encode()

size_t GNUNET_CRYPTO_rsa_private_key_encode	(	const struct GNUNET_CRYPTO_RsaPrivateKey *	key,
		void **	buffer
	)

Encode the private key in a format suitable for storing it into a file.

Parameters

	key	the private key
[out]	buffer	set to a buffer with the encoded key

Returns

size of memory allocatedin buffer

Parameters

	key	the private key
[out]	buffer	set to a buffer with the encoded key

Returns

size of memory allocated in buffer

Definition at line 199 of file crypto_rsa.c.

References testconfigure::b, GNUNET_assert, GNUNET_malloc, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_private_key_cmp().

{
  size_t n;
  char *b;

  n = gcry_sexp_sprint (key->sexp,
                        GCRYSEXP_FMT_DEFAULT,
                        NULL,
                        0);
  b = GNUNET_malloc (n);
  GNUNET_assert ((n - 1) ==      /* since the last byte is \0 */
                 gcry_sexp_sprint (key->sexp,
                                   GCRYSEXP_FMT_DEFAULT,
                                   b,
                                   n));
  *buffer = b;
  return n;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_private_key_decode()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_decode	(	const void *	buf,
		size_t	buf_size
	)

Decode the private key from the data-format back to the "normal", internal format.

Parameters

buf	the buffer where the private key data is stored
buf_size	the size of the data in buf

Returns

NULL on error

Definition at line 230 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_new, key, LOG, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

{
  struct GNUNET_CRYPTO_RsaPrivateKey *key;

  key = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
  if (0 !=
      gcry_sexp_new (&key->sexp,
                     buf,
                     buf_size,
                     0))
  {
    LOG (GNUNET_ERROR_TYPE_WARNING,
         "Decoded private key is not valid\n");
    GNUNET_free (key);
    return NULL;
  }
  if (0 != gcry_pk_testkey (key->sexp))
  {
    LOG (GNUNET_ERROR_TYPE_WARNING,
         "Decoded private key is not valid\n");
    GNUNET_CRYPTO_rsa_private_key_free (key);
    return NULL;
  }
  return key;
}

Here is the call graph for this function:

GNUNET_CRYPTO_rsa_private_key_dup()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_dup

(

const struct GNUNET_CRYPTO_RsaPrivateKey *

key

)

Duplicate the given private key.

Parameters

key	the private key to duplicate

Returns

the duplicate key; NULL upon error

Definition at line 1337 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

{
  struct GNUNET_CRYPTO_RsaPrivateKey *dup;
  gcry_sexp_t dup_sexp;
  size_t erroff;

  /* check if we really are exporting a private key */
  dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0);
  GNUNET_assert (NULL != dup_sexp);
  gcry_sexp_release (dup_sexp);
  /* copy the sexp */
  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
  dup->sexp = dup_sexp;
  return dup;
}

GNUNET_CRYPTO_rsa_private_key_get_public()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_private_key_get_public

(

const struct GNUNET_CRYPTO_RsaPrivateKey *

priv

)

Extract the public key of the given private key.

Parameters

priv	the private key

Returns

NULL on error, otherwise the public key

Definition at line 265 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_break_op, GNUNET_new, key_from_sexp(), pub, result, GNUNET_CRYPTO_RsaPrivateKey::sexp, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_sign_fdh(), rsa_sign_mpi(), and run().

{
  struct GNUNET_CRYPTO_RsaPublicKey *pub;
  gcry_mpi_t ne[2];
  int rc;
  gcry_sexp_t result;

  BENCHMARK_START (rsa_private_key_get_public);

  rc = key_from_sexp (ne, priv->sexp, "public-key", "ne");
  if (0 != rc)
    rc = key_from_sexp (ne, priv->sexp, "private-key", "ne");
  if (0 != rc)
    rc = key_from_sexp (ne, priv->sexp, "rsa", "ne");
  if (0 != rc)
  {
    GNUNET_break_op (0);
    return NULL;
  }
  rc = gcry_sexp_build (&result,
                        NULL,
                        "(public-key(rsa(n %m)(e %m)))",
                        ne[0],
                        ne[1]);
  gcry_mpi_release (ne[0]);
  gcry_mpi_release (ne[1]);
  pub = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
  pub->sexp = result;
  BENCHMARK_END (rsa_private_key_get_public);
  return pub;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_public_key_hash()

void GNUNET_CRYPTO_rsa_public_key_hash	(	const struct GNUNET_CRYPTO_RsaPublicKey *	key,
		struct GNUNET_HashCode *	hc
	)

Compute hash over the public key.

Parameters

key	public key to hash
hc	where to store the hash code

Definition at line 419 of file crypto_rsa.c.

References buf, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_rsa_public_key_encode(), and GNUNET_free.

{
  void *buf;
  size_t buf_size;

  buf_size = GNUNET_CRYPTO_rsa_public_key_encode (key,
                                                  &buf);
  GNUNET_CRYPTO_hash (buf,
                      buf_size,
                      hc);
  GNUNET_free (buf);
}

Here is the call graph for this function:

GNUNET_CRYPTO_rsa_public_key_len()

unsigned int GNUNET_CRYPTO_rsa_public_key_len

(

const struct GNUNET_CRYPTO_RsaPublicKey *

key

)

Obtain the length of the RSA key in bits.

Parameters

key	the public key to introspect

Returns

length of the key in bits

Definition at line 721 of file crypto_rsa.c.

References GNUNET_break, key_from_sexp(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

{
  gcry_mpi_t n;
  unsigned int rval;

  if (0 != key_from_sexp (&n, key->sexp, "rsa", "n"))
  {   /* Not an RSA public key */
    GNUNET_break (0);
    return 0;
  }
  rval = gcry_mpi_get_nbits (n);
  gcry_mpi_release (n);
  return rval;
}

Here is the call graph for this function:

GNUNET_CRYPTO_rsa_public_key_free()

void GNUNET_CRYPTO_rsa_public_key_free

(

struct GNUNET_CRYPTO_RsaPublicKey *

key

)

Free memory occupied by the public key.

Parameters

key	pointer to the memory to free

Definition at line 305 of file crypto_rsa.c.

References GNUNET_free, GNUNET_NETWORK_STRUCT_BEGIN, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by clean_rsa_pub(), clean_rsa_public_key(), GNUNET_CRYPTO_rsa_sign_fdh(), rsa_sign_mpi(), and run().

{
  gcry_sexp_release (key->sexp);
  GNUNET_free (key);
}

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_public_key_encode()

size_t GNUNET_CRYPTO_rsa_public_key_encode	(	const struct GNUNET_CRYPTO_RsaPublicKey *	key,
		void **	buffer
	)

Encode the public key in a format suitable for storing it into a file.

Parameters

	key	the private key
[out]	buffer	set to a buffer with the encoded key

Returns

size of memory allocated in buffer

Definition at line 346 of file crypto_rsa.c.

References buf, GNUNET_assert, GNUNET_break, GNUNET_malloc, key_from_sexp(), GNUNET_CRYPTO_RsaPublicKeyHeaderP::modulus_length, GNUNET_CRYPTO_RsaPublicKeyHeaderP::public_exponent_length, ret, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by bind_rsa_pub(), GNUNET_CRYPTO_rsa_public_key_cmp(), GNUNET_CRYPTO_rsa_public_key_hash(), GNUNET_JSON_from_rsa_public_key(), my_conv_rsa_public_key(), qconv_rsa_public_key(), rsa_full_domain_hash(), and run().

{
  gcry_mpi_t ne[2];
  size_t n_size;
  size_t e_size;
  size_t rsize;
  size_t buf_size;
  char *buf;
  struct GNUNET_CRYPTO_RsaPublicKeyHeaderP hdr;
  int ret;

  ret = key_from_sexp (ne, key->sexp, "public-key", "ne");
  if (0 != ret)
    ret = key_from_sexp (ne, key->sexp, "rsa", "ne");
  if (0 != ret)
  {
    GNUNET_break (0);
    *buffer = NULL;
    return 0;
  }
  gcry_mpi_print (GCRYMPI_FMT_USG,
                  NULL,
                  0,
                  &n_size,
                  ne[0]);
  gcry_mpi_print (GCRYMPI_FMT_USG,
                  NULL,
                  0,
                  &e_size,
                  ne[1]);
  if ( (e_size > UINT16_MAX) ||
       (n_size > UINT16_MAX) )
  {
    GNUNET_break (0);
    *buffer = NULL;
    gcry_mpi_release (ne[0]);
    gcry_mpi_release (ne[1]);
    return 0;
  }
  buf_size = n_size + e_size + sizeof (hdr);
  buf = GNUNET_malloc (buf_size);
  hdr.modulus_length = htons ((uint16_t) n_size);
  hdr.public_exponent_length = htons ((uint16_t) e_size);
  memcpy (buf, &hdr, sizeof (hdr));
  GNUNET_assert (0 ==
                 gcry_mpi_print (GCRYMPI_FMT_USG,
                                 (unsigned char *) &buf[sizeof (hdr)],
                                 n_size,
                                 &rsize,
                                 ne[0]));

  GNUNET_assert (0 ==
                 gcry_mpi_print (GCRYMPI_FMT_USG,
                                 (unsigned char *) &buf[sizeof (hdr) + n_size],
                                 e_size,
                                 &rsize,
                                 ne[1]));
  *buffer = buf;
  gcry_mpi_release (ne[0]);
  gcry_mpi_release (ne[1]);
  return buf_size;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_public_key_decode()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_decode	(	const char *	buf,
		size_t	len
	)

Decode the public key from the data-format back to the "normal", internal format.

Parameters

buf	the buffer where the public key data is stored
len	the length of the data in buf

Returns

NULL on error

Definition at line 443 of file crypto_rsa.c.

References data, e, GNUNET_break, GNUNET_break_op, GNUNET_new, key, GNUNET_CRYPTO_RsaPublicKeyHeaderP::modulus_length, GNUNET_CRYPTO_RsaPublicKeyHeaderP::public_exponent_length, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by extract_rsa_pub(), extract_rsa_public_key(), parse_rsa_public_key(), and post_extract_rsa_public_key().

{
  struct GNUNET_CRYPTO_RsaPublicKey *key;
  struct GNUNET_CRYPTO_RsaPublicKeyHeaderP hdr;
  size_t e_size;
  size_t n_size;
  gcry_mpi_t n;
  gcry_mpi_t e;
  gcry_sexp_t data;

  if (len < sizeof (hdr))
  {
    GNUNET_break_op (0);
    return NULL;
  }
  memcpy (&hdr, buf, sizeof (hdr));
  n_size = ntohs (hdr.modulus_length);
  e_size = ntohs (hdr.public_exponent_length);
  if (len != sizeof (hdr) + e_size + n_size)
  {
    GNUNET_break_op (0);
    return NULL;
  }
  if (0 !=
      gcry_mpi_scan (&n,
                     GCRYMPI_FMT_USG,
                     &buf[sizeof (hdr)],
                     n_size,
                     NULL))
  {
    GNUNET_break_op (0);
    return NULL;
  }
  if (0 !=
      gcry_mpi_scan (&e,
                     GCRYMPI_FMT_USG,
                     &buf[sizeof (hdr) + n_size],
                     e_size,
                     NULL))
  {
    GNUNET_break_op (0);
    gcry_mpi_release (n);
    return NULL;
  }

  if (0 !=
      gcry_sexp_build (&data,
                       NULL,
                       "(public-key(rsa(n %m)(e %m)))",
                       n,
                       e))
  {
    GNUNET_break (0);
    gcry_mpi_release (n);
    gcry_mpi_release (e);
    return NULL;
  }
  gcry_mpi_release (n);
  gcry_mpi_release (e);
  key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
  key->sexp = data;
  return key;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_public_key_dup()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_dup

(

const struct GNUNET_CRYPTO_RsaPublicKey *

key

)

Duplicate the given public key.

Parameters

key	the public key to duplicate

Returns

the duplicate key; NULL upon error

Definition at line 1166 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, and GNUNET_CRYPTO_RsaPublicKey::sexp.

{
  struct GNUNET_CRYPTO_RsaPublicKey *dup;
  gcry_sexp_t dup_sexp;
  size_t erroff;

  /* check if we really are exporting a public key */
  dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0);
  GNUNET_assert (NULL != dup_sexp);
  gcry_sexp_release (dup_sexp);
  /* copy the sexp */
  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
  dup->sexp = dup_sexp;
  return dup;
}

GNUNET_CRYPTO_rsa_signature_cmp()

int GNUNET_CRYPTO_rsa_signature_cmp	(	const struct GNUNET_CRYPTO_RsaSignature *	s1,
		const struct GNUNET_CRYPTO_RsaSignature *	s2
	)

Compare the values of two signatures.

Parameters

s1	one signature
s2	the other signature

Returns

0 if the two are equal

Definition at line 623 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_free, and ret.

{
  void *b1;
  void *b2;
  size_t z1;
  size_t z2;
  int ret;

  z1 = GNUNET_CRYPTO_rsa_signature_encode (s1,
                                           &b1);
  z2 = GNUNET_CRYPTO_rsa_signature_encode (s2,
                                           &b2);
  if (z1 != z2)
    ret = 1;
  else
    ret = memcmp (b1,
                  b2,
                  z1);
  GNUNET_free (b1);
  GNUNET_free (b2);
  return ret;
}

Here is the call graph for this function:

GNUNET_CRYPTO_rsa_private_key_cmp()

int GNUNET_CRYPTO_rsa_private_key_cmp	(	const struct GNUNET_CRYPTO_RsaPrivateKey *	p1,
		const struct GNUNET_CRYPTO_RsaPrivateKey *	p2
	)

Compare the values of two private keys.

Parameters

p1	one private key
p2	the other private key

Returns

0 if the two are equal

Definition at line 689 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_encode(), GNUNET_free, and ret.

{
  void *b1;
  void *b2;
  size_t z1;
  size_t z2;
  int ret;

  z1 = GNUNET_CRYPTO_rsa_private_key_encode (p1,
                                             &b1);
  z2 = GNUNET_CRYPTO_rsa_private_key_encode (p2,
                                             &b2);
  if (z1 != z2)
    ret = 1;
  else
    ret = memcmp (b1,
                  b2,
                  z1);
  GNUNET_free (b1);
  GNUNET_free (b2);
  return ret;
}

Here is the call graph for this function:

GNUNET_CRYPTO_rsa_public_key_cmp()

int GNUNET_CRYPTO_rsa_public_key_cmp	(	const struct GNUNET_CRYPTO_RsaPublicKey *	p1,
		const struct GNUNET_CRYPTO_RsaPublicKey *	p2
	)

Compare the values of two public keys.

Parameters

p1	one public key
p2	the other public key

Returns

0 if the two are equal

Definition at line 656 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, and ret.

{
  void *b1;
  void *b2;
  size_t z1;
  size_t z2;
  int ret;

  z1 = GNUNET_CRYPTO_rsa_public_key_encode (p1,
                                            &b1);
  z2 = GNUNET_CRYPTO_rsa_public_key_encode (p2,
                                            &b2);
  if (z1 != z2)
    ret = 1;
  else
    ret = memcmp (b1,
                  b2,
                  z1);
  GNUNET_free (b1);
  GNUNET_free (b2);
  return ret;
}

Here is the call graph for this function:

GNUNET_CRYPTO_rsa_blind()

int GNUNET_CRYPTO_rsa_blind	(	const struct GNUNET_HashCode *	hash,
		const struct GNUNET_CRYPTO_RsaBlindingKeySecret *	bks,
		struct GNUNET_CRYPTO_RsaPublicKey *	pkey,
		void **	buf,
		size_t *	buf_size
	)

Blinds the given message with the given blinding key.

Parameters

	hash	hash of the message to sign
	bkey	the blinding key
	pkey	the public key of the signer
[out]	buf	set to a buffer with the blinded message to be signed
[out]	buf_size	number of bytes stored in buf

Returns

GNUNET_YES if successful, GNUNET_NO if RSA key is malicious

Definition at line 841 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, data, GNUNET_assert, GNUNET_break, GNUNET_NO, GNUNET_YES, key_from_sexp(), numeric_mpi_alloc_n_print(), RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), rsa_full_domain_hash(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by run().

{
  struct RsaBlindingKey *bkey;
  gcry_mpi_t data;
  gcry_mpi_t ne[2];
  gcry_mpi_t r_e;
  gcry_mpi_t data_r_e;
  int ret;

  BENCHMARK_START (rsa_blind);

  GNUNET_assert (buf != NULL);
  GNUNET_assert (buf_size != NULL);
  ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne");
  if (0 != ret)
    ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne");
  if (0 != ret)
  {
    GNUNET_break (0);
    *buf = NULL;
    *buf_size = 0;
    return 0;
  }

  data = rsa_full_domain_hash (pkey, hash);
  if (NULL == data)
    goto rsa_gcd_validate_failure;

  bkey = rsa_blinding_key_derive (pkey, bks);
  if (NULL == bkey)
  {
    gcry_mpi_release (data);
    goto rsa_gcd_validate_failure;
  }

  r_e = gcry_mpi_new (0);
  gcry_mpi_powm (r_e,
                 bkey->r,
                 ne[1],
                 ne[0]);
  data_r_e = gcry_mpi_new (0);
  gcry_mpi_mulm (data_r_e,
                 data,
                 r_e,
                 ne[0]);
  gcry_mpi_release (data);
  gcry_mpi_release (ne[0]);
  gcry_mpi_release (ne[1]);
  gcry_mpi_release (r_e);
  rsa_blinding_key_free (bkey);

  *buf_size = numeric_mpi_alloc_n_print (data_r_e,
                                         (char **) buf);
  gcry_mpi_release (data_r_e);

  BENCHMARK_END (rsa_blind);

  return GNUNET_YES;

rsa_gcd_validate_failure:
  /* We know the RSA key is malicious here, so warn the wallet. */
  /* GNUNET_break_op (0); */
  gcry_mpi_release (ne[0]);
  gcry_mpi_release (ne[1]);
  *buf = NULL;
  *buf_size = 0;
  return GNUNET_NO;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_sign_blinded()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_blinded	(	const struct GNUNET_CRYPTO_RsaPrivateKey *	key,
		const void *	msg,
		size_t	msg_len
	)

Sign a blinded value, which must be a full domain hash of a message.

Parameters

key	private key to use for the signing
msg	the (blinded) message to sign
msg_len	number of bytes in msg to sign

Returns

NULL on error, signature on success

Parameters

key	private key to use for the signing
msg	the message to sign
msg_len	number of bytes in msg to sign

Returns

NULL on error, signature on success

Definition at line 1005 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, and rsa_sign_mpi().

Referenced by run().

{
  gcry_mpi_t v = NULL;
  struct GNUNET_CRYPTO_RsaSignature *sig;

  BENCHMARK_START (rsa_sign_blinded);

  GNUNET_assert (0 ==
                 gcry_mpi_scan (&v,
                                GCRYMPI_FMT_USG,
                                msg,
                                msg_len,
                                NULL));

  sig = rsa_sign_mpi (key, v);
  gcry_mpi_release (v);
  BENCHMARK_END (rsa_sign_blinded);
  return sig;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_sign_fdh()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_fdh	(	const struct GNUNET_CRYPTO_RsaPrivateKey *	key,
		const struct GNUNET_HashCode *	hash
	)

Create and sign a full domain hash of a message.

Parameters

key	private key to use for the signing
hash	the hash of the message to sign

Returns

NULL on error, including a malicious RSA key, signature on success

Definition at line 1036 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_free(), pkey, rsa_full_domain_hash(), and rsa_sign_mpi().

{
  struct GNUNET_CRYPTO_RsaPublicKey *pkey;
  gcry_mpi_t v = NULL;
  struct GNUNET_CRYPTO_RsaSignature *sig;

  pkey = GNUNET_CRYPTO_rsa_private_key_get_public (key);
  v = rsa_full_domain_hash (pkey, hash);
  GNUNET_CRYPTO_rsa_public_key_free (pkey);
  if (NULL == v)   /* rsa_gcd_validate failed meaning */
    return NULL;   /* our *own* RSA key is malicious. */

  sig = rsa_sign_mpi (key, v);
  gcry_mpi_release (v);
  return sig;
}

Here is the call graph for this function:

GNUNET_CRYPTO_rsa_signature_free()

void GNUNET_CRYPTO_rsa_signature_free

(

struct GNUNET_CRYPTO_RsaSignature *

sig

)

Free memory occupied by signature.

Parameters

sig	memory to free

Definition at line 1061 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by clean_rsa_sig(), clean_rsa_signature(), and run().

{
  gcry_sexp_release (sig->sexp);
  GNUNET_free (sig);
}

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_signature_encode()

size_t GNUNET_CRYPTO_rsa_signature_encode	(	const struct GNUNET_CRYPTO_RsaSignature *	sig,
		void **	buffer
	)

Encode the given signature in a format suitable for storing it into a file.

Parameters

	sig	the signature
[out]	buffer	set to a buffer with the encoded key

Returns

size of memory allocated in buffer

Definition at line 1076 of file crypto_rsa.c.

References buf, GNUNET_assert, GNUNET_malloc, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by bind_rsa_sig(), GNUNET_CRYPTO_rsa_signature_cmp(), GNUNET_JSON_from_rsa_signature(), my_conv_rsa_signature(), qconv_rsa_signature(), and run().

{
  gcry_mpi_t s;
  size_t buf_size;
  size_t rsize;
  unsigned char *buf;
  int ret;

  ret = key_from_sexp (&s,
                       sig->sexp,
                       "sig-val",
                       "s");
  if (0 != ret)
    ret = key_from_sexp (&s,
                         sig->sexp,
                         "rsa",
                         "s");
  GNUNET_assert (0 == ret);
  gcry_mpi_print (GCRYMPI_FMT_USG,
                  NULL,
                  0,
                  &buf_size,
                  s);
  buf = GNUNET_malloc (buf_size);
  GNUNET_assert (0 ==
                 gcry_mpi_print (GCRYMPI_FMT_USG,
                                 buf,
                                 buf_size,
                                 &rsize,
                                 s));
  GNUNET_assert (rsize == buf_size);
  *buffer = (void *) buf;
  gcry_mpi_release (s);
  return buf_size;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_signature_decode()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_decode	(	const void *	buf,
		size_t	buf_size
	)

Decode the signature from the data-format back to the "normal", internal format.

Parameters

buf	the buffer where the public key data is stored
buf_size	the number of bytes of the data in buf

Returns

NULL on error

Parameters

buf	the buffer where the public key data is stored
buf_size	the size of the data in buf

Returns

NULL on error

Definition at line 1124 of file crypto_rsa.c.

References data, GNUNET_break, GNUNET_break_op, GNUNET_new, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by extract_rsa_sig(), extract_rsa_signature(), parse_rsa_signature(), and post_extract_rsa_signature().

{
  struct GNUNET_CRYPTO_RsaSignature *sig;
  gcry_mpi_t s;
  gcry_sexp_t data;

  if (0 !=
      gcry_mpi_scan (&s,
                     GCRYMPI_FMT_USG,
                     buf,
                     buf_size,
                     NULL))
  {
    GNUNET_break_op (0);
    return NULL;
  }

  if (0 !=
      gcry_sexp_build (&data,
                       NULL,
                       "(sig-val(rsa(s %M)))",
                       s))
  {
    GNUNET_break (0);
    gcry_mpi_release (s);
    return NULL;
  }
  gcry_mpi_release (s);
  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
  sig->sexp = data;
  return sig;
}

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_signature_dup()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_dup

(

const struct GNUNET_CRYPTO_RsaSignature *

sig

)

Duplicate the given rsa signature.

Parameters

sig	the signature to duplicate

Returns

the duplicate key; NULL upon error

Duplicate the given rsa signature.

Parameters

key	the private key to duplicate

Returns

the duplicate key; NULL upon error

Definition at line 1363 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

{
  struct GNUNET_CRYPTO_RsaSignature *dup;
  gcry_sexp_t dup_sexp;
  size_t erroff;
  gcry_mpi_t s;
  int ret;

  /* verify that this is an RSA signature */
  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
  if (0 != ret)
    ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
  GNUNET_assert (0 == ret);
  gcry_mpi_release (s);
  /* copy the sexp */
  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp));
  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
  dup->sexp = dup_sexp;
  return dup;
}

Here is the call graph for this function:

GNUNET_CRYPTO_rsa_unblind()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_unblind	(	const struct GNUNET_CRYPTO_RsaSignature *	sig,
		const struct GNUNET_CRYPTO_RsaBlindingKeySecret *	bks,
		struct GNUNET_CRYPTO_RsaPublicKey *	pkey
	)

Unblind a blind-signed signature.

The signature should have been generated with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with GNUNET_CRYPTO_rsa_blind().

Parameters

sig	the signature made on the blinded signature purpose
bks	the blinding key secret used to blind the signature purpose
pkey	the public key of the signer

Returns

unblinded signature on success, NULL if RSA key is bad or malicious.

Definition at line 1195 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_break_op, GNUNET_new, key_from_sexp(), RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by run().

{
  struct RsaBlindingKey *bkey;
  gcry_mpi_t n;
  gcry_mpi_t s;
  gcry_mpi_t r_inv;
  gcry_mpi_t ubsig;
  int ret;
  struct GNUNET_CRYPTO_RsaSignature *sret;

  BENCHMARK_START (rsa_unblind);

  ret = key_from_sexp (&n, pkey->sexp, "public-key", "n");
  if (0 != ret)
    ret = key_from_sexp (&n, pkey->sexp, "rsa", "n");
  if (0 != ret)
  {
    GNUNET_break_op (0);
    return NULL;
  }
  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
  if (0 != ret)
    ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
  if (0 != ret)
  {
    gcry_mpi_release (n);
    GNUNET_break_op (0);
    return NULL;
  }

  bkey = rsa_blinding_key_derive (pkey, bks);
  if (NULL == bkey)
  {
    /* RSA key is malicious since rsa_gcd_validate failed here.
     * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
     * so the exchange is being malicious in an unfamilair way, maybe
     * just trying to crash us.  */
    GNUNET_break_op (0);
    gcry_mpi_release (n);
    gcry_mpi_release (s);
    return NULL;
  }

  r_inv = gcry_mpi_new (0);
  if (1 !=
      gcry_mpi_invm (r_inv,
                     bkey->r,
                     n))
  {
    /* We cannot find r mod n, so gcd(r,n) != 1, which should get *
    * caught above, but we handle it the same here.              */
    GNUNET_break_op (0);
    gcry_mpi_release (r_inv);
    rsa_blinding_key_free (bkey);
    gcry_mpi_release (n);
    gcry_mpi_release (s);
    return NULL;
  }

  ubsig = gcry_mpi_new (0);
  gcry_mpi_mulm (ubsig, s, r_inv, n);
  gcry_mpi_release (n);
  gcry_mpi_release (r_inv);
  gcry_mpi_release (s);
  rsa_blinding_key_free (bkey);

  sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
  GNUNET_assert (0 ==
                 gcry_sexp_build (&sret->sexp,
                                  NULL,
                                  "(sig-val (rsa (s %M)))",
                                  ubsig));
  gcry_mpi_release (ubsig);
  BENCHMARK_END (rsa_unblind);
  return sret;
}

Here is the call graph for this function:

Here is the caller graph for this function:

GNUNET_CRYPTO_rsa_verify()

int GNUNET_CRYPTO_rsa_verify	(	const struct GNUNET_HashCode *	hash,
		const struct GNUNET_CRYPTO_RsaSignature *	sig,
		const struct GNUNET_CRYPTO_RsaPublicKey *	pkey
	)

Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key.

Parameters

hash	the message to verify to match the sig
sig	signature that is being validated
public_key	public key of the signer

Returns

GNUNET_YES if ok, GNUNET_NO if RSA key is malicious, GNUNET_SYSERR if signature

Parameters

hash	hash of the message to verify to match the sig
sig	signature that is being validated
pkey	public key of the signer

Returns

GNUNET_YES if ok, GNUNET_NO if RSA key is malicious, GNUNET_SYSERR if signature is invalid

Definition at line 1285 of file crypto_rsa.c.

References _, BENCHMARK_END, BENCHMARK_START, data, GNUNET_break_op, GNUNET_ERROR_TYPE_WARNING, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, LOG, mpi_to_sexp(), rsa_full_domain_hash(), GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by run().

{
  gcry_sexp_t data;
  gcry_mpi_t r;
  int rc;

  BENCHMARK_START (rsa_verify);

  r = rsa_full_domain_hash (pkey, hash);
  if (NULL == r)
  {
    GNUNET_break_op (0);
    /* RSA key is malicious since rsa_gcd_validate failed here.
     * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
     * so the exchange is being malicious in an unfamilair way, maybe
     * just trying to crash us.  Arguably, we've only an internal error
     * though because we should've detected this in our previous call
     * to GNUNET_CRYPTO_rsa_unblind. *///
    return GNUNET_NO;
  }

  data = mpi_to_sexp (r);
  gcry_mpi_release (r);

  rc = gcry_pk_verify (sig->sexp,
                       data,
                       pkey->sexp);
  gcry_sexp_release (data);
  if (0 != rc)
  {
    LOG (GNUNET_ERROR_TYPE_WARNING,
         _ ("RSA signature verification failed at %s:%d: %s\n"),
         __FILE__,
         __LINE__,
         gcry_strerror (rc));
    return GNUNET_SYSERR;
    BENCHMARK_END (rsa_verify);
  }
  BENCHMARK_END (rsa_verify);
  return GNUNET_OK;
}

Here is the call graph for this function:

Here is the caller graph for this function: