GNUnet  0.10.x
Data Structures | Macros | Typedefs | Enumerations | Functions
gnunet_crypto_lib.h File Reference

cryptographic primitives for GNUnet More...

#include "gnunet_common.h"
#include <gcrypt.h>
Include dependency graph for gnunet_crypto_lib.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  GNUNET_CRYPTO_HashAsciiEncoded
 0-terminated ASCII encoding of a struct GNUNET_HashCode. More...
 
struct  GNUNET_CRYPTO_EccSignaturePurpose
 header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed data More...
 
struct  GNUNET_CRYPTO_EddsaSignature
 an ECC signature using EdDSA. More...
 
struct  GNUNET_CRYPTO_EcdsaSignature
 an ECC signature using ECDSA More...
 
struct  GNUNET_CRYPTO_EddsaPublicKey
 Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and EdDSA signatures. More...
 
struct  GNUNET_CRYPTO_EcdsaPublicKey
 Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDSA signatures. More...
 
struct  GNUNET_PeerIdentity
 The identity of the host (wraps the signing key of the peer). More...
 
struct  GNUNET_CRYPTO_EcdhePublicKey
 Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encryption (ECDH), See http://cr.yp.to/ecdh.html. More...
 
struct  GNUNET_CRYPTO_EcdhePrivateKey
 Private ECC key encoded for transmission. More...
 
struct  GNUNET_CRYPTO_EcdsaPrivateKey
 Private ECC key encoded for transmission. More...
 
struct  GNUNET_CRYPTO_EddsaPrivateKey
 Private ECC key encoded for transmission. More...
 
struct  GNUNET_CRYPTO_SymmetricSessionKey
 type for session keys More...
 
struct  GNUNET_CRYPTO_SymmetricInitializationVector
 IV for sym cipher. More...
 
struct  GNUNET_CRYPTO_AuthKey
 type for (message) authentication keys More...
 
struct  GNUNET_CRYPTO_PaillierPublicKey
 Paillier public key. More...
 
struct  GNUNET_CRYPTO_PaillierPrivateKey
 Paillier private key. More...
 
struct  GNUNET_CRYPTO_PaillierCiphertext
 Paillier ciphertext. More...
 
struct  GNUNET_CRYPTO_EccPoint
 Point on a curve (always for Curve25519) encoded in a format suitable for network transmission (ECDH), see http://cr.yp.to/ecdh.html. More...
 
struct  GNUNET_CRYPTO_RsaBlindingKeySecret
 Constant-size pre-secret for blinding key generation. More...
 

Macros

#define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH   126
 Maximum length of an ECC signature. More...
 
#define GNUNET_CRYPTO_AES_KEY_LENGTH   (256 / 8)
 length of the sessionkey in bytes (256 BIT sessionkey) More...
 
#define GNUNET_CRYPTO_HASH_LENGTH   (512 / 8)
 Length of a hash value. More...
 
#define GNUNET_CRYPTO_PKEY_ASCII_LENGTH   52
 How many characters (without 0-terminator) are our ASCII-encoded public keys (ECDSA/EDDSA/ECDHE). More...
 
#define GNUNET_CRYPTO_PAILLIER_BITS   2048
 Size of paillier plain texts and public keys. More...
 
#define GNUNET_CRYPTO_hash_from_string(enc, result)   GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result)
 Convert ASCII encoding back to struct GNUNET_HashCode More...
 

Typedefs

typedef void(* GNUNET_CRYPTO_HashCompletedCallback) (void *cls, const struct GNUNET_HashCode *res)
 Function called once the hash computation over the specified file has completed. More...
 

Enumerations

enum  GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_NONCE }
 Desired quality level for random numbers. More...
 

Functions

void GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 Seed a weak random generator. More...
 
uint8_t GNUNET_CRYPTO_crc8_n (const void *buf, size_t len)
 Calculate the checksum of a buffer in one step. More...
 
uint32_t GNUNET_CRYPTO_crc16_step (uint32_t sum, const void *buf, size_t len)
 Perform an incremental step in a CRC16 (for TCP/IP) calculation. More...
 
uint16_t GNUNET_CRYPTO_crc16_finish (uint32_t sum)
 Convert results from GNUNET_CRYPTO_crc16_step to final crc16. More...
 
uint16_t GNUNET_CRYPTO_crc16_n (const void *buf, size_t len)
 Calculate the checksum of a buffer in one step. More...
 
int32_t GNUNET_CRYPTO_crc32_n (const void *buf, size_t len)
 Compute the CRC32 checksum for the first len bytes of the buffer. More...
 
void GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
 Zero out buffer, securely against compiler optimizations. More...
 
void GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
 Fill block with a random values. More...
 
uint32_t GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
 Produce a random value. More...
 
uint64_t GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 Random on unsigned 64-bit values. More...
 
unsigned int * GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
 Get an array with a random permutation of the numbers 0...n-1. More...
 
void GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
 Create a new random session key. More...
 
ssize_t GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Encrypt a block using a symmetric sessionkey. More...
 
ssize_t GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Decrypt a given block using a symmetric sessionkey. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
 Derive an IV. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
 Derive an IV. More...
 
void GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode *block, struct GNUNET_CRYPTO_HashAsciiEncoded *result)
 Convert hash to ASCII encoding. More...
 
int GNUNET_CRYPTO_hash_from_string2 (const char *enc, size_t enclen, struct GNUNET_HashCode *result)
 Convert ASCII encoding back to a 'struct GNUNET_HashCode'. More...
 
uint32_t GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *b)
 Compute the distance between 2 hashcodes. More...
 
void GNUNET_CRYPTO_hash (const void *block, size_t size, struct GNUNET_HashCode *ret)
 Compute hash of a given block. More...
 
struct GNUNET_HashContextGNUNET_CRYPTO_hash_context_start (void)
 Start incremental hashing operation. More...
 
void GNUNET_CRYPTO_hash_context_read (struct GNUNET_HashContext *hc, const void *buf, size_t size)
 Add data to be hashed. More...
 
void GNUNET_CRYPTO_hash_context_finish (struct GNUNET_HashContext *hc, struct GNUNET_HashCode *r_hash)
 Finish the hash computation. More...
 
void GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc)
 Abort hashing, do not bother calculating final result. More...
 
void GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
 Calculate HMAC of a message (RFC 2104) TODO: Shouldn' this be the standard hmac function and the above be renamed? More...
 
void GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
 Calculate HMAC of a message (RFC 2104) More...
 
struct GNUNET_CRYPTO_FileHashContextGNUNET_CRYPTO_hash_file (enum GNUNET_SCHEDULER_Priority priority, const char *filename, size_t blocksize, GNUNET_CRYPTO_HashCompletedCallback callback, void *callback_cls)
 Compute the hash of an entire file. More...
 
void GNUNET_CRYPTO_hash_file_cancel (struct GNUNET_CRYPTO_FileHashContext *fhc)
 Cancel a file hashing operation. More...
 
void GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode, struct GNUNET_HashCode *result)
 Create a random hash code. More...
 
void GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *b, struct GNUNET_HashCode *result)
 compute result = b - a More...
 
void GNUNET_CRYPTO_hash_sum (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *delta, struct GNUNET_HashCode *result)
 compute result = a + delta More...
 
void GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *b, struct GNUNET_HashCode *result)
 compute result = a ^ b More...
 
void GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode *hc, struct GNUNET_CRYPTO_SymmetricSessionKey *skey, struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
 Convert a hashcode into a key. More...
 
int GNUNET_CRYPTO_hash_get_bit (const struct GNUNET_HashCode *code, unsigned int bit)
 Obtain a bit from a hashcode. More...
 
unsigned int GNUNET_CRYPTO_hash_matching_bits (const struct GNUNET_HashCode *first, const struct GNUNET_HashCode *second)
 Determine how many low order bits match in two struct GNUNET_HashCodes. More...
 
int GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode *h1, const struct GNUNET_HashCode *h2)
 Compare function for HashCodes, producing a total ordering of all hashcodes. More...
 
int GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode *h1, const struct GNUNET_HashCode *h2, const struct GNUNET_HashCode *target)
 Find out which of the two GNUNET_CRYPTO_hash codes is closer to target in the XOR metric (Kademlia). More...
 
void GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len, va_list argp)
 Derive an authentication key. More...
 
void GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len,...)
 Derive an authentication key. More...
 
int GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
 Derive key. More...
 
int GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
 Derive key. More...
 
int GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
 Derive key. More...
 
void GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
 Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi. More...
 
int GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
 Derive key. More...
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key. More...
 
char * GNUNET_CRYPTO_ecdsa_public_key_to_string (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Convert a public key to a string. More...
 
char * GNUNET_CRYPTO_ecdsa_private_key_to_string (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
 Convert a private key to a string. More...
 
char * GNUNET_CRYPTO_eddsa_private_key_to_string (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
 Convert a private key to a string. More...
 
char * GNUNET_CRYPTO_eddsa_public_key_to_string (const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Convert a public key to a string. More...
 
int GNUNET_CRYPTO_ecdsa_public_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Convert a string representing a public key to a public key. More...
 
int GNUNET_CRYPTO_eddsa_private_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey *pub)
 Convert a string representing a private key to a private key. More...
 
int GNUNET_CRYPTO_eddsa_public_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Convert a string representing a public key to a public key. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 Create a new private key by reading our peer's key from the file specified in the configuration. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_create (void)
 Create a new private key. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create (void)
 Create a new private key. More...
 
int GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key. More...
 
struct GNUNET_CRYPTO_EcdhePrivateKeyGNUNET_CRYPTO_ecdhe_key_create (void)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
 Get the shared private key we use for anonymous users. More...
 
void GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
 Setup a hostkey file for a peer given the name of the configuration file (!). More...
 
int GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
 Retrieve the identity of the host's peer. More...
 
struct GNUNET_CRYPTO_EccDlogContextGNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, unsigned int mem)
 Do pre-calculation for ECC discrete logarithm for small factors. More...
 
int GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t input)
 Calculate ECC discrete logarithm for small factors. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, int val)
 Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_t val)
 Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t p, gcry_mpi_t val)
 Multiply the point p on the elliptic curve by val. More...
 
void GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t point, struct GNUNET_CRYPTO_EccPoint *bin)
 Convert point value to binary representation. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc, const struct GNUNET_CRYPTO_EccPoint *bin)
 Convert binary representation of a point to computational representation. More...
 
gcry_mpi_point_t GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t a, gcry_mpi_point_t b)
 Add two points on the elliptic curve. More...
 
void GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_point_t *r, gcry_mpi_point_t *r_inv)
 Obtain a random point on the curve and its additive inverse. More...
 
void GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, gcry_mpi_t *r, gcry_mpi_t *r_inv)
 Obtain a random scalar for point multiplication on the curve and its multiplicative inverse. More...
 
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc)
 Generate a random value mod n. More...
 
void GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p)
 Free a point value returned by the API. More...
 
void GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *dlc)
 Release precalculated values. More...
 
int GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key. More...
 
int GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key. More...
 
int GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private ECDSA key. More...
 
int GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key. More...
 
int GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key. More...
 
int GNUNET_CRYPTO_eddsa_sign (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block. More...
 
int GNUNET_CRYPTO_ecdsa_sign (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block. More...
 
int GNUNET_CRYPTO_eddsa_verify (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature. More...
 
int GNUNET_CRYPTO_ecdsa_verify (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 
void GNUNET_CRYPTO_mpi_print_unsigned (void *buf, size_t size, gcry_mpi_t val)
 Output the given MPI value to the given buffer in network byte order. More...
 
void GNUNET_CRYPTO_mpi_scan_unsigned (gcry_mpi_t *result, const void *data, size_t size)
 Convert data buffer into MPI value. More...
 
void GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey *public_key, struct GNUNET_CRYPTO_PaillierPrivateKey *private_key)
 Create a freshly generated paillier public key. More...
 
int GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const gcry_mpi_t m, int desired_ops, struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext)
 Encrypt a plaintext with a paillier public key. More...
 
void GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key, const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext, gcry_mpi_t m)
 Decrypt a paillier ciphertext with a private key. More...
 
int GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const struct GNUNET_CRYPTO_PaillierCiphertext *c1, const struct GNUNET_CRYPTO_PaillierCiphertext *c2, struct GNUNET_CRYPTO_PaillierCiphertext *result)
 Compute a ciphertext that represents the sum of the plaintext in x1 and x2. More...
 
int GNUNET_CRYPTO_paillier_hom_get_remaining (const struct GNUNET_CRYPTO_PaillierCiphertext *c)
 Get the number of remaining supported homomorphic operations. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
 Create a new private key. More...
 
void GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Free memory occupied by the private key. More...
 
size_t GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, char **buffer)
 Encode the private key in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_decode (const char *buf, size_t len)
 Decode the private key from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Duplicate the given private key. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
 Extract the public key of the given private key. More...
 
void GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, struct GNUNET_HashCode *hc)
 Compute hash over the public key. More...
 
unsigned int GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Obtain the length of the RSA key in bits. More...
 
void GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key)
 Free memory occupied by the public key. More...
 
size_t GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
 Encode the public key in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_decode (const char *buf, size_t len)
 Decode the public key from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Duplicate the given public key. More...
 
int GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, struct GNUNET_CRYPTO_RsaSignature *s2)
 Compare the values of two signatures. More...
 
int GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, struct GNUNET_CRYPTO_RsaPrivateKey *p2)
 Compare the values of two private keys. More...
 
int GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, struct GNUNET_CRYPTO_RsaPublicKey *p2)
 Compare the values of two public keys. More...
 
int GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, char **buf, size_t *buf_size)
 Blinds the given message with the given blinding key. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
 Sign a blinded value, which must be a full domain hash of a message. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_HashCode *hash)
 Create and sign a full domain hash of a message. More...
 
void GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
 Free memory occupied by signature. More...
 
size_t GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, char **buffer)
 Encode the given signature in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_decode (const char *buf, size_t len)
 Decode the signature from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
 Duplicate the given rsa signature. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
 Unblind a blind-signed signature. More...
 
int GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
 Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key. More...
 

Detailed Description

cryptographic primitives for GNUnet

Author
Christian Grothoff
Krista Bennett
Gerd Knorr kraxe.nosp@m.l@by.nosp@m.tesex.nosp@m..org
Ioana Patrascu
Tzvetan Horozov
Jeffrey Burdges burdg.nosp@m.es@g.nosp@m.nunet.nosp@m..org

Definition in file gnunet_crypto_lib.h.

Macro Definition Documentation

◆ GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH

#define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH   126

Maximum length of an ECC signature.

Note: round up to multiple of 8 minus 2 for alignment.

Definition at line 67 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_AES_KEY_LENGTH

#define GNUNET_CRYPTO_AES_KEY_LENGTH   (256 / 8)

length of the sessionkey in bytes (256 BIT sessionkey)

Definition at line 100 of file gnunet_crypto_lib.h.

Referenced by GNUNET_CRYPTO_symmetric_create_session_key(), and init_aes().

◆ GNUNET_CRYPTO_HASH_LENGTH

#define GNUNET_CRYPTO_HASH_LENGTH   (512 / 8)

Length of a hash value.

Definition at line 105 of file gnunet_crypto_lib.h.

Referenced by RPS_sampler_elem_reinit().

◆ GNUNET_CRYPTO_PKEY_ASCII_LENGTH

#define GNUNET_CRYPTO_PKEY_ASCII_LENGTH   52

How many characters (without 0-terminator) are our ASCII-encoded public keys (ECDSA/EDDSA/ECDHE).

Definition at line 111 of file gnunet_crypto_lib.h.

Referenced by uri_loc_parse().

◆ GNUNET_CRYPTO_PAILLIER_BITS

#define GNUNET_CRYPTO_PAILLIER_BITS   2048

Size of paillier plain texts and public keys.

Private keys and ciphertexts are twice this size.

Definition at line 321 of file gnunet_crypto_lib.h.

Referenced by encrypt_fair(), get_fair_encryption_challenge(), GNUNET_CRYPTO_paillier_create(), GNUNET_CRYPTO_paillier_encrypt(), GNUNET_CRYPTO_paillier_encrypt1(), run(), and verify_fair().

Typedef Documentation

◆ GNUNET_CRYPTO_HashCompletedCallback

typedef void(* GNUNET_CRYPTO_HashCompletedCallback) (void *cls, const struct GNUNET_HashCode *res)

Function called once the hash computation over the specified file has completed.

Parameters
clsclosure
resresulting hash, NULL on error

Definition at line 749 of file gnunet_crypto_lib.h.

Function Documentation

◆ GNUNET_CRYPTO_crc16_step()

uint32_t GNUNET_CRYPTO_crc16_step ( uint32_t  sum,
const void *  buf,
size_t  len 
)

Perform an incremental step in a CRC16 (for TCP/IP) calculation.

Parameters
sumcurrent sum, initially 0
bufbuffer to calculate CRC over (must be 16-bit aligned)
lennumber of bytes in buf, must be multiple of 2
Returns
updated crc sum (must be subjected to GNUNET_CRYPTO_crc16_finish to get actual crc16)
Parameters
sumcurrent sum, initially 0
bufbuffer to calculate CRC over (must be 16-bit aligned)
lennumber of bytes in hdr, must be multiple of 2
Returns
updated crc sum (must be subjected to GNUNET_CRYPTO_crc16_finish() to get actual crc16)

Definition at line 124 of file crypto_crc.c.

References buf.

Referenced by GNUNET_CRYPTO_crc16_n(), GNUNET_TUN_calculate_icmp_checksum(), GNUNET_TUN_calculate_tcp4_checksum(), GNUNET_TUN_calculate_tcp6_checksum(), GNUNET_TUN_calculate_udp4_checksum(), and GNUNET_TUN_calculate_udp6_checksum().

125 {
126  const uint16_t *hdr = buf;
127  for (; len >= 2; len -= 2)
128  sum += *(hdr++);
129  if (len == 1)
130  sum += (*hdr) & ntohs(0xFF00);
131  return sum;
132 }
static char buf[2048]
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_crc16_finish()

uint16_t GNUNET_CRYPTO_crc16_finish ( uint32_t  sum)

Convert results from GNUNET_CRYPTO_crc16_step to final crc16.

Parameters
sumcummulative sum
Returns
crc16 value

Convert results from GNUNET_CRYPTO_crc16_step to final crc16.

Parameters
sumcummulative sum
Returns
crc16 value

Definition at line 142 of file crypto_crc.c.

Referenced by GNUNET_CRYPTO_crc16_n(), GNUNET_TUN_calculate_icmp_checksum(), GNUNET_TUN_calculate_tcp4_checksum(), GNUNET_TUN_calculate_tcp6_checksum(), GNUNET_TUN_calculate_udp4_checksum(), and GNUNET_TUN_calculate_udp6_checksum().

143 {
144  sum = (sum >> 16) + (sum & 0xFFFF);
145  sum += (sum >> 16);
146 
147  return ~sum;
148 }
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_derive_iv_v()

void GNUNET_CRYPTO_symmetric_derive_iv_v ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
const void *  salt,
size_t  salt_len,
va_list  argp 
)

Derive an IV.

Parameters
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
argppairs of void * & size_t for context chunks, terminated by NULL
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
argppairs of void * & size_t for context chunks, terminated by NULL

Definition at line 217 of file crypto_symmetric.c.

References GNUNET_CRYPTO_SymmetricInitializationVector::aes_iv, GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GNUNET_CRYPTO_kdf_v(), GNUNET_memcpy, GNUNET_CRYPTO_SymmetricInitializationVector::twofish_iv, and GNUNET_CRYPTO_SymmetricSessionKey::twofish_key.

Referenced by GNUNET_CRYPTO_symmetric_derive_iv().

222 {
223  char aes_salt[salt_len + 4];
224  char twofish_salt[salt_len + 4];
225 
226  GNUNET_memcpy (aes_salt, salt, salt_len);
227  GNUNET_memcpy (&aes_salt[salt_len], "AES!", 4);
228  GNUNET_memcpy (twofish_salt, salt, salt_len);
229  GNUNET_memcpy (&twofish_salt[salt_len], "FISH", 4);
231  sizeof (iv->aes_iv),
232  aes_salt,
233  salt_len + 4,
234  skey->aes_key,
235  sizeof (skey->aes_key),
236  argp);
238  sizeof (iv->twofish_iv),
239  twofish_salt,
240  salt_len + 4,
241  skey->twofish_key,
242  sizeof (skey->twofish_key),
243  argp);
244 }
unsigned char aes_key[(256/8)]
Actual key for AES.
#define GNUNET_memcpy(dst, src, n)
unsigned char twofish_key[(256/8)]
Actual key for TwoFish.
int GNUNET_CRYPTO_kdf_v(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
Derive key.
Definition: crypto_kdf.c:47
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_context_start()

struct GNUNET_HashContext* GNUNET_CRYPTO_hash_context_start ( void  )

Start incremental hashing operation.

Returns
context for incremental hash computation

Definition at line 446 of file crypto_hash.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_new, and GNUNET_HashContext::hd.

Referenced by GCCH_hash_port(), and GNUNET_SET_element_hash().

447 {
448  struct GNUNET_HashContext *hc;
449 
450  BENCHMARK_START (hash_context_start);
451 
452  hc = GNUNET_new (struct GNUNET_HashContext);
453  GNUNET_assert (0 ==
454  gcry_md_open (&hc->hd,
455  GCRY_MD_SHA512,
456  0));
457 
458  BENCHMARK_END (hash_context_start);
459 
460  return hc;
461 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Context for cummulative hashing.
Definition: crypto_hash.c:431
gcry_md_hd_t hd
Internal state of the hash function.
Definition: crypto_hash.c:436
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_context_read()

void GNUNET_CRYPTO_hash_context_read ( struct GNUNET_HashContext hc,
const void *  buf,
size_t  size 
)

Add data to be hashed.

Parameters
hccummulative hash context
bufdata to add
sizenumber of bytes in buf

Definition at line 472 of file crypto_hash.c.

References BENCHMARK_END, BENCHMARK_START, and GNUNET_HashContext::hd.

Referenced by GCCH_hash_port(), and GNUNET_SET_element_hash().

475 {
476  BENCHMARK_START (hash_context_read);
477  gcry_md_write (hc->hd, buf, size);
478  BENCHMARK_END (hash_context_read);
479 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
static char buf[2048]
static unsigned int size
Size of the "table".
Definition: peer.c:67
gcry_md_hd_t hd
Internal state of the hash function.
Definition: crypto_hash.c:436
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_context_finish()

void GNUNET_CRYPTO_hash_context_finish ( struct GNUNET_HashContext hc,
struct GNUNET_HashCode r_hash 
)

Finish the hash computation.

Parameters
hchash context to use, is freed in the process
r_hashwhere to write the latest / final hash code
hchash context to use
r_hashwhere to write the latest / final hash code

Definition at line 489 of file crypto_hash.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_CRYPTO_hash_context_abort(), GNUNET_memcpy, GNUNET_HashContext::hd, and res.

Referenced by GCCH_hash_port(), and GNUNET_SET_element_hash().

491 {
492  const void *res = gcry_md_read (hc->hd, 0);
493 
494  BENCHMARK_START (hash_context_finish);
495 
496  GNUNET_assert (NULL != res);
497  if (NULL != r_hash)
498  GNUNET_memcpy (r_hash,
499  res,
500  sizeof (struct GNUNET_HashCode));
502  BENCHMARK_END (hash_context_finish);
503 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
void GNUNET_CRYPTO_hash_context_abort(struct GNUNET_HashContext *hc)
Abort hashing, do not bother calculating final result.
Definition: crypto_hash.c:512
#define GNUNET_memcpy(dst, src, n)
A 512-bit hashcode.
static int res
gcry_md_hd_t hd
Internal state of the hash function.
Definition: crypto_hash.c:436
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_context_abort()

void GNUNET_CRYPTO_hash_context_abort ( struct GNUNET_HashContext hc)

Abort hashing, do not bother calculating final result.

Parameters
hchash context to destroy

Definition at line 512 of file crypto_hash.c.

References GNUNET_free, and GNUNET_HashContext::hd.

Referenced by GNUNET_CRYPTO_hash_context_finish().

513 {
514  gcry_md_close (hc->hd);
515  GNUNET_free (hc);
516 }
gcry_md_hd_t hd
Internal state of the hash function.
Definition: crypto_hash.c:436
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hmac_raw()

void GNUNET_CRYPTO_hmac_raw ( const void *  key,
size_t  key_len,
const void *  plaintext,
size_t  plaintext_len,
struct GNUNET_HashCode hmac 
)

Calculate HMAC of a message (RFC 2104) TODO: Shouldn' this be the standard hmac function and the above be renamed?

Parameters
keysecret key
key_lensecret key length
plaintextinput plaintext
plaintext_lenlength of plaintext
hmacwhere to store the hmac

Definition at line 383 of file crypto_hash.c.

References GNUNET_HashCode::bits, GNUNET_assert, GNUNET_memcpy, mc, and once.

Referenced by calculate_hmac(), GNUNET_CRYPTO_hmac(), and OIDC_id_token_new().

386 {
387  static int once;
388  static gcry_md_hd_t md;
389  const unsigned char *mc;
390 
391  if (! once)
392  {
393  once = 1;
394  GNUNET_assert (GPG_ERR_NO_ERROR ==
395  gcry_md_open (&md, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC));
396  }
397  else
398  {
399  gcry_md_reset (md);
400  }
401  gcry_md_setkey (md, key, key_len);
402  gcry_md_write (md, plaintext, plaintext_len);
403  mc = gcry_md_read (md, GCRY_MD_SHA512);
404  GNUNET_assert (NULL != mc);
405  GNUNET_memcpy (hmac->bits, mc, sizeof (hmac->bits));
406 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_memcpy(dst, src, n)
static int once
Global to mark if we&#39;ve run the initialization.
Definition: gnsrecord.c:68
static struct GNUNET_TESTBED_Controller * mc
Handle to the master controller.
struct GNUNET_HashCode key
The key used in the DHT.
uint32_t bits[512/8/sizeof(uint32_t)]
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_file_cancel()

void GNUNET_CRYPTO_hash_file_cancel ( struct GNUNET_CRYPTO_FileHashContext fhc)

Cancel a file hashing operation.

Parameters
fhcoperation to cancel (callback must not yet have been invoked)

Definition at line 230 of file crypto_hash_file.c.

References GNUNET_CRYPTO_FileHashContext::fh, GNUNET_CRYPTO_FileHashContext::filename, GNUNET_break, GNUNET_DISK_file_close(), GNUNET_free, GNUNET_OK, GNUNET_SCHEDULER_cancel(), and GNUNET_CRYPTO_FileHashContext::task.

Referenced by client_disconnect_cb(), GNUNET_FS_indexing_done(), GNUNET_FS_unindex_signal_suspend_(), GNUNET_FS_unindex_stop(), and publish_cleanup().

231 {
233  GNUNET_free (fhc->filename);
235  GNUNET_DISK_file_close (fhc->fh));
236  GNUNET_free (fhc);
237 }
struct GNUNET_SCHEDULER_Task * task
Current task for hashing.
int GNUNET_DISK_file_close(struct GNUNET_DISK_FileHandle *h)
Close an open file.
Definition: disk.c:1817
struct GNUNET_DISK_FileHandle * fh
File descriptor.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
char * filename
Name of the file we are hashing.
#define GNUNET_free(ptr)
Wrapper around free.
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:965
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_kdf_v()

int GNUNET_CRYPTO_kdf_v ( void *  result,
size_t  out_len,
const void *  xts,
size_t  xts_len,
const void *  skm,
size_t  skm_len,
va_list  argp 
)

Derive key.

Parameters
resultbuffer for the derived key, allocated by caller
out_lendesired length of the derived key
xtssalt
xts_lenlength of xts
skmsource key material
skm_lenlength of skm
argpva_list of void * & size_t pairs for context chunks
Returns
GNUNET_YES on success

Definition at line 47 of file crypto_kdf.c.

References GNUNET_CRYPTO_hkdf_v().

Referenced by GNUNET_CRYPTO_hmac_derive_key_v(), GNUNET_CRYPTO_kdf(), and GNUNET_CRYPTO_symmetric_derive_iv_v().

54 {
55  /*
56  * "Finally, we point out to a particularly advantageous instantiation using
57  * HMAC-SHA512 as XTR and HMAC-SHA256 in PRF* (in which case the output from SHA-512 is
58  * truncated to 256 bits). This makes sense in two ways: First, the extraction part is where we need a
59  * stronger hash function due to the unconventional demand from the hash function in the extraction
60  * setting. Second, as shown in Section 6, using HMAC with a truncated output as an extractor
61  * allows to prove the security of HKDF under considerably weaker assumptions on the underlying
62  * hash function."
63  *
64  * http://eprint.iacr.org/2010/264
65  */
66 
68  out_len,
69  GCRY_MD_SHA512,
70  GCRY_MD_SHA256,
71  xts,
72  xts_len,
73  skm,
74  skm_len,
75  argp);
76 }
int GNUNET_CRYPTO_hkdf_v(void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
Derive key.
Definition: crypto_hkdf.c:142
static int result
Global testing status.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_kdf_mod_mpi()

void GNUNET_CRYPTO_kdf_mod_mpi ( gcry_mpi_t *  r,
gcry_mpi_t  n,
const void *  xts,
size_t  xts_len,
const void *  skm,
size_t  skm_len,
const char *  ctx 
)

Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi.

Parameters
[out]rMPI value set to the FDH
nMPI to work modulo
xtssalt
xts_lenlength of xts
skmsource key material
skm_lenlength of skm
ctxcontext string

Definition at line 128 of file crypto_kdf.c.

References buf, GNUNET_assert, GNUNET_CRYPTO_kdf(), and GNUNET_YES.

Referenced by rsa_blinding_key_derive(), and rsa_full_domain_hash().

133 {
134  gcry_error_t rc;
135  unsigned int nbits;
136  size_t rsize;
137  unsigned int ctr;
138 
139  nbits = gcry_mpi_get_nbits (n);
140  /* GNUNET_assert (nbits > 512); */
141 
142  ctr = 0;
143  while (1)
144  {
145  /* Ain't clear if n is always divisible by 8 */
146  uint8_t buf[ (nbits-1)/8 + 1 ];
147 
148  rc = GNUNET_CRYPTO_kdf (buf,
149  sizeof (buf),
150  xts, xts_len,
151  skm, skm_len,
152  ctx, strlen(ctx),
153  &ctr, sizeof(ctr),
154  NULL, 0);
155  GNUNET_assert (GNUNET_YES == rc);
156 
157  rc = gcry_mpi_scan (r,
158  GCRYMPI_FMT_USG,
159  (const unsigned char *) buf,
160  sizeof (buf),
161  &rsize);
162  GNUNET_assert (0 == rc); /* Allocation erro? */
163 
164  gcry_mpi_clear_highbit (*r, nbits);
165  GNUNET_assert( 0 == gcry_mpi_test_bit (*r, nbits) );
166  ++ctr;
167  /* We reject this FDH if either *r > n and retry with another ctr */
168  if (0 > gcry_mpi_cmp(*r, n))
169  break;
170  gcry_mpi_release (*r);
171  }
172 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static char buf[2048]
#define GNUNET_YES
Definition: gnunet_common.h:80
int GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:91
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_to_string()

char* GNUNET_CRYPTO_ecdsa_public_key_to_string ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub)

Convert a public key to a string.

Parameters
pubkey to convert
Returns
string representing pub

Definition at line 334 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by attribute_delegation_to_json(), create_finished(), credential_to_json(), credential_value_to_string(), ego_get_for_subsystem(), get_ego(), gns_value_to_string(), GNUNET_CREDENTIAL_credential_to_string(), GNUNET_GNSRECORD_pkey_to_zkey(), handle_collect_response(), handle_verify_response(), handle_verify_result(), id_connect_cb(), init_egos(), list_ego(), print_ego(), and send_cred_response().

336 {
337  char *pubkeybuf;
338  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
339  char *end;
340 
341  if (keylen % 5 > 0)
342  keylen += 5 - keylen % 5;
343  keylen /= 5;
344  pubkeybuf = GNUNET_malloc (keylen + 1);
345  end =
346  GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
347  sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
348  pubkeybuf,
349  keylen);
350  if (NULL == end)
351  {
352  GNUNET_free (pubkeybuf);
353  return NULL;
354  }
355  *end = '\0';
356  return pubkeybuf;
357 }
static int end
Set if we are to shutdown all services (including ARM).
Definition: gnunet-arm.c:34
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define GNUNET_malloc(size)
Wrapper around malloc.
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
Definition: strings.c:924
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_private_key_to_string()

char* GNUNET_CRYPTO_ecdsa_private_key_to_string ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv)

Convert a private key to a string.

Parameters
privkey to convert
Returns
string representing priv

Definition at line 433 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by create_finished(), and print_ego().

435 {
436  char *privkeybuf;
437  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)) * 8;
438  char *end;
439 
440  if (keylen % 5 > 0)
441  keylen += 5 - keylen % 5;
442  keylen /= 5;
443  privkeybuf = GNUNET_malloc (keylen + 1);
444  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
445  sizeof (
447  privkeybuf,
448  keylen);
449  if (NULL == end)
450  {
451  GNUNET_free (privkeybuf);
452  return NULL;
453  }
454  *end = '\0';
455  return privkeybuf;
456 }
static int end
Set if we are to shutdown all services (including ARM).
Definition: gnunet-arm.c:34
Private ECC key encoded for transmission.
#define GNUNET_malloc(size)
Wrapper around malloc.
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
Definition: strings.c:924
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_private_key_to_string()

char* GNUNET_CRYPTO_eddsa_private_key_to_string ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv)

Convert a private key to a string.

Parameters
privkey to convert
Returns
string representing pub

Definition at line 400 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by run().

402 {
403  char *privkeybuf;
404  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
405  char *end;
406 
407  if (keylen % 5 > 0)
408  keylen += 5 - keylen % 5;
409  keylen /= 5;
410  privkeybuf = GNUNET_malloc (keylen + 1);
411  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
412  sizeof (
414  privkeybuf,
415  keylen);
416  if (NULL == end)
417  {
418  GNUNET_free (privkeybuf);
419  return NULL;
420  }
421  *end = '\0';
422  return privkeybuf;
423 }
static int end
Set if we are to shutdown all services (including ARM).
Definition: gnunet-arm.c:34
Private ECC key encoded for transmission.
#define GNUNET_malloc(size)
Wrapper around malloc.
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
Definition: strings.c:924
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_public_key_to_string()

char* GNUNET_CRYPTO_eddsa_public_key_to_string ( const struct GNUNET_CRYPTO_EddsaPublicKey pub)

Convert a public key to a string.

Parameters
pubkey to convert
Returns
string representing pub

Definition at line 367 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by conversation_value_to_string(), create_keys(), GCP_2s(), GNUNET_FRIENDS_write(), GNUNET_HELLO_compose_uri(), GNUNET_i2s(), GNUNET_i2s2(), GNUNET_i2s_full(), main(), print_key(), run(), and uri_loc_to_string().

369 {
370  char *pubkeybuf;
371  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
372  char *end;
373 
374  if (keylen % 5 > 0)
375  keylen += 5 - keylen % 5;
376  keylen /= 5;
377  pubkeybuf = GNUNET_malloc (keylen + 1);
378  end =
379  GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
380  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey),
381  pubkeybuf,
382  keylen);
383  if (NULL == end)
384  {
385  GNUNET_free (pubkeybuf);
386  return NULL;
387  }
388  *end = '\0';
389  return pubkeybuf;
390 }
static int end
Set if we are to shutdown all services (including ARM).
Definition: gnunet-arm.c:34
#define GNUNET_malloc(size)
Wrapper around malloc.
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
Definition: strings.c:924
#define GNUNET_free(ptr)
Wrapper around free.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_from_string()

int GNUNET_CRYPTO_ecdsa_public_key_from_string ( const char *  enc,
size_t  enclen,
struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Convert a string representing a public key to a public key.

Parameters
encencoded public key
enclennumber of bytes in enc (without 0-terminator)
pubwhere to store the public key
Returns
GNUNET_OK on success

Definition at line 468 of file crypto_ecc.c.

References GNUNET_OK, GNUNET_STRINGS_string_to_data(), and GNUNET_SYSERR.

Referenced by access_handler_callback(), authorize_endpoint(), code_redirect(), collect_cred_cont(), create_response(), credential_string_to_value(), get_cred_issuer_cb(), gns_string_to_value(), GNUNET_CREDENTIAL_credential_from_string(), GNUNET_GNS_lookup_with_tld(), GNUNET_GNSRECORD_zkey_to_pkey(), identity_cb(), json_to_credential(), lookup_it_finished(), run(), run_with_zone_pkey(), start_process(), tld_iter(), and verify_cred_cont().

472 {
473  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
474 
475  if (keylen % 5 > 0)
476  keylen += 5 - keylen % 5;
477  keylen /= 5;
478  if (enclen != keylen)
479  return GNUNET_SYSERR;
480 
481  if (GNUNET_OK !=
483  enclen,
484  pub,
485  sizeof (
487  return GNUNET_SYSERR;
488  return GNUNET_OK;
489 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
static OpusEncoder * enc
OPUS encoder.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:1021
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_private_key_from_string()

int GNUNET_CRYPTO_eddsa_private_key_from_string ( const char *  enc,
size_t  enclen,
struct GNUNET_CRYPTO_EddsaPrivateKey priv 
)

Convert a string representing a private key to a private key.

Parameters
encencoded public key
enclennumber of bytes in enc (without 0-terminator)
privwhere to store the private key
Returns
GNUNET_OK on success

Definition at line 534 of file crypto_ecc.c.

References GNUNET_break, GNUNET_OK, GNUNET_STRINGS_string_to_data(), and GNUNET_SYSERR.

538 {
539  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
540 
541  if (keylen % 5 > 0)
542  keylen += 5 - keylen % 5;
543  keylen /= 5;
544  if (enclen != keylen)
545  return GNUNET_SYSERR;
546 
547  if (GNUNET_OK !=
549  enclen,
550  priv,
551  sizeof (
553  return GNUNET_SYSERR;
554 #if CRYPTO_BUG
555  if (GNUNET_OK != check_eddsa_key (priv))
556  {
557  GNUNET_break (0);
558  return GNUNET_OK;
559  }
560 #endif
561  return GNUNET_OK;
562 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
Private ECC key encoded for transmission.
static OpusEncoder * enc
OPUS encoder.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:1021
Here is the call graph for this function:

◆ GNUNET_CRYPTO_eddsa_public_key_from_string()

int GNUNET_CRYPTO_eddsa_public_key_from_string ( const char *  enc,
size_t  enclen,
struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Convert a string representing a public key to a public key.

Parameters
encencoded public key
enclennumber of bytes in enc (without 0-terminator)
pubwhere to store the public key
Returns
GNUNET_OK on success

Definition at line 501 of file crypto_ecc.c.

References GNUNET_OK, GNUNET_STRINGS_string_to_data(), and GNUNET_SYSERR.

Referenced by blacklist_cfg_iter(), conversation_string_to_value(), create_keys(), gns_string_to_value(), GNUNET_FRIENDS_parse(), hosts_directory_scan_callback(), run(), s2i_full(), server_parse_url(), show_peer(), and uri_loc_parse().

505 {
506  size_t keylen = (sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
507 
508  if (keylen % 5 > 0)
509  keylen += 5 - keylen % 5;
510  keylen /= 5;
511  if (enclen != keylen)
512  return GNUNET_SYSERR;
513 
514  if (GNUNET_OK !=
516  enclen,
517  pub,
518  sizeof (
520  return GNUNET_SYSERR;
521  return GNUNET_OK;
522 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
static OpusEncoder * enc
OPUS encoder.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:1021
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog_prepare()

struct GNUNET_CRYPTO_EccDlogContext* GNUNET_CRYPTO_ecc_dlog_prepare ( unsigned int  max,
unsigned int  mem 
)

Do pre-calculation for ECC discrete logarithm for small factors.

Parameters
maxmaximum value the factor can be
memmemory to use (should be smaller than max), must not be zero.
Returns
NULL on error

Definition at line 158 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, CURVE, edc, extract_pk(), GNUNET_assert, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_create(), GNUNET_CONTAINER_multipeermap_put(), GNUNET_new, GNUNET_NO, GNUNET_OK, GNUNET_CRYPTO_EccDlogContext::map, GNUNET_CRYPTO_EccDlogContext::max, and GNUNET_CRYPTO_EccDlogContext::mem.

Referenced by run().

160 {
162  unsigned int K = ((max + (mem-1)) / mem);
163  gcry_mpi_point_t g;
164  struct GNUNET_PeerIdentity key;
165  gcry_mpi_point_t gKi;
166  gcry_mpi_t fact;
167  gcry_mpi_t n;
168  unsigned int i;
169 
170  GNUNET_assert (max < INT32_MAX);
172  edc->max = max;
173  edc->mem = mem;
174 
176  GNUNET_NO);
177 
178  GNUNET_assert (0 == gcry_mpi_ec_new (&edc->ctx,
179  NULL,
180  CURVE));
181  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
182  GNUNET_assert (NULL != g);
183  fact = gcry_mpi_new (0);
184  gKi = gcry_mpi_point_new (0);
185  for (i=0;i<=mem;i++)
186  {
187  gcry_mpi_set_ui (fact, i * K);
188  gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
189  extract_pk (gKi, edc->ctx, &key);
192  &key,
193  (void*) (long) i + max,
195  }
196  /* negative values */
197  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
198  for (i=1;i<mem;i++)
199  {
200  gcry_mpi_set_ui (fact, i * K);
201  gcry_mpi_sub (fact, n, fact);
202  gcry_mpi_ec_mul (gKi, fact, g, edc->ctx);
203  extract_pk (gKi, edc->ctx, &key);
206  &key,
207  (void*) (long) max - i,
209  }
210  gcry_mpi_release (fact);
211  gcry_mpi_release (n);
212  gcry_mpi_point_release (gKi);
213  gcry_mpi_point_release (g);
214  return edc;
215 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
static void extract_pk(gcry_mpi_point_t pt, gcry_ctx_t ctx, struct GNUNET_PeerIdentity *pid)
#define GNUNET_NO
Definition: gnunet_common.h:81
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_new(type)
Allocate a struct or union of the given type.
struct GNUNET_CONTAINER_MultiPeerMap * GNUNET_CONTAINER_multipeermap_create(unsigned int len, int do_not_copy_keys)
Create a multi peer map (hash map for public keys of peers).
static struct GNUNET_CRYPTO_EccDlogContext * edc
Context for DLOG operations on a curve.
There must only be one value per key; storing a value should fail if a value under the same key alrea...
struct GNUNET_HashCode key
The key used in the DHT.
int GNUNET_CONTAINER_multipeermap_put(struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
The identity of the host (wraps the signing key of the peer).
Internal structure used to cache pre-calculated values for DLOG calculation.
#define CURVE
Name of the curve we are using.
unsigned int max
Maximum absolute value the calculation supports.
unsigned int mem
How much memory should we use (relates to the number of entries in the map).
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog()

int GNUNET_CRYPTO_ecc_dlog ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  input 
)

Calculate ECC discrete logarithm for small factors.

Opposite of GNUNET_CRYPTO_ecc_dexp().

Parameters
dlcprecalculated values, determine range of factors
inputpoint on the curve to factor
Returns
INT_MAX if dlog failed, otherwise the factor
Parameters
edcprecalculated values, determine range of factors
inputpoint on the curve to factor
Returns
INT_MAX if dlog failed, otherwise the factor

Definition at line 226 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, extract_pk(), GNUNET_assert, GNUNET_CONTAINER_multipeermap_get(), INT_MAX, GNUNET_CRYPTO_EccDlogContext::map, GNUNET_CRYPTO_EccDlogContext::max, GNUNET_CRYPTO_EccDlogContext::mem, q, and res.

Referenced by compute_scalar_product().

228 {
229  unsigned int K = ((edc->max + (edc->mem-1)) / edc->mem);
230  gcry_mpi_point_t g;
231  struct GNUNET_PeerIdentity key;
232  gcry_mpi_point_t q;
233  unsigned int i;
234  int res;
235  void *retp;
236 
237  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
238  GNUNET_assert (NULL != g);
239  q = gcry_mpi_point_new (0);
240 
241  res = INT_MAX;
242  for (i=0;i<=edc->max/edc->mem;i++)
243  {
244  if (0 == i)
245  extract_pk (input, edc->ctx, &key);
246  else
247  extract_pk (q, edc->ctx, &key);
249  &key);
250  if (NULL != retp)
251  {
252  res = (((long) retp) - edc->max) * K - i;
253  /* we continue the loop here to make the implementation
254  "constant-time". If we do not care about this, we could just
255  'break' here and do fewer operations... */
256  }
257  if (i == edc->max/edc->mem)
258  break;
259  /* q = q + g */
260  if (0 == i)
261  gcry_mpi_ec_add (q, input, g, edc->ctx);
262  else
263  gcry_mpi_ec_add (q, q, g, edc->ctx);
264  }
265  gcry_mpi_point_release (g);
266  gcry_mpi_point_release (q);
267 
268  return res;
269 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
static void extract_pk(gcry_mpi_point_t pt, gcry_ctx_t ctx, struct GNUNET_PeerIdentity *pid)
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
#define INT_MAX
static int res
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
struct GNUNET_HashCode key
The key used in the DHT.
The identity of the host (wraps the signing key of the peer).
void * GNUNET_CONTAINER_multipeermap_get(const struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key)
Given a key find a value in the map matching the key.
unsigned int max
Maximum absolute value the calculation supports.
unsigned int mem
How much memory should we use (relates to the number of entries in the map).
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dexp()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp ( struct GNUNET_CRYPTO_EccDlogContext edc,
int  val 
)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Afterwards, point addition will correspond to integer addition. GNUNET_CRYPTO_ecc_dlog() can be used to convert a point back to an integer (as long as the integer is smaller than the MAX of the edc context).

Parameters
edccalculation context for ECC operations
valvalue to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 334 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

336 {
337  gcry_mpi_t fact;
338  gcry_mpi_t n;
339  gcry_mpi_point_t g;
340  gcry_mpi_point_t r;
341 
342  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
343  GNUNET_assert (NULL != g);
344  fact = gcry_mpi_new (0);
345  if (val < 0)
346  {
347  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
348  gcry_mpi_set_ui (fact, - val);
349  gcry_mpi_sub (fact, n, fact);
350  gcry_mpi_release (n);
351  }
352  else
353  {
354  gcry_mpi_set_ui (fact, val);
355  }
356  r = gcry_mpi_point_new (0);
357  gcry_mpi_ec_mul (r, fact, g, edc->ctx);
358  gcry_mpi_release (fact);
359  gcry_mpi_point_release (g);
360  return r;
361 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.

◆ GNUNET_CRYPTO_ecc_dexp_mpi()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_dexp_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_t  val 
)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Parameters
edccalculation context for ECC operations
val(positive) value to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 374 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

Referenced by send_alices_cryptodata_message().

376 {
377  gcry_mpi_point_t g;
378  gcry_mpi_point_t r;
379 
380  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
381  GNUNET_assert (NULL != g);
382  r = gcry_mpi_point_new (0);
383  gcry_mpi_ec_mul (r, val, g, edc->ctx);
384  gcry_mpi_point_release (g);
385  return r;
386 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_pmul_mpi()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_pmul_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  p,
gcry_mpi_t  val 
)

Multiply the point p on the elliptic curve by val.

Parameters
edccalculation context for ECC operations
ppoint to multiply
val(positive) value to encode into a point
Returns
representation of the value as an ECC point, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 420 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx.

Referenced by compute_scalar_product(), and handle_alices_cryptodata_message().

423 {
424  gcry_mpi_point_t r;
425 
426  r = gcry_mpi_point_new (0);
427  gcry_mpi_ec_mul (r, val, p, edc->ctx);
428  return r;
429 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_point_to_bin()

void GNUNET_CRYPTO_ecc_point_to_bin ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  point,
struct GNUNET_CRYPTO_EccPoint bin 
)

Convert point value to binary representation.

Parameters
edccalculation context for ECC operations
pointcomputational point representation
[out]binbinary point representation

Definition at line 102 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), and GNUNET_CRYPTO_EccPoint::q_y.

Referenced by send_alices_cryptodata_message(), and transmit_bobs_cryptodata_message().

105 {
106  gcry_mpi_t q_y;
107 
108  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", point, edc->ctx));
109  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", edc->ctx, 0);
110  GNUNET_assert (q_y);
112  sizeof (bin->q_y),
113  q_y);
114  gcry_mpi_release (q_y);
115 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_bin_to_point()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_bin_to_point ( struct GNUNET_CRYPTO_EccDlogContext edc,
const struct GNUNET_CRYPTO_EccPoint bin 
)

Convert binary representation of a point to computational representation.

Parameters
edccalculation context for ECC operations
binbinary point representation
Returns
computational representation

Definition at line 126 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, CURVE, GNUNET_assert, GNUNET_break, q, and GNUNET_CRYPTO_EccPoint::q_y.

Referenced by handle_alices_cryptodata_message(), and handle_bobs_cryptodata_message().

128 {
129  gcry_sexp_t pub_sexpr;
130  gcry_ctx_t ctx;
131  gcry_mpi_point_t q;
132 
133  (void) edc;
134  if (0 != gcry_sexp_build (&pub_sexpr, NULL,
135  "(public-key(ecc(curve " CURVE ")(q %b)))",
136  (int) sizeof (bin->q_y),
137  bin->q_y))
138  {
139  GNUNET_break (0);
140  return NULL;
141  }
142  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
143  gcry_sexp_release (pub_sexpr);
144  q = gcry_mpi_ec_get_point ("q", ctx, 0);
145  gcry_ctx_release (ctx);
146  return q;
147 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
#define CURVE
Name of the curve we are using.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_add()

gcry_mpi_point_t GNUNET_CRYPTO_ecc_add ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t  a,
gcry_mpi_point_t  b 
)

Add two points on the elliptic curve.

Parameters
edccalculation context for ECC operations
asome value
bsome value
Returns
a + b, must be freed using GNUNET_CRYPTO_ecc_free()

Definition at line 398 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx.

Referenced by compute_scalar_product(), and handle_alices_cryptodata_message().

401 {
402  gcry_mpi_point_t r;
403 
404  r = gcry_mpi_point_new (0);
405  gcry_mpi_ec_add (r, a, b, edc->ctx);
406  return r;
407 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_rnd()

void GNUNET_CRYPTO_ecc_rnd ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_point_t *  r,
gcry_mpi_point_t *  r_inv 
)

Obtain a random point on the curve and its additive inverse.

Both returned values must be freed using GNUNET_CRYPTO_ecc_free().

Parameters
edccalculation context for ECC operations
[out]rset to a random point on the curve
[out]r_invset to the additive inverse of r

Definition at line 442 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_assert, and GNUNET_CRYPTO_ecc_random_mod_n().

445 {
446  gcry_mpi_t fact;
447  gcry_mpi_t n;
448  gcry_mpi_point_t g;
449 
450  fact = GNUNET_CRYPTO_ecc_random_mod_n (edc);
451 
452  /* calculate 'r' */
453  g = gcry_mpi_ec_get_point ("g", edc->ctx, 0);
454  GNUNET_assert (NULL != g);
455  *r = gcry_mpi_point_new (0);
456  gcry_mpi_ec_mul (*r, fact, g, edc->ctx);
457 
458  /* calculate 'r_inv' */
459  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
460  gcry_mpi_sub (fact, n, fact); /* fact = n - fact = - fact */
461  *r_inv = gcry_mpi_point_new (0);
462  gcry_mpi_ec_mul (*r_inv, fact, g, edc->ctx);
463 
464  gcry_mpi_release (n);
465  gcry_mpi_release (fact);
466  gcry_mpi_point_release (g);
467 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)
Generate a random value mod n.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_ecc_rnd_mpi()

void GNUNET_CRYPTO_ecc_rnd_mpi ( struct GNUNET_CRYPTO_EccDlogContext edc,
gcry_mpi_t *  r,
gcry_mpi_t *  r_inv 
)

Obtain a random scalar for point multiplication on the curve and its multiplicative inverse.

Parameters
edccalculation context for ECC operations
[out]rset to a random scalar on the curve
[out]r_invset to the multiplicative inverse of r

Definition at line 479 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_CRYPTO_ecc_random_mod_n().

Referenced by run().

482 {
483  gcry_mpi_t n;
484 
486  /* r_inv = n - r = - r */
487  *r_inv = gcry_mpi_new (0);
488  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
489  gcry_mpi_sub (*r_inv, n, *r);
490 }
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccDlogContext *edc)
Generate a random value mod n.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_random_mod_n()

gcry_mpi_t GNUNET_CRYPTO_ecc_random_mod_n ( struct GNUNET_CRYPTO_EccDlogContext edc)

Generate a random value mod n.

Parameters
edcECC context
Returns
random value mod n.

Definition at line 279 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, and GNUNET_assert.

Referenced by GNUNET_CRYPTO_ecc_rnd(), GNUNET_CRYPTO_ecc_rnd_mpi(), and send_alices_cryptodata_message().

280 {
281  gcry_mpi_t n;
282  unsigned int highbit;
283  gcry_mpi_t r;
284 
285  n = gcry_mpi_ec_get_mpi ("n", edc->ctx, 1);
286 
287  /* check public key for number of bits, bail out if key is all zeros */
288  highbit = 256; /* Curve25519 */
289  while ( (! gcry_mpi_test_bit (n, highbit)) &&
290  (0 != highbit) )
291  highbit--;
292  GNUNET_assert (0 != highbit);
293  /* generate fact < n (without bias) */
294  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
295  do {
296  gcry_mpi_randomize (r,
297  highbit + 1,
298  GCRY_STRONG_RANDOM);
299  }
300  while (gcry_mpi_cmp (r, n) >= 0);
301  gcry_mpi_release (n);
302  return r;
303 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_free()

void GNUNET_CRYPTO_ecc_free ( gcry_mpi_point_t  p)

Free a point value returned by the API.

Parameters
ppoint to free

Definition at line 499 of file crypto_ecc_dlog.c.

500 {
501  gcry_mpi_point_release (p);
502 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59

◆ GNUNET_CRYPTO_ecc_dlog_release()

void GNUNET_CRYPTO_ecc_dlog_release ( struct GNUNET_CRYPTO_EccDlogContext edc)

Release precalculated values.

Parameters
dlcdlog context
edcdlog context

Definition at line 312 of file crypto_ecc_dlog.c.

References GNUNET_CRYPTO_EccDlogContext::ctx, GNUNET_CONTAINER_multipeermap_destroy(), GNUNET_free, and GNUNET_CRYPTO_EccDlogContext::map.

Referenced by shutdown_task().

313 {
314  gcry_ctx_release (edc->ctx);
316  GNUNET_free (edc);
317 }
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
gcry_ctx_t ctx
Context to use for operations on the elliptic curve.
void GNUNET_CONTAINER_multipeermap_destroy(struct GNUNET_CONTAINER_MultiPeerMap *map)
Destroy a hash map.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_mpi_print_unsigned()

void GNUNET_CRYPTO_mpi_print_unsigned ( void *  buf,
size_t  size,
gcry_mpi_t  val 
)

Output the given MPI value to the given buffer in network byte order.

The MPI val may not be negative.

Parameters
bufwhere to output to
sizenumber of bytes in buf
valvalue to write to buf

Definition at line 75 of file crypto_mpi.c.

References adjust(), GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, GNUNET_memcpy, LOG_GCRY, p, and size.

Referenced by decrypt_conclude(), encrypt_fair(), extract_pk(), GNUNET_CRYPTO_ecc_point_to_bin(), GNUNET_CRYPTO_ecdhe_key_create2(), GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_ecdsa_key_get_anonymous(), GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_CRYPTO_ecdsa_public_key_derive(), GNUNET_CRYPTO_ecdsa_sign(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_eddsa_sign(), GNUNET_CRYPTO_paillier_create(), GNUNET_CRYPTO_paillier_encrypt(), GNUNET_CRYPTO_paillier_encrypt1(), GNUNET_CRYPTO_paillier_hom_add(), GNUNET_SECRETSHARING_encrypt(), GNUNET_SECRETSHARING_plaintext_generate_i(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), and keygen_round2_conclude().

78 {
79  size_t rsize;
80  int rc;
81 
82  if (gcry_mpi_get_flag (val, GCRYMPI_FLAG_OPAQUE))
83  {
84  /* Store opaque MPIs left aligned into the buffer. */
85  unsigned int nbits;
86  const void *p;
87 
88  p = gcry_mpi_get_opaque (val, &nbits);
89  GNUNET_assert (p);
90  rsize = (nbits+7)/8;
91  if (rsize > size)
92  rsize = size;
93  GNUNET_memcpy (buf, p, rsize);
94  if (rsize < size)
95  memset (buf+rsize, 0, size - rsize);
96  }
97  else
98  {
99  /* Store regular MPIs as unsigned integers right aligned into
100  the buffer. */
101  rsize = size;
102  if (0 !=
103  (rc = gcry_mpi_print (GCRYMPI_FMT_USG,
104  buf,
105  rsize, &rsize,
106  val)))
107  {
109  "gcry_mpi_print",
110  rc);
111  GNUNET_assert (0);
112  }
113  adjust (buf, rsize, size);
114  }
115 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_memcpy(dst, src, n)
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_mpi.c:39
static char buf[2048]
static unsigned int size
Size of the "table".
Definition: peer.c:67
static void adjust(void *buf, size_t size, size_t target)
If target != size, move target bytes to the end of the size-sized buffer and zero out the first targe...
Definition: crypto_mpi.c:51
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_mpi_scan_unsigned()

void GNUNET_CRYPTO_mpi_scan_unsigned ( gcry_mpi_t *  result,
const void *  data,
size_t  size 
)

Convert data buffer into MPI value.

The buffer is interpreted as network byte order, unsigned integer.

Parameters
resultwhere to store MPI value (allocated)
dataraw data (GCRYMPI_FMT_USG)
sizenumber of bytes in data

Definition at line 128 of file crypto_mpi.c.

References GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, and LOG_GCRY.

Referenced by decrypt_conclude(), decrypt_new_element(), derive_h(), eddsa_d_to_a(), encrypt_fair(), get_fair_encryption_challenge(), GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_ecdsa_ecdh(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_CRYPTO_eddsa_ecdh(), GNUNET_CRYPTO_paillier_decrypt(), GNUNET_CRYPTO_paillier_encrypt(), GNUNET_CRYPTO_paillier_encrypt1(), GNUNET_CRYPTO_paillier_hom_add(), GNUNET_SECRETSHARING_encrypt(), insert_decrypt_element(), keygen_reveal_get_exp_coeff(), keygen_reveal_get_exp_preshare(), keygen_round1_new_element(), restore_fair(), and verify_fair().

131 {
132  int rc;
133 
134  if (0 != (rc = gcry_mpi_scan (result,
135  GCRYMPI_FMT_USG,
136  data, size, &size)))
137  {
139  "gcry_mpi_scan",
140  rc);
141  GNUNET_assert (0);
142  }
143 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_mpi.c:39
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
uint32_t data
The data value.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_paillier_create()

void GNUNET_CRYPTO_paillier_create ( struct GNUNET_CRYPTO_PaillierPublicKey public_key,
struct GNUNET_CRYPTO_PaillierPrivateKey private_key 
)

Create a freshly generated paillier public key.

Parameters
[out]public_keyWhere to store the public key?
[out]private_keyWhere to store the private key?

Definition at line 39 of file crypto_paillier.c.

References GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_CRYPTO_PaillierPrivateKey::lambda, GNUNET_CRYPTO_PaillierPrivateKey::mu, p, and q.

Referenced by handle_client_keygen(), and run().

41 {
42  gcry_mpi_t p;
43  gcry_mpi_t q;
44  gcry_mpi_t phi;
45  gcry_mpi_t mu;
46  gcry_mpi_t n;
47 
48  /* Generate two distinct primes. The probability that the loop body
49  is executed more than once is very very low... */
50  p = NULL;
51  q = NULL;
52  do {
53  if (NULL != p)
54  gcry_mpi_release (p);
55  if (NULL != q)
56  gcry_mpi_release (q);
57  GNUNET_assert (0 ==
58  gcry_prime_generate (&p,
60  0, NULL, NULL, NULL,
61  GCRY_STRONG_RANDOM, 0));
62  GNUNET_assert (0 ==
63  gcry_prime_generate (&q,
65  0, NULL, NULL, NULL,
66  GCRY_STRONG_RANDOM, 0));
67  }
68  while (0 == gcry_mpi_cmp (p, q));
69  /* n = p * q */
70  GNUNET_assert (NULL != (n = gcry_mpi_new (0)));
71  gcry_mpi_mul (n,
72  p,
73  q);
75  sizeof (struct GNUNET_CRYPTO_PaillierPublicKey),
76  n);
77 
78  /* compute phi(n) = (p-1)(q-1) */
79  GNUNET_assert (NULL != (phi = gcry_mpi_new (0)));
80  gcry_mpi_sub_ui (p, p, 1);
81  gcry_mpi_sub_ui (q, q, 1);
82  gcry_mpi_mul (phi, p, q);
83  gcry_mpi_release (p);
84  gcry_mpi_release (q);
85 
86  /* lambda equals phi(n) in the simplified key generation */
89  phi);
90  /* mu = phi^{-1} mod n, as we use g = n + 1 */
91  GNUNET_assert (NULL != (mu = gcry_mpi_new (0)));
92  GNUNET_assert (0 != gcry_mpi_invm (mu,
93  phi,
94  n));
95  gcry_mpi_release (phi);
96  gcry_mpi_release (n);
99  mu);
100  gcry_mpi_release (mu);
101 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
unsigned char lambda[2048/8]
Lambda-component of the private key.
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
unsigned char mu[2048/8]
Mu-component of the private key.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
#define GNUNET_CRYPTO_PAILLIER_BITS
Size of paillier plain texts and public keys.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_paillier_encrypt()

int GNUNET_CRYPTO_paillier_encrypt ( const struct GNUNET_CRYPTO_PaillierPublicKey public_key,
const gcry_mpi_t  m,
int  desired_ops,
struct GNUNET_CRYPTO_PaillierCiphertext ciphertext 
)

Encrypt a plaintext with a paillier public key.

Parameters
public_keyPublic key to use.
mPlaintext to encrypt.
desired_opsHow many homomorphic ops the caller intends to use
[out]ciphertextEncrytion of plaintext with public_key.
Returns
guaranteed number of supported homomorphic operations >= 1, or desired_ops, in case that is lower, or -1 if less than one homomorphic operation is possible

Definition at line 212 of file crypto_paillier.c.

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_assert, GNUNET_break_op, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_MIN, GNUNET_SYSERR, and GNUNET_CRYPTO_PaillierCiphertext::remaining_ops.

Referenced by compute_service_response(), and send_alices_cryptodata_message().

216 {
217  int possible_opts;
218  gcry_mpi_t n_square;
219  gcry_mpi_t r;
220  gcry_mpi_t rn;
221  gcry_mpi_t g;
222  gcry_mpi_t gm;
223  gcry_mpi_t c;
224  gcry_mpi_t n;
225  gcry_mpi_t max_num;
226  unsigned int highbit;
227 
228  /* set max_num = 2^{GNUNET_CRYPTO_PAILLIER_BITS}, the largest
229  number we can have as a result */
230  GNUNET_assert (NULL != (max_num = gcry_mpi_set_ui (NULL, 1)));
231  gcry_mpi_mul_2exp (max_num,
232  max_num,
234 
235  /* Determine how many operations we could allow, assuming the other
236  number has the same length (or is smaller), by counting the
237  number of possible operations. We essentially divide max_num by
238  2 until the result is no longer larger than 'm', incrementing the
239  maximum number of operations in each round, starting at -2 */
240  for (possible_opts = -2; gcry_mpi_cmp (max_num, m) > 0; possible_opts++)
241  gcry_mpi_div (max_num,
242  NULL,
243  max_num,
244  GCRYMPI_CONST_TWO,
245  0);
246  gcry_mpi_release (max_num);
247 
248  if (possible_opts < 1)
249  possible_opts = 0;
250  /* Enforce soft-cap by caller */
251  possible_opts = GNUNET_MIN (desired_ops, possible_opts);
252  ciphertext->remaining_ops = htonl (possible_opts);
253 
255  public_key,
256  sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
257 
258  /* check public key for number of bits, bail out if key is all zeros */
259  highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1;
260  while ( (! gcry_mpi_test_bit (n, highbit)) &&
261  (0 != highbit) )
262  highbit--;
263  if (0 == highbit)
264  {
265  /* invalid public key */
266  GNUNET_break_op (0);
267  gcry_mpi_release (n);
268  return GNUNET_SYSERR;
269  }
270 
271  /* generate r < n (without bias) */
272  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
273  do {
274  gcry_mpi_randomize (r, highbit + 1, GCRY_STRONG_RANDOM);
275  }
276  while (gcry_mpi_cmp (r, n) >= 0);
277 
278  /* g = n + 1 */
279  GNUNET_assert (0 != (g = gcry_mpi_new (0)));
280  gcry_mpi_add_ui (g, n, 1);
281 
282  /* n_square = n^2 */
283  GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
284  gcry_mpi_mul (n_square,
285  n,
286  n);
287 
288  /* gm = g^m mod n^2 */
289  GNUNET_assert (0 != (gm = gcry_mpi_new (0)));
290  gcry_mpi_powm (gm, g, m, n_square);
291  gcry_mpi_release (g);
292 
293  /* rn <- r^n mod n^2 */
294  GNUNET_assert (0 != (rn = gcry_mpi_new (0)));
295  gcry_mpi_powm (rn, r, n, n_square);
296  gcry_mpi_release (r);
297  gcry_mpi_release (n);
298 
299  /* c <- rn * gm mod n^2 */
300  GNUNET_assert (0 != (c = gcry_mpi_new (0)));
301  gcry_mpi_mulm (c, rn, gm, n_square);
302  gcry_mpi_release (n_square);
303  gcry_mpi_release (gm);
304  gcry_mpi_release (rn);
305 
307  sizeof (ciphertext->bits),
308  c);
309  gcry_mpi_release (c);
310 
311  return possible_opts;
312 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
int32_t remaining_ops
Guaranteed minimum number of homomorphic operations with this ciphertext, in network byte order (NBO)...
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:99
unsigned char bits[2048 *2/8]
The bits of the ciphertext.
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
#define GNUNET_MIN(a, b)
Definition: gnunet_common.h:83
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
#define GNUNET_CRYPTO_PAILLIER_BITS
Size of paillier plain texts and public keys.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_paillier_decrypt()

void GNUNET_CRYPTO_paillier_decrypt ( const struct GNUNET_CRYPTO_PaillierPrivateKey private_key,
const struct GNUNET_CRYPTO_PaillierPublicKey public_key,
const struct GNUNET_CRYPTO_PaillierCiphertext ciphertext,
gcry_mpi_t  m 
)

Decrypt a paillier ciphertext with a private key.

Parameters
private_keyPrivate key to use for decryption.
public_keyPublic key to use for decryption.
ciphertextCiphertext to decrypt.
[out]mDecryption of ciphertext with .
private_keyPrivate key to use for decryption.
public_keyPublic key to use for encryption.
ciphertextCiphertext to decrypt.
[out]mDecryption of ciphertext with .

Definition at line 324 of file crypto_paillier.c.

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PaillierPrivateKey::lambda, and GNUNET_CRYPTO_PaillierPrivateKey::mu.

Referenced by compute_scalar_product(), and keygen_round2_new_element().

328 {
329  gcry_mpi_t mu;
330  gcry_mpi_t lambda;
331  gcry_mpi_t n;
332  gcry_mpi_t n_square;
333  gcry_mpi_t c;
334  gcry_mpi_t cmu;
335  gcry_mpi_t cmum1;
336  gcry_mpi_t mod;
337 
339  private_key->lambda,
340  sizeof (private_key->lambda));
342  private_key->mu,
343  sizeof (private_key->mu));
345  public_key,
346  sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
348  ciphertext->bits,
349  sizeof (ciphertext->bits));
350 
351  /* n_square = n * n */
352  GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
353  gcry_mpi_mul (n_square, n, n);
354 
355  /* cmu = c^lambda mod n^2 */
356  GNUNET_assert (0 != (cmu = gcry_mpi_new (0)));
357  gcry_mpi_powm (cmu,
358  c,
359  lambda,
360  n_square);
361  gcry_mpi_release (n_square);
362  gcry_mpi_release (lambda);
363  gcry_mpi_release (c);
364 
365  /* cmum1 = cmu - 1 */
366  GNUNET_assert (0 != (cmum1 = gcry_mpi_new (0)));
367  gcry_mpi_sub_ui (cmum1, cmu, 1);
368  gcry_mpi_release (cmu);
369 
370  /* mod = cmum1 / n (mod n) */
371  GNUNET_assert (0 != (mod = gcry_mpi_new (0)));
372  gcry_mpi_div (mod, NULL, cmum1, n, 0);
373  gcry_mpi_release (cmum1);
374 
375  /* m = mod * mu mod n */
376  gcry_mpi_mulm (m, mod, mu, n);
377  gcry_mpi_release (mod);
378  gcry_mpi_release (mu);
379  gcry_mpi_release (n);
380 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
unsigned char lambda[2048/8]
Lambda-component of the private key.
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:99
unsigned char bits[2048 *2/8]
The bits of the ciphertext.
unsigned char mu[2048/8]
Mu-component of the private key.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_paillier_hom_add()

int GNUNET_CRYPTO_paillier_hom_add ( const struct GNUNET_CRYPTO_PaillierPublicKey public_key,
const struct GNUNET_CRYPTO_PaillierCiphertext c1,
const struct GNUNET_CRYPTO_PaillierCiphertext c2,
struct GNUNET_CRYPTO_PaillierCiphertext result 
)

Compute a ciphertext that represents the sum of the plaintext in x1 and x2.

Note that this operation can only be done a finite number of times before an overflow occurs.

Parameters
public_keyPublic key to use for encryption.
c1Paillier cipher text.
c2Paillier cipher text.
[out]resultResult of the homomorphic operation.
Returns
GNUNET_OK if the result could be computed, GNUNET_SYSERR if no more homomorphic operations are remaining.

Compute a ciphertext that represents the sum of the plaintext in x1 and x2.

Note that this operation can only be done a finite number of times before an overflow occurs.

Parameters
public_keyPublic key to use for encryption.
c1Paillier cipher text.
c2Paillier cipher text.
[out]resultResult of the homomorphic operation.
Returns
GNUNET_OK if the result could be computed, GNUNET_SYSERR if no more homomorphic operations are remaining.

Definition at line 398 of file crypto_paillier.c.

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_assert, GNUNET_break_op, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_MIN, GNUNET_SYSERR, and GNUNET_CRYPTO_PaillierCiphertext::remaining_ops.

Referenced by compute_service_response().

402 {
403  gcry_mpi_t a;
404  gcry_mpi_t b;
405  gcry_mpi_t c;
406  gcry_mpi_t n;
407  gcry_mpi_t n_square;
408  int32_t o1;
409  int32_t o2;
410 
411  o1 = (int32_t) ntohl (c1->remaining_ops);
412  o2 = (int32_t) ntohl (c2->remaining_ops);
413  if ( (0 >= o1) || (0 >= o2) )
414  {
415  GNUNET_break_op (0);
416  return GNUNET_SYSERR;
417  }
418 
420  c1->bits,
421  sizeof (c1->bits));
423  c2->bits,
424  sizeof (c2->bits));
426  public_key,
427  sizeof (struct GNUNET_CRYPTO_PaillierPublicKey));
428 
429  /* n_square = n * n */
430  GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
431  gcry_mpi_mul (n_square, n, n);
432  gcry_mpi_release (n);
433 
434  /* c = a * b mod n_square */
435  GNUNET_assert (0 != (c = gcry_mpi_new (0)));
436  gcry_mpi_mulm (c, a, b, n_square);
437  gcry_mpi_release (n_square);
438  gcry_mpi_release (a);
439  gcry_mpi_release (b);
440 
441  result->remaining_ops = htonl (GNUNET_MIN (o1, o2) - 1);
443  sizeof (result->bits),
444  c);
445  gcry_mpi_release (c);
446  return ntohl (result->remaining_ops);
447 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
int32_t remaining_ops
Guaranteed minimum number of homomorphic operations with this ciphertext, in network byte order (NBO)...
unsigned char bits[2048 *2/8]
The bits of the ciphertext.
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
#define GNUNET_MIN(a, b)
Definition: gnunet_common.h:83
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_paillier_hom_get_remaining()

int GNUNET_CRYPTO_paillier_hom_get_remaining ( const struct GNUNET_CRYPTO_PaillierCiphertext c)

Get the number of remaining supported homomorphic operations.

Parameters
cPaillier cipher text.
Returns
the number of remaining homomorphic operations

Definition at line 457 of file crypto_paillier.c.

References GNUNET_assert, and GNUNET_CRYPTO_PaillierCiphertext::remaining_ops.

458 {
459  GNUNET_assert (NULL != c);
460  return ntohl (c->remaining_ops);
461 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
int32_t remaining_ops
Guaranteed minimum number of homomorphic operations with this ciphertext, in network byte order (NBO)...

◆ GNUNET_CRYPTO_rsa_private_key_create()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_create ( unsigned int  len)

Create a new private key.

Caller must free return value.

Parameters
lenlength of the key in bits (i.e. 2048)
Returns
fresh private key

Definition at line 149 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_new, ret, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

150 {
152  gcry_sexp_t s_key;
153  gcry_sexp_t s_keyparam;
154 
155  BENCHMARK_START (rsa_private_key_create);
156 
157  GNUNET_assert (0 ==
158  gcry_sexp_build (&s_keyparam,
159  NULL,
160  "(genkey(rsa(nbits %d)))",
161  len));
162  GNUNET_assert (0 ==
163  gcry_pk_genkey (&s_key,
164  s_keyparam));
165  gcry_sexp_release (s_keyparam);
166 #if EXTRA_CHECKS
167  GNUNET_assert (0 ==
168  gcry_pk_testkey (s_key));
169 #endif
171  ret->sexp = s_key;
172  BENCHMARK_END (rsa_private_key_create);
173  return ret;
174 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int ret
Final status code.
Definition: gnunet-arm.c:89
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
The private information of an RSA key pair.
Definition: crypto_rsa.c:39
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...

◆ GNUNET_CRYPTO_rsa_private_key_free()

void GNUNET_CRYPTO_rsa_private_key_free ( struct GNUNET_CRYPTO_RsaPrivateKey key)

Free memory occupied by the private key.

Parameters
keypointer to the memory to free

Definition at line 183 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_private_key_decode().

184 {
185  gcry_sexp_release (key->sexp);
186  GNUNET_free (key);
187 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_encode()

size_t GNUNET_CRYPTO_rsa_private_key_encode ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
char **  buffer 
)

Encode the private key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocatedin buffer
Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 199 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_malloc, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_private_key_cmp().

201 {
202  size_t n;
203  char *b;
204 
205  n = gcry_sexp_sprint (key->sexp,
206  GCRYSEXP_FMT_DEFAULT,
207  NULL,
208  0);
209  b = GNUNET_malloc (n);
210  GNUNET_assert ((n - 1) == /* since the last byte is \0 */
211  gcry_sexp_sprint (key->sexp,
212  GCRYSEXP_FMT_DEFAULT,
213  b,
214  n));
215  *buffer = b;
216  return n;
217 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_decode()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_decode ( const char *  buf,
size_t  len 
)

Decode the private key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the private key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 229 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_new, key, LOG, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

231 {
234  if (0 !=
235  gcry_sexp_new (&key->sexp,
236  buf,
237  len,
238  0))
239  {
241  "Decoded private key is not valid\n");
242  GNUNET_free (key);
243  return NULL;
244  }
245  if (0 != gcry_pk_testkey (key->sexp))
246  {
248  "Decoded private key is not valid\n");
250  return NULL;
251  }
252  return key;
253 }
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
static char buf[2048]
#define LOG(kind,...)
Definition: crypto_rsa.c:33
struct GNUNET_HashCode key
The key used in the DHT.
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:183
The private information of an RSA key pair.
Definition: crypto_rsa.c:39
#define GNUNET_free(ptr)
Wrapper around free.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_dup()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_dup ( const struct GNUNET_CRYPTO_RsaPrivateKey key)

Duplicate the given private key.

Parameters
keythe private key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1208 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

1209 {
1210  struct GNUNET_CRYPTO_RsaPrivateKey *dup;
1211  gcry_sexp_t dup_sexp;
1212  size_t erroff;
1213 
1214  /* check if we really are exporting a private key */
1215  dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0);
1216  GNUNET_assert (NULL != dup_sexp);
1217  gcry_sexp_release (dup_sexp);
1218  /* copy the sexp */
1219  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1220  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
1221  dup->sexp = dup_sexp;
1222  return dup;
1223 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
The private information of an RSA key pair.
Definition: crypto_rsa.c:39

◆ GNUNET_CRYPTO_rsa_private_key_get_public()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_private_key_get_public ( const struct GNUNET_CRYPTO_RsaPrivateKey priv)

Extract the public key of the given private key.

Parameters
privthe private key NULL on error, otherwise the public key

Definition at line 263 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_break_op, GNUNET_new, key_from_sexp(), pub, result, GNUNET_CRYPTO_RsaPrivateKey::sexp, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_sign_fdh(), and rsa_sign_mpi().

264 {
266  gcry_mpi_t ne[2];
267  int rc;
268  gcry_sexp_t result;
269 
270  BENCHMARK_START (rsa_private_key_get_public);
271 
272  rc = key_from_sexp (ne, priv->sexp, "public-key", "ne");
273  if (0 != rc)
274  rc = key_from_sexp (ne, priv->sexp, "private-key", "ne");
275  if (0 != rc)
276  rc = key_from_sexp (ne, priv->sexp, "rsa", "ne");
277  if (0 != rc)
278  {
279  GNUNET_break_op (0);
280  return NULL;
281  }
282  rc = gcry_sexp_build (&result,
283  NULL,
284  "(public-key(rsa(n %m)(e %m)))",
285  ne[0],
286  ne[1]);
287  gcry_mpi_release (ne[0]);
288  gcry_mpi_release (ne[1]);
289  pub = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
290  pub->sexp = result;
291  BENCHMARK_END (rsa_private_key_get_public);
292  return pub;
293 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static int result
Global testing status.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:39
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_hash()

void GNUNET_CRYPTO_rsa_public_key_hash ( const struct GNUNET_CRYPTO_RsaPublicKey key,
struct GNUNET_HashCode hc 
)

Compute hash over the public key.

Parameters
keypublic key to hash
hcwhere to store the hash code

Definition at line 346 of file crypto_rsa.c.

References buf, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_rsa_public_key_encode(), and GNUNET_free.

348 {
349  char *buf;
350  size_t buf_size;
351 
352  buf_size = GNUNET_CRYPTO_rsa_public_key_encode (key,
353  &buf);
354  GNUNET_CRYPTO_hash (buf,
355  buf_size,
356  hc);
357  GNUNET_free (buf);
358 }
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:318
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:44
static char buf[2048]
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_len()

unsigned int GNUNET_CRYPTO_rsa_public_key_len ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Obtain the length of the RSA key in bits.

Parameters
keythe public key to introspect
Returns
length of the key in bits

Definition at line 616 of file crypto_rsa.c.

References GNUNET_break, key_from_sexp(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

617 {
618  gcry_mpi_t n;
619  unsigned int rval;
620 
621  if (0 != key_from_sexp (&n, key->sexp, "rsa", "n"))
622  { /* Not an RSA public key */
623  GNUNET_break (0);
624  return 0;
625  }
626  rval = gcry_mpi_get_nbits (n);
627  gcry_mpi_release (n);
628  return rval;
629 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_free()

void GNUNET_CRYPTO_rsa_public_key_free ( struct GNUNET_CRYPTO_RsaPublicKey key)

Free memory occupied by the public key.

Parameters
keypointer to the memory to free

Definition at line 302 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by clean_rsa_pub(), clean_rsa_public_key(), GNUNET_CRYPTO_rsa_sign_fdh(), and rsa_sign_mpi().

303 {
304  gcry_sexp_release (key->sexp);
305  GNUNET_free (key);
306 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_encode()

size_t GNUNET_CRYPTO_rsa_public_key_encode ( const struct GNUNET_CRYPTO_RsaPublicKey key,
char **  buffer 
)

Encode the public key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 318 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_malloc, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by bind_rsa_pub(), GNUNET_CRYPTO_rsa_public_key_cmp(), GNUNET_CRYPTO_rsa_public_key_hash(), GNUNET_JSON_from_rsa_public_key(), my_conv_rsa_public_key(), qconv_rsa_public_key(), and rsa_full_domain_hash().

320 {
321  size_t n;
322  char *b;
323 
324  n = gcry_sexp_sprint (key->sexp,
325  GCRYSEXP_FMT_ADVANCED,
326  NULL,
327  0);
328  b = GNUNET_malloc (n);
329  GNUNET_assert ((n -1) == /* since the last byte is \0 */
330  gcry_sexp_sprint (key->sexp,
331  GCRYSEXP_FMT_ADVANCED,
332  b,
333  n));
334  *buffer = b;
335  return n;
336 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_decode()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_decode ( const char *  buf,
size_t  len 
)

Decode the public key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 370 of file crypto_rsa.c.

References GNUNET_break, GNUNET_break_op, GNUNET_free, GNUNET_new, key, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by extract_rsa_pub(), extract_rsa_public_key(), parse_rsa_public_key(), and post_extract_rsa_public_key().

372 {
374  gcry_mpi_t n;
375  int ret;
376 
377  key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
378  if (0 !=
379  gcry_sexp_new (&key->sexp,
380  buf,
381  len,
382  0))
383  {
384  GNUNET_break_op (0);
385  GNUNET_free (key);
386  return NULL;
387  }
388  /* verify that this is an RSA public key */
389  ret = key_from_sexp (&n, key->sexp, "public-key", "n");
390  if (0 != ret)
391  ret = key_from_sexp (&n, key->sexp, "rsa", "n");
392  if (0 != ret)
393  {
394  /* this is no public RSA key */
395  GNUNET_break (0);
396  gcry_sexp_release (key->sexp);
397  GNUNET_free (key);
398  return NULL;
399  }
400  gcry_mpi_release (n);
401  return key;
402 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int ret
Final status code.
Definition: gnunet-arm.c:89
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static char buf[2048]
struct GNUNET_HashCode key
The key used in the DHT.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_free(ptr)
Wrapper around free.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_dup()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_dup ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Duplicate the given public key.

Parameters
keythe public key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1038 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, and GNUNET_CRYPTO_RsaPublicKey::sexp.

1039 {
1040  struct GNUNET_CRYPTO_RsaPublicKey *dup;
1041  gcry_sexp_t dup_sexp;
1042  size_t erroff;
1043 
1044  /* check if we really are exporting a public key */
1045  dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0);
1046  GNUNET_assert (NULL != dup_sexp);
1047  gcry_sexp_release (dup_sexp);
1048  /* copy the sexp */
1049  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1050  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
1051  dup->sexp = dup_sexp;
1052  return dup;
1053 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56

◆ GNUNET_CRYPTO_rsa_signature_cmp()

int GNUNET_CRYPTO_rsa_signature_cmp ( struct GNUNET_CRYPTO_RsaSignature s1,
struct GNUNET_CRYPTO_RsaSignature s2 
)

Compare the values of two signatures.

Parameters
s1one signature
s2the other signature
Returns
0 if the two are equal

Definition at line 518 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_free, and ret.

520 {
521  char *b1;
522  char *b2;
523  size_t z1;
524  size_t z2;
525  int ret;
526 
528  &b1);
530  &b2);
531  if (z1 != z2)
532  ret = 1;
533  else
534  ret = memcmp (b1,
535  b2,
536  z1);
537  GNUNET_free (b1);
538  GNUNET_free (b2);
539  return ret;
540 }
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, char **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:966
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_cmp()

int GNUNET_CRYPTO_rsa_private_key_cmp ( struct GNUNET_CRYPTO_RsaPrivateKey p1,
struct GNUNET_CRYPTO_RsaPrivateKey p2 
)

Compare the values of two private keys.

Parameters
p1one private key
p2the other private key
Returns
0 if the two are equal

Definition at line 584 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_encode(), GNUNET_free, and ret.

586 {
587  char *b1;
588  char *b2;
589  size_t z1;
590  size_t z2;
591  int ret;
592 
594  &b1);
596  &b2);
597  if (z1 != z2)
598  ret = 1;
599  else
600  ret = memcmp (b1,
601  b2,
602  z1);
603  GNUNET_free (b1);
604  GNUNET_free (b2);
605  return ret;
606 }
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, char **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:199
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_cmp()

int GNUNET_CRYPTO_rsa_public_key_cmp ( struct GNUNET_CRYPTO_RsaPublicKey p1,
struct GNUNET_CRYPTO_RsaPublicKey p2 
)

Compare the values of two public keys.

Parameters
p1one public key
p2the other public key
Returns
0 if the two are equal

Definition at line 551 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, and ret.

553 {
554  char *b1;
555  char *b2;
556  size_t z1;
557  size_t z2;
558  int ret;
559 
561  &b1);
563  &b2);
564  if (z1 != z2)
565  ret = 1;
566  else
567  ret = memcmp (b1,
568  b2,
569  z1);
570  GNUNET_free (b1);
571  GNUNET_free (b2);
572  return ret;
573 }
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:318
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_blind()

int GNUNET_CRYPTO_rsa_blind ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey,
char **  buf,
size_t *  buf_size 
)

Blinds the given message with the given blinding key.

Parameters
hashhash of the message to sign
bkeythe blinding key
pkeythe public key of the signer
[out]bufset to a buffer with the blinded message to be signed
[out]buf_sizenumber of bytes stored in buf
Returns
GNUNET_YES if successful, GNUNET_NO if RSA key is malicious

Definition at line 736 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, data, GNUNET_assert, GNUNET_break, GNUNET_NO, GNUNET_YES, key_from_sexp(), numeric_mpi_alloc_n_print(), RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), rsa_full_domain_hash(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

740 {
741  struct RsaBlindingKey *bkey;
742  gcry_mpi_t data;
743  gcry_mpi_t ne[2];
744  gcry_mpi_t r_e;
745  gcry_mpi_t data_r_e;
746  int ret;
747 
748  BENCHMARK_START (rsa_blind);
749 
750  GNUNET_assert (buf != NULL && buf_size != NULL);
751  ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne");
752  if (0 != ret)
753  ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne");
754  if (0 != ret)
755  {
756  GNUNET_break (0);
757  *buf = NULL;
758  *buf_size = 0;
759  return 0;
760  }
761 
762  data = rsa_full_domain_hash (pkey, hash);
763  if (NULL == data)
764  goto rsa_gcd_validate_failure;
765 
766  bkey = rsa_blinding_key_derive (pkey, bks);
767  if (NULL == bkey) {
768  gcry_mpi_release (data);
769  goto rsa_gcd_validate_failure;
770  }
771 
772  r_e = gcry_mpi_new (0);
773  gcry_mpi_powm (r_e,
774  bkey->r,
775  ne[1],
776  ne[0]);
777  data_r_e = gcry_mpi_new (0);
778  gcry_mpi_mulm (data_r_e,
779  data,
780  r_e,
781  ne[0]);
782  gcry_mpi_release (data);
783  gcry_mpi_release (ne[0]);
784  gcry_mpi_release (ne[1]);
785  gcry_mpi_release (r_e);
786  rsa_blinding_key_free (bkey);
787 
788  *buf_size = numeric_mpi_alloc_n_print (data_r_e, buf);
789  gcry_mpi_release (data_r_e);
790 
791  BENCHMARK_END (rsa_blind);
792 
793  return GNUNET_YES;
794 
795 rsa_gcd_validate_failure:
796  /* We know the RSA key is malicious here, so warn the wallet. */
797  /* GNUNET_break_op (0); */
798  gcry_mpi_release (ne[0]);
799  gcry_mpi_release (ne[1]);
800  *buf = NULL;
801  *buf_size = 0;
802  return GNUNET_NO;
803 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
static struct RsaBlindingKey * rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
Create a blinding key.
Definition: crypto_rsa.c:437
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:690
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_NO
Definition: gnunet_common.h:81
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static size_t numeric_mpi_alloc_n_print(gcry_mpi_t v, char **buffer)
Print an MPI to a newly created buffer.
Definition: crypto_rsa.c:653
static char buf[2048]
RSA blinding key.
Definition: crypto_rsa.c:75
static void rsa_blinding_key_free(struct RsaBlindingKey *bkey)
Destroy a blinding key.
Definition: crypto_rsa.c:638
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_YES
Definition: gnunet_common.h:80
uint32_t data
The data value.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_blinded()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_blinded ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const void *  msg,
size_t  msg_len 
)

Sign a blinded value, which must be a full domain hash of a message.

Parameters
keyprivate key to use for the signing
msgthe (blinded) message to sign
msg_lennumber of bytes in msg to sign
Returns
NULL on error, signature on success
Parameters
keyprivate key to use for the signing
msgthe message to sign
msg_lennumber of bytes in msg to sign
Returns
NULL on error, signature on success

Definition at line 895 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, and rsa_sign_mpi().

898 {
899  gcry_mpi_t v = NULL;
900  struct GNUNET_CRYPTO_RsaSignature *sig;
901 
902  BENCHMARK_START (rsa_sign_blinded);
903 
904  GNUNET_assert (0 ==
905  gcry_mpi_scan (&v,
906  GCRYMPI_FMT_USG,
907  msg,
908  msg_len,
909  NULL));
910 
911  sig = rsa_sign_mpi (key, v);
912  gcry_mpi_release (v);
913  BENCHMARK_END (rsa_sign_blinded);
914  return sig;
915 }
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
an RSA signature
Definition: crypto_rsa.c:63
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
static struct GNUNET_CRYPTO_RsaSignature * rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
Sign the given MPI.
Definition: crypto_rsa.c:834
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_fdh()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_fdh ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const struct GNUNET_HashCode hash 
)

Create and sign a full domain hash of a message.

Parameters
keyprivate key to use for the signing
hashthe hash of the message to sign
Returns
NULL on error, including a malicious RSA key, signature on success

Definition at line 926 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_free(), pkey, rsa_full_domain_hash(), and rsa_sign_mpi().

928 {
930  gcry_mpi_t v = NULL;
931  struct GNUNET_CRYPTO_RsaSignature *sig;
932 
934  v = rsa_full_domain_hash (pkey, hash);
936  if (NULL == v) /* rsa_gcd_validate failed meaning */
937  return NULL; /* our *own* RSA key is malicious. */
938 
939  sig = rsa_sign_mpi (key, v);
940  gcry_mpi_release (v);
941  return sig;
942 }
static char * pkey
Public key of the zone to look in, in ASCII.
an RSA signature
Definition: crypto_rsa.c:63
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:690
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:302
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:263
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
static struct GNUNET_CRYPTO_RsaSignature * rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
Sign the given MPI.
Definition: crypto_rsa.c:834
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_free()

void GNUNET_CRYPTO_rsa_signature_free ( struct GNUNET_CRYPTO_RsaSignature sig)

Free memory occupied by signature.

Parameters
sigmemory to free
sigmemory to freee

Definition at line 951 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by clean_rsa_sig(), and clean_rsa_signature().

952 {
953  gcry_sexp_release (sig->sexp);
954  GNUNET_free (sig);
955 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_encode()

size_t GNUNET_CRYPTO_rsa_signature_encode ( const struct GNUNET_CRYPTO_RsaSignature sig,
char **  buffer 
)

Encode the given signature in a format suitable for storing it into a file.

Parameters
sigthe signature
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 966 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_malloc, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by bind_rsa_sig(), GNUNET_CRYPTO_rsa_signature_cmp(), GNUNET_JSON_from_rsa_signature(), my_conv_rsa_signature(), and qconv_rsa_signature().

968 {
969  size_t n;
970  char *b;
971 
972  n = gcry_sexp_sprint (sig->sexp,
973  GCRYSEXP_FMT_ADVANCED,
974  NULL,
975  0);
976  b = GNUNET_malloc (n);
977  GNUNET_assert ((n - 1) == /* since the last byte is \0 */
978  gcry_sexp_sprint (sig->sexp,
979  GCRYSEXP_FMT_ADVANCED,
980  b,
981  n));
982  *buffer = b;
983  return n;
984 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_decode()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_decode ( const char *  buf,
size_t  len 
)

Decode the signature from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 996 of file crypto_rsa.c.

References GNUNET_break_op, GNUNET_free, GNUNET_new, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by extract_rsa_sig(), extract_rsa_signature(), parse_rsa_signature(), and post_extract_rsa_signature().

998 {
999  struct GNUNET_CRYPTO_RsaSignature *sig;
1000  int ret;
1001  gcry_mpi_t s;
1002 
1003  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1004  if (0 !=
1005  gcry_sexp_new (&sig->sexp,
1006  buf,
1007  len,
1008  0))
1009  {
1010  GNUNET_break_op (0);
1011  GNUNET_free (sig);
1012  return NULL;
1013  }
1014  /* verify that this is an RSA signature */
1015  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1016  if (0 != ret)
1017  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1018  if (0 != ret)
1019  {
1020  /* this is no RSA Signature */
1021  GNUNET_break_op (0);
1022  gcry_sexp_release (sig->sexp);
1023  GNUNET_free (sig);
1024  return NULL;
1025  }
1026  gcry_mpi_release (s);
1027  return sig;
1028 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
an RSA signature
Definition: crypto_rsa.c:63
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static char buf[2048]
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
#define GNUNET_free(ptr)
Wrapper around free.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_dup()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_dup ( const struct GNUNET_CRYPTO_RsaSignature sig)

Duplicate the given rsa signature.

Parameters
sigthe signature to duplicate
Returns
the duplicate key; NULL upon error

Duplicate the given rsa signature.

Parameters
keythe private key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1233 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

1234 {
1235  struct GNUNET_CRYPTO_RsaSignature *dup;
1236  gcry_sexp_t dup_sexp;
1237  size_t erroff;
1238  gcry_mpi_t s;
1239  int ret;
1240 
1241  /* verify that this is an RSA signature */
1242  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1243  if (0 != ret)
1244  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1245  GNUNET_assert (0 == ret);
1246  gcry_mpi_release (s);
1247  /* copy the sexp */
1248  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp));
1249  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1250  dup->sexp = dup_sexp;
1251  return dup;
1252 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
an RSA signature
Definition: crypto_rsa.c:63
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int ret
Final status code.
Definition: gnunet-arm.c:89
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_unblind()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_unblind ( const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey 
)

Unblind a blind-signed signature.

The signature should have been generated with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with GNUNET_CRYPTO_rsa_blind().

Parameters
sigthe signature made on the blinded signature purpose
bksthe blinding key secret used to blind the signature purpose
pkeythe public key of the signer
Returns
unblinded signature on success, NULL if RSA key is bad or malicious.

Definition at line 1067 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_break_op, GNUNET_new, key_from_sexp(), RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

1070 {
1071  struct RsaBlindingKey *bkey;
1072  gcry_mpi_t n;
1073  gcry_mpi_t s;
1074  gcry_mpi_t r_inv;
1075  gcry_mpi_t ubsig;
1076  int ret;
1077  struct GNUNET_CRYPTO_RsaSignature *sret;
1078 
1079  BENCHMARK_START (rsa_unblind);
1080 
1081  ret = key_from_sexp (&n, pkey->sexp, "public-key", "n");
1082  if (0 != ret)
1083  ret = key_from_sexp (&n, pkey->sexp, "rsa", "n");
1084  if (0 != ret)
1085  {
1086  GNUNET_break_op (0);
1087  return NULL;
1088  }
1089  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1090  if (0 != ret)
1091  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1092  if (0 != ret)
1093  {
1094  gcry_mpi_release (n);
1095  GNUNET_break_op (0);
1096  return NULL;
1097  }
1098 
1099  bkey = rsa_blinding_key_derive (pkey, bks);
1100  if (NULL == bkey)
1101  {
1102  /* RSA key is malicious since rsa_gcd_validate failed here.
1103  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1104  * so the exchange is being malicious in an unfamilair way, maybe
1105  * just trying to crash us. */
1106  GNUNET_break_op (0);
1107  gcry_mpi_release (n);
1108  gcry_mpi_release (s);
1109  return NULL;
1110  }
1111 
1112  r_inv = gcry_mpi_new (0);
1113  if (1 !=
1114  gcry_mpi_invm (r_inv,
1115  bkey->r,
1116  n))
1117  {
1118  /* We cannot find r mod n, so gcd(r,n) != 1, which should get *
1119  * caught above, but we handle it the same here. */
1120  GNUNET_break_op (0);
1121  gcry_mpi_release (r_inv);
1122  rsa_blinding_key_free (bkey);
1123  gcry_mpi_release (n);
1124  gcry_mpi_release (s);
1125  return NULL;
1126  }
1127 
1128  ubsig = gcry_mpi_new (0);
1129  gcry_mpi_mulm (ubsig, s, r_inv, n);
1130  gcry_mpi_release (n);
1131  gcry_mpi_release (r_inv);
1132  gcry_mpi_release (s);
1133  rsa_blinding_key_free (bkey);
1134 
1135  sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1136  GNUNET_assert (0 ==
1137  gcry_sexp_build (&sret->sexp,
1138  NULL,
1139  "(sig-val (rsa (s %M)))",
1140  ubsig));
1141  gcry_mpi_release (ubsig);
1142  BENCHMARK_END (rsa_unblind);
1143  return sret;
1144 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
static struct RsaBlindingKey * rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
Create a blinding key.
Definition: crypto_rsa.c:437
an RSA signature
Definition: crypto_rsa.c:63
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
RSA blinding key.
Definition: crypto_rsa.c:75
static void rsa_blinding_key_free(struct RsaBlindingKey *bkey)
Destroy a blinding key.
Definition: crypto_rsa.c:638
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_verify()

int GNUNET_CRYPTO_rsa_verify ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaPublicKey pkey 
)

Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key.

Parameters
hashthe message to verify to match the sig
sigsignature that is being validated
public_keypublic key of the signer
Returns
GNUNET_YES if ok, GNUNET_NO if RSA key is malicious, GNUNET_SYSERR if signature
Parameters
hashhash of the message to verify to match the sig
sigsignature that is being validated
pkeypublic key of the signer
Returns
GNUNET_YES if ok, GNUNET_NO if RSA key is malicious, GNUNET_SYSERR if signature is invalid

Definition at line 1157 of file crypto_rsa.c.

References _, BENCHMARK_END, BENCHMARK_START, data, GNUNET_break_op, GNUNET_ERROR_TYPE_WARNING, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, LOG, mpi_to_sexp(), rsa_full_domain_hash(), GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

1160 {
1161  gcry_sexp_t data;
1162  gcry_mpi_t r;
1163  int rc;
1164 
1165  BENCHMARK_START (rsa_verify);
1166 
1167  r = rsa_full_domain_hash (pkey, hash);
1168  if (NULL == r) {
1169  GNUNET_break_op (0);
1170  /* RSA key is malicious since rsa_gcd_validate failed here.
1171  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1172  * so the exchange is being malicious in an unfamilair way, maybe
1173  * just trying to crash us. Arguably, we've only an internal error
1174  * though because we should've detected this in our previous call
1175  * to GNUNET_CRYPTO_rsa_unblind. */
1176  return GNUNET_NO;
1177  }
1178 
1179  data = mpi_to_sexp(r);
1180  gcry_mpi_release (r);
1181 
1182  rc = gcry_pk_verify (sig->sexp,
1183  data,
1184  pkey->sexp);
1185  gcry_sexp_release (data);
1186  if (0 != rc)
1187  {
1189  _("RSA signature verification failed at %s:%d: %s\n"),
1190  __FILE__,
1191  __LINE__,
1192  gcry_strerror (rc));
1193  return GNUNET_SYSERR;
1194  BENCHMARK_END (rsa_verify);
1195  }
1196  BENCHMARK_END (rsa_verify);
1197  return GNUNET_OK;
1198 }
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:690
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_NO
Definition: gnunet_common.h:81
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
static gcry_sexp_t mpi_to_sexp(gcry_mpi_t value)
Convert an MPI to an S-expression suitable for signature operations.
Definition: crypto_rsa.c:813
#define _(String)
GNU gettext support macro.
Definition: platform.h:208
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
#define LOG(kind,...)
Definition: crypto_rsa.c:33
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
uint32_t data
The data value.
Here is the call graph for this function: