GNUnet  0.11.x
Macros | Functions
tweetnacl-gnunet.h File Reference
#include <stdint.h>
Include dependency graph for tweetnacl-gnunet.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES   64
 
#define GNUNET_TWEETNACL_SIGN_PUBLICBYTES   32
 
#define GNUNET_TWEETNACL_SCALARMULT_BYTES   32
 

Functions

int GNUNET_TWEETNACL_scalarmult_curve25519 (uint8_t *, const uint8_t *, const uint8_t *)
 
int GNUNET_TWEETNACL_scalarmult_curve25519_base (uint8_t *, const uint8_t *)
 
void GNUNET_TWEETNACL_sign_pk_from_seed (uint8_t *pk, const uint8_t *seed)
 
void GNUNET_TWEETNACL_sign_sk_from_seed (uint8_t *sk, const uint8_t *seed)
 
int GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (uint8_t *x25519_pk, const uint8_t *ed25519_pk)
 
int GNUNET_TWEETNACL_sign_detached_verify (const uint8_t *sig, const uint8_t *m, uint64_t n, const uint8_t *pk)
 
int GNUNET_TWEETNACL_sign_detached (uint8_t *sig, const uint8_t *m, uint64_t n, const uint8_t *sk)
 
void GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (uint8_t *pk, const uint8_t *s)
 

Macro Definition Documentation

◆ GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES

#define GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES   64

Definition at line 18 of file tweetnacl-gnunet.h.

Referenced by GNUNET_CRYPTO_eddsa_sign().

◆ GNUNET_TWEETNACL_SIGN_PUBLICBYTES

#define GNUNET_TWEETNACL_SIGN_PUBLICBYTES   32

Definition at line 19 of file tweetnacl-gnunet.h.

Referenced by GNUNET_CRYPTO_ecdh_ecdsa(), and GNUNET_CRYPTO_ecdh_eddsa().

◆ GNUNET_TWEETNACL_SCALARMULT_BYTES

#define GNUNET_TWEETNACL_SCALARMULT_BYTES   32

Function Documentation

◆ GNUNET_TWEETNACL_scalarmult_curve25519()

int GNUNET_TWEETNACL_scalarmult_curve25519 ( uint8_t *  ,
const uint8_t *  ,
const uint8_t *   
)

Definition at line 195 of file tweetnacl-gnunet.c.

References _121665, A(), testconfigure::b, e, removetrailingwhitespace::f, FOR, inv25519(), M(), pack25519(), S(), sel25519(), unpack25519(), and Z().

Referenced by GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdh_ecdsa(), GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_ecdsa_ecdh(), GNUNET_CRYPTO_eddsa_ecdh(), and GNUNET_TWEETNACL_scalarmult_curve25519_base().

196 {
197  u8 z[32];
198  i64 x[80],r,i;
199  gf a,b,c,d,e,f;
200  FOR (i,31) z[i] = n[i];
201  z[31] = (n[31] & 127) | 64;
202  z[0] &= 248;
203  unpack25519 (x,p);
204  FOR (i,16) {
205  b[i] = x[i];
206  d[i] = a[i] = c[i] = 0;
207  }
208  a[0] = d[0] = 1;
209  for (i = 254; i>=0; --i) {
210  r = (z[i >> 3] >> (i & 7)) & 1;
211  sel25519 (a,b,r);
212  sel25519 (c,d,r);
213  A (e,a,c);
214  Z (a,a,c);
215  A (c,b,d);
216  Z (b,b,d);
217  S (d,e);
218  S (f,a);
219  M (a,c,a);
220  M (c,b,e);
221  A (e,a,c);
222  Z (a,a,c);
223  S (b,a);
224  Z (c,d,f);
225  M (a,c,_121665);
226  A (a,a,d);
227  M (c,c,a);
228  M (a,d,f);
229  M (d,b,x);
230  S (b,e);
231  sel25519 (a,b,r);
232  sel25519 (c,d,r);
233  }
234  FOR (i,16) {
235  x[i + 16] = a[i];
236  x[i + 32] = c[i];
237  x[i + 48] = b[i];
238  x[i + 64] = d[i];
239  }
240  inv25519 (x + 32,x + 32);
241  M (x + 16,x + 16,x + 32);
242  pack25519 (q,x + 16);
243  return 0;
244 }
uint8_t u8
static void A(gf o, const gf a, const gf b)
static void unpack25519(gf o, const u8 *n)
static struct Experiment * e
static void M(gf o, const gf a, const gf b)
static void sel25519(gf p, gf q, int b)
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
int64_t i64
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
static void pack25519(u8 *o, const gf n)
i64 gf[16]
static void Z(gf o, const gf a, const gf b)
#define FOR(i, n)
static void inv25519(gf o, const gf i)
static const gf _121665
static void S(gf o, const gf a)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_TWEETNACL_scalarmult_curve25519_base()

int GNUNET_TWEETNACL_scalarmult_curve25519_base ( uint8_t *  ,
const uint8_t *   
)

Definition at line 247 of file tweetnacl-gnunet.c.

References _9, and GNUNET_TWEETNACL_scalarmult_curve25519().

Referenced by GNUNET_CRYPTO_ecdhe_key_get_public().

248 {
250 }
static const u8 _9[32]
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
int GNUNET_TWEETNACL_scalarmult_curve25519(u8 *q, const u8 *n, const u8 *p)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_TWEETNACL_sign_pk_from_seed()

void GNUNET_TWEETNACL_sign_pk_from_seed ( uint8_t *  pk,
const uint8_t *  seed 
)

Definition at line 417 of file tweetnacl-gnunet.c.

References crypto_hash(), p, pack(), and scalarbase().

Referenced by GNUNET_CRYPTO_eddsa_key_get_public().

418 {
419  u8 d[64];
420  gf p[4];
421 
422  crypto_hash (d, seed, 32);
423  d[0] &= 248;
424  d[31] &= 127;
425  d[31] |= 64;
426 
427  scalarbase (p, d);
428  pack (pk, p);
429 }
uint8_t u8
static struct GNUNET_CRYPTO_EddsaPrivateKey * pk
Private key of this peer.
static void pack(u8 *r, gf p[4])
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
static void scalarbase(gf p[4], const u8 *s)
i64 gf[16]
static int crypto_hash(u8 *out, const u8 *m, u64 n)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_TWEETNACL_sign_sk_from_seed()

void GNUNET_TWEETNACL_sign_sk_from_seed ( uint8_t *  sk,
const uint8_t *  seed 
)

Definition at line 448 of file tweetnacl-gnunet.c.

References crypto_hash(), FOR, p, pack(), pk, and scalarbase().

Referenced by GNUNET_CRYPTO_eddsa_sign().

449 {
450  u8 d[64];
451  gf p[4];
452  u8 pk[32];
453  int i;
454 
455  crypto_hash (d, seed, 32);
456  d[0] &= 248;
457  d[31] &= 127;
458  d[31] |= 64;
459 
460  scalarbase (p,d);
461  pack (pk,p);
462 
463  FOR (i,32) sk[i] = seed[i];
464  FOR (i,32) sk[32 + i] = pk[i];
465 }
uint8_t u8
static struct GNUNET_CRYPTO_EddsaPrivateKey * pk
Private key of this peer.
static void pack(u8 *r, gf p[4])
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
static void scalarbase(gf p[4], const u8 *s)
i64 gf[16]
#define FOR(i, n)
static int crypto_hash(u8 *out, const u8 *m, u64 n)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519()

int GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 ( uint8_t *  x25519_pk,
const uint8_t *  ed25519_pk 
)

Definition at line 468 of file tweetnacl-gnunet.c.

References A(), gf1, inv25519(), M(), pack25519(), set25519(), unpackneg(), and Z().

Referenced by GNUNET_CRYPTO_ecdh_ecdsa(), and GNUNET_CRYPTO_ecdh_eddsa().

470 {
471  gf ge_a[4];
472  gf x;
473  gf one_minus_y;
474 
475  if (0 != unpackneg (ge_a, ed25519_pk))
476  return -1;
477 
478  set25519 (one_minus_y, gf1);
479  Z (one_minus_y, one_minus_y, ge_a[1]);
480 
481  set25519 (x, gf1);
482  A (x, x, ge_a[1]);
483 
484  inv25519 (one_minus_y, one_minus_y);
485  M (x, x, one_minus_y);
486  pack25519 (x25519_pk, x);
487 
488  return 0;
489 }
static void A(gf o, const gf a, const gf b)
static void M(gf o, const gf a, const gf b)
static void set25519(gf r, const gf a)
static const gf gf1
static void pack25519(u8 *o, const gf n)
static int unpackneg(gf r[4], const u8 p[32])
i64 gf[16]
static void Z(gf o, const gf a, const gf b)
static void inv25519(gf o, const gf i)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_TWEETNACL_sign_detached_verify()

int GNUNET_TWEETNACL_sign_detached_verify ( const uint8_t *  sig,
const uint8_t *  m,
uint64_t  n,
const uint8_t *  pk 
)

Definition at line 491 of file tweetnacl-gnunet.c.

References add(), crypto_verify_32(), GNUNET_CRYPTO_hash_context_finish(), GNUNET_CRYPTO_hash_context_read(), GNUNET_CRYPTO_hash_context_start(), h, p, pack(), q, reduce(), scalarbase(), scalarmult(), t, and unpackneg().

Referenced by GNUNET_CRYPTO_eddsa_verify().

495 {
496  struct GNUNET_HashContext *hc;
497  u8 t[32],h[64];
498  gf p[4],q[4];
499 
500  if (unpackneg (q,pk))
501  return -1;
502 
504  GNUNET_CRYPTO_hash_context_read (hc, sig, 32);
507  GNUNET_CRYPTO_hash_context_finish (hc, (void *) h);
508 
509  reduce (h);
510  scalarmult (p,q,h);
511 
512  scalarbase (q,sig+32);
513  add (p,q);
514  pack (t,p);
515 
516  if (crypto_verify_32 (sig, t))
517  return -1;
518  return 0;
519 }
uint8_t u8
static struct GNUNET_CRYPTO_EddsaPrivateKey * pk
Private key of this peer.
static void pack(u8 *r, gf p[4])
struct GNUNET_HashContext * GNUNET_CRYPTO_hash_context_start(void)
Start incremental hashing operation.
Definition: crypto_hash.c:466
Context for cummulative hashing.
Definition: crypto_hash.c:451
static struct GNUNET_SCHEDULER_Task * t
Main task.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static void reduce(u8 *r)
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
static int crypto_verify_32(const u8 *x, const u8 *y)
static void scalarbase(gf p[4], const u8 *s)
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_hash_context_read(struct GNUNET_HashContext *hc, const void *buf, size_t size)
Add data to be hashed.
Definition: crypto_hash.c:492
static int unpackneg(gf r[4], const u8 p[32])
i64 gf[16]
static void add(gf p[4], gf q[4])
static void scalarmult(gf p[4], gf q[4], const u8 *s)
void GNUNET_CRYPTO_hash_context_finish(struct GNUNET_HashContext *hc, struct GNUNET_HashCode *r_hash)
Finish the hash computation.
Definition: crypto_hash.c:509
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_TWEETNACL_sign_detached()

int GNUNET_TWEETNACL_sign_detached ( uint8_t *  sig,
const uint8_t *  m,
uint64_t  n,
const uint8_t *  sk 
)

Definition at line 522 of file tweetnacl-gnunet.c.

References crypto_hash(), FOR, GNUNET_CRYPTO_hash_context_finish(), GNUNET_CRYPTO_hash_context_read(), GNUNET_CRYPTO_hash_context_start(), h, modL(), p, pack(), reduce(), and scalarbase().

Referenced by GNUNET_CRYPTO_eddsa_sign().

526 {
527  struct GNUNET_HashContext *hc;
528  u8 d[64],h[64],r[64];
529  i64 i,j,x[64];
530  gf p[4];
531 
532  crypto_hash (d, sk, 32);
533  d[0] &= 248;
534  d[31] &= 127;
535  d[31] |= 64;
536 
538  GNUNET_CRYPTO_hash_context_read (hc, d + 32, 32);
540  GNUNET_CRYPTO_hash_context_finish (hc, (void *) r);
541 
542  reduce (r);
543  scalarbase (p,r);
544  pack (sig,p);
545 
547  GNUNET_CRYPTO_hash_context_read (hc, sig, 32);
548  GNUNET_CRYPTO_hash_context_read (hc, sk + 32, 32);
550  GNUNET_CRYPTO_hash_context_finish (hc, (void *) h);
551 
552  reduce (h);
553 
554  FOR (i,64) x[i] = 0;
555  FOR (i,32) x[i] = (u64) r[i];
556  FOR (i,32) FOR (j,32) x[i + j] += h[i] * (u64) d[j];
557  modL (sig + 32,x);
558 
559  return 0;
560 }
uint8_t u8
static void pack(u8 *r, gf p[4])
struct GNUNET_HashContext * GNUNET_CRYPTO_hash_context_start(void)
Start incremental hashing operation.
Definition: crypto_hash.c:466
Context for cummulative hashing.
Definition: crypto_hash.c:451
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static void reduce(u8 *r)
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
int64_t i64
static void scalarbase(gf p[4], const u8 *s)
static void modL(u8 *r, i64 x[64])
void GNUNET_CRYPTO_hash_context_read(struct GNUNET_HashContext *hc, const void *buf, size_t size)
Add data to be hashed.
Definition: crypto_hash.c:492
i64 gf[16]
#define FOR(i, n)
static int crypto_hash(u8 *out, const u8 *m, u64 n)
uint64_t u64
void GNUNET_CRYPTO_hash_context_finish(struct GNUNET_HashContext *hc, struct GNUNET_HashCode *r_hash)
Finish the hash computation.
Definition: crypto_hash.c:509
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa()

void GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa ( uint8_t *  pk,
const uint8_t *  s 
)

Definition at line 432 of file tweetnacl-gnunet.c.

References p, pack(), and scalarbase().

Referenced by GNUNET_CRYPTO_ecdsa_key_get_public().

433 {
434  u8 d[64];
435  gf p[4];
436 
437  // Treat s as little endian.
438  for (u32 i = 0; i < 32; i++)
439  d[i] = s[31 - i];
440 
441  // For GNUnet, we don't normalize d
442 
443  scalarbase (p, d);
444  pack (pk, p);
445 }
uint8_t u8
static struct GNUNET_CRYPTO_EddsaPrivateKey * pk
Private key of this peer.
static void pack(u8 *r, gf p[4])
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
static void scalarbase(gf p[4], const u8 *s)
i64 gf[16]
uint32_t u32
Here is the call graph for this function:
Here is the caller graph for this function: