GNUnet  0.10.x
Enumerations | Enumerator | Functions
Crypto library: cryptographic operations

Provides cryptographic primitives. More...

Enumerations

enum  GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_NONCE }
 Desired quality level for random numbers. More...
 

Functions

void GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 Seed a weak random generator. More...
 
void GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
 Zero out buffer, securely against compiler optimizations. More...
 
void GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
 Fill block with a random values. More...
 
uint32_t GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
 Produce a random value. More...
 
uint64_t GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 Random on unsigned 64-bit values. More...
 
unsigned int * GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
 Get an array with a random permutation of the numbers 0...n-1. More...
 
void GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
 Create a new random session key. More...
 
ssize_t GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Encrypt a block using a symmetric sessionkey. More...
 
ssize_t GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Decrypt a given block using a symmetric sessionkey. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
 Derive an IV. More...
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 Create a new private key by reading our peer's key from the file specified in the configuration. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_create (void)
 Create a new private key. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create (void)
 Create a new private key. More...
 
int GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key. More...
 
struct GNUNET_CRYPTO_EcdhePrivateKeyGNUNET_CRYPTO_ecdhe_key_create (void)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
 Get the shared private key we use for anonymous users. More...
 
void GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
 Setup a hostkey file for a peer given the name of the configuration file (!). More...
 
int GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
 Retrieve the identity of the host's peer. More...
 
int GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key. More...
 
int GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key. More...
 
int GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private ECDSA key. More...
 
int GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key. More...
 
int GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key. More...
 
int GNUNET_CRYPTO_eddsa_sign (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block. More...
 
int GNUNET_CRYPTO_ecdsa_sign (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block. More...
 
int GNUNET_CRYPTO_eddsa_verify (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature. More...
 
int GNUNET_CRYPTO_ecdsa_verify (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 

Detailed Description

Provides cryptographic primitives.

See also
Documentation

Enumeration Type Documentation

◆ GNUNET_CRYPTO_Quality

Desired quality level for random numbers.

Enumerator
GNUNET_CRYPTO_QUALITY_WEAK 

No good quality of the operation is needed (i.e., random numbers can be pseudo-random).

GNUNET_CRYPTO_QUALITY_STRONG 

High-quality operations are desired.

GNUNET_CRYPTO_QUALITY_NONCE 

Randomness for IVs etc.

is required.

Definition at line 74 of file gnunet_crypto_lib.h.

75 {
82 
88 
94 };
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.

Function Documentation

◆ GNUNET_CRYPTO_seed_weak_random()

void GNUNET_CRYPTO_seed_weak_random ( int32_t  seed)

Seed a weak random generator.

Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator can be seeded.

Parameters
seedthe seed to use

Definition at line 94 of file crypto_random.c.

References SRANDOM.

Referenced by __attribute__().

95 {
96  SRANDOM (seed);
97 }
#define SRANDOM(s)
Definition: crypto_random.c:47
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_zero_keys()

void GNUNET_CRYPTO_zero_keys ( void *  buffer,
size_t  length 
)

Zero out buffer, securely against compiler optimizations.

Used to delete key material.

Parameters
bufferthe buffer to zap
lengthbuffer length

Definition at line 109 of file crypto_random.c.

References GNUNET_CRYPTO_FileHashContext::buffer, and p.

Referenced by dv_key_clean().

110 {
111 #if HAVE_MEMSET_S
112  memset_s (buffer, length, 0, length);
113 #elif HAVE_EXPLICIT_BZERO
114  explicit_bzero (buffer, length);
115 #else
116  volatile unsigned char *p = buffer;
117  while (length--)
118  *p++ = 0;
119 #endif
120 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_block()

void GNUNET_CRYPTO_random_block ( enum GNUNET_CRYPTO_Quality  mode,
void *  buffer,
size_t  length 
)

Fill block with a random values.

Parameters
modedesired quality of the random number
bufferthe buffer to fill
lengthbuffer length

Definition at line 132 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, and GNUNET_CRYPTO_QUALITY_WEAK.

Referenced by delayed_put(), do_pad(), encapsulate_for_dv(), GCC_create(), GNUNET_async_scope_fresh(), handle_validation_response(), prepare_pending_acknowledgement(), RPS_sampler_elem_reinit(), run(), start_address_validation(), and start_dv_learn().

135 {
136 #ifdef gcry_fast_random_poll
137  static unsigned int invokeCount;
138 #endif
139  switch (mode)
140  {
142  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
143 #ifdef gcry_fast_random_poll
144  if ((invokeCount++ % 256) == 0)
145  gcry_fast_random_poll ();
146 #endif
147  gcry_randomize (buffer, length, GCRY_STRONG_RANDOM);
148  return;
150  gcry_create_nonce (buffer, length);
151  return;
153  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
154 #ifdef gcry_fast_random_poll
155  if ((invokeCount++ % 256) == 0)
156  gcry_fast_random_poll ();
157 #endif
158  gcry_randomize (buffer, length, GCRY_WEAK_RANDOM);
159  return;
160  default:
161  GNUNET_assert (0);
162  }
163 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
static enum @11 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
High-quality operations are desired.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_u32()

uint32_t GNUNET_CRYPTO_random_u32 ( enum GNUNET_CRYPTO_Quality  mode,
uint32_t  i 
)

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i) (exclusive).

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i[.

Definition at line 174 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and ret.

Referenced by __attribute__(), adjust_running_peers(), agent_get_action_random(), agent_select_egreedy(), agent_select_softmax(), agent_w_init(), allocate_v4_address(), allocate_v6_address(), attempt_connect_task(), calculate_seed(), channel_new_cb(), compute_rand_delay(), compute_service_response(), daemon_started(), delay_ms_rnd(), delayed_get(), delayed_put(), download_get_url(), find_validation_entry(), GDS_NEIGHBOURS_handle_get(), gen_topo_random(), generate_indices(), generate_request_id(), get_bootstrap_server(), get_delay(), get_delay_randomization(), get_forward_count(), get_preference(), get_property(), get_random_literal(), get_random_peer_from_peermap(), get_randomized_delay(), get_request_socket(), GNUNET_ATS_session_add(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_hash_create_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FRAGMENT_context_create(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_find_peer(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), main(), manage_service_wrapper(), ogg_init(), plan(), postgres_plugin_get_random(), queue(), reannounce_regex(), recursive_dns_resolution(), refresh_bloomfilter(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), revalidate_address(), route_control_message_without_fc(), route_via_neighbour(), run(), select_peer(), select_random_peer(), send_bloomfilter(), send_find_peer_message(), send_hello(), send_keepalive(), setup_fresh_address(), setup_fresh_ping(), setup_sockets(), should_I_drop(), sqlite_plugin_get(), sqlite_plugin_get_random(), start_dv_learn(), test_run(), transmit_request(), transmit_typemap_task(), and try_open_exit().

175 {
176 #ifdef gcry_fast_random_poll
177  static unsigned int invokeCount;
178 #endif
179  uint32_t ret;
180  uint32_t ul;
181 
182  GNUNET_assert (i > 0);
183 
184  switch (mode)
185  {
187  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
188 #ifdef gcry_fast_random_poll
189  if ((invokeCount++ % 256) == 0)
190  gcry_fast_random_poll ();
191 #endif
192  ul = UINT32_MAX - (UINT32_MAX % i);
193  do
194  {
195  gcry_randomize ((unsigned char *) &ret,
196  sizeof (uint32_t),
197  GCRY_STRONG_RANDOM);
198  } while (ret >= ul);
199  return ret % i;
201  ul = UINT32_MAX - (UINT32_MAX % i);
202  do
203  {
204  gcry_create_nonce (&ret, sizeof (ret));
205  } while (ret >= ul);
206  return ret % i;
208  ret = i * get_weak_random ();
209  if (ret >= i)
210  ret = i - 1;
211  return ret;
212  default:
213  GNUNET_assert (0);
214  }
215  return 0;
216 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Final status code.
Definition: gnunet-arm.c:89
Randomness for IVs etc.
static double get_weak_random()
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:81
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
static enum @11 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
High-quality operations are desired.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u64()

uint64_t GNUNET_CRYPTO_random_u64 ( enum GNUNET_CRYPTO_Quality  mode,
uint64_t  max 
)

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Definition at line 258 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and ret.

Referenced by activate_core_visible_dv_path(), add_attribute_cont(), attr_store_task(), calculate_fork_degree(), choose_exit(), dht_connected(), filter_tickets_finished_cb(), gen_topo_scale_free(), get_transmit_delay(), GNUNET_DHT_connect(), ifc_broadcast(), mysql_plugin_get_key(), mysql_plugin_get_replication(), mysql_plugin_put(), namestore_flat_store_records(), namestore_postgres_store_records(), namestore_sqlite_store_records(), OIDC_access_token_new(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), rvk_move_attr_cb(), sampler_get_rand_peer(), send_find_peer_message(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().

259 {
260  uint64_t ret;
261  uint64_t ul;
262 
263  GNUNET_assert (max > 0);
264  switch (mode)
265  {
267  ul = UINT64_MAX - (UINT64_MAX % max);
268  do
269  {
270  gcry_randomize ((unsigned char *) &ret,
271  sizeof (uint64_t),
272  GCRY_STRONG_RANDOM);
273  } while (ret >= ul);
274  return ret % max;
276  ul = UINT64_MAX - (UINT64_MAX % max);
277  do
278  {
279  gcry_create_nonce (&ret, sizeof (ret));
280  } while (ret >= ul);
281 
282  return ret % max;
284  ret = max * get_weak_random ();
285  if (ret >= max)
286  ret = max - 1;
287  return ret;
288  default:
289  GNUNET_assert (0);
290  }
291  return 0;
292 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Final status code.
Definition: gnunet-arm.c:89
Randomness for IVs etc.
static double get_weak_random()
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:81
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
static enum @11 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
High-quality operations are desired.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_permute()

unsigned int* GNUNET_CRYPTO_random_permute ( enum GNUNET_CRYPTO_Quality  mode,
unsigned int  n 
)

Get an array with a random permutation of the numbers 0...n-1.

Parameters
modeGNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used, GNUNET_CRYPTO_QUALITY_WEAK or GNUNET_CRYPTO_QUALITY_NONCE otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)
Parameters
mode#GNUNET_RANDOM_QUALITY_STRONG if the strong (but expensive) PRNG should be used, #GNUNET_RANDOM_QUALITY_WEAK otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)

Definition at line 228 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, and ret.

Referenced by churn(), compute_service_response(), and do_round().

229 {
230  unsigned int *ret;
231  unsigned int i;
232  unsigned int tmp;
233  uint32_t x;
234 
235  GNUNET_assert (n > 0);
236  ret = GNUNET_malloc (n * sizeof (unsigned int));
237  for (i = 0; i < n; i++)
238  ret[i] = i;
239  for (i = n - 1; i > 0; i--)
240  {
241  x = GNUNET_CRYPTO_random_u32 (mode, i + 1);
242  tmp = ret[x];
243  ret[x] = ret[i];
244  ret[i] = tmp;
245  }
246  return ret;
247 }
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random unsigned 32-bit number modulo i.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_malloc(size)
Wrapper around malloc.
static enum @11 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_create_session_key()

void GNUNET_CRYPTO_symmetric_create_session_key ( struct GNUNET_CRYPTO_SymmetricSessionKey key)

Create a new random session key.

Parameters
keykey to initialize

Create a new random session key.

Parameters
keysession key to initialize

Definition at line 40 of file crypto_symmetric.c.

References GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GNUNET_CRYPTO_AES_KEY_LENGTH, and GNUNET_CRYPTO_SymmetricSessionKey::twofish_key.

41 {
42  gcry_randomize (key->aes_key,
44  GCRY_STRONG_RANDOM);
45  gcry_randomize (key->twofish_key,
47  GCRY_STRONG_RANDOM);
48 }
unsigned char aes_key[(256/8)]
Actual key for AES.
unsigned char twofish_key[(256/8)]
Actual key for TwoFish.
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)

◆ GNUNET_CRYPTO_symmetric_encrypt()

ssize_t GNUNET_CRYPTO_symmetric_encrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams.
Returns
the size of the encrypted block, -1 for errors

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams
resultthe output parameter in which to store the encrypted result can be the same or overlap with block
Returns
the size of the encrypted block, -1 for errors. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as len.

Definition at line 125 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by block_create(), do_encrypt(), encrypt_existing_match(), encrypt_payload(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().

130 {
131  gcry_cipher_hd_t handle;
132  char tmp[size];
133 
134  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
135  return -1;
136  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
137  gcry_cipher_close (handle);
138  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
139  return -1;
140  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
141  gcry_cipher_close (handle);
142  memset (tmp, 0, sizeof (tmp));
143  return size;
144 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_decrypt()

ssize_t GNUNET_CRYPTO_symmetric_decrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizehow big is the block?
sessionkeythe key used to decrypt
ivthe initialization vector to use
resultaddress to store the result at
Returns
-1 on failure, size of decrypted block on success

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizethe size of the block to decrypt
sessionkeythe key used to decrypt
ivthe initialization vector to use, use INITVALUE for streams
resultaddress to store the result at can be the same or overlap with block
Returns
-1 on failure, size of decrypted block on success. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as size.

Definition at line 161 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by decrypt_payload(), do_decrypt(), GNUNET_FS_ublock_decrypt_(), GNUNET_GNSRECORD_block_decrypt(), process_result_with_request(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().

166 {
167  gcry_cipher_hd_t handle;
168  char tmp[size];
169 
170  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
171  return -1;
172  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
173  gcry_cipher_close (handle);
174  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
175  return -1;
176  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
177  gcry_cipher_close (handle);
178  memset (tmp, 0, sizeof (tmp));
179  return size;
180 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_derive_iv()

void GNUNET_CRYPTO_symmetric_derive_iv ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
const void *  salt,
size_t  salt_len,
  ... 
)

Derive an IV.

Parameters
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
...pairs of void * & size_t for context chunks, terminated by NULL

Definition at line 193 of file crypto_symmetric.c.

References GNUNET_CRYPTO_symmetric_derive_iv_v().

Referenced by derive_iv(), derive_pong_iv(), t_ax_decrypt(), t_ax_encrypt(), t_h_decrypt(), t_h_encrypt(), and try_old_ax_keys().

198 {
199  va_list argp;
200 
201  va_start (argp, salt_len);
202  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
203  va_end (argp);
204 }
void GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
Derive an IV.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_public()

void GNUNET_CRYPTO_ecdsa_key_get_public ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 241 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, decode_private_ecdsa_key(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), q, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by attr_iter_cb(), authorize_endpoint(), block_create(), create_finished(), decrypt_block_with_keyword(), filter_tickets_finished_cb(), get_nick_record(), get_update_information_directory(), GNUNET_CREDENTIAL_credential_issue(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_block_create(), GNUNET_GNSRECORD_block_create2(), GNUNET_GNSRECORD_query_from_private_key(), GNUNET_IDENTITY_ego_get_anonymous(), GNUNET_IDENTITY_ego_get_public_key(), GNUNET_REVOCATION_sign_revocation(), handle_attribute_store_message(), handle_client_call_message(), handle_collect(), handle_identity_set_default(), handle_identity_update(), identity_zone_cb(), OIDC_parse_authz_code(), process_kblock_for_unindex(), RECLAIM_TICKETS_consume(), RECLAIM_TICKETS_revoke(), and refresh_block().

244 {
245  gcry_sexp_t sexp;
246  gcry_ctx_t ctx;
247  gcry_mpi_t q;
248 
249  BENCHMARK_START (ecdsa_key_get_public);
250 
251  sexp = decode_private_ecdsa_key (priv);
252  GNUNET_assert (NULL != sexp);
253  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL));
254  gcry_sexp_release (sexp);
255  q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
256  GNUNET_assert (NULL != q);
257  GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof (pub->q_y), q);
258  gcry_mpi_release (q);
259  gcry_ctx_release (ctx);
260 
261  BENCHMARK_END (ecdsa_key_get_public);
262 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:137
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_get_public()

void GNUNET_CRYPTO_eddsa_key_get_public ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 272 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, decode_private_eddsa_key(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), q, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by advertise_dns_exit(), create_keys(), GCT_handle_kx(), get_identity(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_FS_uri_loc_create(), GNUNET_TESTING_hostkey_get(), GSC_KX_init(), main_init(), print_key(), regex_iterator(), and run().

275 {
276  gcry_sexp_t sexp;
277  gcry_ctx_t ctx;
278  gcry_mpi_t q;
279 
280  BENCHMARK_START (eddsa_key_get_public);
281 
282  sexp = decode_private_eddsa_key (priv);
283  GNUNET_assert (NULL != sexp);
284  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL));
285  gcry_sexp_release (sexp);
286  q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
287  GNUNET_assert (q);
288  GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof (pub->q_y), q);
289  gcry_mpi_release (q);
290  gcry_ctx_release (ctx);
291 
292  BENCHMARK_END (eddsa_key_get_public);
293 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
static gcry_sexp_t decode_private_eddsa_key(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:172
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_get_public()

void GNUNET_CRYPTO_ecdhe_key_get_public ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
struct GNUNET_CRYPTO_EcdhePublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 303 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, decode_private_ecdhe_key(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), q, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by GCT_handle_kx(), GCT_handle_kx_auth(), GCT_send(), inject_rekey(), mq_send(), OIDC_build_authz_code(), print_examples_ecdh(), send_kx(), send_kx_auth(), sign_ephemeral_key(), start_initial_kx_out(), and update_ephemeral().

306 {
307  gcry_sexp_t sexp;
308  gcry_ctx_t ctx;
309  gcry_mpi_t q;
310 
311  BENCHMARK_START (ecdhe_key_get_public);
312 
313  sexp = decode_private_ecdhe_key (priv);
314  GNUNET_assert (NULL != sexp);
315  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL));
316  gcry_sexp_release (sexp);
317  q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
318  GNUNET_assert (q);
319  GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof (pub->q_y), q);
320  gcry_mpi_release (q);
321  gcry_ctx_release (ctx);
322 
323  BENCHMARK_END (ecdhe_key_get_public);
324 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
static gcry_sexp_t decode_private_ecdhe_key(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:207
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create_from_file()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_create_from_file ( const char *  filename)

Create a new private key by reading it from a file.

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 252 of file crypto_ecc_setup.c.

References _, ACCESS, GNUNET_DISK_FileHandle::fd, fs, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_DISK_directory_create_for_file(), GNUNET_DISK_file_close(), GNUNET_DISK_file_lock(), GNUNET_DISK_file_open(), GNUNET_DISK_file_read(), GNUNET_DISK_file_size(), GNUNET_DISK_file_sync(), GNUNET_DISK_file_test(), GNUNET_DISK_file_unlock(), GNUNET_DISK_file_write(), GNUNET_DISK_OPEN_CREATE, GNUNET_DISK_OPEN_FAILIFEXISTS, GNUNET_DISK_OPEN_READ, GNUNET_DISK_OPEN_WRITE, GNUNET_DISK_PERM_NONE, GNUNET_DISK_PERM_USER_READ, GNUNET_DISK_PERM_USER_WRITE, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_malloc, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, GNUNET_YES, LOG, LOG_STRERROR_FILE, short_wait(), and STRERROR.

Referenced by process_ego_file().

253 {
254  struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
255  struct GNUNET_DISK_FileHandle *fd;
256  unsigned int cnt;
257  int ec;
258  uint64_t fs;
259  ssize_t sret;
260 
261  if (GNUNET_SYSERR ==
263  return NULL;
265  {
271  if (NULL == fd)
272  {
273  if (EEXIST == errno)
274  {
276  {
277  /* must exist but not be accessible, fail for good! */
278  if (0 != ACCESS (filename, R_OK))
280  "access",
281  filename);
282  else
283  GNUNET_break (0); /* what is going on!? */
284  return NULL;
285  }
286  continue;
287  }
289  "open",
290  filename);
291  return NULL;
292  }
293  cnt = 0;
294  while (GNUNET_YES !=
296  0,
297  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
298  GNUNET_YES))
299  {
300  short_wait ();
301  if (0 == ++cnt % 10)
302  {
303  ec = errno;
305  _("Could not acquire lock on file `%s': %s...\n"),
306  filename,
307  STRERROR (ec));
308  }
309  }
311  _("Creating a new private key. This may take a while.\n"));
313  GNUNET_assert (NULL != priv);
314  GNUNET_assert (sizeof (*priv) ==
316  priv,
317  sizeof (*priv)));
319  if (GNUNET_YES !=
321  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
323  "fcntl",
324  filename);
327  return priv;
328  }
329  /* key file exists already, read it! */
333  if (NULL == fd)
334  {
336  "open",
337  filename);
338  return NULL;
339  }
340  cnt = 0;
341  while (1)
342  {
343  if (GNUNET_YES !=
344  GNUNET_DISK_file_lock (fd, 0,
345  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
346  GNUNET_NO))
347  {
348  if (0 == ++cnt % 60)
349  {
350  ec = errno;
352  _("Could not acquire lock on file `%s': %s...\n"),
353  filename,
354  STRERROR (ec));
356  _("This may be ok if someone is currently generating a private key.\n"));
357  }
358  short_wait ();
359  continue;
360  }
361  if (GNUNET_YES !=
363  {
364  /* eh, what!? File we opened is now gone!? */
366  "stat",
367  filename);
368  if (GNUNET_YES !=
370  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
372  "fcntl",
373  filename);
376 
377  return NULL;
378  }
379  if (GNUNET_OK !=
381  &fs,
382  GNUNET_YES,
383  GNUNET_YES))
384  fs = 0;
385  if (fs < sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey))
386  {
387  /* maybe we got the read lock before the key generating
388  * process had a chance to get the write lock; give it up! */
389  if (GNUNET_YES !=
391  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
393  "fcntl",
394  filename);
395  if (0 == ++cnt % 10)
396  {
398  _("When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
399  filename, (unsigned int) fs,
400  (unsigned int) sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
402  _("This may be ok if someone is currently generating a key.\n"));
403  }
404  short_wait (); /* wait a bit longer! */
405  continue;
406  }
407  break;
408  }
409  fs = sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
410  priv = GNUNET_malloc (fs);
411  sret = GNUNET_DISK_file_read (fd,
412  priv,
413  fs);
414  GNUNET_assert ( (sret >= 0) &&
415  (fs == (size_t) sret) );
416  if (GNUNET_YES !=
418  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
420  "fcntl",
421  filename);
424  return priv;
425 }
#define LOG_STRERROR_FILE(kind, syscall, filename)
static void short_wait()
Wait for a short time (we&#39;re trying to lock a file or want to give another process a shot at finishin...
int GNUNET_DISK_file_test(const char *fil)
Check that fil corresponds to a filename (of a file that exists and that is not a directory)...
Definition: disk.c:669
Open the file for reading.
int GNUNET_DISK_file_sync(const struct GNUNET_DISK_FileHandle *h)
Write file changes to disk.
Definition: disk.c:2133
Create file if it doesn&#39;t exist.
int GNUNET_DISK_file_close(struct GNUNET_DISK_FileHandle *h)
Close an open file.
Definition: disk.c:1817
int GNUNET_DISK_file_unlock(struct GNUNET_DISK_FileHandle *fh, off_t unlock_start, off_t unlock_end)
Unlock a part of a file.
Definition: disk.c:1618
ssize_t GNUNET_DISK_file_read(const struct GNUNET_DISK_FileHandle *h, void *result, size_t len)
Read the contents of a binary file into a buffer.
Definition: disk.c:881
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define STRERROR(i)
Definition: plibc.h:676
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_create(void)
Create a new private key.
Definition: crypto_ecc.c:691
Nobody is allowed to do anything to the file.
int GNUNET_DISK_directory_create_for_file(const char *filename)
Create the directory structure for storing a file.
Definition: disk.c:833
#define GNUNET_NO
Definition: gnunet_common.h:81
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
Private ECC key encoded for transmission.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:208
ssize_t GNUNET_DISK_file_write(const struct GNUNET_DISK_FileHandle *h, const void *buffer, size_t n)
Write a buffer to a file.
Definition: disk.c:1049
#define LOG(kind,...)
static char * filename
int GNUNET_DISK_file_lock(struct GNUNET_DISK_FileHandle *fh, off_t lock_start, off_t lock_end, int excl)
Lock a part of a file.
Definition: disk.c:1564
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
Open the file for writing.
static struct GNUNET_FS_Handle * fs
Handle to FS service.
Definition: gnunet-fs.c:36
int GNUNET_DISK_file_size(const char *filename, uint64_t *size, int include_symbolic_links, int single_file_mode)
Get the size of the file (or directory) of the given file (in bytes).
Definition: disk.c:289
#define GNUNET_YES
Definition: gnunet_common.h:80
int fd
File handle on other OSes.
Fail if file already exists.
struct GNUNET_DISK_FileHandle * GNUNET_DISK_file_open(const char *fn, enum GNUNET_DISK_OpenFlags flags, enum GNUNET_DISK_AccessPermissions perm)
Open a file.
Definition: disk.c:1673
#define ACCESS(p, m)
Definition: plibc.h:656
Handle used to access files (and pipes).
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_file()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_file ( const char *  filename)

Create a new private key by reading it from a file.

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 76 of file crypto_ecc_setup.c.

References _, ACCESS, GNUNET_DISK_FileHandle::fd, fs, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_eddsa_key_create(), GNUNET_DISK_directory_create_for_file(), GNUNET_DISK_file_close(), GNUNET_DISK_file_lock(), GNUNET_DISK_file_open(), GNUNET_DISK_file_read(), GNUNET_DISK_file_size(), GNUNET_DISK_file_sync(), GNUNET_DISK_file_test(), GNUNET_DISK_file_unlock(), GNUNET_DISK_file_write(), GNUNET_DISK_OPEN_CREATE, GNUNET_DISK_OPEN_FAILIFEXISTS, GNUNET_DISK_OPEN_READ, GNUNET_DISK_OPEN_WRITE, GNUNET_DISK_PERM_NONE, GNUNET_DISK_PERM_USER_READ, GNUNET_DISK_PERM_USER_WRITE, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_malloc, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, GNUNET_YES, LOG, LOG_STRERROR_FILE, short_wait(), and STRERROR.

Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), main_init(), and run().

77 {
78  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
79  struct GNUNET_DISK_FileHandle *fd;
80  unsigned int cnt;
81  int ec;
82  uint64_t fs;
83  ssize_t sret;
84 
86  return NULL;
88  {
94  if (NULL == fd)
95  {
96  if (EEXIST == errno)
97  {
99  {
100  /* must exist but not be accessible, fail for good! */
101  if (0 != ACCESS (filename, R_OK))
103  else
104  GNUNET_break (0); /* what is going on!? */
105  return NULL;
106  }
107  continue;
108  }
110  return NULL;
111  }
112  cnt = 0;
113  while (GNUNET_YES !=
114  GNUNET_DISK_file_lock (fd, 0,
115  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey),
116  GNUNET_YES))
117  {
118  short_wait ();
119  if (0 == ++cnt % 10)
120  {
121  ec = errno;
123  _("Could not acquire lock on file `%s': %s...\n"),
124  filename,
125  STRERROR (ec));
126  }
127  }
129  _("Creating a new private key. This may take a while.\n"));
131  GNUNET_assert (NULL != priv);
132  GNUNET_assert (sizeof (*priv) ==
133  GNUNET_DISK_file_write (fd, priv, sizeof (*priv)));
135  if (GNUNET_YES !=
137  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
140  return priv;
141  }
142  /* key file exists already, read it! */
145  if (NULL == fd)
146  {
148  return NULL;
149  }
150  cnt = 0;
151  while (1)
152  {
153  if (GNUNET_YES !=
154  GNUNET_DISK_file_lock (fd, 0,
155  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey),
156  GNUNET_NO))
157  {
158  if (0 == ++cnt % 60)
159  {
160  ec = errno;
162  _("Could not acquire lock on file `%s': %s...\n"), filename,
163  STRERROR (ec));
165  _
166  ("This may be ok if someone is currently generating a private key.\n"));
167  }
168  short_wait ();
169  continue;
170  }
172  {
173  /* eh, what!? File we opened is now gone!? */
175  if (GNUNET_YES !=
177  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
180 
181  return NULL;
182  }
184  fs = 0;
185  if (fs < sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey))
186  {
187  /* maybe we got the read lock before the key generating
188  * process had a chance to get the write lock; give it up! */
189  if (GNUNET_YES !=
191  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
193  if (0 == ++cnt % 10)
194  {
196  _("When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
197  filename,
198  (unsigned int) fs,
199  (unsigned int) sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
201  _("This may be ok if someone is currently generating a key.\n"));
202  }
203  short_wait (); /* wait a bit longer! */
204  continue;
205  }
206  break;
207  }
208  fs = sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey);
209  priv = GNUNET_malloc (fs);
210  sret = GNUNET_DISK_file_read (fd,
211  priv,
212  fs);
213  GNUNET_assert ( (sret >= 0) &&
214  (fs == (size_t) sret) );
215  if (GNUNET_YES !=
217  0,
218  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
220  "fcntl",
221  filename);
224 #if CRYPTO_BUG
225  if (GNUNET_OK !=
226  check_eddsa_key (priv))
227  {
228  GNUNET_break (0);
229  GNUNET_free (priv);
230  return NULL;
231  }
232 #endif
233  return priv;
234 }
#define LOG_STRERROR_FILE(kind, syscall, filename)
static void short_wait()
Wait for a short time (we&#39;re trying to lock a file or want to give another process a shot at finishin...
int GNUNET_DISK_file_test(const char *fil)
Check that fil corresponds to a filename (of a file that exists and that is not a directory)...
Definition: disk.c:669
Open the file for reading.
int GNUNET_DISK_file_sync(const struct GNUNET_DISK_FileHandle *h)
Write file changes to disk.
Definition: disk.c:2133
Create file if it doesn&#39;t exist.
int GNUNET_DISK_file_close(struct GNUNET_DISK_FileHandle *h)
Close an open file.
Definition: disk.c:1817
int GNUNET_DISK_file_unlock(struct GNUNET_DISK_FileHandle *fh, off_t unlock_start, off_t unlock_end)
Unlock a part of a file.
Definition: disk.c:1618
ssize_t GNUNET_DISK_file_read(const struct GNUNET_DISK_FileHandle *h, void *result, size_t len)
Read the contents of a binary file into a buffer.
Definition: disk.c:881
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define STRERROR(i)
Definition: plibc.h:676
Nobody is allowed to do anything to the file.
int GNUNET_DISK_directory_create_for_file(const char *filename)
Create the directory structure for storing a file.
Definition: disk.c:833
#define GNUNET_NO
Definition: gnunet_common.h:81
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:208
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create(void)
Create a new private key.
Definition: crypto_ecc.c:746
ssize_t GNUNET_DISK_file_write(const struct GNUNET_DISK_FileHandle *h, const void *buffer, size_t n)
Write a buffer to a file.
Definition: disk.c:1049
#define LOG(kind,...)
static char * filename
int GNUNET_DISK_file_lock(struct GNUNET_DISK_FileHandle *fh, off_t lock_start, off_t lock_end, int excl)
Lock a part of a file.
Definition: disk.c:1564
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
Open the file for writing.
static struct GNUNET_FS_Handle * fs
Handle to FS service.
Definition: gnunet-fs.c:36
int GNUNET_DISK_file_size(const char *filename, uint64_t *size, int include_symbolic_links, int single_file_mode)
Get the size of the file (or directory) of the given file (in bytes).
Definition: disk.c:289
Private ECC key encoded for transmission.
#define GNUNET_YES
Definition: gnunet_common.h:80
int fd
File handle on other OSes.
Fail if file already exists.
struct GNUNET_DISK_FileHandle * GNUNET_DISK_file_open(const char *fn, enum GNUNET_DISK_OpenFlags flags, enum GNUNET_DISK_AccessPermissions perm)
Open a file.
Definition: disk.c:1673
#define ACCESS(p, m)
Definition: plibc.h:656
Handle used to access files (and pipes).
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_configuration()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_configuration ( const struct GNUNET_CONFIGURATION_Handle cfg)

Create a new private key by reading our peer's key from the file specified in the configuration.

Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free
Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 437 of file crypto_ecc_setup.c.

References fn, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_create_from_file(), GNUNET_free, and GNUNET_OK.

Referenced by advertise_dns_exit(), GNUNET_CRYPTO_eddsa_setup_key(), GNUNET_CRYPTO_get_peer_identity(), and run().

438 {
439  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
440  char *fn;
441 
442  if (GNUNET_OK !=
443  GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn))
444  return NULL;
446  GNUNET_free (fn);
447  return priv;
448 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
static char * fn
Filename of the unique file.
Private ECC key encoded for transmission.
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_file(const char *filename)
Create a new private key by reading it from a file.
int GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_create ( void  )

Create a new private key.

Caller must free return value.

Returns
fresh private key; free using GNUNET_free

Caller must free return value.

Returns
fresh private key

Definition at line 691 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_new, key_from_sexp(), and LOG_GCRY.

Referenced by GNUNET_CRYPTO_ecdsa_key_create_from_file(), and GNUNET_IDENTITY_create().

692 {
693  struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
694  gcry_sexp_t priv_sexp;
695  gcry_sexp_t s_keyparam;
696  gcry_mpi_t d;
697  int rc;
698 
699  BENCHMARK_START (ecdsa_key_create);
700 
701  if (0 != (rc = gcry_sexp_build (&s_keyparam,
702  NULL,
703  "(genkey(ecc(curve \"" CURVE "\")"
704  "(flags)))")))
705  {
706  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
707  return NULL;
708  }
709  if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
710  {
711  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
712  gcry_sexp_release (s_keyparam);
713  return NULL;
714  }
715  gcry_sexp_release (s_keyparam);
716 #if EXTRA_CHECKS
717  if (0 != (rc = gcry_pk_testkey (priv_sexp)))
718  {
719  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
720  gcry_sexp_release (priv_sexp);
721  return NULL;
722  }
723 #endif
724  if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
725  {
726  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
727  gcry_sexp_release (priv_sexp);
728  return NULL;
729  }
730  gcry_sexp_release (priv_sexp);
732  GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof (priv->d), d);
733  gcry_mpi_release (d);
734 
735  BENCHMARK_END (ecdsa_key_create);
736 
737  return priv;
738 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:77
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create ( void  )

Create a new private key.

Caller must free return value.

Returns
fresh private key; free using GNUNET_free

Caller must free return value.

Returns
fresh private key

Definition at line 746 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, CURVE, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_new, GNUNET_OK, key_from_sexp(), and LOG_GCRY.

Referenced by create_keys(), and GNUNET_CRYPTO_eddsa_key_create_from_file().

747 {
748  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
749  gcry_sexp_t priv_sexp;
750  gcry_sexp_t s_keyparam;
751  gcry_mpi_t d;
752  int rc;
753 
754  BENCHMARK_START (eddsa_key_create);
755 
756 #if CRYPTO_BUG
757 again:
758 #endif
759  if (0 != (rc = gcry_sexp_build (&s_keyparam,
760  NULL,
761  "(genkey(ecc(curve \"" CURVE "\")"
762  "(flags eddsa)))")))
763  {
764  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
765  return NULL;
766  }
767  if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
768  {
769  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
770  gcry_sexp_release (s_keyparam);
771  return NULL;
772  }
773  gcry_sexp_release (s_keyparam);
774 #if EXTRA_CHECKS
775  if (0 != (rc = gcry_pk_testkey (priv_sexp)))
776  {
777  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
778  gcry_sexp_release (priv_sexp);
779  return NULL;
780  }
781 #endif
782  if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
783  {
784  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
785  gcry_sexp_release (priv_sexp);
786  return NULL;
787  }
788  gcry_sexp_release (priv_sexp);
790  GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof (priv->d), d);
791  gcry_mpi_release (d);
792 
793 #if CRYPTO_BUG
794  if (GNUNET_OK != check_eddsa_key (priv))
795  {
796  GNUNET_break (0);
797  GNUNET_free (priv);
798  goto again;
799  }
800 #endif
801 
802  BENCHMARK_END (eddsa_key_create);
803 
804  return priv;
805 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
Private ECC key encoded for transmission.
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:77
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create2()

int GNUNET_CRYPTO_ecdhe_key_create2 ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Create a new private key.

Clear with GNUNET_CRYPTO_ecdhe_key_clear().

Parameters
[out]pkset to fresh private key;
Returns
GNUNET_OK on success, GNUNET_SYSERR on failure

Definition at line 632 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, CURVE, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), and LOG_GCRY.

Referenced by GCT_create_tunnel(), GNUNET_CRYPTO_ecdhe_key_create(), inject_rekey(), mq_send(), new_ephemeral(), start_initial_kx_out(), and update_ephemeral().

633 {
634  gcry_sexp_t priv_sexp;
635  gcry_sexp_t s_keyparam;
636  gcry_mpi_t d;
637  int rc;
638 
639  BENCHMARK_START (ecdhe_key_create);
640 
641  /* NOTE: For libgcrypt >= 1.7, we do not need the 'eddsa' flag here,
642  but should also be harmless. For libgcrypt < 1.7, using 'eddsa'
643  disables an expensive key testing routine. We do not want to run
644  the expensive check for ECDHE, as we generate TONS of keys to
645  use for a very short time. */
646  if (0 != (rc = gcry_sexp_build (&s_keyparam,
647  NULL,
648  "(genkey(ecc(curve \"" CURVE "\")"
649  "(flags eddsa no-keytest)))")))
650  {
651  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
652  return GNUNET_SYSERR;
653  }
654  if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
655  {
656  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
657  gcry_sexp_release (s_keyparam);
658  return GNUNET_SYSERR;
659  }
660  gcry_sexp_release (s_keyparam);
661 #if EXTRA_CHECKS
662  if (0 != (rc = gcry_pk_testkey (priv_sexp)))
663  {
664  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
665  gcry_sexp_release (priv_sexp);
666  return GNUNET_SYSERR;
667  }
668 #endif
669  if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
670  {
671  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
672  gcry_sexp_release (priv_sexp);
673  return GNUNET_SYSERR;
674  }
675  gcry_sexp_release (priv_sexp);
676  GNUNET_CRYPTO_mpi_print_unsigned (pk->d, sizeof (pk->d), d);
677  gcry_mpi_release (d);
678 
679  BENCHMARK_END (ecdhe_key_create);
680 
681  return GNUNET_OK;
682 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:77
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create()

struct GNUNET_CRYPTO_EcdhePrivateKey* GNUNET_CRYPTO_ecdhe_key_create ( void  )

Create a new private key.

Caller must free return value.

Returns
fresh private key; free using GNUNET_free

Caller must free return value.

Returns
fresh private key

Definition at line 610 of file crypto_ecc.c.

References GNUNET_CRYPTO_ecdhe_key_create2(), GNUNET_free, GNUNET_new, and GNUNET_OK.

Referenced by do_rekey(), GSC_KX_init(), OIDC_build_authz_code(), and print_examples_ecdh().

611 {
612  struct GNUNET_CRYPTO_EcdhePrivateKey *priv;
613 
616  {
617  GNUNET_free (priv);
618  return NULL;
619  }
620  return priv;
621 }
int GNUNET_CRYPTO_ecdhe_key_create2(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:632
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_clear()

void GNUNET_CRYPTO_eddsa_key_clear ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 598 of file crypto_ecc.c.

599 {
600  memset (pk, 0, sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
601 }
Private ECC key encoded for transmission.

◆ GNUNET_CRYPTO_ecdsa_key_clear()

void GNUNET_CRYPTO_ecdsa_key_clear ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 585 of file crypto_ecc.c.

Referenced by main().

586 {
587  memset (pk, 0, sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
588 }
Private ECC key encoded for transmission.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_clear()

void GNUNET_CRYPTO_ecdhe_key_clear ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 572 of file crypto_ecc.c.

Referenced by cleanup_ax().

573 {
574  memset (pk, 0, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
575 }
Private ECC key encoded for transmission.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_anonymous()

const struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_get_anonymous ( void  )

Get the shared private key we use for anonymous users.

Returns
"anonymous" private key; do not free
"anonymous" private key

'anonymous' pseudonym (global static, d=1, public key = G (generator).

Definition at line 814 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.

Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().

815 {
820  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
821  static int once;
822 
823  if (once)
824  return &anonymous;
826  sizeof (anonymous.d),
827  GCRYMPI_CONST_ONE);
828  once = 1;
829  return &anonymous;
830 }
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
Private ECC key encoded for transmission.
static int once
Global to mark if we&#39;ve run the initialization.
Definition: gnsrecord.c:68
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_setup_hostkey()

void GNUNET_CRYPTO_eddsa_setup_hostkey ( const char *  cfg_name)

Setup a hostkey file for a peer given the name of the configuration file (!).

This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).

Parameters
cfg_namename of the configuration file to use

◆ GNUNET_CRYPTO_get_peer_identity()

int GNUNET_CRYPTO_get_peer_identity ( const struct GNUNET_CONFIGURATION_Handle cfg,
struct GNUNET_PeerIdentity dst 
)

Retrieve the identity of the host's peer.

Parameters
cfgconfiguration to use
dstpointer to where to write the peer identity
Returns
GNUNET_OK on success, GNUNET_SYSERR if the identity could not be retrieved

Definition at line 460 of file crypto_ecc_setup.c.

References _, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, and GNUNET_PeerIdentity::public_key.

Referenced by GNUNET_CONVERSATION_phone_create(), and run().

462 {
463  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
464 
465  if (NULL == (priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg)))
466  {
468  _("Could not load peer's private key\n"));
469  return GNUNET_SYSERR;
470  }
472  GNUNET_free (priv);
473  return GNUNET_OK;
474 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define _(String)
GNU gettext support macro.
Definition: platform.h:208
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:272
Private ECC key encoded for transmission.
#define GNUNET_log(kind,...)
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer&#39;s key from the file specified in the configuration...
#define GNUNET_free(ptr)
Wrapper around free.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_ecdh()

int GNUNET_CRYPTO_ecc_ecdh ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1184 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, CURVE, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_OK, GNUNET_SYSERR, LOG_GCRY, q, GNUNET_CRYPTO_EcdhePublicKey::q_y, and result.

Referenced by derive_session_keys(), GCT_handle_kx(), print_examples_ecdh(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().

1187 {
1188  gcry_mpi_point_t result;
1189  gcry_mpi_point_t q;
1190  gcry_mpi_t d;
1191  gcry_ctx_t ctx;
1192  gcry_sexp_t pub_sexpr;
1193  gcry_mpi_t result_x;
1194  unsigned char xbuf[256 / 8];
1195  size_t rsize;
1196 
1197  BENCHMARK_START (ecc_ecdh);
1198 
1199  /* first, extract the q = dP value from the public key */
1200  if (0 != gcry_sexp_build (&pub_sexpr,
1201  NULL,
1202  "(public-key(ecc(curve " CURVE ")(q %b)))",
1203  (int) sizeof (pub->q_y),
1204  pub->q_y))
1205  return GNUNET_SYSERR;
1206  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
1207  gcry_sexp_release (pub_sexpr);
1208  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1209 
1210  /* second, extract the d value from our private key */
1211  GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof (priv->d));
1212 
1213  /* then call the 'multiply' function, to compute the product */
1214  result = gcry_mpi_point_new (0);
1215  gcry_mpi_ec_mul (result, d, q, ctx);
1216  gcry_mpi_point_release (q);
1217  gcry_mpi_release (d);
1218 
1219  /* finally, convert point to string for hashing */
1220  result_x = gcry_mpi_new (256);
1221  if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx))
1222  {
1223  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0);
1224  gcry_mpi_point_release (result);
1225  gcry_ctx_release (ctx);
1226  return GNUNET_SYSERR;
1227  }
1228  gcry_mpi_point_release (result);
1229  gcry_ctx_release (ctx);
1230 
1231  rsize = sizeof (xbuf);
1232  GNUNET_assert (! gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE));
1233  /* result_x can be negative here, so we do not use 'GNUNET_CRYPTO_mpi_print_unsigned'
1234  as that does not include the sign bit; x should be a 255-bit
1235  value, so with the sign it should fit snugly into the 256-bit
1236  xbuf */
1237  GNUNET_assert (
1238  0 == gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize, result_x));
1239  GNUNET_CRYPTO_hash (xbuf, rsize, key_material);
1240  gcry_mpi_release (result_x);
1241  BENCHMARK_END (ecc_ecdh);
1242  return GNUNET_OK;
1243 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:44
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
static int result
Global testing status.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_ecdh()

int GNUNET_CRYPTO_eddsa_ecdh ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private EdDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from EdDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1504 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_EddsaPrivateKey::d, eddsa_d_to_a(), GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SYSERR, point_to_hash(), q, GNUNET_CRYPTO_EcdhePublicKey::q_y, result, and ret.

Referenced by dh_key_derive_eph_pub(), GCT_handle_kx(), setup_in_cipher(), setup_shared_secret_dec(), and update_ax_by_kx().

1507 {
1508  gcry_mpi_point_t result;
1509  gcry_mpi_point_t q;
1510  gcry_mpi_t d;
1511  gcry_mpi_t a;
1512  gcry_ctx_t ctx;
1513  gcry_sexp_t pub_sexpr;
1514  int ret;
1515 
1516  BENCHMARK_START (eddsa_ecdh);
1517 
1518  /* first, extract the q = dP value from the public key */
1519  if (0 != gcry_sexp_build (&pub_sexpr,
1520  NULL,
1521  "(public-key(ecc(curve " CURVE ")(q %b)))",
1522  (int) sizeof (pub->q_y),
1523  pub->q_y))
1524  return GNUNET_SYSERR;
1525  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
1526  gcry_sexp_release (pub_sexpr);
1527  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1528 
1529  /* second, extract the d value from our private key */
1530  GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof (priv->d));
1531 
1532  /* NOW, because this is EdDSA, HASH 'd' first! */
1533  a = eddsa_d_to_a (d);
1534  gcry_mpi_release (d);
1535 
1536  /* then call the 'multiply' function, to compute the product */
1537  result = gcry_mpi_point_new (0);
1538  gcry_mpi_ec_mul (result, a, q, ctx);
1539  gcry_mpi_point_release (q);
1540  gcry_mpi_release (a);
1541 
1542  ret = point_to_hash (result, ctx, key_material);
1543  gcry_mpi_point_release (result);
1544  gcry_ctx_release (ctx);
1545  BENCHMARK_END (eddsa_ecdh);
1546  return ret;
1547 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
static int point_to_hash(gcry_mpi_point_t result, gcry_ctx_t ctx, struct GNUNET_HashCode *key_material)
Take point from ECDH and convert it to key material.
Definition: crypto_ecc.c:1463
static int ret
Final status code.
Definition: gnunet-arm.c:89
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static int result
Global testing status.
static gcry_mpi_t eddsa_d_to_a(gcry_mpi_t d)
Convert the secret d of an EdDSA key to the value that is actually used in the EdDSA computation...
Definition: crypto_ecc.c:1418
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_ecdh()

int GNUNET_CRYPTO_ecdsa_ecdh ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private ECDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1561 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SYSERR, point_to_hash(), q, GNUNET_CRYPTO_EcdhePublicKey::q_y, result, and ret.

Referenced by calculate_key_priv().

1564 {
1565  gcry_mpi_point_t result;
1566  gcry_mpi_point_t q;
1567  gcry_mpi_t d;
1568  gcry_ctx_t ctx;
1569  gcry_sexp_t pub_sexpr;
1570  int ret;
1571 
1572  BENCHMARK_START (ecdsa_ecdh);
1573 
1574  /* first, extract the q = dP value from the public key */
1575  if (0 != gcry_sexp_build (&pub_sexpr,
1576  NULL,
1577  "(public-key(ecc(curve " CURVE ")(q %b)))",
1578  (int) sizeof (pub->q_y),
1579  pub->q_y))
1580  return GNUNET_SYSERR;
1581  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
1582  gcry_sexp_release (pub_sexpr);
1583  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1584 
1585  /* second, extract the d value from our private key */
1586  GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof (priv->d));
1587 
1588  /* then call the 'multiply' function, to compute the product */
1589  result = gcry_mpi_point_new (0);
1590  gcry_mpi_ec_mul (result, d, q, ctx);
1591  gcry_mpi_point_release (q);
1592  gcry_mpi_release (d);
1593 
1594  /* finally, convert point to string for hashing */
1595  ret = point_to_hash (result, ctx, key_material);
1596  gcry_mpi_point_release (result);
1597  gcry_ctx_release (ctx);
1598  BENCHMARK_END (ecdsa_ecdh);
1599  return ret;
1600 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
static int point_to_hash(gcry_mpi_point_t result, gcry_ctx_t ctx, struct GNUNET_HashCode *key_material)
Take point from ECDH and convert it to key material.
Definition: crypto_ecc.c:1463
static int ret
Final status code.
Definition: gnunet-arm.c:89
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static int result
Global testing status.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_eddsa()

int GNUNET_CRYPTO_ecdh_eddsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EddsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EdDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_eddsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from EdDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1614 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, CURVE, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SYSERR, point_to_hash(), q, GNUNET_CRYPTO_EddsaPublicKey::q_y, result, and ret.

Referenced by dh_key_derive_eph_pid(), GCT_handle_kx(), GNUNET_CRYPTO_ecdh_ecdsa(), setup_out_cipher(), setup_shared_secret_enc(), and update_ax_by_kx().

1617 {
1618  gcry_mpi_point_t result;
1619  gcry_mpi_point_t q;
1620  gcry_mpi_t d;
1621  gcry_ctx_t ctx;
1622  gcry_sexp_t pub_sexpr;
1623  int ret;
1624 
1625  BENCHMARK_START (ecdh_eddsa);
1626 
1627  /* first, extract the q = dP value from the public key */
1628  if (0 != gcry_sexp_build (&pub_sexpr,
1629  NULL,
1630  "(public-key(ecc(curve " CURVE ")(q %b)))",
1631  (int) sizeof (pub->q_y),
1632  pub->q_y))
1633  return GNUNET_SYSERR;
1634  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
1635  gcry_sexp_release (pub_sexpr);
1636  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1637 
1638  /* second, extract the d value from our private key */
1639  GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof (priv->d));
1640 
1641  /* then call the 'multiply' function, to compute the product */
1642  result = gcry_mpi_point_new (0);
1643  gcry_mpi_ec_mul (result, d, q, ctx);
1644  gcry_mpi_point_release (q);
1645  gcry_mpi_release (d);
1646 
1647  /* finally, convert point to string for hashing */
1648  ret = point_to_hash (result, ctx, key_material);
1649  gcry_mpi_point_release (result);
1650  gcry_ctx_release (ctx);
1651  BENCHMARK_END (ecdh_eddsa);
1652  return ret;
1653 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
static int point_to_hash(gcry_mpi_point_t result, gcry_ctx_t ctx, struct GNUNET_HashCode *key_material)
Take point from ECDH and convert it to key material.
Definition: crypto_ecc.c:1463
static int ret
Final status code.
Definition: gnunet-arm.c:89
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
static int result
Global testing status.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_ecdsa()

int GNUNET_CRYPTO_ecdh_ecdsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EcDSA public key and a private ECDH key.

Derive key material from a ECDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Dual to #GNUNET_CRRYPTO_eddsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1666 of file crypto_ecc.c.

References GNUNET_CRYPTO_ecdh_eddsa().

Referenced by calculate_key_pub().

1669 {
1670  return GNUNET_CRYPTO_ecdh_eddsa (priv,
1671  (const struct GNUNET_CRYPTO_EddsaPublicKey *)
1672  pub,
1673  key_material);
1674 }
int GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:1614
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_sign()

int GNUNET_CRYPTO_eddsa_sign ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EddsaSignature sig 
)

EdDSA sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

EdDSA sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 989 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, data, data_to_eddsa_value(), decode_private_eddsa_key(), GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_WARNING, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), LOG, GNUNET_CRYPTO_EddsaSignature::r, and GNUNET_CRYPTO_EddsaSignature::s.

Referenced by do_dht_put(), forward_dv_learn(), GNUNET_FS_uri_loc_create(), GNUNET_HELLO_sign_address(), GST_validation_handle_ping(), handle_validation_challenge(), iface_proc(), inject_rekey(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), mq_send(), regex_iterator(), send_disconnect(), setup_flood_message(), sign_ephemeral_key(), start_dv_learn(), transmit_kx(), and update_ephemeral().

993 {
994  gcry_sexp_t priv_sexp;
995  gcry_sexp_t sig_sexp;
996  gcry_sexp_t data;
997  int rc;
998  gcry_mpi_t rs[2];
999 
1000  BENCHMARK_START (eddsa_sign);
1001 
1002  priv_sexp = decode_private_eddsa_key (priv);
1003  data = data_to_eddsa_value (purpose);
1004  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
1005  {
1007  _ ("EdDSA signing failed at %s:%d: %s\n"),
1008  __FILE__,
1009  __LINE__,
1010  gcry_strerror (rc));
1011  gcry_sexp_release (data);
1012  gcry_sexp_release (priv_sexp);
1013  return GNUNET_SYSERR;
1014  }
1015  gcry_sexp_release (priv_sexp);
1016  gcry_sexp_release (data);
1017 
1018  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
1019  'signature' */
1020  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
1021  {
1022  GNUNET_break (0);
1023  gcry_sexp_release (sig_sexp);
1024  return GNUNET_SYSERR;
1025  }
1026  gcry_sexp_release (sig_sexp);
1027  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof (sig->r), rs[0]);
1028  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof (sig->s), rs[1]);
1029  gcry_mpi_release (rs[0]);
1030  gcry_mpi_release (rs[1]);
1031 
1032  BENCHMARK_END (eddsa_sign);
1033 
1034  return GNUNET_OK;
1035 }
unsigned char r[256/8]
R value.
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
unsigned char s[256/8]
S value.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:208
#define LOG(kind,...)
Definition: crypto_ecc.c:42
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
static gcry_sexp_t decode_private_eddsa_key(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:172
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:77
static gcry_sexp_t data_to_eddsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:841
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_sign()

int GNUNET_CRYPTO_ecdsa_sign ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EcdsaSignature sig 
)

ECDSA Sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

ECDSA Sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 931 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, data, data_to_ecdsa_value(), decode_private_ecdsa_key(), GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_WARNING, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), LOG, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_create(), GNUNET_CREDENTIAL_credential_issue(), GNUNET_FS_publish_ublock_(), GNUNET_REVOCATION_sign_revocation(), handle_client_call_message(), and OIDC_build_authz_code().

935 {
936  gcry_sexp_t priv_sexp;
937  gcry_sexp_t sig_sexp;
938  gcry_sexp_t data;
939  int rc;
940  gcry_mpi_t rs[2];
941 
942  BENCHMARK_START (ecdsa_sign);
943 
944  priv_sexp = decode_private_ecdsa_key (priv);
945  data = data_to_ecdsa_value (purpose);
946  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
947  {
949  _ ("ECC signing failed at %s:%d: %s\n"),
950  __FILE__,
951  __LINE__,
952  gcry_strerror (rc));
953  gcry_sexp_release (data);
954  gcry_sexp_release (priv_sexp);
955  return GNUNET_SYSERR;
956  }
957  gcry_sexp_release (priv_sexp);
958  gcry_sexp_release (data);
959 
960  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
961  'signature' */
962  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
963  {
964  GNUNET_break (0);
965  gcry_sexp_release (sig_sexp);
966  return GNUNET_SYSERR;
967  }
968  gcry_sexp_release (sig_sexp);
969  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof (sig->r), rs[0]);
970  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof (sig->s), rs[1]);
971  gcry_mpi_release (rs[0]);
972  gcry_mpi_release (rs[1]);
973 
974  BENCHMARK_END (ecdsa_sign);
975 
976  return GNUNET_OK;
977 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
unsigned char r[256/8]
R value.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:208
#define LOG(kind,...)
Definition: crypto_ecc.c:42
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:886
unsigned char s[256/8]
S value.
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:77
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:137
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_verify()

int GNUNET_CRYPTO_eddsa_verify ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EddsaSignature sig,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Verify EdDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Verify EdDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 1116 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, CURVE, data, data_to_eddsa_value(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_OK, GNUNET_SYSERR, LOG, LOG_GCRY, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, GNUNET_CRYPTO_EddsaSignature::r, and GNUNET_CRYPTO_EddsaSignature::s.

Referenced by block_plugin_dns_evaluate(), decrypt_and_check_tc(), do_rekey(), evaluate_block_regex_accept(), GNUNET_HELLO_extract_address(), GST_neighbours_handle_disconnect_message(), GST_validation_handle_pong(), handle_dv_box(), handle_dv_learn(), handle_ephemeral_key(), handle_validation_response(), keygen_round1_new_element(), keygen_round2_new_element(), sock_read(), uri_loc_parse(), validate_dv_initiator_signature(), verify_confirmation(), and verify_message_crypto().

1121 {
1122  gcry_sexp_t data;
1123  gcry_sexp_t sig_sexpr;
1124  gcry_sexp_t pub_sexpr;
1125  int rc;
1126 
1127  BENCHMARK_START (eddsa_verify);
1128 
1129  if (purpose != ntohl (validate->purpose))
1130  return GNUNET_SYSERR; /* purpose mismatch */
1131 
1132  /* build s-expression for signature */
1133  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
1134  NULL,
1135  "(sig-val(eddsa(r %b)(s %b)))",
1136  (int) sizeof (sig->r),
1137  sig->r,
1138  (int) sizeof (sig->s),
1139  sig->s)))
1140  {
1141  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
1142  return GNUNET_SYSERR;
1143  }
1144  data = data_to_eddsa_value (validate);
1145  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
1146  NULL,
1147  "(public-key(ecc(curve " CURVE
1148  ")(flags eddsa)(q %b)))",
1149  (int) sizeof (pub->q_y),
1150  pub->q_y)))
1151  {
1152  gcry_sexp_release (data);
1153  gcry_sexp_release (sig_sexpr);
1154  return GNUNET_SYSERR;
1155  }
1156  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
1157  gcry_sexp_release (pub_sexpr);
1158  gcry_sexp_release (data);
1159  gcry_sexp_release (sig_sexpr);
1160  if (0 != rc)
1161  {
1163  _ ("EdDSA signature verification failed at %s:%d: %s\n"),
1164  __FILE__,
1165  __LINE__,
1166  gcry_strerror (rc));
1167  BENCHMARK_END (eddsa_verify);
1168  return GNUNET_SYSERR;
1169  }
1170  BENCHMARK_END (eddsa_verify);
1171  return GNUNET_OK;
1172 }
unsigned char r[256/8]
R value.
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
unsigned char s[256/8]
S value.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define _(String)
GNU gettext support macro.
Definition: platform.h:208
#define LOG(kind,...)
Definition: crypto_ecc.c:42
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
static gcry_sexp_t data_to_eddsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:841
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_verify()

int GNUNET_CRYPTO_ecdsa_verify ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EcdsaSignature sig,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Verify ECDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Verify ECDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 1048 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, CURVE, data, data_to_ecdsa_value(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_OK, GNUNET_SYSERR, LOG, LOG_GCRY, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EcdsaPublicKey::q_y, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_plugin_fs_evaluate(), block_plugin_revocation_evaluate(), GNUNET_CREDENTIAL_credential_deserialize(), GNUNET_CREDENTIAL_credential_serialize(), GNUNET_GNSRECORD_block_verify(), handle_cadet_ring_message(), OIDC_parse_authz_code(), and verify_revoke_message().

1053 {
1054  gcry_sexp_t data;
1055  gcry_sexp_t sig_sexpr;
1056  gcry_sexp_t pub_sexpr;
1057  int rc;
1058 
1059  BENCHMARK_START (ecdsa_verify);
1060 
1061  if (purpose != ntohl (validate->purpose))
1062  return GNUNET_SYSERR; /* purpose mismatch */
1063 
1064  /* build s-expression for signature */
1065  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
1066  NULL,
1067  "(sig-val(ecdsa(r %b)(s %b)))",
1068  (int) sizeof (sig->r),
1069  sig->r,
1070  (int) sizeof (sig->s),
1071  sig->s)))
1072  {
1073  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
1074  return GNUNET_SYSERR;
1075  }
1076  data = data_to_ecdsa_value (validate);
1077  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
1078  NULL,
1079  "(public-key(ecc(curve " CURVE ")(q %b)))",
1080  (int) sizeof (pub->q_y),
1081  pub->q_y)))
1082  {
1083  gcry_sexp_release (data);
1084  gcry_sexp_release (sig_sexpr);
1085  return GNUNET_SYSERR;
1086  }
1087  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
1088  gcry_sexp_release (pub_sexpr);
1089  gcry_sexp_release (data);
1090  gcry_sexp_release (sig_sexpr);
1091  if (0 != rc)
1092  {
1094  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
1095  __FILE__,
1096  __LINE__,
1097  gcry_strerror (rc));
1098  BENCHMARK_END (ecdsa_verify);
1099  return GNUNET_SYSERR;
1100  }
1101  BENCHMARK_END (ecdsa_verify);
1102  return GNUNET_OK;
1103 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
unsigned char r[256/8]
R value.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
#define _(String)
GNU gettext support macro.
Definition: platform.h:208
#define LOG(kind,...)
Definition: crypto_ecc.c:42
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:886
unsigned char s[256/8]
S value.
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_private_key_derive()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_private_key_derive ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const char *  label,
const char *  context 
)

Derive a private key from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Essentially calculates a private key 'd = H(l,P) * x mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Definition at line 1295 of file crypto_ecc.c.

References ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, derive_h(), GNUNET_assert, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_new, h, and ret.

Referenced by block_create(), and GNUNET_FS_publish_ublock_().

1299 {
1302  gcry_mpi_t h;
1303  gcry_mpi_t x;
1304  gcry_mpi_t d;
1305  gcry_mpi_t n;
1306  gcry_ctx_t ctx;
1307 
1308  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
1309 
1310  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
1312 
1313  h = derive_h (&pub, label, context);
1314  GNUNET_CRYPTO_mpi_scan_unsigned (&x, priv->d, sizeof (priv->d));
1315  d = gcry_mpi_new (256);
1316  gcry_mpi_mulm (d, h, x, n);
1317  gcry_mpi_release (h);
1318  gcry_mpi_release (x);
1319  gcry_mpi_release (n);
1320  gcry_ctx_release (ctx);
1322  GNUNET_CRYPTO_mpi_print_unsigned (ret->d, sizeof (ret->d), d);
1323  gcry_mpi_release (d);
1324  return ret;
1325 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
static int ret
Final status code.
Definition: gnunet-arm.c:89
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:94
static pa_context * context
Pulseaudio context.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:128
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:241
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:39
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:1257
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_derive()

void GNUNET_CRYPTO_ecdsa_public_key_derive ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EcdsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key derivation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 1339 of file crypto_ecc.c.

References ctx, CURVE, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), h, q, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_query_from_public_key(), and schedule_transmit_search_request().

1344 {
1345  gcry_ctx_t ctx;
1346  gcry_mpi_t q_y;
1347  gcry_mpi_t h;
1348  gcry_mpi_t n;
1349  gcry_mpi_t h_mod_n;
1350  gcry_mpi_point_t q;
1351  gcry_mpi_point_t v;
1352 
1353  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
1354 
1355  /* obtain point 'q' from original public key. The provided 'q' is
1356  compressed thus we first store it in the context and then get it
1357  back as a (decompresssed) point. */
1358  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof (pub->q_y));
1359  GNUNET_assert (NULL != q_y);
1360  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
1361  gcry_mpi_release (q_y);
1362  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1363  GNUNET_assert (q);
1364 
1365  /* calculate h_mod_n = h % n */
1366  h = derive_h (pub, label, context);
1367  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
1368  h_mod_n = gcry_mpi_new (256);
1369  gcry_mpi_mod (h_mod_n, h, n);
1370  /* calculate v = h_mod_n * q */
1371  v = gcry_mpi_point_new (0);
1372  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
1373  gcry_mpi_release (h_mod_n);
1374  gcry_mpi_release (h);
1375  gcry_mpi_release (n);
1376  gcry_mpi_point_release (q);
1377 
1378  /* convert point 'v' to public key that we return */
1379  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
1380  gcry_mpi_point_release (v);
1381  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
1382  GNUNET_assert (q_y);
1383  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof (result->q_y), q_y);
1384  gcry_mpi_release (q_y);
1385  gcry_ctx_release (ctx);
1386 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:75
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:94
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static pa_context * context
Pulseaudio context.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:1257
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
Here is the call graph for this function:
Here is the caller graph for this function: