GNUnet  0.20.0
Crypto library: cryptographic operations

Provides cryptographic primitives. More...

Collaboration diagram for Crypto library: cryptographic operations:

Macros

#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
 EdDSA sign a given block. More...
 
#define GNUNET_CRYPTO_ecdsa_sign(priv, ps, sig)
 ECDSA sign a given block. More...
 
#define GNUNET_CRYPTO_edx25519_sign(priv, ps, sig)
 Edx25519 sign a given block. More...
 
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
 Verify EdDSA signature. More...
 
#define GNUNET_CRYPTO_ecdsa_verify(purp, ps, sig, pub)
 Verify ECDSA signature. More...
 
#define GNUNET_CRYPTO_edx25519_verify(purp, ps, sig, pub)
 Verify Edx25519 signature. More...
 

Enumerations

enum  GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK , GNUNET_CRYPTO_QUALITY_STRONG , GNUNET_CRYPTO_QUALITY_NONCE }
 Desired quality level for random numbers. More...
 

Functions

void GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 Seed a weak random generator. More...
 
void GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
 Zero out buffer, securely against compiler optimizations. More...
 
void GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
 Fill block with a random values. More...
 
void GNUNET_CRYPTO_random_timeflake (enum GNUNET_CRYPTO_Quality mode, struct GNUNET_Uuid *uuid)
 Fill UUID with a timeflake pseudo-random value. More...
 
uint32_t GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
 Produce a random value. More...
 
uint64_t GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 Generate a random unsigned 64-bit value. More...
 
unsigned int * GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
 Get an array with a random permutation of the numbers 0...n-1. More...
 
void GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
 Create a new random session key. More...
 
ssize_t GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Encrypt a block using a symmetric sessionkey. More...
 
ssize_t GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Decrypt a given block using a symmetric sessionkey. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
 Derive an IV. More...
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_edx25519_key_get_public (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 Create a new private key by reading our peer's key from the file specified in the configuration. More...
 
void GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_edx25519_key_create (struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_edx25519_key_create_from_seed (const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
 Create a new private key for Edx25519 from a given seed. More...
 
void GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_edx25519_key_clear (struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
 Get the shared private key we use for anonymous users. More...
 
void GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
 Setup a hostkey file for a peer given the name of the configuration file (!). More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
 Retrieve the identity of the host's peer. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_decaps (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *c, struct GNUNET_HashCode *key_material)
 Decapsulate a key for a private EdDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_encaps (const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_CRYPTO_EcdhePublicKey *c, struct GNUNET_HashCode *key_material)
 Encapsulate key material for a EdDSA public key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_fo_kem_encaps (const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_CRYPTO_FoKemC *c, struct GNUNET_HashCode *key_material)
 Encapsulate key material using a CCA-secure KEM. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_fo_kem_decaps (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_FoKemC *c, struct GNUNET_HashCode *key_material)
 Decapsulate key material using a CCA-secure KEM. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_fo_kem_encaps (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_CRYPTO_FoKemC *c, struct GNUNET_HashCode *key_material)
 Encapsulate key material using a CCA-secure KEM. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_fo_kem_decaps (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_FoKemC *c, struct GNUNET_HashCode *key_material)
 Decapsulate key material using a CCA-secure KEM. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private ECDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_sign_ (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_Edx25519Signature *sig)
 Edx25519 sign a given block. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_Edx25519Signature *sig, const struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
 Verify Edx25519 signature. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 
void GNUNET_CRYPTO_eddsa_private_key_derive (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPrivateScalar *result)
 Derive a private scalar from a given private key and a label. More...
 
void GNUNET_CRYPTO_eddsa_public_key_derive (const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 
void GNUNET_CRYPTO_edx25519_private_key_derive (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
 Derive a private scalar from a given private key and a label. More...
 
void GNUNET_CRYPTO_edx25519_public_key_derive (const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
 Derive a public key from a given public key and a label. More...
 

Detailed Description

Provides cryptographic primitives.

See also
Documentation

Macro Definition Documentation

◆ GNUNET_CRYPTO_eddsa_sign

#define GNUNET_CRYPTO_eddsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:607
@ GNUNET_OK

EdDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 2039 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_ecdsa_sign

#define GNUNET_CRYPTO_ecdsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition: crypto_ecc.c:536

ECDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 2101 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_edx25519_sign

#define GNUNET_CRYPTO_edx25519_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_sign_(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_Edx25519Signature *sig)
Edx25519 sign a given block.

Edx25519 sign a given block.

The resulting signature is compatible with EdDSA.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 2148 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_eddsa_verify

#define GNUNET_CRYPTO_eddsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_eddsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:47

Verify EdDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 2201 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_ecdsa_verify

#define GNUNET_CRYPTO_ecdsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_ecdsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})

Verify ECDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 2253 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_edx25519_verify

#define GNUNET_CRYPTO_edx25519_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_edx25519_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})

Verify Edx25519 signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 2305 of file gnunet_crypto_lib.h.

Enumeration Type Documentation

◆ GNUNET_CRYPTO_Quality

Desired quality level for random numbers.

Enumerator
GNUNET_CRYPTO_QUALITY_WEAK 

No good quality of the operation is needed (i.e., random numbers can be pseudo-random).

GNUNET_CRYPTO_QUALITY_STRONG 

High-quality operations are desired.

GNUNET_CRYPTO_QUALITY_NONCE 

Randomness for IVs etc.

is required.

Definition at line 84 of file gnunet_crypto_lib.h.

85 {
92 
98 
104 };
@ GNUNET_CRYPTO_QUALITY_STRONG
High-quality operations are desired.
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
@ GNUNET_CRYPTO_QUALITY_NONCE
Randomness for IVs etc.

Function Documentation

◆ GNUNET_CRYPTO_seed_weak_random()

void GNUNET_CRYPTO_seed_weak_random ( int32_t  seed)

Seed a weak random generator.

Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator can be seeded.

Parameters
seedthe seed to use

Definition at line 91 of file crypto_random.c.

92 {
93 #ifdef OPENBSD
94  srandom_deterministic (seed);
95 #else
96  srandom (seed);
97 #endif
98 }

Referenced by __attribute__().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_zero_keys()

void GNUNET_CRYPTO_zero_keys ( void *  buffer,
size_t  length 
)

Zero out buffer, securely against compiler optimizations.

Used to delete key material.

Parameters
bufferthe buffer to zap
lengthbuffer length

Definition at line 110 of file crypto_random.c.

111 {
112 #if HAVE_MEMSET_S
113  memset_s (buffer, length, 0, length);
114 #elif HAVE_EXPLICIT_BZERO
115  explicit_bzero (buffer, length);
116 #else
117  volatile unsigned char *p = buffer;
118  while (length--)
119  *p++ = 0;
120 #endif
121 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-uri.c:38

References p.

Referenced by dv_key_clean(), GNUNET_IDENTITY_decrypt(), and GNUNET_IDENTITY_decrypt_old().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_block()

void GNUNET_CRYPTO_random_block ( enum GNUNET_CRYPTO_Quality  mode,
void *  buffer,
size_t  length 
)

Fill block with a random values.

Parameters
modedesired quality of the random number
[out]bufferthe buffer to fill
lengthbuffer length
modedesired quality of the random number
bufferthe buffer to fill
lengthbuffer length

Definition at line 133 of file crypto_random.c.

136 {
137 #ifdef gcry_fast_random_poll
138  static unsigned int invokeCount;
139 #endif
140  switch (mode)
141  {
143  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
144 #ifdef gcry_fast_random_poll
145  if ((invokeCount++ % 256) == 0)
146  gcry_fast_random_poll ();
147 #endif
148  gcry_randomize (buffer, length, GCRY_STRONG_RANDOM);
149  return;
150 
152  gcry_create_nonce (buffer, length);
153  return;
154 
156  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
157 #ifdef gcry_fast_random_poll
158  if ((invokeCount++ % 256) == 0)
159  gcry_fast_random_poll ();
160 #endif
161  gcry_randomize (buffer, length, GCRY_WEAK_RANDOM);
162  return;
163 
164  default:
165  GNUNET_assert (0);
166  }
167 }
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.

References GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and mode.

Referenced by delayed_put(), do_pad(), encode_message_body(), GCC_create(), generate_free_member_id(), GNUNET_async_scope_fresh(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_edx25519_key_create(), GNUNET_CRYPTO_random_timeflake(), handle_validation_response(), mq_init(), output_vectors(), prepare_pending_acknowledgement(), RPS_sampler_elem_reinit(), run(), sock_read(), start_address_validation(), start_dv_learn(), and transmit_kx().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_timeflake()

void GNUNET_CRYPTO_random_timeflake ( enum GNUNET_CRYPTO_Quality  mode,
struct GNUNET_Uuid uuid 
)

Fill UUID with a timeflake pseudo-random value.

Note that timeflakes use only 80 bits of randomness and 48 bits to encode a timestamp in milliseconds. So what we return here is not a completely random number.

Parameters
modedesired quality of the random number
[out]uuidthe value to fill

Note that timeflakes use only 80 bits of randomness and 48 bits to encode a timestamp in milliseconds. So what we return here is not a completely random number.

Parameters
modedesired quality of the random number
uuidthe value to fill

Definition at line 316 of file crypto_random.c.

318 {
319  struct GNUNET_TIME_Absolute now;
320  uint64_t ms;
321  uint64_t be;
322  char *base;
323 
325  uuid,
326  sizeof (struct GNUNET_Uuid));
327  now = GNUNET_TIME_absolute_get ();
328  ms = now.abs_value_us / GNUNET_TIME_UNIT_MILLISECONDS.rel_value_us;
329  be = GNUNET_htonll (ms);
330  base = (char *) &be;
331  memcpy (uuid,
332  base + 2,
333  sizeof (be) - 2);
334 }
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
uint64_t GNUNET_htonll(uint64_t n)
Convert unsigned 64-bit integer to network byte order.
Definition: common_endian.c:37
#define GNUNET_TIME_UNIT_MILLISECONDS
One millisecond.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:111
Time for absolute times used by GNUnet, in microseconds.
A UUID, a 128 bit "random" value.

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_CRYPTO_random_block(), GNUNET_htonll(), GNUNET_TIME_absolute_get(), GNUNET_TIME_UNIT_MILLISECONDS, and mode.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u32()

uint32_t GNUNET_CRYPTO_random_u32 ( enum GNUNET_CRYPTO_Quality  mode,
uint32_t  i 
)

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i) (exclusive).

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i[.

Definition at line 178 of file crypto_random.c.

180 {
181 #ifdef gcry_fast_random_poll
182  static unsigned int invokeCount;
183 #endif
184  uint32_t ret;
185  uint32_t ul;
186 
187  GNUNET_assert (i > 0);
188 
189  switch (mode)
190  {
192  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
193 #ifdef gcry_fast_random_poll
194  if ((invokeCount++ % 256) == 0)
195  gcry_fast_random_poll ();
196 #endif
197  ul = UINT32_MAX - (UINT32_MAX % i);
198  do
199  {
200  gcry_randomize ((unsigned char *) &ret,
201  sizeof(uint32_t),
202  GCRY_STRONG_RANDOM);
203  }
204  while (ret >= ul);
205  return ret % i;
206 
208  ul = UINT32_MAX - (UINT32_MAX % i);
209  do
210  {
211  gcry_create_nonce (&ret, sizeof(ret));
212  }
213  while (ret >= ul);
214  return ret % i;
215 
217  ret = i * get_weak_random ();
218  if (ret >= i)
219  ret = i - 1;
220  return ret;
221 
222  default:
223  GNUNET_assert (0);
224  }
225  return 0;
226 }
static double get_weak_random(void)
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:84
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, mode, and ret.

Referenced by __attribute__(), adjust_running_peers(), allocate_v4_address(), allocate_v6_address(), attempt_connect_task(), barrier_wait_cb(), calculate_seed(), channel_new_cb(), compute_service_response(), daemon_started(), delayed_get(), delayed_put(), download_get_url(), find_validation_entry(), GDS_am_closest_peer(), gen_topo_random(), generate_indices(), generate_request_id(), get_any(), get_bootstrap_server(), get_preference(), get_property(), get_random_literal(), get_random_peer_from_peermap(), get_request_socket(), get_typed(), GNUNET_BLOCK_GROUP_bf_create(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_hash_create_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FRAGMENT_context_create(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), main(), manage_service_wrapper(), ogg_init(), plan(), queue(), reannounce_regex(), recursive_dns_resolution(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), revalidate_address(), run(), second_stage(), select_peer(), select_random_peer(), send_bloomfilter(), send_hello(), send_keepalive(), setup_fresh_address(), setup_fresh_ping(), setup_sockets(), should_I_drop(), shuffle_answers(), start_dv_learn(), test_run(), transmit_typemap_task(), and try_open_exit().

Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u64()

uint64_t GNUNET_CRYPTO_random_u64 ( enum GNUNET_CRYPTO_Quality  mode,
uint64_t  max 
)

Generate a random unsigned 64-bit value.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Definition at line 262 of file crypto_random.c.

264 {
265  uint64_t ret;
266  uint64_t ul;
267 
268  GNUNET_assert (max > 0);
269  switch (mode)
270  {
272  ul = UINT64_MAX - (UINT64_MAX % max);
273  do
274  {
275  gcry_randomize ((unsigned char *) &ret,
276  sizeof(uint64_t),
277  GCRY_STRONG_RANDOM);
278  }
279  while (ret >= ul);
280  return ret % max;
281 
283  ul = UINT64_MAX - (UINT64_MAX % max);
284  do
285  {
286  gcry_create_nonce (&ret, sizeof(ret));
287  }
288  while (ret >= ul);
289 
290  return ret % max;
291 
293  ret = max * get_weak_random ();
294  if (ret >= max)
295  ret = max - 1;
296  return ret;
297 
298  default:
299  GNUNET_assert (0);
300  }
301  return 0;
302 }
#define max(x, y)

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, max, mode, and ret.

Referenced by activate_core_visible_dv_path(), calculate_fork_degree(), choose_exit(), dht_connected(), gen_topo_scale_free(), GNUNET_DHT_connect(), GNUNET_REVOCATION_pow_start(), handle_dht_p2p_put(), handle_flow_control(), handle_validation_response(), ifc_broadcast(), namestore_flat_store_records(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), run(), sampler_get_rand_peer(), send_find_peer_message(), send_full_set(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_permute()

unsigned int* GNUNET_CRYPTO_random_permute ( enum GNUNET_CRYPTO_Quality  mode,
unsigned int  n 
)

Get an array with a random permutation of the numbers 0...n-1.

Parameters
modeGNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used, GNUNET_CRYPTO_QUALITY_WEAK or GNUNET_CRYPTO_QUALITY_NONCE otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)
Parameters
mode#GNUNET_RANDOM_QUALITY_STRONG if the strong (but expensive) PRNG should be used, #GNUNET_RANDOM_QUALITY_WEAK otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)

Definition at line 238 of file crypto_random.c.

240 {
241  unsigned int *ret;
242  unsigned int i;
243  unsigned int tmp;
244  uint32_t x;
245 
246  GNUNET_assert (n > 0);
247  ret = GNUNET_malloc (n * sizeof(unsigned int));
248  for (i = 0; i < n; i++)
249  ret[i] = i;
250  for (i = n - 1; i > 0; i--)
251  {
252  x = GNUNET_CRYPTO_random_u32 (mode, i + 1);
253  tmp = ret[x];
254  ret[x] = ret[i];
255  ret[i] = tmp;
256  }
257  return ret;
258 }
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random unsigned 32-bit number modulo i.
#define GNUNET_malloc(size)
Wrapper around malloc.

References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, mode, and ret.

Referenced by churn(), compute_service_response(), and do_round().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_create_session_key()

void GNUNET_CRYPTO_symmetric_create_session_key ( struct GNUNET_CRYPTO_SymmetricSessionKey key)

Create a new random session key.

Parameters
keykey to initialize

Create a new random session key.

Parameters
keysession key to initialize

Definition at line 42 of file crypto_symmetric.c.

45 {
46  gcry_randomize (key->aes_key,
48  GCRY_STRONG_RANDOM);
49  gcry_randomize (key->twofish_key,
51  GCRY_STRONG_RANDOM);
52 }
struct GNUNET_HashCode key
The key used in the DHT.
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)

References GNUNET_CRYPTO_AES_KEY_LENGTH, and key.

◆ GNUNET_CRYPTO_symmetric_encrypt()

ssize_t GNUNET_CRYPTO_symmetric_encrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams.
Returns
the size of the encrypted block, -1 for errors

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams
resultthe output parameter in which to store the encrypted result can be the same or overlap with block
Returns
the size of the encrypted block, -1 for errors. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as len.

Definition at line 131 of file crypto_symmetric.c.

138 {
139  gcry_cipher_hd_t handle;
140  char tmp[size];
141 
142  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
143  return -1;
144  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
145  gcry_cipher_close (handle);
146  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
147  return -1;
148  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
149  gcry_cipher_close (handle);
150  memset (tmp, 0, sizeof(tmp));
151  return size;
152 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:68

References GNUNET_assert, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by do_encrypt(), encrypt_existing_match(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), GNUNET_IDENTITY_decrypt(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_decrypt()

ssize_t GNUNET_CRYPTO_symmetric_decrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizehow big is the block?
sessionkeythe key used to decrypt
ivthe initialization vector to use
resultaddress to store the result at
Returns
-1 on failure, size of decrypted block on success

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizethe size of the block to decrypt
sessionkeythe key used to decrypt
ivthe initialization vector to use, use INITVALUE for streams
resultaddress to store the result at can be the same or overlap with block
Returns
-1 on failure, size of decrypted block on success. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as size.

Definition at line 169 of file crypto_symmetric.c.

176 {
177  gcry_cipher_hd_t handle;
178  char tmp[size];
179 
180  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
181  return -1;
182  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
183  gcry_cipher_close (handle);
184  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
185  return -1;
186  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
187  gcry_cipher_close (handle);
188  memset (tmp, 0, sizeof(tmp));
189  return size;
190 }

References GNUNET_assert, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by do_decrypt(), GNUNET_FS_ublock_decrypt_(), GNUNET_IDENTITY_decrypt_old(), process_result_with_request(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_derive_iv()

void GNUNET_CRYPTO_symmetric_derive_iv ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
const void *  salt,
size_t  salt_len,
  ... 
)

Derive an IV.

Parameters
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
...pairs of void * & size_t for context chunks, terminated by NULL

Definition at line 203 of file crypto_symmetric.c.

211 {
212  va_list argp;
213 
214  va_start (argp, salt_len);
215  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
216  va_end (argp);
217 }
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
void GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
Derive an IV.

References GNUNET_CRYPTO_symmetric_derive_iv_v(), and salt.

Referenced by derive_iv(), derive_pong_iv(), t_ax_decrypt(), t_ax_encrypt(), t_h_decrypt(), t_h_encrypt(), and try_old_ax_keys().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_public()

void GNUNET_CRYPTO_ecdsa_key_get_public ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 187 of file crypto_ecc.c.

190 {
191  BENCHMARK_START (ecdsa_key_get_public);
192  crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
193  BENCHMARK_END (ecdsa_key_get_public);
194 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by decrypt_block_with_keyword(), get_update_information_directory(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), and process_kblock_for_unindex().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_get_public()

void GNUNET_CRYPTO_eddsa_key_get_public ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 198 of file crypto_ecc.c.

201 {
202  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
203  unsigned char sk[crypto_sign_SECRETKEYBYTES];
204 
205  BENCHMARK_START (eddsa_key_get_public);
206  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
207  GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
208  sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
209  BENCHMARK_END (eddsa_key_get_public);
210 }
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_memcpy, pk, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by advertise_dns_exit(), checkvec(), create_keys(), get_identity(), GNUNET_CRYPTO_eddsa_private_key_derive(), GNUNET_FS_uri_loc_create(), GNUNET_TESTING_get_peer(), GNUNET_TESTING_hostkey_get(), GSC_KX_init(), init_socket(), main_init(), output_vectors(), print_key(), regex_iterator(), and run().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_edx25519_key_get_public()

void GNUNET_CRYPTO_edx25519_key_get_public ( const struct GNUNET_CRYPTO_Edx25519PrivateKey priv,
struct GNUNET_CRYPTO_Edx25519PublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 79 of file crypto_edx25519.c.

82 {
83  crypto_scalarmult_ed25519_base_noclamp (pub->q_y,
84  priv->a);
85 }
unsigned char a[256/8]
a is a value mod n, where n has at most 256 bits.

References GNUNET_CRYPTO_Edx25519PrivateKey::a, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by GNUNET_CRYPTO_edx25519_private_key_derive(), and output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_get_public()

void GNUNET_CRYPTO_ecdhe_key_get_public ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
struct GNUNET_CRYPTO_EcdhePublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 214 of file crypto_ecc.c.

217 {
218  BENCHMARK_START (ecdhe_key_get_public);
219  GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
220  BENCHMARK_END (ecdhe_key_get_public);
221 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by GCT_add_channel(), GCT_send(), GNUNET_IDENTITY_decrypt(), output_vectors(), print_examples_ecdh(), send_kx(), send_kx_auth(), and sign_ephemeral_key().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_from_file()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EcdsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

Definition at line 1 of file crypto_ecc_setup.c.

204 {
205  if (GNUNET_OK ==
207  pkey,
208  sizeof (*pkey)))
209  {
210  /* file existed, report that we didn't create it... */
211  return (do_create) ? GNUNET_NO : GNUNET_OK;
212  }
213  else if (! do_create)
214  {
215  return GNUNET_SYSERR;
216  }
218  if (GNUNET_OK ==
220  pkey,
221  sizeof (*pkey),
223  return GNUNET_OK;
224  /* maybe another process succeeded in the meantime, try reading one more time */
225  if (GNUNET_OK ==
227  pkey,
228  sizeof (*pkey)))
229  {
230  /* file existed, report that *we* didn't create it... */
231  return GNUNET_NO;
232  }
233  /* give up */
234  return GNUNET_SYSERR;
235 }
static enum GNUNET_GenericReturnValue read_from_file(const char *filename, void *buf, size_t buf_size)
Read file to buf.
static char * filename
static char * pkey
Public key of the zone to look in, in ASCII.
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:447
enum GNUNET_GenericReturnValue GNUNET_DISK_fn_write(const char *fn, const void *buf, size_t buf_size, enum GNUNET_DISK_AccessPermissions mode)
Write a buffer to a file atomically.
Definition: disk.c:725
@ GNUNET_DISK_PERM_USER_READ
Owner can read.
@ GNUNET_NO
@ GNUNET_SYSERR

◆ GNUNET_CRYPTO_eddsa_key_from_file()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EddsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
- GNUNET_OK on success,
  • GNUNET_NO if do_create was set but we found an existing file,
  • GNUNET_SYSERR on failure or if the file didn't exist and do_create was not set

Definition at line 1 of file crypto_ecc_setup.c.

147 {
149 
150  if (GNUNET_OK ==
152  pkey,
153  sizeof (*pkey)))
154  {
155  /* file existed, report that we didn't create it... */
156  return (do_create) ? GNUNET_NO : GNUNET_OK;
157  }
158  else if (! do_create)
159  {
160  return GNUNET_SYSERR;
161  }
162 
165  pkey,
166  sizeof (*pkey),
168  if ( (GNUNET_OK == ret) ||
169  (GNUNET_SYSERR == ret) )
170  return ret;
171  /* maybe another process succeeded in the meantime, try reading one more time */
172  if (GNUNET_OK ==
174  pkey,
175  sizeof (*pkey)))
176  {
177  /* file existed, report that *we* didn't create it... */
178  return GNUNET_NO;
179  }
180  /* give up */
181  return GNUNET_SYSERR;
182 }
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:462
GNUNET_GenericReturnValue
Named constants for return values.

Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), main_init(), and run().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_configuration()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_configuration ( const struct GNUNET_CONFIGURATION_Handle cfg)

Create a new private key by reading our peer's key from the file specified in the configuration.

Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free
Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 247 of file crypto_ecc_setup.c.

249 {
250  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
251  char *fn;
252 
253  if (GNUNET_OK !=
255  "PEER",
256  "PRIVATE_KEY",
257  &fn))
258  return NULL;
261  GNUNET_YES,
262  priv))
263  {
264  GNUNET_free (fn);
265  GNUNET_free (priv);
266  return NULL;
267  }
268  GNUNET_free (fn);
269  return priv;
270 }
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration we are using.
Definition: gnunet-abd.c:36
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file(const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
Create a new private key by reading it from a file.
@ GNUNET_YES
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_free(ptr)
Wrapper around free.
Private ECC key encoded for transmission.

References cfg, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_from_file(), GNUNET_free, GNUNET_new, GNUNET_OK, GNUNET_SYSERR, and GNUNET_YES.

Referenced by advertise_dns_exit(), GNUNET_CRYPTO_eddsa_setup_key(), init_socket(), and run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create()

void GNUNET_CRYPTO_ecdsa_key_create ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 447 of file crypto_ecc.c.

448 {
449  BENCHMARK_START (ecdsa_key_create);
451  pk,
452  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
453  pk->d[0] &= 248;
454  pk->d[31] &= 127;
455  pk->d[31] |= 64;
456 
457  BENCHMARK_END (ecdsa_key_create);
458 }
Private ECC key encoded for transmission.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.

Referenced by run_edkey(), and run_pkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create()

void GNUNET_CRYPTO_eddsa_key_create ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 462 of file crypto_ecc.c.

463 {
464  BENCHMARK_START (eddsa_key_create);
465  /*
466  * We do not clamp for EdDSA, since all functions that use the private key do
467  * their own clamping (just like in libsodium). What we call "private key"
468  * here, actually corresponds to the seed in libsodium.
469  *
470  * (Contrast this to ECDSA, where functions using the private key can't clamp
471  * due to properties needed for GNS. That is a worse/unsafer API, but
472  * required for the GNS constructions to work.)
473  */
475  pk,
476  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
477  BENCHMARK_END (eddsa_key_create);
478 }

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.

Referenced by create_keys(), output_vectors(), and run_edkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_edx25519_key_create()

void GNUNET_CRYPTO_edx25519_key_create ( struct GNUNET_CRYPTO_Edx25519PrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 65 of file crypto_edx25519.c.

67 {
68  char seed[256 / 8];
70  seed,
71  sizeof (seed));
73  sizeof(seed),
74  pk);
75 }
void GNUNET_CRYPTO_edx25519_key_create_from_seed(const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key for Edx25519 from a given seed.

References GNUNET_CRYPTO_edx25519_key_create_from_seed(), GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.

Referenced by output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_edx25519_key_create_from_seed()

void GNUNET_CRYPTO_edx25519_key_create_from_seed ( const void *  seed,
size_t  seedsize,
struct GNUNET_CRYPTO_Edx25519PrivateKey pk 
)

Create a new private key for Edx25519 from a given seed.

After expanding the seed, the first half of the key will be clamped according to EdDSA.

Parameters
seedseed input
seedsizesize of the seed in bytes
[out]pkprivate key to initialize

Definition at line 45 of file crypto_edx25519.c.

49 {
50 
51  GNUNET_static_assert (sizeof(*pk) == sizeof(struct GNUNET_HashCode));
52  GNUNET_CRYPTO_hash (seed,
53  seedsize,
54  (struct GNUNET_HashCode *) pk);
55 
56  /* Clamp the first half of the key. The second half is used in the signature
57  * process. */
58  pk->a[0] &= 248;
59  pk->a[31] &= 127;
60  pk->a[31] |= 64;
61 }
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
#define GNUNET_static_assert(cond)
Assertion to be checked (if supported by C compiler) at compile time, otherwise checked at runtime an...
A 512-bit hashcode.

References GNUNET_CRYPTO_hash(), GNUNET_static_assert, and pk.

Referenced by GNUNET_CRYPTO_edx25519_key_create().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create()

void GNUNET_CRYPTO_ecdhe_key_create ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Create a new private key.

Clear with GNUNET_CRYPTO_ecdhe_key_clear().

Parameters
[out]pkset to fresh private key;

Definition at line 436 of file crypto_ecc.c.

437 {
438  BENCHMARK_START (ecdhe_key_create);
440  pk,
441  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
442  BENCHMARK_END (ecdhe_key_create);
443 }
Private ECC key encoded for transmission.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.

Referenced by do_rekey(), GCT_create_tunnel(), GNUNET_IDENTITY_decrypt(), GSC_KX_init(), new_ephemeral(), output_vectors(), and print_examples_ecdh().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_clear()

void GNUNET_CRYPTO_eddsa_key_clear ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 429 of file crypto_ecc.c.

430 {
431  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
432 }

References pk.

◆ GNUNET_CRYPTO_ecdsa_key_clear()

void GNUNET_CRYPTO_ecdsa_key_clear ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 422 of file crypto_ecc.c.

423 {
424  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
425 }

References pk.

◆ GNUNET_CRYPTO_edx25519_key_clear()

void GNUNET_CRYPTO_edx25519_key_clear ( struct GNUNET_CRYPTO_Edx25519PrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 38 of file crypto_edx25519.c.

39 {
40  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_Edx25519PrivateKey));
41 }
Private ECC key material encoded for transmission.

References pk.

◆ GNUNET_CRYPTO_ecdhe_key_clear()

void GNUNET_CRYPTO_ecdhe_key_clear ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 415 of file crypto_ecc.c.

416 {
417  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
418 }

References pk.

Referenced by cleanup_ax(), and GNUNET_IDENTITY_decrypt().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_anonymous()

const struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_get_anonymous ( void  )

Get the shared private key we use for anonymous users.

Returns
"anonymous" private key; do not free

'anonymous' pseudonym (global static, d=1, public key = G (generator).

Definition at line 482 of file crypto_ecc.c.

483 {
488  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
489  static int once;
490 
491  if (once)
492  return &anonymous;
494  sizeof(anonymous.d),
495  GCRYMPI_CONST_ONE);
496  anonymous.d[0] &= 248;
497  anonymous.d[31] &= 127;
498  anonymous.d[31] |= 64;
499 
500  once = 1;
501  return &anonymous;
502 }
static int once
Global to mark if we've run the initialization.
Definition: gnsrecord.c:67
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:79

References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.

Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_setup_hostkey()

void GNUNET_CRYPTO_eddsa_setup_hostkey ( const char *  cfg_name)

Setup a hostkey file for a peer given the name of the configuration file (!).

This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).

Parameters
cfg_namename of the configuration file to use

◆ GNUNET_CRYPTO_get_peer_identity()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_get_peer_identity ( const struct GNUNET_CONFIGURATION_Handle cfg,
struct GNUNET_PeerIdentity dst 
)

Retrieve the identity of the host's peer.

Parameters
cfgconfiguration to use
dstpointer to where to write the peer identity
Returns
GNUNET_OK on success, GNUNET_SYSERR if the identity could not be retrieved

Definition at line 247 of file crypto_ecc_setup.c.

276 {
277  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
278 
280  {
282  _ ("Could not load peer's private key\n"));
283  return GNUNET_SYSERR;
284  }
286  &dst->public_key);
287  GNUNET_free (priv);
288  return GNUNET_OK;
289 }
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer's key from the file specified in the configuration.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:198
#define GNUNET_log(kind,...)
@ GNUNET_ERROR_TYPE_ERROR
#define _(String)
GNU gettext support macro.
Definition: platform.h:178
struct GNUNET_CRYPTO_EddsaPublicKey public_key

Referenced by get_result_iterator(), get_service_peer_identity(), GNUNET_CONVERSATION_phone_create(), libgnunet_plugin_dhtu_ip_init(), on_peer(), and run().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

717 {
718  uint8_t p[crypto_scalarmult_BYTES];
719  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
720  return GNUNET_SYSERR;
721  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
722  return GNUNET_OK;
723 }

References data, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, LOG_GCRY, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by checkvec(), derive_session_keys(), output_vectors(), print_examples_ecdh(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private EdDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from EdDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

730 {
731  struct GNUNET_HashCode hc;
732  uint8_t a[crypto_scalarmult_SCALARBYTES];
733  uint8_t p[crypto_scalarmult_BYTES];
734 
735  GNUNET_CRYPTO_hash (priv,
736  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
737  &hc);
738  memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
739  if (0 != crypto_scalarmult (p, a, pub->q_y))
740  return GNUNET_SYSERR;
742  crypto_scalarmult_BYTES,
743  key_material);
744  return GNUNET_OK;
745 }

Referenced by GNUNET_IDENTITY_decrypt_old(), and update_ax_by_kx().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_kem_decaps()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_decaps ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey c,
struct GNUNET_HashCode key_material 
)

Decapsulate a key for a private EdDSA key.

Dual to #GNUNET_CRRYPTO_eddsa_kem_encaps.

Parameters
privprivate key from EdDSA to use for the ECDH (x)
cthe encapsulated key
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

753 {
754  return GNUNET_CRYPTO_eddsa_ecdh (priv, c, key_material);
755 }
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private EdDSA key.
Definition: crypto_ecc.c:727

Referenced by handle_dv_box(), setup_in_cipher(), and setup_shared_secret_dec().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_kem_encaps()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_encaps ( const struct GNUNET_CRYPTO_EddsaPublicKey pub,
struct GNUNET_CRYPTO_EcdhePublicKey c,
struct GNUNET_HashCode key_material 
)

Encapsulate key material for a EdDSA public key.

Dual to #GNUNET_CRRYPTO_eddsa_kem_decaps.

Parameters
privprivate key to use for the ECDH (y)
cpublic key from EdDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

797 {
799 
802  return GNUNET_CRYPTO_ecdh_eddsa (&sk, pub, key_material);
803 }
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:436
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:777
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:214

Referenced by inject_rekey(), setup_shared_secret_ephemeral(), and start_initial_kx_out().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_fo_kem_encaps()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_fo_kem_encaps ( const struct GNUNET_CRYPTO_EddsaPublicKey pub,
struct GNUNET_CRYPTO_FoKemC c,
struct GNUNET_HashCode key_material 
)

Encapsulate key material using a CCA-secure KEM.

The KEM is using a OWTF with image oracle constructed from a Fujusaki-Okamoto transformation using ElGamal (DH plus XOR OTP). Dual to #GNUNET_CRRYPTO_eddsa_fo_kem_decaps.

Parameters
pubpublic key to encapsulated for
[out]cthe encapsulation
[out]key_materialthe encapsulated key
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

844 {
845  struct GNUNET_HashCode x;
846  struct GNUNET_HashCode ux;
847  struct GNUNET_HashCode w;
850 
851  // This is the input to the FO OWTF
853 
854  // We build our OWTF using a FO-transformation of ElGamal:
855  // U(x)
856  GNUNET_CRYPTO_hash (&x, sizeof (x), &ux);
857  GNUNET_memcpy (&sk, &ux, sizeof (sk));
858 
859  // B := g^U(x)
861 
862  ret = GNUNET_CRYPTO_ecdh_eddsa (&sk, pub, &w);
863  if (GNUNET_OK != ret)
864  return ret;
865  // w xor x (one-time pad)
866  GNUNET_CRYPTO_hash_xor (&w, &x, &c->y);
867 
868  // k := H(x) FIXME: U and H must be different?
869  GNUNET_memcpy (key_material, &ux, sizeof (ux));
870  return GNUNET_OK;
871 }
void GNUNET_CRYPTO_hash_xor(const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *b, struct GNUNET_HashCode *result)
compute result = a ^ b
Definition: crypto_hash.c:135
struct GNUNET_CRYPTO_EcdhePublicKey pub
struct GNUNET_HashCode y

◆ GNUNET_CRYPTO_eddsa_fo_kem_decaps()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_fo_kem_decaps ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_FoKemC c,
struct GNUNET_HashCode key_material 
)

Decapsulate key material using a CCA-secure KEM.

The KEM is using a OWTF with image oracle constructed from a Fujusaki-Okamoto transformation using ElGamal (DH plus XOR OTP). Dual to #GNUNET_CRRYPTO_eddsa_fo_kem_encaps.

Parameters
privprivate key this encapsulation is for
cthe encapsulation
[out]key_materialthe encapsulated key
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Decapsulate key material using a CCA-secure KEM.

Definition at line 513 of file crypto_ecc.c.

912 {
913  struct GNUNET_HashCode w;
915 
916  ret = GNUNET_CRYPTO_eddsa_ecdh (priv, &c->pub, &w);
917  if (GNUNET_OK != ret)
918  return ret;
919  return fo_kem_decaps (&w, c, key_material);
920 }
static enum GNUNET_GenericReturnValue fo_kem_decaps(const struct GNUNET_HashCode *w, const struct GNUNET_CRYPTO_FoKemC *c, struct GNUNET_HashCode *key_material)
Definition: crypto_ecc.c:875

◆ GNUNET_CRYPTO_ecdsa_fo_kem_encaps()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_fo_kem_encaps ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
struct GNUNET_CRYPTO_FoKemC c,
struct GNUNET_HashCode key_material 
)

Encapsulate key material using a CCA-secure KEM.

The KEM is using a OWTF with image oracle constructed from a Fujusaki-Okamoto transformation using ElGamal (DH plus XOR OTP). Dual to #GNUNET_CRRYPTO_eddsa_fo_kem_decaps.

Parameters
pubpublic key to encapsulated for
[out]cthe encapsulation
[out]key_materialthe encapsulated key
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

811 {
812  struct GNUNET_HashCode x;
813  struct GNUNET_HashCode ux;
814  struct GNUNET_HashCode w;
816 
817  // This is the input to the FO OWTF
819 
820  // We build our OWTF using a FO-transformation of ElGamal:
821  // U(x)
822  GNUNET_CRYPTO_hash (&x, sizeof (x), &ux);
823  GNUNET_memcpy (&sk, &ux, sizeof (sk));
824 
825  // B := g^U(x)
827 
828  if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa (&sk, pub, &w))
829  return -1;
830  // w xor x (one-time pad)
831  GNUNET_CRYPTO_hash_xor (&w, &x, &c->y);
832 
833  // k := H(x) FIXME: U and H must be different?
834  GNUNET_memcpy (key_material, &ux, sizeof (ux));
835  return GNUNET_OK;
836 }
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EcDSA public key and a private ECDH key.
Definition: crypto_ecc.c:940

◆ GNUNET_CRYPTO_ecdsa_fo_kem_decaps()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_fo_kem_decaps ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
struct GNUNET_CRYPTO_FoKemC c,
struct GNUNET_HashCode key_material 
)

Decapsulate key material using a CCA-secure KEM.

The KEM is using a OWTF with image oracle constructed from a Fujusaki-Okamoto transformation using ElGamal (DH plus XOR OTP). Dual to #GNUNET_CRRYPTO_eddsa_fo_kem_encaps.

Parameters
privprivate key this encapsulation is for
cthe encapsulation
[out]key_materialthe encapsulated key
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

928 {
929  struct GNUNET_HashCode w;
931 
932  ret = GNUNET_CRYPTO_ecdsa_ecdh (priv, &c->pub, &w);
933  if (GNUNET_OK != ret)
934  return ret;
935  return fo_kem_decaps (&w, c, key_material);
936 }
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private ECDSA key.
Definition: crypto_ecc.c:759

◆ GNUNET_CRYPTO_ecdsa_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private ECDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

762 {
763  uint8_t p[crypto_scalarmult_BYTES];
764 
765  BENCHMARK_START (ecdsa_ecdh);
766  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
767  return GNUNET_SYSERR;
769  crypto_scalarmult_BYTES,
770  key_material);
771  BENCHMARK_END (ecdsa_ecdh);
772  return GNUNET_OK;
773 }

Referenced by GNUNET_IDENTITY_decrypt_old().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_eddsa()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EddsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EdDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_eddsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from EdDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

780 {
781  uint8_t p[crypto_scalarmult_BYTES];
782  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
783 
784  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
785  return GNUNET_SYSERR;
786  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
787  return GNUNET_SYSERR;
788  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
789  return GNUNET_OK;
790 }

Referenced by checkvec(), GNUNET_IDENTITY_decrypt(), output_vectors(), and update_ax_by_kx().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_ecdsa()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EcDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

943 {
944  uint8_t p[crypto_scalarmult_BYTES];
945  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
946 
947  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
948  return GNUNET_SYSERR;
949  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
950  return GNUNET_SYSERR;
951  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
952  return GNUNET_OK;
953 }

Referenced by GNUNET_IDENTITY_decrypt().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EddsaSignature sig 
)

EdDSA sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_eddsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

611 {
612 
613  size_t mlen = ntohl (purpose->size);
614  unsigned char sk[crypto_sign_SECRETKEYBYTES];
615  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
616  int res;
617 
618  BENCHMARK_START (eddsa_sign);
619  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
620  res = crypto_sign_detached ((uint8_t *) sig,
621  NULL,
622  (uint8_t *) purpose,
623  mlen,
624  sk);
625  BENCHMARK_END (eddsa_sign);
626  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
627 }
static int res
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...

Referenced by do_dht_put(), GST_validation_handle_ping(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), regex_iterator(), send_disconnect(), setup_flood_message(), and sign_ephemeral_key().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EcdsaSignature sig 
)

ECDSA Sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 513 of file crypto_ecc.c.

540 {
541  gcry_sexp_t priv_sexp;
542  gcry_sexp_t sig_sexp;
543  gcry_sexp_t data;
544  int rc;
545  gcry_mpi_t rs[2];
546 
547  BENCHMARK_START (ecdsa_sign);
548 
549  priv_sexp = decode_private_ecdsa_key (priv);
550  data = data_to_ecdsa_value (purpose);
551  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
552  {
554  _ ("ECC signing failed at %s:%d: %s\n"),
555  __FILE__,
556  __LINE__,
557  gcry_strerror (rc));
558  gcry_sexp_release (data);
559  gcry_sexp_release (priv_sexp);
560  return GNUNET_SYSERR;
561  }
562  gcry_sexp_release (priv_sexp);
563  gcry_sexp_release (data);
564 
565  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
566  'signature' */
567  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
568  {
569  GNUNET_break (0);
570  gcry_sexp_release (sig_sexp);
571  return GNUNET_SYSERR;
572  }
573  gcry_sexp_release (sig_sexp);
574  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
575  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
576  gcry_mpi_release (rs[0]);
577  gcry_mpi_release (rs[1]);
578 
579  BENCHMARK_END (ecdsa_sign);
580 
581  return GNUNET_OK;
582 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:97
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:513
#define LOG(kind,...)
Definition: crypto_ecc.c:61
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:155
uint32_t data
The data value.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_WARNING
unsigned char s[256/8]
S value.
unsigned char r[256/8]
R value.

Referenced by GNUNET_FS_publish_ublock_().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_edx25519_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_sign_ ( const struct GNUNET_CRYPTO_Edx25519PrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_Edx25519Signature sig 
)

Edx25519 sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_edx25519_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Edx25519 sign a given block.

But instead of expanding a private seed (which is usually the case for crypto APIs) and using the resulting scalars, it takes the scalars directly from Edx25519PrivateKey. We require this functionality in order to use derived private keys for signatures.

The resulting signature is a standard EdDSA signature which can be verified using the usual APIs.

Parameters
privthe private key (containing two scalars .a and .b)
purpthe signature purpose
sigthe resulting signature

Calculate the public key P from the private scalar in the key.

Calculate r: r = SHA512 (b ∥ M) where M is our message (purpose).

Temporarily put P into S

Reduce the scalar value r

Calculate R := r * G of the signature

Calculate hram := SHA512 (R ∥ P ∥ M)

Reduce the resulting scalar value

Calculate S := r + hram * s mod L

Definition at line 79 of file crypto_edx25519.c.

107 {
108 
109  crypto_hash_sha512_state hs;
110  unsigned char r[64];
111  unsigned char hram[64];
112  unsigned char P[32];
113  unsigned char r_mod[64];
114  unsigned char R[32];
115  unsigned char tmp[32];
116 
117  crypto_hash_sha512_init (&hs);
118 
122  crypto_scalarmult_ed25519_base_noclamp (P,
123  priv->a);
124 
130  crypto_hash_sha512_update (&hs,
131  priv->b,
132  sizeof(priv->b));
133  crypto_hash_sha512_update (&hs,
134  (uint8_t*) purpose,
135  ntohl (purpose->size));
136  crypto_hash_sha512_final (&hs,
137  r);
138 
142  memcpy (sig->s, P, 32);
143 
147  crypto_core_ed25519_scalar_reduce (r_mod, r);
148 
152  crypto_scalarmult_ed25519_base_noclamp (R, r_mod);
153  memcpy (sig->r, R, sizeof (R));
154 
159  crypto_hash_sha512_init (&hs);
160  crypto_hash_sha512_update (&hs, (uint8_t*) sig, 64);
161  crypto_hash_sha512_update (&hs, (uint8_t*) purpose,
162  ntohl (purpose->size));
163  crypto_hash_sha512_final (&hs, hram);
164 
168  unsigned char hram_mod[64];
169  crypto_core_ed25519_scalar_reduce (hram_mod, hram);
170 
175  crypto_core_ed25519_scalar_mul (tmp, hram_mod, priv->a);
176  crypto_core_ed25519_scalar_add (sig->s, tmp, r_mod);
177 
178  sodium_memzero (r, sizeof (r));
179  sodium_memzero (r_mod, sizeof (r_mod));
180 
181  return GNUNET_OK;
182 }
unsigned char b[256/8]
b consists of 32 bytes which where originally the lower 32bytes of the key expansion.
unsigned char s[256/8]
S value.
unsigned char r[256/8]
R value.

◆ GNUNET_CRYPTO_eddsa_verify_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EddsaSignature sig,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Verify EdDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 513 of file crypto_ecc.c.

695 {
696  const unsigned char *m = (const void *) validate;
697  size_t mlen = ntohl (validate->size);
698  const unsigned char *s = (const void *) sig;
699 
700  int res;
701 
702  if (purpose != ntohl (validate->purpose))
703  return GNUNET_SYSERR; /* purpose mismatch */
704 
705  BENCHMARK_START (eddsa_verify);
706 
707  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
708  BENCHMARK_END (eddsa_verify);
709  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
710 }
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...

Referenced by GST_neighbours_handle_disconnect_message(), GST_validation_handle_pong(), handle_ephemeral_key(), keygen_round1_new_element(), keygen_round2_new_element(), and verify_message_crypto().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_verify_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EcdsaSignature sig,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Verify ECDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 513 of file crypto_ecc.c.

636 {
637  gcry_sexp_t data;
638  gcry_sexp_t sig_sexpr;
639  gcry_sexp_t pub_sexpr;
640  int rc;
641 
642  BENCHMARK_START (ecdsa_verify);
643 
644  if (purpose != ntohl (validate->purpose))
645  return GNUNET_SYSERR; /* purpose mismatch */
646 
647  /* build s-expression for signature */
648  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
649  NULL,
650  "(sig-val(ecdsa(r %b)(s %b)))",
651  (int) sizeof(sig->r),
652  sig->r,
653  (int) sizeof(sig->s),
654  sig->s)))
655  {
656  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
657  return GNUNET_SYSERR;
658  }
659  data = data_to_ecdsa_value (validate);
660  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
661  NULL,
662  "(public-key(ecc(curve " CURVE ")(q %b)))",
663  (int) sizeof(pub->q_y),
664  pub->q_y)))
665  {
666  gcry_sexp_release (data);
667  gcry_sexp_release (sig_sexpr);
668  return GNUNET_SYSERR;
669  }
670  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
671  gcry_sexp_release (pub_sexpr);
672  gcry_sexp_release (data);
673  gcry_sexp_release (sig_sexpr);
674  if (0 != rc)
675  {
677  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
678  __FILE__,
679  __LINE__,
680  gcry_strerror (rc));
681  BENCHMARK_END (ecdsa_verify);
682  return GNUNET_SYSERR;
683  }
684  BENCHMARK_END (ecdsa_verify);
685  return GNUNET_OK;
686 }
#define CURVE
IMPLEMENTATION NOTICE:
Definition: crypto_ecc.c:59
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the mess...
Definition: crypto_ecc.c:75
@ GNUNET_ERROR_TYPE_INFO

◆ GNUNET_CRYPTO_edx25519_verify_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_Edx25519Signature sig,
const struct GNUNET_CRYPTO_Edx25519PublicKey pub 
)

Verify Edx25519 signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_edx25519_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 79 of file crypto_edx25519.c.

191 {
192  const unsigned char *m = (const void *) validate;
193  size_t mlen = ntohl (validate->size);
194  const unsigned char *s = (const void *) sig;
195 
196  int res;
197 
198  if (purpose != ntohl (validate->purpose))
199  return GNUNET_SYSERR; /* purpose mismatch */
200 
201  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
202  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
203 }

◆ GNUNET_CRYPTO_ecdsa_private_key_derive()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_private_key_derive ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const char *  label,
const char *  context 
)

Derive a private key from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Definition at line 196 of file crypto_ecc_gnsrecord.c.

200 {
203  struct GNUNET_HashCode hc;
204  uint8_t dc[32];
205  gcry_mpi_t h;
206  gcry_mpi_t x;
207  gcry_mpi_t d;
208  gcry_mpi_t n;
209  gcry_ctx_t ctx;
210 
211  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
212 
213  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
215 
216  derive_h (&pub, sizeof (pub), label, context, &hc);
217  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
218 
219  /* Convert to big endian for libgcrypt */
220  for (size_t i = 0; i < 32; i++)
221  dc[i] = priv->d[31 - i];
222  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc));
223  d = gcry_mpi_new (256);
224  gcry_mpi_mulm (d, h, x, n);
225  gcry_mpi_release (h);
226  gcry_mpi_release (x);
227  gcry_mpi_release (n);
228  gcry_ctx_release (ctx);
230  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
231  /* Convert to big endian for libgcrypt */
232  for (size_t i = 0; i < 32; i++)
233  ret->d[i] = dc[31 - i];
234  sodium_memzero (dc, sizeof(dc));
235  gcry_mpi_release (d);
236  return ret;
237 }
#define CURVE
void derive_h(const void *pub, size_t pubsize, const char *label, const char *context, struct GNUNET_HashCode *hc)
Derive the 'h' value for key derivation, where 'h = H(l,P)'.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static struct GNUNET_FS_DownloadContext * dc
static pa_context * context
Pulseaudio context.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:187
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:132
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...

References context, ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_new, h, pub, and ret.

Referenced by GNUNET_FS_publish_ublock_(), and run_pkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_derive()

void GNUNET_CRYPTO_ecdsa_public_key_derive ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EcdsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 241 of file crypto_ecc_gnsrecord.c.

246 {
247  struct GNUNET_HashCode hc;
248  gcry_ctx_t ctx;
249  gcry_mpi_t q_y;
250  gcry_mpi_t h;
251  gcry_mpi_t n;
252  gcry_mpi_t h_mod_n;
253  gcry_mpi_point_t q;
254  gcry_mpi_point_t v;
255 
256  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
257 
258  /* obtain point 'q' from original public key. The provided 'q' is
259  compressed thus we first store it in the context and then get it
260  back as a (decompresssed) point. */
261  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
262  GNUNET_assert (NULL != q_y);
263  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
264  gcry_mpi_release (q_y);
265  q = gcry_mpi_ec_get_point ("q", ctx, 0);
266  GNUNET_assert (q);
267 
268  /* calculate h_mod_n = h % n */
269  derive_h (pub, sizeof (*pub), label, context, &hc);
270  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
271  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
272  h_mod_n = gcry_mpi_new (256);
273  gcry_mpi_mod (h_mod_n, h, n);
274  /* calculate v = h_mod_n * q */
275  v = gcry_mpi_point_new (0);
276  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
277  gcry_mpi_release (h_mod_n);
278  gcry_mpi_release (h);
279  gcry_mpi_release (n);
280  gcry_mpi_point_release (q);
281 
282  /* convert point 'v' to public key that we return */
283  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
284  gcry_mpi_point_release (v);
285  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
286  GNUNET_assert (q_y);
287  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
288  gcry_mpi_release (q_y);
289  gcry_ctx_release (ctx);
290 }
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.

References context, ctx, CURVE, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, q, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.

Referenced by GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), run_pkey(), and schedule_transmit_search_request().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_private_key_derive()

void GNUNET_CRYPTO_eddsa_private_key_derive ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EddsaPrivateScalar result 
)

Derive a private scalar from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'. The result is the derived private scalar, not the private key as for EdDSA we cannot derive before we hash the private key.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
resultderived private scalar

Libsodium does not offer an API with arbitrary arithmetic. Hence we have to use libgcrypt here.

Get our modulo L

This is the standard private key expansion in Ed25519. The first 32 octets are used as a little-endian private scalar. We derive this scalar using our "h".

Get h mod L

dc now contains the private scalar "a". We calculate: d' := h * a mod L

We hash the derived "h" parameter with the other half of the expanded private key. This ensures that for signature generation, the "R" is derived from the same derivation path as "h" and is not reused.

Definition at line 294 of file crypto_ecc_gnsrecord.c.

299 {
301  struct GNUNET_HashCode hc;
302  uint8_t dc[32];
303  unsigned char sk[64];
304  gcry_mpi_t h;
305  gcry_mpi_t h_mod_L;
306  gcry_mpi_t a;
307  gcry_mpi_t d;
308  gcry_mpi_t L;
309  gcry_ctx_t ctx;
310 
315  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, "Ed25519"));
316 
320  L = gcry_mpi_ec_get_mpi ("n", ctx, 1);
322 
329  crypto_hash_sha512 (sk, priv->d, 32);
330  sk[0] &= 248;
331  sk[31] &= 127;
332  sk[31] |= 64;
333 
337  derive_h (&pub, sizeof (pub), label, context, &hc);
338  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
339  h_mod_L = gcry_mpi_new (256);
340  gcry_mpi_mod (h_mod_L, h, L);
341  /* Convert scalar to big endian for libgcrypt */
342  for (size_t i = 0; i < 32; i++)
343  dc[i] = sk[31 - i];
344 
350  GNUNET_CRYPTO_mpi_scan_unsigned (&a, dc, sizeof(dc)); // a
351  d = gcry_mpi_new (256);
352  gcry_mpi_mulm (d, h_mod_L, a, L); // d := h * a mod L
353  gcry_mpi_release (h);
354  gcry_mpi_release (a);
355  gcry_mpi_release (L);
356  gcry_mpi_release (h_mod_L);
357  gcry_ctx_release (ctx);
358  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
365  crypto_hash_sha256_state hs;
366  crypto_hash_sha256_init (&hs);
367  crypto_hash_sha256_update (&hs, sk + 32, 32);
368  crypto_hash_sha256_update (&hs, (unsigned char*) &hc, sizeof (hc));
369  crypto_hash_sha256_final (&hs, result->s + 32);
370  // memcpy (result->s, sk, sizeof (sk));
371  /* Convert to little endian for libsodium */
372  for (size_t i = 0; i < 32; i++)
373  result->s[i] = dc[31 - i];
374 
375  sodium_memzero (dc, sizeof(dc));
376  gcry_mpi_release (d);
377 }
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...

References context, ctx, GNUNET_CRYPTO_EddsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, and result.

Referenced by run_edkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_public_key_derive()

void GNUNET_CRYPTO_eddsa_public_key_derive ( const struct GNUNET_CRYPTO_EddsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EddsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 381 of file crypto_ecc_gnsrecord.c.

386 {
387  struct GNUNET_HashCode hc;
388  gcry_ctx_t ctx;
389  gcry_mpi_t q_y;
390  gcry_mpi_t h;
391  gcry_mpi_t n;
392  gcry_mpi_t h_mod_n;
393  gcry_mpi_point_t q;
394  gcry_mpi_point_t v;
395 
396  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, "Ed25519"));
397 
398  /* obtain point 'q' from original public key. The provided 'q' is
399  compressed thus we first store it in the context and then get it
400  back as a (decompresssed) point. */
401  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
402  GNUNET_assert (NULL != q_y);
403  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
404  gcry_mpi_release (q_y);
405  q = gcry_mpi_ec_get_point ("q", ctx, 0);
406  GNUNET_assert (q);
407 
408  /* calculate h_mod_n = h % n */
409  derive_h (pub, sizeof (*pub), label, context, &hc);
410  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
411 
412  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
413  h_mod_n = gcry_mpi_new (256);
414  gcry_mpi_mod (h_mod_n, h, n);
415 
416  /* calculate v = h_mod_n * q */
417  v = gcry_mpi_point_new (0);
418  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
419  gcry_mpi_release (h_mod_n);
420  gcry_mpi_release (h);
421  gcry_mpi_release (n);
422  gcry_mpi_point_release (q);
423 
424  /* convert point 'v' to public key that we return */
425  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
426  gcry_mpi_point_release (v);
427  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
428  GNUNET_assert (q_y);
429  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
430  gcry_mpi_release (q_y);
431  gcry_ctx_release (ctx);
432 
433 }

References context, ctx, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, q, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.

Referenced by run_edkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_edx25519_private_key_derive()

void GNUNET_CRYPTO_edx25519_private_key_derive ( const struct GNUNET_CRYPTO_Edx25519PrivateKey priv,
const void *  seed,
size_t  seedsize,
struct GNUNET_CRYPTO_Edx25519PrivateKey result 
)

Derive a private scalar from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
seedinput seed
seedsizesize of the seed
resultderived private key

dc now contains the private scalar "a". We carefully remove the clamping and derive a'. Calculate: a1 := a / 8 a2 := h * a1 mod n a' := a2 * 8 mod n

Definition at line 239 of file crypto_edx25519.c.

244 {
246  struct GNUNET_HashCode hc;
247  uint8_t a[32];
248  uint8_t eight[32] = { 8 };
249  uint8_t eight_inv[32];
250  uint8_t h[64] = { 0 };
251 
253 
254  /* Get h mod n */
255  derive_h (&pub,
256  seed,
257  seedsize,
258  &hc);
259 
260  memcpy (h, &hc, 64);
261  crypto_core_ed25519_scalar_reduce (h,
262  h);
263 #ifdef CHECK_RARE_CASES
271  {
272  char zero[32] = { 0 };
273  char one[32] = { 1 };
274 
275  GNUNET_assert (0 != memcmp (zero, h, 32));
276  GNUNET_assert (0 != memcmp (one, h, 32));
277  }
278 #endif
279 
289  GNUNET_assert (0 == crypto_core_ed25519_scalar_invert (eight_inv,
290  eight));
291 
292  crypto_core_ed25519_scalar_mul (a, priv->a, eight_inv);
293  crypto_core_ed25519_scalar_mul (a, a, h);
294  crypto_core_ed25519_scalar_mul (a, a, eight);
295 
296 #ifdef CHECK_RARE_CASES
297  /* The likelihood for a' == 0 or a' == 1 is neglegible */
298  {
299  char zero[32] = { 0 };
300  char one[32] = { 1 };
301 
302  GNUNET_assert (0 != memcmp (zero, a, 32));
303  GNUNET_assert (0 != memcmp (one, a, 32));
304  }
305 #endif
306 
307  /* We hash the derived "h" parameter with the other half of the expanded
308  * private key (that is: priv->b). This ensures that for signature
309  * generation, the "R" is derived from the same derivation path as "h" and is
310  * not reused. */
311  {
312  struct GNUNET_HashCode hcb;
313  struct GNUNET_HashContext *hctx;
314 
316  GNUNET_CRYPTO_hash_context_read (hctx, priv->b, sizeof(priv->b));
317  GNUNET_CRYPTO_hash_context_read (hctx, (unsigned char*) &hc, sizeof (hc));
319 
320  /* Truncate result, effectively doing SHA512/256 */
321  for (size_t i = 0; i < 32; i++)
322  result->b[i] = ((unsigned char *) &hcb)[i];
323  }
324 
325  for (size_t i = 0; i < 32; i++)
326  result->a[i] = a[i];
327 
328  sodium_memzero (a, sizeof(a));
329 }
static void derive_h(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_HashCode *phc)
Derive the 'h' value for key derivation, where 'h = H(P ∥ seed) mod n' and 'n' is the size of the cyc...
static const struct GNUNET_IDENTITY_PrivateKey zero
Public key of all zeros.
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
struct GNUNET_HashContext * GNUNET_CRYPTO_hash_context_start(void)
Start incremental hashing operation.
Definition: crypto_hash.c:350
void GNUNET_CRYPTO_hash_context_read(struct GNUNET_HashContext *hc, const void *buf, size_t size)
Add data to be hashed.
Definition: crypto_hash.c:366
void GNUNET_CRYPTO_hash_context_finish(struct GNUNET_HashContext *hc, struct GNUNET_HashCode *r_hash)
Finish the hash computation.
Definition: crypto_hash.c:390
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...

References GNUNET_CRYPTO_Edx25519PrivateKey::a, GNUNET_CRYPTO_Edx25519PrivateKey::b, derive_h(), GNUNET_assert, GNUNET_CRYPTO_edx25519_key_get_public(), GNUNET_CRYPTO_hash_context_finish(), GNUNET_CRYPTO_hash_context_read(), GNUNET_CRYPTO_hash_context_start(), h, pub, result, and zero.

Referenced by output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_edx25519_public_key_derive()

void GNUNET_CRYPTO_edx25519_public_key_derive ( const struct GNUNET_CRYPTO_Edx25519PublicKey pub,
const void *  seed,
size_t  seedsize,
struct GNUNET_CRYPTO_Edx25519PublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
seedinput seed
seedsizesize of the seed
resultwhere to write the derived public key

Definition at line 333 of file crypto_edx25519.c.

338 {
339  struct GNUNET_HashCode hc;
340  uint8_t h[64] = { 0 };
341 
342  derive_h (pub,
343  seed,
344  seedsize,
345  &hc);
346  memcpy (h,
347  &hc,
348  64);
349  crypto_core_ed25519_scalar_reduce (h,
350  h);
351  GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp (result->q_y,
352  h,
353  pub->q_y));
354 }

References derive_h(), GNUNET_assert, h, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.

Referenced by output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function: