 |
GNUnet 0.22.2
|
|
|
GNUnet 0.22.2
|
|
Provides cryptographic primitives. More...
Macros | |
| #define | GNUNET_CRYPTO_eddsa_sign(priv, ps, sig) |
| EdDSA sign a given block. More... | |
| #define | GNUNET_CRYPTO_ecdsa_sign(priv, ps, sig) |
| ECDSA sign a given block. More... | |
| #define | GNUNET_CRYPTO_edx25519_sign(priv, ps, sig) |
| Edx25519 sign a given block. More... | |
| #define | GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub) |
| Verify EdDSA signature. More... | |
| #define | GNUNET_CRYPTO_ecdsa_verify(purp, ps, sig, pub) |
| Verify ECDSA signature. More... | |
| #define | GNUNET_CRYPTO_edx25519_verify(purp, ps, sig, pub) |
| Verify Edx25519 signature. More... | |
Enumerations | |
| enum | GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK , GNUNET_CRYPTO_QUALITY_STRONG , GNUNET_CRYPTO_QUALITY_NONCE } |
| Desired quality level for random numbers. More... | |
Provides cryptographic primitives.
| #define GNUNET_CRYPTO_eddsa_sign | ( | priv, | |
| ps, | |||
| sig | |||
| ) |
EdDSA sign a given block.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| priv | private key to use for the signing | |
| ps | packed struct with what to sign, MUST begin with a purpose | |
| [out] | sig | where to write the signature |
Definition at line 2810 of file gnunet_crypto_lib.h.
| #define GNUNET_CRYPTO_ecdsa_sign | ( | priv, | |
| ps, | |||
| sig | |||
| ) |
ECDSA sign a given block.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| priv | private key to use for the signing | |
| ps | packed struct with what to sign, MUST begin with a purpose | |
| [out] | sig | where to write the signature |
Definition at line 2872 of file gnunet_crypto_lib.h.
| #define GNUNET_CRYPTO_edx25519_sign | ( | priv, | |
| ps, | |||
| sig | |||
| ) |
Edx25519 sign a given block.
The resulting signature is compatible with EdDSA.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| priv | private key to use for the signing | |
| ps | packed struct with what to sign, MUST begin with a purpose | |
| [out] | sig | where to write the signature |
Definition at line 2919 of file gnunet_crypto_lib.h.
Verify EdDSA signature.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| purp | purpose of the signature, must match 'ps->purpose.purpose' (except in host byte order) |
| priv | private key to use for the signing |
| ps | packed struct with what to sign, MUST begin with a purpose |
| sig | where to write the signature |
Definition at line 2972 of file gnunet_crypto_lib.h.
Verify ECDSA signature.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| purp | purpose of the signature, must match 'ps->purpose.purpose' (except in host byte order) |
| priv | private key to use for the signing |
| ps | packed struct with what to sign, MUST begin with a purpose |
| sig | where to write the signature |
Definition at line 3024 of file gnunet_crypto_lib.h.
Verify Edx25519 signature.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| purp | purpose of the signature, must match 'ps->purpose.purpose' (except in host byte order) |
| priv | private key to use for the signing |
| ps | packed struct with what to sign, MUST begin with a purpose |
| sig | where to write the signature |
Definition at line 3076 of file gnunet_crypto_lib.h.
Desired quality level for random numbers.
Definition at line 84 of file gnunet_crypto_lib.h.
| void GNUNET_CRYPTO_seed_weak_random | ( | int32_t | seed | ) |
Seed a weak random generator.
Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator can be seeded.
| seed | the seed to use |
Definition at line 91 of file crypto_random.c.
References seed.
Referenced by __attribute__().
| void GNUNET_CRYPTO_zero_keys | ( | void * | buffer, |
| size_t | length | ||
| ) |
Zero out buffer, securely against compiler optimizations.
Used to delete key material.
| buffer | the buffer to zap |
| length | buffer length |
Definition at line 110 of file crypto_random.c.
References p.
Referenced by delete_store_message(), and dv_key_clean().
| void GNUNET_CRYPTO_random_block | ( | enum GNUNET_CRYPTO_Quality | mode, |
| void * | buffer, | ||
| size_t | length | ||
| ) |
Fill block with a random values.
| mode | desired quality of the random number | |
| [out] | buffer | the buffer to fill |
| length | buffer length | |
| mode | desired quality of the random number | |
| buffer | the buffer to fill | |
| length | buffer length |
Definition at line 133 of file crypto_random.c.
References GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and mode.
Referenced by client_quic_init(), connection_init(), delayed_put(), do_pad(), encapsulate_for_dv(), encode_message_body(), GCC_create(), generate_free_member_id(), get_new_connection_id_cb(), GNUNET_async_scope_fresh(), GNUNET_CRYPTO_ecdhe_elligator_key_create(), GNUNET_CRYPTO_ecdhe_elligator_key_get_public(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_edx25519_key_create(), GNUNET_CRYPTO_hash_create_random(), GNUNET_CRYPTO_hpke_elligator_kem_encaps(), GNUNET_CRYPTO_hpke_sender_setup2(), GNUNET_CRYPTO_random_timeflake(), handle_validation_response(), mq_init(), output_vectors(), prepare_pending_acknowledgement(), rand_cb(), RPS_sampler_elem_reinit(), sock_read(), start_address_validation(), start_dv_learn(), and transmit_kx().
| void GNUNET_CRYPTO_random_timeflake | ( | enum GNUNET_CRYPTO_Quality | mode, |
| struct GNUNET_Uuid * | uuid | ||
| ) |
Fill UUID with a timeflake pseudo-random value.
Note that timeflakes use only 80 bits of randomness and 48 bits to encode a timestamp in milliseconds. So what we return here is not a completely random number.
| mode | desired quality of the random number | |
| [out] | uuid | the value to fill |
Note that timeflakes use only 80 bits of randomness and 48 bits to encode a timestamp in milliseconds. So what we return here is not a completely random number.
| mode | desired quality of the random number |
| uuid | the value to fill |
Definition at line 316 of file crypto_random.c.
References GNUNET_TIME_Absolute::abs_value_us, GNUNET_CRYPTO_random_block(), GNUNET_htonll(), GNUNET_TIME_absolute_get(), GNUNET_TIME_UNIT_MILLISECONDS, and mode.
| uint32_t GNUNET_CRYPTO_random_u32 | ( | enum GNUNET_CRYPTO_Quality | mode, |
| uint32_t | i | ||
| ) |
Produce a random value.
| mode | desired quality of the random number |
| i | the upper limit (exclusive) for the random number |
Produce a random value.
| mode | desired quality of the random number |
| i | the upper limit (exclusive) for the random number |
Definition at line 178 of file crypto_random.c.
References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, mode, and ret.
Referenced by __attribute__(), allocate_v4_address(), allocate_v6_address(), calculate_seed(), channel_new_cb(), compute_rand_delay(), compute_service_response(), daemon_started(), delayed_get(), delayed_put(), download_get_url(), generate_request_id(), get_any(), get_bootstrap_server(), get_delay_randomization(), get_forward_count(), get_random_literal(), get_random_peer_from_peermap(), get_randomized_delay(), get_request_socket(), get_typed(), GNUNET_BLOCK_GROUP_bf_create(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), join_room_run(), ogg_init(), plan(), queue(), reannounce_regex(), recursive_dns_resolution(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), route_control_message_without_fc(), route_via_neighbour(), select_peer(), send_bloomfilter(), setup_fresh_address(), setup_fresh_ping(), should_I_drop(), shuffle_answers(), start_dv_learn(), test_run(), transmit_typemap_task(), and try_open_exit().
| uint64_t GNUNET_CRYPTO_random_u64 | ( | enum GNUNET_CRYPTO_Quality | mode, |
| uint64_t | max | ||
| ) |
Generate a random unsigned 64-bit value.
| mode | desired quality of the random number |
| max | value returned will be in range [0,max) (exclusive) |
Definition at line 262 of file crypto_random.c.
References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, max, mode, and ret.
Referenced by activate_core_visible_dv_path(), calculate_fork_degree(), choose_exit(), dht_connected(), get_transmit_delay(), GNUNET_DHT_connect(), GNUNET_GNSRECORD_pow_start(), handle_dht_p2p_put(), handle_flow_control(), handle_validation_response(), ifc_broadcast(), namestore_flat_store_records(), namestore_postgres_store_records(), namestore_sqlite_store_records(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), run(), sampler_get_rand_peer(), send_find_peer_message(), send_full_set(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().
| unsigned int * GNUNET_CRYPTO_random_permute | ( | enum GNUNET_CRYPTO_Quality | mode, |
| unsigned int | n | ||
| ) |
Get an array with a random permutation of the numbers 0...n-1.
| mode | GNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used, GNUNET_CRYPTO_QUALITY_WEAK or GNUNET_CRYPTO_QUALITY_NONCE otherwise |
| n | the size of the array |
| mode | #GNUNET_RANDOM_QUALITY_STRONG if the strong (but expensive) PRNG should be used, #GNUNET_RANDOM_QUALITY_WEAK otherwise |
| n | the size of the array |
Definition at line 238 of file crypto_random.c.
References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, mode, and ret.
Referenced by compute_service_response(), and do_round().
| void GNUNET_CRYPTO_symmetric_create_session_key | ( | struct GNUNET_CRYPTO_SymmetricSessionKey * | key | ) |
Create a new random session key.
| key | key to initialize |
Create a new random session key.
| key | session key to initialize |
Definition at line 42 of file crypto_symmetric.c.
References GNUNET_CRYPTO_AES_KEY_LENGTH, and key.
| ssize_t GNUNET_CRYPTO_symmetric_encrypt | ( | const void * | block, |
| size_t | size, | ||
| const struct GNUNET_CRYPTO_SymmetricSessionKey * | sessionkey, | ||
| const struct GNUNET_CRYPTO_SymmetricInitializationVector * | iv, | ||
| void * | result | ||
| ) |
Encrypt a block using a symmetric sessionkey.
| block | the block to encrypt |
| size | the size of the block |
| sessionkey | the key used to encrypt |
| iv | the initialization vector to use, use INITVALUE for streams. |
Encrypt a block using a symmetric sessionkey.
| block | the block to encrypt |
| size | the size of the block |
| sessionkey | the key used to encrypt |
| iv | the initialization vector to use, use INITVALUE for streams |
| result | the output parameter in which to store the encrypted result can be the same or overlap with block |
len. Definition at line 131 of file crypto_symmetric.c.
References GNUNET_assert, GNUNET_NZL, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.
Referenced by do_encrypt(), encrypt_existing_match(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().
| ssize_t GNUNET_CRYPTO_symmetric_decrypt | ( | const void * | block, |
| size_t | size, | ||
| const struct GNUNET_CRYPTO_SymmetricSessionKey * | sessionkey, | ||
| const struct GNUNET_CRYPTO_SymmetricInitializationVector * | iv, | ||
| void * | result | ||
| ) |
Decrypt a given block using a symmetric sessionkey.
| block | the data to decrypt, encoded as returned by encrypt |
| size | how big is the block? |
| sessionkey | the key used to decrypt |
| iv | the initialization vector to use |
| result | address to store the result at |
Decrypt a given block using a symmetric sessionkey.
| block | the data to decrypt, encoded as returned by encrypt |
| size | the size of the block to decrypt |
| sessionkey | the key used to decrypt |
| iv | the initialization vector to use, use INITVALUE for streams |
| result | address to store the result at can be the same or overlap with block |
size. Definition at line 169 of file crypto_symmetric.c.
References GNUNET_assert, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.
Referenced by do_decrypt(), GNUNET_FS_ublock_decrypt_(), process_result_with_request(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().
| void GNUNET_CRYPTO_symmetric_derive_iv | ( | struct GNUNET_CRYPTO_SymmetricInitializationVector * | iv, |
| const struct GNUNET_CRYPTO_SymmetricSessionKey * | skey, | ||
| const void * | salt, | ||
| size_t | salt_len, | ||
| ... | |||
| ) |
Derive an IV.
| iv | initialization vector |
| skey | session key |
| salt | salt for the derivation |
| salt_len | size of the salt |
| ... | pairs of void * & size_t for context chunks, terminated by NULL |
Definition at line 203 of file crypto_symmetric.c.
References GNUNET_CRYPTO_symmetric_derive_iv_v(), and salt.
Referenced by derive_iv(), derive_pong_iv(), t_ax_decrypt(), t_ax_encrypt(), t_h_decrypt(), t_h_encrypt(), and try_old_ax_keys().
| void GNUNET_CRYPTO_ecdsa_key_get_public | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| struct GNUNET_CRYPTO_EcdsaPublicKey * | pub | ||
| ) |
Extract the public key for the given private key.
| priv | the special elligator private key |
| pub | where to write the public key |
Definition at line 190 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by block_create2(), decrypt_block_with_keyword(), get_update_information_directory(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_CRYPTO_key_get_public(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), and process_kblock_for_unindex().
| void GNUNET_CRYPTO_eddsa_key_get_public | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| struct GNUNET_CRYPTO_EddsaPublicKey * | pub | ||
| ) |
Extract the public key for the given private key.
| priv | the private key |
| pub | where to write the public key |
Definition at line 201 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_memcpy, pk, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by advertise_dns_exit(), block_create2(), checkvec(), create_keys(), GNUNET_CRYPTO_eddsa_private_key_derive(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_CRYPTO_key_get_public(), GNUNET_FS_uri_loc_create(), GSC_KX_init(), init_socket(), main_init(), output_vectors(), print_key(), regex_iterator(), and run().
| void GNUNET_CRYPTO_edx25519_key_get_public | ( | const struct GNUNET_CRYPTO_Edx25519PrivateKey * | priv, |
| struct GNUNET_CRYPTO_Edx25519PublicKey * | pub | ||
| ) |
Extract the public key for the given private key.
| priv | the private key |
| pub | where to write the public key |
Definition at line 79 of file crypto_edx25519.c.
References GNUNET_CRYPTO_Edx25519PrivateKey::a, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by GNUNET_CRYPTO_edx25519_private_key_derive(), and output_vectors().
| void GNUNET_CRYPTO_ecdhe_key_get_public | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| struct GNUNET_CRYPTO_EcdhePublicKey * | pub | ||
| ) |
Extract the public key for the given private key.
| priv | the private key |
| pub | where to write the public key |
Definition at line 217 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by authkem_encaps_norand(), GCT_handle_kx_auth(), GCT_send(), GNUNET_CRYPTO_hpke_authkem_encaps_norand(), GNUNET_CRYPTO_hpke_kem_encaps_norand(), output_vectors(), print_examples_ecdh(), send_kx(), send_kx_auth(), and sign_ephemeral_key().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file | ( | const char * | filename, |
| int | do_create, | ||
| struct GNUNET_CRYPTO_EcdsaPrivateKey * | pkey | ||
| ) |
Create a new private key by reading it from a file.
If the files does not exist and do_create is set, creates a new key and write it to the file.
If the contents of the file are invalid, an error is returned.
| filename | name of file to use to store the key | |
| do_create | should a file be created? | |
| [out] | pkey | set to the private key from filename on success |
Definition at line 201 of file crypto_ecc_setup.c.
References filename, GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_DISK_fn_write(), GNUNET_DISK_PERM_USER_READ, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, pkey, and read_from_file().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file | ( | const char * | filename, |
| int | do_create, | ||
| struct GNUNET_CRYPTO_EddsaPrivateKey * | pkey | ||
| ) |
Create a new private key by reading it from a file.
If the files does not exist and do_create is set, creates a new key and write it to the file.
If the contents of the file are invalid, an error is returned.
| filename | name of file to use to store the key | |
| do_create | should a file be created? | |
| [out] | pkey | set to the private key from filename on success |
If the files does not exist and do_create is set, creates a new key and write it to the file.
If the contents of the file are invalid, an error is returned.
| filename | name of file to use to store the key | |
| do_create | should a file be created? | |
| [out] | pkey | set to the private key from filename on success |
Definition at line 144 of file crypto_ecc_setup.c.
References filename, GNUNET_CRYPTO_eddsa_key_create(), GNUNET_DISK_fn_write(), GNUNET_DISK_PERM_USER_READ, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, pkey, read_from_file(), and ret.
Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), main_init(), and run().
| struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration | ( | const struct GNUNET_CONFIGURATION_Handle * | cfg | ) |
Create a new private key by reading our peer's key from the file specified in the configuration.
| cfg | the configuration to use |
| cfg | the configuration to use |
Definition at line 247 of file crypto_ecc_setup.c.
References cfg, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_from_file(), GNUNET_free, GNUNET_new, GNUNET_OK, GNUNET_SYSERR, and GNUNET_YES.
Referenced by advertise_dns_exit(), DHTU_gnunet_init(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_CRYPTO_sign_by_peer_identity(), init_socket(), and run().
| void GNUNET_CRYPTO_ecdsa_key_create | ( | struct GNUNET_CRYPTO_EcdsaPrivateKey * | pk | ) |
Create a new private key.
| [out] | pk | private key to initialize |
Definition at line 465 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.
Referenced by GNUNET_CRYPTO_ecdsa_key_from_file(), private_key_create(), run_edkey(), and run_pkey().
| void GNUNET_CRYPTO_eddsa_key_create | ( | struct GNUNET_CRYPTO_EddsaPrivateKey * | pk | ) |
Create a new private key.
| [out] | pk | private key to initialize |
Definition at line 480 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.
Referenced by create_keys(), GNUNET_CRYPTO_eddsa_key_from_file(), output_vectors(), private_key_create(), and run_edkey().
| void GNUNET_CRYPTO_edx25519_key_create | ( | struct GNUNET_CRYPTO_Edx25519PrivateKey * | pk | ) |
Create a new private key.
| [out] | pk | private key to initialize |
Definition at line 65 of file crypto_edx25519.c.
References GNUNET_CRYPTO_edx25519_key_create_from_seed(), GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), pk, and seed.
Referenced by output_vectors().
| void GNUNET_CRYPTO_edx25519_key_create_from_seed | ( | const void * | seed, |
| size_t | seedsize, | ||
| struct GNUNET_CRYPTO_Edx25519PrivateKey * | pk | ||
| ) |
Create a new private key for Edx25519 from a given seed.
After expanding the seed, the first half of the key will be clamped according to EdDSA.
| seed | seed input | |
| seedsize | size of the seed in bytes | |
| [out] | pk | private key to initialize |
Definition at line 45 of file crypto_edx25519.c.
References GNUNET_CRYPTO_hash(), GNUNET_static_assert, pk, and seed.
Referenced by GNUNET_CRYPTO_edx25519_key_create().
| void GNUNET_CRYPTO_ecdhe_key_create | ( | struct GNUNET_CRYPTO_EcdhePrivateKey * | pk | ) |
Create a new private key.
Clear with GNUNET_CRYPTO_ecdhe_key_clear(). This is X25519 DH (RFC 7748 Section 5) and corresponds to X25519(a,9). See GNUNET_CRYPTO_ecc_ecdh for the DH function.
| [out] | pk | set to fresh private key; |
Definition at line 454 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.
Referenced by do_rekey(), GCT_create_tunnel(), GNUNET_CRYPTO_hpke_authkem_encaps(), GNUNET_CRYPTO_hpke_kem_encaps(), GNUNET_CRYPTO_hpke_sender_setup(), GSC_KX_init(), new_ephemeral(), output_vectors(), and print_examples_ecdh().
| void GNUNET_CRYPTO_eddsa_key_clear | ( | struct GNUNET_CRYPTO_EddsaPrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 447 of file crypto_ecc.c.
References buffer_clear(), and pk.
Referenced by GNUNET_CRYPTO_private_key_clear(), and GNUNET_CRYPTO_sign_by_peer_identity().
| void GNUNET_CRYPTO_ecdsa_key_clear | ( | struct GNUNET_CRYPTO_EcdsaPrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 440 of file crypto_ecc.c.
References buffer_clear(), and pk.
Referenced by GNUNET_CRYPTO_private_key_clear().
| void GNUNET_CRYPTO_edx25519_key_clear | ( | struct GNUNET_CRYPTO_Edx25519PrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 38 of file crypto_edx25519.c.
References pk.
| void GNUNET_CRYPTO_ecdhe_key_clear | ( | struct GNUNET_CRYPTO_EcdhePrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 433 of file crypto_ecc.c.
References buffer_clear(), and pk.
Referenced by cleanup_ax().
| void GNUNET_CRYPTO_private_key_clear | ( | struct GNUNET_CRYPTO_PrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 47 of file crypto_pkey.c.
References GNUNET_break, GNUNET_CRYPTO_ecdsa_key_clear(), GNUNET_CRYPTO_eddsa_key_clear(), GNUNET_PUBLIC_KEY_TYPE_ECDSA, GNUNET_PUBLIC_KEY_TYPE_EDDSA, and key.
Referenced by dequeue_message_from_room(), and GNUNET_MESSENGER_set_key().
| const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_get_anonymous | ( | void | ) |
Get the shared private key we use for anonymous users.
'anonymous' pseudonym (global static, d=1, public key = G (generator).
Definition at line 500 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.
Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().
| void GNUNET_CRYPTO_eddsa_setup_hostkey | ( | const char * | cfg_name | ) |
Setup a hostkey file for a peer given the name of the configuration file (!).
This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).
| cfg_name | name of the configuration file to use |
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_get_peer_identity | ( | const struct GNUNET_CONFIGURATION_Handle * | cfg, |
| struct GNUNET_PeerIdentity * | dst | ||
| ) |
Retrieve the identity of the host's peer.
| cfg | configuration to use |
| dst | pointer to where to write the peer identity |
Definition at line 274 of file crypto_ecc_setup.c.
References _, cfg, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, and GNUNET_PeerIdentity::public_key.
Referenced by DHTU_ip_init(), get_result_iterator(), get_service_peer_identity(), GNUNET_CONVERSATION_phone_create(), and run().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_sign_by_peer_identity | ( | const struct GNUNET_CONFIGURATION_Handle * | cfg, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_EddsaSignature * | sig | ||
| ) |
Sign a given block with a specific purpose using the host's peer identity.
| cfg | configuration to use |
| purpose | what to sign (size, purpose) |
| sig | where to write the signature |
Definition at line 293 of file crypto_ecc_setup.c.
References _, cfg, GNUNET_CRYPTO_eddsa_key_clear(), GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_sign_(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_SYSERR, and result.
Referenced by sign_message_by_peer().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_verify_peer_identity | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_EddsaSignature * | sig, | ||
| const struct GNUNET_PeerIdentity * | identity | ||
| ) |
Verify a given signature with a peer's identity.
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| identity | the peer's identity to verify |
Definition at line 316 of file crypto_ecc_setup.c.
References GNUNET_CRYPTO_eddsa_verify_(), and identity.
Referenced by verify_message_by_peer().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a public and a private ECC key.
This is X25519 DH (RFC 7748 Section 5) and corresponds to H(X25519(b,X25519(a,9))) where b := priv, pub := X25519(a,9), and a := GNUNET_CRYPTO_ecdhe_key_create().
| priv | private key to use for the ECDH (x) |
| pub | public key to use for the ECDH (yG) |
| key_material | where to write the key material (xyG) |
Definition at line 732 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by checkvec(), derive_session_keys(), output_vectors(), print_examples_ecdh(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a ECDH public key and a private EdDSA key.
Dual to #GNUNET_CRRYPTO_ecdh_eddsa. This uses the Ed25519 private seed as X25519 seed. As such, this also is a X25519 DH (see GNUNET_CRYPTO_ecc_ecdh). NOTE: Whenever you can get away with it, use separate key pairs for signing and encryption (DH)!
| priv | private key from EdDSA to use for the ECDH (x) |
| pub | public key to use for the ECDH (yG) |
| key_material | where to write the key material H(h(x)yG) |
Definition at line 745 of file crypto_ecc.c.
References GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by update_ax_by_kx().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_x25519_ecdh | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | sk, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pk, | ||
| struct GNUNET_CRYPTO_EcdhePublicKey * | dh | ||
| ) |
Derive key material from a ECDH public key and a private X25519 key.
Dual to #GNUNET_CRRYPTO_ecdh_x25519. NOTE: Whenever you can get away with it, use separate key pairs for signing and encryption (DH)!
| sk | private key from X25519 to use for the ECDH (x) |
| pk | public key to use for the ECDH (yG) |
| additional_data | this is fed into HKDF-Extract along with the ECDH shared secret |
| ad_len | Length of the additional data |
| dh | the DH shared secret (NOTE: Derive key from this before use!) |
Definition at line 767 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_OK, GNUNET_SYSERR, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, and GNUNET_CRYPTO_EcdhePublicKey::q_y.
Referenced by GNUNET_CRYPTO_hpke_elligator_kem_decaps(), and GNUNET_CRYPTO_hpke_kem_decaps().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_kem_decaps | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | prk | ||
| ) |
Decapsulate a key for a private X25519 key.
Dual to GNUNET_CRYPTO_hpke_kem_encaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| priv | private key from X25519 to use for the ECDH (x) |
| c | the encapsulated key |
| prk | where to write the key material |
Definition at line 370 of file crypto_hpke.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_HPKE_KEM_SUITE_ID, GNUNET_CRYPTO_hpke_labeled_extract_and_expand(), GNUNET_CRYPTO_x25519_ecdh(), GNUNET_OK, and GNUNET_SYSERR.
Referenced by GNUNET_CRYPTO_eddsa_kem_decaps(), and GNUNET_CRYPTO_hpke_receiver_setup2().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_kem_encaps | ( | const struct GNUNET_CRYPTO_EcdhePublicKey * | pkR, |
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | prk | ||
| ) |
Encapsulate key material for a X25519 public key.
Dual to GNUNET_CRYPTO_hpke_kem_decaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| pkR | public key of receiver |
| c | public key from X25519 to use for the ECDH (X=h(x)G) |
| prk | where to write the key material |
Definition at line 299 of file crypto_hpke.c.
References GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_hpke_kem_encaps_norand(), and pub.
Referenced by GNUNET_CRYPTO_eddsa_kem_encaps().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_kem_encaps_norand | ( | const struct GNUNET_CRYPTO_EcdhePublicKey * | pkR, |
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| const struct GNUNET_CRYPTO_EcdhePrivateKey * | skE, | ||
| struct GNUNET_ShortHashCode * | prk | ||
| ) |
Deterministic variant of GNUNET_CRYPTO_hpke_kem_encaps.
Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| pkR | public key of receiver |
| c | public key from X25519 to use for the ECDH (X=h(x)G) |
| skE | ephemeral private key from X25519 to use |
| prk | where to write the key material |
Definition at line 282 of file crypto_hpke.c.
References enc, GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_HPKE_KEM_SUITE_ID, and kem_encaps_norand().
Referenced by GNUNET_CRYPTO_hpke_kem_encaps(), and GNUNET_CRYPTO_hpke_sender_setup2().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_authkem_encaps_norand | ( | const struct GNUNET_CRYPTO_EcdhePublicKey * | pkR, |
| const struct GNUNET_CRYPTO_EcdhePrivateKey * | skS, | ||
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| const struct GNUNET_CRYPTO_EcdhePrivateKey * | skE, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Encapsulate authenticated key material for a X25519 public key.
Deterministic variant of GNUNET_CRYPTO_hpke_authkem_encaps. Dual to GNUNET_CRYPTO_hpke_authkem_decaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| pkR | public key of receiver |
| skS | secret of the authenticating sender |
| c | public key from X25519 to use for the ECDH (X=h(x)G) |
| shared_secret | where to write the key material |
Definition at line 212 of file crypto_hpke.c.
References authkem_encaps_norand(), GNUNET_CRYPTO_ecdhe_key_get_public(), and GNUNET_CRYPTO_HPKE_KEM_SUITE_ID.
Referenced by GNUNET_CRYPTO_hpke_authkem_encaps(), and GNUNET_CRYPTO_hpke_sender_setup2().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_authkem_encaps | ( | const struct GNUNET_CRYPTO_EcdhePublicKey * | pkR, |
| const struct GNUNET_CRYPTO_EcdhePrivateKey * | skS, | ||
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Encapsulate authenticated key material for a X25519 public key.
Dual to GNUNET_CRYPTO_hpke_kem_encaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| pkR | public key of receiver |
| skS | secret of the authenticating sender |
| c | public key from X25519 to use for the ECDH (X=h(x)G) |
| shared_secret | where to write the key material |
Definition at line 230 of file crypto_hpke.c.
References GNUNET_CRYPTO_ecdhe_key_create(), and GNUNET_CRYPTO_hpke_authkem_encaps_norand().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_authkem_decaps | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | skR, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pkS, | ||
| const struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Decapsulate a key for a private X25519 key.
Dual to GNUNET_CRYPTO_hpke_authkem_encaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| skR | secret key of receiver |
| pkS | public key of the authenticating sender |
| c | the encapsulated key |
| shared_secret | where to write the key material |
Definition at line 327 of file crypto_hpke.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_ecdh_x25519(), GNUNET_CRYPTO_HPKE_KEM_SUITE_ID, GNUNET_CRYPTO_hpke_labeled_extract_and_expand(), GNUNET_OK, and GNUNET_SYSERR.
Referenced by GNUNET_CRYPTO_hpke_receiver_setup2().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand | ( | uint8_t | random_tweak, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pkR, | ||
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey * | skE, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Carries out ecdh encapsulation with given public key and the private key from a freshly created ephemeral key pair.
Following the terminology in https://eprint.iacr.org/2021/509.pdf. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| random_tweak | random 8-bit value used as seed |
| pkR | public key of receiver |
| c | representative of ephemeral public key A to use for the ECDH (direct_map(r)=A=aG) |
| skE | special elligator ephemeral private key from X25519 to use |
| shared_secret | where to write the key material HKDF-Extract(r||aX)=HKDF-Extract(r||x(aG)) |
Definition at line 423 of file crypto_hpke.c.
References GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand(), GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID, and kem_encaps_norand().
Referenced by GNUNET_CRYPTO_hpke_elligator_kem_encaps(), GNUNET_CRYPTO_hpke_sender_setup2(), and main().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_kem_encaps | ( | const struct GNUNET_CRYPTO_EcdhePublicKey * | pkR, |
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Carries out ecdh encapsulation with given public key and the private key from a freshly created ephemeral key pair.
Following the terminology in https://eprint.iacr.org/2021/509.pdf. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| pkR | Receiver public key (X) |
| c | representative of ephemeral public key A to use for the ECDH (direct_map(r)=A=aG) |
| shared_secret | where to write the key material HKDF-Extract(r||aX)=HKDF-Extract(r||x(aG)) |
Definition at line 449 of file crypto_hpke.c.
References GNUNET_CRYPTO_ecdhe_elligator_key_create(), GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand(), GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_block().
Referenced by setup_initial_shared_secret_ephemeral(), and start_initial_kx_out().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_kem_decaps | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | skR, |
| const struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Carries out ecdh decapsulation with own private key and the representative of the received public key.
Following the terminology in https://eprint.iacr.org/2021/509.pdf. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| skR | sender private key (x) |
| r | received representative r, from which we can obtain the public key A (direct_map(r)=A=aG) |
| shared_secret | where to write the key material HKDF-Extract(r||aX)=HKDF-Extract(r||x(aG)) |
Definition at line 470 of file crypto_hpke.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, GNUNET_CRYPTO_ecdhe_elligator_decoding(), GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID, GNUNET_CRYPTO_hpke_labeled_extract_and_expand(), GNUNET_CRYPTO_x25519_ecdh(), GNUNET_OK, and GNUNET_CRYPTO_ElligatorRepresentative::r.
Referenced by GNUNET_CRYPTO_hpke_receiver_setup2(), setup_in_cipher_elligator(), and setup_initial_shared_secret_dec().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_authkem_encaps_norand | ( | const struct GNUNET_CRYPTO_EcdhePublicKey * | pkR, |
| const struct GNUNET_CRYPTO_EcdhePrivateKey * | skS, | ||
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey * | skE, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Encapsulate authenticated key material for a X25519 public key.
Elligator variant. Deterministic variant of GNUNET_CRYPTO_hpke_authkem_encaps. Dual to GNUNET_CRYPTO_hpke_authkem_decaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| pkR | public key of receiver |
| skS | secret of the authenticating sender |
| c | public key from X25519 to use for the ECDH (X=h(x)G) |
| shared_secret | where to write the key material |
Definition at line 506 of file crypto_hpke.c.
References authkem_encaps_norand(), GNUNET_CRYPTO_ecdhe_elligator_key_get_public(), and GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID.
Referenced by GNUNET_CRYPTO_hpke_elligator_authkem_encaps().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_authkem_encaps | ( | const struct GNUNET_CRYPTO_EcdhePublicKey * | pkR, |
| const struct GNUNET_CRYPTO_EcdhePrivateKey * | skS, | ||
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Encapsulate authenticated key material for a X25519 public key.
Elligator variant. Dual to GNUNET_CRYPTO_hpke_kem_encaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| pkR | public key of receiver |
| skS | secret of the authenticating sender |
| c | public key from X25519 to use for the ECDH (X=h(x)G) |
| shared_secret | where to write the key material |
Definition at line 531 of file crypto_hpke.c.
References GNUNET_CRYPTO_ecdhe_elligator_key_create(), and GNUNET_CRYPTO_hpke_elligator_authkem_encaps_norand().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_authkem_decaps | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | skR, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pkS, | ||
| const struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Decapsulate a key for a private X25519 key.
Elligator variant. Dual to GNUNET_CRYPTO_hpke_authkem_encaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| skR | private key from X25519 to use for the ECDH (x) |
| pkS | public key of the authenticating sender |
| c | the encapsulated key |
| shared_secret | where to write the key material |
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_decaps | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | prk | ||
| ) |
Decapsulate a key for a private EdDSA key.
Dual to #GNUNET_CRRYPTO_eddsa_kem_encaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| priv | private key from EdDSA to use for the ECDH (x) |
| c | the encapsulated key |
| prk | where to write the key material HKDF-Extract(c||aX)=HKDF-Extract(c||x(aG)) |
Definition at line 407 of file crypto_hpke.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_CRYPTO_hpke_kem_decaps(), and GNUNET_SYSERR.
Referenced by handle_dv_box(), setup_in_cipher(), and setup_shared_secret_dec().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_encaps | ( | const struct GNUNET_CRYPTO_EddsaPublicKey * | pub, |
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | prk | ||
| ) |
Encapsulate key material for a EdDSA public key.
Dual to #GNUNET_CRRYPTO_eddsa_kem_decaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| priv | private key to use for the ECDH (y) |
| c | public key from EdDSA to use for the ECDH (X=h(x)G) |
| prk | where to write the key material HKDF-Extract(c||aX)=HKDF-Extract(c||x(aG)) |
Definition at line 312 of file crypto_hpke.c.
References GNUNET_CRYPTO_hpke_kem_encaps(), GNUNET_SYSERR, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, and GNUNET_CRYPTO_EcdhePublicKey::q_y.
Referenced by encapsulate_for_dv(), inject_rekey(), and setup_shared_secret_ephemeral().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
HPKE END.
Derive key material from a ECDH public key and a private ECDSA key. Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.
| priv | private key from ECDSA to use for the ECDH (x) |
| pub | public key to use for the ECDH (yG) |
| key_material | where to write the key material H(h(x)yG) |
Definition at line 805 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EddsaPublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a EdDSA public key and a private ECDH key.
Dual to #GNUNET_CRRYPTO_eddsa_ecdh. This converts the Edwards25519 public key pub to a Curve25519 public key before computing a X25519 DH (see GNUNET_CRYPTO_ecc_ecdh). The resulting X25519 secret is then derived to a key using SHA-512. NOTE: Whenever you can get away with it, use separate key pairs for signing and encryption (DH)!
| priv | private key to use for the ECDH (y) |
| pub | public key from EdDSA to use for the ECDH (X=h(x)G) |
| key_material | where to write the key material H(yX)=H(h(x)yG) |
Definition at line 823 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by checkvec(), output_vectors(), and update_ax_by_kx().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_x25519 | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_CRYPTO_EcdhePublicKey * | dh | ||
| ) |
Derive key material from a EdDSA public key and a private ECDH key.
Dual to #GNUNET_CRRYPTO_x25519_ecdh. NOTE: Whenever you can get away with it, use separate key pairs for signing and encryption (DH)!
| priv | private key to use for the ECDH (y) |
| pub | public key from EdDSA to use for the ECDH (X=h(x)G) |
| dh | the DH shared secret (NOTE: Derive key from this before use!) |
Definition at line 783 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, pk, and GNUNET_CRYPTO_EcdhePublicKey::q_y.
Referenced by authkem_encaps_norand(), GNUNET_CRYPTO_hpke_authkem_decaps(), and kem_encaps_norand().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdsaPublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a EcDSA public key and a private ECDH key.
Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.
| priv | private key to use for the ECDH (y) |
| pub | public key from ECDSA to use for the ECDH (X=h(x)G) |
| key_material | where to write the key material H(yX)=H(h(x)yG) |
Definition at line 841 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_EddsaSignature * | sig | ||
| ) |
EdDSA sign a given block.
The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_eddsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).
| priv | private key to use for the signing | |
| purpose | what to sign (size, purpose) | |
| [out] | sig | where to write the signature |
Definition at line 625 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_OK, GNUNET_SYSERR, pk, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.
Referenced by do_dht_put(), GNUNET_CRYPTO_sign_(), GNUNET_CRYPTO_sign_by_peer_identity(), GNUNET_CRYPTO_sign_raw_(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), regex_iterator(), setup_flood_message(), and sign_ephemeral_key().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_EcdsaSignature * | sig | ||
| ) |
ECDSA Sign a given block.
The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).
| priv | private key to use for the signing | |
| purpose | what to sign (size, purpose) | |
| [out] | sig | where to write the signature |
Definition at line 554 of file crypto_ecc.c.
References _, BENCHMARK_END, BENCHMARK_START, data, data_to_ecdsa_value(), decode_private_ecdsa_key(), GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_WARNING, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), LOG, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.
Referenced by GNUNET_CRYPTO_ecdsa_sign_derived(), GNUNET_CRYPTO_sign_(), GNUNET_CRYPTO_sign_raw_(), and GNUNET_FS_publish_ublock_().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_sign_ | ( | const struct GNUNET_CRYPTO_Edx25519PrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_Edx25519Signature * | sig | ||
| ) |
Edx25519 sign a given block.
The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_edx25519_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).
| priv | private key to use for the signing | |
| purpose | what to sign (size, purpose) | |
| [out] | sig | where to write the signature |
Edx25519 sign a given block.
But instead of expanding a private seed (which is usually the case for crypto APIs) and using the resulting scalars, it takes the scalars directly from Edx25519PrivateKey. We require this functionality in order to use derived private keys for signatures.
The resulting signature is a standard EdDSA signature which can be verified using the usual APIs.
| priv | the private key (containing two scalars .a and .b) |
| purp | the signature purpose |
| sig | the resulting signature |
Calculate the public key P from the private scalar in the key.
Calculate r: r = SHA512 (b ∥ M) where M is our message (purpose).
Temporarily put P into S
Reduce the scalar value r
Calculate R := r * G of the signature
Calculate hram := SHA512 (R ∥ P ∥ M)
Reduce the resulting scalar value
Calculate S := r + hram * s mod L
Definition at line 103 of file crypto_edx25519.c.
References GNUNET_CRYPTO_Edx25519PrivateKey::a, GNUNET_CRYPTO_Edx25519PrivateKey::b, GNUNET_OK, GNUNET_CRYPTO_Edx25519Signature::r, GNUNET_CRYPTO_Edx25519Signature::s, and GNUNET_CRYPTO_EccSignaturePurpose::size.
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_ | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_EddsaSignature * | sig, | ||
| const struct GNUNET_CRYPTO_EddsaPublicKey * | pub | ||
| ) |
Verify EdDSA signature.
The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| pub | public key of the signer |
Definition at line 708 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_OK, GNUNET_SYSERR, m, pub, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.
Referenced by block_plugin_dns_check_block(), block_plugin_regex_check_block(), GNUNET_CRYPTO_signature_verify_(), GNUNET_CRYPTO_signature_verify_raw_(), GNUNET_CRYPTO_verify_peer_identity(), GNUNET_GNSRECORD_block_verify(), handle_ephemeral_key(), keygen_round1_new_element(), keygen_round2_new_element(), and verify_message_crypto().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_ | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_EcdsaSignature * | sig, | ||
| const struct GNUNET_CRYPTO_EcdsaPublicKey * | pub | ||
| ) |
Verify ECDSA signature.
The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| pub | public key of the signer |
Definition at line 649 of file crypto_ecc.c.
References _, BENCHMARK_END, BENCHMARK_START, CURVE, data, data_to_ecdsa_value(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_OK, GNUNET_SYSERR, LOG, LOG_GCRY, pub, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.
Referenced by block_plugin_fs_check_block(), GNUNET_CRYPTO_signature_verify_(), GNUNET_CRYPTO_signature_verify_raw_(), and GNUNET_GNSRECORD_block_verify().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_verify_ | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_Edx25519Signature * | sig, | ||
| const struct GNUNET_CRYPTO_Edx25519PublicKey * | pub | ||
| ) |
Verify Edx25519 signature.
The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_edx25519_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| pub | public key of the signer |
Definition at line 186 of file crypto_edx25519.c.
References GNUNET_OK, GNUNET_SYSERR, m, pub, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.
| struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_private_key_derive | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| const char * | label, | ||
| const char * | context | ||
| ) |
Derive a private key from a given private key and a label.
Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.
| priv | original private key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'; typically the name of the subsystem/application |
Definition at line 202 of file crypto_ecc_gnsrecord.c.
References context, ctx, CURVE, d, GNUNET_CRYPTO_EcdsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_new, h, pub, and ret.
Referenced by GNUNET_CRYPTO_ecdsa_sign_derived(), GNUNET_FS_publish_ublock_(), and run_pkey().
| void GNUNET_CRYPTO_ecdsa_public_key_derive | ( | const struct GNUNET_CRYPTO_EcdsaPublicKey * | pub, |
| const char * | label, | ||
| const char * | context, | ||
| struct GNUNET_CRYPTO_EcdsaPublicKey * | result | ||
| ) |
Derive a public key from a given public key and a label.
Essentially calculates a public key 'V = H(l,P) * P'.
| pub | original public key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'. typically the name of the subsystem/application |
| result | where to write the derived public key |
Definition at line 247 of file crypto_ecc_gnsrecord.c.
References context, ctx, CURVE, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, q, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.
Referenced by block_sign_ecdsa(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_query_from_public_key(), run_pkey(), and schedule_transmit_search_request().
| void GNUNET_CRYPTO_eddsa_private_key_derive | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const char * | label, | ||
| const char * | context, | ||
| struct GNUNET_CRYPTO_EddsaPrivateScalar * | result | ||
| ) |
Derive a private scalar from a given private key and a label.
Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'. The result is the derived private scalar, not the private key as for EdDSA we cannot derive before we hash the private key.
| priv | original private key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'; typically the name of the subsystem/application |
| result | derived private scalar |
Libsodium does not offer an API with arbitrary arithmetic. Hence we have to use libgcrypt here.
Get our modulo L
This is the standard private key expansion in Ed25519. The first 32 octets are used as a little-endian private scalar. We derive this scalar using our "h".
Get h mod L
dc now contains the private scalar "a". We calculate: d' := h * a mod L
We hash the derived "h" parameter with the other half of the expanded private key. This ensures that for signature generation, the "R" is derived from the same derivation path as "h" and is not reused.
Definition at line 300 of file crypto_ecc_gnsrecord.c.
References context, ctx, d, GNUNET_CRYPTO_EddsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, and result.
Referenced by GNUNET_CRYPTO_eddsa_sign_derived(), and run_edkey().
| void GNUNET_CRYPTO_eddsa_public_key_derive | ( | const struct GNUNET_CRYPTO_EddsaPublicKey * | pub, |
| const char * | label, | ||
| const char * | context, | ||
| struct GNUNET_CRYPTO_EddsaPublicKey * | result | ||
| ) |
Derive a public key from a given public key and a label.
Essentially calculates a public key 'V = H(l,P) * P'.
| pub | original public key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'. typically the name of the subsystem/application |
| result | where to write the derived public key |
Definition at line 388 of file crypto_ecc_gnsrecord.c.
References context, ctx, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, q, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.
Referenced by block_sign_eddsa(), GNUNET_GNSRECORD_query_from_public_key(), and run_edkey().
| void GNUNET_CRYPTO_edx25519_private_key_derive | ( | const struct GNUNET_CRYPTO_Edx25519PrivateKey * | priv, |
| const void * | seed, | ||
| size_t | seedsize, | ||
| struct GNUNET_CRYPTO_Edx25519PrivateKey * | result | ||
| ) |
Derive a private scalar from a given private key and a label.
Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.
| priv | original private key |
| seed | input seed |
| seedsize | size of the seed |
| result | derived private key |
dc now contains the private scalar "a". We carefully remove the clamping and derive a'. Calculate: a1 := a / 8 a2 := h * a1 mod n a' := a2 * 8 mod n
Definition at line 245 of file crypto_edx25519.c.
References GNUNET_CRYPTO_Edx25519PrivateKey::a, GNUNET_CRYPTO_Edx25519PrivateKey::b, derive_h(), GNUNET_assert, GNUNET_CRYPTO_edx25519_key_get_public(), GNUNET_CRYPTO_hash_context_finish(), GNUNET_CRYPTO_hash_context_read(), GNUNET_CRYPTO_hash_context_start(), h, pub, result, seed, and zero.
Referenced by output_vectors().
| void GNUNET_CRYPTO_edx25519_public_key_derive | ( | const struct GNUNET_CRYPTO_Edx25519PublicKey * | pub, |
| const void * | seed, | ||
| size_t | seedsize, | ||
| struct GNUNET_CRYPTO_Edx25519PublicKey * | result | ||
| ) |
Derive a public key from a given public key and a label.
Essentially calculates a public key 'V = H(l,P) * P'.
| pub | original public key |
| seed | input seed |
| seedsize | size of the seed |
| result | where to write the derived public key |
Definition at line 339 of file crypto_edx25519.c.
References derive_h(), GNUNET_assert, h, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, result, and seed.
Referenced by output_vectors().
| void GNUNET_CRYPTO_ecdhe_elligator_decoding | ( | struct GNUNET_CRYPTO_EcdhePublicKey * | point, |
| bool * | high_y, | ||
| const struct GNUNET_CRYPTO_ElligatorRepresentative * | representative | ||
| ) |
Clears the most significant bit and second most significant bit of the serialized representaive before applying elligator direct map.
| representative | serialized elligator representative of an element of Curves25519's finite field |
| point | destination for the calculated point on the curve |
| high_y | bool pointed to will be set to 'true' if corresponding y-coordinate is > 2 ^ 254 - 10, otherwise 0. Can be set to NULL if not needed. |
Definition at line 508 of file crypto_elligator.c.
References elligator_direct_map(), GNUNET_CRYPTO_EcdhePublicKey::q_y, and GNUNET_CRYPTO_ElligatorRepresentative::r.
Referenced by GNUNET_CRYPTO_hpke_elligator_kem_decaps().
| bool GNUNET_CRYPTO_ecdhe_elligator_encoding | ( | uint8_t | random_tweak, |
| struct GNUNET_CRYPTO_ElligatorRepresentative * | r, | ||
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub | ||
| ) |
Encodes a point on Curve25519 to a an element of the underlying finite field.
This transformation is deterministic.
| random_tweak | random 8-bit value used as seed |
| r | storage for the calculated representative |
| pub | a point on the curve |
Definition at line 359 of file crypto_elligator.c.
References A, decode_bytes(), encode_bytes(), inverted_u, least_square_root(), negative_2, p, P_BITS, P_LIMBS, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, GNUNET_CRYPTO_ElligatorRepresentative::r, result, and scratch_space_length.
Referenced by GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand | ( | uint8_t | random_tweak, |
| const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey * | sk, | ||
| struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_CRYPTO_ElligatorRepresentative * | repr | ||
| ) |
Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point.
Following Method 1 in description https://elligator.org/key-exchange section Step 2: Generate a “special” public key.
| random_tweak | random 8-bit value used as seed |
| sk | private key for generating valid public key |
| pub | valid public key for elligator inverse map |
| repr | storage for a calculated representative |
Definition at line 639 of file crypto_elligator.c.
References elligator_generate_public_key(), GNUNET_CRYPTO_ecdhe_elligator_encoding(), GNUNET_OK, GNUNET_SYSERR, pk, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by GNUNET_CRYPTO_ecdhe_elligator_key_get_public(), GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand(), and main().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdhe_elligator_key_get_public | ( | const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey * | sk, |
| struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_CRYPTO_ElligatorRepresentative * | repr | ||
| ) |
Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point.
Following Method 1 in description https://elligator.org/key-exchange section Step 2: Generate a “special” public key.
| sk | private key for generating valid public key |
| pub | valid public key for elligator inverse map |
| repr | storage for a calculated representative |
Definition at line 662 of file crypto_elligator.c.
References GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand(), GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.
Referenced by GNUNET_CRYPTO_ecdhe_elligator_key_create(), and GNUNET_CRYPTO_hpke_elligator_authkem_encaps_norand().
| void GNUNET_CRYPTO_ecdhe_elligator_key_create | ( | struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey * | sk | ) |
Generates a private key for Curve25519.
| sk | Curve25519 private key |
Definition at line 680 of file crypto_elligator.c.
References GNUNET_CRYPTO_ecdhe_elligator_key_get_public(), GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), GNUNET_OK, and pk.
Referenced by GNUNET_CRYPTO_hpke_elligator_authkem_encaps(), and GNUNET_CRYPTO_hpke_elligator_kem_encaps().
1.9.4