 |
GNUnet 0.28.0-dev.2-27-gc87478450
|
|
|
GNUnet 0.28.0-dev.2-27-gc87478450
|
|
Provides cryptographic primitives. More...
Macros | |
| #define | GNUNET_CRYPTO_eddsa_sign(priv, ps, sig) |
| EdDSA sign a given block. | |
| #define | GNUNET_CRYPTO_ecdsa_sign(priv, ps, sig) |
| ECDSA sign a given block. | |
| #define | GNUNET_CRYPTO_edx25519_sign(priv, ps, sig) |
| Edx25519 sign a given block. | |
| #define | GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub) |
| Verify EdDSA signature. | |
| #define | GNUNET_CRYPTO_ecdsa_verify(purp, ps, sig, pub) |
| Verify ECDSA signature. | |
| #define | GNUNET_CRYPTO_edx25519_verify(purp, ps, sig, pub) |
| Verify Edx25519 signature. | |
Functions | |
| void | GNUNET_CRYPTO_zero_keys (void *buffer, size_t length) |
| Zero out buffer, securely against compiler optimizations. | |
| void | GNUNET_CRYPTO_random_block (void *buffer, size_t length) |
| Fill block with a random values. | |
| void | GNUNET_CRYPTO_random_timeflake (struct GNUNET_Uuid *uuid) |
| Fill UUID with a timeflake pseudo-random value. | |
| uint32_t | GNUNET_CRYPTO_random_u32 (uint32_t i) |
| Produce a random value. | |
| uint64_t | GNUNET_CRYPTO_random_u64 (uint64_t max) |
| Generate a random unsigned 64-bit value. | |
| unsigned int * | GNUNET_CRYPTO_random_permute (unsigned int n) |
| Get an array with a random permutation of the numbers 0...n-1. | |
| void | GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key) |
| Create a new random session key. | |
| ssize_t | GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result) |
| Encrypt a block using a symmetric sessionkey. | |
| ssize_t | GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result) |
| Decrypt a given block using a symmetric sessionkey. | |
| void | GNUNET_CRYPTO_aes_ctr (const void *in_buf, size_t in_buf_len, const unsigned char key[(256/8)], const unsigned char iv[(128/8)], void *out_buf) |
| Decrypt or encrypt a given block using a symmetric key using AES in counter mode. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_xsalsa20poly1305_decrypt (size_t in_buf_len, const unsigned char in_buf[in_buf_len], const struct GNUNET_CRYPTO_XSalsa20SecretKey *key, const struct GNUNET_CRYPTO_XSalsa20Nonce *nonce, void *out_buf) |
| Encrypt the given data using XSalsa20-Poly1305. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_xsalsa20poly1305_encrypt (size_t in_buf_len, const unsigned char in_buf[in_buf_len], const struct GNUNET_CRYPTO_XSalsa20SecretKey *key, const struct GNUNET_CRYPTO_XSalsa20Nonce *nonce, void *out_buf) |
| Encrypt the given data using XSalsa20-Poly1305. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_aead_decrypt (size_t ct_len, const unsigned char ct[ct_len], size_t aad_len, const unsigned char aad[aad_len], const struct GNUNET_CRYPTO_AeadSecretKey *key, const struct GNUNET_CRYPTO_AeadNonce *nonce, const struct GNUNET_CRYPTO_AeadMac *mac, void *pt) |
| Decrypt the given data using XChaCha20-Poly1305. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_aead_encrypt (size_t pt_len, const unsigned char pt[pt_len], size_t aad_len, const unsigned char aad[aad_len], const struct GNUNET_CRYPTO_AeadSecretKey *key, const struct GNUNET_CRYPTO_AeadNonce *nonce, void *ct, struct GNUNET_CRYPTO_AeadMac *mac) |
| Encrypt the given data using XChaCha20-Poly1305. | |
| void | GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub) |
| Derive key. | |
| void | GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub) |
| Extract the public key for the given private key. | |
| void | GNUNET_CRYPTO_edx25519_key_get_public (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub) |
| Extract the public key for the given private key. | |
| void | GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub) |
| Extract the public key for the given private key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_eddsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey) |
| Create a new private key by reading it from a file. | |
| struct GNUNET_CRYPTO_EddsaPrivateKey * | GNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg) |
| Create a new private key by reading our peer's key from the file specified in the configuration. | |
| void | GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk) |
| Create a new private key. | |
| void | GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk) |
| Create a new private key. | |
| void | GNUNET_CRYPTO_edx25519_key_create (struct GNUNET_CRYPTO_Edx25519PrivateKey *pk) |
| Create a new private key. | |
| void | GNUNET_CRYPTO_edx25519_key_create_from_seed (const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *pk) |
| Create a new private key for Edx25519 from a given seed. | |
| void | GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk) |
| Create a new private key. | |
| void | GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk) |
| Clear memory that was used to store a private key. | |
| void | GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk) |
| Clear memory that was used to store a private key. | |
| void | GNUNET_CRYPTO_edx25519_key_clear (struct GNUNET_CRYPTO_Edx25519PrivateKey *pk) |
| Clear memory that was used to store a private key. | |
| void | GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk) |
| Clear memory that was used to store a private key. | |
| void | GNUNET_CRYPTO_private_key_clear (struct GNUNET_CRYPTO_BlindablePrivateKey *pk) |
| Clear memory that was used to store a private key. | |
| const struct GNUNET_CRYPTO_EcdsaPrivateKey * | GNUNET_CRYPTO_ecdsa_key_get_anonymous (void) |
| Get the shared private key we use for anonymous users. | |
| const struct GNUNET_CRYPTO_EddsaPrivateKey * | GNUNET_CRYPTO_eddsa_key_get_anonymous () |
| Get the shared private key we use for anonymous users. | |
| void | GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name) |
| Setup a hostkey file for a peer given the name of the configuration file (!). | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst) |
| Retrieve the identity of the host's peer. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_blinded_key_sign_by_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig) |
| Sign a given block with a specific purpose using the host's peer identity. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_verify_peer_identity (uint32_t purpose, const struct GNUNET_CRYPTO_SignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_PeerIdentity *identity) |
| Verify a given signature with a peer's identity. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material) |
| Derive key material from a public and a private ECC key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material) |
| Derive key material from a ECDH public key and a private EdDSA key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_x25519_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *sk, const struct GNUNET_CRYPTO_EcdhePublicKey *pk, struct GNUNET_CRYPTO_EcdhePublicKey *dh) |
| Derive key material from a ECDH public key and a private X25519 key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_hpke_kem_decaps (const struct GNUNET_CRYPTO_HpkePrivateKey *priv, const struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *prk) |
| Decapsulate a key for a private X25519 key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_hpke_kem_encaps (const struct GNUNET_CRYPTO_HpkePublicKey *pkR, struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *prk) |
| Encapsulate key material for a X25519 public key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_hpke_kem_encaps_norand (const struct GNUNET_CRYPTO_HpkePublicKey *pkR, struct GNUNET_CRYPTO_HpkeEncapsulation *c, const struct GNUNET_CRYPTO_HpkePrivateKey *skE, struct GNUNET_ShortHashCode *prk) |
| Deterministic variant of GNUNET_CRYPTO_hpke_kem_encaps. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand (uint8_t random_tweak, const struct GNUNET_CRYPTO_HpkePublicKey *pkR, struct GNUNET_CRYPTO_HpkeEncapsulation *c, const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *skE, struct GNUNET_ShortHashCode *shared_secret) |
| Carries out ecdh encapsulation with given public key and the private key from a freshly created ephemeral key pair. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_hpke_elligator_kem_encaps (const struct GNUNET_CRYPTO_HpkePublicKey *pkR, struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *shared_secret) |
| Carries out ecdh encapsulation with given public key and the private key from a freshly created ephemeral key pair. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_hpke_elligator_kem_decaps (const struct GNUNET_CRYPTO_HpkePrivateKey *skR, const struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *shared_secret) |
| Carries out ecdh decapsulation with own private key and the representative of the received public key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_eddsa_kem_decaps (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *prk) |
| Decapsulate a key for a private EdDSA key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_eddsa_kem_encaps (const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_CRYPTO_HpkeEncapsulation *c, struct GNUNET_ShortHashCode *prk) |
| Encapsulate key material for a EdDSA public key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material) |
| HPKE END. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material) |
| Derive key material from a EdDSA public key and a private ECDH key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_ecdh_x25519 (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_CRYPTO_EcdhePublicKey *dh) |
| Derive key material from a EdDSA public key and a private ECDH key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material) |
| Derive key material from a EcDSA public key and a private ECDH key. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_eddsa_sign_ (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig) |
| EdDSA sign a given block. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_ecdsa_sign_ (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig) |
| ECDSA Sign a given block. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_edx25519_sign_ (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, struct GNUNET_CRYPTO_Edx25519Signature *sig) |
| Edx25519 sign a given block. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_eddsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_SignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub) |
| Verify EdDSA signature. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_ecdsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_SignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub) |
| Verify ECDSA signature. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_edx25519_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_SignaturePurpose *validate, const struct GNUNET_CRYPTO_Edx25519Signature *sig, const struct GNUNET_CRYPTO_Edx25519PublicKey *pub) |
| Verify Edx25519 signature. | |
| struct GNUNET_CRYPTO_EcdsaPrivateKey * | GNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context) |
| Derive a private key from a given private key and a label. | |
| void | GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result) |
| Derive a public key from a given public key and a label. | |
| void | GNUNET_CRYPTO_eddsa_private_key_derive (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPrivateScalar *result) |
| Derive a private scalar from a given private key and a label. | |
| void | GNUNET_CRYPTO_eddsa_public_key_derive (const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result) |
| Derive a public key from a given public key and a label. | |
| void | GNUNET_CRYPTO_edx25519_private_key_derive (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result) |
| Derive a private scalar from a given private key and a label. | |
| void | GNUNET_CRYPTO_edx25519_public_key_derive (const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result) |
| Derive a public key from a given public key and a label. | |
| void | GNUNET_CRYPTO_ecdhe_elligator_decoding (struct GNUNET_CRYPTO_EcdhePublicKey *point, bool *high_y, const struct GNUNET_CRYPTO_ElligatorRepresentative *representative) |
| Clears the most significant bit and second most significant bit of the serialized representaive before applying elligator direct map. | |
| bool | GNUNET_CRYPTO_ecdhe_elligator_encoding (uint8_t random_tweak, struct GNUNET_CRYPTO_ElligatorRepresentative *r, const struct GNUNET_CRYPTO_EcdhePublicKey *pub) |
| Encodes a point on Curve25519 to a an element of the underlying finite field. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand (uint8_t random_tweak, const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *sk, struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_CRYPTO_ElligatorRepresentative *repr) |
| Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point. | |
| enum GNUNET_GenericReturnValue | GNUNET_CRYPTO_ecdhe_elligator_key_get_public (const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *sk, struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_CRYPTO_ElligatorRepresentative *repr) |
| Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point. | |
| void | GNUNET_CRYPTO_ecdhe_elligator_key_create (struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey *sk) |
| Generates a private key for Curve25519. | |
Provides cryptographic primitives.
| #define GNUNET_CRYPTO_eddsa_sign | ( | priv, | |
| ps, | |||
| sig | |||
| ) |
EdDSA sign a given block.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| priv | private key to use for the signing | |
| ps | packed struct with what to sign, MUST begin with a purpose | |
| [out] | sig | where to write the signature |
Definition at line 2883 of file gnunet_crypto_lib.h.
| #define GNUNET_CRYPTO_ecdsa_sign | ( | priv, | |
| ps, | |||
| sig | |||
| ) |
ECDSA sign a given block.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| priv | private key to use for the signing | |
| ps | packed struct with what to sign, MUST begin with a purpose | |
| [out] | sig | where to write the signature |
Definition at line 2946 of file gnunet_crypto_lib.h.
| #define GNUNET_CRYPTO_edx25519_sign | ( | priv, | |
| ps, | |||
| sig | |||
| ) |
Edx25519 sign a given block.
The resulting signature is compatible with EdDSA.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| priv | private key to use for the signing | |
| ps | packed struct with what to sign, MUST begin with a purpose | |
| [out] | sig | where to write the signature |
Definition at line 2993 of file gnunet_crypto_lib.h.
Verify EdDSA signature.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| purp | purpose of the signature, must match 'ps->purpose.purpose' (except in host byte order) |
| ps | packed struct with what to sign, MUST begin with a purpose |
| sig | where to write the signature |
| pub | public key key to use for the verification |
Definition at line 3046 of file gnunet_crypto_lib.h.
Verify ECDSA signature.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| purp | purpose of the signature, must match 'ps->purpose.purpose' (except in host byte order) |
| priv | private key to use for the signing |
| ps | packed struct with what to sign, MUST begin with a purpose |
| sig | where to write the signature |
Definition at line 3099 of file gnunet_crypto_lib.h.
Verify Edx25519 signature.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| purp | purpose of the signature, must match 'ps->purpose.purpose' (except in host byte order) |
| priv | private key to use for the signing |
| ps | packed struct with what to sign, MUST begin with a purpose |
| sig | where to write the signature |
Definition at line 3151 of file gnunet_crypto_lib.h.
| void GNUNET_CRYPTO_zero_keys | ( | void * | buffer, |
| size_t | length | ||
| ) |
Zero out buffer, securely against compiler optimizations.
Used to delete key material.
| buffer | the buffer to zap |
| length | buffer length |
Definition at line 87 of file crypto_random.c.
References p.
Referenced by create_handle(), delete_store_message(), destroy_handle(), GNUNET_PILS_destroy_key_ring(), read_handle_encryption_key(), read_handle_epoch_key(), store_handle_encryption_key(), and store_handle_epoch_key().
| void GNUNET_CRYPTO_random_block | ( | void * | buffer, |
| size_t | length | ||
| ) |
Fill block with a random values.
| [out] | buffer | the buffer to fill |
| length | buffer length |
Definition at line 102 of file crypto_random.c.
Referenced by client_quic_init(), connection_init(), create_message_announcement(), create_message_revolution(), delayed_put(), do_pad(), encapsulate_for_dv(), encode_message_body(), encrypt_secret_message(), GCC_create(), generate_free_member_id(), get_new_connection_id_cb(), GNUNET_async_scope_fresh(), GNUNET_CRYPTO_ecdhe_elligator_key_create(), GNUNET_CRYPTO_ecdhe_elligator_key_get_public(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_edx25519_key_create(), GNUNET_CRYPTO_hpke_elligator_kem_encaps(), GNUNET_CRYPTO_hpke_sender_setup2(), GNUNET_CRYPTO_hpke_sk_create(), GNUNET_CRYPTO_random_timeflake(), GNUNET_MESSENGER_create_room_key(), handle_validation_response(), load_ikm(), mq_init(), output_vectors(), prepare_pending_acknowledgement(), rand_cb(), random_epoch_announcement_identifier(), random_epoch_group_identifier(), RPS_sampler_elem_reinit(), run(), run(), sock_read(), start_address_validation(), start_dv_learn(), store_handle_encryption_key(), store_handle_epoch_key(), transmit_kx(), and transmit_kx().
| void GNUNET_CRYPTO_random_timeflake | ( | struct GNUNET_Uuid * | uuid | ) |
Fill UUID with a timeflake pseudo-random value.
Note that timeflakes use only 80 bits of randomness and 48 bits to encode a timestamp in milliseconds. So what we return here is not a completely random number.
| [out] | uuid | the value to fill |
Definition at line 151 of file crypto_random.c.
References GNUNET_TIME_Absolute::abs_value_us, GNUNET_CRYPTO_random_block(), GNUNET_htonll(), GNUNET_TIME_absolute_get(), and GNUNET_TIME_UNIT_MILLISECONDS.
| uint32_t GNUNET_CRYPTO_random_u32 | ( | uint32_t | i | ) |
Produce a random value.
| max | the upper limit (exclusive) for the random number |
Definition at line 111 of file crypto_random.c.
References GNUNET_assert, and max.
Referenced by allocate_v4_address(), allocate_v6_address(), channel_new_cb(), channel_new_cb(), channel_new_cb(), compute_rand_delay(), compute_service_response(), daemon_started(), delayed_get(), delayed_put(), download_get_url(), generate_request_id(), get_any(), get_bootstrap_server(), get_delay_randomization(), get_forward_count(), get_random_literal(), get_random_peer_from_peermap(), get_randomized_delay(), get_request_socket(), get_typed(), GNUNET_BLOCK_GROUP_bf_create(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_client_evaluate(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), join_room_run(), ogg_init(), plan(), queue(), queue(), reannounce_regex(), recursive_dns_resolution(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), route_control_message_without_fc(), route_via_neighbour(), select_peer(), send_bloomfilter(), send_bloomfilter(), setup_fresh_address(), should_I_drop(), shuffle_answers(), sign_dv_init_cb(), test_run(), and try_open_exit().
| uint64_t GNUNET_CRYPTO_random_u64 | ( | uint64_t | max | ) |
Generate a random unsigned 64-bit value.
| max | value returned will be in range [0,max) (exclusive) |
Definition at line 143 of file crypto_random.c.
References GNUNET_assert, and max.
Referenced by activate_core_visible_dv_path(), calculate_fork_degree(), choose_exit(), dht_connected(), get_transmit_delay(), GNUNET_DHT_connect(), GNUNET_GNSRECORD_pow_start(), handle_dht_p2p_put(), handle_flow_control(), handle_validation_response(), ifc_broadcast(), namestore_flat_store_records(), namestore_postgres_store_records(), namestore_sqlite_store_records(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), run(), sampler_get_rand_peer(), send_find_peer_message(), send_full_set(), send_initiator_hello(), send_responder_hello(), setup_out_cipher(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().
| unsigned int * GNUNET_CRYPTO_random_permute | ( | unsigned int | n | ) |
Get an array with a random permutation of the numbers 0...n-1.
| n | the size of the array |
Definition at line 120 of file crypto_random.c.
References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, and ret.
Referenced by compute_service_response(), and do_round().
| void GNUNET_CRYPTO_symmetric_create_session_key | ( | struct GNUNET_CRYPTO_SymmetricSessionKey * | key | ) |
Create a new random session key.
| key | key to initialize |
Create a new random session key.
| key | session key to initialize |
Definition at line 42 of file crypto_symmetric.c.
References GNUNET_CRYPTO_AES_KEY_LENGTH, and key.
| ssize_t GNUNET_CRYPTO_symmetric_encrypt | ( | const void * | block, |
| size_t | size, | ||
| const struct GNUNET_CRYPTO_SymmetricSessionKey * | sessionkey, | ||
| const struct GNUNET_CRYPTO_SymmetricInitializationVector * | iv, | ||
| void * | result | ||
| ) |
Encrypt a block using a symmetric sessionkey.
| block | the block to encrypt |
| size | the size of the block |
| sessionkey | the key used to encrypt |
| iv | the initialization vector to use, use INITVALUE for streams. |
Definition at line 118 of file crypto_symmetric.c.
References GNUNET_assert, GNUNET_NZL, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.
| ssize_t GNUNET_CRYPTO_symmetric_decrypt | ( | const void * | block, |
| size_t | size, | ||
| const struct GNUNET_CRYPTO_SymmetricSessionKey * | sessionkey, | ||
| const struct GNUNET_CRYPTO_SymmetricInitializationVector * | iv, | ||
| void * | result | ||
| ) |
Decrypt a given block using a symmetric sessionkey.
| block | the data to decrypt, encoded as returned by encrypt |
| size | how big is the block? |
| sessionkey | the key used to decrypt |
| iv | the initialization vector to use |
| result | address to store the result at |
Definition at line 144 of file crypto_symmetric.c.
References GNUNET_assert, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.
| void GNUNET_CRYPTO_aes_ctr | ( | const void * | in_buf, |
| size_t | in_buf_len, | ||
| const unsigned char | key[(256/8)], | ||
| const unsigned char | iv[(128/8)], | ||
| void * | out_buf | ||
| ) |
Decrypt or encrypt a given block using a symmetric key using AES in counter mode.
| in_buf | the data to en/decrypt |
| in_buf_len | the size if the data in bytes |
| key | the AES key to use |
| iv | the initialization vector to use |
| out_buf | buffer to store the result at |
Referenced by block_create_ecdsa(), and block_decrypt_ecdsa().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_xsalsa20poly1305_decrypt | ( | size_t | in_buf_len, |
| const unsigned char | in_buf[in_buf_len], | ||
| const struct GNUNET_CRYPTO_XSalsa20SecretKey * | key, | ||
| const struct GNUNET_CRYPTO_XSalsa20Nonce * | nonce, | ||
| void * | out_buf | ||
| ) |
Encrypt the given data using XSalsa20-Poly1305.
Used only in GNS, use AEAD API instead!
| in_buf | the data to encrypt |
| in_buf_len | the size if the data in bytes |
| key | the key to use |
| nonce | the initialization vector to use |
| out_buf | buffer to store the result at |
Definition at line 197 of file crypto_symmetric.c.
References GNUNET_OK, GNUNET_SYSERR, key, and GNUNET_CRYPTO_XSalsa20Nonce::nonce.
Referenced by block_decrypt_eddsa().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_xsalsa20poly1305_encrypt | ( | size_t | in_buf_len, |
| const unsigned char | in_buf[in_buf_len], | ||
| const struct GNUNET_CRYPTO_XSalsa20SecretKey * | key, | ||
| const struct GNUNET_CRYPTO_XSalsa20Nonce * | nonce, | ||
| void * | out_buf | ||
| ) |
Encrypt the given data using XSalsa20-Poly1305.
Used only in GNS, use AEAD API instead!
| in_buf | the data to encrypt |
| in_buf_len | the size if the data in bytes |
| key | the key to use |
| nonce | the initialization vector to use |
| out_buf | buffer to store the result at |
Definition at line 224 of file crypto_symmetric.c.
References GNUNET_OK, GNUNET_SYSERR, key, and GNUNET_CRYPTO_XSalsa20Nonce::nonce.
Referenced by block_create_eddsa().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_aead_decrypt | ( | size_t | ct_len, |
| const unsigned char | ct[ct_len], | ||
| size_t | aad_len, | ||
| const unsigned char | aad[aad_len], | ||
| const struct GNUNET_CRYPTO_AeadSecretKey * | key, | ||
| const struct GNUNET_CRYPTO_AeadNonce * | nonce, | ||
| const struct GNUNET_CRYPTO_AeadMac * | mac, | ||
| void * | pt | ||
| ) |
Decrypt the given data using XChaCha20-Poly1305.
| ct_len | the size of ct in bytes |
| ct | the data to decrypt |
| aad_len | the size of additional data in bytes (may be 0) |
| aad | the additional data (may be NULL) |
| key | the key to use |
| nonce | the initialization vector to use |
| mac | the mac to use |
| pt | buffer to store the plaintext result at. Must be at least ct_len |
Definition at line 245 of file crypto_symmetric.c.
References GNUNET_OK, GNUNET_SYSERR, key, GNUNET_CRYPTO_AeadMac::mac, and GNUNET_CRYPTO_AeadNonce::npub.
Referenced by decaps_dv_box_cb(), decrypt_secret_message(), extract_authorization_message_key(), GNUNET_FS_ublock_decrypt_(), process_result_with_request(), read_handle_encryption_key(), read_handle_epoch_key(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_aead_encrypt | ( | size_t | pt_len, |
| const unsigned char | pt[pt_len], | ||
| size_t | aad_len, | ||
| const unsigned char | aad[aad_len], | ||
| const struct GNUNET_CRYPTO_AeadSecretKey * | key, | ||
| const struct GNUNET_CRYPTO_AeadNonce * | nonce, | ||
| void * | ct, | ||
| struct GNUNET_CRYPTO_AeadMac * | mac | ||
| ) |
Encrypt the given data using XChaCha20-Poly1305.
Use random, independent keys for each target endpoint (and direction). Use unique nonces for each message.
This schemes allows you to choose a random nonce for every encrypted message. (Background: Some schemes require unique nonces, but their nonces are too short to choose them safely randomly (i.e. they may statistically collide).
| pt_len | the size if the data in bytes |
| pt | the data to encrypt |
| aad_len | the size of additional data in bytes (may be 0) |
| aad | the additional data (may be NULL) |
| key | the key to use |
| nonce | the initialization vector to use |
| ct | buffer to store the ciphertext result at. Must be at least pt_len. |
| mac | buffer to store the mac result at |
Definition at line 274 of file crypto_symmetric.c.
References GNUNET_OK, key, GNUNET_CRYPTO_AeadMac::mac, and GNUNET_CRYPTO_AeadNonce::npub.
Referenced by create_message_authorization(), encapsulate_for_dv(), encrypt_existing_match(), encrypt_secret_message(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), store_handle_encryption_key(), store_handle_epoch_key(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().
| void GNUNET_CRYPTO_ecdsa_key_get_public | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| struct GNUNET_CRYPTO_EcdsaPublicKey * | pub | ||
| ) |
Derive key.
| result | buffer for the derived key, allocated by caller |
| out_len | desired length of the derived key |
| xts | salt |
| xts_len | length of xts |
| skm | source key material |
| skm_len | length of skm |
| ... | void * & size_t pairs for context chunks |
Extract the public key for the given private key.
| priv | the special elligator private key |
| pub | where to write the public key |
Definition at line 190 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by block_create2(), GNUNET_CRYPTO_blindable_key_get_public(), and GNUNET_CRYPTO_ecdsa_private_key_derive().
| void GNUNET_CRYPTO_eddsa_key_get_public | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| struct GNUNET_CRYPTO_EddsaPublicKey * | pub | ||
| ) |
Extract the public key for the given private key.
| priv | the private key |
| pub | where to write the public key |
Definition at line 201 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_memcpy, pk, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by block_create2(), checkvec(), create_keys(), decrypt_block_with_keyword(), do_generate_pid(), get_update_information_directory(), GNUNET_CRYPTO_blindable_key_get_public(), GNUNET_CRYPTO_eddsa_private_key_derive(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_FS_uri_loc_create(), output_vectors(), pid_change_cb(), print_key(), process_kblock_for_unindex(), run(), run(), and run().
| void GNUNET_CRYPTO_edx25519_key_get_public | ( | const struct GNUNET_CRYPTO_Edx25519PrivateKey * | priv, |
| struct GNUNET_CRYPTO_Edx25519PublicKey * | pub | ||
| ) |
Extract the public key for the given private key.
| priv | the private key |
| pub | where to write the public key |
Definition at line 77 of file crypto_edx25519.c.
References GNUNET_CRYPTO_Edx25519PrivateKey::a, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by GNUNET_CRYPTO_edx25519_private_key_derive(), and output_vectors().
| void GNUNET_CRYPTO_ecdhe_key_get_public | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| struct GNUNET_CRYPTO_EcdhePublicKey * | pub | ||
| ) |
Extract the public key for the given private key.
| priv | the private key |
| pub | where to write the public key |
Definition at line 217 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by cont_GCT_handle_kx_auth(), create_message_announcement(), create_message_appeal(), GCT_send(), GNUNET_CRYPTO_hpke_kem_encaps_norand(), GNUNET_CRYPTO_hpke_sk_get_public(), output_vectors(), print_examples_ecdh(), send_initiator_hello(), send_kx(), and send_kx_auth().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file | ( | const char * | filename, |
| int | do_create, | ||
| struct GNUNET_CRYPTO_EddsaPrivateKey * | pkey | ||
| ) |
Create a new private key by reading it from a file.
If the files does not exist and do_create is set, creates a new key and write it to the file.
If the contents of the file are invalid, an error is returned.
| filename | name of file to use to store the key | |
| do_create | should a file be created? | |
| [out] | pkey | set to the private key from filename on success |
If the files does not exist and do_create is set, creates a new key and write it to the file.
If the contents of the file are invalid, an error is returned.
| filename | name of file to use to store the key | |
| do_create | should a file be created? | |
| [out] | pkey | set to the private key from filename on success |
Definition at line 145 of file crypto_ecc_setup.c.
References filename, GNUNET_CRYPTO_eddsa_key_create(), GNUNET_DISK_fn_write(), GNUNET_DISK_PERM_USER_READ, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, pkey, read_from_file(), and ret.
Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_PILS_create_key_ring(), load_ikm(), and run().
| struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration | ( | const struct GNUNET_CONFIGURATION_Handle * | cfg | ) |
Create a new private key by reading our peer's key from the file specified in the configuration.
| cfg | the configuration to use |
| cfg | the configuration to use |
Definition at line 195 of file crypto_ecc_setup.c.
References cfg, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_from_file(), GNUNET_free, GNUNET_new, GNUNET_OK, GNUNET_SYSERR, and GNUNET_YES.
Referenced by GNUNET_CRYPTO_blinded_key_sign_by_peer_identity(), GNUNET_CRYPTO_get_peer_identity(), and run().
| void GNUNET_CRYPTO_ecdsa_key_create | ( | struct GNUNET_CRYPTO_EcdsaPrivateKey * | pk | ) |
Create a new private key.
| [out] | pk | private key to initialize |
Definition at line 464 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_random_block(), and pk.
Referenced by private_key_create(), and run_pkey().
| void GNUNET_CRYPTO_eddsa_key_create | ( | struct GNUNET_CRYPTO_EddsaPrivateKey * | pk | ) |
Create a new private key.
| [out] | pk | private key to initialize |
Definition at line 478 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_random_block(), and pk.
Referenced by create_keys(), GNUNET_CRYPTO_eddsa_key_from_file(), output_vectors(), private_key_create(), and run_edkey().
| void GNUNET_CRYPTO_edx25519_key_create | ( | struct GNUNET_CRYPTO_Edx25519PrivateKey * | pk | ) |
Create a new private key.
| [out] | pk | private key to initialize |
Definition at line 64 of file crypto_edx25519.c.
References GNUNET_CRYPTO_edx25519_key_create_from_seed(), GNUNET_CRYPTO_random_block(), pk, and seed.
Referenced by output_vectors().
| void GNUNET_CRYPTO_edx25519_key_create_from_seed | ( | const void * | seed, |
| size_t | seedsize, | ||
| struct GNUNET_CRYPTO_Edx25519PrivateKey * | pk | ||
| ) |
Create a new private key for Edx25519 from a given seed.
After expanding the seed, the first half of the key will be clamped according to EdDSA.
| seed | seed input | |
| seedsize | size of the seed in bytes | |
| [out] | pk | private key to initialize |
Definition at line 44 of file crypto_edx25519.c.
References GNUNET_CRYPTO_hash(), GNUNET_static_assert, pk, and seed.
Referenced by GNUNET_CRYPTO_edx25519_key_create().
| void GNUNET_CRYPTO_ecdhe_key_create | ( | struct GNUNET_CRYPTO_EcdhePrivateKey * | pk | ) |
Create a new private key.
Clear with GNUNET_CRYPTO_ecdhe_key_clear(). This is X25519 DH (RFC 7748 Section 5) and corresponds to X25519(a,9). See GNUNET_CRYPTO_ecc_ecdh for the DH function.
| [out] | pk | set to fresh private key; |
Definition at line 454 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_random_block(), and pk.
Referenced by GCT_create_tunnel(), get_epoch_private_key(), GNUNET_CRYPTO_hpke_kem_encaps(), GNUNET_CRYPTO_hpke_sender_setup(), new_ephemeral(), output_vectors(), print_examples_ecdh(), and send_initiator_hello().
| void GNUNET_CRYPTO_eddsa_key_clear | ( | struct GNUNET_CRYPTO_EddsaPrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 447 of file crypto_ecc.c.
References buffer_clear(), and pk.
Referenced by GNUNET_CRYPTO_blinded_key_sign_by_peer_identity(), GNUNET_CRYPTO_private_key_clear(), and shutdown_task().
| void GNUNET_CRYPTO_ecdsa_key_clear | ( | struct GNUNET_CRYPTO_EcdsaPrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 440 of file crypto_ecc.c.
References buffer_clear(), and pk.
Referenced by GNUNET_CRYPTO_private_key_clear().
| void GNUNET_CRYPTO_edx25519_key_clear | ( | struct GNUNET_CRYPTO_Edx25519PrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 37 of file crypto_edx25519.c.
References pk.
| void GNUNET_CRYPTO_ecdhe_key_clear | ( | struct GNUNET_CRYPTO_EcdhePrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 433 of file crypto_ecc.c.
References buffer_clear(), and pk.
Referenced by cleanup_ax(), and GNUNET_CRYPTO_hpke_sk_clear().
| void GNUNET_CRYPTO_private_key_clear | ( | struct GNUNET_CRYPTO_BlindablePrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 49 of file crypto_pkey.c.
References GNUNET_break, GNUNET_CRYPTO_ecdsa_key_clear(), GNUNET_CRYPTO_eddsa_key_clear(), GNUNET_PUBLIC_KEY_TYPE_ECDSA, GNUNET_PUBLIC_KEY_TYPE_EDDSA, and key.
Referenced by dequeue_message_from_room(), and GNUNET_MESSENGER_set_key().
| const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_get_anonymous | ( | void | ) |
Get the shared private key we use for anonymous users.
'anonymous' pseudonym (global static, d=1, public key = G (generator).
Definition at line 497 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.
| const struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_get_anonymous | ( | ) |
Get the shared private key we use for anonymous users.
'anonymous' pseudonym (global static, d=1, public key = G (generator).
Definition at line 521 of file crypto_ecc.c.
References GNUNET_CRYPTO_EddsaPrivateKey::d, and once.
Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().
| void GNUNET_CRYPTO_eddsa_setup_hostkey | ( | const char * | cfg_name | ) |
Setup a hostkey file for a peer given the name of the configuration file (!).
This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).
| cfg_name | name of the configuration file to use |
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_get_peer_identity | ( | const struct GNUNET_CONFIGURATION_Handle * | cfg, |
| struct GNUNET_PeerIdentity * | dst | ||
| ) |
Retrieve the identity of the host's peer.
| cfg | configuration to use |
| dst | pointer to where to write the peer identity |
Definition at line 222 of file crypto_ecc_setup.c.
References _, cfg, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, and GNUNET_PeerIdentity::public_key.
Referenced by DHTU_ip_init(), get_result_iterator(), GNUNET_CONVERSATION_phone_create(), run(), run(), run(), and run().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_blinded_key_sign_by_peer_identity | ( | const struct GNUNET_CONFIGURATION_Handle * | cfg, |
| const struct GNUNET_CRYPTO_SignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_EddsaSignature * | sig | ||
| ) |
Sign a given block with a specific purpose using the host's peer identity.
| cfg | configuration to use |
| purpose | what to sign (size, purpose) |
| sig | where to write the signature |
Definition at line 241 of file crypto_ecc_setup.c.
References _, cfg, GNUNET_CRYPTO_eddsa_key_clear(), GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_sign_(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_SYSERR, and result.
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_verify_peer_identity | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_SignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_EddsaSignature * | sig, | ||
| const struct GNUNET_PeerIdentity * | identity | ||
| ) |
Verify a given signature with a peer's identity.
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| identity | the peer's identity to verify |
Definition at line 268 of file crypto_ecc_setup.c.
References GNUNET_CRYPTO_eddsa_verify_(), and identity.
Referenced by verify_message_by_peer().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a public and a private ECC key.
This is X25519 DH (RFC 7748 Section 5) and corresponds to H(X25519(b,X25519(a,9))) where b := priv, pub := X25519(a,9), and a := GNUNET_CRYPTO_ecdhe_key_create().
| priv | private key to use for the ECDH (x) |
| pub | public key to use for the ECDH (yG) |
| key_material | where to write the key material (xyG) |
Definition at line 752 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by checkvec(), output_vectors(), print_examples_ecdh(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a ECDH public key and a private EdDSA key.
Dual to #GNUNET_CRRYPTO_ecdh_eddsa. This uses the Ed25519 private seed as X25519 seed. As such, this also is a X25519 DH (see GNUNET_CRYPTO_ecc_ecdh). NOTE: Whenever you can get away with it, use separate key pairs for signing and encryption (DH)!
| priv | private key from EdDSA to use for the ECDH (x) |
| pub | public key to use for the ECDH (yG) |
| key_material | where to write the key material H(h(x)yG) |
Definition at line 765 of file crypto_ecc.c.
References GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by handle_ecdh().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_x25519_ecdh | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | sk, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pk, | ||
| struct GNUNET_CRYPTO_EcdhePublicKey * | dh | ||
| ) |
Derive key material from a ECDH public key and a private X25519 key.
Dual to #GNUNET_CRRYPTO_ecdh_x25519. NOTE: Whenever you can get away with it, use separate key pairs for signing and encryption (DH)!
| sk | private key from X25519 to use for the ECDH (x) |
| pk | public key to use for the ECDH (yG) |
| additional_data | this is fed into HKDF-Extract along with the ECDH shared secret |
| ad_len | Length of the additional data |
| dh | the DH shared secret (NOTE: Derive key from this before use!) |
Definition at line 787 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_OK, GNUNET_SYSERR, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, and GNUNET_CRYPTO_EcdhePublicKey::q_y.
Referenced by GNUNET_CRYPTO_hpke_elligator_kem_decaps(), and GNUNET_CRYPTO_hpke_kem_decaps().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_kem_decaps | ( | const struct GNUNET_CRYPTO_HpkePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | prk | ||
| ) |
Decapsulate a key for a private X25519 key.
Dual to GNUNET_CRYPTO_hpke_kem_encaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| priv | private key from X25519 to use for the ECDH (x) |
| c | the encapsulated key |
| prk | where to write the key material |
Definition at line 262 of file crypto_hpke.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_HpkePrivateKey::ecdhe_key, GNUNET_CRYPTO_HpkePublicKey::ecdhe_key, GNUNET_CRYPTO_HPKE_KEM_SUITE_ID, GNUNET_CRYPTO_hpke_labeled_extract_and_expand(), GNUNET_CRYPTO_x25519_ecdh(), GNUNET_OK, and GNUNET_SYSERR.
Referenced by GNUNET_CRYPTO_eddsa_kem_decaps(), GNUNET_CRYPTO_hpke_receiver_setup2(), and handle_responder_hello().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_kem_encaps | ( | const struct GNUNET_CRYPTO_HpkePublicKey * | pkR, |
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | prk | ||
| ) |
Encapsulate key material for a X25519 public key.
Dual to GNUNET_CRYPTO_hpke_kem_decaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| pkR | public key of receiver |
| c | public key from X25519 to use for the ECDH (X=h(x)G) |
| prk | where to write the key material |
Definition at line 232 of file crypto_hpke.c.
References GNUNET_CRYPTO_HpkePrivateKey::ecdhe_key, GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_hpke_kem_encaps_norand(), and pub.
Referenced by GNUNET_CRYPTO_eddsa_kem_encaps(), and send_responder_hello().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_kem_encaps_norand | ( | const struct GNUNET_CRYPTO_HpkePublicKey * | pkR, |
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| const struct GNUNET_CRYPTO_HpkePrivateKey * | skE, | ||
| struct GNUNET_ShortHashCode * | prk | ||
| ) |
Deterministic variant of GNUNET_CRYPTO_hpke_kem_encaps.
Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| pkR | public key of receiver |
| c | public key from X25519 to use for the ECDH (X=h(x)G) |
| skE | ephemeral private key from X25519 to use |
| prk | where to write the key material |
Definition at line 211 of file crypto_hpke.c.
References GNUNET_CRYPTO_HpkePrivateKey::ecdhe_key, enc, GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_HPKE_KEM_SUITE_ID, GNUNET_memcpy, kem_encaps_norand(), and GNUNET_CRYPTO_EcdhePublicKey::q_y.
Referenced by GNUNET_CRYPTO_hpke_kem_encaps(), and GNUNET_CRYPTO_hpke_sender_setup2().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand | ( | uint8_t | random_tweak, |
| const struct GNUNET_CRYPTO_HpkePublicKey * | pkR, | ||
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey * | skE, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Carries out ecdh encapsulation with given public key and the private key from a freshly created ephemeral key pair.
Following the terminology in https://eprint.iacr.org/2021/509.pdf. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| random_tweak | random 8-bit value used as seed |
| pkR | public key of receiver |
| c | representative of ephemeral public key A to use for the ECDH (direct_map(r)=A=aG) |
| skE | special elligator ephemeral private key from X25519 to use |
| shared_secret | where to write the key material HKDF-Extract(r||aX)=HKDF-Extract(r||x(aG)) |
Definition at line 318 of file crypto_hpke.c.
References GNUNET_CRYPTO_HpkePrivateKey::ecdhe_key, GNUNET_CRYPTO_HpkePublicKey::ecdhe_key, GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand(), GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID, GNUNET_memcpy, and kem_encaps_norand().
Referenced by GNUNET_CRYPTO_hpke_elligator_kem_encaps(), GNUNET_CRYPTO_hpke_sender_setup2(), and main().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_kem_encaps | ( | const struct GNUNET_CRYPTO_HpkePublicKey * | pkR, |
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Carries out ecdh encapsulation with given public key and the private key from a freshly created ephemeral key pair.
Following the terminology in https://eprint.iacr.org/2021/509.pdf. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| pkR | Receiver public key (X) |
| c | representative of ephemeral public key A to use for the ECDH (direct_map(r)=A=aG) |
| shared_secret | where to write the key material HKDF-Extract(r||aX)=HKDF-Extract(r||x(aG)) |
Definition at line 348 of file crypto_hpke.c.
References GNUNET_CRYPTO_ecdhe_elligator_key_create(), GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand(), and GNUNET_CRYPTO_random_block().
Referenced by setup_initial_shared_secret_ephemeral(), start_initial_kx_out(), and start_initial_kx_out().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hpke_elligator_kem_decaps | ( | const struct GNUNET_CRYPTO_HpkePrivateKey * | skR, |
| const struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | shared_secret | ||
| ) |
Carries out ecdh decapsulation with own private key and the representative of the received public key.
Following the terminology in https://eprint.iacr.org/2021/509.pdf. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| skR | sender private key (x) |
| r | received representative r, from which we can obtain the public key A (direct_map(r)=A=aG) |
| shared_secret | where to write the key material HKDF-Extract(r||aX)=HKDF-Extract(r||x(aG)) |
Definition at line 368 of file crypto_hpke.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_HpkePrivateKey::ecdhe_key, GNUNET_CRYPTO_HpkePublicKey::ecdhe_key, GNUNET_assert, GNUNET_CRYPTO_ecdhe_elligator_decoding(), GNUNET_CRYPTO_HPKE_KEM_ELLIGATOR_SUITE_ID, GNUNET_CRYPTO_hpke_labeled_extract_and_expand(), GNUNET_CRYPTO_x25519_ecdh(), GNUNET_OK, and GNUNET_CRYPTO_ElligatorRepresentative::r.
Referenced by GNUNET_CRYPTO_hpke_receiver_setup2(), setup_in_cipher_elligator(), setup_in_cipher_elligator(), and setup_initial_shared_secret_dec().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_decaps | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | prk | ||
| ) |
Decapsulate a key for a private EdDSA key.
Dual to #GNUNET_CRRYPTO_eddsa_kem_encaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| priv | private key from EdDSA to use for the ECDH (x) |
| c | the encapsulated key |
| prk | where to write the key material HKDF-Extract(c||aX)=HKDF-Extract(c||x(aG)) |
Definition at line 301 of file crypto_hpke.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_CRYPTO_HpkePrivateKey::ecdhe_key, GNUNET_CRYPTO_hpke_kem_decaps(), and GNUNET_SYSERR.
Referenced by handle_decaps(), setup_in_cipher(), setup_in_cipher(), and setup_shared_secret_dec().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_encaps | ( | const struct GNUNET_CRYPTO_EddsaPublicKey * | pub, |
| struct GNUNET_CRYPTO_HpkeEncapsulation * | c, | ||
| struct GNUNET_ShortHashCode * | prk | ||
| ) |
Encapsulate key material for a EdDSA public key.
Dual to #GNUNET_CRRYPTO_eddsa_kem_decaps. Use GNUNET_CRYPTO_hkdf_expand to derive further context-specific keys from the key material.
| pub | public key from EdDSA to use for the ECDH (X=h(x)G) |
| c | encapsulation of prk |
| prk | where to write the key material HKDF-Extract(c||aX)=HKDF-Extract(c||x(aG)) |
Definition at line 246 of file crypto_hpke.c.
References GNUNET_CRYPTO_HpkePublicKey::ecdhe_key, GNUNET_CRYPTO_hpke_kem_encaps(), GNUNET_SYSERR, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, and GNUNET_CRYPTO_EcdhePublicKey::q_y.
Referenced by encapsulate_for_dv(), inject_rekey(), inject_rekey(), send_initiator_hello(), send_responder_hello(), and setup_shared_secret_ephemeral().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
HPKE END.
Derive key material from a ECDH public key and a private ECDSA key. Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.
| priv | private key from ECDSA to use for the ECDH (x) |
| pub | public key to use for the ECDH (yG) |
| key_material | where to write the key material H(h(x)yG) |
Definition at line 825 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EddsaPublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a EdDSA public key and a private ECDH key.
Dual to #GNUNET_CRRYPTO_eddsa_ecdh. This converts the Edwards25519 public key pub to a Curve25519 public key before computing a X25519 DH (see GNUNET_CRYPTO_ecc_ecdh). The resulting X25519 secret is then derived to a key using SHA-512. NOTE: Whenever you can get away with it, use separate key pairs for signing and encryption (DH)!
| priv | private key to use for the ECDH (y) |
| pub | public key from EdDSA to use for the ECDH (X=h(x)G) |
| key_material | where to write the key material H(yX)=H(h(x)yG) |
Definition at line 843 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by checkvec(), output_vectors(), and update_ax_by_kx().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_x25519 | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_CRYPTO_EcdhePublicKey * | dh | ||
| ) |
Derive key material from a EdDSA public key and a private ECDH key.
Dual to #GNUNET_CRRYPTO_x25519_ecdh. NOTE: Whenever you can get away with it, use separate key pairs for signing and encryption (DH)!
| priv | private key to use for the ECDH (y) |
| pub | public key from EdDSA to use for the ECDH (X=h(x)G) |
| dh | the DH shared secret (NOTE: Derive key from this before use!) |
Definition at line 803 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_ERROR_TYPE_ERROR, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, pk, and GNUNET_CRYPTO_EcdhePublicKey::q_y.
Referenced by kem_encaps_norand().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdsaPublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a EcDSA public key and a private ECDH key.
Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.
| priv | private key to use for the ECDH (y) |
| pub | public key from ECDSA to use for the ECDH (X=h(x)G) |
| key_material | where to write the key material H(yX)=H(h(x)yG) |
Definition at line 860 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_SignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_EddsaSignature * | sig | ||
| ) |
EdDSA sign a given block.
The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_eddsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).
| priv | private key to use for the signing | |
| purpose | what to sign (size, purpose) | |
| [out] | sig | where to write the signature |
Definition at line 645 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_OK, GNUNET_SYSERR, pk, res, and GNUNET_CRYPTO_SignaturePurpose::size.
Referenced by do_generate_pid(), GNUNET_CRYPTO_blinded_key_sign_(), GNUNET_CRYPTO_blinded_key_sign_by_peer_identity(), GNUNET_CRYPTO_blinded_key_sign_raw_(), handle_sign(), insert_decrypt_element(), insert_round1_element(), and insert_round2_element().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_SignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_EcdsaSignature * | sig | ||
| ) |
ECDSA Sign a given block.
The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).
| priv | private key to use for the signing | |
| purpose | what to sign (size, purpose) | |
| [out] | sig | where to write the signature |
Definition at line 574 of file crypto_ecc.c.
References _, BENCHMARK_END, BENCHMARK_START, data, data_to_ecdsa_value(), decode_private_ecdsa_key(), GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_WARNING, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), LOG, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.
Referenced by GNUNET_CRYPTO_blinded_key_sign_(), GNUNET_CRYPTO_blinded_key_sign_raw_(), and GNUNET_CRYPTO_ecdsa_sign_derived().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_sign_ | ( | const struct GNUNET_CRYPTO_Edx25519PrivateKey * | priv, |
| const struct GNUNET_CRYPTO_SignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_Edx25519Signature * | sig | ||
| ) |
Edx25519 sign a given block.
The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_edx25519_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).
| priv | private key to use for the signing | |
| purpose | what to sign (size, purpose) | |
| [out] | sig | where to write the signature |
Edx25519 sign a given block.
But instead of expanding a private seed (which is usually the case for crypto APIs) and using the resulting scalars, it takes the scalars directly from Edx25519PrivateKey. We require this functionality in order to use derived private keys for signatures.
The resulting signature is a standard EdDSA signature which can be verified using the usual APIs.
| priv | the private key (containing two scalars .a and .b) |
| purp | the signature purpose |
| sig | the resulting signature |
Calculate the public key P from the private scalar in the key.
Calculate r: r = SHA512 (b ∥ M) where M is our message (purpose).
Temporarily put P into S
Reduce the scalar value r
Calculate R := r * G of the signature
Calculate hram := SHA512 (R ∥ P ∥ M)
Reduce the resulting scalar value
Calculate S := r + hram * s mod L
Definition at line 101 of file crypto_edx25519.c.
References GNUNET_CRYPTO_Edx25519PrivateKey::a, GNUNET_CRYPTO_Edx25519PrivateKey::b, GNUNET_OK, GNUNET_CRYPTO_Edx25519Signature::r, GNUNET_CRYPTO_Edx25519Signature::s, and GNUNET_CRYPTO_SignaturePurpose::size.
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_ | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_SignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_EddsaSignature * | sig, | ||
| const struct GNUNET_CRYPTO_EddsaPublicKey * | pub | ||
| ) |
Verify EdDSA signature.
The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| pub | public key of the signer |
Definition at line 728 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_OK, GNUNET_SYSERR, m, pub, GNUNET_CRYPTO_SignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, res, and GNUNET_CRYPTO_SignaturePurpose::size.
Referenced by block_plugin_dns_check_block(), block_plugin_fs_check_block(), block_plugin_regex_check_block(), GNUNET_CRYPTO_blinded_key_signature_verify_(), GNUNET_CRYPTO_blinded_key_signature_verify_raw_(), GNUNET_CRYPTO_verify_peer_identity(), GNUNET_GNSRECORD_block_verify(), keygen_round1_new_element(), keygen_round2_new_element(), and verify_message_crypto().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_ | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_SignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_EcdsaSignature * | sig, | ||
| const struct GNUNET_CRYPTO_EcdsaPublicKey * | pub | ||
| ) |
Verify ECDSA signature.
The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| pub | public key of the signer |
Definition at line 669 of file crypto_ecc.c.
References _, BENCHMARK_END, BENCHMARK_START, CURVE, data, data_to_ecdsa_value(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_OK, GNUNET_SYSERR, LOG, LOG_GCRY, pub, GNUNET_CRYPTO_SignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.
Referenced by GNUNET_CRYPTO_blinded_key_signature_verify_(), GNUNET_CRYPTO_blinded_key_signature_verify_raw_(), and GNUNET_GNSRECORD_block_verify().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_verify_ | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_SignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_Edx25519Signature * | sig, | ||
| const struct GNUNET_CRYPTO_Edx25519PublicKey * | pub | ||
| ) |
Verify Edx25519 signature.
The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_edx25519_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| pub | public key of the signer |
Definition at line 184 of file crypto_edx25519.c.
References GNUNET_OK, GNUNET_SYSERR, m, pub, GNUNET_CRYPTO_SignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, res, and GNUNET_CRYPTO_SignaturePurpose::size.
| struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_private_key_derive | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| const char * | label, | ||
| const char * | context | ||
| ) |
Derive a private key from a given private key and a label.
Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.
| priv | original private key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'; typically the name of the subsystem/application |
"The result of the HKDF must be clamped and interpreted in network byte order. " – RFC 9498 We need to convert for libsodium
hc_le now contains the scalar h. The private scalar a is sk[0:31] We calculate: d' := h * a mod L
Definition at line 200 of file crypto_ecc_gnsrecord.c.
References context, GNUNET_CRYPTO_EcdsaPrivateKey::d, derive_h(), GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_new, h, pub, and ret.
Referenced by GNUNET_CRYPTO_ecdsa_sign_derived(), and run_pkey().
| void GNUNET_CRYPTO_ecdsa_public_key_derive | ( | const struct GNUNET_CRYPTO_EcdsaPublicKey * | pub, |
| const char * | label, | ||
| const char * | context, | ||
| struct GNUNET_CRYPTO_EcdsaPublicKey * | result | ||
| ) |
Derive a public key from a given public key and a label.
Essentially calculates a public key 'V = H(l,P) * P'.
| pub | original public key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'. typically the name of the subsystem/application |
| result | where to write the derived public key |
"The result of the HKDF must be clamped and interpreted in network byte order. " – RFC 9498 We need to convert for libsodium
We calculate: Q := h * P mod L
Definition at line 238 of file crypto_ecc_gnsrecord.c.
References context, derive_h(), GNUNET_assert, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.
Referenced by block_sign_ecdsa(), GNUNET_GNSRECORD_query_from_public_key(), and run_pkey().
| void GNUNET_CRYPTO_eddsa_private_key_derive | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const char * | label, | ||
| const char * | context, | ||
| struct GNUNET_CRYPTO_EddsaPrivateScalar * | result | ||
| ) |
Derive a private scalar from a given private key and a label.
Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'. The result is the derived private scalar, not the private key as for EdDSA we cannot derive before we hash the private key.
| priv | original private key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'; typically the name of the subsystem/application |
| result | derived private scalar |
This is the standard private key expansion in Ed25519. The first 32 octets are used as a little-endian private scalar. We derive this scalar using our "h".
Get h mod L
"The result of the HKDF must be clamped and interpreted in network byte order. " – RFC 9498 We need to convert for libsodium
h_le now contains the scalar h. The private scalar a is sk[0:31] We calculate: d' := h * a mod L
We hash the derived "h" parameter with the other half of the expanded private key. This ensures that for signature generation, the "R" is derived from the same derivation path as "h" and is not reused.
Definition at line 273 of file crypto_ecc_gnsrecord.c.
References context, d, GNUNET_CRYPTO_EddsaPrivateKey::d, derive_h(), GNUNET_CRYPTO_eddsa_key_get_public(), h, pub, and result.
Referenced by GNUNET_CRYPTO_eddsa_sign_derived(), GNUNET_FS_publish_ublock_(), and run_edkey().
| void GNUNET_CRYPTO_eddsa_public_key_derive | ( | const struct GNUNET_CRYPTO_EddsaPublicKey * | pub, |
| const char * | label, | ||
| const char * | context, | ||
| struct GNUNET_CRYPTO_EddsaPublicKey * | result | ||
| ) |
Derive a public key from a given public key and a label.
Essentially calculates a public key 'V = H(l,P) * P'.
| pub | original public key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'. typically the name of the subsystem/application |
| result | where to write the derived public key |
"The result of the HKDF must be clamped and interpreted in network byte order. " – RFC 9498 We need to convert for libsodium
h_le now contains the scalar h. We calculate: Q := h * P mod L
Definition at line 343 of file crypto_ecc_gnsrecord.c.
References context, derive_h(), GNUNET_assert, h, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.
Referenced by block_sign_eddsa(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_query_from_public_key(), run_edkey(), and schedule_transmit_search_request().
| void GNUNET_CRYPTO_edx25519_private_key_derive | ( | const struct GNUNET_CRYPTO_Edx25519PrivateKey * | priv, |
| const void * | seed, | ||
| size_t | seedsize, | ||
| struct GNUNET_CRYPTO_Edx25519PrivateKey * | result | ||
| ) |
Derive a private scalar from a given private key and a label.
Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.
| priv | original private key |
| seed | input seed |
| seedsize | size of the seed |
| result | derived private key |
dc now contains the private scalar "a". We carefully remove the clamping and derive a'. Calculate: a1 := a / 8 a2 := h * a1 mod n a' := a2 * 8 mod n
Definition at line 242 of file crypto_edx25519.c.
References GNUNET_CRYPTO_Edx25519PrivateKey::a, GNUNET_CRYPTO_Edx25519PrivateKey::b, derive_h(), GNUNET_assert, GNUNET_CRYPTO_edx25519_key_get_public(), GNUNET_CRYPTO_hash_context_finish(), GNUNET_CRYPTO_hash_context_read(), GNUNET_CRYPTO_hash_context_start(), h, pub, result, seed, and zero.
Referenced by output_vectors().
| void GNUNET_CRYPTO_edx25519_public_key_derive | ( | const struct GNUNET_CRYPTO_Edx25519PublicKey * | pub, |
| const void * | seed, | ||
| size_t | seedsize, | ||
| struct GNUNET_CRYPTO_Edx25519PublicKey * | result | ||
| ) |
Derive a public key from a given public key and a label.
Essentially calculates a public key 'V = H(l,P) * P'.
| pub | original public key |
| seed | input seed |
| seedsize | size of the seed |
| result | where to write the derived public key |
Definition at line 336 of file crypto_edx25519.c.
References derive_h(), GNUNET_assert, h, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, result, and seed.
Referenced by output_vectors().
| void GNUNET_CRYPTO_ecdhe_elligator_decoding | ( | struct GNUNET_CRYPTO_EcdhePublicKey * | point, |
| bool * | high_y, | ||
| const struct GNUNET_CRYPTO_ElligatorRepresentative * | representative | ||
| ) |
Clears the most significant bit and second most significant bit of the serialized representaive before applying elligator direct map.
| representative | serialized elligator representative of an element of Curves25519's finite field |
| point | destination for the calculated point on the curve |
| high_y | bool pointed to will be set to 'true' if corresponding y-coordinate is > 2 ^ 254 - 10, otherwise 0. Can be set to NULL if not needed. |
Definition at line 508 of file crypto_elligator.c.
References elligator_direct_map(), GNUNET_CRYPTO_EcdhePublicKey::q_y, and GNUNET_CRYPTO_ElligatorRepresentative::r.
Referenced by GNUNET_CRYPTO_hpke_elligator_kem_decaps().
| bool GNUNET_CRYPTO_ecdhe_elligator_encoding | ( | uint8_t | random_tweak, |
| struct GNUNET_CRYPTO_ElligatorRepresentative * | r, | ||
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub | ||
| ) |
Encodes a point on Curve25519 to a an element of the underlying finite field.
This transformation is deterministic.
| random_tweak | random 8-bit value used as seed |
| r | storage for the calculated representative |
| pub | a point on the curve |
Definition at line 359 of file crypto_elligator.c.
References A, decode_bytes(), encode_bytes(), inverted_u, least_square_root(), negative_2, p, P_BITS, P_LIMBS, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, GNUNET_CRYPTO_ElligatorRepresentative::r, result, and scratch_space_length.
Referenced by GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand | ( | uint8_t | random_tweak, |
| const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey * | sk, | ||
| struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_CRYPTO_ElligatorRepresentative * | repr | ||
| ) |
Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point.
Following Method 1 in description https://elligator.org/key-exchange section Step 2: Generate a “special” public key.
| random_tweak | random 8-bit value used as seed |
| sk | private key for generating valid public key |
| pub | valid public key for elligator inverse map |
| repr | storage for a calculated representative |
Definition at line 639 of file crypto_elligator.c.
References elligator_generate_public_key(), GNUNET_CRYPTO_ecdhe_elligator_encoding(), GNUNET_OK, GNUNET_SYSERR, pk, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by GNUNET_CRYPTO_ecdhe_elligator_key_get_public(), GNUNET_CRYPTO_hpke_elligator_kem_encaps_norand(), and main().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdhe_elligator_key_get_public | ( | const struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey * | sk, |
| struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_CRYPTO_ElligatorRepresentative * | repr | ||
| ) |
Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point.
Following Method 1 in description https://elligator.org/key-exchange section Step 2: Generate a “special” public key.
| sk | private key for generating valid public key |
| pub | valid public key for elligator inverse map |
| repr | storage for a calculated representative |
Definition at line 662 of file crypto_elligator.c.
References GNUNET_CRYPTO_ecdhe_elligator_key_get_public_norand(), GNUNET_CRYPTO_random_block(), and pk.
Referenced by GNUNET_CRYPTO_ecdhe_elligator_key_create().
| void GNUNET_CRYPTO_ecdhe_elligator_key_create | ( | struct GNUNET_CRYPTO_ElligatorEcdhePrivateKey * | sk | ) |
Generates a private key for Curve25519.
| sk | Curve25519 private key |
Definition at line 679 of file crypto_elligator.c.
References GNUNET_CRYPTO_ecdhe_elligator_key_get_public(), GNUNET_CRYPTO_random_block(), GNUNET_OK, and pk.
Referenced by GNUNET_CRYPTO_hpke_elligator_kem_encaps().
1.9.8