GNUnet  0.11.x
Enumerations | Enumerator | Functions
Crypto library: cryptographic operations

Provides cryptographic primitives. More...

Enumerations

enum  GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_NONCE }
 Desired quality level for random numbers. More...
 

Functions

void GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 Seed a weak random generator. More...
 
void GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
 Zero out buffer, securely against compiler optimizations. More...
 
void GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
 Fill block with a random values. More...
 
uint32_t GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
 Produce a random value. More...
 
uint64_t GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 Random on unsigned 64-bit values. More...
 
unsigned int * GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
 Get an array with a random permutation of the numbers 0...n-1. More...
 
void GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
 Create a new random session key. More...
 
ssize_t GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Encrypt a block using a symmetric sessionkey. More...
 
ssize_t GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Decrypt a given block using a symmetric sessionkey. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
 Derive an IV. More...
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 Create a new private key by reading our peer's key from the file specified in the configuration. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_create (void)
 Create a new private key. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create (void)
 Create a new private key. More...
 
int GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key. More...
 
struct GNUNET_CRYPTO_EcdhePrivateKeyGNUNET_CRYPTO_ecdhe_key_create (void)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
 Get the shared private key we use for anonymous users. More...
 
void GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
 Setup a hostkey file for a peer given the name of the configuration file (!). More...
 
int GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
 Retrieve the identity of the host's peer. More...
 
int GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key. More...
 
int GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key. More...
 
int GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private ECDSA key. More...
 
int GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key. More...
 
int GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key. More...
 
int GNUNET_CRYPTO_eddsa_sign (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block. More...
 
int GNUNET_CRYPTO_ecdsa_sign (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block. More...
 
int GNUNET_CRYPTO_eddsa_verify (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature. More...
 
int GNUNET_CRYPTO_ecdsa_verify (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 

Detailed Description

Provides cryptographic primitives.

See also
Documentation

Enumeration Type Documentation

◆ GNUNET_CRYPTO_Quality

Desired quality level for random numbers.

Enumerator
GNUNET_CRYPTO_QUALITY_WEAK 

No good quality of the operation is needed (i.e., random numbers can be pseudo-random).

GNUNET_CRYPTO_QUALITY_STRONG 

High-quality operations are desired.

GNUNET_CRYPTO_QUALITY_NONCE 

Randomness for IVs etc.

is required.

Definition at line 74 of file gnunet_crypto_lib.h.

75 {
82 
88 
94 };
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.

Function Documentation

◆ GNUNET_CRYPTO_seed_weak_random()

void GNUNET_CRYPTO_seed_weak_random ( int32_t  seed)

Seed a weak random generator.

Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator can be seeded.

Parameters
seedthe seed to use

Definition at line 96 of file crypto_random.c.

Referenced by __attribute__().

97 {
98  srandom (seed);
99 }
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_zero_keys()

void GNUNET_CRYPTO_zero_keys ( void *  buffer,
size_t  length 
)

Zero out buffer, securely against compiler optimizations.

Used to delete key material.

Parameters
bufferthe buffer to zap
lengthbuffer length

Definition at line 111 of file crypto_random.c.

References p.

Referenced by dv_key_clean().

112 {
113 #if HAVE_MEMSET_S
114  memset_s (buffer, length, 0, length);
115 #elif HAVE_EXPLICIT_BZERO
116  explicit_bzero (buffer, length);
117 #else
118  volatile unsigned char *p = buffer;
119  while (length--)
120  *p++ = 0;
121 #endif
122 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_block()

void GNUNET_CRYPTO_random_block ( enum GNUNET_CRYPTO_Quality  mode,
void *  buffer,
size_t  length 
)

Fill block with a random values.

Parameters
modedesired quality of the random number
bufferthe buffer to fill
lengthbuffer length

Definition at line 134 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, and GNUNET_CRYPTO_QUALITY_WEAK.

Referenced by delayed_put(), do_pad(), encapsulate_for_dv(), GCC_create(), GNUNET_async_scope_fresh(), GNUNET_CRYPTO_ecdhe_key_create2(), GNUNET_CRYPTO_eddsa_key_create(), handle_validation_response(), prepare_pending_acknowledgement(), RPS_sampler_elem_reinit(), run(), start_address_validation(), and start_dv_learn().

137 {
138 #ifdef gcry_fast_random_poll
139  static unsigned int invokeCount;
140 #endif
141  switch (mode)
142  {
144  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
145 #ifdef gcry_fast_random_poll
146  if ((invokeCount++ % 256) == 0)
147  gcry_fast_random_poll ();
148 #endif
149  gcry_randomize (buffer, length, GCRY_STRONG_RANDOM);
150  return;
151 
153  gcry_create_nonce (buffer, length);
154  return;
155 
157  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
158 #ifdef gcry_fast_random_poll
159  if ((invokeCount++ % 256) == 0)
160  gcry_fast_random_poll ();
161 #endif
162  gcry_randomize (buffer, length, GCRY_WEAK_RANDOM);
163  return;
164 
165  default:
166  GNUNET_assert (0);
167  }
168 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_u32()

uint32_t GNUNET_CRYPTO_random_u32 ( enum GNUNET_CRYPTO_Quality  mode,
uint32_t  i 
)

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i) (exclusive).

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i[.

Definition at line 179 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and ret.

Referenced by __attribute__(), adjust_running_peers(), allocate_v4_address(), allocate_v6_address(), attempt_connect_task(), calculate_seed(), channel_new_cb(), compute_rand_delay(), compute_service_response(), daemon_started(), delay_ms_rnd(), delayed_get(), delayed_put(), download_get_url(), find_validation_entry(), GDS_NEIGHBOURS_handle_get(), gen_topo_random(), generate_indices(), generate_request_id(), get_bootstrap_server(), get_delay(), get_delay_randomization(), get_forward_count(), get_preference(), get_property(), get_random_literal(), get_random_peer_from_peermap(), get_randomized_delay(), get_request_socket(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_hash_create_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FRAGMENT_context_create(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_find_peer(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), main(), manage_service_wrapper(), ogg_init(), plan(), postgres_plugin_get_random(), queue(), reannounce_regex(), recursive_dns_resolution(), refresh_bloomfilter(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), revalidate_address(), route_control_message_without_fc(), route_via_neighbour(), run(), select_peer(), select_random_peer(), send_bloomfilter(), send_find_peer_message(), send_hello(), send_keepalive(), setup_fresh_address(), setup_fresh_ping(), setup_sockets(), should_I_drop(), sqlite_plugin_get(), sqlite_plugin_get_random(), start_dv_learn(), test_run(), transmit_request(), transmit_typemap_task(), and try_open_exit().

180 {
181 #ifdef gcry_fast_random_poll
182  static unsigned int invokeCount;
183 #endif
184  uint32_t ret;
185  uint32_t ul;
186 
187  GNUNET_assert (i > 0);
188 
189  switch (mode)
190  {
192  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
193 #ifdef gcry_fast_random_poll
194  if ((invokeCount++ % 256) == 0)
195  gcry_fast_random_poll ();
196 #endif
197  ul = UINT32_MAX - (UINT32_MAX % i);
198  do
199  {
200  gcry_randomize ((unsigned char *) &ret,
201  sizeof(uint32_t),
202  GCRY_STRONG_RANDOM);
203  }
204  while (ret >= ul);
205  return ret % i;
206 
208  ul = UINT32_MAX - (UINT32_MAX % i);
209  do
210  {
211  gcry_create_nonce (&ret, sizeof(ret));
212  }
213  while (ret >= ul);
214  return ret % i;
215 
217  ret = i * get_weak_random ();
218  if (ret >= i)
219  ret = i - 1;
220  return ret;
221 
222  default:
223  GNUNET_assert (0);
224  }
225  return 0;
226 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
static double get_weak_random()
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:83
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u64()

uint64_t GNUNET_CRYPTO_random_u64 ( enum GNUNET_CRYPTO_Quality  mode,
uint64_t  max 
)

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Definition at line 268 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and ret.

Referenced by activate_core_visible_dv_path(), add_attestation_cont(), add_attribute_cont(), attest_store_task(), attr_store_task(), calculate_fork_degree(), choose_exit(), dht_connected(), filter_tickets_finished_cb(), gen_topo_scale_free(), get_transmit_delay(), GNUNET_DHT_connect(), ifc_broadcast(), mysql_plugin_get_key(), mysql_plugin_get_replication(), mysql_plugin_put(), namestore_flat_store_records(), namestore_postgres_store_records(), namestore_sqlite_store_records(), OIDC_access_token_new(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), reference_store_task(), rvk_move_attr_cb(), sampler_get_rand_peer(), send_find_peer_message(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().

269 {
270  uint64_t ret;
271  uint64_t ul;
272 
273  GNUNET_assert (max > 0);
274  switch (mode)
275  {
277  ul = UINT64_MAX - (UINT64_MAX % max);
278  do
279  {
280  gcry_randomize ((unsigned char *) &ret,
281  sizeof(uint64_t),
282  GCRY_STRONG_RANDOM);
283  }
284  while (ret >= ul);
285  return ret % max;
286 
288  ul = UINT64_MAX - (UINT64_MAX % max);
289  do
290  {
291  gcry_create_nonce (&ret, sizeof(ret));
292  }
293  while (ret >= ul);
294 
295  return ret % max;
296 
298  ret = max * get_weak_random ();
299  if (ret >= max)
300  ret = max - 1;
301  return ret;
302 
303  default:
304  GNUNET_assert (0);
305  }
306  return 0;
307 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
static double get_weak_random()
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:83
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_permute()

unsigned int* GNUNET_CRYPTO_random_permute ( enum GNUNET_CRYPTO_Quality  mode,
unsigned int  n 
)

Get an array with a random permutation of the numbers 0...n-1.

Parameters
modeGNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used, GNUNET_CRYPTO_QUALITY_WEAK or GNUNET_CRYPTO_QUALITY_NONCE otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)
Parameters
mode#GNUNET_RANDOM_QUALITY_STRONG if the strong (but expensive) PRNG should be used, #GNUNET_RANDOM_QUALITY_WEAK otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)

Definition at line 238 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, and ret.

Referenced by churn(), compute_service_response(), and do_round().

239 {
240  unsigned int *ret;
241  unsigned int i;
242  unsigned int tmp;
243  uint32_t x;
244 
245  GNUNET_assert (n > 0);
246  ret = GNUNET_malloc (n * sizeof(unsigned int));
247  for (i = 0; i < n; i++)
248  ret[i] = i;
249  for (i = n - 1; i > 0; i--)
250  {
251  x = GNUNET_CRYPTO_random_u32 (mode, i + 1);
252  tmp = ret[x];
253  ret[x] = ret[i];
254  ret[i] = tmp;
255  }
256  return ret;
257 }
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random unsigned 32-bit number modulo i.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_create_session_key()

void GNUNET_CRYPTO_symmetric_create_session_key ( struct GNUNET_CRYPTO_SymmetricSessionKey key)

Create a new random session key.

Parameters
keykey to initialize

Create a new random session key.

Parameters
keysession key to initialize

Definition at line 41 of file crypto_symmetric.c.

References GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GNUNET_CRYPTO_AES_KEY_LENGTH, and GNUNET_CRYPTO_SymmetricSessionKey::twofish_key.

44 {
45  gcry_randomize (key->aes_key,
47  GCRY_STRONG_RANDOM);
48  gcry_randomize (key->twofish_key,
50  GCRY_STRONG_RANDOM);
51 }
unsigned char aes_key[(256/8)]
Actual key for AES.
unsigned char twofish_key[(256/8)]
Actual key for TwoFish.
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)

◆ GNUNET_CRYPTO_symmetric_encrypt()

ssize_t GNUNET_CRYPTO_symmetric_encrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams.
Returns
the size of the encrypted block, -1 for errors

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams
resultthe output parameter in which to store the encrypted result can be the same or overlap with block
Returns
the size of the encrypted block, -1 for errors. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as len.

Definition at line 130 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by block_create(), do_encrypt(), encrypt_existing_match(), encrypt_payload(), GNUNET_CRYPTO_pow_hash(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().

137 {
138  gcry_cipher_hd_t handle;
139  char tmp[size];
140 
141  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
142  return -1;
143  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
144  gcry_cipher_close (handle);
145  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
146  return -1;
147  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
148  gcry_cipher_close (handle);
149  memset (tmp, 0, sizeof(tmp));
150  return size;
151 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_decrypt()

ssize_t GNUNET_CRYPTO_symmetric_decrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizehow big is the block?
sessionkeythe key used to decrypt
ivthe initialization vector to use
resultaddress to store the result at
Returns
-1 on failure, size of decrypted block on success

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizethe size of the block to decrypt
sessionkeythe key used to decrypt
ivthe initialization vector to use, use INITVALUE for streams
resultaddress to store the result at can be the same or overlap with block
Returns
-1 on failure, size of decrypted block on success. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as size.

Definition at line 168 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by decrypt_payload(), do_decrypt(), GNUNET_FS_ublock_decrypt_(), GNUNET_GNSRECORD_block_decrypt(), process_result_with_request(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().

175 {
176  gcry_cipher_hd_t handle;
177  char tmp[size];
178 
179  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
180  return -1;
181  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
182  gcry_cipher_close (handle);
183  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
184  return -1;
185  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
186  gcry_cipher_close (handle);
187  memset (tmp, 0, sizeof(tmp));
188  return size;
189 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_derive_iv()

void GNUNET_CRYPTO_symmetric_derive_iv ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
const void *  salt,
size_t  salt_len,
  ... 
)

Derive an IV.

Parameters
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
...pairs of void * & size_t for context chunks, terminated by NULL

Definition at line 202 of file crypto_symmetric.c.

References GNUNET_CRYPTO_symmetric_derive_iv_v().

Referenced by derive_iv(), derive_pong_iv(), GNUNET_CRYPTO_pow_hash(), t_ax_decrypt(), t_ax_encrypt(), t_h_decrypt(), t_h_encrypt(), and try_old_ax_keys().

210 {
211  va_list argp;
212 
213  va_start (argp, salt_len);
214  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
215  va_end (argp);
216 }
void GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
Derive an IV.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_public()

void GNUNET_CRYPTO_ecdsa_key_get_public ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 172 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa(), and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by attr_iter_cb(), authorize_endpoint(), block_create(), create_finished(), decrypt_block_with_keyword(), filter_tickets_finished_cb(), get_nick_record(), get_update_information_directory(), GNUNET_ABD_delegate_issue(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_block_create(), GNUNET_GNSRECORD_block_create2(), GNUNET_GNSRECORD_query_from_private_key(), GNUNET_IDENTITY_ego_get_anonymous(), GNUNET_IDENTITY_ego_get_public_key(), GNUNET_REVOCATION_sign_revocation(), handle_attestation_store_message(), handle_attribute_store_message(), handle_client_call_message(), handle_collect(), handle_identity_set_default(), handle_identity_update(), handle_reference_store_message(), identity_zone_cb(), OIDC_parse_authz_code(), process_kblock_for_unindex(), RECLAIM_TICKETS_consume(), RECLAIM_TICKETS_revoke(), and refresh_block().

175 {
176  BENCHMARK_START (ecdsa_key_get_public);
178  BENCHMARK_END (ecdsa_key_get_public);
179 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa(u8 *pk, const u8 *s)
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_get_public()

void GNUNET_CRYPTO_eddsa_key_get_public ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 189 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_TWEETNACL_sign_pk_from_seed(), and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by advertise_dns_exit(), create_keys(), GCT_handle_kx(), get_identity(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_FS_uri_loc_create(), GNUNET_TESTING_hostkey_get(), GSC_KX_init(), main_init(), print_key(), regex_iterator(), and run().

192 {
193  BENCHMARK_START (eddsa_key_get_public);
195  BENCHMARK_END (eddsa_key_get_public);
196 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
void GNUNET_TWEETNACL_sign_pk_from_seed(u8 *pk, const u8 *seed)
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_get_public()

void GNUNET_CRYPTO_ecdhe_key_get_public ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
struct GNUNET_CRYPTO_EcdhePublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 206 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_TWEETNACL_scalarmult_curve25519_base(), and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by GCT_handle_kx(), GCT_handle_kx_auth(), GCT_send(), inject_rekey(), mq_send(), OIDC_build_authz_code(), print_examples_ecdh(), run(), send_kx(), send_kx_auth(), sign_ephemeral_key(), start_initial_kx_out(), and update_ephemeral().

209 {
210  BENCHMARK_START (ecdhe_key_get_public);
212  BENCHMARK_END (ecdhe_key_get_public);
213 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
int GNUNET_TWEETNACL_scalarmult_curve25519_base(u8 *q, const u8 *n)
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create_from_file()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_create_from_file ( const char *  filename)

Create a new private key by reading it from a file.

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 269 of file crypto_ecc_setup.c.

References _, GNUNET_DISK_FileHandle::fd, fs, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_DISK_directory_create_for_file(), GNUNET_DISK_file_close(), GNUNET_DISK_file_lock(), GNUNET_DISK_file_open(), GNUNET_DISK_file_read(), GNUNET_DISK_file_size(), GNUNET_DISK_file_sync(), GNUNET_DISK_file_test(), GNUNET_DISK_file_unlock(), GNUNET_DISK_file_write(), GNUNET_DISK_OPEN_CREATE, GNUNET_DISK_OPEN_FAILIFEXISTS, GNUNET_DISK_OPEN_READ, GNUNET_DISK_OPEN_WRITE, GNUNET_DISK_PERM_NONE, GNUNET_DISK_PERM_USER_READ, GNUNET_DISK_PERM_USER_WRITE, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_malloc, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, GNUNET_YES, LOG, LOG_STRERROR_FILE, and short_wait().

Referenced by process_ego_file().

270 {
271  struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
272  struct GNUNET_DISK_FileHandle *fd;
273  unsigned int cnt;
274  int ec;
275  uint64_t fs;
276  ssize_t sret;
277 
279  return NULL;
281  {
282  fd =
288  if (NULL == fd)
289  {
290  if (EEXIST == errno)
291  {
293  {
294  /* must exist but not be accessible, fail for good! */
295  if (0 != access (filename, R_OK))
297  else
298  GNUNET_break (0); /* what is going on!? */
299  return NULL;
300  }
301  continue;
302  }
304  return NULL;
305  }
306  cnt = 0;
307  while (GNUNET_YES !=
309  0,
310  sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey),
311  GNUNET_YES))
312  {
313  short_wait ();
314  if (0 == ++cnt % 10)
315  {
316  ec = errno;
318  _ ("Could not acquire lock on file `%s': %s...\n"),
319  filename,
320  strerror (ec));
321  }
322  }
324  _ ("Creating a new private key. This may take a while.\n"));
326  GNUNET_assert (NULL != priv);
327  GNUNET_assert (sizeof(*priv) ==
328  GNUNET_DISK_file_write (fd, priv, sizeof(*priv)));
330  if (GNUNET_YES !=
332  0,
333  sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)))
336  return priv;
337  }
338  /* key file exists already, read it! */
342  if (NULL == fd)
343  {
345  return NULL;
346  }
347  cnt = 0;
348  while (1)
349  {
350  if (GNUNET_YES !=
352  0,
353  sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey),
354  GNUNET_NO))
355  {
356  if (0 == ++cnt % 60)
357  {
358  ec = errno;
360  _ ("Could not acquire lock on file `%s': %s...\n"),
361  filename,
362  strerror (ec));
363  LOG (
365  _ (
366  "This may be ok if someone is currently generating a private key.\n"));
367  }
368  short_wait ();
369  continue;
370  }
372  {
373  /* eh, what!? File we opened is now gone!? */
375  if (GNUNET_YES !=
377  0,
378  sizeof(
382 
383  return NULL;
384  }
385  if (GNUNET_OK !=
387  fs = 0;
388  if (fs < sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey))
389  {
390  /* maybe we got the read lock before the key generating
391  * process had a chance to get the write lock; give it up! */
392  if (GNUNET_YES !=
394  0,
395  sizeof(
398  if (0 == ++cnt % 10)
399  {
401  _ (
402  "When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
403  filename,
404  (unsigned int) fs,
405  (unsigned int) sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
407  _ ("This may be ok if someone is currently generating a key.\n"));
408  }
409  short_wait (); /* wait a bit longer! */
410  continue;
411  }
412  break;
413  }
414  fs = sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey);
415  priv = GNUNET_malloc (fs);
416  sret = GNUNET_DISK_file_read (fd, priv, fs);
417  GNUNET_assert ((sret >= 0) && (fs == (size_t) sret));
418  if (GNUNET_YES !=
420  0,
421  sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)))
424  return priv;
425 }
#define LOG_STRERROR_FILE(kind, syscall, filename)
static void short_wait()
Wait for a short time (we&#39;re trying to lock a file or want to give another process a shot at finishin...
int GNUNET_DISK_file_test(const char *fil)
Check that fil corresponds to a filename (of a file that exists and that is not a directory)...
Definition: disk.c:544
Open the file for reading.
int GNUNET_DISK_file_sync(const struct GNUNET_DISK_FileHandle *h)
Write file changes to disk.
Definition: disk.c:1500
Create file if it doesn&#39;t exist.
int GNUNET_DISK_file_close(struct GNUNET_DISK_FileHandle *h)
Close an open file.
Definition: disk.c:1345
int GNUNET_DISK_file_unlock(struct GNUNET_DISK_FileHandle *fh, off_t unlock_start, off_t unlock_end)
Unlock a part of a file.
Definition: disk.c:1233
ssize_t GNUNET_DISK_file_read(const struct GNUNET_DISK_FileHandle *h, void *result, size_t len)
Read the contents of a binary file into a buffer.
Definition: disk.c:732
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_create(void)
Create a new private key.
Definition: crypto_ecc.c:538
Nobody is allowed to do anything to the file.
int GNUNET_DISK_directory_create_for_file(const char *filename)
Create the directory structure for storing a file.
Definition: disk.c:684
#define GNUNET_NO
Definition: gnunet_common.h:86
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
Private ECC key encoded for transmission.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:180
ssize_t GNUNET_DISK_file_write(const struct GNUNET_DISK_FileHandle *h, const void *buffer, size_t n)
Write a buffer to a file.
Definition: disk.c:820
#define LOG(kind,...)
static char * filename
int GNUNET_DISK_file_lock(struct GNUNET_DISK_FileHandle *fh, off_t lock_start, off_t lock_end, int excl)
Lock a part of a file.
Definition: disk.c:1201
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
Open the file for writing.
static struct GNUNET_FS_Handle * fs
Handle to FS service.
Definition: gnunet-fs.c:36
int GNUNET_DISK_file_size(const char *filename, uint64_t *size, int include_symbolic_links, int single_file_mode)
Get the size of the file (or directory) of the given file (in bytes).
Definition: disk.c:257
#define GNUNET_YES
Definition: gnunet_common.h:85
int fd
File handle on Unix-like systems.
Fail if file already exists.
struct GNUNET_DISK_FileHandle * GNUNET_DISK_file_open(const char *fn, enum GNUNET_DISK_OpenFlags flags, enum GNUNET_DISK_AccessPermissions perm)
Open a file.
Definition: disk.c:1268
Handle used to access files (and pipes).
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_file()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_file ( const char *  filename)

Create a new private key by reading it from a file.

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 87 of file crypto_ecc_setup.c.

References _, GNUNET_DISK_FileHandle::fd, fs, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_eddsa_key_create(), GNUNET_DISK_directory_create_for_file(), GNUNET_DISK_file_close(), GNUNET_DISK_file_lock(), GNUNET_DISK_file_open(), GNUNET_DISK_file_read(), GNUNET_DISK_file_size(), GNUNET_DISK_file_sync(), GNUNET_DISK_file_test(), GNUNET_DISK_file_unlock(), GNUNET_DISK_file_write(), GNUNET_DISK_OPEN_CREATE, GNUNET_DISK_OPEN_FAILIFEXISTS, GNUNET_DISK_OPEN_READ, GNUNET_DISK_OPEN_WRITE, GNUNET_DISK_PERM_NONE, GNUNET_DISK_PERM_USER_READ, GNUNET_DISK_PERM_USER_WRITE, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_malloc, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, GNUNET_YES, LOG, LOG_STRERROR_FILE, and short_wait().

Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), main_init(), and run().

88 {
89  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
90  struct GNUNET_DISK_FileHandle *fd;
91  unsigned int cnt;
92  int ec;
93  uint64_t fs;
94  ssize_t sret;
95 
97  return NULL;
99  {
100  fd =
106  if (NULL == fd)
107  {
108  if (EEXIST == errno)
109  {
111  {
112  /* must exist but not be accessible, fail for good! */
113  if (0 != access (filename, R_OK))
115  else
116  GNUNET_break (0); /* what is going on!? */
117  return NULL;
118  }
119  continue;
120  }
122  return NULL;
123  }
124  cnt = 0;
125  while (GNUNET_YES !=
127  0,
128  sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey),
129  GNUNET_YES))
130  {
131  short_wait ();
132  if (0 == ++cnt % 10)
133  {
134  ec = errno;
136  _ ("Could not acquire lock on file `%s': %s...\n"),
137  filename,
138  strerror (ec));
139  }
140  }
142  _ ("Creating a new private key. This may take a while.\n"));
144  GNUNET_assert (NULL != priv);
145  GNUNET_assert (sizeof(*priv) ==
146  GNUNET_DISK_file_write (fd, priv, sizeof(*priv)));
148  if (GNUNET_YES !=
150  0,
151  sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)))
154  return priv;
155  }
156  /* key file exists already, read it! */
160  if (NULL == fd)
161  {
163  return NULL;
164  }
165  cnt = 0;
166  while (1)
167  {
168  if (GNUNET_YES !=
170  0,
171  sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey),
172  GNUNET_NO))
173  {
174  if (0 == ++cnt % 60)
175  {
176  ec = errno;
178  _ ("Could not acquire lock on file `%s': %s...\n"),
179  filename,
180  strerror (ec));
181  LOG (
183  _ (
184  "This may be ok if someone is currently generating a private key.\n"));
185  }
186  short_wait ();
187  continue;
188  }
190  {
191  /* eh, what!? File we opened is now gone!? */
193  if (GNUNET_YES !=
195  0,
196  sizeof(
200 
201  return NULL;
202  }
203  if (GNUNET_OK !=
205  fs = 0;
206  if (fs < sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey))
207  {
208  /* maybe we got the read lock before the key generating
209  * process had a chance to get the write lock; give it up! */
210  if (GNUNET_YES !=
212  0,
213  sizeof(
216  if (0 == ++cnt % 10)
217  {
219  _ (
220  "When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
221  filename,
222  (unsigned int) fs,
223  (unsigned int) sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
225  _ ("This may be ok if someone is currently generating a key.\n"));
226  }
227  short_wait (); /* wait a bit longer! */
228  continue;
229  }
230  break;
231  }
232  fs = sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey);
233  priv = GNUNET_malloc (fs);
234  sret = GNUNET_DISK_file_read (fd, priv, fs);
235  GNUNET_assert ((sret >= 0) && (fs == (size_t) sret));
236  if (GNUNET_YES !=
238  0,
239  sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)))
242 #if CRYPTO_BUG
243  if (GNUNET_OK != check_eddsa_key (priv))
244  {
245  GNUNET_break (0);
246  GNUNET_free (priv);
247  return NULL;
248  }
249 #endif
250  return priv;
251 }
#define LOG_STRERROR_FILE(kind, syscall, filename)
static void short_wait()
Wait for a short time (we&#39;re trying to lock a file or want to give another process a shot at finishin...
int GNUNET_DISK_file_test(const char *fil)
Check that fil corresponds to a filename (of a file that exists and that is not a directory)...
Definition: disk.c:544
Open the file for reading.
int GNUNET_DISK_file_sync(const struct GNUNET_DISK_FileHandle *h)
Write file changes to disk.
Definition: disk.c:1500
Create file if it doesn&#39;t exist.
int GNUNET_DISK_file_close(struct GNUNET_DISK_FileHandle *h)
Close an open file.
Definition: disk.c:1345
int GNUNET_DISK_file_unlock(struct GNUNET_DISK_FileHandle *fh, off_t unlock_start, off_t unlock_end)
Unlock a part of a file.
Definition: disk.c:1233
ssize_t GNUNET_DISK_file_read(const struct GNUNET_DISK_FileHandle *h, void *result, size_t len)
Read the contents of a binary file into a buffer.
Definition: disk.c:732
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Nobody is allowed to do anything to the file.
int GNUNET_DISK_directory_create_for_file(const char *filename)
Create the directory structure for storing a file.
Definition: disk.c:684
#define GNUNET_NO
Definition: gnunet_common.h:86
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:180
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create(void)
Create a new private key.
Definition: crypto_ecc.c:594
ssize_t GNUNET_DISK_file_write(const struct GNUNET_DISK_FileHandle *h, const void *buffer, size_t n)
Write a buffer to a file.
Definition: disk.c:820
#define LOG(kind,...)
static char * filename
int GNUNET_DISK_file_lock(struct GNUNET_DISK_FileHandle *fh, off_t lock_start, off_t lock_end, int excl)
Lock a part of a file.
Definition: disk.c:1201
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
Open the file for writing.
static struct GNUNET_FS_Handle * fs
Handle to FS service.
Definition: gnunet-fs.c:36
int GNUNET_DISK_file_size(const char *filename, uint64_t *size, int include_symbolic_links, int single_file_mode)
Get the size of the file (or directory) of the given file (in bytes).
Definition: disk.c:257
Private ECC key encoded for transmission.
#define GNUNET_YES
Definition: gnunet_common.h:85
int fd
File handle on Unix-like systems.
Fail if file already exists.
struct GNUNET_DISK_FileHandle * GNUNET_DISK_file_open(const char *fn, enum GNUNET_DISK_OpenFlags flags, enum GNUNET_DISK_AccessPermissions perm)
Open a file.
Definition: disk.c:1268
Handle used to access files (and pipes).
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_configuration()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_configuration ( const struct GNUNET_CONFIGURATION_Handle cfg)

Create a new private key by reading our peer's key from the file specified in the configuration.

Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free
Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 437 of file crypto_ecc_setup.c.

References fn, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_create_from_file(), GNUNET_free, and GNUNET_OK.

Referenced by advertise_dns_exit(), GNUNET_CRYPTO_eddsa_setup_key(), GNUNET_CRYPTO_get_peer_identity(), and run().

439 {
440  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
441  char *fn;
442 
443  if (GNUNET_OK !=
444  GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn))
445  return NULL;
447  GNUNET_free (fn);
448  return priv;
449 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
static char * fn
Filename of the unique file.
Private ECC key encoded for transmission.
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_file(const char *filename)
Create a new private key by reading it from a file.
int GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_create ( void  )

Create a new private key.

Caller must free return value.

Returns
fresh private key; free using GNUNET_free

Caller must free return value.

Returns
fresh private key

Definition at line 538 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_new, key_from_sexp(), and LOG_GCRY.

Referenced by GNUNET_CRYPTO_ecdsa_key_create_from_file(), and GNUNET_IDENTITY_create().

539 {
540  struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
541  gcry_sexp_t priv_sexp;
542  gcry_sexp_t s_keyparam;
543  gcry_mpi_t d;
544  int rc;
545 
546  BENCHMARK_START (ecdsa_key_create);
547 
548  if (0 != (rc = gcry_sexp_build (&s_keyparam,
549  NULL,
550  "(genkey(ecc(curve \"" CURVE "\")"
551  "(flags)))")))
552  {
553  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
554  return NULL;
555  }
556  if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
557  {
558  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
559  gcry_sexp_release (s_keyparam);
560  return NULL;
561  }
562  gcry_sexp_release (s_keyparam);
563 #if EXTRA_CHECKS
564  if (0 != (rc = gcry_pk_testkey (priv_sexp)))
565  {
566  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
567  gcry_sexp_release (priv_sexp);
568  return NULL;
569  }
570 #endif
571  if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
572  {
573  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
574  gcry_sexp_release (priv_sexp);
575  return NULL;
576  }
577  gcry_sexp_release (priv_sexp);
579  GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof(priv->d), d);
580  gcry_mpi_release (d);
581 
582  BENCHMARK_END (ecdsa_key_create);
583 
584  return priv;
585 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:58
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:80
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create ( void  )

Create a new private key.

Caller must free return value.

Returns
fresh private key; free using GNUNET_free

Caller must free return value.

Returns
fresh private key

Definition at line 594 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and GNUNET_new.

Referenced by create_keys(), GNUNET_CRYPTO_eddsa_key_create_from_file(), and run().

595 {
596  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
597 
598  BENCHMARK_START (eddsa_key_create);
601  priv,
602  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
603  BENCHMARK_END (eddsa_key_create);
604 
605  return priv;
606 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Randomness for IVs etc.
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create2()

int GNUNET_CRYPTO_ecdhe_key_create2 ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Create a new private key.

Clear with GNUNET_CRYPTO_ecdhe_key_clear().

Parameters
[out]pkset to fresh private key;
Returns
GNUNET_OK on success, GNUNET_SYSERR on failure

Definition at line 521 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and GNUNET_OK.

Referenced by GCT_create_tunnel(), GNUNET_CRYPTO_ecdhe_key_create(), inject_rekey(), mq_send(), new_ephemeral(), start_initial_kx_out(), and update_ephemeral().

522 {
523  BENCHMARK_START (ecdhe_key_create);
525  pk,
526  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
527  BENCHMARK_END (ecdhe_key_create);
528  return GNUNET_OK;
529 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
Randomness for IVs etc.
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create()

struct GNUNET_CRYPTO_EcdhePrivateKey* GNUNET_CRYPTO_ecdhe_key_create ( void  )

Create a new private key.

Caller must free return value.

Returns
fresh private key; free using GNUNET_free

Caller must free return value.

Returns
fresh private key

Definition at line 499 of file crypto_ecc.c.

References GNUNET_CRYPTO_ecdhe_key_create2(), GNUNET_free, GNUNET_new, and GNUNET_OK.

Referenced by do_rekey(), GSC_KX_init(), OIDC_build_authz_code(), print_examples_ecdh(), and run().

500 {
501  struct GNUNET_CRYPTO_EcdhePrivateKey *priv;
502 
505  {
506  GNUNET_free (priv);
507  return NULL;
508  }
509  return priv;
510 }
int GNUNET_CRYPTO_ecdhe_key_create2(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:521
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_clear()

void GNUNET_CRYPTO_eddsa_key_clear ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 487 of file crypto_ecc.c.

488 {
489  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
490 }
Private ECC key encoded for transmission.

◆ GNUNET_CRYPTO_ecdsa_key_clear()

void GNUNET_CRYPTO_ecdsa_key_clear ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 474 of file crypto_ecc.c.

Referenced by main().

475 {
476  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
477 }
Private ECC key encoded for transmission.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_clear()

void GNUNET_CRYPTO_ecdhe_key_clear ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 461 of file crypto_ecc.c.

Referenced by cleanup_ax().

462 {
463  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
464 }
Private ECC key encoded for transmission.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_anonymous()

const struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_get_anonymous ( void  )

Get the shared private key we use for anonymous users.

Returns
"anonymous" private key; do not free
"anonymous" private key

'anonymous' pseudonym (global static, d=1, public key = G (generator).

Definition at line 615 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.

Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().

616 {
621  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
622  static int once;
623 
624  if (once)
625  return &anonymous;
627  sizeof(anonymous.d),
628  GCRYMPI_CONST_ONE);
629  once = 1;
630  return &anonymous;
631 }
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
Private ECC key encoded for transmission.
static int once
Global to mark if we&#39;ve run the initialization.
Definition: gnsrecord.c:68
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_setup_hostkey()

void GNUNET_CRYPTO_eddsa_setup_hostkey ( const char *  cfg_name)

Setup a hostkey file for a peer given the name of the configuration file (!).

This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).

Parameters
cfg_namename of the configuration file to use

◆ GNUNET_CRYPTO_get_peer_identity()

int GNUNET_CRYPTO_get_peer_identity ( const struct GNUNET_CONFIGURATION_Handle cfg,
struct GNUNET_PeerIdentity dst 
)

Retrieve the identity of the host's peer.

Parameters
cfgconfiguration to use
dstpointer to where to write the peer identity
Returns
GNUNET_OK on success, GNUNET_SYSERR if the identity could not be retrieved

Definition at line 461 of file crypto_ecc_setup.c.

References _, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, and GNUNET_PeerIdentity::public_key.

Referenced by GNUNET_CONVERSATION_phone_create(), and run().

463 {
464  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
465 
466  if (NULL == (priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg)))
467  {
469  _ ("Could not load peer's private key\n"));
470  return GNUNET_SYSERR;
471  }
473  GNUNET_free (priv);
474  return GNUNET_OK;
475 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
#define _(String)
GNU gettext support macro.
Definition: platform.h:180
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:189
Private ECC key encoded for transmission.
#define GNUNET_log(kind,...)
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer&#39;s key from the file specified in the configuration...
#define GNUNET_free(ptr)
Wrapper around free.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_ecdh()

int GNUNET_CRYPTO_ecc_ecdh ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 875 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_TWEETNACL_SCALARMULT_BYTES, GNUNET_TWEETNACL_scalarmult_curve25519(), p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by derive_session_keys(), GCT_handle_kx(), print_examples_ecdh(), run(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().

878 {
882  return GNUNET_OK;
883 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define GNUNET_TWEETNACL_SCALARMULT_BYTES
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
int GNUNET_TWEETNACL_scalarmult_curve25519(u8 *q, const u8 *n, const u8 *p)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_ecdh()

int GNUNET_CRYPTO_eddsa_ecdh ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private EdDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from EdDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1040 of file crypto_ecc.c.

References GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_TWEETNACL_SCALARMULT_BYTES, GNUNET_TWEETNACL_scalarmult_curve25519(), p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by dh_key_derive_eph_pub(), GCT_handle_kx(), setup_in_cipher(), setup_shared_secret_dec(), and update_ax_by_kx().

1043 {
1044  struct GNUNET_HashCode hc;
1047 
1048  GNUNET_CRYPTO_hash (priv,
1049  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
1050  &hc);
1051  memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1053  GNUNET_CRYPTO_hash (p,
1055  key_material);
1056  return GNUNET_OK;
1057 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define GNUNET_TWEETNACL_SCALARMULT_BYTES
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
Private ECC key encoded for transmission.
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
A 512-bit hashcode.
Private ECC key encoded for transmission.
int GNUNET_TWEETNACL_scalarmult_curve25519(u8 *q, const u8 *n, const u8 *p)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_ecdh()

int GNUNET_CRYPTO_ecdsa_ecdh ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private ECDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1071 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_TWEETNACL_SCALARMULT_BYTES, GNUNET_TWEETNACL_scalarmult_curve25519(), p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by calculate_key_priv().

1074 {
1076  uint8_t d_rev[GNUNET_TWEETNACL_SCALARMULT_BYTES];
1077 
1078  BENCHMARK_START (ecdsa_ecdh);
1079  for (size_t i = 0; i < 32; i++)
1080  d_rev[i] = priv->d[31 - i];
1082  GNUNET_CRYPTO_hash (p,
1084  key_material);
1085  BENCHMARK_END (ecdsa_ecdh);
1086  return GNUNET_OK;
1087 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_TWEETNACL_SCALARMULT_BYTES
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
int GNUNET_TWEETNACL_scalarmult_curve25519(u8 *q, const u8 *n, const u8 *p)
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_eddsa()

int GNUNET_CRYPTO_ecdh_eddsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EddsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EdDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_eddsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from EdDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1101 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_TWEETNACL_SCALARMULT_BYTES, GNUNET_TWEETNACL_scalarmult_curve25519(), GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519(), GNUNET_TWEETNACL_SIGN_PUBLICBYTES, p, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by dh_key_derive_eph_pid(), GCT_handle_kx(), run(), setup_out_cipher(), setup_shared_secret_enc(), and update_ax_by_kx().

1104 {
1106  uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES];
1107 
1109  GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk);
1111  return GNUNET_OK;
1112 }
#define GNUNET_TWEETNACL_SCALARMULT_BYTES
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
int GNUNET_TWEETNACL_scalarmult_curve25519(u8 *q, const u8 *n, const u8 *p)
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
#define GNUNET_TWEETNACL_SIGN_PUBLICBYTES
int GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519(u8 *x25519_pk, const u8 *ed25519_pk)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_ecdsa()

int GNUNET_CRYPTO_ecdh_ecdsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EcDSA public key and a private ECDH key.

Derive key material from a ECDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Dual to GNUNET_CRYPTO_ecdsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1126 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_TWEETNACL_SCALARMULT_BYTES, GNUNET_TWEETNACL_scalarmult_curve25519(), GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519(), GNUNET_TWEETNACL_SIGN_PUBLICBYTES, p, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by calculate_key_pub().

1129 {
1131  uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES];
1132 
1134  GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk);
1136  return GNUNET_OK;
1137 }
#define GNUNET_TWEETNACL_SCALARMULT_BYTES
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
int GNUNET_TWEETNACL_scalarmult_curve25519(u8 *q, const u8 *n, const u8 *p)
#define GNUNET_TWEETNACL_SIGN_PUBLICBYTES
int GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519(u8 *x25519_pk, const u8 *ed25519_pk)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_sign()

int GNUNET_CRYPTO_eddsa_sign ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EddsaSignature sig 
)

EdDSA sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

EdDSA sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 745 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_OK, GNUNET_SYSERR, GNUNET_TWEETNACL_sign_detached(), GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES, GNUNET_TWEETNACL_sign_sk_from_seed(), res, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by do_dht_put(), forward_dv_learn(), GNUNET_FS_uri_loc_create(), GNUNET_HELLO_sign_address(), GST_validation_handle_ping(), handle_validation_challenge(), iface_proc(), inject_rekey(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), mq_send(), regex_iterator(), run(), send_disconnect(), setup_flood_message(), sign_ephemeral_key(), start_dv_learn(), transmit_kx(), and update_ephemeral().

749 {
750 
751  size_t mlen = ntohl (purpose->size);
752  unsigned char sk[GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES];
753  int res;
754 
755  BENCHMARK_START (eddsa_sign);
757  res = GNUNET_TWEETNACL_sign_detached ((uint8_t *) sig,
758  (uint8_t *) purpose,
759  mlen,
760  sk);
761  BENCHMARK_END (eddsa_sign);
762  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
763 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
int GNUNET_TWEETNACL_sign_detached(u8 *sig, const u8 *m, u64 n, const u8 *sk)
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
#define GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static int res
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
void GNUNET_TWEETNACL_sign_sk_from_seed(u8 *sk, const u8 *seed)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_sign()

int GNUNET_CRYPTO_ecdsa_sign ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EcdsaSignature sig 
)

ECDSA Sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

ECDSA Sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 687 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, data, data_to_ecdsa_value(), decode_private_ecdsa_key(), GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_WARNING, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), LOG, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_create(), GNUNET_ABD_delegate_issue(), GNUNET_FS_publish_ublock_(), GNUNET_REVOCATION_sign_revocation(), handle_client_call_message(), and OIDC_build_authz_code().

691 {
692  gcry_sexp_t priv_sexp;
693  gcry_sexp_t sig_sexp;
694  gcry_sexp_t data;
695  int rc;
696  gcry_mpi_t rs[2];
697 
698  BENCHMARK_START (ecdsa_sign);
699 
700  priv_sexp = decode_private_ecdsa_key (priv);
701  data = data_to_ecdsa_value (purpose);
702  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
703  {
705  _ ("ECC signing failed at %s:%d: %s\n"),
706  __FILE__,
707  __LINE__,
708  gcry_strerror (rc));
709  gcry_sexp_release (data);
710  gcry_sexp_release (priv_sexp);
711  return GNUNET_SYSERR;
712  }
713  gcry_sexp_release (priv_sexp);
714  gcry_sexp_release (data);
715 
716  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
717  'signature' */
718  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
719  {
720  GNUNET_break (0);
721  gcry_sexp_release (sig_sexp);
722  return GNUNET_SYSERR;
723  }
724  gcry_sexp_release (sig_sexp);
725  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
726  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
727  gcry_mpi_release (rs[0]);
728  gcry_mpi_release (rs[1]);
729 
730  BENCHMARK_END (ecdsa_sign);
731 
732  return GNUNET_OK;
733 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:180
#define LOG(kind,...)
Definition: crypto_ecc.c:45
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:642
unsigned char s[256/8]
S value.
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:80
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:138
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_verify()

int GNUNET_CRYPTO_eddsa_verify ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EddsaSignature sig,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Verify EdDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Verify EdDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 844 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_OK, GNUNET_SYSERR, GNUNET_TWEETNACL_sign_detached_verify(), m, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by block_plugin_dns_evaluate(), decrypt_and_check_tc(), do_rekey(), evaluate_block_regex_accept(), GNUNET_HELLO_extract_address(), GST_neighbours_handle_disconnect_message(), GST_validation_handle_pong(), handle_dv_box(), handle_dv_learn(), handle_ephemeral_key(), handle_validation_response(), keygen_round1_new_element(), keygen_round2_new_element(), run(), sock_read(), uri_loc_parse(), validate_dv_initiator_signature(), verify_confirmation(), and verify_message_crypto().

849 {
850  unsigned char *m = (void *) validate;
851  size_t mlen = ntohl (validate->size);
852  unsigned char *s = (void *) sig;
853 
854  int res;
855 
856  if (purpose != ntohl (validate->purpose))
857  return GNUNET_SYSERR; /* purpose mismatch */
858 
859  BENCHMARK_START (eddsa_verify);
860  res = GNUNET_TWEETNACL_sign_detached_verify (s, m, mlen, pub->q_y);
861  BENCHMARK_END (eddsa_verify);
862  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
863 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
int GNUNET_TWEETNACL_sign_detached_verify(const u8 *sig, const u8 *m, u64 n, const u8 *pk)
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static int res
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_verify()

int GNUNET_CRYPTO_ecdsa_verify ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EcdsaSignature sig,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Verify ECDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Verify ECDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 776 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, CURVE, data, data_to_ecdsa_value(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_OK, GNUNET_SYSERR, LOG, LOG_GCRY, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EcdsaPublicKey::q_y, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_plugin_fs_evaluate(), block_plugin_revocation_evaluate(), GNUNET_ABD_delegate_deserialize(), GNUNET_ABD_delegate_serialize(), GNUNET_GNSRECORD_block_verify(), handle_cadet_ring_message(), OIDC_parse_authz_code(), and verify_revoke_message().

781 {
782  gcry_sexp_t data;
783  gcry_sexp_t sig_sexpr;
784  gcry_sexp_t pub_sexpr;
785  int rc;
786 
787  BENCHMARK_START (ecdsa_verify);
788 
789  if (purpose != ntohl (validate->purpose))
790  return GNUNET_SYSERR; /* purpose mismatch */
791 
792  /* build s-expression for signature */
793  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
794  NULL,
795  "(sig-val(ecdsa(r %b)(s %b)))",
796  (int) sizeof(sig->r),
797  sig->r,
798  (int) sizeof(sig->s),
799  sig->s)))
800  {
801  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
802  return GNUNET_SYSERR;
803  }
804  data = data_to_ecdsa_value (validate);
805  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
806  NULL,
807  "(public-key(ecc(curve " CURVE ")(q %b)))",
808  (int) sizeof(pub->q_y),
809  pub->q_y)))
810  {
811  gcry_sexp_release (data);
812  gcry_sexp_release (sig_sexpr);
813  return GNUNET_SYSERR;
814  }
815  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
816  gcry_sexp_release (pub_sexpr);
817  gcry_sexp_release (data);
818  gcry_sexp_release (sig_sexpr);
819  if (0 != rc)
820  {
822  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
823  __FILE__,
824  __LINE__,
825  gcry_strerror (rc));
826  BENCHMARK_END (ecdsa_verify);
827  return GNUNET_SYSERR;
828  }
829  BENCHMARK_END (ecdsa_verify);
830  return GNUNET_OK;
831 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
#define _(String)
GNU gettext support macro.
Definition: platform.h:180
#define LOG(kind,...)
Definition: crypto_ecc.c:45
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:58
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:642
unsigned char s[256/8]
S value.
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_private_key_derive()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_private_key_derive ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const char *  label,
const char *  context 
)

Derive a private key from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Essentially calculates a private key 'd = H(l,P) * x mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Definition at line 935 of file crypto_ecc.c.

References ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, derive_h(), GNUNET_assert, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_new, h, and ret.

Referenced by block_create(), and GNUNET_FS_publish_ublock_().

939 {
942  gcry_mpi_t h;
943  gcry_mpi_t x;
944  gcry_mpi_t d;
945  gcry_mpi_t n;
946  gcry_ctx_t ctx;
947 
948  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
949 
950  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
952 
953  h = derive_h (&pub, label, context);
954  GNUNET_CRYPTO_mpi_scan_unsigned (&x, priv->d, sizeof(priv->d));
955  d = gcry_mpi_new (256);
956  gcry_mpi_mulm (d, h, x, n);
957  gcry_mpi_release (h);
958  gcry_mpi_release (x);
959  gcry_mpi_release (n);
960  gcry_ctx_release (ctx);
962  GNUNET_CRYPTO_mpi_print_unsigned (ret->d, sizeof(ret->d), d);
963  gcry_mpi_release (d);
964  return ret;
965 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static pa_context * context
Pulseaudio context.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:172
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:39
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:897
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_derive()

void GNUNET_CRYPTO_ecdsa_public_key_derive ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EcdsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key derivation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 979 of file crypto_ecc.c.

References ctx, CURVE, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), h, q, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_query_from_public_key(), and schedule_transmit_search_request().

984 {
985  gcry_ctx_t ctx;
986  gcry_mpi_t q_y;
987  gcry_mpi_t h;
988  gcry_mpi_t n;
989  gcry_mpi_t h_mod_n;
990  gcry_mpi_point_t q;
991  gcry_mpi_point_t v;
992 
993  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
994 
995  /* obtain point 'q' from original public key. The provided 'q' is
996  compressed thus we first store it in the context and then get it
997  back as a (decompresssed) point. */
998  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
999  GNUNET_assert (NULL != q_y);
1000  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
1001  gcry_mpi_release (q_y);
1002  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1003  GNUNET_assert (q);
1004 
1005  /* calculate h_mod_n = h % n */
1006  h = derive_h (pub, label, context);
1007  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
1008  h_mod_n = gcry_mpi_new (256);
1009  gcry_mpi_mod (h_mod_n, h, n);
1010  /* calculate v = h_mod_n * q */
1011  v = gcry_mpi_point_new (0);
1012  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
1013  gcry_mpi_release (h_mod_n);
1014  gcry_mpi_release (h);
1015  gcry_mpi_release (n);
1016  gcry_mpi_point_release (q);
1017 
1018  /* convert point 'v' to public key that we return */
1019  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
1020  gcry_mpi_point_release (v);
1021  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
1022  GNUNET_assert (q_y);
1023  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
1024  gcry_mpi_release (q_y);
1025  gcry_ctx_release (ctx);
1026 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static pa_context * context
Pulseaudio context.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:897
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
Here is the call graph for this function:
Here is the caller graph for this function: