GNUnet  0.19.3
Crypto library: cryptographic operations

Provides cryptographic primitives. More...

Collaboration diagram for Crypto library: cryptographic operations:

Macros

#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
 EdDSA sign a given block. More...
 
#define GNUNET_CRYPTO_ecdsa_sign(priv, ps, sig)
 ECDSA sign a given block. More...
 
#define GNUNET_CRYPTO_edx25519_sign(priv, ps, sig)
 Edx25519 sign a given block. More...
 
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
 Verify EdDSA signature. More...
 
#define GNUNET_CRYPTO_ecdsa_verify(purp, ps, sig, pub)
 Verify ECDSA signature. More...
 
#define GNUNET_CRYPTO_edx25519_verify(purp, ps, sig, pub)
 Verify Edx25519 signature. More...
 

Enumerations

enum  GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK , GNUNET_CRYPTO_QUALITY_STRONG , GNUNET_CRYPTO_QUALITY_NONCE }
 Desired quality level for random numbers. More...
 

Functions

void GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 Seed a weak random generator. More...
 
void GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
 Zero out buffer, securely against compiler optimizations. More...
 
void GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
 Fill block with a random values. More...
 
void GNUNET_CRYPTO_random_timeflake (enum GNUNET_CRYPTO_Quality mode, struct GNUNET_Uuid *uuid)
 Fill UUID with a timeflake pseudo-random value. More...
 
uint32_t GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
 Produce a random value. More...
 
uint64_t GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 Generate a random unsigned 64-bit value. More...
 
unsigned int * GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
 Get an array with a random permutation of the numbers 0...n-1. More...
 
void GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
 Create a new random session key. More...
 
ssize_t GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Encrypt a block using a symmetric sessionkey. More...
 
ssize_t GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Decrypt a given block using a symmetric sessionkey. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
 Derive an IV. More...
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_edx25519_key_get_public (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 Create a new private key by reading our peer's key from the file specified in the configuration. More...
 
void GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_edx25519_key_create (struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_edx25519_key_create_from_seed (const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
 Create a new private key for Edx25519 from a given seed. More...
 
void GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_edx25519_key_clear (struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
 Get the shared private key we use for anonymous users. More...
 
void GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
 Setup a hostkey file for a peer given the name of the configuration file (!). More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
 Retrieve the identity of the host's peer. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private ECDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_sign_ (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_Edx25519Signature *sig)
 Edx25519 sign a given block. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_Edx25519Signature *sig, const struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
 Verify Edx25519 signature. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 
void GNUNET_CRYPTO_eddsa_private_key_derive (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPrivateScalar *result)
 Derive a private scalar from a given private key and a label. More...
 
void GNUNET_CRYPTO_eddsa_public_key_derive (const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 
void GNUNET_CRYPTO_edx25519_private_key_derive (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
 Derive a private scalar from a given private key and a label. More...
 
void GNUNET_CRYPTO_edx25519_public_key_derive (const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
 Derive a public key from a given public key and a label. More...
 

Detailed Description

Provides cryptographic primitives.

See also
Documentation

Macro Definition Documentation

◆ GNUNET_CRYPTO_eddsa_sign

#define GNUNET_CRYPTO_eddsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:619
@ GNUNET_OK

EdDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 1922 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_ecdsa_sign

#define GNUNET_CRYPTO_ecdsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition: crypto_ecc.c:549

ECDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 1984 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_edx25519_sign

#define GNUNET_CRYPTO_edx25519_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_sign_(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_Edx25519Signature *sig)
Edx25519 sign a given block.

Edx25519 sign a given block.

The resulting signature is compatible with EdDSA.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 2031 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_eddsa_verify

#define GNUNET_CRYPTO_eddsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_eddsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:47

Verify EdDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 2084 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_ecdsa_verify

#define GNUNET_CRYPTO_ecdsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_ecdsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})

Verify ECDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 2136 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_edx25519_verify

#define GNUNET_CRYPTO_edx25519_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_edx25519_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})

Verify Edx25519 signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 2188 of file gnunet_crypto_lib.h.

Enumeration Type Documentation

◆ GNUNET_CRYPTO_Quality

Desired quality level for random numbers.

Enumerator
GNUNET_CRYPTO_QUALITY_WEAK 

No good quality of the operation is needed (i.e., random numbers can be pseudo-random).

GNUNET_CRYPTO_QUALITY_STRONG 

High-quality operations are desired.

GNUNET_CRYPTO_QUALITY_NONCE 

Randomness for IVs etc.

is required.

Definition at line 84 of file gnunet_crypto_lib.h.

85 {
92 
98 
104 };
@ GNUNET_CRYPTO_QUALITY_STRONG
High-quality operations are desired.
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
@ GNUNET_CRYPTO_QUALITY_NONCE
Randomness for IVs etc.

Function Documentation

◆ GNUNET_CRYPTO_seed_weak_random()

void GNUNET_CRYPTO_seed_weak_random ( int32_t  seed)

Seed a weak random generator.

Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator can be seeded.

Parameters
seedthe seed to use

Definition at line 91 of file crypto_random.c.

92 {
93 #ifdef OPENBSD
94  srandom_deterministic (seed);
95 #else
96  srandom (seed);
97 #endif
98 }

Referenced by __attribute__().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_zero_keys()

void GNUNET_CRYPTO_zero_keys ( void *  buffer,
size_t  length 
)

Zero out buffer, securely against compiler optimizations.

Used to delete key material.

Parameters
bufferthe buffer to zap
lengthbuffer length

Definition at line 110 of file crypto_random.c.

111 {
112 #if HAVE_MEMSET_S
113  memset_s (buffer, length, 0, length);
114 #elif HAVE_EXPLICIT_BZERO
115  explicit_bzero (buffer, length);
116 #else
117  volatile unsigned char *p = buffer;
118  while (length--)
119  *p++ = 0;
120 #endif
121 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-uri.c:38

References p.

Referenced by dv_key_clean(), GNUNET_IDENTITY_decrypt(), and GNUNET_IDENTITY_encrypt().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_block()

void GNUNET_CRYPTO_random_block ( enum GNUNET_CRYPTO_Quality  mode,
void *  buffer,
size_t  length 
)

Fill block with a random values.

Parameters
modedesired quality of the random number
bufferthe buffer to fill
lengthbuffer length

Definition at line 133 of file crypto_random.c.

136 {
137 #ifdef gcry_fast_random_poll
138  static unsigned int invokeCount;
139 #endif
140  switch (mode)
141  {
143  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
144 #ifdef gcry_fast_random_poll
145  if ((invokeCount++ % 256) == 0)
146  gcry_fast_random_poll ();
147 #endif
148  gcry_randomize (buffer, length, GCRY_STRONG_RANDOM);
149  return;
150 
152  gcry_create_nonce (buffer, length);
153  return;
154 
156  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
157 #ifdef gcry_fast_random_poll
158  if ((invokeCount++ % 256) == 0)
159  gcry_fast_random_poll ();
160 #endif
161  gcry_randomize (buffer, length, GCRY_WEAK_RANDOM);
162  return;
163 
164  default:
165  GNUNET_assert (0);
166  }
167 }
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.

References GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and mode.

Referenced by delayed_put(), do_pad(), encode_message_body(), GCC_create(), generate_free_member_id(), GNUNET_async_scope_fresh(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_edx25519_key_create(), GNUNET_CRYPTO_random_timeflake(), handle_validation_response(), output_vectors(), prepare_pending_acknowledgement(), RPS_sampler_elem_reinit(), run(), start_address_validation(), start_dv_learn(), and transmit_kx().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_timeflake()

void GNUNET_CRYPTO_random_timeflake ( enum GNUNET_CRYPTO_Quality  mode,
struct GNUNET_Uuid uuid 
)

Fill UUID with a timeflake pseudo-random value.

Note that timeflakes use only 80 bits of randomness and 48 bits to encode a timestamp in milliseconds. So what we return here is not a completely random number.

Parameters
modedesired quality of the random number
uuidthe value to fill

Definition at line 316 of file crypto_random.c.

318 {
319  struct GNUNET_TIME_Absolute now;
320  uint64_t ms;
321  uint64_t be;
322  char *base;
323 
325  uuid,
326  sizeof (struct GNUNET_Uuid));
327  now = GNUNET_TIME_absolute_get ();
328  ms = now.abs_value_us / GNUNET_TIME_UNIT_MILLISECONDS.rel_value_us;
329  be = GNUNET_htonll (ms);
330  base = (char *) &be;
331  memcpy (uuid,
332  base + 2,
333  sizeof (be) - 2);
334 }
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
uint64_t GNUNET_htonll(uint64_t n)
Convert unsigned 64-bit integer to network byte order.
Definition: common_endian.c:37
#define GNUNET_TIME_UNIT_MILLISECONDS
One millisecond.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:111
Time for absolute times used by GNUnet, in microseconds.
A UUID, a 128 bit "random" value.

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_CRYPTO_random_block(), GNUNET_htonll(), GNUNET_TIME_absolute_get(), GNUNET_TIME_UNIT_MILLISECONDS, and mode.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u32()

uint32_t GNUNET_CRYPTO_random_u32 ( enum GNUNET_CRYPTO_Quality  mode,
uint32_t  i 
)

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i) (exclusive).

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i[.

Definition at line 178 of file crypto_random.c.

180 {
181 #ifdef gcry_fast_random_poll
182  static unsigned int invokeCount;
183 #endif
184  uint32_t ret;
185  uint32_t ul;
186 
187  GNUNET_assert (i > 0);
188 
189  switch (mode)
190  {
192  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
193 #ifdef gcry_fast_random_poll
194  if ((invokeCount++ % 256) == 0)
195  gcry_fast_random_poll ();
196 #endif
197  ul = UINT32_MAX - (UINT32_MAX % i);
198  do
199  {
200  gcry_randomize ((unsigned char *) &ret,
201  sizeof(uint32_t),
202  GCRY_STRONG_RANDOM);
203  }
204  while (ret >= ul);
205  return ret % i;
206 
208  ul = UINT32_MAX - (UINT32_MAX % i);
209  do
210  {
211  gcry_create_nonce (&ret, sizeof(ret));
212  }
213  while (ret >= ul);
214  return ret % i;
215 
217  ret = i * get_weak_random ();
218  if (ret >= i)
219  ret = i - 1;
220  return ret;
221 
222  default:
223  GNUNET_assert (0);
224  }
225  return 0;
226 }
static double get_weak_random(void)
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:84
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, mode, and ret.

Referenced by __attribute__(), adjust_running_peers(), allocate_v4_address(), allocate_v6_address(), attempt_connect_task(), barrier_wait_cb(), calculate_seed(), channel_new_cb(), compute_service_response(), daemon_started(), delayed_get(), delayed_put(), download_get_url(), find_validation_entry(), GDS_am_closest_peer(), gen_topo_random(), generate_indices(), generate_request_id(), get_any(), get_bootstrap_server(), get_preference(), get_property(), get_random_literal(), get_random_peer_from_peermap(), get_request_socket(), get_typed(), GNUNET_BLOCK_GROUP_bf_create(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_hash_create_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FRAGMENT_context_create(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), main(), manage_service_wrapper(), ogg_init(), plan(), queue(), reannounce_regex(), recursive_dns_resolution(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), revalidate_address(), run(), second_stage(), select_peer(), select_random_peer(), send_bloomfilter(), send_hello(), send_keepalive(), setup_fresh_address(), setup_fresh_ping(), setup_sockets(), should_I_drop(), shuffle_answers(), start_dv_learn(), test_run(), transmit_typemap_task(), and try_open_exit().

Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u64()

uint64_t GNUNET_CRYPTO_random_u64 ( enum GNUNET_CRYPTO_Quality  mode,
uint64_t  max 
)

Generate a random unsigned 64-bit value.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Definition at line 262 of file crypto_random.c.

264 {
265  uint64_t ret;
266  uint64_t ul;
267 
268  GNUNET_assert (max > 0);
269  switch (mode)
270  {
272  ul = UINT64_MAX - (UINT64_MAX % max);
273  do
274  {
275  gcry_randomize ((unsigned char *) &ret,
276  sizeof(uint64_t),
277  GCRY_STRONG_RANDOM);
278  }
279  while (ret >= ul);
280  return ret % max;
281 
283  ul = UINT64_MAX - (UINT64_MAX % max);
284  do
285  {
286  gcry_create_nonce (&ret, sizeof(ret));
287  }
288  while (ret >= ul);
289 
290  return ret % max;
291 
293  ret = max * get_weak_random ();
294  if (ret >= max)
295  ret = max - 1;
296  return ret;
297 
298  default:
299  GNUNET_assert (0);
300  }
301  return 0;
302 }
#define max(x, y)

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, max, mode, and ret.

Referenced by activate_core_visible_dv_path(), calculate_fork_degree(), choose_exit(), dht_connected(), gen_topo_scale_free(), GNUNET_DHT_connect(), GNUNET_REVOCATION_pow_start(), handle_dht_p2p_put(), handle_flow_control(), handle_validation_response(), ifc_broadcast(), mysql_plugin_get_key(), mysql_plugin_get_replication(), mysql_plugin_put(), namestore_flat_store_records(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), run(), sampler_get_rand_peer(), send_find_peer_message(), send_full_set(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_permute()

unsigned int* GNUNET_CRYPTO_random_permute ( enum GNUNET_CRYPTO_Quality  mode,
unsigned int  n 
)

Get an array with a random permutation of the numbers 0...n-1.

Parameters
modeGNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used, GNUNET_CRYPTO_QUALITY_WEAK or GNUNET_CRYPTO_QUALITY_NONCE otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)
Parameters
mode#GNUNET_RANDOM_QUALITY_STRONG if the strong (but expensive) PRNG should be used, #GNUNET_RANDOM_QUALITY_WEAK otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)

Definition at line 238 of file crypto_random.c.

240 {
241  unsigned int *ret;
242  unsigned int i;
243  unsigned int tmp;
244  uint32_t x;
245 
246  GNUNET_assert (n > 0);
247  ret = GNUNET_malloc (n * sizeof(unsigned int));
248  for (i = 0; i < n; i++)
249  ret[i] = i;
250  for (i = n - 1; i > 0; i--)
251  {
252  x = GNUNET_CRYPTO_random_u32 (mode, i + 1);
253  tmp = ret[x];
254  ret[x] = ret[i];
255  ret[i] = tmp;
256  }
257  return ret;
258 }
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random unsigned 32-bit number modulo i.
#define GNUNET_malloc(size)
Wrapper around malloc.

References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, mode, and ret.

Referenced by churn(), compute_service_response(), and do_round().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_create_session_key()

void GNUNET_CRYPTO_symmetric_create_session_key ( struct GNUNET_CRYPTO_SymmetricSessionKey key)

Create a new random session key.

Parameters
keykey to initialize

Create a new random session key.

Parameters
keysession key to initialize

Definition at line 42 of file crypto_symmetric.c.

45 {
46  gcry_randomize (key->aes_key,
48  GCRY_STRONG_RANDOM);
49  gcry_randomize (key->twofish_key,
51  GCRY_STRONG_RANDOM);
52 }
struct GNUNET_HashCode key
The key used in the DHT.
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)

References GNUNET_CRYPTO_AES_KEY_LENGTH, and key.

◆ GNUNET_CRYPTO_symmetric_encrypt()

ssize_t GNUNET_CRYPTO_symmetric_encrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams.
Returns
the size of the encrypted block, -1 for errors

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams
resultthe output parameter in which to store the encrypted result can be the same or overlap with block
Returns
the size of the encrypted block, -1 for errors. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as len.

Definition at line 131 of file crypto_symmetric.c.

138 {
139  gcry_cipher_hd_t handle;
140  char tmp[size];
141 
142  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
143  return -1;
144  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
145  gcry_cipher_close (handle);
146  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
147  return -1;
148  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
149  gcry_cipher_close (handle);
150  memset (tmp, 0, sizeof(tmp));
151  return size;
152 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:68

References GNUNET_assert, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by do_encrypt(), encrypt_existing_match(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), GNUNET_IDENTITY_encrypt(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_decrypt()

ssize_t GNUNET_CRYPTO_symmetric_decrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizehow big is the block?
sessionkeythe key used to decrypt
ivthe initialization vector to use
resultaddress to store the result at
Returns
-1 on failure, size of decrypted block on success

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizethe size of the block to decrypt
sessionkeythe key used to decrypt
ivthe initialization vector to use, use INITVALUE for streams
resultaddress to store the result at can be the same or overlap with block
Returns
-1 on failure, size of decrypted block on success. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as size.

Definition at line 169 of file crypto_symmetric.c.

176 {
177  gcry_cipher_hd_t handle;
178  char tmp[size];
179 
180  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
181  return -1;
182  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
183  gcry_cipher_close (handle);
184  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
185  return -1;
186  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
187  gcry_cipher_close (handle);
188  memset (tmp, 0, sizeof(tmp));
189  return size;
190 }

References GNUNET_assert, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by do_decrypt(), GNUNET_FS_ublock_decrypt_(), GNUNET_IDENTITY_decrypt(), process_result_with_request(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_derive_iv()

void GNUNET_CRYPTO_symmetric_derive_iv ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
const void *  salt,
size_t  salt_len,
  ... 
)

Derive an IV.

Parameters
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
...pairs of void * & size_t for context chunks, terminated by NULL

Definition at line 203 of file crypto_symmetric.c.

211 {
212  va_list argp;
213 
214  va_start (argp, salt_len);
215  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
216  va_end (argp);
217 }
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
void GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
Derive an IV.

References GNUNET_CRYPTO_symmetric_derive_iv_v(), and salt.

Referenced by derive_iv(), derive_pong_iv(), t_ax_decrypt(), t_ax_encrypt(), t_h_decrypt(), t_h_encrypt(), and try_old_ax_keys().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_public()

void GNUNET_CRYPTO_ecdsa_key_get_public ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 186 of file crypto_ecc.c.

189 {
190  BENCHMARK_START (ecdsa_key_get_public);
191  crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
192  BENCHMARK_END (ecdsa_key_get_public);
193 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by decrypt_block_with_keyword(), get_update_information_directory(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), and process_kblock_for_unindex().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_get_public()

void GNUNET_CRYPTO_eddsa_key_get_public ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 197 of file crypto_ecc.c.

200 {
201  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
202  unsigned char sk[crypto_sign_SECRETKEYBYTES];
203 
204  BENCHMARK_START (eddsa_key_get_public);
205  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
206  GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
207  sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
208  BENCHMARK_END (eddsa_key_get_public);
209 }
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_memcpy, pk, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by advertise_dns_exit(), checkvec(), create_keys(), get_identity(), GNUNET_CRYPTO_eddsa_private_key_derive(), GNUNET_FS_uri_loc_create(), GNUNET_TESTING_get_peer(), GNUNET_TESTING_hostkey_get(), GSC_KX_init(), init_socket(), main_init(), output_vectors(), print_key(), regex_iterator(), and run().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_edx25519_key_get_public()

void GNUNET_CRYPTO_edx25519_key_get_public ( const struct GNUNET_CRYPTO_Edx25519PrivateKey priv,
struct GNUNET_CRYPTO_Edx25519PublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 79 of file crypto_edx25519.c.

82 {
83  crypto_scalarmult_ed25519_base_noclamp (pub->q_y,
84  priv->a);
85 }
unsigned char a[256/8]
a is a value mod n, where n has at most 256 bits.

References GNUNET_CRYPTO_Edx25519PrivateKey::a, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by GNUNET_CRYPTO_edx25519_private_key_derive(), and output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_get_public()

void GNUNET_CRYPTO_ecdhe_key_get_public ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
struct GNUNET_CRYPTO_EcdhePublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 213 of file crypto_ecc.c.

216 {
217  BENCHMARK_START (ecdhe_key_get_public);
218  GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
219  BENCHMARK_END (ecdhe_key_get_public);
220 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by GCT_add_channel(), GCT_send(), GNUNET_IDENTITY_encrypt(), inject_rekey(), mq_send_kx(), output_vectors(), print_examples_ecdh(), send_kx(), send_kx_auth(), sign_ephemeral_key(), start_initial_kx_out(), and update_ephemeral().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_from_file()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EcdsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

Definition at line 1 of file crypto_ecc_setup.c.

204 {
205  if (GNUNET_OK ==
207  pkey,
208  sizeof (*pkey)))
209  {
210  /* file existed, report that we didn't create it... */
211  return (do_create) ? GNUNET_NO : GNUNET_OK;
212  }
213  else if (! do_create)
214  {
215  return GNUNET_SYSERR;
216  }
218  if (GNUNET_OK ==
220  pkey,
221  sizeof (*pkey),
223  return GNUNET_OK;
224  /* maybe another process succeeded in the meantime, try reading one more time */
225  if (GNUNET_OK ==
227  pkey,
228  sizeof (*pkey)))
229  {
230  /* file existed, report that *we* didn't create it... */
231  return GNUNET_NO;
232  }
233  /* give up */
234  return GNUNET_SYSERR;
235 }
static enum GNUNET_GenericReturnValue read_from_file(const char *filename, void *buf, size_t buf_size)
Read file to buf.
static char * filename
static char * pkey
Public key of the zone to look in, in ASCII.
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:446
enum GNUNET_GenericReturnValue GNUNET_DISK_fn_write(const char *fn, const void *buf, size_t buf_size, enum GNUNET_DISK_AccessPermissions mode)
Write a buffer to a file atomically.
Definition: disk.c:724
@ GNUNET_DISK_PERM_USER_READ
Owner can read.
@ GNUNET_NO
@ GNUNET_SYSERR

◆ GNUNET_CRYPTO_eddsa_key_from_file()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EddsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
- GNUNET_OK on success,
  • GNUNET_NO if do_create was set but we found an existing file,
  • GNUNET_SYSERR on failure or if the file didn't exist and do_create was not set

Definition at line 1 of file crypto_ecc_setup.c.

147 {
149 
150  if (GNUNET_OK ==
152  pkey,
153  sizeof (*pkey)))
154  {
155  /* file existed, report that we didn't create it... */
156  return (do_create) ? GNUNET_NO : GNUNET_OK;
157  }
158  else if (! do_create)
159  {
160  return GNUNET_SYSERR;
161  }
162 
165  pkey,
166  sizeof (*pkey),
168  if ( (GNUNET_OK == ret) ||
169  (GNUNET_SYSERR == ret) )
170  return ret;
171  /* maybe another process succeeded in the meantime, try reading one more time */
172  if (GNUNET_OK ==
174  pkey,
175  sizeof (*pkey)))
176  {
177  /* file existed, report that *we* didn't create it... */
178  return GNUNET_NO;
179  }
180  /* give up */
181  return GNUNET_SYSERR;
182 }
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:461
GNUNET_GenericReturnValue
Named constants for return values.

Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), main_init(), and run().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_configuration()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_configuration ( const struct GNUNET_CONFIGURATION_Handle cfg)

Create a new private key by reading our peer's key from the file specified in the configuration.

Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free
Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 247 of file crypto_ecc_setup.c.

249 {
250  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
251  char *fn;
252 
253  if (GNUNET_OK !=
255  "PEER",
256  "PRIVATE_KEY",
257  &fn))
258  return NULL;
261  GNUNET_YES,
262  priv))
263  {
264  GNUNET_free (fn);
265  GNUNET_free (priv);
266  return NULL;
267  }
268  GNUNET_free (fn);
269  return priv;
270 }
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration we are using.
Definition: gnunet-abd.c:36
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file(const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
Create a new private key by reading it from a file.
@ GNUNET_YES
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_free(ptr)
Wrapper around free.
Private ECC key encoded for transmission.

References cfg, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_from_file(), GNUNET_free, GNUNET_new, GNUNET_OK, GNUNET_SYSERR, and GNUNET_YES.

Referenced by advertise_dns_exit(), GNUNET_CRYPTO_eddsa_setup_key(), init_socket(), and run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create()

void GNUNET_CRYPTO_ecdsa_key_create ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 446 of file crypto_ecc.c.

447 {
448  BENCHMARK_START (ecdsa_key_create);
450  pk,
451  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
452  pk->d[0] &= 248;
453  pk->d[31] &= 127;
454  pk->d[31] |= 64;
455 
456  BENCHMARK_END (ecdsa_key_create);
457 }
Private ECC key encoded for transmission.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.

Referenced by run(), run_edkey(), and run_pkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create()

void GNUNET_CRYPTO_eddsa_key_create ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 461 of file crypto_ecc.c.

462 {
463  BENCHMARK_START (eddsa_key_create);
464  /*
465  * We do not clamp for EdDSA, since all functions that use the private key do
466  * their own clamping (just like in libsodium). What we call "private key"
467  * here, actually corresponds to the seed in libsodium.
468  *
469  * (Contrast this to ECDSA, where functions using the private key can't clamp
470  * due to properties needed for GNS. That is a worse/unsafer API, but
471  * required for the GNS constructions to work.)
472  */
474  pk,
475  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
476  BENCHMARK_END (eddsa_key_create);
477 }

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.

Referenced by create_keys(), output_vectors(), and run_edkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_edx25519_key_create()

void GNUNET_CRYPTO_edx25519_key_create ( struct GNUNET_CRYPTO_Edx25519PrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 65 of file crypto_edx25519.c.

67 {
68  char seed[256 / 8];
70  seed,
71  sizeof (seed));
73  sizeof(seed),
74  pk);
75 }
void GNUNET_CRYPTO_edx25519_key_create_from_seed(const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
Create a new private key for Edx25519 from a given seed.

References GNUNET_CRYPTO_edx25519_key_create_from_seed(), GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.

Referenced by output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_edx25519_key_create_from_seed()

void GNUNET_CRYPTO_edx25519_key_create_from_seed ( const void *  seed,
size_t  seedsize,
struct GNUNET_CRYPTO_Edx25519PrivateKey pk 
)

Create a new private key for Edx25519 from a given seed.

After expanding the seed, the first half of the key will be clamped according to EdDSA.

Parameters
seedseed input
seedsizesize of the seed in bytes
[out]pkprivate key to initialize

Definition at line 45 of file crypto_edx25519.c.

49 {
50 
51  GNUNET_static_assert (sizeof(*pk) == sizeof(struct GNUNET_HashCode));
52  GNUNET_CRYPTO_hash (seed,
53  seedsize,
54  (struct GNUNET_HashCode *) pk);
55 
56  /* Clamp the first half of the key. The second half is used in the signature
57  * process. */
58  pk->a[0] &= 248;
59  pk->a[31] &= 127;
60  pk->a[31] |= 64;
61 }
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
#define GNUNET_static_assert(cond)
Assertion to be checked (if supported by C compiler) at compile time, otherwise checked at runtime an...
A 512-bit hashcode.

References GNUNET_CRYPTO_hash(), GNUNET_static_assert, and pk.

Referenced by GNUNET_CRYPTO_edx25519_key_create().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create()

void GNUNET_CRYPTO_ecdhe_key_create ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Create a new private key.

Clear with GNUNET_CRYPTO_ecdhe_key_clear().

Parameters
[out]pkset to fresh private key;

Definition at line 435 of file crypto_ecc.c.

436 {
437  BENCHMARK_START (ecdhe_key_create);
439  pk,
440  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
441  BENCHMARK_END (ecdhe_key_create);
442 }
Private ECC key encoded for transmission.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.

Referenced by do_rekey(), GCT_create_tunnel(), GNUNET_IDENTITY_encrypt(), GSC_KX_init(), inject_rekey(), mq_send_kx(), new_ephemeral(), output_vectors(), print_examples_ecdh(), send_UDPRekey(), start_initial_kx_out(), and update_ephemeral().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_clear()

void GNUNET_CRYPTO_eddsa_key_clear ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 428 of file crypto_ecc.c.

429 {
430  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
431 }

References pk.

◆ GNUNET_CRYPTO_ecdsa_key_clear()

void GNUNET_CRYPTO_ecdsa_key_clear ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 421 of file crypto_ecc.c.

422 {
423  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
424 }

References pk.

◆ GNUNET_CRYPTO_edx25519_key_clear()

void GNUNET_CRYPTO_edx25519_key_clear ( struct GNUNET_CRYPTO_Edx25519PrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 38 of file crypto_edx25519.c.

39 {
40  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_Edx25519PrivateKey));
41 }
Private ECC key material encoded for transmission.

References pk.

◆ GNUNET_CRYPTO_ecdhe_key_clear()

void GNUNET_CRYPTO_ecdhe_key_clear ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 414 of file crypto_ecc.c.

415 {
416  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
417 }

References pk.

Referenced by cleanup_ax(), and GNUNET_IDENTITY_encrypt().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_anonymous()

const struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_get_anonymous ( void  )

Get the shared private key we use for anonymous users.

Returns
"anonymous" private key; do not free

'anonymous' pseudonym (global static, d=1, public key = G (generator).

Definition at line 481 of file crypto_ecc.c.

482 {
487  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
488  static int once;
489 
490  if (once)
491  return &anonymous;
493  sizeof(anonymous.d),
494  GCRYMPI_CONST_ONE);
495  anonymous.d[0] &= 248;
496  anonymous.d[31] &= 127;
497  anonymous.d[31] |= 64;
498 
499  once = 1;
500  return &anonymous;
501 }
static int once
Global to mark if we've run the initialization.
Definition: gnsrecord.c:67
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:79

References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.

Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_setup_hostkey()

void GNUNET_CRYPTO_eddsa_setup_hostkey ( const char *  cfg_name)

Setup a hostkey file for a peer given the name of the configuration file (!).

This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).

Parameters
cfg_namename of the configuration file to use

◆ GNUNET_CRYPTO_get_peer_identity()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_get_peer_identity ( const struct GNUNET_CONFIGURATION_Handle cfg,
struct GNUNET_PeerIdentity dst 
)

Retrieve the identity of the host's peer.

Parameters
cfgconfiguration to use
dstpointer to where to write the peer identity
Returns
GNUNET_OK on success, GNUNET_SYSERR if the identity could not be retrieved

Definition at line 247 of file crypto_ecc_setup.c.

276 {
277  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
278 
280  {
282  _ ("Could not load peer's private key\n"));
283  return GNUNET_SYSERR;
284  }
286  &dst->public_key);
287  GNUNET_free (priv);
288  return GNUNET_OK;
289 }
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer's key from the file specified in the configuration.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
#define GNUNET_log(kind,...)
@ GNUNET_ERROR_TYPE_ERROR
#define _(String)
GNU gettext support macro.
Definition: platform.h:177
struct GNUNET_CRYPTO_EddsaPublicKey public_key

Referenced by get_result_iterator(), get_service_peer_identity(), GNUNET_CONVERSATION_phone_create(), libgnunet_plugin_dhtu_ip_init(), on_peer(), and run().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

729 {
730  uint8_t p[crypto_scalarmult_BYTES];
731  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
732  return GNUNET_SYSERR;
733  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
734  return GNUNET_OK;
735 }

References data, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, LOG_GCRY, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by checkvec(), derive_session_keys(), output_vectors(), print_examples_ecdh(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private EdDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from EdDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

742 {
743  struct GNUNET_HashCode hc;
744  uint8_t a[crypto_scalarmult_SCALARBYTES];
745  uint8_t p[crypto_scalarmult_BYTES];
746 
747  GNUNET_CRYPTO_hash (priv,
748  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
749  &hc);
750  memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
751  if (0 != crypto_scalarmult (p, a, pub->q_y))
752  return GNUNET_SYSERR;
754  crypto_scalarmult_BYTES,
755  key_material);
756  return GNUNET_OK;
757 }

Referenced by GNUNET_IDENTITY_decrypt(), setup_in_cipher(), setup_shared_secret_dec(), and update_ax_by_kx().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private ECDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

764 {
765  uint8_t p[crypto_scalarmult_BYTES];
766 
767  BENCHMARK_START (ecdsa_ecdh);
768  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
769  return GNUNET_SYSERR;
771  crypto_scalarmult_BYTES,
772  key_material);
773  BENCHMARK_END (ecdsa_ecdh);
774  return GNUNET_OK;
775 }

Referenced by GNUNET_IDENTITY_decrypt().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_eddsa()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EddsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EdDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_eddsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from EdDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

782 {
783  uint8_t p[crypto_scalarmult_BYTES];
784  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
785 
786  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
787  return GNUNET_SYSERR;
788  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
789  return GNUNET_SYSERR;
790  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
791  return GNUNET_OK;
792 }

Referenced by checkvec(), GNUNET_IDENTITY_encrypt(), output_vectors(), setup_out_cipher(), setup_shared_secret_enc(), and update_ax_by_kx().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_ecdsa()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EcDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

799 {
800  uint8_t p[crypto_scalarmult_BYTES];
801  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
802 
803  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
804  return GNUNET_SYSERR;
805  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
806  return GNUNET_SYSERR;
807  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
808  return GNUNET_OK;
809 }

Referenced by GNUNET_IDENTITY_encrypt().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EddsaSignature sig 
)

EdDSA sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_eddsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

623 {
624 
625  size_t mlen = ntohl (purpose->size);
626  unsigned char sk[crypto_sign_SECRETKEYBYTES];
627  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
628  int res;
629 
630  BENCHMARK_START (eddsa_sign);
631  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
632  res = crypto_sign_detached ((uint8_t *) sig,
633  NULL,
634  (uint8_t *) purpose,
635  mlen,
636  sk);
637  BENCHMARK_END (eddsa_sign);
638  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
639 }
static int res
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...

Referenced by do_dht_put(), GST_validation_handle_ping(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), regex_iterator(), send_disconnect(), setup_flood_message(), and sign_ephemeral_key().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EcdsaSignature sig 
)

ECDSA Sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

553 {
554  gcry_sexp_t priv_sexp;
555  gcry_sexp_t sig_sexp;
556  gcry_sexp_t data;
557  int rc;
558  gcry_mpi_t rs[2];
559 
560  BENCHMARK_START (ecdsa_sign);
561 
562  priv_sexp = decode_private_ecdsa_key (priv);
563  data = data_to_ecdsa_value (purpose);
564  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
565  {
567  _ ("ECC signing failed at %s:%d: %s\n"),
568  __FILE__,
569  __LINE__,
570  gcry_strerror (rc));
571  gcry_sexp_release (data);
572  gcry_sexp_release (priv_sexp);
573  return GNUNET_SYSERR;
574  }
575  gcry_sexp_release (priv_sexp);
576  gcry_sexp_release (data);
577 
578  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
579  'signature' */
580  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
581  {
582  GNUNET_break (0);
583  gcry_sexp_release (sig_sexp);
584  return GNUNET_SYSERR;
585  }
586  gcry_sexp_release (sig_sexp);
587  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
588  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
589  gcry_mpi_release (rs[0]);
590  gcry_mpi_release (rs[1]);
591 
592  BENCHMARK_END (ecdsa_sign);
593 
594  return GNUNET_OK;
595 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:96
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:512
#define LOG(kind,...)
Definition: crypto_ecc.c:61
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:154
uint32_t data
The data value.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_WARNING
unsigned char s[256/8]
S value.
unsigned char r[256/8]
R value.

Referenced by GNUNET_FS_publish_ublock_().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_edx25519_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_sign_ ( const struct GNUNET_CRYPTO_Edx25519PrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_Edx25519Signature sig 
)

Edx25519 sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_edx25519_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Edx25519 sign a given block.

But instead of expanding a private seed (which is usually the case for crypto APIs) and using the resulting scalars, it takes the scalars directly from Edx25519PrivateKey. We require this functionality in order to use derived private keys for signatures.

The resulting signature is a standard EdDSA signature which can be verified using the usual APIs.

Parameters
privthe private key (containing two scalars .a and .b)
purpthe signature purpose
sigthe resulting signature

Calculate the public key P from the private scalar in the key.

Calculate r: r = SHA512 (b ∥ M) where M is our message (purpose).

Temporarily put P into S

Reduce the scalar value r

Calculate R := r * G of the signature

Calculate hram := SHA512 (R ∥ P ∥ M)

Reduce the resulting scalar value

Calculate S := r + hram * s mod L

Definition at line 79 of file crypto_edx25519.c.

107 {
108 
109  crypto_hash_sha512_state hs;
110  unsigned char r[64];
111  unsigned char hram[64];
112  unsigned char P[32];
113  unsigned char r_mod[64];
114  unsigned char R[32];
115  unsigned char tmp[32];
116 
117  crypto_hash_sha512_init (&hs);
118 
122  crypto_scalarmult_ed25519_base_noclamp (P,
123  priv->a);
124 
130  crypto_hash_sha512_update (&hs,
131  priv->b,
132  sizeof(priv->b));
133  crypto_hash_sha512_update (&hs,
134  (uint8_t*) purpose,
135  ntohl (purpose->size));
136  crypto_hash_sha512_final (&hs,
137  r);
138 
142  memcpy (sig->s, P, 32);
143 
147  crypto_core_ed25519_scalar_reduce (r_mod, r);
148 
152  crypto_scalarmult_ed25519_base_noclamp (R, r_mod);
153  memcpy (sig->r, R, sizeof (R));
154 
159  crypto_hash_sha512_init (&hs);
160  crypto_hash_sha512_update (&hs, (uint8_t*) sig, 64);
161  crypto_hash_sha512_update (&hs, (uint8_t*) purpose,
162  ntohl (purpose->size));
163  crypto_hash_sha512_final (&hs, hram);
164 
168  unsigned char hram_mod[64];
169  crypto_core_ed25519_scalar_reduce (hram_mod, hram);
170 
175  crypto_core_ed25519_scalar_mul (tmp, hram_mod, priv->a);
176  crypto_core_ed25519_scalar_add (sig->s, tmp, r_mod);
177 
178  sodium_memzero (r, sizeof (r));
179  sodium_memzero (r_mod, sizeof (r_mod));
180 
181  return GNUNET_OK;
182 }
unsigned char b[256/8]
b consists of 32 bytes which where originally the lower 32bytes of the key expansion.
unsigned char s[256/8]
S value.
unsigned char r[256/8]
R value.

◆ GNUNET_CRYPTO_eddsa_verify_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EddsaSignature sig,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Verify EdDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 512 of file crypto_ecc.c.

707 {
708  const unsigned char *m = (const void *) validate;
709  size_t mlen = ntohl (validate->size);
710  const unsigned char *s = (const void *) sig;
711 
712  int res;
713 
714  if (purpose != ntohl (validate->purpose))
715  return GNUNET_SYSERR; /* purpose mismatch */
716 
717  BENCHMARK_START (eddsa_verify);
718 
719  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
720  BENCHMARK_END (eddsa_verify);
721  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
722 }
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...

Referenced by GST_neighbours_handle_disconnect_message(), GST_validation_handle_pong(), handle_ephemeral_key(), keygen_round1_new_element(), keygen_round2_new_element(), and verify_message_crypto().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_verify_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EcdsaSignature sig,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Verify ECDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 512 of file crypto_ecc.c.

648 {
649  gcry_sexp_t data;
650  gcry_sexp_t sig_sexpr;
651  gcry_sexp_t pub_sexpr;
652  int rc;
653 
654  BENCHMARK_START (ecdsa_verify);
655 
656  if (purpose != ntohl (validate->purpose))
657  return GNUNET_SYSERR; /* purpose mismatch */
658 
659  /* build s-expression for signature */
660  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
661  NULL,
662  "(sig-val(ecdsa(r %b)(s %b)))",
663  (int) sizeof(sig->r),
664  sig->r,
665  (int) sizeof(sig->s),
666  sig->s)))
667  {
668  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
669  return GNUNET_SYSERR;
670  }
671  data = data_to_ecdsa_value (validate);
672  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
673  NULL,
674  "(public-key(ecc(curve " CURVE ")(q %b)))",
675  (int) sizeof(pub->q_y),
676  pub->q_y)))
677  {
678  gcry_sexp_release (data);
679  gcry_sexp_release (sig_sexpr);
680  return GNUNET_SYSERR;
681  }
682  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
683  gcry_sexp_release (pub_sexpr);
684  gcry_sexp_release (data);
685  gcry_sexp_release (sig_sexpr);
686  if (0 != rc)
687  {
689  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
690  __FILE__,
691  __LINE__,
692  gcry_strerror (rc));
693  BENCHMARK_END (ecdsa_verify);
694  return GNUNET_SYSERR;
695  }
696  BENCHMARK_END (ecdsa_verify);
697  return GNUNET_OK;
698 }
#define CURVE
IMPLEMENTATION NOTICE:
Definition: crypto_ecc.c:59
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the mess...
Definition: crypto_ecc.c:74
@ GNUNET_ERROR_TYPE_INFO

◆ GNUNET_CRYPTO_edx25519_verify_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_Edx25519Signature sig,
const struct GNUNET_CRYPTO_Edx25519PublicKey pub 
)

Verify Edx25519 signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_edx25519_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 79 of file crypto_edx25519.c.

191 {
192  const unsigned char *m = (const void *) validate;
193  size_t mlen = ntohl (validate->size);
194  const unsigned char *s = (const void *) sig;
195 
196  int res;
197 
198  if (purpose != ntohl (validate->purpose))
199  return GNUNET_SYSERR; /* purpose mismatch */
200 
201  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
202  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
203 }

◆ GNUNET_CRYPTO_ecdsa_private_key_derive()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_private_key_derive ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const char *  label,
const char *  context 
)

Derive a private key from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Definition at line 194 of file crypto_ecc_gnsrecord.c.

198 {
201  struct GNUNET_HashCode hc;
202  uint8_t dc[32];
203  gcry_mpi_t h;
204  gcry_mpi_t x;
205  gcry_mpi_t d;
206  gcry_mpi_t n;
207  gcry_ctx_t ctx;
208 
209  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
210 
211  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
213 
214  derive_h (&pub, sizeof (pub), label, context, &hc);
215  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
216 
217  /* Convert to big endian for libgcrypt */
218  for (size_t i = 0; i < 32; i++)
219  dc[i] = priv->d[31 - i];
220  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc));
221  d = gcry_mpi_new (256);
222  gcry_mpi_mulm (d, h, x, n);
223  gcry_mpi_release (h);
224  gcry_mpi_release (x);
225  gcry_mpi_release (n);
226  gcry_ctx_release (ctx);
228  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
229  /* Convert to big endian for libgcrypt */
230  for (size_t i = 0; i < 32; i++)
231  ret->d[i] = dc[31 - i];
232  sodium_memzero (dc, sizeof(dc));
233  gcry_mpi_release (d);
234  return ret;
235 }
#define CURVE
void derive_h(const void *pub, size_t pubsize, const char *label, const char *context, struct GNUNET_HashCode *hc)
Derive the 'h' value for key derivation, where 'h = H(l,P)'.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static struct GNUNET_FS_DownloadContext * dc
static pa_context * context
Pulseaudio context.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:186
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:132
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...

References context, ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_new, h, pub, and ret.

Referenced by GNUNET_FS_publish_ublock_().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_derive()

void GNUNET_CRYPTO_ecdsa_public_key_derive ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EcdsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 239 of file crypto_ecc_gnsrecord.c.

244 {
245  struct GNUNET_HashCode hc;
246  gcry_ctx_t ctx;
247  gcry_mpi_t q_y;
248  gcry_mpi_t h;
249  gcry_mpi_t n;
250  gcry_mpi_t h_mod_n;
251  gcry_mpi_point_t q;
252  gcry_mpi_point_t v;
253 
254  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
255 
256  /* obtain point 'q' from original public key. The provided 'q' is
257  compressed thus we first store it in the context and then get it
258  back as a (decompresssed) point. */
259  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
260  GNUNET_assert (NULL != q_y);
261  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
262  gcry_mpi_release (q_y);
263  q = gcry_mpi_ec_get_point ("q", ctx, 0);
264  GNUNET_assert (q);
265 
266  /* calculate h_mod_n = h % n */
267  derive_h (pub, sizeof (*pub), label, context, &hc);
268  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
269  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
270  h_mod_n = gcry_mpi_new (256);
271  gcry_mpi_mod (h_mod_n, h, n);
272  /* calculate v = h_mod_n * q */
273  v = gcry_mpi_point_new (0);
274  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
275  gcry_mpi_release (h_mod_n);
276  gcry_mpi_release (h);
277  gcry_mpi_release (n);
278  gcry_mpi_point_release (q);
279 
280  /* convert point 'v' to public key that we return */
281  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
282  gcry_mpi_point_release (v);
283  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
284  GNUNET_assert (q_y);
285  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
286  gcry_mpi_release (q_y);
287  gcry_ctx_release (ctx);
288 }
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.

References context, ctx, CURVE, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, q, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.

Referenced by GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), and schedule_transmit_search_request().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_private_key_derive()

void GNUNET_CRYPTO_eddsa_private_key_derive ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EddsaPrivateScalar result 
)

Derive a private scalar from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'. The result is the derived private scalar, not the private key as for EdDSA we cannot derive before we hash the private key.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
resultderived private scalar

Libsodium does not offer an API with arbitrary arithmetic. Hence we have to use libgcrypt here.

Get our modulo

This is the standard private key expansion in Ed25519. The first 32 octets are used as a little-endian private scalar. We derive this scalar using our "h".

Get h mod n

dc now contains the private scalar "a". We carefully remove the clamping and derive a'. Calculate: a1 := a / 8 a2 := h * a1 mod n a' := a2 * 8 mod n

We hash the derived "h" parameter with the other half of the expanded private key. This ensures that for signature generation, the "R" is derived from the same derivation path as "h" and is not reused.

Definition at line 292 of file crypto_ecc_gnsrecord.c.

297 {
299  struct GNUNET_HashCode hc;
300  uint8_t dc[32];
301  unsigned char sk[64];
302  gcry_mpi_t h;
303  gcry_mpi_t h_mod_n;
304  gcry_mpi_t x;
305  gcry_mpi_t d;
306  gcry_mpi_t n;
307  gcry_mpi_t a1;
308  gcry_mpi_t a2;
309  gcry_ctx_t ctx;
310 
315  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, "Ed25519"));
316 
320  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
322 
329  crypto_hash_sha512 (sk, priv->d, 32);
330  sk[0] &= 248;
331  sk[31] &= 127;
332  sk[31] |= 64;
333 
337  derive_h (&pub, sizeof (pub), label, context, &hc);
338  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
339  h_mod_n = gcry_mpi_new (256);
340  gcry_mpi_mod (h_mod_n, h, n);
341  /* Convert scalar to big endian for libgcrypt */
342  for (size_t i = 0; i < 32; i++)
343  dc[i] = sk[31 - i];
344 
353  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc)); // a
354  a1 = gcry_mpi_new (256);
355  gcry_mpi_t eight = gcry_mpi_set_ui (NULL, 8);
356  gcry_mpi_div (a1, NULL, x, eight, 0); // a1 := a / 8
357  a2 = gcry_mpi_new (256);
358  gcry_mpi_mulm (a2, h_mod_n, a1, n); // a2 := h * a1 mod n
359  d = gcry_mpi_new (256);
360  gcry_mpi_mul (d, a2, eight); // a' := a2 * 8
361  gcry_mpi_release (h);
362  gcry_mpi_release (x);
363  gcry_mpi_release (n);
364  gcry_mpi_release (h_mod_n);
365  gcry_mpi_release (a1);
366  gcry_mpi_release (eight);
367  gcry_mpi_release (a2);
368  gcry_ctx_release (ctx);
369  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
376  crypto_hash_sha256_state hs;
377  crypto_hash_sha256_init (&hs);
378  crypto_hash_sha256_update (&hs, sk + 32, 32);
379  crypto_hash_sha256_update (&hs, (unsigned char*) &hc, sizeof (hc));
380  crypto_hash_sha256_final (&hs, result->s + 32);
381  //memcpy (result->s, sk, sizeof (sk));
382  /* Convert to little endian for libsodium */
383  for (size_t i = 0; i < 32; i++)
384  result->s[i] = dc[31 - i];
385 
386  sodium_memzero (dc, sizeof(dc));
387  gcry_mpi_release (d);
388 }
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...

References context, ctx, GNUNET_CRYPTO_EddsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, and result.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_eddsa_public_key_derive()

void GNUNET_CRYPTO_eddsa_public_key_derive ( const struct GNUNET_CRYPTO_EddsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EddsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 392 of file crypto_ecc_gnsrecord.c.

397 {
398  struct GNUNET_HashCode hc;
399  gcry_ctx_t ctx;
400  gcry_mpi_t q_y;
401  gcry_mpi_t h;
402  gcry_mpi_t n;
403  gcry_mpi_t h_mod_n;
404  gcry_mpi_point_t q;
405  gcry_mpi_point_t v;
406 
407  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, "Ed25519"));
408 
409  /* obtain point 'q' from original public key. The provided 'q' is
410  compressed thus we first store it in the context and then get it
411  back as a (decompresssed) point. */
412  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
413  GNUNET_assert (NULL != q_y);
414  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
415  gcry_mpi_release (q_y);
416  q = gcry_mpi_ec_get_point ("q", ctx, 0);
417  GNUNET_assert (q);
418 
419  /* calculate h_mod_n = h % n */
420  derive_h (pub, sizeof (*pub), label, context, &hc);
421  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
422 
423  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
424  h_mod_n = gcry_mpi_new (256);
425  gcry_mpi_mod (h_mod_n, h, n);
426 
427  /* calculate v = h_mod_n * q */
428  v = gcry_mpi_point_new (0);
429  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
430  gcry_mpi_release (h_mod_n);
431  gcry_mpi_release (h);
432  gcry_mpi_release (n);
433  gcry_mpi_point_release (q);
434 
435  /* convert point 'v' to public key that we return */
436  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
437  gcry_mpi_point_release (v);
438  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
439  GNUNET_assert (q_y);
440  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
441  gcry_mpi_release (q_y);
442  gcry_ctx_release (ctx);
443 
444 }

References context, ctx, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, q, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_edx25519_private_key_derive()

void GNUNET_CRYPTO_edx25519_private_key_derive ( const struct GNUNET_CRYPTO_Edx25519PrivateKey priv,
const void *  seed,
size_t  seedsize,
struct GNUNET_CRYPTO_Edx25519PrivateKey result 
)

Derive a private scalar from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
seedinput seed
seedsizesize of the seed
resultderived private key

dc now contains the private scalar "a". We carefully remove the clamping and derive a'. Calculate: a1 := a / 8 a2 := h * a1 mod n a' := a2 * 8 mod n

Definition at line 239 of file crypto_edx25519.c.

244 {
246  struct GNUNET_HashCode hc;
247  uint8_t a[32];
248  uint8_t eight[32] = { 8 };
249  uint8_t eight_inv[32];
250  uint8_t h[64] = { 0 };
251 
253 
254  /* Get h mod n */
255  derive_h (&pub,
256  seed,
257  seedsize,
258  &hc);
259 
260  memcpy (h, &hc, 64);
261  crypto_core_ed25519_scalar_reduce (h,
262  h);
263 #ifdef CHECK_RARE_CASES
271  {
272  char zero[32] = { 0 };
273  char one[32] = { 1 };
274 
275  GNUNET_assert (0 != memcmp (zero, h, 32));
276  GNUNET_assert (0 != memcmp (one, h, 32));
277  }
278 #endif
279 
289  GNUNET_assert (0 == crypto_core_ed25519_scalar_invert (eight_inv,
290  eight));
291 
292  crypto_core_ed25519_scalar_mul (a, priv->a, eight_inv);
293  crypto_core_ed25519_scalar_mul (a, a, h);
294  crypto_core_ed25519_scalar_mul (a, a, eight);
295 
296 #ifdef CHECK_RARE_CASES
297  /* The likelihood for a' == 0 or a' == 1 is neglegible */
298  {
299  char zero[32] = { 0 };
300  char one[32] = { 1 };
301 
302  GNUNET_assert (0 != memcmp (zero, a, 32));
303  GNUNET_assert (0 != memcmp (one, a, 32));
304  }
305 #endif
306 
307  /* We hash the derived "h" parameter with the other half of the expanded
308  * private key (that is: priv->b). This ensures that for signature
309  * generation, the "R" is derived from the same derivation path as "h" and is
310  * not reused. */
311  {
312  struct GNUNET_HashCode hcb;
313  struct GNUNET_HashContext *hctx;
314 
316  GNUNET_CRYPTO_hash_context_read (hctx, priv->b, sizeof(priv->b));
317  GNUNET_CRYPTO_hash_context_read (hctx, (unsigned char*) &hc, sizeof (hc));
319 
320  /* Truncate result, effectively doing SHA512/256 */
321  for (size_t i = 0; i < 32; i++)
322  result->b[i] = ((unsigned char *) &hcb)[i];
323  }
324 
325  for (size_t i = 0; i < 32; i++)
326  result->a[i] = a[i];
327 
328  sodium_memzero (a, sizeof(a));
329 }
static void derive_h(const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_HashCode *phc)
Derive the 'h' value for key derivation, where 'h = H(P ∥ seed) mod n' and 'n' is the size of the cyc...
static const struct GNUNET_IDENTITY_PrivateKey zero
Public key of all zeros.
void GNUNET_CRYPTO_edx25519_key_get_public(const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
Extract the public key for the given private key.
struct GNUNET_HashContext * GNUNET_CRYPTO_hash_context_start(void)
Start incremental hashing operation.
Definition: crypto_hash.c:349
void GNUNET_CRYPTO_hash_context_read(struct GNUNET_HashContext *hc, const void *buf, size_t size)
Add data to be hashed.
Definition: crypto_hash.c:365
void GNUNET_CRYPTO_hash_context_finish(struct GNUNET_HashContext *hc, struct GNUNET_HashCode *r_hash)
Finish the hash computation.
Definition: crypto_hash.c:389
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...

References GNUNET_CRYPTO_Edx25519PrivateKey::a, GNUNET_CRYPTO_Edx25519PrivateKey::b, derive_h(), GNUNET_assert, GNUNET_CRYPTO_edx25519_key_get_public(), GNUNET_CRYPTO_hash_context_finish(), GNUNET_CRYPTO_hash_context_read(), GNUNET_CRYPTO_hash_context_start(), h, pub, result, and zero.

Referenced by output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_edx25519_public_key_derive()

void GNUNET_CRYPTO_edx25519_public_key_derive ( const struct GNUNET_CRYPTO_Edx25519PublicKey pub,
const void *  seed,
size_t  seedsize,
struct GNUNET_CRYPTO_Edx25519PublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
seedinput seed
seedsizesize of the seed
resultwhere to write the derived public key

Definition at line 333 of file crypto_edx25519.c.

338 {
339  struct GNUNET_HashCode hc;
340  uint8_t h[64] = { 0 };
341 
342  derive_h (pub,
343  seed,
344  seedsize,
345  &hc);
346  memcpy (h,
347  &hc,
348  64);
349  crypto_core_ed25519_scalar_reduce (h,
350  h);
351  GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp (result->q_y,
352  h,
353  pub->q_y));
354 }

References derive_h(), GNUNET_assert, h, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.

Referenced by output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function: