GNUnet  0.11.x
Macros | Enumerations | Enumerator | Functions
Crypto library: cryptographic operations

Provides cryptographic primitives. More...

Macros

#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
 EdDSA sign a given block. More...
 
#define GNUNET_CRYPTO_ecdsa_sign(priv, ps, sig)
 ECDSA sign a given block. More...
 
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
 Verify EdDSA signature. More...
 
#define GNUNET_CRYPTO_ecdsa_verify(purp, ps, sig, pub)
 Verify ECDSA signature. More...
 

Enumerations

enum  GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_NONCE }
 Desired quality level for random numbers. More...
 

Functions

void GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 Seed a weak random generator. More...
 
void GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
 Zero out buffer, securely against compiler optimizations. More...
 
void GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
 Fill block with a random values. More...
 
uint32_t GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
 Produce a random value. More...
 
uint64_t GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 Random on unsigned 64-bit values. More...
 
unsigned int * GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
 Get an array with a random permutation of the numbers 0...n-1. More...
 
void GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
 Create a new random session key. More...
 
ssize_t GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Encrypt a block using a symmetric sessionkey. More...
 
ssize_t GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Decrypt a given block using a symmetric sessionkey. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
 Derive an IV. More...
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
int GNUNET_CRYPTO_eddsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 Create a new private key by reading our peer's key from the file specified in the configuration. More...
 
void GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
 Get the shared private key we use for anonymous users. More...
 
void GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
 Setup a hostkey file for a peer given the name of the configuration file (!). More...
 
int GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
 Retrieve the identity of the host's peer. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private ECDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block. More...
 
int GNUNET_CRYPTO_eddsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature. More...
 
int GNUNET_CRYPTO_ecdsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 

Detailed Description

Provides cryptographic primitives.

See also
Documentation

Macro Definition Documentation

◆ GNUNET_CRYPTO_eddsa_sign

#define GNUNET_CRYPTO_eddsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:579

EdDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 1711 of file gnunet_crypto_lib.h.

Referenced by checkvec(), forward_dv_learn(), GNUNET_FS_uri_loc_create(), GNUNET_HELLO_sign_address(), handle_validation_challenge(), iface_proc(), inject_rekey(), mq_send_kx(), output_vectors(), send_challenge(), set_monotime_sig(), start_dv_learn(), transmit_kx(), and update_ephemeral().

◆ GNUNET_CRYPTO_ecdsa_sign

#define GNUNET_CRYPTO_ecdsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition: crypto_ecc.c:529

ECDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 1758 of file gnunet_crypto_lib.h.

Referenced by GNUNET_ABD_delegate_issue().

◆ GNUNET_CRYPTO_eddsa_verify

#define GNUNET_CRYPTO_eddsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_eddsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46

Verify EdDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 1811 of file gnunet_crypto_lib.h.

Referenced by checkvec(), decrypt_and_check_tc(), do_rekey(), GCP_check_monotime_sig(), GNUNET_HELLO_extract_address(), handle_dv_box(), handle_dv_learn(), handle_validation_response(), output_vectors(), sock_read(), try_handle_plaintext(), uri_loc_parse(), validate_dv_initiator_signature(), and verify_confirmation().

◆ GNUNET_CRYPTO_ecdsa_verify

#define GNUNET_CRYPTO_ecdsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_ecdsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46

Verify ECDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 1864 of file gnunet_crypto_lib.h.

Referenced by GNUNET_ABD_delegate_deserialize(), and GNUNET_ABD_delegate_serialize().

Enumeration Type Documentation

◆ GNUNET_CRYPTO_Quality

Desired quality level for random numbers.

Enumerator
GNUNET_CRYPTO_QUALITY_WEAK 

No good quality of the operation is needed (i.e., random numbers can be pseudo-random).

GNUNET_CRYPTO_QUALITY_STRONG 

High-quality operations are desired.

GNUNET_CRYPTO_QUALITY_NONCE 

Randomness for IVs etc.

is required.

Definition at line 75 of file gnunet_crypto_lib.h.

76 {
83 
89 
95 };
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.

Function Documentation

◆ GNUNET_CRYPTO_seed_weak_random()

void GNUNET_CRYPTO_seed_weak_random ( int32_t  seed)

Seed a weak random generator.

Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator can be seeded.

Parameters
seedthe seed to use

Definition at line 96 of file crypto_random.c.

Referenced by __attribute__().

97 {
98  srandom (seed);
99 }
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_zero_keys()

void GNUNET_CRYPTO_zero_keys ( void *  buffer,
size_t  length 
)

Zero out buffer, securely against compiler optimizations.

Used to delete key material.

Parameters
bufferthe buffer to zap
lengthbuffer length

Definition at line 111 of file crypto_random.c.

References GNUNET_CRYPTO_FileHashContext::buffer, and p.

Referenced by dv_key_clean(), GNUNET_IDENTITY_decrypt(), and GNUNET_IDENTITY_encrypt().

112 {
113 #if HAVE_MEMSET_S
114  memset_s (buffer, length, 0, length);
115 #elif HAVE_EXPLICIT_BZERO
116  explicit_bzero (buffer, length);
117 #else
118  volatile unsigned char *p = buffer;
119  while (length--)
120  *p++ = 0;
121 #endif
122 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_block()

void GNUNET_CRYPTO_random_block ( enum GNUNET_CRYPTO_Quality  mode,
void *  buffer,
size_t  length 
)

Fill block with a random values.

Parameters
modedesired quality of the random number
bufferthe buffer to fill
lengthbuffer length

Definition at line 134 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, and GNUNET_CRYPTO_QUALITY_WEAK.

Referenced by delayed_put(), do_pad(), encapsulate_for_dv(), GCC_create(), generate_free_member_id(), GNUNET_async_scope_fresh(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_eddsa_key_create(), handle_validation_response(), output_vectors(), prepare_pending_acknowledgement(), RPS_sampler_elem_reinit(), run(), start_address_validation(), start_dv_learn(), and transmit_kx().

137 {
138 #ifdef gcry_fast_random_poll
139  static unsigned int invokeCount;
140 #endif
141  switch (mode)
142  {
144  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
145 #ifdef gcry_fast_random_poll
146  if ((invokeCount++ % 256) == 0)
147  gcry_fast_random_poll ();
148 #endif
149  gcry_randomize (buffer, length, GCRY_STRONG_RANDOM);
150  return;
151 
153  gcry_create_nonce (buffer, length);
154  return;
155 
157  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
158 #ifdef gcry_fast_random_poll
159  if ((invokeCount++ % 256) == 0)
160  gcry_fast_random_poll ();
161 #endif
162  gcry_randomize (buffer, length, GCRY_WEAK_RANDOM);
163  return;
164 
165  default:
166  GNUNET_assert (0);
167  }
168 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_u32()

uint32_t GNUNET_CRYPTO_random_u32 ( enum GNUNET_CRYPTO_Quality  mode,
uint32_t  i 
)

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i) (exclusive).

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i[.

Definition at line 179 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and ret.

Referenced by __attribute__(), adjust_running_peers(), allocate_v4_address(), allocate_v6_address(), attempt_connect_task(), calculate_seed(), channel_new_cb(), compute_rand_delay(), compute_service_response(), daemon_started(), delay_ms_rnd(), delayed_get(), delayed_put(), download_get_url(), find_validation_entry(), GDS_NEIGHBOURS_handle_get(), gen_topo_random(), generate_indices(), generate_request_id(), get_bootstrap_server(), get_delay(), get_delay_randomization(), get_forward_count(), get_preference(), get_property(), get_random_literal(), get_random_peer_from_peermap(), get_randomized_delay(), get_request_socket(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_hash_create_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FRAGMENT_context_create(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_find_peer(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), main(), manage_service_wrapper(), ogg_init(), plan(), postgres_plugin_get_random(), queue(), reannounce_regex(), recursive_dns_resolution(), refresh_bloomfilter(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), revalidate_address(), route_control_message_without_fc(), route_via_neighbour(), run(), select_peer(), select_random_peer(), send_bloomfilter(), send_find_peer_message(), send_hello(), send_keepalive(), setup_fresh_address(), setup_fresh_ping(), setup_sockets(), should_I_drop(), shuffle_answers(), sqlite_plugin_get(), sqlite_plugin_get_random(), start_dv_learn(), test_run(), transmit_request(), transmit_typemap_task(), and try_open_exit().

180 {
181 #ifdef gcry_fast_random_poll
182  static unsigned int invokeCount;
183 #endif
184  uint32_t ret;
185  uint32_t ul;
186 
187  GNUNET_assert (i > 0);
188 
189  switch (mode)
190  {
192  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
193 #ifdef gcry_fast_random_poll
194  if ((invokeCount++ % 256) == 0)
195  gcry_fast_random_poll ();
196 #endif
197  ul = UINT32_MAX - (UINT32_MAX % i);
198  do
199  {
200  gcry_randomize ((unsigned char *) &ret,
201  sizeof(uint32_t),
202  GCRY_STRONG_RANDOM);
203  }
204  while (ret >= ul);
205  return ret % i;
206 
208  ul = UINT32_MAX - (UINT32_MAX % i);
209  do
210  {
211  gcry_create_nonce (&ret, sizeof(ret));
212  }
213  while (ret >= ul);
214  return ret % i;
215 
217  ret = i * get_weak_random ();
218  if (ret >= i)
219  ret = i - 1;
220  return ret;
221 
222  default:
223  GNUNET_assert (0);
224  }
225  return 0;
226 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
static double get_weak_random()
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:83
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u64()

uint64_t GNUNET_CRYPTO_random_u64 ( enum GNUNET_CRYPTO_Quality  mode,
uint64_t  max 
)

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Definition at line 268 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and ret.

Referenced by activate_core_visible_dv_path(), calculate_fork_degree(), choose_exit(), dht_connected(), gen_topo_scale_free(), get_transmit_delay(), GNUNET_DHT_connect(), GNUNET_REVOCATION_pow_start(), ifc_broadcast(), mysql_plugin_get_key(), mysql_plugin_get_replication(), mysql_plugin_put(), namestore_flat_store_records(), namestore_postgres_store_records(), namestore_sqlite_store_records(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), sampler_get_rand_peer(), send_find_peer_message(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().

269 {
270  uint64_t ret;
271  uint64_t ul;
272 
273  GNUNET_assert (max > 0);
274  switch (mode)
275  {
277  ul = UINT64_MAX - (UINT64_MAX % max);
278  do
279  {
280  gcry_randomize ((unsigned char *) &ret,
281  sizeof(uint64_t),
282  GCRY_STRONG_RANDOM);
283  }
284  while (ret >= ul);
285  return ret % max;
286 
288  ul = UINT64_MAX - (UINT64_MAX % max);
289  do
290  {
291  gcry_create_nonce (&ret, sizeof(ret));
292  }
293  while (ret >= ul);
294 
295  return ret % max;
296 
298  ret = max * get_weak_random ();
299  if (ret >= max)
300  ret = max - 1;
301  return ret;
302 
303  default:
304  GNUNET_assert (0);
305  }
306  return 0;
307 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
static double get_weak_random()
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:83
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_permute()

unsigned int* GNUNET_CRYPTO_random_permute ( enum GNUNET_CRYPTO_Quality  mode,
unsigned int  n 
)

Get an array with a random permutation of the numbers 0...n-1.

Parameters
modeGNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used, GNUNET_CRYPTO_QUALITY_WEAK or GNUNET_CRYPTO_QUALITY_NONCE otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)
Parameters
mode#GNUNET_RANDOM_QUALITY_STRONG if the strong (but expensive) PRNG should be used, #GNUNET_RANDOM_QUALITY_WEAK otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)

Definition at line 238 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, and ret.

Referenced by churn(), compute_service_response(), and do_round().

239 {
240  unsigned int *ret;
241  unsigned int i;
242  unsigned int tmp;
243  uint32_t x;
244 
245  GNUNET_assert (n > 0);
246  ret = GNUNET_malloc (n * sizeof(unsigned int));
247  for (i = 0; i < n; i++)
248  ret[i] = i;
249  for (i = n - 1; i > 0; i--)
250  {
251  x = GNUNET_CRYPTO_random_u32 (mode, i + 1);
252  tmp = ret[x];
253  ret[x] = ret[i];
254  ret[i] = tmp;
255  }
256  return ret;
257 }
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random unsigned 32-bit number modulo i.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_create_session_key()

void GNUNET_CRYPTO_symmetric_create_session_key ( struct GNUNET_CRYPTO_SymmetricSessionKey key)

Create a new random session key.

Parameters
keykey to initialize

Create a new random session key.

Parameters
keysession key to initialize

Definition at line 41 of file crypto_symmetric.c.

References GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GNUNET_CRYPTO_AES_KEY_LENGTH, and GNUNET_CRYPTO_SymmetricSessionKey::twofish_key.

44 {
45  gcry_randomize (key->aes_key,
47  GCRY_STRONG_RANDOM);
48  gcry_randomize (key->twofish_key,
50  GCRY_STRONG_RANDOM);
51 }
unsigned char aes_key[(256/8)]
Actual key for AES.
unsigned char twofish_key[(256/8)]
Actual key for TwoFish.
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)

◆ GNUNET_CRYPTO_symmetric_encrypt()

ssize_t GNUNET_CRYPTO_symmetric_encrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams.
Returns
the size of the encrypted block, -1 for errors

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams
resultthe output parameter in which to store the encrypted result can be the same or overlap with block
Returns
the size of the encrypted block, -1 for errors. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as len.

Definition at line 130 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by do_encrypt(), encrypt_existing_match(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), GNUNET_IDENTITY_encrypt(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().

137 {
138  gcry_cipher_hd_t handle;
139  char tmp[size];
140 
141  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
142  return -1;
143  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
144  gcry_cipher_close (handle);
145  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
146  return -1;
147  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
148  gcry_cipher_close (handle);
149  memset (tmp, 0, sizeof(tmp));
150  return size;
151 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_decrypt()

ssize_t GNUNET_CRYPTO_symmetric_decrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizehow big is the block?
sessionkeythe key used to decrypt
ivthe initialization vector to use
resultaddress to store the result at
Returns
-1 on failure, size of decrypted block on success

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizethe size of the block to decrypt
sessionkeythe key used to decrypt
ivthe initialization vector to use, use INITVALUE for streams
resultaddress to store the result at can be the same or overlap with block
Returns
-1 on failure, size of decrypted block on success. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as size.

Definition at line 168 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by do_decrypt(), GNUNET_FS_ublock_decrypt_(), GNUNET_IDENTITY_decrypt(), process_result_with_request(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().

175 {
176  gcry_cipher_hd_t handle;
177  char tmp[size];
178 
179  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
180  return -1;
181  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
182  gcry_cipher_close (handle);
183  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
184  return -1;
185  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
186  gcry_cipher_close (handle);
187  memset (tmp, 0, sizeof(tmp));
188  return size;
189 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_derive_iv()

void GNUNET_CRYPTO_symmetric_derive_iv ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
const void *  salt,
size_t  salt_len,
  ... 
)

Derive an IV.

Parameters
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
...pairs of void * & size_t for context chunks, terminated by NULL

Definition at line 202 of file crypto_symmetric.c.

References GNUNET_CRYPTO_symmetric_derive_iv_v().

Referenced by derive_iv(), derive_pong_iv(), t_ax_decrypt(), t_ax_encrypt(), t_h_decrypt(), t_h_encrypt(), and try_old_ax_keys().

210 {
211  va_list argp;
212 
213  va_start (argp, salt_len);
214  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
215  va_end (argp);
216 }
void GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
Derive an IV.
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_public()

void GNUNET_CRYPTO_ecdsa_key_get_public ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 170 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by block_create_ecdsa(), decrypt_block_with_keyword(), get_update_information_directory(), GNUNET_ABD_delegate_issue(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_block_create(), GNUNET_GNSRECORD_block_create2(), GNUNET_IDENTITY_key_get_public(), handle_collect(), and process_kblock_for_unindex().

173 {
174  BENCHMARK_START (ecdsa_key_get_public);
175  crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
176  BENCHMARK_END (ecdsa_key_get_public);
177 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_get_public()

void GNUNET_CRYPTO_eddsa_key_get_public ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 181 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_memcpy, pk, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by advertise_dns_exit(), checkvec(), create_keys(), GCT_handle_kx(), get_identity(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_FS_uri_loc_create(), GNUNET_IDENTITY_key_get_public(), GNUNET_TESTING_hostkey_get(), GSC_KX_init(), init_socket(), main_init(), output_vectors(), print_key(), regex_iterator(), and run().

184 {
185  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
186  unsigned char sk[crypto_sign_SECRETKEYBYTES];
187 
188  BENCHMARK_START (eddsa_key_get_public);
189  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
190  GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
191  sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
192  BENCHMARK_END (eddsa_key_get_public);
193 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_get_public()

void GNUNET_CRYPTO_ecdhe_key_get_public ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
struct GNUNET_CRYPTO_EcdhePublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 197 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by GCT_handle_kx(), GCT_handle_kx_auth(), GCT_send(), GNUNET_IDENTITY_encrypt(), inject_rekey(), mq_send_kx(), output_vectors(), print_examples_ecdh(), send_kx(), send_kx_auth(), sign_ephemeral_key(), start_initial_kx_out(), and update_ephemeral().

200 {
201  BENCHMARK_START (ecdhe_key_get_public);
202  GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
203  BENCHMARK_END (ecdhe_key_get_public);
204 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_from_file()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EcdsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

Definition at line 193 of file crypto_ecc_setup.c.

References GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_DISK_fn_write(), GNUNET_DISK_PERM_USER_READ, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, and read_from_file().

196 {
197  if (GNUNET_OK ==
199  pkey,
200  sizeof (*pkey)))
201  {
202  /* file existed, report that we didn't create it... */
203  return (do_create) ? GNUNET_NO : GNUNET_OK;
204  }
206  if (GNUNET_OK ==
208  pkey,
209  sizeof (*pkey),
211  return GNUNET_OK;
212  /* maybe another process succeeded in the meantime, try reading one more time */
213  if (GNUNET_OK ==
215  pkey,
216  sizeof (*pkey)))
217  {
218  /* file existed, report that *we* didn't create it... */
219  return (do_create) ? GNUNET_NO : GNUNET_OK;
220  }
221  /* give up */
222  return GNUNET_SYSERR;
223 }
static enum GNUNET_GenericReturnValue read_from_file(const char *filename, void *buf, size_t buf_size)
Read file to buf.
static char * filename
enum GNUNET_GenericReturnValue GNUNET_DISK_fn_write(const char *fn, const void *buf, size_t buf_size, enum GNUNET_DISK_AccessPermissions mode)
Write a buffer to a file atomically.
Definition: disk.c:705
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:430
Here is the call graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_from_file()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EddsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

Definition at line 141 of file crypto_ecc_setup.c.

References GNUNET_CRYPTO_eddsa_key_create(), GNUNET_DISK_fn_write(), GNUNET_DISK_PERM_USER_READ, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, read_from_file(), and ret.

Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), main_init(), and run().

144 {
146 
147  if (GNUNET_OK ==
149  pkey,
150  sizeof (*pkey)))
151  {
152  /* file existed, report that we didn't create it... */
153  return (do_create) ? GNUNET_NO : GNUNET_OK;
154  }
157  pkey,
158  sizeof (*pkey),
160  if ( (GNUNET_OK == ret) ||
161  (GNUNET_SYSERR == ret) )
162  return ret;
163  /* maybe another process succeeded in the meantime, try reading one more time */
164  if (GNUNET_OK ==
166  pkey,
167  sizeof (*pkey)))
168  {
169  /* file existed, report that *we* didn't create it... */
170  return (do_create) ? GNUNET_NO : GNUNET_OK;
171  }
172  /* give up */
173  return GNUNET_SYSERR;
174 }
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:83
static enum GNUNET_GenericReturnValue read_from_file(const char *filename, void *buf, size_t buf_size)
Read file to buf.
static char * filename
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:445
enum GNUNET_GenericReturnValue GNUNET_DISK_fn_write(const char *fn, const void *buf, size_t buf_size, enum GNUNET_DISK_AccessPermissions mode)
Write a buffer to a file atomically.
Definition: disk.c:705
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_configuration()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_configuration ( const struct GNUNET_CONFIGURATION_Handle cfg)

Create a new private key by reading our peer's key from the file specified in the configuration.

Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free
Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 235 of file crypto_ecc_setup.c.

References fn, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_from_file(), GNUNET_free, GNUNET_new, GNUNET_OK, and GNUNET_YES.

Referenced by advertise_dns_exit(), GNUNET_CRYPTO_eddsa_setup_key(), GNUNET_CRYPTO_get_peer_identity(), init_socket(), and run().

237 {
238  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
239  char *fn;
240 
241  if (GNUNET_OK !=
243  "PEER",
244  "PRIVATE_KEY",
245  &fn))
246  return NULL;
249  GNUNET_YES,
250  priv);
251  GNUNET_free (fn);
252  return priv;
253 }
#define GNUNET_new(type)
Allocate a struct or union of the given type.
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
static char * fn
Filename of the unique file.
Private ECC key encoded for transmission.
int GNUNET_CRYPTO_eddsa_key_from_file(const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
Create a new private key by reading it from a file.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create()

void GNUNET_CRYPTO_ecdsa_key_create ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 430 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_block().

Referenced by GNUNET_CRYPTO_ecdsa_key_from_file(), private_key_create(), and run().

431 {
432  BENCHMARK_START (ecdsa_key_create);
434  pk,
435  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
436  pk->d[0] &= 248;
437  pk->d[31] &= 127;
438  pk->d[31] |= 64;
439 
440  BENCHMARK_END (ecdsa_key_create);
441 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
Private ECC key encoded for transmission.
Randomness for IVs etc.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create()

void GNUNET_CRYPTO_eddsa_key_create ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 445 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_block().

Referenced by create_keys(), GNUNET_CRYPTO_eddsa_key_from_file(), output_vectors(), and private_key_create().

446 {
447  BENCHMARK_START (eddsa_key_create);
448  /*
449  * We do not clamp for EdDSA, since all functions that use the private key do
450  * their own clamping (just like in libsodium). What we call "private key"
451  * here, actually corresponds to the seed in libsodium.
452  *
453  * (Contrast this to ECDSA, where functions using the private key can't clamp
454  * due to properties needed for GNS. That is a worse/unsafer API, but
455  * required for the GNS constructions to work.)
456  */
458  pk,
459  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
460  BENCHMARK_END (eddsa_key_create);
461 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
Randomness for IVs etc.
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create()

void GNUNET_CRYPTO_ecdhe_key_create ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Create a new private key.

Clear with GNUNET_CRYPTO_ecdhe_key_clear().

Parameters
[out]pkset to fresh private key;

Definition at line 419 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_block().

Referenced by do_rekey(), GCT_create_tunnel(), GNUNET_IDENTITY_encrypt(), GSC_KX_init(), inject_rekey(), mq_send_kx(), new_ephemeral(), output_vectors(), print_examples_ecdh(), send_UDPRekey(), start_initial_kx_out(), and update_ephemeral().

420 {
421  BENCHMARK_START (ecdhe_key_create);
423  pk,
424  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
425  BENCHMARK_END (ecdhe_key_create);
426 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
Randomness for IVs etc.
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_clear()

void GNUNET_CRYPTO_eddsa_key_clear ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 412 of file crypto_ecc.c.

413 {
414  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
415 }
Private ECC key encoded for transmission.

◆ GNUNET_CRYPTO_ecdsa_key_clear()

void GNUNET_CRYPTO_ecdsa_key_clear ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 405 of file crypto_ecc.c.

406 {
407  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
408 }
Private ECC key encoded for transmission.

◆ GNUNET_CRYPTO_ecdhe_key_clear()

void GNUNET_CRYPTO_ecdhe_key_clear ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 398 of file crypto_ecc.c.

Referenced by cleanup_ax(), and GNUNET_IDENTITY_encrypt().

399 {
400  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
401 }
Private ECC key encoded for transmission.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_anonymous()

const struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_get_anonymous ( void  )

Get the shared private key we use for anonymous users.

Returns
"anonymous" private key; do not free

'anonymous' pseudonym (global static, d=1, public key = G (generator).

Definition at line 465 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.

Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().

466 {
471  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
472  static int once;
473 
474  if (once)
475  return &anonymous;
477  sizeof(anonymous.d),
478  GCRYMPI_CONST_ONE);
479  once = 1;
480  return &anonymous;
481 }
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
Private ECC key encoded for transmission.
static int once
Global to mark if we&#39;ve run the initialization.
Definition: gnsrecord.c:68
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_setup_hostkey()

void GNUNET_CRYPTO_eddsa_setup_hostkey ( const char *  cfg_name)

Setup a hostkey file for a peer given the name of the configuration file (!).

This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).

Parameters
cfg_namename of the configuration file to use

◆ GNUNET_CRYPTO_get_peer_identity()

int GNUNET_CRYPTO_get_peer_identity ( const struct GNUNET_CONFIGURATION_Handle cfg,
struct GNUNET_PeerIdentity dst 
)

Retrieve the identity of the host's peer.

Parameters
cfgconfiguration to use
dstpointer to where to write the peer identity
Returns
GNUNET_OK on success, GNUNET_SYSERR if the identity could not be retrieved

Definition at line 265 of file crypto_ecc_setup.c.

References _, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, and GNUNET_PeerIdentity::public_key.

Referenced by get_service_peer_identity(), GNUNET_CONVERSATION_phone_create(), and run().

267 {
268  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
269 
270  if (NULL == (priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg)))
271  {
273  _ ("Could not load peer's private key\n"));
274  return GNUNET_SYSERR;
275  }
277  &dst->public_key);
278  GNUNET_free (priv);
279  return GNUNET_OK;
280 }
#define _(String)
GNU gettext support macro.
Definition: platform.h:184
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:181
Private ECC key encoded for transmission.
#define GNUNET_log(kind,...)
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer&#39;s key from the file specified in the configuration...
#define GNUNET_free(ptr)
Wrapper around free.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 685 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by checkvec(), derive_session_keys(), GCT_handle_kx(), output_vectors(), print_examples_ecdh(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().

688 {
689  uint8_t p[crypto_scalarmult_BYTES];
690  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
691  return GNUNET_SYSERR;
692  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
693  return GNUNET_OK;
694 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private EdDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from EdDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 827 of file crypto_ecc.c.

References GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by dh_key_derive_eph_pub(), GCT_handle_kx(), GNUNET_IDENTITY_decrypt(), setup_in_cipher(), setup_shared_secret_dec(), and update_ax_by_kx().

830 {
831  struct GNUNET_HashCode hc;
832  uint8_t a[crypto_scalarmult_SCALARBYTES];
833  uint8_t p[crypto_scalarmult_BYTES];
834 
835  GNUNET_CRYPTO_hash (priv,
836  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
837  &hc);
838  memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
839  if (0 != crypto_scalarmult (p, a, pub->q_y))
840  return GNUNET_SYSERR;
842  crypto_scalarmult_BYTES,
843  key_material);
844  return GNUNET_OK;
845 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
Private ECC key encoded for transmission.
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
A 512-bit hashcode.
Private ECC key encoded for transmission.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private ECDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 849 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by GNUNET_IDENTITY_decrypt().

852 {
853  uint8_t p[crypto_scalarmult_BYTES];
854 
855  BENCHMARK_START (ecdsa_ecdh);
856  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
857  return GNUNET_SYSERR;
859  crypto_scalarmult_BYTES,
860  key_material);
861  BENCHMARK_END (ecdsa_ecdh);
862  return GNUNET_OK;
863 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_eddsa()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EddsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EdDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_eddsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from EdDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 867 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by checkvec(), dh_key_derive_eph_pid(), GCT_handle_kx(), GNUNET_IDENTITY_encrypt(), output_vectors(), setup_out_cipher(), setup_shared_secret_enc(), and update_ax_by_kx().

870 {
871  uint8_t p[crypto_scalarmult_BYTES];
872  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
873 
874  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
875  return GNUNET_SYSERR;
876  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
877  return GNUNET_SYSERR;
878  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
879  return GNUNET_OK;
880 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_ecdsa()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EcDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 884 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by GNUNET_IDENTITY_encrypt().

887 {
888  uint8_t p[crypto_scalarmult_BYTES];
889  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
890 
891  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
892  return GNUNET_SYSERR;
893  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
894  return GNUNET_SYSERR;
895  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
896  return GNUNET_OK;
897 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EddsaSignature sig 
)

EdDSA sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_eddsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 579 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_OK, GNUNET_SYSERR, pk, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by do_dht_put(), GNUNET_IDENTITY_sign_(), GST_validation_handle_ping(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), regex_iterator(), send_disconnect(), setup_flood_message(), and sign_ephemeral_key().

583 {
584 
585  size_t mlen = ntohl (purpose->size);
586  unsigned char sk[crypto_sign_SECRETKEYBYTES];
587  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
588  int res;
589 
590  BENCHMARK_START (eddsa_sign);
591  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
592  res = crypto_sign_detached ((uint8_t *) sig,
593  NULL,
594  (uint8_t *) purpose,
595  mlen,
596  sk);
597  BENCHMARK_END (eddsa_sign);
598  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
599 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static int res
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EcdsaSignature sig 
)

ECDSA Sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 529 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, data, data_to_ecdsa_value(), decode_private_ecdsa_key(), GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_WARNING, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), LOG, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_create_ecdsa(), GNUNET_FS_publish_ublock_(), and GNUNET_IDENTITY_sign_().

533 {
534  gcry_sexp_t priv_sexp;
535  gcry_sexp_t sig_sexp;
536  gcry_sexp_t data;
537  int rc;
538  gcry_mpi_t rs[2];
539 
540  BENCHMARK_START (ecdsa_sign);
541 
542  priv_sexp = decode_private_ecdsa_key (priv);
543  data = data_to_ecdsa_value (purpose);
544  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
545  {
547  _ ("ECC signing failed at %s:%d: %s\n"),
548  __FILE__,
549  __LINE__,
550  gcry_strerror (rc));
551  gcry_sexp_release (data);
552  gcry_sexp_release (priv_sexp);
553  return GNUNET_SYSERR;
554  }
555  gcry_sexp_release (priv_sexp);
556  gcry_sexp_release (data);
557 
558  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
559  'signature' */
560  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
561  {
562  GNUNET_break (0);
563  gcry_sexp_release (sig_sexp);
564  return GNUNET_SYSERR;
565  }
566  gcry_sexp_release (sig_sexp);
567  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
568  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
569  gcry_mpi_release (rs[0]);
570  gcry_mpi_release (rs[1]);
571 
572  BENCHMARK_END (ecdsa_sign);
573 
574  return GNUNET_OK;
575 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:184
#define LOG(kind,...)
Definition: crypto_ecc.c:45
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:492
unsigned char s[256/8]
S value.
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:80
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:138
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_verify_()

int GNUNET_CRYPTO_eddsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EddsaSignature sig,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Verify EdDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 662 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_OK, GNUNET_SYSERR, m, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by block_plugin_dns_evaluate(), evaluate_block_regex_accept(), GNUNET_IDENTITY_signature_verify_(), GST_neighbours_handle_disconnect_message(), GST_validation_handle_pong(), handle_ephemeral_key(), keygen_round1_new_element(), keygen_round2_new_element(), and verify_message_crypto().

667 {
668  const unsigned char *m = (const void *) validate;
669  size_t mlen = ntohl (validate->size);
670  const unsigned char *s = (const void *) sig;
671 
672  int res;
673 
674  if (purpose != ntohl (validate->purpose))
675  return GNUNET_SYSERR; /* purpose mismatch */
676 
677  BENCHMARK_START (eddsa_verify);
678  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
679  BENCHMARK_END (eddsa_verify);
680  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
681 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static int res
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_verify_()

int GNUNET_CRYPTO_ecdsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EcdsaSignature sig,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Verify ECDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 603 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, CURVE, data, data_to_ecdsa_value(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_OK, GNUNET_SYSERR, LOG, LOG_GCRY, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EcdsaPublicKey::q_y, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_plugin_fs_evaluate(), GNUNET_GNSRECORD_block_verify(), and GNUNET_IDENTITY_signature_verify_().

608 {
609  gcry_sexp_t data;
610  gcry_sexp_t sig_sexpr;
611  gcry_sexp_t pub_sexpr;
612  int rc;
613 
614  BENCHMARK_START (ecdsa_verify);
615 
616  if (purpose != ntohl (validate->purpose))
617  return GNUNET_SYSERR; /* purpose mismatch */
618 
619  /* build s-expression for signature */
620  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
621  NULL,
622  "(sig-val(ecdsa(r %b)(s %b)))",
623  (int) sizeof(sig->r),
624  sig->r,
625  (int) sizeof(sig->s),
626  sig->s)))
627  {
628  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
629  return GNUNET_SYSERR;
630  }
631  data = data_to_ecdsa_value (validate);
632  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
633  NULL,
634  "(public-key(ecc(curve " CURVE ")(q %b)))",
635  (int) sizeof(pub->q_y),
636  pub->q_y)))
637  {
638  gcry_sexp_release (data);
639  gcry_sexp_release (sig_sexpr);
640  return GNUNET_SYSERR;
641  }
642  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
643  gcry_sexp_release (pub_sexpr);
644  gcry_sexp_release (data);
645  gcry_sexp_release (sig_sexpr);
646  if (0 != rc)
647  {
649  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
650  __FILE__,
651  __LINE__,
652  gcry_strerror (rc));
653  BENCHMARK_END (ecdsa_verify);
654  return GNUNET_SYSERR;
655  }
656  BENCHMARK_END (ecdsa_verify);
657  return GNUNET_OK;
658 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define _(String)
GNU gettext support macro.
Definition: platform.h:184
#define LOG(kind,...)
Definition: crypto_ecc.c:45
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:58
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:492
unsigned char s[256/8]
S value.
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_private_key_derive()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_private_key_derive ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const char *  label,
const char *  context 
)

Derive a private key from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Definition at line 734 of file crypto_ecc.c.

References ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_new, h, and ret.

Referenced by block_create_ecdsa(), and GNUNET_FS_publish_ublock_().

738 {
741  uint8_t dc[32];
742  gcry_mpi_t h;
743  gcry_mpi_t x;
744  gcry_mpi_t d;
745  gcry_mpi_t n;
746  gcry_ctx_t ctx;
747 
748  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
749 
750  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
752 
753  h = derive_h (&pub, label, context);
754  /* Convert to big endian for libgcrypt */
755  for (size_t i = 0; i < 32; i++)
756  dc[i] = priv->d[31 - i];
757  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc));
758  d = gcry_mpi_new (256);
759  gcry_mpi_mulm (d, h, x, n);
760  gcry_mpi_release (h);
761  gcry_mpi_release (x);
762  gcry_mpi_release (n);
763  gcry_ctx_release (ctx);
765  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
766  /* Convert to big endian for libgcrypt */
767  for (size_t i = 0; i < 32; i++)
768  ret->d[i] = dc[31 - i];
769  sodium_memzero (dc, sizeof(dc));
770  gcry_mpi_release (d);
771  return ret;
772 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static pa_context * context
Pulseaudio context.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:170
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:708
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
static struct GNUNET_FS_DownloadContext * dc
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_derive()

void GNUNET_CRYPTO_ecdsa_public_key_derive ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EcdsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 776 of file crypto_ecc.c.

References ctx, CURVE, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), h, q, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_query_from_public_key(), and schedule_transmit_search_request().

781 {
782  gcry_ctx_t ctx;
783  gcry_mpi_t q_y;
784  gcry_mpi_t h;
785  gcry_mpi_t n;
786  gcry_mpi_t h_mod_n;
787  gcry_mpi_point_t q;
788  gcry_mpi_point_t v;
789 
790  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
791 
792  /* obtain point 'q' from original public key. The provided 'q' is
793  compressed thus we first store it in the context and then get it
794  back as a (decompresssed) point. */
795  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
796  GNUNET_assert (NULL != q_y);
797  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
798  gcry_mpi_release (q_y);
799  q = gcry_mpi_ec_get_point ("q", ctx, 0);
800  GNUNET_assert (q);
801 
802  /* calculate h_mod_n = h % n */
803  h = derive_h (pub, label, context);
804  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
805  h_mod_n = gcry_mpi_new (256);
806  gcry_mpi_mod (h_mod_n, h, n);
807  /* calculate v = h_mod_n * q */
808  v = gcry_mpi_point_new (0);
809  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
810  gcry_mpi_release (h_mod_n);
811  gcry_mpi_release (h);
812  gcry_mpi_release (n);
813  gcry_mpi_point_release (q);
814 
815  /* convert point 'v' to public key that we return */
816  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
817  gcry_mpi_point_release (v);
818  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
819  GNUNET_assert (q_y);
820  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
821  gcry_mpi_release (q_y);
822  gcry_ctx_release (ctx);
823 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static pa_context * context
Pulseaudio context.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:708
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
Here is the call graph for this function:
Here is the caller graph for this function: