GNUnet  0.11.x
Macros | Enumerations | Enumerator | Functions
Crypto library: cryptographic operations

Provides cryptographic primitives. More...

Macros

#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
 EdDSA sign a given block. More...
 
#define GNUNET_CRYPTO_ecdsa_sign(priv, ps, sig)
 ECDSA sign a given block. More...
 
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
 Verify EdDSA signature. More...
 
#define GNUNET_CRYPTO_ecdsa_verify(purp, ps, sig, pub)
 Verify ECDSA signature. More...
 

Enumerations

enum  GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_NONCE }
 Desired quality level for random numbers. More...
 

Functions

void GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 Seed a weak random generator. More...
 
void GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
 Zero out buffer, securely against compiler optimizations. More...
 
void GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
 Fill block with a random values. More...
 
uint32_t GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
 Produce a random value. More...
 
uint64_t GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 Random on unsigned 64-bit values. More...
 
unsigned int * GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
 Get an array with a random permutation of the numbers 0...n-1. More...
 
void GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
 Create a new random session key. More...
 
ssize_t GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Encrypt a block using a symmetric sessionkey. More...
 
ssize_t GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Decrypt a given block using a symmetric sessionkey. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
 Derive an IV. More...
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key. More...
 
int GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
int GNUNET_CRYPTO_eddsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 Create a new private key by reading our peer's key from the file specified in the configuration. More...
 
void GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
 Get the shared private key we use for anonymous users. More...
 
void GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
 Setup a hostkey file for a peer given the name of the configuration file (!). More...
 
int GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
 Retrieve the identity of the host's peer. More...
 
int GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key. More...
 
int GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key. More...
 
int GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private ECDSA key. More...
 
int GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key. More...
 
int GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key. More...
 
int GNUNET_CRYPTO_eddsa_sign_ (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block. More...
 
int GNUNET_CRYPTO_ecdsa_sign_ (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block. More...
 
int GNUNET_CRYPTO_eddsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature. More...
 
int GNUNET_CRYPTO_ecdsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 

Detailed Description

Provides cryptographic primitives.

See also
Documentation

Macro Definition Documentation

◆ GNUNET_CRYPTO_eddsa_sign

#define GNUNET_CRYPTO_eddsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*ps)); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
int GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:707

EdDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 1691 of file gnunet_crypto_lib.h.

Referenced by forward_dv_learn(), GNUNET_FS_uri_loc_create(), GNUNET_HELLO_sign_address(), handle_validation_challenge(), iface_proc(), inject_rekey(), mq_send_kx(), run(), send_challenge(), set_monotime_sig(), start_dv_learn(), transmit_kx(), and update_ephemeral().

◆ GNUNET_CRYPTO_ecdsa_sign

#define GNUNET_CRYPTO_ecdsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
int GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition: crypto_ecc.c:645

ECDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 1738 of file gnunet_crypto_lib.h.

Referenced by GNUNET_ABD_delegate_issue(), and handle_client_call_message().

◆ GNUNET_CRYPTO_eddsa_verify

#define GNUNET_CRYPTO_eddsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_eddsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:39

Verify EdDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 1791 of file gnunet_crypto_lib.h.

Referenced by decrypt_and_check_tc(), do_rekey(), GCP_check_monotime_sig(), GNUNET_HELLO_extract_address(), handle_dv_box(), handle_dv_learn(), handle_validation_response(), run(), sock_read(), try_handle_plaintext(), uri_loc_parse(), validate_dv_initiator_signature(), and verify_confirmation().

◆ GNUNET_CRYPTO_ecdsa_verify

#define GNUNET_CRYPTO_ecdsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_ecdsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:39

Verify ECDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 1844 of file gnunet_crypto_lib.h.

Referenced by GNUNET_ABD_delegate_deserialize(), GNUNET_ABD_delegate_serialize(), and handle_cadet_ring_message().

Enumeration Type Documentation

◆ GNUNET_CRYPTO_Quality

Desired quality level for random numbers.

Enumerator
GNUNET_CRYPTO_QUALITY_WEAK 

No good quality of the operation is needed (i.e., random numbers can be pseudo-random).

GNUNET_CRYPTO_QUALITY_STRONG 

High-quality operations are desired.

GNUNET_CRYPTO_QUALITY_NONCE 

Randomness for IVs etc.

is required.

Definition at line 74 of file gnunet_crypto_lib.h.

75 {
82 
88 
94 };
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.

Function Documentation

◆ GNUNET_CRYPTO_seed_weak_random()

void GNUNET_CRYPTO_seed_weak_random ( int32_t  seed)

Seed a weak random generator.

Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator can be seeded.

Parameters
seedthe seed to use

Definition at line 96 of file crypto_random.c.

Referenced by __attribute__().

97 {
98  srandom (seed);
99 }
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_zero_keys()

void GNUNET_CRYPTO_zero_keys ( void *  buffer,
size_t  length 
)

Zero out buffer, securely against compiler optimizations.

Used to delete key material.

Parameters
bufferthe buffer to zap
lengthbuffer length

Definition at line 111 of file crypto_random.c.

References GNUNET_CRYPTO_FileHashContext::buffer, and p.

Referenced by dv_key_clean().

112 {
113 #if HAVE_MEMSET_S
114  memset_s (buffer, length, 0, length);
115 #elif HAVE_EXPLICIT_BZERO
116  explicit_bzero (buffer, length);
117 #else
118  volatile unsigned char *p = buffer;
119  while (length--)
120  *p++ = 0;
121 #endif
122 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_block()

void GNUNET_CRYPTO_random_block ( enum GNUNET_CRYPTO_Quality  mode,
void *  buffer,
size_t  length 
)

Fill block with a random values.

Parameters
modedesired quality of the random number
bufferthe buffer to fill
lengthbuffer length

Definition at line 134 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, and GNUNET_CRYPTO_QUALITY_WEAK.

Referenced by delayed_put(), do_pad(), encapsulate_for_dv(), GCC_create(), GNUNET_async_scope_fresh(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_eddsa_key_create(), handle_validation_response(), prepare_pending_acknowledgement(), RPS_sampler_elem_reinit(), run(), start_address_validation(), start_dv_learn(), and transmit_kx().

137 {
138 #ifdef gcry_fast_random_poll
139  static unsigned int invokeCount;
140 #endif
141  switch (mode)
142  {
144  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
145 #ifdef gcry_fast_random_poll
146  if ((invokeCount++ % 256) == 0)
147  gcry_fast_random_poll ();
148 #endif
149  gcry_randomize (buffer, length, GCRY_STRONG_RANDOM);
150  return;
151 
153  gcry_create_nonce (buffer, length);
154  return;
155 
157  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
158 #ifdef gcry_fast_random_poll
159  if ((invokeCount++ % 256) == 0)
160  gcry_fast_random_poll ();
161 #endif
162  gcry_randomize (buffer, length, GCRY_WEAK_RANDOM);
163  return;
164 
165  default:
166  GNUNET_assert (0);
167  }
168 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_u32()

uint32_t GNUNET_CRYPTO_random_u32 ( enum GNUNET_CRYPTO_Quality  mode,
uint32_t  i 
)

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i) (exclusive).

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i[.

Definition at line 179 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and ret.

Referenced by __attribute__(), adjust_running_peers(), allocate_v4_address(), allocate_v6_address(), attempt_connect_task(), calculate_seed(), channel_new_cb(), compute_rand_delay(), compute_service_response(), daemon_started(), delay_ms_rnd(), delayed_get(), delayed_put(), download_get_url(), find_validation_entry(), GDS_NEIGHBOURS_handle_get(), gen_topo_random(), generate_indices(), generate_request_id(), get_bootstrap_server(), get_delay(), get_delay_randomization(), get_forward_count(), get_preference(), get_property(), get_random_literal(), get_random_peer_from_peermap(), get_randomized_delay(), get_request_socket(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_hash_create_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FRAGMENT_context_create(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_find_peer(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), main(), manage_service_wrapper(), ogg_init(), plan(), postgres_plugin_get_random(), queue(), reannounce_regex(), recursive_dns_resolution(), refresh_bloomfilter(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), revalidate_address(), route_control_message_without_fc(), route_via_neighbour(), run(), select_peer(), select_random_peer(), send_bloomfilter(), send_find_peer_message(), send_hello(), send_keepalive(), setup_fresh_address(), setup_fresh_ping(), setup_sockets(), should_I_drop(), shuffle_answers(), sqlite_plugin_get(), sqlite_plugin_get_random(), start_dv_learn(), test_run(), transmit_request(), transmit_typemap_task(), and try_open_exit().

180 {
181 #ifdef gcry_fast_random_poll
182  static unsigned int invokeCount;
183 #endif
184  uint32_t ret;
185  uint32_t ul;
186 
187  GNUNET_assert (i > 0);
188 
189  switch (mode)
190  {
192  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
193 #ifdef gcry_fast_random_poll
194  if ((invokeCount++ % 256) == 0)
195  gcry_fast_random_poll ();
196 #endif
197  ul = UINT32_MAX - (UINT32_MAX % i);
198  do
199  {
200  gcry_randomize ((unsigned char *) &ret,
201  sizeof(uint32_t),
202  GCRY_STRONG_RANDOM);
203  }
204  while (ret >= ul);
205  return ret % i;
206 
208  ul = UINT32_MAX - (UINT32_MAX % i);
209  do
210  {
211  gcry_create_nonce (&ret, sizeof(ret));
212  }
213  while (ret >= ul);
214  return ret % i;
215 
217  ret = i * get_weak_random ();
218  if (ret >= i)
219  ret = i - 1;
220  return ret;
221 
222  default:
223  GNUNET_assert (0);
224  }
225  return 0;
226 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
static double get_weak_random()
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:83
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u64()

uint64_t GNUNET_CRYPTO_random_u64 ( enum GNUNET_CRYPTO_Quality  mode,
uint64_t  max 
)

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Definition at line 268 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and ret.

Referenced by activate_core_visible_dv_path(), calculate_fork_degree(), choose_exit(), dht_connected(), gen_topo_scale_free(), get_transmit_delay(), GNUNET_DHT_connect(), GNUNET_REVOCATION_pow_start(), ifc_broadcast(), mysql_plugin_get_key(), mysql_plugin_get_replication(), mysql_plugin_put(), namestore_flat_store_records(), namestore_postgres_store_records(), namestore_sqlite_store_records(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), sampler_get_rand_peer(), send_find_peer_message(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().

269 {
270  uint64_t ret;
271  uint64_t ul;
272 
273  GNUNET_assert (max > 0);
274  switch (mode)
275  {
277  ul = UINT64_MAX - (UINT64_MAX % max);
278  do
279  {
280  gcry_randomize ((unsigned char *) &ret,
281  sizeof(uint64_t),
282  GCRY_STRONG_RANDOM);
283  }
284  while (ret >= ul);
285  return ret % max;
286 
288  ul = UINT64_MAX - (UINT64_MAX % max);
289  do
290  {
291  gcry_create_nonce (&ret, sizeof(ret));
292  }
293  while (ret >= ul);
294 
295  return ret % max;
296 
298  ret = max * get_weak_random ();
299  if (ret >= max)
300  ret = max - 1;
301  return ret;
302 
303  default:
304  GNUNET_assert (0);
305  }
306  return 0;
307 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
static double get_weak_random()
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:83
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_permute()

unsigned int* GNUNET_CRYPTO_random_permute ( enum GNUNET_CRYPTO_Quality  mode,
unsigned int  n 
)

Get an array with a random permutation of the numbers 0...n-1.

Parameters
modeGNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used, GNUNET_CRYPTO_QUALITY_WEAK or GNUNET_CRYPTO_QUALITY_NONCE otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)
Parameters
mode#GNUNET_RANDOM_QUALITY_STRONG if the strong (but expensive) PRNG should be used, #GNUNET_RANDOM_QUALITY_WEAK otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)

Definition at line 238 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, and ret.

Referenced by churn(), compute_service_response(), and do_round().

239 {
240  unsigned int *ret;
241  unsigned int i;
242  unsigned int tmp;
243  uint32_t x;
244 
245  GNUNET_assert (n > 0);
246  ret = GNUNET_malloc (n * sizeof(unsigned int));
247  for (i = 0; i < n; i++)
248  ret[i] = i;
249  for (i = n - 1; i > 0; i--)
250  {
251  x = GNUNET_CRYPTO_random_u32 (mode, i + 1);
252  tmp = ret[x];
253  ret[x] = ret[i];
254  ret[i] = tmp;
255  }
256  return ret;
257 }
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random unsigned 32-bit number modulo i.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_create_session_key()

void GNUNET_CRYPTO_symmetric_create_session_key ( struct GNUNET_CRYPTO_SymmetricSessionKey key)

Create a new random session key.

Parameters
keykey to initialize

Create a new random session key.

Parameters
keysession key to initialize

Definition at line 41 of file crypto_symmetric.c.

References GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GNUNET_CRYPTO_AES_KEY_LENGTH, and GNUNET_CRYPTO_SymmetricSessionKey::twofish_key.

44 {
45  gcry_randomize (key->aes_key,
47  GCRY_STRONG_RANDOM);
48  gcry_randomize (key->twofish_key,
50  GCRY_STRONG_RANDOM);
51 }
unsigned char aes_key[(256/8)]
Actual key for AES.
unsigned char twofish_key[(256/8)]
Actual key for TwoFish.
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)

◆ GNUNET_CRYPTO_symmetric_encrypt()

ssize_t GNUNET_CRYPTO_symmetric_encrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams.
Returns
the size of the encrypted block, -1 for errors

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams
resultthe output parameter in which to store the encrypted result can be the same or overlap with block
Returns
the size of the encrypted block, -1 for errors. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as len.

Definition at line 130 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by block_create(), do_encrypt(), encrypt_existing_match(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().

137 {
138  gcry_cipher_hd_t handle;
139  char tmp[size];
140 
141  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
142  return -1;
143  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
144  gcry_cipher_close (handle);
145  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
146  return -1;
147  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
148  gcry_cipher_close (handle);
149  memset (tmp, 0, sizeof(tmp));
150  return size;
151 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_decrypt()

ssize_t GNUNET_CRYPTO_symmetric_decrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizehow big is the block?
sessionkeythe key used to decrypt
ivthe initialization vector to use
resultaddress to store the result at
Returns
-1 on failure, size of decrypted block on success

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizethe size of the block to decrypt
sessionkeythe key used to decrypt
ivthe initialization vector to use, use INITVALUE for streams
resultaddress to store the result at can be the same or overlap with block
Returns
-1 on failure, size of decrypted block on success. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as size.

Definition at line 168 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by do_decrypt(), GNUNET_FS_ublock_decrypt_(), GNUNET_GNSRECORD_block_decrypt(), process_result_with_request(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().

175 {
176  gcry_cipher_hd_t handle;
177  char tmp[size];
178 
179  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
180  return -1;
181  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
182  gcry_cipher_close (handle);
183  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
184  return -1;
185  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
186  gcry_cipher_close (handle);
187  memset (tmp, 0, sizeof(tmp));
188  return size;
189 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_derive_iv()

void GNUNET_CRYPTO_symmetric_derive_iv ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
const void *  salt,
size_t  salt_len,
  ... 
)

Derive an IV.

Parameters
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
...pairs of void * & size_t for context chunks, terminated by NULL

Definition at line 202 of file crypto_symmetric.c.

References GNUNET_CRYPTO_symmetric_derive_iv_v().

Referenced by derive_iv(), derive_pong_iv(), t_ax_decrypt(), t_ax_encrypt(), t_h_decrypt(), t_h_encrypt(), and try_old_ax_keys().

210 {
211  va_list argp;
212 
213  va_start (argp, salt_len);
214  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
215  va_end (argp);
216 }
void GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
Derive an IV.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_public()

void GNUNET_CRYPTO_ecdsa_key_get_public ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 176 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by attest_iter_cb(), attr_iter_cb(), authorize_endpoint(), block_create(), create_finished(), decrypt_block_with_keyword(), filter_tickets_finished_cb(), get_nick_record(), get_update_information_directory(), GNUNET_ABD_delegate_issue(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_block_create(), GNUNET_GNSRECORD_block_create2(), GNUNET_GNSRECORD_query_from_private_key(), GNUNET_IDENTITY_ego_get_anonymous(), GNUNET_IDENTITY_ego_get_public_key(), GNUNET_REVOCATION_pow_init(), handle_attestation_store_message(), handle_attribute_store_message(), handle_client_call_message(), handle_collect(), handle_identity_update(), identity_zone_cb(), process_kblock_for_unindex(), RECLAIM_TICKETS_consume(), RECLAIM_TICKETS_revoke(), refresh_block(), and run().

179 {
180  BENCHMARK_START (ecdsa_key_get_public);
181  crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
182  BENCHMARK_END (ecdsa_key_get_public);
183 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_get_public()

void GNUNET_CRYPTO_eddsa_key_get_public ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 193 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_memcpy, pk, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by advertise_dns_exit(), create_keys(), GCT_handle_kx(), get_identity(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_FS_uri_loc_create(), GNUNET_TESTING_hostkey_get(), GSC_KX_init(), init_socket(), main_init(), print_key(), regex_iterator(), and run().

196 {
197  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
198  unsigned char sk[crypto_sign_SECRETKEYBYTES];
199 
200  BENCHMARK_START (eddsa_key_get_public);
201  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
202  GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
203  sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
204  BENCHMARK_END (eddsa_key_get_public);
205 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
struct GNUNET_CRYPTO_EcdsaPrivateKey pk
Private key from command line option, or NULL.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_get_public()

void GNUNET_CRYPTO_ecdhe_key_get_public ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
struct GNUNET_CRYPTO_EcdhePublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 215 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by GCT_handle_kx(), GCT_handle_kx_auth(), GCT_send(), inject_rekey(), mq_send_kx(), print_examples_ecdh(), run(), send_kx(), send_kx_auth(), sign_ephemeral_key(), start_initial_kx_out(), and update_ephemeral().

218 {
219  BENCHMARK_START (ecdhe_key_get_public);
220  GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
221  BENCHMARK_END (ecdhe_key_get_public);
222 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_from_file()

int GNUNET_CRYPTO_ecdsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EcdsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

Definition at line 290 of file crypto_ecc_setup.c.

References atomic_write_to_file(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, and read_from_file().

Referenced by process_ego_file().

293 {
294  if (GNUNET_OK ==
296  pkey,
297  sizeof (*pkey)))
298  {
299  /* file existed, report that we didn't create it... */
300  return (do_create) ? GNUNET_NO : GNUNET_OK;
301  }
303  if (GNUNET_OK ==
305  pkey,
306  sizeof (*pkey)))
307  return GNUNET_OK;
308  /* maybe another process succeeded in the meantime, try reading one more time */
309  if (GNUNET_OK ==
311  pkey,
312  sizeof (*pkey)))
313  {
314  /* file existed, report that *we* didn't create it... */
315  return (do_create) ? GNUNET_NO : GNUNET_OK;
316  }
317  /* give up */
318  return GNUNET_SYSERR;
319 }
static int atomic_write_to_file(const char *filename, const void *buf, size_t buf_size)
Write contents of buf atomically to filename.
static char * filename
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:524
static int read_from_file(const char *filename, void *buf, size_t buf_size)
Read file to buf.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_from_file()

int GNUNET_CRYPTO_eddsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EddsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

Definition at line 239 of file crypto_ecc_setup.c.

References atomic_write_to_file(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, read_from_file(), and ret.

Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), main_init(), and run().

242 {
243  int ret;
244 
245  if (GNUNET_OK ==
247  pkey,
248  sizeof (*pkey)))
249  {
250  /* file existed, report that we didn't create it... */
251  return (do_create) ? GNUNET_NO : GNUNET_OK;
252  }
255  pkey,
256  sizeof (*pkey));
257  if ( (GNUNET_OK == ret) ||
258  (GNUNET_SYSERR == ret) )
259  return ret;
260  /* maybe another process succeeded in the meantime, try reading one more time */
261  if (GNUNET_OK ==
263  pkey,
264  sizeof (*pkey)))
265  {
266  /* file existed, report that *we* didn't create it... */
267  return (do_create) ? GNUNET_NO : GNUNET_OK;
268  }
269  /* give up */
270  return GNUNET_SYSERR;
271 }
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static int atomic_write_to_file(const char *filename, const void *buf, size_t buf_size)
Write contents of buf atomically to filename.
static char * filename
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:544
static int read_from_file(const char *filename, void *buf, size_t buf_size)
Read file to buf.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_configuration()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_configuration ( const struct GNUNET_CONFIGURATION_Handle cfg)

Create a new private key by reading our peer's key from the file specified in the configuration.

Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free
Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 331 of file crypto_ecc_setup.c.

References fn, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_from_file(), GNUNET_free, GNUNET_new, GNUNET_OK, and GNUNET_YES.

Referenced by advertise_dns_exit(), GNUNET_CRYPTO_eddsa_setup_key(), GNUNET_CRYPTO_get_peer_identity(), init_socket(), and run().

333 {
334  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
335  char *fn;
336 
337  if (GNUNET_OK !=
339  "PEER",
340  "PRIVATE_KEY",
341  &fn))
342  return NULL;
345  GNUNET_YES,
346  priv);
347  GNUNET_free (fn);
348  return priv;
349 }
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static char * fn
Filename of the unique file.
int GNUNET_CRYPTO_eddsa_key_from_file(const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
Create a new private key by reading it from a file.
Private ECC key encoded for transmission.
int GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create()

void GNUNET_CRYPTO_ecdsa_key_create ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 524 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_block().

Referenced by GNUNET_CRYPTO_ecdsa_key_from_file(), GNUNET_IDENTITY_create(), and run().

525 {
526  BENCHMARK_START (ecdsa_key_create);
528  pk,
529  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
530  pk->d[0] &= 248;
531  pk->d[31] &= 127;
532  pk->d[31] |= 64;
533 
534  BENCHMARK_END (ecdsa_key_create);
535 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
Private ECC key encoded for transmission.
Randomness for IVs etc.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create()

void GNUNET_CRYPTO_eddsa_key_create ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize
[out]pkset to fresh private key

Definition at line 544 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_block().

Referenced by create_keys(), GNUNET_CRYPTO_eddsa_key_from_file(), and run().

545 {
546  BENCHMARK_START (eddsa_key_create);
547  /*
548  * We do not clamp for EdDSA, since all functions that use the private key do
549  * their own clamping (just like in libsodium). What we call "private key"
550  * here, actually corresponds to the seed in libsodium.
551  *
552  * (Contrast this to ECDSA, where functions using the private key can't clamp
553  * due to properties needed for GNS. That is a worse/unsafer API, but
554  * required for the GNS constructions to work.)
555  */
557  pk,
558  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
559  BENCHMARK_END (eddsa_key_create);
560 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
Randomness for IVs etc.
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create()

void GNUNET_CRYPTO_ecdhe_key_create ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Create a new private key.

Clear with GNUNET_CRYPTO_ecdhe_key_clear().

Parameters
[out]pkset to fresh private key;
[out]pkfresh private key

Definition at line 508 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_block().

Referenced by do_rekey(), GCT_create_tunnel(), GSC_KX_init(), inject_rekey(), mq_send_kx(), new_ephemeral(), print_examples_ecdh(), run(), start_initial_kx_out(), and update_ephemeral().

509 {
510  BENCHMARK_START (ecdhe_key_create);
512  pk,
513  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
514  BENCHMARK_END (ecdhe_key_create);
515 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
Randomness for IVs etc.
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_clear()

void GNUNET_CRYPTO_eddsa_key_clear ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 496 of file crypto_ecc.c.

497 {
498  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
499 }
Private ECC key encoded for transmission.

◆ GNUNET_CRYPTO_ecdsa_key_clear()

void GNUNET_CRYPTO_ecdsa_key_clear ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 483 of file crypto_ecc.c.

Referenced by main().

484 {
485  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
486 }
Private ECC key encoded for transmission.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_clear()

void GNUNET_CRYPTO_ecdhe_key_clear ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 470 of file crypto_ecc.c.

Referenced by cleanup_ax().

471 {
472  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
473 }
Private ECC key encoded for transmission.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_anonymous()

const struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_get_anonymous ( void  )

Get the shared private key we use for anonymous users.

Returns
"anonymous" private key; do not free
"anonymous" private key

'anonymous' pseudonym (global static, d=1, public key = G (generator).

Definition at line 569 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.

Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().

570 {
575  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
576  static int once;
577 
578  if (once)
579  return &anonymous;
581  sizeof(anonymous.d),
582  GCRYMPI_CONST_ONE);
583  once = 1;
584  return &anonymous;
585 }
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
Private ECC key encoded for transmission.
static int once
Global to mark if we&#39;ve run the initialization.
Definition: gnsrecord.c:68
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_setup_hostkey()

void GNUNET_CRYPTO_eddsa_setup_hostkey ( const char *  cfg_name)

Setup a hostkey file for a peer given the name of the configuration file (!).

This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).

Parameters
cfg_namename of the configuration file to use

◆ GNUNET_CRYPTO_get_peer_identity()

int GNUNET_CRYPTO_get_peer_identity ( const struct GNUNET_CONFIGURATION_Handle cfg,
struct GNUNET_PeerIdentity dst 
)

Retrieve the identity of the host's peer.

Parameters
cfgconfiguration to use
dstpointer to where to write the peer identity
Returns
GNUNET_OK on success, GNUNET_SYSERR if the identity could not be retrieved

Definition at line 361 of file crypto_ecc_setup.c.

References _, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, and GNUNET_PeerIdentity::public_key.

Referenced by GNUNET_CONVERSATION_phone_create(), and run().

363 {
364  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
365 
366  if (NULL == (priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg)))
367  {
369  _ ("Could not load peer's private key\n"));
370  return GNUNET_SYSERR;
371  }
373  &dst->public_key);
374  GNUNET_free (priv);
375  return GNUNET_OK;
376 }
#define _(String)
GNU gettext support macro.
Definition: platform.h:184
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:193
Private ECC key encoded for transmission.
#define GNUNET_log(kind,...)
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer&#39;s key from the file specified in the configuration...
#define GNUNET_free(ptr)
Wrapper around free.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_ecdh()

int GNUNET_CRYPTO_ecc_ecdh ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 850 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by derive_session_keys(), GCT_handle_kx(), print_examples_ecdh(), run(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().

853 {
854  uint8_t p[crypto_scalarmult_BYTES];
855  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
856  return GNUNET_SYSERR;
857  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
858  return GNUNET_OK;
859 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_ecdh()

int GNUNET_CRYPTO_eddsa_ecdh ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private EdDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from EdDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1024 of file crypto_ecc.c.

References GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by dh_key_derive_eph_pub(), GCT_handle_kx(), setup_in_cipher(), setup_shared_secret_dec(), and update_ax_by_kx().

1027 {
1028  struct GNUNET_HashCode hc;
1029  uint8_t a[crypto_scalarmult_SCALARBYTES];
1030  uint8_t p[crypto_scalarmult_BYTES];
1031 
1032  GNUNET_CRYPTO_hash (priv,
1033  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
1034  &hc);
1035  memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1036  if (0 != crypto_scalarmult (p, a, pub->q_y))
1037  return GNUNET_SYSERR;
1038  GNUNET_CRYPTO_hash (p,
1039  crypto_scalarmult_BYTES,
1040  key_material);
1041  return GNUNET_OK;
1042 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
Private ECC key encoded for transmission.
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
A 512-bit hashcode.
Private ECC key encoded for transmission.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_ecdh()

int GNUNET_CRYPTO_ecdsa_ecdh ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private ECDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1056 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

1059 {
1060  uint8_t p[crypto_scalarmult_BYTES];
1061 
1062  BENCHMARK_START (ecdsa_ecdh);
1063  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
1064  return GNUNET_SYSERR;
1065  GNUNET_CRYPTO_hash (p,
1066  crypto_scalarmult_BYTES,
1067  key_material);
1068  BENCHMARK_END (ecdsa_ecdh);
1069  return GNUNET_OK;
1070 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_ecdh_eddsa()

int GNUNET_CRYPTO_ecdh_eddsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EddsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EdDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_eddsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from EdDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1084 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by dh_key_derive_eph_pid(), GCT_handle_kx(), run(), setup_out_cipher(), setup_shared_secret_enc(), and update_ax_by_kx().

1087 {
1088  uint8_t p[crypto_scalarmult_BYTES];
1089  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
1090 
1091  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
1092  return GNUNET_SYSERR;
1093  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
1094  return GNUNET_SYSERR;
1095  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
1096  return GNUNET_OK;
1097 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_ecdsa()

int GNUNET_CRYPTO_ecdh_ecdsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EcDSA public key and a private ECDH key.

Derive key material from a ECDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Dual to GNUNET_CRYPTO_ecdsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1111 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

1114 {
1115  uint8_t p[crypto_scalarmult_BYTES];
1116  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
1117 
1118  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
1119  return GNUNET_SYSERR;
1120  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
1121  return GNUNET_SYSERR;
1122  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
1123  return GNUNET_OK;
1124 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_eddsa_sign_()

int GNUNET_CRYPTO_eddsa_sign_ ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EddsaSignature sig 
)

EdDSA sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_eddsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

EdDSA sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 707 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_OK, GNUNET_SYSERR, pk, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by do_dht_put(), GST_validation_handle_ping(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), regex_iterator(), send_disconnect(), setup_flood_message(), and sign_ephemeral_key().

711 {
712 
713  size_t mlen = ntohl (purpose->size);
714  unsigned char sk[crypto_sign_SECRETKEYBYTES];
715  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
716  int res;
717 
718  BENCHMARK_START (eddsa_sign);
719  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
720  res = crypto_sign_detached ((uint8_t *) sig,
721  NULL,
722  (uint8_t *) purpose,
723  mlen,
724  sk);
725  BENCHMARK_END (eddsa_sign);
726  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
727 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
struct GNUNET_CRYPTO_EcdsaPrivateKey pk
Private key from command line option, or NULL.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static int res
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_sign_()

int GNUNET_CRYPTO_ecdsa_sign_ ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EcdsaSignature sig 
)

ECDSA Sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

ECDSA Sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 645 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, data, data_to_ecdsa_value(), decode_private_ecdsa_key(), GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_WARNING, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), LOG, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_create(), GNUNET_FS_publish_ublock_(), GNUNET_REVOCATION_pow_init(), and OIDC_build_authz_code().

649 {
650  gcry_sexp_t priv_sexp;
651  gcry_sexp_t sig_sexp;
652  gcry_sexp_t data;
653  int rc;
654  gcry_mpi_t rs[2];
655 
656  BENCHMARK_START (ecdsa_sign);
657 
658  priv_sexp = decode_private_ecdsa_key (priv);
659  data = data_to_ecdsa_value (purpose);
660  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
661  {
663  _ ("ECC signing failed at %s:%d: %s\n"),
664  __FILE__,
665  __LINE__,
666  gcry_strerror (rc));
667  gcry_sexp_release (data);
668  gcry_sexp_release (priv_sexp);
669  return GNUNET_SYSERR;
670  }
671  gcry_sexp_release (priv_sexp);
672  gcry_sexp_release (data);
673 
674  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
675  'signature' */
676  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
677  {
678  GNUNET_break (0);
679  gcry_sexp_release (sig_sexp);
680  return GNUNET_SYSERR;
681  }
682  gcry_sexp_release (sig_sexp);
683  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
684  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
685  gcry_mpi_release (rs[0]);
686  gcry_mpi_release (rs[1]);
687 
688  BENCHMARK_END (ecdsa_sign);
689 
690  return GNUNET_OK;
691 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:184
#define LOG(kind,...)
Definition: crypto_ecc.c:45
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:596
unsigned char s[256/8]
S value.
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:80
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:138
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_verify_()

int GNUNET_CRYPTO_eddsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EddsaSignature sig,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Verify EdDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Verify EdDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 819 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_OK, GNUNET_SYSERR, m, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by block_plugin_dns_evaluate(), evaluate_block_regex_accept(), GST_neighbours_handle_disconnect_message(), GST_validation_handle_pong(), handle_ephemeral_key(), keygen_round1_new_element(), keygen_round2_new_element(), and verify_message_crypto().

824 {
825  const unsigned char *m = (const void *) validate;
826  size_t mlen = ntohl (validate->size);
827  const unsigned char *s = (const void *) sig;
828 
829  int res;
830 
831  if (purpose != ntohl (validate->purpose))
832  return GNUNET_SYSERR; /* purpose mismatch */
833 
834  BENCHMARK_START (eddsa_verify);
835  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
836  BENCHMARK_END (eddsa_verify);
837  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
838 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static int res
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_verify_()

int GNUNET_CRYPTO_ecdsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EcdsaSignature sig,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Verify ECDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Verify ECDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 745 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, CURVE, data, data_to_ecdsa_value(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_OK, GNUNET_SYSERR, LOG, LOG_GCRY, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EcdsaPublicKey::q_y, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_plugin_fs_evaluate(), GNUNET_GNSRECORD_block_verify(), GNUNET_REVOCATION_check_pow(), and OIDC_parse_authz_code().

750 {
751  gcry_sexp_t data;
752  gcry_sexp_t sig_sexpr;
753  gcry_sexp_t pub_sexpr;
754  int rc;
755 
756  BENCHMARK_START (ecdsa_verify);
757 
758  if (purpose != ntohl (validate->purpose))
759  return GNUNET_SYSERR; /* purpose mismatch */
760 
761  /* build s-expression for signature */
762  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
763  NULL,
764  "(sig-val(ecdsa(r %b)(s %b)))",
765  (int) sizeof(sig->r),
766  sig->r,
767  (int) sizeof(sig->s),
768  sig->s)))
769  {
770  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
771  return GNUNET_SYSERR;
772  }
773  data = data_to_ecdsa_value (validate);
774  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
775  NULL,
776  "(public-key(ecc(curve " CURVE ")(q %b)))",
777  (int) sizeof(pub->q_y),
778  pub->q_y)))
779  {
780  gcry_sexp_release (data);
781  gcry_sexp_release (sig_sexpr);
782  return GNUNET_SYSERR;
783  }
784  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
785  gcry_sexp_release (pub_sexpr);
786  gcry_sexp_release (data);
787  gcry_sexp_release (sig_sexpr);
788  if (0 != rc)
789  {
791  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
792  __FILE__,
793  __LINE__,
794  gcry_strerror (rc));
795  BENCHMARK_END (ecdsa_verify);
796  return GNUNET_SYSERR;
797  }
798  BENCHMARK_END (ecdsa_verify);
799  return GNUNET_OK;
800 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define _(String)
GNU gettext support macro.
Definition: platform.h:184
#define LOG(kind,...)
Definition: crypto_ecc.c:45
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:58
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:596
unsigned char s[256/8]
S value.
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_private_key_derive()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_private_key_derive ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const char *  label,
const char *  context 
)

Derive a private key from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Essentially calculates a private key 'd = H(l,P) * x mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Definition at line 911 of file crypto_ecc.c.

References ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_new, h, and ret.

Referenced by block_create(), and GNUNET_FS_publish_ublock_().

915 {
918  uint8_t dc[32];
919  gcry_mpi_t h;
920  gcry_mpi_t x;
921  gcry_mpi_t d;
922  gcry_mpi_t n;
923  gcry_ctx_t ctx;
924 
925  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
926 
927  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
929 
930  h = derive_h (&pub, label, context);
931  /* Convert to big endian for libgcrypt */
932  for (size_t i = 0; i < 32; i++)
933  dc[i] = priv->d[31 - i];
934  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc));
935  d = gcry_mpi_new (256);
936  gcry_mpi_mulm (d, h, x, n);
937  gcry_mpi_release (h);
938  gcry_mpi_release (x);
939  gcry_mpi_release (n);
940  gcry_ctx_release (ctx);
942  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
943  /* Convert to big endian for libgcrypt */
944  for (size_t i = 0; i < 32; i++)
945  ret->d[i] = dc[31 - i];
946  sodium_memzero (dc, sizeof(dc));
947  gcry_mpi_release (d);
948  return ret;
949 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static pa_context * context
Pulseaudio context.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:176
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:39
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:873
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
static struct GNUNET_FS_DownloadContext * dc
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_derive()

void GNUNET_CRYPTO_ecdsa_public_key_derive ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EcdsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key derivation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 963 of file crypto_ecc.c.

References ctx, CURVE, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), h, q, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_query_from_public_key(), and schedule_transmit_search_request().

968 {
969  gcry_ctx_t ctx;
970  gcry_mpi_t q_y;
971  gcry_mpi_t h;
972  gcry_mpi_t n;
973  gcry_mpi_t h_mod_n;
974  gcry_mpi_point_t q;
975  gcry_mpi_point_t v;
976 
977  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
978 
979  /* obtain point 'q' from original public key. The provided 'q' is
980  compressed thus we first store it in the context and then get it
981  back as a (decompresssed) point. */
982  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
983  GNUNET_assert (NULL != q_y);
984  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
985  gcry_mpi_release (q_y);
986  q = gcry_mpi_ec_get_point ("q", ctx, 0);
987  GNUNET_assert (q);
988 
989  /* calculate h_mod_n = h % n */
990  h = derive_h (pub, label, context);
991  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
992  h_mod_n = gcry_mpi_new (256);
993  gcry_mpi_mod (h_mod_n, h, n);
994  /* calculate v = h_mod_n * q */
995  v = gcry_mpi_point_new (0);
996  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
997  gcry_mpi_release (h_mod_n);
998  gcry_mpi_release (h);
999  gcry_mpi_release (n);
1000  gcry_mpi_point_release (q);
1001 
1002  /* convert point 'v' to public key that we return */
1003  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
1004  gcry_mpi_point_release (v);
1005  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
1006  GNUNET_assert (q_y);
1007  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
1008  gcry_mpi_release (q_y);
1009  gcry_ctx_release (ctx);
1010 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static pa_context * context
Pulseaudio context.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:873
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
Here is the call graph for this function:
Here is the caller graph for this function: