GNUnet  0.11.x
Enumerations | Enumerator | Functions
Crypto library: cryptographic operations

Provides cryptographic primitives. More...

Enumerations

enum  GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_NONCE }
 Desired quality level for random numbers. More...
 

Functions

void GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 Seed a weak random generator. More...
 
void GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
 Zero out buffer, securely against compiler optimizations. More...
 
void GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
 Fill block with a random values. More...
 
uint32_t GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
 Produce a random value. More...
 
uint64_t GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 Random on unsigned 64-bit values. More...
 
unsigned int * GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
 Get an array with a random permutation of the numbers 0...n-1. More...
 
void GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
 Create a new random session key. More...
 
ssize_t GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Encrypt a block using a symmetric sessionkey. More...
 
ssize_t GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Decrypt a given block using a symmetric sessionkey. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
 Derive an IV. More...
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 Create a new private key by reading our peer's key from the file specified in the configuration. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_create (void)
 Create a new private key. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create (void)
 Create a new private key. More...
 
int GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key. More...
 
struct GNUNET_CRYPTO_EcdhePrivateKeyGNUNET_CRYPTO_ecdhe_key_create (void)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
 Get the shared private key we use for anonymous users. More...
 
void GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
 Setup a hostkey file for a peer given the name of the configuration file (!). More...
 
int GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
 Retrieve the identity of the host's peer. More...
 
int GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key. More...
 
int GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key. More...
 
int GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private ECDSA key. More...
 
int GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key. More...
 
int GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key. More...
 
int GNUNET_CRYPTO_eddsa_sign (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block. More...
 
int GNUNET_CRYPTO_ecdsa_sign (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block. More...
 
int GNUNET_CRYPTO_eddsa_verify (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature. More...
 
int GNUNET_CRYPTO_ecdsa_verify (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 

Detailed Description

Provides cryptographic primitives.

See also
Documentation

Enumeration Type Documentation

◆ GNUNET_CRYPTO_Quality

Desired quality level for random numbers.

Enumerator
GNUNET_CRYPTO_QUALITY_WEAK 

No good quality of the operation is needed (i.e., random numbers can be pseudo-random).

GNUNET_CRYPTO_QUALITY_STRONG 

High-quality operations are desired.

GNUNET_CRYPTO_QUALITY_NONCE 

Randomness for IVs etc.

is required.

Definition at line 74 of file gnunet_crypto_lib.h.

75 {
82 
88 
94 };
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.

Function Documentation

◆ GNUNET_CRYPTO_seed_weak_random()

void GNUNET_CRYPTO_seed_weak_random ( int32_t  seed)

Seed a weak random generator.

Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator can be seeded.

Parameters
seedthe seed to use

Definition at line 96 of file crypto_random.c.

Referenced by __attribute__().

97 {
98  srandom (seed);
99 }
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_zero_keys()

void GNUNET_CRYPTO_zero_keys ( void *  buffer,
size_t  length 
)

Zero out buffer, securely against compiler optimizations.

Used to delete key material.

Parameters
bufferthe buffer to zap
lengthbuffer length

Definition at line 111 of file crypto_random.c.

References GNUNET_CRYPTO_FileHashContext::buffer, and p.

Referenced by dv_key_clean().

112 {
113 #if HAVE_MEMSET_S
114  memset_s (buffer, length, 0, length);
115 #elif HAVE_EXPLICIT_BZERO
116  explicit_bzero (buffer, length);
117 #else
118  volatile unsigned char *p = buffer;
119  while (length--)
120  *p++ = 0;
121 #endif
122 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_block()

void GNUNET_CRYPTO_random_block ( enum GNUNET_CRYPTO_Quality  mode,
void *  buffer,
size_t  length 
)

Fill block with a random values.

Parameters
modedesired quality of the random number
bufferthe buffer to fill
lengthbuffer length

Definition at line 134 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, and GNUNET_CRYPTO_QUALITY_WEAK.

Referenced by delayed_put(), do_pad(), encapsulate_for_dv(), GCC_create(), GNUNET_async_scope_fresh(), handle_validation_response(), prepare_pending_acknowledgement(), RPS_sampler_elem_reinit(), run(), start_address_validation(), and start_dv_learn().

137 {
138 #ifdef gcry_fast_random_poll
139  static unsigned int invokeCount;
140 #endif
141  switch (mode)
142  {
144  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
145 #ifdef gcry_fast_random_poll
146  if ((invokeCount++ % 256) == 0)
147  gcry_fast_random_poll ();
148 #endif
149  gcry_randomize (buffer, length, GCRY_STRONG_RANDOM);
150  return;
151 
153  gcry_create_nonce (buffer, length);
154  return;
155 
157  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
158 #ifdef gcry_fast_random_poll
159  if ((invokeCount++ % 256) == 0)
160  gcry_fast_random_poll ();
161 #endif
162  gcry_randomize (buffer, length, GCRY_WEAK_RANDOM);
163  return;
164 
165  default:
166  GNUNET_assert (0);
167  }
168 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_u32()

uint32_t GNUNET_CRYPTO_random_u32 ( enum GNUNET_CRYPTO_Quality  mode,
uint32_t  i 
)

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i) (exclusive).

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i[.

Definition at line 179 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and ret.

Referenced by __attribute__(), adjust_running_peers(), allocate_v4_address(), allocate_v6_address(), attempt_connect_task(), calculate_seed(), channel_new_cb(), compute_rand_delay(), compute_service_response(), daemon_started(), delay_ms_rnd(), delayed_get(), delayed_put(), download_get_url(), find_validation_entry(), GDS_NEIGHBOURS_handle_get(), gen_topo_random(), generate_indices(), generate_request_id(), get_bootstrap_server(), get_delay(), get_delay_randomization(), get_forward_count(), get_preference(), get_property(), get_random_literal(), get_random_peer_from_peermap(), get_randomized_delay(), get_request_socket(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_hash_create_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FRAGMENT_context_create(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_find_peer(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), main(), manage_service_wrapper(), ogg_init(), plan(), postgres_plugin_get_random(), queue(), reannounce_regex(), recursive_dns_resolution(), refresh_bloomfilter(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), revalidate_address(), route_control_message_without_fc(), route_via_neighbour(), run(), select_peer(), select_random_peer(), send_bloomfilter(), send_find_peer_message(), send_hello(), send_keepalive(), setup_fresh_address(), setup_fresh_ping(), setup_sockets(), should_I_drop(), sqlite_plugin_get(), sqlite_plugin_get_random(), start_dv_learn(), test_run(), transmit_request(), transmit_typemap_task(), and try_open_exit().

180 {
181 #ifdef gcry_fast_random_poll
182  static unsigned int invokeCount;
183 #endif
184  uint32_t ret;
185  uint32_t ul;
186 
187  GNUNET_assert (i > 0);
188 
189  switch (mode)
190  {
192  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
193 #ifdef gcry_fast_random_poll
194  if ((invokeCount++ % 256) == 0)
195  gcry_fast_random_poll ();
196 #endif
197  ul = UINT32_MAX - (UINT32_MAX % i);
198  do
199  {
200  gcry_randomize ((unsigned char *) &ret,
201  sizeof(uint32_t),
202  GCRY_STRONG_RANDOM);
203  }
204  while (ret >= ul);
205  return ret % i;
206 
208  ul = UINT32_MAX - (UINT32_MAX % i);
209  do
210  {
211  gcry_create_nonce (&ret, sizeof(ret));
212  }
213  while (ret >= ul);
214  return ret % i;
215 
217  ret = i * get_weak_random ();
218  if (ret >= i)
219  ret = i - 1;
220  return ret;
221 
222  default:
223  GNUNET_assert (0);
224  }
225  return 0;
226 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
static double get_weak_random()
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:83
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u64()

uint64_t GNUNET_CRYPTO_random_u64 ( enum GNUNET_CRYPTO_Quality  mode,
uint64_t  max 
)

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Definition at line 268 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and ret.

Referenced by activate_core_visible_dv_path(), add_attribute_cont(), attr_store_task(), calculate_fork_degree(), choose_exit(), dht_connected(), filter_tickets_finished_cb(), gen_topo_scale_free(), get_transmit_delay(), GNUNET_DHT_connect(), ifc_broadcast(), mysql_plugin_get_key(), mysql_plugin_get_replication(), mysql_plugin_put(), namestore_flat_store_records(), namestore_postgres_store_records(), namestore_sqlite_store_records(), OIDC_access_token_new(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), rvk_move_attr_cb(), sampler_get_rand_peer(), send_find_peer_message(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().

269 {
270  uint64_t ret;
271  uint64_t ul;
272 
273  GNUNET_assert (max > 0);
274  switch (mode)
275  {
277  ul = UINT64_MAX - (UINT64_MAX % max);
278  do
279  {
280  gcry_randomize ((unsigned char *) &ret,
281  sizeof(uint64_t),
282  GCRY_STRONG_RANDOM);
283  }
284  while (ret >= ul);
285  return ret % max;
286 
288  ul = UINT64_MAX - (UINT64_MAX % max);
289  do
290  {
291  gcry_create_nonce (&ret, sizeof(ret));
292  }
293  while (ret >= ul);
294 
295  return ret % max;
296 
298  ret = max * get_weak_random ();
299  if (ret >= max)
300  ret = max - 1;
301  return ret;
302 
303  default:
304  GNUNET_assert (0);
305  }
306  return 0;
307 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
static double get_weak_random()
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:83
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_permute()

unsigned int* GNUNET_CRYPTO_random_permute ( enum GNUNET_CRYPTO_Quality  mode,
unsigned int  n 
)

Get an array with a random permutation of the numbers 0...n-1.

Parameters
modeGNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used, GNUNET_CRYPTO_QUALITY_WEAK or GNUNET_CRYPTO_QUALITY_NONCE otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)
Parameters
mode#GNUNET_RANDOM_QUALITY_STRONG if the strong (but expensive) PRNG should be used, #GNUNET_RANDOM_QUALITY_WEAK otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)

Definition at line 238 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, and ret.

Referenced by churn(), compute_service_response(), and do_round().

239 {
240  unsigned int *ret;
241  unsigned int i;
242  unsigned int tmp;
243  uint32_t x;
244 
245  GNUNET_assert (n > 0);
246  ret = GNUNET_malloc (n * sizeof(unsigned int));
247  for (i = 0; i < n; i++)
248  ret[i] = i;
249  for (i = n - 1; i > 0; i--)
250  {
251  x = GNUNET_CRYPTO_random_u32 (mode, i + 1);
252  tmp = ret[x];
253  ret[x] = ret[i];
254  ret[i] = tmp;
255  }
256  return ret;
257 }
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random unsigned 32-bit number modulo i.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_create_session_key()

void GNUNET_CRYPTO_symmetric_create_session_key ( struct GNUNET_CRYPTO_SymmetricSessionKey key)

Create a new random session key.

Parameters
keykey to initialize

Create a new random session key.

Parameters
keysession key to initialize

Definition at line 41 of file crypto_symmetric.c.

References GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GNUNET_CRYPTO_AES_KEY_LENGTH, and GNUNET_CRYPTO_SymmetricSessionKey::twofish_key.

44 {
45  gcry_randomize (key->aes_key,
47  GCRY_STRONG_RANDOM);
48  gcry_randomize (key->twofish_key,
50  GCRY_STRONG_RANDOM);
51 }
unsigned char aes_key[(256/8)]
Actual key for AES.
unsigned char twofish_key[(256/8)]
Actual key for TwoFish.
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)

◆ GNUNET_CRYPTO_symmetric_encrypt()

ssize_t GNUNET_CRYPTO_symmetric_encrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams.
Returns
the size of the encrypted block, -1 for errors

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams
resultthe output parameter in which to store the encrypted result can be the same or overlap with block
Returns
the size of the encrypted block, -1 for errors. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as len.

Definition at line 130 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by block_create(), do_encrypt(), encrypt_existing_match(), encrypt_payload(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().

137 {
138  gcry_cipher_hd_t handle;
139  char tmp[size];
140 
141  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
142  return -1;
143  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
144  gcry_cipher_close (handle);
145  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
146  return -1;
147  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
148  gcry_cipher_close (handle);
149  memset (tmp, 0, sizeof(tmp));
150  return size;
151 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_decrypt()

ssize_t GNUNET_CRYPTO_symmetric_decrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizehow big is the block?
sessionkeythe key used to decrypt
ivthe initialization vector to use
resultaddress to store the result at
Returns
-1 on failure, size of decrypted block on success

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizethe size of the block to decrypt
sessionkeythe key used to decrypt
ivthe initialization vector to use, use INITVALUE for streams
resultaddress to store the result at can be the same or overlap with block
Returns
-1 on failure, size of decrypted block on success. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as size.

Definition at line 168 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by decrypt_payload(), do_decrypt(), GNUNET_FS_ublock_decrypt_(), GNUNET_GNSRECORD_block_decrypt(), process_result_with_request(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().

175 {
176  gcry_cipher_hd_t handle;
177  char tmp[size];
178 
179  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
180  return -1;
181  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
182  gcry_cipher_close (handle);
183  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
184  return -1;
185  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
186  gcry_cipher_close (handle);
187  memset (tmp, 0, sizeof(tmp));
188  return size;
189 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_derive_iv()

void GNUNET_CRYPTO_symmetric_derive_iv ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
const void *  salt,
size_t  salt_len,
  ... 
)

Derive an IV.

Parameters
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
...pairs of void * & size_t for context chunks, terminated by NULL

Definition at line 202 of file crypto_symmetric.c.

References GNUNET_CRYPTO_symmetric_derive_iv_v().

Referenced by derive_iv(), derive_pong_iv(), t_ax_decrypt(), t_ax_encrypt(), t_h_decrypt(), t_h_encrypt(), and try_old_ax_keys().

210 {
211  va_list argp;
212 
213  va_start (argp, salt_len);
214  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
215  va_end (argp);
216 }
void GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
Derive an IV.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_public()

void GNUNET_CRYPTO_ecdsa_key_get_public ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 239 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, decode_private_ecdsa_key(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), q, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by attr_iter_cb(), authorize_endpoint(), block_create(), create_finished(), decrypt_block_with_keyword(), filter_tickets_finished_cb(), get_nick_record(), get_update_information_directory(), GNUNET_ABD_delegate_issue(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_block_create(), GNUNET_GNSRECORD_block_create2(), GNUNET_GNSRECORD_query_from_private_key(), GNUNET_IDENTITY_ego_get_anonymous(), GNUNET_IDENTITY_ego_get_public_key(), GNUNET_REVOCATION_sign_revocation(), handle_attribute_store_message(), handle_client_call_message(), handle_collect(), handle_identity_set_default(), handle_identity_update(), identity_zone_cb(), OIDC_parse_authz_code(), process_kblock_for_unindex(), RECLAIM_TICKETS_consume(), RECLAIM_TICKETS_revoke(), and refresh_block().

242 {
243  gcry_sexp_t sexp;
244  gcry_ctx_t ctx;
245  gcry_mpi_t q;
246 
247  BENCHMARK_START (ecdsa_key_get_public);
248 
249  sexp = decode_private_ecdsa_key (priv);
250  GNUNET_assert (NULL != sexp);
251  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL));
252  gcry_sexp_release (sexp);
253  q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
254  GNUNET_assert (NULL != q);
255  GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof(pub->q_y), q);
256  gcry_mpi_release (q);
257  gcry_ctx_release (ctx);
258 
259  BENCHMARK_END (ecdsa_key_get_public);
260 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:135
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_get_public()

void GNUNET_CRYPTO_eddsa_key_get_public ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 270 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, decode_private_eddsa_key(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), q, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by advertise_dns_exit(), create_keys(), GCT_handle_kx(), get_identity(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_FS_uri_loc_create(), GNUNET_TESTING_hostkey_get(), GSC_KX_init(), main_init(), print_key(), regex_iterator(), and run().

273 {
274  gcry_sexp_t sexp;
275  gcry_ctx_t ctx;
276  gcry_mpi_t q;
277 
278  BENCHMARK_START (eddsa_key_get_public);
279 
280  sexp = decode_private_eddsa_key (priv);
281  GNUNET_assert (NULL != sexp);
282  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL));
283  gcry_sexp_release (sexp);
284  q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
285  GNUNET_assert (q);
286  GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof(pub->q_y), q);
287  gcry_mpi_release (q);
288  gcry_ctx_release (ctx);
289 
290  BENCHMARK_END (eddsa_key_get_public);
291 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
static gcry_sexp_t decode_private_eddsa_key(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:170
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_get_public()

void GNUNET_CRYPTO_ecdhe_key_get_public ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
struct GNUNET_CRYPTO_EcdhePublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 301 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, decode_private_ecdhe_key(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), q, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by GCT_handle_kx(), GCT_handle_kx_auth(), GCT_send(), inject_rekey(), mq_send(), OIDC_build_authz_code(), print_examples_ecdh(), send_kx(), send_kx_auth(), sign_ephemeral_key(), start_initial_kx_out(), and update_ephemeral().

304 {
305  gcry_sexp_t sexp;
306  gcry_ctx_t ctx;
307  gcry_mpi_t q;
308 
309  BENCHMARK_START (ecdhe_key_get_public);
310 
311  sexp = decode_private_ecdhe_key (priv);
312  GNUNET_assert (NULL != sexp);
313  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL));
314  gcry_sexp_release (sexp);
315  q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
316  GNUNET_assert (q);
317  GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof(pub->q_y), q);
318  gcry_mpi_release (q);
319  gcry_ctx_release (ctx);
320 
321  BENCHMARK_END (ecdhe_key_get_public);
322 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static gcry_sexp_t decode_private_ecdhe_key(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:205
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create_from_file()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_create_from_file ( const char *  filename)

Create a new private key by reading it from a file.

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 269 of file crypto_ecc_setup.c.

References _, GNUNET_DISK_FileHandle::fd, fs, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_DISK_directory_create_for_file(), GNUNET_DISK_file_close(), GNUNET_DISK_file_lock(), GNUNET_DISK_file_open(), GNUNET_DISK_file_read(), GNUNET_DISK_file_size(), GNUNET_DISK_file_sync(), GNUNET_DISK_file_test(), GNUNET_DISK_file_unlock(), GNUNET_DISK_file_write(), GNUNET_DISK_OPEN_CREATE, GNUNET_DISK_OPEN_FAILIFEXISTS, GNUNET_DISK_OPEN_READ, GNUNET_DISK_OPEN_WRITE, GNUNET_DISK_PERM_NONE, GNUNET_DISK_PERM_USER_READ, GNUNET_DISK_PERM_USER_WRITE, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_malloc, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, GNUNET_YES, LOG, LOG_STRERROR_FILE, and short_wait().

Referenced by process_ego_file().

270 {
271  struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
272  struct GNUNET_DISK_FileHandle *fd;
273  unsigned int cnt;
274  int ec;
275  uint64_t fs;
276  ssize_t sret;
277 
279  return NULL;
281  {
282  fd =
288  if (NULL == fd)
289  {
290  if (EEXIST == errno)
291  {
293  {
294  /* must exist but not be accessible, fail for good! */
295  if (0 != access (filename, R_OK))
297  else
298  GNUNET_break (0); /* what is going on!? */
299  return NULL;
300  }
301  continue;
302  }
304  return NULL;
305  }
306  cnt = 0;
307  while (GNUNET_YES !=
309  0,
310  sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey),
311  GNUNET_YES))
312  {
313  short_wait ();
314  if (0 == ++cnt % 10)
315  {
316  ec = errno;
318  _ ("Could not acquire lock on file `%s': %s...\n"),
319  filename,
320  strerror (ec));
321  }
322  }
324  _ ("Creating a new private key. This may take a while.\n"));
326  GNUNET_assert (NULL != priv);
327  GNUNET_assert (sizeof(*priv) ==
328  GNUNET_DISK_file_write (fd, priv, sizeof(*priv)));
330  if (GNUNET_YES !=
332  0,
333  sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)))
336  return priv;
337  }
338  /* key file exists already, read it! */
342  if (NULL == fd)
343  {
345  return NULL;
346  }
347  cnt = 0;
348  while (1)
349  {
350  if (GNUNET_YES !=
352  0,
353  sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey),
354  GNUNET_NO))
355  {
356  if (0 == ++cnt % 60)
357  {
358  ec = errno;
360  _ ("Could not acquire lock on file `%s': %s...\n"),
361  filename,
362  strerror (ec));
363  LOG (
365  _ (
366  "This may be ok if someone is currently generating a private key.\n"));
367  }
368  short_wait ();
369  continue;
370  }
372  {
373  /* eh, what!? File we opened is now gone!? */
375  if (GNUNET_YES !=
377  0,
378  sizeof(
382 
383  return NULL;
384  }
385  if (GNUNET_OK !=
387  fs = 0;
388  if (fs < sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey))
389  {
390  /* maybe we got the read lock before the key generating
391  * process had a chance to get the write lock; give it up! */
392  if (GNUNET_YES !=
394  0,
395  sizeof(
398  if (0 == ++cnt % 10)
399  {
401  _ (
402  "When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
403  filename,
404  (unsigned int) fs,
405  (unsigned int) sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
407  _ ("This may be ok if someone is currently generating a key.\n"));
408  }
409  short_wait (); /* wait a bit longer! */
410  continue;
411  }
412  break;
413  }
414  fs = sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey);
415  priv = GNUNET_malloc (fs);
416  sret = GNUNET_DISK_file_read (fd, priv, fs);
417  GNUNET_assert ((sret >= 0) && (fs == (size_t) sret));
418  if (GNUNET_YES !=
420  0,
421  sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)))
424  return priv;
425 }
#define LOG_STRERROR_FILE(kind, syscall, filename)
static void short_wait()
Wait for a short time (we&#39;re trying to lock a file or want to give another process a shot at finishin...
int GNUNET_DISK_file_test(const char *fil)
Check that fil corresponds to a filename (of a file that exists and that is not a directory)...
Definition: disk.c:544
Open the file for reading.
int GNUNET_DISK_file_sync(const struct GNUNET_DISK_FileHandle *h)
Write file changes to disk.
Definition: disk.c:1500
Create file if it doesn&#39;t exist.
int GNUNET_DISK_file_close(struct GNUNET_DISK_FileHandle *h)
Close an open file.
Definition: disk.c:1345
int GNUNET_DISK_file_unlock(struct GNUNET_DISK_FileHandle *fh, off_t unlock_start, off_t unlock_end)
Unlock a part of a file.
Definition: disk.c:1233
ssize_t GNUNET_DISK_file_read(const struct GNUNET_DISK_FileHandle *h, void *result, size_t len)
Read the contents of a binary file into a buffer.
Definition: disk.c:732
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_create(void)
Create a new private key.
Definition: crypto_ecc.c:688
Nobody is allowed to do anything to the file.
int GNUNET_DISK_directory_create_for_file(const char *filename)
Create the directory structure for storing a file.
Definition: disk.c:684
#define GNUNET_NO
Definition: gnunet_common.h:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
Private ECC key encoded for transmission.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
ssize_t GNUNET_DISK_file_write(const struct GNUNET_DISK_FileHandle *h, const void *buffer, size_t n)
Write a buffer to a file.
Definition: disk.c:820
#define LOG(kind,...)
static char * filename
int GNUNET_DISK_file_lock(struct GNUNET_DISK_FileHandle *fh, off_t lock_start, off_t lock_end, int excl)
Lock a part of a file.
Definition: disk.c:1201
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
Open the file for writing.
static struct GNUNET_FS_Handle * fs
Handle to FS service.
Definition: gnunet-fs.c:36
int GNUNET_DISK_file_size(const char *filename, uint64_t *size, int include_symbolic_links, int single_file_mode)
Get the size of the file (or directory) of the given file (in bytes).
Definition: disk.c:257
#define GNUNET_YES
Definition: gnunet_common.h:77
int fd
File handle on Unix-like systems.
Fail if file already exists.
struct GNUNET_DISK_FileHandle * GNUNET_DISK_file_open(const char *fn, enum GNUNET_DISK_OpenFlags flags, enum GNUNET_DISK_AccessPermissions perm)
Open a file.
Definition: disk.c:1268
Handle used to access files (and pipes).
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_file()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_file ( const char *  filename)

Create a new private key by reading it from a file.

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free

If the files does not exist, create a new key and write it to the file. Caller must free return value. Note that this function can not guarantee that another process might not be trying the same operation on the same file at the same time. If the contents of the file are invalid the old file is deleted and a fresh key is created.

Parameters
filenamename of file to use to store the key
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 87 of file crypto_ecc_setup.c.

References _, GNUNET_DISK_FileHandle::fd, fs, GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_eddsa_key_create(), GNUNET_DISK_directory_create_for_file(), GNUNET_DISK_file_close(), GNUNET_DISK_file_lock(), GNUNET_DISK_file_open(), GNUNET_DISK_file_read(), GNUNET_DISK_file_size(), GNUNET_DISK_file_sync(), GNUNET_DISK_file_test(), GNUNET_DISK_file_unlock(), GNUNET_DISK_file_write(), GNUNET_DISK_OPEN_CREATE, GNUNET_DISK_OPEN_FAILIFEXISTS, GNUNET_DISK_OPEN_READ, GNUNET_DISK_OPEN_WRITE, GNUNET_DISK_PERM_NONE, GNUNET_DISK_PERM_USER_READ, GNUNET_DISK_PERM_USER_WRITE, GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_malloc, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, GNUNET_YES, LOG, LOG_STRERROR_FILE, and short_wait().

Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), main_init(), and run().

88 {
89  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
90  struct GNUNET_DISK_FileHandle *fd;
91  unsigned int cnt;
92  int ec;
93  uint64_t fs;
94  ssize_t sret;
95 
97  return NULL;
99  {
100  fd =
106  if (NULL == fd)
107  {
108  if (EEXIST == errno)
109  {
111  {
112  /* must exist but not be accessible, fail for good! */
113  if (0 != access (filename, R_OK))
115  else
116  GNUNET_break (0); /* what is going on!? */
117  return NULL;
118  }
119  continue;
120  }
122  return NULL;
123  }
124  cnt = 0;
125  while (GNUNET_YES !=
127  0,
128  sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey),
129  GNUNET_YES))
130  {
131  short_wait ();
132  if (0 == ++cnt % 10)
133  {
134  ec = errno;
136  _ ("Could not acquire lock on file `%s': %s...\n"),
137  filename,
138  strerror (ec));
139  }
140  }
142  _ ("Creating a new private key. This may take a while.\n"));
144  GNUNET_assert (NULL != priv);
145  GNUNET_assert (sizeof(*priv) ==
146  GNUNET_DISK_file_write (fd, priv, sizeof(*priv)));
148  if (GNUNET_YES !=
150  0,
151  sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)))
154  return priv;
155  }
156  /* key file exists already, read it! */
160  if (NULL == fd)
161  {
163  return NULL;
164  }
165  cnt = 0;
166  while (1)
167  {
168  if (GNUNET_YES !=
170  0,
171  sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey),
172  GNUNET_NO))
173  {
174  if (0 == ++cnt % 60)
175  {
176  ec = errno;
178  _ ("Could not acquire lock on file `%s': %s...\n"),
179  filename,
180  strerror (ec));
181  LOG (
183  _ (
184  "This may be ok if someone is currently generating a private key.\n"));
185  }
186  short_wait ();
187  continue;
188  }
190  {
191  /* eh, what!? File we opened is now gone!? */
193  if (GNUNET_YES !=
195  0,
196  sizeof(
200 
201  return NULL;
202  }
203  if (GNUNET_OK !=
205  fs = 0;
206  if (fs < sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey))
207  {
208  /* maybe we got the read lock before the key generating
209  * process had a chance to get the write lock; give it up! */
210  if (GNUNET_YES !=
212  0,
213  sizeof(
216  if (0 == ++cnt % 10)
217  {
219  _ (
220  "When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
221  filename,
222  (unsigned int) fs,
223  (unsigned int) sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
225  _ ("This may be ok if someone is currently generating a key.\n"));
226  }
227  short_wait (); /* wait a bit longer! */
228  continue;
229  }
230  break;
231  }
232  fs = sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey);
233  priv = GNUNET_malloc (fs);
234  sret = GNUNET_DISK_file_read (fd, priv, fs);
235  GNUNET_assert ((sret >= 0) && (fs == (size_t) sret));
236  if (GNUNET_YES !=
238  0,
239  sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)))
242 #if CRYPTO_BUG
243  if (GNUNET_OK != check_eddsa_key (priv))
244  {
245  GNUNET_break (0);
246  GNUNET_free (priv);
247  return NULL;
248  }
249 #endif
250  return priv;
251 }
#define LOG_STRERROR_FILE(kind, syscall, filename)
static void short_wait()
Wait for a short time (we&#39;re trying to lock a file or want to give another process a shot at finishin...
int GNUNET_DISK_file_test(const char *fil)
Check that fil corresponds to a filename (of a file that exists and that is not a directory)...
Definition: disk.c:544
Open the file for reading.
int GNUNET_DISK_file_sync(const struct GNUNET_DISK_FileHandle *h)
Write file changes to disk.
Definition: disk.c:1500
Create file if it doesn&#39;t exist.
int GNUNET_DISK_file_close(struct GNUNET_DISK_FileHandle *h)
Close an open file.
Definition: disk.c:1345
int GNUNET_DISK_file_unlock(struct GNUNET_DISK_FileHandle *fh, off_t unlock_start, off_t unlock_end)
Unlock a part of a file.
Definition: disk.c:1233
ssize_t GNUNET_DISK_file_read(const struct GNUNET_DISK_FileHandle *h, void *result, size_t len)
Read the contents of a binary file into a buffer.
Definition: disk.c:732
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Nobody is allowed to do anything to the file.
int GNUNET_DISK_directory_create_for_file(const char *filename)
Create the directory structure for storing a file.
Definition: disk.c:684
#define GNUNET_NO
Definition: gnunet_common.h:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create(void)
Create a new private key.
Definition: crypto_ecc.c:744
ssize_t GNUNET_DISK_file_write(const struct GNUNET_DISK_FileHandle *h, const void *buffer, size_t n)
Write a buffer to a file.
Definition: disk.c:820
#define LOG(kind,...)
static char * filename
int GNUNET_DISK_file_lock(struct GNUNET_DISK_FileHandle *fh, off_t lock_start, off_t lock_end, int excl)
Lock a part of a file.
Definition: disk.c:1201
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
Open the file for writing.
static struct GNUNET_FS_Handle * fs
Handle to FS service.
Definition: gnunet-fs.c:36
int GNUNET_DISK_file_size(const char *filename, uint64_t *size, int include_symbolic_links, int single_file_mode)
Get the size of the file (or directory) of the given file (in bytes).
Definition: disk.c:257
Private ECC key encoded for transmission.
#define GNUNET_YES
Definition: gnunet_common.h:77
int fd
File handle on Unix-like systems.
Fail if file already exists.
struct GNUNET_DISK_FileHandle * GNUNET_DISK_file_open(const char *fn, enum GNUNET_DISK_OpenFlags flags, enum GNUNET_DISK_AccessPermissions perm)
Open a file.
Definition: disk.c:1268
Handle used to access files (and pipes).
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_configuration()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_configuration ( const struct GNUNET_CONFIGURATION_Handle cfg)

Create a new private key by reading our peer's key from the file specified in the configuration.

Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free
Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 437 of file crypto_ecc_setup.c.

References fn, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_create_from_file(), GNUNET_free, and GNUNET_OK.

Referenced by advertise_dns_exit(), GNUNET_CRYPTO_eddsa_setup_key(), GNUNET_CRYPTO_get_peer_identity(), and run().

439 {
440  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
441  char *fn;
442 
443  if (GNUNET_OK !=
444  GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn))
445  return NULL;
447  GNUNET_free (fn);
448  return priv;
449 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
static char * fn
Filename of the unique file.
Private ECC key encoded for transmission.
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_file(const char *filename)
Create a new private key by reading it from a file.
int GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_create ( void  )

Create a new private key.

Caller must free return value.

Returns
fresh private key; free using GNUNET_free

Caller must free return value.

Returns
fresh private key

Definition at line 688 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_new, key_from_sexp(), and LOG_GCRY.

Referenced by GNUNET_CRYPTO_ecdsa_key_create_from_file(), and GNUNET_IDENTITY_create().

689 {
690  struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
691  gcry_sexp_t priv_sexp;
692  gcry_sexp_t s_keyparam;
693  gcry_mpi_t d;
694  int rc;
695 
696  BENCHMARK_START (ecdsa_key_create);
697 
698  if (0 != (rc = gcry_sexp_build (&s_keyparam,
699  NULL,
700  "(genkey(ecc(curve \"" CURVE "\")"
701  "(flags)))")))
702  {
703  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
704  return NULL;
705  }
706  if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
707  {
708  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
709  gcry_sexp_release (s_keyparam);
710  return NULL;
711  }
712  gcry_sexp_release (s_keyparam);
713 #if EXTRA_CHECKS
714  if (0 != (rc = gcry_pk_testkey (priv_sexp)))
715  {
716  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
717  gcry_sexp_release (priv_sexp);
718  return NULL;
719  }
720 #endif
721  if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
722  {
723  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
724  gcry_sexp_release (priv_sexp);
725  return NULL;
726  }
727  gcry_sexp_release (priv_sexp);
729  GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof(priv->d), d);
730  gcry_mpi_release (d);
731 
732  BENCHMARK_END (ecdsa_key_create);
733 
734  return priv;
735 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:77
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create ( void  )

Create a new private key.

Caller must free return value.

Returns
fresh private key; free using GNUNET_free

Caller must free return value.

Returns
fresh private key

Definition at line 744 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, CURVE, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_new, GNUNET_OK, key_from_sexp(), and LOG_GCRY.

Referenced by create_keys(), and GNUNET_CRYPTO_eddsa_key_create_from_file().

745 {
746  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
747  gcry_sexp_t priv_sexp;
748  gcry_sexp_t s_keyparam;
749  gcry_mpi_t d;
750  int rc;
751 
752  BENCHMARK_START (eddsa_key_create);
753 
754 #if CRYPTO_BUG
755 again:
756 #endif
757  if (0 != (rc = gcry_sexp_build (&s_keyparam,
758  NULL,
759  "(genkey(ecc(curve \"" CURVE "\")"
760  "(flags eddsa)))")))
761  {
762  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
763  return NULL;
764  }
765  if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
766  {
767  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
768  gcry_sexp_release (s_keyparam);
769  return NULL;
770  }
771  gcry_sexp_release (s_keyparam);
772 #if EXTRA_CHECKS
773  if (0 != (rc = gcry_pk_testkey (priv_sexp)))
774  {
775  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
776  gcry_sexp_release (priv_sexp);
777  return NULL;
778  }
779 #endif
780  if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
781  {
782  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
783  gcry_sexp_release (priv_sexp);
784  return NULL;
785  }
786  gcry_sexp_release (priv_sexp);
788  GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof(priv->d), d);
789  gcry_mpi_release (d);
790 
791 #if CRYPTO_BUG
792  if (GNUNET_OK != check_eddsa_key (priv))
793  {
794  GNUNET_break (0);
795  GNUNET_free (priv);
796  goto again;
797  }
798 #endif
799 
800  BENCHMARK_END (eddsa_key_create);
801 
802  return priv;
803 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
Private ECC key encoded for transmission.
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:77
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create2()

int GNUNET_CRYPTO_ecdhe_key_create2 ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Create a new private key.

Clear with GNUNET_CRYPTO_ecdhe_key_clear().

Parameters
[out]pkset to fresh private key;
Returns
GNUNET_OK on success, GNUNET_SYSERR on failure

Definition at line 630 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, CURVE, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), and LOG_GCRY.

Referenced by GCT_create_tunnel(), GNUNET_CRYPTO_ecdhe_key_create(), inject_rekey(), mq_send(), new_ephemeral(), start_initial_kx_out(), and update_ephemeral().

631 {
632  gcry_sexp_t priv_sexp;
633  gcry_sexp_t s_keyparam;
634  gcry_mpi_t d;
635  int rc;
636 
637  BENCHMARK_START (ecdhe_key_create);
638 
639  /* NOTE: For libgcrypt >= 1.7, we do not need the 'eddsa' flag here,
640  but should also be harmless. For libgcrypt < 1.7, using 'eddsa'
641  disables an expensive key testing routine. We do not want to run
642  the expensive check for ECDHE, as we generate TONS of keys to
643  use for a very short time. */if (0 != (rc = gcry_sexp_build (&s_keyparam,
644  NULL,
645  "(genkey(ecc(curve \"" CURVE "\")"
646  "(flags eddsa no-keytest)))")))
647  {
648  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
649  return GNUNET_SYSERR;
650  }
651  if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
652  {
653  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
654  gcry_sexp_release (s_keyparam);
655  return GNUNET_SYSERR;
656  }
657  gcry_sexp_release (s_keyparam);
658 #if EXTRA_CHECKS
659  if (0 != (rc = gcry_pk_testkey (priv_sexp)))
660  {
661  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
662  gcry_sexp_release (priv_sexp);
663  return GNUNET_SYSERR;
664  }
665 #endif
666  if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
667  {
668  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
669  gcry_sexp_release (priv_sexp);
670  return GNUNET_SYSERR;
671  }
672  gcry_sexp_release (priv_sexp);
673  GNUNET_CRYPTO_mpi_print_unsigned (pk->d, sizeof(pk->d), d);
674  gcry_mpi_release (d);
675 
676  BENCHMARK_END (ecdhe_key_create);
677 
678  return GNUNET_OK;
679 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:77
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create()

struct GNUNET_CRYPTO_EcdhePrivateKey* GNUNET_CRYPTO_ecdhe_key_create ( void  )

Create a new private key.

Caller must free return value.

Returns
fresh private key; free using GNUNET_free

Caller must free return value.

Returns
fresh private key

Definition at line 608 of file crypto_ecc.c.

References GNUNET_CRYPTO_ecdhe_key_create2(), GNUNET_free, GNUNET_new, and GNUNET_OK.

Referenced by do_rekey(), GSC_KX_init(), OIDC_build_authz_code(), and print_examples_ecdh().

609 {
610  struct GNUNET_CRYPTO_EcdhePrivateKey *priv;
611 
614  {
615  GNUNET_free (priv);
616  return NULL;
617  }
618  return priv;
619 }
int GNUNET_CRYPTO_ecdhe_key_create2(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:630
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_clear()

void GNUNET_CRYPTO_eddsa_key_clear ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 596 of file crypto_ecc.c.

597 {
598  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
599 }
Private ECC key encoded for transmission.

◆ GNUNET_CRYPTO_ecdsa_key_clear()

void GNUNET_CRYPTO_ecdsa_key_clear ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 583 of file crypto_ecc.c.

Referenced by main().

584 {
585  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
586 }
Private ECC key encoded for transmission.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_clear()

void GNUNET_CRYPTO_ecdhe_key_clear ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 570 of file crypto_ecc.c.

Referenced by cleanup_ax().

571 {
572  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
573 }
Private ECC key encoded for transmission.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_anonymous()

const struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_get_anonymous ( void  )

Get the shared private key we use for anonymous users.

Returns
"anonymous" private key; do not free
"anonymous" private key

'anonymous' pseudonym (global static, d=1, public key = G (generator).

Definition at line 812 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.

Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().

813 {
818  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
819  static int once;
820 
821  if (once)
822  return &anonymous;
824  sizeof(anonymous.d),
825  GCRYMPI_CONST_ONE);
826  once = 1;
827  return &anonymous;
828 }
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
Private ECC key encoded for transmission.
static int once
Global to mark if we&#39;ve run the initialization.
Definition: gnsrecord.c:68
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_setup_hostkey()

void GNUNET_CRYPTO_eddsa_setup_hostkey ( const char *  cfg_name)

Setup a hostkey file for a peer given the name of the configuration file (!).

This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).

Parameters
cfg_namename of the configuration file to use

◆ GNUNET_CRYPTO_get_peer_identity()

int GNUNET_CRYPTO_get_peer_identity ( const struct GNUNET_CONFIGURATION_Handle cfg,
struct GNUNET_PeerIdentity dst 
)

Retrieve the identity of the host's peer.

Parameters
cfgconfiguration to use
dstpointer to where to write the peer identity
Returns
GNUNET_OK on success, GNUNET_SYSERR if the identity could not be retrieved

Definition at line 461 of file crypto_ecc_setup.c.

References _, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, and GNUNET_PeerIdentity::public_key.

Referenced by GNUNET_CONVERSATION_phone_create(), and run().

463 {
464  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
465 
466  if (NULL == (priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg)))
467  {
469  _ ("Could not load peer's private key\n"));
470  return GNUNET_SYSERR;
471  }
473  GNUNET_free (priv);
474  return GNUNET_OK;
475 }
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:270
Private ECC key encoded for transmission.
#define GNUNET_log(kind,...)
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer&#39;s key from the file specified in the configuration...
#define GNUNET_free(ptr)
Wrapper around free.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_ecdh()

int GNUNET_CRYPTO_ecc_ecdh ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1183 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, CURVE, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_ERROR_TYPE_ERROR, GNUNET_OK, GNUNET_SYSERR, LOG_GCRY, q, GNUNET_CRYPTO_EcdhePublicKey::q_y, and result.

Referenced by derive_session_keys(), GCT_handle_kx(), print_examples_ecdh(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().

1186 {
1187  gcry_mpi_point_t result;
1188  gcry_mpi_point_t q;
1189  gcry_mpi_t d;
1190  gcry_ctx_t ctx;
1191  gcry_sexp_t pub_sexpr;
1192  gcry_mpi_t result_x;
1193  unsigned char xbuf[256 / 8];
1194  size_t rsize;
1195 
1196  BENCHMARK_START (ecc_ecdh);
1197 
1198  /* first, extract the q = dP value from the public key */
1199  if (0 != gcry_sexp_build (&pub_sexpr,
1200  NULL,
1201  "(public-key(ecc(curve " CURVE ")(q %b)))",
1202  (int) sizeof(pub->q_y),
1203  pub->q_y))
1204  return GNUNET_SYSERR;
1205  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
1206  gcry_sexp_release (pub_sexpr);
1207  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1208 
1209  /* second, extract the d value from our private key */
1210  GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d));
1211 
1212  /* then call the 'multiply' function, to compute the product */
1213  result = gcry_mpi_point_new (0);
1214  gcry_mpi_ec_mul (result, d, q, ctx);
1215  gcry_mpi_point_release (q);
1216  gcry_mpi_release (d);
1217 
1218  /* finally, convert point to string for hashing */
1219  result_x = gcry_mpi_new (256);
1220  if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx))
1221  {
1222  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0);
1223  gcry_mpi_point_release (result);
1224  gcry_ctx_release (ctx);
1225  return GNUNET_SYSERR;
1226  }
1227  gcry_mpi_point_release (result);
1228  gcry_ctx_release (ctx);
1229 
1230  rsize = sizeof(xbuf);
1231  GNUNET_assert (! gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE));
1232  /* result_x can be negative here, so we do not use 'GNUNET_CRYPTO_mpi_print_unsigned'
1233  as that does not include the sign bit; x should be a 255-bit
1234  value, so with the sign it should fit snugly into the 256-bit
1235  xbuf */
1236  GNUNET_assert (
1237  0 == gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize, result_x));
1238  GNUNET_CRYPTO_hash (xbuf, rsize, key_material);
1239  gcry_mpi_release (result_x);
1240  BENCHMARK_END (ecc_ecdh);
1241  return GNUNET_OK;
1242 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
static int result
Global testing status.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_ecdh()

int GNUNET_CRYPTO_eddsa_ecdh ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private EdDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from EdDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1503 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_EddsaPrivateKey::d, eddsa_d_to_a(), GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SYSERR, point_to_hash(), q, GNUNET_CRYPTO_EcdhePublicKey::q_y, result, and ret.

Referenced by dh_key_derive_eph_pub(), GCT_handle_kx(), setup_in_cipher(), setup_shared_secret_dec(), and update_ax_by_kx().

1506 {
1507  gcry_mpi_point_t result;
1508  gcry_mpi_point_t q;
1509  gcry_mpi_t d;
1510  gcry_mpi_t a;
1511  gcry_ctx_t ctx;
1512  gcry_sexp_t pub_sexpr;
1513  int ret;
1514 
1515  BENCHMARK_START (eddsa_ecdh);
1516 
1517  /* first, extract the q = dP value from the public key */
1518  if (0 != gcry_sexp_build (&pub_sexpr,
1519  NULL,
1520  "(public-key(ecc(curve " CURVE ")(q %b)))",
1521  (int) sizeof(pub->q_y),
1522  pub->q_y))
1523  return GNUNET_SYSERR;
1524  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
1525  gcry_sexp_release (pub_sexpr);
1526  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1527 
1528  /* second, extract the d value from our private key */
1529  GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d));
1530 
1531  /* NOW, because this is EdDSA, HASH 'd' first! */
1532  a = eddsa_d_to_a (d);
1533  gcry_mpi_release (d);
1534 
1535  /* then call the 'multiply' function, to compute the product */
1536  result = gcry_mpi_point_new (0);
1537  gcry_mpi_ec_mul (result, a, q, ctx);
1538  gcry_mpi_point_release (q);
1539  gcry_mpi_release (a);
1540 
1541  ret = point_to_hash (result, ctx, key_material);
1542  gcry_mpi_point_release (result);
1543  gcry_ctx_release (ctx);
1544  BENCHMARK_END (eddsa_ecdh);
1545  return ret;
1546 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static int point_to_hash(gcry_mpi_point_t result, gcry_ctx_t ctx, struct GNUNET_HashCode *key_material)
Take point from ECDH and convert it to key material.
Definition: crypto_ecc.c:1462
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static int result
Global testing status.
static gcry_mpi_t eddsa_d_to_a(gcry_mpi_t d)
Convert the secret d of an EdDSA key to the value that is actually used in the EdDSA computation...
Definition: crypto_ecc.c:1417
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_ecdh()

int GNUNET_CRYPTO_ecdsa_ecdh ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private ECDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1560 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SYSERR, point_to_hash(), q, GNUNET_CRYPTO_EcdhePublicKey::q_y, result, and ret.

Referenced by calculate_key_priv().

1563 {
1564  gcry_mpi_point_t result;
1565  gcry_mpi_point_t q;
1566  gcry_mpi_t d;
1567  gcry_ctx_t ctx;
1568  gcry_sexp_t pub_sexpr;
1569  int ret;
1570 
1571  BENCHMARK_START (ecdsa_ecdh);
1572 
1573  /* first, extract the q = dP value from the public key */
1574  if (0 != gcry_sexp_build (&pub_sexpr,
1575  NULL,
1576  "(public-key(ecc(curve " CURVE ")(q %b)))",
1577  (int) sizeof(pub->q_y),
1578  pub->q_y))
1579  return GNUNET_SYSERR;
1580  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
1581  gcry_sexp_release (pub_sexpr);
1582  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1583 
1584  /* second, extract the d value from our private key */
1585  GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d));
1586 
1587  /* then call the 'multiply' function, to compute the product */
1588  result = gcry_mpi_point_new (0);
1589  gcry_mpi_ec_mul (result, d, q, ctx);
1590  gcry_mpi_point_release (q);
1591  gcry_mpi_release (d);
1592 
1593  /* finally, convert point to string for hashing */
1594  ret = point_to_hash (result, ctx, key_material);
1595  gcry_mpi_point_release (result);
1596  gcry_ctx_release (ctx);
1597  BENCHMARK_END (ecdsa_ecdh);
1598  return ret;
1599 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static int point_to_hash(gcry_mpi_point_t result, gcry_ctx_t ctx, struct GNUNET_HashCode *key_material)
Take point from ECDH and convert it to key material.
Definition: crypto_ecc.c:1462
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static int result
Global testing status.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_eddsa()

int GNUNET_CRYPTO_ecdh_eddsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EddsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EdDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_eddsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from EdDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1613 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, ctx, CURVE, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_SYSERR, point_to_hash(), q, GNUNET_CRYPTO_EddsaPublicKey::q_y, result, and ret.

Referenced by dh_key_derive_eph_pid(), GCT_handle_kx(), GNUNET_CRYPTO_ecdh_ecdsa(), setup_out_cipher(), setup_shared_secret_enc(), and update_ax_by_kx().

1616 {
1617  gcry_mpi_point_t result;
1618  gcry_mpi_point_t q;
1619  gcry_mpi_t d;
1620  gcry_ctx_t ctx;
1621  gcry_sexp_t pub_sexpr;
1622  int ret;
1623 
1624  BENCHMARK_START (ecdh_eddsa);
1625 
1626  /* first, extract the q = dP value from the public key */
1627  if (0 != gcry_sexp_build (&pub_sexpr,
1628  NULL,
1629  "(public-key(ecc(curve " CURVE ")(q %b)))",
1630  (int) sizeof(pub->q_y),
1631  pub->q_y))
1632  return GNUNET_SYSERR;
1633  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL));
1634  gcry_sexp_release (pub_sexpr);
1635  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1636 
1637  /* second, extract the d value from our private key */
1638  GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d));
1639 
1640  /* then call the 'multiply' function, to compute the product */
1641  result = gcry_mpi_point_new (0);
1642  gcry_mpi_ec_mul (result, d, q, ctx);
1643  gcry_mpi_point_release (q);
1644  gcry_mpi_release (d);
1645 
1646  /* finally, convert point to string for hashing */
1647  ret = point_to_hash (result, ctx, key_material);
1648  gcry_mpi_point_release (result);
1649  gcry_ctx_release (ctx);
1650  BENCHMARK_END (ecdh_eddsa);
1651  return ret;
1652 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static int point_to_hash(gcry_mpi_point_t result, gcry_ctx_t ctx, struct GNUNET_HashCode *key_material)
Take point from ECDH and convert it to key material.
Definition: crypto_ecc.c:1462
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
static int result
Global testing status.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_ecdsa()

int GNUNET_CRYPTO_ecdh_ecdsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EcDSA public key and a private ECDH key.

Derive key material from a ECDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Dual to #GNUNET_CRRYPTO_eddsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 1666 of file crypto_ecc.c.

References GNUNET_CRYPTO_ecdh_eddsa().

Referenced by calculate_key_pub().

1669 {
1670  return GNUNET_CRYPTO_ecdh_eddsa (priv,
1671  (const struct GNUNET_CRYPTO_EddsaPublicKey *)
1672  pub,
1673  key_material);
1674 }
int GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:1613
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_sign()

int GNUNET_CRYPTO_eddsa_sign ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EddsaSignature sig 
)

EdDSA sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

EdDSA sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 987 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, data, data_to_eddsa_value(), decode_private_eddsa_key(), GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_WARNING, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), LOG, GNUNET_CRYPTO_EddsaSignature::r, and GNUNET_CRYPTO_EddsaSignature::s.

Referenced by do_dht_put(), forward_dv_learn(), GNUNET_FS_uri_loc_create(), GNUNET_HELLO_sign_address(), GST_validation_handle_ping(), handle_validation_challenge(), iface_proc(), inject_rekey(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), mq_send(), regex_iterator(), send_disconnect(), setup_flood_message(), sign_ephemeral_key(), start_dv_learn(), transmit_kx(), and update_ephemeral().

991 {
992  gcry_sexp_t priv_sexp;
993  gcry_sexp_t sig_sexp;
994  gcry_sexp_t data;
995  int rc;
996  gcry_mpi_t rs[2];
997 
998  BENCHMARK_START (eddsa_sign);
999 
1000  priv_sexp = decode_private_eddsa_key (priv);
1001  data = data_to_eddsa_value (purpose);
1002  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
1003  {
1005  _ ("EdDSA signing failed at %s:%d: %s\n"),
1006  __FILE__,
1007  __LINE__,
1008  gcry_strerror (rc));
1009  gcry_sexp_release (data);
1010  gcry_sexp_release (priv_sexp);
1011  return GNUNET_SYSERR;
1012  }
1013  gcry_sexp_release (priv_sexp);
1014  gcry_sexp_release (data);
1015 
1016  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
1017  'signature' */
1018  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
1019  {
1020  GNUNET_break (0);
1021  gcry_sexp_release (sig_sexp);
1022  return GNUNET_SYSERR;
1023  }
1024  gcry_sexp_release (sig_sexp);
1025  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
1026  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
1027  gcry_mpi_release (rs[0]);
1028  gcry_mpi_release (rs[1]);
1029 
1030  BENCHMARK_END (eddsa_sign);
1031 
1032  return GNUNET_OK;
1033 }
unsigned char r[256/8]
R value.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
unsigned char s[256/8]
S value.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
#define LOG(kind,...)
Definition: crypto_ecc.c:42
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
static gcry_sexp_t decode_private_eddsa_key(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:170
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:77
static gcry_sexp_t data_to_eddsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:839
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_sign()

int GNUNET_CRYPTO_ecdsa_sign ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EcdsaSignature sig 
)

ECDSA Sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

ECDSA Sign a given block.

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 929 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, data, data_to_ecdsa_value(), decode_private_ecdsa_key(), GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_WARNING, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), LOG, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_create(), GNUNET_ABD_delegate_issue(), GNUNET_FS_publish_ublock_(), GNUNET_REVOCATION_sign_revocation(), handle_client_call_message(), and OIDC_build_authz_code().

933 {
934  gcry_sexp_t priv_sexp;
935  gcry_sexp_t sig_sexp;
936  gcry_sexp_t data;
937  int rc;
938  gcry_mpi_t rs[2];
939 
940  BENCHMARK_START (ecdsa_sign);
941 
942  priv_sexp = decode_private_ecdsa_key (priv);
943  data = data_to_ecdsa_value (purpose);
944  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
945  {
947  _ ("ECC signing failed at %s:%d: %s\n"),
948  __FILE__,
949  __LINE__,
950  gcry_strerror (rc));
951  gcry_sexp_release (data);
952  gcry_sexp_release (priv_sexp);
953  return GNUNET_SYSERR;
954  }
955  gcry_sexp_release (priv_sexp);
956  gcry_sexp_release (data);
957 
958  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
959  'signature' */
960  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
961  {
962  GNUNET_break (0);
963  gcry_sexp_release (sig_sexp);
964  return GNUNET_SYSERR;
965  }
966  gcry_sexp_release (sig_sexp);
967  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
968  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
969  gcry_mpi_release (rs[0]);
970  gcry_mpi_release (rs[1]);
971 
972  BENCHMARK_END (ecdsa_sign);
973 
974  return GNUNET_OK;
975 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
#define LOG(kind,...)
Definition: crypto_ecc.c:42
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:884
unsigned char s[256/8]
S value.
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:77
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:135
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_verify()

int GNUNET_CRYPTO_eddsa_verify ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EddsaSignature sig,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Verify EdDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Verify EdDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 1114 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, CURVE, data, data_to_eddsa_value(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_OK, GNUNET_SYSERR, LOG, LOG_GCRY, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, GNUNET_CRYPTO_EddsaSignature::r, and GNUNET_CRYPTO_EddsaSignature::s.

Referenced by block_plugin_dns_evaluate(), decrypt_and_check_tc(), do_rekey(), evaluate_block_regex_accept(), GNUNET_HELLO_extract_address(), GST_neighbours_handle_disconnect_message(), GST_validation_handle_pong(), handle_dv_box(), handle_dv_learn(), handle_ephemeral_key(), handle_validation_response(), keygen_round1_new_element(), keygen_round2_new_element(), sock_read(), uri_loc_parse(), validate_dv_initiator_signature(), verify_confirmation(), and verify_message_crypto().

1119 {
1120  gcry_sexp_t data;
1121  gcry_sexp_t sig_sexpr;
1122  gcry_sexp_t pub_sexpr;
1123  int rc;
1124 
1125  BENCHMARK_START (eddsa_verify);
1126 
1127  if (purpose != ntohl (validate->purpose))
1128  return GNUNET_SYSERR; /* purpose mismatch */
1129 
1130  /* build s-expression for signature */
1131  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
1132  NULL,
1133  "(sig-val(eddsa(r %b)(s %b)))",
1134  (int) sizeof(sig->r),
1135  sig->r,
1136  (int) sizeof(sig->s),
1137  sig->s)))
1138  {
1139  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
1140  return GNUNET_SYSERR;
1141  }
1142  data = data_to_eddsa_value (validate);
1143  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
1144  NULL,
1145  "(public-key(ecc(curve " CURVE
1146  ")(flags eddsa)(q %b)))",
1147  (int) sizeof(pub->q_y),
1148  pub->q_y)))
1149  {
1150  gcry_sexp_release (data);
1151  gcry_sexp_release (sig_sexpr);
1152  return GNUNET_SYSERR;
1153  }
1154  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
1155  gcry_sexp_release (pub_sexpr);
1156  gcry_sexp_release (data);
1157  gcry_sexp_release (sig_sexpr);
1158  if (0 != rc)
1159  {
1161  _ ("EdDSA signature verification of type %u failed at %s:%d: %s\n"),
1162  (unsigned int) purpose,
1163  __FILE__,
1164  __LINE__,
1165  gcry_strerror (rc));
1166  BENCHMARK_END (eddsa_verify);
1167  return GNUNET_SYSERR;
1168  }
1169  BENCHMARK_END (eddsa_verify);
1170  return GNUNET_OK;
1171 }
unsigned char r[256/8]
R value.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
unsigned char s[256/8]
S value.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
#define LOG(kind,...)
Definition: crypto_ecc.c:42
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
static gcry_sexp_t data_to_eddsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:839
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_verify()

int GNUNET_CRYPTO_ecdsa_verify ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EcdsaSignature sig,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Verify ECDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Verify ECDSA signature.

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 1046 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, CURVE, data, data_to_ecdsa_value(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_OK, GNUNET_SYSERR, LOG, LOG_GCRY, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EcdsaPublicKey::q_y, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_plugin_fs_evaluate(), block_plugin_revocation_evaluate(), GNUNET_ABD_delegate_deserialize(), GNUNET_ABD_delegate_serialize(), GNUNET_GNSRECORD_block_verify(), handle_cadet_ring_message(), OIDC_parse_authz_code(), and verify_revoke_message().

1051 {
1052  gcry_sexp_t data;
1053  gcry_sexp_t sig_sexpr;
1054  gcry_sexp_t pub_sexpr;
1055  int rc;
1056 
1057  BENCHMARK_START (ecdsa_verify);
1058 
1059  if (purpose != ntohl (validate->purpose))
1060  return GNUNET_SYSERR; /* purpose mismatch */
1061 
1062  /* build s-expression for signature */
1063  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
1064  NULL,
1065  "(sig-val(ecdsa(r %b)(s %b)))",
1066  (int) sizeof(sig->r),
1067  sig->r,
1068  (int) sizeof(sig->s),
1069  sig->s)))
1070  {
1071  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
1072  return GNUNET_SYSERR;
1073  }
1074  data = data_to_ecdsa_value (validate);
1075  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
1076  NULL,
1077  "(public-key(ecc(curve " CURVE ")(q %b)))",
1078  (int) sizeof(pub->q_y),
1079  pub->q_y)))
1080  {
1081  gcry_sexp_release (data);
1082  gcry_sexp_release (sig_sexpr);
1083  return GNUNET_SYSERR;
1084  }
1085  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
1086  gcry_sexp_release (pub_sexpr);
1087  gcry_sexp_release (data);
1088  gcry_sexp_release (sig_sexpr);
1089  if (0 != rc)
1090  {
1092  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
1093  __FILE__,
1094  __LINE__,
1095  gcry_strerror (rc));
1096  BENCHMARK_END (ecdsa_verify);
1097  return GNUNET_SYSERR;
1098  }
1099  BENCHMARK_END (ecdsa_verify);
1100  return GNUNET_OK;
1101 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
#define LOG(kind,...)
Definition: crypto_ecc.c:42
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:55
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:884
unsigned char s[256/8]
S value.
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_private_key_derive()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_private_key_derive ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const char *  label,
const char *  context 
)

Derive a private key from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Essentially calculates a private key 'd = H(l,P) * x mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Definition at line 1294 of file crypto_ecc.c.

References ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, derive_h(), GNUNET_assert, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_new, h, and ret.

Referenced by block_create(), and GNUNET_FS_publish_ublock_().

1298 {
1301  gcry_mpi_t h;
1302  gcry_mpi_t x;
1303  gcry_mpi_t d;
1304  gcry_mpi_t n;
1305  gcry_ctx_t ctx;
1306 
1307  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
1308 
1309  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
1311 
1312  h = derive_h (&pub, label, context);
1313  GNUNET_CRYPTO_mpi_scan_unsigned (&x, priv->d, sizeof(priv->d));
1314  d = gcry_mpi_new (256);
1315  gcry_mpi_mulm (d, h, x, n);
1316  gcry_mpi_release (h);
1317  gcry_mpi_release (x);
1318  gcry_mpi_release (n);
1319  gcry_ctx_release (ctx);
1321  GNUNET_CRYPTO_mpi_print_unsigned (ret->d, sizeof(ret->d), d);
1322  gcry_mpi_release (d);
1323  return ret;
1324 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static pa_context * context
Pulseaudio context.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:239
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:39
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:1256
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_derive()

void GNUNET_CRYPTO_ecdsa_public_key_derive ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EcdsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key derivation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 1338 of file crypto_ecc.c.

References ctx, CURVE, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), h, q, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_query_from_public_key(), and schedule_transmit_search_request().

1343 {
1344  gcry_ctx_t ctx;
1345  gcry_mpi_t q_y;
1346  gcry_mpi_t h;
1347  gcry_mpi_t n;
1348  gcry_mpi_t h_mod_n;
1349  gcry_mpi_point_t q;
1350  gcry_mpi_point_t v;
1351 
1352  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
1353 
1354  /* obtain point 'q' from original public key. The provided 'q' is
1355  compressed thus we first store it in the context and then get it
1356  back as a (decompresssed) point. */
1357  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
1358  GNUNET_assert (NULL != q_y);
1359  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
1360  gcry_mpi_release (q_y);
1361  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1362  GNUNET_assert (q);
1363 
1364  /* calculate h_mod_n = h % n */
1365  h = derive_h (pub, label, context);
1366  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
1367  h_mod_n = gcry_mpi_new (256);
1368  gcry_mpi_mod (h_mod_n, h, n);
1369  /* calculate v = h_mod_n * q */
1370  v = gcry_mpi_point_new (0);
1371  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
1372  gcry_mpi_release (h_mod_n);
1373  gcry_mpi_release (h);
1374  gcry_mpi_release (n);
1375  gcry_mpi_point_release (q);
1376 
1377  /* convert point 'v' to public key that we return */
1378  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
1379  gcry_mpi_point_release (v);
1380  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
1381  GNUNET_assert (q_y);
1382  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
1383  gcry_mpi_release (q_y);
1384  gcry_ctx_release (ctx);
1385 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static pa_context * context
Pulseaudio context.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:1256
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:40
Here is the call graph for this function:
Here is the caller graph for this function: