 |
GNUnet 0.21.1
|
|
|
GNUnet 0.21.1
|
|
Provides cryptographic primitives. More...
Macros | |
| #define | GNUNET_CRYPTO_eddsa_sign(priv, ps, sig) |
| EdDSA sign a given block. More... | |
| #define | GNUNET_CRYPTO_ecdsa_sign(priv, ps, sig) |
| ECDSA sign a given block. More... | |
| #define | GNUNET_CRYPTO_edx25519_sign(priv, ps, sig) |
| Edx25519 sign a given block. More... | |
| #define | GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub) |
| Verify EdDSA signature. More... | |
| #define | GNUNET_CRYPTO_ecdsa_verify(purp, ps, sig, pub) |
| Verify ECDSA signature. More... | |
| #define | GNUNET_CRYPTO_edx25519_verify(purp, ps, sig, pub) |
| Verify Edx25519 signature. More... | |
Enumerations | |
| enum | GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK , GNUNET_CRYPTO_QUALITY_STRONG , GNUNET_CRYPTO_QUALITY_NONCE } |
| Desired quality level for random numbers. More... | |
Provides cryptographic primitives.
| #define GNUNET_CRYPTO_eddsa_sign | ( | priv, | |
| ps, | |||
| sig | |||
| ) |
EdDSA sign a given block.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| priv | private key to use for the signing | |
| ps | packed struct with what to sign, MUST begin with a purpose | |
| [out] | sig | where to write the signature |
Definition at line 2217 of file gnunet_crypto_lib.h.
| #define GNUNET_CRYPTO_ecdsa_sign | ( | priv, | |
| ps, | |||
| sig | |||
| ) |
ECDSA sign a given block.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| priv | private key to use for the signing | |
| ps | packed struct with what to sign, MUST begin with a purpose | |
| [out] | sig | where to write the signature |
Definition at line 2279 of file gnunet_crypto_lib.h.
| #define GNUNET_CRYPTO_edx25519_sign | ( | priv, | |
| ps, | |||
| sig | |||
| ) |
Edx25519 sign a given block.
The resulting signature is compatible with EdDSA.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| priv | private key to use for the signing | |
| ps | packed struct with what to sign, MUST begin with a purpose | |
| [out] | sig | where to write the signature |
Definition at line 2326 of file gnunet_crypto_lib.h.
Verify EdDSA signature.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| purp | purpose of the signature, must match 'ps->purpose.purpose' (except in host byte order) |
| priv | private key to use for the signing |
| ps | packed struct with what to sign, MUST begin with a purpose |
| sig | where to write the signature |
Definition at line 2379 of file gnunet_crypto_lib.h.
Verify ECDSA signature.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| purp | purpose of the signature, must match 'ps->purpose.purpose' (except in host byte order) |
| priv | private key to use for the signing |
| ps | packed struct with what to sign, MUST begin with a purpose |
| sig | where to write the signature |
Definition at line 2431 of file gnunet_crypto_lib.h.
Verify Edx25519 signature.
The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.
| purp | purpose of the signature, must match 'ps->purpose.purpose' (except in host byte order) |
| priv | private key to use for the signing |
| ps | packed struct with what to sign, MUST begin with a purpose |
| sig | where to write the signature |
Definition at line 2483 of file gnunet_crypto_lib.h.
Desired quality level for random numbers.
Definition at line 84 of file gnunet_crypto_lib.h.
| void GNUNET_CRYPTO_seed_weak_random | ( | int32_t | seed | ) |
Seed a weak random generator.
Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator can be seeded.
| seed | the seed to use |
Definition at line 91 of file crypto_random.c.
Referenced by __attribute__().
| void GNUNET_CRYPTO_zero_keys | ( | void * | buffer, |
| size_t | length | ||
| ) |
Zero out buffer, securely against compiler optimizations.
Used to delete key material.
| buffer | the buffer to zap |
| length | buffer length |
Definition at line 110 of file crypto_random.c.
References p.
Referenced by delete_store_message(), dv_key_clean(), GNUNET_CRYPTO_decrypt_old(), and GNUNET_CRYPTO_encrypt_old().
| void GNUNET_CRYPTO_random_block | ( | enum GNUNET_CRYPTO_Quality | mode, |
| void * | buffer, | ||
| size_t | length | ||
| ) |
Fill block with a random values.
| mode | desired quality of the random number | |
| [out] | buffer | the buffer to fill |
| length | buffer length | |
| mode | desired quality of the random number | |
| buffer | the buffer to fill | |
| length | buffer length |
Definition at line 133 of file crypto_random.c.
References GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and mode.
Referenced by delayed_put(), do_pad(), encapsulate_for_dv(), encode_message_body(), GCC_create(), generate_free_member_id(), GNUNET_async_scope_fresh(), GNUNET_CRYPTO_ecdhe_elligator_key_create(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdsa_fo_kem_encaps(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_eddsa_fo_kem_encaps(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_edx25519_key_create(), GNUNET_CRYPTO_random_timeflake(), handle_validation_response(), mq_init(), output_vectors(), prepare_pending_acknowledgement(), RPS_sampler_elem_reinit(), sock_read(), start_address_validation(), start_dv_learn(), and transmit_kx().
| void GNUNET_CRYPTO_random_timeflake | ( | enum GNUNET_CRYPTO_Quality | mode, |
| struct GNUNET_Uuid * | uuid | ||
| ) |
Fill UUID with a timeflake pseudo-random value.
Note that timeflakes use only 80 bits of randomness and 48 bits to encode a timestamp in milliseconds. So what we return here is not a completely random number.
| mode | desired quality of the random number | |
| [out] | uuid | the value to fill |
Note that timeflakes use only 80 bits of randomness and 48 bits to encode a timestamp in milliseconds. So what we return here is not a completely random number.
| mode | desired quality of the random number |
| uuid | the value to fill |
Definition at line 316 of file crypto_random.c.
References GNUNET_TIME_Absolute::abs_value_us, GNUNET_CRYPTO_random_block(), GNUNET_htonll(), GNUNET_TIME_absolute_get(), GNUNET_TIME_UNIT_MILLISECONDS, and mode.
| uint32_t GNUNET_CRYPTO_random_u32 | ( | enum GNUNET_CRYPTO_Quality | mode, |
| uint32_t | i | ||
| ) |
Produce a random value.
| mode | desired quality of the random number |
| i | the upper limit (exclusive) for the random number |
Produce a random value.
| mode | desired quality of the random number |
| i | the upper limit (exclusive) for the random number |
Definition at line 178 of file crypto_random.c.
References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, mode, and ret.
Referenced by __attribute__(), allocate_v4_address(), allocate_v6_address(), calculate_seed(), channel_new_cb(), compute_rand_delay(), compute_service_response(), daemon_started(), delayed_get(), delayed_put(), download_get_url(), generate_request_id(), get_any(), get_bootstrap_server(), get_delay_randomization(), get_forward_count(), get_random_literal(), get_random_peer_from_peermap(), get_randomized_delay(), get_request_socket(), get_typed(), GNUNET_BLOCK_GROUP_bf_create(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_hash_create_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), join_room_run(), ogg_init(), plan(), queue(), reannounce_regex(), recursive_dns_resolution(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), route_control_message_without_fc(), route_via_neighbour(), select_peer(), send_bloomfilter(), setup_fresh_address(), setup_fresh_ping(), should_I_drop(), shuffle_answers(), start_dv_learn(), test_run(), transmit_typemap_task(), and try_open_exit().
| uint64_t GNUNET_CRYPTO_random_u64 | ( | enum GNUNET_CRYPTO_Quality | mode, |
| uint64_t | max | ||
| ) |
Generate a random unsigned 64-bit value.
| mode | desired quality of the random number |
| max | value returned will be in range [0,max) (exclusive) |
Definition at line 262 of file crypto_random.c.
References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, max, mode, and ret.
Referenced by activate_core_visible_dv_path(), calculate_fork_degree(), choose_exit(), dht_connected(), get_transmit_delay(), GNUNET_DHT_connect(), GNUNET_GNSRECORD_pow_start(), handle_dht_p2p_put(), handle_flow_control(), handle_validation_response(), ifc_broadcast(), namestore_flat_store_records(), namestore_postgres_store_records(), namestore_sqlite_store_records(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), run(), sampler_get_rand_peer(), send_find_peer_message(), send_full_set(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().
| unsigned int * GNUNET_CRYPTO_random_permute | ( | enum GNUNET_CRYPTO_Quality | mode, |
| unsigned int | n | ||
| ) |
Get an array with a random permutation of the numbers 0...n-1.
| mode | GNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used, GNUNET_CRYPTO_QUALITY_WEAK or GNUNET_CRYPTO_QUALITY_NONCE otherwise |
| n | the size of the array |
| mode | #GNUNET_RANDOM_QUALITY_STRONG if the strong (but expensive) PRNG should be used, #GNUNET_RANDOM_QUALITY_WEAK otherwise |
| n | the size of the array |
Definition at line 238 of file crypto_random.c.
References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, mode, and ret.
Referenced by compute_service_response(), and do_round().
| void GNUNET_CRYPTO_symmetric_create_session_key | ( | struct GNUNET_CRYPTO_SymmetricSessionKey * | key | ) |
Create a new random session key.
| key | key to initialize |
Create a new random session key.
| key | session key to initialize |
Definition at line 42 of file crypto_symmetric.c.
References GNUNET_CRYPTO_AES_KEY_LENGTH, and key.
| ssize_t GNUNET_CRYPTO_symmetric_encrypt | ( | const void * | block, |
| size_t | size, | ||
| const struct GNUNET_CRYPTO_SymmetricSessionKey * | sessionkey, | ||
| const struct GNUNET_CRYPTO_SymmetricInitializationVector * | iv, | ||
| void * | result | ||
| ) |
Encrypt a block using a symmetric sessionkey.
| block | the block to encrypt |
| size | the size of the block |
| sessionkey | the key used to encrypt |
| iv | the initialization vector to use, use INITVALUE for streams. |
Encrypt a block using a symmetric sessionkey.
| block | the block to encrypt |
| size | the size of the block |
| sessionkey | the key used to encrypt |
| iv | the initialization vector to use, use INITVALUE for streams |
| result | the output parameter in which to store the encrypted result can be the same or overlap with block |
len. Definition at line 131 of file crypto_symmetric.c.
References GNUNET_assert, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.
Referenced by do_encrypt(), encrypt_existing_match(), GNUNET_CRYPTO_encrypt_old(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().
| ssize_t GNUNET_CRYPTO_symmetric_decrypt | ( | const void * | block, |
| size_t | size, | ||
| const struct GNUNET_CRYPTO_SymmetricSessionKey * | sessionkey, | ||
| const struct GNUNET_CRYPTO_SymmetricInitializationVector * | iv, | ||
| void * | result | ||
| ) |
Decrypt a given block using a symmetric sessionkey.
| block | the data to decrypt, encoded as returned by encrypt |
| size | how big is the block? |
| sessionkey | the key used to decrypt |
| iv | the initialization vector to use |
| result | address to store the result at |
Decrypt a given block using a symmetric sessionkey.
| block | the data to decrypt, encoded as returned by encrypt |
| size | the size of the block to decrypt |
| sessionkey | the key used to decrypt |
| iv | the initialization vector to use, use INITVALUE for streams |
| result | address to store the result at can be the same or overlap with block |
size. Definition at line 169 of file crypto_symmetric.c.
References GNUNET_assert, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.
Referenced by do_decrypt(), GNUNET_CRYPTO_decrypt_old(), GNUNET_FS_ublock_decrypt_(), process_result_with_request(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().
| void GNUNET_CRYPTO_symmetric_derive_iv | ( | struct GNUNET_CRYPTO_SymmetricInitializationVector * | iv, |
| const struct GNUNET_CRYPTO_SymmetricSessionKey * | skey, | ||
| const void * | salt, | ||
| size_t | salt_len, | ||
| ... | |||
| ) |
Derive an IV.
| iv | initialization vector |
| skey | session key |
| salt | salt for the derivation |
| salt_len | size of the salt |
| ... | pairs of void * & size_t for context chunks, terminated by NULL |
Definition at line 203 of file crypto_symmetric.c.
References GNUNET_CRYPTO_symmetric_derive_iv_v(), and salt.
Referenced by derive_iv(), derive_pong_iv(), t_ax_decrypt(), t_ax_encrypt(), t_h_decrypt(), t_h_encrypt(), and try_old_ax_keys().
| void GNUNET_CRYPTO_ecdsa_key_get_public | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| struct GNUNET_CRYPTO_EcdsaPublicKey * | pub | ||
| ) |
Extract the public key for the given private key.
| priv | the private key |
| pub | where to write the public key |
Definition at line 187 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by block_create2(), decrypt_block_with_keyword(), get_update_information_directory(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_CRYPTO_key_get_public(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), and process_kblock_for_unindex().
| void GNUNET_CRYPTO_eddsa_key_get_public | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| struct GNUNET_CRYPTO_EddsaPublicKey * | pub | ||
| ) |
Extract the public key for the given private key.
| priv | the private key |
| pub | where to write the public key |
Definition at line 198 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_memcpy, pk, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by advertise_dns_exit(), block_create2(), checkvec(), create_keys(), GNUNET_CRYPTO_eddsa_private_key_derive(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_CRYPTO_key_get_public(), GNUNET_FS_uri_loc_create(), GNUNET_TESTING_get_peer(), GNUNET_TESTING_hostkey_get(), GSC_KX_init(), init_socket(), main_init(), output_vectors(), print_key(), regex_iterator(), and run().
| void GNUNET_CRYPTO_edx25519_key_get_public | ( | const struct GNUNET_CRYPTO_Edx25519PrivateKey * | priv, |
| struct GNUNET_CRYPTO_Edx25519PublicKey * | pub | ||
| ) |
Extract the public key for the given private key.
| priv | the private key |
| pub | where to write the public key |
Definition at line 79 of file crypto_edx25519.c.
References GNUNET_CRYPTO_Edx25519PrivateKey::a, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by GNUNET_CRYPTO_edx25519_private_key_derive(), and output_vectors().
| void GNUNET_CRYPTO_ecdhe_key_get_public | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| struct GNUNET_CRYPTO_EcdhePublicKey * | pub | ||
| ) |
Extract the public key for the given private key.
| priv | the private key |
| pub | where to write the public key |
Definition at line 214 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by fo_kem_decaps(), GCT_handle_kx_auth(), GCT_send(), GNUNET_CRYPTO_ecdsa_fo_kem_encaps(), GNUNET_CRYPTO_eddsa_fo_kem_encaps(), GNUNET_CRYPTO_eddsa_kem_encaps(), GNUNET_CRYPTO_encrypt_old(), output_vectors(), print_examples_ecdh(), send_kx(), send_kx_auth(), and sign_ephemeral_key().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file | ( | const char * | filename, |
| int | do_create, | ||
| struct GNUNET_CRYPTO_EcdsaPrivateKey * | pkey | ||
| ) |
Create a new private key by reading it from a file.
If the files does not exist and do_create is set, creates a new key and write it to the file.
If the contents of the file are invalid, an error is returned.
| filename | name of file to use to store the key | |
| do_create | should a file be created? | |
| [out] | pkey | set to the private key from filename on success |
Definition at line 201 of file crypto_ecc_setup.c.
References filename, GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_DISK_fn_write(), GNUNET_DISK_PERM_USER_READ, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, pkey, and read_from_file().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file | ( | const char * | filename, |
| int | do_create, | ||
| struct GNUNET_CRYPTO_EddsaPrivateKey * | pkey | ||
| ) |
Create a new private key by reading it from a file.
If the files does not exist and do_create is set, creates a new key and write it to the file.
If the contents of the file are invalid, an error is returned.
| filename | name of file to use to store the key | |
| do_create | should a file be created? | |
| [out] | pkey | set to the private key from filename on success |
If the files does not exist and do_create is set, creates a new key and write it to the file.
If the contents of the file are invalid, an error is returned.
| filename | name of file to use to store the key | |
| do_create | should a file be created? | |
| [out] | pkey | set to the private key from filename on success |
Definition at line 144 of file crypto_ecc_setup.c.
References filename, GNUNET_CRYPTO_eddsa_key_create(), GNUNET_DISK_fn_write(), GNUNET_DISK_PERM_USER_READ, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, pkey, read_from_file(), and ret.
Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), main_init(), and run().
| struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration | ( | const struct GNUNET_CONFIGURATION_Handle * | cfg | ) |
Create a new private key by reading our peer's key from the file specified in the configuration.
| cfg | the configuration to use |
| cfg | the configuration to use |
Definition at line 247 of file crypto_ecc_setup.c.
References cfg, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_from_file(), GNUNET_free, GNUNET_new, GNUNET_OK, GNUNET_SYSERR, and GNUNET_YES.
Referenced by advertise_dns_exit(), DHTU_gnunet_init(), GNUNET_CRYPTO_eddsa_setup_key(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_CRYPTO_sign_by_peer_identity(), init_socket(), and run().
| void GNUNET_CRYPTO_ecdsa_key_create | ( | struct GNUNET_CRYPTO_EcdsaPrivateKey * | pk | ) |
Create a new private key.
| [out] | pk | private key to initialize |
Definition at line 447 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.
Referenced by GNUNET_CRYPTO_ecdsa_key_from_file(), private_key_create(), run_edkey(), and run_pkey().
| void GNUNET_CRYPTO_eddsa_key_create | ( | struct GNUNET_CRYPTO_EddsaPrivateKey * | pk | ) |
Create a new private key.
| [out] | pk | private key to initialize |
Definition at line 462 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.
Referenced by create_keys(), GNUNET_CRYPTO_eddsa_key_from_file(), output_vectors(), private_key_create(), and run_edkey().
| void GNUNET_CRYPTO_edx25519_key_create | ( | struct GNUNET_CRYPTO_Edx25519PrivateKey * | pk | ) |
Create a new private key.
| [out] | pk | private key to initialize |
Definition at line 65 of file crypto_edx25519.c.
References GNUNET_CRYPTO_edx25519_key_create_from_seed(), GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.
Referenced by output_vectors().
| void GNUNET_CRYPTO_edx25519_key_create_from_seed | ( | const void * | seed, |
| size_t | seedsize, | ||
| struct GNUNET_CRYPTO_Edx25519PrivateKey * | pk | ||
| ) |
Create a new private key for Edx25519 from a given seed.
After expanding the seed, the first half of the key will be clamped according to EdDSA.
| seed | seed input | |
| seedsize | size of the seed in bytes | |
| [out] | pk | private key to initialize |
Definition at line 45 of file crypto_edx25519.c.
References GNUNET_CRYPTO_hash(), GNUNET_static_assert, and pk.
Referenced by GNUNET_CRYPTO_edx25519_key_create().
| void GNUNET_CRYPTO_ecdhe_key_create | ( | struct GNUNET_CRYPTO_EcdhePrivateKey * | pk | ) |
Create a new private key.
Clear with GNUNET_CRYPTO_ecdhe_key_clear(). This is X25519 DH (RFC 7748 Section 5) and corresponds to X25519(a,9). See GNUNET_CRYPTO_ecc_ecdh for the DH function.
| [out] | pk | set to fresh private key; |
Definition at line 436 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.
Referenced by do_rekey(), GCT_create_tunnel(), GNUNET_CRYPTO_eddsa_kem_encaps(), GNUNET_CRYPTO_encrypt_old(), GSC_KX_init(), new_ephemeral(), output_vectors(), and print_examples_ecdh().
| void GNUNET_CRYPTO_eddsa_key_clear | ( | struct GNUNET_CRYPTO_EddsaPrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 429 of file crypto_ecc.c.
References pk.
| void GNUNET_CRYPTO_ecdsa_key_clear | ( | struct GNUNET_CRYPTO_EcdsaPrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 422 of file crypto_ecc.c.
References pk.
| void GNUNET_CRYPTO_edx25519_key_clear | ( | struct GNUNET_CRYPTO_Edx25519PrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 38 of file crypto_edx25519.c.
References pk.
| void GNUNET_CRYPTO_ecdhe_key_clear | ( | struct GNUNET_CRYPTO_EcdhePrivateKey * | pk | ) |
Clear memory that was used to store a private key.
| pk | location of the key |
Definition at line 415 of file crypto_ecc.c.
References pk.
Referenced by cleanup_ax(), and GNUNET_CRYPTO_encrypt_old().
| const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_get_anonymous | ( | void | ) |
Get the shared private key we use for anonymous users.
'anonymous' pseudonym (global static, d=1, public key = G (generator).
Definition at line 482 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.
Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().
| void GNUNET_CRYPTO_eddsa_setup_hostkey | ( | const char * | cfg_name | ) |
Setup a hostkey file for a peer given the name of the configuration file (!).
This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).
| cfg_name | name of the configuration file to use |
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_get_peer_identity | ( | const struct GNUNET_CONFIGURATION_Handle * | cfg, |
| struct GNUNET_PeerIdentity * | dst | ||
| ) |
Retrieve the identity of the host's peer.
| cfg | configuration to use |
| dst | pointer to where to write the peer identity |
Definition at line 274 of file crypto_ecc_setup.c.
References _, cfg, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, and GNUNET_PeerIdentity::public_key.
Referenced by DHTU_ip_init(), get_result_iterator(), get_service_peer_identity(), GNUNET_CONVERSATION_phone_create(), and run().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_sign_by_peer_identity | ( | const struct GNUNET_CONFIGURATION_Handle * | cfg, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_EddsaSignature * | sig | ||
| ) |
Sign a given block with a specific purpose using the host's peer identity.
| cfg | configuration to use |
| purpose | what to sign (size, purpose) |
| sig | where to write the signature |
Definition at line 293 of file crypto_ecc_setup.c.
References _, cfg, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_sign_(), GNUNET_ERROR_TYPE_ERROR, GNUNET_log, and GNUNET_SYSERR.
Referenced by sign_message_by_peer().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_verify_peer_identity | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_EddsaSignature * | sig, | ||
| const struct GNUNET_PeerIdentity * | identity | ||
| ) |
Verify a given signature with a peer's identity.
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| identity | the peer's identity to verify |
Definition at line 313 of file crypto_ecc_setup.c.
References GNUNET_CRYPTO_eddsa_verify_(), and identity.
Referenced by verify_message_by_peer().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a public and a private ECC key.
This is X25519 DH (RFC 7748 Section 5) and corresponds to H(X25519(b,X25519(a,9))) where b := priv, pub := X25519(a,9), and a := GNUNET_CRYPTO_ecdhe_key_create().
| priv | private key to use for the ECDH (x) |
| pub | public key to use for the ECDH (yG) |
| key_material | where to write the key material (xyG) |
Definition at line 714 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by checkvec(), derive_session_keys(), output_vectors(), print_examples_ecdh(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a ECDH public key and a private EdDSA key.
Dual to #GNUNET_CRRYPTO_ecdh_eddsa. This uses the Ed25519 private seed as X25519 seed. As such, this also is a X25519 DH (see GNUNET_CRYPTO_ecc_ecdh). NOTE: Whenever you can get away with it, use separate key pairs for signing and encryption (DH)!
| priv | private key from EdDSA to use for the ECDH (x) |
| pub | public key to use for the ECDH (yG) |
| key_material | where to write the key material H(h(x)yG) |
Definition at line 727 of file crypto_ecc.c.
References GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by GNUNET_CRYPTO_decrypt_old(), GNUNET_CRYPTO_eddsa_elligator_kem_decaps(), GNUNET_CRYPTO_eddsa_fo_kem_decaps(), GNUNET_CRYPTO_eddsa_kem_decaps(), and update_ax_by_kx().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_decaps | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | c, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Decapsulate a key for a private EdDSA key.
Dual to #GNUNET_CRRYPTO_eddsa_kem_encaps.
| priv | private key from EdDSA to use for the ECDH (x) |
| c | the encapsulated key |
| key_material | where to write the key material H(h(x)yG) |
Definition at line 749 of file crypto_ecc.c.
References GNUNET_CRYPTO_eddsa_ecdh().
Referenced by handle_dv_box(), setup_in_cipher(), and setup_shared_secret_dec().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_kem_encaps | ( | const struct GNUNET_CRYPTO_EddsaPublicKey * | pub, |
| struct GNUNET_CRYPTO_EcdhePublicKey * | c, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Encapsulate key material for a EdDSA public key.
Dual to #GNUNET_CRRYPTO_eddsa_kem_decaps.
| priv | private key to use for the ECDH (y) |
| c | public key from EdDSA to use for the ECDH (X=h(x)G) |
| key_material | where to write the key material H(yX)=H(h(x)yG) |
Definition at line 794 of file crypto_ecc.c.
References GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdhe_key_get_public(), and pub.
Referenced by encapsulate_for_dv(), inject_rekey(), setup_shared_secret_ephemeral(), and start_initial_kx_out().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_fo_kem_encaps | ( | const struct GNUNET_CRYPTO_EddsaPublicKey * | pub, |
| struct GNUNET_CRYPTO_FoKemC * | c, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Encapsulate key material using a CCA-secure KEM.
The KEM is using a OWTF with image oracle constructed from a Fujusaki-Okamoto transformation using ElGamal (DH plus XOR OTP). Dual to #GNUNET_CRRYPTO_eddsa_fo_kem_decaps.
| pub | public key to encapsulated for | |
| [out] | c | the encapsulation |
| [out] | key_material | the encapsulated key |
Definition at line 840 of file crypto_ecc.c.
References GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hash_xor(), GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), GNUNET_memcpy, GNUNET_OK, pub, GNUNET_CRYPTO_FoKemC::pub, ret, and GNUNET_CRYPTO_FoKemC::y.
Referenced by GNUNET_CRYPTO_encrypt().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_fo_kem_decaps | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_FoKemC * | c, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Decapsulate key material using a CCA-secure KEM.
The KEM is using a OWTF with image oracle constructed from a Fujusaki-Okamoto transformation using ElGamal (DH plus XOR OTP). Dual to #GNUNET_CRRYPTO_eddsa_fo_kem_encaps.
| priv | private key this encapsulation is for | |
| c | the encapsulation | |
| [out] | key_material | the encapsulated key |
Decapsulate key material using a CCA-secure KEM.
Definition at line 908 of file crypto_ecc.c.
References fo_kem_decaps(), GNUNET_CRYPTO_eddsa_ecdh(), GNUNET_OK, GNUNET_CRYPTO_FoKemC::pub, and ret.
Referenced by GNUNET_CRYPTO_decrypt().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_fo_kem_encaps | ( | const struct GNUNET_CRYPTO_EcdsaPublicKey * | pub, |
| struct GNUNET_CRYPTO_FoKemC * | c, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Encapsulate key material using a CCA-secure KEM.
The KEM is using a OWTF with image oracle constructed from a Fujusaki-Okamoto transformation using ElGamal (DH plus XOR OTP). Dual to #GNUNET_CRRYPTO_eddsa_fo_kem_decaps.
| pub | public key to encapsulated for | |
| [out] | c | the encapsulation |
| [out] | key_material | the encapsulated key |
Definition at line 807 of file crypto_ecc.c.
References GNUNET_CRYPTO_ecdh_ecdsa(), GNUNET_CRYPTO_ecdhe_key_get_public(), GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_hash_xor(), GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), GNUNET_memcpy, GNUNET_OK, GNUNET_SYSERR, pub, GNUNET_CRYPTO_FoKemC::pub, and GNUNET_CRYPTO_FoKemC::y.
Referenced by GNUNET_CRYPTO_encrypt().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_fo_kem_decaps | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| struct GNUNET_CRYPTO_FoKemC * | c, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Decapsulate key material using a CCA-secure KEM.
The KEM is using a OWTF with image oracle constructed from a Fujusaki-Okamoto transformation using ElGamal (DH plus XOR OTP). Dual to #GNUNET_CRRYPTO_eddsa_fo_kem_encaps.
| priv | private key this encapsulation is for | |
| c | the encapsulation | |
| [out] | key_material | the encapsulated key |
Definition at line 924 of file crypto_ecc.c.
References fo_kem_decaps(), GNUNET_CRYPTO_ecdsa_ecdh(), GNUNET_OK, GNUNET_CRYPTO_FoKemC::pub, and ret.
Referenced by GNUNET_CRYPTO_decrypt().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a ECDH public key and a private ECDSA key.
Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.
| priv | private key from ECDSA to use for the ECDH (x) |
| pub | public key to use for the ECDH (yG) |
| key_material | where to write the key material H(h(x)yG) |
Definition at line 759 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by GNUNET_CRYPTO_decrypt_old(), and GNUNET_CRYPTO_ecdsa_fo_kem_decaps().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EddsaPublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a EdDSA public key and a private ECDH key.
Dual to #GNUNET_CRRYPTO_eddsa_ecdh. This converts the Edwards25519 public key pub to a Curve25519 public key before computing a X25519 DH (see GNUNET_CRYPTO_ecc_ecdh). NOTE: Whenever you can get away with it, use separate key pairs for signing and encryption (DH)!
| priv | private key to use for the ECDH (y) |
| pub | public key from EdDSA to use for the ECDH (X=h(x)G) |
| key_material | where to write the key material H(yX)=H(h(x)yG) |
Definition at line 777 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by checkvec(), GNUNET_CRYPTO_eddsa_elligator_kem_encaps(), GNUNET_CRYPTO_eddsa_fo_kem_encaps(), GNUNET_CRYPTO_eddsa_kem_encaps(), GNUNET_CRYPTO_encrypt_old(), output_vectors(), and update_ax_by_kx().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa | ( | const struct GNUNET_CRYPTO_EcdhePrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EcdsaPublicKey * | pub, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Derive key material from a EcDSA public key and a private ECDH key.
Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.
| priv | private key to use for the ECDH (y) |
| pub | public key from ECDSA to use for the ECDH (X=h(x)G) |
| key_material | where to write the key material H(yX)=H(h(x)yG) |
Definition at line 940 of file crypto_ecc.c.
References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by GNUNET_CRYPTO_ecdsa_fo_kem_encaps(), and GNUNET_CRYPTO_encrypt_old().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_EddsaSignature * | sig | ||
| ) |
EdDSA sign a given block.
The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_eddsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).
| priv | private key to use for the signing | |
| purpose | what to sign (size, purpose) | |
| [out] | sig | where to write the signature |
Definition at line 607 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_OK, GNUNET_SYSERR, pk, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.
Referenced by do_dht_put(), GNUNET_CRYPTO_sign_(), GNUNET_CRYPTO_sign_by_peer_identity(), GNUNET_CRYPTO_sign_raw_(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), regex_iterator(), setup_flood_message(), and sign_ephemeral_key().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_EcdsaSignature * | sig | ||
| ) |
ECDSA Sign a given block.
The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).
| priv | private key to use for the signing | |
| purpose | what to sign (size, purpose) | |
| [out] | sig | where to write the signature |
Definition at line 536 of file crypto_ecc.c.
References _, BENCHMARK_END, BENCHMARK_START, data, data_to_ecdsa_value(), decode_private_ecdsa_key(), GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_WARNING, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), LOG, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.
Referenced by GNUNET_CRYPTO_ecdsa_sign_derived(), GNUNET_CRYPTO_sign_(), GNUNET_CRYPTO_sign_raw_(), and GNUNET_FS_publish_ublock_().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_sign_ | ( | const struct GNUNET_CRYPTO_Edx25519PrivateKey * | priv, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | purpose, | ||
| struct GNUNET_CRYPTO_Edx25519Signature * | sig | ||
| ) |
Edx25519 sign a given block.
The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_edx25519_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).
| priv | private key to use for the signing | |
| purpose | what to sign (size, purpose) | |
| [out] | sig | where to write the signature |
Edx25519 sign a given block.
But instead of expanding a private seed (which is usually the case for crypto APIs) and using the resulting scalars, it takes the scalars directly from Edx25519PrivateKey. We require this functionality in order to use derived private keys for signatures.
The resulting signature is a standard EdDSA signature which can be verified using the usual APIs.
| priv | the private key (containing two scalars .a and .b) |
| purp | the signature purpose |
| sig | the resulting signature |
Calculate the public key P from the private scalar in the key.
Calculate r: r = SHA512 (b ∥ M) where M is our message (purpose).
Temporarily put P into S
Reduce the scalar value r
Calculate R := r * G of the signature
Calculate hram := SHA512 (R ∥ P ∥ M)
Reduce the resulting scalar value
Calculate S := r + hram * s mod L
Definition at line 103 of file crypto_edx25519.c.
References GNUNET_CRYPTO_Edx25519PrivateKey::a, GNUNET_CRYPTO_Edx25519PrivateKey::b, GNUNET_OK, GNUNET_CRYPTO_Edx25519Signature::r, GNUNET_CRYPTO_Edx25519Signature::s, and GNUNET_CRYPTO_EccSignaturePurpose::size.
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_ | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_EddsaSignature * | sig, | ||
| const struct GNUNET_CRYPTO_EddsaPublicKey * | pub | ||
| ) |
Verify EdDSA signature.
The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| pub | public key of the signer |
Definition at line 690 of file crypto_ecc.c.
References BENCHMARK_END, BENCHMARK_START, GNUNET_OK, GNUNET_SYSERR, m, pub, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.
Referenced by block_plugin_dns_check_block(), block_plugin_regex_check_block(), GNUNET_CRYPTO_signature_verify_(), GNUNET_CRYPTO_signature_verify_raw_(), GNUNET_CRYPTO_verify_peer_identity(), GNUNET_GNSRECORD_block_verify(), handle_ephemeral_key(), keygen_round1_new_element(), keygen_round2_new_element(), and verify_message_crypto().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_ | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_EcdsaSignature * | sig, | ||
| const struct GNUNET_CRYPTO_EcdsaPublicKey * | pub | ||
| ) |
Verify ECDSA signature.
The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| pub | public key of the signer |
Definition at line 631 of file crypto_ecc.c.
References _, BENCHMARK_END, BENCHMARK_START, CURVE, data, data_to_ecdsa_value(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_OK, GNUNET_SYSERR, LOG, LOG_GCRY, pub, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.
Referenced by block_plugin_fs_check_block(), GNUNET_CRYPTO_signature_verify_(), GNUNET_CRYPTO_signature_verify_raw_(), and GNUNET_GNSRECORD_block_verify().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_edx25519_verify_ | ( | uint32_t | purpose, |
| const struct GNUNET_CRYPTO_EccSignaturePurpose * | validate, | ||
| const struct GNUNET_CRYPTO_Edx25519Signature * | sig, | ||
| const struct GNUNET_CRYPTO_Edx25519PublicKey * | pub | ||
| ) |
Verify Edx25519 signature.
The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_edx25519_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).
| purpose | what is the purpose that the signature should have? |
| validate | block to validate (size, purpose, data) |
| sig | signature that is being validated |
| pub | public key of the signer |
Definition at line 186 of file crypto_edx25519.c.
References GNUNET_OK, GNUNET_SYSERR, m, pub, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.
| struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_private_key_derive | ( | const struct GNUNET_CRYPTO_EcdsaPrivateKey * | priv, |
| const char * | label, | ||
| const char * | context | ||
| ) |
Derive a private key from a given private key and a label.
Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.
| priv | original private key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'; typically the name of the subsystem/application |
Definition at line 196 of file crypto_ecc_gnsrecord.c.
References context, ctx, CURVE, d, GNUNET_CRYPTO_EcdsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_new, h, pub, and ret.
Referenced by GNUNET_CRYPTO_ecdsa_sign_derived(), GNUNET_FS_publish_ublock_(), and run_pkey().
| void GNUNET_CRYPTO_ecdsa_public_key_derive | ( | const struct GNUNET_CRYPTO_EcdsaPublicKey * | pub, |
| const char * | label, | ||
| const char * | context, | ||
| struct GNUNET_CRYPTO_EcdsaPublicKey * | result | ||
| ) |
Derive a public key from a given public key and a label.
Essentially calculates a public key 'V = H(l,P) * P'.
| pub | original public key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'. typically the name of the subsystem/application |
| result | where to write the derived public key |
Definition at line 241 of file crypto_ecc_gnsrecord.c.
References context, ctx, CURVE, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, q, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.
Referenced by block_sign_ecdsa(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_query_from_public_key(), run_pkey(), and schedule_transmit_search_request().
| void GNUNET_CRYPTO_eddsa_private_key_derive | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const char * | label, | ||
| const char * | context, | ||
| struct GNUNET_CRYPTO_EddsaPrivateScalar * | result | ||
| ) |
Derive a private scalar from a given private key and a label.
Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'. The result is the derived private scalar, not the private key as for EdDSA we cannot derive before we hash the private key.
| priv | original private key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'; typically the name of the subsystem/application |
| result | derived private scalar |
Libsodium does not offer an API with arbitrary arithmetic. Hence we have to use libgcrypt here.
Get our modulo L
This is the standard private key expansion in Ed25519. The first 32 octets are used as a little-endian private scalar. We derive this scalar using our "h".
Get h mod L
dc now contains the private scalar "a". We calculate: d' := h * a mod L
We hash the derived "h" parameter with the other half of the expanded private key. This ensures that for signature generation, the "R" is derived from the same derivation path as "h" and is not reused.
Definition at line 294 of file crypto_ecc_gnsrecord.c.
References context, ctx, d, GNUNET_CRYPTO_EddsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, and result.
Referenced by GNUNET_CRYPTO_eddsa_sign_derived(), and run_edkey().
| void GNUNET_CRYPTO_eddsa_public_key_derive | ( | const struct GNUNET_CRYPTO_EddsaPublicKey * | pub, |
| const char * | label, | ||
| const char * | context, | ||
| struct GNUNET_CRYPTO_EddsaPublicKey * | result | ||
| ) |
Derive a public key from a given public key and a label.
Essentially calculates a public key 'V = H(l,P) * P'.
| pub | original public key |
| label | label to use for key deriviation |
| context | additional context to use for HKDF of 'h'. typically the name of the subsystem/application |
| result | where to write the derived public key |
Definition at line 381 of file crypto_ecc_gnsrecord.c.
References context, ctx, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, q, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.
Referenced by block_sign_eddsa(), GNUNET_GNSRECORD_query_from_public_key(), and run_edkey().
| void GNUNET_CRYPTO_edx25519_private_key_derive | ( | const struct GNUNET_CRYPTO_Edx25519PrivateKey * | priv, |
| const void * | seed, | ||
| size_t | seedsize, | ||
| struct GNUNET_CRYPTO_Edx25519PrivateKey * | result | ||
| ) |
Derive a private scalar from a given private key and a label.
Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.
| priv | original private key |
| seed | input seed |
| seedsize | size of the seed |
| result | derived private key |
dc now contains the private scalar "a". We carefully remove the clamping and derive a'. Calculate: a1 := a / 8 a2 := h * a1 mod n a' := a2 * 8 mod n
Definition at line 239 of file crypto_edx25519.c.
References GNUNET_CRYPTO_Edx25519PrivateKey::a, GNUNET_CRYPTO_Edx25519PrivateKey::b, derive_h(), GNUNET_assert, GNUNET_CRYPTO_edx25519_key_get_public(), GNUNET_CRYPTO_hash_context_finish(), GNUNET_CRYPTO_hash_context_read(), GNUNET_CRYPTO_hash_context_start(), h, pub, result, and zero.
Referenced by output_vectors().
| void GNUNET_CRYPTO_edx25519_public_key_derive | ( | const struct GNUNET_CRYPTO_Edx25519PublicKey * | pub, |
| const void * | seed, | ||
| size_t | seedsize, | ||
| struct GNUNET_CRYPTO_Edx25519PublicKey * | result | ||
| ) |
Derive a public key from a given public key and a label.
Essentially calculates a public key 'V = H(l,P) * P'.
| pub | original public key |
| seed | input seed |
| seedsize | size of the seed |
| result | where to write the derived public key |
Definition at line 333 of file crypto_edx25519.c.
References derive_h(), GNUNET_assert, h, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.
Referenced by output_vectors().
| void GNUNET_CRYPTO_ecdhe_elligator_decoding | ( | struct GNUNET_CRYPTO_EcdhePublicKey * | point, |
| bool * | high_y, | ||
| const struct GNUNET_CRYPTO_ElligatorRepresentative * | representative | ||
| ) |
Clears the most significant bit and second most significant bit of the serialized representaive before applying elligator direct map.
| representative | serialized elligator representative of an element of Curves25519's finite field |
| point | destination for the calculated point on the curve |
| high_y | bool pointed to will be set to 'true' if corresponding y-coordinate is > 2 ^ 254 - 10, otherwise 0. Can be set to NULL if not needed. |
Definition at line 470 of file crypto_elligator.c.
References elligator_direct_map(), GNUNET_CRYPTO_EcdhePublicKey::q_y, and GNUNET_CRYPTO_ElligatorRepresentative::r.
Referenced by GNUNET_CRYPTO_eddsa_elligator_kem_decaps(), send_msg_with_kx(), and sock_read().
| bool GNUNET_CRYPTO_ecdhe_elligator_encoding | ( | struct GNUNET_CRYPTO_ElligatorRepresentative * | r, |
| const struct GNUNET_CRYPTO_EcdhePublicKey * | pub, | ||
| bool | high_y | ||
| ) |
Encodes a point on Curve25519 to a an element of the underlying finite field.
This transformation is deterministic.
| r | storage for the calculated representative |
| pub | a point on the curve |
| high_y | encodes if y-coordinate is > 2 ^254 - 10, which determines the representative value out of two |
Definition at line 342 of file crypto_elligator.c.
References A, decode_bytes(), encode_bytes(), inverted_u, least_square_root(), negative_2, p, P_BITS, P_LIMBS, pub, GNUNET_CRYPTO_EddsaPublicKey::q_y, GNUNET_CRYPTO_ElligatorRepresentative::r, result, and scratch_space_length.
Referenced by GNUNET_CRYPTO_ecdhe_elligator_key_create().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdhe_elligator_generate_public_key | ( | struct GNUNET_CRYPTO_EcdhePublicKey * | pub, |
| struct GNUNET_CRYPTO_EcdhePrivateKey * | pk | ||
| ) |
Generates a valid public key for elligator's inverse map by adding a lower order point to a prime order point.
Following Method 1 in description https://elligator.org/key-exchange section Step 2: Generate a “special” public key.
| pub | valid public key for elligator inverse map |
| pk | private key for generating valid public key |
Definition at line 570 of file crypto_elligator.c.
References convert_from_ed_to_curve(), GNUNET_assert, GNUNET_OK, GNUNET_SYSERR, lookupTable, pk, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.
Referenced by GNUNET_CRYPTO_ecdhe_elligator_key_create().
| void GNUNET_CRYPTO_ecdhe_elligator_key_create | ( | struct GNUNET_CRYPTO_ElligatorRepresentative * | repr, |
| struct GNUNET_CRYPTO_EcdhePrivateKey * | pk | ||
| ) |
Generates a private key for Curve25519 and the elligator representative of the corresponding public key.
| repr | representative of the public key |
| pk | Curve25519 private key |
Definition at line 600 of file crypto_elligator.c.
References GNUNET_CRYPTO_ecdhe_elligator_encoding(), GNUNET_CRYPTO_ecdhe_elligator_generate_public_key(), GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), GNUNET_NO, GNUNET_SYSERR, GNUNET_YES, pk, pub, and GNUNET_CRYPTO_ElligatorRepresentative::r.
Referenced by GNUNET_CRYPTO_eddsa_elligator_kem_encaps().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_elligator_kem_encaps | ( | const struct GNUNET_CRYPTO_EddsaPublicKey * | pub, |
| struct GNUNET_CRYPTO_ElligatorRepresentative * | r, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Carries out ecdh encapsulation with given public key and the private key from a freshly created ephemeral key pair.
Following the terminology in https://eprint.iacr.org/2021/509.pdf.
| pub | given edwards curve public key (X) |
| r | representative of ephemeral public key A to use for the ECDH (direct_map(r)=A=aG) |
| key_material | where to write the key material H(aX)=H(x(aG)) |
Definition at line 652 of file crypto_elligator.c.
References GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_ecdhe_elligator_key_create(), and pub.
Referenced by setup_initial_shared_secret_ephemeral().
| enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_elligator_kem_decaps | ( | const struct GNUNET_CRYPTO_EddsaPrivateKey * | priv, |
| const struct GNUNET_CRYPTO_ElligatorRepresentative * | r, | ||
| struct GNUNET_HashCode * | key_material | ||
| ) |
Carries out ecdh decapsulation with own private key and the representative of the received public key.
Following the terminology in https://eprint.iacr.org/2021/509.pdf.
| priv | own private key (x) |
| r | received representative r, from which we can obtain the public key A (direct_map(r)=A=aG) |
| key_material | where to write the key material H(xA)=H(a(xG)) |
Definition at line 666 of file crypto_elligator.c.
References GNUNET_CRYPTO_ecdhe_elligator_decoding(), GNUNET_CRYPTO_eddsa_ecdh(), and pub.
Referenced by setup_initial_shared_secret_dec().
1.9.4