GNUnet  0.10.x
Macros | Functions
crypto_kdf.c File Reference

Key derivation. More...

#include <gcrypt.h>
#include "platform.h"
#include "gnunet_crypto_lib.h"
Include dependency graph for crypto_kdf.c:

Go to the source code of this file.

Macros

#define LOG(kind, ...)   GNUNET_log_from (kind, "util-crypto-kdf", __VA_ARGS__)
 

Functions

int GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
 Derive key. More...
 
int GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
 Derive key. More...
 
void GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
 Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi. More...
 

Detailed Description

Key derivation.

Author
Nils Durner
Jeffrey Burdges burdg.nosp@m.es@g.nosp@m.nunet.nosp@m..org

Definition in file crypto_kdf.c.

Macro Definition Documentation

◆ LOG

#define LOG (   kind,
  ... 
)    GNUNET_log_from (kind, "util-crypto-kdf", __VA_ARGS__)

Definition at line 33 of file crypto_kdf.c.

Function Documentation

◆ GNUNET_CRYPTO_kdf_v()

int GNUNET_CRYPTO_kdf_v ( void *  result,
size_t  out_len,
const void *  xts,
size_t  xts_len,
const void *  skm,
size_t  skm_len,
va_list  argp 
)

Derive key.

Parameters
resultbuffer for the derived key, allocated by caller
out_lendesired length of the derived key
xtssalt
xts_lenlength of xts
skmsource key material
skm_lenlength of skm
argpva_list of void * & size_t pairs for context chunks
Returns
GNUNET_YES on success

Definition at line 47 of file crypto_kdf.c.

References GNUNET_CRYPTO_hkdf_v().

Referenced by GNUNET_CRYPTO_hmac_derive_key_v(), GNUNET_CRYPTO_kdf(), and GNUNET_CRYPTO_symmetric_derive_iv_v().

54 {
55  /*
56  * "Finally, we point out to a particularly advantageous instantiation using
57  * HMAC-SHA512 as XTR and HMAC-SHA256 in PRF* (in which case the output from SHA-512 is
58  * truncated to 256 bits). This makes sense in two ways: First, the extraction part is where we need a
59  * stronger hash function due to the unconventional demand from the hash function in the extraction
60  * setting. Second, as shown in Section 6, using HMAC with a truncated output as an extractor
61  * allows to prove the security of HKDF under considerably weaker assumptions on the underlying
62  * hash function."
63  *
64  * http://eprint.iacr.org/2010/264
65  */
66 
68  out_len,
69  GCRY_MD_SHA512,
70  GCRY_MD_SHA256,
71  xts,
72  xts_len,
73  skm,
74  skm_len,
75  argp);
76 }
int GNUNET_CRYPTO_hkdf_v(void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
Derive key.
Definition: crypto_hkdf.c:142
static int result
Global testing status.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_kdf_mod_mpi()

void GNUNET_CRYPTO_kdf_mod_mpi ( gcry_mpi_t *  r,
gcry_mpi_t  n,
const void *  xts,
size_t  xts_len,
const void *  skm,
size_t  skm_len,
const char *  ctx 
)

Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi.

Parameters
[out]rMPI value set to the FDH
nMPI to work modulo
xtssalt
xts_lenlength of xts
skmsource key material
skm_lenlength of skm
ctxcontext string

Definition at line 128 of file crypto_kdf.c.

References buf, GNUNET_assert, GNUNET_CRYPTO_kdf(), and GNUNET_YES.

Referenced by rsa_blinding_key_derive(), and rsa_full_domain_hash().

133 {
134  gcry_error_t rc;
135  unsigned int nbits;
136  size_t rsize;
137  unsigned int ctr;
138 
139  nbits = gcry_mpi_get_nbits (n);
140  /* GNUNET_assert (nbits > 512); */
141 
142  ctr = 0;
143  while (1)
144  {
145  /* Ain't clear if n is always divisible by 8 */
146  uint8_t buf[ (nbits-1)/8 + 1 ];
147 
148  rc = GNUNET_CRYPTO_kdf (buf,
149  sizeof (buf),
150  xts, xts_len,
151  skm, skm_len,
152  ctx, strlen(ctx),
153  &ctr, sizeof(ctr),
154  NULL, 0);
155  GNUNET_assert (GNUNET_YES == rc);
156 
157  rc = gcry_mpi_scan (r,
158  GCRYMPI_FMT_USG,
159  (const unsigned char *) buf,
160  sizeof (buf),
161  &rsize);
162  GNUNET_assert (0 == rc); /* Allocation erro? */
163 
164  gcry_mpi_clear_highbit (*r, nbits);
165  GNUNET_assert( 0 == gcry_mpi_test_bit (*r, nbits) );
166  ++ctr;
167  /* We reject this FDH if either *r > n and retry with another ctr */
168  if (0 > gcry_mpi_cmp(*r, n))
169  break;
170  gcry_mpi_release (*r);
171  }
172 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static char buf[2048]
#define GNUNET_YES
Definition: gnunet_common.h:80
int GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:91
Here is the call graph for this function:
Here is the caller graph for this function: