GNUnet 0.22.0
crypto_kdf.c
Go to the documentation of this file.
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2010 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
28#include "platform.h"
29#include <gcrypt.h>
30
31
32#include "gnunet_util_lib.h"
33
34#define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-kdf", __VA_ARGS__)
35
36
39 size_t out_len,
40 const void *xts,
41 size_t xts_len,
42 const void *skm,
43 size_t skm_len,
44 va_list argp)
45{
46 /*
47 * "Finally, we point out to a particularly advantageous instantiation using
48 * HMAC-SHA512 as XTR and HMAC-SHA256 in PRF* (in which case the output from SHA-512 is
49 * truncated to 256 bits). This makes sense in two ways: First, the extraction part is where we need a
50 * stronger hash function due to the unconventional demand from the hash function in the extraction
51 * setting. Second, as shown in Section 6, using HMAC with a truncated output as an extractor
52 * allows to prove the security of HKDF under considerably weaker assumptions on the underlying
53 * hash function."
54 *
55 * http://eprint.iacr.org/2010/264
56 */
57 return GNUNET_CRYPTO_hkdf_gnunet_v (result, out_len, xts, xts_len, skm, skm_len, argp);
58}
59
60
63 size_t out_len,
64 const void *xts,
65 size_t xts_len,
66 const void *skm,
67 size_t skm_len, ...)
68{
69 va_list argp;
70 int ret;
71
72 va_start (argp, skm_len);
74 out_len,
75 xts,
76 xts_len,
77 skm,
78 skm_len,
79 argp);
80 va_end (argp);
81
82 return ret;
83}
84
85
86void
88 gcry_mpi_t n,
89 const void *xts, size_t xts_len,
90 const void *skm, size_t skm_len,
91 const char *ctx)
92{
93 gcry_error_t rc;
94 unsigned int nbits;
95 size_t rsize;
96 uint16_t ctr;
97
98 nbits = gcry_mpi_get_nbits (n);
99 /* GNUNET_assert (nbits > 512); */
100 ctr = 0;
101 while (1)
102 {
103 /* Ain't clear if n is always divisible by 8 */
104 size_t bsize = (nbits - 1) / 8 + 1;
105 uint8_t buf[bsize];
106 uint16_t ctr_nbo = htons (ctr);
107
108 rc = GNUNET_CRYPTO_kdf (buf,
109 bsize,
110 xts, xts_len,
111 skm, skm_len,
112 ctx, strlen (ctx),
113 &ctr_nbo, sizeof(ctr_nbo),
114 NULL, 0);
116 rc = gcry_mpi_scan (r,
117 GCRYMPI_FMT_USG,
118 (const unsigned char *) buf,
119 bsize,
120 &rsize);
121 GNUNET_assert (GPG_ERR_NO_ERROR == rc); /* Allocation error? */
122 GNUNET_assert (rsize == bsize);
123 gcry_mpi_clear_highbit (*r,
124 nbits);
125 GNUNET_assert (0 ==
126 gcry_mpi_test_bit (*r,
127 nbits));
128 ++ctr;
129 /* We reject this FDH if either *r > n and retry with another ctr */
130 if (0 > gcry_mpi_cmp (*r, n))
131 break;
132 gcry_mpi_release (*r);
133 }
134}
135
136
137/* end of crypto_kdf.c */
static int ret
Final status code.
Definition: gnunet-arm.c:93
static struct GNUNET_FS_Handle * ctx
static int result
Global testing status.
static unsigned int bsize
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_gnunet_v(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
Derive key.
Definition: crypto_hkdf.c:172
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:62
void GNUNET_CRYPTO_kdf_mod_mpi(gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi.
Definition: crypto_kdf.c:87
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf_v(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
Derive key.
Definition: crypto_kdf.c:38
GNUNET_GenericReturnValue
Named constants for return values.
@ GNUNET_YES
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.