d7/df1/crypto__kdf_8c_source.html

/*

     This file is part of GNUnet.

     Copyright (C) 2010 GNUnet e.V.


     GNUnet is free software: you can redistribute it and/or modify it

     under the terms of the GNU Affero General Public License as published

     by the Free Software Foundation, either version 3 of the License,

     or (at your option) any later version.


     GNUnet is distributed in the hope that it will be useful, but

     WITHOUT ANY WARRANTY; without even the implied warranty of

     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

     Affero General Public License for more details.


     You should have received a copy of the GNU Affero General Public License

     along with this program.  If not, see <http://www.gnu.org/licenses/>.


     SPDX-License-Identifier: AGPL3.0-or-later

 */


#include "platform.h"

#include <gcrypt.h>


#include "gnunet_util_lib.h"


#define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-kdf", __VA_ARGS__)


void


GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r,

                           gcry_mpi_t n,

                           const void *xts, size_t xts_len,

                           const void *skm, size_t skm_len,

                           const char *ctx)

{

  gcry_error_t rc;

  unsigned int nbits;

  size_t rsize;

  uint16_t ctr;


  nbits = gcry_mpi_get_nbits (n);

  /* GNUNET_assert (nbits > 512); */

  ctr = 0;

  while (1)

  {

    /* Ain't clear if n is always divisible by 8 */

    size_t bsize = (nbits - 1) / 8 + 1;

    uint8_t buf[bsize];

    uint16_t ctr_nbo = htons (ctr);


    rc = GNUNET_CRYPTO_hkdf_gnunet (buf,

                                    bsize,

                                    xts, xts_len,

                                    skm, skm_len,

                                    GNUNET_CRYPTO_kdf_arg_string (ctx),

                                    GNUNET_CRYPTO_kdf_arg_auto (&ctr_nbo))

    ;

    GNUNET_assert (GNUNET_YES == rc);

    rc = gcry_mpi_scan (r,

                        GCRYMPI_FMT_USG,

                        (const unsigned char *) buf,

                        bsize,

                        &rsize);

    GNUNET_assert (GPG_ERR_NO_ERROR == rc);  /* Allocation error? */

    GNUNET_assert (rsize == bsize);

    gcry_mpi_clear_highbit (*r,

                            nbits);

    GNUNET_assert (0 ==

                   gcry_mpi_test_bit (*r,

                                      nbits));

    ++ctr;

    /* We reject this FDH if either *r > n and retry with another ctr */

    if (0 > gcry_mpi_cmp (*r, n))

      break;

    gcry_mpi_release (*r);

  }

}


/* end of crypto_kdf.c */

ctx
static struct GNUNET_FS_Handle * ctx
Definition gnunet-download.c:40

bsize
static unsigned int bsize
Definition gnunet-set-ibf-profiler.c:33

gnunet_util_lib.h

GNUNET_CRYPTO_hkdf_gnunet
#define GNUNET_CRYPTO_hkdf_gnunet(result, out_len, xts, xts_len, skm, skm_len,...)
A peculiar HKDF instantiation that tried to mimic Truncated NMAC.
Definition gnunet_crypto_lib.h:1449

GNUNET_CRYPTO_kdf_mod_mpi
void GNUNET_CRYPTO_kdf_mod_mpi(gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi.
Definition crypto_kdf.c:38

GNUNET_CRYPTO_kdf_arg_string
#define GNUNET_CRYPTO_kdf_arg_string(d)
Definition gnunet_crypto_lib.h:1360

GNUNET_CRYPTO_kdf_arg_auto
#define GNUNET_CRYPTO_kdf_arg_auto(d)
Definition gnunet_crypto_lib.h:1368

GNUNET_YES
@ GNUNET_YES
Definition gnunet_common.h:116

GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition gnunet_common.h:960

platform.h