GNUnet  0.17.6
crypto_kdf.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2010 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
28 #include <gcrypt.h>
29 
30 #include "platform.h"
31 #include "gnunet_crypto_lib.h"
32 
33 #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-kdf", __VA_ARGS__)
34 
35 
38  size_t out_len,
39  const void *xts,
40  size_t xts_len,
41  const void *skm,
42  size_t skm_len,
43  va_list argp)
44 {
45  /*
46  * "Finally, we point out to a particularly advantageous instantiation using
47  * HMAC-SHA512 as XTR and HMAC-SHA256 in PRF* (in which case the output from SHA-512 is
48  * truncated to 256 bits). This makes sense in two ways: First, the extraction part is where we need a
49  * stronger hash function due to the unconventional demand from the hash function in the extraction
50  * setting. Second, as shown in Section 6, using HMAC with a truncated output as an extractor
51  * allows to prove the security of HKDF under considerably weaker assumptions on the underlying
52  * hash function."
53  *
54  * http://eprint.iacr.org/2010/264
55  */
57  out_len,
58  GCRY_MD_SHA512,
59  GCRY_MD_SHA256,
60  xts,
61  xts_len,
62  skm,
63  skm_len,
64  argp);
65 }
66 
67 
70  size_t out_len,
71  const void *xts,
72  size_t xts_len,
73  const void *skm,
74  size_t skm_len, ...)
75 {
76  va_list argp;
77  int ret;
78 
79  va_start (argp, skm_len);
81  out_len,
82  xts,
83  xts_len,
84  skm,
85  skm_len,
86  argp);
87  va_end (argp);
88 
89  return ret;
90 }
91 
92 
93 void
95  gcry_mpi_t n,
96  const void *xts, size_t xts_len,
97  const void *skm, size_t skm_len,
98  const char *ctx)
99 {
100  gcry_error_t rc;
101  unsigned int nbits;
102  size_t rsize;
103  uint16_t ctr;
104 
105  nbits = gcry_mpi_get_nbits (n);
106  /* GNUNET_assert (nbits > 512); */
107  ctr = 0;
108  while (1)
109  {
110  /* Ain't clear if n is always divisible by 8 */
111  size_t bsize = (nbits - 1) / 8 + 1;
112  uint8_t buf[bsize];
113  uint16_t ctr_nbo = htons (ctr);
114 
115  rc = GNUNET_CRYPTO_kdf (buf,
116  bsize,
117  xts, xts_len,
118  skm, skm_len,
119  ctx, strlen (ctx),
120  &ctr_nbo, sizeof(ctr_nbo),
121  NULL, 0);
122  GNUNET_assert (GNUNET_YES == rc);
123  rc = gcry_mpi_scan (r,
124  GCRYMPI_FMT_USG,
125  (const unsigned char *) buf,
126  bsize,
127  &rsize);
128  GNUNET_assert (GPG_ERR_NO_ERROR == rc); /* Allocation error? */
129  GNUNET_assert (rsize == bsize);
130  gcry_mpi_clear_highbit (*r,
131  nbits);
132  GNUNET_assert (0 ==
133  gcry_mpi_test_bit (*r,
134  nbits));
135  ++ctr;
136  /* We reject this FDH if either *r > n and retry with another ctr */
137  if (0 > gcry_mpi_cmp (*r, n))
138  break;
139  gcry_mpi_release (*r);
140  }
141 }
142 
143 
144 /* end of crypto_kdf.c */
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static int result
Global testing status.
static char buf[2048]
static unsigned int bsize
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
cryptographic primitives for GNUnet
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_v(void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
Derive key.
Definition: crypto_hkdf.c:165
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:69
void GNUNET_CRYPTO_kdf_mod_mpi(gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi.
Definition: crypto_kdf.c:94
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf_v(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
Derive key.
Definition: crypto_kdf.c:37
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:96
@ GNUNET_YES
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.