GNUnet 0.22.2
gnsrecord_crypto.c
Go to the documentation of this file.
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2009-2013, 2018 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
28#include "platform.h"
29#include "gnsrecord_crypto.h"
30
31#define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)
32
33static ssize_t
34ecdsa_symmetric_decrypt (
35 const void *block,
36 size_t size,
37 const unsigned char *key,
38 const unsigned char *ctr,
39 void *result)
40{
41 gcry_cipher_hd_t handle;
42 int rc;
43
44 GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
45 GCRY_CIPHER_MODE_CTR, 0));
46 rc = gcry_cipher_setkey (handle,
47 key,
48 GNUNET_CRYPTO_AES_KEY_LENGTH);
49 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
50 rc = gcry_cipher_setctr (handle,
51 ctr,
52 GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
53 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
54 GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, block, size));
55 gcry_cipher_close (handle);
56 return size;
57}
58
59
60static ssize_t
61ecdsa_symmetric_encrypt (
62 const void *block,
63 size_t size,
64 const unsigned char *key,
65 const unsigned char *ctr,
66 void *result)
67{
68 gcry_cipher_hd_t handle;
69 int rc;
70
71 GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
72 GCRY_CIPHER_MODE_CTR, 0));
73 rc = gcry_cipher_setkey (handle,
74 key,
75 GNUNET_CRYPTO_AES_KEY_LENGTH);
76 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
77 rc = gcry_cipher_setctr (handle,
78 ctr,
79 GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
80 GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
81 GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, block, size));
82 gcry_cipher_close (handle);
83 return size;
84}
85
86
87static enum GNUNET_GenericReturnValue
88eddsa_symmetric_decrypt (
89 const void *block,
90 size_t size,
91 const unsigned char *key,
92 const unsigned char *nonce,
93 void *result)
94{
95 ssize_t ctlen = size - crypto_secretbox_MACBYTES;
96 if (ctlen < 0)
97 return GNUNET_SYSERR;
98 if (0 != crypto_secretbox_open_detached (result,
99 ((unsigned char*) block)
100 + crypto_secretbox_MACBYTES, // Ciphertext
101 block, // Tag
102 ctlen,
103 nonce, key))
104 {
105 return GNUNET_SYSERR;
106 }
107 return GNUNET_OK;
108}
109
110
111static enum GNUNET_GenericReturnValue
112eddsa_symmetric_encrypt (
113 const void *block,
114 size_t size,
115 const unsigned char *key,
116 const unsigned char *nonce,
117 void *result)
118{
119 if (size > crypto_secretbox_MESSAGEBYTES_MAX)
120 return GNUNET_SYSERR;
121 crypto_secretbox_detached (result + crypto_secretbox_MACBYTES, // Ciphertext
122 result, // TAG
123 block, size, nonce, key);
124 return GNUNET_OK;
125}
126
127
128void
129GNR_derive_block_aes_key (unsigned char *ctr,
130 unsigned char *key,
131 const char *label,
132 uint64_t exp,
133 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
134{
135 static const char ctx_key[] = "gns-aes-ctx-key";
136 static const char ctx_iv[] = "gns-aes-ctx-iv";
137
138 GNUNET_CRYPTO_kdf (key, GNUNET_CRYPTO_AES_KEY_LENGTH,
139 ctx_key, strlen (ctx_key),
140 pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
141 label, strlen (label),
142 NULL, 0);
143 memset (ctr, 0, GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
145 GNUNET_CRYPTO_kdf (ctr, 4,
146 ctx_iv, strlen (ctx_iv),
147 pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
148 label, strlen (label),
149 NULL, 0);
151 memcpy (ctr + 4, &exp, sizeof (exp));
153 ctr[15] |= 0x01;
154}
155
156
157void
158GNR_derive_block_xsalsa_key (unsigned char *nonce,
159 unsigned char *key,
160 const char *label,
161 uint64_t exp,
162 const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
163{
164 static const char ctx_key[] = "gns-xsalsa-ctx-key";
165 static const char ctx_iv[] = "gns-xsalsa-ctx-iv";
166
167 GNUNET_CRYPTO_kdf (key, crypto_secretbox_KEYBYTES,
168 ctx_key, strlen (ctx_key),
169 pub, sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
170 label, strlen (label),
171 NULL, 0);
172 memset (nonce, 0, crypto_secretbox_NONCEBYTES);
174 GNUNET_CRYPTO_kdf (nonce, (crypto_secretbox_NONCEBYTES - sizeof (exp)),
175 ctx_iv, strlen (ctx_iv),
176 pub, sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
177 label, strlen (label),
178 NULL, 0);
180 memcpy (nonce + (crypto_secretbox_NONCEBYTES - sizeof (exp)),
181 &exp, sizeof (exp));
182}
183
184
185static ssize_t
186block_get_size_ecdsa (const struct GNUNET_GNSRECORD_Data *rd,
187 unsigned int rd_count)
188{
189 ssize_t len;
190
191 len = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
192 if (len < 0)
193 return -1;
194 len += sizeof(struct GNUNET_GNSRECORD_Block);
195 return len;
196}
197
198
199static enum GNUNET_GenericReturnValue
200block_sign_ecdsa (const struct
201 GNUNET_CRYPTO_EcdsaPrivateKey *key,
202 const struct
203 GNUNET_CRYPTO_EcdsaPublicKey *pkey,
204 const char *label,
205 struct GNUNET_GNSRECORD_Block *block)
206{
207 struct GNRBlockPS *gnr_block;
208 struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
209 size_t size = ntohl (block->size) - sizeof (*block) + sizeof (*gnr_block);
210
211 gnr_block = GNUNET_malloc (size);
212 ecblock = &(block)->ecdsa_block;
213 gnr_block->purpose.size = htonl (size);
214 gnr_block->purpose.purpose =
215 htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
216 gnr_block->expiration_time = ecblock->expiration_time;
217 /* encrypt and sign */
218 GNUNET_memcpy (&gnr_block[1], &ecblock[1],
219 size - sizeof (*gnr_block));
220 GNUNET_CRYPTO_ecdsa_public_key_derive (pkey,
221 label,
222 "gns",
223 &ecblock->derived_key);
224 if (GNUNET_OK !=
225 GNUNET_CRYPTO_ecdsa_sign_derived (key,
226 label,
227 "gns",
228 &gnr_block->purpose,
229 &ecblock->signature))
230 {
231 GNUNET_break (0);
232 GNUNET_free (gnr_block);
233 return GNUNET_SYSERR;
234 }
235 GNUNET_free (gnr_block);
236 return GNUNET_OK;
237}
238
239
240static enum GNUNET_GenericReturnValue
241block_sign_eddsa (const struct
242 GNUNET_CRYPTO_EddsaPrivateKey *key,
243 const struct
244 GNUNET_CRYPTO_EddsaPublicKey *pkey,
245 const char *label,
246 struct GNUNET_GNSRECORD_Block *block)
247{
248 struct GNRBlockPS *gnr_block;
249 struct GNUNET_GNSRECORD_EddsaBlock *edblock;
250 size_t size = ntohl (block->size) - sizeof (*block) + sizeof (*gnr_block);
251 gnr_block = GNUNET_malloc (size);
252 edblock = &(block)->eddsa_block;
253 gnr_block->purpose.size = htonl (size);
254 gnr_block->purpose.purpose =
255 htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
256 gnr_block->expiration_time = edblock->expiration_time;
257 GNUNET_memcpy (&gnr_block[1], &edblock[1],
258 size - sizeof (*gnr_block));
259 /* encrypt and sign */
260 GNUNET_CRYPTO_eddsa_public_key_derive (pkey,
261 label,
262 "gns",
263 &edblock->derived_key);
264 GNUNET_CRYPTO_eddsa_sign_derived (key,
265 label,
266 "gns",
267 &gnr_block->purpose,
268 &edblock->signature);
269 GNUNET_free (gnr_block);
270 return GNUNET_OK;
271}
272
273
274enum GNUNET_GenericReturnValue
275GNUNET_GNSRECORD_block_sign (const struct
276 GNUNET_CRYPTO_PrivateKey *key,
277 const char *label,
278 struct GNUNET_GNSRECORD_Block *block)
279{
280 struct GNUNET_CRYPTO_PublicKey pkey;
281 enum GNUNET_GenericReturnValue res = GNUNET_SYSERR;
282 char *norm_label;
283
284 GNUNET_CRYPTO_key_get_public (key,
285 &pkey);
286 norm_label = GNUNET_GNSRECORD_string_normalize (label);
287
288 switch (ntohl (key->type))
289 {
290 case GNUNET_GNSRECORD_TYPE_PKEY:
291 res = block_sign_ecdsa (&key->ecdsa_key,
292 &pkey.ecdsa_key,
293 norm_label,
294 block);
295 break;
296 case GNUNET_GNSRECORD_TYPE_EDKEY:
297 res = block_sign_eddsa (&key->eddsa_key,
298 &pkey.eddsa_key,
299 norm_label,
300 block);
301 break;
302 default:
303 GNUNET_assert (0);
304 }
305 GNUNET_free (norm_label);
306 return res;
307}
308
309
323static enum GNUNET_GenericReturnValue
324block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
325 const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey,
326 struct GNUNET_TIME_Absolute expire,
327 const char *label,
328 const struct GNUNET_GNSRECORD_Data *rd,
329 unsigned int rd_count,
330 struct GNUNET_GNSRECORD_Block **block,
331 int sign)
332{
333 ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
334 rd);
335 struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
336 unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
337 unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
338 struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
339 struct GNUNET_TIME_Absolute now;
340
341 if (payload_len < 0)
342 {
343 GNUNET_break (0);
344 return GNUNET_SYSERR;
345 }
346 if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
347 {
348 GNUNET_break (0);
349 return GNUNET_SYSERR;
350 }
351 /* convert relative to absolute times */
352 now = GNUNET_TIME_absolute_get ();
353 for (unsigned int i = 0; i < rd_count; i++)
354 {
355 rdc[i] = rd[i];
356 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
357 {
358 struct GNUNET_TIME_Relative t;
359
360 /* encrypted blocks must never have relative expiration times, convert! */
361 rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
362 t.rel_value_us = rdc[i].expiration_time;
363 rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
364 }
365 }
366 /* serialize */
367 *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) + payload_len);
368 (*block)->size = htonl (sizeof (struct GNUNET_GNSRECORD_Block) + payload_len);
369 {
370 char payload[payload_len];
371
372 GNUNET_assert (payload_len ==
373 GNUNET_GNSRECORD_records_serialize (rd_count,
374 rdc,
375 payload_len,
376 payload));
377 ecblock = &(*block)->ecdsa_block;
378 (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
379 ecblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
380 GNR_derive_block_aes_key (ctr,
381 skey,
382 label,
383 ecblock->expiration_time.abs_value_us__,
384 pkey);
385 GNUNET_assert (payload_len ==
386 ecdsa_symmetric_encrypt (payload,
387 payload_len,
388 skey,
389 ctr,
390 &ecblock[1]));
391 }
392 if (GNUNET_YES != sign)
393 return GNUNET_OK;
394 if (GNUNET_OK !=
395 block_sign_ecdsa (key, pkey, label, *block))
396 {
397 GNUNET_break (0);
398 GNUNET_free (*block);
399 return GNUNET_SYSERR;
400 }
401 return GNUNET_OK;
402}
403
404
405static ssize_t
406block_get_size_eddsa (const struct GNUNET_GNSRECORD_Data *rd,
407 unsigned int rd_count)
408{
409 ssize_t len;
410
411 len = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
412 if (len < 0)
413 return -1;
414 len += sizeof(struct GNUNET_GNSRECORD_Block);
415 len += crypto_secretbox_MACBYTES;
416 return len;
417}
418
419
433static enum GNUNET_GenericReturnValue
434block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
435 const struct GNUNET_CRYPTO_EddsaPublicKey *pkey,
436 struct GNUNET_TIME_Absolute expire,
437 const char *label,
438 const struct GNUNET_GNSRECORD_Data *rd,
439 unsigned int rd_count,
440 struct GNUNET_GNSRECORD_Block **block,
441 int sign)
442{
443 ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
444 rd);
445 struct GNUNET_GNSRECORD_EddsaBlock *edblock;
446 unsigned char nonce[crypto_secretbox_NONCEBYTES];
447 unsigned char skey[crypto_secretbox_KEYBYTES];
448 struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
449 struct GNUNET_TIME_Absolute now;
450
451 if (payload_len < 0)
452 {
453 GNUNET_break (0);
454 return GNUNET_SYSERR;
455 }
456 if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
457 {
458 GNUNET_break (0);
459 return GNUNET_SYSERR;
460 }
461 /* convert relative to absolute times */
462 now = GNUNET_TIME_absolute_get ();
463 for (unsigned int i = 0; i < rd_count; i++)
464 {
465 rdc[i] = rd[i];
466 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
467 {
468 struct GNUNET_TIME_Relative t;
469
470 /* encrypted blocks must never have relative expiration times, convert! */
471 rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
472 t.rel_value_us = rdc[i].expiration_time;
473 rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
474 }
475 }
476 /* serialize */
477 *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block)
478 + payload_len + crypto_secretbox_MACBYTES);
479 (*block)->size = htonl (sizeof (struct GNUNET_GNSRECORD_Block)
480 + payload_len + crypto_secretbox_MACBYTES);
481 {
482 char payload[payload_len];
483
484 GNUNET_assert (payload_len ==
485 GNUNET_GNSRECORD_records_serialize (rd_count,
486 rdc,
487 payload_len,
488 payload));
489 edblock = &(*block)->eddsa_block;
490 (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY);
491 edblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
492 GNR_derive_block_xsalsa_key (nonce,
493 skey,
494 label,
495 edblock->expiration_time.abs_value_us__,
496 pkey);
497 GNUNET_assert (GNUNET_OK ==
498 eddsa_symmetric_encrypt (payload,
499 payload_len,
500 skey,
501 nonce,
502 &edblock[1]));
503 if (GNUNET_YES != sign)
504 return GNUNET_OK;
505 block_sign_eddsa (key, pkey, label, *block);
506 }
507 return GNUNET_OK;
508}
509
510
511ssize_t
512GNUNET_GNSRECORD_block_calculate_size (const struct
513 GNUNET_CRYPTO_PrivateKey *key,
514 const struct GNUNET_GNSRECORD_Data *rd,
515 unsigned int rd_count)
516{
517 struct GNUNET_CRYPTO_PublicKey pkey;
518 ssize_t res = -1;
519
520 GNUNET_CRYPTO_key_get_public (key,
521 &pkey);
522 switch (ntohl (key->type))
523 {
524 case GNUNET_GNSRECORD_TYPE_PKEY:
525 res = block_get_size_ecdsa (rd, rd_count);
526 break;
527 case GNUNET_GNSRECORD_TYPE_EDKEY:
528 res = block_get_size_eddsa (rd, rd_count);
529 break;
530 default:
531 GNUNET_assert (0);
532 }
533 return res;
534
535}
536
537
538enum GNUNET_GenericReturnValue
539GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_PrivateKey *key,
540 struct GNUNET_TIME_Absolute expire,
541 const char *label,
542 const struct GNUNET_GNSRECORD_Data *rd,
543 unsigned int rd_count,
544 struct GNUNET_GNSRECORD_Block **result)
545{
546 struct GNUNET_CRYPTO_PublicKey pkey;
547 enum GNUNET_GenericReturnValue res = GNUNET_SYSERR;
548 char *norm_label;
549
550 GNUNET_CRYPTO_key_get_public (key,
551 &pkey);
552 norm_label = GNUNET_GNSRECORD_string_normalize (label);
553
554 switch (ntohl (key->type))
555 {
556 case GNUNET_GNSRECORD_TYPE_PKEY:
557 res = block_create_ecdsa (&key->ecdsa_key,
558 &pkey.ecdsa_key,
559 expire,
560 norm_label,
561 rd,
562 rd_count,
563 result,
564 GNUNET_YES);
565 break;
566 case GNUNET_GNSRECORD_TYPE_EDKEY:
567 res = block_create_eddsa (&key->eddsa_key,
568 &pkey.eddsa_key,
569 expire,
570 norm_label,
571 rd,
572 rd_count,
573 result,
574 GNUNET_YES);
575 break;
576 default:
577 GNUNET_assert (0);
578 }
579 GNUNET_free (norm_label);
580 return res;
581}
582
583
587struct KeyCacheLine
588{
592 struct GNUNET_CRYPTO_EcdsaPrivateKey key;
593
597 struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
598};
599
600
601static enum GNUNET_GenericReturnValue
602block_create2 (const struct GNUNET_CRYPTO_PrivateKey *pkey,
603 struct GNUNET_TIME_Absolute expire,
604 const char *label,
605 const struct GNUNET_GNSRECORD_Data *rd,
606 unsigned int rd_count,
607 struct GNUNET_GNSRECORD_Block **result,
608 int sign)
609{
610 const struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
611 struct GNUNET_CRYPTO_EddsaPublicKey edpubkey;
612 enum GNUNET_GenericReturnValue res = GNUNET_SYSERR;
613 char *norm_label;
614#define CSIZE 64
615 static struct KeyCacheLine cache[CSIZE];
616 struct KeyCacheLine *line;
617
618 norm_label = GNUNET_GNSRECORD_string_normalize (label);
619
620 if (GNUNET_PUBLIC_KEY_TYPE_ECDSA == ntohl (pkey->type))
621 {
622 key = &pkey->ecdsa_key;
623
624 line = &cache[(*(unsigned int *) key) % CSIZE];
625 if (0 != memcmp (&line->key,
626 key,
627 sizeof(*key)))
628 {
629 /* cache miss, recompute */
630 line->key = *key;
631 GNUNET_CRYPTO_ecdsa_key_get_public (key,
632 &line->pkey);
633 }
634 res = block_create_ecdsa (key,
635 &line->pkey,
636 expire,
637 norm_label,
638 rd,
639 rd_count,
640 result,
641 sign);
642 }
643 else if (GNUNET_PUBLIC_KEY_TYPE_EDDSA == ntohl (pkey->type))
644 {
645 GNUNET_CRYPTO_eddsa_key_get_public (&pkey->eddsa_key,
646 &edpubkey);
647 res = block_create_eddsa (&pkey->eddsa_key,
648 &edpubkey,
649 expire,
650 norm_label,
651 rd,
652 rd_count,
653 result,
654 sign);
655 }
656#undef CSIZE
657 GNUNET_free (norm_label);
658 return res;
659}
660
661
662enum GNUNET_GenericReturnValue
663GNUNET_GNSRECORD_block_create_unsigned (const struct
664 GNUNET_CRYPTO_PrivateKey *pkey,
665 struct GNUNET_TIME_Absolute expire,
666 const char *label,
667 const struct GNUNET_GNSRECORD_Data *rd,
668 unsigned int rd_count,
669 struct GNUNET_GNSRECORD_Block **result)
670{
671 return block_create2 (pkey, expire, label, rd, rd_count, result, GNUNET_NO);
672}
673
674
675enum GNUNET_GenericReturnValue
676GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_PrivateKey *pkey,
677 struct GNUNET_TIME_Absolute expire,
678 const char *label,
679 const struct GNUNET_GNSRECORD_Data *rd,
680 unsigned int rd_count,
681 struct GNUNET_GNSRECORD_Block **result)
682{
683 return block_create2 (pkey, expire, label, rd, rd_count, result, GNUNET_YES);
684}
685
686
694enum GNUNET_GenericReturnValue
695GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
696{
697 struct GNRBlockPS *purp;
698 size_t payload_len = ntohl (block->size)
699 - sizeof (struct GNUNET_GNSRECORD_Block);
700 enum GNUNET_GenericReturnValue res = GNUNET_NO;
701 purp = GNUNET_malloc (sizeof (struct GNRBlockPS) + payload_len);
702 purp->purpose.size = htonl (sizeof (struct GNRBlockPS) + payload_len);
703 purp->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
704 GNUNET_memcpy (&purp[1],
705 &block[1],
706 payload_len);
707 switch (ntohl (block->type))
708 {
709 case GNUNET_GNSRECORD_TYPE_PKEY:
710 purp->expiration_time = block->ecdsa_block.expiration_time;
711 res = GNUNET_CRYPTO_ecdsa_verify_ (
712 GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
713 &purp->purpose,
714 &block->ecdsa_block.signature,
715 &block->ecdsa_block.derived_key);
716 break;
717 case GNUNET_GNSRECORD_TYPE_EDKEY:
718 purp->expiration_time = block->eddsa_block.expiration_time;
719 res = GNUNET_CRYPTO_eddsa_verify_ (
720 GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
721 &purp->purpose,
722 &block->eddsa_block.signature,
723 &block->eddsa_block.derived_key);
724 break;
725 default:
726 res = GNUNET_NO;
727 }
728 GNUNET_free (purp);
729 return res;
730}
731
732
733static enum GNUNET_GenericReturnValue
734block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_Block *block,
735 const struct
736 GNUNET_CRYPTO_EcdsaPublicKey *zone_key,
737 const char *label,
738 GNUNET_GNSRECORD_RecordCallback proc,
739 void *proc_cls)
740{
741 size_t payload_len = ntohl (block->size) - sizeof (struct
742 GNUNET_GNSRECORD_Block);
743 unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
744 unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
745
746 if (ntohl (block->size) <
747 sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
748 + sizeof(struct GNUNET_TIME_AbsoluteNBO))
749 {
750 GNUNET_break_op (0);
751 return GNUNET_SYSERR;
752 }
753 GNR_derive_block_aes_key (ctr,
754 key,
755 label,
756 block->ecdsa_block.expiration_time.abs_value_us__,
757 zone_key);
758 {
759 char payload[payload_len];
760 unsigned int rd_count;
761
762 GNUNET_assert (payload_len ==
763 ecdsa_symmetric_decrypt (&block[1], payload_len,
764 key, ctr,
765 payload));
766 rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len,
767 payload);
768 if (rd_count > 2048)
769 {
770 /* limit to sane value */
771 GNUNET_break_op (0);
772 return GNUNET_SYSERR;
773 }
774 {
775 struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
776 unsigned int j;
777 struct GNUNET_TIME_Absolute now;
778
779 if (GNUNET_OK !=
780 GNUNET_GNSRECORD_records_deserialize (payload_len,
781 payload,
782 rd_count,
783 rd))
784 {
785 GNUNET_break_op (0);
786 return GNUNET_SYSERR;
787 }
788 /* hide expired records */
789 now = GNUNET_TIME_absolute_get ();
790 j = 0;
791 for (unsigned int i = 0; i < rd_count; i++)
792 {
793 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
794 {
795 /* encrypted blocks must never have relative expiration times, skip! */
796 GNUNET_break_op (0);
797 continue;
798 }
799
800 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW))
801 {
802 int include_record = GNUNET_YES;
803 /* Shadow record, figure out if we have a not expired active record */
804 for (unsigned int k = 0; k < rd_count; k++)
805 {
806 if (k == i)
807 continue;
808 if (rd[i].expiration_time < now.abs_value_us)
809 include_record = GNUNET_NO; /* Shadow record is expired */
810 if ((rd[k].record_type == rd[i].record_type) &&
811 (rd[k].expiration_time >= now.abs_value_us) &&
812 (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW)))
813 {
814 include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
815 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
816 "Ignoring shadow record\n");
817 break;
818 }
819 }
820 if (GNUNET_YES == include_record)
821 {
822 rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW; /* Remove Flag */
823 if (j != i)
824 rd[j] = rd[i];
825 j++;
826 }
827 }
828 else if (rd[i].expiration_time >= now.abs_value_us)
829 {
830 /* Include this record */
831 if (j != i)
832 rd[j] = rd[i];
833 j++;
834 }
835 else
836 {
837 struct GNUNET_TIME_Absolute at;
838
839 at.abs_value_us = rd[i].expiration_time;
840 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
841 "Excluding record that expired %s (%llu ago)\n",
842 GNUNET_STRINGS_absolute_time_to_string (at),
843 (unsigned long long) rd[i].expiration_time
844 - now.abs_value_us);
845 }
846 }
847 rd_count = j;
848 if (NULL != proc)
849 proc (proc_cls,
850 rd_count,
851 (0 != rd_count) ? rd : NULL);
852 }
853 }
854 return GNUNET_OK;
855}
856
857
858static enum GNUNET_GenericReturnValue
859block_decrypt_eddsa (const struct GNUNET_GNSRECORD_Block *block,
860 const struct
861 GNUNET_CRYPTO_EddsaPublicKey *zone_key,
862 const char *label,
863 GNUNET_GNSRECORD_RecordCallback proc,
864 void *proc_cls)
865{
866 size_t payload_len = ntohl (block->size) - sizeof (struct
867 GNUNET_GNSRECORD_Block);
868 unsigned char nonce[crypto_secretbox_NONCEBYTES];
869 unsigned char key[crypto_secretbox_KEYBYTES];
870
871 if (ntohl (block->size) <
872 sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
873 + sizeof(struct GNUNET_TIME_AbsoluteNBO))
874 {
875 GNUNET_break_op (0);
876 return GNUNET_SYSERR;
877 }
878 GNR_derive_block_xsalsa_key (nonce,
879 key,
880 label,
881 block->eddsa_block.expiration_time.abs_value_us__
882 ,
883 zone_key);
884 {
885 char payload[payload_len];
886 unsigned int rd_count;
887
888 GNUNET_assert (GNUNET_OK ==
889 eddsa_symmetric_decrypt (&block[1], payload_len,
890 key, nonce,
891 payload));
892 payload_len -= crypto_secretbox_MACBYTES;
893 rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len,
894 payload);
895 if (rd_count > 2048)
896 {
897 /* limit to sane value */
898 GNUNET_break_op (0);
899 return GNUNET_SYSERR;
900 }
901 {
902 struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
903 unsigned int j;
904 struct GNUNET_TIME_Absolute now;
905
906 if (GNUNET_OK !=
907 GNUNET_GNSRECORD_records_deserialize (payload_len,
908 payload,
909 rd_count,
910 rd))
911 {
912 GNUNET_break_op (0);
913 return GNUNET_SYSERR;
914 }
915 /* hide expired records */
916 now = GNUNET_TIME_absolute_get ();
917 j = 0;
918 for (unsigned int i = 0; i < rd_count; i++)
919 {
920 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
921 {
922 /* encrypted blocks must never have relative expiration times, skip! */
923 GNUNET_break_op (0);
924 continue;
925 }
926
927 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW))
928 {
929 int include_record = GNUNET_YES;
930 /* Shadow record, figure out if we have a not expired active record */
931 for (unsigned int k = 0; k < rd_count; k++)
932 {
933 if (k == i)
934 continue;
935 if (rd[i].expiration_time < now.abs_value_us)
936 include_record = GNUNET_NO; /* Shadow record is expired */
937 if ((rd[k].record_type == rd[i].record_type) &&
938 (rd[k].expiration_time >= now.abs_value_us) &&
939 (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW)))
940 {
941 include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
942 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
943 "Ignoring shadow record\n");
944 break;
945 }
946 }
947 if (GNUNET_YES == include_record)
948 {
949 rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW; /* Remove Flag */
950 if (j != i)
951 rd[j] = rd[i];
952 j++;
953 }
954 }
955 else if (rd[i].expiration_time >= now.abs_value_us)
956 {
957 /* Include this record */
958 if (j != i)
959 rd[j] = rd[i];
960 j++;
961 }
962 else
963 {
964 struct GNUNET_TIME_Absolute at;
965
966 at.abs_value_us = rd[i].expiration_time;
967 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
968 "Excluding record that expired %s (%llu ago)\n",
969 GNUNET_STRINGS_absolute_time_to_string (at),
970 (unsigned long long) rd[i].expiration_time
971 - now.abs_value_us);
972 }
973 }
974 rd_count = j;
975 if (NULL != proc)
976 proc (proc_cls,
977 rd_count,
978 (0 != rd_count) ? rd : NULL);
979 }
980 }
981 return GNUNET_OK;
982}
983
984
985enum GNUNET_GenericReturnValue
986GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
987 const struct
988 GNUNET_CRYPTO_PublicKey *zone_key,
989 const char *label,
990 GNUNET_GNSRECORD_RecordCallback proc,
991 void *proc_cls)
992{
993 enum GNUNET_GenericReturnValue res = GNUNET_SYSERR;
994 char *norm_label;
995
996 norm_label = GNUNET_GNSRECORD_string_normalize (label);
997 switch (ntohl (zone_key->type))
998 {
999 case GNUNET_PUBLIC_KEY_TYPE_ECDSA:
1000 res = block_decrypt_ecdsa (block,
1001 &zone_key->ecdsa_key, norm_label, proc,
1002 proc_cls);
1003 break;
1004 case GNUNET_PUBLIC_KEY_TYPE_EDDSA:
1005 res = block_decrypt_eddsa (block,
1006 &zone_key->eddsa_key, norm_label, proc,
1007 proc_cls);
1008 break;
1009 default:
1010 res = GNUNET_SYSERR;
1011 }
1012 GNUNET_free (norm_label);
1013 return res;
1014}
1015
1016
1024void
1025GNUNET_GNSRECORD_query_from_private_key (const struct
1026 GNUNET_CRYPTO_PrivateKey *zone,
1027 const char *label,
1028 struct GNUNET_HashCode *query)
1029{
1030 char *norm_label;
1031 struct GNUNET_CRYPTO_PublicKey pub;
1032
1033 norm_label = GNUNET_GNSRECORD_string_normalize (label);
1034 switch (ntohl (zone->type))
1035 {
1036 case GNUNET_GNSRECORD_TYPE_PKEY:
1037 case GNUNET_GNSRECORD_TYPE_EDKEY:
1038
1039 GNUNET_CRYPTO_key_get_public (zone,
1040 &pub);
1041 GNUNET_GNSRECORD_query_from_public_key (&pub,
1042 norm_label,
1043 query);
1044 break;
1045 default:
1046 GNUNET_assert (0);
1047 }
1048 GNUNET_free (norm_label);
1049}
1050
1051
1052void
1053GNUNET_GNSRECORD_query_from_public_key (const struct
1054 GNUNET_CRYPTO_PublicKey *pub,
1055 const char *label,
1056 struct GNUNET_HashCode *query)
1057{
1058 char *norm_label;
1059 struct GNUNET_CRYPTO_PublicKey pd;
1060
1061 norm_label = GNUNET_GNSRECORD_string_normalize (label);
1062
1063 switch (ntohl (pub->type))
1064 {
1065 case GNUNET_GNSRECORD_TYPE_PKEY:
1066 pd.type = pub->type;
1067 GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key,
1068 norm_label,
1069 "gns",
1070 &pd.ecdsa_key);
1071 GNUNET_CRYPTO_hash (&pd.ecdsa_key,
1072 sizeof (pd.ecdsa_key),
1073 query);
1074 break;
1075 case GNUNET_GNSRECORD_TYPE_EDKEY:
1076 pd.type = pub->type;
1077 GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key,
1078 norm_label,
1079 "gns",
1080 &(pd.eddsa_key));
1081 GNUNET_CRYPTO_hash (&pd.eddsa_key,
1082 sizeof (pd.eddsa_key),
1083 query);
1084 break;
1085 default:
1086 GNUNET_assert (0);
1087 }
1088 GNUNET_free (norm_label);
1089}
1090
1091
1092/* end of gnsrecord_crypto.c */
block_get_size_eddsa
static ssize_t block_get_size_eddsa(const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
Definition: gnsrecord_crypto.c:406
block_sign_ecdsa
static enum GNUNET_GenericReturnValue block_sign_ecdsa(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
Definition: gnsrecord_crypto.c:200
GNR_derive_block_xsalsa_key
void GNR_derive_block_xsalsa_key(unsigned char *nonce, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Derive session key and iv from label and public key.
Definition: gnsrecord_crypto.c:158
block_create_ecdsa
static enum GNUNET_GenericReturnValue block_create_ecdsa(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
Sign name and records.
Definition: gnsrecord_crypto.c:324
ecdsa_symmetric_encrypt
static ssize_t ecdsa_symmetric_encrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
Definition: gnsrecord_crypto.c:61
eddsa_symmetric_encrypt
static enum GNUNET_GenericReturnValue eddsa_symmetric_encrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
Definition: gnsrecord_crypto.c:112
block_create_eddsa
static enum GNUNET_GenericReturnValue block_create_eddsa(const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
Sign name and records (EDDSA version)
Definition: gnsrecord_crypto.c:434
block_create2
static enum GNUNET_GenericReturnValue block_create2(const struct GNUNET_CRYPTO_PrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result, int sign)
Definition: gnsrecord_crypto.c:602
ecdsa_symmetric_decrypt
static ssize_t ecdsa_symmetric_decrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
Definition: gnsrecord_crypto.c:34
GNR_derive_block_aes_key
void GNR_derive_block_aes_key(unsigned char *ctr, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Derive session key and iv from label and public key.
Definition: gnsrecord_crypto.c:129
block_sign_eddsa
static enum GNUNET_GenericReturnValue block_sign_eddsa(const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
Definition: gnsrecord_crypto.c:241
block_decrypt_eddsa
static enum GNUNET_GenericReturnValue block_decrypt_eddsa(const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_EddsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
Definition: gnsrecord_crypto.c:859
CSIZE
#define CSIZE
block_get_size_ecdsa
static ssize_t block_get_size_ecdsa(const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
Definition: gnsrecord_crypto.c:186
eddsa_symmetric_decrypt
static enum GNUNET_GenericReturnValue eddsa_symmetric_decrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
Definition: gnsrecord_crypto.c:88
block_decrypt_ecdsa
static enum GNUNET_GenericReturnValue block_decrypt_ecdsa(const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
Definition: gnsrecord_crypto.c:734
gnsrecord_crypto.h
API for GNS record-related crypto.
line
static char * line
Desired phone line (string to be converted to a hash).
Definition: gnunet-conversation.c:155
key
struct GNUNET_HashCode key
The key used in the DHT.
Definition: gnunet-dht-put.c:37
expire
static char * expire
DID Document expiration Date Attribute String.
Definition: gnunet-did.c:97
pkey
static char * pkey
Public key of the zone to look in, in ASCII.
Definition: gnunet-namecache.c:58
rd_count
static unsigned int rd_count
Number of records for currently parsed set.
Definition: gnunet-namestore-zonefile.c:61
res
static char * res
Currently read line or NULL on EOF.
Definition: gnunet-namestore-zonefile.c:76
rd
static struct GNUNET_GNSRECORD_Data rd[50]
The record data under a single label.
Definition: gnunet-namestore-zonefile.c:46
result
static int result
Global testing status.
Definition: gnunet-regex-profiler.c:240
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:47
payload
static unsigned long long payload
How much data are we currently storing in the database?
Definition: gnunet-service-datastore.c:183
handle
static struct GNUNET_VPN_Handle * handle
Handle to vpn service.
Definition: gnunet-vpn.c:35
t
static struct GNUNET_SCHEDULER_Task * t
Main task.
Definition: gnunet-zoneimport.c:293
GNUNET_CRYPTO_ecdsa_public_key_derive
void GNUNET_CRYPTO_ecdsa_public_key_derive(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition: crypto_ecc_gnsrecord.c:247
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:201
GNUNET_CRYPTO_ecdsa_verify_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Verify ECDSA signature.
Definition: crypto_ecc.c:649
GNUNET_CRYPTO_eddsa_public_key_derive
void GNUNET_CRYPTO_eddsa_public_key_derive(const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition: crypto_ecc_gnsrecord.c:388
GNUNET_CRYPTO_ecdsa_key_get_public
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:190
GNUNET_CRYPTO_eddsa_verify_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:708
GNUNET_GNSRECORD_query_from_public_key
void GNUNET_GNSRECORD_query_from_public_key(const struct GNUNET_CRYPTO_PublicKey *pub, const char *label, struct GNUNET_HashCode *query)
Calculate the DHT query for a given label in a given zone.
Definition: gnsrecord_crypto.c:1053
GNUNET_GNSRECORD_MAX_BLOCK_SIZE
#define GNUNET_GNSRECORD_MAX_BLOCK_SIZE
Maximum size of a value that can be stored in a GNS block.
Definition: gnunet_gnsrecord_lib.h:60
GNUNET_GNSRECORD_block_create
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create(const struct GNUNET_CRYPTO_PrivateKey *key, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
Sign name and records.
Definition: gnsrecord_crypto.c:539
GNUNET_GNSRECORD_block_calculate_size
ssize_t GNUNET_GNSRECORD_block_calculate_size(const struct GNUNET_CRYPTO_PrivateKey *key, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
Get size of buffer for block creation.
Definition: gnsrecord_crypto.c:512
GNUNET_GNSRECORD_records_deserialize
int GNUNET_GNSRECORD_records_deserialize(size_t len, const char *src, unsigned int rd_count, struct GNUNET_GNSRECORD_Data *dest)
Deserialize the given records to the given destination.
Definition: gnsrecord_serialization.c:244
GNUNET_GNSRECORD_block_create_unsigned
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create_unsigned(const struct GNUNET_CRYPTO_PrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
Create name and records but do not sign! Sign later with GNUNET_GNSRECORD_block_sign().
Definition: gnsrecord_crypto.c:663
GNUNET_GNSRECORD_records_serialize
ssize_t GNUNET_GNSRECORD_records_serialize(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd, size_t dest_size, char *dest)
Serialize the given records to the given destination buffer.
Definition: gnsrecord_serialization.c:136
GNUNET_GNSRECORD_query_from_private_key
void GNUNET_GNSRECORD_query_from_private_key(const struct GNUNET_CRYPTO_PrivateKey *zone, const char *label, struct GNUNET_HashCode *query)
Calculate the DHT query for a given label in a given zone.
Definition: gnsrecord_crypto.c:1025
GNUNET_GNSRECORD_block_decrypt
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_decrypt(const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_PublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
Decrypt block.
Definition: gnsrecord_crypto.c:986
GNUNET_GNSRECORD_block_verify
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_verify(const struct GNUNET_GNSRECORD_Block *block)
Check if a signature is valid.
Definition: gnsrecord_crypto.c:695
GNUNET_GNSRECORD_records_deserialize_get_size
unsigned int GNUNET_GNSRECORD_records_deserialize_get_size(size_t len, const char *src)
Definition: gnsrecord_serialization.c:199
GNUNET_GNSRECORD_RecordCallback
void(* GNUNET_GNSRECORD_RecordCallback)(void *cls, unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd)
Process a records that were decrypted from a block.
Definition: gnunet_gnsrecord_lib.h:389
GNUNET_GNSRECORD_records_get_size
ssize_t GNUNET_GNSRECORD_records_get_size(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd)
Calculate how many bytes we will need to serialize the given records.
Definition: gnsrecord_serialization.c:78
GNUNET_GNSRECORD_block_sign
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_sign(const struct GNUNET_CRYPTO_PrivateKey *key, const char *label, struct GNUNET_GNSRECORD_Block *block)
Sign a block create with GNUNET_GNSRECORD_block_create_unsigned.
Definition: gnsrecord_crypto.c:275
GNUNET_GNSRECORD_block_create2
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create2(const struct GNUNET_CRYPTO_PrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
Sign name and records, cache derived public key (also keeps the private key in static memory,...
Definition: gnsrecord_crypto.c:676
GNUNET_GNSRECORD_string_normalize
char * GNUNET_GNSRECORD_string_normalize(const char *src)
Normalize a UTF-8 string to a GNS name.
Definition: gnsrecord_misc.c:36
GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION
@ GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION
This expiration time of the record is a relative time (not an absolute time).
Definition: gnunet_gnsrecord_lib.h:132
GNUNET_GNSRECORD_RF_SHADOW
@ GNUNET_GNSRECORD_RF_SHADOW
This record should not be used unless all (other) records in the set with an absolute expiration time...
Definition: gnunet_gnsrecord_lib.h:116
GNUNET_CRYPTO_hash
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
GNUNET_CRYPTO_kdf
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:62
GNUNET_log
#define GNUNET_log(kind,...)
Definition: gnunet_common.h:548
GNUNET_NZL
#define GNUNET_NZL(l)
Macro used to avoid using 0 for the length of a variable-size array (Non-Zero-Length).
Definition: gnunet_common.h:232
GNUNET_CRYPTO_eddsa_sign_derived
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_derived(const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey, const char *label, const char *context, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
This is a signature function for EdDSA which takes a private key and derives it using the label and c...
Definition: crypto_ecc_gnsrecord.c:78
GNUNET_CRYPTO_key_get_public
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_key_get_public(const struct GNUNET_CRYPTO_PrivateKey *privkey, struct GNUNET_CRYPTO_PublicKey *key)
Retrieves the public key representation of a private key.
Definition: crypto_pkey.c:430
GNUNET_CRYPTO_AES_KEY_LENGTH
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)
Definition: gnunet_crypto_lib.h:110
GNUNET_CRYPTO_ecdsa_sign_derived
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_derived(const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, const char *label, const char *context, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
This is a signature function for ECDSA which takes a private key, derives/blinds it and signs the mes...
Definition: crypto_ecc_gnsrecord.c:181
GNUNET_memcpy
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
Definition: gnunet_common.h:1316
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:108
GNUNET_PUBLIC_KEY_TYPE_EDDSA
@ GNUNET_PUBLIC_KEY_TYPE_EDDSA
EDDSA identity.
Definition: gnunet_crypto_lib.h:391
GNUNET_PUBLIC_KEY_TYPE_ECDSA
@ GNUNET_PUBLIC_KEY_TYPE_ECDSA
The identity type.
Definition: gnunet_crypto_lib.h:385
GNUNET_OK
@ GNUNET_OK
Definition: gnunet_common.h:111
GNUNET_YES
@ GNUNET_YES
Definition: gnunet_common.h:113
GNUNET_NO
@ GNUNET_NO
Definition: gnunet_common.h:110
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition: gnunet_common.h:109
GNUNET_break_op
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
Definition: gnunet_common.h:1063
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition: gnunet_common.h:956
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition: gnunet_common.h:1041
GNUNET_ERROR_TYPE_INFO
@ GNUNET_ERROR_TYPE_INFO
Definition: gnunet_common.h:420
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition: gnunet_common.h:1351
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition: gnunet_common.h:1411
GNUNET_TIME_absolute_get
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:111
GNUNET_TIME_absolute_add
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:452
GNUNET_TIME_absolute_hton
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition: time.c:640
GNUNET_STRINGS_absolute_time_to_string
const char * GNUNET_STRINGS_absolute_time_to_string(struct GNUNET_TIME_Absolute t)
Like asctime, except for GNUnet time.
Definition: strings.c:640
size
static unsigned int size
Size of the "table".
Definition: peer.c:68
GNUNET_GNSRECORD_TYPE_PKEY
#define GNUNET_GNSRECORD_TYPE_PKEY
WARNING: This header is generated! In order to add GNS record types, you must register them in GANA,...
Definition: gnu_name_system_record_types.h:43
GNUNET_GNSRECORD_TYPE_EDKEY
#define GNUNET_GNSRECORD_TYPE_EDKEY
GNS zone delegation (EDKEY)
Definition: gnu_name_system_record_types.h:157
GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN
#define GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN
GNS record set signature (GNS)
Definition: gnunet_signatures.h:124
GNRBlockPS
Information we have in an encrypted block with record data (i.e.
Definition: gnsrecord_crypto.h:39
GNRBlockPS::purpose
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Number of bytes signed; also specifies the number of bytes of encrypted data that follow.
Definition: gnsrecord_crypto.h:44
GNRBlockPS::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition: gnsrecord_crypto.h:49
GNUNET_CRYPTO_EccSignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition: gnunet_crypto_lib.h:141
GNUNET_CRYPTO_EccSignaturePurpose::size
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...
Definition: gnunet_crypto_lib.h:147
GNUNET_CRYPTO_EccSignaturePurpose::purpose
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Definition: gnunet_crypto_lib.h:155
GNUNET_CRYPTO_EcdsaPrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:266
GNUNET_CRYPTO_EcdsaPublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
Definition: gnunet_crypto_lib.h:216
GNUNET_CRYPTO_EddsaPrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:278
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition: gnunet_crypto_lib.h:201
GNUNET_CRYPTO_PrivateKey
A private key for an identity as per LSD0001.
Definition: gnunet_crypto_lib.h:400
GNUNET_CRYPTO_PrivateKey::type
uint32_t type
Type of public key.
Definition: gnunet_crypto_lib.h:406
GNUNET_CRYPTO_PublicKey
An identity key as per LSD0001.
Definition: gnunet_crypto_lib.h:427
GNUNET_CRYPTO_PublicKey::type
uint32_t type
Type of public key.
Definition: gnunet_crypto_lib.h:433
GNUNET_CRYPTO_PublicKey::ecdsa_key
struct GNUNET_CRYPTO_EcdsaPublicKey ecdsa_key
An ECDSA identity key.
Definition: gnunet_crypto_lib.h:440
GNUNET_CRYPTO_PublicKey::eddsa_key
struct GNUNET_CRYPTO_EddsaPublicKey eddsa_key
AN EdDSA identtiy key.
Definition: gnunet_crypto_lib.h:445
GNUNET_GNSRECORD_Block
Definition: gnunet_gnsrecord_lib.h:284
GNUNET_GNSRECORD_Block::type
uint32_t type
The zone type (GNUNET_GNSRECORD_TYPE_PKEY)
Definition: gnunet_gnsrecord_lib.h:293
GNUNET_GNSRECORD_Block::ecdsa_block
struct GNUNET_GNSRECORD_EcdsaBlock ecdsa_block
Definition: gnunet_gnsrecord_lib.h:297
GNUNET_GNSRECORD_Block::eddsa_block
struct GNUNET_GNSRECORD_EddsaBlock eddsa_block
Definition: gnunet_gnsrecord_lib.h:298
GNUNET_GNSRECORD_Block::size
uint32_t size
Size of the block.
Definition: gnunet_gnsrecord_lib.h:288
GNUNET_GNSRECORD_Data
A GNS record.
Definition: gnunet_gnsrecord_lib.h:177
GNUNET_GNSRECORD_Data::flags
enum GNUNET_GNSRECORD_Flags flags
Flags for the record.
Definition: gnunet_gnsrecord_lib.h:205
GNUNET_GNSRECORD_Data::expiration_time
uint64_t expiration_time
Expiration time for the DNS record.
Definition: gnunet_gnsrecord_lib.h:190
GNUNET_GNSRECORD_EcdsaBlock
Information we have in an encrypted block with record data (i.e.
Definition: gnunet_gnsrecord_lib.h:238
GNUNET_GNSRECORD_EcdsaBlock::signature
struct GNUNET_CRYPTO_EcdsaSignature signature
Signature of the block.
Definition: gnunet_gnsrecord_lib.h:247
GNUNET_GNSRECORD_EcdsaBlock::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition: gnunet_gnsrecord_lib.h:252
GNUNET_GNSRECORD_EcdsaBlock::derived_key
struct GNUNET_CRYPTO_EcdsaPublicKey derived_key
Derived key used for signing; hash of this is the query.
Definition: gnunet_gnsrecord_lib.h:242
GNUNET_GNSRECORD_EddsaBlock
Information we have in an encrypted block with record data (i.e.
Definition: gnunet_gnsrecord_lib.h:262
GNUNET_GNSRECORD_EddsaBlock::derived_key
struct GNUNET_CRYPTO_EddsaPublicKey derived_key
Derived key used for signing; hash of this is the query.
Definition: gnunet_gnsrecord_lib.h:266
GNUNET_GNSRECORD_EddsaBlock::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition: gnunet_gnsrecord_lib.h:276
GNUNET_GNSRECORD_EddsaBlock::signature
struct GNUNET_CRYPTO_EddsaSignature signature
Signature of the block.
Definition: gnunet_gnsrecord_lib.h:271
GNUNET_HashCode
A 512-bit hashcode.
Definition: gnunet_common.h:284
GNUNET_TIME_AbsoluteNBO
Time for absolute time used by GNUnet, in microseconds and in network byte order.
Definition: gnunet_time_lib.h:106
GNUNET_TIME_AbsoluteNBO::abs_value_us__
uint64_t abs_value_us__
The actual value (in network byte order).
Definition: gnunet_time_lib.h:111
GNUNET_TIME_Absolute
Time for absolute times used by GNUnet, in microseconds.
Definition: gnunet_time_lib.h:54
GNUNET_TIME_Absolute::abs_value_us
uint64_t abs_value_us
The actual value.
Definition: gnunet_time_lib.h:59
GNUNET_TIME_Relative
Time for relative time used by GNUnet, in microseconds.
Definition: gnunet_time_lib.h:79
KeyCacheLine
Line in cache mapping private keys to public keys.
Definition: gnsrecord_crypto.c:588
KeyCacheLine::pkey
struct GNUNET_CRYPTO_EcdsaPublicKey pkey
Associated public key.
Definition: gnsrecord_crypto.c:597
KeyCacheLine::key
struct GNUNET_CRYPTO_EcdsaPrivateKey key
A private key.
Definition: gnsrecord_crypto.c:592