GNUnet  0.11.x
gnsrecord_crypto.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2009-2013, 2018 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
28 #include "platform.h"
29 #include "gnunet_util_lib.h"
30 #include "gnunet_constants.h"
31 #include "gnunet_signatures.h"
32 #include "gnunet_arm_service.h"
33 #include "gnunet_gnsrecord_lib.h"
34 #include "gnunet_dnsparser_lib.h"
35 #include "gnunet_tun_lib.h"
36 
37 
38 #define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)
39 
40 ssize_t
42  const void *block,
43  size_t size,
44  const unsigned char *key,
45  const unsigned char *ctr,
46  void *result)
47 {
48  gcry_cipher_hd_t handle;
49  int rc;
50 
51  GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
52  GCRY_CIPHER_MODE_CTR, 0));
53  rc = gcry_cipher_setkey (handle,
54  key,
56  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
57  rc = gcry_cipher_setctr (handle,
58  ctr,
60  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
61  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, block, size));
62  gcry_cipher_close (handle);
63  return size;
64 }
65 
66 
67 
68 ssize_t
70  const void *block,
71  size_t size,
72  const unsigned char *key,
73  const unsigned char *ctr,
74  void *result)
75 {
76  gcry_cipher_hd_t handle;
77  int rc;
78 
79  GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
80  GCRY_CIPHER_MODE_CTR, 0));
81  rc = gcry_cipher_setkey (handle,
82  key,
84  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
85  rc = gcry_cipher_setctr (handle,
86  ctr,
88  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
89  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, block, size));
90  gcry_cipher_close (handle);
91  return size;
92 }
93 
94 
95 
104 static void
105 derive_block_aes_key (unsigned char *ctr,
106  unsigned char *key,
107  const char *label,
108  uint64_t exp,
109  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
110 {
111  static const char ctx_key[] = "gns-aes-ctx-key";
112  static const char ctx_iv[] = "gns-aes-ctx-iv";
113 
115  ctx_key, strlen (ctx_key),
116  pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
117  label, strlen (label),
118  NULL, 0);
119  memset (ctr, 0, GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
121  GNUNET_CRYPTO_kdf (ctr, 4,
122  ctx_iv, strlen (ctx_iv),
123  pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
124  label, strlen (label),
125  NULL, 0);
127  memcpy (ctr + 4, &exp, sizeof (exp));
129  ctr[15] |= 0x01;
130 }
131 
132 
144 static struct GNUNET_GNSRECORD_Block *
146  const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey,
148  const char *label,
149  const struct GNUNET_GNSRECORD_Data *rd,
150  unsigned int rd_count)
151 {
152  ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
153  rd);
154  struct GNUNET_GNSRECORD_Block *block;
155  struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
156  struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
157  unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
158  unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
159  struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
160  uint32_t rd_count_nbo;
161  struct GNUNET_TIME_Absolute now;
162 
163  if (payload_len < 0)
164  {
165  GNUNET_break (0);
166  return NULL;
167  }
168  if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
169  {
170  GNUNET_break (0);
171  return NULL;
172  }
173  /* convert relative to absolute times */
174  now = GNUNET_TIME_absolute_get ();
175  for (unsigned int i = 0; i < rd_count; i++)
176  {
177  rdc[i] = rd[i];
178  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
179  {
180  struct GNUNET_TIME_Relative t;
181 
182  /* encrypted blocks must never have relative expiration times, convert! */
183  rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
184  t.rel_value_us = rdc[i].expiration_time;
186  }
187  }
188  /* serialize */
189  rd_count_nbo = htonl (rd_count);
190  {
191  char payload[sizeof(uint32_t) + payload_len];
192 
194  &rd_count_nbo,
195  sizeof(uint32_t));
196  GNUNET_assert (payload_len ==
198  rdc,
199  payload_len,
200  &payload[sizeof(uint32_t)
201  ]));
202  block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block)
203  + sizeof(uint32_t)
204  + payload_len);
205  ecblock = &block->ecdsa_block;
206  block->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
207  ecblock->purpose.size = htonl (sizeof(uint32_t)
208  + payload_len
209  + sizeof(struct
211  + sizeof(struct GNUNET_TIME_AbsoluteNBO));
213  ecblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
214  /* encrypt and sign */
216  label,
217  "gns");
219  &ecblock->derived_key);
221  skey,
222  label,
224  pkey);
225  GNUNET_break (payload_len + sizeof(uint32_t) ==
227  payload_len
228  + sizeof(uint32_t),
229  skey,
230  ctr,
231  &ecblock[1]));
232  }
233  if (GNUNET_OK !=
235  &ecblock->purpose,
236  &ecblock->signature))
237  {
238  GNUNET_break (0);
239  GNUNET_free (dkey);
240  GNUNET_free (block);
241  return NULL;
242  }
243  GNUNET_free (dkey);
244  return block;
245 }
246 
247 
258 struct GNUNET_GNSRECORD_Block *
261  const char *label,
262  const struct GNUNET_GNSRECORD_Data *rd,
263  unsigned int rd_count)
264 {
265  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
266 
267  switch (ntohl (key->type))
268  {
271  &pkey);
272  return block_create_ecdsa (&key->ecdsa_key,
273  &pkey,
274  expire,
275  label,
276  rd,
277  rd_count);
278  default:
279  GNUNET_assert (0);
280  }
281  return NULL;
282 }
283 
284 
289 {
294 
299 };
300 
301 
314 struct GNUNET_GNSRECORD_Block *
317  const char *label,
318  const struct GNUNET_GNSRECORD_Data *rd,
319  unsigned int rd_count)
320 {
321  const struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
322 
323  if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (pkey->type))
324  {
325  return NULL; // FIXME
326  }
327  key = &pkey->ecdsa_key;
328 #define CSIZE 64
329  static struct KeyCacheLine cache[CSIZE];
330  struct KeyCacheLine *line;
331 
332  line = &cache[(*(unsigned int *) key) % CSIZE];
333  if (0 != memcmp (&line->key,
334  key,
335  sizeof(*key)))
336  {
337  /* cache miss, recompute */
338  line->key = *key;
340  &line->pkey);
341  }
342 #undef CSIZE
343  return block_create_ecdsa (key,
344  &line->pkey,
345  expire,
346  label,
347  rd,
348  rd_count);
349 }
350 
351 
361 {
362  const struct GNUNET_CRYPTO_EcdsaPublicKey *key;
363  const struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
364 
365  if (GNUNET_GNSRECORD_TYPE_PKEY != ntohl (block->type))
366  {
367  GNUNET_break (0);
368  return GNUNET_NO;
369  }
370  ecblock = &block->ecdsa_block;
371  key = &ecblock->derived_key;
372 
374  &ecblock->purpose,
375  &ecblock->signature,
376  key);
377 }
378 
379 
382  const struct
384  const char *label,
386  void *proc_cls)
387 {
388  size_t payload_len = ntohl (block->purpose.size)
389  - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
390  - sizeof(struct GNUNET_TIME_AbsoluteNBO);
391  unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
392  unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
393 
394  if (ntohl (block->purpose.size) <
395  sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
396  + sizeof(struct GNUNET_TIME_AbsoluteNBO))
397  {
398  GNUNET_break_op (0);
399  return GNUNET_SYSERR;
400  }
402  key,
403  label,
405  zone_key);
406  {
407  char payload[payload_len];
408  uint32_t rd_count;
409 
410  GNUNET_break (payload_len ==
411  ecdsa_symmetric_decrypt (&block[1], payload_len,
412  key, ctr,
413  payload));
414  GNUNET_memcpy (&rd_count,
415  payload,
416  sizeof(uint32_t));
417  rd_count = ntohl (rd_count);
418  if (rd_count > 2048)
419  {
420  /* limit to sane value */
421  GNUNET_break_op (0);
422  return GNUNET_SYSERR;
423  }
424  {
425  struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
426  unsigned int j;
427  struct GNUNET_TIME_Absolute now;
428 
429  if (GNUNET_OK !=
430  GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof(uint32_t),
431  &payload[sizeof(uint32_t)],
432  rd_count,
433  rd))
434  {
435  GNUNET_break_op (0);
436  return GNUNET_SYSERR;
437  }
438  /* hide expired records */
439  now = GNUNET_TIME_absolute_get ();
440  j = 0;
441  for (unsigned int i = 0; i < rd_count; i++)
442  {
443  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
444  {
445  /* encrypted blocks must never have relative expiration times, skip! */
446  GNUNET_break_op (0);
447  continue;
448  }
449 
450  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))
451  {
452  int include_record = GNUNET_YES;
453  /* Shadow record, figure out if we have a not expired active record */
454  for (unsigned int k = 0; k < rd_count; k++)
455  {
456  if (k == i)
457  continue;
458  if (rd[i].expiration_time < now.abs_value_us)
459  include_record = GNUNET_NO; /* Shadow record is expired */
460  if ((rd[k].record_type == rd[i].record_type) &&
461  (rd[k].expiration_time >= now.abs_value_us) &&
462  (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)))
463  {
464  include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
466  "Ignoring shadow record\n");
467  break;
468  }
469  }
470  if (GNUNET_YES == include_record)
471  {
472  rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */
473  if (j != i)
474  rd[j] = rd[i];
475  j++;
476  }
477  }
478  else if (rd[i].expiration_time >= now.abs_value_us)
479  {
480  /* Include this record */
481  if (j != i)
482  rd[j] = rd[i];
483  j++;
484  }
485  else
486  {
487  struct GNUNET_TIME_Absolute at;
488 
489  at.abs_value_us = rd[i].expiration_time;
491  "Excluding record that expired %s (%llu ago)\n",
493  (unsigned long long) rd[i].expiration_time
494  - now.abs_value_us);
495  }
496  }
497  rd_count = j;
498  if (NULL != proc)
499  proc (proc_cls,
500  rd_count,
501  (0 != rd_count) ? rd : NULL);
502  }
503  }
504  return GNUNET_OK;
505 }
506 
507 
521  const struct
522  GNUNET_IDENTITY_PublicKey *zone_key,
523  const char *label,
525  void *proc_cls)
526 {
527  const struct GNUNET_CRYPTO_EcdsaPublicKey *key;
528 
529  if (GNUNET_IDENTITY_TYPE_ECDSA != ntohl (zone_key->type))
530  {
531  return GNUNET_NO;
532  }
533  key = &zone_key->ecdsa_key;
534 
535  return block_decrypt_ecdsa (&block->ecdsa_block,
536  key, label, proc, proc_cls);
537 
538 }
539 
540 
548 void
551  const char *label,
552  struct GNUNET_HashCode *query)
553 {
554  struct GNUNET_IDENTITY_PublicKey pub;
555  switch (ntohl (zone->type))
556  {
558 
560  &pub);
562  label,
563  query);
564  break;
565  default:
566  GNUNET_assert (0);
567  }
568 }
569 
570 
578 void
581  const char *label,
582  struct GNUNET_HashCode *query)
583 {
584  struct GNUNET_IDENTITY_PublicKey pd;
585 
586  switch (ntohl (pub->type))
587  {
589  pd.type = pub->type;
591  label,
592  "gns",
593  &pd.ecdsa_key);
595  sizeof (pd.ecdsa_key),
596  query);
597  break;
598  default:
599  GNUNET_assert (0);
600  }
601 }
602 
603 
604 /* end of gnsrecord_crypto.c */
Information we have in an encrypted block with record data (i.e.
struct GNUNET_CRYPTO_EcdsaSignature signature
Signature of the block.
This record should not be used unless all (other) records with an absolute expiration time have expir...
void GNUNET_CRYPTO_ecdsa_public_key_derive(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition: crypto_ecc.c:963
GNUNET_NETWORK_STRUCT_END ssize_t GNUNET_GNSRECORD_records_get_size(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd)
Calculate how many bytes we will need to serialize the given records.
uint64_t rel_value_us
The actual value.
static char * pkey
Public key of the zone to look in, in ASCII.
struct GNUNET_CRYPTO_EcdsaPublicKey pkey
Associated public key.
uint32_t type
Type of public key.
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
struct GNUNET_GNSRECORD_EcdsaBlock ecdsa_block
ssize_t GNUNET_GNSRECORD_records_serialize(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd, size_t dest_size, char *dest)
Serialize the given records to the given destination buffer.
static void expire(void *cls)
Expire a PooledConnection object.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
#define GNUNET_GNSRECORD_MAX_BLOCK_SIZE
Maximum size of a value that can be stored in a GNS block.
A private key for an identity as per LSD0001.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
struct GNUNET_CRYPTO_EcdsaPublicKey derived_key
Derived key used for signing; hash of this is the query.
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:83
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:395
Private ECC key encoded for transmission.
int GNUNET_GNSRECORD_records_deserialize(size_t len, const char *src, unsigned int rd_count, struct GNUNET_GNSRECORD_Data *dest)
Deserialize the given records to the given destination.
Time for absolute time used by GNUnet, in microseconds and in network byte order. ...
ssize_t ecdsa_symmetric_encrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
uint64_t abs_value_us
The actual value.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
struct GNUNET_GNSRECORD_Block * GNUNET_GNSRECORD_block_create(const struct GNUNET_IDENTITY_PrivateKey *key, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
Sign name and records.
static char * zone
Name of the zone we manage.
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Number of bytes signed; also specifies the number of bytes of encrypted data that follow...
struct GNUNET_CRYPTO_EcdsaPrivateKey ecdsa_key
An ECDSA identity key.
static char * line
Desired phone line (string to be converted to a hash).
struct GNUNET_CRYPTO_EcdsaPrivateKey key
A private key.
#define GNUNET_GNSRECORD_TYPE_PKEY
Record type for GNS zone transfer ("PKEY").
static void derive_block_aes_key(unsigned char *ctr, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Derive session key and iv from label and public key.
#define CSIZE
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
struct GNUNET_CRYPTO_EcdsaPublicKey ecdsa_key
An ECDSA identity key.
uint64_t expiration_time
Expiration time for the DNS record.
static struct GNUNET_GNSRECORD_Block * block_create_ecdsa(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
Sign name and records.
struct GNUNET_GNSRECORD_Block * GNUNET_GNSRECORD_block_create2(const struct GNUNET_IDENTITY_PrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
Sign name and records, cache derived public key (also keeps the private key in static memory...
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_key_get_public(const struct GNUNET_IDENTITY_PrivateKey *privkey, struct GNUNET_IDENTITY_PublicKey *key)
Retrieves the public key representation of a private key.
Definition: identity_api.c:175
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
A 512-bit hashcode.
void GNUNET_GNSRECORD_query_from_public_key(const struct GNUNET_IDENTITY_PublicKey *pub, const char *label, struct GNUNET_HashCode *query)
Calculate the DHT query for a given label in a given zone.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:118
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_verify(const struct GNUNET_GNSRECORD_Block *block)
Check if a signature is valid.
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)
struct GNUNET_HashCode key
The key used in the DHT.
static unsigned int size
Size of the "table".
Definition: peer.c:67
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:176
uint32_t type
Type of public key.
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_decrypt(const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_IDENTITY_PublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
Decrypt block.
int GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition: crypto_ecc.c:645
static unsigned long long payload
How much data are we currently storing in the database?
void GNUNET_GNSRECORD_query_from_private_key(const struct GNUNET_IDENTITY_PrivateKey *zone, const char *label, struct GNUNET_HashCode *query)
Calculate the DHT query for a given label in a given zone.
int GNUNET_CRYPTO_ecdsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Verify ECDSA signature.
Definition: crypto_ecc.c:745
void(* GNUNET_GNSRECORD_RecordCallback)(void *cls, unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd)
Process a records that were decrypted from a block.
An identity key as per LSD0001.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
uint64_t abs_value_us__
The actual value (in network byte order).
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
#define GNUNET_log(kind,...)
#define GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN
Signature of a gnunet naming system record block.
enum GNUNET_GenericReturnValue block_decrypt_ecdsa(const struct GNUNET_GNSRECORD_EcdsaBlock *block, const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
Time for absolute times used by GNUnet, in microseconds.
Line in cache mapping private keys to public keys.
enum GNUNET_GNSRECORD_Flags flags
Flags for the record.
This expiration time of the record is a relative time (not an absolute time).
const char * GNUNET_STRINGS_absolute_time_to_string(struct GNUNET_TIME_Absolute t)
Like asctime, except for GNUnet time.
Definition: strings.c:758
ssize_t ecdsa_symmetric_decrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_private_key_derive(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
Derive a private key from a given private key and a label.
Definition: crypto_ecc.c:911
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition: time.c:657
int GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:90
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
Time for relative time used by GNUnet, in microseconds.