34 #define CURVE "Ed25519"
54 static const char *
const salt =
"key-derivation";
80 crypto_hash_sha512_state hs;
83 unsigned char hram[64];
86 unsigned char tmp[32];
96 crypto_hash_sha512_init (&hs);
106 memcpy (sk, priv.s, 64);
112 crypto_scalarmult_ed25519_base_noclamp (zk,
123 crypto_hash_sha512_update (&hs, sk + 32, 32);
124 crypto_hash_sha512_update (&hs, (uint8_t*) purpose, ntohl (purpose->size));
125 crypto_hash_sha512_final (&hs, r);
130 memcpy (sig->
s, zk, 32);
135 unsigned char r_mod[64];
136 crypto_core_ed25519_scalar_reduce (r_mod, r);
141 crypto_scalarmult_ed25519_base_noclamp (R, r_mod);
142 memcpy (sig->
r, R, sizeof (R));
148 crypto_hash_sha512_init (&hs);
149 crypto_hash_sha512_update (&hs, (uint8_t*) sig, 64);
150 crypto_hash_sha512_update (&hs, (uint8_t*) purpose,
151 ntohl (purpose->size));
152 crypto_hash_sha512_final (&hs, hram);
157 unsigned char hram_mod[64];
158 crypto_core_ed25519_scalar_reduce (hram_mod, hram);
164 crypto_core_ed25519_scalar_mul (tmp, hram_mod, sk);
165 crypto_core_ed25519_scalar_add (sig->
s, tmp, r_mod);
167 sodium_memzero (sk,
sizeof (sk));
168 sodium_memzero (r,
sizeof (r));
169 sodium_memzero (r_mod,
sizeof (r_mod));
211 n = gcry_mpi_ec_get_mpi (
"n",
ctx, 1);
218 for (
size_t i = 0; i < 32; i++)
219 dc[i] = priv->
d[31 - i];
221 d = gcry_mpi_new (256);
222 gcry_mpi_mulm (d,
h, x, n);
223 gcry_mpi_release (
h);
224 gcry_mpi_release (x);
225 gcry_mpi_release (n);
226 gcry_ctx_release (
ctx);
230 for (
size_t i = 0; i < 32; i++)
231 ret->d[i] =
dc[31 - i];
232 sodium_memzero (
dc,
sizeof(
dc));
233 gcry_mpi_release (d);
259 q_y = gcry_mpi_set_opaque_copy (NULL,
pub->
q_y, 8 *
sizeof(
pub->
q_y));
262 gcry_mpi_release (q_y);
263 q = gcry_mpi_ec_get_point (
"q",
ctx, 0);
269 n = gcry_mpi_ec_get_mpi (
"n",
ctx, 1);
270 h_mod_n = gcry_mpi_new (256);
271 gcry_mpi_mod (h_mod_n,
h, n);
273 v = gcry_mpi_point_new (0);
274 gcry_mpi_ec_mul (v, h_mod_n,
q,
ctx);
275 gcry_mpi_release (h_mod_n);
276 gcry_mpi_release (
h);
277 gcry_mpi_release (n);
278 gcry_mpi_point_release (
q);
282 gcry_mpi_point_release (v);
283 q_y = gcry_mpi_ec_get_mpi (
"q@eddsa",
ctx, 0);
286 gcry_mpi_release (q_y);
287 gcry_ctx_release (
ctx);
301 unsigned char sk[64];
320 n = gcry_mpi_ec_get_mpi (
"n",
ctx, 1);
329 crypto_hash_sha512 (sk, priv->
d, 32);
339 h_mod_n = gcry_mpi_new (256);
340 gcry_mpi_mod (h_mod_n,
h, n);
342 for (
size_t i = 0; i < 32; i++)
354 a1 = gcry_mpi_new (256);
355 gcry_mpi_t eight = gcry_mpi_set_ui (NULL, 8);
356 gcry_mpi_div (a1, NULL, x, eight, 0);
357 a2 = gcry_mpi_new (256);
358 gcry_mpi_mulm (a2, h_mod_n, a1, n);
359 d = gcry_mpi_new (256);
360 gcry_mpi_mul (d, a2, eight);
361 gcry_mpi_release (
h);
362 gcry_mpi_release (x);
363 gcry_mpi_release (n);
364 gcry_mpi_release (a1);
365 gcry_mpi_release (a2);
366 gcry_ctx_release (
ctx);
374 crypto_hash_sha256_state hs;
375 crypto_hash_sha256_init (&hs);
376 crypto_hash_sha256_update (&hs, sk + 32, 32);
377 crypto_hash_sha256_update (&hs, (
unsigned char*) &hc,
sizeof (hc));
378 crypto_hash_sha256_final (&hs,
result->s + 32);
381 for (
size_t i = 0; i < 32; i++)
384 sodium_memzero (
dc,
sizeof(
dc));
385 gcry_mpi_release (d);
410 q_y = gcry_mpi_set_opaque_copy (NULL,
pub->
q_y, 8 *
sizeof(
pub->
q_y));
413 gcry_mpi_release (q_y);
414 q = gcry_mpi_ec_get_point (
"q",
ctx, 0);
421 n = gcry_mpi_ec_get_mpi (
"n",
ctx, 1);
422 h_mod_n = gcry_mpi_new (256);
423 gcry_mpi_mod (h_mod_n,
h, n);
426 v = gcry_mpi_point_new (0);
427 gcry_mpi_ec_mul (v, h_mod_n,
q,
ctx);
428 gcry_mpi_release (h_mod_n);
429 gcry_mpi_release (
h);
430 gcry_mpi_release (n);
431 gcry_mpi_point_release (
q);
435 gcry_mpi_point_release (v);
436 q_y = gcry_mpi_ec_get_mpi (
"q@eddsa",
ctx, 0);
439 gcry_mpi_release (q_y);
440 gcry_ctx_release (
ctx);
450 unsigned char sk[32];
452 memcpy (sk, priv->
s, 32);
458 crypto_scalarmult_ed25519_base_noclamp (
pkey->q_y,
void derive_h(const void *pub, size_t pubsize, const char *label, const char *context, struct GNUNET_HashCode *hc)
Derive the 'h' value for key derivation, where 'h = H(l,P)'.
static int ret
Return value of the commandline.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
struct GNUNET_HashCode key
The key used in the DHT.
static struct GNUNET_FS_DownloadContext * dc
static pa_context * context
Pulseaudio context.
static char * pkey
Public key of the zone to look in, in ASCII.
static int result
Global testing status.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
void GNUNET_CRYPTO_ecdsa_public_key_derive(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
Derive a public key from a given public key and a label.
void GNUNET_CRYPTO_eddsa_private_key_derive(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPrivateScalar *result)
Derive a private scalar from a given private key and a label.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
void GNUNET_CRYPTO_eddsa_public_key_derive(const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
Derive a public key from a given public key and a label.
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_private_key_derive(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
Derive a private key from a given private key and a label.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_derived(const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey, const char *label, const char *context, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
This is a signature function for EdDSA which takes a private key and derives it using the label and c...
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_derived(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
This is a signature function for ECDSA which takes a private key, derives/blinds it and signs the mes...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
void GNUNET_CRYPTO_eddsa_key_get_public_from_scalar(const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pkey)
Extract the public key of the given private scalar.
GNUNET_GenericReturnValue
Named constants for return values.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_free(ptr)
Wrapper around free.
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Private ECC key encoded for transmission.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
an ECC signature using ECDSA
Private ECC key encoded for transmission.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Private ECC scalar encoded for transmission.
unsigned char s[512/8]
s is the expandedprivate 512-bit scalar of a private key.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
an ECC signature using EdDSA.
unsigned char s[256/8]
S value.
unsigned char r[256/8]
R value.