GNUnet debian-0.24.3-29-g453fda2cf
 
Loading...
Searching...
No Matches
Macros | Functions
crypto_ecc.c File Reference

public key cryptography (ECC) with libgcrypt More...

#include "platform.h"
#include "gnunet_common.h"
#include <gcrypt.h>
#include <sodium.h>
#include "gnunet_util_lib.h"
#include "benchmark.h"
#include "sodium/crypto_scalarmult.h"
#include "sodium/crypto_scalarmult_curve25519.h"
#include "sodium/utils.h"
Include dependency graph for crypto_ecc.c:

Go to the source code of this file.

Macros

#define EXTRA_CHECKS   0
 
#define CURVE   "Ed25519"
 IMPLEMENTATION NOTICE:
 
#define LOG(kind, ...)   GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)
 
#define LOG_STRERROR(kind, syscall)    GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)
 
#define LOG_STRERROR_FILE(kind, syscall, filename)
 
#define LOG_GCRY(level, cmd, rc)
 Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the message given by gcry_strerror(rc).
 

Functions

static int key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
 Extract values from an S-expression.
 
static gcry_sexp_t decode_private_ecdsa_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
 Convert the given private key from the network format to the S-expression that can be used by libgcrypt.
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key.
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key.
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key.
 
char * GNUNET_CRYPTO_ecdsa_public_key_to_string (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Convert a public key to a string.
 
char * GNUNET_CRYPTO_eddsa_public_key_to_string (const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Convert a public key to a string.
 
char * GNUNET_CRYPTO_eddsa_private_key_to_string (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
 Convert a private key to a string.
 
char * GNUNET_CRYPTO_ecdsa_private_key_to_string (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
 Convert a private key to a string.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_public_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Convert a string representing a public key to a public key.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_public_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Convert a string representing a public key to a public key.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_private_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
 Convert a string representing a private key to a private key.
 
static void buffer_clear (void *buf, size_t len)
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key.
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key.
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key.
 
void GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key.
 
void GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Create a new private key.
 
void GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Create a new private key.
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous ()
 Get the shared private key we use for anonymous users.
 
static gcry_sexp_t data_to_ecdsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
 Convert the data specified in the given purpose argument to an S-expression suitable for signature operations.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_raw (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, void *data, size_t size, struct GNUNET_CRYPTO_EddsaSignature *sig)
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_x25519_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *sk, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_CRYPTO_EcdhePublicKey *dh)
 Derive key material from a ECDH public key and a private X25519 key.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_x25519 (const struct GNUNET_CRYPTO_EcdhePrivateKey *sk, const struct GNUNET_CRYPTO_EcdhePublicKey *pk, struct GNUNET_CRYPTO_EcdhePublicKey *dh)
 Derive key material from a EdDSA public key and a private ECDH key.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 HPKE END.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key.
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key.
 

Detailed Description

public key cryptography (ECC) with libgcrypt

Author
Christian Grothoff
Florian Dold

Definition in file crypto_ecc.c.

Macro Definition Documentation

◆ EXTRA_CHECKS

#define EXTRA_CHECKS   0

Definition at line 37 of file crypto_ecc.c.

◆ CURVE

#define CURVE   "Ed25519"

IMPLEMENTATION NOTICE:

ECDSA: We use a non-standard curve for ECDSA: Ed25519. For performance reasons, we use cryptographic operations from libsodium wherever we can get away with it, even though libsodium itself does not support ECDSA. This is why the sign and verify functionality from libgcrypt is required and used.

EdDSA: We use a standard EdDSA construction. (We still use libgcrypt for hashing and RNG, but not EC)

ECDHE: For both EdDSA and ECDSA keys, we use libsodium for ECDHE due to performance benefits over libgcrypt. Name of the curve we are using. Note that we have hard-coded structs that use 256 bits, so using a bigger curve will require changes that break stuff badly. The name of the curve given here must be agreed by all peers and be supported by libgcrypt.

Definition at line 62 of file crypto_ecc.c.

◆ LOG

#define LOG (   kind,
  ... 
)    GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)

Definition at line 64 of file crypto_ecc.c.

◆ LOG_STRERROR

#define LOG_STRERROR (   kind,
  syscall 
)     GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)

Definition at line 66 of file crypto_ecc.c.

79 { \
80 LOG (level, \
81 _ ("`%s' failed at %s:%d with error: %s\n"), \
82 cmd, \
83 __FILE__, \
84 __LINE__, \
85 gcry_strerror (rc)); \
86 } while (0)
87
88
98static int
99key_from_sexp (gcry_mpi_t *array,
100 gcry_sexp_t sexp,
101 const char *topname,
102 const char *elems)
103{
104 gcry_sexp_t list;
105 gcry_sexp_t l2;
106 unsigned int idx;
107
108 list = gcry_sexp_find_token (sexp, topname, 0);
109 if (! list)
110 return 1;
111 l2 = gcry_sexp_cadr (list);
112 gcry_sexp_release (list);
113 list = l2;
114 if (! list)
115 return 2;
116
117 idx = 0;
118 for (const char *s = elems; *s; s++, idx++)
119 {
120 l2 = gcry_sexp_find_token (list, s, 1);
121 if (! l2)
122 {
123 for (unsigned int i = 0; i < idx; i++)
124 {
125 gcry_free (array[i]);
126 array[i] = NULL;
127 }
128 gcry_sexp_release (list);
129 return 3; /* required parameter not found */
130 }
131 array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
132 gcry_sexp_release (l2);
133 if (! array[idx])
134 {
135 for (unsigned int i = 0; i < idx; i++)
136 {
137 gcry_free (array[i]);
138 array[i] = NULL;
139 }
140 gcry_sexp_release (list);
141 return 4; /* required parameter is invalid */
142 }
143 }
144 gcry_sexp_release (list);
145 return 0;
146}
147
148
156static gcry_sexp_t
157decode_private_ecdsa_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
158{
159 gcry_sexp_t result;
160 int rc;
161 uint8_t d[32];
162
163 for (size_t i = 0; i<32; i++)
164 d[i] = priv->d[31 - i];
165
166 rc = gcry_sexp_build (&result,
167 NULL,
168 "(private-key(ecc(curve \"" CURVE "\")"
169 "(d %b)))",
170 32,
171 d);
172 if (0 != rc)
173 {
174 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
175 GNUNET_assert (0);
176 }
177#if EXTRA_CHECKS
178 if (0 != (rc = gcry_pk_testkey (result)))
179 {
180 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
181 GNUNET_assert (0);
182 }
183#endif
184 return result;
185}
186
187
188void
189GNUNET_CRYPTO_ecdsa_key_get_public (
190 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
191 struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
192{
193 BENCHMARK_START (ecdsa_key_get_public);
194 crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
195 BENCHMARK_END (ecdsa_key_get_public);
196}
197
198
199void
200GNUNET_CRYPTO_eddsa_key_get_public (
201 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
202 struct GNUNET_CRYPTO_EddsaPublicKey *pub)
203{
204 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
205 unsigned char sk[crypto_sign_SECRETKEYBYTES];
206
207 BENCHMARK_START (eddsa_key_get_public);
208 GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
209 GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
210 sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
211 BENCHMARK_END (eddsa_key_get_public);
212}
213
214
215void
216GNUNET_CRYPTO_ecdhe_key_get_public (
217 const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
218 struct GNUNET_CRYPTO_EcdhePublicKey *pub)
219{
220 BENCHMARK_START (ecdhe_key_get_public);
221 GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
222 BENCHMARK_END (ecdhe_key_get_public);
223}
224
225
226char *
227GNUNET_CRYPTO_ecdsa_public_key_to_string (
228 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
229{
230 char *pubkeybuf;
231 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
232 char *end;
233
234 if (keylen % 5 > 0)
235 keylen += 5 - keylen % 5;
236 keylen /= 5;
237 pubkeybuf = GNUNET_malloc (keylen + 1);
238 end =
239 GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
240 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
241 pubkeybuf,
242 keylen);
243 if (NULL == end)
244 {
245 GNUNET_free (pubkeybuf);
246 return NULL;
247 }
248 *end = '\0';
249 return pubkeybuf;
250}
251
252
253char *
254GNUNET_CRYPTO_eddsa_public_key_to_string (
255 const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
256{
257 char *pubkeybuf;
258 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
259 char *end;
260
261 if (keylen % 5 > 0)
262 keylen += 5 - keylen % 5;
263 keylen /= 5;
264 pubkeybuf = GNUNET_malloc (keylen + 1);
265 end =
266 GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
267 sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
268 pubkeybuf,
269 keylen);
270 if (NULL == end)
271 {
272 GNUNET_free (pubkeybuf);
273 return NULL;
274 }
275 *end = '\0';
276 return pubkeybuf;
277}
278
279
280char *
281GNUNET_CRYPTO_eddsa_private_key_to_string (
282 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
283{
284 char *privkeybuf;
285 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
286 char *end;
287
288 if (keylen % 5 > 0)
289 keylen += 5 - keylen % 5;
290 keylen /= 5;
291 privkeybuf = GNUNET_malloc (keylen + 1);
292 end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
293 sizeof(
294 struct GNUNET_CRYPTO_EddsaPrivateKey),
295 privkeybuf,
296 keylen);
297 if (NULL == end)
298 {
299 GNUNET_free (privkeybuf);
300 return NULL;
301 }
302 *end = '\0';
303 return privkeybuf;
304}
305
306
307char *
308GNUNET_CRYPTO_ecdsa_private_key_to_string (
309 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
310{
311 char *privkeybuf;
312 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)) * 8;
313 char *end;
314
315 if (keylen % 5 > 0)
316 keylen += 5 - keylen % 5;
317 keylen /= 5;
318 privkeybuf = GNUNET_malloc (keylen + 1);
319 end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
320 sizeof(
321 struct GNUNET_CRYPTO_EcdsaPrivateKey),
322 privkeybuf,
323 keylen);
324 if (NULL == end)
325 {
326 GNUNET_free (privkeybuf);
327 return NULL;
328 }
329 *end = '\0';
330 return privkeybuf;
331}
332
333
334enum GNUNET_GenericReturnValue
335GNUNET_CRYPTO_ecdsa_public_key_from_string (
336 const char *enc,
337 size_t enclen,
338 struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
339{
340 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
341
342 if (keylen % 5 > 0)
343 keylen += 5 - keylen % 5;
344 keylen /= 5;
345 if (enclen != keylen)
346 return GNUNET_SYSERR;
347
348 if (GNUNET_OK !=
349 GNUNET_STRINGS_string_to_data (enc,
350 enclen,
351 pub,
352 sizeof(
353 struct GNUNET_CRYPTO_EcdsaPublicKey)))
354 return GNUNET_SYSERR;
355 return GNUNET_OK;
356}
357
358
359enum GNUNET_GenericReturnValue
360GNUNET_CRYPTO_eddsa_public_key_from_string (
361 const char *enc,
362 size_t enclen,
363 struct GNUNET_CRYPTO_EddsaPublicKey *pub)
364{
365 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
366
367 if (keylen % 5 > 0)
368 keylen += 5 - keylen % 5;
369 keylen /= 5;
370 if (enclen != keylen)
371 return GNUNET_SYSERR;
372
373 if (GNUNET_OK !=
374 GNUNET_STRINGS_string_to_data (enc,
375 enclen,
376 pub,
377 sizeof(
378 struct GNUNET_CRYPTO_EddsaPublicKey)))
379 return GNUNET_SYSERR;
380 return GNUNET_OK;
381}
382
383
384enum GNUNET_GenericReturnValue
385GNUNET_CRYPTO_eddsa_private_key_from_string (
386 const char *enc,
387 size_t enclen,
388 struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
389{
390 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
391
392 if (keylen % 5 > 0)
393 keylen += 5 - keylen % 5;
394 keylen /= 5;
395 if (enclen != keylen)
396 return GNUNET_SYSERR;
397
398 if (GNUNET_OK !=
399 GNUNET_STRINGS_string_to_data (enc,
400 enclen,
401 priv,
402 sizeof(
403 struct GNUNET_CRYPTO_EddsaPrivateKey)))
404 return GNUNET_SYSERR;
405#if CRYPTO_BUG
406 if (GNUNET_OK != check_eddsa_key (priv))
407 {
408 GNUNET_break (0);
409 return GNUNET_OK;
410 }
411#endif
412 return GNUNET_OK;
413}
414
415
416static void
417buffer_clear (void *buf, size_t len)
418{
419#if HAVE_MEMSET_S
420 memset_s (buf, len, 0, len);
421#elif HAVE_EXPLICIT_BZERO
422 explicit_bzero (buf, len);
423#else
424 volatile unsigned char *p = buf;
425 while (len--)
426 *p++ = 0;
427#endif
428}
429
430
431void
432GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
433{
434 buffer_clear (pk, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
435}
436
437
438void
439GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
440{
441 buffer_clear (pk, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
442}
443
444
445void
446GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
447{
448 buffer_clear (pk, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
449}
450
451
452void
453GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
454{
455 BENCHMARK_START (ecdhe_key_create);
456 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
457 pk,
458 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
459 BENCHMARK_END (ecdhe_key_create);
460}
461
462
463void
464GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
465{
466 BENCHMARK_START (ecdsa_key_create);
467 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
468 pk,
469 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
470 pk->d[0] &= 248;
471 pk->d[31] &= 127;
472 pk->d[31] |= 64;
473
474 BENCHMARK_END (ecdsa_key_create);
475}
476
477
478void
479GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
480{
481 BENCHMARK_START (eddsa_key_create);
482 /*
483 * We do not clamp for EdDSA, since all functions that use the private key do
484 * their own clamping (just like in libsodium). What we call "private key"
485 * here, actually corresponds to the seed in libsodium.
486 *
487 * (Contrast this to ECDSA, where functions using the private key can't clamp
488 * due to properties needed for GNS. That is a worse/unsafer API, but
489 * required for the GNS constructions to work.)
490 */
491 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
492 pk,
493 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
494 BENCHMARK_END (eddsa_key_create);
495}
496
497
498const struct GNUNET_CRYPTO_EcdsaPrivateKey *
499GNUNET_CRYPTO_ecdsa_key_get_anonymous ()
500{
505 static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
506 static int once;
507
508 if (once)
509 return &anonymous;
510 GNUNET_CRYPTO_mpi_print_unsigned (anonymous.d,
511 sizeof(anonymous.d),
512 GCRYMPI_CONST_ONE);
513 anonymous.d[0] &= 248;
514 anonymous.d[31] &= 127;
515 anonymous.d[31] |= 64;
516
517 once = 1;
518 return &anonymous;
519}
520
521
529static gcry_sexp_t
530data_to_ecdsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
531{
532 gcry_sexp_t data;
533 int rc;
534 /* Unlike EdDSA, libgcrypt expects a hash for ECDSA. */
535 struct GNUNET_HashCode hc;
536
537 GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
538 if (0 != (rc = gcry_sexp_build (&data,
539 NULL,
540 "(data(flags rfc6979)(hash %s %b))",
541 "sha512",
542 (int) sizeof(hc),
543 &hc)))
544 {
545 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
546 return NULL;
547 }
548 return data;
549}
550
551
552enum GNUNET_GenericReturnValue
553GNUNET_CRYPTO_ecdsa_sign_ (
554 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
555 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
556 struct GNUNET_CRYPTO_EcdsaSignature *sig)
557{
558 gcry_sexp_t priv_sexp;
559 gcry_sexp_t sig_sexp;
560 gcry_sexp_t data;
561 int rc;
562 gcry_mpi_t rs[2];
563
564 BENCHMARK_START (ecdsa_sign);
565
566 priv_sexp = decode_private_ecdsa_key (priv);
567 data = data_to_ecdsa_value (purpose);
568 if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
569 {
570 LOG (GNUNET_ERROR_TYPE_WARNING,
571 _ ("ECC signing failed at %s:%d: %s\n"),
572 __FILE__,
573 __LINE__,
574 gcry_strerror (rc));
575 gcry_sexp_release (data);
576 gcry_sexp_release (priv_sexp);
577 return GNUNET_SYSERR;
578 }
579 gcry_sexp_release (priv_sexp);
580 gcry_sexp_release (data);
581
582 /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
583 'signature' */
584 if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
585 {
586 GNUNET_break (0);
587 gcry_sexp_release (sig_sexp);
588 return GNUNET_SYSERR;
589 }
590 gcry_sexp_release (sig_sexp);
591 GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
592 GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
593 gcry_mpi_release (rs[0]);
594 gcry_mpi_release (rs[1]);
595
596 BENCHMARK_END (ecdsa_sign);
597
598 return GNUNET_OK;
599}
600
601
602enum GNUNET_GenericReturnValue
603GNUNET_CRYPTO_eddsa_sign_raw (
604 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
605 void *data,
606 size_t size,
607 struct GNUNET_CRYPTO_EddsaSignature *sig)
608{
609 unsigned char sk[crypto_sign_SECRETKEYBYTES];
610 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
611 int res;
612
613 GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
614 res = crypto_sign_detached ((uint8_t *) sig,
615 NULL,
616 (uint8_t *) data,
617 size,
618 sk);
619 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
620}
621
622
623enum GNUNET_GenericReturnValue
624GNUNET_CRYPTO_eddsa_sign_ (
625 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
626 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
627 struct GNUNET_CRYPTO_EddsaSignature *sig)
628{
629
630 size_t mlen = ntohl (purpose->size);
631 unsigned char sk[crypto_sign_SECRETKEYBYTES];
632 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
633 int res;
634
635 BENCHMARK_START (eddsa_sign);
636 GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
637 res = crypto_sign_detached ((uint8_t *) sig,
638 NULL,
639 (uint8_t *) purpose,
640 mlen,
641 sk);
642 BENCHMARK_END (eddsa_sign);
643 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
644}
645
646
647enum GNUNET_GenericReturnValue
648GNUNET_CRYPTO_ecdsa_verify_ (
649 uint32_t purpose,
650 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
651 const struct GNUNET_CRYPTO_EcdsaSignature *sig,
652 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
653{
654 gcry_sexp_t data;
655 gcry_sexp_t sig_sexpr;
656 gcry_sexp_t pub_sexpr;
657 int rc;
658
659 BENCHMARK_START (ecdsa_verify);
660
661 if (purpose != ntohl (validate->purpose))
662 return GNUNET_SYSERR; /* purpose mismatch */
663
664 /* build s-expression for signature */
665 if (0 != (rc = gcry_sexp_build (&sig_sexpr,
666 NULL,
667 "(sig-val(ecdsa(r %b)(s %b)))",
668 (int) sizeof(sig->r),
669 sig->r,
670 (int) sizeof(sig->s),
671 sig->s)))
672 {
673 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
674 return GNUNET_SYSERR;
675 }
676 data = data_to_ecdsa_value (validate);
677 if (0 != (rc = gcry_sexp_build (&pub_sexpr,
678 NULL,
679 "(public-key(ecc(curve " CURVE ")(q %b)))",
680 (int) sizeof(pub->q_y),
681 pub->q_y)))
682 {
683 gcry_sexp_release (data);
684 gcry_sexp_release (sig_sexpr);
685 return GNUNET_SYSERR;
686 }
687 rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
688 gcry_sexp_release (pub_sexpr);
689 gcry_sexp_release (data);
690 gcry_sexp_release (sig_sexpr);
691 if (0 != rc)
692 {
693 LOG (GNUNET_ERROR_TYPE_INFO,
694 _ ("ECDSA signature verification failed at %s:%d: %s\n"),
695 __FILE__,
696 __LINE__,
697 gcry_strerror (rc));
698 BENCHMARK_END (ecdsa_verify);
699 return GNUNET_SYSERR;
700 }
701 BENCHMARK_END (ecdsa_verify);
702 return GNUNET_OK;
703}
704
705
706enum GNUNET_GenericReturnValue
707GNUNET_CRYPTO_eddsa_verify_ (
708 uint32_t purpose,
709 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
710 const struct GNUNET_CRYPTO_EddsaSignature *sig,
711 const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
712{
713 const unsigned char *m = (const void *) validate;
714 size_t mlen = ntohl (validate->size);
715 const unsigned char *s = (const void *) sig;
716
717 int res;
718
719 if (purpose != ntohl (validate->purpose))
720 return GNUNET_SYSERR; /* purpose mismatch */
721
722 BENCHMARK_START (eddsa_verify);
723
724 res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
725 BENCHMARK_END (eddsa_verify);
726 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
727}
728
729
730enum GNUNET_GenericReturnValue
731GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
732 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
733 struct GNUNET_HashCode *key_material)
734{
735 uint8_t p[crypto_scalarmult_BYTES];
736 if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
737 return GNUNET_SYSERR;
738 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
739 return GNUNET_OK;
740}
741
742
743enum GNUNET_GenericReturnValue
744GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
745 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
746 struct GNUNET_HashCode *key_material)
747{
748 struct GNUNET_HashCode hc;
749 uint8_t a[crypto_scalarmult_SCALARBYTES];
750 uint8_t p[crypto_scalarmult_BYTES];
751
752 GNUNET_CRYPTO_hash (priv,
753 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
754 &hc);
755 memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
756 if (0 != crypto_scalarmult (p, a, pub->q_y))
757 return GNUNET_SYSERR;
758 GNUNET_CRYPTO_hash (p,
759 crypto_scalarmult_BYTES,
760 key_material);
761 return GNUNET_OK;
762}
763
764
765enum GNUNET_GenericReturnValue
766GNUNET_CRYPTO_x25519_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *sk,
767 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
768 struct GNUNET_CRYPTO_EcdhePublicKey *dh)
769{
770 uint64_t checkbyte = 0;
771 size_t num_words = sizeof *dh / sizeof (uint64_t);
772 if (0 != crypto_scalarmult_curve25519 (dh->q_y, sk->d, pub->q_y))
773 return GNUNET_SYSERR;
774 // We need to check if this is the all-zero value
775 for (int i = 0; i < num_words; i++)
776 checkbyte |= ((uint64_t*)dh)[i];
777 return (0 == checkbyte) ? GNUNET_SYSERR : GNUNET_OK;
778}
779
780
781enum GNUNET_GenericReturnValue
782GNUNET_CRYPTO_ecdh_x25519 (const struct GNUNET_CRYPTO_EcdhePrivateKey *sk,
783 const struct GNUNET_CRYPTO_EcdhePublicKey *pk,
784 struct GNUNET_CRYPTO_EcdhePublicKey *dh)
785{
786 uint64_t checkbyte = 0;
787 size_t num_words = sizeof *dh / sizeof (uint64_t);
788 if (0 != crypto_scalarmult_curve25519 (dh->q_y, sk->d, pk->q_y))
789 return GNUNET_SYSERR;
790 // We need to check if this is the all-zero value
791 for (int i = 0; i < num_words; i++)
792 checkbyte |= ((uint64_t*)dh)[i];
793 if (0 == checkbyte)
794 {
795 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
796 "HPKE ECDH: X25519 all zero value!\n");
797 return GNUNET_SYSERR;
798 }
799 return GNUNET_OK;
800}
801
802
803enum GNUNET_GenericReturnValue
804GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
805 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
806 struct GNUNET_HashCode *key_material)
807{
808 uint8_t p[crypto_scalarmult_BYTES];
809
810 BENCHMARK_START (ecdsa_ecdh);
811 if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
812 return GNUNET_SYSERR;
813 GNUNET_CRYPTO_hash (p,
814 crypto_scalarmult_BYTES,
815 key_material);
816 BENCHMARK_END (ecdsa_ecdh);
817 return GNUNET_OK;
818}
819
820
821enum GNUNET_GenericReturnValue
822GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
823 const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
824 struct GNUNET_HashCode *key_material)
825{
826 uint8_t p[crypto_scalarmult_BYTES];
827 uint8_t curve25510_pk[crypto_scalarmult_BYTES];
828
829 if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
830 return GNUNET_SYSERR;
831 if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
832 return GNUNET_SYSERR;
833 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
834 return GNUNET_OK;
835}
836
837
838
839enum GNUNET_GenericReturnValue
840GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
841 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
842 struct GNUNET_HashCode *key_material)
843{
844 uint8_t p[crypto_scalarmult_BYTES];
845 uint8_t curve25510_pk[crypto_scalarmult_BYTES];
846
847 if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
848 return GNUNET_SYSERR;
849 if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
850 return GNUNET_SYSERR;
851 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
852 return GNUNET_OK;
853}
854
855
856/* end of crypto_ecc.c */
BENCHMARK_START
#define BENCHMARK_START(opname)
Definition benchmark.h:57
BENCHMARK_END
#define BENCHMARK_END(opname)
Definition benchmark.h:58
key_from_sexp
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition crypto_ecc.c:100
data_to_ecdsa_value
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition crypto_ecc.c:531
CURVE
#define CURVE
IMPLEMENTATION NOTICE:
Definition crypto_ecc.c:62
buffer_clear
static void buffer_clear(void *buf, size_t len)
Definition crypto_ecc.c:418
LOG_GCRY
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the mess...
Definition crypto_ecc.c:78
LOG
#define LOG(kind,...)
Definition crypto_ecc.c:64
decode_private_ecdsa_key
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition crypto_ecc.c:158
d
static mp_limb_t d[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:193
m
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition gnunet-arm.c:103
list
static int list
Set if we should print a list of currently running services.
Definition gnunet-arm.c:68
end
static int end
Set if we are to shutdown all services (including ARM).
Definition gnunet-arm.c:33
data
static char * data
The data to insert into the dht.
Definition gnunet-dht-put.c:88
enc
static OpusEncoder * enc
OPUS encoder.
Definition gnunet-helper-audio-record.c:206
pk
struct GNUNET_CRYPTO_PrivateKey pk
Private key from command line option, or NULL.
Definition gnunet-identity.c:126
res
static char * res
Currently read line or NULL on EOF.
Definition gnunet-namestore-zonefile.c:76
once
static int once
Option -i.
Definition gnunet-pils.c:39
result
static int result
Global testing status.
Definition gnunet-regex-profiler.c:240
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition gnunet-scrypt.c:47
p
static struct GNUNET_OS_Process * p
Helper process we started.
Definition gnunet-uri.c:38
GNUNET_CRYPTO_ecc_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition crypto_ecc.c:732
GNUNET_CRYPTO_ecdhe_key_create
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition crypto_ecc.c:454
GNUNET_CRYPTO_x25519_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_x25519_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *sk, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_CRYPTO_EcdhePublicKey *dh)
Derive key material from a ECDH public key and a private X25519 key.
Definition crypto_ecc.c:767
GNUNET_CRYPTO_random_block
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Definition crypto_random.c:133
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition crypto_ecc.c:201
GNUNET_CRYPTO_ecdsa_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
HPKE END.
Definition crypto_ecc.c:805
GNUNET_CRYPTO_eddsa_key_clear
void GNUNET_CRYPTO_eddsa_key_clear(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition crypto_ecc.c:447
GNUNET_CRYPTO_ecdsa_sign_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition crypto_ecc.c:554
GNUNET_CRYPTO_eddsa_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private EdDSA key.
Definition crypto_ecc.c:745
GNUNET_CRYPTO_ecdh_ecdsa
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EcDSA public key and a private ECDH key.
Definition crypto_ecc.c:841
GNUNET_CRYPTO_eddsa_key_create
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition crypto_ecc.c:480
GNUNET_CRYPTO_ecdh_eddsa
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition crypto_ecc.c:823
GNUNET_CRYPTO_ecdsa_key_create
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition crypto_ecc.c:465
GNUNET_CRYPTO_eddsa_sign_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition crypto_ecc.c:625
GNUNET_CRYPTO_ecdsa_key_clear
void GNUNET_CRYPTO_ecdsa_key_clear(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition crypto_ecc.c:440
GNUNET_CRYPTO_ecdsa_verify_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Verify ECDSA signature.
Definition crypto_ecc.c:649
GNUNET_CRYPTO_ecdsa_key_get_anonymous
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_get_anonymous()
Get the shared private key we use for anonymous users.
Definition crypto_ecc.c:500
GNUNET_CRYPTO_ecdsa_key_get_public
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition crypto_ecc.c:190
GNUNET_CRYPTO_eddsa_verify_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition crypto_ecc.c:708
GNUNET_CRYPTO_ecdh_x25519
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_x25519(const struct GNUNET_CRYPTO_EcdhePrivateKey *sk, const struct GNUNET_CRYPTO_EcdhePublicKey *pk, struct GNUNET_CRYPTO_EcdhePublicKey *dh)
Derive key material from a EdDSA public key and a private ECDH key.
Definition crypto_ecc.c:783
GNUNET_CRYPTO_ecdhe_key_clear
void GNUNET_CRYPTO_ecdhe_key_clear(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Clear memory that was used to store a private key.
Definition crypto_ecc.c:433
GNUNET_CRYPTO_ecdhe_key_get_public
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition crypto_ecc.c:217
GNUNET_CRYPTO_QUALITY_NONCE
@ GNUNET_CRYPTO_QUALITY_NONCE
Randomness for IVs etc.
Definition gnunet_crypto_lib.h:103
GNUNET_CRYPTO_hash
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition crypto_hash.c:41
GNUNET_CRYPTO_eddsa_private_key_to_string
char * GNUNET_CRYPTO_eddsa_private_key_to_string(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a private key to a string.
Definition crypto_ecc.c:282
GNUNET_CRYPTO_eddsa_sign_raw
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_raw(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, void *data, size_t size, struct GNUNET_CRYPTO_EddsaSignature *sig)
Definition crypto_ecc.c:604
GNUNET_log
#define GNUNET_log(kind,...)
Definition gnunet_common.h:548
GNUNET_CRYPTO_ecdsa_public_key_from_string
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition crypto_ecc.c:336
GNUNET_CRYPTO_eddsa_public_key_to_string
char * GNUNET_CRYPTO_eddsa_public_key_to_string(const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a public key to a string.
Definition crypto_ecc.c:255
GNUNET_CRYPTO_eddsa_public_key_from_string
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition crypto_ecc.c:361
GNUNET_CRYPTO_mpi_print_unsigned
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition crypto_mpi.c:79
GNUNET_CRYPTO_ecdsa_public_key_to_string
char * GNUNET_CRYPTO_ecdsa_public_key_to_string(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a public key to a string.
Definition crypto_ecc.c:228
GNUNET_memcpy
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
Definition gnunet_common.h:1317
GNUNET_CRYPTO_eddsa_private_key_from_string
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_private_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a string representing a private key to a private key.
Definition crypto_ecc.c:386
GNUNET_CRYPTO_ecdsa_private_key_to_string
char * GNUNET_CRYPTO_ecdsa_private_key_to_string(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert a private key to a string.
Definition crypto_ecc.c:309
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition gnunet_common.h:108
GNUNET_OK
@ GNUNET_OK
Definition gnunet_common.h:111
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition gnunet_common.h:109
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition gnunet_common.h:957
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition gnunet_common.h:1042
GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_WARNING
Definition gnunet_common.h:415
GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_ERROR
Definition gnunet_common.h:414
GNUNET_ERROR_TYPE_INFO
@ GNUNET_ERROR_TYPE_INFO
Definition gnunet_common.h:420
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition gnunet_common.h:1352
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition gnunet_common.h:1412
GNUNET_STRINGS_data_to_string
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
Definition strings.c:752
GNUNET_STRINGS_string_to_data
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition strings.c:832
size
static unsigned int size
Size of the "table".
Definition peer.c:68
_
#define _(String)
GNU gettext support macro.
Definition platform.h:179
GNUNET_CRYPTO_EccSignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition gnunet_crypto_lib.h:141
GNUNET_CRYPTO_EccSignaturePurpose::size
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...
Definition gnunet_crypto_lib.h:147
GNUNET_CRYPTO_EccSignaturePurpose::purpose
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Definition gnunet_crypto_lib.h:155
GNUNET_CRYPTO_EcdhePrivateKey
Private ECC key encoded for transmission.
Definition gnunet_crypto_lib.h:254
GNUNET_CRYPTO_EcdhePrivateKey::d
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Definition gnunet_crypto_lib.h:258
GNUNET_CRYPTO_EcdhePublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Definition gnunet_crypto_lib.h:240
GNUNET_CRYPTO_EcdhePublicKey::q_y
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
Definition gnunet_crypto_lib.h:245
GNUNET_CRYPTO_EcdsaPrivateKey
Private ECC key encoded for transmission.
Definition gnunet_crypto_lib.h:266
GNUNET_CRYPTO_EcdsaPrivateKey::d
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Definition gnunet_crypto_lib.h:270
GNUNET_CRYPTO_EcdsaPublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
Definition gnunet_crypto_lib.h:216
GNUNET_CRYPTO_EcdsaSignature
an ECC signature using ECDSA
Definition gnunet_crypto_lib.h:181
GNUNET_CRYPTO_EcdsaSignature::s
unsigned char s[256/8]
S value.
Definition gnunet_crypto_lib.h:190
GNUNET_CRYPTO_EcdsaSignature::r
unsigned char r[256/8]
R value.
Definition gnunet_crypto_lib.h:185
GNUNET_CRYPTO_EddsaPrivateKey
Private ECC key encoded for transmission.
Definition gnunet_crypto_lib.h:278
GNUNET_CRYPTO_EddsaPrivateKey::d
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Definition gnunet_crypto_lib.h:282
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition gnunet_crypto_lib.h:201
GNUNET_CRYPTO_EddsaPublicKey::q_y
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Definition gnunet_crypto_lib.h:207
GNUNET_CRYPTO_EddsaSignature
an ECC signature using EdDSA.
Definition gnunet_crypto_lib.h:164
GNUNET_HashCode
A 512-bit hashcode.
Definition gnunet_common.h:284

◆ LOG_STRERROR_FILE

#define LOG_STRERROR_FILE (   kind,
  syscall,
  filename 
)
Value:
GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, \
filename)
filename
static char * filename
Definition gnunet-download.c:52
GNUNET_log_from_strerror_file
#define GNUNET_log_from_strerror_file(level, component, cmd, filename)
Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the mess...
Definition gnunet_common.h:1143

Definition at line 69 of file crypto_ecc.c.

◆ LOG_GCRY

#define LOG_GCRY (   level,
  cmd,
  rc 
)
Value:
do \
{ \
LOG (level, \
_ ("`%s' failed at %s:%d with error: %s\n"), \
cmd, \
__FILE__, \
__LINE__, \
gcry_strerror (rc)); \
} while (0)

Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the message given by gcry_strerror(rc).

Definition at line 78 of file crypto_ecc.c.

80 { \
81 LOG (level, \
82 _ ("`%s' failed at %s:%d with error: %s\n"), \
83 cmd, \
84 __FILE__, \
85 __LINE__, \
86 gcry_strerror (rc)); \
87 } while (0)

Function Documentation

◆ key_from_sexp()

static int key_from_sexp ( gcry_mpi_t *  array,
gcry_sexp_t  sexp,
const char *  topname,
const char *  elems 
)
static

Extract values from an S-expression.

Parameters
arraywhere to store the result(s)
sexpS-expression to parse
topnametop-level name in the S-expression that is of interest
elemsnames of the elements to extract
Returns
0 on success

Definition at line 100 of file crypto_ecc.c.

104{
105 gcry_sexp_t list;
106 gcry_sexp_t l2;
107 unsigned int idx;
108
109 list = gcry_sexp_find_token (sexp, topname, 0);
110 if (! list)
111 return 1;
112 l2 = gcry_sexp_cadr (list);
113 gcry_sexp_release (list);
114 list = l2;
115 if (! list)
116 return 2;
117
118 idx = 0;
119 for (const char *s = elems; *s; s++, idx++)
120 {
121 l2 = gcry_sexp_find_token (list, s, 1);
122 if (! l2)
123 {
124 for (unsigned int i = 0; i < idx; i++)
125 {
126 gcry_free (array[i]);
127 array[i] = NULL;
128 }
129 gcry_sexp_release (list);
130 return 3; /* required parameter not found */
131 }
132 array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
133 gcry_sexp_release (l2);
134 if (! array[idx])
135 {
136 for (unsigned int i = 0; i < idx; i++)
137 {
138 gcry_free (array[i]);
139 array[i] = NULL;
140 }
141 gcry_sexp_release (list);
142 return 4; /* required parameter is invalid */
143 }
144 }
145 gcry_sexp_release (list);
146 return 0;
147}

References list.

Referenced by GNUNET_CRYPTO_ecdsa_sign_().

Here is the caller graph for this function:

◆ decode_private_ecdsa_key()

static gcry_sexp_t decode_private_ecdsa_key ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv)
static

Convert the given private key from the network format to the S-expression that can be used by libgcrypt.

Parameters
privprivate key to decode
Returns
NULL on error

Definition at line 158 of file crypto_ecc.c.

159{
160 gcry_sexp_t result;
161 int rc;
162 uint8_t d[32];
163
164 for (size_t i = 0; i<32; i++)
165 d[i] = priv->d[31 - i];
166
167 rc = gcry_sexp_build (&result,
168 NULL,
169 "(private-key(ecc(curve \"" CURVE "\")"
170 "(d %b)))",
171 32,
172 d);
173 if (0 != rc)
174 {
175 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
176 GNUNET_assert (0);
177 }
178#if EXTRA_CHECKS
179 if (0 != (rc = gcry_pk_testkey (result)))
180 {
181 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
182 GNUNET_assert (0);
183 }
184#endif
185 return result;
186}

References CURVE, d, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, LOG_GCRY, and result.

Referenced by GNUNET_CRYPTO_ecdsa_sign_().

Here is the caller graph for this function:

◆ buffer_clear()

static void buffer_clear ( void *  buf,
size_t  len 
)
static

Definition at line 418 of file crypto_ecc.c.

419{
420#if HAVE_MEMSET_S
421 memset_s (buf, len, 0, len);
422#elif HAVE_EXPLICIT_BZERO
423 explicit_bzero (buf, len);
424#else
425 volatile unsigned char *p = buf;
426 while (len--)
427 *p++ = 0;
428#endif
429}

References p.

Referenced by GNUNET_CRYPTO_ecdhe_key_clear(), GNUNET_CRYPTO_ecdsa_key_clear(), and GNUNET_CRYPTO_eddsa_key_clear().

Here is the caller graph for this function:

◆ data_to_ecdsa_value()

static gcry_sexp_t data_to_ecdsa_value ( const struct GNUNET_CRYPTO_EccSignaturePurpose purpose)
static

Convert the data specified in the given purpose argument to an S-expression suitable for signature operations.

Parameters
purposedata to convert
Returns
converted s-expression

Definition at line 531 of file crypto_ecc.c.

532{
533 gcry_sexp_t data;
534 int rc;
535 /* Unlike EdDSA, libgcrypt expects a hash for ECDSA. */
536 struct GNUNET_HashCode hc;
537
538 GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
539 if (0 != (rc = gcry_sexp_build (&data,
540 NULL,
541 "(data(flags rfc6979)(hash %s %b))",
542 "sha512",
543 (int) sizeof(hc),
544 &hc)))
545 {
546 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
547 return NULL;
548 }
549 return data;
550}

References data, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, LOG_GCRY, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by GNUNET_CRYPTO_ecdsa_sign_(), and GNUNET_CRYPTO_ecdsa_verify_().

Here is the call graph for this function:
Here is the caller graph for this function: