public key cryptography (ECC) with libgcrypt More...

#include "platform.h"
#include <gcrypt.h>
#include "gnunet_crypto_lib.h"
#include "gnunet_strings_lib.h"
#include "benchmark.h"

Include dependency graph for crypto_ecc.c:

Macros
#define	EXTRA_CHECKS 0

#define	CURVE "Ed25519"
	Name of the curve we are using. More...

#define	LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)

#define	LOG_STRERROR(kind, syscall) GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)

#define	LOG_STRERROR_FILE(kind, syscall, filename) GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, filename)

#define	LOG_GCRY(level, cmd, rc)
	Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the message given by gcry_strerror(rc). More...

Functions
static int	key_from_sexp (gcry_mpi_t array, gcry_sexp_t sexp, const char topname, const char *elems)
	Extract values from an S-expression. More...

static gcry_sexp_t	decode_private_ecdsa_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
	Convert the given private key from the network format to the S-expression that can be used by libgcrypt. More...

static gcry_sexp_t	decode_private_eddsa_key (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
	Convert the given private key from the network format to the S-expression that can be used by libgcrypt. More...

static gcry_sexp_t	decode_private_ecdhe_key (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv)
	Convert the given private key from the network format to the S-expression that can be used by libgcrypt. More...

void	GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey priv, struct GNUNET_CRYPTO_EcdsaPublicKey pub)
	Extract the public key for the given private key. More...

void	GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey priv, struct GNUNET_CRYPTO_EddsaPublicKey pub)
	Extract the public key for the given private key. More...

void	GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey priv, struct GNUNET_CRYPTO_EcdhePublicKey pub)
	Extract the public key for the given private key. More...

char *	GNUNET_CRYPTO_ecdsa_public_key_to_string (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
	Convert a public key to a string. More...

char *	GNUNET_CRYPTO_eddsa_public_key_to_string (const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
	Convert a public key to a string. More...

char *	GNUNET_CRYPTO_eddsa_private_key_to_string (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
	Convert a private key to a string. More...

char *	GNUNET_CRYPTO_ecdsa_private_key_to_string (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
	Convert a private key to a string. More...

int	GNUNET_CRYPTO_ecdsa_public_key_from_string (const char enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey pub)
	Convert a string representing a public key to a public key. More...

int	GNUNET_CRYPTO_eddsa_public_key_from_string (const char enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey pub)
	Convert a string representing a public key to a public key. More...

int	GNUNET_CRYPTO_eddsa_private_key_from_string (const char enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey priv)
	Convert a string representing a private key to a private key. More...

void	GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
	Clear memory that was used to store a private key. More...

void	GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
	Clear memory that was used to store a private key. More...

void	GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
	Clear memory that was used to store a private key. More...

struct GNUNET_CRYPTO_EcdhePrivateKey *	GNUNET_CRYPTO_ecdhe_key_create ()
	Create a new private key. More...

int	GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
	Create a new private key. More...

struct GNUNET_CRYPTO_EcdsaPrivateKey *	GNUNET_CRYPTO_ecdsa_key_create ()
	Create a new private key. More...

struct GNUNET_CRYPTO_EddsaPrivateKey *	GNUNET_CRYPTO_eddsa_key_create ()
	Create a new private key. More...

const struct GNUNET_CRYPTO_EcdsaPrivateKey *	GNUNET_CRYPTO_ecdsa_key_get_anonymous ()
	Get the shared private key we use for anonymous users. More...

static gcry_sexp_t	data_to_eddsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
	Convert the data specified in the given purpose argument to an S-expression suitable for signature operations. More...

static gcry_sexp_t	data_to_ecdsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
	Convert the data specified in the given purpose argument to an S-expression suitable for signature operations. More...

int	GNUNET_CRYPTO_ecdsa_sign (const struct GNUNET_CRYPTO_EcdsaPrivateKey priv, const struct GNUNET_CRYPTO_EccSignaturePurpose purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
	Sign a given block. More...

int	GNUNET_CRYPTO_eddsa_sign (const struct GNUNET_CRYPTO_EddsaPrivateKey priv, const struct GNUNET_CRYPTO_EccSignaturePurpose purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
	Sign a given block. More...

int	GNUNET_CRYPTO_ecdsa_verify (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose validate, const struct GNUNET_CRYPTO_EcdsaSignature sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
	Verify signature. More...

int	GNUNET_CRYPTO_eddsa_verify (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose validate, const struct GNUNET_CRYPTO_EddsaSignature sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
	Verify signature. More...

int	GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey priv, const struct GNUNET_CRYPTO_EcdhePublicKey pub, struct GNUNET_HashCode *key_material)
	Derive key material from a public and a private ECDHE key. More...

static gcry_mpi_t	derive_h (const struct GNUNET_CRYPTO_EcdsaPublicKey pub, const char label, const char *context)
	Derive the 'h' value for key derivation, where 'h = H(l,P)'. More...

struct GNUNET_CRYPTO_EcdsaPrivateKey *	GNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey priv, const char label, const char *context)
	Derive a private key from a given private key and a label. More...

void	GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey pub, const char label, const char context, struct GNUNET_CRYPTO_EcdsaPublicKey result)
	Derive a public key from a given public key and a label. More...

static void	reverse_buffer (unsigned char *buffer, size_t length)
	Reverse the sequence of the bytes in buffer. More...

static gcry_mpi_t	eddsa_d_to_a (gcry_mpi_t d)
	Convert the secret d of an EdDSA key to the value that is actually used in the EdDSA computation. More...

static int	point_to_hash (gcry_mpi_point_t result, gcry_ctx_t ctx, struct GNUNET_HashCode *key_material)
	Take point from ECDH and convert it to key material. More...

int	GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey priv, const struct GNUNET_CRYPTO_EcdhePublicKey pub, struct GNUNET_HashCode *key_material)
	Derive key material from a ECDH public key and a private EdDSA key. More...

int	GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey priv, const struct GNUNET_CRYPTO_EcdhePublicKey pub, struct GNUNET_HashCode *key_material)
	Derive key material from a ECDH public key and a private ECDSA key. More...

int	GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey priv, const struct GNUNET_CRYPTO_EddsaPublicKey pub, struct GNUNET_HashCode *key_material)
	Derive key material from a EdDSA public key and a private ECDH key. More...

int	GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey priv, const struct GNUNET_CRYPTO_EcdsaPublicKey pub, struct GNUNET_HashCode *key_material)
	Derive key material from a EcDSA public key and a private ECDH key. More...

Detailed Description

public key cryptography (ECC) with libgcrypt

Author: Christian Grothoff

Definition in file crypto_ecc.c.

Macro Definition Documentation

◆ EXTRA_CHECKS

#define EXTRA_CHECKS 0

Definition at line 32 of file crypto_ecc.c.

◆ CURVE

#define CURVE "Ed25519"

Name of the curve we are using.

Note that we have hard-coded structs that use 256 bits, so using a bigger curve will require changes that break stuff badly. The name of the curve given here must be agreed by all peers and be supported by libgcrypt.

Definition at line 40 of file crypto_ecc.c.

Referenced by decode_private_ecdhe_key(), decode_private_ecdsa_key(), decode_private_eddsa_key(), GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_ecdhe_key_create2(), GNUNET_CRYPTO_ecdsa_ecdh(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_CRYPTO_ecdsa_public_key_derive(), GNUNET_CRYPTO_ecdsa_verify(), GNUNET_CRYPTO_eddsa_ecdh(), GNUNET_CRYPTO_eddsa_key_create(), and GNUNET_CRYPTO_eddsa_verify().

◆ LOG

#define LOG	(	kind,
		...
	)	GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)

Definition at line 42 of file crypto_ecc.c.

Referenced by GNUNET_CRYPTO_ecdsa_sign(), GNUNET_CRYPTO_ecdsa_verify(), GNUNET_CRYPTO_eddsa_sign(), and GNUNET_CRYPTO_eddsa_verify().

◆ LOG_STRERROR

#define LOG_STRERROR	(	kind,
		syscall
	)	GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)

Definition at line 44 of file crypto_ecc.c.

◆ LOG_STRERROR_FILE

#define LOG_STRERROR_FILE	(	kind,
		syscall,
		filename
	)	GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, filename)

Definition at line 47 of file crypto_ecc.c.

◆ LOG_GCRY

#define LOG_GCRY	(	level,
		cmd,
		rc
	)

Value:

do                                                  \
  {                                                   \
    LOG (level,                                       \
         _ ("`%s' failed at %s:%d with error: %s\n"), \
         cmd,                                         \
         __FILE__,                                    \
         __LINE__,                                    \
         gcry_strerror (rc));                         \
  } while (0)

Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the message given by gcry_strerror(rc).

Definition at line 55 of file crypto_ecc.c.

Referenced by data_to_ecdsa_value(), data_to_eddsa_value(), decode_private_ecdhe_key(), decode_private_ecdsa_key(), decode_private_eddsa_key(), GNUNET_CRYPTO_ecc_ecdh(), GNUNET_CRYPTO_ecdhe_key_create2(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_ecdsa_verify(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_eddsa_verify(), and point_to_hash().

Function Documentation

◆ key_from_sexp()

static int key_from_sexp	(	gcry_mpi_t *	array,
		gcry_sexp_t	sexp,
		const char *	topname,
		const char *	elems
	)

static

Extract values from an S-expression.

Parameters

array	where to store the result(s)
sexp	S-expression to parse
topname	top-level name in the S-expression that is of interest
elems	names of the elements to extract

Returns: 0 on success

Definition at line 77 of file crypto_ecc.c.

References list.

Referenced by GNUNET_CRYPTO_ecdhe_key_create2(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_ecdsa_sign(), GNUNET_CRYPTO_eddsa_key_create(), and GNUNET_CRYPTO_eddsa_sign().

 {
   gcry_sexp_t list;
   gcry_sexp_t l2;
   const char *s;
   unsigned int i;
   unsigned int idx;
 
   list = gcry_sexp_find_token (sexp, topname, 0);
   if (! list)
     return 1;
   l2 = gcry_sexp_cadr (list);
   gcry_sexp_release (list);
   list = l2;
   if (! list)
     return 2;
 
   idx = 0;
   for (s = elems; *s; s++, idx++)
   {
     l2 = gcry_sexp_find_token (list, s, 1);
     if (! l2)
     {
       for (i = 0; i < idx; i++)
       {
         gcry_free (array[i]);
         array[i] = NULL;
       }
       gcry_sexp_release (list);
       return 3; /* required parameter not found */
     }
     array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
     gcry_sexp_release (l2);
     if (! array[idx])
     {
       for (i = 0; i < idx; i++)
       {
         gcry_free (array[i]);
         array[i] = NULL;
       }
       gcry_sexp_release (list);
       return 4; /* required parameter is invalid */
     }
   }
   gcry_sexp_release (list);
   return 0;
 }

Here is the caller graph for this function:

◆ decode_private_ecdsa_key()

static gcry_sexp_t decode_private_ecdsa_key ( const struct GNUNET_CRYPTO_EcdsaPrivateKey * priv )

static

Convert the given private key from the network format to the S-expression that can be used by libgcrypt.

Parameters

priv	private key to decode

Returns: NULL on error

Definition at line 137 of file crypto_ecc.c.

References CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, LOG_GCRY, and result.

Referenced by GNUNET_CRYPTO_ecdsa_key_get_public(), and GNUNET_CRYPTO_ecdsa_sign().

 {
   gcry_sexp_t result;
   int rc;
 
   rc = gcry_sexp_build (&result,
                         NULL,
                         "(private-key(ecc(curve \"" CURVE "\")"
                         "(d %b)))",
                         (int) sizeof (priv->d),
                         priv->d);
   if (0 != rc)
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
     GNUNET_assert (0);
   }
 #if EXTRA_CHECKS
   if (0 != (rc = gcry_pk_testkey (result)))
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
     GNUNET_assert (0);
   }
 #endif
   return result;
 }

Here is the caller graph for this function:

◆ decode_private_eddsa_key()

static gcry_sexp_t decode_private_eddsa_key ( const struct GNUNET_CRYPTO_EddsaPrivateKey * priv )

static

Convert the given private key from the network format to the S-expression that can be used by libgcrypt.

Parameters

priv	private key to decode

Returns: NULL on error

Definition at line 172 of file crypto_ecc.c.

References CURVE, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, LOG_GCRY, and result.

Referenced by GNUNET_CRYPTO_eddsa_key_get_public(), and GNUNET_CRYPTO_eddsa_sign().

 {
   gcry_sexp_t result;
   int rc;
 
   rc = gcry_sexp_build (&result,
                         NULL,
                         "(private-key(ecc(curve \"" CURVE "\")"
                         "(flags eddsa)(d %b)))",
                         (int) sizeof (priv->d),
                         priv->d);
   if (0 != rc)
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
     GNUNET_assert (0);
   }
 #if EXTRA_CHECKS
   if (0 != (rc = gcry_pk_testkey (result)))
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
     GNUNET_assert (0);
   }
 #endif
   return result;
 }

Here is the caller graph for this function:

◆ decode_private_ecdhe_key()

static gcry_sexp_t decode_private_ecdhe_key ( const struct GNUNET_CRYPTO_EcdhePrivateKey * priv )

static

Convert the given private key from the network format to the S-expression that can be used by libgcrypt.

Parameters

priv	private key to decode

Returns: NULL on error

Definition at line 207 of file crypto_ecc.c.

References CURVE, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, LOG_GCRY, and result.

Referenced by GNUNET_CRYPTO_ecdhe_key_get_public().

 {
   gcry_sexp_t result;
   int rc;
 
   rc = gcry_sexp_build (&result,
                         NULL,
                         "(private-key(ecc(curve \"" CURVE "\")"
                         "(d %b)))",
                         (int) sizeof (priv->d),
                         priv->d);
   if (0 != rc)
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
     GNUNET_assert (0);
   }
 #if EXTRA_CHECKS
   if (0 != (rc = gcry_pk_testkey (result)))
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
     GNUNET_assert (0);
   }
 #endif
   return result;
 }

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_to_string()

char* GNUNET_CRYPTO_ecdsa_public_key_to_string ( const struct GNUNET_CRYPTO_EcdsaPublicKey * pub )

Convert a public key to a string.

Parameters

pub	key to convert

Returns: string representing pub

Definition at line 334 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by attribute_delegation_to_json(), create_finished(), credential_to_json(), credential_value_to_string(), ego_get_for_subsystem(), get_ego(), gns_value_to_string(), GNUNET_CREDENTIAL_credential_to_string(), GNUNET_GNSRECORD_pkey_to_zkey(), handle_collect_response(), handle_verify_response(), handle_verify_result(), id_connect_cb(), init_egos(), list_ego(), print_ego(), and send_cred_response().

 {
   char *pubkeybuf;
   size_t keylen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
   char *end;
 
   if (keylen % 5 > 0)
     keylen += 5 - keylen % 5;
   keylen /= 5;
   pubkeybuf = GNUNET_malloc (keylen + 1);
   end =
     GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
                                    sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
                                    pubkeybuf,
                                    keylen);
   if (NULL == end)
   {
     GNUNET_free (pubkeybuf);
     return NULL;
   }
   *end = '\0';
   return pubkeybuf;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_public_key_to_string()

char* GNUNET_CRYPTO_eddsa_public_key_to_string ( const struct GNUNET_CRYPTO_EddsaPublicKey * pub )

Convert a public key to a string.

Parameters

pub	key to convert

Returns: string representing pub

Definition at line 367 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by conversation_value_to_string(), create_keys(), GCP_2s(), GNUNET_FRIENDS_write(), GNUNET_HELLO_compose_uri(), GNUNET_i2s(), GNUNET_i2s2(), GNUNET_i2s_full(), main(), print_key(), run(), and uri_loc_to_string().

 {
   char *pubkeybuf;
   size_t keylen = (sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
   char *end;
 
   if (keylen % 5 > 0)
     keylen += 5 - keylen % 5;
   keylen /= 5;
   pubkeybuf = GNUNET_malloc (keylen + 1);
   end =
     GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
                                    sizeof (struct GNUNET_CRYPTO_EddsaPublicKey),
                                    pubkeybuf,
                                    keylen);
   if (NULL == end)
   {
     GNUNET_free (pubkeybuf);
     return NULL;
   }
   *end = '\0';
   return pubkeybuf;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_private_key_to_string()

char* GNUNET_CRYPTO_eddsa_private_key_to_string ( const struct GNUNET_CRYPTO_EddsaPrivateKey * priv )

Convert a private key to a string.

Parameters

priv	key to convert

Returns: string representing pub

Definition at line 400 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by run().

 {
   char *privkeybuf;
   size_t keylen = (sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
   char *end;
 
   if (keylen % 5 > 0)
     keylen += 5 - keylen % 5;
   keylen /= 5;
   privkeybuf = GNUNET_malloc (keylen + 1);
   end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
                                        sizeof (
                                          struct GNUNET_CRYPTO_EddsaPrivateKey),
                                        privkeybuf,
                                        keylen);
   if (NULL == end)
   {
     GNUNET_free (privkeybuf);
     return NULL;
   }
   *end = '\0';
   return privkeybuf;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_private_key_to_string()

char* GNUNET_CRYPTO_ecdsa_private_key_to_string ( const struct GNUNET_CRYPTO_EcdsaPrivateKey * priv )

Convert a private key to a string.

Parameters

priv	key to convert

Returns: string representing priv

Definition at line 433 of file crypto_ecc.c.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by create_finished(), and print_ego().

 {
   char *privkeybuf;
   size_t keylen = (sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)) * 8;
   char *end;
 
   if (keylen % 5 > 0)
     keylen += 5 - keylen % 5;
   keylen /= 5;
   privkeybuf = GNUNET_malloc (keylen + 1);
   end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
                                        sizeof (
                                          struct GNUNET_CRYPTO_EcdsaPrivateKey),
                                        privkeybuf,
                                        keylen);
   if (NULL == end)
   {
     GNUNET_free (privkeybuf);
     return NULL;
   }
   *end = '\0';
   return privkeybuf;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_from_string()

int GNUNET_CRYPTO_ecdsa_public_key_from_string	(	const char *	enc,
		size_t	enclen,
		struct GNUNET_CRYPTO_EcdsaPublicKey *	pub
	)

Convert a string representing a public key to a public key.

Parameters

enc	encoded public key
enclen	number of bytes in enc (without 0-terminator)
pub	where to store the public key

Returns: GNUNET_OK on success

Definition at line 468 of file crypto_ecc.c.

References GNUNET_OK, GNUNET_STRINGS_string_to_data(), and GNUNET_SYSERR.

Referenced by access_handler_callback(), authorize_endpoint(), code_redirect(), collect_cred_cont(), create_response(), credential_string_to_value(), get_cred_issuer_cb(), gns_string_to_value(), GNUNET_CREDENTIAL_credential_from_string(), GNUNET_GNS_lookup_with_tld(), GNUNET_GNSRECORD_zkey_to_pkey(), identity_cb(), json_to_credential(), lookup_it_finished(), run(), run_with_zone_pkey(), start_process(), tld_iter(), and verify_cred_cont().

 {
   size_t keylen = (sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
 
   if (keylen % 5 > 0)
     keylen += 5 - keylen % 5;
   keylen /= 5;
   if (enclen != keylen)
     return GNUNET_SYSERR;
 
   if (GNUNET_OK !=
       GNUNET_STRINGS_string_to_data (enc,
                                      enclen,
                                      pub,
                                      sizeof (
                                        struct GNUNET_CRYPTO_EcdsaPublicKey)))
     return GNUNET_SYSERR;
   return GNUNET_OK;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_public_key_from_string()

int GNUNET_CRYPTO_eddsa_public_key_from_string	(	const char *	enc,
		size_t	enclen,
		struct GNUNET_CRYPTO_EddsaPublicKey *	pub
	)

Convert a string representing a public key to a public key.

Parameters

enc	encoded public key
enclen	number of bytes in enc (without 0-terminator)
pub	where to store the public key

Returns: GNUNET_OK on success

Definition at line 501 of file crypto_ecc.c.

References GNUNET_OK, GNUNET_STRINGS_string_to_data(), and GNUNET_SYSERR.

Referenced by blacklist_cfg_iter(), conversation_string_to_value(), create_keys(), gns_string_to_value(), GNUNET_FRIENDS_parse(), hosts_directory_scan_callback(), run(), s2i_full(), server_parse_url(), show_peer(), and uri_loc_parse().

 {
   size_t keylen = (sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
 
   if (keylen % 5 > 0)
     keylen += 5 - keylen % 5;
   keylen /= 5;
   if (enclen != keylen)
     return GNUNET_SYSERR;
 
   if (GNUNET_OK !=
       GNUNET_STRINGS_string_to_data (enc,
                                      enclen,
                                      pub,
                                      sizeof (
                                        struct GNUNET_CRYPTO_EddsaPublicKey)))
     return GNUNET_SYSERR;
   return GNUNET_OK;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_private_key_from_string()

int GNUNET_CRYPTO_eddsa_private_key_from_string	(	const char *	enc,
		size_t	enclen,
		struct GNUNET_CRYPTO_EddsaPrivateKey *	priv
	)

Convert a string representing a private key to a private key.

Parameters

enc	encoded public key
enclen	number of bytes in enc (without 0-terminator)
priv	where to store the private key

Returns: GNUNET_OK on success

Definition at line 534 of file crypto_ecc.c.

References GNUNET_break, GNUNET_OK, GNUNET_STRINGS_string_to_data(), and GNUNET_SYSERR.

 {
   size_t keylen = (sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
 
   if (keylen % 5 > 0)
     keylen += 5 - keylen % 5;
   keylen /= 5;
   if (enclen != keylen)
     return GNUNET_SYSERR;
 
   if (GNUNET_OK !=
       GNUNET_STRINGS_string_to_data (enc,
                                      enclen,
                                      priv,
                                      sizeof (
                                        struct GNUNET_CRYPTO_EddsaPrivateKey)))
     return GNUNET_SYSERR;
 #if CRYPTO_BUG
   if (GNUNET_OK != check_eddsa_key (priv))
   {
     GNUNET_break (0);
     return GNUNET_OK;
   }
 #endif
   return GNUNET_OK;
 }

Here is the call graph for this function:

◆ data_to_eddsa_value()

static gcry_sexp_t data_to_eddsa_value ( const struct GNUNET_CRYPTO_EccSignaturePurpose * purpose )

static

Convert the data specified in the given purpose argument to an S-expression suitable for signature operations.

Parameters

purpose data to convert

Returns: converted s-expression

Definition at line 841 of file crypto_ecc.c.

References data, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, LOG_GCRY, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by GNUNET_CRYPTO_eddsa_sign(), and GNUNET_CRYPTO_eddsa_verify().

 {
   gcry_sexp_t data;
   int rc;
 
 /* SEE #5398 */
 #if 1
   struct GNUNET_HashCode hc;
 
   GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
   if (0 != (rc = gcry_sexp_build (&data,
                                   NULL,
                                   "(data(flags eddsa)(hash-algo %s)(value %b))",
                                   "sha512",
                                   (int) sizeof (hc),
                                   &hc)))
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
     return NULL;
   }
 #else
   GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
   if (0 != (rc = gcry_sexp_build (&data,
                                   NULL,
                                   "(data(flags eddsa)(hash-algo %s)(value %b))",
                                   "sha512",
                                   ntohl (purpose->size),
                                   purpose)))
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
     return NULL;
   }
 #endif
   return data;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ data_to_ecdsa_value()

static gcry_sexp_t data_to_ecdsa_value ( const struct GNUNET_CRYPTO_EccSignaturePurpose * purpose )

static

Convert the data specified in the given purpose argument to an S-expression suitable for signature operations.

Parameters

purpose data to convert

Returns: converted s-expression

Definition at line 886 of file crypto_ecc.c.

References data, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, LOG_GCRY, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by GNUNET_CRYPTO_ecdsa_sign(), and GNUNET_CRYPTO_ecdsa_verify().

 {
   gcry_sexp_t data;
   int rc;
 
 /* See #5398 */
 #if 1
   struct GNUNET_HashCode hc;
 
   GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
   if (0 != (rc = gcry_sexp_build (&data,
                                   NULL,
                                   "(data(flags rfc6979)(hash %s %b))",
                                   "sha512",
                                   (int) sizeof (hc),
                                   &hc)))
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
     return NULL;
   }
 #else
   if (0 != (rc = gcry_sexp_build (&data,
                                   NULL,
                                   "(data(flags rfc6979)(hash %s %b))",
                                   "sha512",
                                   ntohl (purpose->size),
                                   purpose)))
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
     return NULL;
   }
 #endif
   return data;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ derive_h()

static gcry_mpi_t derive_h	(	const struct GNUNET_CRYPTO_EcdsaPublicKey *	pub,
		const char *	label,
		const char *	context
	)

static

Derive the 'h' value for key derivation, where 'h = H(l,P)'.

Parameters

pub	public key for deriviation
label	label for deriviation
context	additional context to use for HKDF of 'h'; typically the name of the subsystem/application

Returns: h value

Definition at line 1257 of file crypto_ecc.c.

References GNUNET_CRYPTO_kdf(), GNUNET_CRYPTO_mpi_scan_unsigned(), and h.

Referenced by GNUNET_CRYPTO_ecdsa_private_key_derive(), and GNUNET_CRYPTO_ecdsa_public_key_derive().

 {
   gcry_mpi_t h;
   struct GNUNET_HashCode hc;
   static const char *const salt = "key-derivation";
 
   GNUNET_CRYPTO_kdf (&hc,
                      sizeof (hc),
                      salt,
                      strlen (salt),
                      pub,
                      sizeof (*pub),
                      label,
                      strlen (label),
                      context,
                      strlen (context),
                      NULL,
                      0);
   GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof (hc));
   return h;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ reverse_buffer()

static void reverse_buffer	(	unsigned char *	buffer,
		size_t	length
	)

static

Reverse the sequence of the bytes in buffer.

Parameters

Definition at line 1396 of file crypto_ecc.c.

Referenced by eddsa_d_to_a().

 {
   unsigned char tmp;
   size_t i;
 
   for (i = 0; i < length / 2; i++)
   {
     tmp = buffer[i];
     buffer[i] = buffer[length - 1 - i];
     buffer[length - 1 - i] = tmp;
   }
 }

Here is the caller graph for this function:

◆ eddsa_d_to_a()

static gcry_mpi_t eddsa_d_to_a ( gcry_mpi_t d )

static

Convert the secret d of an EdDSA key to the value that is actually used in the EdDSA computation.

Parameters

d	secret input

Returns: value used for the calculation in EdDSA

Definition at line 1418 of file crypto_ecc.c.

References GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), and reverse_buffer().

Referenced by GNUNET_CRYPTO_eddsa_ecdh().

 {
   unsigned char rawmpi[32]; /* 256-bit value */
   size_t rawmpilen;
   unsigned char digest[64]; /* 512-bit hash value */
   gcry_buffer_t hvec[2];
   unsigned int b;
   gcry_mpi_t a;
 
   b = 256 / 8; /* number of bytes in `d` */
 
   /* Note that we clear DIGEST so we can use it as input to left pad
      the key with zeroes for hashing.  */
   memset (digest, 0, sizeof digest);
   memset (hvec, 0, sizeof hvec);
   rawmpilen = sizeof (rawmpi);
   GNUNET_assert (
     0 == gcry_mpi_print (GCRYMPI_FMT_USG, rawmpi, rawmpilen, &rawmpilen, d));
   hvec[0].data = digest;
   hvec[0].off = 0;
   hvec[0].len = b > rawmpilen ? (b - rawmpilen) : 0;
   hvec[1].data = rawmpi;
   hvec[1].off = 0;
   hvec[1].len = rawmpilen;
   GNUNET_assert (
     0 == gcry_md_hash_buffers (GCRY_MD_SHA512, 0 /* flags */, digest, hvec, 2));
   /* Compute the A value.  */
   reverse_buffer (digest, 32); /* Only the first half of the hash.  */
   digest[0] = (digest[0] & 0x7f) | 0x40;
   digest[31] &= 0xf8;
 
   GNUNET_CRYPTO_mpi_scan_unsigned (&a, digest, 32);
   return a;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

◆ point_to_hash()

static int point_to_hash	(	gcry_mpi_point_t	result,
		gcry_ctx_t	ctx,
		struct GNUNET_HashCode *	key_material
	)

static

Take point from ECDH and convert it to key material.

Parameters

result	point from ECDH
ctx	ECC context
key_material[out]	set to derived key material

Returns: GNUNET_OK on success

Definition at line 1463 of file crypto_ecc.c.

References GNUNET_assert, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, GNUNET_OK, GNUNET_SYSERR, and LOG_GCRY.

Referenced by GNUNET_CRYPTO_ecdh_eddsa(), GNUNET_CRYPTO_ecdsa_ecdh(), and GNUNET_CRYPTO_eddsa_ecdh().

 {
   gcry_mpi_t result_x;
   unsigned char xbuf[256 / 8];
   size_t rsize;
 
   /* finally, convert point to string for hashing */
   result_x = gcry_mpi_new (256);
   if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx))
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0);
     return GNUNET_SYSERR;
   }
 
   rsize = sizeof (xbuf);
   GNUNET_assert (! gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE));
   /* result_x can be negative here, so we do not use 'GNUNET_CRYPTO_mpi_print_unsigned'
      as that does not include the sign bit; x should be a 255-bit
      value, so with the sign it should fit snugly into the 256-bit
      xbuf */
   GNUNET_assert (
     0 == gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize, result_x));
   GNUNET_CRYPTO_hash (xbuf, rsize, key_material);
   gcry_mpi_release (result_x);
   return GNUNET_OK;
 }

Here is the call graph for this function:

Here is the caller graph for this function:

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ EXTRA_CHECKS

◆ CURVE

◆ LOG

◆ LOG_STRERROR

◆ LOG_STRERROR_FILE

◆ LOG_GCRY

Function Documentation

◆ key_from_sexp()

◆ decode_private_ecdsa_key()

◆ decode_private_eddsa_key()

◆ decode_private_ecdhe_key()

◆ GNUNET_CRYPTO_ecdsa_public_key_to_string()

◆ GNUNET_CRYPTO_eddsa_public_key_to_string()

◆ GNUNET_CRYPTO_eddsa_private_key_to_string()

◆ GNUNET_CRYPTO_ecdsa_private_key_to_string()

◆ GNUNET_CRYPTO_ecdsa_public_key_from_string()

◆ GNUNET_CRYPTO_eddsa_public_key_from_string()

◆ GNUNET_CRYPTO_eddsa_private_key_from_string()

◆ data_to_eddsa_value()

◆ data_to_ecdsa_value()

◆ derive_h()

◆ reverse_buffer()

◆ eddsa_d_to_a()

◆ point_to_hash()