34 #define EXTRA_CHECKS 0 43 #define CURVE "Ed25519" 45 #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__) 47 #define LOG_STRERROR(kind, syscall) \ 48 GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall) 50 #define LOG_STRERROR_FILE(kind, syscall, filename) \ 51 GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, filename) 58 #define LOG_GCRY(level, cmd, rc) \ 62 _ ("`%s' failed at %s:%d with error: %s\n"), \ 66 gcry_strerror (rc)); \ 89 list = gcry_sexp_find_token (sexp, topname, 0);
92 l2 = gcry_sexp_cadr (list);
93 gcry_sexp_release (list);
99 for (
const char *s = elems; *s; s++, idx++)
101 l2 = gcry_sexp_find_token (list, s, 1);
104 for (
unsigned int i = 0; i < idx; i++)
106 gcry_free (array[i]);
109 gcry_sexp_release (list);
112 array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
113 gcry_sexp_release (l2);
116 for (
unsigned int i = 0; i < idx; i++)
118 gcry_free (array[i]);
121 gcry_sexp_release (list);
125 gcry_sexp_release (list);
144 for (
size_t i = 0; i<32; i++)
145 d[i] = priv->
d[31 - i];
147 rc = gcry_sexp_build (&result,
149 "(private-key(ecc(curve \"" CURVE "\")" 159 if (0 != (rc = gcry_pk_testkey (result)))
175 crypto_scalarmult_ed25519_base_noclamp (pub->
q_y, priv->
d);
185 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
186 unsigned char sk[crypto_sign_SECRETKEYBYTES];
191 sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
216 keylen += 5 - keylen % 5;
243 keylen += 5 - keylen % 5;
270 keylen += 5 - keylen % 5;
297 keylen += 5 - keylen % 5;
324 keylen += 5 - keylen % 5;
326 if (enclen != keylen)
349 keylen += 5 - keylen % 5;
351 if (enclen != keylen)
374 keylen += 5 - keylen % 5;
376 if (enclen != keylen)
502 if (0 != (rc = gcry_sexp_build (&data,
504 "(data(flags rfc6979)(hash %s %b))",
513 if (0 != (rc = gcry_sexp_build (&data,
515 "(data(flags rfc6979)(hash %s %b))",
517 ntohl (purpose->
size),
534 gcry_sexp_t priv_sexp;
535 gcry_sexp_t sig_sexp;
544 if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
547 _ (
"ECC signing failed at %s:%d: %s\n"),
551 gcry_sexp_release (data);
552 gcry_sexp_release (priv_sexp);
555 gcry_sexp_release (priv_sexp);
556 gcry_sexp_release (data);
560 if (0 != (rc =
key_from_sexp (rs, sig_sexp,
"sig-val",
"rs")))
563 gcry_sexp_release (sig_sexp);
566 gcry_sexp_release (sig_sexp);
569 gcry_mpi_release (rs[0]);
570 gcry_mpi_release (rs[1]);
585 size_t mlen = ntohl (purpose->
size);
586 unsigned char sk[crypto_sign_SECRETKEYBYTES];
587 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
592 res = crypto_sign_detached ((uint8_t *) sig,
610 gcry_sexp_t sig_sexpr;
611 gcry_sexp_t pub_sexpr;
616 if (purpose != ntohl (validate->
purpose))
620 if (0 != (rc = gcry_sexp_build (&sig_sexpr,
622 "(sig-val(ecdsa(r %b)(s %b)))",
623 (
int)
sizeof(sig->
r),
625 (
int)
sizeof(sig->
s),
632 if (0 != (rc = gcry_sexp_build (&pub_sexpr,
634 "(public-key(ecc(curve " CURVE ")(q %b)))",
635 (
int)
sizeof(pub->
q_y),
638 gcry_sexp_release (data);
639 gcry_sexp_release (sig_sexpr);
642 rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
643 gcry_sexp_release (pub_sexpr);
644 gcry_sexp_release (data);
645 gcry_sexp_release (sig_sexpr);
649 _ (
"ECDSA signature verification failed at %s:%d: %s\n"),
668 const unsigned char *
m = (
const void *) validate;
669 size_t mlen = ntohl (validate->
size);
670 const unsigned char *s = (
const void *) sig;
674 if (purpose != ntohl (validate->
purpose))
678 res = crypto_sign_verify_detached (s, m, mlen, pub->
q_y);
689 uint8_t
p[crypto_scalarmult_BYTES];
690 if (0 != crypto_scalarmult (p, priv->
d, pub->
q_y))
714 static const char *
const salt =
"key-derivation";
750 n = gcry_mpi_ec_get_mpi (
"n", ctx, 1);
753 h =
derive_h (&pub, label, context);
755 for (
size_t i = 0; i < 32; i++)
756 dc[i] = priv->
d[31 - i];
758 d = gcry_mpi_new (256);
759 gcry_mpi_mulm (d, h, x, n);
760 gcry_mpi_release (h);
761 gcry_mpi_release (x);
762 gcry_mpi_release (n);
763 gcry_ctx_release (ctx);
767 for (
size_t i = 0; i < 32; i++)
768 ret->
d[i] = dc[31 - i];
769 sodium_memzero (dc,
sizeof(dc));
770 gcry_mpi_release (d);
795 q_y = gcry_mpi_set_opaque_copy (NULL, pub->
q_y, 8 *
sizeof(pub->
q_y));
798 gcry_mpi_release (q_y);
799 q = gcry_mpi_ec_get_point (
"q", ctx, 0);
804 n = gcry_mpi_ec_get_mpi (
"n", ctx, 1);
805 h_mod_n = gcry_mpi_new (256);
806 gcry_mpi_mod (h_mod_n, h, n);
808 v = gcry_mpi_point_new (0);
809 gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
810 gcry_mpi_release (h_mod_n);
811 gcry_mpi_release (h);
812 gcry_mpi_release (n);
813 gcry_mpi_point_release (q);
817 gcry_mpi_point_release (v);
818 q_y = gcry_mpi_ec_get_mpi (
"q@eddsa", ctx, 0);
821 gcry_mpi_release (q_y);
822 gcry_ctx_release (ctx);
832 uint8_t a[crypto_scalarmult_SCALARBYTES];
833 uint8_t
p[crypto_scalarmult_BYTES];
839 if (0 != crypto_scalarmult (p, a, pub->
q_y))
842 crypto_scalarmult_BYTES,
853 uint8_t
p[crypto_scalarmult_BYTES];
856 if (0 != crypto_scalarmult (p, priv->
d, pub->
q_y))
859 crypto_scalarmult_BYTES,
871 uint8_t
p[crypto_scalarmult_BYTES];
872 uint8_t curve25510_pk[crypto_scalarmult_BYTES];
874 if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->
q_y))
876 if (0 != crypto_scalarmult (p, priv->
d, curve25510_pk))
888 uint8_t
p[crypto_scalarmult_BYTES];
889 uint8_t curve25510_pk[crypto_scalarmult_BYTES];
891 if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->
q_y))
893 if (0 != crypto_scalarmult (p, priv->
d, curve25510_pk))
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_get_anonymous()
Get the shared private key we use for anonymous users.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_ecdsa_public_key_derive(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
Derive a public key from a given public key and a label.
static int end
Set if we are to shutdown all services (including ARM).
#define BENCHMARK_START(opname)
char * GNUNET_CRYPTO_eddsa_public_key_to_string(const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a public key to a string.
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
void GNUNET_CRYPTO_ecdhe_key_clear(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Clear memory that was used to store a private key.
void GNUNET_CRYPTO_ecdsa_key_clear(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Clear memory that was used to store a private key.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
#define BENCHMARK_END(opname)
unsigned char r[256/8]
R value.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
static int ret
Return value of the commandline.
GNUNET_GenericReturnValue
Named constants for return values.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EcDSA public key and a private ECDH key.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
static pa_context * context
Pulseaudio context.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a string representing a public key to a public key.
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
cryptographic primitives for GNUnet
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
static struct GNUNET_OS_Process * p
Helper process we started.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_private_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a string representing a private key to a private key.
static int once
Global to mark if we've run the initialization.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
an ECC signature using ECDSA
static int result
Global testing status.
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private ECDSA key.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
char * GNUNET_CRYPTO_eddsa_private_key_to_string(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a private key to a string.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
char * GNUNET_CRYPTO_ecdsa_public_key_to_string(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a public key to a string.
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the mess...
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
an ECC signature using EdDSA.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Verify ECDSA signature.
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
Private ECC key encoded for transmission.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private EdDSA key.
void GNUNET_CRYPTO_eddsa_key_clear(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Clear memory that was used to store a private key.
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
static OpusEncoder * enc
OPUS encoder.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
char * GNUNET_CRYPTO_ecdsa_private_key_to_string(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert a private key to a string.
unsigned char s[256/8]
S value.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the 'h' value for key derivation, where 'h = H(l,P)'.
#define CURVE
Name of the curve we are using.
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
benchmarking for various operations
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_private_key_derive(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
Derive a private key from a given private key and a label.
uint32_t data
The data value.
static int list
Set if we should print a list of currently running services.
#define GNUNET_malloc(size)
Wrapper around malloc.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
static struct GNUNET_FS_DownloadContext * dc
#define GNUNET_free(ptr)
Wrapper around free.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...