GNUnet 0.28.0-dev.2-27-gc87478450
 
Loading...
Searching...
No Matches
crypto_ecc.c
Go to the documentation of this file.
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2012, 2013, 2015 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
27#include "platform.h"
28#include "gnunet_common.h"
29#include <gcrypt.h>
30#include <sodium.h>
31#include "gnunet_util_lib.h"
32#include "benchmark.h"
33#include "sodium/crypto_scalarmult.h"
34#include "sodium/crypto_scalarmult_curve25519.h"
35#include "sodium/utils.h"
36
37#define EXTRA_CHECKS 0
38
62#define CURVE "Ed25519"
63
64#define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)
65
66#define LOG_STRERROR(kind, syscall) \
67 GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)
68
69#define LOG_STRERROR_FILE(kind, syscall, filename) \
70 GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, \
71 filename)
72
78#define LOG_GCRY(level, cmd, rc) \
79 do \
80 { \
81 LOG (level, \
82 _ ("`%s' failed at %s:%d with error: %s\n"), \
83 cmd, \
84 __FILE__, \
85 __LINE__, \
86 gcry_strerror (rc)); \
87 } while (0)
88
89
99static int
100key_from_sexp (gcry_mpi_t *array,
101 gcry_sexp_t sexp,
102 const char *topname,
103 const char *elems)
104{
105 gcry_sexp_t list;
106 gcry_sexp_t l2;
107 unsigned int idx;
108
109 list = gcry_sexp_find_token (sexp, topname, 0);
110 if (! list)
111 return 1;
112 l2 = gcry_sexp_cadr (list);
113 gcry_sexp_release (list);
114 list = l2;
115 if (! list)
116 return 2;
117
118 idx = 0;
119 for (const char *s = elems; *s; s++, idx++)
120 {
121 l2 = gcry_sexp_find_token (list, s, 1);
122 if (! l2)
123 {
124 for (unsigned int i = 0; i < idx; i++)
125 {
126 gcry_free (array[i]);
127 array[i] = NULL;
128 }
129 gcry_sexp_release (list);
130 return 3; /* required parameter not found */
131 }
132 array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
133 gcry_sexp_release (l2);
134 if (! array[idx])
135 {
136 for (unsigned int i = 0; i < idx; i++)
137 {
138 gcry_free (array[i]);
139 array[i] = NULL;
140 }
141 gcry_sexp_release (list);
142 return 4; /* required parameter is invalid */
143 }
144 }
145 gcry_sexp_release (list);
146 return 0;
147}
148
149
157static gcry_sexp_t
158decode_private_ecdsa_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
159{
160 gcry_sexp_t result;
161 int rc;
162 uint8_t d[32];
163
164 for (size_t i = 0; i<32; i++)
165 d[i] = priv->d[31 - i];
166
167 rc = gcry_sexp_build (&result,
168 NULL,
169 "(private-key(ecc(curve \"" CURVE "\")"
170 "(d %b)))",
171 32,
172 d);
173 if (0 != rc)
174 {
175 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
176 GNUNET_assert (0);
177 }
178#if EXTRA_CHECKS
179 if (0 != (rc = gcry_pk_testkey (result)))
180 {
181 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
182 GNUNET_assert (0);
183 }
184#endif
185 return result;
186}
187
188
189void
190GNUNET_CRYPTO_ecdsa_key_get_public (
191 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
192 struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
193{
194 BENCHMARK_START (ecdsa_key_get_public);
195 crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
196 BENCHMARK_END (ecdsa_key_get_public);
197}
198
199
200void
201GNUNET_CRYPTO_eddsa_key_get_public (
202 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
203 struct GNUNET_CRYPTO_EddsaPublicKey *pub)
204{
205 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
206 unsigned char sk[crypto_sign_SECRETKEYBYTES];
207
208 BENCHMARK_START (eddsa_key_get_public);
209 GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
210 GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
211 sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
212 BENCHMARK_END (eddsa_key_get_public);
213}
214
215
216void
217GNUNET_CRYPTO_ecdhe_key_get_public (
218 const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
219 struct GNUNET_CRYPTO_EcdhePublicKey *pub)
220{
221 BENCHMARK_START (ecdhe_key_get_public);
222 GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
223 BENCHMARK_END (ecdhe_key_get_public);
224}
225
226
227char *
228GNUNET_CRYPTO_ecdsa_public_key_to_string (
229 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
230{
231 char *pubkeybuf;
232 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
233 char *end;
234
235 if (keylen % 5 > 0)
236 keylen += 5 - keylen % 5;
237 keylen /= 5;
238 pubkeybuf = GNUNET_malloc (keylen + 1);
239 end =
240 GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
241 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
242 pubkeybuf,
243 keylen);
244 if (NULL == end)
245 {
246 GNUNET_free (pubkeybuf);
247 return NULL;
248 }
249 *end = '\0';
250 return pubkeybuf;
251}
252
253
254char *
255GNUNET_CRYPTO_eddsa_public_key_to_string (
256 const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
257{
258 char *pubkeybuf;
259 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
260 char *end;
261
262 if (keylen % 5 > 0)
263 keylen += 5 - keylen % 5;
264 keylen /= 5;
265 pubkeybuf = GNUNET_malloc (keylen + 1);
266 end =
267 GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
268 sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
269 pubkeybuf,
270 keylen);
271 if (NULL == end)
272 {
273 GNUNET_free (pubkeybuf);
274 return NULL;
275 }
276 *end = '\0';
277 return pubkeybuf;
278}
279
280
281char *
282GNUNET_CRYPTO_eddsa_private_key_to_string (
283 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
284{
285 char *privkeybuf;
286 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
287 char *end;
288
289 if (keylen % 5 > 0)
290 keylen += 5 - keylen % 5;
291 keylen /= 5;
292 privkeybuf = GNUNET_malloc (keylen + 1);
293 end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
294 sizeof(
295 struct GNUNET_CRYPTO_EddsaPrivateKey),
296 privkeybuf,
297 keylen);
298 if (NULL == end)
299 {
300 GNUNET_free (privkeybuf);
301 return NULL;
302 }
303 *end = '\0';
304 return privkeybuf;
305}
306
307
308char *
309GNUNET_CRYPTO_ecdsa_private_key_to_string (
310 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
311{
312 char *privkeybuf;
313 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)) * 8;
314 char *end;
315
316 if (keylen % 5 > 0)
317 keylen += 5 - keylen % 5;
318 keylen /= 5;
319 privkeybuf = GNUNET_malloc (keylen + 1);
320 end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
321 sizeof(
322 struct GNUNET_CRYPTO_EcdsaPrivateKey),
323 privkeybuf,
324 keylen);
325 if (NULL == end)
326 {
327 GNUNET_free (privkeybuf);
328 return NULL;
329 }
330 *end = '\0';
331 return privkeybuf;
332}
333
334
335enum GNUNET_GenericReturnValue
336GNUNET_CRYPTO_ecdsa_public_key_from_string (
337 const char *enc,
338 size_t enclen,
339 struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
340{
341 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
342
343 if (keylen % 5 > 0)
344 keylen += 5 - keylen % 5;
345 keylen /= 5;
346 if (enclen != keylen)
347 return GNUNET_SYSERR;
348
349 if (GNUNET_OK !=
350 GNUNET_STRINGS_string_to_data (enc,
351 enclen,
352 pub,
353 sizeof(
354 struct GNUNET_CRYPTO_EcdsaPublicKey)))
355 return GNUNET_SYSERR;
356 return GNUNET_OK;
357}
358
359
360enum GNUNET_GenericReturnValue
361GNUNET_CRYPTO_eddsa_public_key_from_string (
362 const char *enc,
363 size_t enclen,
364 struct GNUNET_CRYPTO_EddsaPublicKey *pub)
365{
366 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
367
368 if (keylen % 5 > 0)
369 keylen += 5 - keylen % 5;
370 keylen /= 5;
371 if (enclen != keylen)
372 return GNUNET_SYSERR;
373
374 if (GNUNET_OK !=
375 GNUNET_STRINGS_string_to_data (enc,
376 enclen,
377 pub,
378 sizeof(
379 struct GNUNET_CRYPTO_EddsaPublicKey)))
380 return GNUNET_SYSERR;
381 return GNUNET_OK;
382}
383
384
385enum GNUNET_GenericReturnValue
386GNUNET_CRYPTO_eddsa_private_key_from_string (
387 const char *enc,
388 size_t enclen,
389 struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
390{
391 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
392
393 if (keylen % 5 > 0)
394 keylen += 5 - keylen % 5;
395 keylen /= 5;
396 if (enclen != keylen)
397 return GNUNET_SYSERR;
398
399 if (GNUNET_OK !=
400 GNUNET_STRINGS_string_to_data (enc,
401 enclen,
402 priv,
403 sizeof(
404 struct GNUNET_CRYPTO_EddsaPrivateKey)))
405 return GNUNET_SYSERR;
406#if CRYPTO_BUG
407 if (GNUNET_OK != check_eddsa_key (priv))
408 {
409 GNUNET_break (0);
410 return GNUNET_OK;
411 }
412#endif
413 return GNUNET_OK;
414}
415
416
417static void
418buffer_clear (void *buf, size_t len)
419{
420#if HAVE_MEMSET_S
421 memset_s (buf, len, 0, len);
422#elif HAVE_EXPLICIT_BZERO
423 explicit_bzero (buf, len);
424#else
425 volatile unsigned char *p = buf;
426 while (len--)
427 *p++ = 0;
428#endif
429}
430
431
432void
437
438
439void
444
445
446void
451
452
453void
454GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
455{
456 BENCHMARK_START (ecdhe_key_create);
457 GNUNET_CRYPTO_random_block (pk,
458 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
459 BENCHMARK_END (ecdhe_key_create);
460}
461
462
463void
464GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
465{
466 BENCHMARK_START (ecdsa_key_create);
467 GNUNET_CRYPTO_random_block (pk,
468 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
469 pk->d[0] &= 248;
470 pk->d[31] &= 127;
471 pk->d[31] |= 64;
472
473 BENCHMARK_END (ecdsa_key_create);
474}
475
476
477void
478GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
479{
480 BENCHMARK_START (eddsa_key_create);
481 /*
482 * We do not clamp for EdDSA, since all functions that use the private key do
483 * their own clamping (just like in libsodium). What we call "private key"
484 * here, actually corresponds to the seed in libsodium.
485 *
486 * (Contrast this to ECDSA, where functions using the private key can't clamp
487 * due to properties needed for GNS. That is a worse/unsafter API, but
488 * required for the GNS constructions to work.)
489 */
490 GNUNET_CRYPTO_random_block (pk,
491 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
492 BENCHMARK_END (eddsa_key_create);
493}
494
495
496const struct GNUNET_CRYPTO_EcdsaPrivateKey *
497GNUNET_CRYPTO_ecdsa_key_get_anonymous ()
498{
503 static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
504 static int once;
505
506 if (once)
507 return &anonymous;
508 GNUNET_CRYPTO_mpi_print_unsigned (anonymous.d,
509 sizeof(anonymous.d),
510 GCRYMPI_CONST_ONE);
511 anonymous.d[0] &= 248;
512 anonymous.d[31] &= 127;
513 anonymous.d[31] |= 64;
514
515 once = 1;
516 return &anonymous;
517}
518
519
520const struct GNUNET_CRYPTO_EddsaPrivateKey *
521GNUNET_CRYPTO_eddsa_key_get_anonymous ()
522{
527 static struct GNUNET_CRYPTO_EddsaPrivateKey anonymous;
528 static int once;
529
530 if (once)
531 return &anonymous;
532
533 memset (anonymous.d, 0, sizeof(anonymous.d));
534
535 // Set the first byte to 1 (Little-Endian representation of 1)
536 anonymous.d[0] = 1;
537
538 once = 1;
539 return &anonymous;
540}
541
542
550static gcry_sexp_t
551data_to_ecdsa_value (const struct GNUNET_CRYPTO_SignaturePurpose *purpose)
552{
553 gcry_sexp_t data;
554 int rc;
555 /* Unlike EdDSA, libgcrypt expects a hash for ECDSA. */
556 struct GNUNET_HashCode hc;
557
558 GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
559 if (0 != (rc = gcry_sexp_build (&data,
560 NULL,
561 "(data(flags rfc6979)(hash %s %b))",
562 "sha512",
563 (int) sizeof(hc),
564 &hc)))
565 {
566 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
567 return NULL;
568 }
569 return data;
570}
571
572
573enum GNUNET_GenericReturnValue
574GNUNET_CRYPTO_ecdsa_sign_ (
575 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
576 const struct GNUNET_CRYPTO_SignaturePurpose *purpose,
577 struct GNUNET_CRYPTO_EcdsaSignature *sig)
578{
579 gcry_sexp_t priv_sexp;
580 gcry_sexp_t sig_sexp;
581 gcry_sexp_t data;
582 int rc;
583 gcry_mpi_t rs[2];
584
585 BENCHMARK_START (ecdsa_sign);
586
587 priv_sexp = decode_private_ecdsa_key (priv);
588 data = data_to_ecdsa_value (purpose);
589 if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
590 {
591 LOG (GNUNET_ERROR_TYPE_WARNING,
592 _ ("ECC signing failed at %s:%d: %s\n"),
593 __FILE__,
594 __LINE__,
595 gcry_strerror (rc));
596 gcry_sexp_release (data);
597 gcry_sexp_release (priv_sexp);
598 return GNUNET_SYSERR;
599 }
600 gcry_sexp_release (priv_sexp);
601 gcry_sexp_release (data);
602
603 /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
604 'signature' */
605 if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
606 {
607 GNUNET_break (0);
608 gcry_sexp_release (sig_sexp);
609 return GNUNET_SYSERR;
610 }
611 gcry_sexp_release (sig_sexp);
612 GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
613 GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
614 gcry_mpi_release (rs[0]);
615 gcry_mpi_release (rs[1]);
616
617 BENCHMARK_END (ecdsa_sign);
618
619 return GNUNET_OK;
620}
621
622
623enum GNUNET_GenericReturnValue
624GNUNET_CRYPTO_eddsa_sign_raw (
625 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
626 void *data,
627 size_t size,
628 struct GNUNET_CRYPTO_EddsaSignature *sig)
629{
630 unsigned char sk[crypto_sign_SECRETKEYBYTES];
631 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
632 int res;
633
634 GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
635 res = crypto_sign_detached ((uint8_t *) sig,
636 NULL,
637 (uint8_t *) data,
638 size,
639 sk);
640 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
641}
642
643
644enum GNUNET_GenericReturnValue
645GNUNET_CRYPTO_eddsa_sign_ (
646 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
647 const struct GNUNET_CRYPTO_SignaturePurpose *purpose,
648 struct GNUNET_CRYPTO_EddsaSignature *sig)
649{
650
651 size_t mlen = ntohl (purpose->size);
652 unsigned char sk[crypto_sign_SECRETKEYBYTES];
653 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
654 int res;
655
656 BENCHMARK_START (eddsa_sign);
657 GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
658 res = crypto_sign_detached ((uint8_t *) sig,
659 NULL,
660 (uint8_t *) purpose,
661 mlen,
662 sk);
663 BENCHMARK_END (eddsa_sign);
664 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
665}
666
667
668enum GNUNET_GenericReturnValue
669GNUNET_CRYPTO_ecdsa_verify_ (
670 uint32_t purpose,
671 const struct GNUNET_CRYPTO_SignaturePurpose *validate,
672 const struct GNUNET_CRYPTO_EcdsaSignature *sig,
673 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
674{
675 gcry_sexp_t data;
676 gcry_sexp_t sig_sexpr;
677 gcry_sexp_t pub_sexpr;
678 int rc;
679
680 BENCHMARK_START (ecdsa_verify);
681
682 if (purpose != ntohl (validate->purpose))
683 return GNUNET_SYSERR; /* purpose mismatch */
684
685 /* build s-expression for signature */
686 if (0 != (rc = gcry_sexp_build (&sig_sexpr,
687 NULL,
688 "(sig-val(ecdsa(r %b)(s %b)))",
689 (int) sizeof(sig->r),
690 sig->r,
691 (int) sizeof(sig->s),
692 sig->s)))
693 {
694 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
695 return GNUNET_SYSERR;
696 }
697 data = data_to_ecdsa_value (validate);
698 if (0 != (rc = gcry_sexp_build (&pub_sexpr,
699 NULL,
700 "(public-key(ecc(curve " CURVE ")(q %b)))",
701 (int) sizeof(pub->q_y),
702 pub->q_y)))
703 {
704 gcry_sexp_release (data);
705 gcry_sexp_release (sig_sexpr);
706 return GNUNET_SYSERR;
707 }
708 rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
709 gcry_sexp_release (pub_sexpr);
710 gcry_sexp_release (data);
711 gcry_sexp_release (sig_sexpr);
712 if (0 != rc)
713 {
714 LOG (GNUNET_ERROR_TYPE_INFO,
715 _ ("ECDSA signature verification failed at %s:%d: %s\n"),
716 __FILE__,
717 __LINE__,
718 gcry_strerror (rc));
719 BENCHMARK_END (ecdsa_verify);
720 return GNUNET_SYSERR;
721 }
722 BENCHMARK_END (ecdsa_verify);
723 return GNUNET_OK;
724}
725
726
727enum GNUNET_GenericReturnValue
728GNUNET_CRYPTO_eddsa_verify_ (
729 uint32_t purpose,
730 const struct GNUNET_CRYPTO_SignaturePurpose *validate,
731 const struct GNUNET_CRYPTO_EddsaSignature *sig,
732 const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
733{
734 const unsigned char *m = (const void *) validate;
735 size_t mlen = ntohl (validate->size);
736 const unsigned char *s = (const void *) sig;
737
738 int res;
739
740 if (purpose != ntohl (validate->purpose))
741 return GNUNET_SYSERR; /* purpose mismatch */
742
743 BENCHMARK_START (eddsa_verify);
744
745 res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
746 BENCHMARK_END (eddsa_verify);
747 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
748}
749
750
751enum GNUNET_GenericReturnValue
752GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
753 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
754 struct GNUNET_HashCode *key_material)
755{
756 uint8_t p[crypto_scalarmult_BYTES];
757 if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
758 return GNUNET_SYSERR;
759 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
760 return GNUNET_OK;
761}
762
763
764enum GNUNET_GenericReturnValue
765GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
766 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
767 struct GNUNET_HashCode *key_material)
768{
769 struct GNUNET_HashCode hc;
770 uint8_t a[crypto_scalarmult_SCALARBYTES];
771 uint8_t p[crypto_scalarmult_BYTES];
772
773 GNUNET_CRYPTO_hash (priv,
774 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
775 &hc);
776 memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
777 if (0 != crypto_scalarmult (p, a, pub->q_y))
778 return GNUNET_SYSERR;
779 GNUNET_CRYPTO_hash (p,
780 crypto_scalarmult_BYTES,
781 key_material);
782 return GNUNET_OK;
783}
784
785
786enum GNUNET_GenericReturnValue
787GNUNET_CRYPTO_x25519_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *sk,
788 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
789 struct GNUNET_CRYPTO_EcdhePublicKey *dh)
790{
791 uint64_t checkbyte = 0;
792 size_t num_words = sizeof *dh / sizeof (uint64_t);
793 if (0 != crypto_scalarmult_curve25519 (dh->q_y, sk->d, pub->q_y))
794 return GNUNET_SYSERR;
795 // We need to check if this is the all-zero value
796 for (int i = 0; i < num_words; i++)
797 checkbyte |= ((uint64_t*) dh)[i];
798 return (0 == checkbyte) ? GNUNET_SYSERR : GNUNET_OK;
799}
800
801
802enum GNUNET_GenericReturnValue
803GNUNET_CRYPTO_ecdh_x25519 (const struct GNUNET_CRYPTO_EcdhePrivateKey *sk,
804 const struct GNUNET_CRYPTO_EcdhePublicKey *pk,
805 struct GNUNET_CRYPTO_EcdhePublicKey *dh)
806{
807 uint64_t checkbyte = 0;
808 size_t num_words = sizeof *dh / sizeof (uint64_t);
809 if (0 != crypto_scalarmult_curve25519 (dh->q_y, sk->d, pk->q_y))
810 return GNUNET_SYSERR;
811 // We need to check if this is the all-zero value
812 for (int i = 0; i < num_words; i++)
813 checkbyte |= ((uint64_t*) dh)[i];
814 if (0 == checkbyte)
815 {
816 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
817 "HPKE ECDH: X25519 all zero value!\n");
818 return GNUNET_SYSERR;
819 }
820 return GNUNET_OK;
821}
822
823
824enum GNUNET_GenericReturnValue
825GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
826 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
827 struct GNUNET_HashCode *key_material)
828{
829 uint8_t p[crypto_scalarmult_BYTES];
830
831 BENCHMARK_START (ecdsa_ecdh);
832 if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
833 return GNUNET_SYSERR;
834 GNUNET_CRYPTO_hash (p,
835 crypto_scalarmult_BYTES,
836 key_material);
837 BENCHMARK_END (ecdsa_ecdh);
838 return GNUNET_OK;
839}
840
841
842enum GNUNET_GenericReturnValue
843GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
844 const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
845 struct GNUNET_HashCode *key_material)
846{
847 uint8_t p[crypto_scalarmult_BYTES];
848 uint8_t curve25510_pk[crypto_scalarmult_BYTES];
849
850 if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
851 return GNUNET_SYSERR;
852 if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
853 return GNUNET_SYSERR;
854 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
855 return GNUNET_OK;
856}
857
858
859enum GNUNET_GenericReturnValue
860GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
861 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
862 struct GNUNET_HashCode *key_material)
863{
864 uint8_t p[crypto_scalarmult_BYTES];
865 uint8_t curve25510_pk[crypto_scalarmult_BYTES];
866
867 if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
868 return GNUNET_SYSERR;
869 if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
870 return GNUNET_SYSERR;
871 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
872 return GNUNET_OK;
873}
874
875
876/* end of crypto_ecc.c */
benchmark.h
benchmarking for various operations
BENCHMARK_START
#define BENCHMARK_START(opname)
Definition benchmark.h:57
BENCHMARK_END
#define BENCHMARK_END(opname)
Definition benchmark.h:58
key_from_sexp
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition crypto_ecc.c:100
CURVE
#define CURVE
IMPLEMENTATION NOTICE:
Definition crypto_ecc.c:62
buffer_clear
static void buffer_clear(void *buf, size_t len)
Definition crypto_ecc.c:418
LOG_GCRY
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the mess...
Definition crypto_ecc.c:78
data_to_ecdsa_value
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_SignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition crypto_ecc.c:551
LOG
#define LOG(kind,...)
Definition crypto_ecc.c:64
decode_private_ecdsa_key
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition crypto_ecc.c:158
d
static mp_limb_t d[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
Definition crypto_elligator.c:192
m
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition gnunet-arm.c:103
list
static int list
Set if we should print a list of currently running services.
Definition gnunet-arm.c:68
end
static int end
Set if we are to shutdown all services (including ARM).
Definition gnunet-arm.c:33
data
static char * data
The data to insert into the dht.
Definition gnunet-dht-put.c:88
enc
static OpusEncoder * enc
OPUS encoder.
Definition gnunet-helper-audio-record.c:206
pk
struct GNUNET_CRYPTO_BlindablePrivateKey pk
Private key from command line option, or NULL.
Definition gnunet-identity.c:126
res
static char * res
Currently read line or NULL on EOF.
Definition gnunet-namestore-zonefile.c:256
once
static int once
Option -i.
Definition gnunet-pils.c:39
result
static int result
Global testing status.
Definition gnunet-regex-profiler.c:240
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition gnunet-scrypt.c:47
p
static struct GNUNET_Process * p
Helper process we started.
Definition gnunet-uri.c:38
gnunet_common.h
commonly used definitions; globals in this file are exempt from the rule that the module name ("commo...
gnunet_util_lib.h
GNUNET_CRYPTO_ecc_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition crypto_ecc.c:752
GNUNET_CRYPTO_ecdhe_key_create
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition crypto_ecc.c:454
GNUNET_CRYPTO_eddsa_verify_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_SignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition crypto_ecc.c:728
GNUNET_CRYPTO_x25519_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_x25519_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *sk, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_CRYPTO_EcdhePublicKey *dh)
Derive key material from a ECDH public key and a private X25519 key.
Definition crypto_ecc.c:787
GNUNET_CRYPTO_eddsa_key_get_anonymous
const struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_get_anonymous()
Get the shared private key we use for anonymous users.
Definition crypto_ecc.c:521
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition crypto_ecc.c:201
GNUNET_CRYPTO_ecdsa_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
HPKE END.
Definition crypto_ecc.c:825
GNUNET_CRYPTO_eddsa_key_clear
void GNUNET_CRYPTO_eddsa_key_clear(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition crypto_ecc.c:447
GNUNET_CRYPTO_eddsa_sign_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition crypto_ecc.c:645
GNUNET_CRYPTO_eddsa_ecdh
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private EdDSA key.
Definition crypto_ecc.c:765
GNUNET_CRYPTO_ecdh_ecdsa
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EcDSA public key and a private ECDH key.
Definition crypto_ecc.c:860
GNUNET_CRYPTO_eddsa_key_create
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition crypto_ecc.c:478
GNUNET_CRYPTO_ecdh_eddsa
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition crypto_ecc.c:843
GNUNET_CRYPTO_ecdsa_sign_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition crypto_ecc.c:574
GNUNET_CRYPTO_random_block
void GNUNET_CRYPTO_random_block(void *buffer, size_t length)
Fill block with a random values.
Definition crypto_random.c:102
GNUNET_CRYPTO_ecdsa_key_create
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition crypto_ecc.c:464
GNUNET_CRYPTO_ecdsa_key_clear
void GNUNET_CRYPTO_ecdsa_key_clear(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition crypto_ecc.c:440
GNUNET_CRYPTO_ecdsa_key_get_anonymous
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_get_anonymous()
Get the shared private key we use for anonymous users.
Definition crypto_ecc.c:497
GNUNET_CRYPTO_ecdsa_key_get_public
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Derive key.
Definition crypto_ecc.c:190
GNUNET_CRYPTO_ecdh_x25519
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_x25519(const struct GNUNET_CRYPTO_EcdhePrivateKey *sk, const struct GNUNET_CRYPTO_EcdhePublicKey *pk, struct GNUNET_CRYPTO_EcdhePublicKey *dh)
Derive key material from a EdDSA public key and a private ECDH key.
Definition crypto_ecc.c:803
GNUNET_CRYPTO_ecdhe_key_clear
void GNUNET_CRYPTO_ecdhe_key_clear(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Clear memory that was used to store a private key.
Definition crypto_ecc.c:433
GNUNET_CRYPTO_ecdhe_key_get_public
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition crypto_ecc.c:217
GNUNET_CRYPTO_ecdsa_verify_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_SignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Verify ECDSA signature.
Definition crypto_ecc.c:669
GNUNET_CRYPTO_hash
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition crypto_hash.c:40
GNUNET_CRYPTO_eddsa_private_key_to_string
char * GNUNET_CRYPTO_eddsa_private_key_to_string(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a private key to a string.
Definition crypto_ecc.c:282
GNUNET_CRYPTO_eddsa_sign_raw
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_raw(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, void *data, size_t size, struct GNUNET_CRYPTO_EddsaSignature *sig)
Definition crypto_ecc.c:624
GNUNET_log
#define GNUNET_log(kind,...)
Definition gnunet_common.h:551
GNUNET_CRYPTO_ecdsa_public_key_from_string
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition crypto_ecc.c:336
GNUNET_CRYPTO_eddsa_public_key_to_string
char * GNUNET_CRYPTO_eddsa_public_key_to_string(const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a public key to a string.
Definition crypto_ecc.c:255
GNUNET_CRYPTO_eddsa_public_key_from_string
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition crypto_ecc.c:361
GNUNET_CRYPTO_mpi_print_unsigned
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition crypto_mpi.c:79
GNUNET_CRYPTO_ecdsa_public_key_to_string
char * GNUNET_CRYPTO_ecdsa_public_key_to_string(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a public key to a string.
Definition crypto_ecc.c:228
GNUNET_memcpy
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
Definition gnunet_common.h:1320
GNUNET_CRYPTO_eddsa_private_key_from_string
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_private_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a string representing a private key to a private key.
Definition crypto_ecc.c:386
GNUNET_CRYPTO_ecdsa_private_key_to_string
char * GNUNET_CRYPTO_ecdsa_private_key_to_string(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert a private key to a string.
Definition crypto_ecc.c:309
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition gnunet_common.h:111
GNUNET_OK
@ GNUNET_OK
Definition gnunet_common.h:114
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition gnunet_common.h:112
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition gnunet_common.h:960
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition gnunet_common.h:1045
GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_WARNING
Definition gnunet_common.h:418
GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_ERROR
Definition gnunet_common.h:417
GNUNET_ERROR_TYPE_INFO
@ GNUNET_ERROR_TYPE_INFO
Definition gnunet_common.h:423
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition gnunet_common.h:1355
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition gnunet_common.h:1415
GNUNET_STRINGS_data_to_string
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
Definition strings.c:763
GNUNET_STRINGS_string_to_data
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition strings.c:843
size
static unsigned int size
Size of the "table".
Definition peer.c:68
_
#define _(String)
GNU gettext support macro.
Definition platform.h:179
GNUNET_CRYPTO_EcdhePrivateKey
Private ECC key encoded for transmission.
Definition gnunet_crypto_lib.h:232
GNUNET_CRYPTO_EcdhePrivateKey::d
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Definition gnunet_crypto_lib.h:236
GNUNET_CRYPTO_EcdhePublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Definition gnunet_crypto_lib.h:218
GNUNET_CRYPTO_EcdhePublicKey::q_y
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
Definition gnunet_crypto_lib.h:223
GNUNET_CRYPTO_EcdsaPrivateKey
Private ECC key encoded for transmission.
Definition gnunet_crypto_lib.h:244
GNUNET_CRYPTO_EcdsaPrivateKey::d
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Definition gnunet_crypto_lib.h:248
GNUNET_CRYPTO_EcdsaPublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
Definition gnunet_crypto_lib.h:195
GNUNET_CRYPTO_EcdsaSignature
an ECC signature using ECDSA
Definition gnunet_crypto_lib.h:160
GNUNET_CRYPTO_EcdsaSignature::s
unsigned char s[256/8]
S value.
Definition gnunet_crypto_lib.h:169
GNUNET_CRYPTO_EcdsaSignature::r
unsigned char r[256/8]
R value.
Definition gnunet_crypto_lib.h:164
GNUNET_CRYPTO_EddsaPrivateKey
Private ECC key encoded for transmission.
Definition gnunet_crypto_lib.h:256
GNUNET_CRYPTO_EddsaPrivateKey::d
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Definition gnunet_crypto_lib.h:260
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition gnunet_crypto_lib.h:180
GNUNET_CRYPTO_EddsaPublicKey::q_y
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Definition gnunet_crypto_lib.h:186
GNUNET_CRYPTO_EddsaSignature
an ECC signature using EdDSA.
Definition gnunet_crypto_lib.h:143
GNUNET_CRYPTO_SignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition gnunet_crypto_lib.h:120
GNUNET_CRYPTO_SignaturePurpose::purpose
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Definition gnunet_crypto_lib.h:134
GNUNET_CRYPTO_SignaturePurpose::size
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...
Definition gnunet_crypto_lib.h:126
GNUNET_HashCode
A 512-bit hashcode.
Definition gnunet_common.h:287