GNUnet  0.11.x
crypto_ecc.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2012, 2013, 2015 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
27 #include "platform.h"
28 #include <gcrypt.h>
29 #include "gnunet_crypto_lib.h"
30 #include "gnunet_strings_lib.h"
31 #include "benchmark.h"
32 #include "tweetnacl-gnunet.h"
33 
34 #define EXTRA_CHECKS 0
35 
36 
43 #define CURVE "Ed25519"
44 
45 #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)
46 
47 #define LOG_STRERROR(kind, syscall) \
48  GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)
49 
50 #define LOG_STRERROR_FILE(kind, syscall, filename) \
51  GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, filename)
52 
58 #define LOG_GCRY(level, cmd, rc) \
59  do \
60  { \
61  LOG (level, \
62  _ ("`%s' failed at %s:%d with error: %s\n"), \
63  cmd, \
64  __FILE__, \
65  __LINE__, \
66  gcry_strerror (rc)); \
67  } while (0)
68 
69 
79 static int
80 key_from_sexp (gcry_mpi_t *array,
81  gcry_sexp_t sexp,
82  const char *topname,
83  const char *elems)
84 {
85  gcry_sexp_t list;
86  gcry_sexp_t l2;
87  unsigned int idx;
88 
89  list = gcry_sexp_find_token (sexp, topname, 0);
90  if (! list)
91  return 1;
92  l2 = gcry_sexp_cadr (list);
93  gcry_sexp_release (list);
94  list = l2;
95  if (! list)
96  return 2;
97 
98  idx = 0;
99  for (const char *s = elems; *s; s++, idx++)
100  {
101  l2 = gcry_sexp_find_token (list, s, 1);
102  if (! l2)
103  {
104  for (unsigned int i = 0; i < idx; i++)
105  {
106  gcry_free (array[i]);
107  array[i] = NULL;
108  }
109  gcry_sexp_release (list);
110  return 3; /* required parameter not found */
111  }
112  array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
113  gcry_sexp_release (l2);
114  if (! array[idx])
115  {
116  for (unsigned int i = 0; i < idx; i++)
117  {
118  gcry_free (array[i]);
119  array[i] = NULL;
120  }
121  gcry_sexp_release (list);
122  return 4; /* required parameter is invalid */
123  }
124  }
125  gcry_sexp_release (list);
126  return 0;
127 }
128 
129 
137 static gcry_sexp_t
139 {
140  gcry_sexp_t result;
141  int rc;
142 
143  rc = gcry_sexp_build (&result,
144  NULL,
145  "(private-key(ecc(curve \"" CURVE "\")"
146  "(d %b)))",
147  (int) sizeof(priv->d),
148  priv->d);
149  if (0 != rc)
150  {
151  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
152  GNUNET_assert (0);
153  }
154 #if EXTRA_CHECKS
155  if (0 != (rc = gcry_pk_testkey (result)))
156  {
157  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
158  GNUNET_assert (0);
159  }
160 #endif
161  return result;
162 }
163 
164 
171 void
173  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
175 {
176  BENCHMARK_START (ecdsa_key_get_public);
178  BENCHMARK_END (ecdsa_key_get_public);
179 }
180 
181 
188 void
190  const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
192 {
193  BENCHMARK_START (eddsa_key_get_public);
195  BENCHMARK_END (eddsa_key_get_public);
196 }
197 
198 
205 void
207  const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
209 {
210  BENCHMARK_START (ecdhe_key_get_public);
212  BENCHMARK_END (ecdhe_key_get_public);
213 }
214 
215 
222 char *
224  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
225 {
226  char *pubkeybuf;
227  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
228  char *end;
229 
230  if (keylen % 5 > 0)
231  keylen += 5 - keylen % 5;
232  keylen /= 5;
233  pubkeybuf = GNUNET_malloc (keylen + 1);
234  end =
235  GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
236  sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
237  pubkeybuf,
238  keylen);
239  if (NULL == end)
240  {
241  GNUNET_free (pubkeybuf);
242  return NULL;
243  }
244  *end = '\0';
245  return pubkeybuf;
246 }
247 
248 
255 char *
257  const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
258 {
259  char *pubkeybuf;
260  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
261  char *end;
262 
263  if (keylen % 5 > 0)
264  keylen += 5 - keylen % 5;
265  keylen /= 5;
266  pubkeybuf = GNUNET_malloc (keylen + 1);
267  end =
268  GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
269  sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
270  pubkeybuf,
271  keylen);
272  if (NULL == end)
273  {
274  GNUNET_free (pubkeybuf);
275  return NULL;
276  }
277  *end = '\0';
278  return pubkeybuf;
279 }
280 
281 
288 char *
290  const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
291 {
292  char *privkeybuf;
293  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
294  char *end;
295 
296  if (keylen % 5 > 0)
297  keylen += 5 - keylen % 5;
298  keylen /= 5;
299  privkeybuf = GNUNET_malloc (keylen + 1);
300  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
301  sizeof(
303  privkeybuf,
304  keylen);
305  if (NULL == end)
306  {
307  GNUNET_free (privkeybuf);
308  return NULL;
309  }
310  *end = '\0';
311  return privkeybuf;
312 }
313 
314 
321 char *
323  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
324 {
325  char *privkeybuf;
326  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)) * 8;
327  char *end;
328 
329  if (keylen % 5 > 0)
330  keylen += 5 - keylen % 5;
331  keylen /= 5;
332  privkeybuf = GNUNET_malloc (keylen + 1);
333  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
334  sizeof(
336  privkeybuf,
337  keylen);
338  if (NULL == end)
339  {
340  GNUNET_free (privkeybuf);
341  return NULL;
342  }
343  *end = '\0';
344  return privkeybuf;
345 }
346 
347 
356 int
358  const char *enc,
359  size_t enclen,
361 {
362  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
363 
364  if (keylen % 5 > 0)
365  keylen += 5 - keylen % 5;
366  keylen /= 5;
367  if (enclen != keylen)
368  return GNUNET_SYSERR;
369 
370  if (GNUNET_OK !=
372  enclen,
373  pub,
374  sizeof(
376  return GNUNET_SYSERR;
377  return GNUNET_OK;
378 }
379 
380 
389 int
391  const char *enc,
392  size_t enclen,
394 {
395  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
396 
397  if (keylen % 5 > 0)
398  keylen += 5 - keylen % 5;
399  keylen /= 5;
400  if (enclen != keylen)
401  return GNUNET_SYSERR;
402 
403  if (GNUNET_OK !=
405  enclen,
406  pub,
407  sizeof(
409  return GNUNET_SYSERR;
410  return GNUNET_OK;
411 }
412 
413 
422 int
424  const char *enc,
425  size_t enclen,
426  struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
427 {
428  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
429 
430  if (keylen % 5 > 0)
431  keylen += 5 - keylen % 5;
432  keylen /= 5;
433  if (enclen != keylen)
434  return GNUNET_SYSERR;
435 
436  if (GNUNET_OK !=
438  enclen,
439  priv,
440  sizeof(
442  return GNUNET_SYSERR;
443 #if CRYPTO_BUG
444  if (GNUNET_OK != check_eddsa_key (priv))
445  {
446  GNUNET_break (0);
447  return GNUNET_OK;
448  }
449 #endif
450  return GNUNET_OK;
451 }
452 
453 
460 void
462 {
463  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
464 }
465 
466 
473 void
475 {
476  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
477 }
478 
479 
486 void
488 {
489  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
490 }
491 
492 
500 {
501  struct GNUNET_CRYPTO_EcdhePrivateKey *priv;
502 
505  {
506  GNUNET_free (priv);
507  return NULL;
508  }
509  return priv;
510 }
511 
512 
520 int
522 {
523  BENCHMARK_START (ecdhe_key_create);
525  pk,
526  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
527  BENCHMARK_END (ecdhe_key_create);
528  return GNUNET_OK;
529 }
530 
531 
539 {
540  struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
541  gcry_sexp_t priv_sexp;
542  gcry_sexp_t s_keyparam;
543  gcry_mpi_t d;
544  int rc;
545 
546  BENCHMARK_START (ecdsa_key_create);
547 
548  if (0 != (rc = gcry_sexp_build (&s_keyparam,
549  NULL,
550  "(genkey(ecc(curve \"" CURVE "\")"
551  "(flags)))")))
552  {
553  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
554  return NULL;
555  }
556  if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
557  {
558  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
559  gcry_sexp_release (s_keyparam);
560  return NULL;
561  }
562  gcry_sexp_release (s_keyparam);
563 #if EXTRA_CHECKS
564  if (0 != (rc = gcry_pk_testkey (priv_sexp)))
565  {
566  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
567  gcry_sexp_release (priv_sexp);
568  return NULL;
569  }
570 #endif
571  if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
572  {
573  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
574  gcry_sexp_release (priv_sexp);
575  return NULL;
576  }
577  gcry_sexp_release (priv_sexp);
579  GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof(priv->d), d);
580  gcry_mpi_release (d);
581 
582  BENCHMARK_END (ecdsa_key_create);
583 
584  return priv;
585 }
586 
587 
595 {
596  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
597 
598  BENCHMARK_START (eddsa_key_create);
601  priv,
602  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
603  BENCHMARK_END (eddsa_key_create);
604 
605  return priv;
606 }
607 
608 
614 const struct GNUNET_CRYPTO_EcdsaPrivateKey *
616 {
621  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
622  static int once;
623 
624  if (once)
625  return &anonymous;
627  sizeof(anonymous.d),
628  GCRYMPI_CONST_ONE);
629  once = 1;
630  return &anonymous;
631 }
632 
633 
641 static gcry_sexp_t
643 {
644  gcry_sexp_t data;
645  int rc;
646 
647 /* See #5398 */
648 #if 1
649  struct GNUNET_HashCode hc;
650 
651  GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
652  if (0 != (rc = gcry_sexp_build (&data,
653  NULL,
654  "(data(flags rfc6979)(hash %s %b))",
655  "sha512",
656  (int) sizeof(hc),
657  &hc)))
658  {
659  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
660  return NULL;
661  }
662 #else
663  if (0 != (rc = gcry_sexp_build (&data,
664  NULL,
665  "(data(flags rfc6979)(hash %s %b))",
666  "sha512",
667  ntohl (purpose->size),
668  purpose)))
669  {
670  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
671  return NULL;
672  }
673 #endif
674  return data;
675 }
676 
677 
686 int
688  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
689  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
690  struct GNUNET_CRYPTO_EcdsaSignature *sig)
691 {
692  gcry_sexp_t priv_sexp;
693  gcry_sexp_t sig_sexp;
694  gcry_sexp_t data;
695  int rc;
696  gcry_mpi_t rs[2];
697 
698  BENCHMARK_START (ecdsa_sign);
699 
700  priv_sexp = decode_private_ecdsa_key (priv);
701  data = data_to_ecdsa_value (purpose);
702  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
703  {
705  _ ("ECC signing failed at %s:%d: %s\n"),
706  __FILE__,
707  __LINE__,
708  gcry_strerror (rc));
709  gcry_sexp_release (data);
710  gcry_sexp_release (priv_sexp);
711  return GNUNET_SYSERR;
712  }
713  gcry_sexp_release (priv_sexp);
714  gcry_sexp_release (data);
715 
716  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
717  'signature' */
718  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
719  {
720  GNUNET_break (0);
721  gcry_sexp_release (sig_sexp);
722  return GNUNET_SYSERR;
723  }
724  gcry_sexp_release (sig_sexp);
725  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
726  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
727  gcry_mpi_release (rs[0]);
728  gcry_mpi_release (rs[1]);
729 
730  BENCHMARK_END (ecdsa_sign);
731 
732  return GNUNET_OK;
733 }
734 
735 
744 int
746  const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
747  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
748  struct GNUNET_CRYPTO_EddsaSignature *sig)
749 {
750 
751  size_t mlen = ntohl (purpose->size);
752  unsigned char sk[GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES];
753  int res;
754 
755  BENCHMARK_START (eddsa_sign);
757  res = GNUNET_TWEETNACL_sign_detached ((uint8_t *) sig,
758  (uint8_t *) purpose,
759  mlen,
760  sk);
761  BENCHMARK_END (eddsa_sign);
762  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
763 }
764 
765 
775 int
777  uint32_t purpose,
778  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
779  const struct GNUNET_CRYPTO_EcdsaSignature *sig,
780  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
781 {
782  gcry_sexp_t data;
783  gcry_sexp_t sig_sexpr;
784  gcry_sexp_t pub_sexpr;
785  int rc;
786 
787  BENCHMARK_START (ecdsa_verify);
788 
789  if (purpose != ntohl (validate->purpose))
790  return GNUNET_SYSERR; /* purpose mismatch */
791 
792  /* build s-expression for signature */
793  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
794  NULL,
795  "(sig-val(ecdsa(r %b)(s %b)))",
796  (int) sizeof(sig->r),
797  sig->r,
798  (int) sizeof(sig->s),
799  sig->s)))
800  {
801  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
802  return GNUNET_SYSERR;
803  }
804  data = data_to_ecdsa_value (validate);
805  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
806  NULL,
807  "(public-key(ecc(curve " CURVE ")(q %b)))",
808  (int) sizeof(pub->q_y),
809  pub->q_y)))
810  {
811  gcry_sexp_release (data);
812  gcry_sexp_release (sig_sexpr);
813  return GNUNET_SYSERR;
814  }
815  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
816  gcry_sexp_release (pub_sexpr);
817  gcry_sexp_release (data);
818  gcry_sexp_release (sig_sexpr);
819  if (0 != rc)
820  {
822  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
823  __FILE__,
824  __LINE__,
825  gcry_strerror (rc));
826  BENCHMARK_END (ecdsa_verify);
827  return GNUNET_SYSERR;
828  }
829  BENCHMARK_END (ecdsa_verify);
830  return GNUNET_OK;
831 }
832 
833 
843 int
845  uint32_t purpose,
846  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
847  const struct GNUNET_CRYPTO_EddsaSignature *sig,
848  const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
849 {
850  unsigned char *m = (void *) validate;
851  size_t mlen = ntohl (validate->size);
852  unsigned char *s = (void *) sig;
853 
854  int res;
855 
856  if (purpose != ntohl (validate->purpose))
857  return GNUNET_SYSERR; /* purpose mismatch */
858 
859  BENCHMARK_START (eddsa_verify);
860  res = GNUNET_TWEETNACL_sign_detached_verify (s, m, mlen, pub->q_y);
861  BENCHMARK_END (eddsa_verify);
862  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
863 }
864 
865 
874 int
876  const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
877  struct GNUNET_HashCode *key_material)
878 {
882  return GNUNET_OK;
883 }
884 
885 
896 static gcry_mpi_t
898  const char *label,
899  const char *context)
900 {
901  gcry_mpi_t h;
902  struct GNUNET_HashCode hc;
903  static const char *const salt = "key-derivation";
904 
905  GNUNET_CRYPTO_kdf (&hc,
906  sizeof(hc),
907  salt,
908  strlen (salt),
909  pub,
910  sizeof(*pub),
911  label,
912  strlen (label),
913  context,
914  strlen (context),
915  NULL,
916  0);
917  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
918  return h;
919 }
920 
921 
936  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
937  const char *label,
938  const char *context)
939 {
940  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
942  gcry_mpi_t h;
943  gcry_mpi_t x;
944  gcry_mpi_t d;
945  gcry_mpi_t n;
946  gcry_ctx_t ctx;
947 
948  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
949 
950  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
952 
953  h = derive_h (&pub, label, context);
954  GNUNET_CRYPTO_mpi_scan_unsigned (&x, priv->d, sizeof(priv->d));
955  d = gcry_mpi_new (256);
956  gcry_mpi_mulm (d, h, x, n);
957  gcry_mpi_release (h);
958  gcry_mpi_release (x);
959  gcry_mpi_release (n);
960  gcry_ctx_release (ctx);
962  GNUNET_CRYPTO_mpi_print_unsigned (ret->d, sizeof(ret->d), d);
963  gcry_mpi_release (d);
964  return ret;
965 }
966 
967 
978 void
980  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
981  const char *label,
982  const char *context,
984 {
985  gcry_ctx_t ctx;
986  gcry_mpi_t q_y;
987  gcry_mpi_t h;
988  gcry_mpi_t n;
989  gcry_mpi_t h_mod_n;
990  gcry_mpi_point_t q;
991  gcry_mpi_point_t v;
992 
993  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
994 
995  /* obtain point 'q' from original public key. The provided 'q' is
996  compressed thus we first store it in the context and then get it
997  back as a (decompresssed) point. */
998  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
999  GNUNET_assert (NULL != q_y);
1000  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
1001  gcry_mpi_release (q_y);
1002  q = gcry_mpi_ec_get_point ("q", ctx, 0);
1003  GNUNET_assert (q);
1004 
1005  /* calculate h_mod_n = h % n */
1006  h = derive_h (pub, label, context);
1007  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
1008  h_mod_n = gcry_mpi_new (256);
1009  gcry_mpi_mod (h_mod_n, h, n);
1010  /* calculate v = h_mod_n * q */
1011  v = gcry_mpi_point_new (0);
1012  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
1013  gcry_mpi_release (h_mod_n);
1014  gcry_mpi_release (h);
1015  gcry_mpi_release (n);
1016  gcry_mpi_point_release (q);
1017 
1018  /* convert point 'v' to public key that we return */
1019  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
1020  gcry_mpi_point_release (v);
1021  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
1022  GNUNET_assert (q_y);
1023  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
1024  gcry_mpi_release (q_y);
1025  gcry_ctx_release (ctx);
1026 }
1027 
1028 
1039 int
1041  const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1042  struct GNUNET_HashCode *key_material)
1043 {
1044  struct GNUNET_HashCode hc;
1047 
1048  GNUNET_CRYPTO_hash (priv,
1049  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
1050  &hc);
1051  memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1053  GNUNET_CRYPTO_hash (p,
1055  key_material);
1056  return GNUNET_OK;
1057 }
1058 
1059 
1070 int
1072  const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1073  struct GNUNET_HashCode *key_material)
1074 {
1076  uint8_t d_rev[GNUNET_TWEETNACL_SCALARMULT_BYTES];
1077 
1078  BENCHMARK_START (ecdsa_ecdh);
1079  for (size_t i = 0; i < 32; i++)
1080  d_rev[i] = priv->d[31 - i];
1082  GNUNET_CRYPTO_hash (p,
1084  key_material);
1085  BENCHMARK_END (ecdsa_ecdh);
1086  return GNUNET_OK;
1087 }
1088 
1089 
1100 int
1102  const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
1103  struct GNUNET_HashCode *key_material)
1104 {
1106  uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES];
1107 
1109  GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk);
1111  return GNUNET_OK;
1112 }
1113 
1114 
1125 int
1127  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
1128  struct GNUNET_HashCode *key_material)
1129 {
1131  uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES];
1132 
1134  GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk);
1136  return GNUNET_OK;
1137 }
1138 
1139 
1140 /* end of crypto_ecc.c */
int GNUNET_CRYPTO_ecdhe_key_create2(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:521
int GNUNET_CRYPTO_ecdsa_ecdh(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private ECDSA key.
Definition: crypto_ecc.c:1071
int GNUNET_CRYPTO_eddsa_private_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a string representing a private key to a private key.
Definition: crypto_ecc.c:423
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_get_anonymous()
Get the shared private key we use for anonymous users.
Definition: crypto_ecc.c:615
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_ecdsa_public_key_derive(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition: crypto_ecc.c:979
static struct GNUNET_CRYPTO_EddsaPrivateKey * pk
Private key of this peer.
static int end
Set if we are to shutdown all services (including ARM).
Definition: gnunet-arm.c:34
int GNUNET_CRYPTO_ecdh_ecdsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EcDSA public key and a private ECDH key.
Definition: crypto_ecc.c:1126
int GNUNET_CRYPTO_ecdsa_verify(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Verify signature.
Definition: crypto_ecc.c:776
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
char * GNUNET_CRYPTO_eddsa_public_key_to_string(const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a public key to a string.
Definition: crypto_ecc.c:256
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
void GNUNET_CRYPTO_ecdhe_key_clear(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:461
void GNUNET_CRYPTO_ecdsa_key_clear(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:474
#define GNUNET_TWEETNACL_SCALARMULT_BYTES
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
int GNUNET_TWEETNACL_sign_detached(u8 *sig, const u8 *m, u64 n, const u8 *sk)
int GNUNET_TWEETNACL_sign_detached_verify(const u8 *sig, const u8 *m, u64 n, const u8 *pk)
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_create()
Create a new private key.
Definition: crypto_ecc.c:538
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
int GNUNET_CRYPTO_eddsa_sign(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
Sign a given block.
Definition: crypto_ecc.c:745
unsigned char r[256/8]
R value.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
int GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECDHE key.
Definition: crypto_ecc.c:875
int GNUNET_TWEETNACL_scalarmult_curve25519_base(u8 *q, const u8 *n)
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
struct GNUNET_CRYPTO_EcdhePrivateKey * GNUNET_CRYPTO_ecdhe_key_create()
Create a new private key.
Definition: crypto_ecc.c:499
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static pa_context * context
Pulseaudio context.
#define _(String)
GNU gettext support macro.
Definition: platform.h:180
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
int GNUNET_CRYPTO_ecdsa_sign(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
Sign a given block.
Definition: crypto_ecc.c:687
cryptographic primitives for GNUnet
void GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa(u8 *pk, const u8 *s)
#define GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create()
Create a new private key.
Definition: crypto_ecc.c:594
void GNUNET_TWEETNACL_sign_pk_from_seed(u8 *pk, const u8 *seed)
int GNUNET_CRYPTO_eddsa_verify(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify signature.
Definition: crypto_ecc.c:844
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
int GNUNET_CRYPTO_eddsa_ecdh(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private EdDSA key.
Definition: crypto_ecc.c:1040
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
static int once
Global to mark if we&#39;ve run the initialization.
Definition: gnsrecord.c:68
Randomness for IVs etc.
an ECC signature using ECDSA
static int result
Global testing status.
#define LOG(kind,...)
Definition: crypto_ecc.c:45
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
A 512-bit hashcode.
int GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:1101
static int res
char * GNUNET_CRYPTO_eddsa_private_key_to_string(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a private key to a string.
Definition: crypto_ecc.c:289
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
char * GNUNET_CRYPTO_ecdsa_public_key_to_string(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a public key to a string.
Definition: crypto_ecc.c:223
Private ECC key encoded for transmission.
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:172
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:206
int GNUNET_TWEETNACL_scalarmult_curve25519(u8 *q, const u8 *n, const u8 *p)
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:58
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:642
an ECC signature using EdDSA.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:189
void GNUNET_TWEETNACL_sign_sk_from_seed(u8 *sk, const u8 *seed)
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_eddsa_key_clear(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:487
#define GNUNET_TWEETNACL_SIGN_PUBLICBYTES
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:39
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
static OpusEncoder * enc
OPUS encoder.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
char * GNUNET_CRYPTO_ecdsa_private_key_to_string(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert a private key to a string.
Definition: crypto_ecc.c:322
unsigned char s[256/8]
S value.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:897
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:80
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:138
int GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519(u8 *x25519_pk, const u8 *ed25519_pk)
benchmarking for various operations
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_private_key_derive(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
Derive a private key from a given private key and a label.
Definition: crypto_ecc.c:935
uint32_t data
The data value.
int GNUNET_CRYPTO_eddsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:390
int GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:89
static int list
Set if we should print a list of currently running services.
Definition: gnunet-arm.c:69
#define GNUNET_malloc(size)
Wrapper around malloc.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:952
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
Definition: strings.c:856
#define GNUNET_free(ptr)
Wrapper around free.
int GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:357
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...