GNUnet 0.22.2
crypto_ecc.c
Go to the documentation of this file.
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2012, 2013, 2015 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
27#include "platform.h"
28#include "gnunet_common.h"
29#include <gcrypt.h>
30#include <sodium.h>
31#include "gnunet_util_lib.h"
32#include "benchmark.h"
33#include "sodium/crypto_scalarmult.h"
34#include "sodium/crypto_scalarmult_curve25519.h"
35#include "sodium/utils.h"
36
37#define EXTRA_CHECKS 0
38
62#define CURVE "Ed25519"
63
64#define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)
65
66#define LOG_STRERROR(kind, syscall) \
67 GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)
68
69#define LOG_STRERROR_FILE(kind, syscall, filename) \
70 GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, \
71 filename)
72
78#define LOG_GCRY(level, cmd, rc) \
79 do \
80 { \
81 LOG (level, \
82 _ ("`%s' failed at %s:%d with error: %s\n"), \
83 cmd, \
84 __FILE__, \
85 __LINE__, \
86 gcry_strerror (rc)); \
87 } while (0)
88
89
99static int
100key_from_sexp (gcry_mpi_t *array,
101 gcry_sexp_t sexp,
102 const char *topname,
103 const char *elems)
104{
105 gcry_sexp_t list;
106 gcry_sexp_t l2;
107 unsigned int idx;
108
109 list = gcry_sexp_find_token (sexp, topname, 0);
110 if (! list)
111 return 1;
112 l2 = gcry_sexp_cadr (list);
113 gcry_sexp_release (list);
114 list = l2;
115 if (! list)
116 return 2;
117
118 idx = 0;
119 for (const char *s = elems; *s; s++, idx++)
120 {
121 l2 = gcry_sexp_find_token (list, s, 1);
122 if (! l2)
123 {
124 for (unsigned int i = 0; i < idx; i++)
125 {
126 gcry_free (array[i]);
127 array[i] = NULL;
128 }
129 gcry_sexp_release (list);
130 return 3; /* required parameter not found */
131 }
132 array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
133 gcry_sexp_release (l2);
134 if (! array[idx])
135 {
136 for (unsigned int i = 0; i < idx; i++)
137 {
138 gcry_free (array[i]);
139 array[i] = NULL;
140 }
141 gcry_sexp_release (list);
142 return 4; /* required parameter is invalid */
143 }
144 }
145 gcry_sexp_release (list);
146 return 0;
147}
148
149
157static gcry_sexp_t
159{
160 gcry_sexp_t result;
161 int rc;
162 uint8_t d[32];
163
164 for (size_t i = 0; i<32; i++)
165 d[i] = priv->d[31 - i];
166
167 rc = gcry_sexp_build (&result,
168 NULL,
169 "(private-key(ecc(curve \"" CURVE "\")"
170 "(d %b)))",
171 32,
172 d);
173 if (0 != rc)
174 {
175 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
176 GNUNET_assert (0);
177 }
178#if EXTRA_CHECKS
179 if (0 != (rc = gcry_pk_testkey (result)))
180 {
181 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
182 GNUNET_assert (0);
183 }
184#endif
185 return result;
186}
187
188
189void
191 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
193{
194 BENCHMARK_START (ecdsa_key_get_public);
195 crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
196 BENCHMARK_END (ecdsa_key_get_public);
197}
198
199
200void
202 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
204{
205 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
206 unsigned char sk[crypto_sign_SECRETKEYBYTES];
207
208 BENCHMARK_START (eddsa_key_get_public);
209 GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
210 GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
211 sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
212 BENCHMARK_END (eddsa_key_get_public);
213}
214
215
216void
218 const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
220{
221 BENCHMARK_START (ecdhe_key_get_public);
222 GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
223 BENCHMARK_END (ecdhe_key_get_public);
224}
225
226
227char *
229 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
230{
231 char *pubkeybuf;
232 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
233 char *end;
234
235 if (keylen % 5 > 0)
236 keylen += 5 - keylen % 5;
237 keylen /= 5;
238 pubkeybuf = GNUNET_malloc (keylen + 1);
239 end =
240 GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
241 sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
242 pubkeybuf,
243 keylen);
244 if (NULL == end)
245 {
246 GNUNET_free (pubkeybuf);
247 return NULL;
248 }
249 *end = '\0';
250 return pubkeybuf;
251}
252
253
254char *
256 const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
257{
258 char *pubkeybuf;
259 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
260 char *end;
261
262 if (keylen % 5 > 0)
263 keylen += 5 - keylen % 5;
264 keylen /= 5;
265 pubkeybuf = GNUNET_malloc (keylen + 1);
266 end =
267 GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
268 sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
269 pubkeybuf,
270 keylen);
271 if (NULL == end)
272 {
273 GNUNET_free (pubkeybuf);
274 return NULL;
275 }
276 *end = '\0';
277 return pubkeybuf;
278}
279
280
281char *
283 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
284{
285 char *privkeybuf;
286 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
287 char *end;
288
289 if (keylen % 5 > 0)
290 keylen += 5 - keylen % 5;
291 keylen /= 5;
292 privkeybuf = GNUNET_malloc (keylen + 1);
293 end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
294 sizeof(
296 privkeybuf,
297 keylen);
298 if (NULL == end)
299 {
300 GNUNET_free (privkeybuf);
301 return NULL;
302 }
303 *end = '\0';
304 return privkeybuf;
305}
306
307
308char *
310 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
311{
312 char *privkeybuf;
313 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)) * 8;
314 char *end;
315
316 if (keylen % 5 > 0)
317 keylen += 5 - keylen % 5;
318 keylen /= 5;
319 privkeybuf = GNUNET_malloc (keylen + 1);
320 end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
321 sizeof(
323 privkeybuf,
324 keylen);
325 if (NULL == end)
326 {
327 GNUNET_free (privkeybuf);
328 return NULL;
329 }
330 *end = '\0';
331 return privkeybuf;
332}
333
334
337 const char *enc,
338 size_t enclen,
340{
341 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
342
343 if (keylen % 5 > 0)
344 keylen += 5 - keylen % 5;
345 keylen /= 5;
346 if (enclen != keylen)
347 return GNUNET_SYSERR;
348
349 if (GNUNET_OK !=
351 enclen,
352 pub,
353 sizeof(
355 return GNUNET_SYSERR;
356 return GNUNET_OK;
357}
358
359
362 const char *enc,
363 size_t enclen,
365{
366 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
367
368 if (keylen % 5 > 0)
369 keylen += 5 - keylen % 5;
370 keylen /= 5;
371 if (enclen != keylen)
372 return GNUNET_SYSERR;
373
374 if (GNUNET_OK !=
376 enclen,
377 pub,
378 sizeof(
380 return GNUNET_SYSERR;
381 return GNUNET_OK;
382}
383
384
387 const char *enc,
388 size_t enclen,
390{
391 size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
392
393 if (keylen % 5 > 0)
394 keylen += 5 - keylen % 5;
395 keylen /= 5;
396 if (enclen != keylen)
397 return GNUNET_SYSERR;
398
399 if (GNUNET_OK !=
401 enclen,
402 priv,
403 sizeof(
405 return GNUNET_SYSERR;
406#if CRYPTO_BUG
407 if (GNUNET_OK != check_eddsa_key (priv))
408 {
409 GNUNET_break (0);
410 return GNUNET_OK;
411 }
412#endif
413 return GNUNET_OK;
414}
415
416
417static void
418buffer_clear (void *buf, size_t len)
419{
420#if HAVE_MEMSET_S
421 memset_s (buf, len, 0, len);
422#elif HAVE_EXPLICIT_BZERO
423 explicit_bzero (buf, len);
424#else
425 volatile unsigned char *p = buf;
426 while (len--)
427 *p++ = 0;
428#endif
429}
430
431
432void
434{
436}
437
438
439void
441{
443}
444
445
446void
448{
450}
451
452
453void
455{
456 BENCHMARK_START (ecdhe_key_create);
458 pk,
459 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
460 BENCHMARK_END (ecdhe_key_create);
461}
462
463
464void
466{
467 BENCHMARK_START (ecdsa_key_create);
469 pk,
470 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
471 pk->d[0] &= 248;
472 pk->d[31] &= 127;
473 pk->d[31] |= 64;
474
475 BENCHMARK_END (ecdsa_key_create);
476}
477
478
479void
481{
482 BENCHMARK_START (eddsa_key_create);
483 /*
484 * We do not clamp for EdDSA, since all functions that use the private key do
485 * their own clamping (just like in libsodium). What we call "private key"
486 * here, actually corresponds to the seed in libsodium.
487 *
488 * (Contrast this to ECDSA, where functions using the private key can't clamp
489 * due to properties needed for GNS. That is a worse/unsafer API, but
490 * required for the GNS constructions to work.)
491 */
493 pk,
494 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
495 BENCHMARK_END (eddsa_key_create);
496}
497
498
501{
506 static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
507 static int once;
508
509 if (once)
510 return &anonymous;
512 sizeof(anonymous.d),
513 GCRYMPI_CONST_ONE);
514 anonymous.d[0] &= 248;
515 anonymous.d[31] &= 127;
516 anonymous.d[31] |= 64;
517
518 once = 1;
519 return &anonymous;
520}
521
522
530static gcry_sexp_t
532{
533 gcry_sexp_t data;
534 int rc;
535 /* Unlike EdDSA, libgcrypt expects a hash for ECDSA. */
536 struct GNUNET_HashCode hc;
537
538 GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
539 if (0 != (rc = gcry_sexp_build (&data,
540 NULL,
541 "(data(flags rfc6979)(hash %s %b))",
542 "sha512",
543 (int) sizeof(hc),
544 &hc)))
545 {
546 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
547 return NULL;
548 }
549 return data;
550}
551
552
555 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
556 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
558{
559 gcry_sexp_t priv_sexp;
560 gcry_sexp_t sig_sexp;
561 gcry_sexp_t data;
562 int rc;
563 gcry_mpi_t rs[2];
564
565 BENCHMARK_START (ecdsa_sign);
566
567 priv_sexp = decode_private_ecdsa_key (priv);
568 data = data_to_ecdsa_value (purpose);
569 if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
570 {
572 _ ("ECC signing failed at %s:%d: %s\n"),
573 __FILE__,
574 __LINE__,
575 gcry_strerror (rc));
576 gcry_sexp_release (data);
577 gcry_sexp_release (priv_sexp);
578 return GNUNET_SYSERR;
579 }
580 gcry_sexp_release (priv_sexp);
581 gcry_sexp_release (data);
582
583 /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
584 'signature' */
585 if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
586 {
587 GNUNET_break (0);
588 gcry_sexp_release (sig_sexp);
589 return GNUNET_SYSERR;
590 }
591 gcry_sexp_release (sig_sexp);
592 GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
593 GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
594 gcry_mpi_release (rs[0]);
595 gcry_mpi_release (rs[1]);
596
597 BENCHMARK_END (ecdsa_sign);
598
599 return GNUNET_OK;
600}
601
602
605 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
606 void *data,
607 size_t size,
609{
610 unsigned char sk[crypto_sign_SECRETKEYBYTES];
611 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
612 int res;
613
614 GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
615 res = crypto_sign_detached ((uint8_t *) sig,
616 NULL,
617 (uint8_t *) data,
618 size,
619 sk);
620 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
621}
622
623
626 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
627 const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
629{
630
631 size_t mlen = ntohl (purpose->size);
632 unsigned char sk[crypto_sign_SECRETKEYBYTES];
633 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
634 int res;
635
636 BENCHMARK_START (eddsa_sign);
637 GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
638 res = crypto_sign_detached ((uint8_t *) sig,
639 NULL,
640 (uint8_t *) purpose,
641 mlen,
642 sk);
643 BENCHMARK_END (eddsa_sign);
644 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
645}
646
647
650 uint32_t purpose,
651 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
652 const struct GNUNET_CRYPTO_EcdsaSignature *sig,
653 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
654{
655 gcry_sexp_t data;
656 gcry_sexp_t sig_sexpr;
657 gcry_sexp_t pub_sexpr;
658 int rc;
659
660 BENCHMARK_START (ecdsa_verify);
661
662 if (purpose != ntohl (validate->purpose))
663 return GNUNET_SYSERR; /* purpose mismatch */
664
665 /* build s-expression for signature */
666 if (0 != (rc = gcry_sexp_build (&sig_sexpr,
667 NULL,
668 "(sig-val(ecdsa(r %b)(s %b)))",
669 (int) sizeof(sig->r),
670 sig->r,
671 (int) sizeof(sig->s),
672 sig->s)))
673 {
674 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
675 return GNUNET_SYSERR;
676 }
677 data = data_to_ecdsa_value (validate);
678 if (0 != (rc = gcry_sexp_build (&pub_sexpr,
679 NULL,
680 "(public-key(ecc(curve " CURVE ")(q %b)))",
681 (int) sizeof(pub->q_y),
682 pub->q_y)))
683 {
684 gcry_sexp_release (data);
685 gcry_sexp_release (sig_sexpr);
686 return GNUNET_SYSERR;
687 }
688 rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
689 gcry_sexp_release (pub_sexpr);
690 gcry_sexp_release (data);
691 gcry_sexp_release (sig_sexpr);
692 if (0 != rc)
693 {
695 _ ("ECDSA signature verification failed at %s:%d: %s\n"),
696 __FILE__,
697 __LINE__,
698 gcry_strerror (rc));
699 BENCHMARK_END (ecdsa_verify);
700 return GNUNET_SYSERR;
701 }
702 BENCHMARK_END (ecdsa_verify);
703 return GNUNET_OK;
704}
705
706
709 uint32_t purpose,
710 const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
711 const struct GNUNET_CRYPTO_EddsaSignature *sig,
712 const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
713{
714 const unsigned char *m = (const void *) validate;
715 size_t mlen = ntohl (validate->size);
716 const unsigned char *s = (const void *) sig;
717
718 int res;
719
720 if (purpose != ntohl (validate->purpose))
721 return GNUNET_SYSERR; /* purpose mismatch */
722
723 BENCHMARK_START (eddsa_verify);
724
725 res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
726 BENCHMARK_END (eddsa_verify);
727 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
728}
729
730
733 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
734 struct GNUNET_HashCode *key_material)
735{
736 uint8_t p[crypto_scalarmult_BYTES];
737 if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
738 return GNUNET_SYSERR;
739 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
740 return GNUNET_OK;
741}
742
743
746 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
747 struct GNUNET_HashCode *key_material)
748{
749 struct GNUNET_HashCode hc;
750 uint8_t a[crypto_scalarmult_SCALARBYTES];
751 uint8_t p[crypto_scalarmult_BYTES];
752
753 GNUNET_CRYPTO_hash (priv,
754 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
755 &hc);
756 memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
757 if (0 != crypto_scalarmult (p, a, pub->q_y))
758 return GNUNET_SYSERR;
760 crypto_scalarmult_BYTES,
761 key_material);
762 return GNUNET_OK;
763}
764
765
768 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
770{
771 uint64_t checkbyte = 0;
772 size_t num_words = sizeof *dh / sizeof (uint64_t);
773 if (0 != crypto_scalarmult_curve25519 (dh->q_y, sk->d, pub->q_y))
774 return GNUNET_SYSERR;
775 // We need to check if this is the all-zero value
776 for (int i = 0; i < num_words; i++)
777 checkbyte |= ((uint64_t*)dh)[i];
778 return (0 == checkbyte) ? GNUNET_SYSERR : GNUNET_OK;
779}
780
781
784 const struct GNUNET_CRYPTO_EcdhePublicKey *pk,
786{
787 uint64_t checkbyte = 0;
788 size_t num_words = sizeof *dh / sizeof (uint64_t);
789 if (0 != crypto_scalarmult_curve25519 (dh->q_y, sk->d, pk->q_y))
790 return GNUNET_SYSERR;
791 // We need to check if this is the all-zero value
792 for (int i = 0; i < num_words; i++)
793 checkbyte |= ((uint64_t*)dh)[i];
794 if (0 == checkbyte)
795 {
797 "HPKE ECDH: X25519 all zero value!\n");
798 return GNUNET_SYSERR;
799 }
800 return GNUNET_OK;
801}
802
803
806 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
807 struct GNUNET_HashCode *key_material)
808{
809 uint8_t p[crypto_scalarmult_BYTES];
810
811 BENCHMARK_START (ecdsa_ecdh);
812 if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
813 return GNUNET_SYSERR;
815 crypto_scalarmult_BYTES,
816 key_material);
817 BENCHMARK_END (ecdsa_ecdh);
818 return GNUNET_OK;
819}
820
821
824 const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
825 struct GNUNET_HashCode *key_material)
826{
827 uint8_t p[crypto_scalarmult_BYTES];
828 uint8_t curve25510_pk[crypto_scalarmult_BYTES];
829
830 if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
831 return GNUNET_SYSERR;
832 if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
833 return GNUNET_SYSERR;
834 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
835 return GNUNET_OK;
836}
837
838
839
842 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
843 struct GNUNET_HashCode *key_material)
844{
845 uint8_t p[crypto_scalarmult_BYTES];
846 uint8_t curve25510_pk[crypto_scalarmult_BYTES];
847
848 if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
849 return GNUNET_SYSERR;
850 if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
851 return GNUNET_SYSERR;
852 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
853 return GNUNET_OK;
854}
855
856
857/* end of crypto_ecc.c */
benchmarking for various operations
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:100
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:531
#define CURVE
IMPLEMENTATION NOTICE:
Definition: crypto_ecc.c:62
static void buffer_clear(void *buf, size_t len)
Definition: crypto_ecc.c:418
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the mess...
Definition: crypto_ecc.c:78
#define LOG(kind,...)
Definition: crypto_ecc.c:64
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:158
static mp_limb_t d[(((256)+GMP_NUMB_BITS - 1)/GMP_NUMB_BITS)]
static int once
Global to mark if we've run the initialization.
Definition: gnsrecord.c:65
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:103
static int list
Set if we should print a list of currently running services.
Definition: gnunet-arm.c:68
static int end
Set if we are to shutdown all services (including ARM).
Definition: gnunet-arm.c:33
static char * data
The data to insert into the dht.
static OpusEncoder * enc
OPUS encoder.
struct GNUNET_CRYPTO_PrivateKey pk
Private key from command line option, or NULL.
static char * res
Currently read line or NULL on EOF.
static int result
Global testing status.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:47
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-uri.c:38
commonly used definitions; globals in this file are exempt from the rule that the module name ("commo...
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:732
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:454
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_x25519_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *sk, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_CRYPTO_EcdhePublicKey *dh)
Derive key material from a ECDH public key and a private X25519 key.
Definition: crypto_ecc.c:767
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:201
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
HPKE END.
Definition: crypto_ecc.c:805
void GNUNET_CRYPTO_eddsa_key_clear(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:447
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition: crypto_ecc.c:554
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private EdDSA key.
Definition: crypto_ecc.c:745
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EcDSA public key and a private ECDH key.
Definition: crypto_ecc.c:841
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:480
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:823
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:465
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:625
void GNUNET_CRYPTO_ecdsa_key_clear(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:440
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Verify ECDSA signature.
Definition: crypto_ecc.c:649
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_get_anonymous()
Get the shared private key we use for anonymous users.
Definition: crypto_ecc.c:500
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:190
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:708
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_x25519(const struct GNUNET_CRYPTO_EcdhePrivateKey *sk, const struct GNUNET_CRYPTO_EcdhePublicKey *pk, struct GNUNET_CRYPTO_EcdhePublicKey *dh)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:783
void GNUNET_CRYPTO_ecdhe_key_clear(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:433
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:217
@ GNUNET_CRYPTO_QUALITY_NONCE
Randomness for IVs etc.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
char * GNUNET_CRYPTO_eddsa_private_key_to_string(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a private key to a string.
Definition: crypto_ecc.c:282
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_raw(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, void *data, size_t size, struct GNUNET_CRYPTO_EddsaSignature *sig)
Definition: crypto_ecc.c:604
#define GNUNET_log(kind,...)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:336
char * GNUNET_CRYPTO_eddsa_public_key_to_string(const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a public key to a string.
Definition: crypto_ecc.c:255
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:361
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:79
char * GNUNET_CRYPTO_ecdsa_public_key_to_string(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a public key to a string.
Definition: crypto_ecc.c:228
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_private_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a string representing a private key to a private key.
Definition: crypto_ecc.c:386
char * GNUNET_CRYPTO_ecdsa_private_key_to_string(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert a private key to a string.
Definition: crypto_ecc.c:309
GNUNET_GenericReturnValue
Named constants for return values.
@ GNUNET_OK
@ GNUNET_SYSERR
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_INFO
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
Definition: strings.c:732
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:812
static unsigned int size
Size of the "table".
Definition: peer.c:68
#define _(String)
GNU gettext support macro.
Definition: platform.h:179
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Private ECC key encoded for transmission.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
Private ECC key encoded for transmission.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
an ECC signature using ECDSA
unsigned char s[256/8]
S value.
unsigned char r[256/8]
R value.
Private ECC key encoded for transmission.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
an ECC signature using EdDSA.
A 512-bit hashcode.