GNUnet  0.11.x
crypto_ecc.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2012, 2013, 2015 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
27 #include "platform.h"
28 #include <gcrypt.h>
29 #include <sodium.h>
30 #include "gnunet_crypto_lib.h"
31 #include "gnunet_strings_lib.h"
32 #include "benchmark.h"
33 
34 #define EXTRA_CHECKS 0
35 
36 
43 #define CURVE "Ed25519"
44 
45 #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)
46 
47 #define LOG_STRERROR(kind, syscall) \
48  GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)
49 
50 #define LOG_STRERROR_FILE(kind, syscall, filename) \
51  GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, filename)
52 
58 #define LOG_GCRY(level, cmd, rc) \
59  do \
60  { \
61  LOG (level, \
62  _ ("`%s' failed at %s:%d with error: %s\n"), \
63  cmd, \
64  __FILE__, \
65  __LINE__, \
66  gcry_strerror (rc)); \
67  } while (0)
68 
69 
79 static int
80 key_from_sexp (gcry_mpi_t *array,
81  gcry_sexp_t sexp,
82  const char *topname,
83  const char *elems)
84 {
85  gcry_sexp_t list;
86  gcry_sexp_t l2;
87  unsigned int idx;
88 
89  list = gcry_sexp_find_token (sexp, topname, 0);
90  if (! list)
91  return 1;
92  l2 = gcry_sexp_cadr (list);
93  gcry_sexp_release (list);
94  list = l2;
95  if (! list)
96  return 2;
97 
98  idx = 0;
99  for (const char *s = elems; *s; s++, idx++)
100  {
101  l2 = gcry_sexp_find_token (list, s, 1);
102  if (! l2)
103  {
104  for (unsigned int i = 0; i < idx; i++)
105  {
106  gcry_free (array[i]);
107  array[i] = NULL;
108  }
109  gcry_sexp_release (list);
110  return 3; /* required parameter not found */
111  }
112  array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
113  gcry_sexp_release (l2);
114  if (! array[idx])
115  {
116  for (unsigned int i = 0; i < idx; i++)
117  {
118  gcry_free (array[i]);
119  array[i] = NULL;
120  }
121  gcry_sexp_release (list);
122  return 4; /* required parameter is invalid */
123  }
124  }
125  gcry_sexp_release (list);
126  return 0;
127 }
128 
129 
137 static gcry_sexp_t
139 {
140  gcry_sexp_t result;
141  int rc;
142  uint8_t d[32];
143 
144  for (size_t i = 0; i<32; i++)
145  d[i] = priv->d[31 - i];
146 
147  rc = gcry_sexp_build (&result,
148  NULL,
149  "(private-key(ecc(curve \"" CURVE "\")"
150  "(d %b)))",
151  32,
152  d);
153  if (0 != rc)
154  {
155  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
156  GNUNET_assert (0);
157  }
158 #if EXTRA_CHECKS
159  if (0 != (rc = gcry_pk_testkey (result)))
160  {
161  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
162  GNUNET_assert (0);
163  }
164 #endif
165  return result;
166 }
167 
168 
169 void
171  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
173 {
174  BENCHMARK_START (ecdsa_key_get_public);
175  crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
176  BENCHMARK_END (ecdsa_key_get_public);
177 }
178 
179 
180 void
182  const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
184 {
185  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
186  unsigned char sk[crypto_sign_SECRETKEYBYTES];
187 
188  BENCHMARK_START (eddsa_key_get_public);
189  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
190  GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
191  sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
192  BENCHMARK_END (eddsa_key_get_public);
193 }
194 
195 
196 void
198  const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
200 {
201  BENCHMARK_START (ecdhe_key_get_public);
202  GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
203  BENCHMARK_END (ecdhe_key_get_public);
204 }
205 
206 
207 char *
209  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
210 {
211  char *pubkeybuf;
212  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
213  char *end;
214 
215  if (keylen % 5 > 0)
216  keylen += 5 - keylen % 5;
217  keylen /= 5;
218  pubkeybuf = GNUNET_malloc (keylen + 1);
219  end =
220  GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
221  sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
222  pubkeybuf,
223  keylen);
224  if (NULL == end)
225  {
226  GNUNET_free (pubkeybuf);
227  return NULL;
228  }
229  *end = '\0';
230  return pubkeybuf;
231 }
232 
233 
234 char *
236  const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
237 {
238  char *pubkeybuf;
239  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
240  char *end;
241 
242  if (keylen % 5 > 0)
243  keylen += 5 - keylen % 5;
244  keylen /= 5;
245  pubkeybuf = GNUNET_malloc (keylen + 1);
246  end =
247  GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
248  sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
249  pubkeybuf,
250  keylen);
251  if (NULL == end)
252  {
253  GNUNET_free (pubkeybuf);
254  return NULL;
255  }
256  *end = '\0';
257  return pubkeybuf;
258 }
259 
260 
261 char *
263  const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
264 {
265  char *privkeybuf;
266  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
267  char *end;
268 
269  if (keylen % 5 > 0)
270  keylen += 5 - keylen % 5;
271  keylen /= 5;
272  privkeybuf = GNUNET_malloc (keylen + 1);
273  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
274  sizeof(
276  privkeybuf,
277  keylen);
278  if (NULL == end)
279  {
280  GNUNET_free (privkeybuf);
281  return NULL;
282  }
283  *end = '\0';
284  return privkeybuf;
285 }
286 
287 
288 char *
290  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
291 {
292  char *privkeybuf;
293  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)) * 8;
294  char *end;
295 
296  if (keylen % 5 > 0)
297  keylen += 5 - keylen % 5;
298  keylen /= 5;
299  privkeybuf = GNUNET_malloc (keylen + 1);
300  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
301  sizeof(
303  privkeybuf,
304  keylen);
305  if (NULL == end)
306  {
307  GNUNET_free (privkeybuf);
308  return NULL;
309  }
310  *end = '\0';
311  return privkeybuf;
312 }
313 
314 
317  const char *enc,
318  size_t enclen,
320 {
321  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
322 
323  if (keylen % 5 > 0)
324  keylen += 5 - keylen % 5;
325  keylen /= 5;
326  if (enclen != keylen)
327  return GNUNET_SYSERR;
328 
329  if (GNUNET_OK !=
331  enclen,
332  pub,
333  sizeof(
335  return GNUNET_SYSERR;
336  return GNUNET_OK;
337 }
338 
339 
342  const char *enc,
343  size_t enclen,
345 {
346  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
347 
348  if (keylen % 5 > 0)
349  keylen += 5 - keylen % 5;
350  keylen /= 5;
351  if (enclen != keylen)
352  return GNUNET_SYSERR;
353 
354  if (GNUNET_OK !=
356  enclen,
357  pub,
358  sizeof(
360  return GNUNET_SYSERR;
361  return GNUNET_OK;
362 }
363 
364 
367  const char *enc,
368  size_t enclen,
369  struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
370 {
371  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
372 
373  if (keylen % 5 > 0)
374  keylen += 5 - keylen % 5;
375  keylen /= 5;
376  if (enclen != keylen)
377  return GNUNET_SYSERR;
378 
379  if (GNUNET_OK !=
381  enclen,
382  priv,
383  sizeof(
385  return GNUNET_SYSERR;
386 #if CRYPTO_BUG
387  if (GNUNET_OK != check_eddsa_key (priv))
388  {
389  GNUNET_break (0);
390  return GNUNET_OK;
391  }
392 #endif
393  return GNUNET_OK;
394 }
395 
396 
397 void
399 {
400  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
401 }
402 
403 
404 void
406 {
407  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
408 }
409 
410 
411 void
413 {
414  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
415 }
416 
417 
418 void
420 {
421  BENCHMARK_START (ecdhe_key_create);
423  pk,
424  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
425  BENCHMARK_END (ecdhe_key_create);
426 }
427 
428 
429 void
431 {
432  BENCHMARK_START (ecdsa_key_create);
434  pk,
435  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
436  pk->d[0] &= 248;
437  pk->d[31] &= 127;
438  pk->d[31] |= 64;
439 
440  BENCHMARK_END (ecdsa_key_create);
441 }
442 
443 
444 void
446 {
447  BENCHMARK_START (eddsa_key_create);
448  /*
449  * We do not clamp for EdDSA, since all functions that use the private key do
450  * their own clamping (just like in libsodium). What we call "private key"
451  * here, actually corresponds to the seed in libsodium.
452  *
453  * (Contrast this to ECDSA, where functions using the private key can't clamp
454  * due to properties needed for GNS. That is a worse/unsafer API, but
455  * required for the GNS constructions to work.)
456  */
458  pk,
459  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
460  BENCHMARK_END (eddsa_key_create);
461 }
462 
463 
464 const struct GNUNET_CRYPTO_EcdsaPrivateKey *
466 {
471  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
472  static int once;
473 
474  if (once)
475  return &anonymous;
477  sizeof(anonymous.d),
478  GCRYMPI_CONST_ONE);
479  once = 1;
480  return &anonymous;
481 }
482 
483 
491 static gcry_sexp_t
493 {
494  gcry_sexp_t data;
495  int rc;
496 
497 /* See #5398 */
498 #if 1
499  struct GNUNET_HashCode hc;
500 
501  GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
502  if (0 != (rc = gcry_sexp_build (&data,
503  NULL,
504  "(data(flags rfc6979)(hash %s %b))",
505  "sha512",
506  (int) sizeof(hc),
507  &hc)))
508  {
509  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
510  return NULL;
511  }
512 #else
513  if (0 != (rc = gcry_sexp_build (&data,
514  NULL,
515  "(data(flags rfc6979)(hash %s %b))",
516  "sha512",
517  ntohl (purpose->size),
518  purpose)))
519  {
520  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
521  return NULL;
522  }
523 #endif
524  return data;
525 }
526 
527 
530  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
531  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
532  struct GNUNET_CRYPTO_EcdsaSignature *sig)
533 {
534  gcry_sexp_t priv_sexp;
535  gcry_sexp_t sig_sexp;
536  gcry_sexp_t data;
537  int rc;
538  gcry_mpi_t rs[2];
539 
540  BENCHMARK_START (ecdsa_sign);
541 
542  priv_sexp = decode_private_ecdsa_key (priv);
543  data = data_to_ecdsa_value (purpose);
544  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
545  {
547  _ ("ECC signing failed at %s:%d: %s\n"),
548  __FILE__,
549  __LINE__,
550  gcry_strerror (rc));
551  gcry_sexp_release (data);
552  gcry_sexp_release (priv_sexp);
553  return GNUNET_SYSERR;
554  }
555  gcry_sexp_release (priv_sexp);
556  gcry_sexp_release (data);
557 
558  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
559  'signature' */
560  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
561  {
562  GNUNET_break (0);
563  gcry_sexp_release (sig_sexp);
564  return GNUNET_SYSERR;
565  }
566  gcry_sexp_release (sig_sexp);
567  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
568  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
569  gcry_mpi_release (rs[0]);
570  gcry_mpi_release (rs[1]);
571 
572  BENCHMARK_END (ecdsa_sign);
573 
574  return GNUNET_OK;
575 }
576 
577 
580  const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
581  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
582  struct GNUNET_CRYPTO_EddsaSignature *sig)
583 {
584 
585  size_t mlen = ntohl (purpose->size);
586  unsigned char sk[crypto_sign_SECRETKEYBYTES];
587  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
588  int res;
589 
590  BENCHMARK_START (eddsa_sign);
591  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
592  res = crypto_sign_detached ((uint8_t *) sig,
593  NULL,
594  (uint8_t *) purpose,
595  mlen,
596  sk);
597  BENCHMARK_END (eddsa_sign);
598  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
599 }
600 
601 
604  uint32_t purpose,
605  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
606  const struct GNUNET_CRYPTO_EcdsaSignature *sig,
607  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
608 {
609  gcry_sexp_t data;
610  gcry_sexp_t sig_sexpr;
611  gcry_sexp_t pub_sexpr;
612  int rc;
613 
614  BENCHMARK_START (ecdsa_verify);
615 
616  if (purpose != ntohl (validate->purpose))
617  return GNUNET_SYSERR; /* purpose mismatch */
618 
619  /* build s-expression for signature */
620  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
621  NULL,
622  "(sig-val(ecdsa(r %b)(s %b)))",
623  (int) sizeof(sig->r),
624  sig->r,
625  (int) sizeof(sig->s),
626  sig->s)))
627  {
628  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
629  return GNUNET_SYSERR;
630  }
631  data = data_to_ecdsa_value (validate);
632  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
633  NULL,
634  "(public-key(ecc(curve " CURVE ")(q %b)))",
635  (int) sizeof(pub->q_y),
636  pub->q_y)))
637  {
638  gcry_sexp_release (data);
639  gcry_sexp_release (sig_sexpr);
640  return GNUNET_SYSERR;
641  }
642  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
643  gcry_sexp_release (pub_sexpr);
644  gcry_sexp_release (data);
645  gcry_sexp_release (sig_sexpr);
646  if (0 != rc)
647  {
649  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
650  __FILE__,
651  __LINE__,
652  gcry_strerror (rc));
653  BENCHMARK_END (ecdsa_verify);
654  return GNUNET_SYSERR;
655  }
656  BENCHMARK_END (ecdsa_verify);
657  return GNUNET_OK;
658 }
659 
660 
663  uint32_t purpose,
664  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
665  const struct GNUNET_CRYPTO_EddsaSignature *sig,
666  const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
667 {
668  const unsigned char *m = (const void *) validate;
669  size_t mlen = ntohl (validate->size);
670  const unsigned char *s = (const void *) sig;
671 
672  int res;
673 
674  if (purpose != ntohl (validate->purpose))
675  return GNUNET_SYSERR; /* purpose mismatch */
676 
677  BENCHMARK_START (eddsa_verify);
678  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
679  BENCHMARK_END (eddsa_verify);
680  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
681 }
682 
683 
686  const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
687  struct GNUNET_HashCode *key_material)
688 {
689  uint8_t p[crypto_scalarmult_BYTES];
690  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
691  return GNUNET_SYSERR;
692  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
693  return GNUNET_OK;
694 }
695 
696 
707 static gcry_mpi_t
709  const char *label,
710  const char *context)
711 {
712  gcry_mpi_t h;
713  struct GNUNET_HashCode hc;
714  static const char *const salt = "key-derivation";
715 
716  GNUNET_CRYPTO_kdf (&hc,
717  sizeof(hc),
718  salt,
719  strlen (salt),
720  pub,
721  sizeof(*pub),
722  label,
723  strlen (label),
724  context,
725  strlen (context),
726  NULL,
727  0);
728  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
729  return h;
730 }
731 
732 
735  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
736  const char *label,
737  const char *context)
738 {
739  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
741  uint8_t dc[32];
742  gcry_mpi_t h;
743  gcry_mpi_t x;
744  gcry_mpi_t d;
745  gcry_mpi_t n;
746  gcry_ctx_t ctx;
747 
748  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
749 
750  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
752 
753  h = derive_h (&pub, label, context);
754  /* Convert to big endian for libgcrypt */
755  for (size_t i = 0; i < 32; i++)
756  dc[i] = priv->d[31 - i];
757  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc));
758  d = gcry_mpi_new (256);
759  gcry_mpi_mulm (d, h, x, n);
760  gcry_mpi_release (h);
761  gcry_mpi_release (x);
762  gcry_mpi_release (n);
763  gcry_ctx_release (ctx);
765  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
766  /* Convert to big endian for libgcrypt */
767  for (size_t i = 0; i < 32; i++)
768  ret->d[i] = dc[31 - i];
769  sodium_memzero (dc, sizeof(dc));
770  gcry_mpi_release (d);
771  return ret;
772 }
773 
774 
775 void
777  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
778  const char *label,
779  const char *context,
781 {
782  gcry_ctx_t ctx;
783  gcry_mpi_t q_y;
784  gcry_mpi_t h;
785  gcry_mpi_t n;
786  gcry_mpi_t h_mod_n;
787  gcry_mpi_point_t q;
788  gcry_mpi_point_t v;
789 
790  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
791 
792  /* obtain point 'q' from original public key. The provided 'q' is
793  compressed thus we first store it in the context and then get it
794  back as a (decompresssed) point. */
795  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
796  GNUNET_assert (NULL != q_y);
797  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
798  gcry_mpi_release (q_y);
799  q = gcry_mpi_ec_get_point ("q", ctx, 0);
800  GNUNET_assert (q);
801 
802  /* calculate h_mod_n = h % n */
803  h = derive_h (pub, label, context);
804  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
805  h_mod_n = gcry_mpi_new (256);
806  gcry_mpi_mod (h_mod_n, h, n);
807  /* calculate v = h_mod_n * q */
808  v = gcry_mpi_point_new (0);
809  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
810  gcry_mpi_release (h_mod_n);
811  gcry_mpi_release (h);
812  gcry_mpi_release (n);
813  gcry_mpi_point_release (q);
814 
815  /* convert point 'v' to public key that we return */
816  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
817  gcry_mpi_point_release (v);
818  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
819  GNUNET_assert (q_y);
820  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
821  gcry_mpi_release (q_y);
822  gcry_ctx_release (ctx);
823 }
824 
825 
828  const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
829  struct GNUNET_HashCode *key_material)
830 {
831  struct GNUNET_HashCode hc;
832  uint8_t a[crypto_scalarmult_SCALARBYTES];
833  uint8_t p[crypto_scalarmult_BYTES];
834 
835  GNUNET_CRYPTO_hash (priv,
836  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
837  &hc);
838  memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
839  if (0 != crypto_scalarmult (p, a, pub->q_y))
840  return GNUNET_SYSERR;
842  crypto_scalarmult_BYTES,
843  key_material);
844  return GNUNET_OK;
845 }
846 
847 
850  const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
851  struct GNUNET_HashCode *key_material)
852 {
853  uint8_t p[crypto_scalarmult_BYTES];
854 
855  BENCHMARK_START (ecdsa_ecdh);
856  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
857  return GNUNET_SYSERR;
859  crypto_scalarmult_BYTES,
860  key_material);
861  BENCHMARK_END (ecdsa_ecdh);
862  return GNUNET_OK;
863 }
864 
865 
868  const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
869  struct GNUNET_HashCode *key_material)
870 {
871  uint8_t p[crypto_scalarmult_BYTES];
872  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
873 
874  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
875  return GNUNET_SYSERR;
876  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
877  return GNUNET_SYSERR;
878  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
879  return GNUNET_OK;
880 }
881 
882 
885  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
886  struct GNUNET_HashCode *key_material)
887 {
888  uint8_t p[crypto_scalarmult_BYTES];
889  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
890 
891  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
892  return GNUNET_SYSERR;
893  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
894  return GNUNET_SYSERR;
895  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
896  return GNUNET_OK;
897 }
898 
899 
900 /* end of crypto_ecc.c */
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_get_anonymous()
Get the shared private key we use for anonymous users.
Definition: crypto_ecc.c:465
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_ecdsa_public_key_derive(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition: crypto_ecc.c:776
static int end
Set if we are to shutdown all services (including ARM).
Definition: gnunet-arm.c:34
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
char * GNUNET_CRYPTO_eddsa_public_key_to_string(const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a public key to a string.
Definition: crypto_ecc.c:235
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
void GNUNET_CRYPTO_ecdhe_key_clear(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:398
void GNUNET_CRYPTO_ecdsa_key_clear(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:405
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:662
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:83
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EcDSA public key and a private ECDH key.
Definition: crypto_ecc.c:884
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static pa_context * context
Pulseaudio context.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:579
#define _(String)
GNU gettext support macro.
Definition: platform.h:184
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:341
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
cryptographic primitives for GNUnet
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:419
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:867
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_private_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a string representing a private key to a private key.
Definition: crypto_ecc.c:366
static int once
Global to mark if we&#39;ve run the initialization.
Definition: gnsrecord.c:68
Randomness for IVs etc.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:90
an ECC signature using ECDSA
static int result
Global testing status.
#define LOG(kind,...)
Definition: crypto_ecc.c:45
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private ECDSA key.
Definition: crypto_ecc.c:849
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition: crypto_ecc.c:529
A 512-bit hashcode.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:685
static int res
char * GNUNET_CRYPTO_eddsa_private_key_to_string(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a private key to a string.
Definition: crypto_ecc.c:262
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
char * GNUNET_CRYPTO_ecdsa_public_key_to_string(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a public key to a string.
Definition: crypto_ecc.c:208
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:170
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:445
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:58
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:492
an ECC signature using EdDSA.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:181
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Verify ECDSA signature.
Definition: crypto_ecc.c:603
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
Private ECC key encoded for transmission.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:316
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private EdDSA key.
Definition: crypto_ecc.c:827
void GNUNET_CRYPTO_eddsa_key_clear(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:412
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:430
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
static OpusEncoder * enc
OPUS encoder.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
char * GNUNET_CRYPTO_ecdsa_private_key_to_string(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert a private key to a string.
Definition: crypto_ecc.c:289
unsigned char s[256/8]
S value.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:708
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:80
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:138
benchmarking for various operations
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_private_key_derive(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
Derive a private key from a given private key and a label.
Definition: crypto_ecc.c:734
uint32_t data
The data value.
static int list
Set if we should print a list of currently running services.
Definition: gnunet-arm.c:69
#define GNUNET_malloc(size)
Wrapper around malloc.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:972
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
Definition: strings.c:872
static struct GNUNET_FS_DownloadContext * dc
#define GNUNET_free(ptr)
Wrapper around free.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...