GNUnet  0.11.x
crypto_ecc.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2012, 2013, 2015 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
27 #include "platform.h"
28 #include <gcrypt.h>
29 #include <sodium.h>
30 #include "gnunet_crypto_lib.h"
31 #include "gnunet_strings_lib.h"
32 #include "benchmark.h"
33 
34 #define EXTRA_CHECKS 0
35 
36 
43 #define CURVE "Ed25519"
44 
45 #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)
46 
47 #define LOG_STRERROR(kind, syscall) \
48  GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)
49 
50 #define LOG_STRERROR_FILE(kind, syscall, filename) \
51  GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, filename)
52 
58 #define LOG_GCRY(level, cmd, rc) \
59  do \
60  { \
61  LOG (level, \
62  _ ("`%s' failed at %s:%d with error: %s\n"), \
63  cmd, \
64  __FILE__, \
65  __LINE__, \
66  gcry_strerror (rc)); \
67  } while (0)
68 
69 
79 static int
80 key_from_sexp (gcry_mpi_t *array,
81  gcry_sexp_t sexp,
82  const char *topname,
83  const char *elems)
84 {
85  gcry_sexp_t list;
86  gcry_sexp_t l2;
87  unsigned int idx;
88 
89  list = gcry_sexp_find_token (sexp, topname, 0);
90  if (! list)
91  return 1;
92  l2 = gcry_sexp_cadr (list);
93  gcry_sexp_release (list);
94  list = l2;
95  if (! list)
96  return 2;
97 
98  idx = 0;
99  for (const char *s = elems; *s; s++, idx++)
100  {
101  l2 = gcry_sexp_find_token (list, s, 1);
102  if (! l2)
103  {
104  for (unsigned int i = 0; i < idx; i++)
105  {
106  gcry_free (array[i]);
107  array[i] = NULL;
108  }
109  gcry_sexp_release (list);
110  return 3; /* required parameter not found */
111  }
112  array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
113  gcry_sexp_release (l2);
114  if (! array[idx])
115  {
116  for (unsigned int i = 0; i < idx; i++)
117  {
118  gcry_free (array[i]);
119  array[i] = NULL;
120  }
121  gcry_sexp_release (list);
122  return 4; /* required parameter is invalid */
123  }
124  }
125  gcry_sexp_release (list);
126  return 0;
127 }
128 
129 
137 static gcry_sexp_t
139 {
140  gcry_sexp_t result;
141  int rc;
142  uint8_t d[32];
143 
144  for (size_t i = 0; i<32; i++)
145  d[i] = priv->d[31 - i];
146 
147  rc = gcry_sexp_build (&result,
148  NULL,
149  "(private-key(ecc(curve \"" CURVE "\")"
150  "(d %b)))",
151  32,
152  d);
153  if (0 != rc)
154  {
155  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
156  GNUNET_assert (0);
157  }
158 #if EXTRA_CHECKS
159  if (0 != (rc = gcry_pk_testkey (result)))
160  {
161  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
162  GNUNET_assert (0);
163  }
164 #endif
165  return result;
166 }
167 
168 
175 void
177  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
179 {
180  BENCHMARK_START (ecdsa_key_get_public);
181  crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
182  BENCHMARK_END (ecdsa_key_get_public);
183 }
184 
185 
192 void
194  const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
196 {
197  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
198  unsigned char sk[crypto_sign_SECRETKEYBYTES];
199 
200  BENCHMARK_START (eddsa_key_get_public);
201  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
202  GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
203  sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
204  BENCHMARK_END (eddsa_key_get_public);
205 }
206 
207 
214 void
216  const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
218 {
219  BENCHMARK_START (ecdhe_key_get_public);
220  GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
221  BENCHMARK_END (ecdhe_key_get_public);
222 }
223 
224 
231 char *
233  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
234 {
235  char *pubkeybuf;
236  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
237  char *end;
238 
239  if (keylen % 5 > 0)
240  keylen += 5 - keylen % 5;
241  keylen /= 5;
242  pubkeybuf = GNUNET_malloc (keylen + 1);
243  end =
244  GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
245  sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
246  pubkeybuf,
247  keylen);
248  if (NULL == end)
249  {
250  GNUNET_free (pubkeybuf);
251  return NULL;
252  }
253  *end = '\0';
254  return pubkeybuf;
255 }
256 
257 
264 char *
266  const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
267 {
268  char *pubkeybuf;
269  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
270  char *end;
271 
272  if (keylen % 5 > 0)
273  keylen += 5 - keylen % 5;
274  keylen /= 5;
275  pubkeybuf = GNUNET_malloc (keylen + 1);
276  end =
277  GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
278  sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
279  pubkeybuf,
280  keylen);
281  if (NULL == end)
282  {
283  GNUNET_free (pubkeybuf);
284  return NULL;
285  }
286  *end = '\0';
287  return pubkeybuf;
288 }
289 
290 
297 char *
299  const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
300 {
301  char *privkeybuf;
302  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
303  char *end;
304 
305  if (keylen % 5 > 0)
306  keylen += 5 - keylen % 5;
307  keylen /= 5;
308  privkeybuf = GNUNET_malloc (keylen + 1);
309  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
310  sizeof(
312  privkeybuf,
313  keylen);
314  if (NULL == end)
315  {
316  GNUNET_free (privkeybuf);
317  return NULL;
318  }
319  *end = '\0';
320  return privkeybuf;
321 }
322 
323 
330 char *
332  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
333 {
334  char *privkeybuf;
335  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)) * 8;
336  char *end;
337 
338  if (keylen % 5 > 0)
339  keylen += 5 - keylen % 5;
340  keylen /= 5;
341  privkeybuf = GNUNET_malloc (keylen + 1);
342  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
343  sizeof(
345  privkeybuf,
346  keylen);
347  if (NULL == end)
348  {
349  GNUNET_free (privkeybuf);
350  return NULL;
351  }
352  *end = '\0';
353  return privkeybuf;
354 }
355 
356 
365 int
367  const char *enc,
368  size_t enclen,
370 {
371  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
372 
373  if (keylen % 5 > 0)
374  keylen += 5 - keylen % 5;
375  keylen /= 5;
376  if (enclen != keylen)
377  return GNUNET_SYSERR;
378 
379  if (GNUNET_OK !=
381  enclen,
382  pub,
383  sizeof(
385  return GNUNET_SYSERR;
386  return GNUNET_OK;
387 }
388 
389 
398 int
400  const char *enc,
401  size_t enclen,
403 {
404  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
405 
406  if (keylen % 5 > 0)
407  keylen += 5 - keylen % 5;
408  keylen /= 5;
409  if (enclen != keylen)
410  return GNUNET_SYSERR;
411 
412  if (GNUNET_OK !=
414  enclen,
415  pub,
416  sizeof(
418  return GNUNET_SYSERR;
419  return GNUNET_OK;
420 }
421 
422 
431 int
433  const char *enc,
434  size_t enclen,
435  struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
436 {
437  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
438 
439  if (keylen % 5 > 0)
440  keylen += 5 - keylen % 5;
441  keylen /= 5;
442  if (enclen != keylen)
443  return GNUNET_SYSERR;
444 
445  if (GNUNET_OK !=
447  enclen,
448  priv,
449  sizeof(
451  return GNUNET_SYSERR;
452 #if CRYPTO_BUG
453  if (GNUNET_OK != check_eddsa_key (priv))
454  {
455  GNUNET_break (0);
456  return GNUNET_OK;
457  }
458 #endif
459  return GNUNET_OK;
460 }
461 
462 
469 void
471 {
472  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
473 }
474 
475 
482 void
484 {
485  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
486 }
487 
488 
495 void
497 {
498  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
499 }
500 
501 
507 void
509 {
510  BENCHMARK_START (ecdhe_key_create);
512  pk,
513  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
514  BENCHMARK_END (ecdhe_key_create);
515 }
516 
517 
523 void
525 {
526  BENCHMARK_START (ecdsa_key_create);
528  pk,
529  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
530  pk->d[0] &= 248;
531  pk->d[31] &= 127;
532  pk->d[31] |= 64;
533 
534  BENCHMARK_END (ecdsa_key_create);
535 }
536 
537 
543 void
545 {
546  BENCHMARK_START (eddsa_key_create);
547  /*
548  * We do not clamp for EdDSA, since all functions that use the private key do
549  * their own clamping (just like in libsodium). What we call "private key"
550  * here, actually corresponds to the seed in libsodium.
551  *
552  * (Contrast this to ECDSA, where functions using the private key can't clamp
553  * due to properties needed for GNS. That is a worse/unsafer API, but
554  * required for the GNS constructions to work.)
555  */
557  pk,
558  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
559  BENCHMARK_END (eddsa_key_create);
560 }
561 
562 
568 const struct GNUNET_CRYPTO_EcdsaPrivateKey *
570 {
575  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
576  static int once;
577 
578  if (once)
579  return &anonymous;
581  sizeof(anonymous.d),
582  GCRYMPI_CONST_ONE);
583  once = 1;
584  return &anonymous;
585 }
586 
587 
595 static gcry_sexp_t
597 {
598  gcry_sexp_t data;
599  int rc;
600 
601 /* See #5398 */
602 #if 1
603  struct GNUNET_HashCode hc;
604 
605  GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
606  if (0 != (rc = gcry_sexp_build (&data,
607  NULL,
608  "(data(flags rfc6979)(hash %s %b))",
609  "sha512",
610  (int) sizeof(hc),
611  &hc)))
612  {
613  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
614  return NULL;
615  }
616 #else
617  if (0 != (rc = gcry_sexp_build (&data,
618  NULL,
619  "(data(flags rfc6979)(hash %s %b))",
620  "sha512",
621  ntohl (purpose->size),
622  purpose)))
623  {
624  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
625  return NULL;
626  }
627 #endif
628  return data;
629 }
630 
631 
644 int
646  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
647  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
648  struct GNUNET_CRYPTO_EcdsaSignature *sig)
649 {
650  gcry_sexp_t priv_sexp;
651  gcry_sexp_t sig_sexp;
652  gcry_sexp_t data;
653  int rc;
654  gcry_mpi_t rs[2];
655 
656  BENCHMARK_START (ecdsa_sign);
657 
658  priv_sexp = decode_private_ecdsa_key (priv);
659  data = data_to_ecdsa_value (purpose);
660  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
661  {
663  _ ("ECC signing failed at %s:%d: %s\n"),
664  __FILE__,
665  __LINE__,
666  gcry_strerror (rc));
667  gcry_sexp_release (data);
668  gcry_sexp_release (priv_sexp);
669  return GNUNET_SYSERR;
670  }
671  gcry_sexp_release (priv_sexp);
672  gcry_sexp_release (data);
673 
674  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
675  'signature' */
676  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
677  {
678  GNUNET_break (0);
679  gcry_sexp_release (sig_sexp);
680  return GNUNET_SYSERR;
681  }
682  gcry_sexp_release (sig_sexp);
683  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
684  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
685  gcry_mpi_release (rs[0]);
686  gcry_mpi_release (rs[1]);
687 
688  BENCHMARK_END (ecdsa_sign);
689 
690  return GNUNET_OK;
691 }
692 
693 
706 int
708  const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
709  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
710  struct GNUNET_CRYPTO_EddsaSignature *sig)
711 {
712 
713  size_t mlen = ntohl (purpose->size);
714  unsigned char sk[crypto_sign_SECRETKEYBYTES];
715  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
716  int res;
717 
718  BENCHMARK_START (eddsa_sign);
719  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
720  res = crypto_sign_detached ((uint8_t *) sig,
721  NULL,
722  (uint8_t *) purpose,
723  mlen,
724  sk);
725  BENCHMARK_END (eddsa_sign);
726  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
727 }
728 
729 
744 int
746  uint32_t purpose,
747  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
748  const struct GNUNET_CRYPTO_EcdsaSignature *sig,
749  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
750 {
751  gcry_sexp_t data;
752  gcry_sexp_t sig_sexpr;
753  gcry_sexp_t pub_sexpr;
754  int rc;
755 
756  BENCHMARK_START (ecdsa_verify);
757 
758  if (purpose != ntohl (validate->purpose))
759  return GNUNET_SYSERR; /* purpose mismatch */
760 
761  /* build s-expression for signature */
762  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
763  NULL,
764  "(sig-val(ecdsa(r %b)(s %b)))",
765  (int) sizeof(sig->r),
766  sig->r,
767  (int) sizeof(sig->s),
768  sig->s)))
769  {
770  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
771  return GNUNET_SYSERR;
772  }
773  data = data_to_ecdsa_value (validate);
774  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
775  NULL,
776  "(public-key(ecc(curve " CURVE ")(q %b)))",
777  (int) sizeof(pub->q_y),
778  pub->q_y)))
779  {
780  gcry_sexp_release (data);
781  gcry_sexp_release (sig_sexpr);
782  return GNUNET_SYSERR;
783  }
784  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
785  gcry_sexp_release (pub_sexpr);
786  gcry_sexp_release (data);
787  gcry_sexp_release (sig_sexpr);
788  if (0 != rc)
789  {
791  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
792  __FILE__,
793  __LINE__,
794  gcry_strerror (rc));
795  BENCHMARK_END (ecdsa_verify);
796  return GNUNET_SYSERR;
797  }
798  BENCHMARK_END (ecdsa_verify);
799  return GNUNET_OK;
800 }
801 
802 
818 int
820  uint32_t purpose,
821  const struct GNUNET_CRYPTO_EccSignaturePurpose *validate,
822  const struct GNUNET_CRYPTO_EddsaSignature *sig,
823  const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
824 {
825  const unsigned char *m = (const void *) validate;
826  size_t mlen = ntohl (validate->size);
827  const unsigned char *s = (const void *) sig;
828 
829  int res;
830 
831  if (purpose != ntohl (validate->purpose))
832  return GNUNET_SYSERR; /* purpose mismatch */
833 
834  BENCHMARK_START (eddsa_verify);
835  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
836  BENCHMARK_END (eddsa_verify);
837  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
838 }
839 
840 
849 int
851  const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
852  struct GNUNET_HashCode *key_material)
853 {
854  uint8_t p[crypto_scalarmult_BYTES];
855  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
856  return GNUNET_SYSERR;
857  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
858  return GNUNET_OK;
859 }
860 
861 
872 static gcry_mpi_t
874  const char *label,
875  const char *context)
876 {
877  gcry_mpi_t h;
878  struct GNUNET_HashCode hc;
879  static const char *const salt = "key-derivation";
880 
881  GNUNET_CRYPTO_kdf (&hc,
882  sizeof(hc),
883  salt,
884  strlen (salt),
885  pub,
886  sizeof(*pub),
887  label,
888  strlen (label),
889  context,
890  strlen (context),
891  NULL,
892  0);
893  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
894  return h;
895 }
896 
897 
912  const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
913  const char *label,
914  const char *context)
915 {
916  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
918  uint8_t dc[32];
919  gcry_mpi_t h;
920  gcry_mpi_t x;
921  gcry_mpi_t d;
922  gcry_mpi_t n;
923  gcry_ctx_t ctx;
924 
925  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
926 
927  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
929 
930  h = derive_h (&pub, label, context);
931  /* Convert to big endian for libgcrypt */
932  for (size_t i = 0; i < 32; i++)
933  dc[i] = priv->d[31 - i];
934  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc));
935  d = gcry_mpi_new (256);
936  gcry_mpi_mulm (d, h, x, n);
937  gcry_mpi_release (h);
938  gcry_mpi_release (x);
939  gcry_mpi_release (n);
940  gcry_ctx_release (ctx);
942  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
943  /* Convert to big endian for libgcrypt */
944  for (size_t i = 0; i < 32; i++)
945  ret->d[i] = dc[31 - i];
946  sodium_memzero (dc, sizeof(dc));
947  gcry_mpi_release (d);
948  return ret;
949 }
950 
951 
962 void
964  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
965  const char *label,
966  const char *context,
968 {
969  gcry_ctx_t ctx;
970  gcry_mpi_t q_y;
971  gcry_mpi_t h;
972  gcry_mpi_t n;
973  gcry_mpi_t h_mod_n;
974  gcry_mpi_point_t q;
975  gcry_mpi_point_t v;
976 
977  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
978 
979  /* obtain point 'q' from original public key. The provided 'q' is
980  compressed thus we first store it in the context and then get it
981  back as a (decompresssed) point. */
982  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
983  GNUNET_assert (NULL != q_y);
984  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
985  gcry_mpi_release (q_y);
986  q = gcry_mpi_ec_get_point ("q", ctx, 0);
987  GNUNET_assert (q);
988 
989  /* calculate h_mod_n = h % n */
990  h = derive_h (pub, label, context);
991  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
992  h_mod_n = gcry_mpi_new (256);
993  gcry_mpi_mod (h_mod_n, h, n);
994  /* calculate v = h_mod_n * q */
995  v = gcry_mpi_point_new (0);
996  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
997  gcry_mpi_release (h_mod_n);
998  gcry_mpi_release (h);
999  gcry_mpi_release (n);
1000  gcry_mpi_point_release (q);
1001 
1002  /* convert point 'v' to public key that we return */
1003  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
1004  gcry_mpi_point_release (v);
1005  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
1006  GNUNET_assert (q_y);
1007  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
1008  gcry_mpi_release (q_y);
1009  gcry_ctx_release (ctx);
1010 }
1011 
1012 
1023 int
1025  const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1026  struct GNUNET_HashCode *key_material)
1027 {
1028  struct GNUNET_HashCode hc;
1029  uint8_t a[crypto_scalarmult_SCALARBYTES];
1030  uint8_t p[crypto_scalarmult_BYTES];
1031 
1032  GNUNET_CRYPTO_hash (priv,
1033  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
1034  &hc);
1035  memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1036  if (0 != crypto_scalarmult (p, a, pub->q_y))
1037  return GNUNET_SYSERR;
1038  GNUNET_CRYPTO_hash (p,
1039  crypto_scalarmult_BYTES,
1040  key_material);
1041  return GNUNET_OK;
1042 }
1043 
1044 
1055 int
1057  const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1058  struct GNUNET_HashCode *key_material)
1059 {
1060  uint8_t p[crypto_scalarmult_BYTES];
1061 
1062  BENCHMARK_START (ecdsa_ecdh);
1063  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
1064  return GNUNET_SYSERR;
1065  GNUNET_CRYPTO_hash (p,
1066  crypto_scalarmult_BYTES,
1067  key_material);
1068  BENCHMARK_END (ecdsa_ecdh);
1069  return GNUNET_OK;
1070 }
1071 
1072 
1083 int
1085  const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
1086  struct GNUNET_HashCode *key_material)
1087 {
1088  uint8_t p[crypto_scalarmult_BYTES];
1089  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
1090 
1091  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
1092  return GNUNET_SYSERR;
1093  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
1094  return GNUNET_SYSERR;
1095  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
1096  return GNUNET_OK;
1097 }
1098 
1099 
1110 int
1112  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
1113  struct GNUNET_HashCode *key_material)
1114 {
1115  uint8_t p[crypto_scalarmult_BYTES];
1116  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
1117 
1118  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
1119  return GNUNET_SYSERR;
1120  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
1121  return GNUNET_SYSERR;
1122  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
1123  return GNUNET_OK;
1124 }
1125 
1126 
1127 /* end of crypto_ecc.c */
int GNUNET_CRYPTO_ecdsa_ecdh(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private ECDSA key.
Definition: crypto_ecc.c:1056
int GNUNET_CRYPTO_eddsa_private_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a string representing a private key to a private key.
Definition: crypto_ecc.c:432
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
const struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_key_get_anonymous()
Get the shared private key we use for anonymous users.
Definition: crypto_ecc.c:569
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_ecdsa_public_key_derive(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition: crypto_ecc.c:963
static int end
Set if we are to shutdown all services (including ARM).
Definition: gnunet-arm.c:34
int GNUNET_CRYPTO_ecdh_ecdsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EcDSA public key and a private ECDH key.
Definition: crypto_ecc.c:1111
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
char * GNUNET_CRYPTO_eddsa_public_key_to_string(const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a public key to a string.
Definition: crypto_ecc.c:265
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
void GNUNET_CRYPTO_ecdhe_key_clear(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:470
void GNUNET_CRYPTO_ecdsa_key_clear(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:483
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
int GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify signature.
Definition: crypto_ecc.c:819
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
int GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECDHE key.
Definition: crypto_ecc.c:850
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static pa_context * context
Pulseaudio context.
#define _(String)
GNU gettext support macro.
Definition: platform.h:184
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
cryptographic primitives for GNUnet
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:508
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
int GNUNET_CRYPTO_eddsa_ecdh(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a ECDH public key and a private EdDSA key.
Definition: crypto_ecc.c:1024
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
static int once
Global to mark if we&#39;ve run the initialization.
Definition: gnsrecord.c:68
Randomness for IVs etc.
an ECC signature using ECDSA
static int result
Global testing status.
#define LOG(kind,...)
Definition: crypto_ecc.c:45
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
A 512-bit hashcode.
int GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:1084
static int res
char * GNUNET_CRYPTO_eddsa_private_key_to_string(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
Convert a private key to a string.
Definition: crypto_ecc.c:298
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
char * GNUNET_CRYPTO_ecdsa_public_key_to_string(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a public key to a string.
Definition: crypto_ecc.c:232
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:176
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:215
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:544
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:58
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
int GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
Sign a given block.
Definition: crypto_ecc.c:645
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:596
an ECC signature using EdDSA.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:193
int GNUNET_CRYPTO_ecdsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Verify signature.
Definition: crypto_ecc.c:745
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_eddsa_key_clear(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Clear memory that was used to store a private key.
Definition: crypto_ecc.c:496
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:524
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
static OpusEncoder * enc
OPUS encoder.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
int GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
Sign a given block.
Definition: crypto_ecc.c:707
char * GNUNET_CRYPTO_ecdsa_private_key_to_string(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert a private key to a string.
Definition: crypto_ecc.c:331
unsigned char s[256/8]
S value.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
static gcry_mpi_t derive_h(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
Definition: crypto_ecc.c:873
#define CURVE
Name of the curve we are using.
Definition: crypto_ecc.c:43
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:80
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:138
benchmarking for various operations
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_private_key_derive(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
Derive a private key from a given private key and a label.
Definition: crypto_ecc.c:911
uint32_t data
The data value.
int GNUNET_CRYPTO_eddsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:399
int GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:90
static int list
Set if we should print a list of currently running services.
Definition: gnunet-arm.c:69
#define GNUNET_malloc(size)
Wrapper around malloc.
int GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:972
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
Definition: strings.c:872
static struct GNUNET_FS_DownloadContext * dc
#define GNUNET_free(ptr)
Wrapper around free.
int GNUNET_CRYPTO_ecdsa_public_key_from_string(const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Convert a string representing a public key to a public key.
Definition: crypto_ecc.c:366
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...