GNUnet  0.11.x
gnunet-crypto-tvg.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2020 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
50 #include "platform.h"
51 #include "gnunet_util_lib.h"
52 #include "gnunet_signatures.h"
53 #include "gnunet_testing_lib.h"
54 #include <jansson.h>
55 #include <gcrypt.h>
56 
58 
65 {
67  uint32_t testval;
68 };
69 
71 
72 
76 static int verify_flag = GNUNET_NO;
77 
78 
82 static int global_ret = 0;
83 
84 
92 static json_t *
93 vec_for (json_t *vecs, const char *vecname)
94 {
95  json_t *t = json_object ();
96 
97  json_object_set_new (t,
98  "operation",
99  json_string (vecname));
100  json_array_append_new (vecs, t);
101  return t;
102 }
103 
104 
114 static void
115 d2j (json_t *vec,
116  const char *label,
117  const void *data,
118  size_t size)
119 {
120  char *buf;
121  json_t *json;
122 
124  json = json_string (buf);
125  GNUNET_free (buf);
126  GNUNET_break (NULL != json);
127 
128  json_object_set_new (vec, label, json);
129 }
130 
131 
140 static void
141 uint2j (json_t *vec,
142  const char *label,
143  unsigned int num)
144 {
145  json_t *json = json_integer (num);
146 
147  json_object_set_new (vec, label, json);
148 }
149 
150 
151 static int
152 expect_data_fixed (json_t *vec,
153  const char *name,
154  void *data,
155  size_t expect_len)
156 {
157  const char *s = json_string_value (json_object_get (vec, name));
158 
159  if (NULL == s)
160  return GNUNET_NO;
161 
163  strlen (s),
164  data,
165  expect_len))
166  return GNUNET_NO;
167  return GNUNET_OK;
168 }
169 
170 
171 static int
172 expect_data_dynamic (json_t *vec,
173  const char *name,
174  void **data,
175  size_t *ret_len)
176 {
177  const char *s = json_string_value (json_object_get (vec, name));
178  char *tmp;
179  size_t len;
180 
181  if (NULL == s)
182  return GNUNET_NO;
183 
184  len = (strlen (s) * 5) / 8;
185  if (NULL != ret_len)
186  *ret_len = len;
187  tmp = GNUNET_malloc (len);
188 
189  if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len))
190  {
191  GNUNET_free (tmp);
192  return GNUNET_NO;
193  }
194  *data = tmp;
195  return GNUNET_OK;
196 }
197 
198 
207 static int
208 checkvec (const char *operation,
209  json_t *vec)
210 {
212  "checking %s\n", operation);
213 
214  if (0 == strcmp (operation, "hash"))
215  {
216  void *data;
217  size_t data_len;
218  struct GNUNET_HashCode hash_out;
219  struct GNUNET_HashCode hc;
220 
221  if (GNUNET_OK != expect_data_dynamic (vec,
222  "input",
223  &data,
224  &data_len))
225  {
226  GNUNET_break (0);
227  return GNUNET_SYSERR;
228  }
229  if (GNUNET_OK != expect_data_fixed (vec,
230  "output",
231  &hash_out,
232  sizeof (hash_out)))
233  {
234  GNUNET_free (data);
235  GNUNET_break (0);
236  return GNUNET_NO;
237  }
238 
239  GNUNET_CRYPTO_hash (data, data_len, &hc);
240 
241  if (0 != GNUNET_memcmp (&hc, &hash_out))
242  {
243  GNUNET_free (data);
244  GNUNET_break (0);
245  return GNUNET_NO;
246  }
247  GNUNET_free (data);
248  }
249  else if (0 == strcmp (operation, "ecc_ecdh"))
250  {
251  struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
252  struct GNUNET_CRYPTO_EcdhePublicKey pub1;
253  struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
254  struct GNUNET_HashCode skm;
255  struct GNUNET_HashCode skm_comp;
256 
257  if (GNUNET_OK != expect_data_fixed (vec,
258  "priv1",
259  &priv1,
260  sizeof (priv1)))
261  {
262  GNUNET_break (0);
263  return GNUNET_NO;
264  }
265  if (GNUNET_OK != expect_data_fixed (vec,
266  "priv2",
267  &priv2,
268  sizeof (priv2)))
269  {
270  GNUNET_break (0);
271  return GNUNET_NO;
272  }
273  if (GNUNET_OK != expect_data_fixed (vec,
274  "pub1",
275  &pub1,
276  sizeof (pub1)))
277  {
278  GNUNET_break (0);
279  return GNUNET_NO;
280  }
281  if (GNUNET_OK != expect_data_fixed (vec,
282  "skm",
283  &skm,
284  sizeof (skm)))
285  {
286  GNUNET_break (0);
287  return GNUNET_NO;
288  }
290  GNUNET_CRYPTO_ecc_ecdh (&priv2,
291  &pub1,
292  &skm_comp));
293  if (0 != GNUNET_memcmp (&skm, &skm_comp))
294  {
295  GNUNET_break (0);
296  return GNUNET_NO;
297  }
298  }
299  else if (0 == strcmp (operation, "eddsa_key_derivation"))
300  {
301  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
303  struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
304 
305  if (GNUNET_OK != expect_data_fixed (vec,
306  "priv",
307  &priv,
308  sizeof (priv)))
309  {
310  GNUNET_break (0);
311  return GNUNET_NO;
312  }
313 
314  if (GNUNET_OK != expect_data_fixed (vec,
315  "pub",
316  &pub,
317  sizeof (pub)))
318  {
319  GNUNET_break (0);
320  return GNUNET_NO;
321  }
322 
324  &pub_comp);
325  if (0 != GNUNET_memcmp (&pub, &pub_comp))
326  {
327  GNUNET_break (0);
328  return GNUNET_NO;
329  }
330 
331  }
332  else if (0 == strcmp (operation, "eddsa_signing"))
333  {
334  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
336  struct TestSignatureDataPS data = { 0 };
337  struct GNUNET_CRYPTO_EddsaSignature sig;
338  struct GNUNET_CRYPTO_EddsaSignature sig_comp;
339 
340  if (GNUNET_OK != expect_data_fixed (vec,
341  "priv",
342  &priv,
343  sizeof (priv)))
344  {
345  GNUNET_break (0);
346  return GNUNET_NO;
347  }
348 
349  if (GNUNET_OK != expect_data_fixed (vec,
350  "pub",
351  &pub,
352  sizeof (pub)))
353  {
354  GNUNET_break (0);
355  return GNUNET_NO;
356  }
357 
358  if (GNUNET_OK != expect_data_fixed (vec,
359  "data",
360  &data,
361  sizeof (data)))
362  {
363  GNUNET_break (0);
364  return GNUNET_NO;
365  }
366 
367  if (GNUNET_OK != expect_data_fixed (vec,
368  "sig",
369  &sig,
370  sizeof (sig)))
371  {
372  GNUNET_break (0);
373  return GNUNET_NO;
374  }
375 
377  &data,
378  &sig_comp);
381  &data,
382  &sig,
383  &pub));
384  if (0 != GNUNET_memcmp (&sig, &sig_comp))
385  {
386  GNUNET_break (0);
387  return GNUNET_NO;
388  }
389  }
390  else if (0 == strcmp (operation, "kdf"))
391  {
392  size_t out_len;
393  void *out;
394  size_t out_len_comp;
395  void *out_comp;
396  void *ikm;
397  size_t ikm_len;
398  void *salt;
399  size_t salt_len;
400  void *ctx;
401  size_t ctx_len;
402 
403  if (GNUNET_OK != expect_data_dynamic (vec,
404  "out",
405  &out,
406  &out_len))
407  {
408  GNUNET_break (0);
409  return GNUNET_SYSERR;
410  }
411 
412  out_len_comp = out_len;
413  out_comp = GNUNET_malloc (out_len_comp);
414 
415  if (GNUNET_OK != expect_data_dynamic (vec,
416  "ikm",
417  &ikm,
418  &ikm_len))
419  {
420  GNUNET_free (out);
421  GNUNET_free (out_comp);
422  GNUNET_break (0);
423  return GNUNET_SYSERR;
424  }
425 
426  if (GNUNET_OK != expect_data_dynamic (vec,
427  "salt",
428  &salt,
429  &salt_len))
430  {
431  GNUNET_free (out);
432  GNUNET_free (out_comp);
433  GNUNET_free (ikm);
434  GNUNET_break (0);
435  return GNUNET_SYSERR;
436  }
437 
438  if (GNUNET_OK != expect_data_dynamic (vec,
439  "ctx",
440  &ctx,
441  &ctx_len))
442  {
443  GNUNET_free (out);
444  GNUNET_free (out_comp);
445  GNUNET_free (ikm);
446  GNUNET_free (salt);
447  GNUNET_break (0);
448  return GNUNET_SYSERR;
449  }
450 
452  GNUNET_CRYPTO_kdf (out_comp,
453  out_len_comp,
454  salt,
455  salt_len,
456  ikm,
457  ikm_len,
458  ctx,
459  ctx_len,
460  NULL));
461 
462  if (0 != memcmp (out, out_comp, out_len))
463  {
464  GNUNET_free (out);
465  GNUNET_free (out_comp);
466  GNUNET_free (ikm);
467  GNUNET_free (salt);
468  GNUNET_free (ctx);
469  GNUNET_break (0);
470  return GNUNET_NO;
471  }
472  GNUNET_free (out);
473  GNUNET_free (out_comp);
474  GNUNET_free (ikm);
475  GNUNET_free (salt);
476  GNUNET_free (ctx);
477  }
478  else if (0 == strcmp (operation, "eddsa_ecdh"))
479  {
480  struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
481  struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
482  struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
483  struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
484  struct GNUNET_HashCode key_material;
485  struct GNUNET_HashCode key_material_comp;
486 
487  if (GNUNET_OK != expect_data_fixed (vec,
488  "priv_ecdhe",
489  &priv_ecdhe,
490  sizeof (priv_ecdhe)))
491  {
492  GNUNET_break (0);
493  return GNUNET_NO;
494  }
495 
496  if (GNUNET_OK != expect_data_fixed (vec,
497  "pub_ecdhe",
498  &pub_ecdhe,
499  sizeof (pub_ecdhe)))
500  {
501  GNUNET_break (0);
502  return GNUNET_NO;
503  }
504 
505  if (GNUNET_OK != expect_data_fixed (vec,
506  "priv_eddsa",
507  &priv_eddsa,
508  sizeof (priv_eddsa)))
509  {
510  GNUNET_break (0);
511  return GNUNET_NO;
512  }
513 
514  if (GNUNET_OK != expect_data_fixed (vec,
515  "pub_eddsa",
516  &pub_eddsa,
517  sizeof (pub_eddsa)))
518  {
519  GNUNET_break (0);
520  return GNUNET_NO;
521  }
522 
523  if (GNUNET_OK != expect_data_fixed (vec,
524  "key_material",
525  &key_material,
526  sizeof (key_material)))
527  {
528  GNUNET_break (0);
529  return GNUNET_NO;
530  }
531 
532  GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material_comp);
533 
534  if (0 != GNUNET_memcmp (&key_material, &key_material_comp))
535  {
536  GNUNET_break (0);
537  return GNUNET_NO;
538  }
539  }
540  else if (0 == strcmp (operation, "rsa_blind_signing"))
541  {
542  struct GNUNET_CRYPTO_RsaPrivateKey *skey;
544  struct GNUNET_HashCode message_hash;
546  struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
547  struct GNUNET_CRYPTO_RsaSignature *sig;
548  void *blinded_data;
549  size_t blinded_len;
550  void *blinded_data_comp;
551  size_t blinded_len_comp;
552  void *public_enc_data;
553  size_t public_enc_len;
554  void *secret_enc_data;
555  size_t secret_enc_len;
556  void *sig_enc_data;
557  size_t sig_enc_length;
558  void *sig_enc_data_comp;
559  size_t sig_enc_length_comp;
560 
561  if (GNUNET_OK != expect_data_fixed (vec,
562  "message_hash",
563  &message_hash,
564  sizeof (message_hash)))
565  {
566  GNUNET_break (0);
567  return GNUNET_SYSERR;
568  }
569 
570  if (GNUNET_OK != expect_data_fixed (vec,
571  "blinding_key_secret",
572  &bks,
573  sizeof (bks)))
574  {
575  GNUNET_break (0);
576  return GNUNET_SYSERR;
577  }
578 
579  if (GNUNET_OK != expect_data_dynamic (vec,
580  "blinded_message",
581  &blinded_data,
582  &blinded_len))
583  {
584  GNUNET_break (0);
585  return GNUNET_SYSERR;
586  }
587 
588  if (GNUNET_OK != expect_data_dynamic (vec,
589  "rsa_public_key",
590  &public_enc_data,
591  &public_enc_len))
592  {
593  GNUNET_free (blinded_data);
594  GNUNET_break (0);
595  return GNUNET_SYSERR;
596  }
597 
598  if (GNUNET_OK != expect_data_dynamic (vec,
599  "rsa_private_key",
600  &secret_enc_data,
601  &secret_enc_len))
602  {
603  GNUNET_free (blinded_data);
604  GNUNET_free (public_enc_data);
605  GNUNET_break (0);
606  return GNUNET_SYSERR;
607  }
608 
609  if (GNUNET_OK != expect_data_dynamic (vec,
610  "sig",
611  &sig_enc_data,
612  &sig_enc_length))
613  {
614  GNUNET_free (blinded_data);
615  GNUNET_free (public_enc_data);
616  GNUNET_free (secret_enc_data);
617  GNUNET_break (0);
618  return GNUNET_SYSERR;
619  }
620 
621  pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
622  public_enc_len);
623  GNUNET_assert (NULL != pkey);
624  skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
625  secret_enc_len);
626  GNUNET_assert (NULL != skey);
627 
629  GNUNET_CRYPTO_rsa_blind (&message_hash,
630  &bks,
631  pkey,
632  &blinded_data_comp,
633  &blinded_len_comp));
634  if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data,
635  blinded_data_comp,
636  blinded_len)) )
637  {
638  GNUNET_free (blinded_data);
639  GNUNET_free (public_enc_data);
640  GNUNET_free (secret_enc_data);
641  GNUNET_free (sig_enc_data);
642  GNUNET_free (skey);
643  GNUNET_break (0);
644  return GNUNET_NO;
645  }
646  blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
647  blinded_len);
648  sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
649  GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
650  pkey));
651  public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
652  &public_enc_data);
653  sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
654  &sig_enc_data_comp);
655 
656  if ( (sig_enc_length != sig_enc_length_comp) ||
657  (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
658  {
659  GNUNET_free (blinded_sig);
660  GNUNET_free (blinded_data);
661  GNUNET_free (public_enc_data);
662  GNUNET_free (secret_enc_data);
663  GNUNET_free (sig_enc_data);
664  GNUNET_free (skey);
665  GNUNET_break (0);
666  return GNUNET_NO;
667  }
668  GNUNET_free (blinded_sig);
669  GNUNET_free (blinded_data);
670  GNUNET_free (public_enc_data);
671  GNUNET_free (secret_enc_data);
672  GNUNET_free (sig_enc_data);
673  GNUNET_free (skey);
674  }
675  else
676  {
678  "unsupported operation '%s'\n", operation);
679  }
680 
681  return GNUNET_OK;
682 }
683 
684 
690 static int
692 {
693  json_error_t err;
694  json_t *vecfile = json_loadf (stdin, 0, &err);
695  const char *encoding;
696  json_t *vectors;
697 
698  if (NULL == vecfile)
699  {
700  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
701  return 1;
702  }
703  encoding = json_string_value (json_object_get (vecfile,
704  "encoding"));
705  if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
706  {
707  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
708  json_decref (vecfile);
709  return 1;
710  }
711  vectors = json_object_get (vecfile, "vectors");
712  if (! json_is_array (vectors))
713  {
714  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
715  json_decref (vecfile);
716  return 1;
717  }
718  {
719  /* array is a JSON array */
720  size_t index;
721  json_t *value;
722  int ret;
723 
724  json_array_foreach (vectors, index, value) {
725  const char *op = json_string_value (json_object_get (value,
726  "operation"));
727 
728  if (NULL == op)
729  {
731  "missing operation\n");
732  ret = GNUNET_SYSERR;
733  break;
734  }
735  ret = checkvec (op, value);
736  if (GNUNET_OK != ret)
737  {
739  "bad vector %u\n",
740  (unsigned int) index);
741  break;
742  }
743  }
744  return (ret == GNUNET_OK) ? 0 : 1;
745  }
746 }
747 
748 
754 static int
756 {
757  json_t *vecfile = json_object ();
758  json_t *vecs = json_array ();
759 
760  json_object_set_new (vecfile,
761  "encoding",
762  json_string ("base32crockford"));
763  json_object_set_new (vecfile,
764  "producer",
765  json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
766  json_object_set_new (vecfile,
767  "vectors",
768  vecs);
769 
770  {
771  json_t *vec = vec_for (vecs, "hash");
772  struct GNUNET_HashCode hc;
773  char *str = "Hello, GNUnet";
774 
775  GNUNET_CRYPTO_hash (str, strlen (str), &hc);
776 
777  d2j (vec, "input", str, strlen (str));
778  d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
779  }
780  {
781  json_t *vec = vec_for (vecs, "ecc_ecdh");
782  struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
783  struct GNUNET_CRYPTO_EcdhePublicKey pub1;
784  struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
785  struct GNUNET_HashCode skm;
786 
790  &pub1);
792  GNUNET_CRYPTO_ecc_ecdh (&priv2,
793  &pub1,
794  &skm));
795 
796  d2j (vec,
797  "priv1",
798  &priv1,
799  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
800  d2j (vec,
801  "pub1",
802  &pub1,
803  sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
804  d2j (vec,
805  "priv2",
806  &priv2,
807  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
808  d2j (vec,
809  "skm",
810  &skm,
811  sizeof (struct GNUNET_HashCode));
812  }
813 
814  {
815  json_t *vec = vec_for (vecs, "eddsa_key_derivation");
816  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
818 
821  &pub);
822 
823  d2j (vec,
824  "priv",
825  &priv,
826  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
827  d2j (vec,
828  "pub",
829  &pub,
830  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
831  }
832  {
833  json_t *vec = vec_for (vecs, "eddsa_signing");
834  struct GNUNET_CRYPTO_EddsaPrivateKey priv;
836  struct GNUNET_CRYPTO_EddsaSignature sig;
837  struct TestSignatureDataPS data = { 0 };
838 
841  &pub);
842  data.purpose.size = htonl (sizeof (data));
843  data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
845  &data,
846  &sig);
849  &data,
850  &sig,
851  &pub));
852 
853  d2j (vec,
854  "priv",
855  &priv,
856  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
857  d2j (vec,
858  "pub",
859  &pub,
860  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
861  d2j (vec,
862  "data",
863  &data,
864  sizeof (struct TestSignatureDataPS));
865  d2j (vec,
866  "sig",
867  &sig,
868  sizeof (struct GNUNET_CRYPTO_EddsaSignature));
869  }
870 
871  {
872  json_t *vec = vec_for (vecs, "kdf");
873  size_t out_len = 64;
874  char out[out_len];
875  char *ikm = "I'm the secret input key material";
876  char *salt = "I'm very salty";
877  char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
878 
880  GNUNET_CRYPTO_kdf (&out,
881  out_len,
882  salt,
883  strlen (salt),
884  ikm,
885  strlen (ikm),
886  ctx,
887  strlen (ctx),
888  NULL));
889 
890  d2j (vec,
891  "salt",
892  salt,
893  strlen (salt));
894  d2j (vec,
895  "ikm",
896  ikm,
897  strlen (ikm));
898  d2j (vec,
899  "ctx",
900  ctx,
901  strlen (ctx));
902  uint2j (vec,
903  "out_len",
904  (unsigned int) out_len);
905  d2j (vec,
906  "out",
907  out,
908  out_len);
909  }
910  {
911  json_t *vec = vec_for (vecs, "eddsa_ecdh");
912  struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
913  struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
914  struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
915  struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
916  struct GNUNET_HashCode key_material;
917 
918  GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
919  GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
920  GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
921  GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
922  GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
923 
924  d2j (vec, "priv_ecdhe",
925  &priv_ecdhe,
926  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
927  d2j (vec, "pub_ecdhe",
928  &pub_ecdhe,
929  sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
930  d2j (vec, "priv_eddsa",
931  &priv_eddsa,
932  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
933  d2j (vec, "pub_eddsa",
934  &pub_eddsa,
935  sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
936  d2j (vec, "key_material",
937  &key_material,
938  sizeof (struct GNUNET_HashCode));
939  }
940 
941  {
942  json_t *vec = vec_for (vecs, "rsa_blind_signing");
943 
944  struct GNUNET_CRYPTO_RsaPrivateKey *skey;
946  struct GNUNET_HashCode message_hash;
948  struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
949  struct GNUNET_CRYPTO_RsaSignature *sig;
950  void *blinded_data;
951  size_t blinded_len;
952  void *public_enc_data;
953  size_t public_enc_len;
954  void *secret_enc_data;
955  size_t secret_enc_len;
956  void *blinded_sig_enc_data;
957  size_t blinded_sig_enc_length;
958  void *sig_enc_data;
959  size_t sig_enc_length;
960 
964  &message_hash,
965  sizeof (struct GNUNET_HashCode));
967  &bks,
968  sizeof (struct
971  GNUNET_CRYPTO_rsa_blind (&message_hash,
972  &bks,
973  pkey,
974  &blinded_data,
975  &blinded_len));
976  blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
977  blinded_len);
978  sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
979  GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
980  pkey));
981  public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
982  &public_enc_data);
983  secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
984  &secret_enc_data);
985  blinded_sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
986  &
987  blinded_sig_enc_data);
988  sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data);
989  d2j (vec,
990  "message_hash",
991  &message_hash,
992  sizeof (struct GNUNET_HashCode));
993  d2j (vec,
994  "rsa_public_key",
995  public_enc_data,
996  public_enc_len);
997  d2j (vec,
998  "rsa_private_key",
999  secret_enc_data,
1000  secret_enc_len);
1001  d2j (vec,
1002  "blinding_key_secret",
1003  &bks,
1004  sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
1005  d2j (vec,
1006  "blinded_message",
1007  blinded_data,
1008  blinded_len);
1009  d2j (vec,
1010  "blinded_sig",
1011  blinded_sig_enc_data,
1012  blinded_sig_enc_length);
1013  d2j (vec,
1014  "sig",
1015  sig_enc_data,
1016  sig_enc_length);
1020  GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
1021  GNUNET_free (public_enc_data);
1022  GNUNET_free (blinded_data);
1023  GNUNET_free (sig_enc_data);
1024  GNUNET_free (blinded_sig_enc_data);
1025  GNUNET_free (secret_enc_data);
1026  }
1027 
1028  json_dumpf (vecfile, stdout, JSON_INDENT (2));
1029  json_decref (vecfile);
1030  printf ("\n");
1031 
1032  return 0;
1033 }
1034 
1035 
1044 static void
1045 run (void *cls,
1046  char *const *args,
1047  const char *cfgfile,
1048  const struct GNUNET_CONFIGURATION_Handle *cfg)
1049 {
1050  if (GNUNET_YES == verify_flag)
1052  else
1054 }
1055 
1056 
1064 int
1065 main (int argc,
1066  char *const *argv)
1067 {
1068  const struct GNUNET_GETOPT_CommandLineOption options[] = {
1070  "verify",
1071  gettext_noop (
1072  "verify a test vector from stdin"),
1073  &verify_flag),
1075  };
1076 
1078  GNUNET_log_setup ("gnunet-crypto-tvg",
1079  "INFO",
1080  NULL));
1081  if (GNUNET_OK !=
1082  GNUNET_PROGRAM_run (argc, argv,
1083  "gnunet-crypto-tvg",
1084  "Generate test vectors for cryptographic operations",
1085  options,
1086  &run, NULL))
1087  return 1;
1088  return global_ret;
1089 }
1090 
1091 
1092 /* end of gnunet-crypto-tvg.c */
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_OPTION_END
Definition: 002.c:13
struct GNUNET_GETOPT_CommandLineOption options[]
Definition: 002.c:5
#define gettext_noop(String)
Definition: gettext.h:69
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration we are using.
Definition: gnunet-abd.c:36
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static struct GNUNET_ARM_Operation * op
Current operation.
Definition: gnunet-arm.c:144
static int expect_data_fixed(json_t *vec, const char *name, void *data, size_t expect_len)
static GNUNET_NETWORK_STRUCT_END int verify_flag
Should we verify or output test vectors?
static void uint2j(json_t *vec, const char *label, unsigned int num)
Add a number to a test vector.
static int global_ret
Global exit code.
static int expect_data_dynamic(json_t *vec, const char *name, void **data, size_t *ret_len)
static void d2j(json_t *vec, const char *label, const void *data, size_t size)
Add a base32crockford encoded value to a test vector.
static int check_vectors()
Check test vectors from stdin.
static void run(void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg)
Main function that will be run.
int main(int argc, char *const *argv)
The main function of the test vector generation tool.
static int output_vectors()
Output test vectors.
static json_t * vec_for(json_t *vecs, const char *vecname)
Create a fresh test vector for a given operation label.
static int checkvec(const char *operation, json_t *vec)
Check a single vector.
uint32_t data
The data value.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
static char * pkey
Public key of the zone to look in, in ASCII.
static char * value
Value of the record to add/remove.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
static char buf[2048]
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_SCHEDULER_Task * t
Main task.
#define GNUNET_NETWORK_STRUCT_BEGIN
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32.
#define GNUNET_log(kind,...)
#define GNUNET_NETWORK_STRUCT_END
Define as empty, GNUNET_PACKED should suffice, but this won't work on W32;.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
@ GNUNET_OK
Definition: gnunet_common.h:95
@ GNUNET_YES
Definition: gnunet_common.h:97
@ GNUNET_NO
Definition: gnunet_common.h:94
@ GNUNET_SYSERR
Definition: gnunet_common.h:93
void GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
Free memory occupied by signature.
Definition: crypto_rsa.c:945
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:172
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
Verify whether the given hash corresponds to the given signature and the signature is valid with resp...
Definition: crypto_rsa.c:1129
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode(const void *buf, size_t buf_size)
Decode the private key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:203
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
Unblind a blind-signed signature.
Definition: crypto_rsa.c:1048
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:267
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, size_t len)
Decode the public key from the data-format back to the "normal", internal format.
Definition: crypto_rsa.c:383
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:300
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:953
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:232
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:180
struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
Create a new private key.
Definition: crypto_rsa.c:143
struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
Sign a blinded value, which must be a full domain hash of a message.
Definition: crypto_rsa.c:901
int GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, void **buf, size_t *buf_size)
Blinds the given message with the given blinding key.
Definition: crypto_rsa.c:744
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a public and a private ECC key.
Definition: crypto_ecc.c:705
void GNUNET_CRYPTO_ecdhe_key_create(struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:435
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:461
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
Derive key material from a EdDSA public key and a private ECDH key.
Definition: crypto_ecc.c:758
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
EdDSA sign a given block.
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
Verify EdDSA signature.
void GNUNET_CRYPTO_ecdhe_key_get_public(const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:213
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
struct GNUNET_GETOPT_CommandLineOption GNUNET_GETOPT_option_flag(char shortName, const char *name, const char *description, int *val)
Allow user to specify a flag (which internally means setting an integer to 1/GNUNET_YES/GNUNET_OK.
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:90
int GNUNET_log_setup(const char *comp, const char *loglevel, const char *logfile)
Setup logging.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_INFO
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
enum GNUNET_GenericReturnValue GNUNET_PROGRAM_run(int argc, char *const *argv, const char *binaryName, const char *binaryHelp, const struct GNUNET_GETOPT_CommandLineOption *options, GNUNET_PROGRAM_Main task, void *task_cls)
Run a standard GNUnet command startup sequence (initialize loggers and configuration,...
Definition: program.c:364
#define GNUNET_SIGNATURE_PURPOSE_TEST
Test signature, not valid for anything other than writing a test.
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:750
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:775
static unsigned int size
Size of the "table".
Definition: peer.c:67
const char * name
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Private ECC key encoded for transmission.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encr...
Private ECC key encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
an ECC signature using EdDSA.
Constant-size pre-secret for blinding key generation.
The private information of an RSA key pair.
Definition: crypto_rsa.c:40
The public information of an RSA key pair.
Definition: crypto_rsa.c:52
an RSA signature
Definition: crypto_rsa.c:64
Definition of a command line option.
A 512-bit hashcode.
Sample signature struct.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose