GNUnet  0.11.x
Data Structures | Macros | Typedefs | Enumerations | Functions
gnunet_crypto_lib.h File Reference

cryptographic primitives for GNUnet More...

#include <stdbool.h>
#include <sodium.h>
#include "gnunet_common.h"
#include <gcrypt.h>
Include dependency graph for gnunet_crypto_lib.h:

Go to the source code of this file.

Data Structures

struct  GNUNET_CRYPTO_HashAsciiEncoded
 0-terminated ASCII encoding of a struct GNUNET_HashCode. More...
 
struct  GNUNET_CRYPTO_EccSignaturePurpose
 header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed data More...
 
struct  GNUNET_CRYPTO_EddsaSignature
 an ECC signature using EdDSA. More...
 
struct  GNUNET_CRYPTO_EcdsaSignature
 an ECC signature using ECDSA More...
 
struct  GNUNET_CRYPTO_EddsaPublicKey
 Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and EdDSA signatures. More...
 
struct  GNUNET_CRYPTO_EcdsaPublicKey
 Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDSA signatures. More...
 
struct  GNUNET_PeerIdentity
 The identity of the host (wraps the signing key of the peer). More...
 
struct  GNUNET_CRYPTO_EcdhePublicKey
 Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and encryption (ECDH), See http://cr.yp.to/ecdh.html. More...
 
struct  GNUNET_CRYPTO_EcdhePrivateKey
 Private ECC key encoded for transmission. More...
 
struct  GNUNET_CRYPTO_EcdsaPrivateKey
 Private ECC key encoded for transmission. More...
 
struct  GNUNET_CRYPTO_EddsaPrivateKey
 Private ECC key encoded for transmission. More...
 
struct  GNUNET_CRYPTO_EddsaPrivateScalar
 Private ECC scalar encoded for transmission. More...
 
struct  GNUNET_CRYPTO_SymmetricSessionKey
 type for session keys More...
 
struct  ChallengeNonceP
 Type of a nonce used for challenges. More...
 
struct  GNUNET_CRYPTO_SymmetricInitializationVector
 IV for sym cipher. More...
 
struct  GNUNET_CRYPTO_AuthKey
 type for (message) authentication keys More...
 
struct  GNUNET_CRYPTO_PaillierPublicKey
 Paillier public key. More...
 
struct  GNUNET_CRYPTO_PaillierPrivateKey
 Paillier private key. More...
 
struct  GNUNET_CRYPTO_PaillierCiphertext
 Paillier ciphertext. More...
 
struct  GNUNET_CRYPTO_Cs25519Scalar
 Curve25519 Scalar. More...
 
struct  GNUNET_CRYPTO_Cs25519Point
 Curve25519 point. More...
 
struct  GNUNET_CRYPTO_CsPrivateKey
 The private information of an Schnorr key pair. More...
 
struct  GNUNET_CRYPTO_CsPublicKey
 The public information of an Schnorr key pair. More...
 
struct  GNUNET_CRYPTO_CsBlindingSecret
 Secret used for blinding (alpha and beta). More...
 
struct  GNUNET_CRYPTO_CsRSecret
 the private r used in the signature More...
 
struct  GNUNET_CRYPTO_CsRPublic
 the public R (derived from r) used in c More...
 
struct  GNUNET_CRYPTO_CsC
 Schnorr c to be signed. More...
 
struct  GNUNET_CRYPTO_CsS
 s in the signature More...
 
struct  GNUNET_CRYPTO_CsBlindS
 blinded s in the signature More...
 
struct  GNUNET_CRYPTO_CsSignature
 CS Signtature containing scalar s and point R. More...
 
struct  GNUNET_CRYPTO_CsNonce
 Nonce. More...
 
struct  GNUNET_CRYPTO_PowSalt
 Value for a salt for GNUNET_CRYPTO_pow_hash(). More...
 
struct  GNUNET_CRYPTO_EccPoint
 Point on a curve (always for Curve25519) encoded in a format suitable for network transmission (ECDH), see http://cr.yp.to/ecdh.html. More...
 
struct  GNUNET_CRYPTO_EccScalar
 A ECC scalar for use in point multiplications. More...
 
struct  GNUNET_CRYPTO_RsaBlindingKeySecret
 Constant-size pre-secret for blinding key generation. More...
 

Macros

#define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH   126
 Maximum length of an ECC signature. More...
 
#define GNUNET_CRYPTO_AES_KEY_LENGTH   (256 / 8)
 length of the sessionkey in bytes (256 BIT sessionkey) More...
 
#define GNUNET_CRYPTO_HASH_LENGTH   (512 / 8)
 Length of a hash value. More...
 
#define GNUNET_CRYPTO_PKEY_ASCII_LENGTH   52
 How many characters (without 0-terminator) are our ASCII-encoded public keys (ECDSA/EDDSA/ECDHE). More...
 
#define GNUNET_CRYPTO_PAILLIER_BITS   2048
 Size of paillier plain texts and public keys. More...
 
#define GNUNET_CRYPTO_hash_from_string(enc, result)    GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result)
 Convert ASCII encoding back to struct GNUNET_HashCode More...
 
#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
 EdDSA sign a given block. More...
 
#define GNUNET_CRYPTO_ecdsa_sign(priv, ps, sig)
 ECDSA sign a given block. More...
 
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
 Verify EdDSA signature. More...
 
#define GNUNET_CRYPTO_ecdsa_verify(purp, ps, sig, pub)
 Verify ECDSA signature. More...
 

Typedefs

typedef void(* GNUNET_CRYPTO_HashCompletedCallback) (void *cls, const struct GNUNET_HashCode *res)
 Function called once the hash computation over the specified file has completed. More...
 

Enumerations

enum  GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK , GNUNET_CRYPTO_QUALITY_STRONG , GNUNET_CRYPTO_QUALITY_NONCE }
 Desired quality level for random numbers. More...
 

Functions

void GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 Seed a weak random generator. More...
 
uint8_t GNUNET_CRYPTO_crc8_n (const void *buf, size_t len)
 Calculate the checksum of a buffer in one step. More...
 
uint32_t GNUNET_CRYPTO_crc16_step (uint32_t sum, const void *buf, size_t len)
 Perform an incremental step in a CRC16 (for TCP/IP) calculation. More...
 
uint16_t GNUNET_CRYPTO_crc16_finish (uint32_t sum)
 Convert results from GNUNET_CRYPTO_crc16_step to final crc16. More...
 
uint16_t GNUNET_CRYPTO_crc16_n (const void *buf, size_t len)
 Calculate the checksum of a buffer in one step. More...
 
int32_t GNUNET_CRYPTO_crc32_n (const void *buf, size_t len)
 Compute the CRC32 checksum for the first len bytes of the buffer. More...
 
void GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
 Zero out buffer, securely against compiler optimizations. More...
 
void GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
 Fill block with a random values. More...
 
void GNUNET_CRYPTO_random_timeflake (enum GNUNET_CRYPTO_Quality mode, struct GNUNET_Uuid *uuid)
 Fill UUID with a timeflake pseudo-random value. More...
 
uint32_t GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
 Produce a random value. More...
 
uint64_t GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 Random on unsigned 64-bit values. More...
 
unsigned int * GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
 Get an array with a random permutation of the numbers 0...n-1. More...
 
void GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
 Create a new random session key. More...
 
ssize_t GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Encrypt a block using a symmetric sessionkey. More...
 
ssize_t GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Decrypt a given block using a symmetric sessionkey. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
 Derive an IV. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
 Derive an IV. More...
 
void GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode *block, struct GNUNET_CRYPTO_HashAsciiEncoded *result)
 Convert hash to ASCII encoding. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hash_from_string2 (const char *enc, size_t enclen, struct GNUNET_HashCode *result)
 Convert ASCII encoding back to a 'struct GNUNET_HashCode'. More...
 
uint32_t GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *b)
 Compute the distance between 2 hashcodes. More...
 
void GNUNET_CRYPTO_hash (const void *block, size_t size, struct GNUNET_HashCode *ret)
 Compute hash of a given block. More...
 
void GNUNET_CRYPTO_pow_hash (const struct GNUNET_CRYPTO_PowSalt *salt, const void *buf, size_t buf_len, struct GNUNET_HashCode *result)
 Calculate the 'proof-of-work' hash (an expensive hash). More...
 
struct GNUNET_HashContextGNUNET_CRYPTO_hash_context_start (void)
 Start incremental hashing operation. More...
 
struct GNUNET_HashContextGNUNET_CRYPTO_hash_context_copy (const struct GNUNET_HashContext *hc)
 Make a copy of the hash computation. More...
 
void GNUNET_CRYPTO_hash_context_read (struct GNUNET_HashContext *hc, const void *buf, size_t size)
 Add data to be hashed. More...
 
void GNUNET_CRYPTO_hash_context_finish (struct GNUNET_HashContext *hc, struct GNUNET_HashCode *r_hash)
 Finish the hash computation. More...
 
void GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc)
 Abort hashing, do not bother calculating final result. More...
 
void GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
 Calculate HMAC of a message (RFC 2104) TODO: Shouldn' this be the standard hmac function and the above be renamed? More...
 
void GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
 Calculate HMAC of a message (RFC 2104) More...
 
struct GNUNET_CRYPTO_FileHashContextGNUNET_CRYPTO_hash_file (enum GNUNET_SCHEDULER_Priority priority, const char *filename, size_t blocksize, GNUNET_CRYPTO_HashCompletedCallback callback, void *callback_cls)
 Compute the hash of an entire file. More...
 
void GNUNET_CRYPTO_hash_file_cancel (struct GNUNET_CRYPTO_FileHashContext *fhc)
 Cancel a file hashing operation. More...
 
void GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode, struct GNUNET_HashCode *result)
 Create a random hash code. More...
 
void GNUNET_CRYPTO_hash_difference (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *b, struct GNUNET_HashCode *result)
 compute result = b - a More...
 
void GNUNET_CRYPTO_hash_sum (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *delta, struct GNUNET_HashCode *result)
 compute result = a + delta More...
 
void GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode *a, const struct GNUNET_HashCode *b, struct GNUNET_HashCode *result)
 compute result = a ^ b More...
 
unsigned int GNUNET_CRYPTO_hash_count_leading_zeros (const struct GNUNET_HashCode *h)
 Count the number of leading 0 bits in h. More...
 
unsigned int GNUNET_CRYPTO_hash_count_tailing_zeros (const struct GNUNET_HashCode *h)
 Count the number of tailing 0 bits in h. More...
 
void GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode *hc, struct GNUNET_CRYPTO_SymmetricSessionKey *skey, struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
 Convert a hashcode into a key. More...
 
int GNUNET_CRYPTO_hash_cmp (const struct GNUNET_HashCode *h1, const struct GNUNET_HashCode *h2)
 Compare function for HashCodes, producing a total ordering of all hashcodes. More...
 
int GNUNET_CRYPTO_hash_xorcmp (const struct GNUNET_HashCode *h1, const struct GNUNET_HashCode *h2, const struct GNUNET_HashCode *target)
 Find out which of the two GNUNET_CRYPTO_hash codes is closer to target in the XOR metric (Kademlia). More...
 
void GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len, va_list argp)
 Derive an authentication key. More...
 
void GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, const void *salt, size_t salt_len,...)
 Derive an authentication key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
 Derive key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
 Derive key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
 Derive key. More...
 
void GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
 Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
 Derive key. More...
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key. More...
 
char * GNUNET_CRYPTO_ecdsa_public_key_to_string (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Convert a public key to a string. More...
 
char * GNUNET_CRYPTO_ecdsa_private_key_to_string (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
 Convert a private key to a string. More...
 
char * GNUNET_CRYPTO_eddsa_private_key_to_string (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv)
 Convert a private key to a string. More...
 
char * GNUNET_CRYPTO_eddsa_public_key_to_string (const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Convert a public key to a string. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_public_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Convert a string representing a public key to a public key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_private_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPrivateKey *pub)
 Convert a string representing a private key to a private key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_public_key_from_string (const char *enc, size_t enclen, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Convert a string representing a public key to a public key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 Create a new private key by reading our peer's key from the file specified in the configuration. More...
 
void GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
 Get the shared private key we use for anonymous users. More...
 
void GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
 Setup a hostkey file for a peer given the name of the configuration file (!). More...
 
int GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
 Retrieve the identity of the host's peer. More...
 
struct GNUNET_CRYPTO_EccDlogContextGNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, unsigned int mem)
 Do pre-calculation for ECC discrete logarithm for small factors. More...
 
int GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, const struct GNUNET_CRYPTO_EccPoint *input)
 Calculate ECC discrete logarithm for small factors. More...
 
void GNUNET_CRYPTO_ecc_dexp (int val, struct GNUNET_CRYPTO_EccPoint *r)
 Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_dexp_mpi (const struct GNUNET_CRYPTO_EccScalar *val, struct GNUNET_CRYPTO_EccPoint *r)
 Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_pmul_mpi (const struct GNUNET_CRYPTO_EccPoint *p, const struct GNUNET_CRYPTO_EccScalar *val, struct GNUNET_CRYPTO_EccPoint *r)
 Multiply the point p on the elliptic curve by val. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_add (const struct GNUNET_CRYPTO_EccPoint *a, const struct GNUNET_CRYPTO_EccPoint *b, struct GNUNET_CRYPTO_EccPoint *r)
 Add two points on the elliptic curve. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccPoint *r, struct GNUNET_CRYPTO_EccPoint *r_inv)
 Obtain a random point on the curve and its additive inverse. More...
 
void GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccScalar *r, struct GNUNET_CRYPTO_EccScalar *r_neg)
 Obtain a random scalar for point multiplication on the curve and its additive inverse. More...
 
void GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccScalar *r)
 Generate a random value mod n. More...
 
void GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *dlc)
 Release precalculated values. More...
 
void GNUNET_CRYPTO_ecc_scalar_from_int (int64_t val, struct GNUNET_CRYPTO_EccScalar *r)
 Create a scalar from int value. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private ECDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 
void GNUNET_CRYPTO_eddsa_private_key_derive (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPrivateScalar *result)
 Derive a private scalar from a given private key and a label. More...
 
void GNUNET_CRYPTO_eddsa_public_key_derive (const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 
void GNUNET_CRYPTO_eddsa_sign_with_scalar (const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 This is a signature function for EdDSA which takes the secret scalar sk instead of the private seed which is usually the case for crypto APIs. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (const struct GNUNET_CRYPTO_EddsaPrivateScalar *s, struct GNUNET_CRYPTO_EddsaPublicKey *pkey)
 Extract the public key of the given private scalar. More...
 
void GNUNET_CRYPTO_mpi_print_unsigned (void *buf, size_t size, gcry_mpi_t val)
 Output the given MPI value to the given buffer in network byte order. More...
 
void GNUNET_CRYPTO_mpi_scan_unsigned (gcry_mpi_t *result, const void *data, size_t size)
 Convert data buffer into MPI value. More...
 
void GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey *public_key, struct GNUNET_CRYPTO_PaillierPrivateKey *private_key)
 Create a freshly generated paillier public key. More...
 
int GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const gcry_mpi_t m, int desired_ops, struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext)
 Encrypt a plaintext with a paillier public key. More...
 
void GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key, const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext, gcry_mpi_t m)
 Decrypt a paillier ciphertext with a private key. More...
 
int GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, const struct GNUNET_CRYPTO_PaillierCiphertext *c1, const struct GNUNET_CRYPTO_PaillierCiphertext *c2, struct GNUNET_CRYPTO_PaillierCiphertext *result)
 Compute a ciphertext that represents the sum of the plaintext in x1 and x2. More...
 
int GNUNET_CRYPTO_paillier_hom_get_remaining (const struct GNUNET_CRYPTO_PaillierCiphertext *c)
 Get the number of remaining supported homomorphic operations. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
 Create a new private key. More...
 
void GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Free memory occupied by the private key. More...
 
size_t GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
 Encode the private key in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_decode (const void *buf, size_t buf_size)
 Decode the private key from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Duplicate the given private key. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
 Extract the public key of the given private key. More...
 
void GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, struct GNUNET_HashCode *hc)
 Compute hash over the public key. More...
 
bool GNUNET_CRYPTO_rsa_public_key_check (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Check if key is well-formed. More...
 
unsigned int GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Obtain the length of the RSA key in bits. More...
 
void GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key)
 Free memory occupied by the public key. More...
 
size_t GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
 Encode the public key in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_decode (const char *buf, size_t len)
 Decode the public key from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Duplicate the given public key. More...
 
int GNUNET_CRYPTO_rsa_signature_cmp (const struct GNUNET_CRYPTO_RsaSignature *s1, const struct GNUNET_CRYPTO_RsaSignature *s2)
 Compare the values of two signatures. More...
 
int GNUNET_CRYPTO_rsa_private_key_cmp (const struct GNUNET_CRYPTO_RsaPrivateKey *p1, const struct GNUNET_CRYPTO_RsaPrivateKey *p2)
 Compare the values of two private keys. More...
 
int GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1, const struct GNUNET_CRYPTO_RsaPublicKey *p2)
 Compare the values of two public keys. More...
 
int GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, void **buf, size_t *buf_size)
 Blinds the given message with the given blinding key. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
 Sign a blinded value, which must be a full domain hash of a message. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_HashCode *hash)
 Create and sign a full domain hash of a message. More...
 
void GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
 Free memory occupied by signature. More...
 
size_t GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
 Encode the given signature in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_decode (const void *buf, size_t buf_size)
 Decode the signature from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
 Duplicate the given rsa signature. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
 Unblind a blind-signed signature. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *public_key)
 Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key. More...
 
void GNUNET_CRYPTO_cs_private_key_generate (struct GNUNET_CRYPTO_CsPrivateKey *priv)
 Create a new random private key. More...
 
void GNUNET_CRYPTO_cs_private_key_get_public (const struct GNUNET_CRYPTO_CsPrivateKey *priv, struct GNUNET_CRYPTO_CsPublicKey *pub)
 Extract the public key of the given private key. More...
 
void GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, const struct GNUNET_CRYPTO_CsPrivateKey *lts, struct GNUNET_CRYPTO_CsRSecret r[2])
 Derive a new secret r pair r0 and r1. More...
 
void GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, struct GNUNET_CRYPTO_CsRPublic *r_pub)
 Extract the public R of the given secret r. More...
 
void GNUNET_CRYPTO_cs_blinding_secrets_derive (const struct GNUNET_CRYPTO_CsNonce *blind_seed, struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
 Derives new random blinding factors. More...
 
void GNUNET_CRYPTO_cs_calc_blinded_c (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], const struct GNUNET_CRYPTO_CsRPublic r_pub[2], const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len, struct GNUNET_CRYPTO_CsC blinded_c[2], struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2])
 Calculate two blinded c's Comment: One would be insecure due to Wagner's algorithm solving ROS. More...
 
unsigned int GNUNET_CRYPTO_cs_sign_derive (const struct GNUNET_CRYPTO_CsPrivateKey *priv, const struct GNUNET_CRYPTO_CsRSecret r[2], const struct GNUNET_CRYPTO_CsC c[2], const struct GNUNET_CRYPTO_CsNonce *nonce, struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar)
 Sign a blinded c This function derives b from a nonce and a longterm secret In original papers b is generated randomly To provide abort-idempotency, b needs to be derived but still need to be UNPREDICTABLE. More...
 
void GNUNET_CRYPTO_cs_unblind (const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, const struct GNUNET_CRYPTO_CsBlindingSecret *bs, struct GNUNET_CRYPTO_CsS *signature_scalar)
 Unblind a blind-signed signature using a c that was blinded. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig, const struct GNUNET_CRYPTO_CsPublicKey *pub, const void *msg, size_t msg_len)
 Verify whether the given message corresponds to the given signature and the signature is valid with respect to the given public key. More...
 

Detailed Description

cryptographic primitives for GNUnet

Author
Christian Grothoff
Krista Bennett
Gerd Knorr kraxe.nosp@m.l@by.nosp@m.tesex.nosp@m..org
Ioana Patrascu
Tzvetan Horozov
Jeffrey Burdges burdg.nosp@m.es@g.nosp@m.nunet.nosp@m..org

Definition in file gnunet_crypto_lib.h.

Macro Definition Documentation

◆ GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH

#define GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH   126

Maximum length of an ECC signature.

Note: round up to multiple of 8 minus 2 for alignment.

Definition at line 69 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_AES_KEY_LENGTH

#define GNUNET_CRYPTO_AES_KEY_LENGTH   (256 / 8)

length of the sessionkey in bytes (256 BIT sessionkey)

Definition at line 102 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_HASH_LENGTH

#define GNUNET_CRYPTO_HASH_LENGTH   (512 / 8)

Length of a hash value.

Definition at line 107 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_PKEY_ASCII_LENGTH

#define GNUNET_CRYPTO_PKEY_ASCII_LENGTH   52

How many characters (without 0-terminator) are our ASCII-encoded public keys (ECDSA/EDDSA/ECDHE).

Definition at line 113 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_PAILLIER_BITS

#define GNUNET_CRYPTO_PAILLIER_BITS   2048

Size of paillier plain texts and public keys.

Private keys and ciphertexts are twice this size.

Definition at line 347 of file gnunet_crypto_lib.h.

Typedef Documentation

◆ GNUNET_CRYPTO_HashCompletedCallback

typedef void(* GNUNET_CRYPTO_HashCompletedCallback) (void *cls, const struct GNUNET_HashCode *res)

Function called once the hash computation over the specified file has completed.

Parameters
clsclosure
resresulting hash, NULL on error

Definition at line 946 of file gnunet_crypto_lib.h.

Function Documentation

◆ GNUNET_CRYPTO_crc16_step()

uint32_t GNUNET_CRYPTO_crc16_step ( uint32_t  sum,
const void *  buf,
size_t  len 
)

Perform an incremental step in a CRC16 (for TCP/IP) calculation.

Parameters
sumcurrent sum, initially 0
bufbuffer to calculate CRC over (must be 16-bit aligned)
lennumber of bytes in buf, must be multiple of 2
Returns
updated crc sum (must be subjected to GNUNET_CRYPTO_crc16_finish to get actual crc16)
Parameters
sumcurrent sum, initially 0
bufbuffer to calculate CRC over (must be 16-bit aligned)
lennumber of bytes in hdr, must be multiple of 2
Returns
updated crc sum (must be subjected to GNUNET_CRYPTO_crc16_finish() to get actual crc16)

Definition at line 125 of file crypto_crc.c.

126 {
127  const uint16_t *hdr = buf;
128 
129  for (; len >= 2; len -= 2)
130  sum += *(hdr++);
131  if (len == 1)
132  sum += (*hdr) & ntohs (0xFF00);
133  return sum;
134 }
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
static char buf[2048]

References buf, len, and consensus-simulation::sum.

Referenced by GNUNET_CRYPTO_crc16_n(), GNUNET_TUN_calculate_icmp_checksum(), GNUNET_TUN_calculate_tcp4_checksum(), GNUNET_TUN_calculate_tcp6_checksum(), GNUNET_TUN_calculate_udp4_checksum(), and GNUNET_TUN_calculate_udp6_checksum().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_crc16_finish()

uint16_t GNUNET_CRYPTO_crc16_finish ( uint32_t  sum)

Convert results from GNUNET_CRYPTO_crc16_step to final crc16.

Parameters
sumcumulative sum
Returns
crc16 value

Convert results from GNUNET_CRYPTO_crc16_step to final crc16.

Parameters
sumcumulative sum
Returns
crc16 value

Definition at line 144 of file crypto_crc.c.

145 {
146  sum = (sum >> 16) + (sum & 0xFFFF);
147  sum += (sum >> 16);
148 
149  return ~sum;
150 }

References consensus-simulation::sum.

Referenced by GNUNET_CRYPTO_crc16_n(), GNUNET_TUN_calculate_icmp_checksum(), GNUNET_TUN_calculate_tcp4_checksum(), GNUNET_TUN_calculate_tcp6_checksum(), GNUNET_TUN_calculate_udp4_checksum(), and GNUNET_TUN_calculate_udp6_checksum().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_derive_iv_v()

void GNUNET_CRYPTO_symmetric_derive_iv_v ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
const void *  salt,
size_t  salt_len,
va_list  argp 
)

Derive an IV.

Parameters
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
argppairs of void * & size_t for context chunks, terminated by NULL
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
argppairs of void * & size_t for context chunks, terminated by NULL

Definition at line 229 of file crypto_symmetric.c.

237 {
238  char aes_salt[salt_len + 4];
239  char twofish_salt[salt_len + 4];
240 
241  GNUNET_memcpy (aes_salt, salt, salt_len);
242  GNUNET_memcpy (&aes_salt[salt_len], "AES!", 4);
243  GNUNET_memcpy (twofish_salt, salt, salt_len);
244  GNUNET_memcpy (&twofish_salt[salt_len], "FISH", 4);
246  sizeof(iv->aes_iv),
247  aes_salt,
248  salt_len + 4,
249  skey->aes_key,
250  sizeof(skey->aes_key),
251  argp);
253  sizeof(iv->twofish_iv),
254  twofish_salt,
255  salt_len + 4,
256  skey->twofish_key,
257  sizeof(skey->twofish_key),
258  argp);
259 }
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf_v(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
Derive key.
Definition: crypto_kdf.c:47
unsigned char twofish_key[(256/8)]
Actual key for TwoFish.
unsigned char aes_key[(256/8)]
Actual key for AES.

References GNUNET_CRYPTO_SymmetricInitializationVector::aes_iv, GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GNUNET_CRYPTO_kdf_v(), GNUNET_memcpy, salt, GNUNET_CRYPTO_SymmetricInitializationVector::twofish_iv, and GNUNET_CRYPTO_SymmetricSessionKey::twofish_key.

Referenced by GNUNET_CRYPTO_symmetric_derive_iv().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_pow_hash()

void GNUNET_CRYPTO_pow_hash ( const struct GNUNET_CRYPTO_PowSalt salt,
const void *  buf,
size_t  buf_len,
struct GNUNET_HashCode result 
)

Calculate the 'proof-of-work' hash (an expensive hash).

Parameters
saltsalt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long.
bufdata to hash
buf_lennumber of bytes in buf
resultwhere to write the resulting hash

We're using a non-standard formula to avoid issues with ASICs appearing (see #3795).

Parameters
saltsalt for the hash. Must be crypto_pwhash_argon2id_SALTBYTES long.
bufdata to hash
buf_lennumber of bytes in buf
resultwhere to write the resulting hash

Definition at line 41 of file crypto_pow.c.

45 {
46  /* Threads hardcoded at 1 in libsodium */
47  GNUNET_break (0 ==
48  crypto_pwhash_argon2id ((unsigned char *) result,
49  sizeof (struct GNUNET_HashCode),
50  buf,
51  buf_len,
52  (unsigned char*) salt,
53  3, /* iterations */
54  1024 * 1024, /* memory (1 MiB) */
55  crypto_pwhash_argon2id_ALG_ARGON2ID13));
56 }
static int result
Global testing status.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
A 512-bit hashcode.

References buf, GNUNET_break, result, and salt.

Referenced by find_proof().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_context_start()

struct GNUNET_HashContext* GNUNET_CRYPTO_hash_context_start ( void  )

Start incremental hashing operation.

Returns
context for incremental hash computation

Definition at line 347 of file crypto_hash.c.

348 {
349  struct GNUNET_HashContext *hc;
350 
351  BENCHMARK_START (hash_context_start);
352  hc = GNUNET_new (struct GNUNET_HashContext);
353  GNUNET_assert (0 ==
354  gcry_md_open (&hc->hd,
355  GCRY_MD_SHA512,
356  0));
357  BENCHMARK_END (hash_context_start);
358  return hc;
359 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_md_hd_t hd
Internal state of the hash function.
Definition: crypto_hash.c:342

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_new, and GNUNET_HashContext::hd.

Referenced by create_randomized_element_iterator(), decode_and_send(), GCCH_get_id(), GNUNET_SET_element_hash(), GNUNET_SETI_element_hash(), GNUNET_SETU_element_hash(), and handle_union_p2p_inquiry().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_context_copy()

struct GNUNET_HashContext* GNUNET_CRYPTO_hash_context_copy ( const struct GNUNET_HashContext hc)

Make a copy of the hash computation.

Parameters
hchash context to use (to continue hashing independently)
Returns
copy of hc

Definition at line 374 of file crypto_hash.c.

375 {
376  struct GNUNET_HashContext *cp;
377 
378  cp = GNUNET_new (struct GNUNET_HashContext);
379  GNUNET_assert (0 ==
380  gcry_md_copy (&cp->hd,
381  hc->hd));
382  return cp;
383 }

References GNUNET_assert, GNUNET_new, and GNUNET_HashContext::hd.

◆ GNUNET_CRYPTO_hash_context_read()

void GNUNET_CRYPTO_hash_context_read ( struct GNUNET_HashContext hc,
const void *  buf,
size_t  size 
)

Add data to be hashed.

Parameters
hccumulative hash context
bufdata to add
sizenumber of bytes in buf

Definition at line 363 of file crypto_hash.c.

366 {
367  BENCHMARK_START (hash_context_read);
368  gcry_md_write (hc->hd, buf, size);
369  BENCHMARK_END (hash_context_read);
370 }
static unsigned int size
Size of the "table".
Definition: peer.c:67

References BENCHMARK_END, BENCHMARK_START, buf, GNUNET_HashContext::hd, and size.

Referenced by create_randomized_element_iterator(), decode_and_send(), GCCH_get_id(), GNUNET_SET_element_hash(), GNUNET_SETI_element_hash(), GNUNET_SETU_element_hash(), and handle_union_p2p_inquiry().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_context_finish()

void GNUNET_CRYPTO_hash_context_finish ( struct GNUNET_HashContext hc,
struct GNUNET_HashCode r_hash 
)

Finish the hash computation.

Parameters
hchash context to use, is freed in the process
r_hashwhere to write the latest / final hash code

Definition at line 387 of file crypto_hash.c.

389 {
390  const void *res = gcry_md_read (hc->hd, 0);
391 
392  BENCHMARK_START (hash_context_finish);
393 
394  GNUNET_assert (NULL != res);
395  if (NULL != r_hash)
396  GNUNET_memcpy (r_hash,
397  res,
398  sizeof(struct GNUNET_HashCode));
400  BENCHMARK_END (hash_context_finish);
401 }
void GNUNET_CRYPTO_hash_context_abort(struct GNUNET_HashContext *hc)
Abort hashing, do not bother calculating final result.
Definition: crypto_hash.c:405
static int res

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_CRYPTO_hash_context_abort(), GNUNET_memcpy, GNUNET_HashContext::hd, and res.

Referenced by create_randomized_element_iterator(), decode_and_send(), GCCH_get_id(), GNUNET_SET_element_hash(), GNUNET_SETI_element_hash(), GNUNET_SETU_element_hash(), and handle_union_p2p_inquiry().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_context_abort()

void GNUNET_CRYPTO_hash_context_abort ( struct GNUNET_HashContext hc)

Abort hashing, do not bother calculating final result.

Parameters
hchash context to destroy

Definition at line 405 of file crypto_hash.c.

406 {
407  gcry_md_close (hc->hd);
408  GNUNET_free (hc);
409 }
#define GNUNET_free(ptr)
Wrapper around free.

References GNUNET_free, and GNUNET_HashContext::hd.

Referenced by GNUNET_CRYPTO_hash_context_finish().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hmac_raw()

void GNUNET_CRYPTO_hmac_raw ( const void *  key,
size_t  key_len,
const void *  plaintext,
size_t  plaintext_len,
struct GNUNET_HashCode hmac 
)

Calculate HMAC of a message (RFC 2104) TODO: Shouldn' this be the standard hmac function and the above be renamed?

Parameters
keysecret key
key_lensecret key length
plaintextinput plaintext
plaintext_lenlength of plaintext
hmacwhere to store the hmac

Definition at line 298 of file crypto_hash.c.

301 {
302  static int once;
303  static gcry_md_hd_t md;
304  const unsigned char *mc;
305 
306  if (! once)
307  {
308  once = 1;
309  GNUNET_assert (GPG_ERR_NO_ERROR ==
310  gcry_md_open (&md,
311  GCRY_MD_SHA512,
312  GCRY_MD_FLAG_HMAC));
313  }
314  else
315  {
316  gcry_md_reset (md);
317  }
318  gcry_md_setkey (md, key, key_len);
319  gcry_md_write (md, plaintext, plaintext_len);
320  mc = gcry_md_read (md, GCRY_MD_SHA512);
321  GNUNET_assert (NULL != mc);
322  GNUNET_memcpy (hmac->bits, mc, sizeof(hmac->bits));
323 }
static int once
Global to mark if we've run the initialization.
Definition: gnsrecord.c:68
struct GNUNET_HashCode key
The key used in the DHT.
static struct GNUNET_TESTBED_Controller * mc
Handle to the master controller.
uint32_t bits[512/8/sizeof(uint32_t)]

References GNUNET_HashCode::bits, GNUNET_assert, GNUNET_memcpy, key, mc, and once.

Referenced by calculate_hmac(), GNUNET_CRYPTO_hmac(), and OIDC_generate_id_token().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_file_cancel()

void GNUNET_CRYPTO_hash_file_cancel ( struct GNUNET_CRYPTO_FileHashContext fhc)

Cancel a file hashing operation.

Parameters
fhcoperation to cancel (callback must not yet have been invoked)

Definition at line 233 of file crypto_hash_file.c.

234 {
236  GNUNET_free (fhc->filename);
238  GNUNET_DISK_file_close (fhc->fh));
239  GNUNET_free (fhc);
240 }
@ GNUNET_OK
Definition: gnunet_common.h:95
enum GNUNET_GenericReturnValue GNUNET_DISK_file_close(struct GNUNET_DISK_FileHandle *h)
Close an open file.
Definition: disk.c:1306
void * GNUNET_SCHEDULER_cancel(struct GNUNET_SCHEDULER_Task *task)
Cancel the task with the specified identifier.
Definition: scheduler.c:972
struct GNUNET_DISK_FileHandle * fh
File descriptor.
struct GNUNET_SCHEDULER_Task * task
Current task for hashing.
char * filename
Name of the file we are hashing.

References GNUNET_CRYPTO_FileHashContext::fh, GNUNET_CRYPTO_FileHashContext::filename, GNUNET_break, GNUNET_DISK_file_close(), GNUNET_free, GNUNET_OK, GNUNET_SCHEDULER_cancel(), and GNUNET_CRYPTO_FileHashContext::task.

Referenced by client_disconnect_cb(), GNUNET_FS_indexing_done(), GNUNET_FS_unindex_signal_suspend_(), GNUNET_FS_unindex_stop(), and publish_cleanup().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_count_leading_zeros()

unsigned int GNUNET_CRYPTO_hash_count_leading_zeros ( const struct GNUNET_HashCode h)

Count the number of leading 0 bits in h.

Parameters
ha hash
Returns
number of leading 0 bits in h

Definition at line 175 of file crypto_hash.c.

176 {
177  const unsigned long long *llp = (const unsigned long long *) h;
178  unsigned int ret = 0;
179  unsigned int i;
180 
181  GNUNET_static_assert (8 == sizeof (unsigned long long));
182  GNUNET_static_assert (0 == sizeof (*h) % sizeof (unsigned long long));
183  for (i = 0; i<sizeof (*h) / sizeof (*llp); i++)
184  {
185  if (0LLU != llp[i])
186  break;
187  ret += sizeof (*llp) * 8;
188  }
189  if (ret == 8 * sizeof (*h))
190  return ret;
191  ret += __builtin_clzll (GNUNET_ntohll ((uint64_t) llp[i]));
192  return ret;
193 }
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
uint64_t GNUNET_ntohll(uint64_t n)
Convert unsigned 64-bit integer to host byte order.
Definition: common_endian.c:53
#define GNUNET_static_assert(cond)
Assertion to be checked (if supported by C compiler) at compile time, otherwise checked at runtime an...

References GNUNET_ntohll(), GNUNET_static_assert, h, and ret.

Referenced by datacache_get_iterator(), find_bucket(), find_proof(), get_matching_bits(), and select_peer().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_hash_count_tailing_zeros()

unsigned int GNUNET_CRYPTO_hash_count_tailing_zeros ( const struct GNUNET_HashCode h)

Count the number of tailing 0 bits in h.

Parameters
ha hash
Returns
number of tailing 0 bits in h

Definition at line 197 of file crypto_hash.c.

198 {
199  const unsigned long long *llp = (const unsigned long long *) h;
200  unsigned int ret = 0;
201  int i;
202 
203  GNUNET_static_assert (8 == sizeof (unsigned long long));
204  GNUNET_static_assert (0 == sizeof (*h) % sizeof (unsigned long long));
205  for (i = sizeof (*h) / sizeof (*llp) - 1; i>=0; i--)
206  {
207  if (0LLU != llp[i])
208  break;
209  ret += sizeof (*llp) * 8;
210  }
211  if (ret == 8 * sizeof (*h))
212  return ret;
213  ret += __builtin_ctzll (GNUNET_ntohll ((uint64_t) llp[i]));
214  return ret;
215 }

References GNUNET_ntohll(), GNUNET_static_assert, h, and ret.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_kdf_v()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf_v ( void *  result,
size_t  out_len,
const void *  xts,
size_t  xts_len,
const void *  skm,
size_t  skm_len,
va_list  argp 
)

Derive key.

Parameters
resultbuffer for the derived key, allocated by caller
out_lendesired length of the derived key
xtssalt
xts_lenlength of xts
skmsource key material
skm_lenlength of skm
argpva_list of void * & size_t pairs for context chunks
Returns
GNUNET_YES on success

Definition at line 47 of file crypto_kdf.c.

54 {
55  /*
56  * "Finally, we point out to a particularly advantageous instantiation using
57  * HMAC-SHA512 as XTR and HMAC-SHA256 in PRF* (in which case the output from SHA-512 is
58  * truncated to 256 bits). This makes sense in two ways: First, the extraction part is where we need a
59  * stronger hash function due to the unconventional demand from the hash function in the extraction
60  * setting. Second, as shown in Section 6, using HMAC with a truncated output as an extractor
61  * allows to prove the security of HKDF under considerably weaker assumptions on the underlying
62  * hash function."
63  *
64  * http://eprint.iacr.org/2010/264
65  *///
67  out_len,
68  GCRY_MD_SHA512,
69  GCRY_MD_SHA256,
70  xts,
71  xts_len,
72  skm,
73  skm_len,
74  argp);
75 }
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf_v(void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp)
Derive key.
Definition: crypto_hkdf.c:167

References GNUNET_CRYPTO_hkdf_v(), and result.

Referenced by GNUNET_CRYPTO_hmac_derive_key_v(), GNUNET_CRYPTO_kdf(), and GNUNET_CRYPTO_symmetric_derive_iv_v().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_kdf_mod_mpi()

void GNUNET_CRYPTO_kdf_mod_mpi ( gcry_mpi_t *  r,
gcry_mpi_t  n,
const void *  xts,
size_t  xts_len,
const void *  skm,
size_t  skm_len,
const char *  ctx 
)

Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi.

Parameters
[out]rMPI value set to the FDH
nMPI to work modulo
xtssalt
xts_lenlength of xts
skmsource key material
skm_lenlength of skm
ctxcontext string

Definition at line 127 of file crypto_kdf.c.

132 {
133  gcry_error_t rc;
134  unsigned int nbits;
135  size_t rsize;
136  uint16_t ctr;
137 
138  nbits = gcry_mpi_get_nbits (n);
139  /* GNUNET_assert (nbits > 512); */
140 
141  ctr = 0;
142  while (1)
143  {
144  /* Ain't clear if n is always divisible by 8 */
145  uint8_t buf[ (nbits - 1) / 8 + 1 ];
146  uint16_t ctr_nbo = htons (ctr);
147 
148  rc = GNUNET_CRYPTO_kdf (buf,
149  sizeof(buf),
150  xts, xts_len,
151  skm, skm_len,
152  ctx, strlen (ctx),
153  &ctr_nbo, sizeof(ctr_nbo),
154  NULL, 0);
155  GNUNET_assert (GNUNET_YES == rc);
156 
157  rc = gcry_mpi_scan (r,
158  GCRYMPI_FMT_USG,
159  (const unsigned char *) buf,
160  sizeof(buf),
161  &rsize);
162  GNUNET_assert (0 == rc); /* Allocation error? */
163 
164  gcry_mpi_clear_highbit (*r, nbits);
165  GNUNET_assert (0 == gcry_mpi_test_bit (*r, nbits));
166  ++ctr;
167  /* We reject this FDH if either *r > n and retry with another ctr */
168  if (0 > gcry_mpi_cmp (*r, n))
169  break;
170  gcry_mpi_release (*r);
171  }
172 }
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
@ GNUNET_YES
Definition: gnunet_common.h:97
int GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:90

References buf, ctx, GNUNET_assert, GNUNET_CRYPTO_kdf(), and GNUNET_YES.

Referenced by cs_full_domain_hash(), GNUNET_CRYPTO_rsa_blind(), and rsa_blinding_key_derive().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_to_string()

char* GNUNET_CRYPTO_ecdsa_public_key_to_string ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub)

Convert a public key to a string.

Parameters
pubkey to convert
Returns
string representing pub

Definition at line 224 of file crypto_ecc.c.

226 {
227  char *pubkeybuf;
228  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
229  char *end;
230 
231  if (keylen % 5 > 0)
232  keylen += 5 - keylen % 5;
233  keylen /= 5;
234  pubkeybuf = GNUNET_malloc (keylen + 1);
235  end =
236  GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
237  sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
238  pubkeybuf,
239  keylen);
240  if (NULL == end)
241  {
242  GNUNET_free (pubkeybuf);
243  return NULL;
244  }
245  *end = '\0';
246  return pubkeybuf;
247 }
static int end
Set if we are to shutdown all services (including ARM).
Definition: gnunet-arm.c:34
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
#define GNUNET_malloc(size)
Wrapper around malloc.
char * GNUNET_STRINGS_data_to_string(const void *data, size_t size, char *out, size_t out_size)
Convert binary data to ASCII encoding using CrockfordBase32.
Definition: strings.c:682
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...

References end, GNUNET_free, GNUNET_malloc, GNUNET_STRINGS_data_to_string(), and pub.

Referenced by get_ego().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_private_key_to_string()

char* GNUNET_CRYPTO_ecdsa_private_key_to_string ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv)

Convert a private key to a string.

Parameters
privkey to convert
Returns
string representing priv

Definition at line 305 of file crypto_ecc.c.

307 {
308  char *privkeybuf;
309  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)) * 8;
310  char *end;
311 
312  if (keylen % 5 > 0)
313  keylen += 5 - keylen % 5;
314  keylen /= 5;
315  privkeybuf = GNUNET_malloc (keylen + 1);
316  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
317  sizeof(
319  privkeybuf,
320  keylen);
321  if (NULL == end)
322  {
323  GNUNET_free (privkeybuf);
324  return NULL;
325  }
326  *end = '\0';
327  return privkeybuf;
328 }
Private ECC key encoded for transmission.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Here is the call graph for this function:

◆ GNUNET_CRYPTO_eddsa_private_key_to_string()

char* GNUNET_CRYPTO_eddsa_private_key_to_string ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv)

Convert a private key to a string.

Parameters
privkey to convert
Returns
string representing pub

Definition at line 278 of file crypto_ecc.c.

280 {
281  char *privkeybuf;
282  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
283  char *end;
284 
285  if (keylen % 5 > 0)
286  keylen += 5 - keylen % 5;
287  keylen /= 5;
288  privkeybuf = GNUNET_malloc (keylen + 1);
289  end = GNUNET_STRINGS_data_to_string ((unsigned char *) priv,
290  sizeof(
292  privkeybuf,
293  keylen);
294  if (NULL == end)
295  {
296  GNUNET_free (privkeybuf);
297  return NULL;
298  }
299  *end = '\0';
300  return privkeybuf;
301 }
Private ECC key encoded for transmission.

References end, GNUNET_free, GNUNET_malloc, and GNUNET_STRINGS_data_to_string().

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_public_key_to_string()

char* GNUNET_CRYPTO_eddsa_public_key_to_string ( const struct GNUNET_CRYPTO_EddsaPublicKey pub)

Convert a public key to a string.

Parameters
pubkey to convert
Returns
string representing pub

Definition at line 251 of file crypto_ecc.c.

253 {
254  char *pubkeybuf;
255  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
256  char *end;
257 
258  if (keylen % 5 > 0)
259  keylen += 5 - keylen % 5;
260  keylen /= 5;
261  pubkeybuf = GNUNET_malloc (keylen + 1);
262  end =
263  GNUNET_STRINGS_data_to_string ((unsigned char *) pub,
264  sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
265  pubkeybuf,
266  keylen);
267  if (NULL == end)
268  {
269  GNUNET_free (pubkeybuf);
270  return NULL;
271  }
272  *end = '\0';
273  return pubkeybuf;
274 }
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...

References end, GNUNET_free, GNUNET_malloc, GNUNET_STRINGS_data_to_string(), and pub.

Referenced by conversation_value_to_string(), create_keys(), GCP_2s(), GNUNET_FRIENDS_write(), GNUNET_HELLO_compose_uri(), GNUNET_i2s(), GNUNET_i2s2(), GNUNET_i2s_full(), main(), messenger_value_to_string(), print_key(), run(), and uri_loc_to_string().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_from_string()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_public_key_from_string ( const char *  enc,
size_t  enclen,
struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Convert a string representing a public key to a public key.

Parameters
encencoded public key
enclennumber of bytes in enc (without 0-terminator)
pubwhere to store the public key
Returns
GNUNET_OK on success

Definition at line 305 of file crypto_ecc.c.

336 {
337  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) * 8;
338 
339  if (keylen % 5 > 0)
340  keylen += 5 - keylen % 5;
341  keylen /= 5;
342  if (enclen != keylen)
343  return GNUNET_SYSERR;
344 
345  if (GNUNET_OK !=
347  enclen,
348  pub,
349  sizeof(
351  return GNUNET_SYSERR;
352  return GNUNET_OK;
353 }
static OpusEncoder * enc
OPUS encoder.
@ GNUNET_SYSERR
Definition: gnunet_common.h:93
enum GNUNET_GenericReturnValue GNUNET_STRINGS_string_to_data(const char *enc, size_t enclen, void *out, size_t out_size)
Convert CrockfordBase32 encoding back to data.
Definition: strings.c:762

◆ GNUNET_CRYPTO_eddsa_private_key_from_string()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_private_key_from_string ( const char *  enc,
size_t  enclen,
struct GNUNET_CRYPTO_EddsaPrivateKey pub 
)

Convert a string representing a private key to a private key.

Parameters
encencoded public key
enclennumber of bytes in enc (without 0-terminator)
privwhere to store the private key
Returns
GNUNET_OK on success

Definition at line 305 of file crypto_ecc.c.

386 {
387  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) * 8;
388 
389  if (keylen % 5 > 0)
390  keylen += 5 - keylen % 5;
391  keylen /= 5;
392  if (enclen != keylen)
393  return GNUNET_SYSERR;
394 
395  if (GNUNET_OK !=
397  enclen,
398  priv,
399  sizeof(
401  return GNUNET_SYSERR;
402 #if CRYPTO_BUG
403  if (GNUNET_OK != check_eddsa_key (priv))
404  {
405  GNUNET_break (0);
406  return GNUNET_OK;
407  }
408 #endif
409  return GNUNET_OK;
410 }

◆ GNUNET_CRYPTO_eddsa_public_key_from_string()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_public_key_from_string ( const char *  enc,
size_t  enclen,
struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Convert a string representing a public key to a public key.

Parameters
encencoded public key
enclennumber of bytes in enc (without 0-terminator)
pubwhere to store the public key
Returns
GNUNET_OK on success

Definition at line 305 of file crypto_ecc.c.

361 {
362  size_t keylen = (sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) * 8;
363 
364  if (keylen % 5 > 0)
365  keylen += 5 - keylen % 5;
366  keylen /= 5;
367  if (enclen != keylen)
368  return GNUNET_SYSERR;
369 
370  if (GNUNET_OK !=
372  enclen,
373  pub,
374  sizeof(
376  return GNUNET_SYSERR;
377  return GNUNET_OK;
378 }

Referenced by blacklist_cfg_iter(), conversation_string_to_value(), create_keys(), gns_string_to_value(), GNUNET_FRIENDS_parse(), hosts_directory_scan_callback(), messenger_string_to_value(), on_identity(), run(), s2i_full(), server_parse_url(), show_peer(), and uri_loc_parse().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog_prepare()

struct GNUNET_CRYPTO_EccDlogContext* GNUNET_CRYPTO_ecc_dlog_prepare ( unsigned int  max,
unsigned int  mem 
)

Do pre-calculation for ECC discrete logarithm for small factors.

Parameters
maxmaximum value the factor can be
memmemory to use (should be smaller than max), must not be zero.
Returns
NULL on error

Definition at line 65 of file crypto_ecc_dlog.c.

67 {
69  int K = ((max + (mem - 1)) / mem);
70 
71  GNUNET_assert (max < INT32_MAX);
73  edc->max = max;
74  edc->mem = mem;
76  GNUNET_NO);
77  for (int i = -(int) mem; i <= (int) mem; i++)
78  {
79  struct GNUNET_CRYPTO_EccScalar Ki;
80  struct GNUNET_PeerIdentity key;
81 
83  &Ki);
84  if (0 == i) /* libsodium does not like to multiply with zero */
86  0 ==
87  crypto_core_ed25519_sub ((unsigned char *) &key,
88  (unsigned char *) &key,
89  (unsigned char *) &key));
90  else
92  0 ==
93  crypto_scalarmult_ed25519_base_noclamp ((unsigned char*) &key,
94  Ki.v));
96  "K*i: %d (mem=%u, i=%d) => %s\n",
97  K * i,
98  mem,
99  i,
100  GNUNET_i2s (&key));
103  &key,
104  (void *) (long) i + max,
106  }
107  return edc;
108 }
void GNUNET_CRYPTO_ecc_scalar_from_int(int64_t val, struct GNUNET_CRYPTO_EccScalar *r)
Create a scalar from int value.
static struct GNUNET_CRYPTO_EccDlogContext * edc
Context for DLOG operations on a curve.
#define GNUNET_log(kind,...)
@ GNUNET_NO
Definition: gnunet_common.h:94
struct GNUNET_CONTAINER_MultiPeerMap * GNUNET_CONTAINER_multipeermap_create(unsigned int len, int do_not_copy_keys)
Create a multi peer map (hash map for public keys of peers).
int GNUNET_CONTAINER_multipeermap_put(struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key, void *value, enum GNUNET_CONTAINER_MultiHashMapOption opt)
Store a key-value pair in the map.
@ GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY
There must only be one value per key; storing a value should fail if a value under the same key alrea...
const char * GNUNET_i2s(const struct GNUNET_PeerIdentity *pid)
Convert a peer identity to a string (for printing debug messages).
@ GNUNET_ERROR_TYPE_DEBUG
#define max(x, y)
Internal structure used to cache pre-calculated values for DLOG calculation.
struct GNUNET_CONTAINER_MultiPeerMap * map
Map mapping points (here "interpreted" as EdDSA public keys) to a "void * = long" which corresponds t...
unsigned int mem
How much memory should we use (relates to the number of entries in the map).
unsigned int max
Maximum absolute value the calculation supports.
A ECC scalar for use in point multiplications.
The identity of the host (wraps the signing key of the peer).

References edc, GNUNET_assert, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY, GNUNET_CONTAINER_multipeermap_create(), GNUNET_CONTAINER_multipeermap_put(), GNUNET_CRYPTO_ecc_scalar_from_int(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, GNUNET_new, GNUNET_NO, GNUNET_OK, consensus-simulation::int, key, GNUNET_CRYPTO_EccDlogContext::map, max, GNUNET_CRYPTO_EccDlogContext::max, GNUNET_CRYPTO_EccDlogContext::mem, and GNUNET_CRYPTO_EccScalar::v.

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog()

int GNUNET_CRYPTO_ecc_dlog ( struct GNUNET_CRYPTO_EccDlogContext edc,
const struct GNUNET_CRYPTO_EccPoint input 
)

Calculate ECC discrete logarithm for small factors.

Opposite of GNUNET_CRYPTO_ecc_dexp().

Parameters
dlcprecalculated values, determine range of factors
inputpoint on the curve to factor
Returns
INT_MAX if dlog failed, otherwise the factor

Definition at line 112 of file crypto_ecc_dlog.c.

114 {
115  unsigned int K = ((edc->max + (edc->mem - 1)) / edc->mem);
116  int res;
117  struct GNUNET_CRYPTO_EccPoint g;
118  struct GNUNET_CRYPTO_EccPoint q;
119  struct GNUNET_CRYPTO_EccPoint nq;
120 
121  {
122  struct GNUNET_CRYPTO_EccScalar fact;
123 
124  memset (&fact,
125  0,
126  sizeof (fact));
127  sodium_increment (fact.v,
128  sizeof (fact.v));
129  GNUNET_assert (0 ==
130  crypto_scalarmult_ed25519_base_noclamp (g.v,
131  fact.v));
132  }
133  /* make compiler happy: initialize q and nq, technically not needed! */
134  memset (&q,
135  0,
136  sizeof (q));
137  memset (&nq,
138  0,
139  sizeof (nq));
140  res = INT_MAX;
141  for (unsigned int i = 0; i <= edc->max / edc->mem; i++)
142  {
143  struct GNUNET_PeerIdentity key;
144  void *retp;
145 
146  GNUNET_assert (sizeof (key) == crypto_scalarmult_BYTES);
147  if (0 == i)
148  {
149  memcpy (&key,
150  input,
151  sizeof (key));
152  }
153  else
154  {
155  memcpy (&key,
156  &q,
157  sizeof (key));
158  }
160  "Trying offset i=%u): %s\n",
161  i,
162  GNUNET_i2s (&key));
164  &key);
165  if (NULL != retp)
166  {
167  res = (((long) retp) - edc->max) * K - i;
168  /* we continue the loop here to make the implementation
169  "constant-time". If we do not care about this, we could just
170  'break' here and do fewer operations... */
171  }
172  if (i == edc->max / edc->mem)
173  break;
174  /* q = q + g */
175  if (0 == i)
176  {
177  GNUNET_assert (0 ==
178  crypto_core_ed25519_add (q.v,
179  input->v,
180  g.v));
181  }
182  else
183  {
184  GNUNET_assert (0 ==
185  crypto_core_ed25519_add (q.v,
186  q.v,
187  g.v));
188  }
189  }
190  return res;
191 }
#define INT_MAX
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void * GNUNET_CONTAINER_multipeermap_get(const struct GNUNET_CONTAINER_MultiPeerMap *map, const struct GNUNET_PeerIdentity *key)
Given a key find a value in the map matching the key.
Point on a curve (always for Curve25519) encoded in a format suitable for network transmission (ECDH)...
unsigned char v[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...

References edc, GNUNET_assert, GNUNET_CONTAINER_multipeermap_get(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_i2s(), GNUNET_log, INT_MAX, key, GNUNET_CRYPTO_EccDlogContext::map, GNUNET_CRYPTO_EccDlogContext::max, GNUNET_CRYPTO_EccDlogContext::mem, q, res, GNUNET_CRYPTO_EccPoint::v, and GNUNET_CRYPTO_EccScalar::v.

Referenced by handle_bobs_cryptodata_message().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dexp()

void GNUNET_CRYPTO_ecc_dexp ( int  val,
struct GNUNET_CRYPTO_EccPoint r 
)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Afterwards, point addition will correspond to integer addition. GNUNET_CRYPTO_ecc_dlog() can be used to convert a point back to an integer (as long as the integer is smaller than the MAX of the edc context).

Parameters
valvalue to encode into a point
rwhere to write the point (must be allocated)

Definition at line 210 of file crypto_ecc_dlog.c.

212 {
213  struct GNUNET_CRYPTO_EccScalar fact;
214 
216  &fact);
217  crypto_scalarmult_ed25519_base_noclamp (r->v,
218  fact.v);
219 }

◆ GNUNET_CRYPTO_ecc_dexp_mpi()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_dexp_mpi ( const struct GNUNET_CRYPTO_EccScalar val,
struct GNUNET_CRYPTO_EccPoint r 
)

Multiply the generator g of the elliptic curve by val to obtain the point on the curve representing val.

Parameters
val(positive) value to encode into a point
rwhere to write the point (must be allocated)
Returns
GNUNET_OK on success.

Definition at line 210 of file crypto_ecc_dlog.c.

225 {
226  if (0 ==
227  crypto_scalarmult_ed25519_base_noclamp (r->v,
228  val->v))
229  return GNUNET_OK;
230  return GNUNET_SYSERR;
231 }
unsigned char v[256/8]

Referenced by send_alices_cryptodata_message().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_pmul_mpi()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_pmul_mpi ( const struct GNUNET_CRYPTO_EccPoint p,
const struct GNUNET_CRYPTO_EccScalar val,
struct GNUNET_CRYPTO_EccPoint r 
)

Multiply the point p on the elliptic curve by val.

Parameters
ppoint to multiply
val(positive) value to encode into a point
rwhere to write the point (must be allocated)
Returns
GNUNET_OK on success.

Definition at line 210 of file crypto_ecc_dlog.c.

252 {
253  if (0 ==
254  crypto_scalarmult_ed25519_noclamp (r->v,
255  val->v,
256  p->v))
257  return GNUNET_OK;
258  return GNUNET_SYSERR;
259 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-uri.c:37

Referenced by handle_alices_cryptodata_message(), and handle_bobs_cryptodata_message().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_add()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_add ( const struct GNUNET_CRYPTO_EccPoint a,
const struct GNUNET_CRYPTO_EccPoint b,
struct GNUNET_CRYPTO_EccPoint r 
)

Add two points on the elliptic curve.

Parameters
asome value
bsome value
rwhere to write the point (must be allocated)
Returns
GNUNET_OK on success.

Definition at line 210 of file crypto_ecc_dlog.c.

238 {
239  if (0 ==
240  crypto_core_ed25519_add (r->v,
241  a->v,
242  b->v))
243  return GNUNET_OK;
244  return GNUNET_SYSERR;
245 }

References GNUNET_CRYPTO_ecc_scalar_from_int(), GNUNET_CRYPTO_EccPoint::v, and GNUNET_CRYPTO_EccScalar::v.

Referenced by handle_alices_cryptodata_message(), and handle_bobs_cryptodata_message().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_rnd()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_rnd ( struct GNUNET_CRYPTO_EccPoint r,
struct GNUNET_CRYPTO_EccPoint r_inv 
)

Obtain a random point on the curve and its additive inverse.

Parameters
[out]rset to a random point on the curve
[out]r_invset to the additive inverse of r
Returns
GNUNET_OK on success.

Definition at line 210 of file crypto_ecc_dlog.c.

265 {
266  struct GNUNET_CRYPTO_EccScalar s;
267  unsigned char inv_s[crypto_scalarmult_ed25519_SCALARBYTES];
268 
270  if (0 !=
271  crypto_scalarmult_ed25519_base_noclamp (r->v,
272  s.v))
273  return GNUNET_SYSERR;
274  crypto_core_ed25519_scalar_negate (inv_s,
275  s.v);
276  if (0 !=
277  crypto_scalarmult_ed25519_base_noclamp (r_inv->v,
278  inv_s))
279  return GNUNET_SYSERR;
280  return GNUNET_OK;
281 }
void GNUNET_CRYPTO_ecc_random_mod_n(struct GNUNET_CRYPTO_EccScalar *r)
Generate a random value mod n.

◆ GNUNET_CRYPTO_ecc_rnd_mpi()

void GNUNET_CRYPTO_ecc_rnd_mpi ( struct GNUNET_CRYPTO_EccScalar r,
struct GNUNET_CRYPTO_EccScalar r_neg 
)

Obtain a random scalar for point multiplication on the curve and its additive inverse.

Parameters
[out]rset to a random scalar on the curve
[out]r_negset to the negation of

Definition at line 285 of file crypto_ecc_dlog.c.

287 {
289  crypto_core_ed25519_scalar_negate (r_neg->v,
290  r->v);
291 }

References GNUNET_CRYPTO_ecc_random_mod_n(), and GNUNET_CRYPTO_EccScalar::v.

Referenced by run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_random_mod_n()

void GNUNET_CRYPTO_ecc_random_mod_n ( struct GNUNET_CRYPTO_EccScalar r)

Generate a random value mod n.

Parameters
[out]rrandom value mod n.

Definition at line 195 of file crypto_ecc_dlog.c.

196 {
197  crypto_core_ed25519_scalar_random (r->v);
198 }

References GNUNET_CRYPTO_EccScalar::v.

Referenced by GNUNET_CRYPTO_ecc_rnd_mpi(), and send_alices_cryptodata_message().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_dlog_release()

void GNUNET_CRYPTO_ecc_dlog_release ( struct GNUNET_CRYPTO_EccDlogContext dlc)

Release precalculated values.

Parameters
dlcdlog context

Definition at line 202 of file crypto_ecc_dlog.c.

203 {
205  GNUNET_free (edc);
206 }
void GNUNET_CONTAINER_multipeermap_destroy(struct GNUNET_CONTAINER_MultiPeerMap *map)
Destroy a hash map.

References edc, GNUNET_CONTAINER_multipeermap_destroy(), GNUNET_free, and GNUNET_CRYPTO_EccDlogContext::map.

Referenced by shutdown_task().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_scalar_from_int()

void GNUNET_CRYPTO_ecc_scalar_from_int ( int64_t  val,
struct GNUNET_CRYPTO_EccScalar r 
)

Create a scalar from int value.

Parameters
valthe int value
[out]rwhere to write the salar

Definition at line 295 of file crypto_ecc_dlog.c.

297 {
298  unsigned char fact[crypto_scalarmult_ed25519_SCALARBYTES];
299  uint64_t valBe;
300 
301  GNUNET_assert (sizeof (*r) == sizeof (fact));
302  if (val < 0)
303  {
304  if (INT64_MIN == val)
305  valBe = GNUNET_htonll ((uint64_t) INT64_MAX);
306  else
307  valBe = GNUNET_htonll ((uint64_t) (-val));
308  }
309  else
310  {
311  valBe = GNUNET_htonll ((uint64_t) val);
312  }
313  memset (fact,
314  0,
315  sizeof (fact));
316  for (unsigned int i = 0; i < sizeof (val); i++)
317  fact[i] = ((unsigned char*) &valBe)[sizeof (val) - 1 - i];
318  if (val < 0)
319  {
320  if (INT64_MIN == val)
321  /* See above: fact is one too small, increment now that we can */
322  sodium_increment (fact,
323  sizeof (fact));
324  crypto_core_ed25519_scalar_negate (r->v,
325  fact);
326  }
327  else
328  {
329  memcpy (r,
330  fact,
331  sizeof (fact));
332  }
333 }
uint64_t GNUNET_htonll(uint64_t n)
Convert unsigned 64-bit integer to network byte order.
Definition: common_endian.c:36

References GNUNET_assert, GNUNET_htonll(), and GNUNET_CRYPTO_EccScalar::v.

Referenced by GNUNET_CRYPTO_ecc_add(), GNUNET_CRYPTO_ecc_dlog_prepare(), handle_alices_cryptodata_message(), and send_alices_cryptodata_message().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_sign_with_scalar()

void GNUNET_CRYPTO_eddsa_sign_with_scalar ( const struct GNUNET_CRYPTO_EddsaPrivateScalar priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EddsaSignature sig 
)

This is a signature function for EdDSA which takes the secret scalar sk instead of the private seed which is usually the case for crypto APIs.

We require this functionality in order to use derived private keys for signatures we cannot calculate the inverse of a sk to find the seed efficiently.

The resulting signature is a standard EdDSA signature which can be verified using the usual APIs.

Parameters
skthe secret scalar
purpthe signature purpose
sigthe resulting signature

Instead of expanding the private here, we already have the secret scalar as input. Use it. Note that sk is not plain SHA512 (d). sk[0..31] contains the derived private scalar sk[0..31] = h * SHA512 (d)[0..31] sk[32..63] = SHA512 (d)[32..63]

Calculate the derived zone key zk' from the derived private scalar.

Calculate r: r = SHA512 (sk[32..63] | M) where M is our message (purpose). Note that sk[32..63] is the other half of the expansion from the original, non-derived private key "d".

Temporarily put zk into S

Reduce the scalar value r

Calculate R := r * G of the signature

Calculate hram := SHA512 (R | zk' | M)

Reduce the resulting scalar value

Calculate S := r + hram * s mod L

Definition at line 87 of file crypto_ecc_gnsrecord.c.

91 {
92 
93  crypto_hash_sha512_state hs;
94  unsigned char sk[64];
95  unsigned char r[64];
96  unsigned char hram[64];
97  unsigned char R[32];
98  unsigned char zk[32];
99  unsigned char tmp[32];
100 
101  crypto_hash_sha512_init (&hs);
102 
111  memcpy (sk, priv->s, 64);
112 
117  crypto_scalarmult_ed25519_base_noclamp (zk,
118  sk);
119 
128  crypto_hash_sha512_update (&hs, sk + 32, 32);
129  crypto_hash_sha512_update (&hs, (uint8_t*) purpose, ntohl (purpose->size));
130  crypto_hash_sha512_final (&hs, r);
131 
135  memcpy (sig->s, zk, 32);
136 
140  unsigned char r_mod[64];
141  crypto_core_ed25519_scalar_reduce (r_mod, r);
142 
146  crypto_scalarmult_ed25519_base_noclamp (R, r_mod);
147  memcpy (sig->r, R, sizeof (R));
148 
153  crypto_hash_sha512_init (&hs);
154  crypto_hash_sha512_update (&hs, (uint8_t*) sig, 64);
155  crypto_hash_sha512_update (&hs, (uint8_t*) purpose,
156  ntohl (purpose->size));
157  crypto_hash_sha512_final (&hs, hram);
158 
162  unsigned char hram_mod[64];
163  crypto_core_ed25519_scalar_reduce (hram_mod, hram);
164 
169  crypto_core_ed25519_scalar_mul (tmp, hram_mod, sk);
170  crypto_core_ed25519_scalar_add (sig->s, tmp, r_mod);
171 
172  sodium_memzero (sk, sizeof (sk));
173  sodium_memzero (r, sizeof (r));
174  sodium_memzero (r_mod, sizeof (r_mod));
175 }
unsigned char s[512/8]
s is the expandedprivate 512-bit scalar of a private key.
unsigned char s[256/8]
S value.
unsigned char r[256/8]
R value.

References GNUNET_CRYPTO_EddsaSignature::r, GNUNET_CRYPTO_EddsaSignature::s, GNUNET_CRYPTO_EddsaPrivateScalar::s, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by block_create_eddsa().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_get_public_from_scalar()

void GNUNET_CRYPTO_eddsa_key_get_public_from_scalar ( const struct GNUNET_CRYPTO_EddsaPrivateScalar s,
struct GNUNET_CRYPTO_EddsaPublicKey pkey 
)

Extract the public key of the given private scalar.

Parameters
sthe private scalar
pkeythe resulting public key

Calculate the derived zone key zk' from the derived private scalar.

Definition at line 431 of file crypto_ecc_gnsrecord.c.

434 {
435  unsigned char sk[32];
436 
437  memcpy (sk, priv->s, 32);
438 
443  crypto_scalarmult_ed25519_base_noclamp (pkey->q_y,
444  sk);
445 }
static char * pkey
Public key of the zone to look in, in ASCII.

References pkey, and GNUNET_CRYPTO_EddsaPrivateScalar::s.

Referenced by block_create_eddsa().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_mpi_print_unsigned()

void GNUNET_CRYPTO_mpi_print_unsigned ( void *  buf,
size_t  size,
gcry_mpi_t  val 
)

Output the given MPI value to the given buffer in network byte order.

The MPI val may not be negative.

Parameters
bufwhere to output to
sizenumber of bytes in buf
valvalue to write to buf

Definition at line 78 of file crypto_mpi.c.

81 {
82  size_t rsize;
83  int rc;
84 
85  if (gcry_mpi_get_flag (val, GCRYMPI_FLAG_OPAQUE))
86  {
87  /* Store opaque MPIs left aligned into the buffer. */
88  unsigned int nbits;
89  const void *p;
90 
91  p = gcry_mpi_get_opaque (val, &nbits);
92  GNUNET_assert (p);
93  rsize = (nbits + 7) / 8;
94  if (rsize > size)
95  rsize = size;
96  GNUNET_memcpy (buf, p, rsize);
97  if (rsize < size)
98  memset (buf + rsize, 0, size - rsize);
99  }
100  else
101  {
102  /* Store regular MPIs as unsigned integers right aligned into
103  the buffer. */
104  rsize = size;
105  if (0 !=
106  (rc = gcry_mpi_print (GCRYMPI_FMT_USG,
107  buf,
108  rsize, &rsize,
109  val)))
110  {
112  "gcry_mpi_print",
113  rc);
114  GNUNET_assert (0);
115  }
116  adjust (buf, rsize, size);
117  }
118 }
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the mess...
Definition: crypto_mpi.c:39
static void adjust(void *buf, size_t size, size_t target)
If target != size, move target bytes to the end of the size-sized buffer and zero out the first targe...
Definition: crypto_mpi.c:54
@ GNUNET_ERROR_TYPE_ERROR

References adjust(), buf, GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, GNUNET_memcpy, LOG_GCRY, p, and size.

Referenced by cs_full_domain_hash(), decrypt_conclude(), encrypt_fair(), GNUNET_CRYPTO_ecdsa_key_get_anonymous(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_CRYPTO_ecdsa_public_key_derive(), GNUNET_CRYPTO_eddsa_private_key_derive(), GNUNET_CRYPTO_eddsa_public_key_derive(), GNUNET_CRYPTO_paillier_create(), GNUNET_CRYPTO_paillier_encrypt(), GNUNET_CRYPTO_paillier_encrypt1(), GNUNET_CRYPTO_paillier_hom_add(), GNUNET_SECRETSHARING_encrypt(), GNUNET_SECRETSHARING_plaintext_generate_i(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), and keygen_round2_conclude().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_mpi_scan_unsigned()

void GNUNET_CRYPTO_mpi_scan_unsigned ( gcry_mpi_t *  result,
const void *  data,
size_t  size 
)

Convert data buffer into MPI value.

The buffer is interpreted as network byte order, unsigned integer.

Parameters
resultwhere to store MPI value (allocated)
dataraw data (GCRYMPI_FMT_USG)
sizenumber of bytes in data

Definition at line 131 of file crypto_mpi.c.

134 {
135  int rc;
136 
137  if (0 != (rc = gcry_mpi_scan (result,
138  GCRYMPI_FMT_USG,
139  data, size, &size)))
140  {
142  "gcry_mpi_scan",
143  rc);
144  GNUNET_assert (0);
145  }
146 }
uint32_t data
The data value.

References data, GNUNET_assert, GNUNET_ERROR_TYPE_ERROR, LOG_GCRY, result, and size.

Referenced by cs_full_domain_hash(), decrypt_conclude(), decrypt_new_element(), encrypt_fair(), get_fair_encryption_challenge(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_CRYPTO_ecdsa_public_key_derive(), GNUNET_CRYPTO_eddsa_private_key_derive(), GNUNET_CRYPTO_eddsa_public_key_derive(), GNUNET_CRYPTO_paillier_decrypt(), GNUNET_CRYPTO_paillier_encrypt(), GNUNET_CRYPTO_paillier_encrypt1(), GNUNET_CRYPTO_paillier_hom_add(), GNUNET_SECRETSHARING_encrypt(), insert_decrypt_element(), keygen_reveal_get_exp_coeff(), keygen_reveal_get_exp_preshare(), keygen_round1_new_element(), restore_fair(), and verify_fair().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_paillier_create()

void GNUNET_CRYPTO_paillier_create ( struct GNUNET_CRYPTO_PaillierPublicKey public_key,
struct GNUNET_CRYPTO_PaillierPrivateKey private_key 
)

Create a freshly generated paillier public key.

Parameters
[out]public_keyWhere to store the public key?
[out]private_keyWhere to store the private key?

Definition at line 39 of file crypto_paillier.c.

43 {
44  gcry_mpi_t p;
45  gcry_mpi_t q;
46  gcry_mpi_t phi;
47  gcry_mpi_t mu;
48  gcry_mpi_t n;
49 
50  /* Generate two distinct primes. The probability that the loop body
51  is executed more than once is very very low... */
52  p = NULL;
53  q = NULL;
54  do
55  {
56  if (NULL != p)
57  gcry_mpi_release (p);
58  if (NULL != q)
59  gcry_mpi_release (q);
60  GNUNET_assert (0 ==
61  gcry_prime_generate (&p,
63  0, NULL, NULL, NULL,
64  GCRY_STRONG_RANDOM, 0));
65  GNUNET_assert (0 ==
66  gcry_prime_generate (&q,
68  0, NULL, NULL, NULL,
69  GCRY_STRONG_RANDOM, 0));
70  }
71  while (0 == gcry_mpi_cmp (p, q));
72  /* n = p * q */
73  GNUNET_assert (NULL != (n = gcry_mpi_new (0)));
74  gcry_mpi_mul (n,
75  p,
76  q);
78  sizeof(struct
80  n);
81 
82  /* compute phi(n) = (p-1)(q-1) */
83  GNUNET_assert (NULL != (phi = gcry_mpi_new (0)));
84  gcry_mpi_sub_ui (p, p, 1);
85  gcry_mpi_sub_ui (q, q, 1);
86  gcry_mpi_mul (phi, p, q);
87  gcry_mpi_release (p);
88  gcry_mpi_release (q);
89 
90  /* lambda equals phi(n) in the simplified key generation */
93  phi);
94  /* mu = phi^{-1} mod n, as we use g = n + 1 */
95  GNUNET_assert (NULL != (mu = gcry_mpi_new (0)));
96  GNUNET_assert (0 != gcry_mpi_invm (mu,
97  phi,
98  n));
99  gcry_mpi_release (phi);
100  gcry_mpi_release (n);
101  GNUNET_CRYPTO_mpi_print_unsigned (private_key->mu,
103  mu);
104  gcry_mpi_release (mu);
105 }
#define GNUNET_CRYPTO_PAILLIER_BITS
Size of paillier plain texts and public keys.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
unsigned char mu[2048/8]
Mu-component of the private key.
unsigned char lambda[2048/8]
Lambda-component of the private key.

References GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_CRYPTO_PaillierPrivateKey::lambda, GNUNET_CRYPTO_PaillierPrivateKey::mu, p, and q.

Referenced by handle_client_keygen(), and run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_paillier_encrypt()

int GNUNET_CRYPTO_paillier_encrypt ( const struct GNUNET_CRYPTO_PaillierPublicKey public_key,
const gcry_mpi_t  m,
int  desired_ops,
struct GNUNET_CRYPTO_PaillierCiphertext ciphertext 
)

Encrypt a plaintext with a paillier public key.

Parameters
public_keyPublic key to use.
mPlaintext to encrypt.
desired_opsHow many homomorphic ops the caller intends to use
[out]ciphertextEncryption of plaintext with public_key.
Returns
guaranteed number of supported homomorphic operations >= 1, or desired_ops, in case that is lower, or -1 if less than one homomorphic operation is possible

Definition at line 220 of file crypto_paillier.c.

226 {
227  int possible_opts;
228  gcry_mpi_t n_square;
229  gcry_mpi_t r;
230  gcry_mpi_t rn;
231  gcry_mpi_t g;
232  gcry_mpi_t gm;
233  gcry_mpi_t c;
234  gcry_mpi_t n;
235  gcry_mpi_t max_num;
236  unsigned int highbit;
237 
238  /* set max_num = 2^{GNUNET_CRYPTO_PAILLIER_BITS}, the largest
239  number we can have as a result */
240  GNUNET_assert (NULL != (max_num = gcry_mpi_set_ui (NULL, 1)));
241  gcry_mpi_mul_2exp (max_num,
242  max_num,
244 
245  /* Determine how many operations we could allow, assuming the other
246  number has the same length (or is smaller), by counting the
247  number of possible operations. We essentially divide max_num by
248  2 until the result is no longer larger than 'm', incrementing the
249  maximum number of operations in each round, starting at -2 */for (possible_opts = -2; gcry_mpi_cmp (max_num, m) > 0; possible_opts++)
250  gcry_mpi_div (max_num,
251  NULL,
252  max_num,
253  GCRYMPI_CONST_TWO,
254  0);
255  gcry_mpi_release (max_num);
256 
257  if (possible_opts < 1)
258  possible_opts = 0;
259  /* Enforce soft-cap by caller */
260  possible_opts = GNUNET_MIN (desired_ops, possible_opts);
261  ciphertext->remaining_ops = htonl (possible_opts);
262 
264  public_key,
265  sizeof(struct
267 
268  /* check public key for number of bits, bail out if key is all zeros */
269  highbit = GNUNET_CRYPTO_PAILLIER_BITS - 1;
270  while ((! gcry_mpi_test_bit (n, highbit)) &&
271  (0 != highbit))
272  highbit--;
273  if (0 == highbit)
274  {
275  /* invalid public key */
276  GNUNET_break_op (0);
277  gcry_mpi_release (n);
278  return GNUNET_SYSERR;
279  }
280 
281  /* generate r < n (without bias) */
282  GNUNET_assert (NULL != (r = gcry_mpi_new (0)));
283  do
284  {
285  gcry_mpi_randomize (r, highbit + 1, GCRY_STRONG_RANDOM);
286  }
287  while (gcry_mpi_cmp (r, n) >= 0);
288 
289  /* g = n + 1 */
290  GNUNET_assert (0 != (g = gcry_mpi_new (0)));
291  gcry_mpi_add_ui (g, n, 1);
292 
293  /* n_square = n^2 */
294  GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
295  gcry_mpi_mul (n_square,
296  n,
297  n);
298 
299  /* gm = g^m mod n^2 */
300  GNUNET_assert (0 != (gm = gcry_mpi_new (0)));
301  gcry_mpi_powm (gm, g, m, n_square);
302  gcry_mpi_release (g);
303 
304  /* rn <- r^n mod n^2 */
305  GNUNET_assert (0 != (rn = gcry_mpi_new (0)));
306  gcry_mpi_powm (rn, r, n, n_square);
307  gcry_mpi_release (r);
308  gcry_mpi_release (n);
309 
310  /* c <- rn * gm mod n^2 */
311  GNUNET_assert (0 != (c = gcry_mpi_new (0)));
312  gcry_mpi_mulm (c, rn, gm, n_square);
313  gcry_mpi_release (n_square);
314  gcry_mpi_release (gm);
315  gcry_mpi_release (rn);
316 
318  sizeof(ciphertext->bits),
319  c);
320  gcry_mpi_release (c);
321 
322  return possible_opts;
323 }
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
static struct GNUNET_SECRETSHARING_Ciphertext ciphertext
#define GNUNET_MIN(a, b)
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.

References ciphertext, GNUNET_assert, GNUNET_break_op, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PAILLIER_BITS, GNUNET_MIN, GNUNET_SYSERR, and m.

Referenced by compute_service_response(), and send_alices_cryptodata_message().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_paillier_decrypt()

void GNUNET_CRYPTO_paillier_decrypt ( const struct GNUNET_CRYPTO_PaillierPrivateKey private_key,
const struct GNUNET_CRYPTO_PaillierPublicKey public_key,
const struct GNUNET_CRYPTO_PaillierCiphertext ciphertext,
gcry_mpi_t  m 
)

Decrypt a paillier ciphertext with a private key.

Parameters
private_keyPrivate key to use for decryption.
public_keyPublic key to use for decryption.
ciphertextCiphertext to decrypt.
[out]mDecryption of ciphertext with @private_key.
private_keyPrivate key to use for decryption.
public_keyPublic key to use for encryption.
ciphertextCiphertext to decrypt.
[out]mDecryption of ciphertext with @private_key.

Definition at line 335 of file crypto_paillier.c.

342 {
343  gcry_mpi_t mu;
344  gcry_mpi_t lambda;
345  gcry_mpi_t n;
346  gcry_mpi_t n_square;
347  gcry_mpi_t c;
348  gcry_mpi_t cmu;
349  gcry_mpi_t cmum1;
350  gcry_mpi_t mod;
351 
353  private_key->lambda,
354  sizeof(private_key->lambda));
356  private_key->mu,
357  sizeof(private_key->mu));
359  public_key,
360  sizeof(struct
363  ciphertext->bits,
364  sizeof(ciphertext->bits));
365 
366  /* n_square = n * n */
367  GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
368  gcry_mpi_mul (n_square, n, n);
369 
370  /* cmu = c^lambda mod n^2 */
371  GNUNET_assert (0 != (cmu = gcry_mpi_new (0)));
372  gcry_mpi_powm (cmu,
373  c,
374  lambda,
375  n_square);
376  gcry_mpi_release (n_square);
377  gcry_mpi_release (lambda);
378  gcry_mpi_release (c);
379 
380  /* cmum1 = cmu - 1 */
381  GNUNET_assert (0 != (cmum1 = gcry_mpi_new (0)));
382  gcry_mpi_sub_ui (cmum1, cmu, 1);
383  gcry_mpi_release (cmu);
384 
385  /* mod = cmum1 / n (mod n) */
386  GNUNET_assert (0 != (mod = gcry_mpi_new (0)));
387  gcry_mpi_div (mod, NULL, cmum1, n, 0);
388  gcry_mpi_release (cmum1);
389 
390  /* m = mod * mu mod n */
391  gcry_mpi_mulm (m, mod, mu, n);
392  gcry_mpi_release (mod);
393  gcry_mpi_release (mu);
394  gcry_mpi_release (n);
395 }

References ciphertext, GNUNET_assert, GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_CRYPTO_PaillierPrivateKey::lambda, m, and GNUNET_CRYPTO_PaillierPrivateKey::mu.

Referenced by compute_scalar_product(), and keygen_round2_new_element().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_paillier_hom_add()

int GNUNET_CRYPTO_paillier_hom_add ( const struct GNUNET_CRYPTO_PaillierPublicKey public_key,
const struct GNUNET_CRYPTO_PaillierCiphertext c1,
const struct GNUNET_CRYPTO_PaillierCiphertext c2,
struct GNUNET_CRYPTO_PaillierCiphertext result 
)

Compute a ciphertext that represents the sum of the plaintext in x1 and x2.

Note that this operation can only be done a finite number of times before an overflow occurs.

Parameters
public_keyPublic key to use for encryption.
c1Paillier cipher text.
c2Paillier cipher text.
[out]resultResult of the homomorphic operation.
Returns
GNUNET_OK if the result could be computed, GNUNET_SYSERR if no more homomorphic operations are remaining.

Compute a ciphertext that represents the sum of the plaintext in x1 and x2.

Note that this operation can only be done a finite number of times before an overflow occurs.

Parameters
public_keyPublic key to use for encryption.
c1Paillier cipher text.
c2Paillier cipher text.
[out]resultResult of the homomorphic operation.
Returns
GNUNET_OK if the result could be computed, GNUNET_SYSERR if no more homomorphic operations are remaining.

Definition at line 413 of file crypto_paillier.c.

420 {
421  gcry_mpi_t a;
422  gcry_mpi_t b;
423  gcry_mpi_t c;
424  gcry_mpi_t n;
425  gcry_mpi_t n_square;
426  int32_t o1;
427  int32_t o2;
428 
429  o1 = (int32_t) ntohl (c1->remaining_ops);
430  o2 = (int32_t) ntohl (c2->remaining_ops);
431  if ((0 >= o1) || (0 >= o2))
432  {
433  GNUNET_break_op (0);
434  return GNUNET_SYSERR;
435  }
436 
438  c1->bits,
439  sizeof(c1->bits));
441  c2->bits,
442  sizeof(c2->bits));
444  public_key,
445  sizeof(struct
447 
448  /* n_square = n * n */
449  GNUNET_assert (0 != (n_square = gcry_mpi_new (0)));
450  gcry_mpi_mul (n_square, n, n);
451  gcry_mpi_release (n);
452 
453  /* c = a * b mod n_square */
454  GNUNET_assert (0 != (c = gcry_mpi_new (0)));
455  gcry_mpi_mulm (c, a, b, n_square);
456  gcry_mpi_release (n_square);
457  gcry_mpi_release (a);
458  gcry_mpi_release (b);
459 
460  result->remaining_ops = htonl (GNUNET_MIN (o1, o2) - 1);
462  sizeof(result->bits),
463  c);
464  gcry_mpi_release (c);
465  return ntohl (result->remaining_ops);
466 }
int32_t remaining_ops
Guaranteed minimum number of homomorphic operations with this ciphertext, in network byte order (NBO)...
unsigned char bits[2048 *2/8]
The bits of the ciphertext.

References GNUNET_CRYPTO_PaillierCiphertext::bits, GNUNET_assert, GNUNET_break_op, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_MIN, GNUNET_SYSERR, GNUNET_CRYPTO_PaillierCiphertext::remaining_ops, and result.

Referenced by compute_service_response().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_paillier_hom_get_remaining()

int GNUNET_CRYPTO_paillier_hom_get_remaining ( const struct GNUNET_CRYPTO_PaillierCiphertext c)

Get the number of remaining supported homomorphic operations.

Parameters
cPaillier cipher text.
Returns
the number of remaining homomorphic operations

Definition at line 476 of file crypto_paillier.c.

478 {
479  GNUNET_assert (NULL != c);
480  return ntohl (c->remaining_ops);
481 }

References GNUNET_assert, and GNUNET_CRYPTO_PaillierCiphertext::remaining_ops.

◆ GNUNET_CRYPTO_rsa_private_key_create()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_create ( unsigned int  len)

Create a new private key.

Caller must free return value.

Parameters
lenlength of the key in bits (e.g. 2048)
Returns
fresh private key

Definition at line 143 of file crypto_rsa.c.

144 {
146  gcry_sexp_t s_key;
147  gcry_sexp_t s_keyparam;
148 
149  BENCHMARK_START (rsa_private_key_create);
150 
151  GNUNET_assert (0 ==
152  gcry_sexp_build (&s_keyparam,
153  NULL,
154  "(genkey(rsa(nbits %d)))",
155  len));
156  GNUNET_assert (0 ==
157  gcry_pk_genkey (&s_key,
158  s_keyparam));
159  gcry_sexp_release (s_keyparam);
160 #if EXTRA_CHECKS
161  GNUNET_assert (0 ==
162  gcry_pk_testkey (s_key));
163 #endif
165  ret->sexp = s_key;
166  BENCHMARK_END (rsa_private_key_create);
167  return ret;
168 }
The private information of an RSA key pair.
Definition: crypto_rsa.c:40

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_new, len, and ret.

Referenced by output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_free()

void GNUNET_CRYPTO_rsa_private_key_free ( struct GNUNET_CRYPTO_RsaPrivateKey key)

Free memory occupied by the private key.

Parameters
keypointer to the memory to free

Definition at line 172 of file crypto_rsa.c.

173 {
174  gcry_sexp_release (key->sexp);
175  GNUNET_free (key);
176 }

References GNUNET_free, and key.

Referenced by GNUNET_CRYPTO_rsa_private_key_decode(), and output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_encode()

size_t GNUNET_CRYPTO_rsa_private_key_encode ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
void **  buffer 
)

Encode the private key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocatedin buffer

Definition at line 180 of file crypto_rsa.c.

183 {
184  size_t n;
185  char *b;
186 
187  n = gcry_sexp_sprint (key->sexp,
188  GCRYSEXP_FMT_DEFAULT,
189  NULL,
190  0);
191  b = GNUNET_malloc (n);
192  GNUNET_assert ((n - 1) == /* since the last byte is \0 */
193  gcry_sexp_sprint (key->sexp,
194  GCRYSEXP_FMT_DEFAULT,
195  b,
196  n));
197  *buffer = b;
198  return n;
199 }

References GNUNET_assert, GNUNET_malloc, and key.

Referenced by GNUNET_CRYPTO_rsa_private_key_cmp(), and output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_decode()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_decode ( const void *  buf,
size_t  buf_size 
)

Decode the private key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the private key data is stored
buf_sizethe size of the data in buf
Returns
NULL on error

Definition at line 203 of file crypto_rsa.c.

205 {
207 
209  if (0 !=
210  gcry_sexp_new (&key->sexp,
211  buf,
212  buf_size,
213  0))
214  {
216  "Decoded private key is not valid\n");
217  GNUNET_free (key);
218  return NULL;
219  }
220  if (0 != gcry_pk_testkey (key->sexp))
221  {
223  "Decoded private key is not valid\n");
225  return NULL;
226  }
227  return key;
228 }
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:172
#define LOG(kind,...)
Definition: crypto_rsa.c:33
@ GNUNET_ERROR_TYPE_WARNING

References buf, GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_new, key, and LOG.

Referenced by checkvec().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_dup()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_dup ( const struct GNUNET_CRYPTO_RsaPrivateKey key)

Duplicate the given private key.

Parameters
keythe private key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1214 of file crypto_rsa.c.

1216 {
1217  struct GNUNET_CRYPTO_RsaPrivateKey *dup;
1218  gcry_sexp_t dup_sexp;
1219  size_t erroff;
1220 
1221  /* check if we really are exporting a private key */
1222  dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0);
1223  GNUNET_assert (NULL != dup_sexp);
1224  gcry_sexp_release (dup_sexp);
1225  /* copy the sexp */
1226  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1227  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
1228  dup->sexp = dup_sexp;
1229  return dup;
1230 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44

References GNUNET_assert, GNUNET_new, key, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

◆ GNUNET_CRYPTO_rsa_private_key_get_public()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_private_key_get_public ( const struct GNUNET_CRYPTO_RsaPrivateKey priv)

Extract the public key of the given private key.

Parameters
privthe private key
Returns
NULL on error, otherwise the public key

Definition at line 232 of file crypto_rsa.c.

234 {
236  gcry_mpi_t ne[2];
237  int rc;
238  gcry_sexp_t result;
239 
240  BENCHMARK_START (rsa_private_key_get_public);
241 
242  rc = key_from_sexp (ne, priv->sexp, "public-key", "ne");
243  if (0 != rc)
244  rc = key_from_sexp (ne, priv->sexp, "private-key", "ne");
245  if (0 != rc)
246  rc = key_from_sexp (ne, priv->sexp, "rsa", "ne");
247  if (0 != rc)
248  {
249  GNUNET_break_op (0);
250  return NULL;
251  }
252  rc = gcry_sexp_build (&result,
253  NULL,
254  "(public-key(rsa(n %m)(e %m)))",
255  ne[0],
256  ne[1]);
257  gcry_mpi_release (ne[0]);
258  gcry_mpi_release (ne[1]);
260  pub->sexp = result;
261  BENCHMARK_END (rsa_private_key_get_public);
262  return pub;
263 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
The public information of an RSA key pair.
Definition: crypto_rsa.c:52

References BENCHMARK_END, BENCHMARK_START, GNUNET_break_op, GNUNET_new, key_from_sexp(), pub, result, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_sign_fdh(), output_vectors(), and rsa_sign_mpi().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_hash()

void GNUNET_CRYPTO_rsa_public_key_hash ( const struct GNUNET_CRYPTO_RsaPublicKey key,
struct GNUNET_HashCode hc 
)

Compute hash over the public key.

Parameters
keypublic key to hash
hcwhere to store the hash code

Definition at line 406 of file crypto_rsa.c.

408 {
409  void *buf;
410  size_t buf_size;
411 
413  &buf);
415  buf_size,
416  hc);
417  GNUNET_free (buf);
418 }
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:324
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41

References buf, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, and key.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_check()

bool GNUNET_CRYPTO_rsa_public_key_check ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Check if key is well-formed.

Returns
true if key is well-formed.

Definition at line 300 of file crypto_rsa.c.

302 {
303  gcry_mpi_t ne[2];
304  int ret;
305 
306  ret = key_from_sexp (ne,
307  key->sexp,
308  "public-key",
309  "ne");
310  if (0 != ret)
311  ret = key_from_sexp (ne,
312  key->sexp,
313  "rsa",
314  "ne");
315  if (0 != ret)
316  return false;
317  gcry_mpi_release (ne[0]);
318  gcry_mpi_release (ne[1]);
319  return true;
320 }

References key, key_from_sexp(), and ret.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_len()

unsigned int GNUNET_CRYPTO_rsa_public_key_len ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Obtain the length of the RSA key in bits.

Parameters
keythe public key to introspect
Returns
length of the key in bits

Definition at line 673 of file crypto_rsa.c.

674 {
675  gcry_mpi_t n;
676  unsigned int rval;
677 
678  if (0 != key_from_sexp (&n, key->sexp, "rsa", "n"))
679  { /* Not an RSA public key */
680  GNUNET_break (0);
681  return 0;
682  }
683  rval = gcry_mpi_get_nbits (n);
684  gcry_mpi_release (n);
685  return rval;
686 }

References GNUNET_break, key, and key_from_sexp().

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_free()

void GNUNET_CRYPTO_rsa_public_key_free ( struct GNUNET_CRYPTO_RsaPublicKey key)

Free memory occupied by the public key.

Parameters
keypointer to the memory to free

Definition at line 267 of file crypto_rsa.c.

268 {
269  gcry_sexp_release (key->sexp);
270  GNUNET_free (key);
271 }

References GNUNET_free, and key.

Referenced by clean_rsa_pub(), clean_rsa_public_key(), GNUNET_CRYPTO_rsa_sign_fdh(), output_vectors(), and rsa_sign_mpi().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_encode()

size_t GNUNET_CRYPTO_rsa_public_key_encode ( const struct GNUNET_CRYPTO_RsaPublicKey key,
void **  buffer 
)

Encode the public key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 324 of file crypto_rsa.c.

327 {
328  gcry_mpi_t ne[2];
329  size_t n_size;
330  size_t e_size;
331  size_t rsize;
332  size_t buf_size;
333  char *buf;
335  int ret;
336 
337  ret = key_from_sexp (ne,
338  key->sexp,
339  "public-key",
340  "ne");
341  if (0 != ret)
342  ret = key_from_sexp (ne,
343  key->sexp,
344  "rsa",
345  "ne");
346  if (0 != ret)
347  {
348  GNUNET_break (0);
349  *buffer = NULL;
350  return 0;
351  }
352  gcry_mpi_print (GCRYMPI_FMT_USG,
353  NULL,
354  0,
355  &n_size,
356  ne[0]);
357  gcry_mpi_print (GCRYMPI_FMT_USG,
358  NULL,
359  0,
360  &e_size,
361  ne[1]);
362  if ( (e_size > UINT16_MAX) ||
363  (n_size > UINT16_MAX) )
364  {
365  GNUNET_break (0);
366  if (NULL != buffer)
367  *buffer = NULL;
368  gcry_mpi_release (ne[0]);
369  gcry_mpi_release (ne[1]);
370  return 0;
371  }
372  buf_size = n_size + e_size + sizeof (hdr);
373  if (NULL == buffer)
374  {
375  gcry_mpi_release (ne[0]);
376  gcry_mpi_release (ne[1]);
377  return buf_size;
378  }
379  buf = GNUNET_malloc (buf_size);
380  hdr.modulus_length = htons ((uint16_t) n_size);
381  hdr.public_exponent_length = htons ((uint16_t) e_size);
382  memcpy (buf,
383  &hdr,
384  sizeof (hdr));
385  GNUNET_assert (0 ==
386  gcry_mpi_print (GCRYMPI_FMT_USG,
387  (unsigned char *) &buf[sizeof (hdr)],
388  n_size,
389  &rsize,
390  ne[0]));
391 
392  GNUNET_assert (0 ==
393  gcry_mpi_print (GCRYMPI_FMT_USG,
394  (unsigned char *) &buf[sizeof (hdr) + n_size],
395  e_size,
396  &rsize,
397  ne[1]));
398  *buffer = buf;
399  gcry_mpi_release (ne[0]);
400  gcry_mpi_release (ne[1]);
401  return buf_size;
402 }
Format of the header of a serialized RSA public key.
Definition: crypto_rsa.c:280

References buf, GNUNET_assert, GNUNET_break, GNUNET_malloc, key, key_from_sexp(), GNUNET_CRYPTO_RsaPublicKeyHeaderP::modulus_length, GNUNET_CRYPTO_RsaPublicKeyHeaderP::public_exponent_length, and ret.

Referenced by bind_rsa_pub(), checkvec(), GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_public_key_cmp(), GNUNET_CRYPTO_rsa_public_key_hash(), GNUNET_JSON_from_rsa_public_key(), GNUNET_PQ_query_param_rsa_public_key(), my_conv_rsa_public_key(), and output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_decode()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_decode ( const char *  buf,
size_t  len 
)

Decode the public key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 422 of file crypto_rsa.c.

424 {
427  size_t e_size;
428  size_t n_size;
429  gcry_mpi_t n;
430  gcry_mpi_t e;
431  gcry_sexp_t data;
432 
433  if (len < sizeof (hdr))
434  {
435  GNUNET_break_op (0);
436  return NULL;
437  }
438  memcpy (&hdr, buf, sizeof (hdr));
439  n_size = ntohs (hdr.modulus_length);
440  e_size = ntohs (hdr.public_exponent_length);
441  if (len != sizeof (hdr) + e_size + n_size)
442  {
443  GNUNET_break_op (0);
444  return NULL;
445  }
446  if (0 !=
447  gcry_mpi_scan (&n,
448  GCRYMPI_FMT_USG,
449  &buf[sizeof (hdr)],
450  n_size,
451  NULL))
452  {
453  GNUNET_break_op (0);
454  return NULL;
455  }
456  if (0 !=
457  gcry_mpi_scan (&e,
458  GCRYMPI_FMT_USG,
459  &buf[sizeof (hdr) + n_size],
460  e_size,
461  NULL))
462  {
463  GNUNET_break_op (0);
464  gcry_mpi_release (n);
465  return NULL;
466  }
467 
468  if (0 !=
469  gcry_sexp_build (&data,
470  NULL,
471  "(public-key(rsa(n %m)(e %m)))",
472  n,
473  e))
474  {
475  GNUNET_break (0);
476  gcry_mpi_release (n);
477  gcry_mpi_release (e);
478  return NULL;
479  }
480  gcry_mpi_release (n);
481  gcry_mpi_release (e);
483  key->sexp = data;
484  return key;
485 }
static struct Experiment * e

References buf, data, e, GNUNET_break, GNUNET_break_op, GNUNET_new, key, len, GNUNET_CRYPTO_RsaPublicKeyHeaderP::modulus_length, and GNUNET_CRYPTO_RsaPublicKeyHeaderP::public_exponent_length.

Referenced by checkvec(), extract_rsa_pub(), and post_extract_rsa_public_key().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_dup()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_dup ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Duplicate the given public key.

Parameters
keythe public key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1068 of file crypto_rsa.c.

1069 {
1070  struct GNUNET_CRYPTO_RsaPublicKey *dup;
1071  gcry_sexp_t dup_sexp;
1072  size_t erroff;
1073 
1074  /* check if we really are exporting a public key */
1075  dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0);
1076  GNUNET_assert (NULL != dup_sexp);
1077  gcry_sexp_release (dup_sexp);
1078  /* copy the sexp */
1079  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1080  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
1081  dup->sexp = dup_sexp;
1082  return dup;
1083 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56

References GNUNET_assert, GNUNET_new, key, and GNUNET_CRYPTO_RsaPublicKey::sexp.

◆ GNUNET_CRYPTO_rsa_signature_cmp()

int GNUNET_CRYPTO_rsa_signature_cmp ( const struct GNUNET_CRYPTO_RsaSignature s1,
const struct GNUNET_CRYPTO_RsaSignature s2 
)

Compare the values of two signatures.

Parameters
s1one signature
s2the other signature
Returns
0 if the two are equal

Definition at line 595 of file crypto_rsa.c.

597 {
598  void *b1;
599  void *b2;
600  size_t z1;
601  size_t z2;
602  int ret;
603 
605  &b1);
607  &b2);
608  if (z1 != z2)
609  ret = 1;
610  else
611  ret = memcmp (b1,
612  b2,
613  z1);
614  GNUNET_free (b1);
615  GNUNET_free (b2);
616  return ret;
617 }
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:992

References GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_free, and ret.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_cmp()

int GNUNET_CRYPTO_rsa_private_key_cmp ( const struct GNUNET_CRYPTO_RsaPrivateKey p1,
const struct GNUNET_CRYPTO_RsaPrivateKey p2 
)

Compare the values of two private keys.

Parameters
p1one private key
p2the other private key
Returns
0 if the two are equal

Definition at line 647 of file crypto_rsa.c.

649 {
650  void *b1;
651  void *b2;
652  size_t z1;
653  size_t z2;
654  int ret;
655 
657  &b1);
659  &b2);
660  if (z1 != z2)
661  ret = 1;
662  else
663  ret = memcmp (b1,
664  b2,
665  z1);
666  GNUNET_free (b1);
667  GNUNET_free (b2);
668  return ret;
669 }
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:180

References GNUNET_CRYPTO_rsa_private_key_encode(), GNUNET_free, and ret.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_cmp()

int GNUNET_CRYPTO_rsa_public_key_cmp ( const struct GNUNET_CRYPTO_RsaPublicKey p1,
const struct GNUNET_CRYPTO_RsaPublicKey p2 
)

Compare the values of two public keys.

Parameters
p1one public key
p2the other public key
Returns
0 if the two are equal

Definition at line 621 of file crypto_rsa.c.

623 {
624  void *b1;
625  void *b2;
626  size_t z1;
627  size_t z2;
628  int ret;
629 
631  &b1);
633  &b2);
634  if (z1 != z2)
635  ret = 1;
636  else
637  ret = memcmp (b1,
638  b2,
639  z1);
640  GNUNET_free (b1);
641  GNUNET_free (b2);
642  return ret;
643 }

References GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, and ret.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_blind()

int GNUNET_CRYPTO_rsa_blind ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey,
void **  buf,
size_t *  buf_size 
)

Blinds the given message with the given blinding key.

Parameters
hashhash of the message to sign
bkeythe blinding key
pkeythe public key of the signer
[out]bufset to a buffer with the blinded message to be signed
[out]buf_sizenumber of bytes stored in buf
Returns
GNUNET_YES if successful, GNUNET_NO if RSA key is malicious

Definition at line 747 of file crypto_rsa.c.

788 {
789  struct RsaBlindingKey *bkey;
790  gcry_mpi_t data;
791  gcry_mpi_t ne[2];
792  gcry_mpi_t r_e;
793  gcry_mpi_t data_r_e;
794  int ret;
795 
796  BENCHMARK_START (rsa_blind);
797 
798  GNUNET_assert (buf != NULL);
799  GNUNET_assert (buf_size != NULL);
800  ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne");
801  if (0 != ret)
802  ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne");
803  if (0 != ret)
804  {
805  GNUNET_break (0);
806  *buf = NULL;
807  *buf_size = 0;
808  return GNUNET_NO;
809  }
810 
811  data = rsa_full_domain_hash (pkey, hash);
812  if (NULL == data)
813  goto rsa_gcd_validate_failure;
814 
815  bkey = rsa_blinding_key_derive (pkey, bks);
816  if (NULL == bkey)
817  {
818  gcry_mpi_release (data);
819  goto rsa_gcd_validate_failure;
820  }
821 
822  r_e = gcry_mpi_new (0);
823  gcry_mpi_powm (r_e,
824  bkey->r,
825  ne[1],
826  ne[0]);
827  data_r_e = gcry_mpi_new (0);
828  gcry_mpi_mulm (data_r_e,
829  data,
830  r_e,
831  ne[0]);
832  gcry_mpi_release (data);
833  gcry_mpi_release (ne[0]);
834  gcry_mpi_release (ne[1]);
835  gcry_mpi_release (r_e);
836  rsa_blinding_key_free (bkey);
837 
838  *buf_size = numeric_mpi_alloc_n_print (data_r_e,
839  (char **) buf);
840  gcry_mpi_release (data_r_e);
841 
842  BENCHMARK_END (rsa_blind);
843 
844  return GNUNET_YES;
845 
846 rsa_gcd_validate_failure:
847  /* We know the RSA key is malicious here, so warn the wallet. */
848  /* GNUNET_break_op (0); */
849  gcry_mpi_release (ne[0]);
850  gcry_mpi_release (ne[1]);
851  *buf = NULL;
852  *buf_size = 0;
853  return GNUNET_NO;
854 }
static void rsa_blinding_key_free(struct RsaBlindingKey *bkey)
Destroy a blinding key.
Definition: crypto_rsa.c:695
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:747
static struct RsaBlindingKey * rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
Create a blinding key.
Definition: crypto_rsa.c:520
static size_t numeric_mpi_alloc_n_print(gcry_mpi_t v, char **buffer)
Print an MPI to a newly created buffer.
Definition: crypto_rsa.c:710
RSA blinding key.
Definition: crypto_rsa.c:76
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80

References GNUNET_assert, GNUNET_CRYPTO_kdf_mod_mpi(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, key_from_sexp(), ok, pkey, RsaBlindingKey::r, and rsa_gcd_validate().

Referenced by checkvec(), and output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_blinded()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_blinded ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const void *  msg,
size_t  msg_len 
)

Sign a blinded value, which must be a full domain hash of a message.

Parameters
keyprivate key to use for the signing
msgthe (blinded) message to sign
msg_lennumber of bytes in msg to sign
Returns
NULL on error, signature on success

Definition at line 940 of file crypto_rsa.c.

943 {
944  gcry_mpi_t v = NULL;
945  struct GNUNET_CRYPTO_RsaSignature *sig;
946 
947  BENCHMARK_START (rsa_sign_blinded);
948 
949  GNUNET_assert (0 ==
950  gcry_mpi_scan (&v,
951  GCRYMPI_FMT_USG,
952  msg,
953  msg_len,
954  NULL));
955 
956  sig = rsa_sign_mpi (key, v);
957  gcry_mpi_release (v);
958  BENCHMARK_END (rsa_sign_blinded);
959  return sig;
960 }
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
static struct GNUNET_CRYPTO_RsaSignature * rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
Sign the given MPI.
Definition: crypto_rsa.c:885
an RSA signature
Definition: crypto_rsa.c:64

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, key, msg, and rsa_sign_mpi().

Referenced by checkvec(), and output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_fdh()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_fdh ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const struct GNUNET_HashCode hash 
)

Create and sign a full domain hash of a message.

Parameters
keyprivate key to use for the signing
hashthe hash of the message to sign
Returns
NULL on error, including a malicious RSA key, signature on success

Definition at line 964 of file crypto_rsa.c.

966 {
968  gcry_mpi_t v = NULL;
969  struct GNUNET_CRYPTO_RsaSignature *sig;
970 
972  v = rsa_full_domain_hash (pkey, hash);
974  if (NULL == v) /* rsa_gcd_validate failed meaning */
975  return NULL; /* our *own* RSA key is malicious. */
976 
977  sig = rsa_sign_mpi (key, v);
978  gcry_mpi_release (v);
979  return sig;
980 }
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:267
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:232

References GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_free(), key, pkey, rsa_full_domain_hash(), and rsa_sign_mpi().

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_free()

void GNUNET_CRYPTO_rsa_signature_free ( struct GNUNET_CRYPTO_RsaSignature sig)

Free memory occupied by signature.

Parameters
sigmemory to free

Definition at line 984 of file crypto_rsa.c.

985 {
986  gcry_sexp_release (sig->sexp);
987  GNUNET_free (sig);
988 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68

References GNUNET_free, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by clean_rsa_sig(), clean_rsa_signature(), and output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_encode()

size_t GNUNET_CRYPTO_rsa_signature_encode ( const struct GNUNET_CRYPTO_RsaSignature sig,
void **  buffer 
)

Encode the given signature in a format suitable for storing it into a file.

Parameters
sigthe signature
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 992 of file crypto_rsa.c.

995 {
996  gcry_mpi_t s;
997  size_t buf_size;
998  size_t rsize;
999  unsigned char *buf;
1000  int ret;
1001 
1002  ret = key_from_sexp (&s,
1003  sig->sexp,
1004  "sig-val",
1005  "s");
1006  if (0 != ret)
1007  ret = key_from_sexp (&s,
1008  sig->sexp,
1009  "rsa",
1010  "s");
1011  GNUNET_assert (0 == ret);
1012  gcry_mpi_print (GCRYMPI_FMT_USG,
1013  NULL,
1014  0,
1015  &buf_size,
1016  s);
1017  buf = GNUNET_malloc (buf_size);
1018  GNUNET_assert (0 ==
1019  gcry_mpi_print (GCRYMPI_FMT_USG,
1020  buf,
1021  buf_size,
1022  &rsize,
1023  s));
1024  GNUNET_assert (rsize == buf_size);
1025  *buffer = (void *) buf;
1026  gcry_mpi_release (s);
1027  return buf_size;
1028 }

References buf, GNUNET_assert, GNUNET_malloc, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by bind_rsa_sig(), checkvec(), GNUNET_CRYPTO_rsa_signature_cmp(), GNUNET_JSON_from_rsa_signature(), GNUNET_PQ_query_param_rsa_signature(), my_conv_rsa_signature(), and output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_decode()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_decode ( const void *  buf,
size_t  buf_size 
)

Decode the signature from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
buf_sizethe number of bytes of the data in buf
Returns
NULL on error

Definition at line 1032 of file crypto_rsa.c.

1034 {
1035  struct GNUNET_CRYPTO_RsaSignature *sig;
1036  gcry_mpi_t s;
1037  gcry_sexp_t data;
1038 
1039  if (0 !=
1040  gcry_mpi_scan (&s,
1041  GCRYMPI_FMT_USG,
1042  buf,
1043  buf_size,
1044  NULL))
1045  {
1046  GNUNET_break_op (0);
1047  return NULL;
1048  }
1049 
1050  if (0 !=
1051  gcry_sexp_build (&data,
1052  NULL,
1053  "(sig-val(rsa(s %M)))",
1054  s))
1055  {
1056  GNUNET_break (0);
1057  gcry_mpi_release (s);
1058  return NULL;
1059  }
1060  gcry_mpi_release (s);
1061  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1062  sig->sexp = data;
1063  return sig;
1064 }

References buf, data, GNUNET_break, GNUNET_break_op, GNUNET_new, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by extract_rsa_sig(), and post_extract_rsa_signature().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_dup()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_dup ( const struct GNUNET_CRYPTO_RsaSignature sig)

Duplicate the given rsa signature.

Parameters
sigthe signature to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1234 of file crypto_rsa.c.

1235 {
1236  struct GNUNET_CRYPTO_RsaSignature *dup;
1237  gcry_sexp_t dup_sexp;
1238  size_t erroff;
1239  gcry_mpi_t s;
1240  int ret;
1241 
1242  /* verify that this is an RSA signature */
1243  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1244  if (0 != ret)
1245  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1246  GNUNET_assert (0 == ret);
1247  gcry_mpi_release (s);
1248  /* copy the sexp */
1249  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp));
1250  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1251  dup->sexp = dup_sexp;
1252  return dup;
1253 }

References GNUNET_assert, GNUNET_new, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_unblind()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_unblind ( const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey 
)

Unblind a blind-signed signature.

The signature should have been generated with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with GNUNET_CRYPTO_rsa_blind().

Parameters
sigthe signature made on the blinded signature purpose
bksthe blinding key secret used to blind the signature purpose
pkeythe public key of the signer
Returns
unblinded signature on success, NULL if RSA key is bad or malicious.

Definition at line 1087 of file crypto_rsa.c.

1090 {
1091  struct RsaBlindingKey *bkey;
1092  gcry_mpi_t n;
1093  gcry_mpi_t s;
1094  gcry_mpi_t r_inv;
1095  gcry_mpi_t ubsig;
1096  int ret;
1097  struct GNUNET_CRYPTO_RsaSignature *sret;
1098 
1099  BENCHMARK_START (rsa_unblind);
1100 
1101  ret = key_from_sexp (&n, pkey->sexp, "public-key", "n");
1102  if (0 != ret)
1103  ret = key_from_sexp (&n, pkey->sexp, "rsa", "n");
1104  if (0 != ret)
1105  {
1106  GNUNET_break_op (0);
1107  return NULL;
1108  }
1109  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1110  if (0 != ret)
1111  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1112  if (0 != ret)
1113  {
1114  gcry_mpi_release (n);
1115  GNUNET_break_op (0);
1116  return NULL;
1117  }
1118 
1119  bkey = rsa_blinding_key_derive (pkey, bks);
1120  if (NULL == bkey)
1121  {
1122  /* RSA key is malicious since rsa_gcd_validate failed here.
1123  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1124  * so the exchange is being malicious in an unfamilair way, maybe
1125  * just trying to crash us. */
1126  GNUNET_break_op (0);
1127  gcry_mpi_release (n);
1128  gcry_mpi_release (s);
1129  return NULL;
1130  }
1131 
1132  r_inv = gcry_mpi_new (0);
1133  if (1 !=
1134  gcry_mpi_invm (r_inv,
1135  bkey->r,
1136  n))
1137  {
1138  /* We cannot find r mod n, so gcd(r,n) != 1, which should get *
1139  * caught above, but we handle it the same here. */
1140  GNUNET_break_op (0);
1141  gcry_mpi_release (r_inv);
1142  rsa_blinding_key_free (bkey);
1143  gcry_mpi_release (n);
1144  gcry_mpi_release (s);
1145  return NULL;
1146  }
1147 
1148  ubsig = gcry_mpi_new (0);
1149  gcry_mpi_mulm (ubsig, s, r_inv, n);
1150  gcry_mpi_release (n);
1151  gcry_mpi_release (r_inv);
1152  gcry_mpi_release (s);
1153  rsa_blinding_key_free (bkey);
1154 
1155  sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1156  GNUNET_assert (0 ==
1157  gcry_sexp_build (&sret->sexp,
1158  NULL,
1159  "(sig-val (rsa (s %M)))",
1160  ubsig));
1161  gcry_mpi_release (ubsig);
1162  BENCHMARK_END (rsa_unblind);
1163  return sret;
1164 }

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_break_op, GNUNET_new, key_from_sexp(), pkey, RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by checkvec(), and output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_verify()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaPublicKey public_key 
)

Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key.

Parameters
hashthe message to verify to match the sig
sigsignature that is being validated
public_keypublic key of the signer
Returns
GNUNET_YES if ok, GNUNET_NO if RSA key is malicious, GNUNET_SYSERR if signature

Definition at line 1087 of file crypto_rsa.c.

1171 {
1172  gcry_sexp_t data;
1173  gcry_mpi_t r;
1174  int rc;
1175 
1176  BENCHMARK_START (rsa_verify);
1177 
1178  r = rsa_full_domain_hash (pkey, hash);
1179  if (NULL == r)
1180  {
1181  GNUNET_break_op (0);
1182  /* RSA key is malicious since rsa_gcd_validate failed here.
1183  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1184  * so the exchange is being malicious in an unfamilair way, maybe
1185  * just trying to crash us. Arguably, we've only an internal error
1186  * though because we should've detected this in our previous call
1187  * to GNUNET_CRYPTO_rsa_unblind. *///
1188  return GNUNET_NO;
1189  }
1190 
1191  data = mpi_to_sexp (r);
1192  gcry_mpi_release (r);
1193 
1194  rc = gcry_pk_verify (sig->sexp,
1195  data,
1196  pkey->sexp);
1197  gcry_sexp_release (data);
1198  if (0 != rc)
1199  {
1201  _ ("RSA signature verification failed at %s:%d: %s\n"),
1202  __FILE__,
1203  __LINE__,
1204  gcry_strerror (rc));
1205  BENCHMARK_END (rsa_verify);
1206  return GNUNET_SYSERR;
1207  }
1208  BENCHMARK_END (rsa_verify);
1209  return GNUNET_OK;
1210 }
static gcry_sexp_t mpi_to_sexp(gcry_mpi_t value)
Convert an MPI to an S-expression suitable for signature operations.
Definition: crypto_rsa.c:864
#define _(String)
GNU gettext support macro.
Definition: platform.h:177

Referenced by checkvec(), and output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_cs_private_key_generate()

void GNUNET_CRYPTO_cs_private_key_generate ( struct GNUNET_CRYPTO_CsPrivateKey priv)

Create a new random private key.

Parameters
[out]privwhere to write the fresh private key

Create a new random private key.

This is an implementation of the Clause Blind Schnorr Signature Scheme using Curve25519. Further details about the Clause Blind Schnorr Signature Scheme can be found here: https://eprint.iacr.org/2019/877.pdf

We use libsodium wherever possible. Create a new random private key.

Parameters
[out]privwhere to write the fresh private key

Definition at line 49 of file crypto_cs.c.

50 {
51  crypto_core_ed25519_scalar_random (priv->scalar.d);
52 }
unsigned char d[crypto_core_ed25519_SCALARBYTES]
32 byte scalar
struct GNUNET_CRYPTO_Cs25519Scalar scalar

References GNUNET_CRYPTO_Cs25519Scalar::d, and GNUNET_CRYPTO_CsPrivateKey::scalar.

◆ GNUNET_CRYPTO_cs_private_key_get_public()

void GNUNET_CRYPTO_cs_private_key_get_public ( const struct GNUNET_CRYPTO_CsPrivateKey priv,
struct GNUNET_CRYPTO_CsPublicKey pub 
)

Extract the public key of the given private key.

Parameters
privthe private key
[out]pubwhere to write the public key

Definition at line 62 of file crypto_cs.c.

65 {
66  GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (pub->point.y,
67  priv->scalar.d));
68 }

References GNUNET_CRYPTO_Cs25519Scalar::d, GNUNET_assert, pub, and GNUNET_CRYPTO_CsPrivateKey::scalar.

◆ GNUNET_CRYPTO_cs_r_derive()

void GNUNET_CRYPTO_cs_r_derive ( const struct GNUNET_CRYPTO_CsNonce nonce,
const struct GNUNET_CRYPTO_CsPrivateKey lts,
struct GNUNET_CRYPTO_CsRSecret  r[2] 
)

Derive a new secret r pair r0 and r1.

In original papers r is generated randomly To provide abort-idempotency, r needs to be derived but still needs to be UNPREDICTABLE To ensure unpredictability a new nonce should be used when a new r needs to be derived. Uses HKDF internally. Comment: Can be done in one HKDF shot and split output.

Parameters
nonceis a random nonce
ltsis a long-term-secret in form of a private key
[out]rarray containing derived secrets r0 and r1

Definition at line 99 of file crypto_cs.c.

102 {
105  sizeof (struct GNUNET_CRYPTO_CsRSecret)
106  * 2,
107  GCRY_MD_SHA512,
108  GCRY_MD_SHA256,
109  "r",
110  strlen ("r"),
111  lts,
112  sizeof (*lts),
113  nonce,
114  sizeof (*nonce),
115  NULL,
116  0));
117 
118  map_to_scalar_subgroup (&r[0].scalar);
119  map_to_scalar_subgroup (&r[1].scalar);
120 }
static void map_to_scalar_subgroup(struct GNUNET_CRYPTO_Cs25519Scalar *scalar)
maps 32 random bytes to a scalar this is necessary because libsodium expects scalar to be in the prim...
Definition: crypto_cs.c:77
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_hkdf(void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_hkdf.c:343
the private r used in the signature

References GNUNET_assert, GNUNET_CRYPTO_hkdf(), GNUNET_YES, and map_to_scalar_subgroup().

Here is the call graph for this function:

◆ GNUNET_CRYPTO_cs_r_get_public()

void GNUNET_CRYPTO_cs_r_get_public ( const struct GNUNET_CRYPTO_CsRSecret r_priv,
struct GNUNET_CRYPTO_CsRPublic r_pub 
)

Extract the public R of the given secret r.

Parameters
r_privthe private key
[out]r_pubwhere to write the public key

Definition at line 130 of file crypto_cs.c.

132 {
133  GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y,
134  r_priv->scalar.d));
135 }
unsigned char y[crypto_core_ed25519_BYTES]
This is a point on the Curve25519.
struct GNUNET_CRYPTO_Cs25519Point point
struct GNUNET_CRYPTO_Cs25519Scalar scalar

References GNUNET_CRYPTO_Cs25519Scalar::d, GNUNET_assert, GNUNET_CRYPTO_CsRPublic::point, GNUNET_CRYPTO_CsRSecret::scalar, and GNUNET_CRYPTO_Cs25519Point::y.

◆ GNUNET_CRYPTO_cs_blinding_secrets_derive()

void GNUNET_CRYPTO_cs_blinding_secrets_derive ( const struct GNUNET_CRYPTO_CsNonce blind_seed,
struct GNUNET_CRYPTO_CsBlindingSecret  bs[2] 
)

Derives new random blinding factors.

In original papers blinding factors are generated randomly To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE To ensure unpredictability a new nonce has to be used. Uses HKDF internally

Parameters
blind_seedis the blinding seed to derive blinding factors
[out]bsarray containing the two derived blinding secrets

In original papers blinding factors are generated randomly To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE To ensure unpredictability a new nonce has to be used. Uses HKDF internally

Parameters
secretis secret to derive blinding factors
secret_lensecret length
[out]bsarray containing the two derived blinding secrets

Definition at line 150 of file crypto_cs.c.

154 {
156  GNUNET_CRYPTO_hkdf (bs,
157  sizeof (struct
159  * 2,
160  GCRY_MD_SHA512,
161  GCRY_MD_SHA256,
162  "alphabeta",
163  strlen ("alphabeta"),
164  blind_seed,
165  sizeof(*blind_seed),
166  NULL,
167  0));
168  map_to_scalar_subgroup (&bs[0].alpha);
169  map_to_scalar_subgroup (&bs[0].beta);
170  map_to_scalar_subgroup (&bs[1].alpha);
171  map_to_scalar_subgroup (&bs[1].beta);
172 }
static float beta
Percentage of total peer number in the view to send random PULLs to.
static float alpha
Percentage of total peer number in the view to send random PUSHes to.
Secret used for blinding (alpha and beta).

References alpha, beta, GNUNET_assert, GNUNET_CRYPTO_hkdf(), GNUNET_YES, and map_to_scalar_subgroup().

Here is the call graph for this function:

◆ GNUNET_CRYPTO_cs_calc_blinded_c()

void GNUNET_CRYPTO_cs_calc_blinded_c ( const struct GNUNET_CRYPTO_CsBlindingSecret  bs[2],
const struct GNUNET_CRYPTO_CsRPublic  r_pub[2],
const struct GNUNET_CRYPTO_CsPublicKey pub,
const void *  msg,
size_t  msg_len,
struct GNUNET_CRYPTO_CsC  blinded_c[2],
struct GNUNET_CRYPTO_CsRPublic  blinded_r_pub[2] 
)

Calculate two blinded c's Comment: One would be insecure due to Wagner's algorithm solving ROS.

Parameters
bsarray of the two blinding factor structs each containing alpha and beta
r_pubarray of the two signer's nonce R
pubthe public key of the signer
msgthe message to blind in preparation for signing
msg_lenlength of message msg
[out]blinded_carray of the two blinded c's
[out]blinded_r_pubarray of the two blinded R

Definition at line 282 of file crypto_cs.c.

291 {
292  // for i 0/1: R'i = Ri + alpha i*G + beta i*pub
293  calc_r_dash (&bs[0], &r_pub[0], pub, &blinded_r_pub[0]);
294  calc_r_dash (&bs[1], &r_pub[1], pub, &blinded_r_pub[1]);
295 
296  // for i 0/1: c'i = H(R'i, msg)
297  struct GNUNET_CRYPTO_CsC c_dash_0;
298  struct GNUNET_CRYPTO_CsC c_dash_1;
299  cs_full_domain_hash (&blinded_r_pub[0], msg, msg_len, pub, &c_dash_0);
300  cs_full_domain_hash (&blinded_r_pub[1], msg, msg_len, pub, &c_dash_1);
301 
302  // for i 0/1: ci = c'i + beta i mod p
303  crypto_core_ed25519_scalar_add (blinded_c[0].scalar.d,
304  c_dash_0.scalar.d,
305  bs[0].beta.d);
306  crypto_core_ed25519_scalar_add (blinded_c[1].scalar.d,
307  c_dash_1.scalar.d,
308  bs[1].beta.d);
309 }
static void calc_r_dash(const struct GNUNET_CRYPTO_CsBlindingSecret *bs, const struct GNUNET_CRYPTO_CsRPublic *r_pub, const struct GNUNET_CRYPTO_CsPublicKey *pub, struct GNUNET_CRYPTO_CsRPublic *blinded_r_pub)
calculate R'
Definition: crypto_cs.c:243
static void cs_full_domain_hash(const struct GNUNET_CRYPTO_CsRPublic *r_dash, const void *msg, size_t msg_len, const struct GNUNET_CRYPTO_CsPublicKey *pub, struct GNUNET_CRYPTO_CsC *c)
Computes a Hash of (R', m) mapped to a Curve25519 scalar.
Definition: crypto_cs.c:196
Schnorr c to be signed.
struct GNUNET_CRYPTO_Cs25519Scalar scalar

References GNUNET_CRYPTO_CsBlindingSecret::beta, calc_r_dash(), cs_full_domain_hash(), GNUNET_CRYPTO_Cs25519Scalar::d, msg, pub, and GNUNET_CRYPTO_CsC::scalar.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_cs_sign_derive()

unsigned int GNUNET_CRYPTO_cs_sign_derive ( const struct GNUNET_CRYPTO_CsPrivateKey priv,
const struct GNUNET_CRYPTO_CsRSecret  r[2],
const struct GNUNET_CRYPTO_CsC  c[2],
const struct GNUNET_CRYPTO_CsNonce nonce,
struct GNUNET_CRYPTO_CsBlindS blinded_signature_scalar 
)

Sign a blinded c This function derives b from a nonce and a longterm secret In original papers b is generated randomly To provide abort-idempotency, b needs to be derived but still need to be UNPREDICTABLE.

To ensure unpredictability a new nonce has to be used for every signature HKDF is used internally for derivation r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive

Parameters
privprivate key to use for the signing and as LTS in HKDF
rarray of the two secret nonce from the signer
carray of the two blinded c to sign c_b
nonceis a random nonce
[out]blinded_signature_scalarwhere to write the signature
Returns
0 or 1 for b (see Clause Blind Signature Scheme)

Definition at line 329 of file crypto_cs.c.

336 {
337  uint32_t hkdf_out;
338 
339  // derive clause session identifier b (random bit)
341  GNUNET_CRYPTO_hkdf (&hkdf_out,
342  sizeof (hkdf_out),
343  GCRY_MD_SHA512,
344  GCRY_MD_SHA256,
345  "b",
346  strlen ("b"),
347  priv,
348  sizeof (*priv),
349  nonce,
350  sizeof (*nonce),
351  NULL,
352  0));
353  unsigned int b = hkdf_out % 2;
354 
355  // s = r_b + c_b priv
356  struct GNUNET_CRYPTO_Cs25519Scalar c_b_mul_priv;
357  crypto_core_ed25519_scalar_mul (c_b_mul_priv.d,
358  c[b].scalar.d,
359  priv->scalar.d);
360  crypto_core_ed25519_scalar_add (blinded_signature_scalar->scalar.d,
361  r[b].scalar.d,
362  c_b_mul_priv.d);
363 
364  return b;
365 }
struct GNUNET_CRYPTO_Cs25519Scalar scalar

References GNUNET_CRYPTO_Cs25519Scalar::d, GNUNET_assert, GNUNET_CRYPTO_hkdf(), GNUNET_YES, GNUNET_CRYPTO_CsRSecret::scalar, GNUNET_CRYPTO_CsBlindS::scalar, GNUNET_CRYPTO_CsPrivateKey::scalar, and GNUNET_CRYPTO_CsC::scalar.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_cs_unblind()

void GNUNET_CRYPTO_cs_unblind ( const struct GNUNET_CRYPTO_CsBlindS blinded_signature_scalar,
const struct GNUNET_CRYPTO_CsBlindingSecret bs,
struct GNUNET_CRYPTO_CsS signature_scalar 
)

Unblind a blind-signed signature using a c that was blinded.

Parameters
blinded_signature_scalarthe signature made on the blinded c
bsthe blinding factors used in the blinding
[out]signature_scalarwhere to write the unblinded signature

Definition at line 376 of file crypto_cs.c.

380 {
381  crypto_core_ed25519_scalar_add (signature_scalar->scalar.d,
382  blinded_signature_scalar->scalar.d,
383  bs->alpha.d);
384 }
struct GNUNET_CRYPTO_Cs25519Scalar alpha
struct GNUNET_CRYPTO_Cs25519Scalar scalar

References GNUNET_CRYPTO_CsBlindingSecret::alpha, GNUNET_CRYPTO_Cs25519Scalar::d, GNUNET_CRYPTO_CsBlindS::scalar, and GNUNET_CRYPTO_CsS::scalar.

◆ GNUNET_CRYPTO_cs_verify()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_cs_verify ( const struct GNUNET_CRYPTO_CsSignature sig,
const struct GNUNET_CRYPTO_CsPublicKey pub,
const void *  msg,
size_t  msg_len 
)

Verify whether the given message corresponds to the given signature and the signature is valid with respect to the given public key.

Parameters
sigsignature that is being validated
pubpublic key of the signer
msgis the message that should be signed by sig (message is used to calculate c)
msg_lenis the message length
Returns
GNUNET_YES on success, GNUNET_SYSERR if signature invalid

Definition at line 376 of file crypto_cs.c.

402 {
403  // calculate c' = H(R, m)
404  struct GNUNET_CRYPTO_CsC c_dash;
405  cs_full_domain_hash (&sig->r_point, msg, msg_len, pub, &c_dash);
406 
407  // s'G ?= R' + c' pub
408  struct GNUNET_CRYPTO_Cs25519Point sig_scal_mul_base;
409  GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (
410  sig_scal_mul_base.y,
411  sig->s_scalar.scalar.d));
412  struct GNUNET_CRYPTO_Cs25519Point c_dash_mul_pub;
413  GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp (c_dash_mul_pub.y,
414  c_dash.scalar.d,
415  pub->point.y));
416  struct GNUNET_CRYPTO_Cs25519Point R_add_c_dash_mul_pub;
417  GNUNET_assert (0 == crypto_core_ed25519_add (R_add_c_dash_mul_pub.y,
418  sig->r_point.point.y,
419  c_dash_mul_pub.y));
420 
421  return 0 == GNUNET_memcmp (&sig_scal_mul_base,
422  &R_add_c_dash_mul_pub)
423  ? GNUNET_OK
424  : GNUNET_SYSERR;
425 }
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
struct GNUNET_CRYPTO_CsS s_scalar
Schnorr signatures are composed of a scalar s and a curve point.
struct GNUNET_CRYPTO_CsRPublic r_point