GNUnet  0.11.x
Macros | Enumerations | Enumerator | Functions
Crypto library: cryptographic operations

Provides cryptographic primitives. More...

Macros

#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
 EdDSA sign a given block. More...
 
#define GNUNET_CRYPTO_ecdsa_sign(priv, ps, sig)
 ECDSA sign a given block. More...
 
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
 Verify EdDSA signature. More...
 
#define GNUNET_CRYPTO_ecdsa_verify(purp, ps, sig, pub)
 Verify ECDSA signature. More...
 

Enumerations

enum  GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK , GNUNET_CRYPTO_QUALITY_STRONG , GNUNET_CRYPTO_QUALITY_NONCE }
 Desired quality level for random numbers. More...
 

Functions

void GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 Seed a weak random generator. More...
 
void GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
 Zero out buffer, securely against compiler optimizations. More...
 
void GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
 Fill block with a random values. More...
 
void GNUNET_CRYPTO_random_timeflake (enum GNUNET_CRYPTO_Quality mode, struct GNUNET_Uuid *uuid)
 Fill UUID with a timeflake pseudo-random value. More...
 
uint32_t GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
 Produce a random value. More...
 
uint64_t GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 Random on unsigned 64-bit values. More...
 
unsigned int * GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
 Get an array with a random permutation of the numbers 0...n-1. More...
 
void GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
 Create a new random session key. More...
 
ssize_t GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Encrypt a block using a symmetric sessionkey. More...
 
ssize_t GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Decrypt a given block using a symmetric sessionkey. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
 Derive an IV. More...
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
int GNUNET_CRYPTO_eddsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 Create a new private key by reading our peer's key from the file specified in the configuration. More...
 
void GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
 Get the shared private key we use for anonymous users. More...
 
void GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
 Setup a hostkey file for a peer given the name of the configuration file (!). More...
 
int GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
 Retrieve the identity of the host's peer. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private ECDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block. More...
 
int GNUNET_CRYPTO_eddsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature. More...
 
int GNUNET_CRYPTO_ecdsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 
void GNUNET_CRYPTO_eddsa_private_key_derive (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPrivateScalar *result)
 Derive a private scalar from a given private key and a label. More...
 
void GNUNET_CRYPTO_eddsa_public_key_derive (const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 

Detailed Description

Provides cryptographic primitives.

See also
Documentation

Macro Definition Documentation

◆ GNUNET_CRYPTO_eddsa_sign

#define GNUNET_CRYPTO_eddsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
@ GNUNET_OK
Definition: gnunet_common.h:95
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:599

EdDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 1719 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_ecdsa_sign

#define GNUNET_CRYPTO_ecdsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition: crypto_ecc.c:549

ECDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 1766 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_eddsa_verify

#define GNUNET_CRYPTO_eddsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_eddsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46

Verify EdDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 1819 of file gnunet_crypto_lib.h.

◆ GNUNET_CRYPTO_ecdsa_verify

#define GNUNET_CRYPTO_ecdsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_ecdsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})

Verify ECDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 1872 of file gnunet_crypto_lib.h.

Enumeration Type Documentation

◆ GNUNET_CRYPTO_Quality

Desired quality level for random numbers.

Enumerator
GNUNET_CRYPTO_QUALITY_WEAK 

No good quality of the operation is needed (i.e., random numbers can be pseudo-random).

GNUNET_CRYPTO_QUALITY_STRONG 

High-quality operations are desired.

GNUNET_CRYPTO_QUALITY_NONCE 

Randomness for IVs etc.

is required.

Definition at line 75 of file gnunet_crypto_lib.h.

76 {
83 
89 
95 };
@ GNUNET_CRYPTO_QUALITY_STRONG
High-quality operations are desired.
@ GNUNET_CRYPTO_QUALITY_WEAK
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
@ GNUNET_CRYPTO_QUALITY_NONCE
Randomness for IVs etc.

Function Documentation

◆ GNUNET_CRYPTO_seed_weak_random()

void GNUNET_CRYPTO_seed_weak_random ( int32_t  seed)

Seed a weak random generator.

Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator can be seeded.

Parameters
seedthe seed to use

Definition at line 97 of file crypto_random.c.

98 {
99  srandom (seed);
100 }

Referenced by __attribute__().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_zero_keys()

void GNUNET_CRYPTO_zero_keys ( void *  buffer,
size_t  length 
)

Zero out buffer, securely against compiler optimizations.

Used to delete key material.

Parameters
bufferthe buffer to zap
lengthbuffer length

Definition at line 112 of file crypto_random.c.

113 {
114 #if HAVE_MEMSET_S
115  memset_s (buffer, length, 0, length);
116 #elif HAVE_EXPLICIT_BZERO
117  explicit_bzero (buffer, length);
118 #else
119  volatile unsigned char *p = buffer;
120  while (length--)
121  *p++ = 0;
122 #endif
123 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59

References p.

Referenced by dv_key_clean(), GNUNET_IDENTITY_decrypt(), and GNUNET_IDENTITY_encrypt().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_block()

void GNUNET_CRYPTO_random_block ( enum GNUNET_CRYPTO_Quality  mode,
void *  buffer,
size_t  length 
)

Fill block with a random values.

Parameters
modedesired quality of the random number
bufferthe buffer to fill
lengthbuffer length

Definition at line 135 of file crypto_random.c.

138 {
139 #ifdef gcry_fast_random_poll
140  static unsigned int invokeCount;
141 #endif
142  switch (mode)
143  {
145  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
146 #ifdef gcry_fast_random_poll
147  if ((invokeCount++ % 256) == 0)
148  gcry_fast_random_poll ();
149 #endif
150  gcry_randomize (buffer, length, GCRY_STRONG_RANDOM);
151  return;
152 
154  gcry_create_nonce (buffer, length);
155  return;
156 
158  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
159 #ifdef gcry_fast_random_poll
160  if ((invokeCount++ % 256) == 0)
161  gcry_fast_random_poll ();
162 #endif
163  gcry_randomize (buffer, length, GCRY_WEAK_RANDOM);
164  return;
165 
166  default:
167  GNUNET_assert (0);
168  }
169 }
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.

References GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and mode.

Referenced by delayed_put(), do_pad(), encode_message_body(), GCC_create(), generate_free_member_id(), GNUNET_async_scope_fresh(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_random_timeflake(), handle_validation_response(), output_vectors(), prepare_pending_acknowledgement(), RPS_sampler_elem_reinit(), run(), start_address_validation(), start_dv_learn(), and transmit_kx().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_timeflake()

void GNUNET_CRYPTO_random_timeflake ( enum GNUNET_CRYPTO_Quality  mode,
struct GNUNET_Uuid uuid 
)

Fill UUID with a timeflake pseudo-random value.

Note that timeflakes use only 80 bits of randomness and 48 bits to encode a timestamp in milliseconds. So what we return here is not a completely random number.

Parameters
modedesired quality of the random number
uuidthe value to fill

Definition at line 325 of file crypto_random.c.

327 {
328  struct GNUNET_TIME_Absolute now;
329  uint64_t ms;
330  uint64_t be;
331  char *base;
332 
334  uuid,
335  sizeof (struct GNUNET_Uuid));
336  now = GNUNET_TIME_absolute_get ();
337  ms = now.abs_value_us / GNUNET_TIME_UNIT_MILLISECONDS.rel_value_us;
338  be = GNUNET_htonll (ms);
339  base = (char *) &be;
340  memcpy (uuid,
341  base + 2,
342  sizeof (be) - 2);
343 }
uint64_t GNUNET_htonll(uint64_t n)
Convert unsigned 64-bit integer to network byte order.
Definition: common_endian.c:36
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
#define GNUNET_TIME_UNIT_MILLISECONDS
One millisecond.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:86
Time for absolute times used by GNUnet, in microseconds.
A UUID, a 128 bit "random" value.

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_CRYPTO_random_block(), GNUNET_htonll(), GNUNET_TIME_absolute_get(), GNUNET_TIME_UNIT_MILLISECONDS, and mode.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u32()

uint32_t GNUNET_CRYPTO_random_u32 ( enum GNUNET_CRYPTO_Quality  mode,
uint32_t  i 
)

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i) (exclusive).

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i[.

Definition at line 180 of file crypto_random.c.

182 {
183 #ifdef gcry_fast_random_poll
184  static unsigned int invokeCount;
185 #endif
186  uint32_t ret;
187  uint32_t ul;
188 
189  GNUNET_assert (i > 0);
190 
191  switch (mode)
192  {
194  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
195 #ifdef gcry_fast_random_poll
196  if ((invokeCount++ % 256) == 0)
197  gcry_fast_random_poll ();
198 #endif
199  ul = UINT32_MAX - (UINT32_MAX % i);
200  do
201  {
202  gcry_randomize ((unsigned char *) &ret,
203  sizeof(uint32_t),
204  GCRY_STRONG_RANDOM);
205  }
206  while (ret >= ul);
207  return ret % i;
208 
210  ul = UINT32_MAX - (UINT32_MAX % i);
211  do
212  {
213  gcry_create_nonce (&ret, sizeof(ret));
214  }
215  while (ret >= ul);
216  return ret % i;
217 
219  ret = i * get_weak_random ();
220  if (ret >= i)
221  ret = i - 1;
222  return ret;
223 
224  default:
225  GNUNET_assert (0);
226  }
227  return 0;
228 }
static double get_weak_random(void)
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:84
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, mode, and ret.

Referenced by __attribute__(), adjust_running_peers(), allocate_v4_address(), allocate_v6_address(), attempt_connect_task(), barrier_wait_cb(), calculate_seed(), channel_new_cb(), compute_service_response(), daemon_started(), delayed_get(), delayed_put(), download_get_url(), find_validation_entry(), GDS_NEIGHBOURS_handle_get(), gen_topo_random(), generate_indices(), generate_request_id(), get_bootstrap_server(), get_forward_count(), get_preference(), get_property(), get_random_literal(), get_random_peer_from_peermap(), get_request_socket(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_hash_create_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FRAGMENT_context_create(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_find_peer(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), main(), manage_service_wrapper(), ogg_init(), plan(), postgres_plugin_get_random(), queue(), reannounce_regex(), recursive_dns_resolution(), refresh_bloomfilter(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), revalidate_address(), run(), second_stage(), select_peer(), select_random_peer(), send_bloomfilter(), send_find_peer_message(), send_hello(), send_keepalive(), setup_fresh_address(), setup_fresh_ping(), setup_sockets(), should_I_drop(), shuffle_answers(), sqlite_plugin_get(), sqlite_plugin_get_random(), start_dv_learn(), test_run(), transmit_request(), transmit_typemap_task(), and try_open_exit().

Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u64()

uint64_t GNUNET_CRYPTO_random_u64 ( enum GNUNET_CRYPTO_Quality  mode,
uint64_t  max 
)

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Definition at line 271 of file crypto_random.c.

273 {
274  uint64_t ret;
275  uint64_t ul;
276 
277  GNUNET_assert (max > 0);
278  switch (mode)
279  {
281  ul = UINT64_MAX - (UINT64_MAX % max);
282  do
283  {
284  gcry_randomize ((unsigned char *) &ret,
285  sizeof(uint64_t),
286  GCRY_STRONG_RANDOM);
287  }
288  while (ret >= ul);
289  return ret % max;
290 
292  ul = UINT64_MAX - (UINT64_MAX % max);
293  do
294  {
295  gcry_create_nonce (&ret, sizeof(ret));
296  }
297  while (ret >= ul);
298 
299  return ret % max;
300 
302  ret = max * get_weak_random ();
303  if (ret >= max)
304  ret = max - 1;
305  return ret;
306 
307  default:
308  GNUNET_assert (0);
309  }
310  return 0;
311 }
#define max(x, y)

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, max, mode, and ret.

Referenced by activate_core_visible_dv_path(), calculate_fork_degree(), choose_exit(), dht_connected(), gen_topo_scale_free(), GNUNET_DHT_connect(), GNUNET_REVOCATION_pow_start(), ifc_broadcast(), mysql_plugin_get_key(), mysql_plugin_get_replication(), mysql_plugin_put(), namestore_flat_store_records(), namestore_postgres_store_records(), namestore_sqlite_store_records(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), sampler_get_rand_peer(), send_find_peer_message(), send_full_set(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_permute()

unsigned int* GNUNET_CRYPTO_random_permute ( enum GNUNET_CRYPTO_Quality  mode,
unsigned int  n 
)

Get an array with a random permutation of the numbers 0...n-1.

Parameters
modeGNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used, GNUNET_CRYPTO_QUALITY_WEAK or GNUNET_CRYPTO_QUALITY_NONCE otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)
Parameters
mode#GNUNET_RANDOM_QUALITY_STRONG if the strong (but expensive) PRNG should be used, #GNUNET_RANDOM_QUALITY_WEAK otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)

Definition at line 240 of file crypto_random.c.

242 {
243  unsigned int *ret;
244  unsigned int i;
245  unsigned int tmp;
246  uint32_t x;
247 
248  GNUNET_assert (n > 0);
249  ret = GNUNET_malloc (n * sizeof(unsigned int));
250  for (i = 0; i < n; i++)
251  ret[i] = i;
252  for (i = n - 1; i > 0; i--)
253  {
254  x = GNUNET_CRYPTO_random_u32 (mode, i + 1);
255  tmp = ret[x];
256  ret[x] = ret[i];
257  ret[i] = tmp;
258  }
259  return ret;
260 }
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random unsigned 32-bit number modulo i.
#define GNUNET_malloc(size)
Wrapper around malloc.

References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, mode, and ret.

Referenced by churn(), compute_service_response(), and do_round().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_create_session_key()

void GNUNET_CRYPTO_symmetric_create_session_key ( struct GNUNET_CRYPTO_SymmetricSessionKey key)

Create a new random session key.

Parameters
keykey to initialize

Create a new random session key.

Parameters
keysession key to initialize

Definition at line 41 of file crypto_symmetric.c.

44 {
45  gcry_randomize (key->aes_key,
47  GCRY_STRONG_RANDOM);
48  gcry_randomize (key->twofish_key,
50  GCRY_STRONG_RANDOM);
51 }
struct GNUNET_HashCode key
The key used in the DHT.
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)

References GNUNET_CRYPTO_AES_KEY_LENGTH, and key.

◆ GNUNET_CRYPTO_symmetric_encrypt()

ssize_t GNUNET_CRYPTO_symmetric_encrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams.
Returns
the size of the encrypted block, -1 for errors

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams
resultthe output parameter in which to store the encrypted result can be the same or overlap with block
Returns
the size of the encrypted block, -1 for errors. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as len.

Definition at line 130 of file crypto_symmetric.c.

137 {
138  gcry_cipher_hd_t handle;
139  char tmp[size];
140 
141  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
142  return -1;
143  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
144  gcry_cipher_close (handle);
145  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
146  return -1;
147  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
148  gcry_cipher_close (handle);
149  memset (tmp, 0, sizeof(tmp));
150  return size;
151 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67

References GNUNET_assert, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by do_encrypt(), encrypt_existing_match(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), GNUNET_IDENTITY_encrypt(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_decrypt()

ssize_t GNUNET_CRYPTO_symmetric_decrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizehow big is the block?
sessionkeythe key used to decrypt
ivthe initialization vector to use
resultaddress to store the result at
Returns
-1 on failure, size of decrypted block on success

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizethe size of the block to decrypt
sessionkeythe key used to decrypt
ivthe initialization vector to use, use INITVALUE for streams
resultaddress to store the result at can be the same or overlap with block
Returns
-1 on failure, size of decrypted block on success. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as size.

Definition at line 168 of file crypto_symmetric.c.

175 {
176  gcry_cipher_hd_t handle;
177  char tmp[size];
178 
179  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
180  return -1;
181  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
182  gcry_cipher_close (handle);
183  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
184  return -1;
185  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
186  gcry_cipher_close (handle);
187  memset (tmp, 0, sizeof(tmp));
188  return size;
189 }

References GNUNET_assert, GNUNET_OK, handle, result, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by do_decrypt(), GNUNET_FS_ublock_decrypt_(), GNUNET_IDENTITY_decrypt(), process_result_with_request(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_derive_iv()

void GNUNET_CRYPTO_symmetric_derive_iv ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
const void *  salt,
size_t  salt_len,
  ... 
)

Derive an IV.

Parameters
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
...pairs of void * & size_t for context chunks, terminated by NULL

Definition at line 202 of file crypto_symmetric.c.

210 {
211  va_list argp;
212 
213  va_start (argp, salt_len);
214  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
215  va_end (argp);
216 }
void GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
Derive an IV.
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.

References GNUNET_CRYPTO_symmetric_derive_iv_v(), and salt.

Referenced by derive_iv(), derive_pong_iv(), t_ax_decrypt(), t_ax_encrypt(), t_h_decrypt(), t_h_encrypt(), and try_old_ax_keys().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_public()

void GNUNET_CRYPTO_ecdsa_key_get_public ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 186 of file crypto_ecc.c.

189 {
190  BENCHMARK_START (ecdsa_key_get_public);
191  crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
192  BENCHMARK_END (ecdsa_key_get_public);
193 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by block_create_ecdsa(), block_decrypt_ecdsa(), decrypt_block_with_keyword(), get_update_information_directory(), GNUNET_ABD_delegate_issue(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), handle_collect(), and process_kblock_for_unindex().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_get_public()

void GNUNET_CRYPTO_eddsa_key_get_public ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 197 of file crypto_ecc.c.

200 {
201  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
202  unsigned char sk[crypto_sign_SECRETKEYBYTES];
203 
204  BENCHMARK_START (eddsa_key_get_public);
205  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
206  GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
207  sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
208  BENCHMARK_END (eddsa_key_get_public);
209 }
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_memcpy, pk, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by advertise_dns_exit(), block_decrypt_ecdsa(), checkvec(), create_keys(), get_identity(), get_pub_key(), GNUNET_CRYPTO_eddsa_private_key_derive(), GNUNET_FS_uri_loc_create(), GNUNET_TESTING_hostkey_get(), GSC_KX_init(), init_socket(), main_init(), output_vectors(), print_key(), regex_iterator(), and run().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_get_public()

void GNUNET_CRYPTO_ecdhe_key_get_public ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
struct GNUNET_CRYPTO_EcdhePublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 213 of file crypto_ecc.c.

216 {
217  BENCHMARK_START (ecdhe_key_get_public);
218  GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
219  BENCHMARK_END (ecdhe_key_get_public);
220 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, pub, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by GCT_add_channel(), GCT_send(), GNUNET_IDENTITY_encrypt(), inject_rekey(), mq_send_kx(), output_vectors(), print_examples_ecdh(), send_kx(), send_kx_auth(), sign_ephemeral_key(), start_initial_kx_out(), and update_ephemeral().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_from_file()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EcdsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

Definition at line 1 of file crypto_ecc_setup.c.

196 {
197  if (GNUNET_OK ==
199  pkey,
200  sizeof (*pkey)))
201  {
202  /* file existed, report that we didn't create it... */
203  return (do_create) ? GNUNET_NO : GNUNET_OK;
204  }
206  if (GNUNET_OK ==
208  pkey,
209  sizeof (*pkey),
211  return GNUNET_OK;
212  /* maybe another process succeeded in the meantime, try reading one more time */
213  if (GNUNET_OK ==
215  pkey,
216  sizeof (*pkey)))
217  {
218  /* file existed, report that *we* didn't create it... */
219  return (do_create) ? GNUNET_NO : GNUNET_OK;
220  }
221  /* give up */
222  return GNUNET_SYSERR;
223 }
static enum GNUNET_GenericReturnValue read_from_file(const char *filename, void *buf, size_t buf_size)
Read file to buf.
static char * filename
static char * pkey
Public key of the zone to look in, in ASCII.
@ GNUNET_NO
Definition: gnunet_common.h:94
@ GNUNET_SYSERR
Definition: gnunet_common.h:93
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:446
enum GNUNET_GenericReturnValue GNUNET_DISK_fn_write(const char *fn, const void *buf, size_t buf_size, enum GNUNET_DISK_AccessPermissions mode)
Write a buffer to a file atomically.
Definition: disk.c:725
@ GNUNET_DISK_PERM_USER_READ
Owner can read.

◆ GNUNET_CRYPTO_eddsa_key_from_file()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EddsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

Definition at line 1 of file crypto_ecc_setup.c.

144 {
146 
147  if (GNUNET_OK ==
149  pkey,
150  sizeof (*pkey)))
151  {
152  /* file existed, report that we didn't create it... */
153  return (do_create) ? GNUNET_NO : GNUNET_OK;
154  }
157  pkey,
158  sizeof (*pkey),
160  if ( (GNUNET_OK == ret) ||
161  (GNUNET_SYSERR == ret) )
162  return ret;
163  /* maybe another process succeeded in the meantime, try reading one more time */
164  if (GNUNET_OK ==
166  pkey,
167  sizeof (*pkey)))
168  {
169  /* file existed, report that *we* didn't create it... */
170  return (do_create) ? GNUNET_NO : GNUNET_OK;
171  }
172  /* give up */
173  return GNUNET_SYSERR;
174 }
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:92
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:461

Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), main_init(), and run().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_configuration()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_configuration ( const struct GNUNET_CONFIGURATION_Handle cfg)

Create a new private key by reading our peer's key from the file specified in the configuration.

Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free
Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 235 of file crypto_ecc_setup.c.

237 {
238  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
239  char *fn;
240 
241  if (GNUNET_OK !=
243  "PEER",
244  "PRIVATE_KEY",
245  &fn))
246  return NULL;
249  GNUNET_YES,
250  priv);
251  GNUNET_free (fn);
252  return priv;
253 }
static const struct GNUNET_CONFIGURATION_Handle * cfg
Configuration we are using.
Definition: gnunet-abd.c:36
@ GNUNET_YES
Definition: gnunet_common.h:97
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
int GNUNET_CRYPTO_eddsa_key_from_file(const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
Create a new private key by reading it from a file.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_free(ptr)
Wrapper around free.
Private ECC key encoded for transmission.

References cfg, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_from_file(), GNUNET_free, GNUNET_new, GNUNET_OK, and GNUNET_YES.

Referenced by advertise_dns_exit(), GNUNET_CRYPTO_eddsa_setup_key(), init_socket(), and run().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create()

void GNUNET_CRYPTO_ecdsa_key_create ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 446 of file crypto_ecc.c.

447 {
448  BENCHMARK_START (ecdsa_key_create);
450  pk,
451  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
452  pk->d[0] &= 248;
453  pk->d[31] &= 127;
454  pk->d[31] |= 64;
455 
456  BENCHMARK_END (ecdsa_key_create);
457 }
Private ECC key encoded for transmission.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.

Referenced by private_key_create(), run(), and run_pkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create()

void GNUNET_CRYPTO_eddsa_key_create ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 461 of file crypto_ecc.c.

462 {
463  BENCHMARK_START (eddsa_key_create);
464  /*
465  * We do not clamp for EdDSA, since all functions that use the private key do
466  * their own clamping (just like in libsodium). What we call "private key"
467  * here, actually corresponds to the seed in libsodium.
468  *
469  * (Contrast this to ECDSA, where functions using the private key can't clamp
470  * due to properties needed for GNS. That is a worse/unsafer API, but
471  * required for the GNS constructions to work.)
472  */
474  pk,
475  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
476  BENCHMARK_END (eddsa_key_create);
477 }

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.

Referenced by create_keys(), output_vectors(), private_key_create(), and run_edkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create()

void GNUNET_CRYPTO_ecdhe_key_create ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Create a new private key.

Clear with GNUNET_CRYPTO_ecdhe_key_clear().

Parameters
[out]pkset to fresh private key;

Definition at line 435 of file crypto_ecc.c.

436 {
437  BENCHMARK_START (ecdhe_key_create);
439  pk,
440  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
441  BENCHMARK_END (ecdhe_key_create);
442 }
Private ECC key encoded for transmission.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_random_block(), and pk.

Referenced by do_rekey(), GCT_create_tunnel(), GNUNET_IDENTITY_encrypt(), GSC_KX_init(), inject_rekey(), mq_send_kx(), new_ephemeral(), output_vectors(), print_examples_ecdh(), send_UDPRekey(), start_initial_kx_out(), and update_ephemeral().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_clear()

void GNUNET_CRYPTO_eddsa_key_clear ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 428 of file crypto_ecc.c.

429 {
430  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
431 }

References pk.

◆ GNUNET_CRYPTO_ecdsa_key_clear()

void GNUNET_CRYPTO_ecdsa_key_clear ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 421 of file crypto_ecc.c.

422 {
423  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
424 }

References pk.

◆ GNUNET_CRYPTO_ecdhe_key_clear()

void GNUNET_CRYPTO_ecdhe_key_clear ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 414 of file crypto_ecc.c.

415 {
416  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
417 }

References pk.

Referenced by cleanup_ax(), and GNUNET_IDENTITY_encrypt().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_anonymous()

const struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_get_anonymous ( void  )

Get the shared private key we use for anonymous users.

Returns
"anonymous" private key; do not free

'anonymous' pseudonym (global static, d=1, public key = G (generator).

Definition at line 481 of file crypto_ecc.c.

482 {
487  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
488  static int once;
489 
490  if (once)
491  return &anonymous;
493  sizeof(anonymous.d),
494  GCRYMPI_CONST_ONE);
495  anonymous.d[0] &= 248;
496  anonymous.d[31] &= 127;
497  anonymous.d[31] |= 64;
498 
499  once = 1;
500  return &anonymous;
501 }
static int once
Global to mark if we've run the initialization.
Definition: gnsrecord.c:68
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78

References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.

Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_setup_hostkey()

void GNUNET_CRYPTO_eddsa_setup_hostkey ( const char *  cfg_name)

Setup a hostkey file for a peer given the name of the configuration file (!).

This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).

Parameters
cfg_namename of the configuration file to use

◆ GNUNET_CRYPTO_get_peer_identity()

int GNUNET_CRYPTO_get_peer_identity ( const struct GNUNET_CONFIGURATION_Handle cfg,
struct GNUNET_PeerIdentity dst 
)

Retrieve the identity of the host's peer.

Parameters
cfgconfiguration to use
dstpointer to where to write the peer identity
Returns
GNUNET_OK on success, GNUNET_SYSERR if the identity could not be retrieved

Definition at line 235 of file crypto_ecc_setup.c.

267 {
268  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
269 
271  {
273  _ ("Could not load peer's private key\n"));
274  return GNUNET_SYSERR;
275  }
277  &dst->public_key);
278  GNUNET_free (priv);
279  return GNUNET_OK;
280 }
#define GNUNET_log(kind,...)
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer's key from the file specified in the configuration.
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
@ GNUNET_ERROR_TYPE_ERROR
#define _(String)
GNU gettext support macro.
Definition: platform.h:177
struct GNUNET_CRYPTO_EddsaPublicKey public_key

Referenced by get_service_peer_identity(), GNUNET_CONVERSATION_phone_create(), on_peer(), and run().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

708 {
709  uint8_t p[crypto_scalarmult_BYTES];
710  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
711  return GNUNET_SYSERR;
712  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
713  return GNUNET_OK;
714 }
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41

References data, GNUNET_CRYPTO_hash(), GNUNET_ERROR_TYPE_ERROR, LOG_GCRY, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by checkvec(), derive_session_keys(), output_vectors(), print_examples_ecdh(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private EdDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from EdDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

721 {
722  struct GNUNET_HashCode hc;
723  uint8_t a[crypto_scalarmult_SCALARBYTES];
724  uint8_t p[crypto_scalarmult_BYTES];
725 
726  GNUNET_CRYPTO_hash (priv,
727  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
728  &hc);
729  memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
730  if (0 != crypto_scalarmult (p, a, pub->q_y))
731  return GNUNET_SYSERR;
733  crypto_scalarmult_BYTES,
734  key_material);
735  return GNUNET_OK;
736 }
A 512-bit hashcode.

Referenced by dh_key_derive_eph_pub(), GNUNET_IDENTITY_decrypt(), setup_in_cipher(), setup_shared_secret_dec(), and update_ax_by_kx().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private ECDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

743 {
744  uint8_t p[crypto_scalarmult_BYTES];
745 
746  BENCHMARK_START (ecdsa_ecdh);
747  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
748  return GNUNET_SYSERR;
750  crypto_scalarmult_BYTES,
751  key_material);
752  BENCHMARK_END (ecdsa_ecdh);
753  return GNUNET_OK;
754 }

Referenced by GNUNET_IDENTITY_decrypt().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_eddsa()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EddsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EdDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_eddsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from EdDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

761 {
762  uint8_t p[crypto_scalarmult_BYTES];
763  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
764 
765  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
766  return GNUNET_SYSERR;
767  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
768  return GNUNET_SYSERR;
769  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
770  return GNUNET_OK;
771 }

Referenced by checkvec(), dh_key_derive_eph_pid(), GNUNET_IDENTITY_encrypt(), output_vectors(), setup_out_cipher(), setup_shared_secret_enc(), and update_ax_by_kx().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_ecdsa()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EcDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

778 {
779  uint8_t p[crypto_scalarmult_BYTES];
780  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
781 
782  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
783  return GNUNET_SYSERR;
784  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
785  return GNUNET_SYSERR;
786  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
787  return GNUNET_OK;
788 }

Referenced by GNUNET_IDENTITY_encrypt().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EddsaSignature sig 
)

EdDSA sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_eddsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

603 {
604 
605  size_t mlen = ntohl (purpose->size);
606  unsigned char sk[crypto_sign_SECRETKEYBYTES];
607  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
608  int res;
609 
610  BENCHMARK_START (eddsa_sign);
611  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
612  res = crypto_sign_detached ((uint8_t *) sig,
613  NULL,
614  (uint8_t *) purpose,
615  mlen,
616  sk);
617  BENCHMARK_END (eddsa_sign);
618  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
619 }
static int res
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...

Referenced by do_dht_put(), GNUNET_IDENTITY_sign_(), GST_validation_handle_ping(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), ip_sign(), regex_iterator(), send_disconnect(), setup_flood_message(), and sign_ephemeral_key().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EcdsaSignature sig 
)

ECDSA Sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 512 of file crypto_ecc.c.

553 {
554  gcry_sexp_t priv_sexp;
555  gcry_sexp_t sig_sexp;
556  gcry_sexp_t data;
557  int rc;
558  gcry_mpi_t rs[2];
559 
560  BENCHMARK_START (ecdsa_sign);
561 
562  priv_sexp = decode_private_ecdsa_key (priv);
563  data = data_to_ecdsa_value (purpose);
564  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
565  {
567  _ ("ECC signing failed at %s:%d: %s\n"),
568  __FILE__,
569  __LINE__,
570  gcry_strerror (rc));
571  gcry_sexp_release (data);
572  gcry_sexp_release (priv_sexp);
573  return GNUNET_SYSERR;
574  }
575  gcry_sexp_release (priv_sexp);
576  gcry_sexp_release (data);
577 
578  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
579  'signature' */
580  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
581  {
582  GNUNET_break (0);
583  gcry_sexp_release (sig_sexp);
584  return GNUNET_SYSERR;
585  }
586  gcry_sexp_release (sig_sexp);
587  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
588  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
589  gcry_mpi_release (rs[0]);
590  gcry_mpi_release (rs[1]);
591 
592  BENCHMARK_END (ecdsa_sign);
593 
594  return GNUNET_OK;
595 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:96
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:512
#define LOG(kind,...)
Definition: crypto_ecc.c:61
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:154
uint32_t data
The data value.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_WARNING
unsigned char s[256/8]
S value.
unsigned char r[256/8]
R value.

Referenced by block_create_ecdsa(), GNUNET_FS_publish_ublock_(), and GNUNET_IDENTITY_sign_().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_verify_()

int GNUNET_CRYPTO_eddsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EddsaSignature sig,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Verify EdDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 512 of file crypto_ecc.c.

687 {
688  const unsigned char *m = (const void *) validate;
689  size_t mlen = ntohl (validate->size);
690  const unsigned char *s = (const void *) sig;
691 
692  int res;
693 
694  if (purpose != ntohl (validate->purpose))
695  return GNUNET_SYSERR; /* purpose mismatch */
696 
697  BENCHMARK_START (eddsa_verify);
698  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
699  BENCHMARK_END (eddsa_verify);
700  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
701 }
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...

Referenced by GNUNET_IDENTITY_signature_verify_(), GST_neighbours_handle_disconnect_message(), GST_validation_handle_pong(), handle_ephemeral_key(), keygen_round1_new_element(), keygen_round2_new_element(), and verify_message_crypto().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_verify_()

int GNUNET_CRYPTO_ecdsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EcdsaSignature sig,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Verify ECDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 512 of file crypto_ecc.c.

628 {
629  gcry_sexp_t data;
630  gcry_sexp_t sig_sexpr;
631  gcry_sexp_t pub_sexpr;
632  int rc;
633 
634  BENCHMARK_START (ecdsa_verify);
635 
636  if (purpose != ntohl (validate->purpose))
637  return GNUNET_SYSERR; /* purpose mismatch */
638 
639  /* build s-expression for signature */
640  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
641  NULL,
642  "(sig-val(ecdsa(r %b)(s %b)))",
643  (int) sizeof(sig->r),
644  sig->r,
645  (int) sizeof(sig->s),
646  sig->s)))
647  {
648  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
649  return GNUNET_SYSERR;
650  }
651  data = data_to_ecdsa_value (validate);
652  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
653  NULL,
654  "(public-key(ecc(curve " CURVE ")(q %b)))",
655  (int) sizeof(pub->q_y),
656  pub->q_y)))
657  {
658  gcry_sexp_release (data);
659  gcry_sexp_release (sig_sexpr);
660  return GNUNET_SYSERR;
661  }
662  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
663  gcry_sexp_release (pub_sexpr);
664  gcry_sexp_release (data);
665  gcry_sexp_release (sig_sexpr);
666  if (0 != rc)
667  {
669  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
670  __FILE__,
671  __LINE__,
672  gcry_strerror (rc));
673  BENCHMARK_END (ecdsa_verify);
674  return GNUNET_SYSERR;
675  }
676  BENCHMARK_END (ecdsa_verify);
677  return GNUNET_OK;
678 }
#define CURVE
IMPLEMENTATION NOTICE:
Definition: crypto_ecc.c:59
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the mess...
Definition: crypto_ecc.c:74
@ GNUNET_ERROR_TYPE_INFO

Referenced by GNUNET_IDENTITY_signature_verify_().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_private_key_derive()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_private_key_derive ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const char *  label,
const char *  context 
)

Derive a private key from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Definition at line 179 of file crypto_ecc_gnsrecord.c.

183 {
186  struct GNUNET_HashCode hc;
187  uint8_t dc[32];
188  gcry_mpi_t h;
189  gcry_mpi_t x;
190  gcry_mpi_t d;
191  gcry_mpi_t n;
192  gcry_ctx_t ctx;
193 
194  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
195 
196  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
198 
199  derive_h (&pub, sizeof (pub), label, context, &hc);
200  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
201 
202  /* Convert to big endian for libgcrypt */
203  for (size_t i = 0; i < 32; i++)
204  dc[i] = priv->d[31 - i];
205  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc));
206  d = gcry_mpi_new (256);
207  gcry_mpi_mulm (d, h, x, n);
208  gcry_mpi_release (h);
209  gcry_mpi_release (x);
210  gcry_mpi_release (n);
211  gcry_ctx_release (ctx);
213  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
214  /* Convert to big endian for libgcrypt */
215  for (size_t i = 0; i < 32; i++)
216  ret->d[i] = dc[31 - i];
217  sodium_memzero (dc, sizeof(dc));
218  gcry_mpi_release (d);
219  return ret;
220 }
#define CURVE
void derive_h(const void *pub, size_t pubsize, const char *label, const char *context, struct GNUNET_HashCode *hc)
Derive the 'h' value for key derivation, where 'h = H(l,P)'.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static struct GNUNET_FS_DownloadContext * dc
static pa_context * context
Pulseaudio context.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:186
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...

References context, ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_new, h, pub, and ret.

Referenced by block_create_ecdsa(), and GNUNET_FS_publish_ublock_().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_derive()

void GNUNET_CRYPTO_ecdsa_public_key_derive ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EcdsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 224 of file crypto_ecc_gnsrecord.c.

229 {
230  struct GNUNET_HashCode hc;
231  gcry_ctx_t ctx;
232  gcry_mpi_t q_y;
233  gcry_mpi_t h;
234  gcry_mpi_t n;
235  gcry_mpi_t h_mod_n;
236  gcry_mpi_point_t q;
237  gcry_mpi_point_t v;
238 
239  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
240 
241  /* obtain point 'q' from original public key. The provided 'q' is
242  compressed thus we first store it in the context and then get it
243  back as a (decompresssed) point. */
244  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
245  GNUNET_assert (NULL != q_y);
246  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
247  gcry_mpi_release (q_y);
248  q = gcry_mpi_ec_get_point ("q", ctx, 0);
249  GNUNET_assert (q);
250 
251  /* calculate h_mod_n = h % n */
252  derive_h (pub, sizeof (*pub), label, context, &hc);
253  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
254  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
255  h_mod_n = gcry_mpi_new (256);
256  gcry_mpi_mod (h_mod_n, h, n);
257  /* calculate v = h_mod_n * q */
258  v = gcry_mpi_point_new (0);
259  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
260  gcry_mpi_release (h_mod_n);
261  gcry_mpi_release (h);
262  gcry_mpi_release (n);
263  gcry_mpi_point_release (q);
264 
265  /* convert point 'v' to public key that we return */
266  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
267  gcry_mpi_point_release (v);
268  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
269  GNUNET_assert (q_y);
270  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
271  gcry_mpi_release (q_y);
272  gcry_ctx_release (ctx);
273 }
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.

References context, ctx, CURVE, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, q, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.

Referenced by GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), and schedule_transmit_search_request().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_private_key_derive()

void GNUNET_CRYPTO_eddsa_private_key_derive ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EddsaPrivateScalar result 
)

Derive a private scalar from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'. The result is the derived private scalar, not the private key as for EdDSA we cannot derive before we hash the private key.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
resultderived private scalar

Libsodium does not offer an API with arbitrary arithmetic. Hence we have to use libgcrypt here.

Get our modulo

This is the standard private key expansion in Ed25519. The first 32 octets are used as a little-endian private scalar. We derive this scalar using our "h".

Get h mod n

dc now contains the private scalar "a". We carefully remove the clamping and derive a'. Calculate: a1 := a / 8 a2 := h * a1 mod n a' := a2 * 8 mod n

We hash the derived "h" parameter with the other half of the expanded private key. This ensures that for signature generation, the "R" is derived from the same derivation path as "h" and is not reused.

Definition at line 277 of file crypto_ecc_gnsrecord.c.

282 {
284  struct GNUNET_HashCode hc;
285  uint8_t dc[32];
286  unsigned char sk[64];
287  gcry_mpi_t h;
288  gcry_mpi_t h_mod_n;
289  gcry_mpi_t x;
290  gcry_mpi_t d;
291  gcry_mpi_t n;
292  gcry_mpi_t a1;
293  gcry_mpi_t a2;
294  gcry_ctx_t ctx;
295 
300  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, "Ed25519"));
301 
305  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
307 
314  crypto_hash_sha512 (sk, priv->d, 32);
315  sk[0] &= 248;
316  sk[31] &= 127;
317  sk[31] |= 64;
318 
322  derive_h (&pub, sizeof (pub), label, context, &hc);
323  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
324  h_mod_n = gcry_mpi_new (256);
325  gcry_mpi_mod (h_mod_n, h, n);
326  /* Convert scalar to big endian for libgcrypt */
327  for (size_t i = 0; i < 32; i++)
328  dc[i] = sk[31 - i];
329 
338  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc)); // a
339  a1 = gcry_mpi_new (256);
340  gcry_mpi_t eight = gcry_mpi_set_ui (NULL, 8);
341  gcry_mpi_div (a1, NULL, x, eight, 0); // a1 := a / 8
342  a2 = gcry_mpi_new (256);
343  gcry_mpi_mulm (a2, h_mod_n, a1, n); // a2 := h * a1 mod n
344  d = gcry_mpi_new (256);
345  gcry_mpi_mul (d, a2, eight); // a' := a2 * 8
346  gcry_mpi_release (h);
347  gcry_mpi_release (x);
348  gcry_mpi_release (n);
349  gcry_mpi_release (a1);
350  gcry_mpi_release (a2);
351  gcry_ctx_release (ctx);
352  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
359  crypto_hash_sha256_state hs;
360  crypto_hash_sha256_init (&hs);
361  crypto_hash_sha256_update (&hs, sk + 32, 32);
362  crypto_hash_sha256_update (&hs, (unsigned char*) &hc, sizeof (hc));
363  crypto_hash_sha256_final (&hs, result->s + 32);
364  //memcpy (result->s, sk, sizeof (sk));
365  /* Convert to little endian for libsodium */
366  for (size_t i = 0; i < 32; i++)
367  result->s[i] = dc[31 - i];
368 
369  sodium_memzero (dc, sizeof(dc));
370  gcry_mpi_release (d);
371 }
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...

References context, ctx, GNUNET_CRYPTO_EddsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, and result.

Referenced by block_create_eddsa().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_public_key_derive()

void GNUNET_CRYPTO_eddsa_public_key_derive ( const struct GNUNET_CRYPTO_EddsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EddsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 375 of file crypto_ecc_gnsrecord.c.

380 {
381  struct GNUNET_HashCode hc;
382  gcry_ctx_t ctx;
383  gcry_mpi_t q_y;
384  gcry_mpi_t h;
385  gcry_mpi_t n;
386  gcry_mpi_t h_mod_n;
387  gcry_mpi_point_t q;
388  gcry_mpi_point_t v;
389 
390  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, "Ed25519"));
391 
392  /* obtain point 'q' from original public key. The provided 'q' is
393  compressed thus we first store it in the context and then get it
394  back as a (decompresssed) point. */
395  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
396  GNUNET_assert (NULL != q_y);
397  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
398  gcry_mpi_release (q_y);
399  q = gcry_mpi_ec_get_point ("q", ctx, 0);
400  GNUNET_assert (q);
401 
402  /* calculate h_mod_n = h % n */
403  derive_h (pub, sizeof (*pub), label, context, &hc);
404  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
405 
406  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
407  h_mod_n = gcry_mpi_new (256);
408  gcry_mpi_mod (h_mod_n, h, n);
409 
410  /* calculate v = h_mod_n * q */
411  v = gcry_mpi_point_new (0);
412  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
413  gcry_mpi_release (h_mod_n);
414  gcry_mpi_release (h);
415  gcry_mpi_release (n);
416  gcry_mpi_point_release (q);
417 
418  /* convert point 'v' to public key that we return */
419  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
420  gcry_mpi_point_release (v);
421  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
422  GNUNET_assert (q_y);
423  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
424  gcry_mpi_release (q_y);
425  gcry_ctx_release (ctx);
426 
427 }

References context, ctx, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, pub, q, GNUNET_CRYPTO_EddsaPublicKey::q_y, and result.

Here is the call graph for this function: