GNUnet  0.11.x
Macros | Enumerations | Enumerator | Functions
Crypto library: cryptographic operations

Provides cryptographic primitives. More...

Macros

#define GNUNET_CRYPTO_eddsa_sign(priv, ps, sig)
 EdDSA sign a given block. More...
 
#define GNUNET_CRYPTO_ecdsa_sign(priv, ps, sig)
 ECDSA sign a given block. More...
 
#define GNUNET_CRYPTO_eddsa_verify(purp, ps, sig, pub)
 Verify EdDSA signature. More...
 
#define GNUNET_CRYPTO_ecdsa_verify(purp, ps, sig, pub)
 Verify ECDSA signature. More...
 

Enumerations

enum  GNUNET_CRYPTO_Quality { GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_NONCE }
 Desired quality level for random numbers. More...
 

Functions

void GNUNET_CRYPTO_seed_weak_random (int32_t seed)
 Seed a weak random generator. More...
 
void GNUNET_CRYPTO_zero_keys (void *buffer, size_t length)
 Zero out buffer, securely against compiler optimizations. More...
 
void GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
 Fill block with a random values. More...
 
void GNUNET_CRYPTO_random_timeflake (enum GNUNET_CRYPTO_Quality mode, struct GNUNET_Uuid *uuid)
 Fill UUID with a timeflake pseudo-random value. More...
 
uint32_t GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i)
 Produce a random value. More...
 
uint64_t GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max)
 Random on unsigned 64-bit values. More...
 
unsigned int * GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n)
 Get an array with a random permutation of the numbers 0...n-1. More...
 
void GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessionKey *key)
 Create a new random session key. More...
 
ssize_t GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Encrypt a block using a symmetric sessionkey. More...
 
ssize_t GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result)
 Decrypt a given block using a symmetric sessionkey. More...
 
void GNUNET_CRYPTO_symmetric_derive_iv (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len,...)
 Derive an IV. More...
 
void GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Extract the public key for the given private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 Extract the public key for the given private key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
int GNUNET_CRYPTO_eddsa_key_from_file (const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
 Create a new private key by reading it from a file. More...
 
struct GNUNET_CRYPTO_EddsaPrivateKeyGNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
 Create a new private key by reading our peer's key from the file specified in the configuration. More...
 
void GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Create a new private key. More...
 
void GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
void GNUNET_CRYPTO_ecdhe_key_clear (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
 Clear memory that was used to store a private key. More...
 
const struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_key_get_anonymous (void)
 Get the shared private key we use for anonymous users. More...
 
void GNUNET_CRYPTO_eddsa_setup_hostkey (const char *cfg_name)
 Setup a hostkey file for a peer given the name of the configuration file (!). More...
 
int GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
 Retrieve the identity of the host's peer. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a public and a private ECC key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private EdDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a ECDH public key and a private ECDSA key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EdDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, struct GNUNET_HashCode *key_material)
 Derive key material from a EcDSA public key and a private ECDH key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 EdDSA sign a given block. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 ECDSA Sign a given block. More...
 
int GNUNET_CRYPTO_eddsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Verify EdDSA signature. More...
 
int GNUNET_CRYPTO_ecdsa_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Verify ECDSA signature. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 
void GNUNET_CRYPTO_eddsa_private_key_derive (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPrivateScalar *result)
 Derive a private scalar from a given private key and a label. More...
 
void GNUNET_CRYPTO_eddsa_public_key_derive (const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 

Detailed Description

Provides cryptographic primitives.

See also
Documentation

Macro Definition Documentation

◆ GNUNET_CRYPTO_eddsa_sign

#define GNUNET_CRYPTO_eddsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:599

EdDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 1718 of file gnunet_crypto_lib.h.

Referenced by checkvec(), forward_dv_learn(), GNUNET_FS_uri_loc_create(), GNUNET_HELLO_sign_address(), handle_validation_challenge(), iface_proc(), inject_rekey(), mq_send_kx(), output_vectors(), send_challenge(), set_monotime_sig(), start_dv_learn(), transmit_kx(), and update_ephemeral().

◆ GNUNET_CRYPTO_ecdsa_sign

#define GNUNET_CRYPTO_ecdsa_sign (   priv,
  ps,
  sig 
)
Value:
do { \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_assert (GNUNET_OK == \
&(ps)->purpose, \
sig)); \
} while (0)
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition: crypto_ecc.c:549

ECDSA sign a given block.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
[out]sigwhere to write the signature

Definition at line 1765 of file gnunet_crypto_lib.h.

Referenced by GNUNET_ABD_delegate_issue().

◆ GNUNET_CRYPTO_eddsa_verify

#define GNUNET_CRYPTO_eddsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_eddsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46

Verify EdDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 1818 of file gnunet_crypto_lib.h.

Referenced by checkvec(), decrypt_and_check_tc(), do_rekey(), GCP_check_monotime_sig(), GNUNET_HELLO_extract_address(), handle_dv_box(), handle_dv_learn(), handle_validation_response(), output_vectors(), sock_read(), try_handle_plaintext(), uri_loc_parse(), validate_dv_initiator_signature(), and verify_confirmation().

◆ GNUNET_CRYPTO_ecdsa_verify

#define GNUNET_CRYPTO_ecdsa_verify (   purp,
  ps,
  sig,
  pub 
)
Value:
({ \
/* check size is set correctly */ \
GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \
/* check 'ps' begins with the purpose */ \
GNUNET_static_assert (((void*) (ps)) == \
((void*) &(ps)->purpose)); \
GNUNET_CRYPTO_ecdsa_verify_ (purp, \
&(ps)->purpose, \
sig, \
pub); \
})
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46

Verify ECDSA signature.

The ps data must be a fixed-size struct for which the signature is to be created. The size field in ps->purpose must correctly indicate the number of bytes of the data structure, including its header.

Parameters
purppurpose of the signature, must match 'ps->purpose.purpose' (except in host byte order)
privprivate key to use for the signing
pspacked struct with what to sign, MUST begin with a purpose
sigwhere to write the signature

Definition at line 1871 of file gnunet_crypto_lib.h.

Referenced by GNUNET_ABD_delegate_deserialize(), and GNUNET_ABD_delegate_serialize().

Enumeration Type Documentation

◆ GNUNET_CRYPTO_Quality

Desired quality level for random numbers.

Enumerator
GNUNET_CRYPTO_QUALITY_WEAK 

No good quality of the operation is needed (i.e., random numbers can be pseudo-random).

GNUNET_CRYPTO_QUALITY_STRONG 

High-quality operations are desired.

GNUNET_CRYPTO_QUALITY_NONCE 

Randomness for IVs etc.

is required.

Definition at line 75 of file gnunet_crypto_lib.h.

76 {
83 
89 
95 };
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.

Function Documentation

◆ GNUNET_CRYPTO_seed_weak_random()

void GNUNET_CRYPTO_seed_weak_random ( int32_t  seed)

Seed a weak random generator.

Only GNUNET_CRYPTO_QUALITY_WEAK-mode generator can be seeded.

Parameters
seedthe seed to use

Definition at line 97 of file crypto_random.c.

Referenced by __attribute__().

98 {
99  srandom (seed);
100 }
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_zero_keys()

void GNUNET_CRYPTO_zero_keys ( void *  buffer,
size_t  length 
)

Zero out buffer, securely against compiler optimizations.

Used to delete key material.

Parameters
bufferthe buffer to zap
lengthbuffer length

Definition at line 112 of file crypto_random.c.

References GNUNET_CRYPTO_FileHashContext::buffer, and p.

Referenced by delete_store_message(), dv_key_clean(), GNUNET_IDENTITY_decrypt(), and GNUNET_IDENTITY_encrypt().

113 {
114 #if HAVE_MEMSET_S
115  memset_s (buffer, length, 0, length);
116 #elif HAVE_EXPLICIT_BZERO
117  explicit_bzero (buffer, length);
118 #else
119  volatile unsigned char *p = buffer;
120  while (length--)
121  *p++ = 0;
122 #endif
123 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_block()

void GNUNET_CRYPTO_random_block ( enum GNUNET_CRYPTO_Quality  mode,
void *  buffer,
size_t  length 
)

Fill block with a random values.

Parameters
modedesired quality of the random number
bufferthe buffer to fill
lengthbuffer length

Definition at line 135 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, and GNUNET_CRYPTO_QUALITY_WEAK.

Referenced by delayed_put(), do_pad(), encapsulate_for_dv(), encode_message_body(), GCC_create(), generate_free_member_id(), GNUNET_async_scope_fresh(), GNUNET_CRYPTO_ecdhe_key_create(), GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_CRYPTO_eddsa_key_create(), GNUNET_CRYPTO_random_timeflake(), handle_validation_response(), output_vectors(), prepare_pending_acknowledgement(), RPS_sampler_elem_reinit(), run(), start_address_validation(), start_dv_learn(), and transmit_kx().

138 {
139 #ifdef gcry_fast_random_poll
140  static unsigned int invokeCount;
141 #endif
142  switch (mode)
143  {
145  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
146 #ifdef gcry_fast_random_poll
147  if ((invokeCount++ % 256) == 0)
148  gcry_fast_random_poll ();
149 #endif
150  gcry_randomize (buffer, length, GCRY_STRONG_RANDOM);
151  return;
152 
154  gcry_create_nonce (buffer, length);
155  return;
156 
158  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
159 #ifdef gcry_fast_random_poll
160  if ((invokeCount++ % 256) == 0)
161  gcry_fast_random_poll ();
162 #endif
163  gcry_randomize (buffer, length, GCRY_WEAK_RANDOM);
164  return;
165 
166  default:
167  GNUNET_assert (0);
168  }
169 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_timeflake()

void GNUNET_CRYPTO_random_timeflake ( enum GNUNET_CRYPTO_Quality  mode,
struct GNUNET_Uuid uuid 
)

Fill UUID with a timeflake pseudo-random value.

Note that timeflakes use only 80 bits of randomness and 48 bits to encode a timestamp in milliseconds. So what we return here is not a completely random number.

Parameters
modedesired quality of the random number
uuidthe value to fill

Definition at line 325 of file crypto_random.c.

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_CRYPTO_random_block(), GNUNET_htonll(), GNUNET_TIME_absolute_get(), and GNUNET_TIME_UNIT_MILLISECONDS.

327 {
328  struct GNUNET_TIME_Absolute now;
329  uint64_t ms;
330  uint64_t be;
331  char *base;
332 
334  uuid,
335  sizeof (struct GNUNET_Uuid));
336  now = GNUNET_TIME_absolute_get ();
337  ms = now.abs_value_us / GNUNET_TIME_UNIT_MILLISECONDS.rel_value_us;
338  be = GNUNET_htonll (ms);
339  base = (char *) &be;
340  memcpy (uuid,
341  base + 2,
342  sizeof (be) - 2);
343 }
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
A UUID, a 128 bit "random" value.
#define GNUNET_TIME_UNIT_MILLISECONDS
One millisecond.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:86
uint64_t GNUNET_htonll(uint64_t n)
Convert unsigned 64-bit integer to network byte order.
Definition: common_endian.c:36
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Time for absolute times used by GNUnet, in microseconds.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u32()

uint32_t GNUNET_CRYPTO_random_u32 ( enum GNUNET_CRYPTO_Quality  mode,
uint32_t  i 
)

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i) (exclusive).

Produce a random value.

Parameters
modedesired quality of the random number
ithe upper limit (exclusive) for the random number
Returns
a random value in the interval [0,i[.

Definition at line 180 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, and ret.

Referenced by __attribute__(), adjust_running_peers(), allocate_v4_address(), allocate_v6_address(), attempt_connect_task(), barrier_wait_cb(), calculate_seed(), channel_new_cb(), compute_rand_delay(), compute_service_response(), daemon_started(), delay_ms_rnd(), delayed_get(), delayed_put(), download_get_url(), find_validation_entry(), GDS_NEIGHBOURS_handle_get(), gen_topo_random(), generate_indices(), generate_request_id(), get_bootstrap_server(), get_delay(), get_delay_randomization(), get_forward_count(), get_preference(), get_property(), get_random_literal(), get_random_peer_from_peermap(), get_randomized_delay(), get_request_socket(), GNUNET_CONTAINER_heap_walk_get_next(), GNUNET_CONTAINER_multihashmap_get_random(), GNUNET_CONTAINER_multipeermap_get_random(), GNUNET_CONTAINER_multishortmap_get_random(), GNUNET_CONTAINER_multiuuidmap_get_random(), GNUNET_CRYPTO_hash_create_random(), GNUNET_CRYPTO_random_permute(), GNUNET_FRAGMENT_context_create(), GNUNET_FS_search_start_probe_(), GNUNET_TUN_initialize_ipv4_header(), GSC_CLIENTS_deliver_message(), GSF_pending_request_get_message_(), handle_client_evaluate(), handle_dns_request(), handle_dv_learn(), handle_find_peer(), handle_flow_control(), handle_p2p_get(), handle_p2p_put(), handle_resolve_result(), main(), manage_service_wrapper(), ogg_init(), plan(), postgres_plugin_get_random(), queue(), reannounce_regex(), recursive_dns_resolution(), refresh_bloomfilter(), REGEX_TEST_generate_random_regex(), REGEX_TEST_generate_random_string(), resolve_and_cache(), revalidate_address(), route_control_message_without_fc(), route_via_neighbour(), run(), second_stage(), select_peer(), select_random_peer(), send_bloomfilter(), send_find_peer_message(), send_hello(), send_keepalive(), setup_fresh_address(), setup_fresh_ping(), setup_sockets(), should_I_drop(), shuffle_answers(), sqlite_plugin_get(), sqlite_plugin_get_random(), start_dv_learn(), test_run(), transmit_request(), transmit_typemap_task(), and try_open_exit().

182 {
183 #ifdef gcry_fast_random_poll
184  static unsigned int invokeCount;
185 #endif
186  uint32_t ret;
187  uint32_t ul;
188 
189  GNUNET_assert (i > 0);
190 
191  switch (mode)
192  {
194  /* see http://lists.gnupg.org/pipermail/gcrypt-devel/2004-May/000613.html */
195 #ifdef gcry_fast_random_poll
196  if ((invokeCount++ % 256) == 0)
197  gcry_fast_random_poll ();
198 #endif
199  ul = UINT32_MAX - (UINT32_MAX % i);
200  do
201  {
202  gcry_randomize ((unsigned char *) &ret,
203  sizeof(uint32_t),
204  GCRY_STRONG_RANDOM);
205  }
206  while (ret >= ul);
207  return ret % i;
208 
210  ul = UINT32_MAX - (UINT32_MAX % i);
211  do
212  {
213  gcry_create_nonce (&ret, sizeof(ret));
214  }
215  while (ret >= ul);
216  return ret % i;
217 
219  ret = i * get_weak_random ();
220  if (ret >= i)
221  ret = i - 1;
222  return ret;
223 
224  default:
225  GNUNET_assert (0);
226  }
227  return 0;
228 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
Randomness for IVs etc.
static double get_weak_random(void)
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:84
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_random_u64()

uint64_t GNUNET_CRYPTO_random_u64 ( enum GNUNET_CRYPTO_Quality  mode,
uint64_t  max 
)

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Random on unsigned 64-bit values.

Parameters
modedesired quality of the random number
maxvalue returned will be in range [0,max) (exclusive)
Returns
random 64-bit number

Definition at line 271 of file crypto_random.c.

References get_weak_random(), GNUNET_assert, GNUNET_CRYPTO_QUALITY_NONCE, GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_QUALITY_WEAK, max, and ret.

Referenced by activate_core_visible_dv_path(), calculate_fork_degree(), choose_exit(), dht_connected(), gen_topo_scale_free(), get_transmit_delay(), GNUNET_DHT_connect(), GNUNET_REVOCATION_pow_start(), ifc_broadcast(), mysql_plugin_get_key(), mysql_plugin_get_replication(), mysql_plugin_put(), namestore_flat_store_records(), namestore_postgres_store_records(), namestore_sqlite_store_records(), pick_random_dv_hops(), postgres_plugin_get_key(), postgres_plugin_put(), put_migration_continuation(), sampler_get_rand_peer(), send_find_peer_message(), setup_out_cipher(), sqlite_plugin_get_key(), sqlite_plugin_get_replication(), sqlite_plugin_put(), and update_next_challenge_time().

273 {
274  uint64_t ret;
275  uint64_t ul;
276 
277  GNUNET_assert (max > 0);
278  switch (mode)
279  {
281  ul = UINT64_MAX - (UINT64_MAX % max);
282  do
283  {
284  gcry_randomize ((unsigned char *) &ret,
285  sizeof(uint64_t),
286  GCRY_STRONG_RANDOM);
287  }
288  while (ret >= ul);
289  return ret % max;
290 
292  ul = UINT64_MAX - (UINT64_MAX % max);
293  do
294  {
295  gcry_create_nonce (&ret, sizeof(ret));
296  }
297  while (ret >= ul);
298 
299  return ret % max;
300 
302  ret = max * get_weak_random ();
303  if (ret >= max)
304  ret = max - 1;
305  return ret;
306 
307  default:
308  GNUNET_assert (0);
309  }
310  return 0;
311 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
#define max(x, y)
Randomness for IVs etc.
static double get_weak_random(void)
Create a cryptographically weak pseudo-random number in the interval of 0 to 1.
Definition: crypto_random.c:84
No good quality of the operation is needed (i.e., random numbers can be pseudo-random).
High-quality operations are desired.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_random_permute()

unsigned int* GNUNET_CRYPTO_random_permute ( enum GNUNET_CRYPTO_Quality  mode,
unsigned int  n 
)

Get an array with a random permutation of the numbers 0...n-1.

Parameters
modeGNUNET_CRYPTO_QUALITY_STRONG if the strong (but expensive) PRNG should be used, GNUNET_CRYPTO_QUALITY_WEAK or GNUNET_CRYPTO_QUALITY_NONCE otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)
Parameters
mode#GNUNET_RANDOM_QUALITY_STRONG if the strong (but expensive) PRNG should be used, #GNUNET_RANDOM_QUALITY_WEAK otherwise
nthe size of the array
Returns
the permutation array (allocated from heap)

Definition at line 240 of file crypto_random.c.

References GNUNET_assert, GNUNET_CRYPTO_random_u32(), GNUNET_malloc, and ret.

Referenced by churn(), compute_service_response(), and do_round().

242 {
243  unsigned int *ret;
244  unsigned int i;
245  unsigned int tmp;
246  uint32_t x;
247 
248  GNUNET_assert (n > 0);
249  ret = GNUNET_malloc (n * sizeof(unsigned int));
250  for (i = 0; i < n; i++)
251  ret[i] = i;
252  for (i = n - 1; i > 0; i--)
253  {
254  x = GNUNET_CRYPTO_random_u32 (mode, i + 1);
255  tmp = ret[x];
256  ret[x] = ret[i];
257  ret[i] = tmp;
258  }
259  return ret;
260 }
uint32_t GNUNET_CRYPTO_random_u32(enum GNUNET_CRYPTO_Quality mode, uint32_t i)
Produce a random unsigned 32-bit number modulo i.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static enum @8 mode
Should we do a PUT (mode = 0) or GET (mode = 1);.
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_create_session_key()

void GNUNET_CRYPTO_symmetric_create_session_key ( struct GNUNET_CRYPTO_SymmetricSessionKey key)

Create a new random session key.

Parameters
keykey to initialize

Create a new random session key.

Parameters
keysession key to initialize

Definition at line 41 of file crypto_symmetric.c.

References GNUNET_CRYPTO_SymmetricSessionKey::aes_key, GNUNET_CRYPTO_AES_KEY_LENGTH, and GNUNET_CRYPTO_SymmetricSessionKey::twofish_key.

44 {
45  gcry_randomize (key->aes_key,
47  GCRY_STRONG_RANDOM);
48  gcry_randomize (key->twofish_key,
50  GCRY_STRONG_RANDOM);
51 }
unsigned char aes_key[(256/8)]
Actual key for AES.
unsigned char twofish_key[(256/8)]
Actual key for TwoFish.
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)

◆ GNUNET_CRYPTO_symmetric_encrypt()

ssize_t GNUNET_CRYPTO_symmetric_encrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams.
Returns
the size of the encrypted block, -1 for errors

Encrypt a block using a symmetric sessionkey.

Parameters
blockthe block to encrypt
sizethe size of the block
sessionkeythe key used to encrypt
ivthe initialization vector to use, use INITVALUE for streams
resultthe output parameter in which to store the encrypted result can be the same or overlap with block
Returns
the size of the encrypted block, -1 for errors. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as len.

Definition at line 130 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by do_encrypt(), encrypt_existing_match(), GNUNET_FS_handle_on_demand_block(), GNUNET_FS_publish_ublock_(), GNUNET_FS_tree_encoder_next(), GNUNET_IDENTITY_encrypt(), t_ax_encrypt(), t_h_encrypt(), and try_match_block().

137 {
138  gcry_cipher_hd_t handle;
139  char tmp[size];
140 
141  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
142  return -1;
143  GNUNET_assert (0 == gcry_cipher_encrypt (handle, tmp, size, block, size));
144  gcry_cipher_close (handle);
145  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
146  return -1;
147  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, tmp, size));
148  gcry_cipher_close (handle);
149  memset (tmp, 0, sizeof(tmp));
150  return size;
151 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_decrypt()

ssize_t GNUNET_CRYPTO_symmetric_decrypt ( const void *  block,
size_t  size,
const struct GNUNET_CRYPTO_SymmetricSessionKey sessionkey,
const struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
void *  result 
)

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizehow big is the block?
sessionkeythe key used to decrypt
ivthe initialization vector to use
resultaddress to store the result at
Returns
-1 on failure, size of decrypted block on success

Decrypt a given block using a symmetric sessionkey.

Parameters
blockthe data to decrypt, encoded as returned by encrypt
sizethe size of the block to decrypt
sessionkeythe key used to decrypt
ivthe initialization vector to use, use INITVALUE for streams
resultaddress to store the result at can be the same or overlap with block
Returns
-1 on failure, size of decrypted block on success. Due to the use of CFB and therefore an effective stream cipher, this size should be the same as size.

Definition at line 168 of file crypto_symmetric.c.

References GNUNET_assert, GNUNET_OK, handle, setup_cipher_aes(), setup_cipher_twofish(), and size.

Referenced by do_decrypt(), GNUNET_FS_ublock_decrypt_(), GNUNET_IDENTITY_decrypt(), process_result_with_request(), t_ax_decrypt(), t_h_decrypt(), and try_old_ax_keys().

175 {
176  gcry_cipher_hd_t handle;
177  char tmp[size];
178 
179  if (GNUNET_OK != setup_cipher_twofish (&handle, sessionkey, iv))
180  return -1;
181  GNUNET_assert (0 == gcry_cipher_decrypt (handle, tmp, size, block, size));
182  gcry_cipher_close (handle);
183  if (GNUNET_OK != setup_cipher_aes (&handle, sessionkey, iv))
184  return -1;
185  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, tmp, size));
186  gcry_cipher_close (handle);
187  memset (tmp, 0, sizeof(tmp));
188  return size;
189 }
static int setup_cipher_aes(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize AES cipher.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static int result
Global testing status.
static unsigned int size
Size of the "table".
Definition: peer.c:67
static int setup_cipher_twofish(gcry_cipher_hd_t *handle, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
Initialize TWOFISH cipher.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_symmetric_derive_iv()

void GNUNET_CRYPTO_symmetric_derive_iv ( struct GNUNET_CRYPTO_SymmetricInitializationVector iv,
const struct GNUNET_CRYPTO_SymmetricSessionKey skey,
const void *  salt,
size_t  salt_len,
  ... 
)

Derive an IV.

Parameters
ivinitialization vector
skeysession key
saltsalt for the derivation
salt_lensize of the salt
...pairs of void * & size_t for context chunks, terminated by NULL

Definition at line 202 of file crypto_symmetric.c.

References GNUNET_CRYPTO_symmetric_derive_iv_v().

Referenced by derive_iv(), derive_pong_iv(), t_ax_decrypt(), t_ax_encrypt(), t_h_decrypt(), t_h_encrypt(), and try_old_ax_keys().

210 {
211  va_list argp;
212 
213  va_start (argp, salt_len);
214  GNUNET_CRYPTO_symmetric_derive_iv_v (iv, skey, salt, salt_len, argp);
215  va_end (argp);
216 }
void GNUNET_CRYPTO_symmetric_derive_iv_v(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, const struct GNUNET_CRYPTO_SymmetricSessionKey *skey, const void *salt, size_t salt_len, va_list argp)
Derive an IV.
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_public()

void GNUNET_CRYPTO_ecdsa_key_get_public ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 186 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by block_create_ecdsa(), decrypt_block_with_keyword(), get_update_information_directory(), GNUNET_ABD_delegate_issue(), GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_FS_publish_sks(), GNUNET_FS_publish_ublock_(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_block_create2(), GNUNET_IDENTITY_key_get_public(), handle_collect(), and process_kblock_for_unindex().

189 {
190  BENCHMARK_START (ecdsa_key_get_public);
191  crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
192  BENCHMARK_END (ecdsa_key_get_public);
193 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_get_public()

void GNUNET_CRYPTO_eddsa_key_get_public ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 197 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_memcpy, pk, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by advertise_dns_exit(), checkvec(), create_keys(), GCT_handle_kx(), get_identity(), GNUNET_CRYPTO_eddsa_private_key_derive(), GNUNET_CRYPTO_get_peer_identity(), GNUNET_FS_uri_loc_create(), GNUNET_GNSRECORD_block_create2(), GNUNET_IDENTITY_key_get_public(), GNUNET_TESTING_hostkey_get(), GSC_KX_init(), init_socket(), main_init(), output_vectors(), print_key(), regex_iterator(), and run().

200 {
201  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
202  unsigned char sk[crypto_sign_SECRETKEYBYTES];
203 
204  BENCHMARK_START (eddsa_key_get_public);
205  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
206  GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
207  sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
208  BENCHMARK_END (eddsa_key_get_public);
209 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_get_public()

void GNUNET_CRYPTO_ecdhe_key_get_public ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
struct GNUNET_CRYPTO_EcdhePublicKey pub 
)

Extract the public key for the given private key.

Parameters
privthe private key
pubwhere to write the public key

Definition at line 213 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_assert, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by GCT_handle_kx(), GCT_handle_kx_auth(), GCT_send(), GNUNET_IDENTITY_encrypt(), inject_rekey(), mq_send_kx(), output_vectors(), print_examples_ecdh(), send_kx(), send_kx_auth(), sign_ephemeral_key(), start_initial_kx_out(), and update_ephemeral().

216 {
217  BENCHMARK_START (ecdhe_key_get_public);
218  GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
219  BENCHMARK_END (ecdhe_key_get_public);
220 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_from_file()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EcdsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

Definition at line 193 of file crypto_ecc_setup.c.

References GNUNET_CRYPTO_ecdsa_key_create(), GNUNET_DISK_fn_write(), GNUNET_DISK_PERM_USER_READ, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, and read_from_file().

196 {
197  if (GNUNET_OK ==
199  pkey,
200  sizeof (*pkey)))
201  {
202  /* file existed, report that we didn't create it... */
203  return (do_create) ? GNUNET_NO : GNUNET_OK;
204  }
206  if (GNUNET_OK ==
208  pkey,
209  sizeof (*pkey),
211  return GNUNET_OK;
212  /* maybe another process succeeded in the meantime, try reading one more time */
213  if (GNUNET_OK ==
215  pkey,
216  sizeof (*pkey)))
217  {
218  /* file existed, report that *we* didn't create it... */
219  return (do_create) ? GNUNET_NO : GNUNET_OK;
220  }
221  /* give up */
222  return GNUNET_SYSERR;
223 }
static enum GNUNET_GenericReturnValue read_from_file(const char *filename, void *buf, size_t buf_size)
Read file to buf.
static char * filename
enum GNUNET_GenericReturnValue GNUNET_DISK_fn_write(const char *fn, const void *buf, size_t buf_size, enum GNUNET_DISK_AccessPermissions mode)
Write a buffer to a file atomically.
Definition: disk.c:705
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:446
Here is the call graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_from_file()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file ( const char *  filename,
int  do_create,
struct GNUNET_CRYPTO_EddsaPrivateKey pkey 
)

Create a new private key by reading it from a file.

If the files does not exist and do_create is set, creates a new key and write it to the file.

If the contents of the file are invalid, an error is returned.

Parameters
filenamename of file to use to store the key
do_createshould a file be created?
[out]pkeyset to the private key from filename on success
Returns
GNUNET_OK on success, GNUNET_NO if do_create was set but we found an existing file, GNUNET_SYSERR on failure

Definition at line 141 of file crypto_ecc_setup.c.

References GNUNET_CRYPTO_eddsa_key_create(), GNUNET_DISK_fn_write(), GNUNET_DISK_PERM_USER_READ, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, read_from_file(), and ret.

Referenced by GNUNET_CRYPTO_eddsa_key_create_from_configuration(), main_init(), and run().

144 {
146 
147  if (GNUNET_OK ==
149  pkey,
150  sizeof (*pkey)))
151  {
152  /* file existed, report that we didn't create it... */
153  return (do_create) ? GNUNET_NO : GNUNET_OK;
154  }
157  pkey,
158  sizeof (*pkey),
160  if ( (GNUNET_OK == ret) ||
161  (GNUNET_SYSERR == ret) )
162  return ret;
163  /* maybe another process succeeded in the meantime, try reading one more time */
164  if (GNUNET_OK ==
166  pkey,
167  sizeof (*pkey)))
168  {
169  /* file existed, report that *we* didn't create it... */
170  return (do_create) ? GNUNET_NO : GNUNET_OK;
171  }
172  /* give up */
173  return GNUNET_SYSERR;
174 }
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:83
static enum GNUNET_GenericReturnValue read_from_file(const char *filename, void *buf, size_t buf_size)
Read file to buf.
static char * filename
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:461
enum GNUNET_GenericReturnValue GNUNET_DISK_fn_write(const char *fn, const void *buf, size_t buf_size, enum GNUNET_DISK_AccessPermissions mode)
Write a buffer to a file atomically.
Definition: disk.c:705
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create_from_configuration()

struct GNUNET_CRYPTO_EddsaPrivateKey* GNUNET_CRYPTO_eddsa_key_create_from_configuration ( const struct GNUNET_CONFIGURATION_Handle cfg)

Create a new private key by reading our peer's key from the file specified in the configuration.

Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied); free using GNUNET_free
Parameters
cfgthe configuration to use
Returns
new private key, NULL on error (for example, permission denied)

Definition at line 235 of file crypto_ecc_setup.c.

References fn, GNUNET_CONFIGURATION_get_value_filename(), GNUNET_CRYPTO_eddsa_key_from_file(), GNUNET_free, GNUNET_new, GNUNET_OK, and GNUNET_YES.

Referenced by advertise_dns_exit(), GNUNET_CRYPTO_eddsa_setup_key(), GNUNET_CRYPTO_get_peer_identity(), init_socket(), and run().

237 {
238  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
239  char *fn;
240 
241  if (GNUNET_OK !=
243  "PEER",
244  "PRIVATE_KEY",
245  &fn))
246  return NULL;
249  GNUNET_YES,
250  priv);
251  GNUNET_free (fn);
252  return priv;
253 }
#define GNUNET_new(type)
Allocate a struct or union of the given type.
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
static char * fn
Filename of the unique file.
Private ECC key encoded for transmission.
int GNUNET_CRYPTO_eddsa_key_from_file(const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
Create a new private key by reading it from a file.
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_create()

void GNUNET_CRYPTO_ecdsa_key_create ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 446 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_block().

Referenced by GNUNET_CRYPTO_ecdsa_key_from_file(), private_key_create(), run(), and run_pkey().

447 {
448  BENCHMARK_START (ecdsa_key_create);
450  pk,
451  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
452  pk->d[0] &= 248;
453  pk->d[31] &= 127;
454  pk->d[31] |= 64;
455 
456  BENCHMARK_END (ecdsa_key_create);
457 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
Private ECC key encoded for transmission.
Randomness for IVs etc.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_create()

void GNUNET_CRYPTO_eddsa_key_create ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Create a new private key.

Parameters
[out]pkprivate key to initialize

Definition at line 461 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_block().

Referenced by create_keys(), GNUNET_CRYPTO_eddsa_key_from_file(), output_vectors(), private_key_create(), and run_edkey().

462 {
463  BENCHMARK_START (eddsa_key_create);
464  /*
465  * We do not clamp for EdDSA, since all functions that use the private key do
466  * their own clamping (just like in libsodium). What we call "private key"
467  * here, actually corresponds to the seed in libsodium.
468  *
469  * (Contrast this to ECDSA, where functions using the private key can't clamp
470  * due to properties needed for GNS. That is a worse/unsafer API, but
471  * required for the GNS constructions to work.)
472  */
474  pk,
475  sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
476  BENCHMARK_END (eddsa_key_create);
477 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
Randomness for IVs etc.
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdhe_key_create()

void GNUNET_CRYPTO_ecdhe_key_create ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Create a new private key.

Clear with GNUNET_CRYPTO_ecdhe_key_clear().

Parameters
[out]pkset to fresh private key;

Definition at line 435 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_QUALITY_NONCE, and GNUNET_CRYPTO_random_block().

Referenced by do_rekey(), GCT_create_tunnel(), GNUNET_IDENTITY_encrypt(), GSC_KX_init(), inject_rekey(), mq_send_kx(), new_ephemeral(), output_vectors(), print_examples_ecdh(), send_UDPRekey(), start_initial_kx_out(), and update_ephemeral().

436 {
437  BENCHMARK_START (ecdhe_key_create);
439  pk,
440  sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
441  BENCHMARK_END (ecdhe_key_create);
442 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
Randomness for IVs etc.
Private ECC key encoded for transmission.
void GNUNET_CRYPTO_random_block(enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length)
Fill block with a random values.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_clear()

void GNUNET_CRYPTO_eddsa_key_clear ( struct GNUNET_CRYPTO_EddsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 428 of file crypto_ecc.c.

429 {
430  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
431 }
Private ECC key encoded for transmission.

◆ GNUNET_CRYPTO_ecdsa_key_clear()

void GNUNET_CRYPTO_ecdsa_key_clear ( struct GNUNET_CRYPTO_EcdsaPrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 421 of file crypto_ecc.c.

422 {
423  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
424 }
Private ECC key encoded for transmission.

◆ GNUNET_CRYPTO_ecdhe_key_clear()

void GNUNET_CRYPTO_ecdhe_key_clear ( struct GNUNET_CRYPTO_EcdhePrivateKey pk)

Clear memory that was used to store a private key.

Parameters
pklocation of the key

Definition at line 414 of file crypto_ecc.c.

Referenced by cleanup_ax(), and GNUNET_IDENTITY_encrypt().

415 {
416  memset (pk, 0, sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey));
417 }
Private ECC key encoded for transmission.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_key_get_anonymous()

const struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_key_get_anonymous ( void  )

Get the shared private key we use for anonymous users.

Returns
"anonymous" private key; do not free

'anonymous' pseudonym (global static, d=1, public key = G (generator).

Definition at line 481 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_mpi_print_unsigned(), and once.

Referenced by decrypt_block_with_keyword(), GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_IDENTITY_ego_get_anonymous(), process_kblock_for_unindex(), and publish_ksk_cont().

482 {
487  static struct GNUNET_CRYPTO_EcdsaPrivateKey anonymous;
488  static int once;
489 
490  if (once)
491  return &anonymous;
493  sizeof(anonymous.d),
494  GCRYMPI_CONST_ONE);
495  anonymous.d[0] &= 248;
496  anonymous.d[31] &= 127;
497  anonymous.d[31] |= 64;
498 
499  once = 1;
500  return &anonymous;
501 }
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
Private ECC key encoded for transmission.
static int once
Global to mark if we&#39;ve run the initialization.
Definition: gnsrecord.c:68
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_setup_hostkey()

void GNUNET_CRYPTO_eddsa_setup_hostkey ( const char *  cfg_name)

Setup a hostkey file for a peer given the name of the configuration file (!).

This function is used so that at a later point code can be certain that reading a hostkey is fast (for example in time-dependent testcases).

Parameters
cfg_namename of the configuration file to use

◆ GNUNET_CRYPTO_get_peer_identity()

int GNUNET_CRYPTO_get_peer_identity ( const struct GNUNET_CONFIGURATION_Handle cfg,
struct GNUNET_PeerIdentity dst 
)

Retrieve the identity of the host's peer.

Parameters
cfgconfiguration to use
dstpointer to where to write the peer identity
Returns
GNUNET_OK on success, GNUNET_SYSERR if the identity could not be retrieved

Definition at line 265 of file crypto_ecc_setup.c.

References _, GNUNET_CRYPTO_eddsa_key_create_from_configuration(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_OK, GNUNET_SYSERR, and GNUNET_PeerIdentity::public_key.

Referenced by get_service_peer_identity(), GNUNET_CONVERSATION_phone_create(), on_peer(), and run().

267 {
268  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
269 
270  if (NULL == (priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg)))
271  {
273  _ ("Could not load peer's private key\n"));
274  return GNUNET_SYSERR;
275  }
277  &dst->public_key);
278  GNUNET_free (priv);
279  return GNUNET_OK;
280 }
#define _(String)
GNU gettext support macro.
Definition: platform.h:178
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
Private ECC key encoded for transmission.
#define GNUNET_log(kind,...)
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer&#39;s key from the file specified in the configuration...
#define GNUNET_free(ptr)
Wrapper around free.
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecc_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecc_ecdh ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a public and a private ECC key.

Parameters
privprivate key to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material (xyG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 705 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by checkvec(), derive_session_keys(), GCT_handle_kx(), output_vectors(), print_examples_ecdh(), t_ax_decrypt_and_validate(), t_ax_encrypt(), and update_ax_by_kx().

708 {
709  uint8_t p[crypto_scalarmult_BYTES];
710  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
711  return GNUNET_SYSERR;
712  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
713  return GNUNET_OK;
714 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_ecdh ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private EdDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_eddsa.

Parameters
privprivate key from EdDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 718 of file crypto_ecc.c.

References GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by dh_key_derive_eph_pub(), GCT_handle_kx(), GNUNET_IDENTITY_decrypt(), setup_in_cipher(), setup_shared_secret_dec(), and update_ax_by_kx().

721 {
722  struct GNUNET_HashCode hc;
723  uint8_t a[crypto_scalarmult_SCALARBYTES];
724  uint8_t p[crypto_scalarmult_BYTES];
725 
726  GNUNET_CRYPTO_hash (priv,
727  sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
728  &hc);
729  memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
730  if (0 != crypto_scalarmult (p, a, pub->q_y))
731  return GNUNET_SYSERR;
733  crypto_scalarmult_BYTES,
734  key_material);
735  return GNUNET_OK;
736 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
Private ECC key encoded for transmission.
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
A 512-bit hashcode.
Private ECC key encoded for transmission.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_ecdh()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_ecdh ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EcdhePublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a ECDH public key and a private ECDSA key.

Dual to #GNUNET_CRRYPTO_ecdh_ecdsa.

Parameters
privprivate key from ECDSA to use for the ECDH (x)
pubpublic key to use for the ECDH (yG)
key_materialwhere to write the key material H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 740 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EcdsaPrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdhePublicKey::q_y.

Referenced by GNUNET_IDENTITY_decrypt().

743 {
744  uint8_t p[crypto_scalarmult_BYTES];
745 
746  BENCHMARK_START (ecdsa_ecdh);
747  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
748  return GNUNET_SYSERR;
750  crypto_scalarmult_BYTES,
751  key_material);
752  BENCHMARK_END (ecdsa_ecdh);
753  return GNUNET_OK;
754 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_eddsa()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_eddsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EddsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EdDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_eddsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from EdDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 758 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by checkvec(), dh_key_derive_eph_pid(), GCT_handle_kx(), GNUNET_IDENTITY_encrypt(), output_vectors(), setup_out_cipher(), setup_shared_secret_enc(), and update_ax_by_kx().

761 {
762  uint8_t p[crypto_scalarmult_BYTES];
763  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
764 
765  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
766  return GNUNET_SYSERR;
767  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
768  return GNUNET_SYSERR;
769  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
770  return GNUNET_OK;
771 }
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdh_ecdsa()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdh_ecdsa ( const struct GNUNET_CRYPTO_EcdhePrivateKey priv,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
struct GNUNET_HashCode key_material 
)

Derive key material from a EcDSA public key and a private ECDH key.

Dual to #GNUNET_CRRYPTO_ecdsa_ecdh.

Parameters
privprivate key to use for the ECDH (y)
pubpublic key from ECDSA to use for the ECDH (X=h(x)G)
key_materialwhere to write the key material H(yX)=H(h(x)yG)
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 775 of file crypto_ecc.c.

References GNUNET_CRYPTO_EcdhePrivateKey::d, GNUNET_CRYPTO_hash(), GNUNET_OK, GNUNET_SYSERR, p, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by GNUNET_IDENTITY_encrypt().

778 {
779  uint8_t p[crypto_scalarmult_BYTES];
780  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
781 
782  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
783  return GNUNET_SYSERR;
784  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
785  return GNUNET_SYSERR;
786  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
787  return GNUNET_OK;
788 }
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
static struct GNUNET_OS_Process * p
Helper process we started.
Definition: gnunet-qr.c:59
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_ ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EddsaSignature sig 
)

EdDSA sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_eddsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 599 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_CRYPTO_EddsaPrivateKey::d, GNUNET_assert, GNUNET_OK, GNUNET_SYSERR, pk, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by do_dht_put(), GNUNET_IDENTITY_sign_(), GST_validation_handle_ping(), insert_decrypt_element(), insert_round1_element(), insert_round2_element(), regex_iterator(), send_disconnect(), setup_flood_message(), and sign_ephemeral_key().

603 {
604 
605  size_t mlen = ntohl (purpose->size);
606  unsigned char sk[crypto_sign_SECRETKEYBYTES];
607  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
608  int res;
609 
610  BENCHMARK_START (eddsa_sign);
611  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
612  res = crypto_sign_detached ((uint8_t *) sig,
613  NULL,
614  (uint8_t *) purpose,
615  mlen,
616  sk);
617  BENCHMARK_END (eddsa_sign);
618  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
619 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static int res
struct GNUNET_IDENTITY_PrivateKey pk
Private key from command line option, or NULL.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_sign_()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_ ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EcdsaSignature sig 
)

ECDSA Sign a given block.

The purpose data is the beginning of the data of which the signature is to be created. The size field in purpose must correctly indicate the number of bytes of the data structure, including its header. If possible, use GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
privprivate key to use for the signing
purposewhat to sign (size, purpose)
[out]sigwhere to write the signature
Returns
GNUNET_SYSERR on error, GNUNET_OK on success

Definition at line 549 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, data, data_to_ecdsa_value(), decode_private_ecdsa_key(), GNUNET_break, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_ERROR_TYPE_WARNING, GNUNET_OK, GNUNET_SYSERR, key_from_sexp(), LOG, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_create_ecdsa(), GNUNET_FS_publish_ublock_(), and GNUNET_IDENTITY_sign_().

553 {
554  gcry_sexp_t priv_sexp;
555  gcry_sexp_t sig_sexp;
556  gcry_sexp_t data;
557  int rc;
558  gcry_mpi_t rs[2];
559 
560  BENCHMARK_START (ecdsa_sign);
561 
562  priv_sexp = decode_private_ecdsa_key (priv);
563  data = data_to_ecdsa_value (purpose);
564  if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp)))
565  {
567  _ ("ECC signing failed at %s:%d: %s\n"),
568  __FILE__,
569  __LINE__,
570  gcry_strerror (rc));
571  gcry_sexp_release (data);
572  gcry_sexp_release (priv_sexp);
573  return GNUNET_SYSERR;
574  }
575  gcry_sexp_release (priv_sexp);
576  gcry_sexp_release (data);
577 
578  /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in
579  'signature' */
580  if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs")))
581  {
582  GNUNET_break (0);
583  gcry_sexp_release (sig_sexp);
584  return GNUNET_SYSERR;
585  }
586  gcry_sexp_release (sig_sexp);
587  GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]);
588  GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]);
589  gcry_mpi_release (rs[0]);
590  gcry_mpi_release (rs[1]);
591 
592  BENCHMARK_END (ecdsa_sign);
593 
594  return GNUNET_OK;
595 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define _(String)
GNU gettext support macro.
Definition: platform.h:178
#define LOG(kind,...)
Definition: crypto_ecc.c:61
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:512
unsigned char s[256/8]
S value.
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_ecc.c:96
static gcry_sexp_t decode_private_ecdsa_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv)
Convert the given private key from the network format to the S-expression that can be used by libgcry...
Definition: crypto_ecc.c:154
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_verify_()

int GNUNET_CRYPTO_eddsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EddsaSignature sig,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Verify EdDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 682 of file crypto_ecc.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_OK, GNUNET_SYSERR, m, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EddsaPublicKey::q_y, res, and GNUNET_CRYPTO_EccSignaturePurpose::size.

Referenced by block_plugin_dns_evaluate(), evaluate_block_regex_accept(), GNUNET_GNSRECORD_block_verify(), GNUNET_IDENTITY_signature_verify_(), GST_neighbours_handle_disconnect_message(), GST_validation_handle_pong(), handle_ephemeral_key(), keygen_round1_new_element(), keygen_round2_new_element(), and verify_message_crypto().

687 {
688  const unsigned char *m = (const void *) validate;
689  size_t mlen = ntohl (validate->size);
690  const unsigned char *s = (const void *) sig;
691 
692  int res;
693 
694  if (purpose != ntohl (validate->purpose))
695  return GNUNET_SYSERR; /* purpose mismatch */
696 
697  BENCHMARK_START (eddsa_verify);
698  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
699  BENCHMARK_END (eddsa_verify);
700  return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
701 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static struct GNUNET_ARM_MonitorHandle * m
Monitor connection with ARM.
Definition: gnunet-arm.c:104
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!)...
static int res
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_verify_()

int GNUNET_CRYPTO_ecdsa_verify_ ( uint32_t  purpose,
const struct GNUNET_CRYPTO_EccSignaturePurpose validate,
const struct GNUNET_CRYPTO_EcdsaSignature sig,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Verify ECDSA signature.

The validate data is the beginning of the data of which the signature is to be verified. The size field in validate must correctly indicate the number of bytes of the data structure, including its header. If purpose does not match the purpose given in validate (the latter must be in big endian), signature verification fails. If possible, use GNUNET_CRYPTO_eddsa_verify() instead of this function (only if validate is not fixed-size, you must use this function directly).

Parameters
purposewhat is the purpose that the signature should have?
validateblock to validate (size, purpose, data)
sigsignature that is being validated
pubpublic key of the signer
Returns
GNUNET_OK if ok, GNUNET_SYSERR if invalid

Definition at line 623 of file crypto_ecc.c.

References _, BENCHMARK_END, BENCHMARK_START, CURVE, data, data_to_ecdsa_value(), GNUNET_ERROR_TYPE_ERROR, GNUNET_ERROR_TYPE_INFO, GNUNET_OK, GNUNET_SYSERR, LOG, LOG_GCRY, GNUNET_CRYPTO_EccSignaturePurpose::purpose, GNUNET_CRYPTO_EcdsaPublicKey::q_y, GNUNET_CRYPTO_EcdsaSignature::r, and GNUNET_CRYPTO_EcdsaSignature::s.

Referenced by block_plugin_fs_evaluate(), GNUNET_GNSRECORD_block_verify(), and GNUNET_IDENTITY_signature_verify_().

628 {
629  gcry_sexp_t data;
630  gcry_sexp_t sig_sexpr;
631  gcry_sexp_t pub_sexpr;
632  int rc;
633 
634  BENCHMARK_START (ecdsa_verify);
635 
636  if (purpose != ntohl (validate->purpose))
637  return GNUNET_SYSERR; /* purpose mismatch */
638 
639  /* build s-expression for signature */
640  if (0 != (rc = gcry_sexp_build (&sig_sexpr,
641  NULL,
642  "(sig-val(ecdsa(r %b)(s %b)))",
643  (int) sizeof(sig->r),
644  sig->r,
645  (int) sizeof(sig->s),
646  sig->s)))
647  {
648  LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
649  return GNUNET_SYSERR;
650  }
651  data = data_to_ecdsa_value (validate);
652  if (0 != (rc = gcry_sexp_build (&pub_sexpr,
653  NULL,
654  "(public-key(ecc(curve " CURVE ")(q %b)))",
655  (int) sizeof(pub->q_y),
656  pub->q_y)))
657  {
658  gcry_sexp_release (data);
659  gcry_sexp_release (sig_sexpr);
660  return GNUNET_SYSERR;
661  }
662  rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr);
663  gcry_sexp_release (pub_sexpr);
664  gcry_sexp_release (data);
665  gcry_sexp_release (sig_sexpr);
666  if (0 != rc)
667  {
669  _ ("ECDSA signature verification failed at %s:%d: %s\n"),
670  __FILE__,
671  __LINE__,
672  gcry_strerror (rc));
673  BENCHMARK_END (ecdsa_verify);
674  return GNUNET_SYSERR;
675  }
676  BENCHMARK_END (ecdsa_verify);
677  return GNUNET_OK;
678 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
unsigned char r[256/8]
R value.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
#define _(String)
GNU gettext support macro.
Definition: platform.h:178
#define LOG(kind,...)
Definition: crypto_ecc.c:61
#define LOG_GCRY(level, cmd, rc)
Log an error message at log-level &#39;level&#39; that indicates a failure of the command &#39;cmd&#39; with the mess...
Definition: crypto_ecc.c:74
static gcry_sexp_t data_to_ecdsa_value(const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose)
Convert the data specified in the given purpose argument to an S-expression suitable for signature op...
Definition: crypto_ecc.c:512
unsigned char s[256/8]
S value.
#define CURVE
IMPLEMENTATION NOTICE:
Definition: crypto_ecc.c:59
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_private_key_derive()

struct GNUNET_CRYPTO_EcdsaPrivateKey* GNUNET_CRYPTO_ecdsa_private_key_derive ( const struct GNUNET_CRYPTO_EcdsaPrivateKey priv,
const char *  label,
const char *  context 
)

Derive a private key from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
Returns
derived private key

Definition at line 179 of file crypto_ecc_gnsrecord.c.

References ctx, CURVE, GNUNET_CRYPTO_EcdsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), GNUNET_new, h, and ret.

Referenced by block_create_ecdsa(), and GNUNET_FS_publish_ublock_().

183 {
186  struct GNUNET_HashCode hc;
187  uint8_t dc[32];
188  gcry_mpi_t h;
189  gcry_mpi_t x;
190  gcry_mpi_t d;
191  gcry_mpi_t n;
192  gcry_ctx_t ctx;
193 
194  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
195 
196  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
198 
199  derive_h (&pub, sizeof (pub), label, context, &hc);
200  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
201 
202  /* Convert to big endian for libgcrypt */
203  for (size_t i = 0; i < 32; i++)
204  dc[i] = priv->d[31 - i];
205  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc));
206  d = gcry_mpi_new (256);
207  gcry_mpi_mulm (d, h, x, n);
208  gcry_mpi_release (h);
209  gcry_mpi_release (x);
210  gcry_mpi_release (n);
211  gcry_ctx_release (ctx);
213  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
214  /* Convert to big endian for libgcrypt */
215  for (size_t i = 0; i < 32; i++)
216  ret->d[i] = dc[31 - i];
217  sodium_memzero (dc, sizeof(dc));
218  gcry_mpi_release (d);
219  return ret;
220 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Private ECC key encoded for transmission.
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static pa_context * context
Pulseaudio context.
void derive_h(const void *pub, size_t pubsize, const char *label, const char *context, struct GNUNET_HashCode *hc)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
#define CURVE
A 512-bit hashcode.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:186
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
static struct GNUNET_FS_DownloadContext * dc
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_ecdsa_public_key_derive()

void GNUNET_CRYPTO_ecdsa_public_key_derive ( const struct GNUNET_CRYPTO_EcdsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EcdsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 224 of file crypto_ecc_gnsrecord.c.

References ctx, CURVE, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, q, and GNUNET_CRYPTO_EcdsaPublicKey::q_y.

Referenced by GNUNET_FS_search_start_searching_(), GNUNET_FS_unindex_do_remove_kblocks_(), GNUNET_GNSRECORD_query_from_public_key(), and schedule_transmit_search_request().

229 {
230  struct GNUNET_HashCode hc;
231  gcry_ctx_t ctx;
232  gcry_mpi_t q_y;
233  gcry_mpi_t h;
234  gcry_mpi_t n;
235  gcry_mpi_t h_mod_n;
236  gcry_mpi_point_t q;
237  gcry_mpi_point_t v;
238 
239  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE));
240 
241  /* obtain point 'q' from original public key. The provided 'q' is
242  compressed thus we first store it in the context and then get it
243  back as a (decompresssed) point. */
244  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
245  GNUNET_assert (NULL != q_y);
246  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
247  gcry_mpi_release (q_y);
248  q = gcry_mpi_ec_get_point ("q", ctx, 0);
249  GNUNET_assert (q);
250 
251  /* calculate h_mod_n = h % n */
252  derive_h (pub, sizeof (*pub), label, context, &hc);
253  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
254  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
255  h_mod_n = gcry_mpi_new (256);
256  gcry_mpi_mod (h_mod_n, h, n);
257  /* calculate v = h_mod_n * q */
258  v = gcry_mpi_point_new (0);
259  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
260  gcry_mpi_release (h_mod_n);
261  gcry_mpi_release (h);
262  gcry_mpi_release (n);
263  gcry_mpi_point_release (q);
264 
265  /* convert point 'v' to public key that we return */
266  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
267  gcry_mpi_point_release (v);
268  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
269  GNUNET_assert (q_y);
270  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
271  gcry_mpi_release (q_y);
272  gcry_ctx_release (ctx);
273 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
unsigned char q_y[256/8]
Q consists of an x- and a y-value, each mod p (256 bits), given here in affine coordinates and Ed2551...
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static pa_context * context
Pulseaudio context.
void derive_h(const void *pub, size_t pubsize, const char *label, const char *context, struct GNUNET_HashCode *hc)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
#define CURVE
A 512-bit hashcode.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_private_key_derive()

void GNUNET_CRYPTO_eddsa_private_key_derive ( const struct GNUNET_CRYPTO_EddsaPrivateKey priv,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EddsaPrivateScalar result 
)

Derive a private scalar from a given private key and a label.

Essentially calculates a private key 'h = H(l,P) * d mod n' where n is the size of the ECC group and P is the public key associated with the private key 'd'. The result is the derived private scalar, not the private key as for EdDSA we cannot derive before we hash the private key.

Parameters
privoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
resultderived private scalar

Libsodium does not offer an API with arbitrary arithmetic. Hence we have to use libgcrypt here.

Get our modulo

This is the standard private key expansion in Ed25519. The first 32 octets are used as a little-endian private scalar. We derive this scalar using our "h".

Get h mod n

dc now contains the private scalar "a". We carefully remove the clamping and derive a'. Calculate: a1 := a / 8 a2 := h * a1 mod n a' := a2 * 8 mod n

Note that we copy all of SHA512(d) into the result and then overwrite the derived private scalar. This means that we re-use SHA512(d)[32..63] FIXME: Do we want to derive this part as well??

Definition at line 277 of file crypto_ecc_gnsrecord.c.

References ctx, GNUNET_CRYPTO_EddsaPrivateKey::d, dc, derive_h(), GNUNET_assert, GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, and GNUNET_CRYPTO_EddsaPrivateScalar::s.

Referenced by block_create_eddsa().

282 {
284  struct GNUNET_HashCode hc;
285  uint8_t dc[32];
286  unsigned char sk[64];
287  gcry_mpi_t h;
288  gcry_mpi_t h_mod_n;
289  gcry_mpi_t x;
290  gcry_mpi_t d;
291  gcry_mpi_t n;
292  gcry_mpi_t a1;
293  gcry_mpi_t a2;
294  gcry_ctx_t ctx;
295 
300  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, "Ed25519"));
301 
305  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
307 
314  crypto_hash_sha512 (sk, priv->d, 32);
315  sk[0] &= 248;
316  sk[31] &= 127;
317  sk[31] |= 64;
318 
322  derive_h (&pub, sizeof (pub), label, context, &hc);
323  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
324  h_mod_n = gcry_mpi_new (256);
325  gcry_mpi_mod (h_mod_n, h, n);
326  /* Convert scalar to big endian for libgcrypt */
327  for (size_t i = 0; i < 32; i++)
328  dc[i] = sk[31 - i];
329 
338  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc)); // a
339  a1 = gcry_mpi_new (256);
340  gcry_mpi_t eight = gcry_mpi_set_ui (NULL, 8);
341  gcry_mpi_div (a1, NULL, x, eight, 0); // a1 := a / 8
342  a2 = gcry_mpi_new (256);
343  gcry_mpi_mulm (a2, h_mod_n, a1, n); // a2 := h * a1 mod n
344  d = gcry_mpi_new (256);
345  gcry_mpi_mul (d, a2, eight); // a' := a2 * 8
346  gcry_mpi_release (h);
347  gcry_mpi_release (x);
348  gcry_mpi_release (n);
349  gcry_mpi_release (a1);
350  gcry_mpi_release (a2);
351  gcry_ctx_release (ctx);
352  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
359  memcpy (result->s, sk, sizeof (sk));
360  /* Convert to little endian for libsodium */
361  for (size_t i = 0; i < 32; i++)
362  result->s[i] = dc[31 - i];
363 
364  sodium_memzero (dc, sizeof(dc));
365  gcry_mpi_release (d);
366 }
unsigned char d[256/8]
d is a value mod n, where n has at most 256 bits.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static pa_context * context
Pulseaudio context.
void derive_h(const void *pub, size_t pubsize, const char *label, const char *context, struct GNUNET_HashCode *hc)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
A 512-bit hashcode.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
unsigned char s[512/8]
s is the expandedprivate 512-bit scalar of a private key.
static struct GNUNET_FS_DownloadContext * dc
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_public_key_derive()

void GNUNET_CRYPTO_eddsa_public_key_derive ( const struct GNUNET_CRYPTO_EddsaPublicKey pub,
const char *  label,
const char *  context,
struct GNUNET_CRYPTO_EddsaPublicKey result 
)

Derive a public key from a given public key and a label.

Essentially calculates a public key 'V = H(l,P) * P'.

Parameters
puboriginal public key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'. typically the name of the subsystem/application
resultwhere to write the derived public key

Definition at line 370 of file crypto_ecc_gnsrecord.c.

References ctx, derive_h(), GNUNET_assert, GNUNET_CRYPTO_mpi_print_unsigned(), GNUNET_CRYPTO_mpi_scan_unsigned(), h, q, and GNUNET_CRYPTO_EddsaPublicKey::q_y.

Referenced by GNUNET_GNSRECORD_query_from_public_key().

375 {
376  struct GNUNET_HashCode hc;
377  gcry_ctx_t ctx;
378  gcry_mpi_t q_y;
379  gcry_mpi_t h;
380  gcry_mpi_t n;
381  gcry_mpi_t h_mod_n;
382  gcry_mpi_point_t q;
383  gcry_mpi_point_t v;
384 
385  GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, "Ed25519"));
386 
387  /* obtain point 'q' from original public key. The provided 'q' is
388  compressed thus we first store it in the context and then get it
389  back as a (decompresssed) point. */
390  q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y));
391  GNUNET_assert (NULL != q_y);
392  GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx));
393  gcry_mpi_release (q_y);
394  q = gcry_mpi_ec_get_point ("q", ctx, 0);
395  GNUNET_assert (q);
396 
397  /* calculate h_mod_n = h % n */
398  derive_h (pub, sizeof (*pub), label, context, &hc);
399  GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc));
400 
401  n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
402  h_mod_n = gcry_mpi_new (256);
403  gcry_mpi_mod (h_mod_n, h, n);
404 
405  /* calculate v = h_mod_n * q */
406  v = gcry_mpi_point_new (0);
407  gcry_mpi_ec_mul (v, h_mod_n, q, ctx);
408  gcry_mpi_release (h_mod_n);
409  gcry_mpi_release (h);
410  gcry_mpi_release (n);
411  gcry_mpi_point_release (q);
412 
413  /* convert point 'v' to public key that we return */
414  GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx));
415  gcry_mpi_point_release (v);
416  q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0);
417  GNUNET_assert (q_y);
418  GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y);
419  gcry_mpi_release (q_y);
420  gcry_ctx_release (ctx);
421 
422 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
void GNUNET_CRYPTO_mpi_print_unsigned(void *buf, size_t size, gcry_mpi_t val)
Output the given MPI value to the given buffer in network byte order.
Definition: crypto_mpi.c:78
static struct GNUNET_ARM_Handle * h
Connection with ARM.
Definition: gnunet-arm.c:99
static struct GNUNET_DNSSTUB_Context * ctx
Context for DNS resolution.
static pa_context * context
Pulseaudio context.
void derive_h(const void *pub, size_t pubsize, const char *label, const char *context, struct GNUNET_HashCode *hc)
Derive the &#39;h&#39; value for key derivation, where &#39;h = H(l,P)&#39;.
A 512-bit hashcode.
static struct GNUNET_REVOCATION_Query * q
Handle for revocation query.
void GNUNET_CRYPTO_mpi_scan_unsigned(gcry_mpi_t *result, const void *data, size_t size)
Convert data buffer into MPI value.
Definition: crypto_mpi.c:131
unsigned char q_y[256/8]
Point Q consists of a y-value mod p (256 bits); the x-value is always positive.
Here is the call graph for this function:
Here is the caller graph for this function: