GNUnet  0.11.x
gnsrecord_crypto.c
Go to the documentation of this file.
1 /*
2  This file is part of GNUnet.
3  Copyright (C) 2009-2013, 2018 GNUnet e.V.
4 
5  GNUnet is free software: you can redistribute it and/or modify it
6  under the terms of the GNU Affero General Public License as published
7  by the Free Software Foundation, either version 3 of the License,
8  or (at your option) any later version.
9 
10  GNUnet is distributed in the hope that it will be useful, but
11  WITHOUT ANY WARRANTY; without even the implied warranty of
12  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  Affero General Public License for more details.
14 
15  You should have received a copy of the GNU Affero General Public License
16  along with this program. If not, see <http://www.gnu.org/licenses/>.
17 
18  SPDX-License-Identifier: AGPL3.0-or-later
19  */
20 
28 #include "platform.h"
29 #include "gnunet_util_lib.h"
30 #include "gnunet_constants.h"
31 #include "gnunet_signatures.h"
32 #include "gnunet_arm_service.h"
33 #include "gnunet_gnsrecord_lib.h"
34 #include "gnunet_dnsparser_lib.h"
35 #include "gnunet_tun_lib.h"
36 
37 
38 #define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)
39 
40 ssize_t
42  const void *block,
43  size_t size,
44  const unsigned char *key,
45  const unsigned char *ctr,
46  void *result)
47 {
48  gcry_cipher_hd_t handle;
49  int rc;
50 
51  GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
52  GCRY_CIPHER_MODE_CTR, 0));
53  rc = gcry_cipher_setkey (handle,
54  key,
56  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
57  rc = gcry_cipher_setctr (handle,
58  ctr,
60  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
61  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, block, size));
62  gcry_cipher_close (handle);
63  return size;
64 }
65 
66 
67 ssize_t
69  const void *block,
70  size_t size,
71  const unsigned char *key,
72  const unsigned char *ctr,
73  void *result)
74 {
75  gcry_cipher_hd_t handle;
76  int rc;
77 
78  GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
79  GCRY_CIPHER_MODE_CTR, 0));
80  rc = gcry_cipher_setkey (handle,
81  key,
83  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
84  rc = gcry_cipher_setctr (handle,
85  ctr,
87  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
88  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, block, size));
89  gcry_cipher_close (handle);
90  return size;
91 }
92 
93 
96  const void *block,
97  size_t size,
98  const unsigned char *key,
99  const unsigned char *nonce,
100  void *result)
101 {
102  ssize_t ctlen = size - crypto_secretbox_MACBYTES;
103  if (ctlen < 0)
104  return GNUNET_SYSERR;
105  if (0 != crypto_secretbox_open_detached (result,
106  block, // Ciphertext
107  ((unsigned char*)block) + ctlen, // TAG
108  ctlen,
109  nonce, key))
110  {
111  return GNUNET_SYSERR;
112  }
113  return GNUNET_OK;
114 }
115 
116 
119  const void *block,
120  size_t size,
121  const unsigned char *key,
122  const unsigned char *nonce,
123  void *result)
124 {
125  if (size > crypto_secretbox_MESSAGEBYTES_MAX)
126  return GNUNET_SYSERR;
127  crypto_secretbox_detached (result, // Ciphertext
128  result + size, // TAG
129  block, size, nonce, key);
130  return GNUNET_OK;
131 }
132 
133 
142 static void
143 derive_block_aes_key (unsigned char *ctr,
144  unsigned char *key,
145  const char *label,
146  uint64_t exp,
147  const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
148 {
149  static const char ctx_key[] = "gns-aes-ctx-key";
150  static const char ctx_iv[] = "gns-aes-ctx-iv";
151 
153  ctx_key, strlen (ctx_key),
154  pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
155  label, strlen (label),
156  NULL, 0);
157  memset (ctr, 0, GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
159  GNUNET_CRYPTO_kdf (ctr, 4,
160  ctx_iv, strlen (ctx_iv),
161  pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
162  label, strlen (label),
163  NULL, 0);
165  memcpy (ctr + 4, &exp, sizeof (exp));
167  ctr[15] |= 0x01;
168 }
169 
170 
179 static void
180 derive_block_xsalsa_key (unsigned char *nonce,
181  unsigned char *key,
182  const char *label,
183  uint64_t exp,
184  const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
185 {
186  static const char ctx_key[] = "gns-aes-ctx-key";
187  static const char ctx_iv[] = "gns-aes-ctx-iv";
188 
189  GNUNET_CRYPTO_kdf (key, crypto_secretbox_KEYBYTES,
190  ctx_key, strlen (ctx_key),
191  pub, sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
192  label, strlen (label),
193  NULL, 0);
194  memset (nonce, 0, crypto_secretbox_NONCEBYTES);
196  GNUNET_CRYPTO_kdf (nonce, (crypto_secretbox_NONCEBYTES - sizeof (exp)),
197  ctx_iv, strlen (ctx_iv),
198  pub, sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
199  label, strlen (label),
200  NULL, 0);
202  memcpy (nonce + (crypto_secretbox_NONCEBYTES - sizeof (exp)),
203  &exp, sizeof (exp));
204 }
205 
206 
218 static struct GNUNET_GNSRECORD_Block *
220  const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey,
222  const char *label,
223  const struct GNUNET_GNSRECORD_Data *rd,
224  unsigned int rd_count)
225 {
226  ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
227  rd);
228  struct GNUNET_GNSRECORD_Block *block;
229  struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
230  struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey;
231  unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
232  unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
233  struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
234  uint32_t rd_count_nbo;
235  struct GNUNET_TIME_Absolute now;
236 
237  if (payload_len < 0)
238  {
239  GNUNET_break (0);
240  return NULL;
241  }
242  if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
243  {
244  GNUNET_break (0);
245  return NULL;
246  }
247  /* convert relative to absolute times */
248  now = GNUNET_TIME_absolute_get ();
249  for (unsigned int i = 0; i < rd_count; i++)
250  {
251  rdc[i] = rd[i];
252  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
253  {
254  struct GNUNET_TIME_Relative t;
255 
256  /* encrypted blocks must never have relative expiration times, convert! */
258  t.rel_value_us = rdc[i].expiration_time;
260  }
261  }
262  /* serialize */
263  rd_count_nbo = htonl (rd_count);
264  {
265  char payload[sizeof(uint32_t) + payload_len];
266 
268  &rd_count_nbo,
269  sizeof(uint32_t));
270  GNUNET_assert (payload_len ==
272  rdc,
273  payload_len,
274  &payload[sizeof(uint32_t)
275  ]));
276  block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block)
277  + sizeof(uint32_t)
278  + payload_len);
279  ecblock = &block->ecdsa_block;
280  block->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
281  ecblock->purpose.size = htonl (sizeof(uint32_t)
282  + payload_len
283  + sizeof(struct
285  + sizeof(struct GNUNET_TIME_AbsoluteNBO));
288  /* encrypt and sign */
290  label,
291  "gns");
293  &ecblock->derived_key);
295  skey,
296  label,
298  pkey);
299  GNUNET_break (payload_len + sizeof(uint32_t) ==
301  payload_len
302  + sizeof(uint32_t),
303  skey,
304  ctr,
305  &ecblock[1]));
306  }
307  if (GNUNET_OK !=
309  &ecblock->purpose,
310  &ecblock->signature))
311  {
312  GNUNET_break (0);
313  GNUNET_free (dkey);
314  GNUNET_free (block);
315  return NULL;
316  }
317  GNUNET_free (dkey);
318  return block;
319 }
320 
321 
333 static struct GNUNET_GNSRECORD_Block *
335  const struct GNUNET_CRYPTO_EddsaPublicKey *pkey,
337  const char *label,
338  const struct GNUNET_GNSRECORD_Data *rd,
339  unsigned int rd_count)
340 {
341  ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
342  rd);
343  struct GNUNET_GNSRECORD_Block *block;
344  struct GNUNET_GNSRECORD_EddsaBlock *edblock;
346  unsigned char nonce[crypto_secretbox_NONCEBYTES];
347  unsigned char skey[crypto_secretbox_KEYBYTES];
348  struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
349  uint32_t rd_count_nbo;
350  struct GNUNET_TIME_Absolute now;
351 
352  if (payload_len < 0)
353  {
354  GNUNET_break (0);
355  return NULL;
356  }
357  if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
358  {
359  GNUNET_break (0);
360  return NULL;
361  }
362  /* convert relative to absolute times */
363  now = GNUNET_TIME_absolute_get ();
364  for (unsigned int i = 0; i < rd_count; i++)
365  {
366  rdc[i] = rd[i];
367  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
368  {
369  struct GNUNET_TIME_Relative t;
370 
371  /* encrypted blocks must never have relative expiration times, convert! */
373  t.rel_value_us = rdc[i].expiration_time;
375  }
376  }
377  /* serialize */
378  rd_count_nbo = htonl (rd_count);
379  {
380  char payload[sizeof(uint32_t) + payload_len];
381 
383  &rd_count_nbo,
384  sizeof(uint32_t));
385  GNUNET_assert (payload_len ==
387  rdc,
388  payload_len,
389  &payload[sizeof(uint32_t)
390  ]));
391  block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block)
392  + sizeof(uint32_t)
393  + payload_len
394  + crypto_secretbox_MACBYTES);
395  edblock = &block->eddsa_block;
396  block->type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY);
397  edblock->purpose.size = htonl (sizeof(uint32_t)
398  + payload_len
399  + sizeof(struct
401  + sizeof(struct GNUNET_TIME_AbsoluteNBO)
402  + crypto_secretbox_MACBYTES);
405  /* encrypt and sign */
407  label,
408  "gns",
409  &dkey);
411  &edblock->derived_key);
413  skey,
414  label,
416  pkey);
419  payload_len
420  + sizeof(uint32_t),
421  skey,
422  nonce,
423  &edblock[1]));
424  }
426  &edblock->purpose,
427  &edblock->signature);
428  return block;
429 }
430 
431 
442 struct GNUNET_GNSRECORD_Block *
445  const char *label,
446  const struct GNUNET_GNSRECORD_Data *rd,
447  unsigned int rd_count)
448 {
451  &pkey);
452  switch (ntohl (key->type))
453  {
455  return block_create_ecdsa (&key->ecdsa_key,
456  &pkey.ecdsa_key,
457  expire,
458  label,
459  rd,
460  rd_count);
462  return block_create_eddsa (&key->eddsa_key,
463  &pkey.eddsa_key,
464  expire,
465  label,
466  rd,
467  rd_count);
468  default:
469  GNUNET_assert (0);
470  }
471  return NULL;
472 }
473 
474 
479 {
484 
489 };
490 
491 
504 struct GNUNET_GNSRECORD_Block *
507  const char *label,
508  const struct GNUNET_GNSRECORD_Data *rd,
509  unsigned int rd_count)
510 {
511  const struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
512  struct GNUNET_CRYPTO_EddsaPublicKey edpubkey;
513 
514  if (GNUNET_IDENTITY_TYPE_ECDSA == ntohl (pkey->type))
515  {
516  key = &pkey->ecdsa_key;
517 #define CSIZE 64
518  static struct KeyCacheLine cache[CSIZE];
519  struct KeyCacheLine *line;
520 
521  line = &cache[(*(unsigned int *) key) % CSIZE];
522  if (0 != memcmp (&line->key,
523  key,
524  sizeof(*key)))
525  {
526  /* cache miss, recompute */
527  line->key = *key;
529  &line->pkey);
530  }
531 #undef CSIZE
532  return block_create_ecdsa (key,
533  &line->pkey,
534  expire,
535  label,
536  rd,
537  rd_count);
538  }
539  else if (GNUNET_IDENTITY_TYPE_EDDSA == ntohl (pkey->type))
540  {
542  &edpubkey);
543  return block_create_eddsa (&pkey->eddsa_key,
544  &edpubkey,
545  expire,
546  label,
547  rd,
548  rd_count);
549  }
550  return NULL;
551 }
552 
553 
563 {
564  switch (ntohl (block->type))
565  {
569  &block->ecdsa_block.purpose,
570  &block->ecdsa_block.signature,
571  &block->ecdsa_block.derived_key);
575  &block->eddsa_block.purpose,
576  &block->eddsa_block.signature,
577  &block->eddsa_block.derived_key);
578  default:
579  return GNUNET_NO;
580  }
581 }
582 
583 
586  const struct
588  const char *label,
590  void *proc_cls)
591 {
592  size_t payload_len = ntohl (block->purpose.size)
593  - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
594  - sizeof(struct GNUNET_TIME_AbsoluteNBO);
595  unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
596  unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
597 
598  if (ntohl (block->purpose.size) <
599  sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
600  + sizeof(struct GNUNET_TIME_AbsoluteNBO))
601  {
602  GNUNET_break_op (0);
603  return GNUNET_SYSERR;
604  }
606  key,
607  label,
609  zone_key);
610  {
611  char payload[payload_len];
612  uint32_t rd_count;
613 
614  GNUNET_break (payload_len ==
615  ecdsa_symmetric_decrypt (&block[1], payload_len,
616  key, ctr,
617  payload));
618  GNUNET_memcpy (&rd_count,
619  payload,
620  sizeof(uint32_t));
621  rd_count = ntohl (rd_count);
622  if (rd_count > 2048)
623  {
624  /* limit to sane value */
625  GNUNET_break_op (0);
626  return GNUNET_SYSERR;
627  }
628  {
629  struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
630  unsigned int j;
631  struct GNUNET_TIME_Absolute now;
632 
633  if (GNUNET_OK !=
634  GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof(uint32_t),
635  &payload[sizeof(uint32_t)],
636  rd_count,
637  rd))
638  {
639  GNUNET_break_op (0);
640  return GNUNET_SYSERR;
641  }
642  /* hide expired records */
643  now = GNUNET_TIME_absolute_get ();
644  j = 0;
645  for (unsigned int i = 0; i < rd_count; i++)
646  {
647  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
648  {
649  /* encrypted blocks must never have relative expiration times, skip! */
650  GNUNET_break_op (0);
651  continue;
652  }
653 
654  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))
655  {
656  int include_record = GNUNET_YES;
657  /* Shadow record, figure out if we have a not expired active record */
658  for (unsigned int k = 0; k < rd_count; k++)
659  {
660  if (k == i)
661  continue;
662  if (rd[i].expiration_time < now.abs_value_us)
663  include_record = GNUNET_NO; /* Shadow record is expired */
664  if ((rd[k].record_type == rd[i].record_type) &&
665  (rd[k].expiration_time >= now.abs_value_us) &&
666  (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)))
667  {
668  include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
670  "Ignoring shadow record\n");
671  break;
672  }
673  }
674  if (GNUNET_YES == include_record)
675  {
676  rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */
677  if (j != i)
678  rd[j] = rd[i];
679  j++;
680  }
681  }
682  else if (rd[i].expiration_time >= now.abs_value_us)
683  {
684  /* Include this record */
685  if (j != i)
686  rd[j] = rd[i];
687  j++;
688  }
689  else
690  {
691  struct GNUNET_TIME_Absolute at;
692 
693  at.abs_value_us = rd[i].expiration_time;
695  "Excluding record that expired %s (%llu ago)\n",
697  (unsigned long long) rd[i].expiration_time
698  - now.abs_value_us);
699  }
700  }
701  rd_count = j;
702  if (NULL != proc)
703  proc (proc_cls,
704  rd_count,
705  (0 != rd_count) ? rd : NULL);
706  }
707  }
708  return GNUNET_OK;
709 }
710 
711 
714  const struct
716  const char *label,
718  void *proc_cls)
719 {
720  size_t payload_len = ntohl (block->purpose.size)
721  - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
722  - sizeof(struct GNUNET_TIME_AbsoluteNBO);
723  unsigned char nonce[crypto_secretbox_NONCEBYTES];
724  unsigned char key[crypto_secretbox_KEYBYTES];
725 
726  if (ntohl (block->purpose.size) <
727  sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
728  + sizeof(struct GNUNET_TIME_AbsoluteNBO))
729  {
730  GNUNET_break_op (0);
731  return GNUNET_SYSERR;
732  }
734  key,
735  label,
737  zone_key);
738  {
739  char payload[payload_len];
740  uint32_t rd_count;
741 
743  eddsa_symmetric_decrypt (&block[1], payload_len,
744  key, nonce,
745  payload));
746  GNUNET_memcpy (&rd_count,
747  payload,
748  sizeof(uint32_t));
749  rd_count = ntohl (rd_count);
750  if (rd_count > 2048)
751  {
752  /* limit to sane value */
753  GNUNET_break_op (0);
754  return GNUNET_SYSERR;
755  }
756  {
757  struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
758  unsigned int j;
759  struct GNUNET_TIME_Absolute now;
760 
761  if (GNUNET_OK !=
762  GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof(uint32_t),
763  &payload[sizeof(uint32_t)],
764  rd_count,
765  rd))
766  {
767  GNUNET_break_op (0);
768  return GNUNET_SYSERR;
769  }
770  /* hide expired records */
771  now = GNUNET_TIME_absolute_get ();
772  j = 0;
773  for (unsigned int i = 0; i < rd_count; i++)
774  {
775  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
776  {
777  /* encrypted blocks must never have relative expiration times, skip! */
778  GNUNET_break_op (0);
779  continue;
780  }
781 
782  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))
783  {
784  int include_record = GNUNET_YES;
785  /* Shadow record, figure out if we have a not expired active record */
786  for (unsigned int k = 0; k < rd_count; k++)
787  {
788  if (k == i)
789  continue;
790  if (rd[i].expiration_time < now.abs_value_us)
791  include_record = GNUNET_NO; /* Shadow record is expired */
792  if ((rd[k].record_type == rd[i].record_type) &&
793  (rd[k].expiration_time >= now.abs_value_us) &&
794  (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)))
795  {
796  include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
798  "Ignoring shadow record\n");
799  break;
800  }
801  }
802  if (GNUNET_YES == include_record)
803  {
804  rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */
805  if (j != i)
806  rd[j] = rd[i];
807  j++;
808  }
809  }
810  else if (rd[i].expiration_time >= now.abs_value_us)
811  {
812  /* Include this record */
813  if (j != i)
814  rd[j] = rd[i];
815  j++;
816  }
817  else
818  {
819  struct GNUNET_TIME_Absolute at;
820 
821  at.abs_value_us = rd[i].expiration_time;
823  "Excluding record that expired %s (%llu ago)\n",
825  (unsigned long long) rd[i].expiration_time
826  - now.abs_value_us);
827  }
828  }
829  rd_count = j;
830  if (NULL != proc)
831  proc (proc_cls,
832  rd_count,
833  (0 != rd_count) ? rd : NULL);
834  }
835  }
836  return GNUNET_OK;
837 }
838 
839 
853  const struct
855  const char *label,
857  void *proc_cls)
858 {
859  switch (ntohl (zone_key->type))
860  {
862  return block_decrypt_ecdsa (&block->ecdsa_block,
863  &zone_key->ecdsa_key, label, proc, proc_cls);
865  return block_decrypt_eddsa (&block->eddsa_block,
866  &zone_key->eddsa_key, label, proc, proc_cls);
867  default:
868  return GNUNET_SYSERR;
869  }
870 }
871 
872 
880 void
883  const char *label,
884  struct GNUNET_HashCode *query)
885 {
887  switch (ntohl (zone->type))
888  {
891 
893  &pub);
895  label,
896  query);
897  break;
898  default:
899  GNUNET_assert (0);
900  }
901 }
902 
903 
912 void
915  const char *label,
916  struct GNUNET_HashCode *query)
917 {
918  struct GNUNET_IDENTITY_PublicKey pd;
919 
920  switch (ntohl (pub->type))
921  {
923  pd.type = pub->type;
925  label,
926  "gns",
927  &pd.ecdsa_key);
929  sizeof (pd.ecdsa_key),
930  query);
931  break;
933  pd.type = pub->type;
935  label,
936  "gns",
937  &(pd.eddsa_key));
939  sizeof (pd.eddsa_key),
940  query);
941  break;
942  default:
943  GNUNET_assert (0);
944  }
945 }
946 
947 
948 /* end of gnsrecord_crypto.c */
static void derive_block_xsalsa_key(unsigned char *nonce, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Derive session key and iv from label and public key.
static struct GNUNET_GNSRECORD_Block * block_create_eddsa(const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
Sign name and records (EDDSA version)
static struct GNUNET_GNSRECORD_Block * block_create_ecdsa(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
Sign name and records.
ssize_t ecdsa_symmetric_encrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
enum GNUNET_GenericReturnValue eddsa_symmetric_encrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
enum GNUNET_GenericReturnValue eddsa_symmetric_decrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
ssize_t ecdsa_symmetric_decrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
enum GNUNET_GenericReturnValue block_decrypt_eddsa(const struct GNUNET_GNSRECORD_EddsaBlock *block, const struct GNUNET_CRYPTO_EddsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
#define CSIZE
static void derive_block_aes_key(unsigned char *ctr, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Derive session key and iv from label and public key.
enum GNUNET_GenericReturnValue block_decrypt_ecdsa(const struct GNUNET_GNSRECORD_EcdsaBlock *block, const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
#define GNUNET_GNSRECORD_TYPE_PKEY
WARNING: This header is generated! In order to add GNS record types, you must register them in GANA,...
#define GNUNET_GNSRECORD_TYPE_EDKEY
Record type for EDKEY zone delegations.
static char * line
Desired phone line (string to be converted to a hash).
struct GNUNET_HashCode key
The key used in the DHT.
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
static char * pkey
Public key of the zone to look in, in ASCII.
static char * zone
Name of the zone being managed.
static const struct GNUNET_IDENTITY_PrivateKey * zone_key
Private key of the zone.
static int result
Global testing status.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
static unsigned long long payload
How much data are we currently storing in the database?
static struct GNUNET_CONTAINER_MultiHashMap32 * cache
Hashmap to maintain cache.
static void expire(void *cls)
Expire a PooledConnection object.
static struct GNUNET_SCHEDULER_Task * t
Main task.
#define GNUNET_log(kind,...)
#define GNUNET_NZL(l)
Macro used to avoid using 0 for the length of a variable-size array (Non-Zero-Length).
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:92
@ GNUNET_OK
Definition: gnunet_common.h:95
@ GNUNET_YES
Definition: gnunet_common.h:97
@ GNUNET_NO
Definition: gnunet_common.h:94
@ GNUNET_SYSERR
Definition: gnunet_common.h:93
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)
void GNUNET_CRYPTO_eddsa_key_get_public_from_scalar(const struct GNUNET_CRYPTO_EddsaPrivateScalar *s, struct GNUNET_CRYPTO_EddsaPublicKey *pkey)
Extract the public key of the given private scalar.
void GNUNET_CRYPTO_eddsa_sign_with_scalar(const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
This is a signature function for EdDSA which takes the secret scalar sk instead of the private seed w...
void GNUNET_CRYPTO_ecdsa_public_key_derive(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
Derive a public key from a given public key and a label.
int GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:682
void GNUNET_CRYPTO_eddsa_private_key_derive(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPrivateScalar *result)
Derive a private scalar from a given private key and a label.
int GNUNET_CRYPTO_ecdsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Verify ECDSA signature.
Definition: crypto_ecc.c:623
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition: crypto_ecc.c:549
void GNUNET_CRYPTO_eddsa_public_key_derive(const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
Derive a public key from a given public key and a label.
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:186
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_private_key_derive(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
Derive a private key from a given private key and a label.
void GNUNET_GNSRECORD_query_from_private_key(const struct GNUNET_IDENTITY_PrivateKey *zone, const char *label, struct GNUNET_HashCode *query)
Calculate the DHT query for a given label in a given zone.
void GNUNET_GNSRECORD_query_from_public_key(const struct GNUNET_IDENTITY_PublicKey *pub, const char *label, struct GNUNET_HashCode *query)
Calculate the DHT query for a given label in a given zone.
#define GNUNET_GNSRECORD_MAX_BLOCK_SIZE
Maximum size of a value that can be stored in a GNS block.
int GNUNET_GNSRECORD_records_deserialize(size_t len, const char *src, unsigned int rd_count, struct GNUNET_GNSRECORD_Data *dest)
Deserialize the given records to the given destination.
ssize_t GNUNET_GNSRECORD_records_serialize(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd, size_t dest_size, char *dest)
Serialize the given records to the given destination buffer.
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_decrypt(const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_IDENTITY_PublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
Decrypt block.
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_verify(const struct GNUNET_GNSRECORD_Block *block)
Check if a signature is valid.
void(* GNUNET_GNSRECORD_RecordCallback)(void *cls, unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd)
Process a records that were decrypted from a block.
GNUNET_NETWORK_STRUCT_END ssize_t GNUNET_GNSRECORD_records_get_size(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd)
Calculate how many bytes we will need to serialize the given records.
struct GNUNET_GNSRECORD_Block * GNUNET_GNSRECORD_block_create(const struct GNUNET_IDENTITY_PrivateKey *key, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
Sign name and records.
struct GNUNET_GNSRECORD_Block * GNUNET_GNSRECORD_block_create2(const struct GNUNET_IDENTITY_PrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
Sign name and records, cache derived public key (also keeps the private key in static memory,...
@ GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION
This expiration time of the record is a relative time (not an absolute time).
@ GNUNET_GNSRECORD_RF_SHADOW_RECORD
This record should not be used unless all (other) records with an absolute expiration time have expir...
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:90
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_key_get_public(const struct GNUNET_IDENTITY_PrivateKey *privkey, struct GNUNET_IDENTITY_PublicKey *key)
Retrieves the public key representation of a private key.
Definition: identity_api.c:175
@ GNUNET_IDENTITY_TYPE_ECDSA
The identity type.
@ GNUNET_IDENTITY_TYPE_EDDSA
EDDSA identity.
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
@ GNUNET_ERROR_TYPE_INFO
#define GNUNET_malloc(size)
Wrapper around malloc.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN
Signature of a gnunet naming system record block.
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:86
const char * GNUNET_STRINGS_absolute_time_to_string(struct GNUNET_TIME_Absolute t)
Like asctime, except for GNUnet time.
Definition: strings.c:604
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:277
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition: time.c:464
static unsigned int size
Size of the "table".
Definition: peer.c:67
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Private ECC key encoded for transmission.
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
Private ECC key encoded for transmission.
Private ECC scalar encoded for transmission.
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
struct GNUNET_GNSRECORD_EcdsaBlock ecdsa_block
struct GNUNET_GNSRECORD_EddsaBlock eddsa_block
enum GNUNET_GNSRECORD_Flags flags
Flags for the record.
uint64_t expiration_time
Expiration time for the DNS record.
Information we have in an encrypted block with record data (i.e.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Number of bytes signed; also specifies the number of bytes of encrypted data that follow.
struct GNUNET_CRYPTO_EcdsaSignature signature
Signature of the block.
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
struct GNUNET_CRYPTO_EcdsaPublicKey derived_key
Derived key used for signing; hash of this is the query.
Information we have in an encrypted block with record data (i.e.
struct GNUNET_CRYPTO_EddsaPublicKey derived_key
Derived key used for signing; hash of this is the query.
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
struct GNUNET_CRYPTO_EddsaSignature signature
Signature of the block.
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Number of bytes signed; also specifies the number of bytes of encrypted data that follow.
A 512-bit hashcode.
A private key for an identity as per LSD0001.
uint32_t type
Type of public key.
struct GNUNET_CRYPTO_EcdsaPrivateKey ecdsa_key
An ECDSA identity key.
struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_key
AN EdDSA identtiy key.
An identity key as per LSD0001.
uint32_t type
Type of public key.
struct GNUNET_CRYPTO_EcdsaPublicKey ecdsa_key
An ECDSA identity key.
struct GNUNET_CRYPTO_EddsaPublicKey eddsa_key
AN EdDSA identtiy key.
Time for absolute time used by GNUnet, in microseconds and in network byte order.
uint64_t abs_value_us__
The actual value (in network byte order).
Time for absolute times used by GNUnet, in microseconds.
uint64_t abs_value_us
The actual value.
Time for relative time used by GNUnet, in microseconds.
Line in cache mapping private keys to public keys.
struct GNUNET_CRYPTO_EcdsaPublicKey pkey
Associated public key.
struct GNUNET_CRYPTO_EcdsaPrivateKey key
A private key.