GNUnet  0.16.x
Macros | Functions
crypto_ecc_gnsrecord.c File Reference

public key cryptography (ECC) for GNS records (LSD0001) More...

#include "platform.h"
#include <gcrypt.h>
#include <sodium.h>
#include "gnunet_crypto_lib.h"
#include "gnunet_strings_lib.h"
Include dependency graph for crypto_ecc_gnsrecord.c:

Go to the source code of this file.

Macros

#define CURVE   "Ed25519"
 

Functions

void derive_h (const void *pub, size_t pubsize, const char *label, const char *context, struct GNUNET_HashCode *hc)
 Derive the 'h' value for key derivation, where 'h = H(l,P)'. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_derived (const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey, const char *label, const char *context, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
 This is a signature function for EdDSA which takes a private key and derives it using the label and context before signing. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_derived (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
 This is a signature function for ECDSA which takes a private key, derives/blinds it and signs the message. More...
 
struct GNUNET_CRYPTO_EcdsaPrivateKeyGNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
 Derive a private key from a given private key and a label. More...
 
void GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 
void GNUNET_CRYPTO_eddsa_private_key_derive (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPrivateScalar *result)
 Derive a private scalar from a given private key and a label. More...
 
void GNUNET_CRYPTO_eddsa_public_key_derive (const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
 Derive a public key from a given public key and a label. More...
 
void GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pkey)
 Extract the public key of the given private scalar. More...
 

Detailed Description

public key cryptography (ECC) for GNS records (LSD0001)

Author
Christian Grothoff
Florian Dold
Martin Schanzenbach

Definition in file crypto_ecc_gnsrecord.c.

Macro Definition Documentation

◆ CURVE

#define CURVE   "Ed25519"

Definition at line 34 of file crypto_ecc_gnsrecord.c.

Function Documentation

◆ derive_h()

void derive_h ( const void *  pub,
size_t  pubsize,
const char *  label,
const char *  context,
struct GNUNET_HashCode hc 
)

Derive the 'h' value for key derivation, where 'h = H(l,P)'.

Parameters
pubpublic key for deriviation
pubsizethe size of the public key
labellabel for deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
hcwhere to write the result

Definition at line 48 of file crypto_ecc_gnsrecord.c.

53 {
54  static const char *const salt = "key-derivation";
55 
57  sizeof(*hc),
58  salt,
59  strlen (salt),
60  pub,
61  pubsize,
62  label,
63  strlen (label),
64  context,
65  strlen (context),
66  NULL,
67  0);
68 }
static pa_context * context
Pulseaudio context.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
static struct GNUNET_CRYPTO_PowSalt salt
Salt for PoW calcualations.
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:69

Referenced by GNUNET_CRYPTO_ecdsa_private_key_derive(), GNUNET_CRYPTO_ecdsa_public_key_derive(), GNUNET_CRYPTO_eddsa_private_key_derive(), and GNUNET_CRYPTO_eddsa_public_key_derive().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_eddsa_sign_derived()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_derived ( const struct GNUNET_CRYPTO_EddsaPrivateKey pkey,
const char *  label,
const char *  context,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EddsaSignature sig 
)

This is a signature function for EdDSA which takes a private key and derives it using the label and context before signing.

Parameters
pkeyoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
purpthe signature purpose
sigthe resulting signature
Returns
GNUNET_OK on success

Derive the private key

Instead of expanding the private here, we already have the secret scalar as input. Use it. Note that sk is not plain SHA512 (d). sk[0..31] contains the derived private scalar sk[0..31] = h * SHA512 (d)[0..31] sk[32..63] = SHA512 (d)[32..63]

Calculate the derived zone key zk' from the derived private scalar.

Calculate r: r = SHA512 (sk[32..63] | M) where M is our message (purpose). Note that sk[32..63] is the other half of the expansion from the original, non-derived private key "d".

Temporarily put zk into S

Reduce the scalar value r

Calculate R := r * G of the signature

Calculate hram := SHA512 (R | zk' | M)

Reduce the resulting scalar value

Calculate S := r + hram * s mod L

Definition at line 48 of file crypto_ecc_gnsrecord.c.

78 {
80  crypto_hash_sha512_state hs;
81  unsigned char sk[64];
82  unsigned char r[64];
83  unsigned char hram[64];
84  unsigned char R[32];
85  unsigned char zk[32];
86  unsigned char tmp[32];
87 
92  label,
93  context,
94  &priv);
95 
96  crypto_hash_sha512_init (&hs);
97 
106  memcpy (sk, priv.s, 64);
107 
112  crypto_scalarmult_ed25519_base_noclamp (zk,
113  sk);
114 
123  crypto_hash_sha512_update (&hs, sk + 32, 32);
124  crypto_hash_sha512_update (&hs, (uint8_t*) purpose, ntohl (purpose->size));
125  crypto_hash_sha512_final (&hs, r);
126 
130  memcpy (sig->s, zk, 32);
131 
135  unsigned char r_mod[64];
136  crypto_core_ed25519_scalar_reduce (r_mod, r);
137 
141  crypto_scalarmult_ed25519_base_noclamp (R, r_mod);
142  memcpy (sig->r, R, sizeof (R));
143 
148  crypto_hash_sha512_init (&hs);
149  crypto_hash_sha512_update (&hs, (uint8_t*) sig, 64);
150  crypto_hash_sha512_update (&hs, (uint8_t*) purpose,
151  ntohl (purpose->size));
152  crypto_hash_sha512_final (&hs, hram);
153 
157  unsigned char hram_mod[64];
158  crypto_core_ed25519_scalar_reduce (hram_mod, hram);
159 
164  crypto_core_ed25519_scalar_mul (tmp, hram_mod, sk);
165  crypto_core_ed25519_scalar_add (sig->s, tmp, r_mod);
166 
167  sodium_memzero (sk, sizeof (sk));
168  sodium_memzero (r, sizeof (r));
169  sodium_memzero (r_mod, sizeof (r_mod));
170  return GNUNET_OK;
171 }
static char * pkey
Public key of the zone to look in, in ASCII.
@ GNUNET_OK
Definition: gnunet_common.h:95
void GNUNET_CRYPTO_eddsa_private_key_derive(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPrivateScalar *result)
Derive a private scalar from a given private key and a label.
Private ECC scalar encoded for transmission.
unsigned char s[256/8]
S value.
unsigned char r[256/8]
R value.

◆ GNUNET_CRYPTO_ecdsa_sign_derived()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_derived ( const struct GNUNET_CRYPTO_EcdsaPrivateKey pkey,
const char *  label,
const char *  context,
const struct GNUNET_CRYPTO_EccSignaturePurpose purpose,
struct GNUNET_CRYPTO_EcdsaSignature sig 
)

This is a signature function for ECDSA which takes a private key, derives/blinds it and signs the message.

Parameters
pkeyoriginal private key
labellabel to use for key deriviation
contextadditional context to use for HKDF of 'h'; typically the name of the subsystem/application
purpthe signature purpose
sigthe resulting signature
Returns
GNUNET_OK on success

Definition at line 48 of file crypto_ecc_gnsrecord.c.

180 {
184  label,
185  context);
187  purpose,
188  sig);
189  GNUNET_free (key);
190  return res;
191 }
static int res
struct GNUNET_HashCode key
The key used in the DHT.
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:92
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
ECDSA Sign a given block.
Definition: crypto_ecc.c:549
struct GNUNET_CRYPTO_EcdsaPrivateKey * GNUNET_CRYPTO_ecdsa_private_key_derive(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const char *label, const char *context)
Derive a private key from a given private key and a label.
#define GNUNET_free(ptr)
Wrapper around free.
Private ECC key encoded for transmission.

References context, GNUNET_CRYPTO_kdf(), pub, and salt.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_eddsa_key_get_public_from_scalar()

void GNUNET_CRYPTO_eddsa_key_get_public_from_scalar ( const struct GNUNET_CRYPTO_EddsaPrivateScalar s,
struct GNUNET_CRYPTO_EddsaPublicKey pkey 
)

Extract the public key of the given private scalar.

Parameters
sthe private scalar
pkeythe resulting public key

Calculate the derived zone key zk' from the derived private scalar.

Definition at line 446 of file crypto_ecc_gnsrecord.c.

449 {
450  unsigned char sk[32];
451 
452  memcpy (sk, priv->s, 32);
453 
458  crypto_scalarmult_ed25519_base_noclamp (pkey->q_y,
459  sk);
460 }
unsigned char s[512/8]
s is the expandedprivate 512-bit scalar of a private key.

References pkey, and GNUNET_CRYPTO_EddsaPrivateScalar::s.