aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schanzenbach <schanzen@gnunet.org>2022-01-31 11:10:53 +0100
committerMartin Schanzenbach <schanzen@gnunet.org>2022-01-31 11:10:53 +0100
commitb3c486bfa32ed6d0c62c0cbbb6f0ce8489271f6e (patch)
treedc720eafba5d20bb9ebfe237696244fd3e7943df
parentb1b33aa38f25b9b3182163a2fd44a60784e7dadc (diff)
downloadgnunet-b3c486bfa32ed6d0c62c0cbbb6f0ce8489271f6e.tar.gz
gnunet-b3c486bfa32ed6d0c62c0cbbb6f0ce8489271f6e.zip
-output IVs and Ks for symmetric encryption GNS
Diffstat
m---------contrib/gana0
-rw-r--r--po/POTFILES.in2
-rw-r--r--src/gnsrecord/gnsrecord_crypto.c252
-rw-r--r--src/gnsrecord/gnunet-gnsrecord-tvg.c60
4 files changed, 164 insertions, 150 deletions
diff --git a/contrib/gana b/contrib/gana
Subproject c12314df0f82e192c6829a9c6cf3e9663b586da Subproject 3a71278a2aab67f9a1888af172b507d6e08364c
diff --git a/po/POTFILES.in b/po/POTFILES.in
index ffa06a484..ad5c68056 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -183,6 +183,7 @@ src/gnsrecord/gnsrecord_serialization.c
183src/gnsrecord/gnunet-gnsrecord-tvg.c 183src/gnsrecord/gnunet-gnsrecord-tvg.c
184src/gnsrecord/json_gnsrecord.c 184src/gnsrecord/json_gnsrecord.c
185src/gnsrecord/plugin_gnsrecord_dns.c 185src/gnsrecord/plugin_gnsrecord_dns.c
186src/gnsrecord/test.c
186src/hello/address.c 187src/hello/address.c
187src/hello/gnunet-hello.c 188src/hello/gnunet-hello.c
188src/hello/hello-ng.c 189src/hello/hello-ng.c
@@ -314,6 +315,7 @@ src/reclaim/plugin_rest_reclaim.c
314src/reclaim/reclaim_api.c 315src/reclaim/reclaim_api.c
315src/reclaim/reclaim_attribute.c 316src/reclaim/reclaim_attribute.c
316src/reclaim/reclaim_credential.c 317src/reclaim/reclaim_credential.c
318src/reclaim/test.c
317src/regex/gnunet-daemon-regexprofiler.c 319src/regex/gnunet-daemon-regexprofiler.c
318src/regex/gnunet-regex-profiler.c 320src/regex/gnunet-regex-profiler.c
319src/regex/gnunet-regex-simulation-profiler.c 321src/regex/gnunet-regex-simulation-profiler.c
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index fe7db88b9..58feaee74 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -25,15 +25,7 @@
25 * @author Matthias Wachs 25 * @author Matthias Wachs
26 * @author Christian Grothoff 26 * @author Christian Grothoff
27 */ 27 */
28#include "platform.h" 28#include "gnsrecord_crypto.h"
29#include "gnunet_util_lib.h"
30#include "gnunet_constants.h"
31#include "gnunet_signatures.h"
32#include "gnunet_arm_service.h"
33#include "gnunet_gnsrecord_lib.h"
34#include "gnunet_dnsparser_lib.h"
35#include "gnunet_tun_lib.h"
36
37 29
38#define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__) 30#define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)
39 31
@@ -104,7 +96,7 @@ eddsa_symmetric_decrypt (
104 return GNUNET_SYSERR; 96 return GNUNET_SYSERR;
105 if (0 != crypto_secretbox_open_detached (result, 97 if (0 != crypto_secretbox_open_detached (result,
106 block, // Ciphertext 98 block, // Ciphertext
107 ((unsigned char*)block) + ctlen, // TAG 99 ((unsigned char*) block) + ctlen, // TAG
108 ctlen, 100 ctlen,
109 nonce, key)) 101 nonce, key))
110 { 102 {
@@ -131,20 +123,12 @@ eddsa_symmetric_encrypt (
131} 123}
132 124
133 125
134/** 126void
135 * Derive session key and iv from label and public key. 127GNR_derive_block_aes_key (unsigned char *ctr,
136 * 128 unsigned char *key,
137 * @param iv initialization vector to initialize 129 const char *label,
138 * @param skey session key to initialize 130 uint64_t exp,
139 * @param label label to use for KDF 131 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
140 * @param pub public key to use for KDF
141 */
142static void
143derive_block_aes_key (unsigned char *ctr,
144 unsigned char *key,
145 const char *label,
146 uint64_t exp,
147 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
148{ 132{
149 static const char ctx_key[] = "gns-aes-ctx-key"; 133 static const char ctx_key[] = "gns-aes-ctx-key";
150 static const char ctx_iv[] = "gns-aes-ctx-iv"; 134 static const char ctx_iv[] = "gns-aes-ctx-iv";
@@ -168,20 +152,12 @@ derive_block_aes_key (unsigned char *ctr,
168} 152}
169 153
170 154
171/** 155void
172 * Derive session key and iv from label and public key. 156GNR_derive_block_xsalsa_key (unsigned char *nonce,
173 * 157 unsigned char *key,
174 * @param nonce initialization vector to initialize 158 const char *label,
175 * @param skey session key to initialize 159 uint64_t exp,
176 * @param label label to use for KDF 160 const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
177 * @param pub public key to use for KDF
178 */
179static void
180derive_block_xsalsa_key (unsigned char *nonce,
181 unsigned char *key,
182 const char *label,
183 uint64_t exp,
184 const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
185{ 161{
186 static const char ctx_key[] = "gns-aes-ctx-key"; 162 static const char ctx_key[] = "gns-aes-ctx-key";
187 static const char ctx_iv[] = "gns-aes-ctx-iv"; 163 static const char ctx_iv[] = "gns-aes-ctx-iv";
@@ -291,11 +267,11 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key,
291 "gns"); 267 "gns");
292 GNUNET_CRYPTO_ecdsa_key_get_public (dkey, 268 GNUNET_CRYPTO_ecdsa_key_get_public (dkey,
293 &ecblock->derived_key); 269 &ecblock->derived_key);
294 derive_block_aes_key (ctr, 270 GNR_derive_block_aes_key (ctr,
295 skey, 271 skey,
296 label, 272 label,
297 ecblock->expiration_time.abs_value_us__, 273 ecblock->expiration_time.abs_value_us__,
298 pkey); 274 pkey);
299 GNUNET_break (payload_len + sizeof(uint32_t) == 275 GNUNET_break (payload_len + sizeof(uint32_t) ==
300 ecdsa_symmetric_encrypt (payload, 276 ecdsa_symmetric_encrypt (payload,
301 payload_len 277 payload_len
@@ -409,11 +385,11 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
409 &dkey); 385 &dkey);
410 GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey, 386 GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey,
411 &edblock->derived_key); 387 &edblock->derived_key);
412 derive_block_xsalsa_key (nonce, 388 GNR_derive_block_xsalsa_key (nonce,
413 skey, 389 skey,
414 label, 390 label,
415 edblock->expiration_time.abs_value_us__, 391 edblock->expiration_time.abs_value_us__,
416 pkey); 392 pkey);
417 GNUNET_break (GNUNET_OK == 393 GNUNET_break (GNUNET_OK ==
418 eddsa_symmetric_encrypt (payload, 394 eddsa_symmetric_encrypt (payload,
419 payload_len 395 payload_len
@@ -456,24 +432,24 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
456 432
457 switch (ntohl (key->type)) 433 switch (ntohl (key->type))
458 { 434 {
459 case GNUNET_GNSRECORD_TYPE_PKEY: 435 case GNUNET_GNSRECORD_TYPE_PKEY:
460 res = block_create_ecdsa (&key->ecdsa_key, 436 res = block_create_ecdsa (&key->ecdsa_key,
461 &pkey.ecdsa_key, 437 &pkey.ecdsa_key,
462 expire, 438 expire,
463 norm_label, 439 norm_label,
464 rd, 440 rd,
465 rd_count); 441 rd_count);
466 break; 442 break;
467 case GNUNET_GNSRECORD_TYPE_EDKEY: 443 case GNUNET_GNSRECORD_TYPE_EDKEY:
468 res = block_create_eddsa (&key->eddsa_key, 444 res = block_create_eddsa (&key->eddsa_key,
469 &pkey.eddsa_key, 445 &pkey.eddsa_key,
470 expire, 446 expire,
471 norm_label, 447 norm_label,
472 rd, 448 rd,
473 rd_count); 449 rd_count);
474 break; 450 break;
475 default: 451 default:
476 GNUNET_assert (0); 452 GNUNET_assert (0);
477 } 453 }
478 GNUNET_free (norm_label); 454 GNUNET_free (norm_label);
479 return res; 455 return res;
@@ -576,20 +552,20 @@ GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
576{ 552{
577 switch (ntohl (block->type)) 553 switch (ntohl (block->type))
578 { 554 {
579 case GNUNET_GNSRECORD_TYPE_PKEY: 555 case GNUNET_GNSRECORD_TYPE_PKEY:
580 return GNUNET_CRYPTO_ecdsa_verify_ ( 556 return GNUNET_CRYPTO_ecdsa_verify_ (
581 GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, 557 GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
582 &block->ecdsa_block.purpose, 558 &block->ecdsa_block.purpose,
583 &block->ecdsa_block.signature, 559 &block->ecdsa_block.signature,
584 &block->ecdsa_block.derived_key); 560 &block->ecdsa_block.derived_key);
585 case GNUNET_GNSRECORD_TYPE_EDKEY: 561 case GNUNET_GNSRECORD_TYPE_EDKEY:
586 return GNUNET_CRYPTO_eddsa_verify_ ( 562 return GNUNET_CRYPTO_eddsa_verify_ (
587 GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, 563 GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN,
588 &block->eddsa_block.purpose, 564 &block->eddsa_block.purpose,
589 &block->eddsa_block.signature, 565 &block->eddsa_block.signature,
590 &block->eddsa_block.derived_key); 566 &block->eddsa_block.derived_key);
591 default: 567 default:
592 return GNUNET_NO; 568 return GNUNET_NO;
593 } 569 }
594} 570}
595 571
@@ -603,8 +579,8 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block,
603 void *proc_cls) 579 void *proc_cls)
604{ 580{
605 size_t payload_len = ntohl (block->purpose.size) 581 size_t payload_len = ntohl (block->purpose.size)
606 - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) 582 - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
607 - sizeof(struct GNUNET_TIME_AbsoluteNBO); 583 - sizeof(struct GNUNET_TIME_AbsoluteNBO);
608 unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; 584 unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
609 unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH]; 585 unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
610 586
@@ -615,11 +591,11 @@ block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_EcdsaBlock *block,
615 GNUNET_break_op (0); 591 GNUNET_break_op (0);
616 return GNUNET_SYSERR; 592 return GNUNET_SYSERR;
617 } 593 }
618 derive_block_aes_key (ctr, 594 GNR_derive_block_aes_key (ctr,
619 key, 595 key,
620 label, 596 label,
621 block->expiration_time.abs_value_us__, 597 block->expiration_time.abs_value_us__,
622 zone_key); 598 zone_key);
623 { 599 {
624 char payload[payload_len]; 600 char payload[payload_len];
625 uint32_t rd_count; 601 uint32_t rd_count;
@@ -731,8 +707,8 @@ block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block,
731 void *proc_cls) 707 void *proc_cls)
732{ 708{
733 size_t payload_len = ntohl (block->purpose.size) 709 size_t payload_len = ntohl (block->purpose.size)
734 - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) 710 - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
735 - sizeof(struct GNUNET_TIME_AbsoluteNBO); 711 - sizeof(struct GNUNET_TIME_AbsoluteNBO);
736 unsigned char nonce[crypto_secretbox_NONCEBYTES]; 712 unsigned char nonce[crypto_secretbox_NONCEBYTES];
737 unsigned char key[crypto_secretbox_KEYBYTES]; 713 unsigned char key[crypto_secretbox_KEYBYTES];
738 714
@@ -743,11 +719,11 @@ block_decrypt_eddsa (const struct GNUNET_GNSRECORD_EddsaBlock *block,
743 GNUNET_break_op (0); 719 GNUNET_break_op (0);
744 return GNUNET_SYSERR; 720 return GNUNET_SYSERR;
745 } 721 }
746 derive_block_xsalsa_key (nonce, 722 GNR_derive_block_xsalsa_key (nonce,
747 key, 723 key,
748 label, 724 label,
749 block->expiration_time.abs_value_us__, 725 block->expiration_time.abs_value_us__,
750 zone_key); 726 zone_key);
751 { 727 {
752 char payload[payload_len]; 728 char payload[payload_len];
753 uint32_t rd_count; 729 uint32_t rd_count;
@@ -875,16 +851,18 @@ GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block,
875 norm_label = GNUNET_GNSRECORD_string_normalize (label); 851 norm_label = GNUNET_GNSRECORD_string_normalize (label);
876 switch (ntohl (zone_key->type)) 852 switch (ntohl (zone_key->type))
877 { 853 {
878 case GNUNET_IDENTITY_TYPE_ECDSA: 854 case GNUNET_IDENTITY_TYPE_ECDSA:
879 res = block_decrypt_ecdsa (&block->ecdsa_block, 855 res = block_decrypt_ecdsa (&block->ecdsa_block,
880 &zone_key->ecdsa_key, norm_label, proc, proc_cls); 856 &zone_key->ecdsa_key, norm_label, proc,
881 break; 857 proc_cls);
882 case GNUNET_IDENTITY_TYPE_EDDSA: 858 break;
883 res = block_decrypt_eddsa (&block->eddsa_block, 859 case GNUNET_IDENTITY_TYPE_EDDSA:
884 &zone_key->eddsa_key, norm_label, proc, proc_cls); 860 res = block_decrypt_eddsa (&block->eddsa_block,
885 break; 861 &zone_key->eddsa_key, norm_label, proc,
886 default: 862 proc_cls);
887 return GNUNET_SYSERR; 863 break;
864 default:
865 return GNUNET_SYSERR;
888 } 866 }
889 GNUNET_free (norm_label); 867 GNUNET_free (norm_label);
890 return res; 868 return res;
@@ -910,17 +888,17 @@ GNUNET_GNSRECORD_query_from_private_key (const struct
910 norm_label = GNUNET_GNSRECORD_string_normalize (label); 888 norm_label = GNUNET_GNSRECORD_string_normalize (label);
911 switch (ntohl (zone->type)) 889 switch (ntohl (zone->type))
912 { 890 {
913 case GNUNET_GNSRECORD_TYPE_PKEY: 891 case GNUNET_GNSRECORD_TYPE_PKEY:
914 case GNUNET_GNSRECORD_TYPE_EDKEY: 892 case GNUNET_GNSRECORD_TYPE_EDKEY:
915 893
916 GNUNET_IDENTITY_key_get_public (zone, 894 GNUNET_IDENTITY_key_get_public (zone,
917 &pub); 895 &pub);
918 GNUNET_GNSRECORD_query_from_public_key (&pub, 896 GNUNET_GNSRECORD_query_from_public_key (&pub,
919 norm_label, 897 norm_label,
920 query); 898 query);
921 break; 899 break;
922 default: 900 default:
923 GNUNET_assert (0); 901 GNUNET_assert (0);
924 } 902 }
925 GNUNET_free (norm_label); 903 GNUNET_free (norm_label);
926} 904}
@@ -947,28 +925,28 @@ GNUNET_GNSRECORD_query_from_public_key (const struct
947 925
948 switch (ntohl (pub->type)) 926 switch (ntohl (pub->type))
949 { 927 {
950 case GNUNET_GNSRECORD_TYPE_PKEY: 928 case GNUNET_GNSRECORD_TYPE_PKEY:
951 pd.type = pub->type; 929 pd.type = pub->type;
952 GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key, 930 GNUNET_CRYPTO_ecdsa_public_key_derive (&pub->ecdsa_key,
953 norm_label, 931 norm_label,
954 "gns", 932 "gns",
955 &pd.ecdsa_key); 933 &pd.ecdsa_key);
956 GNUNET_CRYPTO_hash (&pd.ecdsa_key, 934 GNUNET_CRYPTO_hash (&pd.ecdsa_key,
957 sizeof (pd.ecdsa_key), 935 sizeof (pd.ecdsa_key),
958 query); 936 query);
959 break; 937 break;
960 case GNUNET_GNSRECORD_TYPE_EDKEY: 938 case GNUNET_GNSRECORD_TYPE_EDKEY:
961 pd.type = pub->type; 939 pd.type = pub->type;
962 GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key, 940 GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key,
963 norm_label, 941 norm_label,
964 "gns", 942 "gns",
965 &(pd.eddsa_key)); 943 &(pd.eddsa_key));
966 GNUNET_CRYPTO_hash (&pd.eddsa_key, 944 GNUNET_CRYPTO_hash (&pd.eddsa_key,
967 sizeof (pd.eddsa_key), 945 sizeof (pd.eddsa_key),
968 query); 946 query);
969 break; 947 break;
970 default: 948 default:
971 GNUNET_assert (0); 949 GNUNET_assert (0);
972 } 950 }
973 GNUNET_free (norm_label); 951 GNUNET_free (norm_label);
974} 952}
diff --git a/src/gnsrecord/gnunet-gnsrecord-tvg.c b/src/gnsrecord/gnunet-gnsrecord-tvg.c
index 9e3dea921..7a78580d2 100644
--- a/src/gnsrecord/gnunet-gnsrecord-tvg.c
+++ b/src/gnsrecord/gnunet-gnsrecord-tvg.c
@@ -31,6 +31,7 @@
31#include "gnunet_dnsparser_lib.h" 31#include "gnunet_dnsparser_lib.h"
32#include "gnunet_testing_lib.h" 32#include "gnunet_testing_lib.h"
33#include <inttypes.h> 33#include <inttypes.h>
34#include "gnsrecord_crypto.h"
34 35
35#define TEST_RECORD_LABEL "test" 36#define TEST_RECORD_LABEL "test"
36#define TEST_RECORD_A "1.2.3.4" 37#define TEST_RECORD_A "1.2.3.4"
@@ -38,9 +39,9 @@
38 39
39static void 40static void
40print_bytes_ (void *buf, 41print_bytes_ (void *buf,
41 size_t buf_len, 42 size_t buf_len,
42 int fold, 43 int fold,
43 int in_be) 44 int in_be)
44{ 45{
45 int i; 46 int i;
46 47
@@ -114,14 +115,16 @@ run_pkey (void)
114 size_t rdata_size; 115 size_t rdata_size;
115 uint32_t rd_count_nbo; 116 uint32_t rd_count_nbo;
116 char ztld[128]; 117 char ztld[128];
118 unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
119 unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
117 120
118 /* 121 /*
119 * Make two different expiration times 122 * Make two different expiration times
120 */ 123 */
121 delta1 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, 124 delta1 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
122 420); //420 years 125 420); // 420 years
123 delta2 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, 126 delta2 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
124 777); //777 years 127 777); // 777 years
125 exp1 = GNUNET_TIME_absolute_add (now, delta1); 128 exp1 = GNUNET_TIME_absolute_add (now, delta1);
126 exp2 = GNUNET_TIME_absolute_add (now, delta2); 129 exp2 = GNUNET_TIME_absolute_add (now, delta2);
127 130
@@ -131,7 +134,8 @@ run_pkey (void)
131 &id_pub); 134 &id_pub);
132 fprintf (stdout, 135 fprintf (stdout,
133 "Zone private key (d, big-endian):\n"); 136 "Zone private key (d, big-endian):\n");
134 print_bytes (&id_priv.ecdsa_key, sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), 8); 137 print_bytes (&id_priv.ecdsa_key, sizeof (struct
138 GNUNET_CRYPTO_EcdsaPrivateKey), 8);
135 fprintf (stdout, "\n"); 139 fprintf (stdout, "\n");
136 fprintf (stdout, "Zone identifier (ztype|zkey):\n"); 140 fprintf (stdout, "Zone identifier (ztype|zkey):\n");
137 print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); 141 print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8);
@@ -171,7 +175,7 @@ run_pkey (void)
171 rdata_size = GNUNET_GNSRECORD_records_get_size (TEST_RRCOUNT, 175 rdata_size = GNUNET_GNSRECORD_records_get_size (TEST_RRCOUNT,
172 rd); 176 rd);
173 rdata = GNUNET_malloc (rdata_size); 177 rdata = GNUNET_malloc (rdata_size);
174 rd_count_nbo = htonl(2); 178 rd_count_nbo = htonl (2);
175 GNUNET_memcpy (rdata, 179 GNUNET_memcpy (rdata,
176 &rd_count_nbo, 180 &rd_count_nbo,
177 sizeof (uint32_t)); 181 sizeof (uint32_t));
@@ -183,6 +187,20 @@ run_pkey (void)
183 print_bytes (rdata, rdata_size, 8); 187 print_bytes (rdata, rdata_size, 8);
184 fprintf (stdout, "\n"); 188 fprintf (stdout, "\n");
185 expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT, rd); 189 expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT, rd);
190 GNR_derive_block_aes_key (ctr,
191 skey,
192 TEST_RECORD_LABEL,
193 GNUNET_TIME_absolute_hton (
194 expire).abs_value_us__,
195 &id_pub.ecdsa_key);
196
197 fprintf (stdout, "Encryption NONCE|EXPIRATION|BLOCK COUNTER:\n");
198 print_bytes (ctr, sizeof (ctr), 8);
199 fprintf (stdout, "\n");
200 fprintf (stdout, "Encryption key (K):\n");
201 print_bytes (skey, sizeof (skey), 8);
202
203
186 rrblock = GNUNET_GNSRECORD_block_create (&id_priv, 204 rrblock = GNUNET_GNSRECORD_block_create (&id_priv,
187 expire, 205 expire,
188 TEST_RECORD_LABEL, 206 TEST_RECORD_LABEL,
@@ -237,14 +255,16 @@ run_edkey (void)
237 size_t rdata_size; 255 size_t rdata_size;
238 uint32_t rd_count_nbo; 256 uint32_t rd_count_nbo;
239 char ztld[128]; 257 char ztld[128];
258 unsigned char nonce[crypto_secretbox_NONCEBYTES];
259 unsigned char skey[crypto_secretbox_KEYBYTES];
240 260
241 /* 261 /*
242 * Make two different expiration times 262 * Make two different expiration times
243 */ 263 */
244 delta1 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, 264 delta1 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
245 420); //420 years 265 420); // 420 years
246 delta2 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS, 266 delta2 = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
247 777); //777 years 267 777); // 777 years
248 exp1 = GNUNET_TIME_absolute_add (now, delta1); 268 exp1 = GNUNET_TIME_absolute_add (now, delta1);
249 exp2 = GNUNET_TIME_absolute_add (now, delta2); 269 exp2 = GNUNET_TIME_absolute_add (now, delta2);
250 270
@@ -259,7 +279,8 @@ run_edkey (void)
259 &id_pub); 279 &id_pub);
260 fprintf (stdout, 280 fprintf (stdout,
261 "Zone private key (d):\n"); 281 "Zone private key (d):\n");
262 print_bytes (&id_priv.eddsa_key, sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey), 8); 282 print_bytes (&id_priv.eddsa_key, sizeof (struct
283 GNUNET_CRYPTO_EddsaPrivateKey), 8);
263 fprintf (stdout, "\n"); 284 fprintf (stdout, "\n");
264 fprintf (stdout, "Zone identifier (ztype|zkey):\n"); 285 fprintf (stdout, "Zone identifier (ztype|zkey):\n");
265 print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8); 286 print_bytes (&id_pub, GNUNET_IDENTITY_key_get_length (&id_pub), 8);
@@ -301,7 +322,7 @@ run_edkey (void)
301 expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT, 322 expire = GNUNET_GNSRECORD_record_get_expiration_time (TEST_RRCOUNT,
302 rd); 323 rd);
303 rdata = GNUNET_malloc (sizeof (uint32_t) + rdata_size); 324 rdata = GNUNET_malloc (sizeof (uint32_t) + rdata_size);
304 rd_count_nbo = htonl(2); 325 rd_count_nbo = htonl (2);
305 GNUNET_memcpy (rdata, 326 GNUNET_memcpy (rdata,
306 &rd_count_nbo, 327 &rd_count_nbo,
307 sizeof (uint32_t)); 328 sizeof (uint32_t));
@@ -312,6 +333,19 @@ run_edkey (void)
312 fprintf (stdout, "RDATA:\n"); 333 fprintf (stdout, "RDATA:\n");
313 print_bytes (rdata, rdata_size, 8); 334 print_bytes (rdata, rdata_size, 8);
314 fprintf (stdout, "\n"); 335 fprintf (stdout, "\n");
336 GNR_derive_block_xsalsa_key (nonce,
337 skey,
338 TEST_RECORD_LABEL,
339 GNUNET_TIME_absolute_hton (
340 expire).abs_value_us__,
341 &id_pub.eddsa_key);
342 fprintf (stdout, "Encryption NONCE|EXPIRATION:\n");
343 print_bytes (nonce, sizeof (nonce), 8);
344 fprintf (stdout, "\n");
345 fprintf (stdout, "Encryption key (K):\n");
346 print_bytes (skey, sizeof (skey), 8);
347 fprintf (stdout, "\n");
348
315 rrblock = GNUNET_GNSRECORD_block_create (&id_priv, 349 rrblock = GNUNET_GNSRECORD_block_create (&id_priv,
316 expire, 350 expire,
317 TEST_RECORD_LABEL, 351 TEST_RECORD_LABEL,
@@ -350,8 +384,8 @@ run (void *cls,
350 const char *cfgfile, 384 const char *cfgfile,
351 const struct GNUNET_CONFIGURATION_Handle *cfg) 385 const struct GNUNET_CONFIGURATION_Handle *cfg)
352{ 386{
353 run_pkey(); 387 run_pkey ();
354 run_edkey(); 388 run_edkey ();
355} 389}
356 390
357 391
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-27 22:34:00 +0000