diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-10-10 14:38:55 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-10-10 14:38:55 +0000 |
commit | 9351b1e9bdf2b067b6db06562c26ba658cff42b8 (patch) | |
tree | 68dc4ab447e7e8b6a20a706858cd36238c1c7c5f /src/core | |
parent | 8beabcd96c0cf1e1873c0b5ff96e537f1beb0b34 (diff) | |
download | gnunet-9351b1e9bdf2b067b6db06562c26ba658cff42b8.tar.gz gnunet-9351b1e9bdf2b067b6db06562c26ba658cff42b8.zip |
separating ECC crypto into functions/structs for ECDHE, ECDSA and EDDSA
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/gnunet-service-core.c | 4 | ||||
-rw-r--r-- | src/core/gnunet-service-core_kx.c | 70 | ||||
-rw-r--r-- | src/core/gnunet-service-core_kx.h | 2 |
3 files changed, 32 insertions, 44 deletions
diff --git a/src/core/gnunet-service-core.c b/src/core/gnunet-service-core.c index ada9b7bd9..c6eeb070b 100644 --- a/src/core/gnunet-service-core.c +++ b/src/core/gnunet-service-core.c | |||
@@ -91,7 +91,7 @@ static void | |||
91 | run (void *cls, struct GNUNET_SERVER_Handle *server, | 91 | run (void *cls, struct GNUNET_SERVER_Handle *server, |
92 | const struct GNUNET_CONFIGURATION_Handle *c) | 92 | const struct GNUNET_CONFIGURATION_Handle *c) |
93 | { | 93 | { |
94 | struct GNUNET_CRYPTO_EccPrivateKey *pk; | 94 | struct GNUNET_CRYPTO_EddsaPrivateKey *pk; |
95 | char *keyfile; | 95 | char *keyfile; |
96 | 96 | ||
97 | GSC_cfg = c; | 97 | GSC_cfg = c; |
@@ -111,7 +111,7 @@ run (void *cls, struct GNUNET_SERVER_Handle *server, | |||
111 | NULL); | 111 | NULL); |
112 | GNUNET_SERVER_suspend (server); | 112 | GNUNET_SERVER_suspend (server); |
113 | GSC_TYPEMAP_init (); | 113 | GSC_TYPEMAP_init (); |
114 | pk = GNUNET_CRYPTO_ecc_key_create_from_file (keyfile); | 114 | pk = GNUNET_CRYPTO_eddsa_key_create_from_file (keyfile); |
115 | GNUNET_free (keyfile); | 115 | GNUNET_free (keyfile); |
116 | GNUNET_assert (NULL != pk); | 116 | GNUNET_assert (NULL != pk); |
117 | if ((GNUNET_OK != GSC_KX_init (pk)) || | 117 | if ((GNUNET_OK != GSC_KX_init (pk)) || |
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c index a74b3ae74..25db9c750 100644 --- a/src/core/gnunet-service-core_kx.c +++ b/src/core/gnunet-service-core_kx.c | |||
@@ -90,7 +90,7 @@ struct EphemeralKeyMessage | |||
90 | * An ECC signature of the 'origin' asserting the validity of | 90 | * An ECC signature of the 'origin' asserting the validity of |
91 | * the given ephemeral key. | 91 | * the given ephemeral key. |
92 | */ | 92 | */ |
93 | struct GNUNET_CRYPTO_EccSignature signature; | 93 | struct GNUNET_CRYPTO_EddsaSignature signature; |
94 | 94 | ||
95 | /** | 95 | /** |
96 | * Information about what is being signed. | 96 | * Information about what is being signed. |
@@ -111,7 +111,7 @@ struct EphemeralKeyMessage | |||
111 | * Ephemeral public ECC key (always for NIST P-521) encoded in a format suitable | 111 | * Ephemeral public ECC key (always for NIST P-521) encoded in a format suitable |
112 | * for network transmission as created using 'gcry_sexp_sprint'. | 112 | * for network transmission as created using 'gcry_sexp_sprint'. |
113 | */ | 113 | */ |
114 | struct GNUNET_CRYPTO_EccPublicEncryptKey ephemeral_key; | 114 | struct GNUNET_CRYPTO_EcdhePublicKey ephemeral_key; |
115 | 115 | ||
116 | /** | 116 | /** |
117 | * Public key of the signing peer (persistent version, not the ephemeral public key). | 117 | * Public key of the signing peer (persistent version, not the ephemeral public key). |
@@ -377,12 +377,12 @@ struct GSC_KeyExchangeInfo | |||
377 | /** | 377 | /** |
378 | * Our private key. | 378 | * Our private key. |
379 | */ | 379 | */ |
380 | static struct GNUNET_CRYPTO_EccPrivateKey *my_private_key; | 380 | static struct GNUNET_CRYPTO_EddsaPrivateKey *my_private_key; |
381 | 381 | ||
382 | /** | 382 | /** |
383 | * Our ephemeral private key. | 383 | * Our ephemeral private key. |
384 | */ | 384 | */ |
385 | static struct GNUNET_CRYPTO_EccPrivateKey *my_ephemeral_key; | 385 | static struct GNUNET_CRYPTO_EcdhePrivateKey *my_ephemeral_key; |
386 | 386 | ||
387 | /** | 387 | /** |
388 | * Current message we send for a key exchange. | 388 | * Current message we send for a key exchange. |
@@ -675,7 +675,7 @@ GSC_KX_start (const struct GNUNET_PeerIdentity *pid) | |||
675 | kx); | 675 | kx); |
676 | GNUNET_CRYPTO_hash (pid, sizeof (struct GNUNET_PeerIdentity), &h1); | 676 | GNUNET_CRYPTO_hash (pid, sizeof (struct GNUNET_PeerIdentity), &h1); |
677 | GNUNET_CRYPTO_hash (&GSC_my_identity, sizeof (struct GNUNET_PeerIdentity), &h2); | 677 | GNUNET_CRYPTO_hash (&GSC_my_identity, sizeof (struct GNUNET_PeerIdentity), &h2); |
678 | 678 | ||
679 | if (0 < GNUNET_CRYPTO_hash_cmp (&h1, | 679 | if (0 < GNUNET_CRYPTO_hash_cmp (&h1, |
680 | &h2)) | 680 | &h2)) |
681 | { | 681 | { |
@@ -785,10 +785,10 @@ GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx, | |||
785 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 785 | sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
786 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | 786 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + |
787 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | 787 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + |
788 | sizeof (struct GNUNET_CRYPTO_EccPublicSignKey) + | 788 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey) + |
789 | sizeof (struct GNUNET_CRYPTO_EccPublicSignKey)) || | 789 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)) || |
790 | (GNUNET_OK != | 790 | (GNUNET_OK != |
791 | GNUNET_CRYPTO_ecc_verify (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, | 791 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, |
792 | &m->purpose, | 792 | &m->purpose, |
793 | &m->signature, &m->origin_identity.public_key))) | 793 | &m->signature, &m->origin_identity.public_key))) |
794 | { | 794 | { |
@@ -810,7 +810,7 @@ GSC_KX_handle_ephemeral_key (struct GSC_KeyExchangeInfo *kx, | |||
810 | } | 810 | } |
811 | if (GNUNET_OK != | 811 | if (GNUNET_OK != |
812 | GNUNET_CRYPTO_ecc_ecdh (my_ephemeral_key, | 812 | GNUNET_CRYPTO_ecc_ecdh (my_ephemeral_key, |
813 | &m->ephemeral_key, | 813 | &m->ephemeral_key, |
814 | &key_material)) | 814 | &key_material)) |
815 | { | 815 | { |
816 | GNUNET_break (0); | 816 | GNUNET_break (0); |
@@ -1478,8 +1478,8 @@ sign_ephemeral_key () | |||
1478 | current_ekm.purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + | 1478 | current_ekm.purpose.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + |
1479 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | 1479 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + |
1480 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + | 1480 | sizeof (struct GNUNET_TIME_AbsoluteNBO) + |
1481 | sizeof (struct GNUNET_CRYPTO_EccPublicSignKey) + | 1481 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey) + |
1482 | sizeof (struct GNUNET_CRYPTO_EccPublicSignKey)); | 1482 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); |
1483 | current_ekm.creation_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); | 1483 | current_ekm.creation_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); |
1484 | if (GNUNET_YES == | 1484 | if (GNUNET_YES == |
1485 | GNUNET_CONFIGURATION_get_value_yesno (GSC_cfg, | 1485 | GNUNET_CONFIGURATION_get_value_yesno (GSC_cfg, |
@@ -1493,11 +1493,11 @@ sign_ephemeral_key () | |||
1493 | { | 1493 | { |
1494 | current_ekm.expiration_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_FOREVER_ABS); | 1494 | current_ekm.expiration_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_UNIT_FOREVER_ABS); |
1495 | } | 1495 | } |
1496 | GNUNET_CRYPTO_ecc_key_get_public_for_encryption (my_ephemeral_key, | 1496 | GNUNET_CRYPTO_ecdhe_key_get_public (my_ephemeral_key, |
1497 | ¤t_ekm.ephemeral_key); | 1497 | ¤t_ekm.ephemeral_key); |
1498 | current_ekm.origin_identity = GSC_my_identity; | 1498 | current_ekm.origin_identity = GSC_my_identity; |
1499 | GNUNET_assert (GNUNET_OK == | 1499 | GNUNET_assert (GNUNET_OK == |
1500 | GNUNET_CRYPTO_ecc_sign (my_private_key, | 1500 | GNUNET_CRYPTO_eddsa_sign (my_private_key, |
1501 | ¤t_ekm.purpose, | 1501 | ¤t_ekm.purpose, |
1502 | ¤t_ekm.signature)); | 1502 | ¤t_ekm.signature)); |
1503 | } | 1503 | } |
@@ -1520,7 +1520,7 @@ do_rekey (void *cls, | |||
1520 | NULL); | 1520 | NULL); |
1521 | if (NULL != my_ephemeral_key) | 1521 | if (NULL != my_ephemeral_key) |
1522 | GNUNET_free (my_ephemeral_key); | 1522 | GNUNET_free (my_ephemeral_key); |
1523 | my_ephemeral_key = GNUNET_CRYPTO_ecc_key_create (); | 1523 | my_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create (); |
1524 | GNUNET_assert (NULL != my_ephemeral_key); | 1524 | GNUNET_assert (NULL != my_ephemeral_key); |
1525 | sign_ephemeral_key (); | 1525 | sign_ephemeral_key (); |
1526 | for (pos = kx_head; NULL != pos; pos = pos->next) | 1526 | for (pos = kx_head; NULL != pos; pos = pos->next) |
@@ -1535,38 +1535,27 @@ do_rekey (void *cls, | |||
1535 | * Initialize KX subsystem. | 1535 | * Initialize KX subsystem. |
1536 | * | 1536 | * |
1537 | * @param pk private key to use for the peer | 1537 | * @param pk private key to use for the peer |
1538 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | 1538 | * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure |
1539 | */ | 1539 | */ |
1540 | int | 1540 | int |
1541 | GSC_KX_init (struct GNUNET_CRYPTO_EccPrivateKey *pk) | 1541 | GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk) |
1542 | { | 1542 | { |
1543 | GNUNET_assert (NULL != pk); | 1543 | GNUNET_assert (NULL != pk); |
1544 | my_private_key = pk; | 1544 | my_private_key = pk; |
1545 | GNUNET_CRYPTO_ecc_key_get_public_for_signature (my_private_key, | 1545 | GNUNET_CRYPTO_eddsa_key_get_public (my_private_key, |
1546 | &GSC_my_identity.public_key); | 1546 | &GSC_my_identity.public_key); |
1547 | if (GNUNET_YES == | 1547 | my_ephemeral_key = GNUNET_CRYPTO_ecdhe_key_create (); |
1548 | GNUNET_CONFIGURATION_get_value_yesno (GSC_cfg, | 1548 | if (NULL == my_ephemeral_key) |
1549 | "core", | ||
1550 | "USE_EPHEMERAL_KEYS")) | ||
1551 | { | 1549 | { |
1552 | my_ephemeral_key = GNUNET_CRYPTO_ecc_key_create (); | 1550 | GNUNET_break (0); |
1553 | if (NULL == my_ephemeral_key) | 1551 | GNUNET_free (my_private_key); |
1554 | { | 1552 | my_private_key = NULL; |
1555 | GNUNET_break (0); | 1553 | return GNUNET_SYSERR; |
1556 | GNUNET_free (my_private_key); | ||
1557 | my_private_key = NULL; | ||
1558 | return GNUNET_SYSERR; | ||
1559 | } | ||
1560 | sign_ephemeral_key (); | ||
1561 | rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, | ||
1562 | &do_rekey, | ||
1563 | NULL); | ||
1564 | } | ||
1565 | else | ||
1566 | { | ||
1567 | my_ephemeral_key = my_private_key; | ||
1568 | sign_ephemeral_key (); | ||
1569 | } | 1554 | } |
1555 | sign_ephemeral_key (); | ||
1556 | rekey_task = GNUNET_SCHEDULER_add_delayed (REKEY_FREQUENCY, | ||
1557 | &do_rekey, | ||
1558 | NULL); | ||
1570 | mst = GNUNET_SERVER_mst_create (&deliver_message, NULL); | 1559 | mst = GNUNET_SERVER_mst_create (&deliver_message, NULL); |
1571 | return GNUNET_OK; | 1560 | return GNUNET_OK; |
1572 | } | 1561 | } |
@@ -1583,8 +1572,7 @@ GSC_KX_done () | |||
1583 | GNUNET_SCHEDULER_cancel (rekey_task); | 1572 | GNUNET_SCHEDULER_cancel (rekey_task); |
1584 | rekey_task = GNUNET_SCHEDULER_NO_TASK; | 1573 | rekey_task = GNUNET_SCHEDULER_NO_TASK; |
1585 | } | 1574 | } |
1586 | if ( (NULL != my_ephemeral_key) && | 1575 | if (NULL != my_ephemeral_key) |
1587 | (my_ephemeral_key != my_private_key) ) | ||
1588 | { | 1576 | { |
1589 | GNUNET_free (my_ephemeral_key); | 1577 | GNUNET_free (my_ephemeral_key); |
1590 | my_ephemeral_key = NULL; | 1578 | my_ephemeral_key = NULL; |
diff --git a/src/core/gnunet-service-core_kx.h b/src/core/gnunet-service-core_kx.h index e1b860919..4c99669b2 100644 --- a/src/core/gnunet-service-core_kx.h +++ b/src/core/gnunet-service-core_kx.h | |||
@@ -121,7 +121,7 @@ GSC_KX_stop (struct GSC_KeyExchangeInfo *kx); | |||
121 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure | 121 | * @return GNUNET_OK on success, GNUNET_SYSERR on failure |
122 | */ | 122 | */ |
123 | int | 123 | int |
124 | GSC_KX_init (struct GNUNET_CRYPTO_EccPrivateKey *pk); | 124 | GSC_KX_init (struct GNUNET_CRYPTO_EddsaPrivateKey *pk); |
125 | 125 | ||
126 | 126 | ||
127 | /** | 127 | /** |