diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2021-05-01 22:05:15 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2021-05-02 10:39:55 +0200 |
commit | 572f4d6f7b19dec42d571829384ac9cd356bb092 (patch) | |
tree | cbe8bf3ae413a1aa3b71beffcbe7ce9bb83fe03f /src/include | |
parent | ca3ebf1e59eb00ad101ba8b26e5185db4d785610 (diff) | |
download | gnunet-572f4d6f7b19dec42d571829384ac9cd356bb092.tar.gz gnunet-572f4d6f7b19dec42d571829384ac9cd356bb092.zip |
GNS: Add EDKEY support.
GNS and GNSRECORD can now handle EdDSA keys
in addition to the existing ECDSA scheme.
See also LSD0001.
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 78 | ||||
-rw-r--r-- | src/include/gnunet_gnsrecord_lib.h | 33 |
2 files changed, 110 insertions, 1 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 43cdfdfac..a334b50d0 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -275,6 +275,19 @@ struct GNUNET_CRYPTO_EddsaPrivateKey | |||
275 | 275 | ||
276 | 276 | ||
277 | /** | 277 | /** |
278 | * Private ECC scalar encoded for transmission. To be used only for EdDSA | ||
279 | * signatures. | ||
280 | */ | ||
281 | struct GNUNET_CRYPTO_EddsaPrivateScalar | ||
282 | { | ||
283 | /** | ||
284 | * s is the expandedprivate 512-bit scalar of a private key. | ||
285 | */ | ||
286 | unsigned char s[512 / 8]; | ||
287 | }; | ||
288 | |||
289 | |||
290 | /** | ||
278 | * @brief type for session keys | 291 | * @brief type for session keys |
279 | */ | 292 | */ |
280 | struct GNUNET_CRYPTO_SymmetricSessionKey | 293 | struct GNUNET_CRYPTO_SymmetricSessionKey |
@@ -1907,6 +1920,71 @@ GNUNET_CRYPTO_ecdsa_public_key_derive ( | |||
1907 | 1920 | ||
1908 | 1921 | ||
1909 | /** | 1922 | /** |
1923 | * @ingroup crypto | ||
1924 | * Derive a private scalar from a given private key and a label. | ||
1925 | * Essentially calculates a private key 'h = H(l,P) * d mod n' | ||
1926 | * where n is the size of the ECC group and P is the public | ||
1927 | * key associated with the private key 'd'. | ||
1928 | * The result is the derived private _scalar_, not the private | ||
1929 | * key as for EdDSA we cannot derive before we hash the | ||
1930 | * private key. | ||
1931 | * | ||
1932 | * @param priv original private key | ||
1933 | * @param label label to use for key deriviation | ||
1934 | * @param context additional context to use for HKDF of 'h'; | ||
1935 | * typically the name of the subsystem/application | ||
1936 | * @param result derived private scalar | ||
1937 | */ | ||
1938 | void | ||
1939 | GNUNET_CRYPTO_eddsa_private_key_derive ( | ||
1940 | const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | ||
1941 | const char *label, | ||
1942 | const char *context, | ||
1943 | struct GNUNET_CRYPTO_EddsaPrivateScalar *result); | ||
1944 | |||
1945 | |||
1946 | /** | ||
1947 | * @ingroup crypto | ||
1948 | * Derive a public key from a given public key and a label. | ||
1949 | * Essentially calculates a public key 'V = H(l,P) * P'. | ||
1950 | * | ||
1951 | * @param pub original public key | ||
1952 | * @param label label to use for key deriviation | ||
1953 | * @param context additional context to use for HKDF of 'h'. | ||
1954 | * typically the name of the subsystem/application | ||
1955 | * @param result where to write the derived public key | ||
1956 | */ | ||
1957 | void | ||
1958 | GNUNET_CRYPTO_eddsa_public_key_derive ( | ||
1959 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub, | ||
1960 | const char *label, | ||
1961 | const char *context, | ||
1962 | struct GNUNET_CRYPTO_EddsaPublicKey *result); | ||
1963 | |||
1964 | |||
1965 | /** | ||
1966 | * This is a signature function for EdDSA which takes the | ||
1967 | * secret scalar sk instead of the private seed which is | ||
1968 | * usually the case for crypto APIs. We require this functionality | ||
1969 | * in order to use derived private keys for signatures we | ||
1970 | * cannot calculate the inverse of a sk to find the seed | ||
1971 | * efficiently. | ||
1972 | * | ||
1973 | * The resulting signature is a standard EdDSA signature | ||
1974 | * which can be verified using the usual APIs. | ||
1975 | * | ||
1976 | * @param sk the secret scalar | ||
1977 | * @param purp the signature purpose | ||
1978 | * @param sig the resulting signature | ||
1979 | */ | ||
1980 | void | ||
1981 | GNUNET_CRYPTO_eddsa_sign_with_scalar ( | ||
1982 | const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv, | ||
1983 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, | ||
1984 | struct GNUNET_CRYPTO_EddsaSignature *sig); | ||
1985 | |||
1986 | |||
1987 | /** | ||
1910 | * Output the given MPI value to the given buffer in network | 1988 | * Output the given MPI value to the given buffer in network |
1911 | * byte order. The MPI @a val may not be negative. | 1989 | * byte order. The MPI @a val may not be negative. |
1912 | * | 1990 | * |
diff --git a/src/include/gnunet_gnsrecord_lib.h b/src/include/gnunet_gnsrecord_lib.h index 61cbac2ca..5afb3f253 100644 --- a/src/include/gnunet_gnsrecord_lib.h +++ b/src/include/gnunet_gnsrecord_lib.h | |||
@@ -197,6 +197,37 @@ struct GNUNET_GNSRECORD_EcdsaBlock | |||
197 | /* followed by encrypted data */ | 197 | /* followed by encrypted data */ |
198 | }; | 198 | }; |
199 | 199 | ||
200 | |||
201 | /** | ||
202 | * Information we have in an encrypted block with record data (i.e. in the DHT). | ||
203 | */ | ||
204 | struct GNUNET_GNSRECORD_EddsaBlock | ||
205 | { | ||
206 | /** | ||
207 | * Derived key used for signing; hash of this is the query. | ||
208 | */ | ||
209 | struct GNUNET_CRYPTO_EddsaPublicKey derived_key; | ||
210 | |||
211 | /** | ||
212 | * Signature of the block. | ||
213 | */ | ||
214 | struct GNUNET_CRYPTO_EddsaSignature signature; | ||
215 | |||
216 | /** | ||
217 | * Number of bytes signed; also specifies the number of bytes | ||
218 | * of encrypted data that follow. | ||
219 | */ | ||
220 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
221 | |||
222 | /** | ||
223 | * Expiration time of the block. | ||
224 | */ | ||
225 | struct GNUNET_TIME_AbsoluteNBO expiration_time; | ||
226 | |||
227 | /* followed by encrypted data */ | ||
228 | }; | ||
229 | |||
230 | |||
200 | struct GNUNET_GNSRECORD_Block | 231 | struct GNUNET_GNSRECORD_Block |
201 | { | 232 | { |
202 | uint32_t type; | 233 | uint32_t type; |
@@ -204,7 +235,7 @@ struct GNUNET_GNSRECORD_Block | |||
204 | union | 235 | union |
205 | { | 236 | { |
206 | struct GNUNET_GNSRECORD_EcdsaBlock ecdsa_block; | 237 | struct GNUNET_GNSRECORD_EcdsaBlock ecdsa_block; |
207 | //struct GNUNET_GNSRECORD_EddsaBlock eddsa_block; | 238 | struct GNUNET_GNSRECORD_EddsaBlock eddsa_block; |
208 | }; | 239 | }; |
209 | }; | 240 | }; |
210 | 241 | ||