diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2023-10-28 00:14:45 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2023-10-28 00:14:45 +0200 |
commit | cd83104d64f968e5e1d16a0f626ca44bdf9eeb8d (patch) | |
tree | 65bec4c890da312d693ab7971fe3c7d23d56ceff /src/include | |
parent | eb637fb2c868dc36a9cd231281aaf120f8362181 (diff) | |
parent | b0ba7b1ef93895425cefdc54d21dcedec2f24b43 (diff) | |
download | gnunet-cd83104d64f968e5e1d16a0f626ca44bdf9eeb8d.tar.gz gnunet-cd83104d64f968e5e1d16a0f626ca44bdf9eeb8d.zip |
Merge branch 'master' of git+ssh://git.gnunet.org/gnunet
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 920 | ||||
-rw-r--r-- | src/include/gnunet_peerstore_service.h | 10 |
2 files changed, 814 insertions, 116 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index f3ea3ed25..6e9649410 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -660,17 +660,33 @@ struct GNUNET_CRYPTO_CsSignature | |||
660 | * Schnorr signatures are composed of a scalar s and a curve point | 660 | * Schnorr signatures are composed of a scalar s and a curve point |
661 | */ | 661 | */ |
662 | struct GNUNET_CRYPTO_CsS s_scalar; | 662 | struct GNUNET_CRYPTO_CsS s_scalar; |
663 | |||
664 | /** | ||
665 | * Curve point of the Schnorr signature. | ||
666 | */ | ||
663 | struct GNUNET_CRYPTO_CsRPublic r_point; | 667 | struct GNUNET_CRYPTO_CsRPublic r_point; |
664 | }; | 668 | }; |
665 | 669 | ||
666 | 670 | ||
667 | /** | 671 | /** |
668 | * Nonce | 672 | * Nonce for the session, picked by client, |
673 | * shared with the signer. | ||
669 | */ | 674 | */ |
670 | struct GNUNET_CRYPTO_CsNonce | 675 | struct GNUNET_CRYPTO_CsSessionNonce |
671 | { | 676 | { |
672 | /*a nonce*/ | 677 | /*a nonce*/ |
673 | unsigned char nonce[256 / 8]; | 678 | unsigned char snonce[256 / 8]; |
679 | }; | ||
680 | |||
681 | |||
682 | /** | ||
683 | * Nonce for computing blinding factors. Not | ||
684 | * shared with the signer. | ||
685 | */ | ||
686 | struct GNUNET_CRYPTO_CsBlindingNonce | ||
687 | { | ||
688 | /*a nonce*/ | ||
689 | unsigned char bnonce[256 / 8]; | ||
674 | }; | 690 | }; |
675 | 691 | ||
676 | 692 | ||
@@ -945,7 +961,7 @@ GNUNET_CRYPTO_hash_from_string2 (const char *enc, | |||
945 | * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding | 961 | * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding |
946 | */ | 962 | */ |
947 | #define GNUNET_CRYPTO_hash_from_string(enc, result) \ | 963 | #define GNUNET_CRYPTO_hash_from_string(enc, result) \ |
948 | GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result) | 964 | GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result) |
949 | 965 | ||
950 | 966 | ||
951 | /** | 967 | /** |
@@ -2136,15 +2152,15 @@ GNUNET_CRYPTO_eddsa_sign_ ( | |||
2136 | * @param[out] sig where to write the signature | 2152 | * @param[out] sig where to write the signature |
2137 | */ | 2153 | */ |
2138 | #define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do { \ | 2154 | #define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do { \ |
2139 | /* check size is set correctly */ \ | 2155 | /* check size is set correctly */ \ |
2140 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \ | 2156 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \ |
2141 | /* check 'ps' begins with the purpose */ \ | 2157 | /* check 'ps' begins with the purpose */ \ |
2142 | GNUNET_static_assert (((void*) (ps)) == \ | 2158 | GNUNET_static_assert (((void*) (ps)) == \ |
2143 | ((void*) &(ps)->purpose)); \ | 2159 | ((void*) &(ps)->purpose)); \ |
2144 | GNUNET_assert (GNUNET_OK == \ | 2160 | GNUNET_assert (GNUNET_OK == \ |
2145 | GNUNET_CRYPTO_eddsa_sign_ (priv, \ | 2161 | GNUNET_CRYPTO_eddsa_sign_ (priv, \ |
2146 | &(ps)->purpose, \ | 2162 | &(ps)->purpose, \ |
2147 | sig)); \ | 2163 | sig)); \ |
2148 | } while (0) | 2164 | } while (0) |
2149 | 2165 | ||
2150 | 2166 | ||
@@ -2198,15 +2214,15 @@ GNUNET_CRYPTO_eddsa_sign_raw ( | |||
2198 | * @param[out] sig where to write the signature | 2214 | * @param[out] sig where to write the signature |
2199 | */ | 2215 | */ |
2200 | #define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do { \ | 2216 | #define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do { \ |
2201 | /* check size is set correctly */ \ | 2217 | /* check size is set correctly */ \ |
2202 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ | 2218 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ |
2203 | /* check 'ps' begins with the purpose */ \ | 2219 | /* check 'ps' begins with the purpose */ \ |
2204 | GNUNET_static_assert (((void*) (ps)) == \ | 2220 | GNUNET_static_assert (((void*) (ps)) == \ |
2205 | ((void*) &(ps)->purpose)); \ | 2221 | ((void*) &(ps)->purpose)); \ |
2206 | GNUNET_assert (GNUNET_OK == \ | 2222 | GNUNET_assert (GNUNET_OK == \ |
2207 | GNUNET_CRYPTO_ecdsa_sign_ (priv, \ | 2223 | GNUNET_CRYPTO_ecdsa_sign_ (priv, \ |
2208 | &(ps)->purpose, \ | 2224 | &(ps)->purpose, \ |
2209 | sig)); \ | 2225 | sig)); \ |
2210 | } while (0) | 2226 | } while (0) |
2211 | 2227 | ||
2212 | /** | 2228 | /** |
@@ -2245,15 +2261,15 @@ GNUNET_CRYPTO_edx25519_sign_ ( | |||
2245 | * @param[out] sig where to write the signature | 2261 | * @param[out] sig where to write the signature |
2246 | */ | 2262 | */ |
2247 | #define GNUNET_CRYPTO_edx25519_sign(priv,ps,sig) do { \ | 2263 | #define GNUNET_CRYPTO_edx25519_sign(priv,ps,sig) do { \ |
2248 | /* check size is set correctly */ \ | 2264 | /* check size is set correctly */ \ |
2249 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ | 2265 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ |
2250 | /* check 'ps' begins with the purpose */ \ | 2266 | /* check 'ps' begins with the purpose */ \ |
2251 | GNUNET_static_assert (((void*) (ps)) == \ | 2267 | GNUNET_static_assert (((void*) (ps)) == \ |
2252 | ((void*) &(ps)->purpose)); \ | 2268 | ((void*) &(ps)->purpose)); \ |
2253 | GNUNET_assert (GNUNET_OK == \ | 2269 | GNUNET_assert (GNUNET_OK == \ |
2254 | GNUNET_CRYPTO_edx25519_sign_ (priv, \ | 2270 | GNUNET_CRYPTO_edx25519_sign_ (priv, \ |
2255 | &(ps)->purpose, \ | 2271 | &(ps)->purpose, \ |
2256 | sig)); \ | 2272 | sig)); \ |
2257 | } while (0) | 2273 | } while (0) |
2258 | 2274 | ||
2259 | 2275 | ||
@@ -2801,8 +2817,9 @@ GNUNET_CRYPTO_rsa_private_key_get_public ( | |||
2801 | * @param hc where to store the hash code | 2817 | * @param hc where to store the hash code |
2802 | */ | 2818 | */ |
2803 | void | 2819 | void |
2804 | GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, | 2820 | GNUNET_CRYPTO_rsa_public_key_hash ( |
2805 | struct GNUNET_HashCode *hc); | 2821 | const struct GNUNET_CRYPTO_RsaPublicKey *key, |
2822 | struct GNUNET_HashCode *hc); | ||
2806 | 2823 | ||
2807 | 2824 | ||
2808 | /** | 2825 | /** |
@@ -2907,53 +2924,83 @@ GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1, | |||
2907 | 2924 | ||
2908 | 2925 | ||
2909 | /** | 2926 | /** |
2927 | * @brief RSA Parameters to create blinded signature | ||
2928 | */ | ||
2929 | struct GNUNET_CRYPTO_RsaBlindedMessage | ||
2930 | { | ||
2931 | /** | ||
2932 | * Blinded message to be signed | ||
2933 | * Note: is malloc()'ed! | ||
2934 | */ | ||
2935 | void *blinded_msg; | ||
2936 | |||
2937 | /** | ||
2938 | * Size of the @e blinded_msg to be signed. | ||
2939 | */ | ||
2940 | size_t blinded_msg_size; | ||
2941 | }; | ||
2942 | |||
2943 | |||
2944 | /** | ||
2910 | * Blinds the given message with the given blinding key | 2945 | * Blinds the given message with the given blinding key |
2911 | * | 2946 | * |
2912 | * @param hash hash of the message to sign | 2947 | * @param message the message to sign |
2948 | * @param message_size number of bytes in @a message | ||
2913 | * @param bks the blinding key | 2949 | * @param bks the blinding key |
2914 | * @param pkey the public key of the signer | 2950 | * @param pkey the public key of the signer |
2915 | * @param[out] buf set to a buffer with the blinded message to be signed | 2951 | * @param[out] bm set to the blinded message |
2916 | * @param[out] buf_size number of bytes stored in @a buf | ||
2917 | * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious | 2952 | * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious |
2918 | */ | 2953 | */ |
2919 | enum GNUNET_GenericReturnValue | 2954 | enum GNUNET_GenericReturnValue |
2920 | GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, | 2955 | GNUNET_CRYPTO_rsa_blind (const void *message, |
2956 | size_t message_size, | ||
2921 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, | 2957 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, |
2922 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, | 2958 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, |
2923 | void **buf, | 2959 | struct GNUNET_CRYPTO_RsaBlindedMessage *bm); |
2924 | size_t *buf_size); | ||
2925 | 2960 | ||
2926 | 2961 | ||
2927 | /** | 2962 | /** |
2928 | * Sign a blinded value, which must be a full domain hash of a message. | 2963 | * Sign a blinded value, which must be a full domain hash of a message. |
2929 | * | 2964 | * |
2930 | * @param key private key to use for the signing | 2965 | * @param key private key to use for the signing |
2931 | * @param msg the (blinded) message to sign | 2966 | * @param bm the (blinded) message to sign |
2932 | * @param msg_len number of bytes in @a msg to sign | ||
2933 | * @return NULL on error, signature on success | 2967 | * @return NULL on error, signature on success |
2934 | */ | 2968 | */ |
2935 | struct GNUNET_CRYPTO_RsaSignature * | 2969 | struct GNUNET_CRYPTO_RsaSignature * |
2936 | GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 2970 | GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
2937 | const void *msg, | 2971 | const struct |
2938 | size_t msg_len); | 2972 | GNUNET_CRYPTO_RsaBlindedMessage *bm); |
2939 | 2973 | ||
2940 | 2974 | ||
2941 | /** | 2975 | /** |
2942 | * Create and sign a full domain hash of a message. | 2976 | * Create and sign a full domain hash of a message. |
2943 | * | 2977 | * |
2944 | * @param key private key to use for the signing | 2978 | * @param key private key to use for the signing |
2945 | * @param hash the hash of the message to sign | 2979 | * @param message the message to sign |
2980 | * @param message_size number of bytes in @a message | ||
2946 | * @return NULL on error, including a malicious RSA key, signature on success | 2981 | * @return NULL on error, including a malicious RSA key, signature on success |
2947 | */ | 2982 | */ |
2948 | struct GNUNET_CRYPTO_RsaSignature * | 2983 | struct GNUNET_CRYPTO_RsaSignature * |
2949 | GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 2984 | GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
2950 | const struct GNUNET_HashCode *hash); | 2985 | const void *message, |
2986 | size_t message_size); | ||
2987 | |||
2988 | |||
2989 | /** | ||
2990 | * Free memory occupied by blinded message. Only frees contents, not | ||
2991 | * @a bm itself. | ||
2992 | * | ||
2993 | * @param[in] bm memory to free | ||
2994 | */ | ||
2995 | void | ||
2996 | GNUNET_CRYPTO_rsa_blinded_message_free ( | ||
2997 | struct GNUNET_CRYPTO_RsaBlindedMessage *bm); | ||
2951 | 2998 | ||
2952 | 2999 | ||
2953 | /** | 3000 | /** |
2954 | * Free memory occupied by signature. | 3001 | * Free memory occupied by signature. |
2955 | * | 3002 | * |
2956 | * @param sig memory to free | 3003 | * @param[in] sig memory to free |
2957 | */ | 3004 | */ |
2958 | void | 3005 | void |
2959 | GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig); | 3006 | GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig); |
@@ -2981,8 +3028,9 @@ GNUNET_CRYPTO_rsa_signature_encode ( | |||
2981 | * @return NULL on error | 3028 | * @return NULL on error |
2982 | */ | 3029 | */ |
2983 | struct GNUNET_CRYPTO_RsaSignature * | 3030 | struct GNUNET_CRYPTO_RsaSignature * |
2984 | GNUNET_CRYPTO_rsa_signature_decode (const void *buf, | 3031 | GNUNET_CRYPTO_rsa_signature_decode ( |
2985 | size_t buf_size); | 3032 | const void *buf, |
3033 | size_t buf_size); | ||
2986 | 3034 | ||
2987 | 3035 | ||
2988 | /** | 3036 | /** |
@@ -2992,7 +3040,8 @@ GNUNET_CRYPTO_rsa_signature_decode (const void *buf, | |||
2992 | * @return the duplicate key; NULL upon error | 3040 | * @return the duplicate key; NULL upon error |
2993 | */ | 3041 | */ |
2994 | struct GNUNET_CRYPTO_RsaSignature * | 3042 | struct GNUNET_CRYPTO_RsaSignature * |
2995 | GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig); | 3043 | GNUNET_CRYPTO_rsa_signature_dup ( |
3044 | const struct GNUNET_CRYPTO_RsaSignature *sig); | ||
2996 | 3045 | ||
2997 | 3046 | ||
2998 | /** | 3047 | /** |
@@ -3015,13 +3064,15 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, | |||
3015 | * Verify whether the given hash corresponds to the given signature and the | 3064 | * Verify whether the given hash corresponds to the given signature and the |
3016 | * signature is valid with respect to the given public key. | 3065 | * signature is valid with respect to the given public key. |
3017 | * | 3066 | * |
3018 | * @param hash the message to verify to match the @a sig | 3067 | * @param message the message to sign |
3068 | * @param message_size number of bytes in @a message | ||
3019 | * @param sig signature that is being validated | 3069 | * @param sig signature that is being validated |
3020 | * @param public_key public key of the signer | 3070 | * @param public_key public key of the signer |
3021 | * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature | 3071 | * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature |
3022 | */ | 3072 | */ |
3023 | enum GNUNET_GenericReturnValue | 3073 | enum GNUNET_GenericReturnValue |
3024 | GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, | 3074 | GNUNET_CRYPTO_rsa_verify (const void *message, |
3075 | size_t message_size, | ||
3025 | const struct GNUNET_CRYPTO_RsaSignature *sig, | 3076 | const struct GNUNET_CRYPTO_RsaSignature *sig, |
3026 | const struct GNUNET_CRYPTO_RsaPublicKey *public_key); | 3077 | const struct GNUNET_CRYPTO_RsaPublicKey *public_key); |
3027 | 3078 | ||
@@ -3061,10 +3112,11 @@ GNUNET_CRYPTO_cs_private_key_get_public ( | |||
3061 | * @param[out] r array containing derived secrets r0 and r1 | 3112 | * @param[out] r array containing derived secrets r0 and r1 |
3062 | */ | 3113 | */ |
3063 | void | 3114 | void |
3064 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | 3115 | GNUNET_CRYPTO_cs_r_derive ( |
3065 | const char *seed, | 3116 | const struct GNUNET_CRYPTO_CsSessionNonce *nonce, |
3066 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, | 3117 | const char *seed, |
3067 | struct GNUNET_CRYPTO_CsRSecret r[2]); | 3118 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, |
3119 | struct GNUNET_CRYPTO_CsRSecret r[2]); | ||
3068 | 3120 | ||
3069 | 3121 | ||
3070 | /** | 3122 | /** |
@@ -3074,27 +3126,57 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | |||
3074 | * @param[out] r_pub where to write the public key | 3126 | * @param[out] r_pub where to write the public key |
3075 | */ | 3127 | */ |
3076 | void | 3128 | void |
3077 | GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, | 3129 | GNUNET_CRYPTO_cs_r_get_public ( |
3078 | struct GNUNET_CRYPTO_CsRPublic *r_pub); | 3130 | const struct GNUNET_CRYPTO_CsRSecret *r_priv, |
3131 | struct GNUNET_CRYPTO_CsRPublic *r_pub); | ||
3132 | |||
3079 | 3133 | ||
3080 | /** | 3134 | /** |
3081 | * Derives new random blinding factors. | 3135 | * Derives new random blinding factors. |
3082 | * In original papers blinding factors are generated randomly | 3136 | * In original papers blinding factors are generated randomly |
3083 | * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE | 3137 | * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE. |
3084 | * To ensure unpredictability a new nonce has to be used. | 3138 | * To ensure unpredictability a new nonce has to be used. |
3085 | * Uses HKDF internally | 3139 | * Uses HKDF internally. |
3086 | * | 3140 | * |
3087 | * @param blind_seed is the blinding seed to derive blinding factors | 3141 | * @param blind_seed is the blinding seed to derive blinding factors |
3088 | * @param[out] bs array containing the two derived blinding secrets | 3142 | * @param[out] bs array containing the two derived blinding secrets |
3089 | */ | 3143 | */ |
3090 | void | 3144 | void |
3091 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( | 3145 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( |
3092 | const struct GNUNET_CRYPTO_CsNonce *blind_seed, | 3146 | const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, |
3093 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]); | 3147 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]); |
3094 | 3148 | ||
3095 | 3149 | ||
3096 | /** | 3150 | /** |
3097 | * Calculate two blinded c's | 3151 | * @brief CS Parameters derived from the message |
3152 | * during blinding to create blinded signature | ||
3153 | */ | ||
3154 | struct GNUNET_CRYPTO_CsBlindedMessage | ||
3155 | { | ||
3156 | /** | ||
3157 | * The Clause Schnorr c_0 and c_1 containing the blinded message | ||
3158 | */ | ||
3159 | struct GNUNET_CRYPTO_CsC c[2]; | ||
3160 | |||
3161 | /** | ||
3162 | * Nonce used in initial request. | ||
3163 | */ | ||
3164 | struct GNUNET_CRYPTO_CsSessionNonce nonce; | ||
3165 | |||
3166 | }; | ||
3167 | |||
3168 | |||
3169 | /** | ||
3170 | * Pair of Public R values for Cs denominations | ||
3171 | */ | ||
3172 | struct GNUNET_CRYPTO_CSPublicRPairP | ||
3173 | { | ||
3174 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
3175 | }; | ||
3176 | |||
3177 | |||
3178 | /** | ||
3179 | * Calculate two blinded c's. | ||
3098 | * Comment: One would be insecure due to Wagner's algorithm solving ROS | 3180 | * Comment: One would be insecure due to Wagner's algorithm solving ROS |
3099 | * | 3181 | * |
3100 | * @param bs array of the two blinding factor structs each containing alpha and beta | 3182 | * @param bs array of the two blinding factor structs each containing alpha and beta |
@@ -3103,7 +3185,7 @@ GNUNET_CRYPTO_cs_blinding_secrets_derive ( | |||
3103 | * @param msg the message to blind in preparation for signing | 3185 | * @param msg the message to blind in preparation for signing |
3104 | * @param msg_len length of message msg | 3186 | * @param msg_len length of message msg |
3105 | * @param[out] blinded_c array of the two blinded c's | 3187 | * @param[out] blinded_c array of the two blinded c's |
3106 | * @param[out] blinded_r_pub array of the two blinded R | 3188 | * @param[out] r_pub_blind array of the two blinded R |
3107 | */ | 3189 | */ |
3108 | void | 3190 | void |
3109 | GNUNET_CRYPTO_cs_calc_blinded_c ( | 3191 | GNUNET_CRYPTO_cs_calc_blinded_c ( |
@@ -3113,32 +3195,49 @@ GNUNET_CRYPTO_cs_calc_blinded_c ( | |||
3113 | const void *msg, | 3195 | const void *msg, |
3114 | size_t msg_len, | 3196 | size_t msg_len, |
3115 | struct GNUNET_CRYPTO_CsC blinded_c[2], | 3197 | struct GNUNET_CRYPTO_CsC blinded_c[2], |
3116 | struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2]); | 3198 | struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind); |
3117 | 3199 | ||
3118 | 3200 | ||
3119 | /** | 3201 | /** |
3120 | * Sign a blinded c | 3202 | * The Sign Answer for Clause Blind Schnorr signature. |
3121 | * This function derives b from a nonce and a longterm secret | 3203 | * The sign operation returns a parameter @param b and the signature |
3122 | * In original papers b is generated randomly | 3204 | * scalar @param s_scalar. |
3205 | */ | ||
3206 | struct GNUNET_CRYPTO_CsBlindSignature | ||
3207 | { | ||
3208 | /** | ||
3209 | * To make ROS problem harder, the signer chooses an unpredictable b and | ||
3210 | * only calculates signature of c_b | ||
3211 | */ | ||
3212 | unsigned int b; | ||
3213 | |||
3214 | /** | ||
3215 | * The blinded s scalar calculated from c_b | ||
3216 | */ | ||
3217 | struct GNUNET_CRYPTO_CsBlindS s_scalar; | ||
3218 | }; | ||
3219 | |||
3220 | |||
3221 | /** | ||
3222 | * Sign a blinded @a c. | ||
3223 | * This function derives b from a nonce and a longterm secret. | ||
3224 | * In the original papers b is generated randomly. | ||
3123 | * To provide abort-idempotency, b needs to be derived but still need to be UNPREDICTABLE. | 3225 | * To provide abort-idempotency, b needs to be derived but still need to be UNPREDICTABLE. |
3124 | * To ensure unpredictability a new nonce has to be used for every signature | 3226 | * To ensure unpredictability a new nonce has to be used for every signature. |
3125 | * HKDF is used internally for derivation | 3227 | * HKDF is used internally for derivation. |
3126 | * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive | 3228 | * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive. |
3127 | * | 3229 | * |
3128 | * @param priv private key to use for the signing and as LTS in HKDF | 3230 | * @param priv private key to use for the signing and as LTS in HKDF |
3129 | * @param r array of the two secret nonce from the signer | 3231 | * @param r array of the two secret inputs from the signer |
3130 | * @param c array of the two blinded c to sign c_b | 3232 | * @param bm blinded message, including array of the two blinded c to sign c_b and the random nonce |
3131 | * @param nonce is a random nonce | 3233 | * @param[out] cs_blind_sig where to write the blind signature |
3132 | * @param[out] blinded_signature_scalar where to write the signature | ||
3133 | * @return 0 or 1 for b (see Clause Blind Signature Scheme) | ||
3134 | */ | 3234 | */ |
3135 | unsigned int | 3235 | void |
3136 | GNUNET_CRYPTO_cs_sign_derive ( | 3236 | GNUNET_CRYPTO_cs_sign_derive ( |
3137 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, | 3237 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
3138 | const struct GNUNET_CRYPTO_CsRSecret r[2], | 3238 | const struct GNUNET_CRYPTO_CsRSecret r[2], |
3139 | const struct GNUNET_CRYPTO_CsC c[2], | 3239 | const struct GNUNET_CRYPTO_CsBlindedMessage *bm, |
3140 | const struct GNUNET_CRYPTO_CsNonce *nonce, | 3240 | struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig); |
3141 | struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar); | ||
3142 | 3241 | ||
3143 | 3242 | ||
3144 | /** | 3243 | /** |
@@ -3166,10 +3265,599 @@ GNUNET_CRYPTO_cs_unblind ( | |||
3166 | * @returns #GNUNET_YES on success, #GNUNET_SYSERR if signature invalid | 3265 | * @returns #GNUNET_YES on success, #GNUNET_SYSERR if signature invalid |
3167 | */ | 3266 | */ |
3168 | enum GNUNET_GenericReturnValue | 3267 | enum GNUNET_GenericReturnValue |
3169 | GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig, | 3268 | GNUNET_CRYPTO_cs_verify ( |
3170 | const struct GNUNET_CRYPTO_CsPublicKey *pub, | 3269 | const struct GNUNET_CRYPTO_CsSignature *sig, |
3171 | const void *msg, | 3270 | const struct GNUNET_CRYPTO_CsPublicKey *pub, |
3172 | size_t msg_len); | 3271 | const void *msg, |
3272 | size_t msg_len); | ||
3273 | |||
3274 | |||
3275 | /** | ||
3276 | * Types of public keys used for blind signatures. | ||
3277 | */ | ||
3278 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm | ||
3279 | { | ||
3280 | |||
3281 | /** | ||
3282 | * Invalid type of signature. | ||
3283 | */ | ||
3284 | GNUNET_CRYPTO_BSA_INVALID = 0, | ||
3285 | |||
3286 | /** | ||
3287 | * RSA blind signature. | ||
3288 | */ | ||
3289 | GNUNET_CRYPTO_BSA_RSA = 1, | ||
3290 | |||
3291 | /** | ||
3292 | * Clause Blind Schnorr signature. | ||
3293 | */ | ||
3294 | GNUNET_CRYPTO_BSA_CS = 2 | ||
3295 | }; | ||
3296 | |||
3297 | |||
3298 | /** | ||
3299 | * @brief Type of (unblinded) signatures. | ||
3300 | */ | ||
3301 | struct GNUNET_CRYPTO_UnblindedSignature | ||
3302 | { | ||
3303 | |||
3304 | /** | ||
3305 | * Type of the signature. | ||
3306 | */ | ||
3307 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3308 | |||
3309 | /** | ||
3310 | * Reference counter. | ||
3311 | */ | ||
3312 | unsigned int rc; | ||
3313 | |||
3314 | /** | ||
3315 | * Details, depending on @e cipher. | ||
3316 | */ | ||
3317 | union | ||
3318 | { | ||
3319 | /** | ||
3320 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3321 | */ | ||
3322 | struct GNUNET_CRYPTO_CsSignature cs_signature; | ||
3323 | |||
3324 | /** | ||
3325 | * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher. | ||
3326 | */ | ||
3327 | struct GNUNET_CRYPTO_RsaSignature *rsa_signature; | ||
3328 | |||
3329 | } details; | ||
3330 | |||
3331 | }; | ||
3332 | |||
3333 | |||
3334 | /** | ||
3335 | * @brief Type for *blinded* signatures. | ||
3336 | * Must be unblinded before it becomes valid. | ||
3337 | */ | ||
3338 | struct GNUNET_CRYPTO_BlindedSignature | ||
3339 | { | ||
3340 | |||
3341 | /** | ||
3342 | * Type of the signature. | ||
3343 | */ | ||
3344 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3345 | |||
3346 | /** | ||
3347 | * Reference counter. | ||
3348 | */ | ||
3349 | unsigned int rc; | ||
3350 | |||
3351 | /** | ||
3352 | * Details, depending on @e cipher. | ||
3353 | */ | ||
3354 | union | ||
3355 | { | ||
3356 | /** | ||
3357 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3358 | * At this point only the blinded s scalar is used. | ||
3359 | * The final signature consisting of r,s is built after unblinding. | ||
3360 | */ | ||
3361 | struct GNUNET_CRYPTO_CsBlindSignature blinded_cs_answer; | ||
3362 | |||
3363 | /** | ||
3364 | * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher. | ||
3365 | */ | ||
3366 | struct GNUNET_CRYPTO_RsaSignature *blinded_rsa_signature; | ||
3367 | |||
3368 | } details; | ||
3369 | |||
3370 | }; | ||
3371 | |||
3372 | |||
3373 | /** | ||
3374 | * @brief Type of public signing keys for blind signatures. | ||
3375 | */ | ||
3376 | struct GNUNET_CRYPTO_BlindSignPublicKey | ||
3377 | { | ||
3378 | |||
3379 | /** | ||
3380 | * Type of the public key. | ||
3381 | */ | ||
3382 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3383 | |||
3384 | /** | ||
3385 | * Reference counter. | ||
3386 | */ | ||
3387 | unsigned int rc; | ||
3388 | |||
3389 | /** | ||
3390 | * Hash of the public key. | ||
3391 | */ | ||
3392 | struct GNUNET_HashCode pub_key_hash; | ||
3393 | |||
3394 | /** | ||
3395 | * Details, depending on @e cipher. | ||
3396 | */ | ||
3397 | union | ||
3398 | { | ||
3399 | /** | ||
3400 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3401 | */ | ||
3402 | struct GNUNET_CRYPTO_CsPublicKey cs_public_key; | ||
3403 | |||
3404 | /** | ||
3405 | * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher. | ||
3406 | */ | ||
3407 | struct GNUNET_CRYPTO_RsaPublicKey *rsa_public_key; | ||
3408 | |||
3409 | } details; | ||
3410 | }; | ||
3411 | |||
3412 | |||
3413 | /** | ||
3414 | * @brief Type of private signing keys for blind signing. | ||
3415 | */ | ||
3416 | struct GNUNET_CRYPTO_BlindSignPrivateKey | ||
3417 | { | ||
3418 | |||
3419 | /** | ||
3420 | * Type of the public key. | ||
3421 | */ | ||
3422 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3423 | |||
3424 | /** | ||
3425 | * Reference counter. | ||
3426 | */ | ||
3427 | unsigned int rc; | ||
3428 | |||
3429 | /** | ||
3430 | * Details, depending on @e cipher. | ||
3431 | */ | ||
3432 | union | ||
3433 | { | ||
3434 | /** | ||
3435 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3436 | */ | ||
3437 | struct GNUNET_CRYPTO_CsPrivateKey cs_private_key; | ||
3438 | |||
3439 | /** | ||
3440 | * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher. | ||
3441 | */ | ||
3442 | struct GNUNET_CRYPTO_RsaPrivateKey *rsa_private_key; | ||
3443 | |||
3444 | } details; | ||
3445 | }; | ||
3446 | |||
3447 | |||
3448 | /** | ||
3449 | * @brief Blinded message ready for blind signing. | ||
3450 | */ | ||
3451 | struct GNUNET_CRYPTO_BlindedMessage | ||
3452 | { | ||
3453 | /** | ||
3454 | * Type of the sign blinded message | ||
3455 | */ | ||
3456 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3457 | |||
3458 | /** | ||
3459 | * Reference counter. | ||
3460 | */ | ||
3461 | unsigned int rc; | ||
3462 | |||
3463 | /** | ||
3464 | * Details, depending on @e cipher. | ||
3465 | */ | ||
3466 | union | ||
3467 | { | ||
3468 | /** | ||
3469 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3470 | */ | ||
3471 | struct GNUNET_CRYPTO_CsBlindedMessage cs_blinded_message; | ||
3472 | |||
3473 | /** | ||
3474 | * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher. | ||
3475 | */ | ||
3476 | struct GNUNET_CRYPTO_RsaBlindedMessage rsa_blinded_message; | ||
3477 | |||
3478 | } details; | ||
3479 | }; | ||
3480 | |||
3481 | |||
3482 | /** | ||
3483 | * Secret r for Cs denominations | ||
3484 | */ | ||
3485 | struct GNUNET_CRYPTO_CSPrivateRPairP | ||
3486 | { | ||
3487 | struct GNUNET_CRYPTO_CsRSecret r[2]; | ||
3488 | }; | ||
3489 | |||
3490 | |||
3491 | /** | ||
3492 | * @brief Input needed for blinding a message. | ||
3493 | */ | ||
3494 | struct GNUNET_CRYPTO_BlindingInputValues | ||
3495 | { | ||
3496 | |||
3497 | /** | ||
3498 | * Type of the signature. | ||
3499 | */ | ||
3500 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3501 | |||
3502 | /** | ||
3503 | * Reference counter. | ||
3504 | */ | ||
3505 | unsigned int rc; | ||
3506 | |||
3507 | /** | ||
3508 | * Details, depending on @e cipher. | ||
3509 | */ | ||
3510 | union | ||
3511 | { | ||
3512 | /** | ||
3513 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3514 | */ | ||
3515 | struct GNUNET_CRYPTO_CSPublicRPairP cs_values; | ||
3516 | |||
3517 | } details; | ||
3518 | |||
3519 | }; | ||
3520 | |||
3521 | |||
3522 | /** | ||
3523 | * Nonce used to deterministiacally derive input values | ||
3524 | * used in multi-round blind signature protocols. | ||
3525 | */ | ||
3526 | union GNUNET_CRYPTO_BlindSessionNonce | ||
3527 | { | ||
3528 | /** | ||
3529 | * Nonce used when signing with CS. | ||
3530 | */ | ||
3531 | struct GNUNET_CRYPTO_CsSessionNonce cs_nonce; | ||
3532 | }; | ||
3533 | |||
3534 | |||
3535 | /** | ||
3536 | * Compute blinding input values for a given @a nonce and | ||
3537 | * @a salt. | ||
3538 | * | ||
3539 | * @param bsign_priv private key to compute input values for | ||
3540 | * @param nonce session nonce to derive input values from | ||
3541 | * @param salt salt to include in derivation logic | ||
3542 | * @return blinding input values | ||
3543 | */ | ||
3544 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
3545 | GNUNET_CRYPTO_get_blinding_input_values ( | ||
3546 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
3547 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
3548 | const char *salt); | ||
3549 | |||
3550 | |||
3551 | /** | ||
3552 | * Decrement reference counter of a @a bsign_pub, and free it if it reaches zero. | ||
3553 | * | ||
3554 | * @param[in] bsign_pub key to free | ||
3555 | */ | ||
3556 | void | ||
3557 | GNUNET_CRYPTO_blind_sign_pub_decref ( | ||
3558 | struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub); | ||
3559 | |||
3560 | |||
3561 | /** | ||
3562 | * Decrement reference counter of a @a bsign_priv, and free it if it reaches zero. | ||
3563 | * | ||
3564 | * @param[in] bsign_priv key to free | ||
3565 | */ | ||
3566 | void | ||
3567 | GNUNET_CRYPTO_blind_sign_priv_decref ( | ||
3568 | struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv); | ||
3569 | |||
3570 | |||
3571 | /** | ||
3572 | * Decrement reference counter of a @a ub_sig, and free it if it reaches zero. | ||
3573 | * | ||
3574 | * @param[in] ub_sig signature to free | ||
3575 | */ | ||
3576 | void | ||
3577 | GNUNET_CRYPTO_unblinded_sig_decref ( | ||
3578 | struct GNUNET_CRYPTO_UnblindedSignature *ub_sig); | ||
3579 | |||
3580 | |||
3581 | /** | ||
3582 | * Decrement reference counter of a @a blind_sig, and free it if it reaches zero. | ||
3583 | * | ||
3584 | * @param[in] blind_sig signature to free | ||
3585 | */ | ||
3586 | void | ||
3587 | GNUNET_CRYPTO_blinded_sig_decref ( | ||
3588 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig); | ||
3589 | |||
3590 | |||
3591 | /** | ||
3592 | * Decrement reference counter of a @a bm, and free it if it reaches zero. | ||
3593 | * | ||
3594 | * @param[in] bm blinded message to free | ||
3595 | */ | ||
3596 | void | ||
3597 | GNUNET_CRYPTO_blinded_message_decref ( | ||
3598 | struct GNUNET_CRYPTO_BlindedMessage *bm); | ||
3599 | |||
3600 | |||
3601 | /** | ||
3602 | * Increment reference counter of the given @a bm. | ||
3603 | * | ||
3604 | * @param[in,out] bm blinded message to increment reference counter for | ||
3605 | * @return alias of @a bm with RC incremented | ||
3606 | */ | ||
3607 | struct GNUNET_CRYPTO_BlindedMessage * | ||
3608 | GNUNET_CRYPTO_blinded_message_incref ( | ||
3609 | struct GNUNET_CRYPTO_BlindedMessage *bm); | ||
3610 | |||
3611 | |||
3612 | /** | ||
3613 | * Increment reference counter of the given @a bi. | ||
3614 | * | ||
3615 | * @param[in,out] bi blinding input values to increment reference counter for | ||
3616 | * @return alias of @a bi with RC incremented | ||
3617 | */ | ||
3618 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
3619 | GNUNET_CRYPTO_blinding_input_values_incref ( | ||
3620 | struct GNUNET_CRYPTO_BlindingInputValues *bm); | ||
3621 | |||
3622 | |||
3623 | /** | ||
3624 | * Decrement reference counter of the given @a bi, and free it if it reaches | ||
3625 | * zero. | ||
3626 | * | ||
3627 | * @param[in,out] bi blinding input values to decrement reference counter for | ||
3628 | */ | ||
3629 | void | ||
3630 | GNUNET_CRYPTO_blinding_input_values_decref ( | ||
3631 | struct GNUNET_CRYPTO_BlindingInputValues *bm); | ||
3632 | |||
3633 | |||
3634 | /** | ||
3635 | * Increment reference counter of the given @a bsign_pub. | ||
3636 | * | ||
3637 | * @param[in,out] bsign_pub public key to increment reference counter for | ||
3638 | * @return alias of @a bsign_pub with RC incremented | ||
3639 | */ | ||
3640 | struct GNUNET_CRYPTO_BlindSignPublicKey * | ||
3641 | GNUNET_CRYPTO_bsign_pub_incref ( | ||
3642 | struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub); | ||
3643 | |||
3644 | |||
3645 | /** | ||
3646 | * Increment reference counter of the given @a bsign_priv. | ||
3647 | * | ||
3648 | * @param[in,out] bsign_priv private key to increment reference counter for | ||
3649 | * @return alias of @a bsign_priv with RC incremented | ||
3650 | */ | ||
3651 | struct GNUNET_CRYPTO_BlindSignPrivateKey * | ||
3652 | GNUNET_CRYPTO_bsign_priv_incref ( | ||
3653 | struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv); | ||
3654 | |||
3655 | |||
3656 | /** | ||
3657 | * Increment reference counter of the given @a ub_sig. | ||
3658 | * | ||
3659 | * @param[in,out] ub_sig signature to increment reference counter for | ||
3660 | * @return alias of @a ub_sig with RC incremented | ||
3661 | */ | ||
3662 | struct GNUNET_CRYPTO_UnblindedSignature * | ||
3663 | GNUNET_CRYPTO_ub_sig_incref (struct GNUNET_CRYPTO_UnblindedSignature *ub_sig); | ||
3664 | |||
3665 | |||
3666 | /** | ||
3667 | * Increment reference counter of the given @a blind_sig. | ||
3668 | * | ||
3669 | * @param[in,out] blind_sig signature to increment reference counter for | ||
3670 | * @return alias of @a blind_sig with RC incremented | ||
3671 | */ | ||
3672 | struct GNUNET_CRYPTO_BlindedSignature * | ||
3673 | GNUNET_CRYPTO_blind_sig_incref ( | ||
3674 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig); | ||
3675 | |||
3676 | |||
3677 | /** | ||
3678 | * Compare two denomination public keys. | ||
3679 | * | ||
3680 | * @param bp1 first key | ||
3681 | * @param bp2 second key | ||
3682 | * @return 0 if the keys are equal, otherwise -1 or 1 | ||
3683 | */ | ||
3684 | int | ||
3685 | GNUNET_CRYPTO_bsign_pub_cmp ( | ||
3686 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bp1, | ||
3687 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bp2); | ||
3688 | |||
3689 | |||
3690 | /** | ||
3691 | * Compare two denomination signatures. | ||
3692 | * | ||
3693 | * @param sig1 first signature | ||
3694 | * @param sig2 second signature | ||
3695 | * @return 0 if the keys are equal, otherwise -1 or 1 | ||
3696 | */ | ||
3697 | int | ||
3698 | GNUNET_CRYPTO_ub_sig_cmp (const struct GNUNET_CRYPTO_UnblindedSignature *sig1, | ||
3699 | const struct GNUNET_CRYPTO_UnblindedSignature *sig2); | ||
3700 | |||
3701 | |||
3702 | /** | ||
3703 | * Compare two blinded denomination signatures. | ||
3704 | * | ||
3705 | * @param sig1 first signature | ||
3706 | * @param sig2 second signature | ||
3707 | * @return 0 if the keys are equal, otherwise -1 or 1 | ||
3708 | */ | ||
3709 | int | ||
3710 | GNUNET_CRYPTO_blind_sig_cmp ( | ||
3711 | const struct GNUNET_CRYPTO_BlindedSignature *sig1, | ||
3712 | const struct GNUNET_CRYPTO_BlindedSignature *sig2); | ||
3713 | |||
3714 | |||
3715 | /** | ||
3716 | * Compare two blinded messages. | ||
3717 | * | ||
3718 | * @param bp1 first blinded message | ||
3719 | * @param bp2 second blinded message | ||
3720 | * @return 0 if the keys are equal, otherwise -1 or 1 | ||
3721 | */ | ||
3722 | int | ||
3723 | GNUNET_CRYPTO_blinded_message_cmp ( | ||
3724 | const struct GNUNET_CRYPTO_BlindedMessage *bp1, | ||
3725 | const struct GNUNET_CRYPTO_BlindedMessage *bp2); | ||
3726 | |||
3727 | |||
3728 | /** | ||
3729 | * Initialize public-private key pair for blind signatures. | ||
3730 | * | ||
3731 | * For #GNUNET_CRYPTO_BSA_RSA, an additional "unsigned int" | ||
3732 | * argument with the number of bits for 'n' (e.g. 2048) must | ||
3733 | * be passed. | ||
3734 | * | ||
3735 | * @param[out] bsign_priv where to write the private key with RC 1 | ||
3736 | * @param[out] bsign_pub where to write the public key with RC 1 | ||
3737 | * @param cipher which type of cipher to use | ||
3738 | * @param ... RSA key size (eg. 2048/3072/4096) | ||
3739 | * @return #GNUNET_OK on success, #GNUNET_NO if parameterst were invalid | ||
3740 | */ | ||
3741 | enum GNUNET_GenericReturnValue | ||
3742 | GNUNET_CRYPTO_blind_sign_keys_create ( | ||
3743 | struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, | ||
3744 | struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, | ||
3745 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, | ||
3746 | ...); | ||
3747 | |||
3748 | |||
3749 | /** | ||
3750 | * Initialize public-private key pair for blind signatures. | ||
3751 | * | ||
3752 | * For #GNUNET_CRYPTO_BSA_RSA, an additional "unsigned int" | ||
3753 | * argument with the number of bits for 'n' (e.g. 2048) must | ||
3754 | * be passed. | ||
3755 | * | ||
3756 | * @param[out] bsign_priv where to write the private key with RC 1 | ||
3757 | * @param[out] bsign_pub where to write the public key with RC 1 | ||
3758 | * @param cipher which type of cipher to use | ||
3759 | * @param ap RSA key size (eg. 2048/3072/4096) | ||
3760 | * @return #GNUNET_OK on success, #GNUNET_NO if parameterst were invalid | ||
3761 | */ | ||
3762 | enum GNUNET_GenericReturnValue | ||
3763 | GNUNET_CRYPTO_blind_sign_keys_create_va ( | ||
3764 | struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, | ||
3765 | struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, | ||
3766 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, | ||
3767 | va_list ap); | ||
3768 | |||
3769 | |||
3770 | /** | ||
3771 | * @brief Type of blinding secrets. Must be exactly 32 bytes (DB). | ||
3772 | */ | ||
3773 | union GNUNET_CRYPTO_BlindingSecretP | ||
3774 | { | ||
3775 | /** | ||
3776 | * Clause Schnorr nonce. | ||
3777 | */ | ||
3778 | struct GNUNET_CRYPTO_CsBlindingNonce nonce; | ||
3779 | |||
3780 | /** | ||
3781 | * Variant for RSA for blind signatures. | ||
3782 | */ | ||
3783 | struct GNUNET_CRYPTO_RsaBlindingKeySecret rsa_bks; | ||
3784 | }; | ||
3785 | |||
3786 | |||
3787 | /** | ||
3788 | * Blind message for blind signing with @a dk using blinding secret @a coin_bks. | ||
3789 | * | ||
3790 | * @param bsign_pub public key to blind for | ||
3791 | * @param bks blinding secret to use | ||
3792 | * @param nonce nonce used to obtain @a alg_values | ||
3793 | * can be NULL if input values are not used for the cipher | ||
3794 | * @param message message to sign | ||
3795 | * @param message_size number of bytes in @a message | ||
3796 | * @param alg_values algorithm specific values to blind the @a message | ||
3797 | * @return blinded message to give to signer, NULL on error | ||
3798 | */ | ||
3799 | struct GNUNET_CRYPTO_BlindedMessage * | ||
3800 | GNUNET_CRYPTO_message_blind_to_sign ( | ||
3801 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | ||
3802 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | ||
3803 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
3804 | const void *message, | ||
3805 | size_t message_size, | ||
3806 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values); | ||
3807 | |||
3808 | |||
3809 | /** | ||
3810 | * Create blind signature. | ||
3811 | * | ||
3812 | * @param bsign_priv private key to use for signing | ||
3813 | * @param salt salt value to use for the HKDF, | ||
3814 | * can be NULL if input values are not used for the cipher | ||
3815 | * @param blinded_message the already blinded message to sign | ||
3816 | * @return blind signature with RC=1, NULL on failure | ||
3817 | */ | ||
3818 | struct GNUNET_CRYPTO_BlindedSignature * | ||
3819 | GNUNET_CRYPTO_blind_sign ( | ||
3820 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
3821 | const char *salt, | ||
3822 | const struct GNUNET_CRYPTO_BlindedMessage *blinded_message); | ||
3823 | |||
3824 | |||
3825 | /** | ||
3826 | * Unblind blind signature. | ||
3827 | * | ||
3828 | * @param blinded_sig the blind signature | ||
3829 | * @param bks blinding secret to use | ||
3830 | * @param message message that was supposedly signed | ||
3831 | * @param message_size number of bytes in @a message | ||
3832 | * @param alg_values algorithm specific values | ||
3833 | * @param bsign_pub public key used for signing | ||
3834 | * @return unblinded signature with RC=1, NULL on error | ||
3835 | */ | ||
3836 | struct GNUNET_CRYPTO_UnblindedSignature * | ||
3837 | GNUNET_CRYPTO_blind_sig_unblind ( | ||
3838 | const struct GNUNET_CRYPTO_BlindedSignature *blinded_sig, | ||
3839 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | ||
3840 | const void *message, | ||
3841 | size_t message_size, | ||
3842 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values, | ||
3843 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub); | ||
3844 | |||
3845 | |||
3846 | /** | ||
3847 | * Verify signature made blindly. | ||
3848 | * | ||
3849 | * @param bsign_pub public key | ||
3850 | * @param ub_sig signature made blindly with the private key | ||
3851 | * @param message message that was supposedly signed | ||
3852 | * @param message_size number of bytes in @a message | ||
3853 | * @return #GNUNET_OK if the signature is valid | ||
3854 | */ | ||
3855 | enum GNUNET_GenericReturnValue | ||
3856 | GNUNET_CRYPTO_blind_sig_verify ( | ||
3857 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | ||
3858 | const struct GNUNET_CRYPTO_UnblindedSignature *ub_sig, | ||
3859 | const void *message, | ||
3860 | size_t message_size); | ||
3173 | 3861 | ||
3174 | 3862 | ||
3175 | /** | 3863 | /** |
@@ -3184,7 +3872,7 @@ GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig, | |||
3184 | */ | 3872 | */ |
3185 | ssize_t | 3873 | ssize_t |
3186 | GNUNET_CRYPTO_public_key_get_length (const struct | 3874 | GNUNET_CRYPTO_public_key_get_length (const struct |
3187 | GNUNET_CRYPTO_PublicKey *key); | 3875 | GNUNET_CRYPTO_PublicKey *key); |
3188 | 3876 | ||
3189 | /** | 3877 | /** |
3190 | * Reads a #GNUNET_CRYPTO_PublicKey from a compact buffer. | 3878 | * Reads a #GNUNET_CRYPTO_PublicKey from a compact buffer. |
@@ -3235,9 +3923,9 @@ GNUNET_CRYPTO_private_key_get_length ( | |||
3235 | */ | 3923 | */ |
3236 | ssize_t | 3924 | ssize_t |
3237 | GNUNET_CRYPTO_write_public_key_to_buffer (const struct | 3925 | GNUNET_CRYPTO_write_public_key_to_buffer (const struct |
3238 | GNUNET_CRYPTO_PublicKey *key, | 3926 | GNUNET_CRYPTO_PublicKey *key, |
3239 | void*buffer, | 3927 | void*buffer, |
3240 | size_t len); | 3928 | size_t len); |
3241 | 3929 | ||
3242 | 3930 | ||
3243 | /** | 3931 | /** |
@@ -3397,15 +4085,15 @@ GNUNET_CRYPTO_sign_raw_ ( | |||
3397 | * @param[out] sig where to write the signature | 4085 | * @param[out] sig where to write the signature |
3398 | */ | 4086 | */ |
3399 | #define GNUNET_CRYPTO_sign(priv,ps,sig) do { \ | 4087 | #define GNUNET_CRYPTO_sign(priv,ps,sig) do { \ |
3400 | /* check size is set correctly */ \ | 4088 | /* check size is set correctly */ \ |
3401 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ | 4089 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ |
3402 | /* check 'ps' begins with the purpose */ \ | 4090 | /* check 'ps' begins with the purpose */ \ |
3403 | GNUNET_static_assert (((void*) (ps)) == \ | 4091 | GNUNET_static_assert (((void*) (ps)) == \ |
3404 | ((void*) &(ps)->purpose)); \ | 4092 | ((void*) &(ps)->purpose)); \ |
3405 | GNUNET_assert (GNUNET_OK == \ | 4093 | GNUNET_assert (GNUNET_OK == \ |
3406 | GNUNET_CRYPTO_sign_ (priv, \ | 4094 | GNUNET_CRYPTO_sign_ (priv, \ |
3407 | &(ps)->purpose, \ | 4095 | &(ps)->purpose, \ |
3408 | sig)); \ | 4096 | sig)); \ |
3409 | } while (0) | 4097 | } while (0) |
3410 | 4098 | ||
3411 | 4099 | ||
@@ -3476,9 +4164,9 @@ GNUNET_CRYPTO_signature_verify_raw_ ( | |||
3476 | GNUNET_static_assert (((void*) (ps)) == \ | 4164 | GNUNET_static_assert (((void*) (ps)) == \ |
3477 | ((void*) &(ps)->purpose)); \ | 4165 | ((void*) &(ps)->purpose)); \ |
3478 | GNUNET_CRYPTO_signature_verify_ (purp, \ | 4166 | GNUNET_CRYPTO_signature_verify_ (purp, \ |
3479 | &(ps)->purpose, \ | 4167 | &(ps)->purpose, \ |
3480 | sig, \ | 4168 | sig, \ |
3481 | pub); \ | 4169 | pub); \ |
3482 | }) | 4170 | }) |
3483 | 4171 | ||
3484 | 4172 | ||
@@ -3499,10 +4187,10 @@ GNUNET_CRYPTO_signature_verify_raw_ ( | |||
3499 | */ | 4187 | */ |
3500 | ssize_t | 4188 | ssize_t |
3501 | GNUNET_CRYPTO_encrypt_old (const void *block, | 4189 | GNUNET_CRYPTO_encrypt_old (const void *block, |
3502 | size_t size, | 4190 | size_t size, |
3503 | const struct GNUNET_CRYPTO_PublicKey *pub, | 4191 | const struct GNUNET_CRYPTO_PublicKey *pub, |
3504 | struct GNUNET_CRYPTO_EcdhePublicKey *ecc, | 4192 | struct GNUNET_CRYPTO_EcdhePublicKey *ecc, |
3505 | void *result); | 4193 | void *result); |
3506 | 4194 | ||
3507 | 4195 | ||
3508 | /** | 4196 | /** |
@@ -3528,8 +4216,8 @@ GNUNET_CRYPTO_decrypt_old ( | |||
3528 | void *result); | 4216 | void *result); |
3529 | 4217 | ||
3530 | #define GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES (crypto_secretbox_MACBYTES \ | 4218 | #define GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES (crypto_secretbox_MACBYTES \ |
3531 | + sizeof (struct \ | 4219 | + sizeof (struct \ |
3532 | GNUNET_CRYPTO_FoKemC)) | 4220 | GNUNET_CRYPTO_FoKemC)) |
3533 | 4221 | ||
3534 | /** | 4222 | /** |
3535 | * Encrypt a block with #GNUNET_CRYPTO_PublicKey and derives a | 4223 | * Encrypt a block with #GNUNET_CRYPTO_PublicKey and derives a |
@@ -3548,10 +4236,10 @@ GNUNET_CRYPTO_decrypt_old ( | |||
3548 | */ | 4236 | */ |
3549 | enum GNUNET_GenericReturnValue | 4237 | enum GNUNET_GenericReturnValue |
3550 | GNUNET_CRYPTO_encrypt (const void *block, | 4238 | GNUNET_CRYPTO_encrypt (const void *block, |
3551 | size_t size, | 4239 | size_t size, |
3552 | const struct GNUNET_CRYPTO_PublicKey *pub, | 4240 | const struct GNUNET_CRYPTO_PublicKey *pub, |
3553 | void *result, | 4241 | void *result, |
3554 | size_t result_size); | 4242 | size_t result_size); |
3555 | 4243 | ||
3556 | 4244 | ||
3557 | /** | 4245 | /** |
@@ -3567,10 +4255,10 @@ GNUNET_CRYPTO_encrypt (const void *block, | |||
3567 | */ | 4255 | */ |
3568 | enum GNUNET_GenericReturnValue | 4256 | enum GNUNET_GenericReturnValue |
3569 | GNUNET_CRYPTO_decrypt (const void *block, | 4257 | GNUNET_CRYPTO_decrypt (const void *block, |
3570 | size_t size, | 4258 | size_t size, |
3571 | const struct GNUNET_CRYPTO_PrivateKey *priv, | 4259 | const struct GNUNET_CRYPTO_PrivateKey *priv, |
3572 | void *result, | 4260 | void *result, |
3573 | size_t result_size); | 4261 | size_t result_size); |
3574 | 4262 | ||
3575 | 4263 | ||
3576 | /** | 4264 | /** |
@@ -3609,7 +4297,7 @@ GNUNET_CRYPTO_private_key_to_string ( | |||
3609 | */ | 4297 | */ |
3610 | enum GNUNET_GenericReturnValue | 4298 | enum GNUNET_GenericReturnValue |
3611 | GNUNET_CRYPTO_public_key_from_string (const char*str, | 4299 | GNUNET_CRYPTO_public_key_from_string (const char*str, |
3612 | struct GNUNET_CRYPTO_PublicKey *key); | 4300 | struct GNUNET_CRYPTO_PublicKey *key); |
3613 | 4301 | ||
3614 | 4302 | ||
3615 | /** | 4303 | /** |
@@ -3622,7 +4310,7 @@ GNUNET_CRYPTO_public_key_from_string (const char*str, | |||
3622 | */ | 4310 | */ |
3623 | enum GNUNET_GenericReturnValue | 4311 | enum GNUNET_GenericReturnValue |
3624 | GNUNET_CRYPTO_private_key_from_string (const char*str, | 4312 | GNUNET_CRYPTO_private_key_from_string (const char*str, |
3625 | struct GNUNET_CRYPTO_PrivateKey *key); | 4313 | struct GNUNET_CRYPTO_PrivateKey *key); |
3626 | 4314 | ||
3627 | 4315 | ||
3628 | /** | 4316 | /** |
@@ -3634,8 +4322,8 @@ GNUNET_CRYPTO_private_key_from_string (const char*str, | |||
3634 | */ | 4322 | */ |
3635 | enum GNUNET_GenericReturnValue | 4323 | enum GNUNET_GenericReturnValue |
3636 | GNUNET_CRYPTO_key_get_public (const struct | 4324 | GNUNET_CRYPTO_key_get_public (const struct |
3637 | GNUNET_CRYPTO_PrivateKey *privkey, | 4325 | GNUNET_CRYPTO_PrivateKey *privkey, |
3638 | struct GNUNET_CRYPTO_PublicKey *key); | 4326 | struct GNUNET_CRYPTO_PublicKey *key); |
3639 | 4327 | ||
3640 | #if 0 /* keep Emacsens' auto-indent happy */ | 4328 | #if 0 /* keep Emacsens' auto-indent happy */ |
3641 | { | 4329 | { |
diff --git a/src/include/gnunet_peerstore_service.h b/src/include/gnunet_peerstore_service.h index 99ba98593..c57a66b1f 100644 --- a/src/include/gnunet_peerstore_service.h +++ b/src/include/gnunet_peerstore_service.h | |||
@@ -234,6 +234,16 @@ struct GNUNET_PEERSTORE_StoreHelloContext | |||
234 | int success; | 234 | int success; |
235 | }; | 235 | }; |
236 | 236 | ||
237 | /** | ||
238 | * Closure to hold a GNUNET_PEERSTORE_StoreHelloContext. | ||
239 | */ | ||
240 | struct GNUNET_PEERSTORE_StoreHelloContextClosure | ||
241 | { | ||
242 | /** | ||
243 | * The GNUNET_PEERSTORE_StoreHelloContext to hold. | ||
244 | */ | ||
245 | struct GNUNET_PEERSTORE_StoreHelloContext *shc; | ||
246 | }; | ||
237 | 247 | ||
238 | /** | 248 | /** |
239 | * Function called by PEERSTORE for each matching record. | 249 | * Function called by PEERSTORE for each matching record. |