diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-03-07 12:30:28 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-03-07 12:30:28 +0000 |
commit | 1a17d075effa5fbc3b3521ab0d15b2d035599969 (patch) | |
tree | fa15da4e9b0f6cf4316330d7e03deb1e661236e2 /src/include | |
parent | 2fa116568befd7d9ca3d81ad1d73a785b1fb9532 (diff) | |
download | gnunet-1a17d075effa5fbc3b3521ab0d15b2d035599969.tar.gz gnunet-1a17d075effa5fbc3b3521ab0d15b2d035599969.zip |
-towards pseudonym crypto
Diffstat (limited to 'src/include')
-rw-r--r-- | src/include/gnunet_pseudonym_lib.h | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/src/include/gnunet_pseudonym_lib.h b/src/include/gnunet_pseudonym_lib.h index 6fa61f457..4fb7a9d30 100644 --- a/src/include/gnunet_pseudonym_lib.h +++ b/src/include/gnunet_pseudonym_lib.h | |||
@@ -42,13 +42,21 @@ extern "C" | |||
42 | 42 | ||
43 | /** | 43 | /** |
44 | * Identifier for a GNUnet pseudonym (the public key). | 44 | * Identifier for a GNUnet pseudonym (the public key). |
45 | * Q-point, Q=dp. | ||
45 | */ | 46 | */ |
46 | struct GNUNET_PseudonymIdentifier | 47 | struct GNUNET_PseudonymIdentifier |
47 | { | 48 | { |
48 | /** | 49 | /** |
49 | * The public key of the pseudonym. | 50 | * Q consists of an x- and a y-value, each mod p (256 bits); |
51 | * however, (to speed up calculations and/or represent infinity) | ||
52 | * libgcrypt uses projective coordinates, which add an extra | ||
53 | * dimension. Thus, the MPI value is typically one additional byte | ||
54 | * longer (512 bit + 8 bits). As we want a size that is a | ||
55 | * multiplicative of 8, we add 8 bytes (not 8 bits), which should | ||
56 | * always suffice to represent Q. | ||
50 | */ | 57 | */ |
51 | char public_key[42]; | 58 | unsigned char q[(256 + 256 / 8) + 8]; |
59 | |||
52 | }; | 60 | }; |
53 | 61 | ||
54 | 62 | ||
@@ -59,20 +67,29 @@ struct GNUNET_PseudonymHandle; | |||
59 | 67 | ||
60 | 68 | ||
61 | /** | 69 | /** |
62 | * Signature made with a pseudonym (includes the full public key) | 70 | * Signature made with a pseudonym (includes the full public key). |
71 | * The ECDSA signature is a pair (r,s) with r = x1 mod n where | ||
72 | * (x1,y1) = kG for "random" k and s = k^{-1}(z + rd) mod n, | ||
73 | * where z is derived from the hash of the message that is being | ||
74 | * signed. | ||
63 | */ | 75 | */ |
64 | struct GNUNET_PseudonymSignature | 76 | struct GNUNET_PseudonymSignature |
65 | { | 77 | { |
66 | 78 | ||
67 | /** | 79 | /** |
68 | * Who created the signature? (public key of the signer) | 80 | * Who created the signature? (public key of the signer), 'd' value in NIST P-256. |
69 | */ | 81 | */ |
70 | struct GNUNET_PseudonymIdentifier signer; | 82 | struct GNUNET_PseudonymIdentifier signer; |
71 | 83 | ||
72 | /** | 84 | /** |
73 | * Binary signature data, padded with zeros if needed. | 85 | * Binary ECDSA signature data, r-value. Value is mod n, and n is 256 bits. |
86 | */ | ||
87 | unsigned char sig_r[256 / 8]; | ||
88 | |||
89 | /** | ||
90 | * Binary ECDSA signature data, s-value. Value is mod n, and n is 256 bits. | ||
74 | */ | 91 | */ |
75 | char signature[42]; | 92 | unsigned char sig_s[256 / 8]; |
76 | }; | 93 | }; |
77 | 94 | ||
78 | 95 | ||
@@ -146,8 +163,9 @@ GNUNET_PSEUDONYM_destroy (struct GNUNET_PseudonymHandle *ph); | |||
146 | * @param signing_key modifier to apply to the private key for signing; | 163 | * @param signing_key modifier to apply to the private key for signing; |
147 | * corresponds to 'h' in section 2.3 of #2564. | 164 | * corresponds to 'h' in section 2.3 of #2564. |
148 | * @param signature where to store the signature | 165 | * @param signature where to store the signature |
166 | * @return GNUNET_SYSERR on failure | ||
149 | */ | 167 | */ |
150 | void | 168 | int |
151 | GNUNET_PSEUDONYM_sign (struct GNUNET_PseudonymHandle *ph, | 169 | GNUNET_PSEUDONYM_sign (struct GNUNET_PseudonymHandle *ph, |
152 | const struct GNUNET_PseudonymSignaturePurpose *purpose, | 170 | const struct GNUNET_PseudonymSignaturePurpose *purpose, |
153 | const struct GNUNET_HashCode *seed, | 171 | const struct GNUNET_HashCode *seed, |
@@ -159,13 +177,14 @@ GNUNET_PSEUDONYM_sign (struct GNUNET_PseudonymHandle *ph, | |||
159 | * Given a pseudonym and a signing key, derive the corresponding public | 177 | * Given a pseudonym and a signing key, derive the corresponding public |
160 | * key that would be used to verify the resulting signature. | 178 | * key that would be used to verify the resulting signature. |
161 | * | 179 | * |
162 | * @param pseudonym the public key (g^x) | 180 | * @param pseudonym the public key (g^x in DSA, dQ in ECDSA) |
163 | * @param signing_key input to derive 'h' (see section 2.4 of #2564) | 181 | * @param signing_key input to derive 'h' (see section 2.4 of #2564) |
164 | * @param verification_key resulting public key to verify the signature | 182 | * @param verification_key resulting public key to verify the signature |
165 | * created from the 'ph' of 'pseudonym' and the 'signing_key'; | 183 | * created from the 'ph' of 'pseudonym' and the 'signing_key'; |
166 | * the value stored here can then be given to GNUNET_PSEUDONYM_verify. | 184 | * the value stored here can then be given to GNUNET_PSEUDONYM_verify. |
185 | * @return GNUNET_OK on success, GNUNET_SYSERR on error | ||
167 | */ | 186 | */ |
168 | void | 187 | int |
169 | GNUNET_PSEUDONYM_derive_verification_key (struct GNUNET_PseudonymIdentifier *pseudonym, | 188 | GNUNET_PSEUDONYM_derive_verification_key (struct GNUNET_PseudonymIdentifier *pseudonym, |
170 | const struct GNUNET_HashCode *signing_key, | 189 | const struct GNUNET_HashCode *signing_key, |
171 | struct GNUNET_PseudonymIdentifier *verification_key); | 190 | struct GNUNET_PseudonymIdentifier *verification_key); |