towards using EdDSA-ECDHE instead of ECDSA-ECDHE combined cryptosystem (API only)

4 files changed, 117 insertions, 167 deletions

diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index ee7ccec26..685632b49 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -228,7 +228,7 @@ check_PROGRAMS = \
  test_crypto_ecdsa \
  test_crypto_eddsa \
  test_crypto_ecdhe \
- test_crypto_ecdh_ecdsa \
+ test_crypto_ecdh_eddsa \
  test_crypto_hash \
  test_crypto_hash_context \
  test_crypto_hkdf \
@@ -389,9 +389,9 @@ test_crypto_ecdhe_LDADD = \
  libgnunetutil.la \
  $(LIBGCRYPT_LIBS)
 
-test_crypto_ecdh_ecdsa_SOURCES = \
- test_crypto_ecdh_ecdsa.c
-test_crypto_ecdh_ecdsa_LDADD = \
+test_crypto_ecdh_eddsa_SOURCES = \
+ test_crypto_ecdh_eddsa.c
+test_crypto_ecdh_eddsa_LDADD = \
  libgnunetutil.la \
  $(LIBGCRYPT_LIBS)
 
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 429d2bf4b..c3a60e841 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -1,6 +1,6 @@
 /*
      This file is part of GNUnet.
-     Copyright (C) 2012, 2013 Christian Grothoff (and other contributing authors)
+     Copyright (C) 2012, 2013, 2015 Christian Grothoff (and other contributing authors)
 
      GNUnet is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published
@@ -1398,7 +1398,9 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
   GNUNET_assert (0 ==
                  gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize,
                                  result_x));
-  GNUNET_CRYPTO_hash (xbuf, rsize, key_material);
+  GNUNET_CRYPTO_hash (xbuf,
+                      rsize,
+                      key_material);
   gcry_mpi_release (result_x);
   return GNUNET_OK;
 }
@@ -1542,46 +1544,41 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey
 
 /**
  * @ingroup crypto
- * Convert ECDSA public key to ECDHE public key.
- * Please be very careful when using this function, as mixing
- * cryptographic primitives is not always healthy.
+ * Derive key material from a ECDH public key and a private EdDSA key.
+ * Dual to #GNUNET_CRRYPTO_ecdh_eddsa.
  *
- * @param ecdsa ecdsa public key
- * @param ecdhe[OUT] ecdhe public key
+ * @param priv private key from EdDSA to use for the ECDH (x)
+ * @param pub public key to use for the ECDH (yG)
+ * @param key_material where to write the key material H(h(x)yG)
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-void
-GNUNET_CRYPTO_ecdsa_public_to_ecdhe (const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa,
-                                     struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe)
+int
+GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
+                          const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
+                          struct GNUNET_HashCode *key_material)
 {
-  GNUNET_assert (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) ==
-                 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-  memcpy (ecdhe,
-          ecdsa,
-          sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
+  return GNUNET_SYSERR;
 }
 
 
-
 /**
  * @ingroup crypto
- * Convert ECDSA private key to ECDHE private key.
- * Please be very careful when using this function, as mixing
- * cryptographic primitives is not always healthy.
+ * Derive key material from a EdDSA public key and a private ECDH key.
+ * Dual to #GNUNET_CRRYPTO_eddsa_ecdh.
  *
- * @param ecdsa ecdsa private key
- * @param ecdhe[OUT] ecdhe private key
+ * @param priv private key to use for the ECDH (y)
+ * @param pub public key from EdDSA to use for the ECDH (X=h(x)G)
+ * @param key_material where to write the key material H(yX)=H(h(x)yG)
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
  */
-void
-GNUNET_CRYPTO_ecdsa_private_to_ecdhe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa,
-                                     struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe)
+int
+GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
+                          const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
+                          struct GNUNET_HashCode *key_material)
 {
-  GNUNET_assert (sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey) ==
-                 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
-  memcpy (ecdhe,
-          ecdsa,
-          sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
-
+  return GNUNET_SYSERR;
 }
 
 
+
 /* end of crypto_ecc.c */
diff --git a/src/util/test_crypto_ecdh_ecdsa.c b/src/util/test_crypto_ecdh_ecdsa.c
deleted file mode 100644
index 39e68abfc..000000000
--- a/src/util/test_crypto_ecdh_ecdsa.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
-     This file is part of GNUnet.
-     Copyright (C) 2002-2015 Christian Grothoff (and other contributing authors)
-
-     GNUnet is free software; you can redistribute it and/or modify
-     it under the terms of the GNU General Public License as published
-     by the Free Software Foundation; either version 3, or (at your
-     option) any later version.
-
-     GNUnet is distributed in the hope that it will be useful, but
-     WITHOUT ANY WARRANTY; without even the implied warranty of
-     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-     General Public License for more details.
-
-     You should have received a copy of the GNU General Public License
-     along with GNUnet; see the file COPYING.  If not, write to the
-     Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-     Boston, MA 02111-1307, USA.
-
-*/
-/**
- * @file util/test_crypto_ecdh_ecdsa.c
- * @brief testcase for ECC DH key exchange with EdDSA private keys.
- * @author Christian Grothoff
- * @author Bart Polot
- */
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include <gcrypt.h>
-
-
-static int
-test_pk()
-{
-  struct GNUNET_CRYPTO_EcdsaPrivateKey *priv1;
-  struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub1;
-  struct GNUNET_CRYPTO_EcdhePublicKey pub2;
-  struct GNUNET_CRYPTO_EcdhePublicKey pub1c;
-
-  /* Generate, cast keys */
-  priv1 = GNUNET_CRYPTO_ecdsa_key_create ();
-  GNUNET_CRYPTO_ecdsa_private_to_ecdhe (priv1,
-                                        &priv2);
-  /* Extract public keys */
-  GNUNET_CRYPTO_ecdsa_key_get_public (priv1, &pub1);
-  GNUNET_CRYPTO_ecdhe_key_get_public (&priv2, &pub2);
-
-  GNUNET_CRYPTO_ecdsa_public_to_ecdhe (&pub1, &pub1c);
-  if (0 == memcmp (&pub1c,
-                   &pub2,
-                   sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
-  {
-    GNUNET_free (priv1);
-    return 0;
-  }
-  GNUNET_free (priv1);
-  return 1;
-}
-
-
-static int
-test_ecdh()
-{
-  struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_dsa1;
-  struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_dsa2;
-  struct GNUNET_CRYPTO_EcdsaPublicKey id1;
-  struct GNUNET_CRYPTO_EcdsaPublicKey id2;
-  struct GNUNET_CRYPTO_EcdhePublicKey id1c;
-  struct GNUNET_CRYPTO_EcdhePublicKey id2c;
-
-  struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
-  struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
-  struct GNUNET_CRYPTO_EcdhePublicKey pub2;
-  struct GNUNET_HashCode dh[3];
-
-  /* Generate, cast keys */
-  priv_dsa1 = GNUNET_CRYPTO_ecdsa_key_create ();
-  priv_dsa2 = GNUNET_CRYPTO_ecdsa_key_create ();
-  GNUNET_CRYPTO_ecdsa_private_to_ecdhe (priv_dsa1,
-                                        &priv1);
-
-  GNUNET_CRYPTO_ecdsa_private_to_ecdhe (priv_dsa2,
-                                        &priv2);
-  /* Extract public keys */
-  GNUNET_CRYPTO_ecdsa_key_get_public (priv_dsa1, &id1);
-  GNUNET_CRYPTO_ecdsa_key_get_public (priv_dsa2, &id2);
-  GNUNET_CRYPTO_ecdhe_key_get_public (&priv2, &pub2);
-
-  /* Do ECDH */
-  GNUNET_CRYPTO_ecdsa_public_to_ecdhe (&id2,
-                                       &id2c);
-  GNUNET_CRYPTO_ecdsa_public_to_ecdhe (&id1,
-                                       &id1c);
-  GNUNET_CRYPTO_ecc_ecdh (&priv1,
-                          &id2c,
-                          &dh[0]);
-  GNUNET_CRYPTO_ecc_ecdh (&priv2,
-                          &id1c,
-                          &dh[1]);
-  GNUNET_CRYPTO_ecc_ecdh (&priv1, &pub2, &dh[2]);
-
-  /* Check that both DH results are equal. */
-  GNUNET_assert (0 == memcmp (&dh[0], &dh[1],
-                              sizeof (struct GNUNET_HashCode)));
-  GNUNET_free (priv_dsa1);
-  GNUNET_free (priv_dsa2);
-  return 0;
-}
-
-
-int
-main (int argc, char *argv[])
-{
-  if (! gcry_check_version ("1.6.0"))
-  {
-    FPRINTF (stderr,
-             _("libgcrypt has not the expected version (version %s is required).\n"),
-             "1.6.0");
-    return 0;
-  }
-  if (getenv ("GNUNET_GCRYPT_DEBUG"))
-    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
-  GNUNET_log_setup ("test-crypto-ecdh-ecdsa", "WARNING", NULL);
-  if (0 != test_pk())
-    return 1;
-  if (0 != test_ecdh())
-    return 1;
-  return 0;
-}
-
-
-/* end of test_crypto_ecdh_ecdsa.c */
diff --git a/src/util/test_crypto_ecdh_eddsa.c b/src/util/test_crypto_ecdh_eddsa.c
new file mode 100644
index 000000000..6b9867b1e
--- /dev/null
+++ b/src/util/test_crypto_ecdh_eddsa.c
@@ -0,0 +1,86 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2002-2015 Christian Grothoff (and other contributing authors)
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+     Boston, MA 02111-1307, USA.
+
+*/
+/**
+ * @file util/test_crypto_ecdh_eddsa.c
+ * @brief testcase for ECC DH key exchange with EdDSA private keys.
+ * @author Christian Grothoff
+ * @author Bart Polot
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include <gcrypt.h>
+
+
+static int
+test_ecdh()
+{
+  struct GNUNET_CRYPTO_EddsaPrivateKey *priv_dsa;
+  struct GNUNET_CRYPTO_EcdhePrivateKey *priv_ecdh;
+  struct GNUNET_CRYPTO_EddsaPublicKey id1;
+  struct GNUNET_CRYPTO_EcdhePublicKey id2;
+  struct GNUNET_HashCode dh[3];
+
+  /* Generate keys */
+  priv_dsa = GNUNET_CRYPTO_eddsa_key_create ();
+  priv_ecdh = GNUNET_CRYPTO_ecdhe_key_create ();
+  /* Extract public keys */
+  GNUNET_CRYPTO_eddsa_key_get_public (priv_dsa,
+                                      &id1);
+  GNUNET_CRYPTO_ecdhe_key_get_public (priv_ecdh,
+                                      &id2);
+  /* Do ECDH */
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CRYPTO_eddsa_ecdh (priv_dsa,
+                                           &id2,
+                                           &dh[0]));
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_CRYPTO_ecdh_eddsa (priv_ecdh,
+                                           &id1,
+                                           &dh[1]));
+  /* Check that both DH results are equal. */
+  GNUNET_assert (0 == memcmp (&dh[0], &dh[1],
+                              sizeof (struct GNUNET_HashCode)));
+  GNUNET_free (priv_dsa);
+  GNUNET_free (priv_ecdh);
+  return 0;
+}
+
+
+int
+main (int argc, char *argv[])
+{
+  if (! gcry_check_version ("1.6.0"))
+  {
+    FPRINTF (stderr,
+             _("libgcrypt has not the expected version (version %s is required).\n"),
+             "1.6.0");
+    return 0;
+  }
+  if (getenv ("GNUNET_GCRYPT_DEBUG"))
+    gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
+  GNUNET_log_setup ("test-crypto-ecdh-eddsa", "WARNING", NULL);
+  if (0 != test_ecdh())
+    return 1;
+  return 0;
+}
+
+
+/* end of test_crypto_ecdh_eddsa.c */