diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2022-03-27 12:25:01 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2022-03-27 12:25:01 +0200 |
commit | 1e4d6256731d69f1309ff8439569c65d2e1384a0 (patch) | |
tree | 164e7b5cd860ba30e315caba7a1ac08919dee90b /src | |
parent | e598ffe0a3a3d3db0df1fcc04f52bbefe93d3779 (diff) | |
download | gnunet-1e4d6256731d69f1309ff8439569c65d2e1384a0.tar.gz gnunet-1e4d6256731d69f1309ff8439569c65d2e1384a0.zip |
GNS: Sanitize APIs and align with LSD0001
Diffstat (limited to 'src')
-rw-r--r-- | src/gnsrecord/gnsrecord_crypto.c | 39 | ||||
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 46 | ||||
-rw-r--r-- | src/include/gnunet_namestore_plugin.h | 65 | ||||
-rw-r--r-- | src/util/crypto_ecc_gnsrecord.c | 55 | ||||
-rw-r--r-- | src/util/test_crypto_eddsa.c | 8 |
5 files changed, 156 insertions, 57 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index ff92911de..b5e8be82b 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c | |||
@@ -219,7 +219,6 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
219 | rd); | 219 | rd); |
220 | struct GNUNET_GNSRECORD_EcdsaBlock *ecblock; | 220 | struct GNUNET_GNSRECORD_EcdsaBlock *ecblock; |
221 | struct GNRBlockPS *gnr_block; | 221 | struct GNRBlockPS *gnr_block; |
222 | struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey; | ||
223 | unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; | 222 | unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2]; |
224 | unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH]; | 223 | unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH]; |
225 | struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)]; | 224 | struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)]; |
@@ -270,11 +269,10 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
270 | gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire); | 269 | gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire); |
271 | ecblock->expiration_time = gnr_block->expiration_time; | 270 | ecblock->expiration_time = gnr_block->expiration_time; |
272 | /* encrypt and sign */ | 271 | /* encrypt and sign */ |
273 | dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key, | 272 | GNUNET_CRYPTO_ecdsa_public_key_derive (pkey, |
274 | label, | 273 | label, |
275 | "gns"); | 274 | "gns", |
276 | GNUNET_CRYPTO_ecdsa_key_get_public (dkey, | 275 | &ecblock->derived_key); |
277 | &ecblock->derived_key); | ||
278 | GNR_derive_block_aes_key (ctr, | 276 | GNR_derive_block_aes_key (ctr, |
279 | skey, | 277 | skey, |
280 | label, | 278 | label, |
@@ -289,18 +287,18 @@ block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, | |||
289 | GNUNET_memcpy (&gnr_block[1], &ecblock[1], payload_len); | 287 | GNUNET_memcpy (&gnr_block[1], &ecblock[1], payload_len); |
290 | } | 288 | } |
291 | if (GNUNET_OK != | 289 | if (GNUNET_OK != |
292 | GNUNET_CRYPTO_ecdsa_sign_ (dkey, | 290 | GNUNET_CRYPTO_ecdsa_sign_derived (key, |
293 | &gnr_block->purpose, | 291 | label, |
294 | &ecblock->signature)) | 292 | "gns", |
293 | &gnr_block->purpose, | ||
294 | &ecblock->signature)) | ||
295 | { | 295 | { |
296 | GNUNET_break (0); | 296 | GNUNET_break (0); |
297 | GNUNET_free (*block); | 297 | GNUNET_free (*block); |
298 | GNUNET_free (dkey); | ||
299 | GNUNET_free (gnr_block); | 298 | GNUNET_free (gnr_block); |
300 | return GNUNET_SYSERR; | 299 | return GNUNET_SYSERR; |
301 | } | 300 | } |
302 | GNUNET_free (gnr_block); | 301 | GNUNET_free (gnr_block); |
303 | GNUNET_free (dkey); | ||
304 | return GNUNET_OK; | 302 | return GNUNET_OK; |
305 | } | 303 | } |
306 | 304 | ||
@@ -344,7 +342,6 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, | |||
344 | rd); | 342 | rd); |
345 | struct GNUNET_GNSRECORD_EddsaBlock *edblock; | 343 | struct GNUNET_GNSRECORD_EddsaBlock *edblock; |
346 | struct GNRBlockPS *gnr_block; | 344 | struct GNRBlockPS *gnr_block; |
347 | struct GNUNET_CRYPTO_EddsaPrivateScalar dkey; | ||
348 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; | 345 | unsigned char nonce[crypto_secretbox_NONCEBYTES]; |
349 | unsigned char skey[crypto_secretbox_KEYBYTES]; | 346 | unsigned char skey[crypto_secretbox_KEYBYTES]; |
350 | struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)]; | 347 | struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)]; |
@@ -402,12 +399,10 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, | |||
402 | gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire); | 399 | gnr_block->expiration_time = GNUNET_TIME_absolute_hton (expire); |
403 | edblock->expiration_time = gnr_block->expiration_time; | 400 | edblock->expiration_time = gnr_block->expiration_time; |
404 | /* encrypt and sign */ | 401 | /* encrypt and sign */ |
405 | GNUNET_CRYPTO_eddsa_private_key_derive (key, | 402 | GNUNET_CRYPTO_eddsa_public_key_derive (pkey, |
406 | label, | 403 | label, |
407 | "gns", | 404 | "gns", |
408 | &dkey); | 405 | &edblock->derived_key); |
409 | GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey, | ||
410 | &edblock->derived_key); | ||
411 | GNR_derive_block_xsalsa_key (nonce, | 406 | GNR_derive_block_xsalsa_key (nonce, |
412 | skey, | 407 | skey, |
413 | label, | 408 | label, |
@@ -422,9 +417,11 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, | |||
422 | GNUNET_memcpy (&gnr_block[1], &edblock[1], | 417 | GNUNET_memcpy (&gnr_block[1], &edblock[1], |
423 | payload_len + crypto_secretbox_MACBYTES); | 418 | payload_len + crypto_secretbox_MACBYTES); |
424 | 419 | ||
425 | GNUNET_CRYPTO_eddsa_sign_with_scalar (&dkey, | 420 | GNUNET_CRYPTO_eddsa_sign_derived (key, |
426 | &gnr_block->purpose, | 421 | label, |
427 | &edblock->signature); | 422 | "gns", |
423 | &gnr_block->purpose, | ||
424 | &edblock->signature); | ||
428 | } | 425 | } |
429 | return GNUNET_OK; | 426 | return GNUNET_OK; |
430 | } | 427 | } |
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 72d783148..77abab45d 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -2018,6 +2018,26 @@ GNUNET_CRYPTO_ecdsa_public_key_derive ( | |||
2018 | const char *context, | 2018 | const char *context, |
2019 | struct GNUNET_CRYPTO_EcdsaPublicKey *result); | 2019 | struct GNUNET_CRYPTO_EcdsaPublicKey *result); |
2020 | 2020 | ||
2021 | /** | ||
2022 | * This is a signature function for ECDSA which takes a | ||
2023 | * private key, derives/blinds it and signs the message. | ||
2024 | * | ||
2025 | * @param pkey original private key | ||
2026 | * @param label label to use for key deriviation | ||
2027 | * @param context additional context to use for HKDF of 'h'; | ||
2028 | * typically the name of the subsystem/application | ||
2029 | * @param purp the signature purpose | ||
2030 | * @param sig the resulting signature | ||
2031 | * @return GNUNET_OK on success | ||
2032 | */ | ||
2033 | enum GNUNET_GenericReturnValue | ||
2034 | GNUNET_CRYPTO_ecdsa_sign_derived ( | ||
2035 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, | ||
2036 | const char *label, | ||
2037 | const char *context, | ||
2038 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, | ||
2039 | struct GNUNET_CRYPTO_EcdsaSignature *sig); | ||
2040 | |||
2021 | 2041 | ||
2022 | /** | 2042 | /** |
2023 | * @ingroup crypto | 2043 | * @ingroup crypto |
@@ -2063,23 +2083,23 @@ GNUNET_CRYPTO_eddsa_public_key_derive ( | |||
2063 | 2083 | ||
2064 | 2084 | ||
2065 | /** | 2085 | /** |
2066 | * This is a signature function for EdDSA which takes the | 2086 | * This is a signature function for EdDSA which takes a |
2067 | * secret scalar sk instead of the private seed which is | 2087 | * private key and derives it using the label and context |
2068 | * usually the case for crypto APIs. We require this functionality | 2088 | * before signing. |
2069 | * in order to use derived private keys for signatures we | ||
2070 | * cannot calculate the inverse of a sk to find the seed | ||
2071 | * efficiently. | ||
2072 | * | 2089 | * |
2073 | * The resulting signature is a standard EdDSA signature | 2090 | * @param pkey original private key |
2074 | * which can be verified using the usual APIs. | 2091 | * @param label label to use for key deriviation |
2075 | * | 2092 | * @param context additional context to use for HKDF of 'h'; |
2076 | * @param sk the secret scalar | 2093 | * typically the name of the subsystem/application |
2077 | * @param purp the signature purpose | 2094 | * @param purp the signature purpose |
2078 | * @param sig the resulting signature | 2095 | * @param sig the resulting signature |
2096 | * @return GNUNET_OK on success | ||
2079 | */ | 2097 | */ |
2080 | void | 2098 | enum GNUNET_GenericReturnValue |
2081 | GNUNET_CRYPTO_eddsa_sign_with_scalar ( | 2099 | GNUNET_CRYPTO_eddsa_sign_derived ( |
2082 | const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv, | 2100 | const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey, |
2101 | const char *label, | ||
2102 | const char *context, | ||
2083 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, | 2103 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, |
2084 | struct GNUNET_CRYPTO_EddsaSignature *sig); | 2104 | struct GNUNET_CRYPTO_EddsaSignature *sig); |
2085 | 2105 | ||
diff --git a/src/include/gnunet_namestore_plugin.h b/src/include/gnunet_namestore_plugin.h index 9cc8abc6e..3dca5a853 100644 --- a/src/include/gnunet_namestore_plugin.h +++ b/src/include/gnunet_namestore_plugin.h | |||
@@ -150,6 +150,71 @@ struct GNUNET_NAMESTORE_PluginFunctions | |||
150 | const struct GNUNET_IDENTITY_PublicKey *value_zone, | 150 | const struct GNUNET_IDENTITY_PublicKey *value_zone, |
151 | GNUNET_NAMESTORE_RecordIterator iter, | 151 | GNUNET_NAMESTORE_RecordIterator iter, |
152 | void *iter_cls); | 152 | void *iter_cls); |
153 | |||
154 | /** Transaction-based API draft **/ | ||
155 | |||
156 | /** | ||
157 | * Start a transaction in the database | ||
158 | * | ||
159 | * @param cls closure (internal context for the plugin) | ||
160 | * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error | ||
161 | */ | ||
162 | enum GNUNET_GenericReturnValue | ||
163 | (*transaction_begin) (void *cls); | ||
164 | |||
165 | /** | ||
166 | * Abort a transaction in the database | ||
167 | * | ||
168 | * @param cls closure (internal context for the plugin) | ||
169 | * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error | ||
170 | */ | ||
171 | enum GNUNET_GenericReturnValue | ||
172 | (*transaction_abort) (void *cls); | ||
173 | |||
174 | /** | ||
175 | * Commit a transaction in the database | ||
176 | * | ||
177 | * @param cls closure (internal context for the plugin) | ||
178 | * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error | ||
179 | */ | ||
180 | enum GNUNET_GenericReturnValue | ||
181 | (*transaction_commit) (void *cls); | ||
182 | |||
183 | /** | ||
184 | * Replace a record in the datastore for which we are the authority. | ||
185 | * Removes any existing record in the same zone with the same name. | ||
186 | * | ||
187 | * @param cls closure (internal context for the plugin) | ||
188 | * @param zone private key of the zone | ||
189 | * @param label name of the record in the zone | ||
190 | * @param rd_count number of entries in @a rd array, 0 to delete all records | ||
191 | * @param rd array of records with data to store | ||
192 | * @return #GNUNET_OK on success, else #GNUNET_SYSERR | ||
193 | */ | ||
194 | int | ||
195 | (*replace_records) (void *cls, | ||
196 | const struct GNUNET_IDENTITY_PrivateKey *zone, | ||
197 | const char *label, | ||
198 | unsigned int rd_count, | ||
199 | const struct GNUNET_GNSRECORD_Data *rd); | ||
200 | |||
201 | /** | ||
202 | * Lookup records in the datastore for which we are the authority. | ||
203 | * | ||
204 | * @param cls closure (internal context for the plugin) | ||
205 | * @param zone private key of the zone | ||
206 | * @param label name of the record in the zone | ||
207 | * @param iter function to call with the result | ||
208 | * @param iter_cls closure for @a iter | ||
209 | * @return #GNUNET_OK on success, #GNUNET_NO for no results, else #GNUNET_SYSERR | ||
210 | */ | ||
211 | int | ||
212 | (*select_records) (void *cls, | ||
213 | const struct GNUNET_IDENTITY_PrivateKey *zone, | ||
214 | const char *label, | ||
215 | GNUNET_NAMESTORE_RecordIterator iter, | ||
216 | void *iter_cls); | ||
217 | |||
153 | }; | 218 | }; |
154 | 219 | ||
155 | 220 | ||
diff --git a/src/util/crypto_ecc_gnsrecord.c b/src/util/crypto_ecc_gnsrecord.c index ce41a4699..0ee0570c0 100644 --- a/src/util/crypto_ecc_gnsrecord.c +++ b/src/util/crypto_ecc_gnsrecord.c | |||
@@ -68,28 +68,15 @@ derive_h (const void *pub, | |||
68 | } | 68 | } |
69 | 69 | ||
70 | 70 | ||
71 | /** | 71 | enum GNUNET_GenericReturnValue |
72 | * This is a signature function for EdDSA which takes the | 72 | GNUNET_CRYPTO_eddsa_sign_derived ( |
73 | * secret scalar sk instead of the private seed which is | 73 | const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey, |
74 | * usually the case for crypto APIs. We require this functionality | 74 | const char *label, |
75 | * in order to use derived private keys for signatures we | 75 | const char *context, |
76 | * cannot calculate the inverse of a sk to find the seed | ||
77 | * efficiently. | ||
78 | * | ||
79 | * The resulting signature is a standard EdDSA signature | ||
80 | * which can be verified using the usual APIs. | ||
81 | * | ||
82 | * @param sk the secret scalar | ||
83 | * @param purp the signature purpose | ||
84 | * @param sig the resulting signature | ||
85 | */ | ||
86 | void | ||
87 | GNUNET_CRYPTO_eddsa_sign_with_scalar ( | ||
88 | const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv, | ||
89 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, | 76 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, |
90 | struct GNUNET_CRYPTO_EddsaSignature *sig) | 77 | struct GNUNET_CRYPTO_EddsaSignature *sig) |
91 | { | 78 | { |
92 | 79 | struct GNUNET_CRYPTO_EddsaPrivateScalar priv; | |
93 | crypto_hash_sha512_state hs; | 80 | crypto_hash_sha512_state hs; |
94 | unsigned char sk[64]; | 81 | unsigned char sk[64]; |
95 | unsigned char r[64]; | 82 | unsigned char r[64]; |
@@ -98,6 +85,14 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar ( | |||
98 | unsigned char zk[32]; | 85 | unsigned char zk[32]; |
99 | unsigned char tmp[32]; | 86 | unsigned char tmp[32]; |
100 | 87 | ||
88 | /** | ||
89 | * Derive the private key | ||
90 | */ | ||
91 | GNUNET_CRYPTO_eddsa_private_key_derive (pkey, | ||
92 | label, | ||
93 | context, | ||
94 | &priv); | ||
95 | |||
101 | crypto_hash_sha512_init (&hs); | 96 | crypto_hash_sha512_init (&hs); |
102 | 97 | ||
103 | /** | 98 | /** |
@@ -108,7 +103,7 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar ( | |||
108 | * sk[0..31] = h * SHA512 (d)[0..31] | 103 | * sk[0..31] = h * SHA512 (d)[0..31] |
109 | * sk[32..63] = SHA512 (d)[32..63] | 104 | * sk[32..63] = SHA512 (d)[32..63] |
110 | */ | 105 | */ |
111 | memcpy (sk, priv->s, 64); | 106 | memcpy (sk, priv.s, 64); |
112 | 107 | ||
113 | /** | 108 | /** |
114 | * Calculate the derived zone key zk' from the | 109 | * Calculate the derived zone key zk' from the |
@@ -172,8 +167,28 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar ( | |||
172 | sodium_memzero (sk, sizeof (sk)); | 167 | sodium_memzero (sk, sizeof (sk)); |
173 | sodium_memzero (r, sizeof (r)); | 168 | sodium_memzero (r, sizeof (r)); |
174 | sodium_memzero (r_mod, sizeof (r_mod)); | 169 | sodium_memzero (r_mod, sizeof (r_mod)); |
170 | return GNUNET_OK; | ||
175 | } | 171 | } |
176 | 172 | ||
173 | enum GNUNET_GenericReturnValue | ||
174 | GNUNET_CRYPTO_ecdsa_sign_derived ( | ||
175 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, | ||
176 | const char *label, | ||
177 | const char *context, | ||
178 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, | ||
179 | struct GNUNET_CRYPTO_EcdsaSignature *sig) | ||
180 | { | ||
181 | struct GNUNET_CRYPTO_EcdsaPrivateKey *key; | ||
182 | enum GNUNET_GenericReturnValue res; | ||
183 | key = GNUNET_CRYPTO_ecdsa_private_key_derive (priv, | ||
184 | label, | ||
185 | context); | ||
186 | res = GNUNET_CRYPTO_ecdsa_sign_ (key, | ||
187 | purpose, | ||
188 | sig); | ||
189 | GNUNET_free (key); | ||
190 | return res; | ||
191 | } | ||
177 | 192 | ||
178 | struct GNUNET_CRYPTO_EcdsaPrivateKey * | 193 | struct GNUNET_CRYPTO_EcdsaPrivateKey * |
179 | GNUNET_CRYPTO_ecdsa_private_key_derive ( | 194 | GNUNET_CRYPTO_ecdsa_private_key_derive ( |
diff --git a/src/util/test_crypto_eddsa.c b/src/util/test_crypto_eddsa.c index 459619ff2..e9573a307 100644 --- a/src/util/test_crypto_eddsa.c +++ b/src/util/test_crypto_eddsa.c | |||
@@ -130,9 +130,11 @@ testDeriveSignVerify (void) | |||
130 | return GNUNET_SYSERR; | 130 | return GNUNET_SYSERR; |
131 | } | 131 | } |
132 | 132 | ||
133 | GNUNET_CRYPTO_eddsa_sign_with_scalar (&dpriv, | 133 | GNUNET_CRYPTO_eddsa_sign_derived (&key, |
134 | &purp, | 134 | "test-derive", |
135 | &sig); | 135 | "test-CTX", |
136 | &purp, | ||
137 | &sig); | ||
136 | if (GNUNET_SYSERR == | 138 | if (GNUNET_SYSERR == |
137 | GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, | 139 | GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, |
138 | &purp, | 140 | &purp, |