diff options
author | Martin Schanzenbach <mschanzenbach@posteo.de> | 2021-05-03 18:49:17 +0200 |
---|---|---|
committer | Martin Schanzenbach <mschanzenbach@posteo.de> | 2021-05-03 18:49:17 +0200 |
commit | d552acf5e7114f92d8251276ef76827a9db92257 (patch) | |
tree | 4b5ed54763b6acbd8292d52ef9fda9a789c56ec8 /src | |
parent | 5bb2578678064ff4d537fcbc8d9a552a6779892d (diff) | |
download | gnunet-d552acf5e7114f92d8251276ef76827a9db92257.tar.gz gnunet-d552acf5e7114f92d8251276ef76827a9db92257.zip |
-add more tests for eddsa and gnsrecord
Diffstat (limited to 'src')
-rw-r--r-- | src/gnsrecord/gnsrecord_crypto.c | 23 | ||||
-rw-r--r-- | src/gnsrecord/gnsrecord_misc.c | 2 | ||||
-rw-r--r-- | src/gnsrecord/test_gnsrecord_crypto.c | 22 | ||||
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 12 | ||||
-rw-r--r-- | src/util/crypto_ecc_gnsrecord.c | 24 | ||||
-rw-r--r-- | src/util/test_crypto_eddsa.c | 74 |
6 files changed, 131 insertions, 26 deletions
diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index 289f0e885..7fe0c6953 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c | |||
@@ -396,11 +396,8 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, | |||
396 | label, | 396 | label, |
397 | "gns", | 397 | "gns", |
398 | &dkey); | 398 | &dkey); |
399 | // FIXME: We may want a key_get_public_from_private_scalar function | 399 | GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey, |
400 | struct GNUNET_CRYPTO_EddsaPublicKey test; | 400 | &edblock->derived_key); |
401 | crypto_scalarmult_ed25519_base_noclamp (test.q_y, | ||
402 | dkey.s); | ||
403 | edblock->derived_key = test; | ||
404 | derive_block_xsalsa_key (nonce, | 401 | derive_block_xsalsa_key (nonce, |
405 | skey, | 402 | skey, |
406 | label, | 403 | label, |
@@ -438,25 +435,21 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key, | |||
438 | const struct GNUNET_GNSRECORD_Data *rd, | 435 | const struct GNUNET_GNSRECORD_Data *rd, |
439 | unsigned int rd_count) | 436 | unsigned int rd_count) |
440 | { | 437 | { |
441 | struct GNUNET_CRYPTO_EcdsaPublicKey pkey; | 438 | struct GNUNET_IDENTITY_PublicKey pkey; |
442 | struct GNUNET_CRYPTO_EddsaPublicKey edkey; | 439 | GNUNET_IDENTITY_key_get_public (key, |
443 | 440 | &pkey); | |
444 | switch (ntohl (key->type)) | 441 | switch (ntohl (key->type)) |
445 | { | 442 | { |
446 | case GNUNET_GNSRECORD_TYPE_PKEY: | 443 | case GNUNET_GNSRECORD_TYPE_PKEY: |
447 | GNUNET_CRYPTO_ecdsa_key_get_public (&key->ecdsa_key, | ||
448 | &pkey); | ||
449 | return block_create_ecdsa (&key->ecdsa_key, | 444 | return block_create_ecdsa (&key->ecdsa_key, |
450 | &pkey, | 445 | &pkey.ecdsa_key, |
451 | expire, | 446 | expire, |
452 | label, | 447 | label, |
453 | rd, | 448 | rd, |
454 | rd_count); | 449 | rd_count); |
455 | case GNUNET_GNSRECORD_TYPE_EDKEY: | 450 | case GNUNET_GNSRECORD_TYPE_EDKEY: |
456 | GNUNET_CRYPTO_eddsa_key_get_public (&key->eddsa_key, | ||
457 | &edkey); | ||
458 | return block_create_eddsa (&key->eddsa_key, | 451 | return block_create_eddsa (&key->eddsa_key, |
459 | &edkey, | 452 | &pkey.eddsa_key, |
460 | expire, | 453 | expire, |
461 | label, | 454 | label, |
462 | rd, | 455 | rd, |
@@ -930,7 +923,7 @@ GNUNET_GNSRECORD_query_from_public_key (const struct | |||
930 | GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key, | 923 | GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key, |
931 | label, | 924 | label, |
932 | "gns", | 925 | "gns", |
933 | &pd.eddsa_key); | 926 | &(pd.eddsa_key)); |
934 | GNUNET_CRYPTO_hash (&pd.eddsa_key, | 927 | GNUNET_CRYPTO_hash (&pd.eddsa_key, |
935 | sizeof (pd.eddsa_key), | 928 | sizeof (pd.eddsa_key), |
936 | query); | 929 | query); |
diff --git a/src/gnsrecord/gnsrecord_misc.c b/src/gnsrecord/gnsrecord_misc.c index 2fe315bd8..8d3a6421f 100644 --- a/src/gnsrecord/gnsrecord_misc.c +++ b/src/gnsrecord/gnsrecord_misc.c | |||
@@ -377,7 +377,7 @@ GNUNET_GNSRECORD_query_from_block (const struct GNUNET_GNSRECORD_Block *block, | |||
377 | switch (ntohl (block->type)) | 377 | switch (ntohl (block->type)) |
378 | { | 378 | { |
379 | case GNUNET_GNSRECORD_TYPE_PKEY: | 379 | case GNUNET_GNSRECORD_TYPE_PKEY: |
380 | GNUNET_CRYPTO_hash (&block->ecdsa_block.derived_key, | 380 | GNUNET_CRYPTO_hash (&(block->ecdsa_block.derived_key), |
381 | sizeof (block->ecdsa_block.derived_key), | 381 | sizeof (block->ecdsa_block.derived_key), |
382 | query); | 382 | query); |
383 | return GNUNET_OK; | 383 | return GNUNET_OK; |
diff --git a/src/gnsrecord/test_gnsrecord_crypto.c b/src/gnsrecord/test_gnsrecord_crypto.c index b9b2b5ba5..9e5a1aa7e 100644 --- a/src/gnsrecord/test_gnsrecord_crypto.c +++ b/src/gnsrecord/test_gnsrecord_crypto.c | |||
@@ -92,6 +92,7 @@ rd_decrypt_cb (void *cls, | |||
92 | res = 0; | 92 | res = 0; |
93 | } | 93 | } |
94 | 94 | ||
95 | |||
95 | static void | 96 | static void |
96 | test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey) | 97 | test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey) |
97 | { | 98 | { |
@@ -99,6 +100,7 @@ test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey) | |||
99 | struct GNUNET_IDENTITY_PublicKey pubkey; | 100 | struct GNUNET_IDENTITY_PublicKey pubkey; |
100 | struct GNUNET_HashCode query_pub; | 101 | struct GNUNET_HashCode query_pub; |
101 | struct GNUNET_HashCode query_priv; | 102 | struct GNUNET_HashCode query_priv; |
103 | struct GNUNET_HashCode query_block; | ||
102 | struct GNUNET_TIME_Absolute expire = GNUNET_TIME_absolute_get (); | 104 | struct GNUNET_TIME_Absolute expire = GNUNET_TIME_absolute_get (); |
103 | 105 | ||
104 | 106 | ||
@@ -117,7 +119,7 @@ test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey) | |||
117 | &query_pub, | 119 | &query_pub, |
118 | sizeof(struct GNUNET_HashCode))); | 120 | sizeof(struct GNUNET_HashCode))); |
119 | /* create record */ | 121 | /* create record */ |
120 | s_name = "DUMMY.dummy.gnunet"; | 122 | s_name = "testlabel"; |
121 | s_rd = create_record (RECORDS); | 123 | s_rd = create_record (RECORDS); |
122 | 124 | ||
123 | /* Create block */ | 125 | /* Create block */ |
@@ -128,6 +130,13 @@ test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey) | |||
128 | s_rd, | 130 | s_rd, |
129 | RECORDS))); | 131 | RECORDS))); |
130 | GNUNET_assert (GNUNET_OK == | 132 | GNUNET_assert (GNUNET_OK == |
133 | GNUNET_GNSRECORD_query_from_block (block, | ||
134 | &query_block)); | ||
135 | GNUNET_assert (0 == memcmp (&query_pub, | ||
136 | &query_block, | ||
137 | sizeof(struct GNUNET_HashCode))); | ||
138 | |||
139 | GNUNET_assert (GNUNET_OK == | ||
131 | GNUNET_GNSRECORD_block_verify (block)); | 140 | GNUNET_GNSRECORD_block_verify (block)); |
132 | GNUNET_assert (GNUNET_OK == | 141 | GNUNET_assert (GNUNET_OK == |
133 | GNUNET_GNSRECORD_block_decrypt (block, | 142 | GNUNET_GNSRECORD_block_decrypt (block, |
@@ -139,7 +148,6 @@ test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey) | |||
139 | } | 148 | } |
140 | 149 | ||
141 | 150 | ||
142 | |||
143 | static void | 151 | static void |
144 | run (void *cls, | 152 | run (void *cls, |
145 | char *const *args, | 153 | char *const *args, |
@@ -158,17 +166,17 @@ run (void *cls, | |||
158 | test_with_type (&privkey); | 166 | test_with_type (&privkey); |
159 | end = GNUNET_TIME_absolute_get (); | 167 | end = GNUNET_TIME_absolute_get (); |
160 | printf ("Time: %llu ms\n", (unsigned long long) | 168 | printf ("Time: %llu ms\n", (unsigned long long) |
161 | GNUNET_TIME_absolute_get_difference (start, | 169 | GNUNET_TIME_absolute_get_difference (start, |
162 | end).rel_value_us); | 170 | end).rel_value_us); |
163 | 171 | ||
164 | privkey_ed.type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY); | 172 | privkey_ed.type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY); |
165 | GNUNET_CRYPTO_eddsa_key_create (&privkey_ed.eddsa_key); | 173 | GNUNET_CRYPTO_eddsa_key_create (&privkey_ed.eddsa_key); |
166 | start = GNUNET_TIME_absolute_get (); | 174 | start = GNUNET_TIME_absolute_get (); |
167 | test_with_type(&privkey_ed); | 175 | test_with_type (&privkey_ed); |
168 | end = GNUNET_TIME_absolute_get (); | 176 | end = GNUNET_TIME_absolute_get (); |
169 | printf ("Time: %llu ms\n", (unsigned long long) | 177 | printf ("Time: %llu ms\n", (unsigned long long) |
170 | GNUNET_TIME_absolute_get_difference (start, | 178 | GNUNET_TIME_absolute_get_difference (start, |
171 | end).rel_value_us); | 179 | end).rel_value_us); |
172 | 180 | ||
173 | 181 | ||
174 | } | 182 | } |
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index a334b50d0..ae73c9d40 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -1985,6 +1985,18 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar ( | |||
1985 | 1985 | ||
1986 | 1986 | ||
1987 | /** | 1987 | /** |
1988 | * Extract the public key of the given private scalar. | ||
1989 | * | ||
1990 | * @param s the private scalar | ||
1991 | * @param pkey the resulting public key | ||
1992 | */ | ||
1993 | void | ||
1994 | GNUNET_CRYPTO_eddsa_key_get_public_from_scalar ( | ||
1995 | const struct GNUNET_CRYPTO_EddsaPrivateScalar *s, | ||
1996 | struct GNUNET_CRYPTO_EddsaPublicKey *pkey); | ||
1997 | |||
1998 | |||
1999 | /** | ||
1988 | * Output the given MPI value to the given buffer in network | 2000 | * Output the given MPI value to the given buffer in network |
1989 | * byte order. The MPI @a val may not be negative. | 2001 | * byte order. The MPI @a val may not be negative. |
1990 | * | 2002 | * |
diff --git a/src/util/crypto_ecc_gnsrecord.c b/src/util/crypto_ecc_gnsrecord.c index 59efff8ab..a78511105 100644 --- a/src/util/crypto_ecc_gnsrecord.c +++ b/src/util/crypto_ecc_gnsrecord.c | |||
@@ -114,8 +114,8 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar ( | |||
114 | * Calculate the derived zone key zk' from the | 114 | * Calculate the derived zone key zk' from the |
115 | * derived private scalar. | 115 | * derived private scalar. |
116 | */ | 116 | */ |
117 | crypto_scalarmult_ed25519_base (zk, | 117 | crypto_scalarmult_ed25519_base_noclamp (zk, |
118 | sk); | 118 | sk); |
119 | 119 | ||
120 | /** | 120 | /** |
121 | * Calculate r: | 121 | * Calculate r: |
@@ -352,7 +352,7 @@ GNUNET_CRYPTO_eddsa_private_key_derive ( | |||
352 | GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d); | 352 | GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d); |
353 | /** | 353 | /** |
354 | * Note that we copy all of SHA512(d) into the result and | 354 | * Note that we copy all of SHA512(d) into the result and |
355 | * then overrwrite the derived private scalar. | 355 | * then overwrite the derived private scalar. |
356 | * This means that we re-use SHA512(d)[32..63] | 356 | * This means that we re-use SHA512(d)[32..63] |
357 | * FIXME: Do we want to derive this part as well?? | 357 | * FIXME: Do we want to derive this part as well?? |
358 | */ | 358 | */ |
@@ -420,3 +420,21 @@ GNUNET_CRYPTO_eddsa_public_key_derive ( | |||
420 | gcry_ctx_release (ctx); | 420 | gcry_ctx_release (ctx); |
421 | 421 | ||
422 | } | 422 | } |
423 | |||
424 | |||
425 | void | ||
426 | GNUNET_CRYPTO_eddsa_key_get_public_from_scalar ( | ||
427 | const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv, | ||
428 | struct GNUNET_CRYPTO_EddsaPublicKey *pkey) | ||
429 | { | ||
430 | unsigned char sk[32]; | ||
431 | |||
432 | memcpy (sk, priv->s, 32); | ||
433 | |||
434 | /** | ||
435 | * Calculate the derived zone key zk' from the | ||
436 | * derived private scalar. | ||
437 | */ | ||
438 | crypto_scalarmult_ed25519_base_noclamp (pkey->q_y, | ||
439 | sk); | ||
440 | } | ||
diff --git a/src/util/test_crypto_eddsa.c b/src/util/test_crypto_eddsa.c index 5baf696b1..10d6a4e91 100644 --- a/src/util/test_crypto_eddsa.c +++ b/src/util/test_crypto_eddsa.c | |||
@@ -100,6 +100,73 @@ testSignVerify (void) | |||
100 | } | 100 | } |
101 | 101 | ||
102 | 102 | ||
103 | static int | ||
104 | testDeriveSignVerify (void) | ||
105 | { | ||
106 | struct GNUNET_CRYPTO_EddsaSignature sig; | ||
107 | struct GNUNET_CRYPTO_EccSignaturePurpose purp; | ||
108 | struct GNUNET_CRYPTO_EddsaPrivateScalar dpriv; | ||
109 | struct GNUNET_CRYPTO_EddsaPublicKey pkey; | ||
110 | struct GNUNET_CRYPTO_EddsaPublicKey dpub; | ||
111 | struct GNUNET_CRYPTO_EddsaPublicKey dpub2; | ||
112 | |||
113 | GNUNET_CRYPTO_eddsa_private_key_derive (&key, | ||
114 | "test-derive", | ||
115 | "test-CTX", | ||
116 | &dpriv); | ||
117 | GNUNET_CRYPTO_eddsa_key_get_public (&key, | ||
118 | &pkey); | ||
119 | GNUNET_CRYPTO_eddsa_public_key_derive (&pkey, | ||
120 | "test-derive", | ||
121 | "test-CTX", | ||
122 | &dpub); | ||
123 | GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dpriv, &dpub2); | ||
124 | purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)); | ||
125 | purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); | ||
126 | |||
127 | if (0 != GNUNET_memcmp (&dpub.q_y, &dpub2.q_y)) | ||
128 | { | ||
129 | fprintf (stderr, "%s", "key derivation failed\n"); | ||
130 | return GNUNET_SYSERR; | ||
131 | } | ||
132 | |||
133 | GNUNET_CRYPTO_eddsa_sign_with_scalar (&dpriv, | ||
134 | &purp, | ||
135 | &sig); | ||
136 | if (GNUNET_SYSERR == | ||
137 | GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, | ||
138 | &purp, | ||
139 | &sig, | ||
140 | &dpub)) | ||
141 | { | ||
142 | fprintf (stderr, | ||
143 | "GNUNET_CRYPTO_eddsa_verify failed!\n"); | ||
144 | return GNUNET_SYSERR; | ||
145 | } | ||
146 | if (GNUNET_SYSERR != | ||
147 | GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, | ||
148 | &purp, | ||
149 | &sig, | ||
150 | &pkey)) | ||
151 | { | ||
152 | fprintf (stderr, | ||
153 | "GNUNET_CRYPTO_eddsa_verify failed to fail!\n"); | ||
154 | return GNUNET_SYSERR; | ||
155 | } | ||
156 | if (GNUNET_SYSERR != | ||
157 | GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, | ||
158 | &purp, | ||
159 | &sig, | ||
160 | &dpub)) | ||
161 | { | ||
162 | fprintf (stderr, | ||
163 | "GNUNET_CRYPTO_eddsa_verify failed to fail!\n"); | ||
164 | return GNUNET_SYSERR; | ||
165 | } | ||
166 | return GNUNET_OK; | ||
167 | } | ||
168 | |||
169 | |||
103 | #if PERF | 170 | #if PERF |
104 | static int | 171 | static int |
105 | testSignPerformance () | 172 | testSignPerformance () |
@@ -217,6 +284,13 @@ main (int argc, char *argv[]) | |||
217 | "WARNING", | 284 | "WARNING", |
218 | NULL); | 285 | NULL); |
219 | GNUNET_CRYPTO_eddsa_key_create (&key); | 286 | GNUNET_CRYPTO_eddsa_key_create (&key); |
287 | if (GNUNET_OK != testDeriveSignVerify ()) | ||
288 | { | ||
289 | failure_count++; | ||
290 | fprintf (stderr, | ||
291 | "\n\n%d TESTS FAILED!\n\n", failure_count); | ||
292 | return -1; | ||
293 | } | ||
220 | #if PERF | 294 | #if PERF |
221 | if (GNUNET_OK != testSignPerformance ()) | 295 | if (GNUNET_OK != testSignPerformance ()) |
222 | failure_count++; | 296 | failure_count++; |