diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-08-11 15:36:42 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-08-11 15:36:42 +0000 |
commit | b64ef35e9e4d3f43b8840bacac60ac2a91ae03f1 (patch) | |
tree | d97273f6ef88c54622e15ea1d675b7d9f2ee93a5 /src | |
parent | a78e015dd4764c54c013729cf58c55dbaa8af626 (diff) | |
download | gnunet-b64ef35e9e4d3f43b8840bacac60ac2a91ae03f1.tar.gz gnunet-b64ef35e9e4d3f43b8840bacac60ac2a91ae03f1.zip |
-add extra context argument for key deriviation, so that fs and gads do not collide
Diffstat (limited to 'src')
-rw-r--r-- | src/fs/fs_publish_ublock.c | 2 | ||||
-rw-r--r-- | src/fs/fs_search.c | 2 | ||||
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 12 | ||||
-rw-r--r-- | src/util/crypto_ecc.c | 18 | ||||
-rw-r--r-- | src/util/test_crypto_ecc.c | 4 |
5 files changed, 28 insertions, 10 deletions
diff --git a/src/fs/fs_publish_ublock.c b/src/fs/fs_publish_ublock.c index 71997fda0..75446e8a8 100644 --- a/src/fs/fs_publish_ublock.c +++ b/src/fs/fs_publish_ublock.c | |||
@@ -242,7 +242,7 @@ GNUNET_FS_publish_ublock_ (struct GNUNET_FS_Handle *h, | |||
242 | ub_enc->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK); | 242 | ub_enc->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK); |
243 | 243 | ||
244 | /* derive signing-key from 'label' and public key of the namespace */ | 244 | /* derive signing-key from 'label' and public key of the namespace */ |
245 | nsd = GNUNET_CRYPTO_ecc_key_derive (ns, label); | 245 | nsd = GNUNET_CRYPTO_ecc_key_derive (ns, label, "fs-ublock"); |
246 | GNUNET_CRYPTO_ecc_key_get_public (nsd, | 246 | GNUNET_CRYPTO_ecc_key_get_public (nsd, |
247 | &ub_enc->verification_key); | 247 | &ub_enc->verification_key); |
248 | GNUNET_assert (GNUNET_OK == | 248 | GNUNET_assert (GNUNET_OK == |
diff --git a/src/fs/fs_search.c b/src/fs/fs_search.c index a0fec03a1..9bc254254 100644 --- a/src/fs/fs_search.c +++ b/src/fs/fs_search.c | |||
@@ -1104,6 +1104,7 @@ transmit_search_request (void *cls, size_t size, void *buf) | |||
1104 | memset (&sm->target, 0, sizeof (struct GNUNET_HashCode)); | 1104 | memset (&sm->target, 0, sizeof (struct GNUNET_HashCode)); |
1105 | GNUNET_CRYPTO_ecc_public_key_derive (&sc->uri->data.sks.ns, | 1105 | GNUNET_CRYPTO_ecc_public_key_derive (&sc->uri->data.sks.ns, |
1106 | sc->uri->data.sks.identifier, | 1106 | sc->uri->data.sks.identifier, |
1107 | "fs-ublock", | ||
1107 | &dpub); | 1108 | &dpub); |
1108 | GNUNET_CRYPTO_hash (&dpub, | 1109 | GNUNET_CRYPTO_hash (&dpub, |
1109 | sizeof (dpub), | 1110 | sizeof (dpub), |
@@ -1290,6 +1291,7 @@ GNUNET_FS_search_start_searching_ (struct GNUNET_FS_SearchContext *sc) | |||
1290 | sre->keyword = GNUNET_strdup (keyword); | 1291 | sre->keyword = GNUNET_strdup (keyword); |
1291 | GNUNET_CRYPTO_ecc_public_key_derive (&anon_pub, | 1292 | GNUNET_CRYPTO_ecc_public_key_derive (&anon_pub, |
1292 | keyword, | 1293 | keyword, |
1294 | "fs-ublock", | ||
1293 | &sre->dpub); | 1295 | &sre->dpub); |
1294 | GNUNET_CRYPTO_hash (&sre->dpub, | 1296 | GNUNET_CRYPTO_hash (&sre->dpub, |
1295 | sizeof (struct GNUNET_CRYPTO_EccPublicKey), | 1297 | sizeof (struct GNUNET_CRYPTO_EccPublicKey), |
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 1704fce07..96bbdc214 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -1,10 +1,10 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of GNUnet. | 2 | This file is part of GNUnet. |
3 | (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2012 Christian Grothoff (and other contributing authors) | 3 | (C) 2001-2013 Christian Grothoff (and other contributing authors) |
4 | 4 | ||
5 | GNUnet is free software; you can redistribute it and/or modify | 5 | GNUnet is free software; you can redistribute it and/or modify |
6 | it under the terms of the GNU General Public License as published | 6 | it under the terms of the GNU General Public License as published |
7 | by the Free Software Foundation; either version 2, or (at your | 7 | by the Free Software Foundation; either version 3, or (at your |
8 | option) any later version. | 8 | option) any later version. |
9 | 9 | ||
10 | GNUnet is distributed in the hope that it will be useful, but | 10 | GNUnet is distributed in the hope that it will be useful, but |
@@ -979,11 +979,14 @@ GNUNET_CRYPTO_ecc_verify (uint32_t purpose, | |||
979 | * | 979 | * |
980 | * @param priv original private key | 980 | * @param priv original private key |
981 | * @param label label to use for key deriviation | 981 | * @param label label to use for key deriviation |
982 | * @param context additional context to use for HKDF of 'h'; | ||
983 | * typically the name of the subsystem/application | ||
982 | * @return derived private key | 984 | * @return derived private key |
983 | */ | 985 | */ |
984 | struct GNUNET_CRYPTO_EccPrivateKey * | 986 | struct GNUNET_CRYPTO_EccPrivateKey * |
985 | GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, | 987 | GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, |
986 | const char *label); | 988 | const char *label, |
989 | const char *context); | ||
987 | 990 | ||
988 | 991 | ||
989 | /** | 992 | /** |
@@ -992,11 +995,14 @@ GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, | |||
992 | * | 995 | * |
993 | * @param pub original public key | 996 | * @param pub original public key |
994 | * @param label label to use for key deriviation | 997 | * @param label label to use for key deriviation |
998 | * @param context additional context to use for HKDF of 'h'. | ||
999 | * typically the name of the subsystem/application | ||
995 | * @param result where to write the derived public key | 1000 | * @param result where to write the derived public key |
996 | */ | 1001 | */ |
997 | void | 1002 | void |
998 | GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pub, | 1003 | GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pub, |
999 | const char *label, | 1004 | const char *label, |
1005 | const char *context, | ||
1000 | struct GNUNET_CRYPTO_EccPublicKey *result); | 1006 | struct GNUNET_CRYPTO_EccPublicKey *result); |
1001 | 1007 | ||
1002 | 1008 | ||
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 191892bce..4d949eaf8 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
@@ -926,11 +926,14 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *priv, | |||
926 | * | 926 | * |
927 | * @param pub public key for deriviation | 927 | * @param pub public key for deriviation |
928 | * @param label label for deriviation | 928 | * @param label label for deriviation |
929 | * @param context additional context to use for HKDF of 'h'; | ||
930 | * typically the name of the subsystem/application | ||
929 | * @return h value | 931 | * @return h value |
930 | */ | 932 | */ |
931 | static gcry_mpi_t | 933 | static gcry_mpi_t |
932 | derive_h (const struct GNUNET_CRYPTO_EccPublicKey *pub, | 934 | derive_h (const struct GNUNET_CRYPTO_EccPublicKey *pub, |
933 | const char *label) | 935 | const char *label, |
936 | const char *context) | ||
934 | { | 937 | { |
935 | gcry_mpi_t h; | 938 | gcry_mpi_t h; |
936 | struct GNUNET_HashCode hc; | 939 | struct GNUNET_HashCode hc; |
@@ -939,6 +942,7 @@ derive_h (const struct GNUNET_CRYPTO_EccPublicKey *pub, | |||
939 | "key-derivation", strlen ("key-derivation"), | 942 | "key-derivation", strlen ("key-derivation"), |
940 | pub, sizeof (*pub), | 943 | pub, sizeof (*pub), |
941 | label, strlen (label), | 944 | label, strlen (label), |
945 | context, strlen (context), | ||
942 | NULL, 0); | 946 | NULL, 0); |
943 | mpi_scan (&h, (unsigned char *) &hc, sizeof (hc)); | 947 | mpi_scan (&h, (unsigned char *) &hc, sizeof (hc)); |
944 | return h; | 948 | return h; |
@@ -953,11 +957,14 @@ derive_h (const struct GNUNET_CRYPTO_EccPublicKey *pub, | |||
953 | * | 957 | * |
954 | * @param priv original private key | 958 | * @param priv original private key |
955 | * @param label label to use for key deriviation | 959 | * @param label label to use for key deriviation |
960 | * @param context additional context to use for HKDF of 'h'; | ||
961 | * typically the name of the subsystem/application | ||
956 | * @return derived private key | 962 | * @return derived private key |
957 | */ | 963 | */ |
958 | struct GNUNET_CRYPTO_EccPrivateKey * | 964 | struct GNUNET_CRYPTO_EccPrivateKey * |
959 | GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, | 965 | GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, |
960 | const char *label) | 966 | const char *label, |
967 | const char *context) | ||
961 | { | 968 | { |
962 | struct GNUNET_CRYPTO_EccPublicKey pub; | 969 | struct GNUNET_CRYPTO_EccPublicKey pub; |
963 | struct GNUNET_CRYPTO_EccPrivateKey *ret; | 970 | struct GNUNET_CRYPTO_EccPrivateKey *ret; |
@@ -970,7 +977,7 @@ GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, | |||
970 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE)); | 977 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE)); |
971 | n = gcry_mpi_ec_get_mpi ("n", ctx, 0 /* no copy */); | 978 | n = gcry_mpi_ec_get_mpi ("n", ctx, 0 /* no copy */); |
972 | GNUNET_CRYPTO_ecc_key_get_public (priv, &pub); | 979 | GNUNET_CRYPTO_ecc_key_get_public (priv, &pub); |
973 | h = derive_h (&pub, label); | 980 | h = derive_h (&pub, label, context); |
974 | mpi_scan (&x, priv->d, sizeof (priv->d)); | 981 | mpi_scan (&x, priv->d, sizeof (priv->d)); |
975 | d = gcry_mpi_new (256); | 982 | d = gcry_mpi_new (256); |
976 | gcry_mpi_mulm (d, h, x, n); | 983 | gcry_mpi_mulm (d, h, x, n); |
@@ -989,11 +996,14 @@ GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, | |||
989 | * | 996 | * |
990 | * @param pub original public key | 997 | * @param pub original public key |
991 | * @param label label to use for key deriviation | 998 | * @param label label to use for key deriviation |
999 | * @param context additional context to use for HKDF of 'h'; | ||
1000 | * typically the name of the subsystem/application | ||
992 | * @param result where to write the derived public key | 1001 | * @param result where to write the derived public key |
993 | */ | 1002 | */ |
994 | void | 1003 | void |
995 | GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pub, | 1004 | GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pub, |
996 | const char *label, | 1005 | const char *label, |
1006 | const char *context, | ||
997 | struct GNUNET_CRYPTO_EccPublicKey *result) | 1007 | struct GNUNET_CRYPTO_EccPublicKey *result) |
998 | { | 1008 | { |
999 | gcry_ctx_t ctx; | 1009 | gcry_ctx_t ctx; |
@@ -1017,7 +1027,7 @@ GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pu | |||
1017 | gcry_mpi_release (q_y); | 1027 | gcry_mpi_release (q_y); |
1018 | 1028 | ||
1019 | /* calulcate h_mod_n = h % n */ | 1029 | /* calulcate h_mod_n = h % n */ |
1020 | h = derive_h (pub, label); | 1030 | h = derive_h (pub, label, context); |
1021 | n = gcry_mpi_ec_get_mpi ("n", ctx, 0 /* no copy */); | 1031 | n = gcry_mpi_ec_get_mpi ("n", ctx, 0 /* no copy */); |
1022 | h_mod_n = gcry_mpi_new (256); | 1032 | h_mod_n = gcry_mpi_new (256); |
1023 | gcry_mpi_mod (h_mod_n, h, n); | 1033 | gcry_mpi_mod (h_mod_n, h, n); |
diff --git a/src/util/test_crypto_ecc.c b/src/util/test_crypto_ecc.c index 891256b11..00d264e0f 100644 --- a/src/util/test_crypto_ecc.c +++ b/src/util/test_crypto_ecc.c | |||
@@ -95,9 +95,9 @@ testDeriveSignVerify () | |||
95 | struct GNUNET_CRYPTO_EccPublicKey pkey; | 95 | struct GNUNET_CRYPTO_EccPublicKey pkey; |
96 | struct GNUNET_CRYPTO_EccPublicKey dpub; | 96 | struct GNUNET_CRYPTO_EccPublicKey dpub; |
97 | 97 | ||
98 | dpriv = GNUNET_CRYPTO_ecc_key_derive (key, "test-derive"); | 98 | dpriv = GNUNET_CRYPTO_ecc_key_derive (key, "test-derive", "test-CTX"); |
99 | GNUNET_CRYPTO_ecc_key_get_public (key, &pkey); | 99 | GNUNET_CRYPTO_ecc_key_get_public (key, &pkey); |
100 | GNUNET_CRYPTO_ecc_public_key_derive (&pkey, "test-derive", &dpub); | 100 | GNUNET_CRYPTO_ecc_public_key_derive (&pkey, "test-derive", "test-CTX", &dpub); |
101 | purp.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); | 101 | purp.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); |
102 | purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); | 102 | purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); |
103 | 103 | ||