diff options
-rw-r--r-- | src/util/Makefile.am | 2 | ||||
-rw-r--r-- | src/util/configuration.c | 7 | ||||
-rw-r--r-- | src/util/crypto_ecc.c | 35 | ||||
-rw-r--r-- | src/util/crypto_mpi.c | 19 | ||||
-rw-r--r-- | src/util/strings.c | 2 | ||||
-rw-r--r-- | src/util/test_crypto_ecdh_ecdsa.c (renamed from src/util/test_crypto_ecdh_eddsa.c) | 103 |
6 files changed, 128 insertions, 40 deletions
diff --git a/src/util/Makefile.am b/src/util/Makefile.am index 9bb644d84..f5bccf218 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am | |||
@@ -227,7 +227,7 @@ check_PROGRAMS = \ | |||
227 | test_crypto_ecdsa \ | 227 | test_crypto_ecdsa \ |
228 | test_crypto_eddsa \ | 228 | test_crypto_eddsa \ |
229 | test_crypto_ecdhe \ | 229 | test_crypto_ecdhe \ |
230 | test_crypto_ecdh_eddsa \ | 230 | test_crypto_ecdh_ecdsa \ |
231 | test_crypto_hash \ | 231 | test_crypto_hash \ |
232 | test_crypto_hash_context \ | 232 | test_crypto_hash_context \ |
233 | test_crypto_hkdf \ | 233 | test_crypto_hkdf \ |
diff --git a/src/util/configuration.c b/src/util/configuration.c index d552a7f4d..24b38f933 100644 --- a/src/util/configuration.c +++ b/src/util/configuration.c | |||
@@ -572,10 +572,9 @@ GNUNET_CONFIGURATION_iterate_section_values (const struct | |||
572 | * @param iter_cls closure for @a iter | 572 | * @param iter_cls closure for @a iter |
573 | */ | 573 | */ |
574 | void | 574 | void |
575 | GNUNET_CONFIGURATION_iterate_sections (const struct GNUNET_CONFIGURATION_Handle | 575 | GNUNET_CONFIGURATION_iterate_sections (const struct GNUNET_CONFIGURATION_Handle *cfg, |
576 | *cfg, | 576 | GNUNET_CONFIGURATION_Section_Iterator iter, |
577 | GNUNET_CONFIGURATION_Section_Iterator | 577 | void *iter_cls) |
578 | iter, void *iter_cls) | ||
579 | { | 578 | { |
580 | struct ConfigSection *spos; | 579 | struct ConfigSection *spos; |
581 | struct ConfigSection *next; | 580 | struct ConfigSection *next; |
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index c11739b27..25393cbf6 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
@@ -61,7 +61,9 @@ | |||
61 | * @return 0 on success | 61 | * @return 0 on success |
62 | */ | 62 | */ |
63 | static int | 63 | static int |
64 | key_from_sexp (gcry_mpi_t * array, gcry_sexp_t sexp, const char *topname, | 64 | key_from_sexp (gcry_mpi_t * array, |
65 | gcry_sexp_t sexp, | ||
66 | const char *topname, | ||
65 | const char *elems) | 67 | const char *elems) |
66 | { | 68 | { |
67 | gcry_sexp_t list; | 69 | gcry_sexp_t list; |
@@ -229,7 +231,7 @@ GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey * | |||
229 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL)); | 231 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL)); |
230 | gcry_sexp_release (sexp); | 232 | gcry_sexp_release (sexp); |
231 | q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); | 233 | q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); |
232 | GNUNET_assert (q); | 234 | GNUNET_assert (NULL != q); |
233 | GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof (pub->q_y), q); | 235 | GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof (pub->q_y), q); |
234 | gcry_mpi_release (q); | 236 | gcry_mpi_release (q); |
235 | gcry_ctx_release (ctx); | 237 | gcry_ctx_release (ctx); |
@@ -1313,7 +1315,7 @@ GNUNET_CRYPTO_eddsa_verify (uint32_t purpose, | |||
1313 | } | 1315 | } |
1314 | data = data_to_eddsa_value (validate); | 1316 | data = data_to_eddsa_value (validate); |
1315 | if (0 != (rc = gcry_sexp_build (&pub_sexpr, NULL, | 1317 | if (0 != (rc = gcry_sexp_build (&pub_sexpr, NULL, |
1316 | "(public-key(ecc(curve " CURVE ")(q %b)))", | 1318 | "(public-key(ecc(curve " CURVE ")(flags eddsa)(q %b)))", |
1317 | (int)sizeof (pub->q_y), pub->q_y))) | 1319 | (int)sizeof (pub->q_y), pub->q_y))) |
1318 | { | 1320 | { |
1319 | gcry_sexp_release (data); | 1321 | gcry_sexp_release (data); |
@@ -1506,7 +1508,7 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey | |||
1506 | compressed thus we first store it in the context and then get it | 1508 | compressed thus we first store it in the context and then get it |
1507 | back as a (decompresssed) point. */ | 1509 | back as a (decompresssed) point. */ |
1508 | q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8*sizeof (pub->q_y)); | 1510 | q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8*sizeof (pub->q_y)); |
1509 | GNUNET_assert (q_y); | 1511 | GNUNET_assert (NULL != q_y); |
1510 | GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx)); | 1512 | GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx)); |
1511 | gcry_mpi_release (q_y); | 1513 | gcry_mpi_release (q_y); |
1512 | q = gcry_mpi_ec_get_point ("q", ctx, 0); | 1514 | q = gcry_mpi_ec_get_point ("q", ctx, 0); |
@@ -1530,10 +1532,33 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey | |||
1530 | gcry_mpi_point_release (v); | 1532 | gcry_mpi_point_release (v); |
1531 | q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); | 1533 | q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); |
1532 | GNUNET_assert (q_y); | 1534 | GNUNET_assert (q_y); |
1533 | GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof result->q_y, q_y); | 1535 | GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, |
1536 | sizeof (result->q_y), | ||
1537 | q_y); | ||
1534 | gcry_mpi_release (q_y); | 1538 | gcry_mpi_release (q_y); |
1535 | gcry_ctx_release (ctx); | 1539 | gcry_ctx_release (ctx); |
1536 | } | 1540 | } |
1537 | 1541 | ||
1538 | 1542 | ||
1543 | /** | ||
1544 | * @ingroup crypto | ||
1545 | * Convert ECDSA public key to ECDHE public key. | ||
1546 | * Please be very careful when using this function, as mixing | ||
1547 | * cryptographic primitives is not always healthy. | ||
1548 | * | ||
1549 | * @param ecdsa ecdsa public key | ||
1550 | * @param ecdhe[OUT] ecdhe public key | ||
1551 | */ | ||
1552 | void | ||
1553 | GNUNET_CRYPTO_ecdsa_public_to_ecdhe (const struct GNUNET_CRYPTO_EcdsaPublicKey *ecdsa, | ||
1554 | struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe) | ||
1555 | { | ||
1556 | GNUNET_assert (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) == | ||
1557 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); | ||
1558 | memcpy (ecdhe, | ||
1559 | ecdsa, | ||
1560 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
1561 | } | ||
1562 | |||
1563 | |||
1539 | /* end of crypto_ecc.c */ | 1564 | /* end of crypto_ecc.c */ |
diff --git a/src/util/crypto_mpi.c b/src/util/crypto_mpi.c index 65896584d..806a35da8 100644 --- a/src/util/crypto_mpi.c +++ b/src/util/crypto_mpi.c | |||
@@ -77,6 +77,7 @@ GNUNET_CRYPTO_mpi_print_unsigned (void *buf, | |||
77 | gcry_mpi_t val) | 77 | gcry_mpi_t val) |
78 | { | 78 | { |
79 | size_t rsize; | 79 | size_t rsize; |
80 | int rc; | ||
80 | 81 | ||
81 | if (gcry_mpi_get_flag (val, GCRYMPI_FLAG_OPAQUE)) | 82 | if (gcry_mpi_get_flag (val, GCRYMPI_FLAG_OPAQUE)) |
82 | { | 83 | { |
@@ -98,9 +99,17 @@ GNUNET_CRYPTO_mpi_print_unsigned (void *buf, | |||
98 | /* Store regular MPIs as unsigned integers right aligned into | 99 | /* Store regular MPIs as unsigned integers right aligned into |
99 | the buffer. */ | 100 | the buffer. */ |
100 | rsize = size; | 101 | rsize = size; |
101 | GNUNET_assert (0 == | 102 | if (0 != |
102 | gcry_mpi_print (GCRYMPI_FMT_USG, buf, rsize, &rsize, | 103 | (rc = gcry_mpi_print (GCRYMPI_FMT_USG, |
103 | val)); | 104 | buf, |
105 | rsize, &rsize, | ||
106 | val))) | ||
107 | { | ||
108 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, | ||
109 | "gcry_mpi_print", | ||
110 | rc); | ||
111 | GNUNET_assert (0); | ||
112 | } | ||
104 | adjust (buf, rsize, size); | 113 | adjust (buf, rsize, size); |
105 | } | 114 | } |
106 | } | 115 | } |
@@ -126,7 +135,9 @@ GNUNET_CRYPTO_mpi_scan_unsigned (gcry_mpi_t *result, | |||
126 | GCRYMPI_FMT_USG, | 135 | GCRYMPI_FMT_USG, |
127 | data, size, &size))) | 136 | data, size, &size))) |
128 | { | 137 | { |
129 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 138 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, |
139 | "gcry_mpi_scan", | ||
140 | rc); | ||
130 | GNUNET_assert (0); | 141 | GNUNET_assert (0); |
131 | } | 142 | } |
132 | } | 143 | } |
diff --git a/src/util/strings.c b/src/util/strings.c index 849d9e843..379f3f5a3 100644 --- a/src/util/strings.c +++ b/src/util/strings.c | |||
@@ -895,7 +895,7 @@ GNUNET_STRINGS_data_to_string (const void *data, | |||
895 | out[wpos++] = encTable__[(bits >> (vbit - 5)) & 31]; | 895 | out[wpos++] = encTable__[(bits >> (vbit - 5)) & 31]; |
896 | vbit -= 5; | 896 | vbit -= 5; |
897 | } | 897 | } |
898 | GNUNET_assert (vbit == 0); | 898 | GNUNET_assert (0 == vbit); |
899 | if (wpos < out_size) | 899 | if (wpos < out_size) |
900 | out[wpos] = '\0'; | 900 | out[wpos] = '\0'; |
901 | return &out[wpos]; | 901 | return &out[wpos]; |
diff --git a/src/util/test_crypto_ecdh_eddsa.c b/src/util/test_crypto_ecdh_ecdsa.c index d8fee849e..8eb2055ae 100644 --- a/src/util/test_crypto_ecdh_eddsa.c +++ b/src/util/test_crypto_ecdh_ecdsa.c | |||
@@ -21,52 +21,83 @@ | |||
21 | /** | 21 | /** |
22 | * @file util/test_crypto_ecdh_ecdsa.c | 22 | * @file util/test_crypto_ecdh_ecdsa.c |
23 | * @brief testcase for ECC DH key exchange with EdDSA private keys. | 23 | * @brief testcase for ECC DH key exchange with EdDSA private keys. |
24 | * @author Christian Grothoff, Bart Polot | 24 | * @author Christian Grothoff |
25 | * @author Bart Polot | ||
25 | */ | 26 | */ |
26 | #include "platform.h" | 27 | #include "platform.h" |
27 | #include "gnunet_util_lib.h" | 28 | #include "gnunet_util_lib.h" |
28 | #include <gcrypt.h> | 29 | #include <gcrypt.h> |
29 | 30 | ||
30 | 31 | ||
31 | int | 32 | static int |
32 | main (int argc, char *argv[]) | 33 | test_pk() |
33 | { | 34 | { |
34 | struct GNUNET_CRYPTO_EddsaPrivateKey *priv_dsa1; | 35 | struct GNUNET_CRYPTO_EcdsaPrivateKey *priv1; |
35 | struct GNUNET_CRYPTO_EddsaPrivateKey *priv_dsa2; | 36 | struct GNUNET_CRYPTO_EcdhePrivateKey priv2; |
36 | struct GNUNET_CRYPTO_EddsaPublicKey id1; | 37 | struct GNUNET_CRYPTO_EcdsaPublicKey pub1; |
37 | struct GNUNET_CRYPTO_EddsaPublicKey id2; | ||
38 | |||
39 | struct GNUNET_CRYPTO_EcdhePrivateKey *priv1; | ||
40 | struct GNUNET_CRYPTO_EcdhePrivateKey *priv2; | ||
41 | struct GNUNET_CRYPTO_EcdhePublicKey pub2; | 38 | struct GNUNET_CRYPTO_EcdhePublicKey pub2; |
42 | struct GNUNET_HashCode dh[3]; | 39 | struct GNUNET_CRYPTO_EcdhePublicKey pub1c; |
43 | 40 | ||
44 | if (! gcry_check_version ("1.6.0")) | 41 | /* Generate, cast keys */ |
42 | priv1 = GNUNET_CRYPTO_ecdsa_key_create (); | ||
43 | memcpy (&priv2, | ||
44 | priv1, | ||
45 | sizeof (priv2)); | ||
46 | |||
47 | /* Extract public keys */ | ||
48 | GNUNET_CRYPTO_ecdsa_key_get_public (priv1, &pub1); | ||
49 | GNUNET_CRYPTO_ecdhe_key_get_public (&priv2, &pub2); | ||
50 | |||
51 | GNUNET_CRYPTO_ecdsa_public_to_ecdhe (&pub1, &pub1c); | ||
52 | if (0 == memcmp (&pub1c, | ||
53 | &pub2, | ||
54 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey))) | ||
45 | { | 55 | { |
46 | FPRINTF (stderr, | 56 | GNUNET_free (priv1); |
47 | _ | ||
48 | ("libgcrypt has not the expected version (version %s is required).\n"), | ||
49 | "1.6.0"); | ||
50 | return 0; | 57 | return 0; |
51 | } | 58 | } |
52 | if (getenv ("GNUNET_GCRYPT_DEBUG")) | 59 | GNUNET_free (priv1); |
53 | gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); | 60 | return 1; |
54 | GNUNET_log_setup ("test-crypto-ecdh-eddsa", "WARNING", NULL); | 61 | } |
62 | |||
63 | |||
64 | static int | ||
65 | test_ecdh() | ||
66 | { | ||
67 | struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_dsa1; | ||
68 | struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_dsa2; | ||
69 | struct GNUNET_CRYPTO_EcdsaPublicKey id1; | ||
70 | struct GNUNET_CRYPTO_EcdsaPublicKey id2; | ||
71 | struct GNUNET_CRYPTO_EcdhePublicKey id1c; | ||
72 | struct GNUNET_CRYPTO_EcdhePublicKey id2c; | ||
73 | |||
74 | struct GNUNET_CRYPTO_EcdhePrivateKey *priv1; | ||
75 | struct GNUNET_CRYPTO_EcdhePrivateKey *priv2; | ||
76 | struct GNUNET_CRYPTO_EcdhePublicKey pub2; | ||
77 | struct GNUNET_HashCode dh[3]; | ||
55 | 78 | ||
56 | /* Generate, cast keys */ | 79 | /* Generate, cast keys */ |
57 | priv_dsa1 = GNUNET_CRYPTO_eddsa_key_create (); | 80 | priv_dsa1 = GNUNET_CRYPTO_ecdsa_key_create (); |
58 | priv_dsa2 = GNUNET_CRYPTO_eddsa_key_create (); | 81 | priv_dsa2 = GNUNET_CRYPTO_ecdsa_key_create (); |
59 | priv1 = (struct GNUNET_CRYPTO_EcdhePrivateKey *) priv_dsa1; | 82 | priv1 = (struct GNUNET_CRYPTO_EcdhePrivateKey *) priv_dsa1; |
60 | priv2 = (struct GNUNET_CRYPTO_EcdhePrivateKey *) priv_dsa2; | 83 | priv2 = (struct GNUNET_CRYPTO_EcdhePrivateKey *) priv_dsa2; |
61 | 84 | ||
62 | /* Extract public keys */ | 85 | /* Extract public keys */ |
63 | GNUNET_CRYPTO_eddsa_key_get_public (priv_dsa1, &id1); | 86 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_dsa1, &id1); |
64 | GNUNET_CRYPTO_eddsa_key_get_public (priv_dsa2, &id2); | 87 | GNUNET_CRYPTO_ecdsa_key_get_public (priv_dsa2, &id2); |
65 | GNUNET_CRYPTO_ecdhe_key_get_public (priv2, &pub2); | 88 | GNUNET_CRYPTO_ecdhe_key_get_public (priv2, &pub2); |
66 | 89 | ||
67 | /* Do ECDH */ | 90 | /* Do ECDH */ |
68 | GNUNET_CRYPTO_ecc_ecdh (priv1, (struct GNUNET_CRYPTO_EcdhePublicKey *)&id2, &dh[0]); | 91 | GNUNET_CRYPTO_ecdsa_public_to_ecdhe (&id2, |
69 | GNUNET_CRYPTO_ecc_ecdh (priv2, (struct GNUNET_CRYPTO_EcdhePublicKey *)&id1, &dh[1]); | 92 | &id2c); |
93 | GNUNET_CRYPTO_ecdsa_public_to_ecdhe (&id1, | ||
94 | &id1c); | ||
95 | GNUNET_CRYPTO_ecc_ecdh (priv1, | ||
96 | &id2c, | ||
97 | &dh[0]); | ||
98 | GNUNET_CRYPTO_ecc_ecdh (priv2, | ||
99 | &id1c, | ||
100 | &dh[1]); | ||
70 | GNUNET_CRYPTO_ecc_ecdh (priv1, &pub2, &dh[2]); | 101 | GNUNET_CRYPTO_ecc_ecdh (priv1, &pub2, &dh[2]); |
71 | 102 | ||
72 | /* Check that both DH results are equal. */ | 103 | /* Check that both DH results are equal. */ |
@@ -85,4 +116,26 @@ main (int argc, char *argv[]) | |||
85 | return 0; | 116 | return 0; |
86 | } | 117 | } |
87 | 118 | ||
119 | |||
120 | int | ||
121 | main (int argc, char *argv[]) | ||
122 | { | ||
123 | if (! gcry_check_version ("1.6.0")) | ||
124 | { | ||
125 | FPRINTF (stderr, | ||
126 | _("libgcrypt has not the expected version (version %s is required).\n"), | ||
127 | "1.6.0"); | ||
128 | return 0; | ||
129 | } | ||
130 | if (getenv ("GNUNET_GCRYPT_DEBUG")) | ||
131 | gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); | ||
132 | GNUNET_log_setup ("test-crypto-ecdh-ecdsa", "WARNING", NULL); | ||
133 | if (0 != test_pk()) | ||
134 | return 1; | ||
135 | if (0 != test_ecdh()) | ||
136 | return 1; | ||
137 | return 0; | ||
138 | } | ||
139 | |||
140 | |||
88 | /* end of test_crypto_ecdh_ecdsa.c */ | 141 | /* end of test_crypto_ecdh_ecdsa.c */ |