11 files changed, 85 insertions, 35 deletions

diff --git a/src/dht/gnunet-service-dht_neighbours.c b/src/dht/gnunet-service-dht_neighbours.c
index c251dfa12..fce69d3f6 100644
--- a/src/dht/gnunet-service-dht_neighbours.c
+++ b/src/dht/gnunet-service-dht_neighbours.c
@@ -927,8 +927,8 @@ get_distance (const struct GNUNET_HashCode *target,
        (i < sizeof(struct GNUNET_HashCode) * 8) && (i < bucket + 1 + 32 - 9);
        i++)
   {
-    if (GNUNET_CRYPTO_hash_get_bit (target, i) !=
-        GNUNET_CRYPTO_hash_get_bit (have, i))
+    if (GNUNET_CRYPTO_hash_get_bit_rtl (target, i) !=
+        GNUNET_CRYPTO_hash_get_bit_rtl (have, i))
       lsb |= (1 << (bucket + 32 - 9 - i));      /* first bit set will be 10,
                                                  * last bit set will be 31 -- if
                                                  * i does not reach 512 first... */
diff --git a/src/gnsrecord/gnunet-gnsrecord-tvg.c b/src/gnsrecord/gnunet-gnsrecord-tvg.c
index cf815d629..862bd6f86 100644
--- a/src/gnsrecord/gnunet-gnsrecord-tvg.c
+++ b/src/gnsrecord/gnunet-gnsrecord-tvg.c
@@ -47,7 +47,7 @@ print_record(const struct GNUNET_GNSRECORD_Data *rd)
     fprintf (stdout,
            "EXPIRATION: %"PRIu64"\n", rd->expiration_time);
   fprintf (stdout,
-           "DATA_SIZE: %"PRIu64"\n", rd->data_size);
+           "DATA_SIZE: %zu\n", rd->data_size);
   fprintf (stdout,
            "TYPE: %d\n", rd->record_type);
   fprintf (stdout,
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index a5a50e749..e880bd887 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -874,12 +874,25 @@ GNUNET_CRYPTO_hash_to_aes_key (
  * Obtain a bit from a hashcode.
  *
  * @param code the `struct GNUNET_HashCode` to index bit-wise
- * @param bit index into the hashcode, [0...159]
+ * @param bit index into the hashcode, [0...159] where 0 is the leftmost bit
+ *        (bytes in code interpreted big endian)
  * @return Bit \a bit from hashcode \a code, -1 for invalid index
  */
 int
-GNUNET_CRYPTO_hash_get_bit (const struct GNUNET_HashCode *code,
-                            unsigned int bit);
+GNUNET_CRYPTO_hash_get_bit_ltr (const struct GNUNET_HashCode *code,
+                                unsigned int bit);
+
+
+/**
+ * Obtain a bit from a hashcode.
+ * @param code the GNUNET_CRYPTO_hash to index bit-wise
+ * @param bit index into the hashcode, [0...511] where 0 is the rightmost bit
+ *        (bytes in code interpreted little endian)
+ * @return Bit \a bit from hashcode \a code, -1 for invalid index
+ */
+int
+GNUNET_CRYPTO_hash_get_bit_rtl (const struct GNUNET_HashCode *code,
+                                unsigned int bit);
 
 
 /**
diff --git a/src/nse/gnunet-service-nse.c b/src/nse/gnunet-service-nse.c
index 411f533a5..461d55a7f 100644
--- a/src/nse/gnunet-service-nse.c
+++ b/src/nse/gnunet-service-nse.c
@@ -780,7 +780,7 @@ count_leading_zeroes (const struct GNUNET_HashCode *hash)
   unsigned int hash_count;
 
   hash_count = 0;
-  while (0 == GNUNET_CRYPTO_hash_get_bit (hash, hash_count))
+  while (0 == GNUNET_CRYPTO_hash_get_bit_ltr (hash, hash_count))
     hash_count++;
   return hash_count;
 }
diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c
index 3789e6799..33c67d005 100644
--- a/src/revocation/revocation_api.c
+++ b/src/revocation/revocation_api.c
@@ -395,7 +395,7 @@ count_leading_zeroes (const struct GNUNET_HashCode *hash)
 {
   unsigned int hash_count;
   hash_count = 0;
-  while ((0 == GNUNET_CRYPTO_hash_get_bit (hash, hash_count)))
+  while ((0 == GNUNET_CRYPTO_hash_get_bit_ltr (hash, hash_count)))
     hash_count++;
   return hash_count;
 }
@@ -435,7 +435,6 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
            + sizeof (struct GNUNET_TIME_AbsoluteNBO)
            + sizeof (uint64_t)] GNUNET_ALIGN;
   struct GNUNET_REVOCATION_SignaturePurposePS spurp;
-  struct GNUNET_CRYPTO_HashAsciiEncoded h_str;
   struct GNUNET_HashCode result;
   struct GNUNET_TIME_Absolute ts;
   struct GNUNET_TIME_Absolute exp;
@@ -493,11 +492,6 @@ GNUNET_REVOCATION_check_pow (const struct GNUNET_REVOCATION_PowP *pow,
                 "Score %u with %" PRIu64 " (#%u)\n",
                 tmp_score, pow_val, i);
 
-    GNUNET_CRYPTO_hash_to_enc (&result,
-                               &h_str);
-    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                "Hash: %s\n", (char*)&h_str);
-
     score += tmp_score;
 
   }
@@ -583,9 +577,14 @@ GNUNET_REVOCATION_pow_start (struct GNUNET_REVOCATION_PowP *pow,
                              unsigned int difficulty)
 {
   struct GNUNET_REVOCATION_PowCalculationHandle *pc;
+  struct GNUNET_TIME_Relative ttl;
+
 
   pc = GNUNET_new (struct GNUNET_REVOCATION_PowCalculationHandle);
   pc->pow = pow;
+  ttl = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_YEARS,
+                                       epochs);
+  pc->pow->ttl = GNUNET_TIME_relative_hton (ttl);
   pc->current_pow = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK,
                                               UINT64_MAX);
   pc->difficulty = difficulty;
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 96d546185..e1608ae55 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -544,10 +544,18 @@ void
 GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
 {
   BENCHMARK_START (eddsa_key_create);
+  /*
+   * We do not clamp for EdDSA, since all functions that use the private key do
+   * their own clamping (just like in libsodium).  What we call "private key"
+   * here, actually corresponds to the seed in libsodium.
+   *
+   * (Contrast this to ECDSA, where functions using the private key can't clamp
+   * due to properties needed for GNS.  That is a worse/unsafer API, but
+   * required for the GNS constructions to work.)
+   */
   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
                               pk,
                               sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
-  // FIXME: should we not do the clamping here? Or is this done elsewhere?
   BENCHMARK_END (eddsa_key_create);
 }
 
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c
index c41c419ff..622953476 100644
--- a/src/util/crypto_hash.c
+++ b/src/util/crypto_hash.c
@@ -244,18 +244,35 @@ GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode *hc,
 /**
  * Obtain a bit from a hashcode.
  * @param code the GNUNET_CRYPTO_hash to index bit-wise
- * @param bit index into the hashcode, [0...511]
+ * @param bit index into the hashcode, [0...511] where 0 is the leftmost bit
+ *        (bytes in code interpreted big endian)
  * @return Bit \a bit from hashcode \a code, -1 for invalid index
  */
 int
-GNUNET_CRYPTO_hash_get_bit (const struct GNUNET_HashCode *code, unsigned int
-                            bit)
+GNUNET_CRYPTO_hash_get_bit_ltr (const struct GNUNET_HashCode *code,
+                            unsigned int bit)
+{
+  GNUNET_assert (bit < 8 * sizeof(struct GNUNET_HashCode));
+  return (((unsigned char *) code)[bit >> 3] & (128 >> (bit & 7))) > 0;
+}
+
+/**
+ * Obtain a bit from a hashcode.
+ * @param code the GNUNET_CRYPTO_hash to index bit-wise
+ * @param bit index into the hashcode, [0...511] where 0 is the rightmost bit
+ *        (bytes in code interpreted little endian)
+ * @return Bit \a bit from hashcode \a code, -1 for invalid index
+ */
+int
+GNUNET_CRYPTO_hash_get_bit_rtl (const struct GNUNET_HashCode *code,
+                                unsigned int bit)
 {
   GNUNET_assert (bit < 8 * sizeof(struct GNUNET_HashCode));
   return (((unsigned char *) code)[bit >> 3] & (1 << (bit & 7))) > 0;
 }
 
 
+
 /**
  * Determine how many low order bits match in two
  * `struct GNUNET_HashCode`s.  i.e. - 010011 and 011111 share
@@ -275,8 +292,8 @@ GNUNET_CRYPTO_hash_matching_bits (const struct GNUNET_HashCode *first,
   unsigned int i;
 
   for (i = 0; i < sizeof(struct GNUNET_HashCode) * 8; i++)
-    if (GNUNET_CRYPTO_hash_get_bit (first, i) !=
-        GNUNET_CRYPTO_hash_get_bit (second, i))
+    if (GNUNET_CRYPTO_hash_get_bit_rtl (first, i) !=
+        GNUNET_CRYPTO_hash_get_bit_rtl (second, i))
       return i;
   return sizeof(struct GNUNET_HashCode) * 8;
 }
diff --git a/src/util/crypto_pow.c b/src/util/crypto_pow.c
index 35511a130..6176afc33 100644
--- a/src/util/crypto_pow.c
+++ b/src/util/crypto_pow.c
@@ -43,17 +43,16 @@ GNUNET_CRYPTO_pow_hash (const char *salt,
                         size_t buf_len,
                         struct GNUNET_HashCode *result)
 {
-  GNUNET_break (ARGON2_OK == argon2d_hash_raw (3, /* iterations */
-                                               1024, /* memory (1 MiB) */
-                                               1, /* threads */
-                                               buf,
-                                               buf_len,
-                                               salt,
-                                               strlen (salt),
-                                               result,
-                                               sizeof (struct
-                                                       GNUNET_HashCode)));
-
+  GNUNET_break (ARGON2_OK ==
+                argon2id_hash_raw (3, /* iterations */
+                                   1024,              /* memory (1 MiB) */
+                                   1,              /* threads */
+                                   buf,
+                                   buf_len,
+                                   salt,
+                                   strlen (salt),
+                                   result,
+                                   sizeof (struct GNUNET_HashCode)));
 }
 
 
diff --git a/src/util/gnunet-scrypt.c b/src/util/gnunet-scrypt.c
index 70ba48d82..9bb766595 100644
--- a/src/util/gnunet-scrypt.c
+++ b/src/util/gnunet-scrypt.c
@@ -79,7 +79,7 @@ count_leading_zeroes (const struct GNUNET_HashCode *hash)
   unsigned int hash_count;
 
   hash_count = 0;
-  while (0 == GNUNET_CRYPTO_hash_get_bit (hash, hash_count))
+  while (0 == GNUNET_CRYPTO_hash_get_bit_ltr (hash, hash_count))
     hash_count++;
   return hash_count;
 }
diff --git a/src/util/test_crypto_ecdsa.c b/src/util/test_crypto_ecdsa.c
index cfa236d6d..7908590a8 100644
--- a/src/util/test_crypto_ecdsa.c
+++ b/src/util/test_crypto_ecdsa.c
@@ -107,6 +107,7 @@ testDeriveSignVerify (void)
   struct GNUNET_CRYPTO_EcdsaPrivateKey *dpriv;
   struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
   struct GNUNET_CRYPTO_EcdsaPublicKey dpub;
+  struct GNUNET_CRYPTO_EcdsaPublicKey dpub2;
 
   dpriv = GNUNET_CRYPTO_ecdsa_private_key_derive (&key,
                                                   "test-derive",
@@ -117,9 +118,17 @@ testDeriveSignVerify (void)
                                          "test-derive",
                                          "test-CTX",
                                          &dpub);
+  GNUNET_CRYPTO_ecdsa_key_get_public (dpriv, &dpub2);
   purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose));
   purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
 
+  if (0 != GNUNET_memcmp (&dpub.q_y, &dpub2.q_y))
+  {
+    fprintf (stderr, "%s", "key derivation failed\n");
+    GNUNET_free (dpriv);
+    return GNUNET_SYSERR;
+  }
+
   if (GNUNET_SYSERR ==
       GNUNET_CRYPTO_ecdsa_sign_ (dpriv,
                                  &purp,
diff --git a/src/util/test_crypto_hash.c b/src/util/test_crypto_hash.c
index 12e1324dd..d22e1f5d3 100644
--- a/src/util/test_crypto_hash.c
+++ b/src/util/test_crypto_hash.c
@@ -91,10 +91,15 @@ testArithmetic ()
     return 1;
   if (1 != GNUNET_CRYPTO_hash_xorcmp (&h1, &h2, &h2))
     return 1;
-  memset (&d, 0xF0, sizeof(d));
-  if (0 != GNUNET_CRYPTO_hash_get_bit (&d, 3))
+  memset (&d, 0x40, sizeof(d));
+  if (0 != GNUNET_CRYPTO_hash_get_bit_rtl (&d, 3))
     return 1;
-  if (1 != GNUNET_CRYPTO_hash_get_bit (&d, 6))
+  if (1 != GNUNET_CRYPTO_hash_get_bit_rtl (&d, 6))
+    return 1;
+  memset (&d, 0x02, sizeof(d));
+  if (0 != GNUNET_CRYPTO_hash_get_bit_ltr (&d, 3))
+    return 1;
+  if (1 != GNUNET_CRYPTO_hash_get_bit_ltr (&d, 6))
     return 1;
   memset (&d, 0, sizeof(d));
   GNUNET_CRYPTO_hash_to_aes_key (&d, &skey, &iv);