aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/include/gnunet_crypto_lib.h53
-rw-r--r--src/util/crypto_cs.c164
-rw-r--r--src/util/gnunet-crypto-tvg.c24
-rw-r--r--src/util/test_crypto_cs.c2
4 files changed, 83 insertions, 160 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 1ab135d80..c2176f3f2 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -2551,9 +2551,9 @@ GNUNET_CRYPTO_cs_private_key_generate (struct GNUNET_CRYPTO_CsPrivateKey *priv);
2551 * @param[out] pub where to write the public key 2551 * @param[out] pub where to write the public key
2552 */ 2552 */
2553void 2553void
2554GNUNET_CRYPTO_cs_private_key_get_public (const struct 2554GNUNET_CRYPTO_cs_private_key_get_public (
2555 GNUNET_CRYPTO_CsPrivateKey *priv, 2555 const struct GNUNET_CRYPTO_CsPrivateKey *priv,
2556 struct GNUNET_CRYPTO_CsPublicKey *pub); 2556 struct GNUNET_CRYPTO_CsPublicKey *pub);
2557 2557
2558 2558
2559/** 2559/**
@@ -2565,11 +2565,13 @@ GNUNET_CRYPTO_cs_private_key_get_public (const struct
2565 * Comment: Can be done in one HKDF shot and split output. 2565 * Comment: Can be done in one HKDF shot and split output.
2566 * 2566 *
2567 * @param nonce is a random nonce 2567 * @param nonce is a random nonce
2568 * @param seed seed to use in derivation
2568 * @param lts is a long-term-secret in form of a private key 2569 * @param lts is a long-term-secret in form of a private key
2569 * @param[out] r array containing derived secrets r0 and r1 2570 * @param[out] r array containing derived secrets r0 and r1
2570 */ 2571 */
2571void 2572void
2572GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, 2573GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
2574 const char *seed,
2573 const struct GNUNET_CRYPTO_CsPrivateKey *lts, 2575 const struct GNUNET_CRYPTO_CsPrivateKey *lts,
2574 struct GNUNET_CRYPTO_CsRSecret r[2]); 2576 struct GNUNET_CRYPTO_CsRSecret r[2]);
2575 2577
@@ -2595,10 +2597,9 @@ GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv,
2595 * @param[out] bs array containing the two derived blinding secrets 2597 * @param[out] bs array containing the two derived blinding secrets
2596 */ 2598 */
2597void 2599void
2598GNUNET_CRYPTO_cs_blinding_secrets_derive (const struct 2600GNUNET_CRYPTO_cs_blinding_secrets_derive (
2599 GNUNET_CRYPTO_CsNonce *blind_seed, 2601 const struct GNUNET_CRYPTO_CsNonce *blind_seed,
2600 struct GNUNET_CRYPTO_CsBlindingSecret 2602 struct GNUNET_CRYPTO_CsBlindingSecret bs[2]);
2601 bs[2]);
2602 2603
2603 2604
2604/** 2605/**
@@ -2614,15 +2615,14 @@ GNUNET_CRYPTO_cs_blinding_secrets_derive (const struct
2614 * @param[out] blinded_r_pub array of the two blinded R 2615 * @param[out] blinded_r_pub array of the two blinded R
2615 */ 2616 */
2616void 2617void
2617GNUNET_CRYPTO_cs_calc_blinded_c (const struct GNUNET_CRYPTO_CsBlindingSecret 2618GNUNET_CRYPTO_cs_calc_blinded_c (
2618 bs[2], 2619 const struct GNUNET_CRYPTO_CsBlindingSecret bs[2],
2619 const struct GNUNET_CRYPTO_CsRPublic r_pub[2], 2620 const struct GNUNET_CRYPTO_CsRPublic r_pub[2],
2620 const struct GNUNET_CRYPTO_CsPublicKey *pub, 2621 const struct GNUNET_CRYPTO_CsPublicKey *pub,
2621 const void *msg, 2622 const void *msg,
2622 size_t msg_len, 2623 size_t msg_len,
2623 struct GNUNET_CRYPTO_CsC blinded_c[2], 2624 struct GNUNET_CRYPTO_CsC blinded_c[2],
2624 struct GNUNET_CRYPTO_CsRPublic 2625 struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2]);
2625 blinded_r_pub[2]);
2626 2626
2627 2627
2628/** 2628/**
@@ -2642,13 +2642,12 @@ GNUNET_CRYPTO_cs_calc_blinded_c (const struct GNUNET_CRYPTO_CsBlindingSecret
2642 * @return 0 or 1 for b (see Clause Blind Signature Scheme) 2642 * @return 0 or 1 for b (see Clause Blind Signature Scheme)
2643 */ 2643 */
2644unsigned int 2644unsigned int
2645GNUNET_CRYPTO_cs_sign_derive (const struct GNUNET_CRYPTO_CsPrivateKey *priv, 2645GNUNET_CRYPTO_cs_sign_derive (
2646 const struct GNUNET_CRYPTO_CsRSecret r[2], 2646 const struct GNUNET_CRYPTO_CsPrivateKey *priv,
2647 const struct GNUNET_CRYPTO_CsC c[2], 2647 const struct GNUNET_CRYPTO_CsRSecret r[2],
2648 const struct GNUNET_CRYPTO_CsNonce *nonce, 2648 const struct GNUNET_CRYPTO_CsC c[2],
2649 struct GNUNET_CRYPTO_CsBlindS * 2649 const struct GNUNET_CRYPTO_CsNonce *nonce,
2650 blinded_signature_scalar 2650 struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar);
2651 );
2652 2651
2653 2652
2654/** 2653/**
@@ -2659,10 +2658,10 @@ GNUNET_CRYPTO_cs_sign_derive (const struct GNUNET_CRYPTO_CsPrivateKey *priv,
2659 * @param[out] signature_scalar where to write the unblinded signature 2658 * @param[out] signature_scalar where to write the unblinded signature
2660 */ 2659 */
2661void 2660void
2662GNUNET_CRYPTO_cs_unblind (const struct 2661GNUNET_CRYPTO_cs_unblind (
2663 GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, 2662 const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar,
2664 const struct GNUNET_CRYPTO_CsBlindingSecret *bs, 2663 const struct GNUNET_CRYPTO_CsBlindingSecret *bs,
2665 struct GNUNET_CRYPTO_CsS *signature_scalar); 2664 struct GNUNET_CRYPTO_CsS *signature_scalar);
2666 2665
2667 2666
2668/** 2667/**
diff --git a/src/util/crypto_cs.c b/src/util/crypto_cs.c
index 1889e62f6..4c6648229 100644
--- a/src/util/crypto_cs.c
+++ b/src/util/crypto_cs.c
@@ -40,11 +40,6 @@
40 */ 40 */
41 41
42 42
43/**
44 * Create a new random private key.
45 *
46 * @param[out] priv where to write the fresh private key
47 */
48void 43void
49GNUNET_CRYPTO_cs_private_key_generate (struct GNUNET_CRYPTO_CsPrivateKey *priv) 44GNUNET_CRYPTO_cs_private_key_generate (struct GNUNET_CRYPTO_CsPrivateKey *priv)
50{ 45{
@@ -52,16 +47,10 @@ GNUNET_CRYPTO_cs_private_key_generate (struct GNUNET_CRYPTO_CsPrivateKey *priv)
52} 47}
53 48
54 49
55/**
56 * Extract the public key of the given private key.
57 *
58 * @param priv the private key
59 * @param[out] pub where to write the public key
60 */
61void 50void
62GNUNET_CRYPTO_cs_private_key_get_public (const struct 51GNUNET_CRYPTO_cs_private_key_get_public (
63 GNUNET_CRYPTO_CsPrivateKey *priv, 52 const struct GNUNET_CRYPTO_CsPrivateKey *priv,
64 struct GNUNET_CRYPTO_CsPublicKey *pub) 53 struct GNUNET_CRYPTO_CsPublicKey *pub)
65{ 54{
66 GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (pub->point.y, 55 GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (pub->point.y,
67 priv->scalar.d)); 56 priv->scalar.d));
@@ -84,20 +73,9 @@ map_to_scalar_subgroup (struct GNUNET_CRYPTO_Cs25519Scalar *scalar)
84} 73}
85 74
86 75
87/**
88 * Derive a new secret r pair r0 and r1.
89 * In original papers r is generated randomly
90 * To provide abort-idempotency, r needs to be derived but still needs to be UNPREDICTABLE
91 * To ensure unpredictability a new nonce should be used when a new r needs to be derived.
92 * Uses HKDF internally.
93 * Comment: Can be done in one HKDF shot and split output.
94 *
95 * @param nonce is a random nonce
96 * @param lts is a long-term-secret in form of a private key
97 * @param[out] r array containing derived secrets r0 and r1
98 */
99void 76void
100GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, 77GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
78 const char *seed,
101 const struct GNUNET_CRYPTO_CsPrivateKey *lts, 79 const struct GNUNET_CRYPTO_CsPrivateKey *lts,
102 struct GNUNET_CRYPTO_CsRSecret r[2]) 80 struct GNUNET_CRYPTO_CsRSecret r[2])
103{ 81{
@@ -105,7 +83,7 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
105 GNUNET_YES == 83 GNUNET_YES ==
106 GNUNET_CRYPTO_kdf ( 84 GNUNET_CRYPTO_kdf (
107 r, sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2, 85 r, sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2,
108 "r", strlen ("r"), 86 seed, strlen (seed),
109 lts, sizeof (*lts), 87 lts, sizeof (*lts),
110 nonce, sizeof (*nonce), 88 nonce, sizeof (*nonce),
111 NULL, 0)); 89 NULL, 0));
@@ -114,12 +92,6 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
114} 92}
115 93
116 94
117/**
118 * Extract the public R of the given secret r.
119 *
120 * @param r_priv the private key
121 * @param[out] r_pub where to write the public key
122 */
123void 95void
124GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, 96GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv,
125 struct GNUNET_CRYPTO_CsRPublic *r_pub) 97 struct GNUNET_CRYPTO_CsRPublic *r_pub)
@@ -129,36 +101,23 @@ GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv,
129} 101}
130 102
131 103
132/**
133 * Derives new random blinding factors.
134 * In original papers blinding factors are generated randomly
135 * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE
136 * To ensure unpredictability a new nonce has to be used.
137 * Uses HKDF internally
138 *
139 * @param secret is secret to derive blinding factors
140 * @param secret_len secret length
141 * @param[out] bs array containing the two derived blinding secrets
142 */
143void 104void
144GNUNET_CRYPTO_cs_blinding_secrets_derive (const struct 105GNUNET_CRYPTO_cs_blinding_secrets_derive (
145 GNUNET_CRYPTO_CsNonce *blind_seed, 106 const struct GNUNET_CRYPTO_CsNonce *blind_seed,
146 struct GNUNET_CRYPTO_CsBlindingSecret 107 struct GNUNET_CRYPTO_CsBlindingSecret bs[2])
147 bs[2])
148{ 108{
149 GNUNET_assert (GNUNET_YES == 109 GNUNET_assert (
150 GNUNET_CRYPTO_hkdf (bs, 110 GNUNET_YES ==
151 sizeof (struct 111 GNUNET_CRYPTO_hkdf (bs,
152 GNUNET_CRYPTO_CsBlindingSecret) 112 sizeof (struct GNUNET_CRYPTO_CsBlindingSecret) * 2,
153 * 2, 113 GCRY_MD_SHA512,
154 GCRY_MD_SHA512, 114 GCRY_MD_SHA256,
155 GCRY_MD_SHA256, 115 "alphabeta",
156 "alphabeta", 116 strlen ("alphabeta"),
157 strlen ("alphabeta"), 117 blind_seed,
158 blind_seed, 118 sizeof(*blind_seed),
159 sizeof(*blind_seed), 119 NULL,
160 NULL, 120 0));
161 0));
162 map_to_scalar_subgroup (&bs[0].alpha); 121 map_to_scalar_subgroup (&bs[0].alpha);
163 map_to_scalar_subgroup (&bs[0].beta); 122 map_to_scalar_subgroup (&bs[0].beta);
164 map_to_scalar_subgroup (&bs[1].alpha); 123 map_to_scalar_subgroup (&bs[1].alpha);
@@ -267,28 +226,15 @@ calc_r_dash (const struct GNUNET_CRYPTO_CsBlindingSecret *bs,
267} 226}
268 227
269 228
270/**
271 * Calculate two blinded c's
272 * Comment: One would be insecure due to Wagner's algorithm solving ROS
273 *
274 * @param bs array of the two blinding factor structs each containing alpha and beta
275 * @param r_pub array of the two signer's nonce R
276 * @param pub the public key of the signer
277 * @param msg the message to blind in preparation for signing
278 * @param msg_len length of message msg
279 * @param[out] blinded_c array of the two blinded c's
280 * @param[out] blinded_r_pub array of the two blinded R
281 */
282void 229void
283GNUNET_CRYPTO_cs_calc_blinded_c (const struct GNUNET_CRYPTO_CsBlindingSecret 230GNUNET_CRYPTO_cs_calc_blinded_c (
284 bs[2], 231 const struct GNUNET_CRYPTO_CsBlindingSecret bs[2],
285 const struct GNUNET_CRYPTO_CsRPublic r_pub[2], 232 const struct GNUNET_CRYPTO_CsRPublic r_pub[2],
286 const struct GNUNET_CRYPTO_CsPublicKey *pub, 233 const struct GNUNET_CRYPTO_CsPublicKey *pub,
287 const void *msg, 234 const void *msg,
288 size_t msg_len, 235 size_t msg_len,
289 struct GNUNET_CRYPTO_CsC blinded_c[2], 236 struct GNUNET_CRYPTO_CsC blinded_c[2],
290 struct GNUNET_CRYPTO_CsRPublic 237 struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2])
291 blinded_r_pub[2])
292{ 238{
293 // for i 0/1: R'i = Ri + alpha i*G + beta i*pub 239 // for i 0/1: R'i = Ri + alpha i*G + beta i*pub
294 calc_r_dash (&bs[0], &r_pub[0], pub, &blinded_r_pub[0]); 240 calc_r_dash (&bs[0], &r_pub[0], pub, &blinded_r_pub[0]);
@@ -310,30 +256,13 @@ GNUNET_CRYPTO_cs_calc_blinded_c (const struct GNUNET_CRYPTO_CsBlindingSecret
310} 256}
311 257
312 258
313/**
314 * Sign a blinded c
315 * This function derives b from a nonce and a longterm secret
316 * In original papers b is generated randomly
317 * To provide abort-idempotency, b needs to be derived but still need to be UNPREDICTABLE.
318 * To ensure unpredictability a new nonce has to be used for every signature
319 * HKDF is used internally for derivation
320 * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive
321 *
322 * @param priv private key to use for the signing and as LTS in HKDF
323 * @param r array of the two secret nonce from the signer
324 * @param c array of the two blinded c to sign c_b
325 * @param nonce is a random nonce
326 * @param[out] blinded_signature_scalar where to write the signature
327 * @return 0 or 1 for b (see Clause Blind Signature Scheme)
328 */
329unsigned int 259unsigned int
330GNUNET_CRYPTO_cs_sign_derive (const struct GNUNET_CRYPTO_CsPrivateKey *priv, 260GNUNET_CRYPTO_cs_sign_derive (
331 const struct GNUNET_CRYPTO_CsRSecret r[2], 261 const struct GNUNET_CRYPTO_CsPrivateKey *priv,
332 const struct GNUNET_CRYPTO_CsC c[2], 262 const struct GNUNET_CRYPTO_CsRSecret r[2],
333 const struct GNUNET_CRYPTO_CsNonce *nonce, 263 const struct GNUNET_CRYPTO_CsC c[2],
334 struct GNUNET_CRYPTO_CsBlindS * 264 const struct GNUNET_CRYPTO_CsNonce *nonce,
335 blinded_signature_scalar 265 struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar)
336 )
337{ 266{
338 uint32_t hkdf_out; 267 uint32_t hkdf_out;
339 268
@@ -366,18 +295,11 @@ GNUNET_CRYPTO_cs_sign_derive (const struct GNUNET_CRYPTO_CsPrivateKey *priv,
366} 295}
367 296
368 297
369/**
370 * Unblind a blind-signed signature using a c that was blinded
371 *
372 * @param blinded_signature_scalar the signature made on the blinded c
373 * @param bs the blinding factors used in the blinding
374 * @param[out] signature_scalar where to write the unblinded signature
375 */
376void 298void
377GNUNET_CRYPTO_cs_unblind (const struct 299GNUNET_CRYPTO_cs_unblind (
378 GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, 300 const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar,
379 const struct GNUNET_CRYPTO_CsBlindingSecret *bs, 301 const struct GNUNET_CRYPTO_CsBlindingSecret *bs,
380 struct GNUNET_CRYPTO_CsS *signature_scalar) 302 struct GNUNET_CRYPTO_CsS *signature_scalar)
381{ 303{
382 crypto_core_ed25519_scalar_add (signature_scalar->scalar.d, 304 crypto_core_ed25519_scalar_add (signature_scalar->scalar.d,
383 blinded_signature_scalar->scalar.d, 305 blinded_signature_scalar->scalar.d,
@@ -385,16 +307,6 @@ GNUNET_CRYPTO_cs_unblind (const struct
385} 307}
386 308
387 309
388/**
389 * Verify whether the given message corresponds to the given signature and the
390 * signature is valid with respect to the given public key.
391 *
392 * @param sig signature that is being validated
393 * @param pub public key of the signer
394 * @param msg is the message that should be signed by @a sig (message is used to calculate c)
395 * @param msg_len is the message length
396 * @returns #GNUNET_YES on success, #GNUNET_SYSERR if signature invalid
397 */
398enum GNUNET_GenericReturnValue 310enum GNUNET_GenericReturnValue
399GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig, 311GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig,
400 const struct GNUNET_CRYPTO_CsPublicKey *pub, 312 const struct GNUNET_CRYPTO_CsPublicKey *pub,
diff --git a/src/util/gnunet-crypto-tvg.c b/src/util/gnunet-crypto-tvg.c
index 6b2a7f472..0071f3e90 100644
--- a/src/util/gnunet-crypto-tvg.c
+++ b/src/util/gnunet-crypto-tvg.c
@@ -852,7 +852,7 @@ checkvec (const char *operation,
852 return GNUNET_SYSERR; 852 return GNUNET_SYSERR;
853 } 853 }
854 854
855 if ((b != 1)&& (b != 0)) 855 if ((b != 1) && (b != 0))
856 { 856 {
857 GNUNET_break (0); 857 GNUNET_break (0);
858 return GNUNET_SYSERR; 858 return GNUNET_SYSERR;
@@ -869,9 +869,14 @@ checkvec (const char *operation,
869 unsigned int b_comp; 869 unsigned int b_comp;
870 870
871 871
872 GNUNET_CRYPTO_cs_r_derive (&nonce, &priv, r_priv_comp); 872 GNUNET_CRYPTO_cs_r_derive (&nonce,
873 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0], &r_pub_comp[0]); 873 "rw",
874 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1], &r_pub_comp[1]); 874 &priv,
875 r_priv_comp);
876 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0],
877 &r_pub_comp[0]);
878 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1],
879 &r_pub_comp[1]);
875 GNUNET_assert (0 == memcmp (&r_priv_comp, 880 GNUNET_assert (0 == memcmp (&r_priv_comp,
876 &r_priv, 881 &r_priv,
877 sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2)); 882 sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2));
@@ -1316,9 +1321,14 @@ output_vectors ()
1316 strlen ("nonce_secret"), 1321 strlen ("nonce_secret"),
1317 NULL, 1322 NULL,
1318 0)); 1323 0));
1319 GNUNET_CRYPTO_cs_r_derive (&nonce, &priv, r_priv); 1324 GNUNET_CRYPTO_cs_r_derive (&nonce,
1320 GNUNET_CRYPTO_cs_r_get_public (&r_priv[0], &r_pub[0]); 1325 "rw",
1321 GNUNET_CRYPTO_cs_r_get_public (&r_priv[1], &r_pub[1]); 1326 &priv,
1327 r_priv);
1328 GNUNET_CRYPTO_cs_r_get_public (&r_priv[0],
1329 &r_pub[0]);
1330 GNUNET_CRYPTO_cs_r_get_public (&r_priv[1],
1331 &r_pub[1]);
1322 GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, 1332 GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce,
1323 bs); 1333 bs);
1324 GNUNET_CRYPTO_cs_calc_blinded_c (bs, 1334 GNUNET_CRYPTO_cs_calc_blinded_c (bs,
diff --git a/src/util/test_crypto_cs.c b/src/util/test_crypto_cs.c
index 347d2e214..914ded9bc 100644
--- a/src/util/test_crypto_cs.c
+++ b/src/util/test_crypto_cs.c
@@ -97,6 +97,7 @@ test_derive_rsecret (const struct GNUNET_CRYPTO_CsNonce *nonce,
97 r, 97 r,
98 sizeof(struct GNUNET_CRYPTO_CsPrivateKey) * 2); 98 sizeof(struct GNUNET_CRYPTO_CsPrivateKey) * 2);
99 GNUNET_CRYPTO_cs_r_derive (nonce, 99 GNUNET_CRYPTO_cs_r_derive (nonce,
100 "nw",
100 priv, 101 priv,
101 r); 102 r);
102 GNUNET_assert (0 != 103 GNUNET_assert (0 !=
@@ -114,6 +115,7 @@ test_derive_rsecret (const struct GNUNET_CRYPTO_CsNonce *nonce,
114 for (unsigned int i = 0; i<ITER; i++) 115 for (unsigned int i = 0; i<ITER; i++)
115 { 116 {
116 GNUNET_CRYPTO_cs_r_derive (nonce, 117 GNUNET_CRYPTO_cs_r_derive (nonce,
118 "nw",
117 priv, 119 priv,
118 r); 120 r);
119 GNUNET_assert (0 == 121 GNUNET_assert (0 ==
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 23:17:13 +0000