diff options
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 53 | ||||
-rw-r--r-- | src/util/crypto_cs.c | 164 | ||||
-rw-r--r-- | src/util/gnunet-crypto-tvg.c | 24 | ||||
-rw-r--r-- | src/util/test_crypto_cs.c | 2 |
4 files changed, 83 insertions, 160 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 1ab135d80..c2176f3f2 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -2551,9 +2551,9 @@ GNUNET_CRYPTO_cs_private_key_generate (struct GNUNET_CRYPTO_CsPrivateKey *priv); | |||
2551 | * @param[out] pub where to write the public key | 2551 | * @param[out] pub where to write the public key |
2552 | */ | 2552 | */ |
2553 | void | 2553 | void |
2554 | GNUNET_CRYPTO_cs_private_key_get_public (const struct | 2554 | GNUNET_CRYPTO_cs_private_key_get_public ( |
2555 | GNUNET_CRYPTO_CsPrivateKey *priv, | 2555 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
2556 | struct GNUNET_CRYPTO_CsPublicKey *pub); | 2556 | struct GNUNET_CRYPTO_CsPublicKey *pub); |
2557 | 2557 | ||
2558 | 2558 | ||
2559 | /** | 2559 | /** |
@@ -2565,11 +2565,13 @@ GNUNET_CRYPTO_cs_private_key_get_public (const struct | |||
2565 | * Comment: Can be done in one HKDF shot and split output. | 2565 | * Comment: Can be done in one HKDF shot and split output. |
2566 | * | 2566 | * |
2567 | * @param nonce is a random nonce | 2567 | * @param nonce is a random nonce |
2568 | * @param seed seed to use in derivation | ||
2568 | * @param lts is a long-term-secret in form of a private key | 2569 | * @param lts is a long-term-secret in form of a private key |
2569 | * @param[out] r array containing derived secrets r0 and r1 | 2570 | * @param[out] r array containing derived secrets r0 and r1 |
2570 | */ | 2571 | */ |
2571 | void | 2572 | void |
2572 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | 2573 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, |
2574 | const char *seed, | ||
2573 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, | 2575 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, |
2574 | struct GNUNET_CRYPTO_CsRSecret r[2]); | 2576 | struct GNUNET_CRYPTO_CsRSecret r[2]); |
2575 | 2577 | ||
@@ -2595,10 +2597,9 @@ GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, | |||
2595 | * @param[out] bs array containing the two derived blinding secrets | 2597 | * @param[out] bs array containing the two derived blinding secrets |
2596 | */ | 2598 | */ |
2597 | void | 2599 | void |
2598 | GNUNET_CRYPTO_cs_blinding_secrets_derive (const struct | 2600 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( |
2599 | GNUNET_CRYPTO_CsNonce *blind_seed, | 2601 | const struct GNUNET_CRYPTO_CsNonce *blind_seed, |
2600 | struct GNUNET_CRYPTO_CsBlindingSecret | 2602 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]); |
2601 | bs[2]); | ||
2602 | 2603 | ||
2603 | 2604 | ||
2604 | /** | 2605 | /** |
@@ -2614,15 +2615,14 @@ GNUNET_CRYPTO_cs_blinding_secrets_derive (const struct | |||
2614 | * @param[out] blinded_r_pub array of the two blinded R | 2615 | * @param[out] blinded_r_pub array of the two blinded R |
2615 | */ | 2616 | */ |
2616 | void | 2617 | void |
2617 | GNUNET_CRYPTO_cs_calc_blinded_c (const struct GNUNET_CRYPTO_CsBlindingSecret | 2618 | GNUNET_CRYPTO_cs_calc_blinded_c ( |
2618 | bs[2], | 2619 | const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], |
2619 | const struct GNUNET_CRYPTO_CsRPublic r_pub[2], | 2620 | const struct GNUNET_CRYPTO_CsRPublic r_pub[2], |
2620 | const struct GNUNET_CRYPTO_CsPublicKey *pub, | 2621 | const struct GNUNET_CRYPTO_CsPublicKey *pub, |
2621 | const void *msg, | 2622 | const void *msg, |
2622 | size_t msg_len, | 2623 | size_t msg_len, |
2623 | struct GNUNET_CRYPTO_CsC blinded_c[2], | 2624 | struct GNUNET_CRYPTO_CsC blinded_c[2], |
2624 | struct GNUNET_CRYPTO_CsRPublic | 2625 | struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2]); |
2625 | blinded_r_pub[2]); | ||
2626 | 2626 | ||
2627 | 2627 | ||
2628 | /** | 2628 | /** |
@@ -2642,13 +2642,12 @@ GNUNET_CRYPTO_cs_calc_blinded_c (const struct GNUNET_CRYPTO_CsBlindingSecret | |||
2642 | * @return 0 or 1 for b (see Clause Blind Signature Scheme) | 2642 | * @return 0 or 1 for b (see Clause Blind Signature Scheme) |
2643 | */ | 2643 | */ |
2644 | unsigned int | 2644 | unsigned int |
2645 | GNUNET_CRYPTO_cs_sign_derive (const struct GNUNET_CRYPTO_CsPrivateKey *priv, | 2645 | GNUNET_CRYPTO_cs_sign_derive ( |
2646 | const struct GNUNET_CRYPTO_CsRSecret r[2], | 2646 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
2647 | const struct GNUNET_CRYPTO_CsC c[2], | 2647 | const struct GNUNET_CRYPTO_CsRSecret r[2], |
2648 | const struct GNUNET_CRYPTO_CsNonce *nonce, | 2648 | const struct GNUNET_CRYPTO_CsC c[2], |
2649 | struct GNUNET_CRYPTO_CsBlindS * | 2649 | const struct GNUNET_CRYPTO_CsNonce *nonce, |
2650 | blinded_signature_scalar | 2650 | struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar); |
2651 | ); | ||
2652 | 2651 | ||
2653 | 2652 | ||
2654 | /** | 2653 | /** |
@@ -2659,10 +2658,10 @@ GNUNET_CRYPTO_cs_sign_derive (const struct GNUNET_CRYPTO_CsPrivateKey *priv, | |||
2659 | * @param[out] signature_scalar where to write the unblinded signature | 2658 | * @param[out] signature_scalar where to write the unblinded signature |
2660 | */ | 2659 | */ |
2661 | void | 2660 | void |
2662 | GNUNET_CRYPTO_cs_unblind (const struct | 2661 | GNUNET_CRYPTO_cs_unblind ( |
2663 | GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, | 2662 | const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, |
2664 | const struct GNUNET_CRYPTO_CsBlindingSecret *bs, | 2663 | const struct GNUNET_CRYPTO_CsBlindingSecret *bs, |
2665 | struct GNUNET_CRYPTO_CsS *signature_scalar); | 2664 | struct GNUNET_CRYPTO_CsS *signature_scalar); |
2666 | 2665 | ||
2667 | 2666 | ||
2668 | /** | 2667 | /** |
diff --git a/src/util/crypto_cs.c b/src/util/crypto_cs.c index 1889e62f6..4c6648229 100644 --- a/src/util/crypto_cs.c +++ b/src/util/crypto_cs.c | |||
@@ -40,11 +40,6 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | 42 | ||
43 | /** | ||
44 | * Create a new random private key. | ||
45 | * | ||
46 | * @param[out] priv where to write the fresh private key | ||
47 | */ | ||
48 | void | 43 | void |
49 | GNUNET_CRYPTO_cs_private_key_generate (struct GNUNET_CRYPTO_CsPrivateKey *priv) | 44 | GNUNET_CRYPTO_cs_private_key_generate (struct GNUNET_CRYPTO_CsPrivateKey *priv) |
50 | { | 45 | { |
@@ -52,16 +47,10 @@ GNUNET_CRYPTO_cs_private_key_generate (struct GNUNET_CRYPTO_CsPrivateKey *priv) | |||
52 | } | 47 | } |
53 | 48 | ||
54 | 49 | ||
55 | /** | ||
56 | * Extract the public key of the given private key. | ||
57 | * | ||
58 | * @param priv the private key | ||
59 | * @param[out] pub where to write the public key | ||
60 | */ | ||
61 | void | 50 | void |
62 | GNUNET_CRYPTO_cs_private_key_get_public (const struct | 51 | GNUNET_CRYPTO_cs_private_key_get_public ( |
63 | GNUNET_CRYPTO_CsPrivateKey *priv, | 52 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
64 | struct GNUNET_CRYPTO_CsPublicKey *pub) | 53 | struct GNUNET_CRYPTO_CsPublicKey *pub) |
65 | { | 54 | { |
66 | GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (pub->point.y, | 55 | GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (pub->point.y, |
67 | priv->scalar.d)); | 56 | priv->scalar.d)); |
@@ -84,20 +73,9 @@ map_to_scalar_subgroup (struct GNUNET_CRYPTO_Cs25519Scalar *scalar) | |||
84 | } | 73 | } |
85 | 74 | ||
86 | 75 | ||
87 | /** | ||
88 | * Derive a new secret r pair r0 and r1. | ||
89 | * In original papers r is generated randomly | ||
90 | * To provide abort-idempotency, r needs to be derived but still needs to be UNPREDICTABLE | ||
91 | * To ensure unpredictability a new nonce should be used when a new r needs to be derived. | ||
92 | * Uses HKDF internally. | ||
93 | * Comment: Can be done in one HKDF shot and split output. | ||
94 | * | ||
95 | * @param nonce is a random nonce | ||
96 | * @param lts is a long-term-secret in form of a private key | ||
97 | * @param[out] r array containing derived secrets r0 and r1 | ||
98 | */ | ||
99 | void | 76 | void |
100 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | 77 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, |
78 | const char *seed, | ||
101 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, | 79 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, |
102 | struct GNUNET_CRYPTO_CsRSecret r[2]) | 80 | struct GNUNET_CRYPTO_CsRSecret r[2]) |
103 | { | 81 | { |
@@ -105,7 +83,7 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | |||
105 | GNUNET_YES == | 83 | GNUNET_YES == |
106 | GNUNET_CRYPTO_kdf ( | 84 | GNUNET_CRYPTO_kdf ( |
107 | r, sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2, | 85 | r, sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2, |
108 | "r", strlen ("r"), | 86 | seed, strlen (seed), |
109 | lts, sizeof (*lts), | 87 | lts, sizeof (*lts), |
110 | nonce, sizeof (*nonce), | 88 | nonce, sizeof (*nonce), |
111 | NULL, 0)); | 89 | NULL, 0)); |
@@ -114,12 +92,6 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | |||
114 | } | 92 | } |
115 | 93 | ||
116 | 94 | ||
117 | /** | ||
118 | * Extract the public R of the given secret r. | ||
119 | * | ||
120 | * @param r_priv the private key | ||
121 | * @param[out] r_pub where to write the public key | ||
122 | */ | ||
123 | void | 95 | void |
124 | GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, | 96 | GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, |
125 | struct GNUNET_CRYPTO_CsRPublic *r_pub) | 97 | struct GNUNET_CRYPTO_CsRPublic *r_pub) |
@@ -129,36 +101,23 @@ GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, | |||
129 | } | 101 | } |
130 | 102 | ||
131 | 103 | ||
132 | /** | ||
133 | * Derives new random blinding factors. | ||
134 | * In original papers blinding factors are generated randomly | ||
135 | * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE | ||
136 | * To ensure unpredictability a new nonce has to be used. | ||
137 | * Uses HKDF internally | ||
138 | * | ||
139 | * @param secret is secret to derive blinding factors | ||
140 | * @param secret_len secret length | ||
141 | * @param[out] bs array containing the two derived blinding secrets | ||
142 | */ | ||
143 | void | 104 | void |
144 | GNUNET_CRYPTO_cs_blinding_secrets_derive (const struct | 105 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( |
145 | GNUNET_CRYPTO_CsNonce *blind_seed, | 106 | const struct GNUNET_CRYPTO_CsNonce *blind_seed, |
146 | struct GNUNET_CRYPTO_CsBlindingSecret | 107 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) |
147 | bs[2]) | ||
148 | { | 108 | { |
149 | GNUNET_assert (GNUNET_YES == | 109 | GNUNET_assert ( |
150 | GNUNET_CRYPTO_hkdf (bs, | 110 | GNUNET_YES == |
151 | sizeof (struct | 111 | GNUNET_CRYPTO_hkdf (bs, |
152 | GNUNET_CRYPTO_CsBlindingSecret) | 112 | sizeof (struct GNUNET_CRYPTO_CsBlindingSecret) * 2, |
153 | * 2, | 113 | GCRY_MD_SHA512, |
154 | GCRY_MD_SHA512, | 114 | GCRY_MD_SHA256, |
155 | GCRY_MD_SHA256, | 115 | "alphabeta", |
156 | "alphabeta", | 116 | strlen ("alphabeta"), |
157 | strlen ("alphabeta"), | 117 | blind_seed, |
158 | blind_seed, | 118 | sizeof(*blind_seed), |
159 | sizeof(*blind_seed), | 119 | NULL, |
160 | NULL, | 120 | 0)); |
161 | 0)); | ||
162 | map_to_scalar_subgroup (&bs[0].alpha); | 121 | map_to_scalar_subgroup (&bs[0].alpha); |
163 | map_to_scalar_subgroup (&bs[0].beta); | 122 | map_to_scalar_subgroup (&bs[0].beta); |
164 | map_to_scalar_subgroup (&bs[1].alpha); | 123 | map_to_scalar_subgroup (&bs[1].alpha); |
@@ -267,28 +226,15 @@ calc_r_dash (const struct GNUNET_CRYPTO_CsBlindingSecret *bs, | |||
267 | } | 226 | } |
268 | 227 | ||
269 | 228 | ||
270 | /** | ||
271 | * Calculate two blinded c's | ||
272 | * Comment: One would be insecure due to Wagner's algorithm solving ROS | ||
273 | * | ||
274 | * @param bs array of the two blinding factor structs each containing alpha and beta | ||
275 | * @param r_pub array of the two signer's nonce R | ||
276 | * @param pub the public key of the signer | ||
277 | * @param msg the message to blind in preparation for signing | ||
278 | * @param msg_len length of message msg | ||
279 | * @param[out] blinded_c array of the two blinded c's | ||
280 | * @param[out] blinded_r_pub array of the two blinded R | ||
281 | */ | ||
282 | void | 229 | void |
283 | GNUNET_CRYPTO_cs_calc_blinded_c (const struct GNUNET_CRYPTO_CsBlindingSecret | 230 | GNUNET_CRYPTO_cs_calc_blinded_c ( |
284 | bs[2], | 231 | const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], |
285 | const struct GNUNET_CRYPTO_CsRPublic r_pub[2], | 232 | const struct GNUNET_CRYPTO_CsRPublic r_pub[2], |
286 | const struct GNUNET_CRYPTO_CsPublicKey *pub, | 233 | const struct GNUNET_CRYPTO_CsPublicKey *pub, |
287 | const void *msg, | 234 | const void *msg, |
288 | size_t msg_len, | 235 | size_t msg_len, |
289 | struct GNUNET_CRYPTO_CsC blinded_c[2], | 236 | struct GNUNET_CRYPTO_CsC blinded_c[2], |
290 | struct GNUNET_CRYPTO_CsRPublic | 237 | struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2]) |
291 | blinded_r_pub[2]) | ||
292 | { | 238 | { |
293 | // for i 0/1: R'i = Ri + alpha i*G + beta i*pub | 239 | // for i 0/1: R'i = Ri + alpha i*G + beta i*pub |
294 | calc_r_dash (&bs[0], &r_pub[0], pub, &blinded_r_pub[0]); | 240 | calc_r_dash (&bs[0], &r_pub[0], pub, &blinded_r_pub[0]); |
@@ -310,30 +256,13 @@ GNUNET_CRYPTO_cs_calc_blinded_c (const struct GNUNET_CRYPTO_CsBlindingSecret | |||
310 | } | 256 | } |
311 | 257 | ||
312 | 258 | ||
313 | /** | ||
314 | * Sign a blinded c | ||
315 | * This function derives b from a nonce and a longterm secret | ||
316 | * In original papers b is generated randomly | ||
317 | * To provide abort-idempotency, b needs to be derived but still need to be UNPREDICTABLE. | ||
318 | * To ensure unpredictability a new nonce has to be used for every signature | ||
319 | * HKDF is used internally for derivation | ||
320 | * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive | ||
321 | * | ||
322 | * @param priv private key to use for the signing and as LTS in HKDF | ||
323 | * @param r array of the two secret nonce from the signer | ||
324 | * @param c array of the two blinded c to sign c_b | ||
325 | * @param nonce is a random nonce | ||
326 | * @param[out] blinded_signature_scalar where to write the signature | ||
327 | * @return 0 or 1 for b (see Clause Blind Signature Scheme) | ||
328 | */ | ||
329 | unsigned int | 259 | unsigned int |
330 | GNUNET_CRYPTO_cs_sign_derive (const struct GNUNET_CRYPTO_CsPrivateKey *priv, | 260 | GNUNET_CRYPTO_cs_sign_derive ( |
331 | const struct GNUNET_CRYPTO_CsRSecret r[2], | 261 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
332 | const struct GNUNET_CRYPTO_CsC c[2], | 262 | const struct GNUNET_CRYPTO_CsRSecret r[2], |
333 | const struct GNUNET_CRYPTO_CsNonce *nonce, | 263 | const struct GNUNET_CRYPTO_CsC c[2], |
334 | struct GNUNET_CRYPTO_CsBlindS * | 264 | const struct GNUNET_CRYPTO_CsNonce *nonce, |
335 | blinded_signature_scalar | 265 | struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar) |
336 | ) | ||
337 | { | 266 | { |
338 | uint32_t hkdf_out; | 267 | uint32_t hkdf_out; |
339 | 268 | ||
@@ -366,18 +295,11 @@ GNUNET_CRYPTO_cs_sign_derive (const struct GNUNET_CRYPTO_CsPrivateKey *priv, | |||
366 | } | 295 | } |
367 | 296 | ||
368 | 297 | ||
369 | /** | ||
370 | * Unblind a blind-signed signature using a c that was blinded | ||
371 | * | ||
372 | * @param blinded_signature_scalar the signature made on the blinded c | ||
373 | * @param bs the blinding factors used in the blinding | ||
374 | * @param[out] signature_scalar where to write the unblinded signature | ||
375 | */ | ||
376 | void | 298 | void |
377 | GNUNET_CRYPTO_cs_unblind (const struct | 299 | GNUNET_CRYPTO_cs_unblind ( |
378 | GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, | 300 | const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, |
379 | const struct GNUNET_CRYPTO_CsBlindingSecret *bs, | 301 | const struct GNUNET_CRYPTO_CsBlindingSecret *bs, |
380 | struct GNUNET_CRYPTO_CsS *signature_scalar) | 302 | struct GNUNET_CRYPTO_CsS *signature_scalar) |
381 | { | 303 | { |
382 | crypto_core_ed25519_scalar_add (signature_scalar->scalar.d, | 304 | crypto_core_ed25519_scalar_add (signature_scalar->scalar.d, |
383 | blinded_signature_scalar->scalar.d, | 305 | blinded_signature_scalar->scalar.d, |
@@ -385,16 +307,6 @@ GNUNET_CRYPTO_cs_unblind (const struct | |||
385 | } | 307 | } |
386 | 308 | ||
387 | 309 | ||
388 | /** | ||
389 | * Verify whether the given message corresponds to the given signature and the | ||
390 | * signature is valid with respect to the given public key. | ||
391 | * | ||
392 | * @param sig signature that is being validated | ||
393 | * @param pub public key of the signer | ||
394 | * @param msg is the message that should be signed by @a sig (message is used to calculate c) | ||
395 | * @param msg_len is the message length | ||
396 | * @returns #GNUNET_YES on success, #GNUNET_SYSERR if signature invalid | ||
397 | */ | ||
398 | enum GNUNET_GenericReturnValue | 310 | enum GNUNET_GenericReturnValue |
399 | GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig, | 311 | GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig, |
400 | const struct GNUNET_CRYPTO_CsPublicKey *pub, | 312 | const struct GNUNET_CRYPTO_CsPublicKey *pub, |
diff --git a/src/util/gnunet-crypto-tvg.c b/src/util/gnunet-crypto-tvg.c index 6b2a7f472..0071f3e90 100644 --- a/src/util/gnunet-crypto-tvg.c +++ b/src/util/gnunet-crypto-tvg.c | |||
@@ -852,7 +852,7 @@ checkvec (const char *operation, | |||
852 | return GNUNET_SYSERR; | 852 | return GNUNET_SYSERR; |
853 | } | 853 | } |
854 | 854 | ||
855 | if ((b != 1)&& (b != 0)) | 855 | if ((b != 1) && (b != 0)) |
856 | { | 856 | { |
857 | GNUNET_break (0); | 857 | GNUNET_break (0); |
858 | return GNUNET_SYSERR; | 858 | return GNUNET_SYSERR; |
@@ -869,9 +869,14 @@ checkvec (const char *operation, | |||
869 | unsigned int b_comp; | 869 | unsigned int b_comp; |
870 | 870 | ||
871 | 871 | ||
872 | GNUNET_CRYPTO_cs_r_derive (&nonce, &priv, r_priv_comp); | 872 | GNUNET_CRYPTO_cs_r_derive (&nonce, |
873 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0], &r_pub_comp[0]); | 873 | "rw", |
874 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1], &r_pub_comp[1]); | 874 | &priv, |
875 | r_priv_comp); | ||
876 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0], | ||
877 | &r_pub_comp[0]); | ||
878 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1], | ||
879 | &r_pub_comp[1]); | ||
875 | GNUNET_assert (0 == memcmp (&r_priv_comp, | 880 | GNUNET_assert (0 == memcmp (&r_priv_comp, |
876 | &r_priv, | 881 | &r_priv, |
877 | sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2)); | 882 | sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2)); |
@@ -1316,9 +1321,14 @@ output_vectors () | |||
1316 | strlen ("nonce_secret"), | 1321 | strlen ("nonce_secret"), |
1317 | NULL, | 1322 | NULL, |
1318 | 0)); | 1323 | 0)); |
1319 | GNUNET_CRYPTO_cs_r_derive (&nonce, &priv, r_priv); | 1324 | GNUNET_CRYPTO_cs_r_derive (&nonce, |
1320 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[0], &r_pub[0]); | 1325 | "rw", |
1321 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[1], &r_pub[1]); | 1326 | &priv, |
1327 | r_priv); | ||
1328 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[0], | ||
1329 | &r_pub[0]); | ||
1330 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[1], | ||
1331 | &r_pub[1]); | ||
1322 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, | 1332 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, |
1323 | bs); | 1333 | bs); |
1324 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, | 1334 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, |
diff --git a/src/util/test_crypto_cs.c b/src/util/test_crypto_cs.c index 347d2e214..914ded9bc 100644 --- a/src/util/test_crypto_cs.c +++ b/src/util/test_crypto_cs.c | |||
@@ -97,6 +97,7 @@ test_derive_rsecret (const struct GNUNET_CRYPTO_CsNonce *nonce, | |||
97 | r, | 97 | r, |
98 | sizeof(struct GNUNET_CRYPTO_CsPrivateKey) * 2); | 98 | sizeof(struct GNUNET_CRYPTO_CsPrivateKey) * 2); |
99 | GNUNET_CRYPTO_cs_r_derive (nonce, | 99 | GNUNET_CRYPTO_cs_r_derive (nonce, |
100 | "nw", | ||
100 | priv, | 101 | priv, |
101 | r); | 102 | r); |
102 | GNUNET_assert (0 != | 103 | GNUNET_assert (0 != |
@@ -114,6 +115,7 @@ test_derive_rsecret (const struct GNUNET_CRYPTO_CsNonce *nonce, | |||
114 | for (unsigned int i = 0; i<ITER; i++) | 115 | for (unsigned int i = 0; i<ITER; i++) |
115 | { | 116 | { |
116 | GNUNET_CRYPTO_cs_r_derive (nonce, | 117 | GNUNET_CRYPTO_cs_r_derive (nonce, |
118 | "nw", | ||
117 | priv, | 119 | priv, |
118 | r); | 120 | r); |
119 | GNUNET_assert (0 == | 121 | GNUNET_assert (0 == |