diff options
| -rw-r--r-- | src/include/gnunet_crypto_lib.h | 36 | ||||
| -rw-r--r-- | src/lib/util/crypto_cs.c | 11 | ||||
| -rw-r--r-- | src/lib/util/test_crypto_cs.c | 18 |
3 files changed, 40 insertions, 25 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 3507a4f4d..11bd680e7 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
| @@ -669,12 +669,24 @@ struct GNUNET_CRYPTO_CsSignature | |||
| 669 | 669 | ||
| 670 | 670 | ||
| 671 | /** | 671 | /** |
| 672 | * Nonce | 672 | * Nonce for the session, picked by client, |
| 673 | * shared with the signer. | ||
| 673 | */ | 674 | */ |
| 674 | struct GNUNET_CRYPTO_CsNonce | 675 | struct GNUNET_CRYPTO_CsSessionNonce |
| 675 | { | 676 | { |
| 676 | /*a nonce*/ | 677 | /*a nonce*/ |
| 677 | unsigned char nonce[256 / 8]; | 678 | unsigned char snonce[256 / 8]; |
| 679 | }; | ||
| 680 | |||
| 681 | |||
| 682 | /** | ||
| 683 | * Nonce for computing blinding factors. Not | ||
| 684 | * shared with the signer. | ||
| 685 | */ | ||
| 686 | struct GNUNET_CRYPTO_CsBlindingNonce | ||
| 687 | { | ||
| 688 | /*a nonce*/ | ||
| 689 | unsigned char bnonce[256 / 8]; | ||
| 678 | }; | 690 | }; |
| 679 | 691 | ||
| 680 | 692 | ||
| @@ -3100,7 +3112,7 @@ GNUNET_CRYPTO_cs_private_key_get_public ( | |||
| 3100 | */ | 3112 | */ |
| 3101 | void | 3113 | void |
| 3102 | GNUNET_CRYPTO_cs_r_derive ( | 3114 | GNUNET_CRYPTO_cs_r_derive ( |
| 3103 | const struct GNUNET_CRYPTO_CsNonce *nonce, | 3115 | const struct GNUNET_CRYPTO_CsSessionNonce *nonce, |
| 3104 | const char *seed, | 3116 | const char *seed, |
| 3105 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, | 3117 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, |
| 3106 | struct GNUNET_CRYPTO_CsRSecret r[2]); | 3118 | struct GNUNET_CRYPTO_CsRSecret r[2]); |
| @@ -3121,16 +3133,16 @@ GNUNET_CRYPTO_cs_r_get_public ( | |||
| 3121 | /** | 3133 | /** |
| 3122 | * Derives new random blinding factors. | 3134 | * Derives new random blinding factors. |
| 3123 | * In original papers blinding factors are generated randomly | 3135 | * In original papers blinding factors are generated randomly |
| 3124 | * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE | 3136 | * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE. |
| 3125 | * To ensure unpredictability a new nonce has to be used. | 3137 | * To ensure unpredictability a new nonce has to be used. |
| 3126 | * Uses HKDF internally | 3138 | * Uses HKDF internally. |
| 3127 | * | 3139 | * |
| 3128 | * @param blind_seed is the blinding seed to derive blinding factors | 3140 | * @param blind_seed is the blinding seed to derive blinding factors |
| 3129 | * @param[out] bs array containing the two derived blinding secrets | 3141 | * @param[out] bs array containing the two derived blinding secrets |
| 3130 | */ | 3142 | */ |
| 3131 | void | 3143 | void |
| 3132 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( | 3144 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( |
| 3133 | const struct GNUNET_CRYPTO_CsNonce *blind_seed, | 3145 | const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, |
| 3134 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]); | 3146 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]); |
| 3135 | 3147 | ||
| 3136 | 3148 | ||
| @@ -3146,9 +3158,9 @@ struct GNUNET_CRYPTO_CsBlindedMessage | |||
| 3146 | struct GNUNET_CRYPTO_CsC c[2]; | 3158 | struct GNUNET_CRYPTO_CsC c[2]; |
| 3147 | 3159 | ||
| 3148 | /** | 3160 | /** |
| 3149 | * Public nonce. | 3161 | * Public nonce used to generate the R-values. |
| 3150 | */ | 3162 | */ |
| 3151 | struct GNUNET_CRYPTO_CsNonce nonce; | 3163 | struct GNUNET_CRYPTO_CsSessionNonce nonce; |
| 3152 | }; | 3164 | }; |
| 3153 | 3165 | ||
| 3154 | 3166 | ||
| @@ -3663,11 +3675,9 @@ GNUNET_CRYPTO_blind_sign_keys_create ( | |||
| 3663 | union GNUNET_CRYPTO_BlindingSecretP | 3675 | union GNUNET_CRYPTO_BlindingSecretP |
| 3664 | { | 3676 | { |
| 3665 | /** | 3677 | /** |
| 3666 | * Clause Schnorr nonce. FIXME: probably should have | 3678 | * Clause Schnorr nonce. |
| 3667 | * a different type than the nonce we send over the | ||
| 3668 | * network!!! | ||
| 3669 | */ | 3679 | */ |
| 3670 | struct GNUNET_CRYPTO_CsNonce nonce; | 3680 | struct GNUNET_CRYPTO_CsBlindingNonce nonce; |
| 3671 | 3681 | ||
| 3672 | /** | 3682 | /** |
| 3673 | * Variant for RSA for blind signatures. | 3683 | * Variant for RSA for blind signatures. |
diff --git a/src/lib/util/crypto_cs.c b/src/lib/util/crypto_cs.c index 4933b04f4..cf1c43c25 100644 --- a/src/lib/util/crypto_cs.c +++ b/src/lib/util/crypto_cs.c | |||
| @@ -75,7 +75,7 @@ map_to_scalar_subgroup (struct GNUNET_CRYPTO_Cs25519Scalar *scalar) | |||
| 75 | 75 | ||
| 76 | 76 | ||
| 77 | void | 77 | void |
| 78 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | 78 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsSessionNonce *nonce, |
| 79 | const char *seed, | 79 | const char *seed, |
| 80 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, | 80 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, |
| 81 | struct GNUNET_CRYPTO_CsRSecret r[2]) | 81 | struct GNUNET_CRYPTO_CsRSecret r[2]) |
| @@ -84,7 +84,7 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | |||
| 84 | GNUNET_YES == | 84 | GNUNET_YES == |
| 85 | GNUNET_CRYPTO_kdf ( | 85 | GNUNET_CRYPTO_kdf ( |
| 86 | r, sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2, | 86 | r, sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2, |
| 87 | seed, strlen (seed), | 87 | seed, strlen (seed), |
| 88 | lts, sizeof (*lts), | 88 | lts, sizeof (*lts), |
| 89 | nonce, sizeof (*nonce), | 89 | nonce, sizeof (*nonce), |
| 90 | NULL, 0)); | 90 | NULL, 0)); |
| @@ -97,14 +97,15 @@ void | |||
| 97 | GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, | 97 | GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, |
| 98 | struct GNUNET_CRYPTO_CsRPublic *r_pub) | 98 | struct GNUNET_CRYPTO_CsRPublic *r_pub) |
| 99 | { | 99 | { |
| 100 | GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y, | 100 | GNUNET_assert (0 == |
| 101 | r_priv->scalar.d)); | 101 | crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y, |
| 102 | r_priv->scalar.d)); | ||
| 102 | } | 103 | } |
| 103 | 104 | ||
| 104 | 105 | ||
| 105 | void | 106 | void |
| 106 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( | 107 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( |
| 107 | const struct GNUNET_CRYPTO_CsNonce *blind_seed, | 108 | const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, |
| 108 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) | 109 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) |
| 109 | { | 110 | { |
| 110 | GNUNET_assert ( | 111 | GNUNET_assert ( |
diff --git a/src/lib/util/test_crypto_cs.c b/src/lib/util/test_crypto_cs.c index c930ce3ac..5b3aac778 100644 --- a/src/lib/util/test_crypto_cs.c +++ b/src/lib/util/test_crypto_cs.c | |||
| @@ -90,7 +90,7 @@ test_generate_pub (const struct GNUNET_CRYPTO_CsPrivateKey *priv, | |||
| 90 | 90 | ||
| 91 | 91 | ||
| 92 | static void | 92 | static void |
| 93 | test_derive_rsecret (const struct GNUNET_CRYPTO_CsNonce *nonce, | 93 | test_derive_rsecret (const struct GNUNET_CRYPTO_CsSessionNonce *nonce, |
| 94 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, | 94 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
| 95 | struct GNUNET_CRYPTO_CsRSecret r[2]) | 95 | struct GNUNET_CRYPTO_CsRSecret r[2]) |
| 96 | { | 96 | { |
| @@ -169,7 +169,7 @@ test_generate_rpublic (const struct GNUNET_CRYPTO_CsRSecret *r_priv, | |||
| 169 | 169 | ||
| 170 | 170 | ||
| 171 | static void | 171 | static void |
| 172 | test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsNonce *blind_seed, | 172 | test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, |
| 173 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) | 173 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) |
| 174 | { | 174 | { |
| 175 | /* TEST 1 | 175 | /* TEST 1 |
| @@ -513,11 +513,11 @@ main (int argc, | |||
| 513 | test_generate_pub (&priv, | 513 | test_generate_pub (&priv, |
| 514 | &pub); | 514 | &pub); |
| 515 | 515 | ||
| 516 | // derive nonce | 516 | // set nonce |
| 517 | struct GNUNET_CRYPTO_CsNonce nonce; | 517 | struct GNUNET_CRYPTO_CsSessionNonce nonce; |
| 518 | GNUNET_assert (GNUNET_YES == | 518 | GNUNET_assert (GNUNET_YES == |
| 519 | GNUNET_CRYPTO_kdf (nonce.nonce, | 519 | GNUNET_CRYPTO_kdf (&nonce, |
| 520 | sizeof(nonce.nonce), | 520 | sizeof(nonce), |
| 521 | "nonce", | 521 | "nonce", |
| 522 | strlen ("nonce"), | 522 | strlen ("nonce"), |
| 523 | "nonce_secret", | 523 | "nonce_secret", |
| @@ -549,11 +549,15 @@ main (int argc, | |||
| 549 | 549 | ||
| 550 | // generate blinding secrets | 550 | // generate blinding secrets |
| 551 | struct GNUNET_CRYPTO_CsBlindingSecret blindingsecrets[2]; | 551 | struct GNUNET_CRYPTO_CsBlindingSecret blindingsecrets[2]; |
| 552 | struct GNUNET_CRYPTO_CsBlindingNonce bnonce; | ||
| 552 | 553 | ||
| 554 | memset (&bnonce, | ||
| 555 | 42, | ||
| 556 | sizeof (bnonce)); | ||
| 553 | memset (blindingsecrets, | 557 | memset (blindingsecrets, |
| 554 | 42, | 558 | 42, |
| 555 | sizeof (blindingsecrets)); | 559 | sizeof (blindingsecrets)); |
| 556 | test_derive_blindingsecrets (&nonce, | 560 | test_derive_blindingsecrets (&bnonce, |
| 557 | blindingsecrets); | 561 | blindingsecrets); |
| 558 | 562 | ||
| 559 | // calculate blinded c's | 563 | // calculate blinded c's |