diff options
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 36 | ||||
-rw-r--r-- | src/lib/util/crypto_cs.c | 11 | ||||
-rw-r--r-- | src/lib/util/test_crypto_cs.c | 18 |
3 files changed, 40 insertions, 25 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 3507a4f4d..11bd680e7 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -669,12 +669,24 @@ struct GNUNET_CRYPTO_CsSignature | |||
669 | 669 | ||
670 | 670 | ||
671 | /** | 671 | /** |
672 | * Nonce | 672 | * Nonce for the session, picked by client, |
673 | * shared with the signer. | ||
673 | */ | 674 | */ |
674 | struct GNUNET_CRYPTO_CsNonce | 675 | struct GNUNET_CRYPTO_CsSessionNonce |
675 | { | 676 | { |
676 | /*a nonce*/ | 677 | /*a nonce*/ |
677 | unsigned char nonce[256 / 8]; | 678 | unsigned char snonce[256 / 8]; |
679 | }; | ||
680 | |||
681 | |||
682 | /** | ||
683 | * Nonce for computing blinding factors. Not | ||
684 | * shared with the signer. | ||
685 | */ | ||
686 | struct GNUNET_CRYPTO_CsBlindingNonce | ||
687 | { | ||
688 | /*a nonce*/ | ||
689 | unsigned char bnonce[256 / 8]; | ||
678 | }; | 690 | }; |
679 | 691 | ||
680 | 692 | ||
@@ -3100,7 +3112,7 @@ GNUNET_CRYPTO_cs_private_key_get_public ( | |||
3100 | */ | 3112 | */ |
3101 | void | 3113 | void |
3102 | GNUNET_CRYPTO_cs_r_derive ( | 3114 | GNUNET_CRYPTO_cs_r_derive ( |
3103 | const struct GNUNET_CRYPTO_CsNonce *nonce, | 3115 | const struct GNUNET_CRYPTO_CsSessionNonce *nonce, |
3104 | const char *seed, | 3116 | const char *seed, |
3105 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, | 3117 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, |
3106 | struct GNUNET_CRYPTO_CsRSecret r[2]); | 3118 | struct GNUNET_CRYPTO_CsRSecret r[2]); |
@@ -3121,16 +3133,16 @@ GNUNET_CRYPTO_cs_r_get_public ( | |||
3121 | /** | 3133 | /** |
3122 | * Derives new random blinding factors. | 3134 | * Derives new random blinding factors. |
3123 | * In original papers blinding factors are generated randomly | 3135 | * In original papers blinding factors are generated randomly |
3124 | * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE | 3136 | * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE. |
3125 | * To ensure unpredictability a new nonce has to be used. | 3137 | * To ensure unpredictability a new nonce has to be used. |
3126 | * Uses HKDF internally | 3138 | * Uses HKDF internally. |
3127 | * | 3139 | * |
3128 | * @param blind_seed is the blinding seed to derive blinding factors | 3140 | * @param blind_seed is the blinding seed to derive blinding factors |
3129 | * @param[out] bs array containing the two derived blinding secrets | 3141 | * @param[out] bs array containing the two derived blinding secrets |
3130 | */ | 3142 | */ |
3131 | void | 3143 | void |
3132 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( | 3144 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( |
3133 | const struct GNUNET_CRYPTO_CsNonce *blind_seed, | 3145 | const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, |
3134 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]); | 3146 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]); |
3135 | 3147 | ||
3136 | 3148 | ||
@@ -3146,9 +3158,9 @@ struct GNUNET_CRYPTO_CsBlindedMessage | |||
3146 | struct GNUNET_CRYPTO_CsC c[2]; | 3158 | struct GNUNET_CRYPTO_CsC c[2]; |
3147 | 3159 | ||
3148 | /** | 3160 | /** |
3149 | * Public nonce. | 3161 | * Public nonce used to generate the R-values. |
3150 | */ | 3162 | */ |
3151 | struct GNUNET_CRYPTO_CsNonce nonce; | 3163 | struct GNUNET_CRYPTO_CsSessionNonce nonce; |
3152 | }; | 3164 | }; |
3153 | 3165 | ||
3154 | 3166 | ||
@@ -3663,11 +3675,9 @@ GNUNET_CRYPTO_blind_sign_keys_create ( | |||
3663 | union GNUNET_CRYPTO_BlindingSecretP | 3675 | union GNUNET_CRYPTO_BlindingSecretP |
3664 | { | 3676 | { |
3665 | /** | 3677 | /** |
3666 | * Clause Schnorr nonce. FIXME: probably should have | 3678 | * Clause Schnorr nonce. |
3667 | * a different type than the nonce we send over the | ||
3668 | * network!!! | ||
3669 | */ | 3679 | */ |
3670 | struct GNUNET_CRYPTO_CsNonce nonce; | 3680 | struct GNUNET_CRYPTO_CsBlindingNonce nonce; |
3671 | 3681 | ||
3672 | /** | 3682 | /** |
3673 | * Variant for RSA for blind signatures. | 3683 | * Variant for RSA for blind signatures. |
diff --git a/src/lib/util/crypto_cs.c b/src/lib/util/crypto_cs.c index 4933b04f4..cf1c43c25 100644 --- a/src/lib/util/crypto_cs.c +++ b/src/lib/util/crypto_cs.c | |||
@@ -75,7 +75,7 @@ map_to_scalar_subgroup (struct GNUNET_CRYPTO_Cs25519Scalar *scalar) | |||
75 | 75 | ||
76 | 76 | ||
77 | void | 77 | void |
78 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | 78 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsSessionNonce *nonce, |
79 | const char *seed, | 79 | const char *seed, |
80 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, | 80 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, |
81 | struct GNUNET_CRYPTO_CsRSecret r[2]) | 81 | struct GNUNET_CRYPTO_CsRSecret r[2]) |
@@ -84,7 +84,7 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | |||
84 | GNUNET_YES == | 84 | GNUNET_YES == |
85 | GNUNET_CRYPTO_kdf ( | 85 | GNUNET_CRYPTO_kdf ( |
86 | r, sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2, | 86 | r, sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2, |
87 | seed, strlen (seed), | 87 | seed, strlen (seed), |
88 | lts, sizeof (*lts), | 88 | lts, sizeof (*lts), |
89 | nonce, sizeof (*nonce), | 89 | nonce, sizeof (*nonce), |
90 | NULL, 0)); | 90 | NULL, 0)); |
@@ -97,14 +97,15 @@ void | |||
97 | GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, | 97 | GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, |
98 | struct GNUNET_CRYPTO_CsRPublic *r_pub) | 98 | struct GNUNET_CRYPTO_CsRPublic *r_pub) |
99 | { | 99 | { |
100 | GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y, | 100 | GNUNET_assert (0 == |
101 | r_priv->scalar.d)); | 101 | crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y, |
102 | r_priv->scalar.d)); | ||
102 | } | 103 | } |
103 | 104 | ||
104 | 105 | ||
105 | void | 106 | void |
106 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( | 107 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( |
107 | const struct GNUNET_CRYPTO_CsNonce *blind_seed, | 108 | const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, |
108 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) | 109 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) |
109 | { | 110 | { |
110 | GNUNET_assert ( | 111 | GNUNET_assert ( |
diff --git a/src/lib/util/test_crypto_cs.c b/src/lib/util/test_crypto_cs.c index c930ce3ac..5b3aac778 100644 --- a/src/lib/util/test_crypto_cs.c +++ b/src/lib/util/test_crypto_cs.c | |||
@@ -90,7 +90,7 @@ test_generate_pub (const struct GNUNET_CRYPTO_CsPrivateKey *priv, | |||
90 | 90 | ||
91 | 91 | ||
92 | static void | 92 | static void |
93 | test_derive_rsecret (const struct GNUNET_CRYPTO_CsNonce *nonce, | 93 | test_derive_rsecret (const struct GNUNET_CRYPTO_CsSessionNonce *nonce, |
94 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, | 94 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
95 | struct GNUNET_CRYPTO_CsRSecret r[2]) | 95 | struct GNUNET_CRYPTO_CsRSecret r[2]) |
96 | { | 96 | { |
@@ -169,7 +169,7 @@ test_generate_rpublic (const struct GNUNET_CRYPTO_CsRSecret *r_priv, | |||
169 | 169 | ||
170 | 170 | ||
171 | static void | 171 | static void |
172 | test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsNonce *blind_seed, | 172 | test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, |
173 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) | 173 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) |
174 | { | 174 | { |
175 | /* TEST 1 | 175 | /* TEST 1 |
@@ -513,11 +513,11 @@ main (int argc, | |||
513 | test_generate_pub (&priv, | 513 | test_generate_pub (&priv, |
514 | &pub); | 514 | &pub); |
515 | 515 | ||
516 | // derive nonce | 516 | // set nonce |
517 | struct GNUNET_CRYPTO_CsNonce nonce; | 517 | struct GNUNET_CRYPTO_CsSessionNonce nonce; |
518 | GNUNET_assert (GNUNET_YES == | 518 | GNUNET_assert (GNUNET_YES == |
519 | GNUNET_CRYPTO_kdf (nonce.nonce, | 519 | GNUNET_CRYPTO_kdf (&nonce, |
520 | sizeof(nonce.nonce), | 520 | sizeof(nonce), |
521 | "nonce", | 521 | "nonce", |
522 | strlen ("nonce"), | 522 | strlen ("nonce"), |
523 | "nonce_secret", | 523 | "nonce_secret", |
@@ -549,11 +549,15 @@ main (int argc, | |||
549 | 549 | ||
550 | // generate blinding secrets | 550 | // generate blinding secrets |
551 | struct GNUNET_CRYPTO_CsBlindingSecret blindingsecrets[2]; | 551 | struct GNUNET_CRYPTO_CsBlindingSecret blindingsecrets[2]; |
552 | struct GNUNET_CRYPTO_CsBlindingNonce bnonce; | ||
552 | 553 | ||
554 | memset (&bnonce, | ||
555 | 42, | ||
556 | sizeof (bnonce)); | ||
553 | memset (blindingsecrets, | 557 | memset (blindingsecrets, |
554 | 42, | 558 | 42, |
555 | sizeof (blindingsecrets)); | 559 | sizeof (blindingsecrets)); |
556 | test_derive_blindingsecrets (&nonce, | 560 | test_derive_blindingsecrets (&bnonce, |
557 | blindingsecrets); | 561 | blindingsecrets); |
558 | 562 | ||
559 | // calculate blinded c's | 563 | // calculate blinded c's |