aboutsummaryrefslogtreecommitdiff
path: root/src/cli/util/gnunet-crypto-tvg.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/cli/util/gnunet-crypto-tvg.c')
-rw-r--r--src/cli/util/gnunet-crypto-tvg.c1555
1 files changed, 1555 insertions, 0 deletions
diff --git a/src/cli/util/gnunet-crypto-tvg.c b/src/cli/util/gnunet-crypto-tvg.c
new file mode 100644
index 000000000..5a16bb8fc
--- /dev/null
+++ b/src/cli/util/gnunet-crypto-tvg.c
@@ -0,0 +1,1555 @@
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2020 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
21/**
22 * @file util/gnunet-crypto-tgv.c
23 * @brief Generate test vectors for cryptographic operations.
24 * @author Florian Dold
25 *
26 * Note that this program shouldn't depend on code in src/json/,
27 * so we're using raw jansson and no GNUnet JSON helpers.
28 *
29 * Test vectors have the following format (TypeScript pseudo code):
30 *
31 * interface TestVectorFile {
32 * encoding: "base32crockford";
33 * producer?: string;
34 * vectors: TestVector[];
35 * }
36 *
37 * enum Operation {
38 * Hash("hash"),
39 * ...
40 * }
41 *
42 * interface TestVector {
43 * operation: Operation;
44 * // Inputs for the operation
45 * [ k: string]: string | number;
46 * };
47 *
48 *
49 */
50
51#include "platform.h"
52#include "gnunet_util_lib.h"
53#include "gnunet_signatures.h"
54#include "gnunet_testing_lib.h"
55#include <jansson.h>
56#include <gcrypt.h>
57
58GNUNET_NETWORK_STRUCT_BEGIN
59
60/**
61 * Sample signature struct.
62 *
63 * Purpose is #GNUNET_SIGNATURE_PURPOSE_TEST
64 */
65struct TestSignatureDataPS
66{
67 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
68 uint32_t testval;
69};
70
71GNUNET_NETWORK_STRUCT_END
72
73
74/**
75 * Should we verify or output test vectors?
76 */
77static int verify_flag = GNUNET_NO;
78
79
80/**
81 * Global exit code.
82 */
83static int global_ret = 0;
84
85
86/**
87 * Create a fresh test vector for a given operation label.
88 *
89 * @param vecs array of vectors to append the new vector to
90 * @param vecname label for the operation of the vector
91 * @returns the fresh test vector
92 */
93static json_t *
94vec_for (json_t *vecs, const char *vecname)
95{
96 json_t *t = json_object ();
97
98 json_object_set_new (t,
99 "operation",
100 json_string (vecname));
101 json_array_append_new (vecs, t);
102 return t;
103}
104
105
106/**
107 * Add a base32crockford encoded value
108 * to a test vector.
109 *
110 * @param vec test vector to add to
111 * @param label label for the value
112 * @param data data to add
113 * @param size size of data
114 */
115static void
116d2j (json_t *vec,
117 const char *label,
118 const void *data,
119 size_t size)
120{
121 char *buf;
122 json_t *json;
123
124 buf = GNUNET_STRINGS_data_to_string_alloc (data, size);
125 json = json_string (buf);
126 GNUNET_free (buf);
127 GNUNET_break (NULL != json);
128
129 json_object_set_new (vec, label, json);
130}
131
132
133/**
134 * Add a number to a test vector.
135 *
136 * @param vec test vector to add to
137 * @param label label for the value
138 * @param data data to add
139 * @param size size of data
140 */
141static void
142uint2j (json_t *vec,
143 const char *label,
144 unsigned int num)
145{
146 json_t *json = json_integer (num);
147
148 json_object_set_new (vec, label, json);
149}
150
151
152static int
153expect_data_fixed (json_t *vec,
154 const char *name,
155 void *data,
156 size_t expect_len)
157{
158 const char *s = json_string_value (json_object_get (vec, name));
159
160 if (NULL == s)
161 return GNUNET_NO;
162
163 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s,
164 strlen (s),
165 data,
166 expect_len))
167 return GNUNET_NO;
168 return GNUNET_OK;
169}
170
171
172static int
173expect_data_dynamic (json_t *vec,
174 const char *name,
175 void **data,
176 size_t *ret_len)
177{
178 const char *s = json_string_value (json_object_get (vec, name));
179 char *tmp;
180 size_t len;
181
182 if (NULL == s)
183 return GNUNET_NO;
184
185 len = (strlen (s) * 5) / 8;
186 if (NULL != ret_len)
187 *ret_len = len;
188 tmp = GNUNET_malloc (len);
189
190 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len))
191 {
192 GNUNET_free (tmp);
193 return GNUNET_NO;
194 }
195 *data = tmp;
196 return GNUNET_OK;
197}
198
199
200/**
201 * Check a single vector.
202 *
203 * @param operation operator of the vector
204 * @param vec the vector, a JSON object.
205 *
206 * @returns GNUNET_OK if the vector is okay
207 */
208static int
209checkvec (const char *operation,
210 json_t *vec)
211{
212 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
213 "checking %s\n", operation);
214
215 if (0 == strcmp (operation, "hash"))
216 {
217 void *data;
218 size_t data_len;
219 struct GNUNET_HashCode hash_out;
220 struct GNUNET_HashCode hc;
221
222 if (GNUNET_OK != expect_data_dynamic (vec,
223 "input",
224 &data,
225 &data_len))
226 {
227 GNUNET_break (0);
228 return GNUNET_SYSERR;
229 }
230 if (GNUNET_OK != expect_data_fixed (vec,
231 "output",
232 &hash_out,
233 sizeof (hash_out)))
234 {
235 GNUNET_free (data);
236 GNUNET_break (0);
237 return GNUNET_NO;
238 }
239
240 GNUNET_CRYPTO_hash (data, data_len, &hc);
241
242 if (0 != GNUNET_memcmp (&hc, &hash_out))
243 {
244 GNUNET_free (data);
245 GNUNET_break (0);
246 return GNUNET_NO;
247 }
248 GNUNET_free (data);
249 }
250 else if (0 == strcmp (operation, "ecc_ecdh"))
251 {
252 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
253 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
254 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
255 struct GNUNET_HashCode skm;
256 struct GNUNET_HashCode skm_comp;
257
258 if (GNUNET_OK != expect_data_fixed (vec,
259 "priv1",
260 &priv1,
261 sizeof (priv1)))
262 {
263 GNUNET_break (0);
264 return GNUNET_NO;
265 }
266 if (GNUNET_OK != expect_data_fixed (vec,
267 "priv2",
268 &priv2,
269 sizeof (priv2)))
270 {
271 GNUNET_break (0);
272 return GNUNET_NO;
273 }
274 if (GNUNET_OK != expect_data_fixed (vec,
275 "pub1",
276 &pub1,
277 sizeof (pub1)))
278 {
279 GNUNET_break (0);
280 return GNUNET_NO;
281 }
282 if (GNUNET_OK != expect_data_fixed (vec,
283 "skm",
284 &skm,
285 sizeof (skm)))
286 {
287 GNUNET_break (0);
288 return GNUNET_NO;
289 }
290 GNUNET_assert (GNUNET_OK ==
291 GNUNET_CRYPTO_ecc_ecdh (&priv2,
292 &pub1,
293 &skm_comp));
294 if (0 != GNUNET_memcmp (&skm, &skm_comp))
295 {
296 GNUNET_break (0);
297 return GNUNET_NO;
298 }
299 }
300 else if (0 == strcmp (operation, "eddsa_key_derivation"))
301 {
302 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
303 struct GNUNET_CRYPTO_EddsaPublicKey pub;
304 struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
305
306 if (GNUNET_OK != expect_data_fixed (vec,
307 "priv",
308 &priv,
309 sizeof (priv)))
310 {
311 GNUNET_break (0);
312 return GNUNET_NO;
313 }
314
315 if (GNUNET_OK != expect_data_fixed (vec,
316 "pub",
317 &pub,
318 sizeof (pub)))
319 {
320 GNUNET_break (0);
321 return GNUNET_NO;
322 }
323
324 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
325 &pub_comp);
326 if (0 != GNUNET_memcmp (&pub, &pub_comp))
327 {
328 GNUNET_break (0);
329 return GNUNET_NO;
330 }
331
332 }
333 else if (0 == strcmp (operation, "eddsa_signing"))
334 {
335 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
336 struct GNUNET_CRYPTO_EddsaPublicKey pub;
337 struct TestSignatureDataPS data = { 0 };
338 struct GNUNET_CRYPTO_EddsaSignature sig;
339 struct GNUNET_CRYPTO_EddsaSignature sig_comp;
340
341 if (GNUNET_OK != expect_data_fixed (vec,
342 "priv",
343 &priv,
344 sizeof (priv)))
345 {
346 GNUNET_break (0);
347 return GNUNET_NO;
348 }
349
350 if (GNUNET_OK != expect_data_fixed (vec,
351 "pub",
352 &pub,
353 sizeof (pub)))
354 {
355 GNUNET_break (0);
356 return GNUNET_NO;
357 }
358
359 if (GNUNET_OK != expect_data_fixed (vec,
360 "data",
361 &data,
362 sizeof (data)))
363 {
364 GNUNET_break (0);
365 return GNUNET_NO;
366 }
367
368 if (GNUNET_OK != expect_data_fixed (vec,
369 "sig",
370 &sig,
371 sizeof (sig)))
372 {
373 GNUNET_break (0);
374 return GNUNET_NO;
375 }
376
377 GNUNET_CRYPTO_eddsa_sign (&priv,
378 &data,
379 &sig_comp);
380 GNUNET_assert (GNUNET_OK ==
381 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
382 &data,
383 &sig,
384 &pub));
385 if (0 != GNUNET_memcmp (&sig, &sig_comp))
386 {
387 GNUNET_break (0);
388 return GNUNET_NO;
389 }
390 }
391 else if (0 == strcmp (operation, "kdf"))
392 {
393 size_t out_len;
394 void *out;
395 size_t out_len_comp;
396 void *out_comp;
397 void *ikm;
398 size_t ikm_len;
399 void *salt;
400 size_t salt_len;
401 void *ctx;
402 size_t ctx_len;
403
404 if (GNUNET_OK != expect_data_dynamic (vec,
405 "out",
406 &out,
407 &out_len))
408 {
409 GNUNET_break (0);
410 return GNUNET_SYSERR;
411 }
412
413 out_len_comp = out_len;
414 out_comp = GNUNET_malloc (out_len_comp);
415
416 if (GNUNET_OK != expect_data_dynamic (vec,
417 "ikm",
418 &ikm,
419 &ikm_len))
420 {
421 GNUNET_free (out);
422 GNUNET_free (out_comp);
423 GNUNET_break (0);
424 return GNUNET_SYSERR;
425 }
426
427 if (GNUNET_OK != expect_data_dynamic (vec,
428 "salt",
429 &salt,
430 &salt_len))
431 {
432 GNUNET_free (out);
433 GNUNET_free (out_comp);
434 GNUNET_free (ikm);
435 GNUNET_break (0);
436 return GNUNET_SYSERR;
437 }
438
439 if (GNUNET_OK != expect_data_dynamic (vec,
440 "ctx",
441 &ctx,
442 &ctx_len))
443 {
444 GNUNET_free (out);
445 GNUNET_free (out_comp);
446 GNUNET_free (ikm);
447 GNUNET_free (salt);
448 GNUNET_break (0);
449 return GNUNET_SYSERR;
450 }
451
452 GNUNET_assert (GNUNET_OK ==
453 GNUNET_CRYPTO_kdf (out_comp,
454 out_len_comp,
455 salt,
456 salt_len,
457 ikm,
458 ikm_len,
459 ctx,
460 ctx_len,
461 NULL));
462
463 if (0 != memcmp (out, out_comp, out_len))
464 {
465 GNUNET_free (out);
466 GNUNET_free (out_comp);
467 GNUNET_free (ikm);
468 GNUNET_free (salt);
469 GNUNET_free (ctx);
470 GNUNET_break (0);
471 return GNUNET_NO;
472 }
473 GNUNET_free (out);
474 GNUNET_free (out_comp);
475 GNUNET_free (ikm);
476 GNUNET_free (salt);
477 GNUNET_free (ctx);
478 }
479 else if (0 == strcmp (operation, "eddsa_ecdh"))
480 {
481 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
482 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
483 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
484 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
485 struct GNUNET_HashCode key_material;
486 struct GNUNET_HashCode key_material_comp;
487
488 if (GNUNET_OK != expect_data_fixed (vec,
489 "priv_ecdhe",
490 &priv_ecdhe,
491 sizeof (priv_ecdhe)))
492 {
493 GNUNET_break (0);
494 return GNUNET_NO;
495 }
496
497 if (GNUNET_OK != expect_data_fixed (vec,
498 "pub_ecdhe",
499 &pub_ecdhe,
500 sizeof (pub_ecdhe)))
501 {
502 GNUNET_break (0);
503 return GNUNET_NO;
504 }
505
506 if (GNUNET_OK != expect_data_fixed (vec,
507 "priv_eddsa",
508 &priv_eddsa,
509 sizeof (priv_eddsa)))
510 {
511 GNUNET_break (0);
512 return GNUNET_NO;
513 }
514
515 if (GNUNET_OK != expect_data_fixed (vec,
516 "pub_eddsa",
517 &pub_eddsa,
518 sizeof (pub_eddsa)))
519 {
520 GNUNET_break (0);
521 return GNUNET_NO;
522 }
523
524 if (GNUNET_OK != expect_data_fixed (vec,
525 "key_material",
526 &key_material,
527 sizeof (key_material)))
528 {
529 GNUNET_break (0);
530 return GNUNET_NO;
531 }
532
533 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material_comp);
534
535 if (0 != GNUNET_memcmp (&key_material, &key_material_comp))
536 {
537 GNUNET_break (0);
538 return GNUNET_NO;
539 }
540 }
541 else if (0 == strcmp (operation, "rsa_blind_signing"))
542 {
543 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
544 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
545 struct GNUNET_HashCode message_hash;
546 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
547 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
548 struct GNUNET_CRYPTO_RsaSignature *sig;
549 void *blinded_data;
550 size_t blinded_len;
551 void *blinded_data_comp;
552 size_t blinded_len_comp;
553 void *public_enc_data;
554 size_t public_enc_len;
555 void *secret_enc_data;
556 size_t secret_enc_len;
557 void *sig_enc_data;
558 size_t sig_enc_length;
559 void *sig_enc_data_comp;
560 size_t sig_enc_length_comp;
561
562 if (GNUNET_OK != expect_data_fixed (vec,
563 "message_hash",
564 &message_hash,
565 sizeof (message_hash)))
566 {
567 GNUNET_break (0);
568 return GNUNET_SYSERR;
569 }
570
571 if (GNUNET_OK != expect_data_fixed (vec,
572 "blinding_key_secret",
573 &bks,
574 sizeof (bks)))
575 {
576 GNUNET_break (0);
577 return GNUNET_SYSERR;
578 }
579
580 if (GNUNET_OK != expect_data_dynamic (vec,
581 "blinded_message",
582 &blinded_data,
583 &blinded_len))
584 {
585 GNUNET_break (0);
586 return GNUNET_SYSERR;
587 }
588
589 if (GNUNET_OK != expect_data_dynamic (vec,
590 "rsa_public_key",
591 &public_enc_data,
592 &public_enc_len))
593 {
594 GNUNET_free (blinded_data);
595 GNUNET_break (0);
596 return GNUNET_SYSERR;
597 }
598
599 if (GNUNET_OK != expect_data_dynamic (vec,
600 "rsa_private_key",
601 &secret_enc_data,
602 &secret_enc_len))
603 {
604 GNUNET_free (blinded_data);
605 GNUNET_free (public_enc_data);
606 GNUNET_break (0);
607 return GNUNET_SYSERR;
608 }
609
610 if (GNUNET_OK != expect_data_dynamic (vec,
611 "sig",
612 &sig_enc_data,
613 &sig_enc_length))
614 {
615 GNUNET_free (blinded_data);
616 GNUNET_free (public_enc_data);
617 GNUNET_free (secret_enc_data);
618 GNUNET_break (0);
619 return GNUNET_SYSERR;
620 }
621
622 pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
623 public_enc_len);
624 GNUNET_assert (NULL != pkey);
625 skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
626 secret_enc_len);
627 GNUNET_assert (NULL != skey);
628
629 GNUNET_assert (GNUNET_YES ==
630 GNUNET_CRYPTO_rsa_blind (&message_hash,
631 &bks,
632 pkey,
633 &blinded_data_comp,
634 &blinded_len_comp));
635 if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data,
636 blinded_data_comp,
637 blinded_len)) )
638 {
639 GNUNET_free (blinded_data);
640 GNUNET_free (blinded_data_comp);
641 GNUNET_free (public_enc_data);
642 GNUNET_free (secret_enc_data);
643 GNUNET_free (sig_enc_data);
644 GNUNET_CRYPTO_rsa_private_key_free (skey);
645 GNUNET_CRYPTO_rsa_public_key_free (pkey);
646 GNUNET_break (0);
647 return GNUNET_NO;
648 }
649 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
650 blinded_len);
651 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
652 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
653 pkey));
654 GNUNET_free(public_enc_data);
655 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
656 &public_enc_data);
657 sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
658 &sig_enc_data_comp);
659
660 if ( (sig_enc_length != sig_enc_length_comp) ||
661 (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
662 {
663 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
664 GNUNET_free (blinded_data);
665 GNUNET_free (blinded_data_comp);
666 GNUNET_free (public_enc_data);
667 GNUNET_free (secret_enc_data);
668 GNUNET_free (sig_enc_data);
669 GNUNET_free (sig_enc_data_comp);
670 GNUNET_CRYPTO_rsa_private_key_free (skey);
671 GNUNET_CRYPTO_rsa_signature_free (sig);
672 GNUNET_CRYPTO_rsa_public_key_free (pkey);
673 GNUNET_break (0);
674 return GNUNET_NO;
675 }
676 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
677 GNUNET_free (blinded_data);
678 GNUNET_free (blinded_data_comp);
679 GNUNET_free (public_enc_data);
680 GNUNET_free (secret_enc_data);
681 GNUNET_free (sig_enc_data);
682 GNUNET_free (sig_enc_data_comp);
683 GNUNET_CRYPTO_rsa_signature_free (sig);
684 GNUNET_CRYPTO_rsa_public_key_free (pkey);
685 GNUNET_CRYPTO_rsa_private_key_free (skey);
686 }
687 else if (0 == strcmp (operation, "cs_blind_signing"))
688 {
689 struct GNUNET_CRYPTO_CsPrivateKey priv;
690 struct GNUNET_CRYPTO_CsPublicKey pub;
691 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
692 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
693 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
694 struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2];
695 struct GNUNET_CRYPTO_CsC c[2];
696 struct GNUNET_CRYPTO_CsS signature_scalar;
697 struct GNUNET_CRYPTO_CsBlindS blinded_s;
698 struct GNUNET_CRYPTO_CsSignature sig;
699 struct GNUNET_CRYPTO_CsNonce nonce;
700 struct GNUNET_HashCode message_hash;
701 unsigned int b;
702
703 if (GNUNET_OK != expect_data_fixed (vec,
704 "message_hash",
705 &message_hash,
706 sizeof (message_hash)))
707 {
708 GNUNET_break (0);
709 return GNUNET_SYSERR;
710 }
711 if (GNUNET_OK != expect_data_fixed (vec,
712 "cs_public_key",
713 &pub,
714 sizeof (pub)))
715 {
716 GNUNET_break (0);
717 return GNUNET_SYSERR;
718 }
719
720 if (GNUNET_OK != expect_data_fixed (vec,
721 "cs_private_key",
722 &priv,
723 sizeof (priv)))
724 {
725 GNUNET_break (0);
726 return GNUNET_SYSERR;
727 }
728 if (GNUNET_OK != expect_data_fixed (vec,
729 "cs_nonce",
730 &nonce,
731 sizeof (nonce)))
732 {
733 GNUNET_break (0);
734 return GNUNET_SYSERR;
735 }
736 if (GNUNET_OK != expect_data_fixed (vec,
737 "cs_r_priv_0",
738 &r_priv[0],
739 sizeof (r_priv[0])))
740 {
741 GNUNET_break (0);
742 return GNUNET_SYSERR;
743 }
744 if (GNUNET_OK != expect_data_fixed (vec,
745 "cs_r_priv_1",
746 &r_priv[1],
747 sizeof (r_priv[1])))
748 {
749 GNUNET_break (0);
750 return GNUNET_SYSERR;
751 }
752 if (GNUNET_OK != expect_data_fixed (vec,
753 "cs_r_pub_0",
754 &r_pub[0],
755 sizeof (r_pub[0])))
756 {
757 GNUNET_break (0);
758 return GNUNET_SYSERR;
759 }
760 if (GNUNET_OK != expect_data_fixed (vec,
761 "cs_r_pub_1",
762 &r_pub[1],
763 sizeof (r_pub[1])))
764 {
765 GNUNET_break (0);
766 return GNUNET_SYSERR;
767 }
768
769 if (GNUNET_OK != expect_data_fixed (vec,
770 "cs_bs_alpha_0",
771 &bs[0].alpha,
772 sizeof (bs[0].alpha)))
773 {
774 GNUNET_break (0);
775 return GNUNET_SYSERR;
776 }
777 if (GNUNET_OK != expect_data_fixed (vec,
778 "cs_bs_alpha_1",
779 &bs[1].alpha,
780 sizeof (bs[1].alpha)))
781 {
782 GNUNET_break (0);
783 return GNUNET_SYSERR;
784 }
785 if (GNUNET_OK != expect_data_fixed (vec,
786 "cs_bs_beta_0",
787 &bs[0].beta,
788 sizeof (bs[0].beta)))
789 {
790 GNUNET_break (0);
791 return GNUNET_SYSERR;
792 }
793 if (GNUNET_OK != expect_data_fixed (vec,
794 "cs_bs_beta_1",
795 &bs[1].beta,
796 sizeof (bs[1].beta)))
797 {
798 GNUNET_break (0);
799 return GNUNET_SYSERR;
800 }
801 if (GNUNET_OK != expect_data_fixed (vec,
802 "cs_r_pub_blind_0",
803 &r_pub_blind[0],
804 sizeof (r_pub_blind[0])))
805 {
806 GNUNET_break (0);
807 return GNUNET_SYSERR;
808 }
809 if (GNUNET_OK != expect_data_fixed (vec,
810 "cs_r_pub_blind_1",
811 &r_pub_blind[1],
812 sizeof (r_pub_blind[1])))
813 {
814 GNUNET_break (0);
815 return GNUNET_SYSERR;
816 }
817 if (GNUNET_OK != expect_data_fixed (vec,
818 "cs_c_0",
819 &c[0],
820 sizeof (c[0])))
821 {
822 GNUNET_break (0);
823 return GNUNET_SYSERR;
824 }
825 if (GNUNET_OK != expect_data_fixed (vec,
826 "cs_c_1",
827 &c[1],
828 sizeof (c[1])))
829 {
830 GNUNET_break (0);
831 return GNUNET_SYSERR;
832 }
833 if (GNUNET_OK != expect_data_fixed (vec,
834 "cs_blind_s",
835 &blinded_s,
836 sizeof (blinded_s)))
837 {
838 GNUNET_break (0);
839 return GNUNET_SYSERR;
840 }
841 if (GNUNET_OK != expect_data_fixed (vec,
842 "cs_b",
843 &b,
844 sizeof (b)))
845 {
846 GNUNET_break (0);
847 return GNUNET_SYSERR;
848 }
849 if (GNUNET_OK != expect_data_fixed (vec,
850 "cs_sig_s",
851 &signature_scalar,
852 sizeof (signature_scalar)))
853 {
854 GNUNET_break (0);
855 return GNUNET_SYSERR;
856 }
857 sig.s_scalar = signature_scalar;
858 if (GNUNET_OK != expect_data_fixed (vec,
859 "cs_sig_R",
860 &sig.r_point,
861 sizeof (sig.r_point)))
862 {
863 GNUNET_break (0);
864 return GNUNET_SYSERR;
865 }
866
867 if ((b != 1) && (b != 0))
868 {
869 GNUNET_break (0);
870 return GNUNET_SYSERR;
871 }
872
873 struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2];
874 struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2];
875 struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2];
876 struct GNUNET_CRYPTO_CsC c_comp[2];
877 struct GNUNET_CRYPTO_CsRPublic r_pub_blind_comp[2];
878 struct GNUNET_CRYPTO_CsBlindS blinded_s_comp;
879 struct GNUNET_CRYPTO_CsS signature_scalar_comp;
880 struct GNUNET_CRYPTO_CsSignature sig_comp;
881 unsigned int b_comp;
882
883
884 GNUNET_CRYPTO_cs_r_derive (&nonce,
885 "rw",
886 &priv,
887 r_priv_comp);
888 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0],
889 &r_pub_comp[0]);
890 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1],
891 &r_pub_comp[1]);
892 GNUNET_assert (0 == memcmp (&r_priv_comp,
893 &r_priv,
894 sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2));
895 GNUNET_assert (0 == memcmp (&r_pub_comp,
896 &r_pub,
897 sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
898
899 GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce,
900 bs_comp);
901 GNUNET_assert (0 == memcmp (&bs_comp,
902 &bs,
903 sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
904 * 2));
905 GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp,
906 r_pub_comp,
907 &pub,
908 &message_hash,
909 sizeof(message_hash),
910 c_comp,
911 r_pub_blind_comp);
912 GNUNET_assert (0 == memcmp (&c_comp,
913 &c,
914 sizeof(struct GNUNET_CRYPTO_CsC) * 2));
915 GNUNET_assert (0 == memcmp (&r_pub_blind_comp,
916 &r_pub_blind,
917 sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
918 b_comp = GNUNET_CRYPTO_cs_sign_derive (&priv,
919 r_priv_comp,
920 c_comp,
921 &nonce,
922 &blinded_s_comp);
923 GNUNET_assert (0 == memcmp (&blinded_s_comp,
924 &blinded_s,
925 sizeof(blinded_s)));
926 GNUNET_assert (0 == memcmp (&b_comp,
927 &b,
928 sizeof(b)));
929 GNUNET_CRYPTO_cs_unblind (&blinded_s_comp,
930 &bs_comp[b_comp],
931 &signature_scalar_comp);
932 GNUNET_assert (0 == memcmp (&signature_scalar_comp,
933 &signature_scalar,
934 sizeof(signature_scalar_comp)));
935 sig_comp.r_point = r_pub_blind_comp[b_comp];
936 sig_comp.s_scalar = signature_scalar_comp;
937 GNUNET_assert (0 == memcmp (&sig_comp,
938 &sig,
939 sizeof(sig_comp)));
940 if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig_comp,
941 &pub,
942 &message_hash,
943 sizeof(message_hash)))
944 {
945 GNUNET_break (0);
946 return GNUNET_SYSERR;
947 }
948 }
949 else
950 {
951 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
952 "unsupported operation '%s'\n", operation);
953 }
954
955 return GNUNET_OK;
956}
957
958
959/**
960 * Check test vectors from stdin.
961 *
962 * @returns global exit code
963 */
964static int
965check_vectors ()
966{
967 json_error_t err;
968 json_t *vecfile = json_loadf (stdin, 0, &err);
969 const char *encoding;
970 json_t *vectors;
971
972 if (NULL == vecfile)
973 {
974 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
975 return 1;
976 }
977 encoding = json_string_value (json_object_get (vecfile,
978 "encoding"));
979 if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
980 {
981 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
982 json_decref (vecfile);
983 return 1;
984 }
985 vectors = json_object_get (vecfile, "vectors");
986 if (! json_is_array (vectors))
987 {
988 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
989 json_decref (vecfile);
990 return 1;
991 }
992 {
993 /* array is a JSON array */
994 size_t index;
995 json_t *value;
996 int ret;
997
998 json_array_foreach (vectors, index, value) {
999 const char *op = json_string_value (json_object_get (value,
1000 "operation"));
1001
1002 if (NULL == op)
1003 {
1004 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1005 "missing operation\n");
1006 ret = GNUNET_SYSERR;
1007 break;
1008 }
1009 ret = checkvec (op, value);
1010 if (GNUNET_OK != ret)
1011 {
1012 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1013 "bad vector %u\n",
1014 (unsigned int) index);
1015 break;
1016 }
1017 }
1018 json_decref (vecfile);
1019 return (ret == GNUNET_OK) ? 0 : 1;
1020 }
1021}
1022
1023
1024/**
1025 * Output test vectors.
1026 *
1027 * @returns global exit code
1028 */
1029static int
1030output_vectors ()
1031{
1032 json_t *vecfile = json_object ();
1033 json_t *vecs = json_array ();
1034
1035 json_object_set_new (vecfile,
1036 "encoding",
1037 json_string ("base32crockford"));
1038 json_object_set_new (vecfile,
1039 "producer",
1040 json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
1041 json_object_set_new (vecfile,
1042 "vectors",
1043 vecs);
1044
1045 {
1046 json_t *vec = vec_for (vecs, "hash");
1047 struct GNUNET_HashCode hc;
1048 char *str = "Hello, GNUnet";
1049
1050 GNUNET_CRYPTO_hash (str, strlen (str), &hc);
1051
1052 d2j (vec, "input", str, strlen (str));
1053 d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
1054 }
1055 {
1056 json_t *vec = vec_for (vecs, "ecc_ecdh");
1057 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
1058 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
1059 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
1060 struct GNUNET_HashCode skm;
1061
1062 GNUNET_CRYPTO_ecdhe_key_create (&priv1);
1063 GNUNET_CRYPTO_ecdhe_key_create (&priv2);
1064 GNUNET_CRYPTO_ecdhe_key_get_public (&priv1,
1065 &pub1);
1066 GNUNET_assert (GNUNET_OK ==
1067 GNUNET_CRYPTO_ecc_ecdh (&priv2,
1068 &pub1,
1069 &skm));
1070
1071 d2j (vec,
1072 "priv1",
1073 &priv1,
1074 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1075 d2j (vec,
1076 "pub1",
1077 &pub1,
1078 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1079 d2j (vec,
1080 "priv2",
1081 &priv2,
1082 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1083 d2j (vec,
1084 "skm",
1085 &skm,
1086 sizeof (struct GNUNET_HashCode));
1087 }
1088
1089 {
1090 json_t *vec = vec_for (vecs, "eddsa_key_derivation");
1091 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1092 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1093
1094 GNUNET_CRYPTO_eddsa_key_create (&priv);
1095 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1096 &pub);
1097
1098 d2j (vec,
1099 "priv",
1100 &priv,
1101 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1102 d2j (vec,
1103 "pub",
1104 &pub,
1105 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1106 }
1107 {
1108 json_t *vec = vec_for (vecs, "eddsa_signing");
1109 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1110 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1111 struct GNUNET_CRYPTO_EddsaSignature sig;
1112 struct TestSignatureDataPS data = { 0 };
1113
1114 GNUNET_CRYPTO_eddsa_key_create (&priv);
1115 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1116 &pub);
1117 data.purpose.size = htonl (sizeof (data));
1118 data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
1119 GNUNET_CRYPTO_eddsa_sign (&priv,
1120 &data,
1121 &sig);
1122 GNUNET_assert (GNUNET_OK ==
1123 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
1124 &data,
1125 &sig,
1126 &pub));
1127
1128 d2j (vec,
1129 "priv",
1130 &priv,
1131 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1132 d2j (vec,
1133 "pub",
1134 &pub,
1135 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1136 d2j (vec,
1137 "data",
1138 &data,
1139 sizeof (struct TestSignatureDataPS));
1140 d2j (vec,
1141 "sig",
1142 &sig,
1143 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
1144 }
1145
1146 {
1147 json_t *vec = vec_for (vecs, "kdf");
1148 size_t out_len = 64;
1149 char out[out_len];
1150 char *ikm = "I'm the secret input key material";
1151 char *salt = "I'm very salty";
1152 char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
1153
1154 GNUNET_assert (GNUNET_OK ==
1155 GNUNET_CRYPTO_kdf (&out,
1156 out_len,
1157 salt,
1158 strlen (salt),
1159 ikm,
1160 strlen (ikm),
1161 ctx,
1162 strlen (ctx),
1163 NULL));
1164
1165 d2j (vec,
1166 "salt",
1167 salt,
1168 strlen (salt));
1169 d2j (vec,
1170 "ikm",
1171 ikm,
1172 strlen (ikm));
1173 d2j (vec,
1174 "ctx",
1175 ctx,
1176 strlen (ctx));
1177 uint2j (vec,
1178 "out_len",
1179 (unsigned int) out_len);
1180 d2j (vec,
1181 "out",
1182 out,
1183 out_len);
1184 }
1185 {
1186 json_t *vec = vec_for (vecs, "eddsa_ecdh");
1187 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
1188 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
1189 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
1190 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
1191 struct GNUNET_HashCode key_material;
1192
1193 GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
1194 GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
1195 GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
1196 GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
1197 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
1198
1199 d2j (vec, "priv_ecdhe",
1200 &priv_ecdhe,
1201 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1202 d2j (vec, "pub_ecdhe",
1203 &pub_ecdhe,
1204 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1205 d2j (vec, "priv_eddsa",
1206 &priv_eddsa,
1207 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1208 d2j (vec, "pub_eddsa",
1209 &pub_eddsa,
1210 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1211 d2j (vec, "key_material",
1212 &key_material,
1213 sizeof (struct GNUNET_HashCode));
1214 }
1215
1216 {
1217 json_t *vec = vec_for (vecs, "edx25519_derive");
1218 struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx;
1219 struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx;
1220 struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx;
1221 struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx;
1222 struct GNUNET_HashCode seed;
1223
1224 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1225 &seed,
1226 sizeof (struct GNUNET_HashCode));
1227 GNUNET_CRYPTO_edx25519_key_create (&priv1_edx);
1228 GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx);
1229 GNUNET_CRYPTO_edx25519_private_key_derive (&priv1_edx,
1230 &seed,
1231 sizeof (seed),
1232 &priv2_edx);
1233 GNUNET_CRYPTO_edx25519_public_key_derive (&pub1_edx,
1234 &seed,
1235 sizeof (seed),
1236 &pub2_edx);
1237
1238 d2j (vec, "priv1_edx",
1239 &priv1_edx,
1240 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1241 d2j (vec, "pub1_edx",
1242 &pub1_edx,
1243 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1244 d2j (vec, "seed",
1245 &seed,
1246 sizeof (struct GNUNET_HashCode));
1247 d2j (vec, "priv2_edx",
1248 &priv2_edx,
1249 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1250 d2j (vec, "pub2_edx",
1251 &pub2_edx,
1252 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1253 }
1254
1255 {
1256 json_t *vec = vec_for (vecs, "rsa_blind_signing");
1257
1258 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
1259 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
1260 struct GNUNET_HashCode message_hash;
1261 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
1262 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
1263 struct GNUNET_CRYPTO_RsaSignature *sig;
1264 void *blinded_data;
1265 size_t blinded_len;
1266 void *public_enc_data;
1267 size_t public_enc_len;
1268 void *secret_enc_data;
1269 size_t secret_enc_len;
1270 void *blinded_sig_enc_data;
1271 size_t blinded_sig_enc_length;
1272 void *sig_enc_data;
1273 size_t sig_enc_length;
1274
1275 skey = GNUNET_CRYPTO_rsa_private_key_create (2048);
1276 pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey);
1277 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1278 &message_hash,
1279 sizeof (struct GNUNET_HashCode));
1280 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1281 &bks,
1282 sizeof (struct
1283 GNUNET_CRYPTO_RsaBlindingKeySecret));
1284 GNUNET_assert (GNUNET_YES ==
1285 GNUNET_CRYPTO_rsa_blind (&message_hash,
1286 &bks,
1287 pkey,
1288 &blinded_data,
1289 &blinded_len));
1290 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
1291 blinded_len);
1292 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
1293 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
1294 pkey));
1295 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
1296 &public_enc_data);
1297 secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
1298 &secret_enc_data);
1299 blinded_sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
1300 &
1301 blinded_sig_enc_data);
1302 sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data);
1303 d2j (vec,
1304 "message_hash",
1305 &message_hash,
1306 sizeof (struct GNUNET_HashCode));
1307 d2j (vec,
1308 "rsa_public_key",
1309 public_enc_data,
1310 public_enc_len);
1311 d2j (vec,
1312 "rsa_private_key",
1313 secret_enc_data,
1314 secret_enc_len);
1315 d2j (vec,
1316 "blinding_key_secret",
1317 &bks,
1318 sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
1319 d2j (vec,
1320 "blinded_message",
1321 blinded_data,
1322 blinded_len);
1323 d2j (vec,
1324 "blinded_sig",
1325 blinded_sig_enc_data,
1326 blinded_sig_enc_length);
1327 d2j (vec,
1328 "sig",
1329 sig_enc_data,
1330 sig_enc_length);
1331 GNUNET_CRYPTO_rsa_private_key_free (skey);
1332 GNUNET_CRYPTO_rsa_public_key_free (pkey);
1333 GNUNET_CRYPTO_rsa_signature_free (sig);
1334 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
1335 GNUNET_free (public_enc_data);
1336 GNUNET_free (blinded_data);
1337 GNUNET_free (sig_enc_data);
1338 GNUNET_free (blinded_sig_enc_data);
1339 GNUNET_free (secret_enc_data);
1340 }
1341
1342 {
1343 json_t *vec = vec_for (vecs, "cs_blind_signing");
1344
1345 struct GNUNET_CRYPTO_CsPrivateKey priv;
1346 struct GNUNET_CRYPTO_CsPublicKey pub;
1347 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
1348 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
1349 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
1350 struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2];
1351 struct GNUNET_CRYPTO_CsC c[2];
1352 struct GNUNET_CRYPTO_CsS signature_scalar;
1353 struct GNUNET_CRYPTO_CsBlindS blinded_s;
1354 struct GNUNET_CRYPTO_CsSignature sig;
1355 struct GNUNET_CRYPTO_CsNonce nonce;
1356 unsigned int b;
1357 struct GNUNET_HashCode message_hash;
1358
1359 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1360 &message_hash,
1361 sizeof (struct GNUNET_HashCode));
1362
1363 GNUNET_CRYPTO_cs_private_key_generate (&priv);
1364 GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub);
1365
1366 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_hkdf (nonce.nonce,
1367 sizeof(nonce.nonce),
1368 GCRY_MD_SHA512,
1369 GCRY_MD_SHA256,
1370 "nonce",
1371 strlen ("nonce"),
1372 "nonce_secret",
1373 strlen ("nonce_secret"),
1374 NULL,
1375 0));
1376 GNUNET_CRYPTO_cs_r_derive (&nonce,
1377 "rw",
1378 &priv,
1379 r_priv);
1380 GNUNET_CRYPTO_cs_r_get_public (&r_priv[0],
1381 &r_pub[0]);
1382 GNUNET_CRYPTO_cs_r_get_public (&r_priv[1],
1383 &r_pub[1]);
1384 GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce,
1385 bs);
1386 GNUNET_CRYPTO_cs_calc_blinded_c (bs,
1387 r_pub,
1388 &pub,
1389 &message_hash,
1390 sizeof(message_hash),
1391 c,
1392 r_pub_blind);
1393 b = GNUNET_CRYPTO_cs_sign_derive (&priv,
1394 r_priv,
1395 c,
1396 &nonce,
1397 &blinded_s);
1398 GNUNET_CRYPTO_cs_unblind (&blinded_s, &bs[b], &signature_scalar);
1399 sig.r_point = r_pub_blind[b];
1400 sig.s_scalar = signature_scalar;
1401 if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig,
1402 &pub,
1403 &message_hash,
1404 sizeof(message_hash)))
1405 {
1406 GNUNET_break (0);
1407 return GNUNET_SYSERR;
1408 }
1409 d2j (vec,
1410 "message_hash",
1411 &message_hash,
1412 sizeof (struct GNUNET_HashCode));
1413 d2j (vec,
1414 "cs_public_key",
1415 &pub,
1416 sizeof(pub));
1417 d2j (vec,
1418 "cs_private_key",
1419 &priv,
1420 sizeof(priv));
1421 d2j (vec,
1422 "cs_nonce",
1423 &nonce,
1424 sizeof(nonce));
1425 d2j (vec,
1426 "cs_r_priv_0",
1427 &r_priv[0],
1428 sizeof(r_priv[0]));
1429 d2j (vec,
1430 "cs_r_priv_1",
1431 &r_priv[1],
1432 sizeof(r_priv[1]));
1433 d2j (vec,
1434 "cs_r_pub_0",
1435 &r_pub[0],
1436 sizeof(r_pub[0]));
1437 d2j (vec,
1438 "cs_r_pub_1",
1439 &r_pub[1],
1440 sizeof(r_pub[1]));
1441 d2j (vec,
1442 "cs_bs_alpha_0",
1443 &bs[0].alpha,
1444 sizeof(bs[0].alpha));
1445 d2j (vec,
1446 "cs_bs_alpha_1",
1447 &bs[1].alpha,
1448 sizeof(bs[1].alpha));
1449 d2j (vec,
1450 "cs_bs_beta_0",
1451 &bs[0].beta,
1452 sizeof(bs[0].beta));
1453 d2j (vec,
1454 "cs_bs_beta_1",
1455 &bs[1].beta,
1456 sizeof(bs[1].beta));
1457 d2j (vec,
1458 "cs_r_pub_blind_0",
1459 &r_pub_blind[0],
1460 sizeof(r_pub_blind[0]));
1461 d2j (vec,
1462 "cs_r_pub_blind_1",
1463 &r_pub_blind[1],
1464 sizeof(r_pub_blind[1]));
1465 d2j (vec,
1466 "cs_c_0",
1467 &c[0],
1468 sizeof(c[0]));
1469 d2j (vec,
1470 "cs_c_1",
1471 &c[1],
1472 sizeof(c[1]));
1473 d2j (vec,
1474 "cs_blind_s",
1475 &blinded_s,
1476 sizeof(blinded_s));
1477 d2j (vec,
1478 "cs_b",
1479 &b,
1480 sizeof(b));
1481 d2j (vec,
1482 "cs_sig_s",
1483 &signature_scalar,
1484 sizeof(signature_scalar));
1485 d2j (vec,
1486 "cs_sig_R",
1487 &r_pub_blind[b],
1488 sizeof(r_pub_blind[b]));
1489 }
1490
1491 json_dumpf (vecfile, stdout, JSON_INDENT (2));
1492 json_decref (vecfile);
1493 printf ("\n");
1494
1495 return 0;
1496}
1497
1498
1499/**
1500 * Main function that will be run.
1501 *
1502 * @param cls closure
1503 * @param args remaining command-line arguments
1504 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
1505 * @param cfg configuration
1506 */
1507static void
1508run (void *cls,
1509 char *const *args,
1510 const char *cfgfile,
1511 const struct GNUNET_CONFIGURATION_Handle *cfg)
1512{
1513 if (GNUNET_YES == verify_flag)
1514 global_ret = check_vectors ();
1515 else
1516 global_ret = output_vectors ();
1517}
1518
1519
1520/**
1521 * The main function of the test vector generation tool.
1522 *
1523 * @param argc number of arguments from the command line
1524 * @param argv command line arguments
1525 * @return 0 ok, 1 on error
1526 */
1527int
1528main (int argc,
1529 char *const *argv)
1530{
1531 const struct GNUNET_GETOPT_CommandLineOption options[] = {
1532 GNUNET_GETOPT_option_flag ('V',
1533 "verify",
1534 gettext_noop (
1535 "verify a test vector from stdin"),
1536 &verify_flag),
1537 GNUNET_GETOPT_OPTION_END
1538 };
1539
1540 GNUNET_assert (GNUNET_OK ==
1541 GNUNET_log_setup ("gnunet-crypto-tvg",
1542 "INFO",
1543 NULL));
1544 if (GNUNET_OK !=
1545 GNUNET_PROGRAM_run (argc, argv,
1546 "gnunet-crypto-tvg",
1547 "Generate test vectors for cryptographic operations",
1548 options,
1549 &run, NULL))
1550 return 1;
1551 return global_ret;
1552}
1553
1554
1555/* end of gnunet-crypto-tvg.c */
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-23 07:28:00 +0000