diff options
Diffstat (limited to 'src/cli/util/gnunet-crypto-tvg.c')
-rw-r--r-- | src/cli/util/gnunet-crypto-tvg.c | 1555 |
1 files changed, 1555 insertions, 0 deletions
diff --git a/src/cli/util/gnunet-crypto-tvg.c b/src/cli/util/gnunet-crypto-tvg.c new file mode 100644 index 000000000..5a16bb8fc --- /dev/null +++ b/src/cli/util/gnunet-crypto-tvg.c | |||
@@ -0,0 +1,1555 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2020 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file util/gnunet-crypto-tgv.c | ||
23 | * @brief Generate test vectors for cryptographic operations. | ||
24 | * @author Florian Dold | ||
25 | * | ||
26 | * Note that this program shouldn't depend on code in src/json/, | ||
27 | * so we're using raw jansson and no GNUnet JSON helpers. | ||
28 | * | ||
29 | * Test vectors have the following format (TypeScript pseudo code): | ||
30 | * | ||
31 | * interface TestVectorFile { | ||
32 | * encoding: "base32crockford"; | ||
33 | * producer?: string; | ||
34 | * vectors: TestVector[]; | ||
35 | * } | ||
36 | * | ||
37 | * enum Operation { | ||
38 | * Hash("hash"), | ||
39 | * ... | ||
40 | * } | ||
41 | * | ||
42 | * interface TestVector { | ||
43 | * operation: Operation; | ||
44 | * // Inputs for the operation | ||
45 | * [ k: string]: string | number; | ||
46 | * }; | ||
47 | * | ||
48 | * | ||
49 | */ | ||
50 | |||
51 | #include "platform.h" | ||
52 | #include "gnunet_util_lib.h" | ||
53 | #include "gnunet_signatures.h" | ||
54 | #include "gnunet_testing_lib.h" | ||
55 | #include <jansson.h> | ||
56 | #include <gcrypt.h> | ||
57 | |||
58 | GNUNET_NETWORK_STRUCT_BEGIN | ||
59 | |||
60 | /** | ||
61 | * Sample signature struct. | ||
62 | * | ||
63 | * Purpose is #GNUNET_SIGNATURE_PURPOSE_TEST | ||
64 | */ | ||
65 | struct TestSignatureDataPS | ||
66 | { | ||
67 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
68 | uint32_t testval; | ||
69 | }; | ||
70 | |||
71 | GNUNET_NETWORK_STRUCT_END | ||
72 | |||
73 | |||
74 | /** | ||
75 | * Should we verify or output test vectors? | ||
76 | */ | ||
77 | static int verify_flag = GNUNET_NO; | ||
78 | |||
79 | |||
80 | /** | ||
81 | * Global exit code. | ||
82 | */ | ||
83 | static int global_ret = 0; | ||
84 | |||
85 | |||
86 | /** | ||
87 | * Create a fresh test vector for a given operation label. | ||
88 | * | ||
89 | * @param vecs array of vectors to append the new vector to | ||
90 | * @param vecname label for the operation of the vector | ||
91 | * @returns the fresh test vector | ||
92 | */ | ||
93 | static json_t * | ||
94 | vec_for (json_t *vecs, const char *vecname) | ||
95 | { | ||
96 | json_t *t = json_object (); | ||
97 | |||
98 | json_object_set_new (t, | ||
99 | "operation", | ||
100 | json_string (vecname)); | ||
101 | json_array_append_new (vecs, t); | ||
102 | return t; | ||
103 | } | ||
104 | |||
105 | |||
106 | /** | ||
107 | * Add a base32crockford encoded value | ||
108 | * to a test vector. | ||
109 | * | ||
110 | * @param vec test vector to add to | ||
111 | * @param label label for the value | ||
112 | * @param data data to add | ||
113 | * @param size size of data | ||
114 | */ | ||
115 | static void | ||
116 | d2j (json_t *vec, | ||
117 | const char *label, | ||
118 | const void *data, | ||
119 | size_t size) | ||
120 | { | ||
121 | char *buf; | ||
122 | json_t *json; | ||
123 | |||
124 | buf = GNUNET_STRINGS_data_to_string_alloc (data, size); | ||
125 | json = json_string (buf); | ||
126 | GNUNET_free (buf); | ||
127 | GNUNET_break (NULL != json); | ||
128 | |||
129 | json_object_set_new (vec, label, json); | ||
130 | } | ||
131 | |||
132 | |||
133 | /** | ||
134 | * Add a number to a test vector. | ||
135 | * | ||
136 | * @param vec test vector to add to | ||
137 | * @param label label for the value | ||
138 | * @param data data to add | ||
139 | * @param size size of data | ||
140 | */ | ||
141 | static void | ||
142 | uint2j (json_t *vec, | ||
143 | const char *label, | ||
144 | unsigned int num) | ||
145 | { | ||
146 | json_t *json = json_integer (num); | ||
147 | |||
148 | json_object_set_new (vec, label, json); | ||
149 | } | ||
150 | |||
151 | |||
152 | static int | ||
153 | expect_data_fixed (json_t *vec, | ||
154 | const char *name, | ||
155 | void *data, | ||
156 | size_t expect_len) | ||
157 | { | ||
158 | const char *s = json_string_value (json_object_get (vec, name)); | ||
159 | |||
160 | if (NULL == s) | ||
161 | return GNUNET_NO; | ||
162 | |||
163 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, | ||
164 | strlen (s), | ||
165 | data, | ||
166 | expect_len)) | ||
167 | return GNUNET_NO; | ||
168 | return GNUNET_OK; | ||
169 | } | ||
170 | |||
171 | |||
172 | static int | ||
173 | expect_data_dynamic (json_t *vec, | ||
174 | const char *name, | ||
175 | void **data, | ||
176 | size_t *ret_len) | ||
177 | { | ||
178 | const char *s = json_string_value (json_object_get (vec, name)); | ||
179 | char *tmp; | ||
180 | size_t len; | ||
181 | |||
182 | if (NULL == s) | ||
183 | return GNUNET_NO; | ||
184 | |||
185 | len = (strlen (s) * 5) / 8; | ||
186 | if (NULL != ret_len) | ||
187 | *ret_len = len; | ||
188 | tmp = GNUNET_malloc (len); | ||
189 | |||
190 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len)) | ||
191 | { | ||
192 | GNUNET_free (tmp); | ||
193 | return GNUNET_NO; | ||
194 | } | ||
195 | *data = tmp; | ||
196 | return GNUNET_OK; | ||
197 | } | ||
198 | |||
199 | |||
200 | /** | ||
201 | * Check a single vector. | ||
202 | * | ||
203 | * @param operation operator of the vector | ||
204 | * @param vec the vector, a JSON object. | ||
205 | * | ||
206 | * @returns GNUNET_OK if the vector is okay | ||
207 | */ | ||
208 | static int | ||
209 | checkvec (const char *operation, | ||
210 | json_t *vec) | ||
211 | { | ||
212 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
213 | "checking %s\n", operation); | ||
214 | |||
215 | if (0 == strcmp (operation, "hash")) | ||
216 | { | ||
217 | void *data; | ||
218 | size_t data_len; | ||
219 | struct GNUNET_HashCode hash_out; | ||
220 | struct GNUNET_HashCode hc; | ||
221 | |||
222 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
223 | "input", | ||
224 | &data, | ||
225 | &data_len)) | ||
226 | { | ||
227 | GNUNET_break (0); | ||
228 | return GNUNET_SYSERR; | ||
229 | } | ||
230 | if (GNUNET_OK != expect_data_fixed (vec, | ||
231 | "output", | ||
232 | &hash_out, | ||
233 | sizeof (hash_out))) | ||
234 | { | ||
235 | GNUNET_free (data); | ||
236 | GNUNET_break (0); | ||
237 | return GNUNET_NO; | ||
238 | } | ||
239 | |||
240 | GNUNET_CRYPTO_hash (data, data_len, &hc); | ||
241 | |||
242 | if (0 != GNUNET_memcmp (&hc, &hash_out)) | ||
243 | { | ||
244 | GNUNET_free (data); | ||
245 | GNUNET_break (0); | ||
246 | return GNUNET_NO; | ||
247 | } | ||
248 | GNUNET_free (data); | ||
249 | } | ||
250 | else if (0 == strcmp (operation, "ecc_ecdh")) | ||
251 | { | ||
252 | struct GNUNET_CRYPTO_EcdhePrivateKey priv1; | ||
253 | struct GNUNET_CRYPTO_EcdhePublicKey pub1; | ||
254 | struct GNUNET_CRYPTO_EcdhePrivateKey priv2; | ||
255 | struct GNUNET_HashCode skm; | ||
256 | struct GNUNET_HashCode skm_comp; | ||
257 | |||
258 | if (GNUNET_OK != expect_data_fixed (vec, | ||
259 | "priv1", | ||
260 | &priv1, | ||
261 | sizeof (priv1))) | ||
262 | { | ||
263 | GNUNET_break (0); | ||
264 | return GNUNET_NO; | ||
265 | } | ||
266 | if (GNUNET_OK != expect_data_fixed (vec, | ||
267 | "priv2", | ||
268 | &priv2, | ||
269 | sizeof (priv2))) | ||
270 | { | ||
271 | GNUNET_break (0); | ||
272 | return GNUNET_NO; | ||
273 | } | ||
274 | if (GNUNET_OK != expect_data_fixed (vec, | ||
275 | "pub1", | ||
276 | &pub1, | ||
277 | sizeof (pub1))) | ||
278 | { | ||
279 | GNUNET_break (0); | ||
280 | return GNUNET_NO; | ||
281 | } | ||
282 | if (GNUNET_OK != expect_data_fixed (vec, | ||
283 | "skm", | ||
284 | &skm, | ||
285 | sizeof (skm))) | ||
286 | { | ||
287 | GNUNET_break (0); | ||
288 | return GNUNET_NO; | ||
289 | } | ||
290 | GNUNET_assert (GNUNET_OK == | ||
291 | GNUNET_CRYPTO_ecc_ecdh (&priv2, | ||
292 | &pub1, | ||
293 | &skm_comp)); | ||
294 | if (0 != GNUNET_memcmp (&skm, &skm_comp)) | ||
295 | { | ||
296 | GNUNET_break (0); | ||
297 | return GNUNET_NO; | ||
298 | } | ||
299 | } | ||
300 | else if (0 == strcmp (operation, "eddsa_key_derivation")) | ||
301 | { | ||
302 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
303 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
304 | struct GNUNET_CRYPTO_EddsaPublicKey pub_comp; | ||
305 | |||
306 | if (GNUNET_OK != expect_data_fixed (vec, | ||
307 | "priv", | ||
308 | &priv, | ||
309 | sizeof (priv))) | ||
310 | { | ||
311 | GNUNET_break (0); | ||
312 | return GNUNET_NO; | ||
313 | } | ||
314 | |||
315 | if (GNUNET_OK != expect_data_fixed (vec, | ||
316 | "pub", | ||
317 | &pub, | ||
318 | sizeof (pub))) | ||
319 | { | ||
320 | GNUNET_break (0); | ||
321 | return GNUNET_NO; | ||
322 | } | ||
323 | |||
324 | GNUNET_CRYPTO_eddsa_key_get_public (&priv, | ||
325 | &pub_comp); | ||
326 | if (0 != GNUNET_memcmp (&pub, &pub_comp)) | ||
327 | { | ||
328 | GNUNET_break (0); | ||
329 | return GNUNET_NO; | ||
330 | } | ||
331 | |||
332 | } | ||
333 | else if (0 == strcmp (operation, "eddsa_signing")) | ||
334 | { | ||
335 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
336 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
337 | struct TestSignatureDataPS data = { 0 }; | ||
338 | struct GNUNET_CRYPTO_EddsaSignature sig; | ||
339 | struct GNUNET_CRYPTO_EddsaSignature sig_comp; | ||
340 | |||
341 | if (GNUNET_OK != expect_data_fixed (vec, | ||
342 | "priv", | ||
343 | &priv, | ||
344 | sizeof (priv))) | ||
345 | { | ||
346 | GNUNET_break (0); | ||
347 | return GNUNET_NO; | ||
348 | } | ||
349 | |||
350 | if (GNUNET_OK != expect_data_fixed (vec, | ||
351 | "pub", | ||
352 | &pub, | ||
353 | sizeof (pub))) | ||
354 | { | ||
355 | GNUNET_break (0); | ||
356 | return GNUNET_NO; | ||
357 | } | ||
358 | |||
359 | if (GNUNET_OK != expect_data_fixed (vec, | ||
360 | "data", | ||
361 | &data, | ||
362 | sizeof (data))) | ||
363 | { | ||
364 | GNUNET_break (0); | ||
365 | return GNUNET_NO; | ||
366 | } | ||
367 | |||
368 | if (GNUNET_OK != expect_data_fixed (vec, | ||
369 | "sig", | ||
370 | &sig, | ||
371 | sizeof (sig))) | ||
372 | { | ||
373 | GNUNET_break (0); | ||
374 | return GNUNET_NO; | ||
375 | } | ||
376 | |||
377 | GNUNET_CRYPTO_eddsa_sign (&priv, | ||
378 | &data, | ||
379 | &sig_comp); | ||
380 | GNUNET_assert (GNUNET_OK == | ||
381 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, | ||
382 | &data, | ||
383 | &sig, | ||
384 | &pub)); | ||
385 | if (0 != GNUNET_memcmp (&sig, &sig_comp)) | ||
386 | { | ||
387 | GNUNET_break (0); | ||
388 | return GNUNET_NO; | ||
389 | } | ||
390 | } | ||
391 | else if (0 == strcmp (operation, "kdf")) | ||
392 | { | ||
393 | size_t out_len; | ||
394 | void *out; | ||
395 | size_t out_len_comp; | ||
396 | void *out_comp; | ||
397 | void *ikm; | ||
398 | size_t ikm_len; | ||
399 | void *salt; | ||
400 | size_t salt_len; | ||
401 | void *ctx; | ||
402 | size_t ctx_len; | ||
403 | |||
404 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
405 | "out", | ||
406 | &out, | ||
407 | &out_len)) | ||
408 | { | ||
409 | GNUNET_break (0); | ||
410 | return GNUNET_SYSERR; | ||
411 | } | ||
412 | |||
413 | out_len_comp = out_len; | ||
414 | out_comp = GNUNET_malloc (out_len_comp); | ||
415 | |||
416 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
417 | "ikm", | ||
418 | &ikm, | ||
419 | &ikm_len)) | ||
420 | { | ||
421 | GNUNET_free (out); | ||
422 | GNUNET_free (out_comp); | ||
423 | GNUNET_break (0); | ||
424 | return GNUNET_SYSERR; | ||
425 | } | ||
426 | |||
427 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
428 | "salt", | ||
429 | &salt, | ||
430 | &salt_len)) | ||
431 | { | ||
432 | GNUNET_free (out); | ||
433 | GNUNET_free (out_comp); | ||
434 | GNUNET_free (ikm); | ||
435 | GNUNET_break (0); | ||
436 | return GNUNET_SYSERR; | ||
437 | } | ||
438 | |||
439 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
440 | "ctx", | ||
441 | &ctx, | ||
442 | &ctx_len)) | ||
443 | { | ||
444 | GNUNET_free (out); | ||
445 | GNUNET_free (out_comp); | ||
446 | GNUNET_free (ikm); | ||
447 | GNUNET_free (salt); | ||
448 | GNUNET_break (0); | ||
449 | return GNUNET_SYSERR; | ||
450 | } | ||
451 | |||
452 | GNUNET_assert (GNUNET_OK == | ||
453 | GNUNET_CRYPTO_kdf (out_comp, | ||
454 | out_len_comp, | ||
455 | salt, | ||
456 | salt_len, | ||
457 | ikm, | ||
458 | ikm_len, | ||
459 | ctx, | ||
460 | ctx_len, | ||
461 | NULL)); | ||
462 | |||
463 | if (0 != memcmp (out, out_comp, out_len)) | ||
464 | { | ||
465 | GNUNET_free (out); | ||
466 | GNUNET_free (out_comp); | ||
467 | GNUNET_free (ikm); | ||
468 | GNUNET_free (salt); | ||
469 | GNUNET_free (ctx); | ||
470 | GNUNET_break (0); | ||
471 | return GNUNET_NO; | ||
472 | } | ||
473 | GNUNET_free (out); | ||
474 | GNUNET_free (out_comp); | ||
475 | GNUNET_free (ikm); | ||
476 | GNUNET_free (salt); | ||
477 | GNUNET_free (ctx); | ||
478 | } | ||
479 | else if (0 == strcmp (operation, "eddsa_ecdh")) | ||
480 | { | ||
481 | struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe; | ||
482 | struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe; | ||
483 | struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa; | ||
484 | struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa; | ||
485 | struct GNUNET_HashCode key_material; | ||
486 | struct GNUNET_HashCode key_material_comp; | ||
487 | |||
488 | if (GNUNET_OK != expect_data_fixed (vec, | ||
489 | "priv_ecdhe", | ||
490 | &priv_ecdhe, | ||
491 | sizeof (priv_ecdhe))) | ||
492 | { | ||
493 | GNUNET_break (0); | ||
494 | return GNUNET_NO; | ||
495 | } | ||
496 | |||
497 | if (GNUNET_OK != expect_data_fixed (vec, | ||
498 | "pub_ecdhe", | ||
499 | &pub_ecdhe, | ||
500 | sizeof (pub_ecdhe))) | ||
501 | { | ||
502 | GNUNET_break (0); | ||
503 | return GNUNET_NO; | ||
504 | } | ||
505 | |||
506 | if (GNUNET_OK != expect_data_fixed (vec, | ||
507 | "priv_eddsa", | ||
508 | &priv_eddsa, | ||
509 | sizeof (priv_eddsa))) | ||
510 | { | ||
511 | GNUNET_break (0); | ||
512 | return GNUNET_NO; | ||
513 | } | ||
514 | |||
515 | if (GNUNET_OK != expect_data_fixed (vec, | ||
516 | "pub_eddsa", | ||
517 | &pub_eddsa, | ||
518 | sizeof (pub_eddsa))) | ||
519 | { | ||
520 | GNUNET_break (0); | ||
521 | return GNUNET_NO; | ||
522 | } | ||
523 | |||
524 | if (GNUNET_OK != expect_data_fixed (vec, | ||
525 | "key_material", | ||
526 | &key_material, | ||
527 | sizeof (key_material))) | ||
528 | { | ||
529 | GNUNET_break (0); | ||
530 | return GNUNET_NO; | ||
531 | } | ||
532 | |||
533 | GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material_comp); | ||
534 | |||
535 | if (0 != GNUNET_memcmp (&key_material, &key_material_comp)) | ||
536 | { | ||
537 | GNUNET_break (0); | ||
538 | return GNUNET_NO; | ||
539 | } | ||
540 | } | ||
541 | else if (0 == strcmp (operation, "rsa_blind_signing")) | ||
542 | { | ||
543 | struct GNUNET_CRYPTO_RsaPrivateKey *skey; | ||
544 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; | ||
545 | struct GNUNET_HashCode message_hash; | ||
546 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; | ||
547 | struct GNUNET_CRYPTO_RsaSignature *blinded_sig; | ||
548 | struct GNUNET_CRYPTO_RsaSignature *sig; | ||
549 | void *blinded_data; | ||
550 | size_t blinded_len; | ||
551 | void *blinded_data_comp; | ||
552 | size_t blinded_len_comp; | ||
553 | void *public_enc_data; | ||
554 | size_t public_enc_len; | ||
555 | void *secret_enc_data; | ||
556 | size_t secret_enc_len; | ||
557 | void *sig_enc_data; | ||
558 | size_t sig_enc_length; | ||
559 | void *sig_enc_data_comp; | ||
560 | size_t sig_enc_length_comp; | ||
561 | |||
562 | if (GNUNET_OK != expect_data_fixed (vec, | ||
563 | "message_hash", | ||
564 | &message_hash, | ||
565 | sizeof (message_hash))) | ||
566 | { | ||
567 | GNUNET_break (0); | ||
568 | return GNUNET_SYSERR; | ||
569 | } | ||
570 | |||
571 | if (GNUNET_OK != expect_data_fixed (vec, | ||
572 | "blinding_key_secret", | ||
573 | &bks, | ||
574 | sizeof (bks))) | ||
575 | { | ||
576 | GNUNET_break (0); | ||
577 | return GNUNET_SYSERR; | ||
578 | } | ||
579 | |||
580 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
581 | "blinded_message", | ||
582 | &blinded_data, | ||
583 | &blinded_len)) | ||
584 | { | ||
585 | GNUNET_break (0); | ||
586 | return GNUNET_SYSERR; | ||
587 | } | ||
588 | |||
589 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
590 | "rsa_public_key", | ||
591 | &public_enc_data, | ||
592 | &public_enc_len)) | ||
593 | { | ||
594 | GNUNET_free (blinded_data); | ||
595 | GNUNET_break (0); | ||
596 | return GNUNET_SYSERR; | ||
597 | } | ||
598 | |||
599 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
600 | "rsa_private_key", | ||
601 | &secret_enc_data, | ||
602 | &secret_enc_len)) | ||
603 | { | ||
604 | GNUNET_free (blinded_data); | ||
605 | GNUNET_free (public_enc_data); | ||
606 | GNUNET_break (0); | ||
607 | return GNUNET_SYSERR; | ||
608 | } | ||
609 | |||
610 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
611 | "sig", | ||
612 | &sig_enc_data, | ||
613 | &sig_enc_length)) | ||
614 | { | ||
615 | GNUNET_free (blinded_data); | ||
616 | GNUNET_free (public_enc_data); | ||
617 | GNUNET_free (secret_enc_data); | ||
618 | GNUNET_break (0); | ||
619 | return GNUNET_SYSERR; | ||
620 | } | ||
621 | |||
622 | pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data, | ||
623 | public_enc_len); | ||
624 | GNUNET_assert (NULL != pkey); | ||
625 | skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data, | ||
626 | secret_enc_len); | ||
627 | GNUNET_assert (NULL != skey); | ||
628 | |||
629 | GNUNET_assert (GNUNET_YES == | ||
630 | GNUNET_CRYPTO_rsa_blind (&message_hash, | ||
631 | &bks, | ||
632 | pkey, | ||
633 | &blinded_data_comp, | ||
634 | &blinded_len_comp)); | ||
635 | if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data, | ||
636 | blinded_data_comp, | ||
637 | blinded_len)) ) | ||
638 | { | ||
639 | GNUNET_free (blinded_data); | ||
640 | GNUNET_free (blinded_data_comp); | ||
641 | GNUNET_free (public_enc_data); | ||
642 | GNUNET_free (secret_enc_data); | ||
643 | GNUNET_free (sig_enc_data); | ||
644 | GNUNET_CRYPTO_rsa_private_key_free (skey); | ||
645 | GNUNET_CRYPTO_rsa_public_key_free (pkey); | ||
646 | GNUNET_break (0); | ||
647 | return GNUNET_NO; | ||
648 | } | ||
649 | blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data, | ||
650 | blinded_len); | ||
651 | sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey); | ||
652 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig, | ||
653 | pkey)); | ||
654 | GNUNET_free(public_enc_data); | ||
655 | public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, | ||
656 | &public_enc_data); | ||
657 | sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig, | ||
658 | &sig_enc_data_comp); | ||
659 | |||
660 | if ( (sig_enc_length != sig_enc_length_comp) || | ||
661 | (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) )) | ||
662 | { | ||
663 | GNUNET_CRYPTO_rsa_signature_free (blinded_sig); | ||
664 | GNUNET_free (blinded_data); | ||
665 | GNUNET_free (blinded_data_comp); | ||
666 | GNUNET_free (public_enc_data); | ||
667 | GNUNET_free (secret_enc_data); | ||
668 | GNUNET_free (sig_enc_data); | ||
669 | GNUNET_free (sig_enc_data_comp); | ||
670 | GNUNET_CRYPTO_rsa_private_key_free (skey); | ||
671 | GNUNET_CRYPTO_rsa_signature_free (sig); | ||
672 | GNUNET_CRYPTO_rsa_public_key_free (pkey); | ||
673 | GNUNET_break (0); | ||
674 | return GNUNET_NO; | ||
675 | } | ||
676 | GNUNET_CRYPTO_rsa_signature_free (blinded_sig); | ||
677 | GNUNET_free (blinded_data); | ||
678 | GNUNET_free (blinded_data_comp); | ||
679 | GNUNET_free (public_enc_data); | ||
680 | GNUNET_free (secret_enc_data); | ||
681 | GNUNET_free (sig_enc_data); | ||
682 | GNUNET_free (sig_enc_data_comp); | ||
683 | GNUNET_CRYPTO_rsa_signature_free (sig); | ||
684 | GNUNET_CRYPTO_rsa_public_key_free (pkey); | ||
685 | GNUNET_CRYPTO_rsa_private_key_free (skey); | ||
686 | } | ||
687 | else if (0 == strcmp (operation, "cs_blind_signing")) | ||
688 | { | ||
689 | struct GNUNET_CRYPTO_CsPrivateKey priv; | ||
690 | struct GNUNET_CRYPTO_CsPublicKey pub; | ||
691 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
692 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; | ||
693 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
694 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2]; | ||
695 | struct GNUNET_CRYPTO_CsC c[2]; | ||
696 | struct GNUNET_CRYPTO_CsS signature_scalar; | ||
697 | struct GNUNET_CRYPTO_CsBlindS blinded_s; | ||
698 | struct GNUNET_CRYPTO_CsSignature sig; | ||
699 | struct GNUNET_CRYPTO_CsNonce nonce; | ||
700 | struct GNUNET_HashCode message_hash; | ||
701 | unsigned int b; | ||
702 | |||
703 | if (GNUNET_OK != expect_data_fixed (vec, | ||
704 | "message_hash", | ||
705 | &message_hash, | ||
706 | sizeof (message_hash))) | ||
707 | { | ||
708 | GNUNET_break (0); | ||
709 | return GNUNET_SYSERR; | ||
710 | } | ||
711 | if (GNUNET_OK != expect_data_fixed (vec, | ||
712 | "cs_public_key", | ||
713 | &pub, | ||
714 | sizeof (pub))) | ||
715 | { | ||
716 | GNUNET_break (0); | ||
717 | return GNUNET_SYSERR; | ||
718 | } | ||
719 | |||
720 | if (GNUNET_OK != expect_data_fixed (vec, | ||
721 | "cs_private_key", | ||
722 | &priv, | ||
723 | sizeof (priv))) | ||
724 | { | ||
725 | GNUNET_break (0); | ||
726 | return GNUNET_SYSERR; | ||
727 | } | ||
728 | if (GNUNET_OK != expect_data_fixed (vec, | ||
729 | "cs_nonce", | ||
730 | &nonce, | ||
731 | sizeof (nonce))) | ||
732 | { | ||
733 | GNUNET_break (0); | ||
734 | return GNUNET_SYSERR; | ||
735 | } | ||
736 | if (GNUNET_OK != expect_data_fixed (vec, | ||
737 | "cs_r_priv_0", | ||
738 | &r_priv[0], | ||
739 | sizeof (r_priv[0]))) | ||
740 | { | ||
741 | GNUNET_break (0); | ||
742 | return GNUNET_SYSERR; | ||
743 | } | ||
744 | if (GNUNET_OK != expect_data_fixed (vec, | ||
745 | "cs_r_priv_1", | ||
746 | &r_priv[1], | ||
747 | sizeof (r_priv[1]))) | ||
748 | { | ||
749 | GNUNET_break (0); | ||
750 | return GNUNET_SYSERR; | ||
751 | } | ||
752 | if (GNUNET_OK != expect_data_fixed (vec, | ||
753 | "cs_r_pub_0", | ||
754 | &r_pub[0], | ||
755 | sizeof (r_pub[0]))) | ||
756 | { | ||
757 | GNUNET_break (0); | ||
758 | return GNUNET_SYSERR; | ||
759 | } | ||
760 | if (GNUNET_OK != expect_data_fixed (vec, | ||
761 | "cs_r_pub_1", | ||
762 | &r_pub[1], | ||
763 | sizeof (r_pub[1]))) | ||
764 | { | ||
765 | GNUNET_break (0); | ||
766 | return GNUNET_SYSERR; | ||
767 | } | ||
768 | |||
769 | if (GNUNET_OK != expect_data_fixed (vec, | ||
770 | "cs_bs_alpha_0", | ||
771 | &bs[0].alpha, | ||
772 | sizeof (bs[0].alpha))) | ||
773 | { | ||
774 | GNUNET_break (0); | ||
775 | return GNUNET_SYSERR; | ||
776 | } | ||
777 | if (GNUNET_OK != expect_data_fixed (vec, | ||
778 | "cs_bs_alpha_1", | ||
779 | &bs[1].alpha, | ||
780 | sizeof (bs[1].alpha))) | ||
781 | { | ||
782 | GNUNET_break (0); | ||
783 | return GNUNET_SYSERR; | ||
784 | } | ||
785 | if (GNUNET_OK != expect_data_fixed (vec, | ||
786 | "cs_bs_beta_0", | ||
787 | &bs[0].beta, | ||
788 | sizeof (bs[0].beta))) | ||
789 | { | ||
790 | GNUNET_break (0); | ||
791 | return GNUNET_SYSERR; | ||
792 | } | ||
793 | if (GNUNET_OK != expect_data_fixed (vec, | ||
794 | "cs_bs_beta_1", | ||
795 | &bs[1].beta, | ||
796 | sizeof (bs[1].beta))) | ||
797 | { | ||
798 | GNUNET_break (0); | ||
799 | return GNUNET_SYSERR; | ||
800 | } | ||
801 | if (GNUNET_OK != expect_data_fixed (vec, | ||
802 | "cs_r_pub_blind_0", | ||
803 | &r_pub_blind[0], | ||
804 | sizeof (r_pub_blind[0]))) | ||
805 | { | ||
806 | GNUNET_break (0); | ||
807 | return GNUNET_SYSERR; | ||
808 | } | ||
809 | if (GNUNET_OK != expect_data_fixed (vec, | ||
810 | "cs_r_pub_blind_1", | ||
811 | &r_pub_blind[1], | ||
812 | sizeof (r_pub_blind[1]))) | ||
813 | { | ||
814 | GNUNET_break (0); | ||
815 | return GNUNET_SYSERR; | ||
816 | } | ||
817 | if (GNUNET_OK != expect_data_fixed (vec, | ||
818 | "cs_c_0", | ||
819 | &c[0], | ||
820 | sizeof (c[0]))) | ||
821 | { | ||
822 | GNUNET_break (0); | ||
823 | return GNUNET_SYSERR; | ||
824 | } | ||
825 | if (GNUNET_OK != expect_data_fixed (vec, | ||
826 | "cs_c_1", | ||
827 | &c[1], | ||
828 | sizeof (c[1]))) | ||
829 | { | ||
830 | GNUNET_break (0); | ||
831 | return GNUNET_SYSERR; | ||
832 | } | ||
833 | if (GNUNET_OK != expect_data_fixed (vec, | ||
834 | "cs_blind_s", | ||
835 | &blinded_s, | ||
836 | sizeof (blinded_s))) | ||
837 | { | ||
838 | GNUNET_break (0); | ||
839 | return GNUNET_SYSERR; | ||
840 | } | ||
841 | if (GNUNET_OK != expect_data_fixed (vec, | ||
842 | "cs_b", | ||
843 | &b, | ||
844 | sizeof (b))) | ||
845 | { | ||
846 | GNUNET_break (0); | ||
847 | return GNUNET_SYSERR; | ||
848 | } | ||
849 | if (GNUNET_OK != expect_data_fixed (vec, | ||
850 | "cs_sig_s", | ||
851 | &signature_scalar, | ||
852 | sizeof (signature_scalar))) | ||
853 | { | ||
854 | GNUNET_break (0); | ||
855 | return GNUNET_SYSERR; | ||
856 | } | ||
857 | sig.s_scalar = signature_scalar; | ||
858 | if (GNUNET_OK != expect_data_fixed (vec, | ||
859 | "cs_sig_R", | ||
860 | &sig.r_point, | ||
861 | sizeof (sig.r_point))) | ||
862 | { | ||
863 | GNUNET_break (0); | ||
864 | return GNUNET_SYSERR; | ||
865 | } | ||
866 | |||
867 | if ((b != 1) && (b != 0)) | ||
868 | { | ||
869 | GNUNET_break (0); | ||
870 | return GNUNET_SYSERR; | ||
871 | } | ||
872 | |||
873 | struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2]; | ||
874 | struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2]; | ||
875 | struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2]; | ||
876 | struct GNUNET_CRYPTO_CsC c_comp[2]; | ||
877 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind_comp[2]; | ||
878 | struct GNUNET_CRYPTO_CsBlindS blinded_s_comp; | ||
879 | struct GNUNET_CRYPTO_CsS signature_scalar_comp; | ||
880 | struct GNUNET_CRYPTO_CsSignature sig_comp; | ||
881 | unsigned int b_comp; | ||
882 | |||
883 | |||
884 | GNUNET_CRYPTO_cs_r_derive (&nonce, | ||
885 | "rw", | ||
886 | &priv, | ||
887 | r_priv_comp); | ||
888 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0], | ||
889 | &r_pub_comp[0]); | ||
890 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1], | ||
891 | &r_pub_comp[1]); | ||
892 | GNUNET_assert (0 == memcmp (&r_priv_comp, | ||
893 | &r_priv, | ||
894 | sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2)); | ||
895 | GNUNET_assert (0 == memcmp (&r_pub_comp, | ||
896 | &r_pub, | ||
897 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | ||
898 | |||
899 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, | ||
900 | bs_comp); | ||
901 | GNUNET_assert (0 == memcmp (&bs_comp, | ||
902 | &bs, | ||
903 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) | ||
904 | * 2)); | ||
905 | GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp, | ||
906 | r_pub_comp, | ||
907 | &pub, | ||
908 | &message_hash, | ||
909 | sizeof(message_hash), | ||
910 | c_comp, | ||
911 | r_pub_blind_comp); | ||
912 | GNUNET_assert (0 == memcmp (&c_comp, | ||
913 | &c, | ||
914 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); | ||
915 | GNUNET_assert (0 == memcmp (&r_pub_blind_comp, | ||
916 | &r_pub_blind, | ||
917 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | ||
918 | b_comp = GNUNET_CRYPTO_cs_sign_derive (&priv, | ||
919 | r_priv_comp, | ||
920 | c_comp, | ||
921 | &nonce, | ||
922 | &blinded_s_comp); | ||
923 | GNUNET_assert (0 == memcmp (&blinded_s_comp, | ||
924 | &blinded_s, | ||
925 | sizeof(blinded_s))); | ||
926 | GNUNET_assert (0 == memcmp (&b_comp, | ||
927 | &b, | ||
928 | sizeof(b))); | ||
929 | GNUNET_CRYPTO_cs_unblind (&blinded_s_comp, | ||
930 | &bs_comp[b_comp], | ||
931 | &signature_scalar_comp); | ||
932 | GNUNET_assert (0 == memcmp (&signature_scalar_comp, | ||
933 | &signature_scalar, | ||
934 | sizeof(signature_scalar_comp))); | ||
935 | sig_comp.r_point = r_pub_blind_comp[b_comp]; | ||
936 | sig_comp.s_scalar = signature_scalar_comp; | ||
937 | GNUNET_assert (0 == memcmp (&sig_comp, | ||
938 | &sig, | ||
939 | sizeof(sig_comp))); | ||
940 | if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig_comp, | ||
941 | &pub, | ||
942 | &message_hash, | ||
943 | sizeof(message_hash))) | ||
944 | { | ||
945 | GNUNET_break (0); | ||
946 | return GNUNET_SYSERR; | ||
947 | } | ||
948 | } | ||
949 | else | ||
950 | { | ||
951 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
952 | "unsupported operation '%s'\n", operation); | ||
953 | } | ||
954 | |||
955 | return GNUNET_OK; | ||
956 | } | ||
957 | |||
958 | |||
959 | /** | ||
960 | * Check test vectors from stdin. | ||
961 | * | ||
962 | * @returns global exit code | ||
963 | */ | ||
964 | static int | ||
965 | check_vectors () | ||
966 | { | ||
967 | json_error_t err; | ||
968 | json_t *vecfile = json_loadf (stdin, 0, &err); | ||
969 | const char *encoding; | ||
970 | json_t *vectors; | ||
971 | |||
972 | if (NULL == vecfile) | ||
973 | { | ||
974 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n"); | ||
975 | return 1; | ||
976 | } | ||
977 | encoding = json_string_value (json_object_get (vecfile, | ||
978 | "encoding")); | ||
979 | if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) ) | ||
980 | { | ||
981 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n"); | ||
982 | json_decref (vecfile); | ||
983 | return 1; | ||
984 | } | ||
985 | vectors = json_object_get (vecfile, "vectors"); | ||
986 | if (! json_is_array (vectors)) | ||
987 | { | ||
988 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n"); | ||
989 | json_decref (vecfile); | ||
990 | return 1; | ||
991 | } | ||
992 | { | ||
993 | /* array is a JSON array */ | ||
994 | size_t index; | ||
995 | json_t *value; | ||
996 | int ret; | ||
997 | |||
998 | json_array_foreach (vectors, index, value) { | ||
999 | const char *op = json_string_value (json_object_get (value, | ||
1000 | "operation")); | ||
1001 | |||
1002 | if (NULL == op) | ||
1003 | { | ||
1004 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1005 | "missing operation\n"); | ||
1006 | ret = GNUNET_SYSERR; | ||
1007 | break; | ||
1008 | } | ||
1009 | ret = checkvec (op, value); | ||
1010 | if (GNUNET_OK != ret) | ||
1011 | { | ||
1012 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1013 | "bad vector %u\n", | ||
1014 | (unsigned int) index); | ||
1015 | break; | ||
1016 | } | ||
1017 | } | ||
1018 | json_decref (vecfile); | ||
1019 | return (ret == GNUNET_OK) ? 0 : 1; | ||
1020 | } | ||
1021 | } | ||
1022 | |||
1023 | |||
1024 | /** | ||
1025 | * Output test vectors. | ||
1026 | * | ||
1027 | * @returns global exit code | ||
1028 | */ | ||
1029 | static int | ||
1030 | output_vectors () | ||
1031 | { | ||
1032 | json_t *vecfile = json_object (); | ||
1033 | json_t *vecs = json_array (); | ||
1034 | |||
1035 | json_object_set_new (vecfile, | ||
1036 | "encoding", | ||
1037 | json_string ("base32crockford")); | ||
1038 | json_object_set_new (vecfile, | ||
1039 | "producer", | ||
1040 | json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION)); | ||
1041 | json_object_set_new (vecfile, | ||
1042 | "vectors", | ||
1043 | vecs); | ||
1044 | |||
1045 | { | ||
1046 | json_t *vec = vec_for (vecs, "hash"); | ||
1047 | struct GNUNET_HashCode hc; | ||
1048 | char *str = "Hello, GNUnet"; | ||
1049 | |||
1050 | GNUNET_CRYPTO_hash (str, strlen (str), &hc); | ||
1051 | |||
1052 | d2j (vec, "input", str, strlen (str)); | ||
1053 | d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode)); | ||
1054 | } | ||
1055 | { | ||
1056 | json_t *vec = vec_for (vecs, "ecc_ecdh"); | ||
1057 | struct GNUNET_CRYPTO_EcdhePrivateKey priv1; | ||
1058 | struct GNUNET_CRYPTO_EcdhePublicKey pub1; | ||
1059 | struct GNUNET_CRYPTO_EcdhePrivateKey priv2; | ||
1060 | struct GNUNET_HashCode skm; | ||
1061 | |||
1062 | GNUNET_CRYPTO_ecdhe_key_create (&priv1); | ||
1063 | GNUNET_CRYPTO_ecdhe_key_create (&priv2); | ||
1064 | GNUNET_CRYPTO_ecdhe_key_get_public (&priv1, | ||
1065 | &pub1); | ||
1066 | GNUNET_assert (GNUNET_OK == | ||
1067 | GNUNET_CRYPTO_ecc_ecdh (&priv2, | ||
1068 | &pub1, | ||
1069 | &skm)); | ||
1070 | |||
1071 | d2j (vec, | ||
1072 | "priv1", | ||
1073 | &priv1, | ||
1074 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
1075 | d2j (vec, | ||
1076 | "pub1", | ||
1077 | &pub1, | ||
1078 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
1079 | d2j (vec, | ||
1080 | "priv2", | ||
1081 | &priv2, | ||
1082 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
1083 | d2j (vec, | ||
1084 | "skm", | ||
1085 | &skm, | ||
1086 | sizeof (struct GNUNET_HashCode)); | ||
1087 | } | ||
1088 | |||
1089 | { | ||
1090 | json_t *vec = vec_for (vecs, "eddsa_key_derivation"); | ||
1091 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
1092 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
1093 | |||
1094 | GNUNET_CRYPTO_eddsa_key_create (&priv); | ||
1095 | GNUNET_CRYPTO_eddsa_key_get_public (&priv, | ||
1096 | &pub); | ||
1097 | |||
1098 | d2j (vec, | ||
1099 | "priv", | ||
1100 | &priv, | ||
1101 | sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); | ||
1102 | d2j (vec, | ||
1103 | "pub", | ||
1104 | &pub, | ||
1105 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); | ||
1106 | } | ||
1107 | { | ||
1108 | json_t *vec = vec_for (vecs, "eddsa_signing"); | ||
1109 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
1110 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
1111 | struct GNUNET_CRYPTO_EddsaSignature sig; | ||
1112 | struct TestSignatureDataPS data = { 0 }; | ||
1113 | |||
1114 | GNUNET_CRYPTO_eddsa_key_create (&priv); | ||
1115 | GNUNET_CRYPTO_eddsa_key_get_public (&priv, | ||
1116 | &pub); | ||
1117 | data.purpose.size = htonl (sizeof (data)); | ||
1118 | data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); | ||
1119 | GNUNET_CRYPTO_eddsa_sign (&priv, | ||
1120 | &data, | ||
1121 | &sig); | ||
1122 | GNUNET_assert (GNUNET_OK == | ||
1123 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, | ||
1124 | &data, | ||
1125 | &sig, | ||
1126 | &pub)); | ||
1127 | |||
1128 | d2j (vec, | ||
1129 | "priv", | ||
1130 | &priv, | ||
1131 | sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); | ||
1132 | d2j (vec, | ||
1133 | "pub", | ||
1134 | &pub, | ||
1135 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); | ||
1136 | d2j (vec, | ||
1137 | "data", | ||
1138 | &data, | ||
1139 | sizeof (struct TestSignatureDataPS)); | ||
1140 | d2j (vec, | ||
1141 | "sig", | ||
1142 | &sig, | ||
1143 | sizeof (struct GNUNET_CRYPTO_EddsaSignature)); | ||
1144 | } | ||
1145 | |||
1146 | { | ||
1147 | json_t *vec = vec_for (vecs, "kdf"); | ||
1148 | size_t out_len = 64; | ||
1149 | char out[out_len]; | ||
1150 | char *ikm = "I'm the secret input key material"; | ||
1151 | char *salt = "I'm very salty"; | ||
1152 | char *ctx = "I'm a context chunk, also known as 'info' in the RFC"; | ||
1153 | |||
1154 | GNUNET_assert (GNUNET_OK == | ||
1155 | GNUNET_CRYPTO_kdf (&out, | ||
1156 | out_len, | ||
1157 | salt, | ||
1158 | strlen (salt), | ||
1159 | ikm, | ||
1160 | strlen (ikm), | ||
1161 | ctx, | ||
1162 | strlen (ctx), | ||
1163 | NULL)); | ||
1164 | |||
1165 | d2j (vec, | ||
1166 | "salt", | ||
1167 | salt, | ||
1168 | strlen (salt)); | ||
1169 | d2j (vec, | ||
1170 | "ikm", | ||
1171 | ikm, | ||
1172 | strlen (ikm)); | ||
1173 | d2j (vec, | ||
1174 | "ctx", | ||
1175 | ctx, | ||
1176 | strlen (ctx)); | ||
1177 | uint2j (vec, | ||
1178 | "out_len", | ||
1179 | (unsigned int) out_len); | ||
1180 | d2j (vec, | ||
1181 | "out", | ||
1182 | out, | ||
1183 | out_len); | ||
1184 | } | ||
1185 | { | ||
1186 | json_t *vec = vec_for (vecs, "eddsa_ecdh"); | ||
1187 | struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe; | ||
1188 | struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe; | ||
1189 | struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa; | ||
1190 | struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa; | ||
1191 | struct GNUNET_HashCode key_material; | ||
1192 | |||
1193 | GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe); | ||
1194 | GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe); | ||
1195 | GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa); | ||
1196 | GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa); | ||
1197 | GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material); | ||
1198 | |||
1199 | d2j (vec, "priv_ecdhe", | ||
1200 | &priv_ecdhe, | ||
1201 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
1202 | d2j (vec, "pub_ecdhe", | ||
1203 | &pub_ecdhe, | ||
1204 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
1205 | d2j (vec, "priv_eddsa", | ||
1206 | &priv_eddsa, | ||
1207 | sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); | ||
1208 | d2j (vec, "pub_eddsa", | ||
1209 | &pub_eddsa, | ||
1210 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); | ||
1211 | d2j (vec, "key_material", | ||
1212 | &key_material, | ||
1213 | sizeof (struct GNUNET_HashCode)); | ||
1214 | } | ||
1215 | |||
1216 | { | ||
1217 | json_t *vec = vec_for (vecs, "edx25519_derive"); | ||
1218 | struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx; | ||
1219 | struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx; | ||
1220 | struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx; | ||
1221 | struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx; | ||
1222 | struct GNUNET_HashCode seed; | ||
1223 | |||
1224 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1225 | &seed, | ||
1226 | sizeof (struct GNUNET_HashCode)); | ||
1227 | GNUNET_CRYPTO_edx25519_key_create (&priv1_edx); | ||
1228 | GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx); | ||
1229 | GNUNET_CRYPTO_edx25519_private_key_derive (&priv1_edx, | ||
1230 | &seed, | ||
1231 | sizeof (seed), | ||
1232 | &priv2_edx); | ||
1233 | GNUNET_CRYPTO_edx25519_public_key_derive (&pub1_edx, | ||
1234 | &seed, | ||
1235 | sizeof (seed), | ||
1236 | &pub2_edx); | ||
1237 | |||
1238 | d2j (vec, "priv1_edx", | ||
1239 | &priv1_edx, | ||
1240 | sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey)); | ||
1241 | d2j (vec, "pub1_edx", | ||
1242 | &pub1_edx, | ||
1243 | sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey)); | ||
1244 | d2j (vec, "seed", | ||
1245 | &seed, | ||
1246 | sizeof (struct GNUNET_HashCode)); | ||
1247 | d2j (vec, "priv2_edx", | ||
1248 | &priv2_edx, | ||
1249 | sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey)); | ||
1250 | d2j (vec, "pub2_edx", | ||
1251 | &pub2_edx, | ||
1252 | sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey)); | ||
1253 | } | ||
1254 | |||
1255 | { | ||
1256 | json_t *vec = vec_for (vecs, "rsa_blind_signing"); | ||
1257 | |||
1258 | struct GNUNET_CRYPTO_RsaPrivateKey *skey; | ||
1259 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; | ||
1260 | struct GNUNET_HashCode message_hash; | ||
1261 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; | ||
1262 | struct GNUNET_CRYPTO_RsaSignature *blinded_sig; | ||
1263 | struct GNUNET_CRYPTO_RsaSignature *sig; | ||
1264 | void *blinded_data; | ||
1265 | size_t blinded_len; | ||
1266 | void *public_enc_data; | ||
1267 | size_t public_enc_len; | ||
1268 | void *secret_enc_data; | ||
1269 | size_t secret_enc_len; | ||
1270 | void *blinded_sig_enc_data; | ||
1271 | size_t blinded_sig_enc_length; | ||
1272 | void *sig_enc_data; | ||
1273 | size_t sig_enc_length; | ||
1274 | |||
1275 | skey = GNUNET_CRYPTO_rsa_private_key_create (2048); | ||
1276 | pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey); | ||
1277 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1278 | &message_hash, | ||
1279 | sizeof (struct GNUNET_HashCode)); | ||
1280 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1281 | &bks, | ||
1282 | sizeof (struct | ||
1283 | GNUNET_CRYPTO_RsaBlindingKeySecret)); | ||
1284 | GNUNET_assert (GNUNET_YES == | ||
1285 | GNUNET_CRYPTO_rsa_blind (&message_hash, | ||
1286 | &bks, | ||
1287 | pkey, | ||
1288 | &blinded_data, | ||
1289 | &blinded_len)); | ||
1290 | blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data, | ||
1291 | blinded_len); | ||
1292 | sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey); | ||
1293 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig, | ||
1294 | pkey)); | ||
1295 | public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, | ||
1296 | &public_enc_data); | ||
1297 | secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey, | ||
1298 | &secret_enc_data); | ||
1299 | blinded_sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig, | ||
1300 | & | ||
1301 | blinded_sig_enc_data); | ||
1302 | sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data); | ||
1303 | d2j (vec, | ||
1304 | "message_hash", | ||
1305 | &message_hash, | ||
1306 | sizeof (struct GNUNET_HashCode)); | ||
1307 | d2j (vec, | ||
1308 | "rsa_public_key", | ||
1309 | public_enc_data, | ||
1310 | public_enc_len); | ||
1311 | d2j (vec, | ||
1312 | "rsa_private_key", | ||
1313 | secret_enc_data, | ||
1314 | secret_enc_len); | ||
1315 | d2j (vec, | ||
1316 | "blinding_key_secret", | ||
1317 | &bks, | ||
1318 | sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret)); | ||
1319 | d2j (vec, | ||
1320 | "blinded_message", | ||
1321 | blinded_data, | ||
1322 | blinded_len); | ||
1323 | d2j (vec, | ||
1324 | "blinded_sig", | ||
1325 | blinded_sig_enc_data, | ||
1326 | blinded_sig_enc_length); | ||
1327 | d2j (vec, | ||
1328 | "sig", | ||
1329 | sig_enc_data, | ||
1330 | sig_enc_length); | ||
1331 | GNUNET_CRYPTO_rsa_private_key_free (skey); | ||
1332 | GNUNET_CRYPTO_rsa_public_key_free (pkey); | ||
1333 | GNUNET_CRYPTO_rsa_signature_free (sig); | ||
1334 | GNUNET_CRYPTO_rsa_signature_free (blinded_sig); | ||
1335 | GNUNET_free (public_enc_data); | ||
1336 | GNUNET_free (blinded_data); | ||
1337 | GNUNET_free (sig_enc_data); | ||
1338 | GNUNET_free (blinded_sig_enc_data); | ||
1339 | GNUNET_free (secret_enc_data); | ||
1340 | } | ||
1341 | |||
1342 | { | ||
1343 | json_t *vec = vec_for (vecs, "cs_blind_signing"); | ||
1344 | |||
1345 | struct GNUNET_CRYPTO_CsPrivateKey priv; | ||
1346 | struct GNUNET_CRYPTO_CsPublicKey pub; | ||
1347 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
1348 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; | ||
1349 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
1350 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2]; | ||
1351 | struct GNUNET_CRYPTO_CsC c[2]; | ||
1352 | struct GNUNET_CRYPTO_CsS signature_scalar; | ||
1353 | struct GNUNET_CRYPTO_CsBlindS blinded_s; | ||
1354 | struct GNUNET_CRYPTO_CsSignature sig; | ||
1355 | struct GNUNET_CRYPTO_CsNonce nonce; | ||
1356 | unsigned int b; | ||
1357 | struct GNUNET_HashCode message_hash; | ||
1358 | |||
1359 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1360 | &message_hash, | ||
1361 | sizeof (struct GNUNET_HashCode)); | ||
1362 | |||
1363 | GNUNET_CRYPTO_cs_private_key_generate (&priv); | ||
1364 | GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub); | ||
1365 | |||
1366 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_hkdf (nonce.nonce, | ||
1367 | sizeof(nonce.nonce), | ||
1368 | GCRY_MD_SHA512, | ||
1369 | GCRY_MD_SHA256, | ||
1370 | "nonce", | ||
1371 | strlen ("nonce"), | ||
1372 | "nonce_secret", | ||
1373 | strlen ("nonce_secret"), | ||
1374 | NULL, | ||
1375 | 0)); | ||
1376 | GNUNET_CRYPTO_cs_r_derive (&nonce, | ||
1377 | "rw", | ||
1378 | &priv, | ||
1379 | r_priv); | ||
1380 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[0], | ||
1381 | &r_pub[0]); | ||
1382 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[1], | ||
1383 | &r_pub[1]); | ||
1384 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, | ||
1385 | bs); | ||
1386 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, | ||
1387 | r_pub, | ||
1388 | &pub, | ||
1389 | &message_hash, | ||
1390 | sizeof(message_hash), | ||
1391 | c, | ||
1392 | r_pub_blind); | ||
1393 | b = GNUNET_CRYPTO_cs_sign_derive (&priv, | ||
1394 | r_priv, | ||
1395 | c, | ||
1396 | &nonce, | ||
1397 | &blinded_s); | ||
1398 | GNUNET_CRYPTO_cs_unblind (&blinded_s, &bs[b], &signature_scalar); | ||
1399 | sig.r_point = r_pub_blind[b]; | ||
1400 | sig.s_scalar = signature_scalar; | ||
1401 | if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig, | ||
1402 | &pub, | ||
1403 | &message_hash, | ||
1404 | sizeof(message_hash))) | ||
1405 | { | ||
1406 | GNUNET_break (0); | ||
1407 | return GNUNET_SYSERR; | ||
1408 | } | ||
1409 | d2j (vec, | ||
1410 | "message_hash", | ||
1411 | &message_hash, | ||
1412 | sizeof (struct GNUNET_HashCode)); | ||
1413 | d2j (vec, | ||
1414 | "cs_public_key", | ||
1415 | &pub, | ||
1416 | sizeof(pub)); | ||
1417 | d2j (vec, | ||
1418 | "cs_private_key", | ||
1419 | &priv, | ||
1420 | sizeof(priv)); | ||
1421 | d2j (vec, | ||
1422 | "cs_nonce", | ||
1423 | &nonce, | ||
1424 | sizeof(nonce)); | ||
1425 | d2j (vec, | ||
1426 | "cs_r_priv_0", | ||
1427 | &r_priv[0], | ||
1428 | sizeof(r_priv[0])); | ||
1429 | d2j (vec, | ||
1430 | "cs_r_priv_1", | ||
1431 | &r_priv[1], | ||
1432 | sizeof(r_priv[1])); | ||
1433 | d2j (vec, | ||
1434 | "cs_r_pub_0", | ||
1435 | &r_pub[0], | ||
1436 | sizeof(r_pub[0])); | ||
1437 | d2j (vec, | ||
1438 | "cs_r_pub_1", | ||
1439 | &r_pub[1], | ||
1440 | sizeof(r_pub[1])); | ||
1441 | d2j (vec, | ||
1442 | "cs_bs_alpha_0", | ||
1443 | &bs[0].alpha, | ||
1444 | sizeof(bs[0].alpha)); | ||
1445 | d2j (vec, | ||
1446 | "cs_bs_alpha_1", | ||
1447 | &bs[1].alpha, | ||
1448 | sizeof(bs[1].alpha)); | ||
1449 | d2j (vec, | ||
1450 | "cs_bs_beta_0", | ||
1451 | &bs[0].beta, | ||
1452 | sizeof(bs[0].beta)); | ||
1453 | d2j (vec, | ||
1454 | "cs_bs_beta_1", | ||
1455 | &bs[1].beta, | ||
1456 | sizeof(bs[1].beta)); | ||
1457 | d2j (vec, | ||
1458 | "cs_r_pub_blind_0", | ||
1459 | &r_pub_blind[0], | ||
1460 | sizeof(r_pub_blind[0])); | ||
1461 | d2j (vec, | ||
1462 | "cs_r_pub_blind_1", | ||
1463 | &r_pub_blind[1], | ||
1464 | sizeof(r_pub_blind[1])); | ||
1465 | d2j (vec, | ||
1466 | "cs_c_0", | ||
1467 | &c[0], | ||
1468 | sizeof(c[0])); | ||
1469 | d2j (vec, | ||
1470 | "cs_c_1", | ||
1471 | &c[1], | ||
1472 | sizeof(c[1])); | ||
1473 | d2j (vec, | ||
1474 | "cs_blind_s", | ||
1475 | &blinded_s, | ||
1476 | sizeof(blinded_s)); | ||
1477 | d2j (vec, | ||
1478 | "cs_b", | ||
1479 | &b, | ||
1480 | sizeof(b)); | ||
1481 | d2j (vec, | ||
1482 | "cs_sig_s", | ||
1483 | &signature_scalar, | ||
1484 | sizeof(signature_scalar)); | ||
1485 | d2j (vec, | ||
1486 | "cs_sig_R", | ||
1487 | &r_pub_blind[b], | ||
1488 | sizeof(r_pub_blind[b])); | ||
1489 | } | ||
1490 | |||
1491 | json_dumpf (vecfile, stdout, JSON_INDENT (2)); | ||
1492 | json_decref (vecfile); | ||
1493 | printf ("\n"); | ||
1494 | |||
1495 | return 0; | ||
1496 | } | ||
1497 | |||
1498 | |||
1499 | /** | ||
1500 | * Main function that will be run. | ||
1501 | * | ||
1502 | * @param cls closure | ||
1503 | * @param args remaining command-line arguments | ||
1504 | * @param cfgfile name of the configuration file used (for saving, can be NULL!) | ||
1505 | * @param cfg configuration | ||
1506 | */ | ||
1507 | static void | ||
1508 | run (void *cls, | ||
1509 | char *const *args, | ||
1510 | const char *cfgfile, | ||
1511 | const struct GNUNET_CONFIGURATION_Handle *cfg) | ||
1512 | { | ||
1513 | if (GNUNET_YES == verify_flag) | ||
1514 | global_ret = check_vectors (); | ||
1515 | else | ||
1516 | global_ret = output_vectors (); | ||
1517 | } | ||
1518 | |||
1519 | |||
1520 | /** | ||
1521 | * The main function of the test vector generation tool. | ||
1522 | * | ||
1523 | * @param argc number of arguments from the command line | ||
1524 | * @param argv command line arguments | ||
1525 | * @return 0 ok, 1 on error | ||
1526 | */ | ||
1527 | int | ||
1528 | main (int argc, | ||
1529 | char *const *argv) | ||
1530 | { | ||
1531 | const struct GNUNET_GETOPT_CommandLineOption options[] = { | ||
1532 | GNUNET_GETOPT_option_flag ('V', | ||
1533 | "verify", | ||
1534 | gettext_noop ( | ||
1535 | "verify a test vector from stdin"), | ||
1536 | &verify_flag), | ||
1537 | GNUNET_GETOPT_OPTION_END | ||
1538 | }; | ||
1539 | |||
1540 | GNUNET_assert (GNUNET_OK == | ||
1541 | GNUNET_log_setup ("gnunet-crypto-tvg", | ||
1542 | "INFO", | ||
1543 | NULL)); | ||
1544 | if (GNUNET_OK != | ||
1545 | GNUNET_PROGRAM_run (argc, argv, | ||
1546 | "gnunet-crypto-tvg", | ||
1547 | "Generate test vectors for cryptographic operations", | ||
1548 | options, | ||
1549 | &run, NULL)) | ||
1550 | return 1; | ||
1551 | return global_ret; | ||
1552 | } | ||
1553 | |||
1554 | |||
1555 | /* end of gnunet-crypto-tvg.c */ | ||