diff options
Diffstat (limited to 'src/util/crypto_ecc.c')
-rw-r--r-- | src/util/crypto_ecc.c | 129 |
1 files changed, 0 insertions, 129 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index efbf2ee17..5b1b579ec 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
@@ -714,135 +714,6 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | |||
714 | } | 714 | } |
715 | 715 | ||
716 | 716 | ||
717 | /** | ||
718 | * Derive the 'h' value for key derivation, where | ||
719 | * 'h = H(l,P)'. | ||
720 | * | ||
721 | * @param pub public key for deriviation | ||
722 | * @param label label for deriviation | ||
723 | * @param context additional context to use for HKDF of 'h'; | ||
724 | * typically the name of the subsystem/application | ||
725 | * @return h value | ||
726 | */ | ||
727 | static gcry_mpi_t | ||
728 | derive_h (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, | ||
729 | const char *label, | ||
730 | const char *context) | ||
731 | { | ||
732 | gcry_mpi_t h; | ||
733 | struct GNUNET_HashCode hc; | ||
734 | static const char *const salt = "key-derivation"; | ||
735 | |||
736 | GNUNET_CRYPTO_kdf (&hc, | ||
737 | sizeof(hc), | ||
738 | salt, | ||
739 | strlen (salt), | ||
740 | pub, | ||
741 | sizeof(*pub), | ||
742 | label, | ||
743 | strlen (label), | ||
744 | context, | ||
745 | strlen (context), | ||
746 | NULL, | ||
747 | 0); | ||
748 | GNUNET_CRYPTO_mpi_scan_unsigned (&h, (unsigned char *) &hc, sizeof(hc)); | ||
749 | return h; | ||
750 | } | ||
751 | |||
752 | |||
753 | struct GNUNET_CRYPTO_EcdsaPrivateKey * | ||
754 | GNUNET_CRYPTO_ecdsa_private_key_derive ( | ||
755 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, | ||
756 | const char *label, | ||
757 | const char *context) | ||
758 | { | ||
759 | struct GNUNET_CRYPTO_EcdsaPublicKey pub; | ||
760 | struct GNUNET_CRYPTO_EcdsaPrivateKey *ret; | ||
761 | uint8_t dc[32]; | ||
762 | gcry_mpi_t h; | ||
763 | gcry_mpi_t x; | ||
764 | gcry_mpi_t d; | ||
765 | gcry_mpi_t n; | ||
766 | gcry_ctx_t ctx; | ||
767 | |||
768 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE)); | ||
769 | |||
770 | n = gcry_mpi_ec_get_mpi ("n", ctx, 1); | ||
771 | GNUNET_CRYPTO_ecdsa_key_get_public (priv, &pub); | ||
772 | |||
773 | h = derive_h (&pub, label, context); | ||
774 | /* Convert to big endian for libgcrypt */ | ||
775 | for (size_t i = 0; i < 32; i++) | ||
776 | dc[i] = priv->d[31 - i]; | ||
777 | GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc)); | ||
778 | d = gcry_mpi_new (256); | ||
779 | gcry_mpi_mulm (d, h, x, n); | ||
780 | gcry_mpi_release (h); | ||
781 | gcry_mpi_release (x); | ||
782 | gcry_mpi_release (n); | ||
783 | gcry_ctx_release (ctx); | ||
784 | ret = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPrivateKey); | ||
785 | GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d); | ||
786 | /* Convert to big endian for libgcrypt */ | ||
787 | for (size_t i = 0; i < 32; i++) | ||
788 | ret->d[i] = dc[31 - i]; | ||
789 | sodium_memzero (dc, sizeof(dc)); | ||
790 | gcry_mpi_release (d); | ||
791 | return ret; | ||
792 | } | ||
793 | |||
794 | |||
795 | void | ||
796 | GNUNET_CRYPTO_ecdsa_public_key_derive ( | ||
797 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, | ||
798 | const char *label, | ||
799 | const char *context, | ||
800 | struct GNUNET_CRYPTO_EcdsaPublicKey *result) | ||
801 | { | ||
802 | gcry_ctx_t ctx; | ||
803 | gcry_mpi_t q_y; | ||
804 | gcry_mpi_t h; | ||
805 | gcry_mpi_t n; | ||
806 | gcry_mpi_t h_mod_n; | ||
807 | gcry_mpi_point_t q; | ||
808 | gcry_mpi_point_t v; | ||
809 | |||
810 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE)); | ||
811 | |||
812 | /* obtain point 'q' from original public key. The provided 'q' is | ||
813 | compressed thus we first store it in the context and then get it | ||
814 | back as a (decompresssed) point. */ | ||
815 | q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8 * sizeof(pub->q_y)); | ||
816 | GNUNET_assert (NULL != q_y); | ||
817 | GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx)); | ||
818 | gcry_mpi_release (q_y); | ||
819 | q = gcry_mpi_ec_get_point ("q", ctx, 0); | ||
820 | GNUNET_assert (q); | ||
821 | |||
822 | /* calculate h_mod_n = h % n */ | ||
823 | h = derive_h (pub, label, context); | ||
824 | n = gcry_mpi_ec_get_mpi ("n", ctx, 1); | ||
825 | h_mod_n = gcry_mpi_new (256); | ||
826 | gcry_mpi_mod (h_mod_n, h, n); | ||
827 | /* calculate v = h_mod_n * q */ | ||
828 | v = gcry_mpi_point_new (0); | ||
829 | gcry_mpi_ec_mul (v, h_mod_n, q, ctx); | ||
830 | gcry_mpi_release (h_mod_n); | ||
831 | gcry_mpi_release (h); | ||
832 | gcry_mpi_release (n); | ||
833 | gcry_mpi_point_release (q); | ||
834 | |||
835 | /* convert point 'v' to public key that we return */ | ||
836 | GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx)); | ||
837 | gcry_mpi_point_release (v); | ||
838 | q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); | ||
839 | GNUNET_assert (q_y); | ||
840 | GNUNET_CRYPTO_mpi_print_unsigned (result->q_y, sizeof(result->q_y), q_y); | ||
841 | gcry_mpi_release (q_y); | ||
842 | gcry_ctx_release (ctx); | ||
843 | } | ||
844 | |||
845 | |||
846 | enum GNUNET_GenericReturnValue | 717 | enum GNUNET_GenericReturnValue |
847 | GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | 718 | GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, |
848 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, | 719 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, |