diff options
Diffstat (limited to 'src/util/crypto_ecc.c')
-rw-r--r-- | src/util/crypto_ecc.c | 196 |
1 files changed, 170 insertions, 26 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 7f9e3c070..11c3e50d4 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
@@ -61,10 +61,11 @@ | |||
61 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__) | 61 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__) |
62 | 62 | ||
63 | #define LOG_STRERROR(kind, syscall) \ | 63 | #define LOG_STRERROR(kind, syscall) \ |
64 | GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall) | 64 | GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall) |
65 | 65 | ||
66 | #define LOG_STRERROR_FILE(kind, syscall, filename) \ | 66 | #define LOG_STRERROR_FILE(kind, syscall, filename) \ |
67 | GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, filename) | 67 | GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, \ |
68 | filename) | ||
68 | 69 | ||
69 | /** | 70 | /** |
70 | * Log an error message at log-level 'level' that indicates | 71 | * Log an error message at log-level 'level' that indicates |
@@ -72,15 +73,15 @@ | |||
72 | * by gcry_strerror(rc). | 73 | * by gcry_strerror(rc). |
73 | */ | 74 | */ |
74 | #define LOG_GCRY(level, cmd, rc) \ | 75 | #define LOG_GCRY(level, cmd, rc) \ |
75 | do \ | 76 | do \ |
76 | { \ | 77 | { \ |
77 | LOG (level, \ | 78 | LOG (level, \ |
78 | _ ("`%s' failed at %s:%d with error: %s\n"), \ | 79 | _ ("`%s' failed at %s:%d with error: %s\n"), \ |
79 | cmd, \ | 80 | cmd, \ |
80 | __FILE__, \ | 81 | __FILE__, \ |
81 | __LINE__, \ | 82 | __LINE__, \ |
82 | gcry_strerror (rc)); \ | 83 | gcry_strerror (rc)); \ |
83 | } while (0) | 84 | } while (0) |
84 | 85 | ||
85 | 86 | ||
86 | /** | 87 | /** |
@@ -513,9 +514,7 @@ data_to_ecdsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose) | |||
513 | { | 514 | { |
514 | gcry_sexp_t data; | 515 | gcry_sexp_t data; |
515 | int rc; | 516 | int rc; |
516 | 517 | /* Unlike EdDSA, libgcrypt expects a hash for ECDSA. */ | |
517 | /* See #5398 */ | ||
518 | #if 1 | ||
519 | struct GNUNET_HashCode hc; | 518 | struct GNUNET_HashCode hc; |
520 | 519 | ||
521 | GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc); | 520 | GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc); |
@@ -529,18 +528,6 @@ data_to_ecdsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose) | |||
529 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | 528 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); |
530 | return NULL; | 529 | return NULL; |
531 | } | 530 | } |
532 | #else | ||
533 | if (0 != (rc = gcry_sexp_build (&data, | ||
534 | NULL, | ||
535 | "(data(flags rfc6979)(hash %s %b))", | ||
536 | "sha512", | ||
537 | ntohl (purpose->size), | ||
538 | purpose))) | ||
539 | { | ||
540 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | ||
541 | return NULL; | ||
542 | } | ||
543 | #endif | ||
544 | return data; | 531 | return data; |
545 | } | 532 | } |
546 | 533 | ||
@@ -594,6 +581,7 @@ GNUNET_CRYPTO_ecdsa_sign_ ( | |||
594 | return GNUNET_OK; | 581 | return GNUNET_OK; |
595 | } | 582 | } |
596 | 583 | ||
584 | |||
597 | enum GNUNET_GenericReturnValue | 585 | enum GNUNET_GenericReturnValue |
598 | GNUNET_CRYPTO_eddsa_sign_raw ( | 586 | GNUNET_CRYPTO_eddsa_sign_raw ( |
599 | const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | 587 | const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, |
@@ -758,6 +746,16 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | |||
758 | 746 | ||
759 | 747 | ||
760 | enum GNUNET_GenericReturnValue | 748 | enum GNUNET_GenericReturnValue |
749 | GNUNET_CRYPTO_eddsa_kem_decaps (const struct | ||
750 | GNUNET_CRYPTO_EddsaPrivateKey *priv, | ||
751 | const struct GNUNET_CRYPTO_EcdhePublicKey *c, | ||
752 | struct GNUNET_HashCode *key_material) | ||
753 | { | ||
754 | return GNUNET_CRYPTO_eddsa_ecdh (priv, c, key_material); | ||
755 | } | ||
756 | |||
757 | |||
758 | enum GNUNET_GenericReturnValue | ||
761 | GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, | 759 | GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, |
762 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, | 760 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, |
763 | struct GNUNET_HashCode *key_material) | 761 | struct GNUNET_HashCode *key_material) |
@@ -793,6 +791,152 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | |||
793 | 791 | ||
794 | 792 | ||
795 | enum GNUNET_GenericReturnValue | 793 | enum GNUNET_GenericReturnValue |
794 | GNUNET_CRYPTO_eddsa_kem_encaps (const struct GNUNET_CRYPTO_EddsaPublicKey *pub, | ||
795 | struct GNUNET_CRYPTO_EcdhePublicKey *c, | ||
796 | struct GNUNET_HashCode *key_material) | ||
797 | { | ||
798 | struct GNUNET_CRYPTO_EcdhePrivateKey sk; | ||
799 | |||
800 | GNUNET_CRYPTO_ecdhe_key_create (&sk); | ||
801 | GNUNET_CRYPTO_ecdhe_key_get_public (&sk, c); | ||
802 | return GNUNET_CRYPTO_ecdh_eddsa (&sk, pub, key_material); | ||
803 | } | ||
804 | |||
805 | |||
806 | enum GNUNET_GenericReturnValue | ||
807 | GNUNET_CRYPTO_ecdsa_fo_kem_encaps (const struct | ||
808 | GNUNET_CRYPTO_EcdsaPublicKey *pub, | ||
809 | struct GNUNET_CRYPTO_FoKemC *c, | ||
810 | struct GNUNET_HashCode *key_material) | ||
811 | { | ||
812 | struct GNUNET_HashCode x; | ||
813 | struct GNUNET_HashCode ux; | ||
814 | struct GNUNET_HashCode w; | ||
815 | struct GNUNET_CRYPTO_EcdhePrivateKey sk; | ||
816 | |||
817 | // This is the input to the FO OWTF | ||
818 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, &x, sizeof(x)); | ||
819 | |||
820 | // We build our OWTF using a FO-transformation of ElGamal: | ||
821 | // U(x) | ||
822 | GNUNET_CRYPTO_hash (&x, sizeof (x), &ux); | ||
823 | GNUNET_memcpy (&sk, &ux, sizeof (sk)); | ||
824 | |||
825 | // B := g^U(x) | ||
826 | GNUNET_CRYPTO_ecdhe_key_get_public (&sk, &c->pub); | ||
827 | |||
828 | if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa (&sk, pub, &w)) | ||
829 | return -1; | ||
830 | // w xor x (one-time pad) | ||
831 | GNUNET_CRYPTO_hash_xor (&w, &x, &c->y); | ||
832 | |||
833 | // k := H(x) FIXME: U and H must be different? | ||
834 | GNUNET_memcpy (key_material, &ux, sizeof (ux)); | ||
835 | return GNUNET_OK; | ||
836 | } | ||
837 | |||
838 | |||
839 | enum GNUNET_GenericReturnValue | ||
840 | GNUNET_CRYPTO_eddsa_fo_kem_encaps (const struct | ||
841 | GNUNET_CRYPTO_EddsaPublicKey *pub, | ||
842 | struct GNUNET_CRYPTO_FoKemC *c, | ||
843 | struct GNUNET_HashCode *key_material) | ||
844 | { | ||
845 | struct GNUNET_HashCode x; | ||
846 | struct GNUNET_HashCode ux; | ||
847 | struct GNUNET_HashCode w; | ||
848 | struct GNUNET_CRYPTO_EcdhePrivateKey sk; | ||
849 | enum GNUNET_GenericReturnValue ret; | ||
850 | |||
851 | // This is the input to the FO OWTF | ||
852 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, &x, sizeof(x)); | ||
853 | |||
854 | // We build our OWTF using a FO-transformation of ElGamal: | ||
855 | // U(x) | ||
856 | GNUNET_CRYPTO_hash (&x, sizeof (x), &ux); | ||
857 | GNUNET_memcpy (&sk, &ux, sizeof (sk)); | ||
858 | |||
859 | // B := g^U(x) | ||
860 | GNUNET_CRYPTO_ecdhe_key_get_public (&sk, &c->pub); | ||
861 | |||
862 | ret = GNUNET_CRYPTO_ecdh_eddsa (&sk, pub, &w); | ||
863 | if (GNUNET_OK != ret) | ||
864 | return ret; | ||
865 | // w xor x (one-time pad) | ||
866 | GNUNET_CRYPTO_hash_xor (&w, &x, &c->y); | ||
867 | |||
868 | // k := H(x) FIXME: U and H must be different? | ||
869 | GNUNET_memcpy (key_material, &ux, sizeof (ux)); | ||
870 | return GNUNET_OK; | ||
871 | } | ||
872 | |||
873 | |||
874 | static enum GNUNET_GenericReturnValue | ||
875 | fo_kem_decaps (const struct GNUNET_HashCode *w, | ||
876 | const struct GNUNET_CRYPTO_FoKemC *c, | ||
877 | struct GNUNET_HashCode *key_material) | ||
878 | { | ||
879 | struct GNUNET_HashCode x; | ||
880 | struct GNUNET_HashCode ux; | ||
881 | struct GNUNET_CRYPTO_EcdhePrivateKey sk; | ||
882 | struct GNUNET_CRYPTO_EcdhePublicKey pub_test; | ||
883 | |||
884 | // w xor x (one-time pad) | ||
885 | GNUNET_CRYPTO_hash_xor (w, &c->y, &x); | ||
886 | |||
887 | // We build our OWTF using a FO-transformation of ElGamal: | ||
888 | // U(x) | ||
889 | GNUNET_CRYPTO_hash (&x, sizeof (x), &ux); | ||
890 | GNUNET_memcpy (&sk, &ux, sizeof (sk)); | ||
891 | |||
892 | // B := g^U(x) | ||
893 | GNUNET_CRYPTO_ecdhe_key_get_public (&sk, &pub_test); | ||
894 | |||
895 | if (0 != memcmp (&pub_test, &c->pub, sizeof (c->pub))) | ||
896 | return GNUNET_SYSERR; // Reject | ||
897 | |||
898 | // k := H(x) FIXME: U and H must be different? | ||
899 | GNUNET_memcpy (key_material, &ux, sizeof (ux)); | ||
900 | return GNUNET_OK; | ||
901 | } | ||
902 | |||
903 | |||
904 | /** | ||
905 | * This implementation is not testes/publicly exposed yet | ||
906 | */ | ||
907 | enum GNUNET_GenericReturnValue | ||
908 | GNUNET_CRYPTO_eddsa_fo_kem_decaps (const struct | ||
909 | GNUNET_CRYPTO_EddsaPrivateKey *priv, | ||
910 | const struct GNUNET_CRYPTO_FoKemC *c, | ||
911 | struct GNUNET_HashCode *key_material) | ||
912 | { | ||
913 | struct GNUNET_HashCode w; | ||
914 | enum GNUNET_GenericReturnValue ret; | ||
915 | |||
916 | ret = GNUNET_CRYPTO_eddsa_ecdh (priv, &c->pub, &w); | ||
917 | if (GNUNET_OK != ret) | ||
918 | return ret; | ||
919 | return fo_kem_decaps (&w, c, key_material); | ||
920 | } | ||
921 | |||
922 | |||
923 | enum GNUNET_GenericReturnValue | ||
924 | GNUNET_CRYPTO_ecdsa_fo_kem_decaps (const struct | ||
925 | GNUNET_CRYPTO_EcdsaPrivateKey *priv, | ||
926 | struct GNUNET_CRYPTO_FoKemC *c, | ||
927 | struct GNUNET_HashCode *key_material) | ||
928 | { | ||
929 | struct GNUNET_HashCode w; | ||
930 | enum GNUNET_GenericReturnValue ret; | ||
931 | |||
932 | ret = GNUNET_CRYPTO_ecdsa_ecdh (priv, &c->pub, &w); | ||
933 | if (GNUNET_OK != ret) | ||
934 | return ret; | ||
935 | return fo_kem_decaps (&w, c, key_material); | ||
936 | } | ||
937 | |||
938 | |||
939 | enum GNUNET_GenericReturnValue | ||
796 | GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | 940 | GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, |
797 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, | 941 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, |
798 | struct GNUNET_HashCode *key_material) | 942 | struct GNUNET_HashCode *key_material) |