1 files changed, 82 insertions, 22 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index b45ec1d57..9dd9883dc 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -803,18 +803,41 @@ GNUNET_CRYPTO_eddsa_kem_encaps (const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
 }
-/**
+enum GNUNET_GenericReturnValue
- * This implementation is not testes/publicly exposed yet
+GNUNET_CRYPTO_ecdsa_fo_kem_encaps (const struct
- */
+                                   GNUNET_CRYPTO_EcdsaPublicKey *pub,
-struct GNUNET_CRYPTO_FoKemC
+                                   struct GNUNET_CRYPTO_FoKemC *c,
+                                   struct GNUNET_HashCode *key_material)
 {
+  struct GNUNET_HashCode x;
+  struct GNUNET_HashCode ux;
+  struct GNUNET_HashCode w;
  struct GNUNET_HashCode y;
-  struct GNUNET_CRYPTO_EcdhePublicKey pub;
+  struct GNUNET_CRYPTO_EcdhePrivateKey sk;
-};
+  enum GNUNET_GenericReturnValue ret;
+  // This is the input to the FO OWTF
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, &x, sizeof(x));
+  // We build our OWTF using a FO-transformation of ElGamal:
+  // U(x)
+  GNUNET_CRYPTO_hash (&x, sizeof (x), &ux);
+  GNUNET_memcpy (&sk, &ux, sizeof (sk));
+  // B := g^U(x)
+  GNUNET_CRYPTO_ecdhe_key_get_public (&sk, &c->pub);
+  if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa (&sk, pub, &w))
+    return -1;
+  // w xor x (one-time pad)
+  GNUNET_CRYPTO_hash_xor (&w, &x, &c->y);
+  // k := H(x) FIXME: U and H must be different?
+  GNUNET_memcpy (key_material, &ux, sizeof (ux));
+  return GNUNET_OK;
+}
-/**
- * This implementation is not testes/publicly exposed yet
- */
 enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_eddsa_fo_kem_encaps (const struct
                                   GNUNET_CRYPTO_EddsaPublicKey *pub,
@@ -851,28 +874,20 @@ GNUNET_CRYPTO_eddsa_fo_kem_encaps (const struct
 }
-/**
+static enum GNUNET_GenericReturnValue
- * This implementation is not testes/publicly exposed yet
+fo_kem_decaps (const struct GNUNET_HashCode *w,
- */
+               const struct GNUNET_CRYPTO_FoKemC *c,
-enum GNUNET_GenericReturnValue
+               struct GNUNET_HashCode *key_material)
-GNUNET_CRYPTO_eddsa_fo_kem_decaps (const struct
-                                   GNUNET_CRYPTO_EddsaPrivateKey *priv,
-                                   struct GNUNET_CRYPTO_FoKemC *c,
-                                   struct GNUNET_HashCode *key_material)
 {
  struct GNUNET_HashCode x;
  struct GNUNET_HashCode ux;
-  struct GNUNET_HashCode w;
  struct GNUNET_HashCode y;
  struct GNUNET_CRYPTO_EcdhePrivateKey sk;
  struct GNUNET_CRYPTO_EcdhePublicKey pub_test;
  enum GNUNET_GenericReturnValue ret;
-  ret = GNUNET_CRYPTO_eddsa_ecdh (priv, &c->pub, &w);
-  if (GNUNET_OK != ret)
-    return ret;
  // w xor x (one-time pad)
-  GNUNET_CRYPTO_hash_xor (&w, &c->y, &x);
+  GNUNET_CRYPTO_hash_xor (w, &c->y, &x);
  // We build our OWTF using a FO-transformation of ElGamal:
  // U(x)
@@ -891,6 +906,51 @@ GNUNET_CRYPTO_eddsa_fo_kem_decaps (const struct
 }
+/**
+ * This implementation is not testes/publicly exposed yet
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_fo_kem_decaps (const struct
+                                   GNUNET_CRYPTO_EddsaPrivateKey *priv,
+                                   const struct GNUNET_CRYPTO_FoKemC *c,
+                                   struct GNUNET_HashCode *key_material)
+{
+  struct GNUNET_HashCode x;
+  struct GNUNET_HashCode ux;
+  struct GNUNET_HashCode w;
+  struct GNUNET_HashCode y;
+  struct GNUNET_CRYPTO_EcdhePrivateKey sk;
+  struct GNUNET_CRYPTO_EcdhePublicKey pub_test;
+  enum GNUNET_GenericReturnValue ret;
+  ret = GNUNET_CRYPTO_eddsa_ecdh (priv, &c->pub, &w);
+  if (GNUNET_OK != ret)
+    return ret;
+  return fo_kem_decaps (&w, c, key_material);
+}
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_ecdsa_fo_kem_decaps (const struct
+                                   GNUNET_CRYPTO_EcdsaPrivateKey *priv,
+                                   struct GNUNET_CRYPTO_FoKemC *c,
+                                   struct GNUNET_HashCode *key_material)
+{
+  struct GNUNET_HashCode x;
+  struct GNUNET_HashCode ux;
+  struct GNUNET_HashCode w;
+  struct GNUNET_HashCode y;
+  struct GNUNET_CRYPTO_EcdhePrivateKey sk;
+  struct GNUNET_CRYPTO_EcdhePublicKey pub_test;
+  enum GNUNET_GenericReturnValue ret;
+  ret = GNUNET_CRYPTO_ecdsa_ecdh (priv, &c->pub, &w);
+  if (GNUNET_OK != ret)
+    return ret;
+  return fo_kem_decaps (&w, c, key_material);
+}
 enum GNUNET_GenericReturnValue
 GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
                          const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,

diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index b45ec1d57..9dd9883dc 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c
@@ -803,18 +803,41 @@ GNUNET_CRYPTO_eddsa_kem_encaps (const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
803	}	803	}
804		804
805		805
806	/**	806	enum GNUNET_GenericReturnValue
807	* This implementation is not testes/publicly exposed yet	807	GNUNET_CRYPTO_ecdsa_fo_kem_encaps (const struct
808	*/	808	GNUNET_CRYPTO_EcdsaPublicKey *pub,
809	struct GNUNET_CRYPTO_FoKemC	809	struct GNUNET_CRYPTO_FoKemC *c,
		810	struct GNUNET_HashCode *key_material)
810	{	811	{
		812	struct GNUNET_HashCode x;
		813	struct GNUNET_HashCode ux;
		814	struct GNUNET_HashCode w;
811	struct GNUNET_HashCode y;	815	struct GNUNET_HashCode y;
812	struct GNUNET_CRYPTO_EcdhePublicKey pub;	816	struct GNUNET_CRYPTO_EcdhePrivateKey sk;
813	};	817	enum GNUNET_GenericReturnValue ret;
		818
		819	// This is the input to the FO OWTF
		820	GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, &x, sizeof(x));
		821
		822	// We build our OWTF using a FO-transformation of ElGamal:
		823	// U(x)
		824	GNUNET_CRYPTO_hash (&x, sizeof (x), &ux);
		825	GNUNET_memcpy (&sk, &ux, sizeof (sk));
		826
		827	// B := g^U(x)
		828	GNUNET_CRYPTO_ecdhe_key_get_public (&sk, &c->pub);
		829
		830	if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa (&sk, pub, &w))
		831	return -1;
		832	// w xor x (one-time pad)
		833	GNUNET_CRYPTO_hash_xor (&w, &x, &c->y);
		834
		835	// k := H(x) FIXME: U and H must be different?
		836	GNUNET_memcpy (key_material, &ux, sizeof (ux));
		837	return GNUNET_OK;
		838	}
		839
814		840
815	/**
816	* This implementation is not testes/publicly exposed yet
817	*/
818	enum GNUNET_GenericReturnValue	841	enum GNUNET_GenericReturnValue
819	GNUNET_CRYPTO_eddsa_fo_kem_encaps (const struct	842	GNUNET_CRYPTO_eddsa_fo_kem_encaps (const struct
820	GNUNET_CRYPTO_EddsaPublicKey *pub,	843	GNUNET_CRYPTO_EddsaPublicKey *pub,
@@ -851,28 +874,20 @@ GNUNET_CRYPTO_eddsa_fo_kem_encaps (const struct
851	}	874	}
852		875
853		876
854	/**	877	static enum GNUNET_GenericReturnValue
855	* This implementation is not testes/publicly exposed yet	878	fo_kem_decaps (const struct GNUNET_HashCode *w,
856	*/	879	const struct GNUNET_CRYPTO_FoKemC *c,
857	enum GNUNET_GenericReturnValue	880	struct GNUNET_HashCode *key_material)
858	GNUNET_CRYPTO_eddsa_fo_kem_decaps (const struct
859	GNUNET_CRYPTO_EddsaPrivateKey *priv,
860	struct GNUNET_CRYPTO_FoKemC *c,
861	struct GNUNET_HashCode *key_material)
862	{	881	{
863	struct GNUNET_HashCode x;	882	struct GNUNET_HashCode x;
864	struct GNUNET_HashCode ux;	883	struct GNUNET_HashCode ux;
865	struct GNUNET_HashCode w;
866	struct GNUNET_HashCode y;	884	struct GNUNET_HashCode y;
867	struct GNUNET_CRYPTO_EcdhePrivateKey sk;	885	struct GNUNET_CRYPTO_EcdhePrivateKey sk;
868	struct GNUNET_CRYPTO_EcdhePublicKey pub_test;	886	struct GNUNET_CRYPTO_EcdhePublicKey pub_test;
869	enum GNUNET_GenericReturnValue ret;	887	enum GNUNET_GenericReturnValue ret;
870		888
871	ret = GNUNET_CRYPTO_eddsa_ecdh (priv, &c->pub, &w);
872	if (GNUNET_OK != ret)
873	return ret;
874	// w xor x (one-time pad)	889	// w xor x (one-time pad)
875	GNUNET_CRYPTO_hash_xor (&w, &c->y, &x);	890	GNUNET_CRYPTO_hash_xor (w, &c->y, &x);
876		891
877	// We build our OWTF using a FO-transformation of ElGamal:	892	// We build our OWTF using a FO-transformation of ElGamal:
878	// U(x)	893	// U(x)
@@ -891,6 +906,51 @@ GNUNET_CRYPTO_eddsa_fo_kem_decaps (const struct
891	}	906	}
892		907
893		908
		909	/**
		910	* This implementation is not testes/publicly exposed yet
		911	*/
		912	enum GNUNET_GenericReturnValue
		913	GNUNET_CRYPTO_eddsa_fo_kem_decaps (const struct
		914	GNUNET_CRYPTO_EddsaPrivateKey *priv,
		915	const struct GNUNET_CRYPTO_FoKemC *c,
		916	struct GNUNET_HashCode *key_material)
		917	{
		918	struct GNUNET_HashCode x;
		919	struct GNUNET_HashCode ux;
		920	struct GNUNET_HashCode w;
		921	struct GNUNET_HashCode y;
		922	struct GNUNET_CRYPTO_EcdhePrivateKey sk;
		923	struct GNUNET_CRYPTO_EcdhePublicKey pub_test;
		924	enum GNUNET_GenericReturnValue ret;
		925
		926	ret = GNUNET_CRYPTO_eddsa_ecdh (priv, &c->pub, &w);
		927	if (GNUNET_OK != ret)
		928	return ret;
		929	return fo_kem_decaps (&w, c, key_material);
		930	}
		931
		932
		933	enum GNUNET_GenericReturnValue
		934	GNUNET_CRYPTO_ecdsa_fo_kem_decaps (const struct
		935	GNUNET_CRYPTO_EcdsaPrivateKey *priv,
		936	struct GNUNET_CRYPTO_FoKemC *c,
		937	struct GNUNET_HashCode *key_material)
		938	{
		939	struct GNUNET_HashCode x;
		940	struct GNUNET_HashCode ux;
		941	struct GNUNET_HashCode w;
		942	struct GNUNET_HashCode y;
		943	struct GNUNET_CRYPTO_EcdhePrivateKey sk;
		944	struct GNUNET_CRYPTO_EcdhePublicKey pub_test;
		945	enum GNUNET_GenericReturnValue ret;
		946
		947	ret = GNUNET_CRYPTO_ecdsa_ecdh (priv, &c->pub, &w);
		948	if (GNUNET_OK != ret)
		949	return ret;
		950	return fo_kem_decaps (&w, c, key_material);
		951	}
		952
		953
894	enum GNUNET_GenericReturnValue	954	enum GNUNET_GenericReturnValue
895	GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,	955	GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
896	const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,	956	const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,