aboutsummaryrefslogtreecommitdiff
path: root/src/util/gnunet-crypto-tvg.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/gnunet-crypto-tvg.c')
-rw-r--r--src/util/gnunet-crypto-tvg.c1542
1 files changed, 0 insertions, 1542 deletions
diff --git a/src/util/gnunet-crypto-tvg.c b/src/util/gnunet-crypto-tvg.c
deleted file mode 100644
index 76c379784..000000000
--- a/src/util/gnunet-crypto-tvg.c
+++ /dev/null
@@ -1,1542 +0,0 @@
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2020 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
21/**
22 * @file util/gnunet-crypto-tgv.c
23 * @brief Generate test vectors for cryptographic operations.
24 * @author Florian Dold
25 *
26 * Note that this program shouldn't depend on code in src/json/,
27 * so we're using raw jansson and no GNUnet JSON helpers.
28 *
29 * Test vectors have the following format (TypeScript pseudo code):
30 *
31 * interface TestVectorFile {
32 * encoding: "base32crockford";
33 * producer?: string;
34 * vectors: TestVector[];
35 * }
36 *
37 * enum Operation {
38 * Hash("hash"),
39 * ...
40 * }
41 *
42 * interface TestVector {
43 * operation: Operation;
44 * // Inputs for the operation
45 * [ k: string]: string | number;
46 * };
47 *
48 *
49 */
50#include "platform.h"
51#include "gnunet_util_lib.h"
52#include "gnunet_signatures.h"
53#include "gnunet_testing_lib.h"
54#include <jansson.h>
55#include <gcrypt.h>
56
57GNUNET_NETWORK_STRUCT_BEGIN
58
59/**
60 * Sample signature struct.
61 *
62 * Purpose is #GNUNET_SIGNATURE_PURPOSE_TEST
63 */
64struct TestSignatureDataPS
65{
66 struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
67 uint32_t testval;
68};
69
70GNUNET_NETWORK_STRUCT_END
71
72
73/**
74 * Should we verify or output test vectors?
75 */
76static int verify_flag = GNUNET_NO;
77
78
79/**
80 * Global exit code.
81 */
82static int global_ret = 0;
83
84
85/**
86 * Create a fresh test vector for a given operation label.
87 *
88 * @param vecs array of vectors to append the new vector to
89 * @param vecname label for the operation of the vector
90 * @returns the fresh test vector
91 */
92static json_t *
93vec_for (json_t *vecs, const char *vecname)
94{
95 json_t *t = json_object ();
96
97 json_object_set_new (t,
98 "operation",
99 json_string (vecname));
100 json_array_append_new (vecs, t);
101 return t;
102}
103
104
105/**
106 * Add a base32crockford encoded value
107 * to a test vector.
108 *
109 * @param vec test vector to add to
110 * @param label label for the value
111 * @param data data to add
112 * @param size size of data
113 */
114static void
115d2j (json_t *vec,
116 const char *label,
117 const void *data,
118 size_t size)
119{
120 char *buf;
121 json_t *json;
122
123 buf = GNUNET_STRINGS_data_to_string_alloc (data, size);
124 json = json_string (buf);
125 GNUNET_free (buf);
126 GNUNET_break (NULL != json);
127
128 json_object_set_new (vec, label, json);
129}
130
131
132/**
133 * Add a number to a test vector.
134 *
135 * @param vec test vector to add to
136 * @param label label for the value
137 * @param data data to add
138 * @param size size of data
139 */
140static void
141uint2j (json_t *vec,
142 const char *label,
143 unsigned int num)
144{
145 json_t *json = json_integer (num);
146
147 json_object_set_new (vec, label, json);
148}
149
150
151static int
152expect_data_fixed (json_t *vec,
153 const char *name,
154 void *data,
155 size_t expect_len)
156{
157 const char *s = json_string_value (json_object_get (vec, name));
158
159 if (NULL == s)
160 return GNUNET_NO;
161
162 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s,
163 strlen (s),
164 data,
165 expect_len))
166 return GNUNET_NO;
167 return GNUNET_OK;
168}
169
170
171static int
172expect_data_dynamic (json_t *vec,
173 const char *name,
174 void **data,
175 size_t *ret_len)
176{
177 const char *s = json_string_value (json_object_get (vec, name));
178 char *tmp;
179 size_t len;
180
181 if (NULL == s)
182 return GNUNET_NO;
183
184 len = (strlen (s) * 5) / 8;
185 if (NULL != ret_len)
186 *ret_len = len;
187 tmp = GNUNET_malloc (len);
188
189 if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len))
190 {
191 GNUNET_free (tmp);
192 return GNUNET_NO;
193 }
194 *data = tmp;
195 return GNUNET_OK;
196}
197
198
199/**
200 * Check a single vector.
201 *
202 * @param operation operator of the vector
203 * @param vec the vector, a JSON object.
204 *
205 * @returns GNUNET_OK if the vector is okay
206 */
207static int
208checkvec (const char *operation,
209 json_t *vec)
210{
211 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
212 "checking %s\n", operation);
213
214 if (0 == strcmp (operation, "hash"))
215 {
216 void *data;
217 size_t data_len;
218 struct GNUNET_HashCode hash_out;
219 struct GNUNET_HashCode hc;
220
221 if (GNUNET_OK != expect_data_dynamic (vec,
222 "input",
223 &data,
224 &data_len))
225 {
226 GNUNET_break (0);
227 return GNUNET_SYSERR;
228 }
229 if (GNUNET_OK != expect_data_fixed (vec,
230 "output",
231 &hash_out,
232 sizeof (hash_out)))
233 {
234 GNUNET_free (data);
235 GNUNET_break (0);
236 return GNUNET_NO;
237 }
238
239 GNUNET_CRYPTO_hash (data, data_len, &hc);
240
241 if (0 != GNUNET_memcmp (&hc, &hash_out))
242 {
243 GNUNET_free (data);
244 GNUNET_break (0);
245 return GNUNET_NO;
246 }
247 GNUNET_free (data);
248 }
249 else if (0 == strcmp (operation, "ecc_ecdh"))
250 {
251 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
252 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
253 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
254 struct GNUNET_HashCode skm;
255 struct GNUNET_HashCode skm_comp;
256
257 if (GNUNET_OK != expect_data_fixed (vec,
258 "priv1",
259 &priv1,
260 sizeof (priv1)))
261 {
262 GNUNET_break (0);
263 return GNUNET_NO;
264 }
265 if (GNUNET_OK != expect_data_fixed (vec,
266 "priv2",
267 &priv2,
268 sizeof (priv2)))
269 {
270 GNUNET_break (0);
271 return GNUNET_NO;
272 }
273 if (GNUNET_OK != expect_data_fixed (vec,
274 "pub1",
275 &pub1,
276 sizeof (pub1)))
277 {
278 GNUNET_break (0);
279 return GNUNET_NO;
280 }
281 if (GNUNET_OK != expect_data_fixed (vec,
282 "skm",
283 &skm,
284 sizeof (skm)))
285 {
286 GNUNET_break (0);
287 return GNUNET_NO;
288 }
289 GNUNET_assert (GNUNET_OK ==
290 GNUNET_CRYPTO_ecc_ecdh (&priv2,
291 &pub1,
292 &skm_comp));
293 if (0 != GNUNET_memcmp (&skm, &skm_comp))
294 {
295 GNUNET_break (0);
296 return GNUNET_NO;
297 }
298 }
299 else if (0 == strcmp (operation, "eddsa_key_derivation"))
300 {
301 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
302 struct GNUNET_CRYPTO_EddsaPublicKey pub;
303 struct GNUNET_CRYPTO_EddsaPublicKey pub_comp;
304
305 if (GNUNET_OK != expect_data_fixed (vec,
306 "priv",
307 &priv,
308 sizeof (priv)))
309 {
310 GNUNET_break (0);
311 return GNUNET_NO;
312 }
313
314 if (GNUNET_OK != expect_data_fixed (vec,
315 "pub",
316 &pub,
317 sizeof (pub)))
318 {
319 GNUNET_break (0);
320 return GNUNET_NO;
321 }
322
323 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
324 &pub_comp);
325 if (0 != GNUNET_memcmp (&pub, &pub_comp))
326 {
327 GNUNET_break (0);
328 return GNUNET_NO;
329 }
330
331 }
332 else if (0 == strcmp (operation, "eddsa_signing"))
333 {
334 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
335 struct GNUNET_CRYPTO_EddsaPublicKey pub;
336 struct TestSignatureDataPS data = { 0 };
337 struct GNUNET_CRYPTO_EddsaSignature sig;
338 struct GNUNET_CRYPTO_EddsaSignature sig_comp;
339
340 if (GNUNET_OK != expect_data_fixed (vec,
341 "priv",
342 &priv,
343 sizeof (priv)))
344 {
345 GNUNET_break (0);
346 return GNUNET_NO;
347 }
348
349 if (GNUNET_OK != expect_data_fixed (vec,
350 "pub",
351 &pub,
352 sizeof (pub)))
353 {
354 GNUNET_break (0);
355 return GNUNET_NO;
356 }
357
358 if (GNUNET_OK != expect_data_fixed (vec,
359 "data",
360 &data,
361 sizeof (data)))
362 {
363 GNUNET_break (0);
364 return GNUNET_NO;
365 }
366
367 if (GNUNET_OK != expect_data_fixed (vec,
368 "sig",
369 &sig,
370 sizeof (sig)))
371 {
372 GNUNET_break (0);
373 return GNUNET_NO;
374 }
375
376 GNUNET_CRYPTO_eddsa_sign (&priv,
377 &data,
378 &sig_comp);
379 GNUNET_assert (GNUNET_OK ==
380 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
381 &data,
382 &sig,
383 &pub));
384 if (0 != GNUNET_memcmp (&sig, &sig_comp))
385 {
386 GNUNET_break (0);
387 return GNUNET_NO;
388 }
389 }
390 else if (0 == strcmp (operation, "kdf"))
391 {
392 size_t out_len;
393 void *out;
394 size_t out_len_comp;
395 void *out_comp;
396 void *ikm;
397 size_t ikm_len;
398 void *salt;
399 size_t salt_len;
400 void *ctx;
401 size_t ctx_len;
402
403 if (GNUNET_OK != expect_data_dynamic (vec,
404 "out",
405 &out,
406 &out_len))
407 {
408 GNUNET_break (0);
409 return GNUNET_SYSERR;
410 }
411
412 out_len_comp = out_len;
413 out_comp = GNUNET_malloc (out_len_comp);
414
415 if (GNUNET_OK != expect_data_dynamic (vec,
416 "ikm",
417 &ikm,
418 &ikm_len))
419 {
420 GNUNET_free (out);
421 GNUNET_free (out_comp);
422 GNUNET_break (0);
423 return GNUNET_SYSERR;
424 }
425
426 if (GNUNET_OK != expect_data_dynamic (vec,
427 "salt",
428 &salt,
429 &salt_len))
430 {
431 GNUNET_free (out);
432 GNUNET_free (out_comp);
433 GNUNET_free (ikm);
434 GNUNET_break (0);
435 return GNUNET_SYSERR;
436 }
437
438 if (GNUNET_OK != expect_data_dynamic (vec,
439 "ctx",
440 &ctx,
441 &ctx_len))
442 {
443 GNUNET_free (out);
444 GNUNET_free (out_comp);
445 GNUNET_free (ikm);
446 GNUNET_free (salt);
447 GNUNET_break (0);
448 return GNUNET_SYSERR;
449 }
450
451 GNUNET_assert (GNUNET_OK ==
452 GNUNET_CRYPTO_kdf (out_comp,
453 out_len_comp,
454 salt,
455 salt_len,
456 ikm,
457 ikm_len,
458 ctx,
459 ctx_len,
460 NULL));
461
462 if (0 != memcmp (out, out_comp, out_len))
463 {
464 GNUNET_free (out);
465 GNUNET_free (out_comp);
466 GNUNET_free (ikm);
467 GNUNET_free (salt);
468 GNUNET_free (ctx);
469 GNUNET_break (0);
470 return GNUNET_NO;
471 }
472 GNUNET_free (out);
473 GNUNET_free (out_comp);
474 GNUNET_free (ikm);
475 GNUNET_free (salt);
476 GNUNET_free (ctx);
477 }
478 else if (0 == strcmp (operation, "eddsa_ecdh"))
479 {
480 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
481 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
482 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
483 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
484 struct GNUNET_HashCode key_material;
485 struct GNUNET_HashCode key_material_comp;
486
487 if (GNUNET_OK != expect_data_fixed (vec,
488 "priv_ecdhe",
489 &priv_ecdhe,
490 sizeof (priv_ecdhe)))
491 {
492 GNUNET_break (0);
493 return GNUNET_NO;
494 }
495
496 if (GNUNET_OK != expect_data_fixed (vec,
497 "pub_ecdhe",
498 &pub_ecdhe,
499 sizeof (pub_ecdhe)))
500 {
501 GNUNET_break (0);
502 return GNUNET_NO;
503 }
504
505 if (GNUNET_OK != expect_data_fixed (vec,
506 "priv_eddsa",
507 &priv_eddsa,
508 sizeof (priv_eddsa)))
509 {
510 GNUNET_break (0);
511 return GNUNET_NO;
512 }
513
514 if (GNUNET_OK != expect_data_fixed (vec,
515 "pub_eddsa",
516 &pub_eddsa,
517 sizeof (pub_eddsa)))
518 {
519 GNUNET_break (0);
520 return GNUNET_NO;
521 }
522
523 if (GNUNET_OK != expect_data_fixed (vec,
524 "key_material",
525 &key_material,
526 sizeof (key_material)))
527 {
528 GNUNET_break (0);
529 return GNUNET_NO;
530 }
531
532 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material_comp);
533
534 if (0 != GNUNET_memcmp (&key_material, &key_material_comp))
535 {
536 GNUNET_break (0);
537 return GNUNET_NO;
538 }
539 }
540 else if (0 == strcmp (operation, "rsa_blind_signing"))
541 {
542 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
543 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
544 struct GNUNET_HashCode message_hash;
545 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
546 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
547 struct GNUNET_CRYPTO_RsaSignature *sig;
548 void *blinded_data;
549 size_t blinded_len;
550 void *blinded_data_comp;
551 size_t blinded_len_comp;
552 void *public_enc_data;
553 size_t public_enc_len;
554 void *secret_enc_data;
555 size_t secret_enc_len;
556 void *sig_enc_data;
557 size_t sig_enc_length;
558 void *sig_enc_data_comp;
559 size_t sig_enc_length_comp;
560
561 if (GNUNET_OK != expect_data_fixed (vec,
562 "message_hash",
563 &message_hash,
564 sizeof (message_hash)))
565 {
566 GNUNET_break (0);
567 return GNUNET_SYSERR;
568 }
569
570 if (GNUNET_OK != expect_data_fixed (vec,
571 "blinding_key_secret",
572 &bks,
573 sizeof (bks)))
574 {
575 GNUNET_break (0);
576 return GNUNET_SYSERR;
577 }
578
579 if (GNUNET_OK != expect_data_dynamic (vec,
580 "blinded_message",
581 &blinded_data,
582 &blinded_len))
583 {
584 GNUNET_break (0);
585 return GNUNET_SYSERR;
586 }
587
588 if (GNUNET_OK != expect_data_dynamic (vec,
589 "rsa_public_key",
590 &public_enc_data,
591 &public_enc_len))
592 {
593 GNUNET_free (blinded_data);
594 GNUNET_break (0);
595 return GNUNET_SYSERR;
596 }
597
598 if (GNUNET_OK != expect_data_dynamic (vec,
599 "rsa_private_key",
600 &secret_enc_data,
601 &secret_enc_len))
602 {
603 GNUNET_free (blinded_data);
604 GNUNET_free (public_enc_data);
605 GNUNET_break (0);
606 return GNUNET_SYSERR;
607 }
608
609 if (GNUNET_OK != expect_data_dynamic (vec,
610 "sig",
611 &sig_enc_data,
612 &sig_enc_length))
613 {
614 GNUNET_free (blinded_data);
615 GNUNET_free (public_enc_data);
616 GNUNET_free (secret_enc_data);
617 GNUNET_break (0);
618 return GNUNET_SYSERR;
619 }
620
621 pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data,
622 public_enc_len);
623 GNUNET_assert (NULL != pkey);
624 skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data,
625 secret_enc_len);
626 GNUNET_assert (NULL != skey);
627
628 GNUNET_assert (GNUNET_YES ==
629 GNUNET_CRYPTO_rsa_blind (&message_hash,
630 &bks,
631 pkey,
632 &blinded_data_comp,
633 &blinded_len_comp));
634 if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data,
635 blinded_data_comp,
636 blinded_len)) )
637 {
638 GNUNET_free (blinded_data);
639 GNUNET_free (public_enc_data);
640 GNUNET_free (secret_enc_data);
641 GNUNET_free (sig_enc_data);
642 GNUNET_free (skey);
643 GNUNET_break (0);
644 return GNUNET_NO;
645 }
646 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
647 blinded_len);
648 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
649 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
650 pkey));
651 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
652 &public_enc_data);
653 sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig,
654 &sig_enc_data_comp);
655
656 if ( (sig_enc_length != sig_enc_length_comp) ||
657 (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) ))
658 {
659 GNUNET_free (blinded_sig);
660 GNUNET_free (blinded_data);
661 GNUNET_free (public_enc_data);
662 GNUNET_free (secret_enc_data);
663 GNUNET_free (sig_enc_data);
664 GNUNET_free (skey);
665 GNUNET_break (0);
666 return GNUNET_NO;
667 }
668 GNUNET_free (blinded_sig);
669 GNUNET_free (blinded_data);
670 GNUNET_free (public_enc_data);
671 GNUNET_free (secret_enc_data);
672 GNUNET_free (sig_enc_data);
673 GNUNET_free (skey);
674 }
675 else if (0 == strcmp (operation, "cs_blind_signing"))
676 {
677 struct GNUNET_CRYPTO_CsPrivateKey priv;
678 struct GNUNET_CRYPTO_CsPublicKey pub;
679 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
680 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
681 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
682 struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2];
683 struct GNUNET_CRYPTO_CsC c[2];
684 struct GNUNET_CRYPTO_CsS signature_scalar;
685 struct GNUNET_CRYPTO_CsBlindS blinded_s;
686 struct GNUNET_CRYPTO_CsSignature sig;
687 struct GNUNET_CRYPTO_CsNonce nonce;
688 struct GNUNET_HashCode message_hash;
689 unsigned int b;
690
691 if (GNUNET_OK != expect_data_fixed (vec,
692 "message_hash",
693 &message_hash,
694 sizeof (message_hash)))
695 {
696 GNUNET_break (0);
697 return GNUNET_SYSERR;
698 }
699 if (GNUNET_OK != expect_data_fixed (vec,
700 "cs_public_key",
701 &pub,
702 sizeof (pub)))
703 {
704 GNUNET_break (0);
705 return GNUNET_SYSERR;
706 }
707
708 if (GNUNET_OK != expect_data_fixed (vec,
709 "cs_private_key",
710 &priv,
711 sizeof (priv)))
712 {
713 GNUNET_break (0);
714 return GNUNET_SYSERR;
715 }
716 if (GNUNET_OK != expect_data_fixed (vec,
717 "cs_nonce",
718 &nonce,
719 sizeof (nonce)))
720 {
721 GNUNET_break (0);
722 return GNUNET_SYSERR;
723 }
724 if (GNUNET_OK != expect_data_fixed (vec,
725 "cs_r_priv_0",
726 &r_priv[0],
727 sizeof (r_priv[0])))
728 {
729 GNUNET_break (0);
730 return GNUNET_SYSERR;
731 }
732 if (GNUNET_OK != expect_data_fixed (vec,
733 "cs_r_priv_1",
734 &r_priv[1],
735 sizeof (r_priv[1])))
736 {
737 GNUNET_break (0);
738 return GNUNET_SYSERR;
739 }
740 if (GNUNET_OK != expect_data_fixed (vec,
741 "cs_r_pub_0",
742 &r_pub[0],
743 sizeof (r_pub[0])))
744 {
745 GNUNET_break (0);
746 return GNUNET_SYSERR;
747 }
748 if (GNUNET_OK != expect_data_fixed (vec,
749 "cs_r_pub_1",
750 &r_pub[1],
751 sizeof (r_pub[1])))
752 {
753 GNUNET_break (0);
754 return GNUNET_SYSERR;
755 }
756
757 if (GNUNET_OK != expect_data_fixed (vec,
758 "cs_bs_alpha_0",
759 &bs[0].alpha,
760 sizeof (bs[0].alpha)))
761 {
762 GNUNET_break (0);
763 return GNUNET_SYSERR;
764 }
765 if (GNUNET_OK != expect_data_fixed (vec,
766 "cs_bs_alpha_1",
767 &bs[1].alpha,
768 sizeof (bs[1].alpha)))
769 {
770 GNUNET_break (0);
771 return GNUNET_SYSERR;
772 }
773 if (GNUNET_OK != expect_data_fixed (vec,
774 "cs_bs_beta_0",
775 &bs[0].beta,
776 sizeof (bs[0].beta)))
777 {
778 GNUNET_break (0);
779 return GNUNET_SYSERR;
780 }
781 if (GNUNET_OK != expect_data_fixed (vec,
782 "cs_bs_beta_1",
783 &bs[1].beta,
784 sizeof (bs[1].beta)))
785 {
786 GNUNET_break (0);
787 return GNUNET_SYSERR;
788 }
789 if (GNUNET_OK != expect_data_fixed (vec,
790 "cs_r_pub_blind_0",
791 &r_pub_blind[0],
792 sizeof (r_pub_blind[0])))
793 {
794 GNUNET_break (0);
795 return GNUNET_SYSERR;
796 }
797 if (GNUNET_OK != expect_data_fixed (vec,
798 "cs_r_pub_blind_1",
799 &r_pub_blind[1],
800 sizeof (r_pub_blind[1])))
801 {
802 GNUNET_break (0);
803 return GNUNET_SYSERR;
804 }
805 if (GNUNET_OK != expect_data_fixed (vec,
806 "cs_c_0",
807 &c[0],
808 sizeof (c[0])))
809 {
810 GNUNET_break (0);
811 return GNUNET_SYSERR;
812 }
813 if (GNUNET_OK != expect_data_fixed (vec,
814 "cs_c_1",
815 &c[1],
816 sizeof (c[1])))
817 {
818 GNUNET_break (0);
819 return GNUNET_SYSERR;
820 }
821 if (GNUNET_OK != expect_data_fixed (vec,
822 "cs_blind_s",
823 &blinded_s,
824 sizeof (blinded_s)))
825 {
826 GNUNET_break (0);
827 return GNUNET_SYSERR;
828 }
829 if (GNUNET_OK != expect_data_fixed (vec,
830 "cs_b",
831 &b,
832 sizeof (b)))
833 {
834 GNUNET_break (0);
835 return GNUNET_SYSERR;
836 }
837 if (GNUNET_OK != expect_data_fixed (vec,
838 "cs_sig_s",
839 &signature_scalar,
840 sizeof (signature_scalar)))
841 {
842 GNUNET_break (0);
843 return GNUNET_SYSERR;
844 }
845 sig.s_scalar = signature_scalar;
846 if (GNUNET_OK != expect_data_fixed (vec,
847 "cs_sig_R",
848 &sig.r_point,
849 sizeof (sig.r_point)))
850 {
851 GNUNET_break (0);
852 return GNUNET_SYSERR;
853 }
854
855 if ((b != 1) && (b != 0))
856 {
857 GNUNET_break (0);
858 return GNUNET_SYSERR;
859 }
860
861 struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2];
862 struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2];
863 struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2];
864 struct GNUNET_CRYPTO_CsC c_comp[2];
865 struct GNUNET_CRYPTO_CsRPublic r_pub_blind_comp[2];
866 struct GNUNET_CRYPTO_CsBlindS blinded_s_comp;
867 struct GNUNET_CRYPTO_CsS signature_scalar_comp;
868 struct GNUNET_CRYPTO_CsSignature sig_comp;
869 unsigned int b_comp;
870
871
872 GNUNET_CRYPTO_cs_r_derive (&nonce,
873 "rw",
874 &priv,
875 r_priv_comp);
876 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0],
877 &r_pub_comp[0]);
878 GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1],
879 &r_pub_comp[1]);
880 GNUNET_assert (0 == memcmp (&r_priv_comp,
881 &r_priv,
882 sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2));
883 GNUNET_assert (0 == memcmp (&r_pub_comp,
884 &r_pub,
885 sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
886
887 GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce,
888 bs_comp);
889 GNUNET_assert (0 == memcmp (&bs_comp,
890 &bs,
891 sizeof(struct GNUNET_CRYPTO_CsBlindingSecret)
892 * 2));
893 GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp,
894 r_pub_comp,
895 &pub,
896 &message_hash,
897 sizeof(message_hash),
898 c_comp,
899 r_pub_blind_comp);
900 GNUNET_assert (0 == memcmp (&c_comp,
901 &c,
902 sizeof(struct GNUNET_CRYPTO_CsC) * 2));
903 GNUNET_assert (0 == memcmp (&r_pub_blind_comp,
904 &r_pub_blind,
905 sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2));
906 b_comp = GNUNET_CRYPTO_cs_sign_derive (&priv,
907 r_priv_comp,
908 c_comp,
909 &nonce,
910 &blinded_s_comp);
911 GNUNET_assert (0 == memcmp (&blinded_s_comp,
912 &blinded_s,
913 sizeof(blinded_s)));
914 GNUNET_assert (0 == memcmp (&b_comp,
915 &b,
916 sizeof(b)));
917 GNUNET_CRYPTO_cs_unblind (&blinded_s_comp,
918 &bs_comp[b_comp],
919 &signature_scalar_comp);
920 GNUNET_assert (0 == memcmp (&signature_scalar_comp,
921 &signature_scalar,
922 sizeof(signature_scalar_comp)));
923 sig_comp.r_point = r_pub_blind_comp[b_comp];
924 sig_comp.s_scalar = signature_scalar_comp;
925 GNUNET_assert (0 == memcmp (&sig_comp,
926 &sig,
927 sizeof(sig_comp)));
928 if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig_comp,
929 &pub,
930 &message_hash,
931 sizeof(message_hash)))
932 {
933 GNUNET_break (0);
934 return GNUNET_SYSERR;
935 }
936 }
937 else
938 {
939 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
940 "unsupported operation '%s'\n", operation);
941 }
942
943 return GNUNET_OK;
944}
945
946
947/**
948 * Check test vectors from stdin.
949 *
950 * @returns global exit code
951 */
952static int
953check_vectors ()
954{
955 json_error_t err;
956 json_t *vecfile = json_loadf (stdin, 0, &err);
957 const char *encoding;
958 json_t *vectors;
959
960 if (NULL == vecfile)
961 {
962 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n");
963 return 1;
964 }
965 encoding = json_string_value (json_object_get (vecfile,
966 "encoding"));
967 if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) )
968 {
969 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n");
970 json_decref (vecfile);
971 return 1;
972 }
973 vectors = json_object_get (vecfile, "vectors");
974 if (! json_is_array (vectors))
975 {
976 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n");
977 json_decref (vecfile);
978 return 1;
979 }
980 {
981 /* array is a JSON array */
982 size_t index;
983 json_t *value;
984 int ret;
985
986 json_array_foreach (vectors, index, value) {
987 const char *op = json_string_value (json_object_get (value,
988 "operation"));
989
990 if (NULL == op)
991 {
992 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
993 "missing operation\n");
994 ret = GNUNET_SYSERR;
995 break;
996 }
997 ret = checkvec (op, value);
998 if (GNUNET_OK != ret)
999 {
1000 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1001 "bad vector %u\n",
1002 (unsigned int) index);
1003 break;
1004 }
1005 }
1006 return (ret == GNUNET_OK) ? 0 : 1;
1007 }
1008}
1009
1010
1011/**
1012 * Output test vectors.
1013 *
1014 * @returns global exit code
1015 */
1016static int
1017output_vectors ()
1018{
1019 json_t *vecfile = json_object ();
1020 json_t *vecs = json_array ();
1021
1022 json_object_set_new (vecfile,
1023 "encoding",
1024 json_string ("base32crockford"));
1025 json_object_set_new (vecfile,
1026 "producer",
1027 json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION));
1028 json_object_set_new (vecfile,
1029 "vectors",
1030 vecs);
1031
1032 {
1033 json_t *vec = vec_for (vecs, "hash");
1034 struct GNUNET_HashCode hc;
1035 char *str = "Hello, GNUnet";
1036
1037 GNUNET_CRYPTO_hash (str, strlen (str), &hc);
1038
1039 d2j (vec, "input", str, strlen (str));
1040 d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode));
1041 }
1042 {
1043 json_t *vec = vec_for (vecs, "ecc_ecdh");
1044 struct GNUNET_CRYPTO_EcdhePrivateKey priv1;
1045 struct GNUNET_CRYPTO_EcdhePublicKey pub1;
1046 struct GNUNET_CRYPTO_EcdhePrivateKey priv2;
1047 struct GNUNET_HashCode skm;
1048
1049 GNUNET_CRYPTO_ecdhe_key_create (&priv1);
1050 GNUNET_CRYPTO_ecdhe_key_create (&priv2);
1051 GNUNET_CRYPTO_ecdhe_key_get_public (&priv1,
1052 &pub1);
1053 GNUNET_assert (GNUNET_OK ==
1054 GNUNET_CRYPTO_ecc_ecdh (&priv2,
1055 &pub1,
1056 &skm));
1057
1058 d2j (vec,
1059 "priv1",
1060 &priv1,
1061 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1062 d2j (vec,
1063 "pub1",
1064 &pub1,
1065 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1066 d2j (vec,
1067 "priv2",
1068 &priv2,
1069 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1070 d2j (vec,
1071 "skm",
1072 &skm,
1073 sizeof (struct GNUNET_HashCode));
1074 }
1075
1076 {
1077 json_t *vec = vec_for (vecs, "eddsa_key_derivation");
1078 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1079 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1080
1081 GNUNET_CRYPTO_eddsa_key_create (&priv);
1082 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1083 &pub);
1084
1085 d2j (vec,
1086 "priv",
1087 &priv,
1088 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1089 d2j (vec,
1090 "pub",
1091 &pub,
1092 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1093 }
1094 {
1095 json_t *vec = vec_for (vecs, "eddsa_signing");
1096 struct GNUNET_CRYPTO_EddsaPrivateKey priv;
1097 struct GNUNET_CRYPTO_EddsaPublicKey pub;
1098 struct GNUNET_CRYPTO_EddsaSignature sig;
1099 struct TestSignatureDataPS data = { 0 };
1100
1101 GNUNET_CRYPTO_eddsa_key_create (&priv);
1102 GNUNET_CRYPTO_eddsa_key_get_public (&priv,
1103 &pub);
1104 data.purpose.size = htonl (sizeof (data));
1105 data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
1106 GNUNET_CRYPTO_eddsa_sign (&priv,
1107 &data,
1108 &sig);
1109 GNUNET_assert (GNUNET_OK ==
1110 GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST,
1111 &data,
1112 &sig,
1113 &pub));
1114
1115 d2j (vec,
1116 "priv",
1117 &priv,
1118 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1119 d2j (vec,
1120 "pub",
1121 &pub,
1122 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1123 d2j (vec,
1124 "data",
1125 &data,
1126 sizeof (struct TestSignatureDataPS));
1127 d2j (vec,
1128 "sig",
1129 &sig,
1130 sizeof (struct GNUNET_CRYPTO_EddsaSignature));
1131 }
1132
1133 {
1134 json_t *vec = vec_for (vecs, "kdf");
1135 size_t out_len = 64;
1136 char out[out_len];
1137 char *ikm = "I'm the secret input key material";
1138 char *salt = "I'm very salty";
1139 char *ctx = "I'm a context chunk, also known as 'info' in the RFC";
1140
1141 GNUNET_assert (GNUNET_OK ==
1142 GNUNET_CRYPTO_kdf (&out,
1143 out_len,
1144 salt,
1145 strlen (salt),
1146 ikm,
1147 strlen (ikm),
1148 ctx,
1149 strlen (ctx),
1150 NULL));
1151
1152 d2j (vec,
1153 "salt",
1154 salt,
1155 strlen (salt));
1156 d2j (vec,
1157 "ikm",
1158 ikm,
1159 strlen (ikm));
1160 d2j (vec,
1161 "ctx",
1162 ctx,
1163 strlen (ctx));
1164 uint2j (vec,
1165 "out_len",
1166 (unsigned int) out_len);
1167 d2j (vec,
1168 "out",
1169 out,
1170 out_len);
1171 }
1172 {
1173 json_t *vec = vec_for (vecs, "eddsa_ecdh");
1174 struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe;
1175 struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe;
1176 struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa;
1177 struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa;
1178 struct GNUNET_HashCode key_material;
1179
1180 GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe);
1181 GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe);
1182 GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa);
1183 GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa);
1184 GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material);
1185
1186 d2j (vec, "priv_ecdhe",
1187 &priv_ecdhe,
1188 sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1189 d2j (vec, "pub_ecdhe",
1190 &pub_ecdhe,
1191 sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
1192 d2j (vec, "priv_eddsa",
1193 &priv_eddsa,
1194 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
1195 d2j (vec, "pub_eddsa",
1196 &pub_eddsa,
1197 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
1198 d2j (vec, "key_material",
1199 &key_material,
1200 sizeof (struct GNUNET_HashCode));
1201 }
1202
1203 {
1204 json_t *vec = vec_for (vecs, "edx25519_derive");
1205 struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx;
1206 struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx;
1207 struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx;
1208 struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx;
1209 struct GNUNET_HashCode seed;
1210
1211 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1212 &seed,
1213 sizeof (struct GNUNET_HashCode));
1214 GNUNET_CRYPTO_edx25519_key_create (&priv1_edx);
1215 GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx);
1216 GNUNET_CRYPTO_edx25519_private_key_derive (&priv1_edx,
1217 &seed,
1218 sizeof (seed),
1219 &priv2_edx);
1220 GNUNET_CRYPTO_edx25519_public_key_derive (&pub1_edx,
1221 &seed,
1222 sizeof (seed),
1223 &pub2_edx);
1224
1225 d2j (vec, "priv1_edx",
1226 &priv1_edx,
1227 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1228 d2j (vec, "pub1_edx",
1229 &pub1_edx,
1230 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1231 d2j (vec, "seed",
1232 &seed,
1233 sizeof (struct GNUNET_HashCode));
1234 d2j (vec, "priv2_edx",
1235 &priv2_edx,
1236 sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey));
1237 d2j (vec, "pub2_edx",
1238 &pub2_edx,
1239 sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey));
1240 }
1241
1242 {
1243 json_t *vec = vec_for (vecs, "rsa_blind_signing");
1244
1245 struct GNUNET_CRYPTO_RsaPrivateKey *skey;
1246 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
1247 struct GNUNET_HashCode message_hash;
1248 struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
1249 struct GNUNET_CRYPTO_RsaSignature *blinded_sig;
1250 struct GNUNET_CRYPTO_RsaSignature *sig;
1251 void *blinded_data;
1252 size_t blinded_len;
1253 void *public_enc_data;
1254 size_t public_enc_len;
1255 void *secret_enc_data;
1256 size_t secret_enc_len;
1257 void *blinded_sig_enc_data;
1258 size_t blinded_sig_enc_length;
1259 void *sig_enc_data;
1260 size_t sig_enc_length;
1261
1262 skey = GNUNET_CRYPTO_rsa_private_key_create (2048);
1263 pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey);
1264 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1265 &message_hash,
1266 sizeof (struct GNUNET_HashCode));
1267 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1268 &bks,
1269 sizeof (struct
1270 GNUNET_CRYPTO_RsaBlindingKeySecret));
1271 GNUNET_assert (GNUNET_YES ==
1272 GNUNET_CRYPTO_rsa_blind (&message_hash,
1273 &bks,
1274 pkey,
1275 &blinded_data,
1276 &blinded_len));
1277 blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data,
1278 blinded_len);
1279 sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey);
1280 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig,
1281 pkey));
1282 public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey,
1283 &public_enc_data);
1284 secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey,
1285 &secret_enc_data);
1286 blinded_sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig,
1287 &
1288 blinded_sig_enc_data);
1289 sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data);
1290 d2j (vec,
1291 "message_hash",
1292 &message_hash,
1293 sizeof (struct GNUNET_HashCode));
1294 d2j (vec,
1295 "rsa_public_key",
1296 public_enc_data,
1297 public_enc_len);
1298 d2j (vec,
1299 "rsa_private_key",
1300 secret_enc_data,
1301 secret_enc_len);
1302 d2j (vec,
1303 "blinding_key_secret",
1304 &bks,
1305 sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret));
1306 d2j (vec,
1307 "blinded_message",
1308 blinded_data,
1309 blinded_len);
1310 d2j (vec,
1311 "blinded_sig",
1312 blinded_sig_enc_data,
1313 blinded_sig_enc_length);
1314 d2j (vec,
1315 "sig",
1316 sig_enc_data,
1317 sig_enc_length);
1318 GNUNET_CRYPTO_rsa_private_key_free (skey);
1319 GNUNET_CRYPTO_rsa_public_key_free (pkey);
1320 GNUNET_CRYPTO_rsa_signature_free (sig);
1321 GNUNET_CRYPTO_rsa_signature_free (blinded_sig);
1322 GNUNET_free (public_enc_data);
1323 GNUNET_free (blinded_data);
1324 GNUNET_free (sig_enc_data);
1325 GNUNET_free (blinded_sig_enc_data);
1326 GNUNET_free (secret_enc_data);
1327 }
1328
1329 {
1330 json_t *vec = vec_for (vecs, "cs_blind_signing");
1331
1332 struct GNUNET_CRYPTO_CsPrivateKey priv;
1333 struct GNUNET_CRYPTO_CsPublicKey pub;
1334 struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
1335 struct GNUNET_CRYPTO_CsRSecret r_priv[2];
1336 struct GNUNET_CRYPTO_CsRPublic r_pub[2];
1337 struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2];
1338 struct GNUNET_CRYPTO_CsC c[2];
1339 struct GNUNET_CRYPTO_CsS signature_scalar;
1340 struct GNUNET_CRYPTO_CsBlindS blinded_s;
1341 struct GNUNET_CRYPTO_CsSignature sig;
1342 struct GNUNET_CRYPTO_CsNonce nonce;
1343 unsigned int b;
1344 struct GNUNET_HashCode message_hash;
1345
1346 GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
1347 &message_hash,
1348 sizeof (struct GNUNET_HashCode));
1349
1350 GNUNET_CRYPTO_cs_private_key_generate (&priv);
1351 GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub);
1352
1353 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_hkdf (nonce.nonce,
1354 sizeof(nonce.nonce),
1355 GCRY_MD_SHA512,
1356 GCRY_MD_SHA256,
1357 "nonce",
1358 strlen ("nonce"),
1359 "nonce_secret",
1360 strlen ("nonce_secret"),
1361 NULL,
1362 0));
1363 GNUNET_CRYPTO_cs_r_derive (&nonce,
1364 "rw",
1365 &priv,
1366 r_priv);
1367 GNUNET_CRYPTO_cs_r_get_public (&r_priv[0],
1368 &r_pub[0]);
1369 GNUNET_CRYPTO_cs_r_get_public (&r_priv[1],
1370 &r_pub[1]);
1371 GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce,
1372 bs);
1373 GNUNET_CRYPTO_cs_calc_blinded_c (bs,
1374 r_pub,
1375 &pub,
1376 &message_hash,
1377 sizeof(message_hash),
1378 c,
1379 r_pub_blind);
1380 b = GNUNET_CRYPTO_cs_sign_derive (&priv,
1381 r_priv,
1382 c,
1383 &nonce,
1384 &blinded_s);
1385 GNUNET_CRYPTO_cs_unblind (&blinded_s, &bs[b], &signature_scalar);
1386 sig.r_point = r_pub_blind[b];
1387 sig.s_scalar = signature_scalar;
1388 if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig,
1389 &pub,
1390 &message_hash,
1391 sizeof(message_hash)))
1392 {
1393 GNUNET_break (0);
1394 return GNUNET_SYSERR;
1395 }
1396 d2j (vec,
1397 "message_hash",
1398 &message_hash,
1399 sizeof (struct GNUNET_HashCode));
1400 d2j (vec,
1401 "cs_public_key",
1402 &pub,
1403 sizeof(pub));
1404 d2j (vec,
1405 "cs_private_key",
1406 &priv,
1407 sizeof(priv));
1408 d2j (vec,
1409 "cs_nonce",
1410 &nonce,
1411 sizeof(nonce));
1412 d2j (vec,
1413 "cs_r_priv_0",
1414 &r_priv[0],
1415 sizeof(r_priv[0]));
1416 d2j (vec,
1417 "cs_r_priv_1",
1418 &r_priv[1],
1419 sizeof(r_priv[1]));
1420 d2j (vec,
1421 "cs_r_pub_0",
1422 &r_pub[0],
1423 sizeof(r_pub[0]));
1424 d2j (vec,
1425 "cs_r_pub_1",
1426 &r_pub[1],
1427 sizeof(r_pub[1]));
1428 d2j (vec,
1429 "cs_bs_alpha_0",
1430 &bs[0].alpha,
1431 sizeof(bs[0].alpha));
1432 d2j (vec,
1433 "cs_bs_alpha_1",
1434 &bs[1].alpha,
1435 sizeof(bs[1].alpha));
1436 d2j (vec,
1437 "cs_bs_beta_0",
1438 &bs[0].beta,
1439 sizeof(bs[0].beta));
1440 d2j (vec,
1441 "cs_bs_beta_1",
1442 &bs[1].beta,
1443 sizeof(bs[1].beta));
1444 d2j (vec,
1445 "cs_r_pub_blind_0",
1446 &r_pub_blind[0],
1447 sizeof(r_pub_blind[0]));
1448 d2j (vec,
1449 "cs_r_pub_blind_1",
1450 &r_pub_blind[1],
1451 sizeof(r_pub_blind[1]));
1452 d2j (vec,
1453 "cs_c_0",
1454 &c[0],
1455 sizeof(c[0]));
1456 d2j (vec,
1457 "cs_c_1",
1458 &c[1],
1459 sizeof(c[1]));
1460 d2j (vec,
1461 "cs_blind_s",
1462 &blinded_s,
1463 sizeof(blinded_s));
1464 d2j (vec,
1465 "cs_b",
1466 &b,
1467 sizeof(b));
1468 d2j (vec,
1469 "cs_sig_s",
1470 &signature_scalar,
1471 sizeof(signature_scalar));
1472 d2j (vec,
1473 "cs_sig_R",
1474 &r_pub_blind[b],
1475 sizeof(r_pub_blind[b]));
1476 }
1477
1478 json_dumpf (vecfile, stdout, JSON_INDENT (2));
1479 json_decref (vecfile);
1480 printf ("\n");
1481
1482 return 0;
1483}
1484
1485
1486/**
1487 * Main function that will be run.
1488 *
1489 * @param cls closure
1490 * @param args remaining command-line arguments
1491 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
1492 * @param cfg configuration
1493 */
1494static void
1495run (void *cls,
1496 char *const *args,
1497 const char *cfgfile,
1498 const struct GNUNET_CONFIGURATION_Handle *cfg)
1499{
1500 if (GNUNET_YES == verify_flag)
1501 global_ret = check_vectors ();
1502 else
1503 global_ret = output_vectors ();
1504}
1505
1506
1507/**
1508 * The main function of the test vector generation tool.
1509 *
1510 * @param argc number of arguments from the command line
1511 * @param argv command line arguments
1512 * @return 0 ok, 1 on error
1513 */
1514int
1515main (int argc,
1516 char *const *argv)
1517{
1518 const struct GNUNET_GETOPT_CommandLineOption options[] = {
1519 GNUNET_GETOPT_option_flag ('V',
1520 "verify",
1521 gettext_noop (
1522 "verify a test vector from stdin"),
1523 &verify_flag),
1524 GNUNET_GETOPT_OPTION_END
1525 };
1526
1527 GNUNET_assert (GNUNET_OK ==
1528 GNUNET_log_setup ("gnunet-crypto-tvg",
1529 "INFO",
1530 NULL));
1531 if (GNUNET_OK !=
1532 GNUNET_PROGRAM_run (argc, argv,
1533 "gnunet-crypto-tvg",
1534 "Generate test vectors for cryptographic operations",
1535 options,
1536 &run, NULL))
1537 return 1;
1538 return global_ret;
1539}
1540
1541
1542/* end of gnunet-crypto-tvg.c */
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-26 05:39:13 +0000