diff options
Diffstat (limited to 'src/util/gnunet-crypto-tvg.c')
-rw-r--r-- | src/util/gnunet-crypto-tvg.c | 1542 |
1 files changed, 0 insertions, 1542 deletions
diff --git a/src/util/gnunet-crypto-tvg.c b/src/util/gnunet-crypto-tvg.c deleted file mode 100644 index 76c379784..000000000 --- a/src/util/gnunet-crypto-tvg.c +++ /dev/null | |||
@@ -1,1542 +0,0 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | Copyright (C) 2020 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file util/gnunet-crypto-tgv.c | ||
23 | * @brief Generate test vectors for cryptographic operations. | ||
24 | * @author Florian Dold | ||
25 | * | ||
26 | * Note that this program shouldn't depend on code in src/json/, | ||
27 | * so we're using raw jansson and no GNUnet JSON helpers. | ||
28 | * | ||
29 | * Test vectors have the following format (TypeScript pseudo code): | ||
30 | * | ||
31 | * interface TestVectorFile { | ||
32 | * encoding: "base32crockford"; | ||
33 | * producer?: string; | ||
34 | * vectors: TestVector[]; | ||
35 | * } | ||
36 | * | ||
37 | * enum Operation { | ||
38 | * Hash("hash"), | ||
39 | * ... | ||
40 | * } | ||
41 | * | ||
42 | * interface TestVector { | ||
43 | * operation: Operation; | ||
44 | * // Inputs for the operation | ||
45 | * [ k: string]: string | number; | ||
46 | * }; | ||
47 | * | ||
48 | * | ||
49 | */ | ||
50 | #include "platform.h" | ||
51 | #include "gnunet_util_lib.h" | ||
52 | #include "gnunet_signatures.h" | ||
53 | #include "gnunet_testing_lib.h" | ||
54 | #include <jansson.h> | ||
55 | #include <gcrypt.h> | ||
56 | |||
57 | GNUNET_NETWORK_STRUCT_BEGIN | ||
58 | |||
59 | /** | ||
60 | * Sample signature struct. | ||
61 | * | ||
62 | * Purpose is #GNUNET_SIGNATURE_PURPOSE_TEST | ||
63 | */ | ||
64 | struct TestSignatureDataPS | ||
65 | { | ||
66 | struct GNUNET_CRYPTO_EccSignaturePurpose purpose; | ||
67 | uint32_t testval; | ||
68 | }; | ||
69 | |||
70 | GNUNET_NETWORK_STRUCT_END | ||
71 | |||
72 | |||
73 | /** | ||
74 | * Should we verify or output test vectors? | ||
75 | */ | ||
76 | static int verify_flag = GNUNET_NO; | ||
77 | |||
78 | |||
79 | /** | ||
80 | * Global exit code. | ||
81 | */ | ||
82 | static int global_ret = 0; | ||
83 | |||
84 | |||
85 | /** | ||
86 | * Create a fresh test vector for a given operation label. | ||
87 | * | ||
88 | * @param vecs array of vectors to append the new vector to | ||
89 | * @param vecname label for the operation of the vector | ||
90 | * @returns the fresh test vector | ||
91 | */ | ||
92 | static json_t * | ||
93 | vec_for (json_t *vecs, const char *vecname) | ||
94 | { | ||
95 | json_t *t = json_object (); | ||
96 | |||
97 | json_object_set_new (t, | ||
98 | "operation", | ||
99 | json_string (vecname)); | ||
100 | json_array_append_new (vecs, t); | ||
101 | return t; | ||
102 | } | ||
103 | |||
104 | |||
105 | /** | ||
106 | * Add a base32crockford encoded value | ||
107 | * to a test vector. | ||
108 | * | ||
109 | * @param vec test vector to add to | ||
110 | * @param label label for the value | ||
111 | * @param data data to add | ||
112 | * @param size size of data | ||
113 | */ | ||
114 | static void | ||
115 | d2j (json_t *vec, | ||
116 | const char *label, | ||
117 | const void *data, | ||
118 | size_t size) | ||
119 | { | ||
120 | char *buf; | ||
121 | json_t *json; | ||
122 | |||
123 | buf = GNUNET_STRINGS_data_to_string_alloc (data, size); | ||
124 | json = json_string (buf); | ||
125 | GNUNET_free (buf); | ||
126 | GNUNET_break (NULL != json); | ||
127 | |||
128 | json_object_set_new (vec, label, json); | ||
129 | } | ||
130 | |||
131 | |||
132 | /** | ||
133 | * Add a number to a test vector. | ||
134 | * | ||
135 | * @param vec test vector to add to | ||
136 | * @param label label for the value | ||
137 | * @param data data to add | ||
138 | * @param size size of data | ||
139 | */ | ||
140 | static void | ||
141 | uint2j (json_t *vec, | ||
142 | const char *label, | ||
143 | unsigned int num) | ||
144 | { | ||
145 | json_t *json = json_integer (num); | ||
146 | |||
147 | json_object_set_new (vec, label, json); | ||
148 | } | ||
149 | |||
150 | |||
151 | static int | ||
152 | expect_data_fixed (json_t *vec, | ||
153 | const char *name, | ||
154 | void *data, | ||
155 | size_t expect_len) | ||
156 | { | ||
157 | const char *s = json_string_value (json_object_get (vec, name)); | ||
158 | |||
159 | if (NULL == s) | ||
160 | return GNUNET_NO; | ||
161 | |||
162 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, | ||
163 | strlen (s), | ||
164 | data, | ||
165 | expect_len)) | ||
166 | return GNUNET_NO; | ||
167 | return GNUNET_OK; | ||
168 | } | ||
169 | |||
170 | |||
171 | static int | ||
172 | expect_data_dynamic (json_t *vec, | ||
173 | const char *name, | ||
174 | void **data, | ||
175 | size_t *ret_len) | ||
176 | { | ||
177 | const char *s = json_string_value (json_object_get (vec, name)); | ||
178 | char *tmp; | ||
179 | size_t len; | ||
180 | |||
181 | if (NULL == s) | ||
182 | return GNUNET_NO; | ||
183 | |||
184 | len = (strlen (s) * 5) / 8; | ||
185 | if (NULL != ret_len) | ||
186 | *ret_len = len; | ||
187 | tmp = GNUNET_malloc (len); | ||
188 | |||
189 | if (GNUNET_OK != GNUNET_STRINGS_string_to_data (s, strlen (s), tmp, len)) | ||
190 | { | ||
191 | GNUNET_free (tmp); | ||
192 | return GNUNET_NO; | ||
193 | } | ||
194 | *data = tmp; | ||
195 | return GNUNET_OK; | ||
196 | } | ||
197 | |||
198 | |||
199 | /** | ||
200 | * Check a single vector. | ||
201 | * | ||
202 | * @param operation operator of the vector | ||
203 | * @param vec the vector, a JSON object. | ||
204 | * | ||
205 | * @returns GNUNET_OK if the vector is okay | ||
206 | */ | ||
207 | static int | ||
208 | checkvec (const char *operation, | ||
209 | json_t *vec) | ||
210 | { | ||
211 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
212 | "checking %s\n", operation); | ||
213 | |||
214 | if (0 == strcmp (operation, "hash")) | ||
215 | { | ||
216 | void *data; | ||
217 | size_t data_len; | ||
218 | struct GNUNET_HashCode hash_out; | ||
219 | struct GNUNET_HashCode hc; | ||
220 | |||
221 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
222 | "input", | ||
223 | &data, | ||
224 | &data_len)) | ||
225 | { | ||
226 | GNUNET_break (0); | ||
227 | return GNUNET_SYSERR; | ||
228 | } | ||
229 | if (GNUNET_OK != expect_data_fixed (vec, | ||
230 | "output", | ||
231 | &hash_out, | ||
232 | sizeof (hash_out))) | ||
233 | { | ||
234 | GNUNET_free (data); | ||
235 | GNUNET_break (0); | ||
236 | return GNUNET_NO; | ||
237 | } | ||
238 | |||
239 | GNUNET_CRYPTO_hash (data, data_len, &hc); | ||
240 | |||
241 | if (0 != GNUNET_memcmp (&hc, &hash_out)) | ||
242 | { | ||
243 | GNUNET_free (data); | ||
244 | GNUNET_break (0); | ||
245 | return GNUNET_NO; | ||
246 | } | ||
247 | GNUNET_free (data); | ||
248 | } | ||
249 | else if (0 == strcmp (operation, "ecc_ecdh")) | ||
250 | { | ||
251 | struct GNUNET_CRYPTO_EcdhePrivateKey priv1; | ||
252 | struct GNUNET_CRYPTO_EcdhePublicKey pub1; | ||
253 | struct GNUNET_CRYPTO_EcdhePrivateKey priv2; | ||
254 | struct GNUNET_HashCode skm; | ||
255 | struct GNUNET_HashCode skm_comp; | ||
256 | |||
257 | if (GNUNET_OK != expect_data_fixed (vec, | ||
258 | "priv1", | ||
259 | &priv1, | ||
260 | sizeof (priv1))) | ||
261 | { | ||
262 | GNUNET_break (0); | ||
263 | return GNUNET_NO; | ||
264 | } | ||
265 | if (GNUNET_OK != expect_data_fixed (vec, | ||
266 | "priv2", | ||
267 | &priv2, | ||
268 | sizeof (priv2))) | ||
269 | { | ||
270 | GNUNET_break (0); | ||
271 | return GNUNET_NO; | ||
272 | } | ||
273 | if (GNUNET_OK != expect_data_fixed (vec, | ||
274 | "pub1", | ||
275 | &pub1, | ||
276 | sizeof (pub1))) | ||
277 | { | ||
278 | GNUNET_break (0); | ||
279 | return GNUNET_NO; | ||
280 | } | ||
281 | if (GNUNET_OK != expect_data_fixed (vec, | ||
282 | "skm", | ||
283 | &skm, | ||
284 | sizeof (skm))) | ||
285 | { | ||
286 | GNUNET_break (0); | ||
287 | return GNUNET_NO; | ||
288 | } | ||
289 | GNUNET_assert (GNUNET_OK == | ||
290 | GNUNET_CRYPTO_ecc_ecdh (&priv2, | ||
291 | &pub1, | ||
292 | &skm_comp)); | ||
293 | if (0 != GNUNET_memcmp (&skm, &skm_comp)) | ||
294 | { | ||
295 | GNUNET_break (0); | ||
296 | return GNUNET_NO; | ||
297 | } | ||
298 | } | ||
299 | else if (0 == strcmp (operation, "eddsa_key_derivation")) | ||
300 | { | ||
301 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
302 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
303 | struct GNUNET_CRYPTO_EddsaPublicKey pub_comp; | ||
304 | |||
305 | if (GNUNET_OK != expect_data_fixed (vec, | ||
306 | "priv", | ||
307 | &priv, | ||
308 | sizeof (priv))) | ||
309 | { | ||
310 | GNUNET_break (0); | ||
311 | return GNUNET_NO; | ||
312 | } | ||
313 | |||
314 | if (GNUNET_OK != expect_data_fixed (vec, | ||
315 | "pub", | ||
316 | &pub, | ||
317 | sizeof (pub))) | ||
318 | { | ||
319 | GNUNET_break (0); | ||
320 | return GNUNET_NO; | ||
321 | } | ||
322 | |||
323 | GNUNET_CRYPTO_eddsa_key_get_public (&priv, | ||
324 | &pub_comp); | ||
325 | if (0 != GNUNET_memcmp (&pub, &pub_comp)) | ||
326 | { | ||
327 | GNUNET_break (0); | ||
328 | return GNUNET_NO; | ||
329 | } | ||
330 | |||
331 | } | ||
332 | else if (0 == strcmp (operation, "eddsa_signing")) | ||
333 | { | ||
334 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
335 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
336 | struct TestSignatureDataPS data = { 0 }; | ||
337 | struct GNUNET_CRYPTO_EddsaSignature sig; | ||
338 | struct GNUNET_CRYPTO_EddsaSignature sig_comp; | ||
339 | |||
340 | if (GNUNET_OK != expect_data_fixed (vec, | ||
341 | "priv", | ||
342 | &priv, | ||
343 | sizeof (priv))) | ||
344 | { | ||
345 | GNUNET_break (0); | ||
346 | return GNUNET_NO; | ||
347 | } | ||
348 | |||
349 | if (GNUNET_OK != expect_data_fixed (vec, | ||
350 | "pub", | ||
351 | &pub, | ||
352 | sizeof (pub))) | ||
353 | { | ||
354 | GNUNET_break (0); | ||
355 | return GNUNET_NO; | ||
356 | } | ||
357 | |||
358 | if (GNUNET_OK != expect_data_fixed (vec, | ||
359 | "data", | ||
360 | &data, | ||
361 | sizeof (data))) | ||
362 | { | ||
363 | GNUNET_break (0); | ||
364 | return GNUNET_NO; | ||
365 | } | ||
366 | |||
367 | if (GNUNET_OK != expect_data_fixed (vec, | ||
368 | "sig", | ||
369 | &sig, | ||
370 | sizeof (sig))) | ||
371 | { | ||
372 | GNUNET_break (0); | ||
373 | return GNUNET_NO; | ||
374 | } | ||
375 | |||
376 | GNUNET_CRYPTO_eddsa_sign (&priv, | ||
377 | &data, | ||
378 | &sig_comp); | ||
379 | GNUNET_assert (GNUNET_OK == | ||
380 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, | ||
381 | &data, | ||
382 | &sig, | ||
383 | &pub)); | ||
384 | if (0 != GNUNET_memcmp (&sig, &sig_comp)) | ||
385 | { | ||
386 | GNUNET_break (0); | ||
387 | return GNUNET_NO; | ||
388 | } | ||
389 | } | ||
390 | else if (0 == strcmp (operation, "kdf")) | ||
391 | { | ||
392 | size_t out_len; | ||
393 | void *out; | ||
394 | size_t out_len_comp; | ||
395 | void *out_comp; | ||
396 | void *ikm; | ||
397 | size_t ikm_len; | ||
398 | void *salt; | ||
399 | size_t salt_len; | ||
400 | void *ctx; | ||
401 | size_t ctx_len; | ||
402 | |||
403 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
404 | "out", | ||
405 | &out, | ||
406 | &out_len)) | ||
407 | { | ||
408 | GNUNET_break (0); | ||
409 | return GNUNET_SYSERR; | ||
410 | } | ||
411 | |||
412 | out_len_comp = out_len; | ||
413 | out_comp = GNUNET_malloc (out_len_comp); | ||
414 | |||
415 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
416 | "ikm", | ||
417 | &ikm, | ||
418 | &ikm_len)) | ||
419 | { | ||
420 | GNUNET_free (out); | ||
421 | GNUNET_free (out_comp); | ||
422 | GNUNET_break (0); | ||
423 | return GNUNET_SYSERR; | ||
424 | } | ||
425 | |||
426 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
427 | "salt", | ||
428 | &salt, | ||
429 | &salt_len)) | ||
430 | { | ||
431 | GNUNET_free (out); | ||
432 | GNUNET_free (out_comp); | ||
433 | GNUNET_free (ikm); | ||
434 | GNUNET_break (0); | ||
435 | return GNUNET_SYSERR; | ||
436 | } | ||
437 | |||
438 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
439 | "ctx", | ||
440 | &ctx, | ||
441 | &ctx_len)) | ||
442 | { | ||
443 | GNUNET_free (out); | ||
444 | GNUNET_free (out_comp); | ||
445 | GNUNET_free (ikm); | ||
446 | GNUNET_free (salt); | ||
447 | GNUNET_break (0); | ||
448 | return GNUNET_SYSERR; | ||
449 | } | ||
450 | |||
451 | GNUNET_assert (GNUNET_OK == | ||
452 | GNUNET_CRYPTO_kdf (out_comp, | ||
453 | out_len_comp, | ||
454 | salt, | ||
455 | salt_len, | ||
456 | ikm, | ||
457 | ikm_len, | ||
458 | ctx, | ||
459 | ctx_len, | ||
460 | NULL)); | ||
461 | |||
462 | if (0 != memcmp (out, out_comp, out_len)) | ||
463 | { | ||
464 | GNUNET_free (out); | ||
465 | GNUNET_free (out_comp); | ||
466 | GNUNET_free (ikm); | ||
467 | GNUNET_free (salt); | ||
468 | GNUNET_free (ctx); | ||
469 | GNUNET_break (0); | ||
470 | return GNUNET_NO; | ||
471 | } | ||
472 | GNUNET_free (out); | ||
473 | GNUNET_free (out_comp); | ||
474 | GNUNET_free (ikm); | ||
475 | GNUNET_free (salt); | ||
476 | GNUNET_free (ctx); | ||
477 | } | ||
478 | else if (0 == strcmp (operation, "eddsa_ecdh")) | ||
479 | { | ||
480 | struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe; | ||
481 | struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe; | ||
482 | struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa; | ||
483 | struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa; | ||
484 | struct GNUNET_HashCode key_material; | ||
485 | struct GNUNET_HashCode key_material_comp; | ||
486 | |||
487 | if (GNUNET_OK != expect_data_fixed (vec, | ||
488 | "priv_ecdhe", | ||
489 | &priv_ecdhe, | ||
490 | sizeof (priv_ecdhe))) | ||
491 | { | ||
492 | GNUNET_break (0); | ||
493 | return GNUNET_NO; | ||
494 | } | ||
495 | |||
496 | if (GNUNET_OK != expect_data_fixed (vec, | ||
497 | "pub_ecdhe", | ||
498 | &pub_ecdhe, | ||
499 | sizeof (pub_ecdhe))) | ||
500 | { | ||
501 | GNUNET_break (0); | ||
502 | return GNUNET_NO; | ||
503 | } | ||
504 | |||
505 | if (GNUNET_OK != expect_data_fixed (vec, | ||
506 | "priv_eddsa", | ||
507 | &priv_eddsa, | ||
508 | sizeof (priv_eddsa))) | ||
509 | { | ||
510 | GNUNET_break (0); | ||
511 | return GNUNET_NO; | ||
512 | } | ||
513 | |||
514 | if (GNUNET_OK != expect_data_fixed (vec, | ||
515 | "pub_eddsa", | ||
516 | &pub_eddsa, | ||
517 | sizeof (pub_eddsa))) | ||
518 | { | ||
519 | GNUNET_break (0); | ||
520 | return GNUNET_NO; | ||
521 | } | ||
522 | |||
523 | if (GNUNET_OK != expect_data_fixed (vec, | ||
524 | "key_material", | ||
525 | &key_material, | ||
526 | sizeof (key_material))) | ||
527 | { | ||
528 | GNUNET_break (0); | ||
529 | return GNUNET_NO; | ||
530 | } | ||
531 | |||
532 | GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material_comp); | ||
533 | |||
534 | if (0 != GNUNET_memcmp (&key_material, &key_material_comp)) | ||
535 | { | ||
536 | GNUNET_break (0); | ||
537 | return GNUNET_NO; | ||
538 | } | ||
539 | } | ||
540 | else if (0 == strcmp (operation, "rsa_blind_signing")) | ||
541 | { | ||
542 | struct GNUNET_CRYPTO_RsaPrivateKey *skey; | ||
543 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; | ||
544 | struct GNUNET_HashCode message_hash; | ||
545 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; | ||
546 | struct GNUNET_CRYPTO_RsaSignature *blinded_sig; | ||
547 | struct GNUNET_CRYPTO_RsaSignature *sig; | ||
548 | void *blinded_data; | ||
549 | size_t blinded_len; | ||
550 | void *blinded_data_comp; | ||
551 | size_t blinded_len_comp; | ||
552 | void *public_enc_data; | ||
553 | size_t public_enc_len; | ||
554 | void *secret_enc_data; | ||
555 | size_t secret_enc_len; | ||
556 | void *sig_enc_data; | ||
557 | size_t sig_enc_length; | ||
558 | void *sig_enc_data_comp; | ||
559 | size_t sig_enc_length_comp; | ||
560 | |||
561 | if (GNUNET_OK != expect_data_fixed (vec, | ||
562 | "message_hash", | ||
563 | &message_hash, | ||
564 | sizeof (message_hash))) | ||
565 | { | ||
566 | GNUNET_break (0); | ||
567 | return GNUNET_SYSERR; | ||
568 | } | ||
569 | |||
570 | if (GNUNET_OK != expect_data_fixed (vec, | ||
571 | "blinding_key_secret", | ||
572 | &bks, | ||
573 | sizeof (bks))) | ||
574 | { | ||
575 | GNUNET_break (0); | ||
576 | return GNUNET_SYSERR; | ||
577 | } | ||
578 | |||
579 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
580 | "blinded_message", | ||
581 | &blinded_data, | ||
582 | &blinded_len)) | ||
583 | { | ||
584 | GNUNET_break (0); | ||
585 | return GNUNET_SYSERR; | ||
586 | } | ||
587 | |||
588 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
589 | "rsa_public_key", | ||
590 | &public_enc_data, | ||
591 | &public_enc_len)) | ||
592 | { | ||
593 | GNUNET_free (blinded_data); | ||
594 | GNUNET_break (0); | ||
595 | return GNUNET_SYSERR; | ||
596 | } | ||
597 | |||
598 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
599 | "rsa_private_key", | ||
600 | &secret_enc_data, | ||
601 | &secret_enc_len)) | ||
602 | { | ||
603 | GNUNET_free (blinded_data); | ||
604 | GNUNET_free (public_enc_data); | ||
605 | GNUNET_break (0); | ||
606 | return GNUNET_SYSERR; | ||
607 | } | ||
608 | |||
609 | if (GNUNET_OK != expect_data_dynamic (vec, | ||
610 | "sig", | ||
611 | &sig_enc_data, | ||
612 | &sig_enc_length)) | ||
613 | { | ||
614 | GNUNET_free (blinded_data); | ||
615 | GNUNET_free (public_enc_data); | ||
616 | GNUNET_free (secret_enc_data); | ||
617 | GNUNET_break (0); | ||
618 | return GNUNET_SYSERR; | ||
619 | } | ||
620 | |||
621 | pkey = GNUNET_CRYPTO_rsa_public_key_decode (public_enc_data, | ||
622 | public_enc_len); | ||
623 | GNUNET_assert (NULL != pkey); | ||
624 | skey = GNUNET_CRYPTO_rsa_private_key_decode (secret_enc_data, | ||
625 | secret_enc_len); | ||
626 | GNUNET_assert (NULL != skey); | ||
627 | |||
628 | GNUNET_assert (GNUNET_YES == | ||
629 | GNUNET_CRYPTO_rsa_blind (&message_hash, | ||
630 | &bks, | ||
631 | pkey, | ||
632 | &blinded_data_comp, | ||
633 | &blinded_len_comp)); | ||
634 | if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data, | ||
635 | blinded_data_comp, | ||
636 | blinded_len)) ) | ||
637 | { | ||
638 | GNUNET_free (blinded_data); | ||
639 | GNUNET_free (public_enc_data); | ||
640 | GNUNET_free (secret_enc_data); | ||
641 | GNUNET_free (sig_enc_data); | ||
642 | GNUNET_free (skey); | ||
643 | GNUNET_break (0); | ||
644 | return GNUNET_NO; | ||
645 | } | ||
646 | blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data, | ||
647 | blinded_len); | ||
648 | sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey); | ||
649 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig, | ||
650 | pkey)); | ||
651 | public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, | ||
652 | &public_enc_data); | ||
653 | sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig, | ||
654 | &sig_enc_data_comp); | ||
655 | |||
656 | if ( (sig_enc_length != sig_enc_length_comp) || | ||
657 | (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) )) | ||
658 | { | ||
659 | GNUNET_free (blinded_sig); | ||
660 | GNUNET_free (blinded_data); | ||
661 | GNUNET_free (public_enc_data); | ||
662 | GNUNET_free (secret_enc_data); | ||
663 | GNUNET_free (sig_enc_data); | ||
664 | GNUNET_free (skey); | ||
665 | GNUNET_break (0); | ||
666 | return GNUNET_NO; | ||
667 | } | ||
668 | GNUNET_free (blinded_sig); | ||
669 | GNUNET_free (blinded_data); | ||
670 | GNUNET_free (public_enc_data); | ||
671 | GNUNET_free (secret_enc_data); | ||
672 | GNUNET_free (sig_enc_data); | ||
673 | GNUNET_free (skey); | ||
674 | } | ||
675 | else if (0 == strcmp (operation, "cs_blind_signing")) | ||
676 | { | ||
677 | struct GNUNET_CRYPTO_CsPrivateKey priv; | ||
678 | struct GNUNET_CRYPTO_CsPublicKey pub; | ||
679 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
680 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; | ||
681 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
682 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2]; | ||
683 | struct GNUNET_CRYPTO_CsC c[2]; | ||
684 | struct GNUNET_CRYPTO_CsS signature_scalar; | ||
685 | struct GNUNET_CRYPTO_CsBlindS blinded_s; | ||
686 | struct GNUNET_CRYPTO_CsSignature sig; | ||
687 | struct GNUNET_CRYPTO_CsNonce nonce; | ||
688 | struct GNUNET_HashCode message_hash; | ||
689 | unsigned int b; | ||
690 | |||
691 | if (GNUNET_OK != expect_data_fixed (vec, | ||
692 | "message_hash", | ||
693 | &message_hash, | ||
694 | sizeof (message_hash))) | ||
695 | { | ||
696 | GNUNET_break (0); | ||
697 | return GNUNET_SYSERR; | ||
698 | } | ||
699 | if (GNUNET_OK != expect_data_fixed (vec, | ||
700 | "cs_public_key", | ||
701 | &pub, | ||
702 | sizeof (pub))) | ||
703 | { | ||
704 | GNUNET_break (0); | ||
705 | return GNUNET_SYSERR; | ||
706 | } | ||
707 | |||
708 | if (GNUNET_OK != expect_data_fixed (vec, | ||
709 | "cs_private_key", | ||
710 | &priv, | ||
711 | sizeof (priv))) | ||
712 | { | ||
713 | GNUNET_break (0); | ||
714 | return GNUNET_SYSERR; | ||
715 | } | ||
716 | if (GNUNET_OK != expect_data_fixed (vec, | ||
717 | "cs_nonce", | ||
718 | &nonce, | ||
719 | sizeof (nonce))) | ||
720 | { | ||
721 | GNUNET_break (0); | ||
722 | return GNUNET_SYSERR; | ||
723 | } | ||
724 | if (GNUNET_OK != expect_data_fixed (vec, | ||
725 | "cs_r_priv_0", | ||
726 | &r_priv[0], | ||
727 | sizeof (r_priv[0]))) | ||
728 | { | ||
729 | GNUNET_break (0); | ||
730 | return GNUNET_SYSERR; | ||
731 | } | ||
732 | if (GNUNET_OK != expect_data_fixed (vec, | ||
733 | "cs_r_priv_1", | ||
734 | &r_priv[1], | ||
735 | sizeof (r_priv[1]))) | ||
736 | { | ||
737 | GNUNET_break (0); | ||
738 | return GNUNET_SYSERR; | ||
739 | } | ||
740 | if (GNUNET_OK != expect_data_fixed (vec, | ||
741 | "cs_r_pub_0", | ||
742 | &r_pub[0], | ||
743 | sizeof (r_pub[0]))) | ||
744 | { | ||
745 | GNUNET_break (0); | ||
746 | return GNUNET_SYSERR; | ||
747 | } | ||
748 | if (GNUNET_OK != expect_data_fixed (vec, | ||
749 | "cs_r_pub_1", | ||
750 | &r_pub[1], | ||
751 | sizeof (r_pub[1]))) | ||
752 | { | ||
753 | GNUNET_break (0); | ||
754 | return GNUNET_SYSERR; | ||
755 | } | ||
756 | |||
757 | if (GNUNET_OK != expect_data_fixed (vec, | ||
758 | "cs_bs_alpha_0", | ||
759 | &bs[0].alpha, | ||
760 | sizeof (bs[0].alpha))) | ||
761 | { | ||
762 | GNUNET_break (0); | ||
763 | return GNUNET_SYSERR; | ||
764 | } | ||
765 | if (GNUNET_OK != expect_data_fixed (vec, | ||
766 | "cs_bs_alpha_1", | ||
767 | &bs[1].alpha, | ||
768 | sizeof (bs[1].alpha))) | ||
769 | { | ||
770 | GNUNET_break (0); | ||
771 | return GNUNET_SYSERR; | ||
772 | } | ||
773 | if (GNUNET_OK != expect_data_fixed (vec, | ||
774 | "cs_bs_beta_0", | ||
775 | &bs[0].beta, | ||
776 | sizeof (bs[0].beta))) | ||
777 | { | ||
778 | GNUNET_break (0); | ||
779 | return GNUNET_SYSERR; | ||
780 | } | ||
781 | if (GNUNET_OK != expect_data_fixed (vec, | ||
782 | "cs_bs_beta_1", | ||
783 | &bs[1].beta, | ||
784 | sizeof (bs[1].beta))) | ||
785 | { | ||
786 | GNUNET_break (0); | ||
787 | return GNUNET_SYSERR; | ||
788 | } | ||
789 | if (GNUNET_OK != expect_data_fixed (vec, | ||
790 | "cs_r_pub_blind_0", | ||
791 | &r_pub_blind[0], | ||
792 | sizeof (r_pub_blind[0]))) | ||
793 | { | ||
794 | GNUNET_break (0); | ||
795 | return GNUNET_SYSERR; | ||
796 | } | ||
797 | if (GNUNET_OK != expect_data_fixed (vec, | ||
798 | "cs_r_pub_blind_1", | ||
799 | &r_pub_blind[1], | ||
800 | sizeof (r_pub_blind[1]))) | ||
801 | { | ||
802 | GNUNET_break (0); | ||
803 | return GNUNET_SYSERR; | ||
804 | } | ||
805 | if (GNUNET_OK != expect_data_fixed (vec, | ||
806 | "cs_c_0", | ||
807 | &c[0], | ||
808 | sizeof (c[0]))) | ||
809 | { | ||
810 | GNUNET_break (0); | ||
811 | return GNUNET_SYSERR; | ||
812 | } | ||
813 | if (GNUNET_OK != expect_data_fixed (vec, | ||
814 | "cs_c_1", | ||
815 | &c[1], | ||
816 | sizeof (c[1]))) | ||
817 | { | ||
818 | GNUNET_break (0); | ||
819 | return GNUNET_SYSERR; | ||
820 | } | ||
821 | if (GNUNET_OK != expect_data_fixed (vec, | ||
822 | "cs_blind_s", | ||
823 | &blinded_s, | ||
824 | sizeof (blinded_s))) | ||
825 | { | ||
826 | GNUNET_break (0); | ||
827 | return GNUNET_SYSERR; | ||
828 | } | ||
829 | if (GNUNET_OK != expect_data_fixed (vec, | ||
830 | "cs_b", | ||
831 | &b, | ||
832 | sizeof (b))) | ||
833 | { | ||
834 | GNUNET_break (0); | ||
835 | return GNUNET_SYSERR; | ||
836 | } | ||
837 | if (GNUNET_OK != expect_data_fixed (vec, | ||
838 | "cs_sig_s", | ||
839 | &signature_scalar, | ||
840 | sizeof (signature_scalar))) | ||
841 | { | ||
842 | GNUNET_break (0); | ||
843 | return GNUNET_SYSERR; | ||
844 | } | ||
845 | sig.s_scalar = signature_scalar; | ||
846 | if (GNUNET_OK != expect_data_fixed (vec, | ||
847 | "cs_sig_R", | ||
848 | &sig.r_point, | ||
849 | sizeof (sig.r_point))) | ||
850 | { | ||
851 | GNUNET_break (0); | ||
852 | return GNUNET_SYSERR; | ||
853 | } | ||
854 | |||
855 | if ((b != 1) && (b != 0)) | ||
856 | { | ||
857 | GNUNET_break (0); | ||
858 | return GNUNET_SYSERR; | ||
859 | } | ||
860 | |||
861 | struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2]; | ||
862 | struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2]; | ||
863 | struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2]; | ||
864 | struct GNUNET_CRYPTO_CsC c_comp[2]; | ||
865 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind_comp[2]; | ||
866 | struct GNUNET_CRYPTO_CsBlindS blinded_s_comp; | ||
867 | struct GNUNET_CRYPTO_CsS signature_scalar_comp; | ||
868 | struct GNUNET_CRYPTO_CsSignature sig_comp; | ||
869 | unsigned int b_comp; | ||
870 | |||
871 | |||
872 | GNUNET_CRYPTO_cs_r_derive (&nonce, | ||
873 | "rw", | ||
874 | &priv, | ||
875 | r_priv_comp); | ||
876 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0], | ||
877 | &r_pub_comp[0]); | ||
878 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1], | ||
879 | &r_pub_comp[1]); | ||
880 | GNUNET_assert (0 == memcmp (&r_priv_comp, | ||
881 | &r_priv, | ||
882 | sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2)); | ||
883 | GNUNET_assert (0 == memcmp (&r_pub_comp, | ||
884 | &r_pub, | ||
885 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | ||
886 | |||
887 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, | ||
888 | bs_comp); | ||
889 | GNUNET_assert (0 == memcmp (&bs_comp, | ||
890 | &bs, | ||
891 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) | ||
892 | * 2)); | ||
893 | GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp, | ||
894 | r_pub_comp, | ||
895 | &pub, | ||
896 | &message_hash, | ||
897 | sizeof(message_hash), | ||
898 | c_comp, | ||
899 | r_pub_blind_comp); | ||
900 | GNUNET_assert (0 == memcmp (&c_comp, | ||
901 | &c, | ||
902 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); | ||
903 | GNUNET_assert (0 == memcmp (&r_pub_blind_comp, | ||
904 | &r_pub_blind, | ||
905 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | ||
906 | b_comp = GNUNET_CRYPTO_cs_sign_derive (&priv, | ||
907 | r_priv_comp, | ||
908 | c_comp, | ||
909 | &nonce, | ||
910 | &blinded_s_comp); | ||
911 | GNUNET_assert (0 == memcmp (&blinded_s_comp, | ||
912 | &blinded_s, | ||
913 | sizeof(blinded_s))); | ||
914 | GNUNET_assert (0 == memcmp (&b_comp, | ||
915 | &b, | ||
916 | sizeof(b))); | ||
917 | GNUNET_CRYPTO_cs_unblind (&blinded_s_comp, | ||
918 | &bs_comp[b_comp], | ||
919 | &signature_scalar_comp); | ||
920 | GNUNET_assert (0 == memcmp (&signature_scalar_comp, | ||
921 | &signature_scalar, | ||
922 | sizeof(signature_scalar_comp))); | ||
923 | sig_comp.r_point = r_pub_blind_comp[b_comp]; | ||
924 | sig_comp.s_scalar = signature_scalar_comp; | ||
925 | GNUNET_assert (0 == memcmp (&sig_comp, | ||
926 | &sig, | ||
927 | sizeof(sig_comp))); | ||
928 | if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig_comp, | ||
929 | &pub, | ||
930 | &message_hash, | ||
931 | sizeof(message_hash))) | ||
932 | { | ||
933 | GNUNET_break (0); | ||
934 | return GNUNET_SYSERR; | ||
935 | } | ||
936 | } | ||
937 | else | ||
938 | { | ||
939 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
940 | "unsupported operation '%s'\n", operation); | ||
941 | } | ||
942 | |||
943 | return GNUNET_OK; | ||
944 | } | ||
945 | |||
946 | |||
947 | /** | ||
948 | * Check test vectors from stdin. | ||
949 | * | ||
950 | * @returns global exit code | ||
951 | */ | ||
952 | static int | ||
953 | check_vectors () | ||
954 | { | ||
955 | json_error_t err; | ||
956 | json_t *vecfile = json_loadf (stdin, 0, &err); | ||
957 | const char *encoding; | ||
958 | json_t *vectors; | ||
959 | |||
960 | if (NULL == vecfile) | ||
961 | { | ||
962 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unable to parse JSON\n"); | ||
963 | return 1; | ||
964 | } | ||
965 | encoding = json_string_value (json_object_get (vecfile, | ||
966 | "encoding")); | ||
967 | if ( (NULL == encoding) || (0 != strcmp (encoding, "base32crockford")) ) | ||
968 | { | ||
969 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "unsupported or missing encoding\n"); | ||
970 | json_decref (vecfile); | ||
971 | return 1; | ||
972 | } | ||
973 | vectors = json_object_get (vecfile, "vectors"); | ||
974 | if (! json_is_array (vectors)) | ||
975 | { | ||
976 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "bad vectors\n"); | ||
977 | json_decref (vecfile); | ||
978 | return 1; | ||
979 | } | ||
980 | { | ||
981 | /* array is a JSON array */ | ||
982 | size_t index; | ||
983 | json_t *value; | ||
984 | int ret; | ||
985 | |||
986 | json_array_foreach (vectors, index, value) { | ||
987 | const char *op = json_string_value (json_object_get (value, | ||
988 | "operation")); | ||
989 | |||
990 | if (NULL == op) | ||
991 | { | ||
992 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
993 | "missing operation\n"); | ||
994 | ret = GNUNET_SYSERR; | ||
995 | break; | ||
996 | } | ||
997 | ret = checkvec (op, value); | ||
998 | if (GNUNET_OK != ret) | ||
999 | { | ||
1000 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1001 | "bad vector %u\n", | ||
1002 | (unsigned int) index); | ||
1003 | break; | ||
1004 | } | ||
1005 | } | ||
1006 | return (ret == GNUNET_OK) ? 0 : 1; | ||
1007 | } | ||
1008 | } | ||
1009 | |||
1010 | |||
1011 | /** | ||
1012 | * Output test vectors. | ||
1013 | * | ||
1014 | * @returns global exit code | ||
1015 | */ | ||
1016 | static int | ||
1017 | output_vectors () | ||
1018 | { | ||
1019 | json_t *vecfile = json_object (); | ||
1020 | json_t *vecs = json_array (); | ||
1021 | |||
1022 | json_object_set_new (vecfile, | ||
1023 | "encoding", | ||
1024 | json_string ("base32crockford")); | ||
1025 | json_object_set_new (vecfile, | ||
1026 | "producer", | ||
1027 | json_string ("GNUnet " PACKAGE_VERSION " " VCS_VERSION)); | ||
1028 | json_object_set_new (vecfile, | ||
1029 | "vectors", | ||
1030 | vecs); | ||
1031 | |||
1032 | { | ||
1033 | json_t *vec = vec_for (vecs, "hash"); | ||
1034 | struct GNUNET_HashCode hc; | ||
1035 | char *str = "Hello, GNUnet"; | ||
1036 | |||
1037 | GNUNET_CRYPTO_hash (str, strlen (str), &hc); | ||
1038 | |||
1039 | d2j (vec, "input", str, strlen (str)); | ||
1040 | d2j (vec, "output", &hc, sizeof (struct GNUNET_HashCode)); | ||
1041 | } | ||
1042 | { | ||
1043 | json_t *vec = vec_for (vecs, "ecc_ecdh"); | ||
1044 | struct GNUNET_CRYPTO_EcdhePrivateKey priv1; | ||
1045 | struct GNUNET_CRYPTO_EcdhePublicKey pub1; | ||
1046 | struct GNUNET_CRYPTO_EcdhePrivateKey priv2; | ||
1047 | struct GNUNET_HashCode skm; | ||
1048 | |||
1049 | GNUNET_CRYPTO_ecdhe_key_create (&priv1); | ||
1050 | GNUNET_CRYPTO_ecdhe_key_create (&priv2); | ||
1051 | GNUNET_CRYPTO_ecdhe_key_get_public (&priv1, | ||
1052 | &pub1); | ||
1053 | GNUNET_assert (GNUNET_OK == | ||
1054 | GNUNET_CRYPTO_ecc_ecdh (&priv2, | ||
1055 | &pub1, | ||
1056 | &skm)); | ||
1057 | |||
1058 | d2j (vec, | ||
1059 | "priv1", | ||
1060 | &priv1, | ||
1061 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
1062 | d2j (vec, | ||
1063 | "pub1", | ||
1064 | &pub1, | ||
1065 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
1066 | d2j (vec, | ||
1067 | "priv2", | ||
1068 | &priv2, | ||
1069 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
1070 | d2j (vec, | ||
1071 | "skm", | ||
1072 | &skm, | ||
1073 | sizeof (struct GNUNET_HashCode)); | ||
1074 | } | ||
1075 | |||
1076 | { | ||
1077 | json_t *vec = vec_for (vecs, "eddsa_key_derivation"); | ||
1078 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
1079 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
1080 | |||
1081 | GNUNET_CRYPTO_eddsa_key_create (&priv); | ||
1082 | GNUNET_CRYPTO_eddsa_key_get_public (&priv, | ||
1083 | &pub); | ||
1084 | |||
1085 | d2j (vec, | ||
1086 | "priv", | ||
1087 | &priv, | ||
1088 | sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); | ||
1089 | d2j (vec, | ||
1090 | "pub", | ||
1091 | &pub, | ||
1092 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); | ||
1093 | } | ||
1094 | { | ||
1095 | json_t *vec = vec_for (vecs, "eddsa_signing"); | ||
1096 | struct GNUNET_CRYPTO_EddsaPrivateKey priv; | ||
1097 | struct GNUNET_CRYPTO_EddsaPublicKey pub; | ||
1098 | struct GNUNET_CRYPTO_EddsaSignature sig; | ||
1099 | struct TestSignatureDataPS data = { 0 }; | ||
1100 | |||
1101 | GNUNET_CRYPTO_eddsa_key_create (&priv); | ||
1102 | GNUNET_CRYPTO_eddsa_key_get_public (&priv, | ||
1103 | &pub); | ||
1104 | data.purpose.size = htonl (sizeof (data)); | ||
1105 | data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); | ||
1106 | GNUNET_CRYPTO_eddsa_sign (&priv, | ||
1107 | &data, | ||
1108 | &sig); | ||
1109 | GNUNET_assert (GNUNET_OK == | ||
1110 | GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, | ||
1111 | &data, | ||
1112 | &sig, | ||
1113 | &pub)); | ||
1114 | |||
1115 | d2j (vec, | ||
1116 | "priv", | ||
1117 | &priv, | ||
1118 | sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); | ||
1119 | d2j (vec, | ||
1120 | "pub", | ||
1121 | &pub, | ||
1122 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); | ||
1123 | d2j (vec, | ||
1124 | "data", | ||
1125 | &data, | ||
1126 | sizeof (struct TestSignatureDataPS)); | ||
1127 | d2j (vec, | ||
1128 | "sig", | ||
1129 | &sig, | ||
1130 | sizeof (struct GNUNET_CRYPTO_EddsaSignature)); | ||
1131 | } | ||
1132 | |||
1133 | { | ||
1134 | json_t *vec = vec_for (vecs, "kdf"); | ||
1135 | size_t out_len = 64; | ||
1136 | char out[out_len]; | ||
1137 | char *ikm = "I'm the secret input key material"; | ||
1138 | char *salt = "I'm very salty"; | ||
1139 | char *ctx = "I'm a context chunk, also known as 'info' in the RFC"; | ||
1140 | |||
1141 | GNUNET_assert (GNUNET_OK == | ||
1142 | GNUNET_CRYPTO_kdf (&out, | ||
1143 | out_len, | ||
1144 | salt, | ||
1145 | strlen (salt), | ||
1146 | ikm, | ||
1147 | strlen (ikm), | ||
1148 | ctx, | ||
1149 | strlen (ctx), | ||
1150 | NULL)); | ||
1151 | |||
1152 | d2j (vec, | ||
1153 | "salt", | ||
1154 | salt, | ||
1155 | strlen (salt)); | ||
1156 | d2j (vec, | ||
1157 | "ikm", | ||
1158 | ikm, | ||
1159 | strlen (ikm)); | ||
1160 | d2j (vec, | ||
1161 | "ctx", | ||
1162 | ctx, | ||
1163 | strlen (ctx)); | ||
1164 | uint2j (vec, | ||
1165 | "out_len", | ||
1166 | (unsigned int) out_len); | ||
1167 | d2j (vec, | ||
1168 | "out", | ||
1169 | out, | ||
1170 | out_len); | ||
1171 | } | ||
1172 | { | ||
1173 | json_t *vec = vec_for (vecs, "eddsa_ecdh"); | ||
1174 | struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe; | ||
1175 | struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe; | ||
1176 | struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa; | ||
1177 | struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa; | ||
1178 | struct GNUNET_HashCode key_material; | ||
1179 | |||
1180 | GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe); | ||
1181 | GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe); | ||
1182 | GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa); | ||
1183 | GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa); | ||
1184 | GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material); | ||
1185 | |||
1186 | d2j (vec, "priv_ecdhe", | ||
1187 | &priv_ecdhe, | ||
1188 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
1189 | d2j (vec, "pub_ecdhe", | ||
1190 | &pub_ecdhe, | ||
1191 | sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); | ||
1192 | d2j (vec, "priv_eddsa", | ||
1193 | &priv_eddsa, | ||
1194 | sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); | ||
1195 | d2j (vec, "pub_eddsa", | ||
1196 | &pub_eddsa, | ||
1197 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); | ||
1198 | d2j (vec, "key_material", | ||
1199 | &key_material, | ||
1200 | sizeof (struct GNUNET_HashCode)); | ||
1201 | } | ||
1202 | |||
1203 | { | ||
1204 | json_t *vec = vec_for (vecs, "edx25519_derive"); | ||
1205 | struct GNUNET_CRYPTO_Edx25519PrivateKey priv1_edx; | ||
1206 | struct GNUNET_CRYPTO_Edx25519PublicKey pub1_edx; | ||
1207 | struct GNUNET_CRYPTO_Edx25519PrivateKey priv2_edx; | ||
1208 | struct GNUNET_CRYPTO_Edx25519PublicKey pub2_edx; | ||
1209 | struct GNUNET_HashCode seed; | ||
1210 | |||
1211 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1212 | &seed, | ||
1213 | sizeof (struct GNUNET_HashCode)); | ||
1214 | GNUNET_CRYPTO_edx25519_key_create (&priv1_edx); | ||
1215 | GNUNET_CRYPTO_edx25519_key_get_public (&priv1_edx, &pub1_edx); | ||
1216 | GNUNET_CRYPTO_edx25519_private_key_derive (&priv1_edx, | ||
1217 | &seed, | ||
1218 | sizeof (seed), | ||
1219 | &priv2_edx); | ||
1220 | GNUNET_CRYPTO_edx25519_public_key_derive (&pub1_edx, | ||
1221 | &seed, | ||
1222 | sizeof (seed), | ||
1223 | &pub2_edx); | ||
1224 | |||
1225 | d2j (vec, "priv1_edx", | ||
1226 | &priv1_edx, | ||
1227 | sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey)); | ||
1228 | d2j (vec, "pub1_edx", | ||
1229 | &pub1_edx, | ||
1230 | sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey)); | ||
1231 | d2j (vec, "seed", | ||
1232 | &seed, | ||
1233 | sizeof (struct GNUNET_HashCode)); | ||
1234 | d2j (vec, "priv2_edx", | ||
1235 | &priv2_edx, | ||
1236 | sizeof (struct GNUNET_CRYPTO_Edx25519PrivateKey)); | ||
1237 | d2j (vec, "pub2_edx", | ||
1238 | &pub2_edx, | ||
1239 | sizeof (struct GNUNET_CRYPTO_Edx25519PublicKey)); | ||
1240 | } | ||
1241 | |||
1242 | { | ||
1243 | json_t *vec = vec_for (vecs, "rsa_blind_signing"); | ||
1244 | |||
1245 | struct GNUNET_CRYPTO_RsaPrivateKey *skey; | ||
1246 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; | ||
1247 | struct GNUNET_HashCode message_hash; | ||
1248 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; | ||
1249 | struct GNUNET_CRYPTO_RsaSignature *blinded_sig; | ||
1250 | struct GNUNET_CRYPTO_RsaSignature *sig; | ||
1251 | void *blinded_data; | ||
1252 | size_t blinded_len; | ||
1253 | void *public_enc_data; | ||
1254 | size_t public_enc_len; | ||
1255 | void *secret_enc_data; | ||
1256 | size_t secret_enc_len; | ||
1257 | void *blinded_sig_enc_data; | ||
1258 | size_t blinded_sig_enc_length; | ||
1259 | void *sig_enc_data; | ||
1260 | size_t sig_enc_length; | ||
1261 | |||
1262 | skey = GNUNET_CRYPTO_rsa_private_key_create (2048); | ||
1263 | pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey); | ||
1264 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1265 | &message_hash, | ||
1266 | sizeof (struct GNUNET_HashCode)); | ||
1267 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1268 | &bks, | ||
1269 | sizeof (struct | ||
1270 | GNUNET_CRYPTO_RsaBlindingKeySecret)); | ||
1271 | GNUNET_assert (GNUNET_YES == | ||
1272 | GNUNET_CRYPTO_rsa_blind (&message_hash, | ||
1273 | &bks, | ||
1274 | pkey, | ||
1275 | &blinded_data, | ||
1276 | &blinded_len)); | ||
1277 | blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data, | ||
1278 | blinded_len); | ||
1279 | sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey); | ||
1280 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig, | ||
1281 | pkey)); | ||
1282 | public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, | ||
1283 | &public_enc_data); | ||
1284 | secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey, | ||
1285 | &secret_enc_data); | ||
1286 | blinded_sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig, | ||
1287 | & | ||
1288 | blinded_sig_enc_data); | ||
1289 | sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data); | ||
1290 | d2j (vec, | ||
1291 | "message_hash", | ||
1292 | &message_hash, | ||
1293 | sizeof (struct GNUNET_HashCode)); | ||
1294 | d2j (vec, | ||
1295 | "rsa_public_key", | ||
1296 | public_enc_data, | ||
1297 | public_enc_len); | ||
1298 | d2j (vec, | ||
1299 | "rsa_private_key", | ||
1300 | secret_enc_data, | ||
1301 | secret_enc_len); | ||
1302 | d2j (vec, | ||
1303 | "blinding_key_secret", | ||
1304 | &bks, | ||
1305 | sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret)); | ||
1306 | d2j (vec, | ||
1307 | "blinded_message", | ||
1308 | blinded_data, | ||
1309 | blinded_len); | ||
1310 | d2j (vec, | ||
1311 | "blinded_sig", | ||
1312 | blinded_sig_enc_data, | ||
1313 | blinded_sig_enc_length); | ||
1314 | d2j (vec, | ||
1315 | "sig", | ||
1316 | sig_enc_data, | ||
1317 | sig_enc_length); | ||
1318 | GNUNET_CRYPTO_rsa_private_key_free (skey); | ||
1319 | GNUNET_CRYPTO_rsa_public_key_free (pkey); | ||
1320 | GNUNET_CRYPTO_rsa_signature_free (sig); | ||
1321 | GNUNET_CRYPTO_rsa_signature_free (blinded_sig); | ||
1322 | GNUNET_free (public_enc_data); | ||
1323 | GNUNET_free (blinded_data); | ||
1324 | GNUNET_free (sig_enc_data); | ||
1325 | GNUNET_free (blinded_sig_enc_data); | ||
1326 | GNUNET_free (secret_enc_data); | ||
1327 | } | ||
1328 | |||
1329 | { | ||
1330 | json_t *vec = vec_for (vecs, "cs_blind_signing"); | ||
1331 | |||
1332 | struct GNUNET_CRYPTO_CsPrivateKey priv; | ||
1333 | struct GNUNET_CRYPTO_CsPublicKey pub; | ||
1334 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
1335 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; | ||
1336 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
1337 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2]; | ||
1338 | struct GNUNET_CRYPTO_CsC c[2]; | ||
1339 | struct GNUNET_CRYPTO_CsS signature_scalar; | ||
1340 | struct GNUNET_CRYPTO_CsBlindS blinded_s; | ||
1341 | struct GNUNET_CRYPTO_CsSignature sig; | ||
1342 | struct GNUNET_CRYPTO_CsNonce nonce; | ||
1343 | unsigned int b; | ||
1344 | struct GNUNET_HashCode message_hash; | ||
1345 | |||
1346 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1347 | &message_hash, | ||
1348 | sizeof (struct GNUNET_HashCode)); | ||
1349 | |||
1350 | GNUNET_CRYPTO_cs_private_key_generate (&priv); | ||
1351 | GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub); | ||
1352 | |||
1353 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_hkdf (nonce.nonce, | ||
1354 | sizeof(nonce.nonce), | ||
1355 | GCRY_MD_SHA512, | ||
1356 | GCRY_MD_SHA256, | ||
1357 | "nonce", | ||
1358 | strlen ("nonce"), | ||
1359 | "nonce_secret", | ||
1360 | strlen ("nonce_secret"), | ||
1361 | NULL, | ||
1362 | 0)); | ||
1363 | GNUNET_CRYPTO_cs_r_derive (&nonce, | ||
1364 | "rw", | ||
1365 | &priv, | ||
1366 | r_priv); | ||
1367 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[0], | ||
1368 | &r_pub[0]); | ||
1369 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[1], | ||
1370 | &r_pub[1]); | ||
1371 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, | ||
1372 | bs); | ||
1373 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, | ||
1374 | r_pub, | ||
1375 | &pub, | ||
1376 | &message_hash, | ||
1377 | sizeof(message_hash), | ||
1378 | c, | ||
1379 | r_pub_blind); | ||
1380 | b = GNUNET_CRYPTO_cs_sign_derive (&priv, | ||
1381 | r_priv, | ||
1382 | c, | ||
1383 | &nonce, | ||
1384 | &blinded_s); | ||
1385 | GNUNET_CRYPTO_cs_unblind (&blinded_s, &bs[b], &signature_scalar); | ||
1386 | sig.r_point = r_pub_blind[b]; | ||
1387 | sig.s_scalar = signature_scalar; | ||
1388 | if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig, | ||
1389 | &pub, | ||
1390 | &message_hash, | ||
1391 | sizeof(message_hash))) | ||
1392 | { | ||
1393 | GNUNET_break (0); | ||
1394 | return GNUNET_SYSERR; | ||
1395 | } | ||
1396 | d2j (vec, | ||
1397 | "message_hash", | ||
1398 | &message_hash, | ||
1399 | sizeof (struct GNUNET_HashCode)); | ||
1400 | d2j (vec, | ||
1401 | "cs_public_key", | ||
1402 | &pub, | ||
1403 | sizeof(pub)); | ||
1404 | d2j (vec, | ||
1405 | "cs_private_key", | ||
1406 | &priv, | ||
1407 | sizeof(priv)); | ||
1408 | d2j (vec, | ||
1409 | "cs_nonce", | ||
1410 | &nonce, | ||
1411 | sizeof(nonce)); | ||
1412 | d2j (vec, | ||
1413 | "cs_r_priv_0", | ||
1414 | &r_priv[0], | ||
1415 | sizeof(r_priv[0])); | ||
1416 | d2j (vec, | ||
1417 | "cs_r_priv_1", | ||
1418 | &r_priv[1], | ||
1419 | sizeof(r_priv[1])); | ||
1420 | d2j (vec, | ||
1421 | "cs_r_pub_0", | ||
1422 | &r_pub[0], | ||
1423 | sizeof(r_pub[0])); | ||
1424 | d2j (vec, | ||
1425 | "cs_r_pub_1", | ||
1426 | &r_pub[1], | ||
1427 | sizeof(r_pub[1])); | ||
1428 | d2j (vec, | ||
1429 | "cs_bs_alpha_0", | ||
1430 | &bs[0].alpha, | ||
1431 | sizeof(bs[0].alpha)); | ||
1432 | d2j (vec, | ||
1433 | "cs_bs_alpha_1", | ||
1434 | &bs[1].alpha, | ||
1435 | sizeof(bs[1].alpha)); | ||
1436 | d2j (vec, | ||
1437 | "cs_bs_beta_0", | ||
1438 | &bs[0].beta, | ||
1439 | sizeof(bs[0].beta)); | ||
1440 | d2j (vec, | ||
1441 | "cs_bs_beta_1", | ||
1442 | &bs[1].beta, | ||
1443 | sizeof(bs[1].beta)); | ||
1444 | d2j (vec, | ||
1445 | "cs_r_pub_blind_0", | ||
1446 | &r_pub_blind[0], | ||
1447 | sizeof(r_pub_blind[0])); | ||
1448 | d2j (vec, | ||
1449 | "cs_r_pub_blind_1", | ||
1450 | &r_pub_blind[1], | ||
1451 | sizeof(r_pub_blind[1])); | ||
1452 | d2j (vec, | ||
1453 | "cs_c_0", | ||
1454 | &c[0], | ||
1455 | sizeof(c[0])); | ||
1456 | d2j (vec, | ||
1457 | "cs_c_1", | ||
1458 | &c[1], | ||
1459 | sizeof(c[1])); | ||
1460 | d2j (vec, | ||
1461 | "cs_blind_s", | ||
1462 | &blinded_s, | ||
1463 | sizeof(blinded_s)); | ||
1464 | d2j (vec, | ||
1465 | "cs_b", | ||
1466 | &b, | ||
1467 | sizeof(b)); | ||
1468 | d2j (vec, | ||
1469 | "cs_sig_s", | ||
1470 | &signature_scalar, | ||
1471 | sizeof(signature_scalar)); | ||
1472 | d2j (vec, | ||
1473 | "cs_sig_R", | ||
1474 | &r_pub_blind[b], | ||
1475 | sizeof(r_pub_blind[b])); | ||
1476 | } | ||
1477 | |||
1478 | json_dumpf (vecfile, stdout, JSON_INDENT (2)); | ||
1479 | json_decref (vecfile); | ||
1480 | printf ("\n"); | ||
1481 | |||
1482 | return 0; | ||
1483 | } | ||
1484 | |||
1485 | |||
1486 | /** | ||
1487 | * Main function that will be run. | ||
1488 | * | ||
1489 | * @param cls closure | ||
1490 | * @param args remaining command-line arguments | ||
1491 | * @param cfgfile name of the configuration file used (for saving, can be NULL!) | ||
1492 | * @param cfg configuration | ||
1493 | */ | ||
1494 | static void | ||
1495 | run (void *cls, | ||
1496 | char *const *args, | ||
1497 | const char *cfgfile, | ||
1498 | const struct GNUNET_CONFIGURATION_Handle *cfg) | ||
1499 | { | ||
1500 | if (GNUNET_YES == verify_flag) | ||
1501 | global_ret = check_vectors (); | ||
1502 | else | ||
1503 | global_ret = output_vectors (); | ||
1504 | } | ||
1505 | |||
1506 | |||
1507 | /** | ||
1508 | * The main function of the test vector generation tool. | ||
1509 | * | ||
1510 | * @param argc number of arguments from the command line | ||
1511 | * @param argv command line arguments | ||
1512 | * @return 0 ok, 1 on error | ||
1513 | */ | ||
1514 | int | ||
1515 | main (int argc, | ||
1516 | char *const *argv) | ||
1517 | { | ||
1518 | const struct GNUNET_GETOPT_CommandLineOption options[] = { | ||
1519 | GNUNET_GETOPT_option_flag ('V', | ||
1520 | "verify", | ||
1521 | gettext_noop ( | ||
1522 | "verify a test vector from stdin"), | ||
1523 | &verify_flag), | ||
1524 | GNUNET_GETOPT_OPTION_END | ||
1525 | }; | ||
1526 | |||
1527 | GNUNET_assert (GNUNET_OK == | ||
1528 | GNUNET_log_setup ("gnunet-crypto-tvg", | ||
1529 | "INFO", | ||
1530 | NULL)); | ||
1531 | if (GNUNET_OK != | ||
1532 | GNUNET_PROGRAM_run (argc, argv, | ||
1533 | "gnunet-crypto-tvg", | ||
1534 | "Generate test vectors for cryptographic operations", | ||
1535 | options, | ||
1536 | &run, NULL)) | ||
1537 | return 1; | ||
1538 | return global_ret; | ||
1539 | } | ||
1540 | |||
1541 | |||
1542 | /* end of gnunet-crypto-tvg.c */ | ||