diff options
Diffstat (limited to 'src/util/gnunet-crypto-tvg.c')
-rw-r--r-- | src/util/gnunet-crypto-tvg.c | 401 |
1 files changed, 401 insertions, 0 deletions
diff --git a/src/util/gnunet-crypto-tvg.c b/src/util/gnunet-crypto-tvg.c index 28e44e28b..6b2a7f472 100644 --- a/src/util/gnunet-crypto-tvg.c +++ b/src/util/gnunet-crypto-tvg.c | |||
@@ -672,6 +672,263 @@ checkvec (const char *operation, | |||
672 | GNUNET_free (sig_enc_data); | 672 | GNUNET_free (sig_enc_data); |
673 | GNUNET_free (skey); | 673 | GNUNET_free (skey); |
674 | } | 674 | } |
675 | else if (0 == strcmp (operation, "cs_blind_signing")) | ||
676 | { | ||
677 | struct GNUNET_CRYPTO_CsPrivateKey priv; | ||
678 | struct GNUNET_CRYPTO_CsPublicKey pub; | ||
679 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
680 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; | ||
681 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
682 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2]; | ||
683 | struct GNUNET_CRYPTO_CsC c[2]; | ||
684 | struct GNUNET_CRYPTO_CsS signature_scalar; | ||
685 | struct GNUNET_CRYPTO_CsBlindS blinded_s; | ||
686 | struct GNUNET_CRYPTO_CsSignature sig; | ||
687 | struct GNUNET_CRYPTO_CsNonce nonce; | ||
688 | struct GNUNET_HashCode message_hash; | ||
689 | unsigned int b; | ||
690 | |||
691 | if (GNUNET_OK != expect_data_fixed (vec, | ||
692 | "message_hash", | ||
693 | &message_hash, | ||
694 | sizeof (message_hash))) | ||
695 | { | ||
696 | GNUNET_break (0); | ||
697 | return GNUNET_SYSERR; | ||
698 | } | ||
699 | if (GNUNET_OK != expect_data_fixed (vec, | ||
700 | "cs_public_key", | ||
701 | &pub, | ||
702 | sizeof (pub))) | ||
703 | { | ||
704 | GNUNET_break (0); | ||
705 | return GNUNET_SYSERR; | ||
706 | } | ||
707 | |||
708 | if (GNUNET_OK != expect_data_fixed (vec, | ||
709 | "cs_private_key", | ||
710 | &priv, | ||
711 | sizeof (priv))) | ||
712 | { | ||
713 | GNUNET_break (0); | ||
714 | return GNUNET_SYSERR; | ||
715 | } | ||
716 | if (GNUNET_OK != expect_data_fixed (vec, | ||
717 | "cs_nonce", | ||
718 | &nonce, | ||
719 | sizeof (nonce))) | ||
720 | { | ||
721 | GNUNET_break (0); | ||
722 | return GNUNET_SYSERR; | ||
723 | } | ||
724 | if (GNUNET_OK != expect_data_fixed (vec, | ||
725 | "cs_r_priv_0", | ||
726 | &r_priv[0], | ||
727 | sizeof (r_priv[0]))) | ||
728 | { | ||
729 | GNUNET_break (0); | ||
730 | return GNUNET_SYSERR; | ||
731 | } | ||
732 | if (GNUNET_OK != expect_data_fixed (vec, | ||
733 | "cs_r_priv_1", | ||
734 | &r_priv[1], | ||
735 | sizeof (r_priv[1]))) | ||
736 | { | ||
737 | GNUNET_break (0); | ||
738 | return GNUNET_SYSERR; | ||
739 | } | ||
740 | if (GNUNET_OK != expect_data_fixed (vec, | ||
741 | "cs_r_pub_0", | ||
742 | &r_pub[0], | ||
743 | sizeof (r_pub[0]))) | ||
744 | { | ||
745 | GNUNET_break (0); | ||
746 | return GNUNET_SYSERR; | ||
747 | } | ||
748 | if (GNUNET_OK != expect_data_fixed (vec, | ||
749 | "cs_r_pub_1", | ||
750 | &r_pub[1], | ||
751 | sizeof (r_pub[1]))) | ||
752 | { | ||
753 | GNUNET_break (0); | ||
754 | return GNUNET_SYSERR; | ||
755 | } | ||
756 | |||
757 | if (GNUNET_OK != expect_data_fixed (vec, | ||
758 | "cs_bs_alpha_0", | ||
759 | &bs[0].alpha, | ||
760 | sizeof (bs[0].alpha))) | ||
761 | { | ||
762 | GNUNET_break (0); | ||
763 | return GNUNET_SYSERR; | ||
764 | } | ||
765 | if (GNUNET_OK != expect_data_fixed (vec, | ||
766 | "cs_bs_alpha_1", | ||
767 | &bs[1].alpha, | ||
768 | sizeof (bs[1].alpha))) | ||
769 | { | ||
770 | GNUNET_break (0); | ||
771 | return GNUNET_SYSERR; | ||
772 | } | ||
773 | if (GNUNET_OK != expect_data_fixed (vec, | ||
774 | "cs_bs_beta_0", | ||
775 | &bs[0].beta, | ||
776 | sizeof (bs[0].beta))) | ||
777 | { | ||
778 | GNUNET_break (0); | ||
779 | return GNUNET_SYSERR; | ||
780 | } | ||
781 | if (GNUNET_OK != expect_data_fixed (vec, | ||
782 | "cs_bs_beta_1", | ||
783 | &bs[1].beta, | ||
784 | sizeof (bs[1].beta))) | ||
785 | { | ||
786 | GNUNET_break (0); | ||
787 | return GNUNET_SYSERR; | ||
788 | } | ||
789 | if (GNUNET_OK != expect_data_fixed (vec, | ||
790 | "cs_r_pub_blind_0", | ||
791 | &r_pub_blind[0], | ||
792 | sizeof (r_pub_blind[0]))) | ||
793 | { | ||
794 | GNUNET_break (0); | ||
795 | return GNUNET_SYSERR; | ||
796 | } | ||
797 | if (GNUNET_OK != expect_data_fixed (vec, | ||
798 | "cs_r_pub_blind_1", | ||
799 | &r_pub_blind[1], | ||
800 | sizeof (r_pub_blind[1]))) | ||
801 | { | ||
802 | GNUNET_break (0); | ||
803 | return GNUNET_SYSERR; | ||
804 | } | ||
805 | if (GNUNET_OK != expect_data_fixed (vec, | ||
806 | "cs_c_0", | ||
807 | &c[0], | ||
808 | sizeof (c[0]))) | ||
809 | { | ||
810 | GNUNET_break (0); | ||
811 | return GNUNET_SYSERR; | ||
812 | } | ||
813 | if (GNUNET_OK != expect_data_fixed (vec, | ||
814 | "cs_c_1", | ||
815 | &c[1], | ||
816 | sizeof (c[1]))) | ||
817 | { | ||
818 | GNUNET_break (0); | ||
819 | return GNUNET_SYSERR; | ||
820 | } | ||
821 | if (GNUNET_OK != expect_data_fixed (vec, | ||
822 | "cs_blind_s", | ||
823 | &blinded_s, | ||
824 | sizeof (blinded_s))) | ||
825 | { | ||
826 | GNUNET_break (0); | ||
827 | return GNUNET_SYSERR; | ||
828 | } | ||
829 | if (GNUNET_OK != expect_data_fixed (vec, | ||
830 | "cs_b", | ||
831 | &b, | ||
832 | sizeof (b))) | ||
833 | { | ||
834 | GNUNET_break (0); | ||
835 | return GNUNET_SYSERR; | ||
836 | } | ||
837 | if (GNUNET_OK != expect_data_fixed (vec, | ||
838 | "cs_sig_s", | ||
839 | &signature_scalar, | ||
840 | sizeof (signature_scalar))) | ||
841 | { | ||
842 | GNUNET_break (0); | ||
843 | return GNUNET_SYSERR; | ||
844 | } | ||
845 | sig.s_scalar = signature_scalar; | ||
846 | if (GNUNET_OK != expect_data_fixed (vec, | ||
847 | "cs_sig_R", | ||
848 | &sig.r_point, | ||
849 | sizeof (sig.r_point))) | ||
850 | { | ||
851 | GNUNET_break (0); | ||
852 | return GNUNET_SYSERR; | ||
853 | } | ||
854 | |||
855 | if ((b != 1)&& (b != 0)) | ||
856 | { | ||
857 | GNUNET_break (0); | ||
858 | return GNUNET_SYSERR; | ||
859 | } | ||
860 | |||
861 | struct GNUNET_CRYPTO_CsRSecret r_priv_comp[2]; | ||
862 | struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2]; | ||
863 | struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2]; | ||
864 | struct GNUNET_CRYPTO_CsC c_comp[2]; | ||
865 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind_comp[2]; | ||
866 | struct GNUNET_CRYPTO_CsBlindS blinded_s_comp; | ||
867 | struct GNUNET_CRYPTO_CsS signature_scalar_comp; | ||
868 | struct GNUNET_CRYPTO_CsSignature sig_comp; | ||
869 | unsigned int b_comp; | ||
870 | |||
871 | |||
872 | GNUNET_CRYPTO_cs_r_derive (&nonce, &priv, r_priv_comp); | ||
873 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[0], &r_pub_comp[0]); | ||
874 | GNUNET_CRYPTO_cs_r_get_public (&r_priv_comp[1], &r_pub_comp[1]); | ||
875 | GNUNET_assert (0 == memcmp (&r_priv_comp, | ||
876 | &r_priv, | ||
877 | sizeof(struct GNUNET_CRYPTO_CsRSecret) * 2)); | ||
878 | GNUNET_assert (0 == memcmp (&r_pub_comp, | ||
879 | &r_pub, | ||
880 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | ||
881 | |||
882 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, | ||
883 | bs_comp); | ||
884 | GNUNET_assert (0 == memcmp (&bs_comp, | ||
885 | &bs, | ||
886 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) | ||
887 | * 2)); | ||
888 | GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp, | ||
889 | r_pub_comp, | ||
890 | &pub, | ||
891 | &message_hash, | ||
892 | sizeof(message_hash), | ||
893 | c_comp, | ||
894 | r_pub_blind_comp); | ||
895 | GNUNET_assert (0 == memcmp (&c_comp, | ||
896 | &c, | ||
897 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); | ||
898 | GNUNET_assert (0 == memcmp (&r_pub_blind_comp, | ||
899 | &r_pub_blind, | ||
900 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | ||
901 | b_comp = GNUNET_CRYPTO_cs_sign_derive (&priv, | ||
902 | r_priv_comp, | ||
903 | c_comp, | ||
904 | &nonce, | ||
905 | &blinded_s_comp); | ||
906 | GNUNET_assert (0 == memcmp (&blinded_s_comp, | ||
907 | &blinded_s, | ||
908 | sizeof(blinded_s))); | ||
909 | GNUNET_assert (0 == memcmp (&b_comp, | ||
910 | &b, | ||
911 | sizeof(b))); | ||
912 | GNUNET_CRYPTO_cs_unblind (&blinded_s_comp, | ||
913 | &bs_comp[b_comp], | ||
914 | &signature_scalar_comp); | ||
915 | GNUNET_assert (0 == memcmp (&signature_scalar_comp, | ||
916 | &signature_scalar, | ||
917 | sizeof(signature_scalar_comp))); | ||
918 | sig_comp.r_point = r_pub_blind_comp[b_comp]; | ||
919 | sig_comp.s_scalar = signature_scalar_comp; | ||
920 | GNUNET_assert (0 == memcmp (&sig_comp, | ||
921 | &sig, | ||
922 | sizeof(sig_comp))); | ||
923 | if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig_comp, | ||
924 | &pub, | ||
925 | &message_hash, | ||
926 | sizeof(message_hash))) | ||
927 | { | ||
928 | GNUNET_break (0); | ||
929 | return GNUNET_SYSERR; | ||
930 | } | ||
931 | } | ||
675 | else | 932 | else |
676 | { | 933 | { |
677 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 934 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -1025,6 +1282,150 @@ output_vectors () | |||
1025 | GNUNET_free (secret_enc_data); | 1282 | GNUNET_free (secret_enc_data); |
1026 | } | 1283 | } |
1027 | 1284 | ||
1285 | { | ||
1286 | json_t *vec = vec_for (vecs, "cs_blind_signing"); | ||
1287 | |||
1288 | struct GNUNET_CRYPTO_CsPrivateKey priv; | ||
1289 | struct GNUNET_CRYPTO_CsPublicKey pub; | ||
1290 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
1291 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; | ||
1292 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
1293 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2]; | ||
1294 | struct GNUNET_CRYPTO_CsC c[2]; | ||
1295 | struct GNUNET_CRYPTO_CsS signature_scalar; | ||
1296 | struct GNUNET_CRYPTO_CsBlindS blinded_s; | ||
1297 | struct GNUNET_CRYPTO_CsSignature sig; | ||
1298 | struct GNUNET_CRYPTO_CsNonce nonce; | ||
1299 | unsigned int b; | ||
1300 | struct GNUNET_HashCode message_hash; | ||
1301 | |||
1302 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
1303 | &message_hash, | ||
1304 | sizeof (struct GNUNET_HashCode)); | ||
1305 | |||
1306 | GNUNET_CRYPTO_cs_private_key_generate (&priv); | ||
1307 | GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub); | ||
1308 | |||
1309 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_hkdf (nonce.nonce, | ||
1310 | sizeof(nonce.nonce), | ||
1311 | GCRY_MD_SHA512, | ||
1312 | GCRY_MD_SHA256, | ||
1313 | "nonce", | ||
1314 | strlen ("nonce"), | ||
1315 | "nonce_secret", | ||
1316 | strlen ("nonce_secret"), | ||
1317 | NULL, | ||
1318 | 0)); | ||
1319 | GNUNET_CRYPTO_cs_r_derive (&nonce, &priv, r_priv); | ||
1320 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[0], &r_pub[0]); | ||
1321 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[1], &r_pub[1]); | ||
1322 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, | ||
1323 | bs); | ||
1324 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, | ||
1325 | r_pub, | ||
1326 | &pub, | ||
1327 | &message_hash, | ||
1328 | sizeof(message_hash), | ||
1329 | c, | ||
1330 | r_pub_blind); | ||
1331 | b = GNUNET_CRYPTO_cs_sign_derive (&priv, | ||
1332 | r_priv, | ||
1333 | c, | ||
1334 | &nonce, | ||
1335 | &blinded_s); | ||
1336 | GNUNET_CRYPTO_cs_unblind (&blinded_s, &bs[b], &signature_scalar); | ||
1337 | sig.r_point = r_pub_blind[b]; | ||
1338 | sig.s_scalar = signature_scalar; | ||
1339 | if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig, | ||
1340 | &pub, | ||
1341 | &message_hash, | ||
1342 | sizeof(message_hash))) | ||
1343 | { | ||
1344 | GNUNET_break (0); | ||
1345 | return GNUNET_SYSERR; | ||
1346 | } | ||
1347 | d2j (vec, | ||
1348 | "message_hash", | ||
1349 | &message_hash, | ||
1350 | sizeof (struct GNUNET_HashCode)); | ||
1351 | d2j (vec, | ||
1352 | "cs_public_key", | ||
1353 | &pub, | ||
1354 | sizeof(pub)); | ||
1355 | d2j (vec, | ||
1356 | "cs_private_key", | ||
1357 | &priv, | ||
1358 | sizeof(priv)); | ||
1359 | d2j (vec, | ||
1360 | "cs_nonce", | ||
1361 | &nonce, | ||
1362 | sizeof(nonce)); | ||
1363 | d2j (vec, | ||
1364 | "cs_r_priv_0", | ||
1365 | &r_priv[0], | ||
1366 | sizeof(r_priv[0])); | ||
1367 | d2j (vec, | ||
1368 | "cs_r_priv_1", | ||
1369 | &r_priv[1], | ||
1370 | sizeof(r_priv[1])); | ||
1371 | d2j (vec, | ||
1372 | "cs_r_pub_0", | ||
1373 | &r_pub[0], | ||
1374 | sizeof(r_pub[0])); | ||
1375 | d2j (vec, | ||
1376 | "cs_r_pub_1", | ||
1377 | &r_pub[1], | ||
1378 | sizeof(r_pub[1])); | ||
1379 | d2j (vec, | ||
1380 | "cs_bs_alpha_0", | ||
1381 | &bs[0].alpha, | ||
1382 | sizeof(bs[0].alpha)); | ||
1383 | d2j (vec, | ||
1384 | "cs_bs_alpha_1", | ||
1385 | &bs[1].alpha, | ||
1386 | sizeof(bs[1].alpha)); | ||
1387 | d2j (vec, | ||
1388 | "cs_bs_beta_0", | ||
1389 | &bs[0].beta, | ||
1390 | sizeof(bs[0].beta)); | ||
1391 | d2j (vec, | ||
1392 | "cs_bs_beta_1", | ||
1393 | &bs[1].beta, | ||
1394 | sizeof(bs[1].beta)); | ||
1395 | d2j (vec, | ||
1396 | "cs_r_pub_blind_0", | ||
1397 | &r_pub_blind[0], | ||
1398 | sizeof(r_pub_blind[0])); | ||
1399 | d2j (vec, | ||
1400 | "cs_r_pub_blind_1", | ||
1401 | &r_pub_blind[1], | ||
1402 | sizeof(r_pub_blind[1])); | ||
1403 | d2j (vec, | ||
1404 | "cs_c_0", | ||
1405 | &c[0], | ||
1406 | sizeof(c[0])); | ||
1407 | d2j (vec, | ||
1408 | "cs_c_1", | ||
1409 | &c[1], | ||
1410 | sizeof(c[1])); | ||
1411 | d2j (vec, | ||
1412 | "cs_blind_s", | ||
1413 | &blinded_s, | ||
1414 | sizeof(blinded_s)); | ||
1415 | d2j (vec, | ||
1416 | "cs_b", | ||
1417 | &b, | ||
1418 | sizeof(b)); | ||
1419 | d2j (vec, | ||
1420 | "cs_sig_s", | ||
1421 | &signature_scalar, | ||
1422 | sizeof(signature_scalar)); | ||
1423 | d2j (vec, | ||
1424 | "cs_sig_R", | ||
1425 | &r_pub_blind[b], | ||
1426 | sizeof(r_pub_blind[b])); | ||
1427 | } | ||
1428 | |||
1028 | json_dumpf (vecfile, stdout, JSON_INDENT (2)); | 1429 | json_dumpf (vecfile, stdout, JSON_INDENT (2)); |
1029 | json_decref (vecfile); | 1430 | json_decref (vecfile); |
1030 | printf ("\n"); | 1431 | printf ("\n"); |