diff options
Diffstat (limited to 'src')
25 files changed, 2369 insertions, 593 deletions
diff --git a/src/cli/util/gnunet-crypto-tvg.c b/src/cli/util/gnunet-crypto-tvg.c index 5a16bb8fc..721177eda 100644 --- a/src/cli/util/gnunet-crypto-tvg.c +++ b/src/cli/util/gnunet-crypto-tvg.c | |||
@@ -530,9 +530,12 @@ checkvec (const char *operation, | |||
530 | return GNUNET_NO; | 530 | return GNUNET_NO; |
531 | } | 531 | } |
532 | 532 | ||
533 | GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material_comp); | 533 | GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, |
534 | &pub_eddsa, | ||
535 | &key_material_comp); | ||
534 | 536 | ||
535 | if (0 != GNUNET_memcmp (&key_material, &key_material_comp)) | 537 | if (0 != GNUNET_memcmp (&key_material, |
538 | &key_material_comp)) | ||
536 | { | 539 | { |
537 | GNUNET_break (0); | 540 | GNUNET_break (0); |
538 | return GNUNET_NO; | 541 | return GNUNET_NO; |
@@ -546,10 +549,8 @@ checkvec (const char *operation, | |||
546 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; | 549 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; |
547 | struct GNUNET_CRYPTO_RsaSignature *blinded_sig; | 550 | struct GNUNET_CRYPTO_RsaSignature *blinded_sig; |
548 | struct GNUNET_CRYPTO_RsaSignature *sig; | 551 | struct GNUNET_CRYPTO_RsaSignature *sig; |
549 | void *blinded_data; | 552 | struct GNUNET_CRYPTO_RsaBlindedMessage bm; |
550 | size_t blinded_len; | 553 | struct GNUNET_CRYPTO_RsaBlindedMessage bm_comp; |
551 | void *blinded_data_comp; | ||
552 | size_t blinded_len_comp; | ||
553 | void *public_enc_data; | 554 | void *public_enc_data; |
554 | size_t public_enc_len; | 555 | size_t public_enc_len; |
555 | void *secret_enc_data; | 556 | void *secret_enc_data; |
@@ -559,60 +560,63 @@ checkvec (const char *operation, | |||
559 | void *sig_enc_data_comp; | 560 | void *sig_enc_data_comp; |
560 | size_t sig_enc_length_comp; | 561 | size_t sig_enc_length_comp; |
561 | 562 | ||
562 | if (GNUNET_OK != expect_data_fixed (vec, | 563 | if (GNUNET_OK != |
563 | "message_hash", | 564 | expect_data_fixed (vec, |
564 | &message_hash, | 565 | "message_hash", |
565 | sizeof (message_hash))) | 566 | &message_hash, |
567 | sizeof (message_hash))) | ||
566 | { | 568 | { |
567 | GNUNET_break (0); | 569 | GNUNET_break (0); |
568 | return GNUNET_SYSERR; | 570 | return GNUNET_SYSERR; |
569 | } | 571 | } |
570 | 572 | ||
571 | if (GNUNET_OK != expect_data_fixed (vec, | 573 | if (GNUNET_OK != |
572 | "blinding_key_secret", | 574 | expect_data_fixed (vec, |
573 | &bks, | 575 | "blinding_key_secret", |
574 | sizeof (bks))) | 576 | &bks, |
577 | sizeof (bks))) | ||
575 | { | 578 | { |
576 | GNUNET_break (0); | 579 | GNUNET_break (0); |
577 | return GNUNET_SYSERR; | 580 | return GNUNET_SYSERR; |
578 | } | 581 | } |
579 | 582 | ||
580 | if (GNUNET_OK != expect_data_dynamic (vec, | 583 | if (GNUNET_OK != |
581 | "blinded_message", | 584 | expect_data_dynamic (vec, |
582 | &blinded_data, | 585 | "blinded_message", |
583 | &blinded_len)) | 586 | &bm.blinded_msg, |
587 | &bm.blinded_msg_size)) | ||
584 | { | 588 | { |
585 | GNUNET_break (0); | 589 | GNUNET_break (0); |
586 | return GNUNET_SYSERR; | 590 | return GNUNET_SYSERR; |
587 | } | 591 | } |
588 | 592 | if (GNUNET_OK != | |
589 | if (GNUNET_OK != expect_data_dynamic (vec, | 593 | expect_data_dynamic (vec, |
590 | "rsa_public_key", | 594 | "rsa_public_key", |
591 | &public_enc_data, | 595 | &public_enc_data, |
592 | &public_enc_len)) | 596 | &public_enc_len)) |
593 | { | 597 | { |
594 | GNUNET_free (blinded_data); | 598 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm); |
595 | GNUNET_break (0); | 599 | GNUNET_break (0); |
596 | return GNUNET_SYSERR; | 600 | return GNUNET_SYSERR; |
597 | } | 601 | } |
598 | 602 | if (GNUNET_OK != | |
599 | if (GNUNET_OK != expect_data_dynamic (vec, | 603 | expect_data_dynamic (vec, |
600 | "rsa_private_key", | 604 | "rsa_private_key", |
601 | &secret_enc_data, | 605 | &secret_enc_data, |
602 | &secret_enc_len)) | 606 | &secret_enc_len)) |
603 | { | 607 | { |
604 | GNUNET_free (blinded_data); | 608 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm); |
605 | GNUNET_free (public_enc_data); | 609 | GNUNET_free (public_enc_data); |
606 | GNUNET_break (0); | 610 | GNUNET_break (0); |
607 | return GNUNET_SYSERR; | 611 | return GNUNET_SYSERR; |
608 | } | 612 | } |
609 | 613 | if (GNUNET_OK != | |
610 | if (GNUNET_OK != expect_data_dynamic (vec, | 614 | expect_data_dynamic (vec, |
611 | "sig", | 615 | "sig", |
612 | &sig_enc_data, | 616 | &sig_enc_data, |
613 | &sig_enc_length)) | 617 | &sig_enc_length)) |
614 | { | 618 | { |
615 | GNUNET_free (blinded_data); | 619 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm); |
616 | GNUNET_free (public_enc_data); | 620 | GNUNET_free (public_enc_data); |
617 | GNUNET_free (secret_enc_data); | 621 | GNUNET_free (secret_enc_data); |
618 | GNUNET_break (0); | 622 | GNUNET_break (0); |
@@ -628,16 +632,18 @@ checkvec (const char *operation, | |||
628 | 632 | ||
629 | GNUNET_assert (GNUNET_YES == | 633 | GNUNET_assert (GNUNET_YES == |
630 | GNUNET_CRYPTO_rsa_blind (&message_hash, | 634 | GNUNET_CRYPTO_rsa_blind (&message_hash, |
635 | sizeof (message_hash), | ||
631 | &bks, | 636 | &bks, |
632 | pkey, | 637 | pkey, |
633 | &blinded_data_comp, | 638 | &bm_comp)); |
634 | &blinded_len_comp)); | 639 | if ( (bm.blinded_msg_size != |
635 | if ( (blinded_len != blinded_len_comp) || (0 != memcmp (blinded_data, | 640 | bm_comp.blinded_msg_size) || |
636 | blinded_data_comp, | 641 | (0 != memcmp (bm.blinded_msg, |
637 | blinded_len)) ) | 642 | bm_comp.blinded_msg, |
643 | bm.blinded_msg_size)) ) | ||
638 | { | 644 | { |
639 | GNUNET_free (blinded_data); | 645 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm); |
640 | GNUNET_free (blinded_data_comp); | 646 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp); |
641 | GNUNET_free (public_enc_data); | 647 | GNUNET_free (public_enc_data); |
642 | GNUNET_free (secret_enc_data); | 648 | GNUNET_free (secret_enc_data); |
643 | GNUNET_free (sig_enc_data); | 649 | GNUNET_free (sig_enc_data); |
@@ -646,12 +652,17 @@ checkvec (const char *operation, | |||
646 | GNUNET_break (0); | 652 | GNUNET_break (0); |
647 | return GNUNET_NO; | 653 | return GNUNET_NO; |
648 | } | 654 | } |
649 | blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data, | 655 | blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, |
650 | blinded_len); | 656 | &bm); |
651 | sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey); | 657 | sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, |
652 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig, | 658 | &bks, |
653 | pkey)); | 659 | pkey); |
654 | GNUNET_free(public_enc_data); | 660 | GNUNET_assert (GNUNET_YES == |
661 | GNUNET_CRYPTO_rsa_verify (&message_hash, | ||
662 | sizeof (message_hash), | ||
663 | sig, | ||
664 | pkey)); | ||
665 | GNUNET_free (public_enc_data); | ||
655 | public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, | 666 | public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, |
656 | &public_enc_data); | 667 | &public_enc_data); |
657 | sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig, | 668 | sig_enc_length_comp = GNUNET_CRYPTO_rsa_signature_encode (sig, |
@@ -661,8 +672,8 @@ checkvec (const char *operation, | |||
661 | (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) )) | 672 | (0 != memcmp (sig_enc_data, sig_enc_data_comp, sig_enc_length) )) |
662 | { | 673 | { |
663 | GNUNET_CRYPTO_rsa_signature_free (blinded_sig); | 674 | GNUNET_CRYPTO_rsa_signature_free (blinded_sig); |
664 | GNUNET_free (blinded_data); | 675 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm); |
665 | GNUNET_free (blinded_data_comp); | 676 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp); |
666 | GNUNET_free (public_enc_data); | 677 | GNUNET_free (public_enc_data); |
667 | GNUNET_free (secret_enc_data); | 678 | GNUNET_free (secret_enc_data); |
668 | GNUNET_free (sig_enc_data); | 679 | GNUNET_free (sig_enc_data); |
@@ -674,8 +685,8 @@ checkvec (const char *operation, | |||
674 | return GNUNET_NO; | 685 | return GNUNET_NO; |
675 | } | 686 | } |
676 | GNUNET_CRYPTO_rsa_signature_free (blinded_sig); | 687 | GNUNET_CRYPTO_rsa_signature_free (blinded_sig); |
677 | GNUNET_free (blinded_data); | 688 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm); |
678 | GNUNET_free (blinded_data_comp); | 689 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm_comp); |
679 | GNUNET_free (public_enc_data); | 690 | GNUNET_free (public_enc_data); |
680 | GNUNET_free (secret_enc_data); | 691 | GNUNET_free (secret_enc_data); |
681 | GNUNET_free (sig_enc_data); | 692 | GNUNET_free (sig_enc_data); |
@@ -691,12 +702,13 @@ checkvec (const char *operation, | |||
691 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | 702 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; |
692 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; | 703 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; |
693 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | 704 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; |
694 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2]; | 705 | struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind; |
695 | struct GNUNET_CRYPTO_CsC c[2]; | 706 | struct GNUNET_CRYPTO_CsC c[2]; |
696 | struct GNUNET_CRYPTO_CsS signature_scalar; | 707 | struct GNUNET_CRYPTO_CsS signature_scalar; |
697 | struct GNUNET_CRYPTO_CsBlindS blinded_s; | 708 | struct GNUNET_CRYPTO_CsBlindS blinded_s; |
698 | struct GNUNET_CRYPTO_CsSignature sig; | 709 | struct GNUNET_CRYPTO_CsSignature sig; |
699 | struct GNUNET_CRYPTO_CsNonce nonce; | 710 | struct GNUNET_CRYPTO_CsSessionNonce snonce; |
711 | struct GNUNET_CRYPTO_CsBlindingNonce bnonce; | ||
700 | struct GNUNET_HashCode message_hash; | 712 | struct GNUNET_HashCode message_hash; |
701 | unsigned int b; | 713 | unsigned int b; |
702 | 714 | ||
@@ -717,26 +729,35 @@ checkvec (const char *operation, | |||
717 | return GNUNET_SYSERR; | 729 | return GNUNET_SYSERR; |
718 | } | 730 | } |
719 | 731 | ||
720 | if (GNUNET_OK != expect_data_fixed (vec, | 732 | if (GNUNET_OK != |
721 | "cs_private_key", | 733 | expect_data_fixed (vec, |
722 | &priv, | 734 | "cs_private_key", |
723 | sizeof (priv))) | 735 | &priv, |
736 | sizeof (priv))) | ||
724 | { | 737 | { |
725 | GNUNET_break (0); | 738 | GNUNET_break (0); |
726 | return GNUNET_SYSERR; | 739 | return GNUNET_SYSERR; |
727 | } | 740 | } |
728 | if (GNUNET_OK != expect_data_fixed (vec, | 741 | if (GNUNET_OK != |
729 | "cs_nonce", | 742 | expect_data_fixed (vec, |
730 | &nonce, | 743 | "cs_nonce", |
731 | sizeof (nonce))) | 744 | &snonce, |
745 | sizeof (snonce))) | ||
732 | { | 746 | { |
733 | GNUNET_break (0); | 747 | GNUNET_break (0); |
734 | return GNUNET_SYSERR; | 748 | return GNUNET_SYSERR; |
735 | } | 749 | } |
736 | if (GNUNET_OK != expect_data_fixed (vec, | 750 | /* historically, the tvg used the same nonce for |
737 | "cs_r_priv_0", | 751 | both, which is HORRIBLE for production, but |
738 | &r_priv[0], | 752 | maybe OK for TVG... */ |
739 | sizeof (r_priv[0]))) | 753 | memcpy (&bnonce, |
754 | &snonce, | ||
755 | sizeof (snonce)); | ||
756 | if (GNUNET_OK != | ||
757 | expect_data_fixed (vec, | ||
758 | "cs_r_priv_0", | ||
759 | &r_priv[0], | ||
760 | sizeof (r_priv[0]))) | ||
740 | { | 761 | { |
741 | GNUNET_break (0); | 762 | GNUNET_break (0); |
742 | return GNUNET_SYSERR; | 763 | return GNUNET_SYSERR; |
@@ -790,34 +811,38 @@ checkvec (const char *operation, | |||
790 | GNUNET_break (0); | 811 | GNUNET_break (0); |
791 | return GNUNET_SYSERR; | 812 | return GNUNET_SYSERR; |
792 | } | 813 | } |
793 | if (GNUNET_OK != expect_data_fixed (vec, | 814 | if (GNUNET_OK != |
794 | "cs_bs_beta_1", | 815 | expect_data_fixed (vec, |
795 | &bs[1].beta, | 816 | "cs_bs_beta_1", |
796 | sizeof (bs[1].beta))) | 817 | &bs[1].beta, |
818 | sizeof (bs[1].beta))) | ||
797 | { | 819 | { |
798 | GNUNET_break (0); | 820 | GNUNET_break (0); |
799 | return GNUNET_SYSERR; | 821 | return GNUNET_SYSERR; |
800 | } | 822 | } |
801 | if (GNUNET_OK != expect_data_fixed (vec, | 823 | if (GNUNET_OK != |
802 | "cs_r_pub_blind_0", | 824 | expect_data_fixed (vec, |
803 | &r_pub_blind[0], | 825 | "cs_r_pub_blind_0", |
804 | sizeof (r_pub_blind[0]))) | 826 | &r_pub_blind.r_pub[0], |
827 | sizeof (r_pub_blind.r_pub[0]))) | ||
805 | { | 828 | { |
806 | GNUNET_break (0); | 829 | GNUNET_break (0); |
807 | return GNUNET_SYSERR; | 830 | return GNUNET_SYSERR; |
808 | } | 831 | } |
809 | if (GNUNET_OK != expect_data_fixed (vec, | 832 | if (GNUNET_OK != |
810 | "cs_r_pub_blind_1", | 833 | expect_data_fixed (vec, |
811 | &r_pub_blind[1], | 834 | "cs_r_pub_blind_1", |
812 | sizeof (r_pub_blind[1]))) | 835 | &r_pub_blind.r_pub[1], |
836 | sizeof (r_pub_blind.r_pub[1]))) | ||
813 | { | 837 | { |
814 | GNUNET_break (0); | 838 | GNUNET_break (0); |
815 | return GNUNET_SYSERR; | 839 | return GNUNET_SYSERR; |
816 | } | 840 | } |
817 | if (GNUNET_OK != expect_data_fixed (vec, | 841 | if (GNUNET_OK != |
818 | "cs_c_0", | 842 | expect_data_fixed (vec, |
819 | &c[0], | 843 | "cs_c_0", |
820 | sizeof (c[0]))) | 844 | &c[0], |
845 | sizeof (c[0]))) | ||
821 | { | 846 | { |
822 | GNUNET_break (0); | 847 | GNUNET_break (0); |
823 | return GNUNET_SYSERR; | 848 | return GNUNET_SYSERR; |
@@ -874,14 +899,12 @@ checkvec (const char *operation, | |||
874 | struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2]; | 899 | struct GNUNET_CRYPTO_CsRPublic r_pub_comp[2]; |
875 | struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2]; | 900 | struct GNUNET_CRYPTO_CsBlindingSecret bs_comp[2]; |
876 | struct GNUNET_CRYPTO_CsC c_comp[2]; | 901 | struct GNUNET_CRYPTO_CsC c_comp[2]; |
877 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind_comp[2]; | 902 | struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind_comp; |
878 | struct GNUNET_CRYPTO_CsBlindS blinded_s_comp; | 903 | struct GNUNET_CRYPTO_CsBlindSignature blinded_s_comp; |
879 | struct GNUNET_CRYPTO_CsS signature_scalar_comp; | 904 | struct GNUNET_CRYPTO_CsS signature_scalar_comp; |
880 | struct GNUNET_CRYPTO_CsSignature sig_comp; | 905 | struct GNUNET_CRYPTO_CsSignature sig_comp; |
881 | unsigned int b_comp; | ||
882 | 906 | ||
883 | 907 | GNUNET_CRYPTO_cs_r_derive (&snonce, | |
884 | GNUNET_CRYPTO_cs_r_derive (&nonce, | ||
885 | "rw", | 908 | "rw", |
886 | &priv, | 909 | &priv, |
887 | r_priv_comp); | 910 | r_priv_comp); |
@@ -896,51 +919,59 @@ checkvec (const char *operation, | |||
896 | &r_pub, | 919 | &r_pub, |
897 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | 920 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); |
898 | 921 | ||
899 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, | 922 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce, |
900 | bs_comp); | 923 | bs_comp); |
901 | GNUNET_assert (0 == memcmp (&bs_comp, | 924 | GNUNET_assert (0 == |
902 | &bs, | 925 | memcmp (&bs_comp, |
903 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) | 926 | &bs, |
904 | * 2)); | 927 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) |
928 | * 2)); | ||
905 | GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp, | 929 | GNUNET_CRYPTO_cs_calc_blinded_c (bs_comp, |
906 | r_pub_comp, | 930 | r_pub_comp, |
907 | &pub, | 931 | &pub, |
908 | &message_hash, | 932 | &message_hash, |
909 | sizeof(message_hash), | 933 | sizeof(message_hash), |
910 | c_comp, | 934 | c_comp, |
911 | r_pub_blind_comp); | 935 | &r_pub_blind_comp); |
912 | GNUNET_assert (0 == memcmp (&c_comp, | 936 | GNUNET_assert (0 == |
913 | &c, | 937 | memcmp (&c_comp, |
914 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); | 938 | &c, |
915 | GNUNET_assert (0 == memcmp (&r_pub_blind_comp, | 939 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); |
916 | &r_pub_blind, | 940 | GNUNET_assert (0 == |
917 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | 941 | GNUNET_memcmp (&r_pub_blind_comp, |
918 | b_comp = GNUNET_CRYPTO_cs_sign_derive (&priv, | 942 | &r_pub_blind)); |
919 | r_priv_comp, | 943 | { |
920 | c_comp, | 944 | struct GNUNET_CRYPTO_CsBlindedMessage bm = { |
921 | &nonce, | 945 | .c[0] = c_comp[0], |
922 | &blinded_s_comp); | 946 | .c[1] = c_comp[1], |
923 | GNUNET_assert (0 == memcmp (&blinded_s_comp, | 947 | .nonce = snonce |
924 | &blinded_s, | 948 | }; |
925 | sizeof(blinded_s))); | 949 | |
926 | GNUNET_assert (0 == memcmp (&b_comp, | 950 | GNUNET_CRYPTO_cs_sign_derive (&priv, |
927 | &b, | 951 | r_priv_comp, |
928 | sizeof(b))); | 952 | &bm, |
929 | GNUNET_CRYPTO_cs_unblind (&blinded_s_comp, | 953 | &blinded_s_comp); |
930 | &bs_comp[b_comp], | 954 | } |
955 | GNUNET_assert (0 == | ||
956 | GNUNET_memcmp (&blinded_s_comp.s_scalar, | ||
957 | &blinded_s)); | ||
958 | GNUNET_assert (b == blinded_s_comp.b); | ||
959 | GNUNET_CRYPTO_cs_unblind (&blinded_s_comp.s_scalar, | ||
960 | &bs_comp[b], | ||
931 | &signature_scalar_comp); | 961 | &signature_scalar_comp); |
932 | GNUNET_assert (0 == memcmp (&signature_scalar_comp, | 962 | GNUNET_assert (0 == |
933 | &signature_scalar, | 963 | GNUNET_memcmp (&signature_scalar_comp, |
934 | sizeof(signature_scalar_comp))); | 964 | &signature_scalar)); |
935 | sig_comp.r_point = r_pub_blind_comp[b_comp]; | 965 | sig_comp.r_point = r_pub_blind_comp.r_pub[b]; |
936 | sig_comp.s_scalar = signature_scalar_comp; | 966 | sig_comp.s_scalar = signature_scalar_comp; |
937 | GNUNET_assert (0 == memcmp (&sig_comp, | 967 | GNUNET_assert (0 == memcmp (&sig_comp, |
938 | &sig, | 968 | &sig, |
939 | sizeof(sig_comp))); | 969 | sizeof(sig_comp))); |
940 | if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig_comp, | 970 | if (GNUNET_OK != |
941 | &pub, | 971 | GNUNET_CRYPTO_cs_verify (&sig_comp, |
942 | &message_hash, | 972 | &pub, |
943 | sizeof(message_hash))) | 973 | &message_hash, |
974 | sizeof(message_hash))) | ||
944 | { | 975 | { |
945 | GNUNET_break (0); | 976 | GNUNET_break (0); |
946 | return GNUNET_SYSERR; | 977 | return GNUNET_SYSERR; |
@@ -993,7 +1024,7 @@ check_vectors () | |||
993 | /* array is a JSON array */ | 1024 | /* array is a JSON array */ |
994 | size_t index; | 1025 | size_t index; |
995 | json_t *value; | 1026 | json_t *value; |
996 | int ret; | 1027 | enum GNUNET_GenericReturnValue ret = GNUNET_OK; |
997 | 1028 | ||
998 | json_array_foreach (vectors, index, value) { | 1029 | json_array_foreach (vectors, index, value) { |
999 | const char *op = json_string_value (json_object_get (value, | 1030 | const char *op = json_string_value (json_object_get (value, |
@@ -1261,8 +1292,7 @@ output_vectors () | |||
1261 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; | 1292 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; |
1262 | struct GNUNET_CRYPTO_RsaSignature *blinded_sig; | 1293 | struct GNUNET_CRYPTO_RsaSignature *blinded_sig; |
1263 | struct GNUNET_CRYPTO_RsaSignature *sig; | 1294 | struct GNUNET_CRYPTO_RsaSignature *sig; |
1264 | void *blinded_data; | 1295 | struct GNUNET_CRYPTO_RsaBlindedMessage bm; |
1265 | size_t blinded_len; | ||
1266 | void *public_enc_data; | 1296 | void *public_enc_data; |
1267 | size_t public_enc_len; | 1297 | size_t public_enc_len; |
1268 | void *secret_enc_data; | 1298 | void *secret_enc_data; |
@@ -1283,23 +1313,29 @@ output_vectors () | |||
1283 | GNUNET_CRYPTO_RsaBlindingKeySecret)); | 1313 | GNUNET_CRYPTO_RsaBlindingKeySecret)); |
1284 | GNUNET_assert (GNUNET_YES == | 1314 | GNUNET_assert (GNUNET_YES == |
1285 | GNUNET_CRYPTO_rsa_blind (&message_hash, | 1315 | GNUNET_CRYPTO_rsa_blind (&message_hash, |
1316 | sizeof (message_hash), | ||
1286 | &bks, | 1317 | &bks, |
1287 | pkey, | 1318 | pkey, |
1288 | &blinded_data, | 1319 | &bm)); |
1289 | &blinded_len)); | 1320 | blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, |
1290 | blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data, | 1321 | &bm); |
1291 | blinded_len); | 1322 | sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, |
1292 | sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey); | 1323 | &bks, |
1293 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_verify (&message_hash, sig, | 1324 | pkey); |
1294 | pkey)); | 1325 | GNUNET_assert (GNUNET_YES == |
1326 | GNUNET_CRYPTO_rsa_verify (&message_hash, | ||
1327 | sizeof (message_hash), | ||
1328 | sig, | ||
1329 | pkey)); | ||
1295 | public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, | 1330 | public_enc_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, |
1296 | &public_enc_data); | 1331 | &public_enc_data); |
1297 | secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey, | 1332 | secret_enc_len = GNUNET_CRYPTO_rsa_private_key_encode (skey, |
1298 | &secret_enc_data); | 1333 | &secret_enc_data); |
1299 | blinded_sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig, | 1334 | blinded_sig_enc_length |
1300 | & | 1335 | = GNUNET_CRYPTO_rsa_signature_encode (blinded_sig, |
1301 | blinded_sig_enc_data); | 1336 | &blinded_sig_enc_data); |
1302 | sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, &sig_enc_data); | 1337 | sig_enc_length = GNUNET_CRYPTO_rsa_signature_encode (sig, |
1338 | &sig_enc_data); | ||
1303 | d2j (vec, | 1339 | d2j (vec, |
1304 | "message_hash", | 1340 | "message_hash", |
1305 | &message_hash, | 1341 | &message_hash, |
@@ -1318,8 +1354,8 @@ output_vectors () | |||
1318 | sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret)); | 1354 | sizeof (struct GNUNET_CRYPTO_RsaBlindingKeySecret)); |
1319 | d2j (vec, | 1355 | d2j (vec, |
1320 | "blinded_message", | 1356 | "blinded_message", |
1321 | blinded_data, | 1357 | bm.blinded_msg, |
1322 | blinded_len); | 1358 | bm.blinded_msg_size); |
1323 | d2j (vec, | 1359 | d2j (vec, |
1324 | "blinded_sig", | 1360 | "blinded_sig", |
1325 | blinded_sig_enc_data, | 1361 | blinded_sig_enc_data, |
@@ -1333,7 +1369,7 @@ output_vectors () | |||
1333 | GNUNET_CRYPTO_rsa_signature_free (sig); | 1369 | GNUNET_CRYPTO_rsa_signature_free (sig); |
1334 | GNUNET_CRYPTO_rsa_signature_free (blinded_sig); | 1370 | GNUNET_CRYPTO_rsa_signature_free (blinded_sig); |
1335 | GNUNET_free (public_enc_data); | 1371 | GNUNET_free (public_enc_data); |
1336 | GNUNET_free (blinded_data); | 1372 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm); |
1337 | GNUNET_free (sig_enc_data); | 1373 | GNUNET_free (sig_enc_data); |
1338 | GNUNET_free (blinded_sig_enc_data); | 1374 | GNUNET_free (blinded_sig_enc_data); |
1339 | GNUNET_free (secret_enc_data); | 1375 | GNUNET_free (secret_enc_data); |
@@ -1347,13 +1383,13 @@ output_vectors () | |||
1347 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | 1383 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; |
1348 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; | 1384 | struct GNUNET_CRYPTO_CsRSecret r_priv[2]; |
1349 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | 1385 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; |
1350 | struct GNUNET_CRYPTO_CsRPublic r_pub_blind[2]; | 1386 | struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind; |
1351 | struct GNUNET_CRYPTO_CsC c[2]; | 1387 | struct GNUNET_CRYPTO_CsC c[2]; |
1352 | struct GNUNET_CRYPTO_CsS signature_scalar; | 1388 | struct GNUNET_CRYPTO_CsS signature_scalar; |
1353 | struct GNUNET_CRYPTO_CsBlindS blinded_s; | 1389 | struct GNUNET_CRYPTO_CsBlindSignature blinded_s; |
1354 | struct GNUNET_CRYPTO_CsSignature sig; | 1390 | struct GNUNET_CRYPTO_CsSignature sig; |
1355 | struct GNUNET_CRYPTO_CsNonce nonce; | 1391 | struct GNUNET_CRYPTO_CsSessionNonce snonce; |
1356 | unsigned int b; | 1392 | struct GNUNET_CRYPTO_CsBlindingNonce bnonce; |
1357 | struct GNUNET_HashCode message_hash; | 1393 | struct GNUNET_HashCode message_hash; |
1358 | 1394 | ||
1359 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | 1395 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, |
@@ -1361,19 +1397,26 @@ output_vectors () | |||
1361 | sizeof (struct GNUNET_HashCode)); | 1397 | sizeof (struct GNUNET_HashCode)); |
1362 | 1398 | ||
1363 | GNUNET_CRYPTO_cs_private_key_generate (&priv); | 1399 | GNUNET_CRYPTO_cs_private_key_generate (&priv); |
1364 | GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub); | 1400 | GNUNET_CRYPTO_cs_private_key_get_public (&priv, |
1365 | 1401 | &pub); | |
1366 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_hkdf (nonce.nonce, | 1402 | GNUNET_assert (GNUNET_YES == |
1367 | sizeof(nonce.nonce), | 1403 | GNUNET_CRYPTO_hkdf (&snonce, |
1368 | GCRY_MD_SHA512, | 1404 | sizeof(snonce), |
1369 | GCRY_MD_SHA256, | 1405 | GCRY_MD_SHA512, |
1370 | "nonce", | 1406 | GCRY_MD_SHA256, |
1371 | strlen ("nonce"), | 1407 | "nonce", |
1372 | "nonce_secret", | 1408 | strlen ("nonce"), |
1373 | strlen ("nonce_secret"), | 1409 | "nonce_secret", |
1374 | NULL, | 1410 | strlen ("nonce_secret"), |
1375 | 0)); | 1411 | NULL, |
1376 | GNUNET_CRYPTO_cs_r_derive (&nonce, | 1412 | 0)); |
1413 | /* NOTE: historically, we made the bad choice of | ||
1414 | making both nonces the same. Maybe barely OK | ||
1415 | for the TGV, not good for production! */ | ||
1416 | memcpy (&bnonce, | ||
1417 | &snonce, | ||
1418 | sizeof (snonce)); | ||
1419 | GNUNET_CRYPTO_cs_r_derive (&snonce, | ||
1377 | "rw", | 1420 | "rw", |
1378 | &priv, | 1421 | &priv, |
1379 | r_priv); | 1422 | r_priv); |
@@ -1381,7 +1424,7 @@ output_vectors () | |||
1381 | &r_pub[0]); | 1424 | &r_pub[0]); |
1382 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[1], | 1425 | GNUNET_CRYPTO_cs_r_get_public (&r_priv[1], |
1383 | &r_pub[1]); | 1426 | &r_pub[1]); |
1384 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce, | 1427 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&bnonce, |
1385 | bs); | 1428 | bs); |
1386 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, | 1429 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, |
1387 | r_pub, | 1430 | r_pub, |
@@ -1389,19 +1432,29 @@ output_vectors () | |||
1389 | &message_hash, | 1432 | &message_hash, |
1390 | sizeof(message_hash), | 1433 | sizeof(message_hash), |
1391 | c, | 1434 | c, |
1392 | r_pub_blind); | 1435 | &r_pub_blind); |
1393 | b = GNUNET_CRYPTO_cs_sign_derive (&priv, | 1436 | { |
1394 | r_priv, | 1437 | struct GNUNET_CRYPTO_CsBlindedMessage bm = { |
1395 | c, | 1438 | .c[0] = c[0], |
1396 | &nonce, | 1439 | .c[1] = c[1], |
1397 | &blinded_s); | 1440 | .nonce = snonce |
1398 | GNUNET_CRYPTO_cs_unblind (&blinded_s, &bs[b], &signature_scalar); | 1441 | }; |
1399 | sig.r_point = r_pub_blind[b]; | 1442 | |
1443 | GNUNET_CRYPTO_cs_sign_derive (&priv, | ||
1444 | r_priv, | ||
1445 | &bm, | ||
1446 | &blinded_s); | ||
1447 | } | ||
1448 | GNUNET_CRYPTO_cs_unblind (&blinded_s.s_scalar, | ||
1449 | &bs[blinded_s.b], | ||
1450 | &signature_scalar); | ||
1451 | sig.r_point = r_pub_blind.r_pub[blinded_s.b]; | ||
1400 | sig.s_scalar = signature_scalar; | 1452 | sig.s_scalar = signature_scalar; |
1401 | if (GNUNET_OK != GNUNET_CRYPTO_cs_verify (&sig, | 1453 | if (GNUNET_OK != |
1402 | &pub, | 1454 | GNUNET_CRYPTO_cs_verify (&sig, |
1403 | &message_hash, | 1455 | &pub, |
1404 | sizeof(message_hash))) | 1456 | &message_hash, |
1457 | sizeof(message_hash))) | ||
1405 | { | 1458 | { |
1406 | GNUNET_break (0); | 1459 | GNUNET_break (0); |
1407 | return GNUNET_SYSERR; | 1460 | return GNUNET_SYSERR; |
@@ -1420,8 +1473,8 @@ output_vectors () | |||
1420 | sizeof(priv)); | 1473 | sizeof(priv)); |
1421 | d2j (vec, | 1474 | d2j (vec, |
1422 | "cs_nonce", | 1475 | "cs_nonce", |
1423 | &nonce, | 1476 | &snonce, |
1424 | sizeof(nonce)); | 1477 | sizeof(snonce)); |
1425 | d2j (vec, | 1478 | d2j (vec, |
1426 | "cs_r_priv_0", | 1479 | "cs_r_priv_0", |
1427 | &r_priv[0], | 1480 | &r_priv[0], |
@@ -1456,12 +1509,12 @@ output_vectors () | |||
1456 | sizeof(bs[1].beta)); | 1509 | sizeof(bs[1].beta)); |
1457 | d2j (vec, | 1510 | d2j (vec, |
1458 | "cs_r_pub_blind_0", | 1511 | "cs_r_pub_blind_0", |
1459 | &r_pub_blind[0], | 1512 | &r_pub_blind.r_pub[0], |
1460 | sizeof(r_pub_blind[0])); | 1513 | sizeof(r_pub_blind.r_pub[0])); |
1461 | d2j (vec, | 1514 | d2j (vec, |
1462 | "cs_r_pub_blind_1", | 1515 | "cs_r_pub_blind_1", |
1463 | &r_pub_blind[1], | 1516 | &r_pub_blind.r_pub[1], |
1464 | sizeof(r_pub_blind[1])); | 1517 | sizeof(r_pub_blind.r_pub[1])); |
1465 | d2j (vec, | 1518 | d2j (vec, |
1466 | "cs_c_0", | 1519 | "cs_c_0", |
1467 | &c[0], | 1520 | &c[0], |
@@ -1476,16 +1529,16 @@ output_vectors () | |||
1476 | sizeof(blinded_s)); | 1529 | sizeof(blinded_s)); |
1477 | d2j (vec, | 1530 | d2j (vec, |
1478 | "cs_b", | 1531 | "cs_b", |
1479 | &b, | 1532 | &blinded_s.b, |
1480 | sizeof(b)); | 1533 | sizeof(blinded_s.b)); |
1481 | d2j (vec, | 1534 | d2j (vec, |
1482 | "cs_sig_s", | 1535 | "cs_sig_s", |
1483 | &signature_scalar, | 1536 | &signature_scalar, |
1484 | sizeof(signature_scalar)); | 1537 | sizeof(signature_scalar)); |
1485 | d2j (vec, | 1538 | d2j (vec, |
1486 | "cs_sig_R", | 1539 | "cs_sig_R", |
1487 | &r_pub_blind[b], | 1540 | &r_pub_blind.r_pub[blinded_s.b], |
1488 | sizeof(r_pub_blind[b])); | 1541 | sizeof(r_pub_blind.r_pub[blinded_s.b])); |
1489 | } | 1542 | } |
1490 | 1543 | ||
1491 | json_dumpf (vecfile, stdout, JSON_INDENT (2)); | 1544 | json_dumpf (vecfile, stdout, JSON_INDENT (2)); |
diff --git a/src/contrib/service/consensus/meson.build b/src/contrib/service/consensus/meson.build index 50483e81f..86cc0663b 100644 --- a/src/contrib/service/consensus/meson.build +++ b/src/contrib/service/consensus/meson.build | |||
@@ -63,4 +63,4 @@ configure_file(input : 'test_consensus.conf', | |||
63 | 63 | ||
64 | test('test_consensus_api', testconsensusapi, | 64 | test('test_consensus_api', testconsensusapi, |
65 | workdir: meson.current_build_dir(), | 65 | workdir: meson.current_build_dir(), |
66 | suite: 'consensus') | 66 | suite: ['consensus', 'contrib']) |
diff --git a/src/contrib/service/conversation/meson.build b/src/contrib/service/conversation/meson.build index a7f1ee896..052fa1a6e 100644 --- a/src/contrib/service/conversation/meson.build +++ b/src/contrib/service/conversation/meson.build | |||
@@ -182,11 +182,11 @@ configure_file(input : 'test_conversation.conf', | |||
182 | install: false) | 182 | install: false) |
183 | 183 | ||
184 | test('test_conversation_api', testconvapi, workdir: meson.current_build_dir(), | 184 | test('test_conversation_api', testconvapi, workdir: meson.current_build_dir(), |
185 | suite: 'conversation') | 185 | suite: ['conversation', 'contrib']) |
186 | 186 | ||
187 | test('test_conversation_api_twocalls', testconvapitwo, workdir: meson.current_build_dir(), | 187 | test('test_conversation_api_twocalls', testconvapitwo, workdir: meson.current_build_dir(), |
188 | suite: 'conversation') | 188 | suite: ['conversation', 'contrib']) |
189 | 189 | ||
190 | test('test_conversation_api_reject', testconvapireject, workdir: meson.current_build_dir(), | 190 | test('test_conversation_api_reject', testconvapireject, workdir: meson.current_build_dir(), |
191 | suite: 'conversation') | 191 | suite: ['conversation', 'contrib']) |
192 | 192 | ||
diff --git a/src/contrib/service/template/meson.build b/src/contrib/service/template/meson.build index b17b86709..7a30a7575 100644 --- a/src/contrib/service/template/meson.build +++ b/src/contrib/service/template/meson.build | |||
@@ -18,4 +18,4 @@ testtemplateapi = executable ('test_template_api', | |||
18 | include_directories: [incdir, configuration_inc], | 18 | include_directories: [incdir, configuration_inc], |
19 | install: false) | 19 | install: false) |
20 | test('test_template_api', testtemplateapi, workdir: meson.current_source_dir(), | 20 | test('test_template_api', testtemplateapi, workdir: meson.current_source_dir(), |
21 | suite: 'template') | 21 | suite: ['template', 'contrib']) |
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index f3ea3ed25..6e9649410 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -660,17 +660,33 @@ struct GNUNET_CRYPTO_CsSignature | |||
660 | * Schnorr signatures are composed of a scalar s and a curve point | 660 | * Schnorr signatures are composed of a scalar s and a curve point |
661 | */ | 661 | */ |
662 | struct GNUNET_CRYPTO_CsS s_scalar; | 662 | struct GNUNET_CRYPTO_CsS s_scalar; |
663 | |||
664 | /** | ||
665 | * Curve point of the Schnorr signature. | ||
666 | */ | ||
663 | struct GNUNET_CRYPTO_CsRPublic r_point; | 667 | struct GNUNET_CRYPTO_CsRPublic r_point; |
664 | }; | 668 | }; |
665 | 669 | ||
666 | 670 | ||
667 | /** | 671 | /** |
668 | * Nonce | 672 | * Nonce for the session, picked by client, |
673 | * shared with the signer. | ||
669 | */ | 674 | */ |
670 | struct GNUNET_CRYPTO_CsNonce | 675 | struct GNUNET_CRYPTO_CsSessionNonce |
671 | { | 676 | { |
672 | /*a nonce*/ | 677 | /*a nonce*/ |
673 | unsigned char nonce[256 / 8]; | 678 | unsigned char snonce[256 / 8]; |
679 | }; | ||
680 | |||
681 | |||
682 | /** | ||
683 | * Nonce for computing blinding factors. Not | ||
684 | * shared with the signer. | ||
685 | */ | ||
686 | struct GNUNET_CRYPTO_CsBlindingNonce | ||
687 | { | ||
688 | /*a nonce*/ | ||
689 | unsigned char bnonce[256 / 8]; | ||
674 | }; | 690 | }; |
675 | 691 | ||
676 | 692 | ||
@@ -945,7 +961,7 @@ GNUNET_CRYPTO_hash_from_string2 (const char *enc, | |||
945 | * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding | 961 | * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding |
946 | */ | 962 | */ |
947 | #define GNUNET_CRYPTO_hash_from_string(enc, result) \ | 963 | #define GNUNET_CRYPTO_hash_from_string(enc, result) \ |
948 | GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result) | 964 | GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result) |
949 | 965 | ||
950 | 966 | ||
951 | /** | 967 | /** |
@@ -2136,15 +2152,15 @@ GNUNET_CRYPTO_eddsa_sign_ ( | |||
2136 | * @param[out] sig where to write the signature | 2152 | * @param[out] sig where to write the signature |
2137 | */ | 2153 | */ |
2138 | #define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do { \ | 2154 | #define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do { \ |
2139 | /* check size is set correctly */ \ | 2155 | /* check size is set correctly */ \ |
2140 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \ | 2156 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*ps)); \ |
2141 | /* check 'ps' begins with the purpose */ \ | 2157 | /* check 'ps' begins with the purpose */ \ |
2142 | GNUNET_static_assert (((void*) (ps)) == \ | 2158 | GNUNET_static_assert (((void*) (ps)) == \ |
2143 | ((void*) &(ps)->purpose)); \ | 2159 | ((void*) &(ps)->purpose)); \ |
2144 | GNUNET_assert (GNUNET_OK == \ | 2160 | GNUNET_assert (GNUNET_OK == \ |
2145 | GNUNET_CRYPTO_eddsa_sign_ (priv, \ | 2161 | GNUNET_CRYPTO_eddsa_sign_ (priv, \ |
2146 | &(ps)->purpose, \ | 2162 | &(ps)->purpose, \ |
2147 | sig)); \ | 2163 | sig)); \ |
2148 | } while (0) | 2164 | } while (0) |
2149 | 2165 | ||
2150 | 2166 | ||
@@ -2198,15 +2214,15 @@ GNUNET_CRYPTO_eddsa_sign_raw ( | |||
2198 | * @param[out] sig where to write the signature | 2214 | * @param[out] sig where to write the signature |
2199 | */ | 2215 | */ |
2200 | #define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do { \ | 2216 | #define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do { \ |
2201 | /* check size is set correctly */ \ | 2217 | /* check size is set correctly */ \ |
2202 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ | 2218 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ |
2203 | /* check 'ps' begins with the purpose */ \ | 2219 | /* check 'ps' begins with the purpose */ \ |
2204 | GNUNET_static_assert (((void*) (ps)) == \ | 2220 | GNUNET_static_assert (((void*) (ps)) == \ |
2205 | ((void*) &(ps)->purpose)); \ | 2221 | ((void*) &(ps)->purpose)); \ |
2206 | GNUNET_assert (GNUNET_OK == \ | 2222 | GNUNET_assert (GNUNET_OK == \ |
2207 | GNUNET_CRYPTO_ecdsa_sign_ (priv, \ | 2223 | GNUNET_CRYPTO_ecdsa_sign_ (priv, \ |
2208 | &(ps)->purpose, \ | 2224 | &(ps)->purpose, \ |
2209 | sig)); \ | 2225 | sig)); \ |
2210 | } while (0) | 2226 | } while (0) |
2211 | 2227 | ||
2212 | /** | 2228 | /** |
@@ -2245,15 +2261,15 @@ GNUNET_CRYPTO_edx25519_sign_ ( | |||
2245 | * @param[out] sig where to write the signature | 2261 | * @param[out] sig where to write the signature |
2246 | */ | 2262 | */ |
2247 | #define GNUNET_CRYPTO_edx25519_sign(priv,ps,sig) do { \ | 2263 | #define GNUNET_CRYPTO_edx25519_sign(priv,ps,sig) do { \ |
2248 | /* check size is set correctly */ \ | 2264 | /* check size is set correctly */ \ |
2249 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ | 2265 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ |
2250 | /* check 'ps' begins with the purpose */ \ | 2266 | /* check 'ps' begins with the purpose */ \ |
2251 | GNUNET_static_assert (((void*) (ps)) == \ | 2267 | GNUNET_static_assert (((void*) (ps)) == \ |
2252 | ((void*) &(ps)->purpose)); \ | 2268 | ((void*) &(ps)->purpose)); \ |
2253 | GNUNET_assert (GNUNET_OK == \ | 2269 | GNUNET_assert (GNUNET_OK == \ |
2254 | GNUNET_CRYPTO_edx25519_sign_ (priv, \ | 2270 | GNUNET_CRYPTO_edx25519_sign_ (priv, \ |
2255 | &(ps)->purpose, \ | 2271 | &(ps)->purpose, \ |
2256 | sig)); \ | 2272 | sig)); \ |
2257 | } while (0) | 2273 | } while (0) |
2258 | 2274 | ||
2259 | 2275 | ||
@@ -2801,8 +2817,9 @@ GNUNET_CRYPTO_rsa_private_key_get_public ( | |||
2801 | * @param hc where to store the hash code | 2817 | * @param hc where to store the hash code |
2802 | */ | 2818 | */ |
2803 | void | 2819 | void |
2804 | GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, | 2820 | GNUNET_CRYPTO_rsa_public_key_hash ( |
2805 | struct GNUNET_HashCode *hc); | 2821 | const struct GNUNET_CRYPTO_RsaPublicKey *key, |
2822 | struct GNUNET_HashCode *hc); | ||
2806 | 2823 | ||
2807 | 2824 | ||
2808 | /** | 2825 | /** |
@@ -2907,53 +2924,83 @@ GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1, | |||
2907 | 2924 | ||
2908 | 2925 | ||
2909 | /** | 2926 | /** |
2927 | * @brief RSA Parameters to create blinded signature | ||
2928 | */ | ||
2929 | struct GNUNET_CRYPTO_RsaBlindedMessage | ||
2930 | { | ||
2931 | /** | ||
2932 | * Blinded message to be signed | ||
2933 | * Note: is malloc()'ed! | ||
2934 | */ | ||
2935 | void *blinded_msg; | ||
2936 | |||
2937 | /** | ||
2938 | * Size of the @e blinded_msg to be signed. | ||
2939 | */ | ||
2940 | size_t blinded_msg_size; | ||
2941 | }; | ||
2942 | |||
2943 | |||
2944 | /** | ||
2910 | * Blinds the given message with the given blinding key | 2945 | * Blinds the given message with the given blinding key |
2911 | * | 2946 | * |
2912 | * @param hash hash of the message to sign | 2947 | * @param message the message to sign |
2948 | * @param message_size number of bytes in @a message | ||
2913 | * @param bks the blinding key | 2949 | * @param bks the blinding key |
2914 | * @param pkey the public key of the signer | 2950 | * @param pkey the public key of the signer |
2915 | * @param[out] buf set to a buffer with the blinded message to be signed | 2951 | * @param[out] bm set to the blinded message |
2916 | * @param[out] buf_size number of bytes stored in @a buf | ||
2917 | * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious | 2952 | * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious |
2918 | */ | 2953 | */ |
2919 | enum GNUNET_GenericReturnValue | 2954 | enum GNUNET_GenericReturnValue |
2920 | GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, | 2955 | GNUNET_CRYPTO_rsa_blind (const void *message, |
2956 | size_t message_size, | ||
2921 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, | 2957 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, |
2922 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, | 2958 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, |
2923 | void **buf, | 2959 | struct GNUNET_CRYPTO_RsaBlindedMessage *bm); |
2924 | size_t *buf_size); | ||
2925 | 2960 | ||
2926 | 2961 | ||
2927 | /** | 2962 | /** |
2928 | * Sign a blinded value, which must be a full domain hash of a message. | 2963 | * Sign a blinded value, which must be a full domain hash of a message. |
2929 | * | 2964 | * |
2930 | * @param key private key to use for the signing | 2965 | * @param key private key to use for the signing |
2931 | * @param msg the (blinded) message to sign | 2966 | * @param bm the (blinded) message to sign |
2932 | * @param msg_len number of bytes in @a msg to sign | ||
2933 | * @return NULL on error, signature on success | 2967 | * @return NULL on error, signature on success |
2934 | */ | 2968 | */ |
2935 | struct GNUNET_CRYPTO_RsaSignature * | 2969 | struct GNUNET_CRYPTO_RsaSignature * |
2936 | GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 2970 | GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
2937 | const void *msg, | 2971 | const struct |
2938 | size_t msg_len); | 2972 | GNUNET_CRYPTO_RsaBlindedMessage *bm); |
2939 | 2973 | ||
2940 | 2974 | ||
2941 | /** | 2975 | /** |
2942 | * Create and sign a full domain hash of a message. | 2976 | * Create and sign a full domain hash of a message. |
2943 | * | 2977 | * |
2944 | * @param key private key to use for the signing | 2978 | * @param key private key to use for the signing |
2945 | * @param hash the hash of the message to sign | 2979 | * @param message the message to sign |
2980 | * @param message_size number of bytes in @a message | ||
2946 | * @return NULL on error, including a malicious RSA key, signature on success | 2981 | * @return NULL on error, including a malicious RSA key, signature on success |
2947 | */ | 2982 | */ |
2948 | struct GNUNET_CRYPTO_RsaSignature * | 2983 | struct GNUNET_CRYPTO_RsaSignature * |
2949 | GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 2984 | GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
2950 | const struct GNUNET_HashCode *hash); | 2985 | const void *message, |
2986 | size_t message_size); | ||
2987 | |||
2988 | |||
2989 | /** | ||
2990 | * Free memory occupied by blinded message. Only frees contents, not | ||
2991 | * @a bm itself. | ||
2992 | * | ||
2993 | * @param[in] bm memory to free | ||
2994 | */ | ||
2995 | void | ||
2996 | GNUNET_CRYPTO_rsa_blinded_message_free ( | ||
2997 | struct GNUNET_CRYPTO_RsaBlindedMessage *bm); | ||
2951 | 2998 | ||
2952 | 2999 | ||
2953 | /** | 3000 | /** |
2954 | * Free memory occupied by signature. | 3001 | * Free memory occupied by signature. |
2955 | * | 3002 | * |
2956 | * @param sig memory to free | 3003 | * @param[in] sig memory to free |
2957 | */ | 3004 | */ |
2958 | void | 3005 | void |
2959 | GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig); | 3006 | GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig); |
@@ -2981,8 +3028,9 @@ GNUNET_CRYPTO_rsa_signature_encode ( | |||
2981 | * @return NULL on error | 3028 | * @return NULL on error |
2982 | */ | 3029 | */ |
2983 | struct GNUNET_CRYPTO_RsaSignature * | 3030 | struct GNUNET_CRYPTO_RsaSignature * |
2984 | GNUNET_CRYPTO_rsa_signature_decode (const void *buf, | 3031 | GNUNET_CRYPTO_rsa_signature_decode ( |
2985 | size_t buf_size); | 3032 | const void *buf, |
3033 | size_t buf_size); | ||
2986 | 3034 | ||
2987 | 3035 | ||
2988 | /** | 3036 | /** |
@@ -2992,7 +3040,8 @@ GNUNET_CRYPTO_rsa_signature_decode (const void *buf, | |||
2992 | * @return the duplicate key; NULL upon error | 3040 | * @return the duplicate key; NULL upon error |
2993 | */ | 3041 | */ |
2994 | struct GNUNET_CRYPTO_RsaSignature * | 3042 | struct GNUNET_CRYPTO_RsaSignature * |
2995 | GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig); | 3043 | GNUNET_CRYPTO_rsa_signature_dup ( |
3044 | const struct GNUNET_CRYPTO_RsaSignature *sig); | ||
2996 | 3045 | ||
2997 | 3046 | ||
2998 | /** | 3047 | /** |
@@ -3015,13 +3064,15 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, | |||
3015 | * Verify whether the given hash corresponds to the given signature and the | 3064 | * Verify whether the given hash corresponds to the given signature and the |
3016 | * signature is valid with respect to the given public key. | 3065 | * signature is valid with respect to the given public key. |
3017 | * | 3066 | * |
3018 | * @param hash the message to verify to match the @a sig | 3067 | * @param message the message to sign |
3068 | * @param message_size number of bytes in @a message | ||
3019 | * @param sig signature that is being validated | 3069 | * @param sig signature that is being validated |
3020 | * @param public_key public key of the signer | 3070 | * @param public_key public key of the signer |
3021 | * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature | 3071 | * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature |
3022 | */ | 3072 | */ |
3023 | enum GNUNET_GenericReturnValue | 3073 | enum GNUNET_GenericReturnValue |
3024 | GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, | 3074 | GNUNET_CRYPTO_rsa_verify (const void *message, |
3075 | size_t message_size, | ||
3025 | const struct GNUNET_CRYPTO_RsaSignature *sig, | 3076 | const struct GNUNET_CRYPTO_RsaSignature *sig, |
3026 | const struct GNUNET_CRYPTO_RsaPublicKey *public_key); | 3077 | const struct GNUNET_CRYPTO_RsaPublicKey *public_key); |
3027 | 3078 | ||
@@ -3061,10 +3112,11 @@ GNUNET_CRYPTO_cs_private_key_get_public ( | |||
3061 | * @param[out] r array containing derived secrets r0 and r1 | 3112 | * @param[out] r array containing derived secrets r0 and r1 |
3062 | */ | 3113 | */ |
3063 | void | 3114 | void |
3064 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | 3115 | GNUNET_CRYPTO_cs_r_derive ( |
3065 | const char *seed, | 3116 | const struct GNUNET_CRYPTO_CsSessionNonce *nonce, |
3066 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, | 3117 | const char *seed, |
3067 | struct GNUNET_CRYPTO_CsRSecret r[2]); | 3118 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, |
3119 | struct GNUNET_CRYPTO_CsRSecret r[2]); | ||
3068 | 3120 | ||
3069 | 3121 | ||
3070 | /** | 3122 | /** |
@@ -3074,27 +3126,57 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | |||
3074 | * @param[out] r_pub where to write the public key | 3126 | * @param[out] r_pub where to write the public key |
3075 | */ | 3127 | */ |
3076 | void | 3128 | void |
3077 | GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, | 3129 | GNUNET_CRYPTO_cs_r_get_public ( |
3078 | struct GNUNET_CRYPTO_CsRPublic *r_pub); | 3130 | const struct GNUNET_CRYPTO_CsRSecret *r_priv, |
3131 | struct GNUNET_CRYPTO_CsRPublic *r_pub); | ||
3132 | |||
3079 | 3133 | ||
3080 | /** | 3134 | /** |
3081 | * Derives new random blinding factors. | 3135 | * Derives new random blinding factors. |
3082 | * In original papers blinding factors are generated randomly | 3136 | * In original papers blinding factors are generated randomly |
3083 | * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE | 3137 | * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE. |
3084 | * To ensure unpredictability a new nonce has to be used. | 3138 | * To ensure unpredictability a new nonce has to be used. |
3085 | * Uses HKDF internally | 3139 | * Uses HKDF internally. |
3086 | * | 3140 | * |
3087 | * @param blind_seed is the blinding seed to derive blinding factors | 3141 | * @param blind_seed is the blinding seed to derive blinding factors |
3088 | * @param[out] bs array containing the two derived blinding secrets | 3142 | * @param[out] bs array containing the two derived blinding secrets |
3089 | */ | 3143 | */ |
3090 | void | 3144 | void |
3091 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( | 3145 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( |
3092 | const struct GNUNET_CRYPTO_CsNonce *blind_seed, | 3146 | const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, |
3093 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]); | 3147 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]); |
3094 | 3148 | ||
3095 | 3149 | ||
3096 | /** | 3150 | /** |
3097 | * Calculate two blinded c's | 3151 | * @brief CS Parameters derived from the message |
3152 | * during blinding to create blinded signature | ||
3153 | */ | ||
3154 | struct GNUNET_CRYPTO_CsBlindedMessage | ||
3155 | { | ||
3156 | /** | ||
3157 | * The Clause Schnorr c_0 and c_1 containing the blinded message | ||
3158 | */ | ||
3159 | struct GNUNET_CRYPTO_CsC c[2]; | ||
3160 | |||
3161 | /** | ||
3162 | * Nonce used in initial request. | ||
3163 | */ | ||
3164 | struct GNUNET_CRYPTO_CsSessionNonce nonce; | ||
3165 | |||
3166 | }; | ||
3167 | |||
3168 | |||
3169 | /** | ||
3170 | * Pair of Public R values for Cs denominations | ||
3171 | */ | ||
3172 | struct GNUNET_CRYPTO_CSPublicRPairP | ||
3173 | { | ||
3174 | struct GNUNET_CRYPTO_CsRPublic r_pub[2]; | ||
3175 | }; | ||
3176 | |||
3177 | |||
3178 | /** | ||
3179 | * Calculate two blinded c's. | ||
3098 | * Comment: One would be insecure due to Wagner's algorithm solving ROS | 3180 | * Comment: One would be insecure due to Wagner's algorithm solving ROS |
3099 | * | 3181 | * |
3100 | * @param bs array of the two blinding factor structs each containing alpha and beta | 3182 | * @param bs array of the two blinding factor structs each containing alpha and beta |
@@ -3103,7 +3185,7 @@ GNUNET_CRYPTO_cs_blinding_secrets_derive ( | |||
3103 | * @param msg the message to blind in preparation for signing | 3185 | * @param msg the message to blind in preparation for signing |
3104 | * @param msg_len length of message msg | 3186 | * @param msg_len length of message msg |
3105 | * @param[out] blinded_c array of the two blinded c's | 3187 | * @param[out] blinded_c array of the two blinded c's |
3106 | * @param[out] blinded_r_pub array of the two blinded R | 3188 | * @param[out] r_pub_blind array of the two blinded R |
3107 | */ | 3189 | */ |
3108 | void | 3190 | void |
3109 | GNUNET_CRYPTO_cs_calc_blinded_c ( | 3191 | GNUNET_CRYPTO_cs_calc_blinded_c ( |
@@ -3113,32 +3195,49 @@ GNUNET_CRYPTO_cs_calc_blinded_c ( | |||
3113 | const void *msg, | 3195 | const void *msg, |
3114 | size_t msg_len, | 3196 | size_t msg_len, |
3115 | struct GNUNET_CRYPTO_CsC blinded_c[2], | 3197 | struct GNUNET_CRYPTO_CsC blinded_c[2], |
3116 | struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2]); | 3198 | struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind); |
3117 | 3199 | ||
3118 | 3200 | ||
3119 | /** | 3201 | /** |
3120 | * Sign a blinded c | 3202 | * The Sign Answer for Clause Blind Schnorr signature. |
3121 | * This function derives b from a nonce and a longterm secret | 3203 | * The sign operation returns a parameter @param b and the signature |
3122 | * In original papers b is generated randomly | 3204 | * scalar @param s_scalar. |
3205 | */ | ||
3206 | struct GNUNET_CRYPTO_CsBlindSignature | ||
3207 | { | ||
3208 | /** | ||
3209 | * To make ROS problem harder, the signer chooses an unpredictable b and | ||
3210 | * only calculates signature of c_b | ||
3211 | */ | ||
3212 | unsigned int b; | ||
3213 | |||
3214 | /** | ||
3215 | * The blinded s scalar calculated from c_b | ||
3216 | */ | ||
3217 | struct GNUNET_CRYPTO_CsBlindS s_scalar; | ||
3218 | }; | ||
3219 | |||
3220 | |||
3221 | /** | ||
3222 | * Sign a blinded @a c. | ||
3223 | * This function derives b from a nonce and a longterm secret. | ||
3224 | * In the original papers b is generated randomly. | ||
3123 | * To provide abort-idempotency, b needs to be derived but still need to be UNPREDICTABLE. | 3225 | * To provide abort-idempotency, b needs to be derived but still need to be UNPREDICTABLE. |
3124 | * To ensure unpredictability a new nonce has to be used for every signature | 3226 | * To ensure unpredictability a new nonce has to be used for every signature. |
3125 | * HKDF is used internally for derivation | 3227 | * HKDF is used internally for derivation. |
3126 | * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive | 3228 | * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive. |
3127 | * | 3229 | * |
3128 | * @param priv private key to use for the signing and as LTS in HKDF | 3230 | * @param priv private key to use for the signing and as LTS in HKDF |
3129 | * @param r array of the two secret nonce from the signer | 3231 | * @param r array of the two secret inputs from the signer |
3130 | * @param c array of the two blinded c to sign c_b | 3232 | * @param bm blinded message, including array of the two blinded c to sign c_b and the random nonce |
3131 | * @param nonce is a random nonce | 3233 | * @param[out] cs_blind_sig where to write the blind signature |
3132 | * @param[out] blinded_signature_scalar where to write the signature | ||
3133 | * @return 0 or 1 for b (see Clause Blind Signature Scheme) | ||
3134 | */ | 3234 | */ |
3135 | unsigned int | 3235 | void |
3136 | GNUNET_CRYPTO_cs_sign_derive ( | 3236 | GNUNET_CRYPTO_cs_sign_derive ( |
3137 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, | 3237 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
3138 | const struct GNUNET_CRYPTO_CsRSecret r[2], | 3238 | const struct GNUNET_CRYPTO_CsRSecret r[2], |
3139 | const struct GNUNET_CRYPTO_CsC c[2], | 3239 | const struct GNUNET_CRYPTO_CsBlindedMessage *bm, |
3140 | const struct GNUNET_CRYPTO_CsNonce *nonce, | 3240 | struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig); |
3141 | struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar); | ||
3142 | 3241 | ||
3143 | 3242 | ||
3144 | /** | 3243 | /** |
@@ -3166,10 +3265,599 @@ GNUNET_CRYPTO_cs_unblind ( | |||
3166 | * @returns #GNUNET_YES on success, #GNUNET_SYSERR if signature invalid | 3265 | * @returns #GNUNET_YES on success, #GNUNET_SYSERR if signature invalid |
3167 | */ | 3266 | */ |
3168 | enum GNUNET_GenericReturnValue | 3267 | enum GNUNET_GenericReturnValue |
3169 | GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig, | 3268 | GNUNET_CRYPTO_cs_verify ( |
3170 | const struct GNUNET_CRYPTO_CsPublicKey *pub, | 3269 | const struct GNUNET_CRYPTO_CsSignature *sig, |
3171 | const void *msg, | 3270 | const struct GNUNET_CRYPTO_CsPublicKey *pub, |
3172 | size_t msg_len); | 3271 | const void *msg, |
3272 | size_t msg_len); | ||
3273 | |||
3274 | |||
3275 | /** | ||
3276 | * Types of public keys used for blind signatures. | ||
3277 | */ | ||
3278 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm | ||
3279 | { | ||
3280 | |||
3281 | /** | ||
3282 | * Invalid type of signature. | ||
3283 | */ | ||
3284 | GNUNET_CRYPTO_BSA_INVALID = 0, | ||
3285 | |||
3286 | /** | ||
3287 | * RSA blind signature. | ||
3288 | */ | ||
3289 | GNUNET_CRYPTO_BSA_RSA = 1, | ||
3290 | |||
3291 | /** | ||
3292 | * Clause Blind Schnorr signature. | ||
3293 | */ | ||
3294 | GNUNET_CRYPTO_BSA_CS = 2 | ||
3295 | }; | ||
3296 | |||
3297 | |||
3298 | /** | ||
3299 | * @brief Type of (unblinded) signatures. | ||
3300 | */ | ||
3301 | struct GNUNET_CRYPTO_UnblindedSignature | ||
3302 | { | ||
3303 | |||
3304 | /** | ||
3305 | * Type of the signature. | ||
3306 | */ | ||
3307 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3308 | |||
3309 | /** | ||
3310 | * Reference counter. | ||
3311 | */ | ||
3312 | unsigned int rc; | ||
3313 | |||
3314 | /** | ||
3315 | * Details, depending on @e cipher. | ||
3316 | */ | ||
3317 | union | ||
3318 | { | ||
3319 | /** | ||
3320 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3321 | */ | ||
3322 | struct GNUNET_CRYPTO_CsSignature cs_signature; | ||
3323 | |||
3324 | /** | ||
3325 | * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher. | ||
3326 | */ | ||
3327 | struct GNUNET_CRYPTO_RsaSignature *rsa_signature; | ||
3328 | |||
3329 | } details; | ||
3330 | |||
3331 | }; | ||
3332 | |||
3333 | |||
3334 | /** | ||
3335 | * @brief Type for *blinded* signatures. | ||
3336 | * Must be unblinded before it becomes valid. | ||
3337 | */ | ||
3338 | struct GNUNET_CRYPTO_BlindedSignature | ||
3339 | { | ||
3340 | |||
3341 | /** | ||
3342 | * Type of the signature. | ||
3343 | */ | ||
3344 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3345 | |||
3346 | /** | ||
3347 | * Reference counter. | ||
3348 | */ | ||
3349 | unsigned int rc; | ||
3350 | |||
3351 | /** | ||
3352 | * Details, depending on @e cipher. | ||
3353 | */ | ||
3354 | union | ||
3355 | { | ||
3356 | /** | ||
3357 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3358 | * At this point only the blinded s scalar is used. | ||
3359 | * The final signature consisting of r,s is built after unblinding. | ||
3360 | */ | ||
3361 | struct GNUNET_CRYPTO_CsBlindSignature blinded_cs_answer; | ||
3362 | |||
3363 | /** | ||
3364 | * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher. | ||
3365 | */ | ||
3366 | struct GNUNET_CRYPTO_RsaSignature *blinded_rsa_signature; | ||
3367 | |||
3368 | } details; | ||
3369 | |||
3370 | }; | ||
3371 | |||
3372 | |||
3373 | /** | ||
3374 | * @brief Type of public signing keys for blind signatures. | ||
3375 | */ | ||
3376 | struct GNUNET_CRYPTO_BlindSignPublicKey | ||
3377 | { | ||
3378 | |||
3379 | /** | ||
3380 | * Type of the public key. | ||
3381 | */ | ||
3382 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3383 | |||
3384 | /** | ||
3385 | * Reference counter. | ||
3386 | */ | ||
3387 | unsigned int rc; | ||
3388 | |||
3389 | /** | ||
3390 | * Hash of the public key. | ||
3391 | */ | ||
3392 | struct GNUNET_HashCode pub_key_hash; | ||
3393 | |||
3394 | /** | ||
3395 | * Details, depending on @e cipher. | ||
3396 | */ | ||
3397 | union | ||
3398 | { | ||
3399 | /** | ||
3400 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3401 | */ | ||
3402 | struct GNUNET_CRYPTO_CsPublicKey cs_public_key; | ||
3403 | |||
3404 | /** | ||
3405 | * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher. | ||
3406 | */ | ||
3407 | struct GNUNET_CRYPTO_RsaPublicKey *rsa_public_key; | ||
3408 | |||
3409 | } details; | ||
3410 | }; | ||
3411 | |||
3412 | |||
3413 | /** | ||
3414 | * @brief Type of private signing keys for blind signing. | ||
3415 | */ | ||
3416 | struct GNUNET_CRYPTO_BlindSignPrivateKey | ||
3417 | { | ||
3418 | |||
3419 | /** | ||
3420 | * Type of the public key. | ||
3421 | */ | ||
3422 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3423 | |||
3424 | /** | ||
3425 | * Reference counter. | ||
3426 | */ | ||
3427 | unsigned int rc; | ||
3428 | |||
3429 | /** | ||
3430 | * Details, depending on @e cipher. | ||
3431 | */ | ||
3432 | union | ||
3433 | { | ||
3434 | /** | ||
3435 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3436 | */ | ||
3437 | struct GNUNET_CRYPTO_CsPrivateKey cs_private_key; | ||
3438 | |||
3439 | /** | ||
3440 | * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher. | ||
3441 | */ | ||
3442 | struct GNUNET_CRYPTO_RsaPrivateKey *rsa_private_key; | ||
3443 | |||
3444 | } details; | ||
3445 | }; | ||
3446 | |||
3447 | |||
3448 | /** | ||
3449 | * @brief Blinded message ready for blind signing. | ||
3450 | */ | ||
3451 | struct GNUNET_CRYPTO_BlindedMessage | ||
3452 | { | ||
3453 | /** | ||
3454 | * Type of the sign blinded message | ||
3455 | */ | ||
3456 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3457 | |||
3458 | /** | ||
3459 | * Reference counter. | ||
3460 | */ | ||
3461 | unsigned int rc; | ||
3462 | |||
3463 | /** | ||
3464 | * Details, depending on @e cipher. | ||
3465 | */ | ||
3466 | union | ||
3467 | { | ||
3468 | /** | ||
3469 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3470 | */ | ||
3471 | struct GNUNET_CRYPTO_CsBlindedMessage cs_blinded_message; | ||
3472 | |||
3473 | /** | ||
3474 | * If we use #GNUNET_CRYPTO_BSA_RSA in @a cipher. | ||
3475 | */ | ||
3476 | struct GNUNET_CRYPTO_RsaBlindedMessage rsa_blinded_message; | ||
3477 | |||
3478 | } details; | ||
3479 | }; | ||
3480 | |||
3481 | |||
3482 | /** | ||
3483 | * Secret r for Cs denominations | ||
3484 | */ | ||
3485 | struct GNUNET_CRYPTO_CSPrivateRPairP | ||
3486 | { | ||
3487 | struct GNUNET_CRYPTO_CsRSecret r[2]; | ||
3488 | }; | ||
3489 | |||
3490 | |||
3491 | /** | ||
3492 | * @brief Input needed for blinding a message. | ||
3493 | */ | ||
3494 | struct GNUNET_CRYPTO_BlindingInputValues | ||
3495 | { | ||
3496 | |||
3497 | /** | ||
3498 | * Type of the signature. | ||
3499 | */ | ||
3500 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher; | ||
3501 | |||
3502 | /** | ||
3503 | * Reference counter. | ||
3504 | */ | ||
3505 | unsigned int rc; | ||
3506 | |||
3507 | /** | ||
3508 | * Details, depending on @e cipher. | ||
3509 | */ | ||
3510 | union | ||
3511 | { | ||
3512 | /** | ||
3513 | * If we use #GNUNET_CRYPTO_BSA_CS in @a cipher. | ||
3514 | */ | ||
3515 | struct GNUNET_CRYPTO_CSPublicRPairP cs_values; | ||
3516 | |||
3517 | } details; | ||
3518 | |||
3519 | }; | ||
3520 | |||
3521 | |||
3522 | /** | ||
3523 | * Nonce used to deterministiacally derive input values | ||
3524 | * used in multi-round blind signature protocols. | ||
3525 | */ | ||
3526 | union GNUNET_CRYPTO_BlindSessionNonce | ||
3527 | { | ||
3528 | /** | ||
3529 | * Nonce used when signing with CS. | ||
3530 | */ | ||
3531 | struct GNUNET_CRYPTO_CsSessionNonce cs_nonce; | ||
3532 | }; | ||
3533 | |||
3534 | |||
3535 | /** | ||
3536 | * Compute blinding input values for a given @a nonce and | ||
3537 | * @a salt. | ||
3538 | * | ||
3539 | * @param bsign_priv private key to compute input values for | ||
3540 | * @param nonce session nonce to derive input values from | ||
3541 | * @param salt salt to include in derivation logic | ||
3542 | * @return blinding input values | ||
3543 | */ | ||
3544 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
3545 | GNUNET_CRYPTO_get_blinding_input_values ( | ||
3546 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
3547 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
3548 | const char *salt); | ||
3549 | |||
3550 | |||
3551 | /** | ||
3552 | * Decrement reference counter of a @a bsign_pub, and free it if it reaches zero. | ||
3553 | * | ||
3554 | * @param[in] bsign_pub key to free | ||
3555 | */ | ||
3556 | void | ||
3557 | GNUNET_CRYPTO_blind_sign_pub_decref ( | ||
3558 | struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub); | ||
3559 | |||
3560 | |||
3561 | /** | ||
3562 | * Decrement reference counter of a @a bsign_priv, and free it if it reaches zero. | ||
3563 | * | ||
3564 | * @param[in] bsign_priv key to free | ||
3565 | */ | ||
3566 | void | ||
3567 | GNUNET_CRYPTO_blind_sign_priv_decref ( | ||
3568 | struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv); | ||
3569 | |||
3570 | |||
3571 | /** | ||
3572 | * Decrement reference counter of a @a ub_sig, and free it if it reaches zero. | ||
3573 | * | ||
3574 | * @param[in] ub_sig signature to free | ||
3575 | */ | ||
3576 | void | ||
3577 | GNUNET_CRYPTO_unblinded_sig_decref ( | ||
3578 | struct GNUNET_CRYPTO_UnblindedSignature *ub_sig); | ||
3579 | |||
3580 | |||
3581 | /** | ||
3582 | * Decrement reference counter of a @a blind_sig, and free it if it reaches zero. | ||
3583 | * | ||
3584 | * @param[in] blind_sig signature to free | ||
3585 | */ | ||
3586 | void | ||
3587 | GNUNET_CRYPTO_blinded_sig_decref ( | ||
3588 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig); | ||
3589 | |||
3590 | |||
3591 | /** | ||
3592 | * Decrement reference counter of a @a bm, and free it if it reaches zero. | ||
3593 | * | ||
3594 | * @param[in] bm blinded message to free | ||
3595 | */ | ||
3596 | void | ||
3597 | GNUNET_CRYPTO_blinded_message_decref ( | ||
3598 | struct GNUNET_CRYPTO_BlindedMessage *bm); | ||
3599 | |||
3600 | |||
3601 | /** | ||
3602 | * Increment reference counter of the given @a bm. | ||
3603 | * | ||
3604 | * @param[in,out] bm blinded message to increment reference counter for | ||
3605 | * @return alias of @a bm with RC incremented | ||
3606 | */ | ||
3607 | struct GNUNET_CRYPTO_BlindedMessage * | ||
3608 | GNUNET_CRYPTO_blinded_message_incref ( | ||
3609 | struct GNUNET_CRYPTO_BlindedMessage *bm); | ||
3610 | |||
3611 | |||
3612 | /** | ||
3613 | * Increment reference counter of the given @a bi. | ||
3614 | * | ||
3615 | * @param[in,out] bi blinding input values to increment reference counter for | ||
3616 | * @return alias of @a bi with RC incremented | ||
3617 | */ | ||
3618 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
3619 | GNUNET_CRYPTO_blinding_input_values_incref ( | ||
3620 | struct GNUNET_CRYPTO_BlindingInputValues *bm); | ||
3621 | |||
3622 | |||
3623 | /** | ||
3624 | * Decrement reference counter of the given @a bi, and free it if it reaches | ||
3625 | * zero. | ||
3626 | * | ||
3627 | * @param[in,out] bi blinding input values to decrement reference counter for | ||
3628 | */ | ||
3629 | void | ||
3630 | GNUNET_CRYPTO_blinding_input_values_decref ( | ||
3631 | struct GNUNET_CRYPTO_BlindingInputValues *bm); | ||
3632 | |||
3633 | |||
3634 | /** | ||
3635 | * Increment reference counter of the given @a bsign_pub. | ||
3636 | * | ||
3637 | * @param[in,out] bsign_pub public key to increment reference counter for | ||
3638 | * @return alias of @a bsign_pub with RC incremented | ||
3639 | */ | ||
3640 | struct GNUNET_CRYPTO_BlindSignPublicKey * | ||
3641 | GNUNET_CRYPTO_bsign_pub_incref ( | ||
3642 | struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub); | ||
3643 | |||
3644 | |||
3645 | /** | ||
3646 | * Increment reference counter of the given @a bsign_priv. | ||
3647 | * | ||
3648 | * @param[in,out] bsign_priv private key to increment reference counter for | ||
3649 | * @return alias of @a bsign_priv with RC incremented | ||
3650 | */ | ||
3651 | struct GNUNET_CRYPTO_BlindSignPrivateKey * | ||
3652 | GNUNET_CRYPTO_bsign_priv_incref ( | ||
3653 | struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv); | ||
3654 | |||
3655 | |||
3656 | /** | ||
3657 | * Increment reference counter of the given @a ub_sig. | ||
3658 | * | ||
3659 | * @param[in,out] ub_sig signature to increment reference counter for | ||
3660 | * @return alias of @a ub_sig with RC incremented | ||
3661 | */ | ||
3662 | struct GNUNET_CRYPTO_UnblindedSignature * | ||
3663 | GNUNET_CRYPTO_ub_sig_incref (struct GNUNET_CRYPTO_UnblindedSignature *ub_sig); | ||
3664 | |||
3665 | |||
3666 | /** | ||
3667 | * Increment reference counter of the given @a blind_sig. | ||
3668 | * | ||
3669 | * @param[in,out] blind_sig signature to increment reference counter for | ||
3670 | * @return alias of @a blind_sig with RC incremented | ||
3671 | */ | ||
3672 | struct GNUNET_CRYPTO_BlindedSignature * | ||
3673 | GNUNET_CRYPTO_blind_sig_incref ( | ||
3674 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig); | ||
3675 | |||
3676 | |||
3677 | /** | ||
3678 | * Compare two denomination public keys. | ||
3679 | * | ||
3680 | * @param bp1 first key | ||
3681 | * @param bp2 second key | ||
3682 | * @return 0 if the keys are equal, otherwise -1 or 1 | ||
3683 | */ | ||
3684 | int | ||
3685 | GNUNET_CRYPTO_bsign_pub_cmp ( | ||
3686 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bp1, | ||
3687 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bp2); | ||
3688 | |||
3689 | |||
3690 | /** | ||
3691 | * Compare two denomination signatures. | ||
3692 | * | ||
3693 | * @param sig1 first signature | ||
3694 | * @param sig2 second signature | ||
3695 | * @return 0 if the keys are equal, otherwise -1 or 1 | ||
3696 | */ | ||
3697 | int | ||
3698 | GNUNET_CRYPTO_ub_sig_cmp (const struct GNUNET_CRYPTO_UnblindedSignature *sig1, | ||
3699 | const struct GNUNET_CRYPTO_UnblindedSignature *sig2); | ||
3700 | |||
3701 | |||
3702 | /** | ||
3703 | * Compare two blinded denomination signatures. | ||
3704 | * | ||
3705 | * @param sig1 first signature | ||
3706 | * @param sig2 second signature | ||
3707 | * @return 0 if the keys are equal, otherwise -1 or 1 | ||
3708 | */ | ||
3709 | int | ||
3710 | GNUNET_CRYPTO_blind_sig_cmp ( | ||
3711 | const struct GNUNET_CRYPTO_BlindedSignature *sig1, | ||
3712 | const struct GNUNET_CRYPTO_BlindedSignature *sig2); | ||
3713 | |||
3714 | |||
3715 | /** | ||
3716 | * Compare two blinded messages. | ||
3717 | * | ||
3718 | * @param bp1 first blinded message | ||
3719 | * @param bp2 second blinded message | ||
3720 | * @return 0 if the keys are equal, otherwise -1 or 1 | ||
3721 | */ | ||
3722 | int | ||
3723 | GNUNET_CRYPTO_blinded_message_cmp ( | ||
3724 | const struct GNUNET_CRYPTO_BlindedMessage *bp1, | ||
3725 | const struct GNUNET_CRYPTO_BlindedMessage *bp2); | ||
3726 | |||
3727 | |||
3728 | /** | ||
3729 | * Initialize public-private key pair for blind signatures. | ||
3730 | * | ||
3731 | * For #GNUNET_CRYPTO_BSA_RSA, an additional "unsigned int" | ||
3732 | * argument with the number of bits for 'n' (e.g. 2048) must | ||
3733 | * be passed. | ||
3734 | * | ||
3735 | * @param[out] bsign_priv where to write the private key with RC 1 | ||
3736 | * @param[out] bsign_pub where to write the public key with RC 1 | ||
3737 | * @param cipher which type of cipher to use | ||
3738 | * @param ... RSA key size (eg. 2048/3072/4096) | ||
3739 | * @return #GNUNET_OK on success, #GNUNET_NO if parameterst were invalid | ||
3740 | */ | ||
3741 | enum GNUNET_GenericReturnValue | ||
3742 | GNUNET_CRYPTO_blind_sign_keys_create ( | ||
3743 | struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, | ||
3744 | struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, | ||
3745 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, | ||
3746 | ...); | ||
3747 | |||
3748 | |||
3749 | /** | ||
3750 | * Initialize public-private key pair for blind signatures. | ||
3751 | * | ||
3752 | * For #GNUNET_CRYPTO_BSA_RSA, an additional "unsigned int" | ||
3753 | * argument with the number of bits for 'n' (e.g. 2048) must | ||
3754 | * be passed. | ||
3755 | * | ||
3756 | * @param[out] bsign_priv where to write the private key with RC 1 | ||
3757 | * @param[out] bsign_pub where to write the public key with RC 1 | ||
3758 | * @param cipher which type of cipher to use | ||
3759 | * @param ap RSA key size (eg. 2048/3072/4096) | ||
3760 | * @return #GNUNET_OK on success, #GNUNET_NO if parameterst were invalid | ||
3761 | */ | ||
3762 | enum GNUNET_GenericReturnValue | ||
3763 | GNUNET_CRYPTO_blind_sign_keys_create_va ( | ||
3764 | struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, | ||
3765 | struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, | ||
3766 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, | ||
3767 | va_list ap); | ||
3768 | |||
3769 | |||
3770 | /** | ||
3771 | * @brief Type of blinding secrets. Must be exactly 32 bytes (DB). | ||
3772 | */ | ||
3773 | union GNUNET_CRYPTO_BlindingSecretP | ||
3774 | { | ||
3775 | /** | ||
3776 | * Clause Schnorr nonce. | ||
3777 | */ | ||
3778 | struct GNUNET_CRYPTO_CsBlindingNonce nonce; | ||
3779 | |||
3780 | /** | ||
3781 | * Variant for RSA for blind signatures. | ||
3782 | */ | ||
3783 | struct GNUNET_CRYPTO_RsaBlindingKeySecret rsa_bks; | ||
3784 | }; | ||
3785 | |||
3786 | |||
3787 | /** | ||
3788 | * Blind message for blind signing with @a dk using blinding secret @a coin_bks. | ||
3789 | * | ||
3790 | * @param bsign_pub public key to blind for | ||
3791 | * @param bks blinding secret to use | ||
3792 | * @param nonce nonce used to obtain @a alg_values | ||
3793 | * can be NULL if input values are not used for the cipher | ||
3794 | * @param message message to sign | ||
3795 | * @param message_size number of bytes in @a message | ||
3796 | * @param alg_values algorithm specific values to blind the @a message | ||
3797 | * @return blinded message to give to signer, NULL on error | ||
3798 | */ | ||
3799 | struct GNUNET_CRYPTO_BlindedMessage * | ||
3800 | GNUNET_CRYPTO_message_blind_to_sign ( | ||
3801 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | ||
3802 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | ||
3803 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
3804 | const void *message, | ||
3805 | size_t message_size, | ||
3806 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values); | ||
3807 | |||
3808 | |||
3809 | /** | ||
3810 | * Create blind signature. | ||
3811 | * | ||
3812 | * @param bsign_priv private key to use for signing | ||
3813 | * @param salt salt value to use for the HKDF, | ||
3814 | * can be NULL if input values are not used for the cipher | ||
3815 | * @param blinded_message the already blinded message to sign | ||
3816 | * @return blind signature with RC=1, NULL on failure | ||
3817 | */ | ||
3818 | struct GNUNET_CRYPTO_BlindedSignature * | ||
3819 | GNUNET_CRYPTO_blind_sign ( | ||
3820 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
3821 | const char *salt, | ||
3822 | const struct GNUNET_CRYPTO_BlindedMessage *blinded_message); | ||
3823 | |||
3824 | |||
3825 | /** | ||
3826 | * Unblind blind signature. | ||
3827 | * | ||
3828 | * @param blinded_sig the blind signature | ||
3829 | * @param bks blinding secret to use | ||
3830 | * @param message message that was supposedly signed | ||
3831 | * @param message_size number of bytes in @a message | ||
3832 | * @param alg_values algorithm specific values | ||
3833 | * @param bsign_pub public key used for signing | ||
3834 | * @return unblinded signature with RC=1, NULL on error | ||
3835 | */ | ||
3836 | struct GNUNET_CRYPTO_UnblindedSignature * | ||
3837 | GNUNET_CRYPTO_blind_sig_unblind ( | ||
3838 | const struct GNUNET_CRYPTO_BlindedSignature *blinded_sig, | ||
3839 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | ||
3840 | const void *message, | ||
3841 | size_t message_size, | ||
3842 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values, | ||
3843 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub); | ||
3844 | |||
3845 | |||
3846 | /** | ||
3847 | * Verify signature made blindly. | ||
3848 | * | ||
3849 | * @param bsign_pub public key | ||
3850 | * @param ub_sig signature made blindly with the private key | ||
3851 | * @param message message that was supposedly signed | ||
3852 | * @param message_size number of bytes in @a message | ||
3853 | * @return #GNUNET_OK if the signature is valid | ||
3854 | */ | ||
3855 | enum GNUNET_GenericReturnValue | ||
3856 | GNUNET_CRYPTO_blind_sig_verify ( | ||
3857 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | ||
3858 | const struct GNUNET_CRYPTO_UnblindedSignature *ub_sig, | ||
3859 | const void *message, | ||
3860 | size_t message_size); | ||
3173 | 3861 | ||
3174 | 3862 | ||
3175 | /** | 3863 | /** |
@@ -3184,7 +3872,7 @@ GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig, | |||
3184 | */ | 3872 | */ |
3185 | ssize_t | 3873 | ssize_t |
3186 | GNUNET_CRYPTO_public_key_get_length (const struct | 3874 | GNUNET_CRYPTO_public_key_get_length (const struct |
3187 | GNUNET_CRYPTO_PublicKey *key); | 3875 | GNUNET_CRYPTO_PublicKey *key); |
3188 | 3876 | ||
3189 | /** | 3877 | /** |
3190 | * Reads a #GNUNET_CRYPTO_PublicKey from a compact buffer. | 3878 | * Reads a #GNUNET_CRYPTO_PublicKey from a compact buffer. |
@@ -3235,9 +3923,9 @@ GNUNET_CRYPTO_private_key_get_length ( | |||
3235 | */ | 3923 | */ |
3236 | ssize_t | 3924 | ssize_t |
3237 | GNUNET_CRYPTO_write_public_key_to_buffer (const struct | 3925 | GNUNET_CRYPTO_write_public_key_to_buffer (const struct |
3238 | GNUNET_CRYPTO_PublicKey *key, | 3926 | GNUNET_CRYPTO_PublicKey *key, |
3239 | void*buffer, | 3927 | void*buffer, |
3240 | size_t len); | 3928 | size_t len); |
3241 | 3929 | ||
3242 | 3930 | ||
3243 | /** | 3931 | /** |
@@ -3397,15 +4085,15 @@ GNUNET_CRYPTO_sign_raw_ ( | |||
3397 | * @param[out] sig where to write the signature | 4085 | * @param[out] sig where to write the signature |
3398 | */ | 4086 | */ |
3399 | #define GNUNET_CRYPTO_sign(priv,ps,sig) do { \ | 4087 | #define GNUNET_CRYPTO_sign(priv,ps,sig) do { \ |
3400 | /* check size is set correctly */ \ | 4088 | /* check size is set correctly */ \ |
3401 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ | 4089 | GNUNET_assert (ntohl ((ps)->purpose.size) == sizeof (*(ps))); \ |
3402 | /* check 'ps' begins with the purpose */ \ | 4090 | /* check 'ps' begins with the purpose */ \ |
3403 | GNUNET_static_assert (((void*) (ps)) == \ | 4091 | GNUNET_static_assert (((void*) (ps)) == \ |
3404 | ((void*) &(ps)->purpose)); \ | 4092 | ((void*) &(ps)->purpose)); \ |
3405 | GNUNET_assert (GNUNET_OK == \ | 4093 | GNUNET_assert (GNUNET_OK == \ |
3406 | GNUNET_CRYPTO_sign_ (priv, \ | 4094 | GNUNET_CRYPTO_sign_ (priv, \ |
3407 | &(ps)->purpose, \ | 4095 | &(ps)->purpose, \ |
3408 | sig)); \ | 4096 | sig)); \ |
3409 | } while (0) | 4097 | } while (0) |
3410 | 4098 | ||
3411 | 4099 | ||
@@ -3476,9 +4164,9 @@ GNUNET_CRYPTO_signature_verify_raw_ ( | |||
3476 | GNUNET_static_assert (((void*) (ps)) == \ | 4164 | GNUNET_static_assert (((void*) (ps)) == \ |
3477 | ((void*) &(ps)->purpose)); \ | 4165 | ((void*) &(ps)->purpose)); \ |
3478 | GNUNET_CRYPTO_signature_verify_ (purp, \ | 4166 | GNUNET_CRYPTO_signature_verify_ (purp, \ |
3479 | &(ps)->purpose, \ | 4167 | &(ps)->purpose, \ |
3480 | sig, \ | 4168 | sig, \ |
3481 | pub); \ | 4169 | pub); \ |
3482 | }) | 4170 | }) |
3483 | 4171 | ||
3484 | 4172 | ||
@@ -3499,10 +4187,10 @@ GNUNET_CRYPTO_signature_verify_raw_ ( | |||
3499 | */ | 4187 | */ |
3500 | ssize_t | 4188 | ssize_t |
3501 | GNUNET_CRYPTO_encrypt_old (const void *block, | 4189 | GNUNET_CRYPTO_encrypt_old (const void *block, |
3502 | size_t size, | 4190 | size_t size, |
3503 | const struct GNUNET_CRYPTO_PublicKey *pub, | 4191 | const struct GNUNET_CRYPTO_PublicKey *pub, |
3504 | struct GNUNET_CRYPTO_EcdhePublicKey *ecc, | 4192 | struct GNUNET_CRYPTO_EcdhePublicKey *ecc, |
3505 | void *result); | 4193 | void *result); |
3506 | 4194 | ||
3507 | 4195 | ||
3508 | /** | 4196 | /** |
@@ -3528,8 +4216,8 @@ GNUNET_CRYPTO_decrypt_old ( | |||
3528 | void *result); | 4216 | void *result); |
3529 | 4217 | ||
3530 | #define GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES (crypto_secretbox_MACBYTES \ | 4218 | #define GNUNET_CRYPTO_ENCRYPT_OVERHEAD_BYTES (crypto_secretbox_MACBYTES \ |
3531 | + sizeof (struct \ | 4219 | + sizeof (struct \ |
3532 | GNUNET_CRYPTO_FoKemC)) | 4220 | GNUNET_CRYPTO_FoKemC)) |
3533 | 4221 | ||
3534 | /** | 4222 | /** |
3535 | * Encrypt a block with #GNUNET_CRYPTO_PublicKey and derives a | 4223 | * Encrypt a block with #GNUNET_CRYPTO_PublicKey and derives a |
@@ -3548,10 +4236,10 @@ GNUNET_CRYPTO_decrypt_old ( | |||
3548 | */ | 4236 | */ |
3549 | enum GNUNET_GenericReturnValue | 4237 | enum GNUNET_GenericReturnValue |
3550 | GNUNET_CRYPTO_encrypt (const void *block, | 4238 | GNUNET_CRYPTO_encrypt (const void *block, |
3551 | size_t size, | 4239 | size_t size, |
3552 | const struct GNUNET_CRYPTO_PublicKey *pub, | 4240 | const struct GNUNET_CRYPTO_PublicKey *pub, |
3553 | void *result, | 4241 | void *result, |
3554 | size_t result_size); | 4242 | size_t result_size); |
3555 | 4243 | ||
3556 | 4244 | ||
3557 | /** | 4245 | /** |
@@ -3567,10 +4255,10 @@ GNUNET_CRYPTO_encrypt (const void *block, | |||
3567 | */ | 4255 | */ |
3568 | enum GNUNET_GenericReturnValue | 4256 | enum GNUNET_GenericReturnValue |
3569 | GNUNET_CRYPTO_decrypt (const void *block, | 4257 | GNUNET_CRYPTO_decrypt (const void *block, |
3570 | size_t size, | 4258 | size_t size, |
3571 | const struct GNUNET_CRYPTO_PrivateKey *priv, | 4259 | const struct GNUNET_CRYPTO_PrivateKey *priv, |
3572 | void *result, | 4260 | void *result, |
3573 | size_t result_size); | 4261 | size_t result_size); |
3574 | 4262 | ||
3575 | 4263 | ||
3576 | /** | 4264 | /** |
@@ -3609,7 +4297,7 @@ GNUNET_CRYPTO_private_key_to_string ( | |||
3609 | */ | 4297 | */ |
3610 | enum GNUNET_GenericReturnValue | 4298 | enum GNUNET_GenericReturnValue |
3611 | GNUNET_CRYPTO_public_key_from_string (const char*str, | 4299 | GNUNET_CRYPTO_public_key_from_string (const char*str, |
3612 | struct GNUNET_CRYPTO_PublicKey *key); | 4300 | struct GNUNET_CRYPTO_PublicKey *key); |
3613 | 4301 | ||
3614 | 4302 | ||
3615 | /** | 4303 | /** |
@@ -3622,7 +4310,7 @@ GNUNET_CRYPTO_public_key_from_string (const char*str, | |||
3622 | */ | 4310 | */ |
3623 | enum GNUNET_GenericReturnValue | 4311 | enum GNUNET_GenericReturnValue |
3624 | GNUNET_CRYPTO_private_key_from_string (const char*str, | 4312 | GNUNET_CRYPTO_private_key_from_string (const char*str, |
3625 | struct GNUNET_CRYPTO_PrivateKey *key); | 4313 | struct GNUNET_CRYPTO_PrivateKey *key); |
3626 | 4314 | ||
3627 | 4315 | ||
3628 | /** | 4316 | /** |
@@ -3634,8 +4322,8 @@ GNUNET_CRYPTO_private_key_from_string (const char*str, | |||
3634 | */ | 4322 | */ |
3635 | enum GNUNET_GenericReturnValue | 4323 | enum GNUNET_GenericReturnValue |
3636 | GNUNET_CRYPTO_key_get_public (const struct | 4324 | GNUNET_CRYPTO_key_get_public (const struct |
3637 | GNUNET_CRYPTO_PrivateKey *privkey, | 4325 | GNUNET_CRYPTO_PrivateKey *privkey, |
3638 | struct GNUNET_CRYPTO_PublicKey *key); | 4326 | struct GNUNET_CRYPTO_PublicKey *key); |
3639 | 4327 | ||
3640 | #if 0 /* keep Emacsens' auto-indent happy */ | 4328 | #if 0 /* keep Emacsens' auto-indent happy */ |
3641 | { | 4329 | { |
diff --git a/src/include/gnunet_program_lib.h b/src/include/gnunet_program_lib.h index 0c51d6cf7..b50838755 100644 --- a/src/include/gnunet_program_lib.h +++ b/src/include/gnunet_program_lib.h | |||
@@ -18,7 +18,7 @@ | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | 18 | SPDX-License-Identifier: AGPL3.0-or-later |
19 | */ | 19 | */ |
20 | 20 | ||
21 | #if !defined (__GNUNET_UTIL_LIB_H_INSIDE__) | 21 | #if ! defined (__GNUNET_UTIL_LIB_H_INSIDE__) |
22 | #error "Only <gnunet_util_lib.h> can be included directly." | 22 | #error "Only <gnunet_util_lib.h> can be included directly." |
23 | #endif | 23 | #endif |
24 | 24 | ||
@@ -122,6 +122,45 @@ GNUNET_PROGRAM_run (int argc, | |||
122 | GNUNET_PROGRAM_Main task, | 122 | GNUNET_PROGRAM_Main task, |
123 | void *task_cls); | 123 | void *task_cls); |
124 | 124 | ||
125 | enum GNUNET_GenericReturnValue | ||
126 | GNUNET_DAEMON_register (const char *daemon_name, | ||
127 | const char *daemon_desc, | ||
128 | GNUNET_PROGRAM_Main task); | ||
129 | |||
130 | #ifndef HAVE_GNUNET_MONOLITH | ||
131 | #define GNUNET_DAEMON_MAIN(daemon_name, daemon_help, init_cb) \ | ||
132 | int \ | ||
133 | main (int argc, \ | ||
134 | char *const *argv) \ | ||
135 | { \ | ||
136 | int ret; \ | ||
137 | struct GNUNET_GETOPT_CommandLineOption options[] = { \ | ||
138 | GNUNET_GETOPT_OPTION_END \ | ||
139 | }; \ | ||
140 | if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, \ | ||
141 | &argv)) \ | ||
142 | return 2; \ | ||
143 | ret = GNUNET_PROGRAM_run (argc, \ | ||
144 | argv, \ | ||
145 | daemon_name, \ | ||
146 | daemon_help, \ | ||
147 | options, \ | ||
148 | init_cb, \ | ||
149 | NULL); \ | ||
150 | GNUNET_free_nz ((void*) argv); \ | ||
151 | return ret; \ | ||
152 | } | ||
153 | #else | ||
154 | #define GNUNET_DAEMON_MAIN(daemon_name, daemon_help, init_cb) \ | ||
155 | static int __attribute__ ((constructor)) \ | ||
156 | init (void) \ | ||
157 | { \ | ||
158 | return GNUNET_DAEMON_register (daemon_name, \ | ||
159 | daemon_help, \ | ||
160 | init_cb); \ | ||
161 | } | ||
162 | #endif | ||
163 | |||
125 | 164 | ||
126 | #if 0 /* keep Emacsens' auto-indent happy */ | 165 | #if 0 /* keep Emacsens' auto-indent happy */ |
127 | { | 166 | { |
diff --git a/src/lib/gnsrecord/meson.build b/src/lib/gnsrecord/meson.build index a35d6b66e..40eff89c1 100644 --- a/src/lib/gnsrecord/meson.build +++ b/src/lib/gnsrecord/meson.build | |||
@@ -29,3 +29,58 @@ libgnunetgnsrecordjson = library('gnunetgnsrecordjson', | |||
29 | install: true, | 29 | install: true, |
30 | install_dir: get_option('libdir')) | 30 | install_dir: get_option('libdir')) |
31 | libgnunetgnsrecordjson_dep = declare_dependency(link_with : libgnunetgnsrecordjson) | 31 | libgnunetgnsrecordjson_dep = declare_dependency(link_with : libgnunetgnsrecordjson) |
32 | |||
33 | testgnsrecrd_perf_crypto = executable ('perf_gnsrecord_crypto', | ||
34 | ['perf_gnsrecord_crypto.c'], | ||
35 | dependencies: [libgnunetutil_dep, | ||
36 | libgnunetgnsrecord_dep], | ||
37 | include_directories: [incdir, configuration_inc], | ||
38 | build_by_default: false, | ||
39 | install: false) | ||
40 | testgnsrecrd_test_crypto = executable ('test_gnsrecord_crypto', | ||
41 | ['test_gnsrecord_crypto.c'], | ||
42 | dependencies: [libgnunetutil_dep, | ||
43 | libgnunetgnsrecord_dep], | ||
44 | include_directories: [incdir, configuration_inc], | ||
45 | build_by_default: false, | ||
46 | install: false) | ||
47 | testgnsrecrd_test_serialization = executable ('test_gnsrecord_serialization', | ||
48 | ['test_gnsrecord_serialization.c'], | ||
49 | dependencies: [libgnunetutil_dep, | ||
50 | libgnunetgnsrecord_dep], | ||
51 | include_directories: [incdir, configuration_inc], | ||
52 | build_by_default: false, | ||
53 | install: false) | ||
54 | testgnsrecrd_test_tvs = executable ('test_gnsrecord_testvectors', | ||
55 | ['test_gnsrecord_testvectors.c'], | ||
56 | dependencies: [libgnunetutil_dep, | ||
57 | libgnunetgnsrecord_dep], | ||
58 | include_directories: [incdir, configuration_inc], | ||
59 | build_by_default: false, | ||
60 | install: false) | ||
61 | testgnsrecrd_test_exp = executable ('test_gnsrecord_block_expiration', | ||
62 | ['test_gnsrecord_block_expiration.c'], | ||
63 | dependencies: [libgnunetutil_dep, | ||
64 | libgnunetgnsrecord_dep], | ||
65 | include_directories: [incdir, configuration_inc], | ||
66 | build_by_default: false, | ||
67 | install: false) | ||
68 | |||
69 | test('perf_gnsrecord_crypto', testgnsrecrd_perf_crypto, | ||
70 | workdir: meson.current_build_dir(), | ||
71 | suite: ['gnsrecord']) | ||
72 | test('test_gnsrecord_crypto', testgnsrecrd_test_crypto, | ||
73 | workdir: meson.current_build_dir(), | ||
74 | suite: ['gnsrecord']) | ||
75 | test('test_gnsrecord_serialization', testgnsrecrd_test_serialization, | ||
76 | workdir: meson.current_build_dir(), | ||
77 | suite: ['gnsrecord']) | ||
78 | test('test_gnsrecord_block_expiration', testgnsrecrd_test_exp, | ||
79 | workdir: meson.current_build_dir(), | ||
80 | suite: ['gnsrecord']) | ||
81 | test('test_gnsrecord_serialization', testgnsrecrd_test_serialization, | ||
82 | workdir: meson.current_build_dir(), | ||
83 | suite: ['gnsrecord']) | ||
84 | test('test_gnsrecord_testvectors', testgnsrecrd_test_tvs, | ||
85 | workdir: meson.current_build_dir(), | ||
86 | suite: ['gnsrecord']) | ||
diff --git a/src/lib/hello/meson.build b/src/lib/hello/meson.build index 30e0f4c9c..caf70e4a7 100644 --- a/src/lib/hello/meson.build +++ b/src/lib/hello/meson.build | |||
@@ -13,11 +13,15 @@ pkg.generate(libgnunethello, url: 'https://www.gnunet.org', | |||
13 | description : 'Helper library for handling GNUnet HELLO messages') | 13 | description : 'Helper library for handling GNUnet HELLO messages') |
14 | 14 | ||
15 | 15 | ||
16 | # TNG | 16 | test_hello_uri = executable ('test_hello_uri', |
17 | #executable ('gnunet-hello', | 17 | ['test_hello-uri.c'], |
18 | # ['gnunet-hello.c'], | 18 | dependencies: [libgnunethello_dep, |
19 | # dependencies: [libgnunethello_dep, libgnunetutil_dep], | 19 | libgnunetutil_dep, |
20 | # include_directories: [incdir, configuration_inc], | 20 | gcrypt_dep], |
21 | # install: true, | 21 | include_directories: [incdir, configuration_inc], |
22 | # install_dir: get_option('bindir')) | 22 | build_by_default: false, |
23 | install: false) | ||
23 | 24 | ||
25 | test('test_hello_uri', test_hello_uri, | ||
26 | workdir: meson.current_build_dir(), | ||
27 | suite: ['hello']) | ||
diff --git a/src/lib/json/meson.build b/src/lib/json/meson.build index 804b2516f..d4c3b4528 100644 --- a/src/lib/json/meson.build +++ b/src/lib/json/meson.build | |||
@@ -16,3 +16,29 @@ libgnunetjson_dep = declare_dependency(link_with : libgnunetjson) | |||
16 | pkg.generate(libgnunetjson, url: 'https://www.gnunet.org', | 16 | pkg.generate(libgnunetjson, url: 'https://www.gnunet.org', |
17 | description : 'Library for JSON de/serialization') | 17 | description : 'Library for JSON de/serialization') |
18 | 18 | ||
19 | testjson = executable ('test_json', | ||
20 | ['test_json.c'], | ||
21 | dependencies: [libgnunetutil_dep, | ||
22 | json_dep, | ||
23 | libgnunetjson_dep], | ||
24 | include_directories: [incdir, configuration_inc], | ||
25 | build_by_default: false, | ||
26 | install: false) | ||
27 | testjson_mhd = executable ('test_json_mhd', | ||
28 | ['test_json_mhd.c'], | ||
29 | dependencies: [libgnunetutil_dep, | ||
30 | json_dep, | ||
31 | mhd_dep, | ||
32 | curl_dep, | ||
33 | zlib_dep, | ||
34 | libgnunetjson_dep], | ||
35 | include_directories: [incdir, configuration_inc], | ||
36 | build_by_default: false, | ||
37 | install: false) | ||
38 | test('test_json', testjson, | ||
39 | workdir: meson.current_build_dir(), | ||
40 | suite: ['json']) | ||
41 | test('test_json_mhd', testjson_mhd, | ||
42 | workdir: meson.current_build_dir(), | ||
43 | suite: ['json']) | ||
44 | |||
diff --git a/src/lib/json/test_json.c b/src/lib/json/test_json.c index db376d213..1d27518b2 100644 --- a/src/lib/json/test_json.c +++ b/src/lib/json/test_json.c | |||
@@ -171,7 +171,7 @@ test_rsa () | |||
171 | priv = GNUNET_CRYPTO_rsa_private_key_create (1024); | 171 | priv = GNUNET_CRYPTO_rsa_private_key_create (1024); |
172 | pub = GNUNET_CRYPTO_rsa_private_key_get_public (priv); | 172 | pub = GNUNET_CRYPTO_rsa_private_key_get_public (priv); |
173 | memset (&msg, 42, sizeof(msg)); | 173 | memset (&msg, 42, sizeof(msg)); |
174 | sig = GNUNET_CRYPTO_rsa_sign_fdh (priv, &msg); | 174 | sig = GNUNET_CRYPTO_rsa_sign_fdh (priv, &msg, sizeof (msg)); |
175 | GNUNET_assert (NULL != (jp = GNUNET_JSON_from_rsa_public_key (pub))); | 175 | GNUNET_assert (NULL != (jp = GNUNET_JSON_from_rsa_public_key (pub))); |
176 | GNUNET_assert (NULL != (js = GNUNET_JSON_from_rsa_signature (sig))); | 176 | GNUNET_assert (NULL != (js = GNUNET_JSON_from_rsa_signature (sig))); |
177 | GNUNET_assert (GNUNET_OK == GNUNET_JSON_parse (jp, pspec, NULL, NULL)); | 177 | GNUNET_assert (GNUNET_OK == GNUNET_JSON_parse (jp, pspec, NULL, NULL)); |
diff --git a/src/lib/pq/meson.build b/src/lib/pq/meson.build index 5b4372b70..b94cd012f 100644 --- a/src/lib/pq/meson.build +++ b/src/lib/pq/meson.build | |||
@@ -16,3 +16,17 @@ libgnunetpq = library('gnunetpq', | |||
16 | install: true, | 16 | install: true, |
17 | install_dir: get_option('libdir')) | 17 | install_dir: get_option('libdir')) |
18 | libgnunetpq_dep = declare_dependency(link_with : libgnunetpq) | 18 | libgnunetpq_dep = declare_dependency(link_with : libgnunetpq) |
19 | |||
20 | testpq = executable ('test_pq', | ||
21 | ['test_pq.c'], | ||
22 | dependencies: [libgnunetutil_dep, | ||
23 | pq_dep, | ||
24 | libgnunetpq_dep], | ||
25 | include_directories: [incdir, configuration_inc], | ||
26 | build_by_default: false, | ||
27 | install: false) | ||
28 | test('test_pq', testpq, | ||
29 | workdir: meson.current_build_dir(), | ||
30 | suite: ['pq']) | ||
31 | |||
32 | |||
diff --git a/src/lib/sq/meson.build b/src/lib/sq/meson.build index dffda7872..69d372cac 100644 --- a/src/lib/sq/meson.build +++ b/src/lib/sq/meson.build | |||
@@ -15,4 +15,16 @@ libgnunetsq = library('gnunetsq', | |||
15 | pkg.generate(libgnunetsq, url: 'https://www.gnunet.org', | 15 | pkg.generate(libgnunetsq, url: 'https://www.gnunet.org', |
16 | description : 'Provides API for accessing the SQ service') | 16 | description : 'Provides API for accessing the SQ service') |
17 | libgnunetsq_dep = declare_dependency(link_with : libgnunetsq) | 17 | libgnunetsq_dep = declare_dependency(link_with : libgnunetsq) |
18 | testsq = executable ('test_sq', | ||
19 | ['test_sq.c'], | ||
20 | dependencies: [libgnunetutil_dep, | ||
21 | sqlite_dep, | ||
22 | libgnunetsq_dep], | ||
23 | include_directories: [incdir, configuration_inc], | ||
24 | build_by_default: false, | ||
25 | install: false) | ||
26 | test('test_sq', testsq, | ||
27 | workdir: meson.current_build_dir(), | ||
28 | suite: ['sq']) | ||
29 | |||
18 | 30 | ||
diff --git a/src/lib/sq/test_sq.c b/src/lib/sq/test_sq.c index ecd9918d7..292de5f34 100644 --- a/src/lib/sq/test_sq.c +++ b/src/lib/sq/test_sq.c | |||
@@ -92,7 +92,8 @@ run_queries (sqlite3 *dbh) | |||
92 | pub = GNUNET_CRYPTO_rsa_private_key_get_public (priv); | 92 | pub = GNUNET_CRYPTO_rsa_private_key_get_public (priv); |
93 | memset (&hmsg, 42, sizeof(hmsg)); | 93 | memset (&hmsg, 42, sizeof(hmsg)); |
94 | sig = GNUNET_CRYPTO_rsa_sign_fdh (priv, | 94 | sig = GNUNET_CRYPTO_rsa_sign_fdh (priv, |
95 | &hmsg); | 95 | &hmsg, |
96 | sizeof (hmsg)); | ||
96 | u16 = 16; | 97 | u16 = 16; |
97 | u32 = 32; | 98 | u32 = 32; |
98 | u64 = 64; | 99 | u64 = 64; |
diff --git a/src/lib/util/Makefile.am b/src/lib/util/Makefile.am index d1b6f8287..7ab6301f5 100644 --- a/src/lib/util/Makefile.am +++ b/src/lib/util/Makefile.am | |||
@@ -52,7 +52,7 @@ libgnunetutil_la_SOURCES = \ | |||
52 | container_multiuuidmap.c \ | 52 | container_multiuuidmap.c \ |
53 | container_multipeermap.c \ | 53 | container_multipeermap.c \ |
54 | container_multihashmap32.c \ | 54 | container_multihashmap32.c \ |
55 | crypto_symmetric.c \ | 55 | crypto_blind_sign.c \ |
56 | crypto_crc.c \ | 56 | crypto_crc.c \ |
57 | crypto_cs.c \ | 57 | crypto_cs.c \ |
58 | crypto_ecc.c \ | 58 | crypto_ecc.c \ |
@@ -70,6 +70,7 @@ libgnunetutil_la_SOURCES = \ | |||
70 | crypto_pow.c \ | 70 | crypto_pow.c \ |
71 | crypto_random.c \ | 71 | crypto_random.c \ |
72 | crypto_rsa.c \ | 72 | crypto_rsa.c \ |
73 | crypto_symmetric.c \ | ||
73 | disk.c \ | 74 | disk.c \ |
74 | disk.h \ | 75 | disk.h \ |
75 | dnsparser.c \ | 76 | dnsparser.c \ |
@@ -197,7 +198,7 @@ check_PROGRAMS = \ | |||
197 | test_container_multihashmap32 \ | 198 | test_container_multihashmap32 \ |
198 | test_container_multipeermap \ | 199 | test_container_multipeermap \ |
199 | test_container_heap \ | 200 | test_container_heap \ |
200 | test_crypto_symmetric \ | 201 | test_crypto_blind \ |
201 | test_crypto_crc \ | 202 | test_crypto_crc \ |
202 | test_crypto_cs \ | 203 | test_crypto_cs \ |
203 | test_crypto_ecdsa \ | 204 | test_crypto_ecdsa \ |
@@ -214,6 +215,7 @@ check_PROGRAMS = \ | |||
214 | test_crypto_paillier \ | 215 | test_crypto_paillier \ |
215 | test_crypto_random \ | 216 | test_crypto_random \ |
216 | test_crypto_rsa \ | 217 | test_crypto_rsa \ |
218 | test_crypto_symmetric \ | ||
217 | test_disk \ | 219 | test_disk \ |
218 | test_getopt \ | 220 | test_getopt \ |
219 | test_hexcoder \ | 221 | test_hexcoder \ |
@@ -346,6 +348,11 @@ test_container_heap_SOURCES = \ | |||
346 | test_container_heap_LDADD = \ | 348 | test_container_heap_LDADD = \ |
347 | libgnunetutil.la | 349 | libgnunetutil.la |
348 | 350 | ||
351 | test_crypto_blind_SOURCES = \ | ||
352 | test_crypto_blind.c | ||
353 | test_crypto_blind_LDADD = \ | ||
354 | libgnunetutil.la | ||
355 | |||
349 | test_crypto_symmetric_SOURCES = \ | 356 | test_crypto_symmetric_SOURCES = \ |
350 | test_crypto_symmetric.c | 357 | test_crypto_symmetric.c |
351 | test_crypto_symmetric_LDADD = \ | 358 | test_crypto_symmetric_LDADD = \ |
diff --git a/src/lib/util/crypto_blind_sign.c b/src/lib/util/crypto_blind_sign.c new file mode 100644 index 000000000..ac611cf4f --- /dev/null +++ b/src/lib/util/crypto_blind_sign.c | |||
@@ -0,0 +1,713 @@ | |||
1 | /* | ||
2 | This file is part of GNUNET | ||
3 | Copyright (C) 2021, 2022, 2023 GNUnet e.V. | ||
4 | |||
5 | GNUNET is free software; you can redistribute it and/or modify it under the | ||
6 | terms of the GNU General Public License as published by the Free Software | ||
7 | Foundation; either version 3, or (at your option) any later version. | ||
8 | |||
9 | GNUNET is distributed in the hope that it will be useful, but WITHOUT ANY | ||
10 | WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | ||
11 | A PARTICULAR PURPOSE. See the GNU General Public License for more details. | ||
12 | |||
13 | You should have received a copy of the GNU General Public License along with | ||
14 | GNUNET; see the file COPYING. If not, see <http://www.gnu.org/licenses/> | ||
15 | */ | ||
16 | /** | ||
17 | * @file crypto_blind_sign.c | ||
18 | * @brief blind signatures (abstraction over RSA or CS) | ||
19 | * @author Christian Grothoff | ||
20 | */ | ||
21 | #include "platform.h" | ||
22 | #include "gnunet_util_lib.h" | ||
23 | |||
24 | |||
25 | void | ||
26 | GNUNET_CRYPTO_blinding_input_values_decref ( | ||
27 | struct GNUNET_CRYPTO_BlindingInputValues *bm) | ||
28 | { | ||
29 | GNUNET_assert (bm->rc > 0); | ||
30 | bm->rc--; | ||
31 | if (0 != bm->rc) | ||
32 | return; | ||
33 | switch (bm->cipher) | ||
34 | { | ||
35 | case GNUNET_CRYPTO_BSA_INVALID: | ||
36 | GNUNET_break (0); | ||
37 | break; | ||
38 | case GNUNET_CRYPTO_BSA_RSA: | ||
39 | bm->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
40 | break; | ||
41 | case GNUNET_CRYPTO_BSA_CS: | ||
42 | bm->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
43 | break; | ||
44 | } | ||
45 | GNUNET_free (bm); | ||
46 | } | ||
47 | |||
48 | |||
49 | void | ||
50 | GNUNET_CRYPTO_blind_sign_priv_decref (struct | ||
51 | GNUNET_CRYPTO_BlindSignPrivateKey * | ||
52 | bsign_priv) | ||
53 | { | ||
54 | GNUNET_assert (bsign_priv->rc > 0); | ||
55 | bsign_priv->rc--; | ||
56 | if (0 != bsign_priv->rc) | ||
57 | return; | ||
58 | switch (bsign_priv->cipher) | ||
59 | { | ||
60 | case GNUNET_CRYPTO_BSA_INVALID: | ||
61 | GNUNET_break (0); | ||
62 | break; | ||
63 | case GNUNET_CRYPTO_BSA_RSA: | ||
64 | if (NULL != bsign_priv->details.rsa_private_key) | ||
65 | { | ||
66 | GNUNET_CRYPTO_rsa_private_key_free (bsign_priv->details.rsa_private_key); | ||
67 | bsign_priv->details.rsa_private_key = NULL; | ||
68 | } | ||
69 | bsign_priv->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
70 | break; | ||
71 | case GNUNET_CRYPTO_BSA_CS: | ||
72 | bsign_priv->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
73 | break; | ||
74 | } | ||
75 | GNUNET_free (bsign_priv); | ||
76 | } | ||
77 | |||
78 | |||
79 | void | ||
80 | GNUNET_CRYPTO_blind_sign_pub_decref (struct | ||
81 | GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) | ||
82 | { | ||
83 | GNUNET_assert (bsign_pub->rc > 0); | ||
84 | bsign_pub->rc--; | ||
85 | if (0 != bsign_pub->rc) | ||
86 | return; | ||
87 | switch (bsign_pub->cipher) | ||
88 | { | ||
89 | case GNUNET_CRYPTO_BSA_INVALID: | ||
90 | GNUNET_break (0); | ||
91 | break; | ||
92 | case GNUNET_CRYPTO_BSA_RSA: | ||
93 | if (NULL != bsign_pub->details.rsa_public_key) | ||
94 | { | ||
95 | GNUNET_CRYPTO_rsa_public_key_free (bsign_pub->details.rsa_public_key); | ||
96 | bsign_pub->details.rsa_public_key = NULL; | ||
97 | } | ||
98 | bsign_pub->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
99 | break; | ||
100 | case GNUNET_CRYPTO_BSA_CS: | ||
101 | break; | ||
102 | } | ||
103 | GNUNET_free (bsign_pub); | ||
104 | } | ||
105 | |||
106 | |||
107 | void | ||
108 | GNUNET_CRYPTO_unblinded_sig_decref (struct | ||
109 | GNUNET_CRYPTO_UnblindedSignature *ub_sig) | ||
110 | { | ||
111 | GNUNET_assert (ub_sig->rc > 0); | ||
112 | ub_sig->rc--; | ||
113 | if (0 != ub_sig->rc) | ||
114 | return; | ||
115 | switch (ub_sig->cipher) | ||
116 | { | ||
117 | case GNUNET_CRYPTO_BSA_INVALID: | ||
118 | GNUNET_break (0); | ||
119 | break; | ||
120 | case GNUNET_CRYPTO_BSA_RSA: | ||
121 | if (NULL != ub_sig->details.rsa_signature) | ||
122 | { | ||
123 | GNUNET_CRYPTO_rsa_signature_free (ub_sig->details.rsa_signature); | ||
124 | ub_sig->details.rsa_signature = NULL; | ||
125 | } | ||
126 | ub_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
127 | break; | ||
128 | case GNUNET_CRYPTO_BSA_CS: | ||
129 | ub_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
130 | break; | ||
131 | } | ||
132 | GNUNET_free (ub_sig); | ||
133 | } | ||
134 | |||
135 | |||
136 | void | ||
137 | GNUNET_CRYPTO_blinded_sig_decref ( | ||
138 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig) | ||
139 | { | ||
140 | GNUNET_assert (blind_sig->rc > 0); | ||
141 | blind_sig->rc--; | ||
142 | if (0 != blind_sig->rc) | ||
143 | return; | ||
144 | switch (blind_sig->cipher) | ||
145 | { | ||
146 | case GNUNET_CRYPTO_BSA_INVALID: | ||
147 | GNUNET_break (0); | ||
148 | break; | ||
149 | case GNUNET_CRYPTO_BSA_RSA: | ||
150 | if (NULL != blind_sig->details.blinded_rsa_signature) | ||
151 | { | ||
152 | GNUNET_CRYPTO_rsa_signature_free ( | ||
153 | blind_sig->details.blinded_rsa_signature); | ||
154 | blind_sig->details.blinded_rsa_signature = NULL; | ||
155 | } | ||
156 | blind_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
157 | break; | ||
158 | case GNUNET_CRYPTO_BSA_CS: | ||
159 | blind_sig->cipher = GNUNET_CRYPTO_BSA_INVALID; | ||
160 | break; | ||
161 | } | ||
162 | GNUNET_free (blind_sig); | ||
163 | } | ||
164 | |||
165 | |||
166 | void | ||
167 | GNUNET_CRYPTO_blinded_message_decref ( | ||
168 | struct GNUNET_CRYPTO_BlindedMessage *bm) | ||
169 | { | ||
170 | GNUNET_assert (bm->rc > 0); | ||
171 | bm->rc--; | ||
172 | if (0 != bm->rc) | ||
173 | return; | ||
174 | switch (bm->cipher) | ||
175 | { | ||
176 | case GNUNET_CRYPTO_BSA_INVALID: | ||
177 | GNUNET_break (0); | ||
178 | break; | ||
179 | case GNUNET_CRYPTO_BSA_RSA: | ||
180 | GNUNET_free (bm->details.rsa_blinded_message.blinded_msg); | ||
181 | break; | ||
182 | case GNUNET_CRYPTO_BSA_CS: | ||
183 | break; | ||
184 | } | ||
185 | GNUNET_free (bm); | ||
186 | } | ||
187 | |||
188 | |||
189 | struct GNUNET_CRYPTO_BlindedMessage * | ||
190 | GNUNET_CRYPTO_blinded_message_incref ( | ||
191 | struct GNUNET_CRYPTO_BlindedMessage *bm) | ||
192 | { | ||
193 | bm->rc++; | ||
194 | return bm; | ||
195 | } | ||
196 | |||
197 | |||
198 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
199 | GNUNET_CRYPTO_blinding_input_values_incref ( | ||
200 | struct GNUNET_CRYPTO_BlindingInputValues *bm) | ||
201 | { | ||
202 | bm->rc++; | ||
203 | return bm; | ||
204 | } | ||
205 | |||
206 | |||
207 | struct GNUNET_CRYPTO_BlindSignPublicKey * | ||
208 | GNUNET_CRYPTO_bsign_pub_incref ( | ||
209 | struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) | ||
210 | { | ||
211 | bsign_pub->rc++; | ||
212 | return bsign_pub; | ||
213 | } | ||
214 | |||
215 | |||
216 | struct GNUNET_CRYPTO_BlindSignPrivateKey * | ||
217 | GNUNET_CRYPTO_bsign_priv_incref ( | ||
218 | struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv) | ||
219 | { | ||
220 | bsign_priv->rc++; | ||
221 | return bsign_priv; | ||
222 | } | ||
223 | |||
224 | |||
225 | struct GNUNET_CRYPTO_UnblindedSignature * | ||
226 | GNUNET_CRYPTO_ub_sig_incref (struct GNUNET_CRYPTO_UnblindedSignature *ub_sig) | ||
227 | { | ||
228 | ub_sig->rc++; | ||
229 | return ub_sig; | ||
230 | } | ||
231 | |||
232 | |||
233 | struct GNUNET_CRYPTO_BlindedSignature * | ||
234 | GNUNET_CRYPTO_blind_sig_incref ( | ||
235 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig) | ||
236 | { | ||
237 | blind_sig->rc++; | ||
238 | return blind_sig; | ||
239 | } | ||
240 | |||
241 | |||
242 | int | ||
243 | GNUNET_CRYPTO_bsign_pub_cmp ( | ||
244 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bp1, | ||
245 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bp2) | ||
246 | { | ||
247 | if (bp1->cipher != bp2->cipher) | ||
248 | return (bp1->cipher > bp2->cipher) ? 1 : -1; | ||
249 | switch (bp1->cipher) | ||
250 | { | ||
251 | case GNUNET_CRYPTO_BSA_INVALID: | ||
252 | GNUNET_break (0); | ||
253 | return 0; | ||
254 | case GNUNET_CRYPTO_BSA_RSA: | ||
255 | return GNUNET_memcmp (&bp1->pub_key_hash, | ||
256 | &bp2->pub_key_hash); | ||
257 | case GNUNET_CRYPTO_BSA_CS: | ||
258 | return GNUNET_memcmp (&bp1->pub_key_hash, | ||
259 | &bp2->pub_key_hash); | ||
260 | } | ||
261 | GNUNET_assert (0); | ||
262 | return -2; | ||
263 | } | ||
264 | |||
265 | |||
266 | int | ||
267 | GNUNET_CRYPTO_ub_sig_cmp ( | ||
268 | const struct GNUNET_CRYPTO_UnblindedSignature *sig1, | ||
269 | const struct GNUNET_CRYPTO_UnblindedSignature *sig2) | ||
270 | { | ||
271 | if (sig1->cipher != sig2->cipher) | ||
272 | return (sig1->cipher > sig2->cipher) ? 1 : -1; | ||
273 | switch (sig1->cipher) | ||
274 | { | ||
275 | case GNUNET_CRYPTO_BSA_INVALID: | ||
276 | GNUNET_break (0); | ||
277 | return 0; | ||
278 | case GNUNET_CRYPTO_BSA_RSA: | ||
279 | return GNUNET_CRYPTO_rsa_signature_cmp (sig1->details.rsa_signature, | ||
280 | sig2->details.rsa_signature); | ||
281 | case GNUNET_CRYPTO_BSA_CS: | ||
282 | return GNUNET_memcmp (&sig1->details.cs_signature, | ||
283 | &sig2->details.cs_signature); | ||
284 | } | ||
285 | GNUNET_assert (0); | ||
286 | return -2; | ||
287 | } | ||
288 | |||
289 | |||
290 | int | ||
291 | GNUNET_CRYPTO_blind_sig_cmp ( | ||
292 | const struct GNUNET_CRYPTO_BlindedSignature *sig1, | ||
293 | const struct GNUNET_CRYPTO_BlindedSignature *sig2) | ||
294 | { | ||
295 | if (sig1->cipher != sig2->cipher) | ||
296 | return (sig1->cipher > sig2->cipher) ? 1 : -1; | ||
297 | switch (sig1->cipher) | ||
298 | { | ||
299 | case GNUNET_CRYPTO_BSA_INVALID: | ||
300 | GNUNET_break (0); | ||
301 | return 0; | ||
302 | case GNUNET_CRYPTO_BSA_RSA: | ||
303 | return GNUNET_CRYPTO_rsa_signature_cmp (sig1->details.blinded_rsa_signature, | ||
304 | sig2->details.blinded_rsa_signature); | ||
305 | case GNUNET_CRYPTO_BSA_CS: | ||
306 | return GNUNET_memcmp (&sig1->details.blinded_cs_answer, | ||
307 | &sig2->details.blinded_cs_answer); | ||
308 | } | ||
309 | GNUNET_assert (0); | ||
310 | return -2; | ||
311 | } | ||
312 | |||
313 | |||
314 | int | ||
315 | GNUNET_CRYPTO_blinded_message_cmp ( | ||
316 | const struct GNUNET_CRYPTO_BlindedMessage *bp1, | ||
317 | const struct GNUNET_CRYPTO_BlindedMessage *bp2) | ||
318 | { | ||
319 | if (bp1->cipher != bp2->cipher) | ||
320 | return (bp1->cipher > bp2->cipher) ? 1 : -1; | ||
321 | switch (bp1->cipher) | ||
322 | { | ||
323 | case GNUNET_CRYPTO_BSA_INVALID: | ||
324 | GNUNET_break (0); | ||
325 | return 0; | ||
326 | case GNUNET_CRYPTO_BSA_RSA: | ||
327 | if (bp1->details.rsa_blinded_message.blinded_msg_size != | ||
328 | bp2->details.rsa_blinded_message.blinded_msg_size) | ||
329 | return (bp1->details.rsa_blinded_message.blinded_msg_size > | ||
330 | bp2->details.rsa_blinded_message.blinded_msg_size) ? 1 : -1; | ||
331 | return memcmp (bp1->details.rsa_blinded_message.blinded_msg, | ||
332 | bp2->details.rsa_blinded_message.blinded_msg, | ||
333 | bp1->details.rsa_blinded_message.blinded_msg_size); | ||
334 | case GNUNET_CRYPTO_BSA_CS: | ||
335 | return GNUNET_memcmp (&bp1->details.cs_blinded_message, | ||
336 | &bp2->details.cs_blinded_message); | ||
337 | } | ||
338 | GNUNET_assert (0); | ||
339 | return -2; | ||
340 | } | ||
341 | |||
342 | |||
343 | enum GNUNET_GenericReturnValue | ||
344 | GNUNET_CRYPTO_blind_sign_keys_create ( | ||
345 | struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, | ||
346 | struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, | ||
347 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, | ||
348 | ...) | ||
349 | { | ||
350 | enum GNUNET_GenericReturnValue ret; | ||
351 | va_list ap; | ||
352 | |||
353 | va_start (ap, | ||
354 | cipher); | ||
355 | ret = GNUNET_CRYPTO_blind_sign_keys_create_va (bsign_priv, | ||
356 | bsign_pub, | ||
357 | cipher, | ||
358 | ap); | ||
359 | va_end (ap); | ||
360 | return ret; | ||
361 | } | ||
362 | |||
363 | |||
364 | enum GNUNET_GenericReturnValue | ||
365 | GNUNET_CRYPTO_blind_sign_keys_create_va ( | ||
366 | struct GNUNET_CRYPTO_BlindSignPrivateKey **bsign_priv, | ||
367 | struct GNUNET_CRYPTO_BlindSignPublicKey **bsign_pub, | ||
368 | enum GNUNET_CRYPTO_BlindSignatureAlgorithm cipher, | ||
369 | va_list ap) | ||
370 | { | ||
371 | struct GNUNET_CRYPTO_BlindSignPrivateKey *priv; | ||
372 | struct GNUNET_CRYPTO_BlindSignPublicKey *pub; | ||
373 | |||
374 | priv = GNUNET_new (struct GNUNET_CRYPTO_BlindSignPrivateKey); | ||
375 | priv->rc = 1; | ||
376 | priv->cipher = cipher; | ||
377 | *bsign_priv = priv; | ||
378 | pub = GNUNET_new (struct GNUNET_CRYPTO_BlindSignPublicKey); | ||
379 | pub->rc = 1; | ||
380 | pub->cipher = cipher; | ||
381 | *bsign_pub = pub; | ||
382 | switch (cipher) | ||
383 | { | ||
384 | case GNUNET_CRYPTO_BSA_INVALID: | ||
385 | GNUNET_break (0); | ||
386 | break; | ||
387 | case GNUNET_CRYPTO_BSA_RSA: | ||
388 | { | ||
389 | unsigned int bits; | ||
390 | |||
391 | bits = va_arg (ap, | ||
392 | unsigned int); | ||
393 | if (bits < 512) | ||
394 | { | ||
395 | GNUNET_break (0); | ||
396 | break; | ||
397 | } | ||
398 | priv->details.rsa_private_key | ||
399 | = GNUNET_CRYPTO_rsa_private_key_create (bits); | ||
400 | } | ||
401 | if (NULL == priv->details.rsa_private_key) | ||
402 | { | ||
403 | GNUNET_break (0); | ||
404 | break; | ||
405 | } | ||
406 | pub->details.rsa_public_key | ||
407 | = GNUNET_CRYPTO_rsa_private_key_get_public ( | ||
408 | priv->details.rsa_private_key); | ||
409 | GNUNET_CRYPTO_rsa_public_key_hash (pub->details.rsa_public_key, | ||
410 | &pub->pub_key_hash); | ||
411 | return GNUNET_OK; | ||
412 | case GNUNET_CRYPTO_BSA_CS: | ||
413 | GNUNET_CRYPTO_cs_private_key_generate (&priv->details.cs_private_key); | ||
414 | GNUNET_CRYPTO_cs_private_key_get_public ( | ||
415 | &priv->details.cs_private_key, | ||
416 | &pub->details.cs_public_key); | ||
417 | GNUNET_CRYPTO_hash (&pub->details.cs_public_key, | ||
418 | sizeof(pub->details.cs_public_key), | ||
419 | &pub->pub_key_hash); | ||
420 | return GNUNET_OK; | ||
421 | } | ||
422 | GNUNET_free (priv); | ||
423 | GNUNET_free (pub); | ||
424 | *bsign_priv = NULL; | ||
425 | *bsign_pub = NULL; | ||
426 | return GNUNET_SYSERR; | ||
427 | } | ||
428 | |||
429 | |||
430 | struct GNUNET_CRYPTO_BlindingInputValues * | ||
431 | GNUNET_CRYPTO_get_blinding_input_values ( | ||
432 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
433 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
434 | const char *salt) | ||
435 | { | ||
436 | struct GNUNET_CRYPTO_BlindingInputValues *biv; | ||
437 | |||
438 | biv = GNUNET_new (struct GNUNET_CRYPTO_BlindingInputValues); | ||
439 | biv->cipher = bsign_priv->cipher; | ||
440 | biv->rc = 1; | ||
441 | switch (bsign_priv->cipher) | ||
442 | { | ||
443 | case GNUNET_CRYPTO_BSA_INVALID: | ||
444 | GNUNET_break (0); | ||
445 | GNUNET_free (biv); | ||
446 | return NULL; | ||
447 | case GNUNET_CRYPTO_BSA_RSA: | ||
448 | return biv; | ||
449 | case GNUNET_CRYPTO_BSA_CS: | ||
450 | { | ||
451 | struct GNUNET_CRYPTO_CsRSecret cspriv[2]; | ||
452 | |||
453 | GNUNET_CRYPTO_cs_r_derive (&nonce->cs_nonce, | ||
454 | salt, | ||
455 | &bsign_priv->details.cs_private_key, | ||
456 | cspriv); | ||
457 | GNUNET_CRYPTO_cs_r_get_public (&cspriv[0], | ||
458 | &biv->details.cs_values.r_pub[0]); | ||
459 | GNUNET_CRYPTO_cs_r_get_public (&cspriv[1], | ||
460 | &biv->details.cs_values.r_pub[1]); | ||
461 | return biv; | ||
462 | } | ||
463 | } | ||
464 | GNUNET_break (0); | ||
465 | GNUNET_free (biv); | ||
466 | return NULL; | ||
467 | } | ||
468 | |||
469 | |||
470 | struct GNUNET_CRYPTO_BlindedMessage * | ||
471 | GNUNET_CRYPTO_message_blind_to_sign ( | ||
472 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | ||
473 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | ||
474 | const union GNUNET_CRYPTO_BlindSessionNonce *nonce, | ||
475 | const void *message, | ||
476 | size_t message_size, | ||
477 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values) | ||
478 | { | ||
479 | struct GNUNET_CRYPTO_BlindedMessage *bm; | ||
480 | |||
481 | bm = GNUNET_new (struct GNUNET_CRYPTO_BlindedMessage); | ||
482 | bm->cipher = bsign_pub->cipher; | ||
483 | bm->rc = 1; | ||
484 | switch (bsign_pub->cipher) | ||
485 | { | ||
486 | case GNUNET_CRYPTO_BSA_INVALID: | ||
487 | GNUNET_break (0); | ||
488 | GNUNET_free (bm); | ||
489 | return NULL; | ||
490 | case GNUNET_CRYPTO_BSA_RSA: | ||
491 | if (GNUNET_YES != | ||
492 | GNUNET_CRYPTO_rsa_blind ( | ||
493 | message, | ||
494 | message_size, | ||
495 | &bks->rsa_bks, | ||
496 | bsign_pub->details.rsa_public_key, | ||
497 | &bm->details.rsa_blinded_message)) | ||
498 | { | ||
499 | GNUNET_break (0); | ||
500 | GNUNET_free (bm); | ||
501 | return NULL; | ||
502 | } | ||
503 | return bm; | ||
504 | case GNUNET_CRYPTO_BSA_CS: | ||
505 | { | ||
506 | struct GNUNET_CRYPTO_CSPublicRPairP blinded_r_pub; | ||
507 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
508 | |||
509 | if (NULL == nonce) | ||
510 | { | ||
511 | GNUNET_break_op (0); | ||
512 | GNUNET_free (bm); | ||
513 | return NULL; | ||
514 | } | ||
515 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, | ||
516 | bs); | ||
517 | GNUNET_CRYPTO_cs_calc_blinded_c ( | ||
518 | bs, | ||
519 | alg_values->details.cs_values.r_pub, | ||
520 | &bsign_pub->details.cs_public_key, | ||
521 | message, | ||
522 | message_size, | ||
523 | bm->details.cs_blinded_message.c, | ||
524 | &blinded_r_pub); | ||
525 | bm->details.cs_blinded_message.nonce = nonce->cs_nonce; | ||
526 | (void) blinded_r_pub; | ||
527 | return bm; | ||
528 | } | ||
529 | } | ||
530 | GNUNET_break (0); | ||
531 | return NULL; | ||
532 | } | ||
533 | |||
534 | |||
535 | struct GNUNET_CRYPTO_BlindedSignature * | ||
536 | GNUNET_CRYPTO_blind_sign ( | ||
537 | const struct GNUNET_CRYPTO_BlindSignPrivateKey *bsign_priv, | ||
538 | const char *salt, | ||
539 | const struct GNUNET_CRYPTO_BlindedMessage *blinded_message) | ||
540 | { | ||
541 | struct GNUNET_CRYPTO_BlindedSignature *blind_sig; | ||
542 | |||
543 | if (blinded_message->cipher != bsign_priv->cipher) | ||
544 | { | ||
545 | GNUNET_break (0); | ||
546 | return NULL; | ||
547 | } | ||
548 | |||
549 | blind_sig = GNUNET_new (struct GNUNET_CRYPTO_BlindedSignature); | ||
550 | blind_sig->cipher = bsign_priv->cipher; | ||
551 | blind_sig->rc = 1; | ||
552 | switch (bsign_priv->cipher) | ||
553 | { | ||
554 | case GNUNET_CRYPTO_BSA_INVALID: | ||
555 | GNUNET_break (0); | ||
556 | GNUNET_free (blind_sig); | ||
557 | return NULL; | ||
558 | case GNUNET_CRYPTO_BSA_RSA: | ||
559 | blind_sig->details.blinded_rsa_signature | ||
560 | = GNUNET_CRYPTO_rsa_sign_blinded ( | ||
561 | bsign_priv->details.rsa_private_key, | ||
562 | &blinded_message->details.rsa_blinded_message); | ||
563 | if (NULL == blind_sig->details.blinded_rsa_signature) | ||
564 | { | ||
565 | GNUNET_break (0); | ||
566 | GNUNET_free (blind_sig); | ||
567 | return NULL; | ||
568 | } | ||
569 | return blind_sig; | ||
570 | case GNUNET_CRYPTO_BSA_CS: | ||
571 | { | ||
572 | struct GNUNET_CRYPTO_CsRSecret r[2]; | ||
573 | |||
574 | GNUNET_CRYPTO_cs_r_derive ( | ||
575 | &blinded_message->details.cs_blinded_message.nonce, | ||
576 | salt, | ||
577 | &bsign_priv->details.cs_private_key, | ||
578 | r); | ||
579 | GNUNET_CRYPTO_cs_sign_derive ( | ||
580 | &bsign_priv->details.cs_private_key, | ||
581 | r, | ||
582 | &blinded_message->details.cs_blinded_message, | ||
583 | &blind_sig->details.blinded_cs_answer); | ||
584 | } | ||
585 | return blind_sig; | ||
586 | } | ||
587 | GNUNET_break (0); | ||
588 | return NULL; | ||
589 | } | ||
590 | |||
591 | |||
592 | struct GNUNET_CRYPTO_UnblindedSignature * | ||
593 | GNUNET_CRYPTO_blind_sig_unblind ( | ||
594 | const struct GNUNET_CRYPTO_BlindedSignature *blinded_sig, | ||
595 | const union GNUNET_CRYPTO_BlindingSecretP *bks, | ||
596 | const void *message, | ||
597 | size_t message_size, | ||
598 | const struct GNUNET_CRYPTO_BlindingInputValues *alg_values, | ||
599 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub) | ||
600 | { | ||
601 | struct GNUNET_CRYPTO_UnblindedSignature *ub_sig; | ||
602 | |||
603 | if (blinded_sig->cipher != bsign_pub->cipher) | ||
604 | { | ||
605 | GNUNET_break (0); | ||
606 | return NULL; | ||
607 | } | ||
608 | if (blinded_sig->cipher != alg_values->cipher) | ||
609 | { | ||
610 | GNUNET_break (0); | ||
611 | return NULL; | ||
612 | } | ||
613 | ub_sig = GNUNET_new (struct GNUNET_CRYPTO_UnblindedSignature); | ||
614 | ub_sig->cipher = blinded_sig->cipher; | ||
615 | ub_sig->rc = 1; | ||
616 | switch (bsign_pub->cipher) | ||
617 | { | ||
618 | case GNUNET_CRYPTO_BSA_INVALID: | ||
619 | GNUNET_break (0); | ||
620 | GNUNET_free (ub_sig); | ||
621 | return NULL; | ||
622 | case GNUNET_CRYPTO_BSA_RSA: | ||
623 | ub_sig->details.rsa_signature | ||
624 | = GNUNET_CRYPTO_rsa_unblind ( | ||
625 | blinded_sig->details.blinded_rsa_signature, | ||
626 | &bks->rsa_bks, | ||
627 | bsign_pub->details.rsa_public_key); | ||
628 | if (NULL == ub_sig->details.rsa_signature) | ||
629 | { | ||
630 | GNUNET_break (0); | ||
631 | GNUNET_free (ub_sig); | ||
632 | return NULL; | ||
633 | } | ||
634 | return ub_sig; | ||
635 | case GNUNET_CRYPTO_BSA_CS: | ||
636 | { | ||
637 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]; | ||
638 | struct GNUNET_CRYPTO_CsC c[2]; | ||
639 | struct GNUNET_CRYPTO_CSPublicRPairP r_pub_blind; | ||
640 | unsigned int b; | ||
641 | |||
642 | GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, | ||
643 | bs); | ||
644 | GNUNET_CRYPTO_cs_calc_blinded_c ( | ||
645 | bs, | ||
646 | alg_values->details.cs_values.r_pub, | ||
647 | &bsign_pub->details.cs_public_key, | ||
648 | message, | ||
649 | message_size, | ||
650 | c, | ||
651 | &r_pub_blind); | ||
652 | b = blinded_sig->details.blinded_cs_answer.b; | ||
653 | ub_sig->details.cs_signature.r_point | ||
654 | = r_pub_blind.r_pub[b]; | ||
655 | GNUNET_CRYPTO_cs_unblind ( | ||
656 | &blinded_sig->details.blinded_cs_answer.s_scalar, | ||
657 | &bs[b], | ||
658 | &ub_sig->details.cs_signature.s_scalar); | ||
659 | return ub_sig; | ||
660 | } | ||
661 | } | ||
662 | GNUNET_break (0); | ||
663 | GNUNET_free (ub_sig); | ||
664 | return NULL; | ||
665 | } | ||
666 | |||
667 | |||
668 | enum GNUNET_GenericReturnValue | ||
669 | GNUNET_CRYPTO_blind_sig_verify ( | ||
670 | const struct GNUNET_CRYPTO_BlindSignPublicKey *bsign_pub, | ||
671 | const struct GNUNET_CRYPTO_UnblindedSignature *ub_sig, | ||
672 | const void *message, | ||
673 | size_t message_size) | ||
674 | { | ||
675 | if (bsign_pub->cipher != ub_sig->cipher) | ||
676 | { | ||
677 | GNUNET_break (0); | ||
678 | return GNUNET_SYSERR; | ||
679 | } | ||
680 | switch (bsign_pub->cipher) | ||
681 | { | ||
682 | case GNUNET_CRYPTO_BSA_INVALID: | ||
683 | GNUNET_break (0); | ||
684 | return GNUNET_NO; | ||
685 | case GNUNET_CRYPTO_BSA_RSA: | ||
686 | if (GNUNET_OK != | ||
687 | GNUNET_CRYPTO_rsa_verify (message, | ||
688 | message_size, | ||
689 | ub_sig->details.rsa_signature, | ||
690 | bsign_pub->details.rsa_public_key)) | ||
691 | { | ||
692 | GNUNET_break_op (0); | ||
693 | return GNUNET_NO; | ||
694 | } | ||
695 | return GNUNET_YES; | ||
696 | case GNUNET_CRYPTO_BSA_CS: | ||
697 | if (GNUNET_OK != | ||
698 | GNUNET_CRYPTO_cs_verify (&ub_sig->details.cs_signature, | ||
699 | &bsign_pub->details.cs_public_key, | ||
700 | message, | ||
701 | message_size)) | ||
702 | { | ||
703 | GNUNET_break_op (0); | ||
704 | return GNUNET_NO; | ||
705 | } | ||
706 | return GNUNET_YES; | ||
707 | } | ||
708 | GNUNET_break (0); | ||
709 | return GNUNET_NO; | ||
710 | } | ||
711 | |||
712 | |||
713 | /* end of crypto_blind_sign.c */ | ||
diff --git a/src/lib/util/crypto_cs.c b/src/lib/util/crypto_cs.c index 8506c7fa6..049f63062 100644 --- a/src/lib/util/crypto_cs.c +++ b/src/lib/util/crypto_cs.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of GNUnet | 2 | This file is part of GNUnet |
3 | Copyright (C) 2014,2016,2019 GNUnet e.V. | 3 | Copyright (C) 2014,2016,2019, 2023 GNUnet e.V. |
4 | 4 | ||
5 | GNUnet is free software: you can redistribute it and/or modify it | 5 | GNUnet is free software: you can redistribute it and/or modify it |
6 | under the terms of the GNU Affero General Public License as published | 6 | under the terms of the GNU Affero General Public License as published |
@@ -53,8 +53,9 @@ GNUNET_CRYPTO_cs_private_key_get_public ( | |||
53 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, | 53 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
54 | struct GNUNET_CRYPTO_CsPublicKey *pub) | 54 | struct GNUNET_CRYPTO_CsPublicKey *pub) |
55 | { | 55 | { |
56 | GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (pub->point.y, | 56 | GNUNET_assert (0 == |
57 | priv->scalar.d)); | 57 | crypto_scalarmult_ed25519_base_noclamp (pub->point.y, |
58 | priv->scalar.d)); | ||
58 | } | 59 | } |
59 | 60 | ||
60 | 61 | ||
@@ -75,7 +76,7 @@ map_to_scalar_subgroup (struct GNUNET_CRYPTO_Cs25519Scalar *scalar) | |||
75 | 76 | ||
76 | 77 | ||
77 | void | 78 | void |
78 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | 79 | GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsSessionNonce *nonce, |
79 | const char *seed, | 80 | const char *seed, |
80 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, | 81 | const struct GNUNET_CRYPTO_CsPrivateKey *lts, |
81 | struct GNUNET_CRYPTO_CsRSecret r[2]) | 82 | struct GNUNET_CRYPTO_CsRSecret r[2]) |
@@ -84,7 +85,7 @@ GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, | |||
84 | GNUNET_YES == | 85 | GNUNET_YES == |
85 | GNUNET_CRYPTO_kdf ( | 86 | GNUNET_CRYPTO_kdf ( |
86 | r, sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2, | 87 | r, sizeof (struct GNUNET_CRYPTO_CsRSecret) * 2, |
87 | seed, strlen (seed), | 88 | seed, strlen (seed), |
88 | lts, sizeof (*lts), | 89 | lts, sizeof (*lts), |
89 | nonce, sizeof (*nonce), | 90 | nonce, sizeof (*nonce), |
90 | NULL, 0)); | 91 | NULL, 0)); |
@@ -97,14 +98,15 @@ void | |||
97 | GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, | 98 | GNUNET_CRYPTO_cs_r_get_public (const struct GNUNET_CRYPTO_CsRSecret *r_priv, |
98 | struct GNUNET_CRYPTO_CsRPublic *r_pub) | 99 | struct GNUNET_CRYPTO_CsRPublic *r_pub) |
99 | { | 100 | { |
100 | GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y, | 101 | GNUNET_assert (0 == |
101 | r_priv->scalar.d)); | 102 | crypto_scalarmult_ed25519_base_noclamp (r_pub->point.y, |
103 | r_priv->scalar.d)); | ||
102 | } | 104 | } |
103 | 105 | ||
104 | 106 | ||
105 | void | 107 | void |
106 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( | 108 | GNUNET_CRYPTO_cs_blinding_secrets_derive ( |
107 | const struct GNUNET_CRYPTO_CsNonce *blind_seed, | 109 | const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, |
108 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) | 110 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) |
109 | { | 111 | { |
110 | GNUNET_assert ( | 112 | GNUNET_assert ( |
@@ -156,8 +158,12 @@ cs_full_domain_hash (const struct GNUNET_CRYPTO_CsRPublic *r_dash, | |||
156 | // SHA-512 hash of R' and message | 158 | // SHA-512 hash of R' and message |
157 | size_t r_m_concat_len = sizeof(struct GNUNET_CRYPTO_CsRPublic) + msg_len; | 159 | size_t r_m_concat_len = sizeof(struct GNUNET_CRYPTO_CsRPublic) + msg_len; |
158 | char r_m_concat[r_m_concat_len]; | 160 | char r_m_concat[r_m_concat_len]; |
159 | memcpy (r_m_concat, r_dash, sizeof(struct GNUNET_CRYPTO_CsRPublic)); | 161 | memcpy (r_m_concat, |
160 | memcpy (r_m_concat + sizeof(struct GNUNET_CRYPTO_CsRPublic), msg, msg_len); | 162 | r_dash, |
163 | sizeof(struct GNUNET_CRYPTO_CsRPublic)); | ||
164 | memcpy (r_m_concat + sizeof(struct GNUNET_CRYPTO_CsRPublic), | ||
165 | msg, | ||
166 | msg_len); | ||
161 | struct GNUNET_HashCode prehash; | 167 | struct GNUNET_HashCode prehash; |
162 | 168 | ||
163 | GNUNET_CRYPTO_hash (r_m_concat, | 169 | GNUNET_CRYPTO_hash (r_m_concat, |
@@ -208,22 +214,26 @@ calc_r_dash (const struct GNUNET_CRYPTO_CsBlindingSecret *bs, | |||
208 | { | 214 | { |
209 | // R'i = Ri + alpha i*G + beta i*pub | 215 | // R'i = Ri + alpha i*G + beta i*pub |
210 | struct GNUNET_CRYPTO_Cs25519Point alpha_mul_base; | 216 | struct GNUNET_CRYPTO_Cs25519Point alpha_mul_base; |
211 | GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp ( | 217 | GNUNET_assert (0 == |
218 | crypto_scalarmult_ed25519_base_noclamp ( | ||
212 | alpha_mul_base.y, | 219 | alpha_mul_base.y, |
213 | bs->alpha.d)); | 220 | bs->alpha.d)); |
214 | struct GNUNET_CRYPTO_Cs25519Point beta_mul_pub; | 221 | struct GNUNET_CRYPTO_Cs25519Point beta_mul_pub; |
215 | GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp (beta_mul_pub.y, | 222 | GNUNET_assert (0 == |
216 | bs->beta.d, | 223 | crypto_scalarmult_ed25519_noclamp ( |
217 | pub->point.y)); | 224 | beta_mul_pub.y, |
225 | bs->beta.d, | ||
226 | pub->point.y)); | ||
218 | struct GNUNET_CRYPTO_Cs25519Point alpha_mul_base_plus_beta_mul_pub; | 227 | struct GNUNET_CRYPTO_Cs25519Point alpha_mul_base_plus_beta_mul_pub; |
219 | GNUNET_assert (0 == crypto_core_ed25519_add ( | 228 | GNUNET_assert (0 == crypto_core_ed25519_add ( |
220 | alpha_mul_base_plus_beta_mul_pub.y, | 229 | alpha_mul_base_plus_beta_mul_pub.y, |
221 | alpha_mul_base.y, | 230 | alpha_mul_base.y, |
222 | beta_mul_pub.y)); | 231 | beta_mul_pub.y)); |
223 | GNUNET_assert (0 == crypto_core_ed25519_add (blinded_r_pub->point.y, | 232 | GNUNET_assert (0 == |
224 | r_pub->point.y, | 233 | crypto_core_ed25519_add ( |
225 | alpha_mul_base_plus_beta_mul_pub. | 234 | blinded_r_pub->point.y, |
226 | y)); | 235 | r_pub->point.y, |
236 | alpha_mul_base_plus_beta_mul_pub.y)); | ||
227 | } | 237 | } |
228 | 238 | ||
229 | 239 | ||
@@ -235,19 +245,33 @@ GNUNET_CRYPTO_cs_calc_blinded_c ( | |||
235 | const void *msg, | 245 | const void *msg, |
236 | size_t msg_len, | 246 | size_t msg_len, |
237 | struct GNUNET_CRYPTO_CsC blinded_c[2], | 247 | struct GNUNET_CRYPTO_CsC blinded_c[2], |
238 | struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2]) | 248 | struct GNUNET_CRYPTO_CSPublicRPairP *r_pub_blind) |
239 | { | 249 | { |
240 | // for i 0/1: R'i = Ri + alpha i*G + beta i*pub | 250 | /* for i 0/1: R'i = Ri + alpha i*G + beta i*pub */ |
241 | calc_r_dash (&bs[0], &r_pub[0], pub, &blinded_r_pub[0]); | 251 | calc_r_dash (&bs[0], |
242 | calc_r_dash (&bs[1], &r_pub[1], pub, &blinded_r_pub[1]); | 252 | &r_pub[0], |
243 | 253 | pub, | |
244 | // for i 0/1: c'i = H(R'i, msg) | 254 | &r_pub_blind->r_pub[0]); |
255 | calc_r_dash (&bs[1], | ||
256 | &r_pub[1], | ||
257 | pub, | ||
258 | &r_pub_blind->r_pub[1]); | ||
259 | |||
260 | /* for i 0/1: c'i = H(R'i, msg) */ | ||
245 | struct GNUNET_CRYPTO_CsC c_dash_0; | 261 | struct GNUNET_CRYPTO_CsC c_dash_0; |
246 | struct GNUNET_CRYPTO_CsC c_dash_1; | 262 | struct GNUNET_CRYPTO_CsC c_dash_1; |
247 | cs_full_domain_hash (&blinded_r_pub[0], msg, msg_len, pub, &c_dash_0); | 263 | cs_full_domain_hash (&r_pub_blind->r_pub[0], |
248 | cs_full_domain_hash (&blinded_r_pub[1], msg, msg_len, pub, &c_dash_1); | 264 | msg, |
265 | msg_len, | ||
266 | pub, | ||
267 | &c_dash_0); | ||
268 | cs_full_domain_hash (&r_pub_blind->r_pub[1], | ||
269 | msg, | ||
270 | msg_len, | ||
271 | pub, | ||
272 | &c_dash_1); | ||
249 | 273 | ||
250 | // for i 0/1: ci = c'i + beta i mod p | 274 | /* for i 0/1: ci = c'i + beta i mod p */ |
251 | crypto_core_ed25519_scalar_add (blinded_c[0].scalar.d, | 275 | crypto_core_ed25519_scalar_add (blinded_c[0].scalar.d, |
252 | c_dash_0.scalar.d, | 276 | c_dash_0.scalar.d, |
253 | bs[0].beta.d); | 277 | bs[0].beta.d); |
@@ -257,17 +281,17 @@ GNUNET_CRYPTO_cs_calc_blinded_c ( | |||
257 | } | 281 | } |
258 | 282 | ||
259 | 283 | ||
260 | unsigned int | 284 | void |
261 | GNUNET_CRYPTO_cs_sign_derive ( | 285 | GNUNET_CRYPTO_cs_sign_derive ( |
262 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, | 286 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
263 | const struct GNUNET_CRYPTO_CsRSecret r[2], | 287 | const struct GNUNET_CRYPTO_CsRSecret r[2], |
264 | const struct GNUNET_CRYPTO_CsC c[2], | 288 | const struct GNUNET_CRYPTO_CsBlindedMessage *bm, |
265 | const struct GNUNET_CRYPTO_CsNonce *nonce, | 289 | struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig) |
266 | struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar) | ||
267 | { | 290 | { |
291 | struct GNUNET_CRYPTO_Cs25519Scalar c_b_mul_priv; | ||
268 | uint32_t hkdf_out; | 292 | uint32_t hkdf_out; |
269 | 293 | ||
270 | // derive clause session identifier b (random bit) | 294 | /* derive clause session identifier b (random bit) */ |
271 | GNUNET_assert (GNUNET_YES == | 295 | GNUNET_assert (GNUNET_YES == |
272 | GNUNET_CRYPTO_hkdf (&hkdf_out, | 296 | GNUNET_CRYPTO_hkdf (&hkdf_out, |
273 | sizeof (hkdf_out), | 297 | sizeof (hkdf_out), |
@@ -277,22 +301,19 @@ GNUNET_CRYPTO_cs_sign_derive ( | |||
277 | strlen ("b"), | 301 | strlen ("b"), |
278 | priv, | 302 | priv, |
279 | sizeof (*priv), | 303 | sizeof (*priv), |
280 | nonce, | 304 | &bm->nonce, |
281 | sizeof (*nonce), | 305 | sizeof (bm->nonce), |
282 | NULL, | 306 | NULL, |
283 | 0)); | 307 | 0)); |
284 | unsigned int b = hkdf_out % 2; | 308 | cs_blind_sig->b = hkdf_out % 2; |
285 | 309 | ||
286 | // s = r_b + c_b priv | 310 | /* s = r_b + c_b * priv */ |
287 | struct GNUNET_CRYPTO_Cs25519Scalar c_b_mul_priv; | ||
288 | crypto_core_ed25519_scalar_mul (c_b_mul_priv.d, | 311 | crypto_core_ed25519_scalar_mul (c_b_mul_priv.d, |
289 | c[b].scalar.d, | 312 | bm->c[cs_blind_sig->b].scalar.d, |
290 | priv->scalar.d); | 313 | priv->scalar.d); |
291 | crypto_core_ed25519_scalar_add (blinded_signature_scalar->scalar.d, | 314 | crypto_core_ed25519_scalar_add (cs_blind_sig->s_scalar.scalar.d, |
292 | r[b].scalar.d, | 315 | r[cs_blind_sig->b].scalar.d, |
293 | c_b_mul_priv.d); | 316 | c_b_mul_priv.d); |
294 | |||
295 | return b; | ||
296 | } | 317 | } |
297 | 318 | ||
298 | 319 | ||
@@ -325,7 +346,8 @@ GNUNET_CRYPTO_cs_verify (const struct GNUNET_CRYPTO_CsSignature *sig, | |||
325 | 346 | ||
326 | // s'G ?= R' + c' pub | 347 | // s'G ?= R' + c' pub |
327 | struct GNUNET_CRYPTO_Cs25519Point sig_scal_mul_base; | 348 | struct GNUNET_CRYPTO_Cs25519Point sig_scal_mul_base; |
328 | GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp ( | 349 | GNUNET_assert (0 == |
350 | crypto_scalarmult_ed25519_base_noclamp ( | ||
329 | sig_scal_mul_base.y, | 351 | sig_scal_mul_base.y, |
330 | sig->s_scalar.scalar.d)); | 352 | sig->s_scalar.scalar.d)); |
331 | struct GNUNET_CRYPTO_Cs25519Point c_dash_mul_pub; | 353 | struct GNUNET_CRYPTO_Cs25519Point c_dash_mul_pub; |
diff --git a/src/lib/util/crypto_rsa.c b/src/lib/util/crypto_rsa.c index 2c446d21a..aeae3de8f 100644 --- a/src/lib/util/crypto_rsa.c +++ b/src/lib/util/crypto_rsa.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of GNUnet | 2 | This file is part of GNUnet |
3 | Copyright (C) 2014,2016,2019 GNUnet e.V. | 3 | Copyright (C) 2014,2016,2019,2023 GNUnet e.V. |
4 | 4 | ||
5 | GNUnet is free software: you can redistribute it and/or modify it | 5 | GNUnet is free software: you can redistribute it and/or modify it |
6 | under the terms of the GNU Affero General Public License as published | 6 | under the terms of the GNU Affero General Public License as published |
@@ -178,9 +178,9 @@ GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key) | |||
178 | 178 | ||
179 | 179 | ||
180 | size_t | 180 | size_t |
181 | GNUNET_CRYPTO_rsa_private_key_encode (const struct | 181 | GNUNET_CRYPTO_rsa_private_key_encode ( |
182 | GNUNET_CRYPTO_RsaPrivateKey *key, | 182 | const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
183 | void **buffer) | 183 | void **buffer) |
184 | { | 184 | { |
185 | size_t n; | 185 | size_t n; |
186 | char *b; | 186 | char *b; |
@@ -745,24 +745,33 @@ numeric_mpi_alloc_n_print (gcry_mpi_t v, | |||
745 | * https://eprint.iacr.org/2001/002.pdf | 745 | * https://eprint.iacr.org/2001/002.pdf |
746 | * http://www.di.ens.fr/~pointche/Documents/Papers/2001_fcA.pdf | 746 | * http://www.di.ens.fr/~pointche/Documents/Papers/2001_fcA.pdf |
747 | * | 747 | * |
748 | * @param hash initial hash of the message to sign | 748 | * @param message the message to sign |
749 | * @param message_size number of bytes in @a message | ||
749 | * @param pkey the public key of the signer | 750 | * @param pkey the public key of the signer |
750 | * @param rsize If not NULL, the number of bytes actually stored in buffer | 751 | * @param rsize If not NULL, the number of bytes actually stored in buffer |
751 | * @return MPI value set to the FDH, NULL if RSA key is malicious | 752 | * @return MPI value set to the FDH, NULL if RSA key is malicious |
752 | */ | 753 | */ |
753 | static gcry_mpi_t | 754 | static gcry_mpi_t |
754 | rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | 755 | rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, |
755 | const struct GNUNET_HashCode *hash) | 756 | const void *message, |
757 | size_t message_size) | ||
756 | { | 758 | { |
757 | gcry_mpi_t r, n; | 759 | gcry_mpi_t r; |
760 | gcry_mpi_t n; | ||
758 | void *xts; | 761 | void *xts; |
759 | size_t xts_len; | 762 | size_t xts_len; |
760 | int ok; | 763 | int ok; |
761 | 764 | ||
762 | /* Extract the composite n from the RSA public key */ | 765 | /* Extract the composite n from the RSA public key */ |
763 | GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n")); | 766 | GNUNET_assert (0 == |
767 | key_from_sexp (&n, | ||
768 | pkey->sexp, | ||
769 | "rsa", | ||
770 | "n")); | ||
764 | /* Assert that it at least looks like an RSA key */ | 771 | /* Assert that it at least looks like an RSA key */ |
765 | GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE)); | 772 | GNUNET_assert (0 == |
773 | gcry_mpi_get_flag (n, | ||
774 | GCRYMPI_FLAG_OPAQUE)); | ||
766 | 775 | ||
767 | /* We key with the public denomination key as a homage to RSA-PSS by * | 776 | /* We key with the public denomination key as a homage to RSA-PSS by * |
768 | * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree * | 777 | * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree * |
@@ -774,7 +783,7 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | |||
774 | GNUNET_CRYPTO_kdf_mod_mpi (&r, | 783 | GNUNET_CRYPTO_kdf_mod_mpi (&r, |
775 | n, | 784 | n, |
776 | xts, xts_len, | 785 | xts, xts_len, |
777 | hash, sizeof(*hash), | 786 | message, message_size, |
778 | "RSA-FDA FTpsW!"); | 787 | "RSA-FDA FTpsW!"); |
779 | GNUNET_free (xts); | 788 | GNUNET_free (xts); |
780 | ok = rsa_gcd_validate (r, n); | 789 | ok = rsa_gcd_validate (r, n); |
@@ -786,12 +795,20 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | |||
786 | } | 795 | } |
787 | 796 | ||
788 | 797 | ||
798 | void | ||
799 | GNUNET_CRYPTO_rsa_blinded_message_free ( | ||
800 | struct GNUNET_CRYPTO_RsaBlindedMessage *bm) | ||
801 | { | ||
802 | GNUNET_free (bm->blinded_msg); | ||
803 | } | ||
804 | |||
805 | |||
789 | enum GNUNET_GenericReturnValue | 806 | enum GNUNET_GenericReturnValue |
790 | GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, | 807 | GNUNET_CRYPTO_rsa_blind (const void *message, |
808 | size_t message_size, | ||
791 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, | 809 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, |
792 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, | 810 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, |
793 | void **buf, | 811 | struct GNUNET_CRYPTO_RsaBlindedMessage *bm) |
794 | size_t *buf_size) | ||
795 | { | 812 | { |
796 | struct RsaBlindingKey *bkey; | 813 | struct RsaBlindingKey *bkey; |
797 | gcry_mpi_t data; | 814 | gcry_mpi_t data; |
@@ -801,31 +818,36 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, | |||
801 | int ret; | 818 | int ret; |
802 | 819 | ||
803 | BENCHMARK_START (rsa_blind); | 820 | BENCHMARK_START (rsa_blind); |
804 | 821 | ret = key_from_sexp (ne, | |
805 | GNUNET_assert (buf != NULL); | 822 | pkey->sexp, |
806 | GNUNET_assert (buf_size != NULL); | 823 | "public-key", |
807 | ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne"); | 824 | "ne"); |
808 | if (0 != ret) | 825 | if (0 != ret) |
809 | ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne"); | 826 | ret = key_from_sexp (ne, |
827 | pkey->sexp, | ||
828 | "rsa", | ||
829 | "ne"); | ||
810 | if (0 != ret) | 830 | if (0 != ret) |
811 | { | 831 | { |
812 | GNUNET_break (0); | 832 | GNUNET_break (0); |
813 | *buf = NULL; | 833 | bm->blinded_msg = NULL; |
814 | *buf_size = 0; | 834 | bm->blinded_msg_size = 0; |
835 | BENCHMARK_END (rsa_blind); | ||
815 | return GNUNET_NO; | 836 | return GNUNET_NO; |
816 | } | 837 | } |
817 | 838 | ||
818 | data = rsa_full_domain_hash (pkey, hash); | 839 | data = rsa_full_domain_hash (pkey, |
840 | message, | ||
841 | message_size); | ||
819 | if (NULL == data) | 842 | if (NULL == data) |
820 | goto rsa_gcd_validate_failure; | 843 | goto rsa_gcd_validate_failure; |
821 | 844 | bkey = rsa_blinding_key_derive (pkey, | |
822 | bkey = rsa_blinding_key_derive (pkey, bks); | 845 | bks); |
823 | if (NULL == bkey) | 846 | if (NULL == bkey) |
824 | { | 847 | { |
825 | gcry_mpi_release (data); | 848 | gcry_mpi_release (data); |
826 | goto rsa_gcd_validate_failure; | 849 | goto rsa_gcd_validate_failure; |
827 | } | 850 | } |
828 | |||
829 | r_e = gcry_mpi_new (0); | 851 | r_e = gcry_mpi_new (0); |
830 | gcry_mpi_powm (r_e, | 852 | gcry_mpi_powm (r_e, |
831 | bkey->r, | 853 | bkey->r, |
@@ -842,12 +864,12 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, | |||
842 | gcry_mpi_release (r_e); | 864 | gcry_mpi_release (r_e); |
843 | rsa_blinding_key_free (bkey); | 865 | rsa_blinding_key_free (bkey); |
844 | 866 | ||
845 | *buf_size = numeric_mpi_alloc_n_print (data_r_e, | 867 | bm->blinded_msg_size |
846 | (char **) buf); | 868 | = numeric_mpi_alloc_n_print (data_r_e, |
869 | (char **) &bm->blinded_msg); | ||
847 | gcry_mpi_release (data_r_e); | 870 | gcry_mpi_release (data_r_e); |
848 | 871 | ||
849 | BENCHMARK_END (rsa_blind); | 872 | BENCHMARK_END (rsa_blind); |
850 | |||
851 | return GNUNET_YES; | 873 | return GNUNET_YES; |
852 | 874 | ||
853 | rsa_gcd_validate_failure: | 875 | rsa_gcd_validate_failure: |
@@ -855,8 +877,9 @@ rsa_gcd_validate_failure: | |||
855 | /* GNUNET_break_op (0); */ | 877 | /* GNUNET_break_op (0); */ |
856 | gcry_mpi_release (ne[0]); | 878 | gcry_mpi_release (ne[0]); |
857 | gcry_mpi_release (ne[1]); | 879 | gcry_mpi_release (ne[1]); |
858 | *buf = NULL; | 880 | bm->blinded_msg = NULL; |
859 | *buf_size = 0; | 881 | bm->blinded_msg_size = 0; |
882 | BENCHMARK_END (rsa_blind); | ||
860 | return GNUNET_NO; | 883 | return GNUNET_NO; |
861 | } | 884 | } |
862 | 885 | ||
@@ -945,22 +968,20 @@ rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
945 | 968 | ||
946 | struct GNUNET_CRYPTO_RsaSignature * | 969 | struct GNUNET_CRYPTO_RsaSignature * |
947 | GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 970 | GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
948 | const void *msg, | 971 | const struct GNUNET_CRYPTO_RsaBlindedMessage *bm) |
949 | size_t msg_len) | ||
950 | { | 972 | { |
951 | gcry_mpi_t v = NULL; | 973 | gcry_mpi_t v = NULL; |
952 | struct GNUNET_CRYPTO_RsaSignature *sig; | 974 | struct GNUNET_CRYPTO_RsaSignature *sig; |
953 | 975 | ||
954 | BENCHMARK_START (rsa_sign_blinded); | 976 | BENCHMARK_START (rsa_sign_blinded); |
955 | |||
956 | GNUNET_assert (0 == | 977 | GNUNET_assert (0 == |
957 | gcry_mpi_scan (&v, | 978 | gcry_mpi_scan (&v, |
958 | GCRYMPI_FMT_USG, | 979 | GCRYMPI_FMT_USG, |
959 | msg, | 980 | bm->blinded_msg, |
960 | msg_len, | 981 | bm->blinded_msg_size, |
961 | NULL)); | 982 | NULL)); |
962 | 983 | sig = rsa_sign_mpi (key, | |
963 | sig = rsa_sign_mpi (key, v); | 984 | v); |
964 | gcry_mpi_release (v); | 985 | gcry_mpi_release (v); |
965 | BENCHMARK_END (rsa_sign_blinded); | 986 | BENCHMARK_END (rsa_sign_blinded); |
966 | return sig; | 987 | return sig; |
@@ -969,14 +990,17 @@ GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
969 | 990 | ||
970 | struct GNUNET_CRYPTO_RsaSignature * | 991 | struct GNUNET_CRYPTO_RsaSignature * |
971 | GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 992 | GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
972 | const struct GNUNET_HashCode *hash) | 993 | const void *message, |
994 | size_t message_size) | ||
973 | { | 995 | { |
974 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; | 996 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; |
975 | gcry_mpi_t v = NULL; | 997 | gcry_mpi_t v = NULL; |
976 | struct GNUNET_CRYPTO_RsaSignature *sig; | 998 | struct GNUNET_CRYPTO_RsaSignature *sig; |
977 | 999 | ||
978 | pkey = GNUNET_CRYPTO_rsa_private_key_get_public (key); | 1000 | pkey = GNUNET_CRYPTO_rsa_private_key_get_public (key); |
979 | v = rsa_full_domain_hash (pkey, hash); | 1001 | v = rsa_full_domain_hash (pkey, |
1002 | message, | ||
1003 | message_size); | ||
980 | GNUNET_CRYPTO_rsa_public_key_free (pkey); | 1004 | GNUNET_CRYPTO_rsa_public_key_free (pkey); |
981 | if (NULL == v) /* rsa_gcd_validate failed meaning */ | 1005 | if (NULL == v) /* rsa_gcd_validate failed meaning */ |
982 | return NULL; /* our *own* RSA key is malicious. */ | 1006 | return NULL; /* our *own* RSA key is malicious. */ |
@@ -1172,7 +1196,8 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, | |||
1172 | 1196 | ||
1173 | 1197 | ||
1174 | enum GNUNET_GenericReturnValue | 1198 | enum GNUNET_GenericReturnValue |
1175 | GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, | 1199 | GNUNET_CRYPTO_rsa_verify (const void *message, |
1200 | size_t message_size, | ||
1176 | const struct GNUNET_CRYPTO_RsaSignature *sig, | 1201 | const struct GNUNET_CRYPTO_RsaSignature *sig, |
1177 | const struct GNUNET_CRYPTO_RsaPublicKey *pkey) | 1202 | const struct GNUNET_CRYPTO_RsaPublicKey *pkey) |
1178 | { | 1203 | { |
@@ -1182,7 +1207,9 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, | |||
1182 | 1207 | ||
1183 | BENCHMARK_START (rsa_verify); | 1208 | BENCHMARK_START (rsa_verify); |
1184 | 1209 | ||
1185 | r = rsa_full_domain_hash (pkey, hash); | 1210 | r = rsa_full_domain_hash (pkey, |
1211 | message, | ||
1212 | message_size); | ||
1186 | if (NULL == r) | 1213 | if (NULL == r) |
1187 | { | 1214 | { |
1188 | GNUNET_break_op (0); | 1215 | GNUNET_break_op (0); |
@@ -1260,4 +1287,4 @@ GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig) | |||
1260 | } | 1287 | } |
1261 | 1288 | ||
1262 | 1289 | ||
1263 | /* end of util/rsa.c */ | 1290 | /* end of crypto_rsa.c */ |
diff --git a/src/lib/util/perf_crypto_rsa.c b/src/lib/util/perf_crypto_rsa.c index ab9f362cf..721973b1a 100644 --- a/src/lib/util/perf_crypto_rsa.c +++ b/src/lib/util/perf_crypto_rsa.c | |||
@@ -45,9 +45,8 @@ eval (unsigned int len) | |||
45 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bsec[10]; | 45 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bsec[10]; |
46 | unsigned int i; | 46 | unsigned int i; |
47 | char sbuf[128]; | 47 | char sbuf[128]; |
48 | void *bbuf; | ||
49 | size_t bbuf_len; | ||
50 | struct GNUNET_HashCode hc; | 48 | struct GNUNET_HashCode hc; |
49 | struct GNUNET_CRYPTO_RsaBlindedMessage bm; | ||
51 | 50 | ||
52 | start = GNUNET_TIME_absolute_get (); | 51 | start = GNUNET_TIME_absolute_get (); |
53 | for (i = 0; i < 10; i++) | 52 | for (i = 0; i < 10; i++) |
@@ -95,17 +94,17 @@ eval (unsigned int len) | |||
95 | for (i = 0; i < 10; i++) | 94 | for (i = 0; i < 10; i++) |
96 | { | 95 | { |
97 | GNUNET_CRYPTO_rsa_blind (&hc, | 96 | GNUNET_CRYPTO_rsa_blind (&hc, |
97 | sizeof (hc), | ||
98 | &bsec[i], | 98 | &bsec[i], |
99 | public_key, | 99 | public_key, |
100 | &bbuf, | 100 | &bm); |
101 | &bbuf_len); | 101 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm); |
102 | GNUNET_free (bbuf); | ||
103 | } | 102 | } |
104 | printf ("10x %u-blinding took %s\n", | 103 | printf ("10x %u-blinding took %s\n", |
105 | len, | 104 | len, |
106 | GNUNET_STRINGS_relative_time_to_string ( | 105 | GNUNET_STRINGS_relative_time_to_string ( |
107 | GNUNET_TIME_absolute_get_duration (start), | 106 | GNUNET_TIME_absolute_get_duration (start), |
108 | GNUNET_YES)); | 107 | true)); |
109 | GNUNET_snprintf (sbuf, | 108 | GNUNET_snprintf (sbuf, |
110 | sizeof(sbuf), | 109 | sizeof(sbuf), |
111 | "RSA %u-blinding", | 110 | "RSA %u-blinding", |
@@ -116,16 +115,15 @@ eval (unsigned int len) | |||
116 | + GNUNET_TIME_absolute_get_duration | 115 | + GNUNET_TIME_absolute_get_duration |
117 | (start).rel_value_us / 1000LL), "ops/ms"); | 116 | (start).rel_value_us / 1000LL), "ops/ms"); |
118 | GNUNET_CRYPTO_rsa_blind (&hc, | 117 | GNUNET_CRYPTO_rsa_blind (&hc, |
118 | sizeof (hc), | ||
119 | &bsec[0], | 119 | &bsec[0], |
120 | public_key, | 120 | public_key, |
121 | &bbuf, | 121 | &bm); |
122 | &bbuf_len); | ||
123 | start = GNUNET_TIME_absolute_get (); | 122 | start = GNUNET_TIME_absolute_get (); |
124 | for (i = 0; i < 10; i++) | 123 | for (i = 0; i < 10; i++) |
125 | { | 124 | { |
126 | sig = GNUNET_CRYPTO_rsa_sign_blinded (private_key, | 125 | sig = GNUNET_CRYPTO_rsa_sign_blinded (private_key, |
127 | bbuf, | 126 | &bm); |
128 | bbuf_len); | ||
129 | GNUNET_CRYPTO_rsa_signature_free (sig); | 127 | GNUNET_CRYPTO_rsa_signature_free (sig); |
130 | } | 128 | } |
131 | printf ("10x %u-signing took %s\n", | 129 | printf ("10x %u-signing took %s\n", |
@@ -143,8 +141,7 @@ eval (unsigned int len) | |||
143 | + GNUNET_TIME_absolute_get_duration | 141 | + GNUNET_TIME_absolute_get_duration |
144 | (start).rel_value_us / 1000LL), "ops/ms"); | 142 | (start).rel_value_us / 1000LL), "ops/ms"); |
145 | sig = GNUNET_CRYPTO_rsa_sign_blinded (private_key, | 143 | sig = GNUNET_CRYPTO_rsa_sign_blinded (private_key, |
146 | bbuf, | 144 | &bm); |
147 | bbuf_len); | ||
148 | start = GNUNET_TIME_absolute_get (); | 145 | start = GNUNET_TIME_absolute_get (); |
149 | for (i = 0; i < 10; i++) | 146 | for (i = 0; i < 10; i++) |
150 | { | 147 | { |
@@ -157,7 +154,7 @@ eval (unsigned int len) | |||
157 | len, | 154 | len, |
158 | GNUNET_STRINGS_relative_time_to_string ( | 155 | GNUNET_STRINGS_relative_time_to_string ( |
159 | GNUNET_TIME_absolute_get_duration (start), | 156 | GNUNET_TIME_absolute_get_duration (start), |
160 | GNUNET_YES)); | 157 | true)); |
161 | GNUNET_snprintf (sbuf, | 158 | GNUNET_snprintf (sbuf, |
162 | sizeof(sbuf), | 159 | sizeof(sbuf), |
163 | "RSA %u-unblinding", | 160 | "RSA %u-unblinding", |
@@ -175,6 +172,7 @@ eval (unsigned int len) | |||
175 | { | 172 | { |
176 | GNUNET_assert (GNUNET_OK == | 173 | GNUNET_assert (GNUNET_OK == |
177 | GNUNET_CRYPTO_rsa_verify (&hc, | 174 | GNUNET_CRYPTO_rsa_verify (&hc, |
175 | sizeof (hc), | ||
178 | rsig, | 176 | rsig, |
179 | public_key)); | 177 | public_key)); |
180 | } | 178 | } |
@@ -195,7 +193,7 @@ eval (unsigned int len) | |||
195 | GNUNET_CRYPTO_rsa_signature_free (sig); | 193 | GNUNET_CRYPTO_rsa_signature_free (sig); |
196 | GNUNET_CRYPTO_rsa_public_key_free (public_key); | 194 | GNUNET_CRYPTO_rsa_public_key_free (public_key); |
197 | GNUNET_CRYPTO_rsa_private_key_free (private_key); | 195 | GNUNET_CRYPTO_rsa_private_key_free (private_key); |
198 | GNUNET_free (bbuf); | 196 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm); |
199 | } | 197 | } |
200 | 198 | ||
201 | 199 | ||
diff --git a/src/lib/util/program.c b/src/lib/util/program.c index 21b616ee2..2801b7650 100644 --- a/src/lib/util/program.c +++ b/src/lib/util/program.c | |||
@@ -35,7 +35,7 @@ | |||
35 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-program", __VA_ARGS__) | 35 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-program", __VA_ARGS__) |
36 | 36 | ||
37 | #define LOG_STRERROR_FILE(kind, syscall, filename) \ | 37 | #define LOG_STRERROR_FILE(kind, syscall, filename) \ |
38 | GNUNET_log_from_strerror_file (kind, "util-program", syscall, filename) | 38 | GNUNET_log_from_strerror_file (kind, "util-program", syscall, filename) |
39 | 39 | ||
40 | /** | 40 | /** |
41 | * Context for the command. | 41 | * Context for the command. |
@@ -416,4 +416,39 @@ GNUNET_PROGRAM_run (int argc, | |||
416 | } | 416 | } |
417 | 417 | ||
418 | 418 | ||
419 | /* A list of daemons to be launched when GNUNET_main() | ||
420 | * is called | ||
421 | */ | ||
422 | struct DaemonHandleList | ||
423 | { | ||
424 | /* DLL */ | ||
425 | struct DaemonHandleList *prev; | ||
426 | |||
427 | /* DLL */ | ||
428 | struct DaemonHandleList *next; | ||
429 | |||
430 | /* Program to launch */ | ||
431 | GNUNET_PROGRAM_Main d; | ||
432 | }; | ||
433 | |||
434 | /* The daemon list */ | ||
435 | static struct DaemonHandleList *hll_head = NULL; | ||
436 | |||
437 | /* The daemon list */ | ||
438 | static struct DaemonHandleList *hll_tail = NULL; | ||
439 | |||
440 | enum GNUNET_GenericReturnValue | ||
441 | GNUNET_DAEMON_register (const char *daemon_name, | ||
442 | const char *daemon_help, | ||
443 | GNUNET_PROGRAM_Main task) | ||
444 | { | ||
445 | struct DaemonHandleList *hle; | ||
446 | |||
447 | hle = GNUNET_new (struct DaemonHandleList); | ||
448 | hle->d = task; | ||
449 | GNUNET_CONTAINER_DLL_insert (hll_head, hll_tail, hle); | ||
450 | return GNUNET_OK; | ||
451 | } | ||
452 | |||
453 | |||
419 | /* end of program.c */ | 454 | /* end of program.c */ |
diff --git a/src/lib/util/test_crypto_blind.c b/src/lib/util/test_crypto_blind.c new file mode 100644 index 000000000..d7efd79ea --- /dev/null +++ b/src/lib/util/test_crypto_blind.c | |||
@@ -0,0 +1,86 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet | ||
3 | Copyright (C) 2014, 2015, 2023 GNUnet e.V. | ||
4 | |||
5 | GNUnet is free software: you can redistribute it and/or modify it | ||
6 | under the terms of the GNU Affero General Public License as published | ||
7 | by the Free Software Foundation, either version 3 of the License, | ||
8 | or (at your option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | Affero General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU Affero General Public License | ||
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | ||
17 | |||
18 | SPDX-License-Identifier: AGPL3.0-or-later | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file util/test_crypto_blind.c | ||
23 | * @brief testcase for utility functions for blind signatures | ||
24 | * @author Christian Grothoff <grothoff@gnunet.org> | ||
25 | */ | ||
26 | #include "platform.h" | ||
27 | #include <gcrypt.h> | ||
28 | #include "gnunet_util_lib.h" | ||
29 | |||
30 | |||
31 | int | ||
32 | main (int argc, | ||
33 | char *argv[]) | ||
34 | { | ||
35 | struct GNUNET_CRYPTO_BlindSignPrivateKey *priv; | ||
36 | struct GNUNET_CRYPTO_BlindSignPublicKey *pub; | ||
37 | struct GNUNET_CRYPTO_BlindingInputValues *biv; | ||
38 | struct GNUNET_CRYPTO_BlindedMessage *bm; | ||
39 | struct GNUNET_CRYPTO_BlindedSignature *bsig; | ||
40 | struct GNUNET_CRYPTO_UnblindedSignature *sig; | ||
41 | union GNUNET_CRYPTO_BlindingSecretP bsec; | ||
42 | union GNUNET_CRYPTO_BlindSessionNonce nonce; | ||
43 | |||
44 | GNUNET_log_setup ("test-crypto-blind", | ||
45 | "WARNING", | ||
46 | NULL); | ||
47 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
48 | &bsec, | ||
49 | sizeof (bsec)); | ||
50 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | ||
51 | &nonce, | ||
52 | sizeof (nonce)); | ||
53 | GNUNET_assert (GNUNET_OK == | ||
54 | GNUNET_CRYPTO_blind_sign_keys_create (&priv, | ||
55 | &pub, | ||
56 | GNUNET_CRYPTO_BSA_CS)); | ||
57 | biv = GNUNET_CRYPTO_get_blinding_input_values (priv, | ||
58 | &nonce, | ||
59 | "salt"); | ||
60 | bm = GNUNET_CRYPTO_message_blind_to_sign (pub, | ||
61 | &bsec, | ||
62 | &nonce, | ||
63 | "hello", | ||
64 | 5, | ||
65 | biv); | ||
66 | bsig = GNUNET_CRYPTO_blind_sign (priv, | ||
67 | "salt", | ||
68 | bm); | ||
69 | sig = GNUNET_CRYPTO_blind_sig_unblind (bsig, | ||
70 | &bsec, | ||
71 | "hello", | ||
72 | 5, | ||
73 | biv, | ||
74 | pub); | ||
75 | GNUNET_assert (GNUNET_OK == | ||
76 | GNUNET_CRYPTO_blind_sig_verify (pub, | ||
77 | sig, | ||
78 | "hello", | ||
79 | 5)); | ||
80 | GNUNET_CRYPTO_blinded_sig_decref (bsig); | ||
81 | GNUNET_CRYPTO_unblinded_sig_decref (sig); | ||
82 | GNUNET_CRYPTO_blinded_message_decref (bm); | ||
83 | GNUNET_CRYPTO_blind_sign_priv_decref (priv); | ||
84 | GNUNET_CRYPTO_blind_sign_pub_decref (pub); | ||
85 | return 0; | ||
86 | } | ||
diff --git a/src/lib/util/test_crypto_cs.c b/src/lib/util/test_crypto_cs.c index 6fd2361fb..ee68db72f 100644 --- a/src/lib/util/test_crypto_cs.c +++ b/src/lib/util/test_crypto_cs.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of GNUnet | 2 | This file is part of GNUnet |
3 | Copyright (C) 2021,2022 GNUnet e.V. | 3 | Copyright (C) 2021,2022, 2023 GNUnet e.V. |
4 | 4 | ||
5 | GNUnet is free software: you can redistribute it and/or modify it | 5 | GNUnet is free software: you can redistribute it and/or modify it |
6 | under the terms of the GNU Affero General Public License as published | 6 | under the terms of the GNU Affero General Public License as published |
@@ -31,6 +31,7 @@ | |||
31 | 31 | ||
32 | #define ITER 25 | 32 | #define ITER 25 |
33 | 33 | ||
34 | |||
34 | static void | 35 | static void |
35 | test_create_priv (struct GNUNET_CRYPTO_CsPrivateKey *priv) | 36 | test_create_priv (struct GNUNET_CRYPTO_CsPrivateKey *priv) |
36 | { | 37 | { |
@@ -39,8 +40,10 @@ test_create_priv (struct GNUNET_CRYPTO_CsPrivateKey *priv) | |||
39 | */ | 40 | */ |
40 | struct GNUNET_CRYPTO_CsPrivateKey other_priv; | 41 | struct GNUNET_CRYPTO_CsPrivateKey other_priv; |
41 | 42 | ||
42 | other_priv = *priv; | ||
43 | GNUNET_CRYPTO_cs_private_key_generate (priv); | 43 | GNUNET_CRYPTO_cs_private_key_generate (priv); |
44 | memset (&other_priv, | ||
45 | 42, | ||
46 | sizeof (other_priv)); | ||
44 | GNUNET_assert (0 != | 47 | GNUNET_assert (0 != |
45 | GNUNET_memcmp (&other_priv.scalar, | 48 | GNUNET_memcmp (&other_priv.scalar, |
46 | &priv->scalar)); | 49 | &priv->scalar)); |
@@ -56,9 +59,11 @@ test_generate_pub (const struct GNUNET_CRYPTO_CsPrivateKey *priv, | |||
56 | */ | 59 | */ |
57 | struct GNUNET_CRYPTO_CsPublicKey other_pub; | 60 | struct GNUNET_CRYPTO_CsPublicKey other_pub; |
58 | 61 | ||
59 | other_pub = *pub; | ||
60 | GNUNET_CRYPTO_cs_private_key_get_public (priv, | 62 | GNUNET_CRYPTO_cs_private_key_get_public (priv, |
61 | pub); | 63 | pub); |
64 | memset (&other_pub, | ||
65 | 42, | ||
66 | sizeof (other_pub)); | ||
62 | GNUNET_assert (0 != | 67 | GNUNET_assert (0 != |
63 | GNUNET_memcmp (&other_pub.point, | 68 | GNUNET_memcmp (&other_pub.point, |
64 | &pub->point)); | 69 | &pub->point)); |
@@ -85,7 +90,7 @@ test_generate_pub (const struct GNUNET_CRYPTO_CsPrivateKey *priv, | |||
85 | 90 | ||
86 | 91 | ||
87 | static void | 92 | static void |
88 | test_derive_rsecret (const struct GNUNET_CRYPTO_CsNonce *nonce, | 93 | test_derive_rsecret (const struct GNUNET_CRYPTO_CsSessionNonce *nonce, |
89 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, | 94 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
90 | struct GNUNET_CRYPTO_CsRSecret r[2]) | 95 | struct GNUNET_CRYPTO_CsRSecret r[2]) |
91 | { | 96 | { |
@@ -164,7 +169,7 @@ test_generate_rpublic (const struct GNUNET_CRYPTO_CsRSecret *r_priv, | |||
164 | 169 | ||
165 | 170 | ||
166 | static void | 171 | static void |
167 | test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsNonce *blind_seed, | 172 | test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsBlindingNonce *blind_seed, |
168 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) | 173 | struct GNUNET_CRYPTO_CsBlindingSecret bs[2]) |
169 | { | 174 | { |
170 | /* TEST 1 | 175 | /* TEST 1 |
@@ -176,7 +181,8 @@ test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsNonce *blind_seed, | |||
176 | bs, | 181 | bs, |
177 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) * 2); | 182 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) * 2); |
178 | 183 | ||
179 | GNUNET_CRYPTO_cs_blinding_secrets_derive (blind_seed, bs); | 184 | GNUNET_CRYPTO_cs_blinding_secrets_derive (blind_seed, |
185 | bs); | ||
180 | 186 | ||
181 | GNUNET_assert (0 != | 187 | GNUNET_assert (0 != |
182 | memcmp (other_bs, | 188 | memcmp (other_bs, |
@@ -193,7 +199,8 @@ test_derive_blindingsecrets (const struct GNUNET_CRYPTO_CsNonce *blind_seed, | |||
193 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) * 2); | 199 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) * 2); |
194 | for (unsigned int i = 0; i<ITER; i++) | 200 | for (unsigned int i = 0; i<ITER; i++) |
195 | { | 201 | { |
196 | GNUNET_CRYPTO_cs_blinding_secrets_derive (blind_seed, bs); | 202 | GNUNET_CRYPTO_cs_blinding_secrets_derive (blind_seed, |
203 | bs); | ||
197 | GNUNET_assert (0 == memcmp (&other_bs[0], | 204 | GNUNET_assert (0 == memcmp (&other_bs[0], |
198 | &bs[0], | 205 | &bs[0], |
199 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) | 206 | sizeof(struct GNUNET_CRYPTO_CsBlindingSecret) |
@@ -209,7 +216,7 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
209 | const void *msg, | 216 | const void *msg, |
210 | size_t msg_len, | 217 | size_t msg_len, |
211 | struct GNUNET_CRYPTO_CsC blinded_cs[2], | 218 | struct GNUNET_CRYPTO_CsC blinded_cs[2], |
212 | struct GNUNET_CRYPTO_CsRPublic blinded_r_pub[2]) | 219 | struct GNUNET_CRYPTO_CSPublicRPairP *blinded_r_pub) |
213 | { | 220 | { |
214 | /* TEST 1 | 221 | /* TEST 1 |
215 | * Check that the blinded c's and blinded r's | 222 | * Check that the blinded c's and blinded r's |
@@ -220,10 +227,8 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
220 | &blinded_cs[0], | 227 | &blinded_cs[0], |
221 | sizeof(struct GNUNET_CRYPTO_CsC) * 2); | 228 | sizeof(struct GNUNET_CRYPTO_CsC) * 2); |
222 | 229 | ||
223 | struct GNUNET_CRYPTO_CsRPublic other_blinded_r_pub[2]; | 230 | struct GNUNET_CRYPTO_CSPublicRPairP other_blinded_pub; |
224 | memcpy (&other_blinded_r_pub[0], | 231 | other_blinded_pub = *blinded_r_pub; |
225 | &blinded_r_pub[0], | ||
226 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2); | ||
227 | 232 | ||
228 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, | 233 | GNUNET_CRYPTO_cs_calc_blinded_c (bs, |
229 | r_pub, | 234 | r_pub, |
@@ -236,9 +241,9 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
236 | GNUNET_assert (0 != memcmp (&other_blinded_c[0], | 241 | GNUNET_assert (0 != memcmp (&other_blinded_c[0], |
237 | &blinded_cs[0], | 242 | &blinded_cs[0], |
238 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); | 243 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); |
239 | GNUNET_assert (0 != memcmp (&other_blinded_r_pub[0], | 244 | GNUNET_assert (0 != |
240 | &blinded_r_pub[0], | 245 | GNUNET_memcmp (&other_blinded_pub, |
241 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | 246 | blinded_r_pub)); |
242 | 247 | ||
243 | /* TEST 2 | 248 | /* TEST 2 |
244 | * Check if R' - aG -bX = R for b = 0 | 249 | * Check if R' - aG -bX = R for b = 0 |
@@ -251,37 +256,41 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
251 | struct GNUNET_CRYPTO_Cs25519Point r_min_aG; | 256 | struct GNUNET_CRYPTO_Cs25519Point r_min_aG; |
252 | struct GNUNET_CRYPTO_CsRPublic res; | 257 | struct GNUNET_CRYPTO_CsRPublic res; |
253 | 258 | ||
254 | GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp ( | 259 | GNUNET_assert (0 == |
260 | crypto_scalarmult_ed25519_base_noclamp ( | ||
255 | aG.y, | 261 | aG.y, |
256 | bs[b].alpha.d)); | 262 | bs[b].alpha.d)); |
257 | 263 | GNUNET_assert (0 == | |
258 | GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp ( | 264 | crypto_scalarmult_ed25519_noclamp ( |
259 | bX.y, | 265 | bX.y, |
260 | bs[b].beta.d, | 266 | bs[b].beta.d, |
261 | pub->point.y)); | 267 | pub->point.y)); |
262 | 268 | GNUNET_assert (0 == | |
263 | GNUNET_assert (0 == crypto_core_ed25519_sub ( | 269 | crypto_core_ed25519_sub ( |
264 | r_min_aG.y, | 270 | r_min_aG.y, |
265 | blinded_r_pub[b].point.y, | 271 | blinded_r_pub->r_pub[b].point.y, |
266 | aG.y)); | 272 | aG.y)); |
267 | |||
268 | GNUNET_assert (0 == crypto_core_ed25519_sub ( | 273 | GNUNET_assert (0 == crypto_core_ed25519_sub ( |
269 | res.point.y, | 274 | res.point.y, |
270 | r_min_aG.y, | 275 | r_min_aG.y, |
271 | bX.y)); | 276 | bX.y)); |
272 | 277 | ||
273 | GNUNET_assert (0 == memcmp (&res, &r_pub[b], sizeof(struct | 278 | GNUNET_assert (0 == |
274 | GNUNET_CRYPTO_CsRPublic))); | 279 | memcmp (&res, |
280 | &r_pub[b], | ||
281 | sizeof(struct GNUNET_CRYPTO_CsRPublic))); | ||
275 | } | 282 | } |
276 | 283 | ||
277 | 284 | ||
278 | /* TEST 3 | 285 | /* TEST 3 |
279 | * Check that the blinded r_pubs' are valid points | 286 | * Check that the blinded r_pubs' are valid points |
280 | */ | 287 | */ |
281 | GNUNET_assert (1 == crypto_core_ed25519_is_valid_point ( | 288 | GNUNET_assert (1 == |
282 | blinded_r_pub[0].point.y)); | 289 | crypto_core_ed25519_is_valid_point ( |
283 | GNUNET_assert (1 == crypto_core_ed25519_is_valid_point ( | 290 | blinded_r_pub->r_pub[0].point.y)); |
284 | blinded_r_pub[1].point.y)); | 291 | GNUNET_assert (1 == |
292 | crypto_core_ed25519_is_valid_point ( | ||
293 | blinded_r_pub->r_pub[1].point.y)); | ||
285 | 294 | ||
286 | /* TEST 4 | 295 | /* TEST 4 |
287 | * Check if function gives the same result for the same input. | 296 | * Check if function gives the same result for the same input. |
@@ -289,9 +298,7 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
289 | memcpy (&other_blinded_c[0], | 298 | memcpy (&other_blinded_c[0], |
290 | &blinded_cs[0], | 299 | &blinded_cs[0], |
291 | sizeof(struct GNUNET_CRYPTO_CsC) * 2); | 300 | sizeof(struct GNUNET_CRYPTO_CsC) * 2); |
292 | memcpy (&other_blinded_r_pub[0], | 301 | other_blinded_pub = *blinded_r_pub; |
293 | &blinded_r_pub[0], | ||
294 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2); | ||
295 | 302 | ||
296 | for (unsigned int i = 0; i<ITER; i++) | 303 | for (unsigned int i = 0; i<ITER; i++) |
297 | { | 304 | { |
@@ -302,40 +309,37 @@ test_calc_blindedc (const struct GNUNET_CRYPTO_CsBlindingSecret bs[2], | |||
302 | msg_len, | 309 | msg_len, |
303 | blinded_cs, | 310 | blinded_cs, |
304 | blinded_r_pub); | 311 | blinded_r_pub); |
305 | GNUNET_assert (0 == memcmp (&other_blinded_c[0], | 312 | GNUNET_assert (0 == |
306 | &blinded_cs[0], | 313 | memcmp (&other_blinded_c[0], |
307 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); | 314 | &blinded_cs[0], |
308 | GNUNET_assert (0 == memcmp (&other_blinded_r_pub[0], | 315 | sizeof(struct GNUNET_CRYPTO_CsC) * 2)); |
309 | &blinded_r_pub[0], | 316 | GNUNET_assert (0 == |
310 | sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2)); | 317 | GNUNET_memcmp (&other_blinded_pub, |
318 | blinded_r_pub)); | ||
311 | } | 319 | } |
312 | } | 320 | } |
313 | 321 | ||
314 | 322 | ||
315 | static void | 323 | static void |
316 | test_blind_sign (unsigned int *b, | 324 | test_blind_sign (const struct GNUNET_CRYPTO_CsPrivateKey *priv, |
317 | const struct GNUNET_CRYPTO_CsPrivateKey *priv, | ||
318 | const struct GNUNET_CRYPTO_CsRSecret r[2], | 325 | const struct GNUNET_CRYPTO_CsRSecret r[2], |
319 | const struct GNUNET_CRYPTO_CsC c[2], | 326 | const struct GNUNET_CRYPTO_CsBlindedMessage *bm, |
320 | const struct GNUNET_CRYPTO_CsNonce *nonce, | 327 | struct GNUNET_CRYPTO_CsBlindSignature *cs_blind_sig) |
321 | struct GNUNET_CRYPTO_CsBlindS *blinded_s) | ||
322 | { | 328 | { |
323 | /* TEST 1 | 329 | /* TEST 1 |
324 | * Check that blinded_s is set | 330 | * Check that blinded_s is set |
325 | */ | 331 | */ |
326 | struct GNUNET_CRYPTO_CsC other_blinded_s; | 332 | struct GNUNET_CRYPTO_CsBlindSignature other_blind_sig; |
327 | memcpy (&other_blinded_s, blinded_s, sizeof(struct GNUNET_CRYPTO_CsBlindS)); | 333 | |
328 | 334 | memset (&other_blind_sig, | |
329 | *b = GNUNET_CRYPTO_cs_sign_derive (priv, | 335 | 44, |
330 | r, | 336 | sizeof (other_blind_sig)); |
331 | c, | 337 | GNUNET_CRYPTO_cs_sign_derive (priv, |
332 | nonce, | 338 | r, |
333 | blinded_s); | 339 | bm, |
334 | 340 | &other_blind_sig); | |
335 | GNUNET_assert (0 == *b || 1 == *b); | 341 | GNUNET_assert (0 == other_blind_sig.b || |
336 | GNUNET_assert (0 != memcmp (&other_blinded_s, | 342 | 1 == other_blind_sig.b); |
337 | blinded_s, | ||
338 | sizeof(struct GNUNET_CRYPTO_CsBlindS))); | ||
339 | 343 | ||
340 | /* TEST 2 | 344 | /* TEST 2 |
341 | * Check if s := rb + cbX | 345 | * Check if s := rb + cbX |
@@ -343,32 +347,29 @@ test_blind_sign (unsigned int *b, | |||
343 | */ | 347 | */ |
344 | struct GNUNET_CRYPTO_Cs25519Scalar cb_mul_x; | 348 | struct GNUNET_CRYPTO_Cs25519Scalar cb_mul_x; |
345 | struct GNUNET_CRYPTO_Cs25519Scalar s_min_rb; | 349 | struct GNUNET_CRYPTO_Cs25519Scalar s_min_rb; |
346 | 350 | ||
347 | crypto_core_ed25519_scalar_mul (cb_mul_x.d, | 351 | crypto_core_ed25519_scalar_mul (cb_mul_x.d, |
348 | c[*b].scalar.d, | 352 | bm->c[other_blind_sig.b].scalar.d, |
349 | priv->scalar.d); | 353 | priv->scalar.d); |
350 | |||
351 | crypto_core_ed25519_scalar_sub (s_min_rb.d, | 354 | crypto_core_ed25519_scalar_sub (s_min_rb.d, |
352 | blinded_s->scalar.d, | 355 | other_blind_sig.s_scalar.scalar.d, |
353 | r[*b].scalar.d); | 356 | r[other_blind_sig.b].scalar.d); |
354 | 357 | GNUNET_assert (0 == | |
355 | GNUNET_assert (0 == memcmp (&s_min_rb, &cb_mul_x, sizeof(struct | 358 | GNUNET_memcmp (&s_min_rb, |
356 | GNUNET_CRYPTO_Cs25519Scalar))); | 359 | &cb_mul_x)); |
357 | 360 | ||
358 | /* TEST 3 | 361 | /* TEST 3 |
359 | * Check if function gives the same result for the same input. | 362 | * Check if function gives the same result for the same input. |
360 | */ | 363 | */ |
361 | memcpy (&other_blinded_s, blinded_s, sizeof(struct GNUNET_CRYPTO_CsBlindS)); | ||
362 | for (unsigned int i = 0; i<ITER; i++) | 364 | for (unsigned int i = 0; i<ITER; i++) |
363 | { | 365 | { |
364 | unsigned int other_b; | 366 | GNUNET_CRYPTO_cs_sign_derive (priv, |
365 | 367 | r, | |
366 | other_b = GNUNET_CRYPTO_cs_sign_derive (priv, r, c, nonce, blinded_s); | 368 | bm, |
367 | 369 | cs_blind_sig); | |
368 | GNUNET_assert (other_b == *b); | 370 | GNUNET_assert (0 == |
369 | GNUNET_assert (0 == memcmp (&other_blinded_s, | 371 | GNUNET_memcmp (&other_blind_sig, |
370 | blinded_s, | 372 | cs_blind_sig)); |
371 | sizeof(struct GNUNET_CRYPTO_CsBlindS))); | ||
372 | } | 373 | } |
373 | } | 374 | } |
374 | 375 | ||
@@ -386,7 +387,9 @@ test_unblinds (const struct GNUNET_CRYPTO_CsBlindS *blinded_signature_scalar, | |||
386 | signature_scalar, | 387 | signature_scalar, |
387 | sizeof(struct GNUNET_CRYPTO_CsS)); | 388 | sizeof(struct GNUNET_CRYPTO_CsS)); |
388 | 389 | ||
389 | GNUNET_CRYPTO_cs_unblind (blinded_signature_scalar, bs, signature_scalar); | 390 | GNUNET_CRYPTO_cs_unblind (blinded_signature_scalar, |
391 | bs, | ||
392 | signature_scalar); | ||
390 | 393 | ||
391 | GNUNET_assert (0 != memcmp (&other_signature_scalar, | 394 | GNUNET_assert (0 != memcmp (&other_signature_scalar, |
392 | signature_scalar, | 395 | signature_scalar, |
@@ -431,23 +434,24 @@ test_blind_verify (const struct GNUNET_CRYPTO_CsSignature *sig, | |||
431 | * Test verifies the blinded signature sG == Rb + cbX | 434 | * Test verifies the blinded signature sG == Rb + cbX |
432 | */ | 435 | */ |
433 | struct GNUNET_CRYPTO_Cs25519Point sig_scal_mul_base; | 436 | struct GNUNET_CRYPTO_Cs25519Point sig_scal_mul_base; |
434 | GNUNET_assert (0 == crypto_scalarmult_ed25519_base_noclamp ( | ||
435 | sig_scal_mul_base.y, | ||
436 | sig->s_scalar.scalar.d)); | ||
437 | |||
438 | struct GNUNET_CRYPTO_Cs25519Point c_mul_pub; | 437 | struct GNUNET_CRYPTO_Cs25519Point c_mul_pub; |
439 | GNUNET_assert (0 == crypto_scalarmult_ed25519_noclamp (c_mul_pub.y, | ||
440 | c->scalar.d, | ||
441 | pub->point.y)); | ||
442 | |||
443 | struct GNUNET_CRYPTO_Cs25519Point r_add_c_mul_pub; | 438 | struct GNUNET_CRYPTO_Cs25519Point r_add_c_mul_pub; |
444 | GNUNET_assert (0 == crypto_core_ed25519_add (r_add_c_mul_pub.y, | ||
445 | sig->r_point.point.y, | ||
446 | c_mul_pub.y)); | ||
447 | 439 | ||
448 | GNUNET_assert (0 == memcmp (sig_scal_mul_base.y, | 440 | GNUNET_assert (0 == |
449 | r_add_c_mul_pub.y, | 441 | crypto_scalarmult_ed25519_base_noclamp ( |
450 | sizeof(struct GNUNET_CRYPTO_Cs25519Point))); | 442 | sig_scal_mul_base.y, |
443 | sig->s_scalar.scalar.d)); | ||
444 | GNUNET_assert (0 == | ||
445 | crypto_scalarmult_ed25519_noclamp (c_mul_pub.y, | ||
446 | c->scalar.d, | ||
447 | pub->point.y)); | ||
448 | GNUNET_assert (0 == | ||
449 | crypto_core_ed25519_add (r_add_c_mul_pub.y, | ||
450 | sig->r_point.point.y, | ||
451 | c_mul_pub.y)); | ||
452 | GNUNET_assert (0 == | ||
453 | GNUNET_memcmp (sig_scal_mul_base.y, | ||
454 | r_add_c_mul_pub.y)); | ||
451 | } | 455 | } |
452 | 456 | ||
453 | 457 | ||
@@ -490,6 +494,9 @@ main (int argc, | |||
490 | 494 | ||
491 | struct GNUNET_CRYPTO_CsPrivateKey priv; | 495 | struct GNUNET_CRYPTO_CsPrivateKey priv; |
492 | 496 | ||
497 | GNUNET_log_setup ("test-crypto-cs", | ||
498 | "INFO", | ||
499 | NULL); | ||
493 | memset (&priv, | 500 | memset (&priv, |
494 | 42, | 501 | 42, |
495 | sizeof (priv)); | 502 | sizeof (priv)); |
@@ -503,11 +510,11 @@ main (int argc, | |||
503 | test_generate_pub (&priv, | 510 | test_generate_pub (&priv, |
504 | &pub); | 511 | &pub); |
505 | 512 | ||
506 | // derive nonce | 513 | // set nonce |
507 | struct GNUNET_CRYPTO_CsNonce nonce; | 514 | struct GNUNET_CRYPTO_CsSessionNonce nonce; |
508 | GNUNET_assert (GNUNET_YES == | 515 | GNUNET_assert (GNUNET_YES == |
509 | GNUNET_CRYPTO_kdf (nonce.nonce, | 516 | GNUNET_CRYPTO_kdf (&nonce, |
510 | sizeof(nonce.nonce), | 517 | sizeof(nonce), |
511 | "nonce", | 518 | "nonce", |
512 | strlen ("nonce"), | 519 | strlen ("nonce"), |
513 | "nonce_secret", | 520 | "nonce_secret", |
@@ -539,21 +546,26 @@ main (int argc, | |||
539 | 546 | ||
540 | // generate blinding secrets | 547 | // generate blinding secrets |
541 | struct GNUNET_CRYPTO_CsBlindingSecret blindingsecrets[2]; | 548 | struct GNUNET_CRYPTO_CsBlindingSecret blindingsecrets[2]; |
549 | struct GNUNET_CRYPTO_CsBlindingNonce bnonce; | ||
542 | 550 | ||
551 | memset (&bnonce, | ||
552 | 42, | ||
553 | sizeof (bnonce)); | ||
543 | memset (blindingsecrets, | 554 | memset (blindingsecrets, |
544 | 42, | 555 | 42, |
545 | sizeof (blindingsecrets)); | 556 | sizeof (blindingsecrets)); |
546 | test_derive_blindingsecrets (&nonce, | 557 | test_derive_blindingsecrets (&bnonce, |
547 | blindingsecrets); | 558 | blindingsecrets); |
548 | 559 | ||
549 | // calculate blinded c's | 560 | // calculate blinded c's |
561 | struct GNUNET_CRYPTO_CsBlindedMessage bm; | ||
550 | struct GNUNET_CRYPTO_CsC blinded_cs[2]; | 562 | struct GNUNET_CRYPTO_CsC blinded_cs[2]; |
551 | struct GNUNET_CRYPTO_CsRPublic blinded_r_pubs[2]; | 563 | struct GNUNET_CRYPTO_CSPublicRPairP blinded_r_pubs; |
552 | 564 | ||
553 | memset (blinded_cs, | 565 | memset (blinded_cs, |
554 | 42, | 566 | 42, |
555 | sizeof (blinded_cs)); | 567 | sizeof (blinded_cs)); |
556 | memset (blinded_r_pubs, | 568 | memset (&blinded_r_pubs, |
557 | 42, | 569 | 42, |
558 | sizeof (blinded_r_pubs)); | 570 | sizeof (blinded_r_pubs)); |
559 | test_calc_blindedc (blindingsecrets, | 571 | test_calc_blindedc (blindingsecrets, |
@@ -562,31 +574,30 @@ main (int argc, | |||
562 | message, | 574 | message, |
563 | message_len, | 575 | message_len, |
564 | blinded_cs, | 576 | blinded_cs, |
565 | blinded_r_pubs); | 577 | &blinded_r_pubs); |
566 | 578 | ||
567 | // ---------- actions performed by signer | 579 | // ---------- actions performed by signer |
568 | // sign blinded c's and get b and s in return | 580 | // sign blinded c's and get b and s in return |
569 | unsigned int b; | 581 | struct GNUNET_CRYPTO_CsBlindSignature blinded_s; |
570 | struct GNUNET_CRYPTO_CsBlindS blinded_s; | ||
571 | 582 | ||
572 | memset (&blinded_s, | 583 | memset (&blinded_s, |
573 | 42, | 584 | 42, |
574 | sizeof (blinded_s)); | 585 | sizeof (blinded_s)); |
575 | test_blind_sign (&b, | 586 | bm.c[0] = blinded_cs[0]; |
576 | &priv, | 587 | bm.c[1] = blinded_cs[1]; |
588 | bm.nonce = nonce; | ||
589 | test_blind_sign (&priv, | ||
577 | r_secrets, | 590 | r_secrets, |
578 | blinded_cs, | 591 | &bm, |
579 | &nonce, | ||
580 | &blinded_s); | 592 | &blinded_s); |
581 | |||
582 | // verify blinded signature | 593 | // verify blinded signature |
583 | struct GNUNET_CRYPTO_CsSignature blinded_signature; | 594 | struct GNUNET_CRYPTO_CsSignature blinded_signature; |
584 | 595 | ||
585 | blinded_signature.r_point = r_publics[b]; | 596 | blinded_signature.r_point = r_publics[blinded_s.b]; |
586 | blinded_signature.s_scalar.scalar = blinded_s.scalar; | 597 | blinded_signature.s_scalar.scalar = blinded_s.s_scalar.scalar; |
587 | test_blind_verify (&blinded_signature, | 598 | test_blind_verify (&blinded_signature, |
588 | &pub, | 599 | &pub, |
589 | &blinded_cs[b]); | 600 | &blinded_cs[blinded_s.b]); |
590 | 601 | ||
591 | // ---------- actions performed by user | 602 | // ---------- actions performed by user |
592 | struct GNUNET_CRYPTO_CsS sig_scalar; | 603 | struct GNUNET_CRYPTO_CsS sig_scalar; |
@@ -594,13 +605,13 @@ main (int argc, | |||
594 | memset (&sig_scalar, | 605 | memset (&sig_scalar, |
595 | 42, | 606 | 42, |
596 | sizeof (sig_scalar)); | 607 | sizeof (sig_scalar)); |
597 | test_unblinds (&blinded_s, | 608 | test_unblinds (&blinded_s.s_scalar, |
598 | &blindingsecrets[b], | 609 | &blindingsecrets[blinded_s.b], |
599 | &sig_scalar); | 610 | &sig_scalar); |
600 | 611 | ||
601 | // verify unblinded signature | 612 | // verify unblinded signature |
602 | struct GNUNET_CRYPTO_CsSignature signature; | 613 | struct GNUNET_CRYPTO_CsSignature signature; |
603 | signature.r_point = blinded_r_pubs[b]; | 614 | signature.r_point = blinded_r_pubs.r_pub[blinded_s.b]; |
604 | signature.s_scalar = sig_scalar; | 615 | signature.s_scalar = sig_scalar; |
605 | test_verify (&signature, | 616 | test_verify (&signature, |
606 | &pub, | 617 | &pub, |
diff --git a/src/lib/util/test_crypto_rsa.c b/src/lib/util/test_crypto_rsa.c index 9f2ddb66e..c513a68fe 100644 --- a/src/lib/util/test_crypto_rsa.c +++ b/src/lib/util/test_crypto_rsa.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of GNUnet | 2 | This file is part of GNUnet |
3 | Copyright (C) 2014,2015 GNUnet e.V. | 3 | Copyright (C) 2014, 2015, 2023 GNUnet e.V. |
4 | 4 | ||
5 | GNUnet is free software: you can redistribute it and/or modify it | 5 | GNUnet is free software: you can redistribute it and/or modify it |
6 | under the terms of the GNU Affero General Public License as published | 6 | under the terms of the GNU Affero General Public License as published |
@@ -47,10 +47,10 @@ main (int argc, | |||
47 | struct GNUNET_CRYPTO_RsaSignature *bsig; | 47 | struct GNUNET_CRYPTO_RsaSignature *bsig; |
48 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bsec; | 48 | struct GNUNET_CRYPTO_RsaBlindingKeySecret bsec; |
49 | struct GNUNET_HashCode hash; | 49 | struct GNUNET_HashCode hash; |
50 | void *blind_buf; | ||
51 | size_t bsize; | ||
52 | 50 | ||
53 | GNUNET_log_setup ("test-rsa", "WARNING", NULL); | 51 | GNUNET_log_setup ("test-crypto-rsa", |
52 | "WARNING", | ||
53 | NULL); | ||
54 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | 54 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, |
55 | rnd_blk, | 55 | rnd_blk, |
56 | RND_BLK_SIZE); | 56 | RND_BLK_SIZE); |
@@ -60,36 +60,48 @@ main (int argc, | |||
60 | priv = GNUNET_CRYPTO_rsa_private_key_create (KEY_SIZE); | 60 | priv = GNUNET_CRYPTO_rsa_private_key_create (KEY_SIZE); |
61 | priv_copy = GNUNET_CRYPTO_rsa_private_key_dup (priv); | 61 | priv_copy = GNUNET_CRYPTO_rsa_private_key_dup (priv); |
62 | GNUNET_assert (NULL != priv_copy); | 62 | GNUNET_assert (NULL != priv_copy); |
63 | GNUNET_assert (0 == GNUNET_CRYPTO_rsa_private_key_cmp (priv, priv_copy)); | 63 | GNUNET_assert (0 == GNUNET_CRYPTO_rsa_private_key_cmp (priv, |
64 | priv_copy)); | ||
64 | pub = GNUNET_CRYPTO_rsa_private_key_get_public (priv); | 65 | pub = GNUNET_CRYPTO_rsa_private_key_get_public (priv); |
65 | 66 | ||
66 | /* Encoding */ | 67 | /* Encoding */ |
67 | size_t size; | 68 | size_t size; |
68 | void *enc; | 69 | void *enc; |
69 | enc = NULL; | 70 | enc = NULL; |
70 | size = GNUNET_CRYPTO_rsa_private_key_encode (priv, &enc); | 71 | size = GNUNET_CRYPTO_rsa_private_key_encode (priv, |
72 | &enc); | ||
71 | 73 | ||
72 | /* Decoding */ | 74 | /* Decoding */ |
73 | GNUNET_CRYPTO_rsa_private_key_free (priv); | 75 | GNUNET_CRYPTO_rsa_private_key_free (priv); |
74 | priv = NULL; | 76 | priv = NULL; |
75 | priv = GNUNET_CRYPTO_rsa_private_key_decode (enc, size); | 77 | priv = GNUNET_CRYPTO_rsa_private_key_decode (enc, |
78 | size); | ||
76 | GNUNET_assert (NULL != priv); | 79 | GNUNET_assert (NULL != priv); |
77 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | 80 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, |
78 | enc, size); | 81 | enc, |
79 | GNUNET_assert (NULL == GNUNET_CRYPTO_rsa_private_key_decode (enc, size)); | 82 | size); |
80 | (void) fprintf (stderr, "The above warning is expected.\n"); | 83 | GNUNET_assert (NULL == |
84 | GNUNET_CRYPTO_rsa_private_key_decode (enc, | ||
85 | size)); | ||
86 | (void) fprintf (stderr, | ||
87 | "The above warning is expected.\n"); | ||
81 | GNUNET_free (enc); | 88 | GNUNET_free (enc); |
82 | 89 | ||
83 | /* try ordinary sig first */ | 90 | /* try ordinary sig first */ |
84 | sig = GNUNET_CRYPTO_rsa_sign_fdh (priv, | 91 | sig = GNUNET_CRYPTO_rsa_sign_fdh (priv, |
85 | &hash); | 92 | &hash, |
93 | sizeof (hash)); | ||
86 | sig_copy = GNUNET_CRYPTO_rsa_signature_dup (sig); | 94 | sig_copy = GNUNET_CRYPTO_rsa_signature_dup (sig); |
87 | GNUNET_assert (NULL != sig); | 95 | GNUNET_assert (NULL != sig); |
88 | GNUNET_assert (0 == GNUNET_CRYPTO_rsa_signature_cmp (sig, sig_copy)); | 96 | GNUNET_assert (0 == GNUNET_CRYPTO_rsa_signature_cmp (sig, |
97 | sig_copy)); | ||
89 | pub_copy = GNUNET_CRYPTO_rsa_public_key_dup (pub); | 98 | pub_copy = GNUNET_CRYPTO_rsa_public_key_dup (pub); |
90 | GNUNET_assert (NULL != pub_copy); | 99 | GNUNET_assert (NULL != pub_copy); |
91 | GNUNET_assert (GNUNET_OK == | 100 | GNUNET_assert (GNUNET_OK == |
92 | GNUNET_CRYPTO_rsa_verify (&hash, sig, pub_copy)); | 101 | GNUNET_CRYPTO_rsa_verify (&hash, |
102 | sizeof (hash), | ||
103 | sig, | ||
104 | pub_copy)); | ||
93 | { | 105 | { |
94 | void *buf; | 106 | void *buf; |
95 | size_t buf_size; | 107 | size_t buf_size; |
@@ -107,38 +119,48 @@ main (int argc, | |||
107 | buf_size); | 119 | buf_size); |
108 | GNUNET_free (buf); | 120 | GNUNET_free (buf); |
109 | GNUNET_assert (GNUNET_OK == | 121 | GNUNET_assert (GNUNET_OK == |
110 | GNUNET_CRYPTO_rsa_verify (&hash, sig2, pub2)); | 122 | GNUNET_CRYPTO_rsa_verify (&hash, |
123 | sizeof (hash), | ||
124 | sig2, | ||
125 | pub2)); | ||
111 | GNUNET_CRYPTO_rsa_public_key_free (pub2); | 126 | GNUNET_CRYPTO_rsa_public_key_free (pub2); |
112 | GNUNET_CRYPTO_rsa_signature_free (sig2); | 127 | GNUNET_CRYPTO_rsa_signature_free (sig2); |
113 | } | 128 | } |
114 | /* corrupt our hash and see if the signature is still valid */ | 129 | /* corrupt our hash and see if the signature is still valid */ |
115 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &hash, | 130 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, |
116 | sizeof(struct GNUNET_HashCode)); | 131 | &hash, |
117 | GNUNET_assert (GNUNET_OK != GNUNET_CRYPTO_rsa_verify (&hash, | 132 | sizeof(hash)); |
118 | sig, | 133 | GNUNET_assert (GNUNET_OK != |
119 | pub)); | 134 | GNUNET_CRYPTO_rsa_verify (&hash, |
120 | (void) fprintf (stderr, "The above warning is expected.\n"); | 135 | sizeof (hash), |
136 | sig, | ||
137 | pub)); | ||
138 | (void) fprintf (stderr, | ||
139 | "The above warning is expected.\n"); | ||
121 | GNUNET_CRYPTO_rsa_signature_free (sig); | 140 | GNUNET_CRYPTO_rsa_signature_free (sig); |
122 | 141 | ||
123 | /* test blind signing */ | 142 | /* test blind signing */ |
124 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, | 143 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, |
125 | &bsec, | 144 | &bsec, |
126 | sizeof(bsec)); | 145 | sizeof(bsec)); |
146 | struct GNUNET_CRYPTO_RsaBlindedMessage bm; | ||
127 | GNUNET_CRYPTO_rsa_blind (&hash, | 147 | GNUNET_CRYPTO_rsa_blind (&hash, |
148 | sizeof (hash), | ||
128 | &bsec, | 149 | &bsec, |
129 | pub, | 150 | pub, |
130 | &blind_buf, &bsize); | 151 | &bm); |
131 | GNUNET_assert (0 != bsize); | ||
132 | bsig = GNUNET_CRYPTO_rsa_sign_blinded (priv, | 152 | bsig = GNUNET_CRYPTO_rsa_sign_blinded (priv, |
133 | blind_buf, | 153 | &bm); |
134 | bsize); | 154 | GNUNET_CRYPTO_rsa_blinded_message_free (&bm); |
135 | GNUNET_free (blind_buf); | ||
136 | sig = GNUNET_CRYPTO_rsa_unblind (bsig, | 155 | sig = GNUNET_CRYPTO_rsa_unblind (bsig, |
137 | &bsec, | 156 | &bsec, |
138 | pub); | 157 | pub); |
139 | GNUNET_CRYPTO_rsa_signature_free (bsig); | 158 | GNUNET_CRYPTO_rsa_signature_free (bsig); |
140 | GNUNET_assert (GNUNET_OK == | 159 | GNUNET_assert (GNUNET_OK == |
141 | GNUNET_CRYPTO_rsa_verify (&hash, sig, pub)); | 160 | GNUNET_CRYPTO_rsa_verify (&hash, |
161 | sizeof (hash), | ||
162 | sig, | ||
163 | pub)); | ||
142 | GNUNET_CRYPTO_rsa_signature_free (sig); | 164 | GNUNET_CRYPTO_rsa_signature_free (sig); |
143 | GNUNET_CRYPTO_rsa_signature_free (sig_copy); | 165 | GNUNET_CRYPTO_rsa_signature_free (sig_copy); |
144 | GNUNET_CRYPTO_rsa_private_key_free (priv); | 166 | GNUNET_CRYPTO_rsa_private_key_free (priv); |
diff --git a/src/service/rest/gnunet-rest-server.c b/src/service/rest/gnunet-rest-server.c index 7cc4025b0..c4b59de96 100644 --- a/src/service/rest/gnunet-rest-server.c +++ b/src/service/rest/gnunet-rest-server.c | |||
@@ -1028,6 +1028,7 @@ do_shutdown (void *cls) | |||
1028 | kill_httpd (); | 1028 | kill_httpd (); |
1029 | GNUNET_free (allow_credentials); | 1029 | GNUNET_free (allow_credentials); |
1030 | GNUNET_free (allow_headers); | 1030 | GNUNET_free (allow_headers); |
1031 | MHD_destroy_response (failure_response); | ||
1031 | } | 1032 | } |
1032 | 1033 | ||
1033 | 1034 | ||
@@ -1145,10 +1146,10 @@ setup_plugin (const char *name, | |||
1145 | */ | 1146 | */ |
1146 | static void | 1147 | static void |
1147 | run (void *cls, | 1148 | run (void *cls, |
1148 | char *const *args, | 1149 | const struct GNUNET_CONFIGURATION_Handle *c, |
1149 | const char *cfgfile, | 1150 | struct GNUNET_SERVICE_Handle *service) |
1150 | const struct GNUNET_CONFIGURATION_Handle *c) | ||
1151 | { | 1151 | { |
1152 | static const char *err_page = "{}"; | ||
1152 | char *addr_str; | 1153 | char *addr_str; |
1153 | char *basic_auth_file; | 1154 | char *basic_auth_file; |
1154 | uint64_t secret; | 1155 | uint64_t secret; |
@@ -1156,6 +1157,9 @@ run (void *cls, | |||
1156 | cfg = c; | 1157 | cfg = c; |
1157 | plugins_head = NULL; | 1158 | plugins_head = NULL; |
1158 | plugins_tail = NULL; | 1159 | plugins_tail = NULL; |
1160 | failure_response = MHD_create_response_from_buffer (strlen (err_page), | ||
1161 | (void *) err_page, | ||
1162 | MHD_RESPMEM_PERSISTENT); | ||
1159 | /* Get port to bind to */ | 1163 | /* Get port to bind to */ |
1160 | if (GNUNET_OK != | 1164 | if (GNUNET_OK != |
1161 | GNUNET_CONFIGURATION_get_value_number (cfg, "rest", "HTTP_PORT", &port)) | 1165 | GNUNET_CONFIGURATION_get_value_number (cfg, "rest", "HTTP_PORT", &port)) |
@@ -1419,42 +1423,6 @@ run (void *cls, | |||
1419 | } | 1423 | } |
1420 | 1424 | ||
1421 | 1425 | ||
1422 | /** | 1426 | GNUNET_DAEMON_MAIN("rest", _("GNUnet REST service"), &run) |
1423 | * | ||
1424 | * The main function for gnunet-rest-service | ||
1425 | * | ||
1426 | * @param argc number of arguments from the cli | ||
1427 | * @param argv command line arguments | ||
1428 | * @return 0 ok, 1 on error | ||
1429 | * | ||
1430 | */ | ||
1431 | int | ||
1432 | main (int argc, char *const *argv) | ||
1433 | { | ||
1434 | struct GNUNET_GETOPT_CommandLineOption options[] = | ||
1435 | { GNUNET_GETOPT_OPTION_END }; | ||
1436 | static const char *err_page = "{}"; | ||
1437 | int ret; | ||
1438 | |||
1439 | if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv)) | ||
1440 | return 2; | ||
1441 | GNUNET_log_setup ("gnunet-rest-server", "WARNING", NULL); | ||
1442 | failure_response = MHD_create_response_from_buffer (strlen (err_page), | ||
1443 | (void *) err_page, | ||
1444 | MHD_RESPMEM_PERSISTENT); | ||
1445 | ret = (GNUNET_OK == GNUNET_PROGRAM_run (argc, | ||
1446 | argv, | ||
1447 | "gnunet-rest-server", | ||
1448 | _ ("GNUnet REST server"), | ||
1449 | options, | ||
1450 | &run, | ||
1451 | NULL)) | ||
1452 | ? 0 | ||
1453 | : 1; | ||
1454 | MHD_destroy_response (failure_response); | ||
1455 | GNUNET_free_nz ((char *) argv); | ||
1456 | return ret; | ||
1457 | } | ||
1458 | |||
1459 | 1427 | ||
1460 | /* end of gnunet-rest-server.c */ | 1428 | /* end of gnunet-rest-server.c */ |
diff --git a/src/service/rest/reclaim_plugin.c b/src/service/rest/reclaim_plugin.c index 677a6a676..e1afce00b 100644 --- a/src/service/rest/reclaim_plugin.c +++ b/src/service/rest/reclaim_plugin.c | |||
@@ -1435,7 +1435,8 @@ list_ego (void *cls, | |||
1435 | 1435 | ||
1436 | 1436 | ||
1437 | enum GNUNET_GenericReturnValue | 1437 | enum GNUNET_GenericReturnValue |
1438 | REST_reclaim_process_request (struct GNUNET_REST_RequestHandle *rest_handle, | 1438 | REST_reclaim_process_request (void *plugin, |
1439 | struct GNUNET_REST_RequestHandle *rest_handle, | ||
1439 | GNUNET_REST_ResultProcessor proc, | 1440 | GNUNET_REST_ResultProcessor proc, |
1440 | void *proc_cls) | 1441 | void *proc_cls) |
1441 | { | 1442 | { |
diff --git a/src/service/transport/gnunet-service-transport.c b/src/service/transport/gnunet-service-transport.c index 445faf9f6..0eded2d39 100644 --- a/src/service/transport/gnunet-service-transport.c +++ b/src/service/transport/gnunet-service-transport.c | |||
@@ -8655,7 +8655,6 @@ handle_hello_for_incoming (void *cls, | |||
8655 | const char *emsg) | 8655 | const char *emsg) |
8656 | { | 8656 | { |
8657 | struct GNUNET_HELLO_Builder *builder; | 8657 | struct GNUNET_HELLO_Builder *builder; |
8658 | struct GNUNET_PeerIdentity *pid; | ||
8659 | 8658 | ||
8660 | if (NULL != emsg) | 8659 | if (NULL != emsg) |
8661 | { | 8660 | { |
@@ -8667,12 +8666,10 @@ handle_hello_for_incoming (void *cls, | |||
8667 | if (0 == GNUNET_memcmp (peer, &GST_my_identity)) | 8666 | if (0 == GNUNET_memcmp (peer, &GST_my_identity)) |
8668 | return; | 8667 | return; |
8669 | builder = GNUNET_HELLO_builder_from_msg (hello); | 8668 | builder = GNUNET_HELLO_builder_from_msg (hello); |
8670 | pid = GNUNET_new (struct GNUNET_PeerIdentity); | ||
8671 | GNUNET_HELLO_builder_iterate (builder, | 8669 | GNUNET_HELLO_builder_iterate (builder, |
8672 | pid, | 8670 | (struct GNUNET_PeerIdentity *) peer, |
8673 | hello_for_incoming_cb, | 8671 | hello_for_incoming_cb, |
8674 | (struct GNUNET_PeerIdentity *) peer); | 8672 | (struct GNUNET_PeerIdentity *) peer); |
8675 | GNUNET_free (pid); | ||
8676 | GNUNET_HELLO_builder_free (builder); | 8673 | GNUNET_HELLO_builder_free (builder); |
8677 | } | 8674 | } |
8678 | 8675 | ||
@@ -11293,7 +11290,6 @@ handle_hello_for_client (void *cls, | |||
11293 | { | 11290 | { |
11294 | (void) cls; | 11291 | (void) cls; |
11295 | struct GNUNET_HELLO_Builder *builder; | 11292 | struct GNUNET_HELLO_Builder *builder; |
11296 | struct GNUNET_PeerIdentity *pid; | ||
11297 | 11293 | ||
11298 | if (NULL != emsg) | 11294 | if (NULL != emsg) |
11299 | { | 11295 | { |
@@ -11305,12 +11301,10 @@ handle_hello_for_client (void *cls, | |||
11305 | if (0 == GNUNET_memcmp (peer, &GST_my_identity)) | 11301 | if (0 == GNUNET_memcmp (peer, &GST_my_identity)) |
11306 | return; | 11302 | return; |
11307 | builder = GNUNET_HELLO_builder_from_msg (hello); | 11303 | builder = GNUNET_HELLO_builder_from_msg (hello); |
11308 | pid = GNUNET_new (struct GNUNET_PeerIdentity); | ||
11309 | GNUNET_HELLO_builder_iterate (builder, | 11304 | GNUNET_HELLO_builder_iterate (builder, |
11310 | pid, | 11305 | (struct GNUNET_PeerIdentity *) peer, |
11311 | hello_for_client_cb, | 11306 | hello_for_client_cb, |
11312 | (struct GNUNET_PeerIdentity *) peer); | 11307 | (struct GNUNET_PeerIdentity *) peer); |
11313 | GNUNET_free (pid); | ||
11314 | GNUNET_HELLO_builder_free (builder); | 11308 | GNUNET_HELLO_builder_free (builder); |
11315 | } | 11309 | } |
11316 | 11310 | ||