AgeCommit message (Collapse)Author
2022-05-10- cleanupdev/trizuz/oidc_RSA256Tristan Schwieren
2022-05-10-variable change in user handbookTristan Schwieren
2022-05-06- fix missing key file bug and add testTristan Schwieren
2022-05-04- true/false flip bug while reading oidc configTristan Schwieren
2022-04-21- jwa option RSA/HMACTristan Schwieren
2022-04-21- generate valid token respoise with RS256 signatureTristan Schwieren
2022-04-13-messy attempt using JWSTristan Schwieren
2022-04-13-apply feedbackTristan Schwieren
2022-04-12- working read/write of JWK keyTristan Schwieren
2022-04-12- filename extra / errorTristan Schwieren
2022-04-12- working oids_rsa read/write without loggingTristan Schwieren
2022-04-11-not working file write/readTristan Schwieren
2022-04-11change to jose libraryTristan Schwieren
2022-04-11-init oidc RSA256 featureTristan Schwieren
2022-04-06-fix MHD detectionChristian Grothoff
2022-04-05-fix messenger renamingTheJackiMonster
Signed-off-by: TheJackiMonster <>
2022-04-05add flag to return 'not present' status from GNUNET_JSON_spec_mark_optionalChristian Grothoff
2022-04-04-fixMartin Schanzenbach
2022-04-04UTIL: OpenBSD does not implement unsafe srandomMartin Schanzenbach
2022-04-04BUILD: Simplify mhd detectionMartin Schanzenbach
2022-04-04Merge branch 'master' of ssh://
2022-04-04-typoChristian Grothoff
2022-04-03Merge branch 'master' of ssh://
2022-04-03Merge branch 'master' of ssh://
2022-04-02-add include for type fd_setTheJackiMonster
Signed-off-by: TheJackiMonster <>
2022-04-02-implement messenger key update, fix ego store operationsTheJackiMonster
Signed-off-by: TheJackiMonster <>
2022-04-02-unusedMartin Schanzenbach
2022-04-01- Introduced check, if we need to rebuild a DV box, because we have a ↵t3sserakt
different path. - Bug fix when freeing PendingMessage structs, in case of more complex hierarchies of pending messages. E.g. root msg -> DV Box -> reliability box. - Bug fix in backtalker logic. - Change logic, if MTU changes to keep already computed fragments. - Introduced a retry delay, if pending messages are not ready again. - Added schedule_transmit_on_queue, if communicator tells us about having capacity again. - Bug fixed in store request sent callback. - Some smaller bug fixes.
2022-04-01-fixMartin Schanzenbach
2022-04-01-portability openbsdMartin Schanzenbach
2022-04-01-fix !tarballMartin Schanzenbach
2022-03-31-portability fixesMartin Schanzenbach
2022-03-30-fix bogus free bugsChristian Grothoff
2022-03-30-style fixes, no semantic changesChristian Grothoff
2022-03-30-logging, minor memory leak fixChristian Grothoff
2022-03-29-changelog housekeepingv0.16.3Martin Schanzenbach
2022-03-29-update testvector generationMartin Schanzenbach
2022-03-29-add assertion againMartin Schanzenbach
2022-03-29GNS: Do not fail on assertions in block processingMartin Schanzenbach
2022-03-29-fixMartin Schanzenbach
2022-03-28-fix leak in edx25519Özgür Kesim
2022-03-27Edx25519 implementedÖzgür Kesim
Edx25519 is a variant of EdDSA on curve25519 which allows for repeated derivation of private and public keys, independently. The private keys in Edx25519 initially correspond to the data after expansion and clamping in EdDSA. However, this correspondence is lost after deriving further keys from existing ones. The public keys and signature verification are compatible with EdDSA. The ability to repeatedly derive key material is used for example in the context of age restriction in GNU Taler. The scheme that has been implemented is as follows: /* Private keys in Edx25519 are pairs (a, b) of 32 byte each. * Initially they correspond to the result of the expansion * and clamping in EdDSA. */ Edx25519_generate_private(seed) { /* EdDSA expand and clamp */ dh := SHA-512(seed) a := dh[0..31] b := dh[32..64] a[0] &= 0b11111000 a[31] &= 0b01111111 a[31] |= 0b01000000 return (a, b) } Edx25519_public_from_private(private) { /* Public keys are the same as in EdDSA */ (a, _) := private return [a] * G } Edx25519_blinding_factor(P, seed) { /* This is a helper function used in the derivation of * private/public keys from existing ones. */ h1 := HKDF_32(P, seed) /* Ensure that h == h % L */ h := h1 % L /* Optionally: Make sure that we don't create weak keys. */ P' := [h] * P if !( (h!=1) && (h!=0) && (P'!=E) ) { return Edx25519_blinding_factor(P, seed+1) } return h } Edx25519_derive_private(private, seed) { /* This is based on the definition in * GNUNET_CRYPTO_eddsa_private_key_derive. But it accepts * and returns a private pair (a, b) and allows for iteration. */ (a, b) := private P := Edx25519_public_key_from_private(private) h := Edx25519_blinding_factor(P, seed) /* Carefully calculate the new value for a */ a1 := a / 8; a2 := (h * a1) % L a' := (a2 * 8) % L /* Update b as well, binding it to h. This is an additional step compared to GNS. */ b' := SHA256(b ∥ h) return (a', b') } Edx25519_derive_public(P, seed) { h := Edx25519_blinding_factor(P, seed) return [h]*P } Edx25519_sign(private, message) { /* As in Ed25519, except for the origin of b */ (d, b) := private P := Edx25519_public_from_private(private) r := SHA-512(b ∥ message) R := [r] * G s := r + SHA-512(R ∥ P ∥ message) * d % L return (R,s) } Edx25519_verify(P, message, signature) { /* Identical to Ed25519 */ (R, s) := signature return [s] * G == R + [SHA-512(R ∥ P ∥ message)] * P }
2022-03-27GNS: Sanitize APIs and align with LSD0001Martin Schanzenbach
2022-03-26add GNUNET_TIME_absolute_round_down() functionChristian Grothoff
2022-03-25-do not use potentially old version stringMartin Schanzenbach
2022-03-25-actual fixMartin Schanzenbach
2022-03-25-fixMartin Schanzenbach
2022-03-25Remove bash-ism from get_version.shDavid Barksdale
2022-03-21-init uninitChristian Grothoff
2022-03-21-fix FTBFSChristian Grothoff