Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Edx25519 implemented | Özgür Kesim | 2022-03-27 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Edx25519 is a variant of EdDSA on curve25519 which allows for repeated derivation of private and public keys, independently. The private keys in Edx25519 initially correspond to the data after expansion and clamping in EdDSA. However, this correspondence is lost after deriving further keys from existing ones. The public keys and signature verification are compatible with EdDSA. The ability to repeatedly derive key material is used for example in the context of age restriction in GNU Taler. The scheme that has been implemented is as follows: /* Private keys in Edx25519 are pairs (a, b) of 32 byte each. * Initially they correspond to the result of the expansion * and clamping in EdDSA. */ Edx25519_generate_private(seed) { /* EdDSA expand and clamp */ dh := SHA-512(seed) a := dh[0..31] b := dh[32..64] a[0] &= 0b11111000 a[31] &= 0b01111111 a[31] |= 0b01000000 return (a, b) } Edx25519_public_from_private(private) { /* Public keys are the same as in EdDSA */ (a, _) := private return [a] * G } Edx25519_blinding_factor(P, seed) { /* This is a helper function used in the derivation of * private/public keys from existing ones. */ h1 := HKDF_32(P, seed) /* Ensure that h == h % L */ h := h1 % L /* Optionally: Make sure that we don't create weak keys. */ P' := [h] * P if !( (h!=1) && (h!=0) && (P'!=E) ) { return Edx25519_blinding_factor(P, seed+1) } return h } Edx25519_derive_private(private, seed) { /* This is based on the definition in * GNUNET_CRYPTO_eddsa_private_key_derive. But it accepts * and returns a private pair (a, b) and allows for iteration. */ (a, b) := private P := Edx25519_public_key_from_private(private) h := Edx25519_blinding_factor(P, seed) /* Carefully calculate the new value for a */ a1 := a / 8; a2 := (h * a1) % L a' := (a2 * 8) % L /* Update b as well, binding it to h. This is an additional step compared to GNS. */ b' := SHA256(b ∥ h) return (a', b') } Edx25519_derive_public(P, seed) { h := Edx25519_blinding_factor(P, seed) return [h]*P } Edx25519_sign(private, message) { /* As in Ed25519, except for the origin of b */ (d, b) := private P := Edx25519_public_from_private(private) r := SHA-512(b ∥ message) R := [r] * G s := r + SHA-512(R ∥ P ∥ message) * d % L return (R,s) } Edx25519_verify(P, message, signature) { /* Identical to Ed25519 */ (R, s) := signature return [s] * G == R + [SHA-512(R ∥ P ∥ message)] * P } | ||
* | GNS: Sanitize APIs and align with LSD0001 | Martin Schanzenbach | 2022-03-27 |
| | |||
* | add GNUNET_TIME_absolute_round_down() function | Christian Grothoff | 2022-03-26 |
| | |||
* | Merge branch 'master' of git+ssh://git.gnunet.org/gnunet | Martin Schanzenbach | 2022-03-21 |
|\ | |||
| * | -add gns record type handling for messenger room details | TheJackiMonster | 2022-03-21 |
| | | | | | | | | Signed-off-by: TheJackiMonster <thejackimonster@gmail.com> | ||
* | | NAMESTORE: Towards new transaction-based API | Martin Schanzenbach | 2022-03-21 |
|/ | |||
* | add new approximate time cmp function | Christian Grothoff | 2022-03-21 |
| | |||
* | NAMESTORE: Add record set blocking API | Martin Schanzenbach | 2022-03-16 |
| | | | | | | | New API that allows the caller to reserve the mofification of a record set under a label. The record set cannot be modified by other clients until released. | ||
* | NAMESTORE: Prevent storing records under invalid labels | Martin Schanzenbach | 2022-03-15 |
| | |||
* | consider HELLOs also from PUTs, remove exact duplicates even if block type ↵ | Christian Grothoff | 2022-03-12 |
| | | | | is unknown | ||
* | revise block API to match latest DHT specs | Christian Grothoff | 2022-03-12 |
| | |||
* | -remove query hash from what is being signed over | Christian Grothoff | 2022-02-26 |
| | |||
* | -hack up GET/PUT signatures, still broken by design | Christian Grothoff | 2022-02-26 |
| | |||
* | add GNUNET_B2S() macro; fix dht_line_test: we sign over query_hash, not ↵ | Christian Grothoff | 2022-02-25 |
| | | | | block key | ||
* | -fix datacache to return 2x num_closest in both directions | Christian Grothoff | 2022-02-23 |
| | |||
* | fix #7173 | Christian Grothoff | 2022-02-21 |
| | |||
* | add salt argument to GNUNET_CRYPTO_CS_r_derive() | Christian Grothoff | 2022-02-20 |
| | |||
* | -DHT: add gnunet-dht-hello for bootstrapping | Christian Grothoff | 2022-02-19 |
| | |||
* | -more work on DHTU integration | Christian Grothoff | 2022-02-19 |
| | |||
* | -conclude hello-uri implementation and test | Christian Grothoff | 2022-02-19 |
| | |||
* | incomplete first hack of new hello-uri lib | Christian Grothoff | 2022-02-19 |
| | |||
* | -also add serialization from/to block | Christian Grothoff | 2022-02-19 |
| | |||
* | first steps towards usable dhtu | Christian Grothoff | 2022-02-19 |
| | |||
* | -style fixes | Christian Grothoff | 2022-02-19 |
| | |||
* | -sanitize utf8 api a bit | Martin Schanzenbach | 2022-02-15 |
| | |||
* | Use `const` for `GNUNET_FS_file_information_get_filename()`'s only argument | madmurphy | 2022-02-10 |
| | |||
* | GNS: LSD0001 improvements | Martin Schanzenbach | 2022-02-07 |
| | | | | | | NAMESTORE: Better error handling. Fixed private record feature. GNSRECORD: Record inconsistency check for delegation and redirection records | ||
* | -remove tombstone struct | Martin Schanzenbach | 2022-02-06 |
| | |||
* | -simlify and correct tombstone logic | Martin Schanzenbach | 2022-02-06 |
| | |||
* | GNS: Implement Tombstone logic | Martin Schanzenbach | 2022-02-05 |
| | | | | | | | | GNS: Namestore zonemaster record store processing ZONEMASTER: Do not publish records if tombstone expires in the future NAMESTORE: Purge old tombstones. | ||
* | GNS: Introduce CRITICAL flag. Fixes #7169 | Martin Schanzenbach | 2022-02-03 |
| | |||
* | GNS: Rework GNS block wire format | Martin Schanzenbach | 2022-02-03 |
| | |||
* | GNS: Fix revocation wire format | Martin Schanzenbach | 2022-02-01 |
| | |||
* | - fixed bug with broadcast test. | t3sserakt | 2022-01-21 |
| | | | | | | | | | | | | | | | | - added configurable port for router in netjail_start.sh. - added key for configuring broadcast in topo.sh. - port for communicators can variable. - added variable additional_connects in GNUNET_TESTING_NetjailTopology. - additional connects can be configured in topology file. - added distance vector test with circle topology. - Reassambly for fragmentation is now stored at VirtualLink, not at Neighbour. - DV forwarding distingush between control flow and payload. - handling fragment box switch to be based on VirtualLink. - reliability box will not be handled like a fragment. - propagating next retransmission attempt variable of fragment to the root message. - check for fragmentation when adding reliability box. - several smaller bug fixes. | ||
* | GNS: Towards NFC | Martin Schanzenbach | 2022-01-18 |
| | |||
* | -remove signing from DHTU API: no longer needed | Christian Grothoff | 2022-01-10 |
| | |||
* | -DHT: add path signature verification logic; tests pass, but logic remains dead | Christian Grothoff | 2022-01-10 |
| | |||
* | -export routine for path verification (untested) | Christian Grothoff | 2022-01-10 |
| | |||
* | add more information to ensure signatures are fresh and request-specific | Christian Grothoff | 2022-01-10 |
| | |||
* | DHT: modify API and protocol messages to add path signatures, except for now ↵ | Christian Grothoff | 2022-01-09 |
| | | | | the actual signatures are just placeholders (signing and signature verification are missing) | ||
* | DHT: signed path definition (not implemented at all) | Christian Grothoff | 2022-01-09 |
| | |||
* | -some input sanitization for identity and abd | Martin Schanzenbach | 2022-01-07 |
| | |||
* | -remove gana files; now generated at bootstrap | Martin Schanzenbach | 2022-01-04 |
| | |||
* | -fix | Martin Schanzenbach | 2022-01-04 |
| | |||
* | BUILD: gnunet-signatures from gana | Martin Schanzenbach | 2022-01-04 |
| | |||
* | -DHT: clean up peer selection logic | Christian Grothoff | 2022-01-02 |
| | |||
* | -dce | Christian Grothoff | 2022-01-02 |
| | |||
* | -non-trivial refactoring/cleanup of the DHT code | Christian Grothoff | 2022-01-02 |
| | |||
* | clean up am_closest_peer and other functions | Christian Grothoff | 2022-01-02 |
| | |||
* | revise DHT hashing functions, add test logic | Christian Grothoff | 2022-01-02 |
| |