aboutsummaryrefslogtreecommitdiff
path: root/src/include
Commit message (Collapse)AuthorAge
* Edx25519 implementedÖzgür Kesim2022-03-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Edx25519 is a variant of EdDSA on curve25519 which allows for repeated derivation of private and public keys, independently. The private keys in Edx25519 initially correspond to the data after expansion and clamping in EdDSA. However, this correspondence is lost after deriving further keys from existing ones. The public keys and signature verification are compatible with EdDSA. The ability to repeatedly derive key material is used for example in the context of age restriction in GNU Taler. The scheme that has been implemented is as follows: /* Private keys in Edx25519 are pairs (a, b) of 32 byte each. * Initially they correspond to the result of the expansion * and clamping in EdDSA. */ Edx25519_generate_private(seed) { /* EdDSA expand and clamp */ dh := SHA-512(seed) a := dh[0..31] b := dh[32..64] a[0] &= 0b11111000 a[31] &= 0b01111111 a[31] |= 0b01000000 return (a, b) } Edx25519_public_from_private(private) { /* Public keys are the same as in EdDSA */ (a, _) := private return [a] * G } Edx25519_blinding_factor(P, seed) { /* This is a helper function used in the derivation of * private/public keys from existing ones. */ h1 := HKDF_32(P, seed) /* Ensure that h == h % L */ h := h1 % L /* Optionally: Make sure that we don't create weak keys. */ P' := [h] * P if !( (h!=1) && (h!=0) && (P'!=E) ) { return Edx25519_blinding_factor(P, seed+1) } return h } Edx25519_derive_private(private, seed) { /* This is based on the definition in * GNUNET_CRYPTO_eddsa_private_key_derive. But it accepts * and returns a private pair (a, b) and allows for iteration. */ (a, b) := private P := Edx25519_public_key_from_private(private) h := Edx25519_blinding_factor(P, seed) /* Carefully calculate the new value for a */ a1 := a / 8; a2 := (h * a1) % L a' := (a2 * 8) % L /* Update b as well, binding it to h. This is an additional step compared to GNS. */ b' := SHA256(b ∥ h) return (a', b') } Edx25519_derive_public(P, seed) { h := Edx25519_blinding_factor(P, seed) return [h]*P } Edx25519_sign(private, message) { /* As in Ed25519, except for the origin of b */ (d, b) := private P := Edx25519_public_from_private(private) r := SHA-512(b ∥ message) R := [r] * G s := r + SHA-512(R ∥ P ∥ message) * d % L return (R,s) } Edx25519_verify(P, message, signature) { /* Identical to Ed25519 */ (R, s) := signature return [s] * G == R + [SHA-512(R ∥ P ∥ message)] * P }
* GNS: Sanitize APIs and align with LSD0001Martin Schanzenbach2022-03-27
|
* add GNUNET_TIME_absolute_round_down() functionChristian Grothoff2022-03-26
|
* Merge branch 'master' of git+ssh://git.gnunet.org/gnunetMartin Schanzenbach2022-03-21
|\
| * -add gns record type handling for messenger room detailsTheJackiMonster2022-03-21
| | | | | | | | Signed-off-by: TheJackiMonster <thejackimonster@gmail.com>
* | NAMESTORE: Towards new transaction-based APIMartin Schanzenbach2022-03-21
|/
* add new approximate time cmp functionChristian Grothoff2022-03-21
|
* NAMESTORE: Add record set blocking APIMartin Schanzenbach2022-03-16
| | | | | | | New API that allows the caller to reserve the mofification of a record set under a label. The record set cannot be modified by other clients until released.
* NAMESTORE: Prevent storing records under invalid labelsMartin Schanzenbach2022-03-15
|
* consider HELLOs also from PUTs, remove exact duplicates even if block type ↵Christian Grothoff2022-03-12
| | | | is unknown
* revise block API to match latest DHT specsChristian Grothoff2022-03-12
|
* -remove query hash from what is being signed overChristian Grothoff2022-02-26
|
* -hack up GET/PUT signatures, still broken by designChristian Grothoff2022-02-26
|
* add GNUNET_B2S() macro; fix dht_line_test: we sign over query_hash, not ↵Christian Grothoff2022-02-25
| | | | block key
* -fix datacache to return 2x num_closest in both directionsChristian Grothoff2022-02-23
|
* fix #7173Christian Grothoff2022-02-21
|
* add salt argument to GNUNET_CRYPTO_CS_r_derive()Christian Grothoff2022-02-20
|
* -DHT: add gnunet-dht-hello for bootstrappingChristian Grothoff2022-02-19
|
* -more work on DHTU integrationChristian Grothoff2022-02-19
|
* -conclude hello-uri implementation and testChristian Grothoff2022-02-19
|
* incomplete first hack of new hello-uri libChristian Grothoff2022-02-19
|
* -also add serialization from/to blockChristian Grothoff2022-02-19
|
* first steps towards usable dhtuChristian Grothoff2022-02-19
|
* -style fixesChristian Grothoff2022-02-19
|
* -sanitize utf8 api a bitMartin Schanzenbach2022-02-15
|
* Use `const` for `GNUNET_FS_file_information_get_filename()`'s only argumentmadmurphy2022-02-10
|
* GNS: LSD0001 improvementsMartin Schanzenbach2022-02-07
| | | | | | NAMESTORE: Better error handling. Fixed private record feature. GNSRECORD: Record inconsistency check for delegation and redirection records
* -remove tombstone structMartin Schanzenbach2022-02-06
|
* -simlify and correct tombstone logicMartin Schanzenbach2022-02-06
|
* GNS: Implement Tombstone logicMartin Schanzenbach2022-02-05
| | | | | | | | GNS: Namestore zonemaster record store processing ZONEMASTER: Do not publish records if tombstone expires in the future NAMESTORE: Purge old tombstones.
* GNS: Introduce CRITICAL flag. Fixes #7169Martin Schanzenbach2022-02-03
|
* GNS: Rework GNS block wire formatMartin Schanzenbach2022-02-03
|
* GNS: Fix revocation wire formatMartin Schanzenbach2022-02-01
|
* - fixed bug with broadcast test.t3sserakt2022-01-21
| | | | | | | | | | | | | | | | - added configurable port for router in netjail_start.sh. - added key for configuring broadcast in topo.sh. - port for communicators can variable. - added variable additional_connects in GNUNET_TESTING_NetjailTopology. - additional connects can be configured in topology file. - added distance vector test with circle topology. - Reassambly for fragmentation is now stored at VirtualLink, not at Neighbour. - DV forwarding distingush between control flow and payload. - handling fragment box switch to be based on VirtualLink. - reliability box will not be handled like a fragment. - propagating next retransmission attempt variable of fragment to the root message. - check for fragmentation when adding reliability box. - several smaller bug fixes.
* GNS: Towards NFCMartin Schanzenbach2022-01-18
|
* -remove signing from DHTU API: no longer neededChristian Grothoff2022-01-10
|
* -DHT: add path signature verification logic; tests pass, but logic remains deadChristian Grothoff2022-01-10
|
* -export routine for path verification (untested)Christian Grothoff2022-01-10
|
* add more information to ensure signatures are fresh and request-specificChristian Grothoff2022-01-10
|
* DHT: modify API and protocol messages to add path signatures, except for now ↵Christian Grothoff2022-01-09
| | | | the actual signatures are just placeholders (signing and signature verification are missing)
* DHT: signed path definition (not implemented at all)Christian Grothoff2022-01-09
|
* -some input sanitization for identity and abdMartin Schanzenbach2022-01-07
|
* -remove gana files; now generated at bootstrapMartin Schanzenbach2022-01-04
|
* -fixMartin Schanzenbach2022-01-04
|
* BUILD: gnunet-signatures from ganaMartin Schanzenbach2022-01-04
|
* -DHT: clean up peer selection logicChristian Grothoff2022-01-02
|
* -dceChristian Grothoff2022-01-02
|
* -non-trivial refactoring/cleanup of the DHT codeChristian Grothoff2022-01-02
|
* clean up am_closest_peer and other functionsChristian Grothoff2022-01-02
|
* revise DHT hashing functions, add test logicChristian Grothoff2022-01-02
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-01 12:11:34 +0000