| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
This also includes a necessary API refactoring of crypto from IDENTITY
to UTIL.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This inserts a dedicated dummy marker task at the end of the ready queue at
the start of a pass. Because this marker task isn't visible to users of the
scheduler, it can't be canceled while the pass is being run. Additionally,
switching which ready queue is being run partway through by scheduling a
higher-priority task to immediately run also places this dummy marker. This
resolves both erroneous cases by which a pass can accidentally run an
unbounded number of tasks.
This also modifies GNUNET_SCHEDULER_get_load to not be misled by this extra
dummy task, and adds the now-passing test cases to the test suite.
Signed-off-by: Christian Grothoff <christian@grothoff.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These demonstrate a bug in the scheduler by which a task can prevent any other
task from running for an arbitrarily long time despite regularly yielding to
the scheduler. It is caused by a faulty check in GNUNET_SCHEDULER_do_work
that assumes that the task that was the last in the queue when the pass began
will still be in the same relative position when the pass ends, and uses this
assumption to detect the end of the current pass. This assumption fails when
the last task of the current pass is canceled after the pass has started. It
also fails when we schedule a higher-priority task to run immediately, causing
work_priority to immediately switch such that we now process a queue that
doesn't contain the pass-ending task we're looking for.
These tests are built, but not run by 'make check' yet, since they currently
fail. You can manually verify that they do currently fail.
Signed-off-by: Christian Grothoff <christian@grothoff.org>
|
| |
|
|
|
|
|
| |
Those are not really user-facing programs and not fully documented (i.e. no
man pages) so they should go into libexec.
|
| |
|
|
|
|
| |
defines used in headers
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Edx25519 is a variant of EdDSA on curve25519 which allows for repeated
derivation of private and public keys, independently. The private keys
in Edx25519 initially correspond to the data after expansion and
clamping in EdDSA. However, this correspondence is lost after deriving
further keys from existing ones. The public keys and signature
verification are compatible with EdDSA.
The ability to repeatedly derive key material is used for example in the
context of age restriction in GNU Taler.
The scheme that has been implemented is as follows:
/* Private keys in Edx25519 are pairs (a, b) of 32 byte each.
* Initially they correspond to the result of the expansion
* and clamping in EdDSA.
*/
Edx25519_generate_private(seed) {
/* EdDSA expand and clamp */
dh := SHA-512(seed)
a := dh[0..31]
b := dh[32..64]
a[0] &= 0b11111000
a[31] &= 0b01111111
a[31] |= 0b01000000
return (a, b)
}
Edx25519_public_from_private(private) {
/* Public keys are the same as in EdDSA */
(a, _) := private
return [a] * G
}
Edx25519_blinding_factor(P, seed) {
/* This is a helper function used in the derivation of
* private/public keys from existing ones. */
h1 := HKDF_32(P, seed)
/* Ensure that h == h % L */
h := h1 % L
/* Optionally: Make sure that we don't create weak keys. */
P' := [h] * P
if !( (h!=1) && (h!=0) && (P'!=E) ) {
return Edx25519_blinding_factor(P, seed+1)
}
return h
}
Edx25519_derive_private(private, seed) {
/* This is based on the definition in
* GNUNET_CRYPTO_eddsa_private_key_derive. But it accepts
* and returns a private pair (a, b) and allows for iteration.
*/
(a, b) := private
P := Edx25519_public_key_from_private(private)
h := Edx25519_blinding_factor(P, seed)
/* Carefully calculate the new value for a */
a1 := a / 8;
a2 := (h * a1) % L
a' := (a2 * 8) % L
/* Update b as well, binding it to h.
This is an additional step compared to GNS. */
b' := SHA256(b ∥ h)
return (a', b')
}
Edx25519_derive_public(P, seed) {
h := Edx25519_blinding_factor(P, seed)
return [h]*P
}
Edx25519_sign(private, message) {
/* As in Ed25519, except for the origin of b */
(d, b) := private
P := Edx25519_public_from_private(private)
r := SHA-512(b ∥ message)
R := [r] * G
s := r + SHA-512(R ∥ P ∥ message) * d % L
return (R,s)
}
Edx25519_verify(P, message, signature) {
/* Identical to Ed25519 */
(R, s) := signature
return [s] * G == R + [SHA-512(R ∥ P ∥ message)] * P
}
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
with the same prefix name
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
GNS and GNSRECORD can now handle EdDSA keys
in addition to the existing ECDSA scheme.
See also LSD0001.
|
| |
|
| |
|
|
|
|
| |
libgcrypt versions (>=1.9.0)
|
| |
|
|
|
|
| |
overwrite existing files; also change the return value to not return the size of the written file but GNUNET_OK on success, and integrate creating the directory if needed; breaks API, hence bumping libgnunetutil version
|
| |
|
|
|
|
|
| |
This commit also bumps the version of libgnunetutil, due to the spell
checking fix to xts in rsa (un)blinding.
|
| |
|
|
|
|
| |
and NSE
|
| |
|
| |
|
|
|
|
| |
(modulo actually finding specific places where this SHOULD be used instead of GNUNET_memcmp)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This leads to some performance improvements and makes it easier to write
software that interoperates with GNUnet / GNU Taler. It also avoids
using the rather inconvenient libgcrypt APIs. We still need to keep
libgcrypt though, as we need it for RSA, ECDSA and some other
primitives.
This change is still behind a #define NEW_CRYPTO, as it is a breaking
change for both EdDSA (removing the superfluous additional hash) and for
ECDHE (using Curve25519 instead of Ed25519).
|
| |
|
| |
|
|
|
|
|
| |
no idea if it's really required, but at the very least
we need to be able to point to the X11 root.
|
|
|
|
|
|
|
|
|
| |
files.
configures and builds okay.
testsuite wasn't checked, will be checked.
diff including the plibc removal is now around 14370 lines of code less.
|