aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* -update testvector generationMartin Schanzenbach2022-03-29
|
* -add assertion againMartin Schanzenbach2022-03-29
|
* GNS: Do not fail on assertions in block processingMartin Schanzenbach2022-03-29
|
* -fixMartin Schanzenbach2022-03-29
|
* -fix leak in edx25519Özgür Kesim2022-03-28
|
* Edx25519 implementedÖzgür Kesim2022-03-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Edx25519 is a variant of EdDSA on curve25519 which allows for repeated derivation of private and public keys, independently. The private keys in Edx25519 initially correspond to the data after expansion and clamping in EdDSA. However, this correspondence is lost after deriving further keys from existing ones. The public keys and signature verification are compatible with EdDSA. The ability to repeatedly derive key material is used for example in the context of age restriction in GNU Taler. The scheme that has been implemented is as follows: /* Private keys in Edx25519 are pairs (a, b) of 32 byte each. * Initially they correspond to the result of the expansion * and clamping in EdDSA. */ Edx25519_generate_private(seed) { /* EdDSA expand and clamp */ dh := SHA-512(seed) a := dh[0..31] b := dh[32..64] a[0] &= 0b11111000 a[31] &= 0b01111111 a[31] |= 0b01000000 return (a, b) } Edx25519_public_from_private(private) { /* Public keys are the same as in EdDSA */ (a, _) := private return [a] * G } Edx25519_blinding_factor(P, seed) { /* This is a helper function used in the derivation of * private/public keys from existing ones. */ h1 := HKDF_32(P, seed) /* Ensure that h == h % L */ h := h1 % L /* Optionally: Make sure that we don't create weak keys. */ P' := [h] * P if !( (h!=1) && (h!=0) && (P'!=E) ) { return Edx25519_blinding_factor(P, seed+1) } return h } Edx25519_derive_private(private, seed) { /* This is based on the definition in * GNUNET_CRYPTO_eddsa_private_key_derive. But it accepts * and returns a private pair (a, b) and allows for iteration. */ (a, b) := private P := Edx25519_public_key_from_private(private) h := Edx25519_blinding_factor(P, seed) /* Carefully calculate the new value for a */ a1 := a / 8; a2 := (h * a1) % L a' := (a2 * 8) % L /* Update b as well, binding it to h. This is an additional step compared to GNS. */ b' := SHA256(b ∥ h) return (a', b') } Edx25519_derive_public(P, seed) { h := Edx25519_blinding_factor(P, seed) return [h]*P } Edx25519_sign(private, message) { /* As in Ed25519, except for the origin of b */ (d, b) := private P := Edx25519_public_from_private(private) r := SHA-512(b ∥ message) R := [r] * G s := r + SHA-512(R ∥ P ∥ message) * d % L return (R,s) } Edx25519_verify(P, message, signature) { /* Identical to Ed25519 */ (R, s) := signature return [s] * G == R + [SHA-512(R ∥ P ∥ message)] * P }
* GNS: Sanitize APIs and align with LSD0001Martin Schanzenbach2022-03-27
|
* add GNUNET_TIME_absolute_round_down() functionChristian Grothoff2022-03-26
|
* -init uninitChristian Grothoff2022-03-21
|
* -fix FTBFSChristian Grothoff2022-03-21
|
* Merge branch 'master' of git+ssh://git.gnunet.org/gnunetMartin Schanzenbach2022-03-21
|\
| * -add gns record type handling for messenger room detailsTheJackiMonster2022-03-21
| | | | | | | | Signed-off-by: TheJackiMonster <thejackimonster@gmail.com>
* | NAMESTORE: Towards new transaction-based APIMartin Schanzenbach2022-03-21
|/
* add new approximate time cmp functionChristian Grothoff2022-03-21
|
* -fix distv0.16.2Martin Schanzenbach2022-03-19
|
* -forgot test fileMartin Schanzenbach2022-03-18
|
* GNS: Fix BOX handling in apexMartin Schanzenbach2022-03-18
|
* Merge branch 'master' of git+ssh://git.gnunet.org/gnunetMartin Schanzenbach2022-03-17
|\
| * Merge branch 'master' of ssh://git.gnunet.org/gnunett3sserakt2022-03-17
| |\
| * | - Trying to exchange iptables with nft, first shot failed.t3sserakt2022-03-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Fixed small bug in UDP communicator. - Fixed bug in DV circle test case - Introduced a default value to wait for a reliability ack. - Introduced a FC retransmission threshold together with a retransmission count. - Introduced a original size value for TransportDVBoxMessage - Checking if we have the root pending messge, when removing the pending message from virtual link. - Added delay value to schedule_transmit_on_queue to wait for retransmitting. - Checking for confirmed virtual link, before routing. - Allow unconfirmed queues or DV routes when doing dv encapsulation for control traffic. - Changed check_vl_transmission to also check window size for DV next hop peer. - Fixed fragment box handling to also handle reliability boxed message which needed to be fragmented. - Fixed completing a message which was not only fragmented but also DV boxed. - Added logic to notify core about a new virtual link using distance vector without having validated next neighbour. - Added logic to create a virtual link to handle flow control messages. - fixed several smaller bugs in fragmentation logic. - Changed logic for adding the next_attempt value of PendingMessage.
* | | GNS: Fix BOX service port handling in NBOMartin Schanzenbach2022-03-17
| |/ |/|
* | -cov fixesMartin Schanzenbach2022-03-16
| |
* | -better lock handling/refactoring !coverityMartin Schanzenbach2022-03-16
| |
* | -actually lock label of a zone, not all labelsMartin Schanzenbach2022-03-16
| |
* | NAMESTORE: Add record set blocking APIMartin Schanzenbach2022-03-16
| | | | | | | | | | | | | | New API that allows the caller to reserve the mofification of a record set under a label. The record set cannot be modified by other clients until released.
* | -fix namestore testsMartin Schanzenbach2022-03-16
| |
* | -fix crash when member left messenger roomTheJackiMonster2022-03-15
| | | | | | | | Signed-off-by: TheJackiMonster <thejackimonster@gmail.com>
* | NAMESTORE: Prevent storing records under invalid labelsMartin Schanzenbach2022-03-15
| |
* | slightly beautify algChristian Grothoff2022-03-14
| |
* | implement nicer path truncation where we keep the part of the path that did ↵Christian Grothoff2022-03-14
| | | | | | | | verify
* | -add sanity check on local inputs, fix assertionChristian Grothoff2022-03-12
| |
* | -remove broken path trunction logicChristian Grothoff2022-03-12
| |
* | -move function to more logical place, no semantic changeChristian Grothoff2022-03-12
| |
* | -fix interpretation of return value after block API changeChristian Grothoff2022-03-12
| |
* | consider HELLOs also from PUTs, remove exact duplicates even if block type ↵Christian Grothoff2022-03-12
| | | | | | | | is unknown
* | truncate paths if sigs are bad instead of just discarding the messageChristian Grothoff2022-03-12
| |
* | only hash over PID, not full HELLO URL when checking for duplicate HELLO blocksChristian Grothoff2022-03-12
| |
* | revise block API to match latest DHT specsChristian Grothoff2022-03-12
| |
* | -fix dist buildMartin Schanzenbach2022-03-08
| |
* | -better handling of tng netnsMartin Schanzenbach2022-03-07
| |
* | -use nft instead of iptables for netjailMartin Schanzenbach2022-03-07
| |
* | -simplifyMartin Schanzenbach2022-03-05
| |
* | FS: Fix segfault in URI handlingMartin Schanzenbach2022-03-05
| |
* | GNS: Fix including proxy test in make dist. Addresses issue #7182Martin Schanzenbach2022-03-04
| |
* | -changelog housekeeping; namestore messagev0.16.1Martin Schanzenbach2022-03-04
| |
* | -modify some settings for better defaultsMartin Schanzenbach2022-03-04
| |
* | -fixMartin Schanzenbach2022-03-04
| |
* | -make coverity happier !coverityMartin Schanzenbach2022-03-04
| |
* | NAMESTORE: Warn use of low relative expiration timesMartin Schanzenbach2022-03-04
| |
* | NAMESTORE: Do not display label for TOMBSTONE only record setsMartin Schanzenbach2022-03-03
| |
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 22:09:36 +0000