From 62cb95a862cb8d730b8c87930195332a54f26dca Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 5 Nov 2013 17:35:25 +0000 Subject: Werner Koch wrote: Hi, find attach the patch which makes all 3 test cases work with Ed25519. There are some minor hacks in the test cases to allow enabling of Libgcrypt debugging and also some minor output style changes. There is one FIXME in the code: /* FIXME: mpi_print creates an unsigned integer - is that intended or should we convert it to a signed integer (2-compl)? */ mpi_print (xbuf, sizeof (xbuf), result_x); X may be positive or negative but GCRYMPI_FMT_USG ignores the sign. Thus this is not what we actually want. Should we change it to 2-comp (GCRYMPI_FMT_STD) so that we have a proper value? Given that the curve is 255 bit this should alwas fit int the 256 bit buffer. Another option would be to use the EdDSA method for the sign but that is optimized to easily recover x and would be more work. Or we store the sign in the high bit. t all depends on what you want to write into the protocol specs. I would also like to revert the way we distinguish between Ed25519 with and without ECDSA: The way we do it right now is by assuming the Ed25519 is always used with EdDSA unless a flag has been set. This is a bit surprising and requiring the "(flags eddsa)" would be a less surprising interface. Salam-Shalom, Werner --- src/include/gnunet_crypto_lib.h | 39 +---- src/include/gnunet_plugin_lib.h | 2 +- src/util/crypto_ecc.c | 380 ++++++++++------------------------------ src/util/test_crypto_ecdhe.c | 6 +- src/util/test_crypto_ecdsa.c | 21 ++- src/util/test_crypto_eddsa.c | 21 ++- 6 files changed, 134 insertions(+), 335 deletions(-) diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 980710b19..c65c9223a 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -194,16 +194,8 @@ struct GNUNET_CRYPTO_EcdsaSignature struct GNUNET_CRYPTO_EddsaPublicKey { /** - * Q consists of an x- and a y-value, each mod p (256 bits), - * given here in affine coordinates. - * - * FIXME: this coordinate will be removed in the future (compressed point!). - */ - unsigned char q_x[256 / 8]; - - /** - * Q consists of an x- and a y-value, each mod p (256 bits), - * given here in affine coordinates. + * Q consists of an x- and a y-value, each mod p (256 bits), given + * here in affine coordinates and Ed25519 standard compact format. */ unsigned char q_y[256 / 8]; @@ -217,16 +209,10 @@ struct GNUNET_CRYPTO_EddsaPublicKey struct GNUNET_CRYPTO_EcdsaPublicKey { /** - * Q consists of an x- and a y-value, each mod p (256 bits), - * given here in affine coordinates. - * - * FIXME: this coordinate will be removed in the future (compressed point!). - */ - unsigned char q_x[256 / 8]; - - /** - * Q consists of an x- and a y-value, each mod p (256 bits), - * given here in affine coordinates. + * Q consists of an x- and a y-value, each mod p (256 bits), given + * here in affine coordinates. For the Ed25519 curve we need to + * convey the y-value along with the sign. The compact format used + * is the same as with EdDSA (little endian). */ unsigned char q_y[256 / 8]; @@ -250,19 +236,10 @@ struct GNUNET_PeerIdentity struct GNUNET_CRYPTO_EcdhePublicKey { /** - * Q consists of an x- and a y-value, each mod p (256 bits), - * given here in affine coordinates. - */ - unsigned char q_x[256 / 8]; - - /** - * Q consists of an x- and a y-value, each mod p (256 bits), - * given here in affine coordinates. - * - * FIXME: this coordinate will be removed in the future (compressed point!). + * Q consists of an x- and a y-value, each mod p (256 bits), given + * here in affine coordinates and Ed25519 standard compact format. */ unsigned char q_y[256 / 8]; - }; diff --git a/src/include/gnunet_plugin_lib.h b/src/include/gnunet_plugin_lib.h index daf1b4cca..0fccd3f97 100644 --- a/src/include/gnunet_plugin_lib.h +++ b/src/include/gnunet_plugin_lib.h @@ -57,7 +57,7 @@ typedef void *(*GNUNET_PLUGIN_Callback) (void *arg); * "library_name_init" for the test to succeed. * * @param library_name name of the plugin to test if it is installed - * @return GNUNET_YES if the plugin exists, GNUNET_NO if not + * @return #GNUNET_YES if the plugin exists, #GNUNET_NO if not */ int GNUNET_PLUGIN_test (const char *library_name); diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 9728084c9..2bd89c402 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -34,10 +34,8 @@ * structs that use 256 bits, so using a bigger curve will require * changes that break stuff badly. The name of the curve given here * must be agreed by all peers and be supported by libgcrypt. - * - * NOTE: this will change to Curve25519 before GNUnet 0.10.0. */ -#define CURVE "NIST P-256" +#define CURVE "Ed25519" #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__) @@ -148,11 +146,31 @@ mpi_print (unsigned char *buf, { size_t rsize; - rsize = size; - GNUNET_assert (0 == - gcry_mpi_print (GCRYMPI_FMT_USG, buf, rsize, &rsize, - val)); - adjust (buf, rsize, size); + if (gcry_mpi_get_flag (val, GCRYMPI_FLAG_OPAQUE)) + { + /* Store opaque MPIs left aligned into the buffer. */ + unsigned int nbits; + const void *p; + + p = gcry_mpi_get_opaque (val, &nbits); + GNUNET_assert (p); + rsize = (nbits+7)/8; + if (rsize > size) + rsize = size; + memcpy (buf, p, rsize); + if (rsize < size) + memset (buf+rsize, 0, size - rsize); + } + else + { + /* Store regular MPIs as unsigned integers right aligned into + the buffer. */ + rsize = size; + GNUNET_assert (0 == + gcry_mpi_print (GCRYMPI_FMT_USG, buf, rsize, &rsize, + val)); + adjust (buf, rsize, size); + } } @@ -191,16 +209,12 @@ static gcry_sexp_t decode_private_ecdsa_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv) { gcry_sexp_t result; - gcry_mpi_t d; int rc; - mpi_scan (&d, - priv->d, - sizeof (priv->d)); rc = gcry_sexp_build (&result, NULL, - "(private-key(ecdsa(curve \"" CURVE "\")(d %m)))", - d); - gcry_mpi_release (d); + "(private-key(ecc(curve \"" CURVE "\")" + "(flags ecdsa)(d %b)))", + (int)sizeof (priv->d), priv->d); if (0 != rc) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); @@ -228,16 +242,12 @@ static gcry_sexp_t decode_private_eddsa_key (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv) { gcry_sexp_t result; - gcry_mpi_t d; int rc; - mpi_scan (&d, - priv->d, - sizeof (priv->d)); rc = gcry_sexp_build (&result, NULL, - "(private-key(ecdsa(curve \"" CURVE "\")(d %m)))", // FIXME: eddsa soon! - d); - gcry_mpi_release (d); + "(private-key(ecc(curve \"" CURVE "\")" + "(d %b)))", + (int)sizeof (priv->d), priv->d); if (0 != rc) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); @@ -265,16 +275,12 @@ static gcry_sexp_t decode_private_ecdhe_key (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv) { gcry_sexp_t result; - gcry_mpi_t d; int rc; - mpi_scan (&d, - priv->d, - sizeof (priv->d)); rc = gcry_sexp_build (&result, NULL, - "(private-key(ecdsa(curve \"" CURVE "\")(d %m)))", // FIXME: ecdh here? - d); - gcry_mpi_release (d); + "(private-key(ecc(curve \"" CURVE "\")" + "(flags ecdsa)(d %b)))", + (int)sizeof (priv->d), priv->d); if (0 != rc) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); @@ -291,99 +297,6 @@ decode_private_ecdhe_key (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv) } -/** - * Initialize public key struct from the respective point - * on the curve. - * - * @param q point on curve - * @param pub public key struct to initialize - * @param ctx context to use for ECC operations - */ -static void -point_to_public_ecdsa_key (gcry_mpi_point_t q, - gcry_ctx_t ctx, - struct GNUNET_CRYPTO_EcdsaPublicKey *pub) -{ - gcry_mpi_t q_x; - gcry_mpi_t q_y; - - q_x = gcry_mpi_new (256); - q_y = gcry_mpi_new (256); - if (gcry_mpi_ec_get_affine (q_x, q_y, q, ctx)) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0); - return; - } - - mpi_print (pub->q_x, sizeof (pub->q_x), q_x); - mpi_print (pub->q_y, sizeof (pub->q_y), q_y); - gcry_mpi_release (q_x); - gcry_mpi_release (q_y); -} - - -/** - * Initialize public key struct from the respective point - * on the curve. - * - * @param q point on curve - * @param pub public key struct to initialize - * @param ctx context to use for ECC operations - */ -static void -point_to_public_eddsa_key (gcry_mpi_point_t q, - gcry_ctx_t ctx, - struct GNUNET_CRYPTO_EddsaPublicKey *pub) -{ - gcry_mpi_t q_x; - gcry_mpi_t q_y; - - q_x = gcry_mpi_new (256); - q_y = gcry_mpi_new (256); - if (gcry_mpi_ec_get_affine (q_x, q_y, q, ctx)) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0); - return; - } - - mpi_print (pub->q_x, sizeof (pub->q_x), q_x); - mpi_print (pub->q_y, sizeof (pub->q_y), q_y); - gcry_mpi_release (q_x); - gcry_mpi_release (q_y); -} - - -/** - * Initialize public key struct from the respective point - * on the curve. - * - * @param q point on curve - * @param pub public key struct to initialize - * @param ctx context to use for ECC operations - */ -static void -point_to_public_ecdhe_key (gcry_mpi_point_t q, - gcry_ctx_t ctx, - struct GNUNET_CRYPTO_EcdhePublicKey *pub) -{ - gcry_mpi_t q_x; - gcry_mpi_t q_y; - - q_x = gcry_mpi_new (256); - q_y = gcry_mpi_new (256); - if (gcry_mpi_ec_get_affine (q_x, q_y, q, ctx)) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0); - return; - } - - mpi_print (pub->q_x, sizeof (pub->q_x), q_x); - mpi_print (pub->q_y, sizeof (pub->q_y), q_y); - gcry_mpi_release (q_x); - gcry_mpi_release (q_y); -} - - /** * Extract the public key for the given private key. * @@ -396,16 +309,17 @@ GNUNET_CRYPTO_ecdsa_key_get_public (const struct GNUNET_CRYPTO_EcdsaPrivateKey * { gcry_sexp_t sexp; gcry_ctx_t ctx; - gcry_mpi_point_t q; + gcry_mpi_t q; sexp = decode_private_ecdsa_key (priv); GNUNET_assert (NULL != sexp); GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL)); gcry_sexp_release (sexp); - q = gcry_mpi_ec_get_point ("q", ctx, 0); - point_to_public_ecdsa_key (q, ctx, pub); + q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); + GNUNET_assert (q); + mpi_print (pub->q_y, sizeof (pub->q_y), q); + gcry_mpi_release (q); gcry_ctx_release (ctx); - gcry_mpi_point_release (q); } @@ -421,16 +335,17 @@ GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey * { gcry_sexp_t sexp; gcry_ctx_t ctx; - gcry_mpi_point_t q; + gcry_mpi_t q; sexp = decode_private_eddsa_key (priv); GNUNET_assert (NULL != sexp); GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL)); gcry_sexp_release (sexp); - q = gcry_mpi_ec_get_point ("q", ctx, 0); - point_to_public_eddsa_key (q, ctx, pub); + q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); + GNUNET_assert (q); + mpi_print (pub->q_y, sizeof (pub->q_y), q); + gcry_mpi_release (q); gcry_ctx_release (ctx); - gcry_mpi_point_release (q); } @@ -446,16 +361,17 @@ GNUNET_CRYPTO_ecdhe_key_get_public (const struct GNUNET_CRYPTO_EcdhePrivateKey * { gcry_sexp_t sexp; gcry_ctx_t ctx; - gcry_mpi_point_t q; + gcry_mpi_t q; sexp = decode_private_ecdhe_key (priv); GNUNET_assert (NULL != sexp); GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL)); gcry_sexp_release (sexp); - q = gcry_mpi_ec_get_point ("q", ctx, 0); - point_to_public_ecdhe_key (q, ctx, pub); + q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); + GNUNET_assert (q); + mpi_print (pub->q_y, sizeof (pub->q_y), q); + gcry_mpi_release (q); gcry_ctx_release (ctx); - gcry_mpi_point_release (q); } @@ -579,76 +495,6 @@ GNUNET_CRYPTO_eddsa_public_key_from_string (const char *enc, } -/** - * Convert the given public key from the network format to the - * S-expression that can be used by libgcrypt. - * - * @param pub public key to decode - * @return NULL on error - */ -static gcry_sexp_t -decode_public_ecdsa_key (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub) -{ - gcry_sexp_t pub_sexp; - gcry_mpi_t q_x; - gcry_mpi_t q_y; - gcry_mpi_point_t q; - gcry_ctx_t ctx; - - mpi_scan (&q_x, pub->q_x, sizeof (pub->q_x)); - mpi_scan (&q_y, pub->q_y, sizeof (pub->q_y)); - q = gcry_mpi_point_new (256); - gcry_mpi_point_set (q, q_x, q_y, GCRYMPI_CONST_ONE); - gcry_mpi_release (q_x); - gcry_mpi_release (q_y); - - /* initialize 'ctx' with 'q' */ - GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE)); // FIXME: need to say ECDSA? - gcry_mpi_ec_set_point ("q", q, ctx); - gcry_mpi_point_release (q); - - /* convert 'ctx' to 'sexp' */ - GNUNET_assert (0 == gcry_pubkey_get_sexp (&pub_sexp, GCRY_PK_GET_PUBKEY, ctx)); - gcry_ctx_release (ctx); - return pub_sexp; -} - - -/** - * Convert the given public key from the network format to the - * S-expression that can be used by libgcrypt. - * - * @param pub public key to decode - * @return NULL on error - */ -static gcry_sexp_t -decode_public_eddsa_key (const struct GNUNET_CRYPTO_EddsaPublicKey *pub) -{ - gcry_sexp_t pub_sexp; - gcry_mpi_t q_x; - gcry_mpi_t q_y; - gcry_mpi_point_t q; - gcry_ctx_t ctx; - - mpi_scan (&q_x, pub->q_x, sizeof (pub->q_x)); - mpi_scan (&q_y, pub->q_y, sizeof (pub->q_y)); - q = gcry_mpi_point_new (256); - gcry_mpi_point_set (q, q_x, q_y, GCRYMPI_CONST_ONE); - gcry_mpi_release (q_x); - gcry_mpi_release (q_y); - - /* initialize 'ctx' with 'q' */ - GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE)); // FIXME: need to say EdDSA? - gcry_mpi_ec_set_point ("q", q, ctx); - gcry_mpi_point_release (q); - - /* convert 'ctx' to 'sexp' */ - GNUNET_assert (0 == gcry_pubkey_get_sexp (&pub_sexp, GCRY_PK_GET_PUBKEY, ctx)); - gcry_ctx_release (ctx); - return pub_sexp; -} - - /** * @ingroup crypto * Clear memory that was used to store a private key. @@ -703,7 +549,8 @@ GNUNET_CRYPTO_ecdhe_key_create () int rc; if (0 != (rc = gcry_sexp_build (&s_keyparam, NULL, - "(genkey(ecdsa(curve \"" CURVE "\")))"))) // FIXME: ECDHE? + "(genkey(ecc(curve \"" CURVE "\")" + "(flags noparam ecdsa)))"))) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); return NULL; @@ -752,7 +599,8 @@ GNUNET_CRYPTO_ecdsa_key_create () int rc; if (0 != (rc = gcry_sexp_build (&s_keyparam, NULL, - "(genkey(ecdsa(curve \"" CURVE "\")))"))) + "(genkey(ecc(curve \"" CURVE "\")" + "(flags noparam ecdsa)))"))) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); return NULL; @@ -800,7 +648,8 @@ GNUNET_CRYPTO_eddsa_key_create () int rc; if (0 != (rc = gcry_sexp_build (&s_keyparam, NULL, - "(genkey(ecdsa(curve \"" CURVE "\")))"))) // FIXME: EdDSA? + "(genkey(ecc(curve \"" CURVE "\")" + "(flags noparam)))"))) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); return NULL; @@ -1276,10 +1125,9 @@ data_to_eddsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose) GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc); if (0 != (rc = gcry_sexp_build (&data, NULL, - "(data(flags rfc6979)(hash %s %b))", // FIXME: use EdDSA encoding! + "(data(flags eddsa)(hash-algo %s)(value %b))", "sha512", - sizeof (hc), - &hc))) + (int)sizeof (hc), &hc))) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); return NULL; @@ -1304,10 +1152,9 @@ data_to_ecdsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose) GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc); if (0 != (rc = gcry_sexp_build (&data, NULL, - "(data(flags rfc6979)(hash %s %b))", + "(data(flags ecdsa rfc6979)(hash %s %b))", "sha512", - sizeof (hc), - &hc))) + (int)sizeof (hc), &hc))) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); return NULL; @@ -1435,28 +1282,23 @@ GNUNET_CRYPTO_ecdsa_verify (uint32_t purpose, gcry_sexp_t sig_sexpr; gcry_sexp_t pub_sexpr; int rc; - gcry_mpi_t r; - gcry_mpi_t s; if (purpose != ntohl (validate->purpose)) return GNUNET_SYSERR; /* purpose mismatch */ /* build s-expression for signature */ - mpi_scan (&r, sig->r, sizeof (sig->r)); - mpi_scan (&s, sig->s, sizeof (sig->s)); if (0 != (rc = gcry_sexp_build (&sig_sexpr, NULL, - "(sig-val(ecdsa(r %m)(s %m)))", - r, s))) + "(sig-val(ecdsa(r %b)(s %b)))", + (int)sizeof (sig->r), sig->r, + (int)sizeof (sig->s), sig->s))) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); - gcry_mpi_release (r); - gcry_mpi_release (s); return GNUNET_SYSERR; } - gcry_mpi_release (r); - gcry_mpi_release (s); data = data_to_ecdsa_value (validate); - if (! (pub_sexpr = decode_public_ecdsa_key (pub))) + if (0 != (rc = gcry_sexp_build (&pub_sexpr, NULL, + "(public-key(ecc(curve " CURVE ")(q %b)))", + (int)sizeof (pub->q_y), pub->q_y))) { gcry_sexp_release (data); gcry_sexp_release (sig_sexpr); @@ -1497,28 +1339,23 @@ GNUNET_CRYPTO_eddsa_verify (uint32_t purpose, gcry_sexp_t sig_sexpr; gcry_sexp_t pub_sexpr; int rc; - gcry_mpi_t r; - gcry_mpi_t s; if (purpose != ntohl (validate->purpose)) return GNUNET_SYSERR; /* purpose mismatch */ /* build s-expression for signature */ - mpi_scan (&r, sig->r, sizeof (sig->r)); - mpi_scan (&s, sig->s, sizeof (sig->s)); if (0 != (rc = gcry_sexp_build (&sig_sexpr, NULL, - "(sig-val(ecdsa(r %m)(s %m)))", // FIXME: eddsa soon... - r, s))) + "(sig-val(eddsa(r %b)(s %b)))", + (int)sizeof (sig->r), sig->r, + (int)sizeof (sig->s), sig->s))) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); - gcry_mpi_release (r); - gcry_mpi_release (s); return GNUNET_SYSERR; } - gcry_mpi_release (r); - gcry_mpi_release (s); data = data_to_eddsa_value (validate); - if (! (pub_sexpr = decode_public_eddsa_key (pub))) + if (0 != (rc = gcry_sexp_build (&pub_sexpr, NULL, + "(public-key(ecc(curve " CURVE ")(q %b)))", + (int)sizeof (pub->q_y), pub->q_y))) { gcry_sexp_release (data); gcry_sexp_release (sig_sexpr); @@ -1539,41 +1376,6 @@ GNUNET_CRYPTO_eddsa_verify (uint32_t purpose, } -/** - * Convert the given public key from the network format to the - * S-expression that can be used by libgcrypt. - * - * @param pub public key to decode - * @return NULL on error - */ -static gcry_sexp_t -decode_public_ecdhe_key (const struct GNUNET_CRYPTO_EcdhePublicKey *pub) -{ - gcry_sexp_t pub_sexp; - gcry_mpi_t q_x; - gcry_mpi_t q_y; - gcry_mpi_point_t q; - gcry_ctx_t ctx; - - mpi_scan (&q_x, pub->q_x, sizeof (pub->q_x)); - mpi_scan (&q_y, pub->q_y, sizeof (pub->q_y)); - q = gcry_mpi_point_new (256); - gcry_mpi_point_set (q, q_x, q_y, GCRYMPI_CONST_ONE); - gcry_mpi_release (q_x); - gcry_mpi_release (q_y); - - /* initialize 'ctx' with 'q' */ - GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE)); - gcry_mpi_ec_set_point ("q", q, ctx); - gcry_mpi_point_release (q); - - /* convert 'ctx' to 'sexp' */ - GNUNET_assert (0 == gcry_pubkey_get_sexp (&pub_sexp, GCRY_PK_GET_PUBKEY, ctx)); - gcry_ctx_release (ctx); - return pub_sexp; -} - - /** * Derive key material from a public and a private ECDHE key. * @@ -1593,11 +1395,12 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, gcry_ctx_t ctx; gcry_sexp_t pub_sexpr; gcry_mpi_t result_x; - gcry_mpi_t result_y; unsigned char xbuf[256 / 8]; /* first, extract the q = dP value from the public key */ - if (! (pub_sexpr = decode_public_ecdhe_key (pub))) + if (0 != gcry_sexp_build (&pub_sexpr, NULL, + "(public-key(ecc(curve " CURVE ")(q %b)))", + (int)sizeof (pub->q_y), pub->q_y)) return GNUNET_SYSERR; GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL)); gcry_sexp_release (pub_sexpr); @@ -1614,8 +1417,7 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, /* finally, convert point to string for hashing */ result_x = gcry_mpi_new (256); - result_y = gcry_mpi_new (256); - if (gcry_mpi_ec_get_affine (result_x, result_y, result, ctx)) + if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx)) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0); gcry_mpi_point_release (result); @@ -1625,10 +1427,11 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, gcry_mpi_point_release (result); gcry_ctx_release (ctx); + /* FIXME: mpi_print creates an unsigned integer - is that intended + or should we convert it to a signed integer (2-compl)? */ mpi_print (xbuf, sizeof (xbuf), result_x); GNUNET_CRYPTO_hash (xbuf, sizeof (xbuf), key_material); gcry_mpi_release (result_x); - gcry_mpi_release (result_y); return GNUNET_OK; } @@ -1688,8 +1491,10 @@ GNUNET_CRYPTO_ecdsa_private_key_derive (const struct GNUNET_CRYPTO_EcdsaPrivateK gcry_ctx_t ctx; GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE)); + n = gcry_mpi_ec_get_mpi ("n", ctx, 1); GNUNET_CRYPTO_ecdsa_key_get_public (priv, &pub); + h = derive_h (&pub, label, context); mpi_scan (&x, priv->d, sizeof (priv->d)); d = gcry_mpi_new (256); @@ -1722,24 +1527,24 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey struct GNUNET_CRYPTO_EcdsaPublicKey *result) { gcry_ctx_t ctx; + gcry_mpi_t q_y; gcry_mpi_t h; gcry_mpi_t n; gcry_mpi_t h_mod_n; - gcry_mpi_t q_x; - gcry_mpi_t q_y; gcry_mpi_point_t q; gcry_mpi_point_t v; GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE)); - /* obtain point 'q' from original public key */ - mpi_scan (&q_x, pub->q_x, sizeof (pub->q_x)); - mpi_scan (&q_y, pub->q_y, sizeof (pub->q_y)); - - q = gcry_mpi_point_new (0); - gcry_mpi_point_set (q, q_x, q_y, GCRYMPI_CONST_ONE); - gcry_mpi_release (q_x); + /* obtain point 'q' from original public key. The provided 'q' is + compressed thus we first store it in the context and then get it + back as a (decompresssed) point. */ + q_y = gcry_mpi_set_opaque_copy (NULL, pub->q_y, 8*sizeof (pub->q_y)); + GNUNET_assert (q_y); + GNUNET_assert (0 == gcry_mpi_ec_set_mpi ("q", q_y, ctx)); gcry_mpi_release (q_y); + q = gcry_mpi_ec_get_point ("q", ctx, 0); + GNUNET_assert (q); /* calulcate h_mod_n = h % n */ h = derive_h (pub, label, context); @@ -1753,9 +1558,14 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey gcry_mpi_release (h); gcry_mpi_release (n); gcry_mpi_point_release (q); + /* convert point 'v' to public key that we return */ - point_to_public_ecdsa_key (v, ctx, result); + GNUNET_assert (0 == gcry_mpi_ec_set_point ("q", v, ctx)); gcry_mpi_point_release (v); + q_y = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); + GNUNET_assert (q_y); + mpi_print (result->q_y, sizeof result->q_y, q_y); + gcry_mpi_release (q_y); gcry_ctx_release (ctx); } diff --git a/src/util/test_crypto_ecdhe.c b/src/util/test_crypto_ecdhe.c index a6f96d9f1..dd017897e 100644 --- a/src/util/test_crypto_ecdhe.c +++ b/src/util/test_crypto_ecdhe.c @@ -38,14 +38,16 @@ main (int argc, char *argv[]) struct GNUNET_HashCode ecdh1; struct GNUNET_HashCode ecdh2; - if (! gcry_check_version ("1.5.0")) + if (! gcry_check_version ("1.6.0")) { FPRINTF (stderr, _ ("libgcrypt has not the expected version (version %s is required).\n"), - "1.5.0"); + "1.6.0"); return 0; } + if (getenv ("GNUNET_GCRYPT_DEBUG")) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); GNUNET_log_setup ("test-crypto-ecdhe", "WARNING", NULL); priv1 = GNUNET_CRYPTO_ecdhe_key_create (); diff --git a/src/util/test_crypto_ecdsa.c b/src/util/test_crypto_ecdsa.c index 27c0fb137..bf5fcf571 100644 --- a/src/util/test_crypto_ecdsa.c +++ b/src/util/test_crypto_ecdsa.c @@ -30,7 +30,7 @@ #define ITER 25 -#define PERF GNUNET_YES +#define PERF GNUNET_NO static struct GNUNET_CRYPTO_EcdsaPrivateKey *key; @@ -54,7 +54,7 @@ testSignVerify () for (i = 0; i < ITER; i++) { - FPRINTF (stderr, "%s", "."); + FPRINTF (stderr, "%s", "."); fflush (stderr); if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (key, &purp, &sig)) { FPRINTF (stderr, @@ -156,7 +156,7 @@ testSignPerformance () start = GNUNET_TIME_absolute_get (); for (i = 0; i < ITER; i++) { - FPRINTF (stderr, "%s", "."); + FPRINTF (stderr, "%s", "."); fflush (stderr); if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (key, &purp, &sig)) { FPRINTF (stderr, "%s", @@ -180,15 +180,18 @@ perf_keygen () struct GNUNET_CRYPTO_EcdsaPrivateKey *pk; int i; + FPRINTF (stderr, "%s", "W"); start = GNUNET_TIME_absolute_get (); for (i=0;i<10;i++) { - fprintf (stderr, "."); + fprintf (stderr, "."); fflush (stderr); pk = GNUNET_CRYPTO_ecdsa_key_create (); GNUNET_free (pk); } - fprintf (stderr, "\n"); - printf ("Creating 10 ECDSA keys took %s\n", + for (;i<25;i++) + fprintf (stderr, "."); + fflush (stderr); + printf ("10 ECDSA keys created in %s\n", GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (start), GNUNET_YES)); } @@ -198,14 +201,16 @@ main (int argc, char *argv[]) { int failure_count = 0; - if (! gcry_check_version ("1.5.0")) + if (! gcry_check_version ("1.6.0")) { FPRINTF (stderr, _ ("libgcrypt has not the expected version (version %s is required).\n"), - "1.5.0"); + "1.6.0"); return 0; } + if (getenv ("GNUNET_GCRYPT_DEBUG")) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); GNUNET_log_setup ("test-crypto-ecc", "WARNING", NULL); key = GNUNET_CRYPTO_ecdsa_key_create (); if (GNUNET_OK != testDeriveSignVerify ()) diff --git a/src/util/test_crypto_eddsa.c b/src/util/test_crypto_eddsa.c index 209eea5c6..eda285af8 100644 --- a/src/util/test_crypto_eddsa.c +++ b/src/util/test_crypto_eddsa.c @@ -56,7 +56,7 @@ testSignVerify () for (i = 0; i < ITER; i++) { - FPRINTF (stderr, "%s", "."); + FPRINTF (stderr, "%s", "."); fflush (stderr); if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign (key, &purp, &sig)) { FPRINTF (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n"); @@ -80,7 +80,7 @@ testSignVerify () continue; } } - printf ("%d ECC sign/verify operations %s\n", ITER, + printf ("%d EdDSA sign/verify operations %s\n", ITER, GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (start), GNUNET_YES)); return ok; } @@ -104,7 +104,7 @@ testSignPerformance () start = GNUNET_TIME_absolute_get (); for (i = 0; i < ITER; i++) { - FPRINTF (stderr, "%s", "."); + FPRINTF (stderr, "%s", "."); fflush (stderr); if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign (key, &purp, &sig)) { FPRINTF (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n"); @@ -152,15 +152,18 @@ perf_keygen () struct GNUNET_CRYPTO_EddsaPrivateKey *pk; int i; + FPRINTF (stderr, "%s", "W"); start = GNUNET_TIME_absolute_get (); for (i=0;i<10;i++) { - fprintf (stderr, "."); + fprintf (stderr, "."); fflush (stderr); pk = GNUNET_CRYPTO_eddsa_key_create (); GNUNET_free (pk); } - fprintf (stderr, "\n"); - printf ("Creating 10 EdDSA keys took %s\n", + for (;i<25;i++) + fprintf (stderr, "."); + fflush (stderr); + printf ("10 EdDSA keys created in %s\n", GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (start), GNUNET_YES)); } @@ -170,13 +173,15 @@ main (int argc, char *argv[]) { int failure_count = 0; - if (! gcry_check_version ("1.5.0")) + if (! gcry_check_version ("1.6.0")) { FPRINTF (stderr, _("libgcrypt has not the expected version (version %s is required).\n"), - "1.5.0"); + "1.6.0"); return 0; } + if (getenv ("GNUNET_GCRYPT_DEBUG")) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); GNUNET_log_setup ("test-crypto-eddsa", "WARNING", NULL); key = GNUNET_CRYPTO_eddsa_key_create (); #if PERF -- cgit v1.2.3