From d552acf5e7114f92d8251276ef76827a9db92257 Mon Sep 17 00:00:00 2001
From: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Mon, 3 May 2021 18:49:17 +0200
Subject: -add more tests for eddsa and gnsrecord

---
 src/gnsrecord/gnsrecord_crypto.c      | 23 ++++-------
 src/gnsrecord/gnsrecord_misc.c        |  2 +-
 src/gnsrecord/test_gnsrecord_crypto.c | 22 +++++++----
 src/include/gnunet_crypto_lib.h       | 12 ++++++
 src/util/crypto_ecc_gnsrecord.c       | 24 ++++++++++--
 src/util/test_crypto_eddsa.c          | 74 +++++++++++++++++++++++++++++++++++
 6 files changed, 131 insertions(+), 26 deletions(-)

diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c
index 289f0e885..7fe0c6953 100644
--- a/src/gnsrecord/gnsrecord_crypto.c
+++ b/src/gnsrecord/gnsrecord_crypto.c
@@ -396,11 +396,8 @@ block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key,
                                             label,
                                             "gns",
                                             &dkey);
-    // FIXME: We may want a key_get_public_from_private_scalar function
-    struct GNUNET_CRYPTO_EddsaPublicKey test;
-    crypto_scalarmult_ed25519_base_noclamp (test.q_y,
-                                            dkey.s);
-    edblock->derived_key = test;
+    GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dkey,
+                                                    &edblock->derived_key);
     derive_block_xsalsa_key (nonce,
                              skey,
                              label,
@@ -438,25 +435,21 @@ GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key,
                                const struct GNUNET_GNSRECORD_Data *rd,
                                unsigned int rd_count)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
-  struct GNUNET_CRYPTO_EddsaPublicKey edkey;
-
+  struct GNUNET_IDENTITY_PublicKey pkey;
+  GNUNET_IDENTITY_key_get_public (key,
+                                  &pkey);
   switch (ntohl (key->type))
   {
   case GNUNET_GNSRECORD_TYPE_PKEY:
-    GNUNET_CRYPTO_ecdsa_key_get_public (&key->ecdsa_key,
-                                        &pkey);
     return block_create_ecdsa (&key->ecdsa_key,
-                               &pkey,
+                               &pkey.ecdsa_key,
                                expire,
                                label,
                                rd,
                                rd_count);
   case GNUNET_GNSRECORD_TYPE_EDKEY:
-    GNUNET_CRYPTO_eddsa_key_get_public (&key->eddsa_key,
-                                        &edkey);
     return block_create_eddsa (&key->eddsa_key,
-                               &edkey,
+                               &pkey.eddsa_key,
                                expire,
                                label,
                                rd,
@@ -930,7 +923,7 @@ GNUNET_GNSRECORD_query_from_public_key (const struct
     GNUNET_CRYPTO_eddsa_public_key_derive (&pub->eddsa_key,
                                            label,
                                            "gns",
-                                           &pd.eddsa_key);
+                                           &(pd.eddsa_key));
     GNUNET_CRYPTO_hash (&pd.eddsa_key,
                         sizeof (pd.eddsa_key),
                         query);
diff --git a/src/gnsrecord/gnsrecord_misc.c b/src/gnsrecord/gnsrecord_misc.c
index 2fe315bd8..8d3a6421f 100644
--- a/src/gnsrecord/gnsrecord_misc.c
+++ b/src/gnsrecord/gnsrecord_misc.c
@@ -377,7 +377,7 @@ GNUNET_GNSRECORD_query_from_block (const struct GNUNET_GNSRECORD_Block *block,
   switch (ntohl (block->type))
   {
   case GNUNET_GNSRECORD_TYPE_PKEY:
-    GNUNET_CRYPTO_hash (&block->ecdsa_block.derived_key,
+    GNUNET_CRYPTO_hash (&(block->ecdsa_block.derived_key),
                         sizeof (block->ecdsa_block.derived_key),
                         query);
     return GNUNET_OK;
diff --git a/src/gnsrecord/test_gnsrecord_crypto.c b/src/gnsrecord/test_gnsrecord_crypto.c
index b9b2b5ba5..9e5a1aa7e 100644
--- a/src/gnsrecord/test_gnsrecord_crypto.c
+++ b/src/gnsrecord/test_gnsrecord_crypto.c
@@ -92,6 +92,7 @@ rd_decrypt_cb (void *cls,
   res = 0;
 }
 
+
 static void
 test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey)
 {
@@ -99,6 +100,7 @@ test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey)
   struct GNUNET_IDENTITY_PublicKey pubkey;
   struct GNUNET_HashCode query_pub;
   struct GNUNET_HashCode query_priv;
+  struct GNUNET_HashCode query_block;
   struct GNUNET_TIME_Absolute expire = GNUNET_TIME_absolute_get ();
 
 
@@ -117,7 +119,7 @@ test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey)
                               &query_pub,
                               sizeof(struct GNUNET_HashCode)));
   /* create record */
-  s_name = "DUMMY.dummy.gnunet";
+  s_name = "testlabel";
   s_rd = create_record (RECORDS);
 
   /* Create block */
@@ -127,6 +129,13 @@ test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey)
                                                            s_name,
                                                            s_rd,
                                                            RECORDS)));
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_GNSRECORD_query_from_block (block,
+                                                    &query_block));
+  GNUNET_assert (0 == memcmp (&query_pub,
+                              &query_block,
+                              sizeof(struct GNUNET_HashCode)));
+
   GNUNET_assert (GNUNET_OK ==
                  GNUNET_GNSRECORD_block_verify (block));
   GNUNET_assert (GNUNET_OK ==
@@ -139,7 +148,6 @@ test_with_type (struct GNUNET_IDENTITY_PrivateKey *privkey)
 }
 
 
-
 static void
 run (void *cls,
      char *const *args,
@@ -158,17 +166,17 @@ run (void *cls,
   test_with_type (&privkey);
   end = GNUNET_TIME_absolute_get ();
   printf ("Time: %llu ms\n", (unsigned long long)
-  GNUNET_TIME_absolute_get_difference (start,
-                                       end).rel_value_us);
+          GNUNET_TIME_absolute_get_difference (start,
+                                               end).rel_value_us);
 
   privkey_ed.type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY);
   GNUNET_CRYPTO_eddsa_key_create (&privkey_ed.eddsa_key);
   start = GNUNET_TIME_absolute_get ();
-  test_with_type(&privkey_ed);
+  test_with_type (&privkey_ed);
   end = GNUNET_TIME_absolute_get ();
   printf ("Time: %llu ms\n", (unsigned long long)
-  GNUNET_TIME_absolute_get_difference (start,
-                                       end).rel_value_us);
+          GNUNET_TIME_absolute_get_difference (start,
+                                               end).rel_value_us);
 
 
 }
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index a334b50d0..ae73c9d40 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -1984,6 +1984,18 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar (
   struct GNUNET_CRYPTO_EddsaSignature *sig);
 
 
+/**
+ * Extract the public key of the given private scalar.
+ *
+ * @param s the private scalar
+ * @param pkey the resulting public key
+ */
+void
+GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (
+  const struct GNUNET_CRYPTO_EddsaPrivateScalar *s,
+  struct GNUNET_CRYPTO_EddsaPublicKey *pkey);
+
+
 /**
  * Output the given MPI value to the given buffer in network
  * byte order.  The MPI @a val may not be negative.
diff --git a/src/util/crypto_ecc_gnsrecord.c b/src/util/crypto_ecc_gnsrecord.c
index 59efff8ab..a78511105 100644
--- a/src/util/crypto_ecc_gnsrecord.c
+++ b/src/util/crypto_ecc_gnsrecord.c
@@ -114,8 +114,8 @@ GNUNET_CRYPTO_eddsa_sign_with_scalar (
    * Calculate the derived zone key zk' from the
    * derived private scalar.
    */
-  crypto_scalarmult_ed25519_base (zk,
-                                  sk);
+  crypto_scalarmult_ed25519_base_noclamp (zk,
+                                          sk);
 
   /**
    * Calculate r:
@@ -352,7 +352,7 @@ GNUNET_CRYPTO_eddsa_private_key_derive (
   GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
   /**
    * Note that we copy all of SHA512(d) into the result and
-   * then overrwrite the derived private scalar.
+   * then overwrite the derived private scalar.
    * This means that we re-use SHA512(d)[32..63]
    * FIXME: Do we want to derive this part as well??
    */
@@ -420,3 +420,21 @@ GNUNET_CRYPTO_eddsa_public_key_derive (
   gcry_ctx_release (ctx);
 
 }
+
+
+void
+GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (
+  const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv,
+  struct GNUNET_CRYPTO_EddsaPublicKey *pkey)
+{
+  unsigned char sk[32];
+
+  memcpy (sk, priv->s, 32);
+
+  /**
+   * Calculate the derived zone key zk' from the
+   * derived private scalar.
+   */
+  crypto_scalarmult_ed25519_base_noclamp (pkey->q_y,
+                                          sk);
+}
diff --git a/src/util/test_crypto_eddsa.c b/src/util/test_crypto_eddsa.c
index 5baf696b1..10d6a4e91 100644
--- a/src/util/test_crypto_eddsa.c
+++ b/src/util/test_crypto_eddsa.c
@@ -100,6 +100,73 @@ testSignVerify (void)
 }
 
 
+static int
+testDeriveSignVerify (void)
+{
+  struct GNUNET_CRYPTO_EddsaSignature sig;
+  struct GNUNET_CRYPTO_EccSignaturePurpose purp;
+  struct GNUNET_CRYPTO_EddsaPrivateScalar dpriv;
+  struct GNUNET_CRYPTO_EddsaPublicKey pkey;
+  struct GNUNET_CRYPTO_EddsaPublicKey dpub;
+  struct GNUNET_CRYPTO_EddsaPublicKey dpub2;
+
+  GNUNET_CRYPTO_eddsa_private_key_derive (&key,
+                                          "test-derive",
+                                          "test-CTX",
+                                          &dpriv);
+  GNUNET_CRYPTO_eddsa_key_get_public (&key,
+                                      &pkey);
+  GNUNET_CRYPTO_eddsa_public_key_derive (&pkey,
+                                         "test-derive",
+                                         "test-CTX",
+                                         &dpub);
+  GNUNET_CRYPTO_eddsa_key_get_public_from_scalar (&dpriv, &dpub2);
+  purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose));
+  purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
+
+  if (0 != GNUNET_memcmp (&dpub.q_y, &dpub2.q_y))
+  {
+    fprintf (stderr, "%s", "key derivation failed\n");
+    return GNUNET_SYSERR;
+  }
+
+  GNUNET_CRYPTO_eddsa_sign_with_scalar (&dpriv,
+                                        &purp,
+                                        &sig);
+  if (GNUNET_SYSERR ==
+      GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
+                                   &purp,
+                                   &sig,
+                                   &dpub))
+  {
+    fprintf (stderr,
+             "GNUNET_CRYPTO_eddsa_verify failed!\n");
+    return GNUNET_SYSERR;
+  }
+  if (GNUNET_SYSERR !=
+      GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST,
+                                   &purp,
+                                   &sig,
+                                   &pkey))
+  {
+    fprintf (stderr,
+             "GNUNET_CRYPTO_eddsa_verify failed to fail!\n");
+    return GNUNET_SYSERR;
+  }
+  if (GNUNET_SYSERR !=
+      GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN,
+                                   &purp,
+                                   &sig,
+                                   &dpub))
+  {
+    fprintf (stderr,
+             "GNUNET_CRYPTO_eddsa_verify failed to fail!\n");
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
 #if PERF
 static int
 testSignPerformance ()
@@ -217,6 +284,13 @@ main (int argc, char *argv[])
                     "WARNING",
                     NULL);
   GNUNET_CRYPTO_eddsa_key_create (&key);
+  if (GNUNET_OK != testDeriveSignVerify ())
+  {
+    failure_count++;
+    fprintf (stderr,
+             "\n\n%d TESTS FAILED!\n\n", failure_count);
+    return -1;
+  }
 #if PERF
   if (GNUNET_OK != testSignPerformance ())
     failure_count++;
-- 
cgit v1.2.3