* @file src/util/crypto_kdf.c
* @brief Key derivation
* @author Nils Durner
+ * @author Jeffrey Burdges <burdges@gnunet.org>
*/
#include <gcrypt.h>
* @return #GNUNET_YES on success
*/
int
-GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts,
- size_t xts_len, const void *skm, size_t skm_len,
+GNUNET_CRYPTO_kdf_v (void *result,
+ size_t out_len,
+ const void *xts,
+ size_t xts_len,
+ const void *skm,
+ size_t skm_len,
va_list argp)
{
/*
* http://eprint.iacr.org/2010/264
*/
- return GNUNET_CRYPTO_hkdf_v (result, out_len, GCRY_MD_SHA512, GCRY_MD_SHA256,
- xts, xts_len, skm, skm_len, argp);
+ return GNUNET_CRYPTO_hkdf_v (result,
+ out_len,
+ GCRY_MD_SHA512,
+ GCRY_MD_SHA256,
+ xts,
+ xts_len,
+ skm,
+ skm_len,
+ argp);
}
* @return #GNUNET_YES on success
*/
int
-GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts,
- size_t xts_len, const void *skm, size_t skm_len, ...)
+GNUNET_CRYPTO_kdf (void *result,
+ size_t out_len,
+ const void *xts,
+ size_t xts_len,
+ const void *skm,
+ size_t skm_len, ...)
{
va_list argp;
int ret;
va_start (argp, skm_len);
- ret = GNUNET_CRYPTO_kdf_v (result, out_len, xts, xts_len, skm, skm_len, argp);
+ ret = GNUNET_CRYPTO_kdf_v (result,
+ out_len,
+ xts,
+ xts_len,
+ skm,
+ skm_len,
+ argp);
va_end (argp);
return ret;
}
+
+
+/**
+ * Deterministically generate a pseudo-random number uniformly from the
+ * integers modulo a libgcrypt mpi.
+ *
+ * @param[out] r MPI value set to the FDH
+ * @param n MPI to work modulo
+ * @param xts salt
+ * @param xts_len length of @a xts
+ * @param skm source key material
+ * @param skm_len length of @a skm
+ * @param ctx context string
+ */
+void
+GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r,
+ gcry_mpi_t n,
+ const void *xts, size_t xts_len,
+ const void *skm, size_t skm_len,
+ const char *ctx)
+{
+ gcry_error_t rc;
+ unsigned int nbits;
+ size_t rsize;
+ unsigned int ctr;
+
+ nbits = gcry_mpi_get_nbits (n);
+ /* GNUNET_assert (nbits > 512); */
+
+ ctr = 0;
+ while (1)
+ {
+ /* Ain't clear if n is always divisible by 8 */
+ uint8_t buf[ (nbits-1)/8 + 1 ];
+
+ rc = GNUNET_CRYPTO_kdf (buf,
+ sizeof (buf),
+ xts, xts_len,
+ skm, skm_len,
+ ctx, strlen(ctx),
+ &ctr, sizeof(ctr),
+ NULL, 0);
+ GNUNET_assert (GNUNET_YES == rc);
+
+ rc = gcry_mpi_scan (r,
+ GCRYMPI_FMT_USG,
+ (const unsigned char *) buf,
+ sizeof (buf),
+ &rsize);
+ GNUNET_assert (0 == rc); /* Allocation erro? */
+
+ gcry_mpi_clear_highbit (*r, nbits);
+ GNUNET_assert( 0 == gcry_mpi_test_bit (*r, nbits) );
+ ++ctr;
+ /* We reject this FDH if either *r > n and retry with another ctr */
+ if (0 > gcry_mpi_cmp(*r, n))
+ break;
+ gcry_mpi_release (*r);
+ }
+}
+
+/* end of crypto_kdf.c */