X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Finclude%2Fgnunet_crypto_lib.h;h=07cade0e30dc49016850d902fe3fda5b350764d4;hb=abdec5e11ff11bb10d32c013e11344a54786f80f;hp=861bff5657c7e65c0352a837d22c1a2ddeb8b95c;hpb=3eef52849bc39c38aa8325e45a4153dc80b097a3;p=oweals%2Fgnunet.git diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 861bff565..07cade0e3 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -27,6 +27,7 @@ * @author Gerd Knorr * @author Ioana Patrascu * @author Tzvetan Horozov + * @author Jeffrey Burdges * * @defgroup crypto Crypto library: cryptographic operations * Provides cryptographic primitives. @@ -51,9 +52,24 @@ extern "C" #endif /** - * @brief A 512-bit hashcode + * @brief A 512-bit hashcode. These are the default length for GNUnet, using SHA-512. */ -struct GNUNET_HashCode; +struct GNUNET_HashCode +{ + uint32_t bits[512 / 8 / sizeof (uint32_t)]; /* = 16 */ +}; + + + +/** + * @brief A 256-bit hashcode. Used under special conditions, like when space + * is critical and security is not impacted by it. + */ +struct GNUNET_ShortHashCode +{ + uint32_t bits[256 / 8 / sizeof (uint32_t)]; /* = 8 */ +}; + /** * The identity of the host (wraps the signing key of the peer). @@ -64,15 +80,6 @@ struct GNUNET_PeerIdentity; #include -/** - * @brief A 512-bit hashcode - */ -struct GNUNET_HashCode -{ - uint32_t bits[512 / 8 / sizeof (uint32_t)]; /* = 16 */ -}; - - /** * Maximum length of an ECC signature. * Note: round up to multiple of 8 minus 2 for alignment. @@ -1014,6 +1021,26 @@ GNUNET_CRYPTO_kdf_v (void *result, va_list argp); +/** + * Deterministically generate a pseudo-random number uniformly from the + * integers modulo a libgcrypt mpi. + * + * @param[out] r MPI value set to the FDH + * @param n MPI to work modulo + * @param xts salt + * @param xts_len length of @a xts + * @param skm source key material + * @param skm_len length of @a skm + * @param ctx context string + */ +void +GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r, + gcry_mpi_t n, + const void *xts, size_t xts_len, + const void *skm, size_t skm_len, + const char *ctx); + + /** * @ingroup hash * @brief Derive key @@ -1211,6 +1238,17 @@ struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create (void); +/** + * @ingroup crypto + * Create a new private key. Clear with #GNUNET_CRYPTO_ecdhe_key_clear(). + * + * @param[out] pk set to fresh private key; + * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure + */ +int +GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk); + + /** * @ingroup crypto * Create a new private key. Caller must free return value. @@ -1327,7 +1365,7 @@ struct GNUNET_CRYPTO_EccPoint * * @param max maximum value the factor can be * @param mem memory to use (should be smaller than @a max), must not be zero. - * @return @a max if dlog failed, otherwise the factor + * @return NULL on error */ struct GNUNET_CRYPTO_EccDlogContext * GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, @@ -1340,7 +1378,7 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, * * @param dlc precalculated values, determine range of factors * @param input point on the curve to factor - * @return `dlc->max` if dlog failed, otherwise the factor + * @return INT_MAX if dlog failed, otherwise the factor */ int GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, @@ -1787,9 +1825,16 @@ struct GNUNET_CRYPTO_RsaPrivateKey; struct GNUNET_CRYPTO_RsaPublicKey; /** - * Key used to blind a message + * Constant-size pre-secret for blinding key generation. */ -struct GNUNET_CRYPTO_rsa_BlindingKey; +struct GNUNET_CRYPTO_RsaBlindingKeySecret +{ + /** + * Bits used to generate the blinding key. 256 bits + * of entropy is enough. + */ + uint32_t pre_secret[8] GNUNET_PACKED; +}; /** * @brief an RSA signature @@ -1928,28 +1973,6 @@ struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key); -/** - * Create a blinding key - * - * @param len length of the key in bits (i.e. 2048) - * @return the newly created blinding key - */ -struct GNUNET_CRYPTO_rsa_BlindingKey * -GNUNET_CRYPTO_rsa_blinding_key_create (unsigned int len); - - -/** - * Compare the values of two blinding keys. - * - * @param b1 one key - * @param b2 the other key - * @return 0 if the two are equal - */ -int -GNUNET_CRYPTO_rsa_blinding_key_cmp (struct GNUNET_CRYPTO_rsa_BlindingKey *b1, - struct GNUNET_CRYPTO_rsa_BlindingKey *b2); - - /** * Compare the values of two signatures. * @@ -1985,55 +2008,21 @@ GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, struct GNUNET_CRYPTO_RsaPublicKey *p2); -/** - * Destroy a blinding key - * - * @param bkey the blinding key to destroy - */ -void -GNUNET_CRYPTO_rsa_blinding_key_free (struct GNUNET_CRYPTO_rsa_BlindingKey *bkey); - - -/** - * Encode the blinding key in a format suitable for - * storing it into a file. - * - * @param bkey the blinding key - * @param[out] buffer set to a buffer with the encoded key - * @return size of memory allocated in @a buffer - */ -size_t -GNUNET_CRYPTO_rsa_blinding_key_encode (const struct GNUNET_CRYPTO_rsa_BlindingKey *bkey, - char **buffer); - - -/** - * Decode the blinding key from the data-format back - * to the "normal", internal format. - * - * @param buf the buffer where the public key data is stored - * @param len the length of the data in @a buf - * @return NULL on error - */ -struct GNUNET_CRYPTO_rsa_BlindingKey * -GNUNET_CRYPTO_rsa_blinding_key_decode (const char *buf, - size_t len); - - /** * Blinds the given message with the given blinding key * * @param hash hash of the message to sign * @param bkey the blinding key * @param pkey the public key of the signer - * @param[out] buffer set to a buffer with the blinded message to be signed - * @return number of bytes stored in @a buffer + * @param[out] buf set to a buffer with the blinded message to be signed + * @param[out] buf_size number of bytes stored in @a buf + * @return GNUNET_YES if successful, GNUNET_NO if RSA key is malicious */ -size_t +int GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, - struct GNUNET_CRYPTO_rsa_BlindingKey *bkey, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, - char **buffer); + char **buf, size_t *buf_size); /** @@ -2046,17 +2035,15 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, */ struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, - const void *msg, - size_t msg_len); + const void *msg, size_t msg_len); /** * Create and sign a full domain hash of a message. * * @param key private key to use for the signing - * @param msg the (blinded) message to sign - * @param msg_len number of bytes in @a msg to sign - * @return NULL on error, signature on success + * @param hash the hash of the message to sign + * @return NULL on error, including a malicious RSA key, signature on success */ struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, @@ -2113,13 +2100,13 @@ GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig); * #GNUNET_CRYPTO_rsa_blind(). * * @param sig the signature made on the blinded signature purpose - * @param bkey the blinding key used to blind the signature purpose + * @param bks the blinding key secret used to blind the signature purpose * @param pkey the public key of the signer - * @return unblinded signature on success, NULL on error + * @return unblinded signature on success, NULL if RSA key is bad or malicious. */ struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_RsaSignature *sig, - struct GNUNET_CRYPTO_rsa_BlindingKey *bkey, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey); @@ -2130,7 +2117,7 @@ GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_RsaSignature *sig, * @param hash the message to verify to match the @a sig * @param sig signature that is being validated * @param public_key public key of the signer - * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid + * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature */ int GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,