X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Finclude%2Fgnunet_crypto_lib.h;h=07cade0e30dc49016850d902fe3fda5b350764d4;hb=abdec5e11ff11bb10d32c013e11344a54786f80f;hp=a82b2fdd63d7360ac2fc3d27045e414d4e090be4;hpb=03f90f8752d53540ba4389ea258ec5aecedb879d;p=oweals%2Fgnunet.git diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index a82b2fdd6..07cade0e3 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -1,6 +1,6 @@ /* This file is part of GNUnet. - (C) 2001-2013 Christian Grothoff (and other contributing authors) + Copyright (C) 2001-2013 GNUnet e.V. GNUnet is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published @@ -14,8 +14,8 @@ You should have received a copy of the GNU General Public License along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. */ /** @@ -27,9 +27,17 @@ * @author Gerd Knorr * @author Ioana Patrascu * @author Tzvetan Horozov + * @author Jeffrey Burdges * - * @defgroup crypto Cryptographic operations - * @defgroup hash Hashing and operations on hashes + * @defgroup crypto Crypto library: cryptographic operations + * Provides cryptographic primitives. + * + * @see [Documentation](https://gnunet.org/crypto-api) + * + * @defgroup hash Crypto library: hash operations + * Provides hashing and operations on hashes. + * + * @see [Documentation](https://gnunet.org/crypto-api) */ #ifndef GNUNET_CRYPTO_LIB_H @@ -44,28 +52,34 @@ extern "C" #endif /** - * @brief A 512-bit hashcode - */ -struct GNUNET_HashCode; - -/** - * The identity of the host (wraps the signing key of the peer). + * @brief A 512-bit hashcode. These are the default length for GNUnet, using SHA-512. */ -struct GNUNET_PeerIdentity; +struct GNUNET_HashCode +{ + uint32_t bits[512 / 8 / sizeof (uint32_t)]; /* = 16 */ +}; -#include "gnunet_common.h" -#include "gnunet_scheduler_lib.h" /** - * @brief A 512-bit hashcode + * @brief A 256-bit hashcode. Used under special conditions, like when space + * is critical and security is not impacted by it. */ -struct GNUNET_HashCode +struct GNUNET_ShortHashCode { - uint32_t bits[512 / 8 / sizeof (uint32_t)]; /* = 16 */ + uint32_t bits[256 / 8 / sizeof (uint32_t)]; /* = 8 */ }; +/** + * The identity of the host (wraps the signing key of the peer). + */ +struct GNUNET_PeerIdentity; + +#include "gnunet_common.h" +#include + + /** * Maximum length of an ECC signature. * Note: round up to multiple of 8 minus 2 for alignment. @@ -329,6 +343,59 @@ struct GNUNET_CRYPTO_AuthKey }; +/** + * Size of paillier plain texts and public keys. + * Private keys and ciphertexts are twice this size. + */ +#define GNUNET_CRYPTO_PAILLIER_BITS 2048 + + +/** + * Paillier public key. + */ +struct GNUNET_CRYPTO_PaillierPublicKey +{ + /** + * N value. + */ + unsigned char n[GNUNET_CRYPTO_PAILLIER_BITS / 8]; +}; + + +/** + * Paillier public key. + */ +struct GNUNET_CRYPTO_PaillierPrivateKey +{ + /** + * Lambda-component of the private key. + */ + unsigned char lambda[GNUNET_CRYPTO_PAILLIER_BITS / 8]; + /** + * Mu-component of the private key. + */ + unsigned char mu[GNUNET_CRYPTO_PAILLIER_BITS / 8]; +}; + + +/** + * Paillier ciphertext. + */ +struct GNUNET_CRYPTO_PaillierCiphertext +{ + /** + * Guaranteed minimum number of homomorphic operations with this ciphertext, + * in network byte order (NBO). + */ + int32_t remaining_ops GNUNET_PACKED; + + /** + * The bits of the ciphertext. + */ + unsigned char bits[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8]; +}; + + /* **************** Functions and Macros ************* */ /** @@ -342,6 +409,19 @@ void GNUNET_CRYPTO_seed_weak_random (int32_t seed); +/** + * @ingroup hash + * Calculate the checksum of a buffer in one step. + * + * @param buf buffer to calculate CRC over + * @param len number of bytes in @a buf + * @return crc8 value + */ +uint8_t +GNUNET_CRYPTO_crc8_n (const void *buf, + size_t len); + + /** * Perform an incremental step in a CRC16 (for TCP/IP) calculation. * @@ -351,7 +431,9 @@ GNUNET_CRYPTO_seed_weak_random (int32_t seed); * @return updated crc sum (must be subjected to #GNUNET_CRYPTO_crc16_finish to get actual crc16) */ uint32_t -GNUNET_CRYPTO_crc16_step (uint32_t sum, const void *buf, size_t len); +GNUNET_CRYPTO_crc16_step (uint32_t sum, + const void *buf, + size_t len); /** @@ -373,7 +455,10 @@ GNUNET_CRYPTO_crc16_finish (uint32_t sum); * @return crc16 value */ uint16_t -GNUNET_CRYPTO_crc16_n (const void *buf, size_t len); +GNUNET_CRYPTO_crc16_n (const void *buf, + size_t len); + + /** @@ -386,7 +471,8 @@ GNUNET_CRYPTO_crc16_n (const void *buf, size_t len); * @return the resulting CRC32 checksum */ int32_t -GNUNET_CRYPTO_crc32_n (const void *buf, size_t len); +GNUNET_CRYPTO_crc32_n (const void *buf, + size_t len); /** @@ -398,7 +484,9 @@ GNUNET_CRYPTO_crc32_n (const void *buf, size_t len); * @param length buffer length */ void -GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_t length); +GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, + void *buffer, + size_t length); /** * @ingroup crypto @@ -409,7 +497,8 @@ GNUNET_CRYPTO_random_block (enum GNUNET_CRYPTO_Quality mode, void *buffer, size_ * @return a random value in the interval [0,@a i) (exclusive). */ uint32_t -GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i); +GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, + uint32_t i); /** @@ -421,7 +510,8 @@ GNUNET_CRYPTO_random_u32 (enum GNUNET_CRYPTO_Quality mode, uint32_t i); * @return random 64-bit number */ uint64_t -GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max); +GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, + uint64_t max); /** @@ -434,7 +524,8 @@ GNUNET_CRYPTO_random_u64 (enum GNUNET_CRYPTO_Quality mode, uint64_t max); * @return the permutation array (allocated from heap) */ unsigned int * -GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, unsigned int n); +GNUNET_CRYPTO_random_permute (enum GNUNET_CRYPTO_Quality mode, + unsigned int n); /** @@ -459,7 +550,8 @@ GNUNET_CRYPTO_symmetric_create_session_key (struct GNUNET_CRYPTO_SymmetricSessio * @return the size of the encrypted block, -1 for errors */ ssize_t -GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, +GNUNET_CRYPTO_symmetric_encrypt (const void *block, + size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result); @@ -477,7 +569,8 @@ GNUNET_CRYPTO_symmetric_encrypt (const void *block, size_t size, * @return -1 on failure, size of decrypted block on success */ ssize_t -GNUNET_CRYPTO_symmetric_decrypt (const void *block, size_t size, +GNUNET_CRYPTO_symmetric_decrypt (const void *block, + size_t size, const struct GNUNET_CRYPTO_SymmetricSessionKey *sessionkey, const struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, void *result); @@ -523,7 +616,7 @@ GNUNET_CRYPTO_symmetric_derive_iv_v (struct GNUNET_CRYPTO_SymmetricInitializatio * safely cast to char*, a '\\0' termination is set). */ void -GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode * block, +GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode *block, struct GNUNET_CRYPTO_HashAsciiEncoded *result); @@ -537,7 +630,8 @@ GNUNET_CRYPTO_hash_to_enc (const struct GNUNET_HashCode * block, * @return #GNUNET_OK on success, #GNUNET_SYSERR if result has the wrong encoding */ int -GNUNET_CRYPTO_hash_from_string2 (const char *enc, size_t enclen, +GNUNET_CRYPTO_hash_from_string2 (const char *enc, + size_t enclen, struct GNUNET_HashCode *result); @@ -579,7 +673,57 @@ GNUNET_CRYPTO_hash_distance_u32 (const struct GNUNET_HashCode *a, * @param ret pointer to where to write the hashcode */ void -GNUNET_CRYPTO_hash (const void *block, size_t size, struct GNUNET_HashCode * ret); +GNUNET_CRYPTO_hash (const void *block, + size_t size, + struct GNUNET_HashCode *ret); + + +/** + * Context for cummulative hashing. + */ +struct GNUNET_HashContext; + + +/** + * Start incremental hashing operation. + * + * @return context for incremental hash computation + */ +struct GNUNET_HashContext * +GNUNET_CRYPTO_hash_context_start (void); + + +/** + * Add data to be hashed. + * + * @param hc cummulative hash context + * @param buf data to add + * @param size number of bytes in @a buf + */ +void +GNUNET_CRYPTO_hash_context_read (struct GNUNET_HashContext *hc, + const void *buf, + size_t size); + + +/** + * Finish the hash computation. + * + * @param hc hash context to use, is freed in the process + * @param r_hash where to write the latest / final hash code + */ +void +GNUNET_CRYPTO_hash_context_finish (struct GNUNET_HashContext *hc, + struct GNUNET_HashCode *r_hash); + + +/** + * Abort hashing, do not bother calculating final result. + * + * @param hc hash context to destroy + */ +void +GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc); /** @@ -593,8 +737,9 @@ GNUNET_CRYPTO_hash (const void *block, size_t size, struct GNUNET_HashCode * ret */ void GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, - const void *plaintext, size_t plaintext_len, - struct GNUNET_HashCode * hmac); + const void *plaintext, + size_t plaintext_len, + struct GNUNET_HashCode *hmac); /** @@ -604,8 +749,9 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key, * @param cls closure * @param res resulting hash, NULL on error */ -typedef void (*GNUNET_CRYPTO_HashCompletedCallback) (void *cls, - const struct GNUNET_HashCode *res); +typedef void +(*GNUNET_CRYPTO_HashCompletedCallback) (void *cls, + const struct GNUNET_HashCode *res); /** @@ -627,7 +773,8 @@ struct GNUNET_CRYPTO_FileHashContext; */ struct GNUNET_CRYPTO_FileHashContext * GNUNET_CRYPTO_hash_file (enum GNUNET_SCHEDULER_Priority priority, - const char *filename, size_t blocksize, + const char *filename, + size_t blocksize, GNUNET_CRYPTO_HashCompletedCallback callback, void *callback_cls); @@ -690,8 +837,9 @@ GNUNET_CRYPTO_hash_sum (const struct GNUNET_HashCode *a, * @param result set to @a a ^ @a b */ void -GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode * a, const struct GNUNET_HashCode * b, - struct GNUNET_HashCode * result); +GNUNET_CRYPTO_hash_xor (const struct GNUNET_HashCode *a, + const struct GNUNET_HashCode *b, + struct GNUNET_HashCode *result); /** @@ -796,7 +944,8 @@ GNUNET_CRYPTO_hmac_derive_key_v (struct GNUNET_CRYPTO_AuthKey *key, void GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key, const struct GNUNET_CRYPTO_SymmetricSessionKey *rkey, - const void *salt, size_t salt_len, ...); + const void *salt, size_t salt_len, + ...); /** @@ -814,9 +963,15 @@ GNUNET_CRYPTO_hmac_derive_key (struct GNUNET_CRYPTO_AuthKey *key, * @return #GNUNET_YES on success */ int -GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo, - const void *xts, size_t xts_len, const void *skm, - size_t skm_len, ...); +GNUNET_CRYPTO_hkdf (void *result, + size_t out_len, + int xtr_algo, + int prf_algo, + const void *xts, + size_t xts_len, + const void *skm, + size_t skm_len, + ...); /** @@ -834,9 +989,15 @@ GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo, * @return #GNUNET_YES on success */ int -GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo, - const void *xts, size_t xts_len, const void *skm, - size_t skm_len, va_list argp); +GNUNET_CRYPTO_hkdf_v (void *result, + size_t out_len, + int xtr_algo, + int prf_algo, + const void *xts, + size_t xts_len, + const void *skm, + size_t skm_len, + va_list argp); /** @@ -851,11 +1012,35 @@ GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo, * @return #GNUNET_YES on success */ int -GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts, - size_t xts_len, const void *skm, size_t skm_len, +GNUNET_CRYPTO_kdf_v (void *result, + size_t out_len, + const void *xts, + size_t xts_len, + const void *skm, + size_t skm_len, va_list argp); +/** + * Deterministically generate a pseudo-random number uniformly from the + * integers modulo a libgcrypt mpi. + * + * @param[out] r MPI value set to the FDH + * @param n MPI to work modulo + * @param xts salt + * @param xts_len length of @a xts + * @param skm source key material + * @param skm_len length of @a skm + * @param ctx context string + */ +void +GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r, + gcry_mpi_t n, + const void *xts, size_t xts_len, + const void *skm, size_t skm_len, + const char *ctx); + + /** * @ingroup hash * @brief Derive key @@ -869,8 +1054,13 @@ GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, const void *xts, * @return #GNUNET_YES on success */ int -GNUNET_CRYPTO_kdf (void *result, size_t out_len, const void *xts, - size_t xts_len, const void *skm, size_t skm_len, ...); +GNUNET_CRYPTO_kdf (void *result, + size_t out_len, + const void *xts, + size_t xts_len, + const void *skm, + size_t skm_len, + ...); /** @@ -896,6 +1086,7 @@ GNUNET_CRYPTO_eddsa_key_get_public (const struct GNUNET_CRYPTO_EddsaPrivateKey * struct GNUNET_CRYPTO_EddsaPublicKey *pub); + /** * @ingroup crypto * Extract the public key for the given private key. @@ -942,6 +1133,20 @@ GNUNET_CRYPTO_ecdsa_public_key_from_string (const char *enc, struct GNUNET_CRYPTO_EcdsaPublicKey *pub); +/** + * Convert a string representing a private key to a private key. + * + * @param enc encoded public key + * @param enclen number of bytes in @a enc (without 0-terminator) + * @param priv where to store the private key + * @return #GNUNET_OK on success + */ +int +GNUNET_CRYPTO_eddsa_private_key_from_string (const char *enc, + size_t enclen, + struct GNUNET_CRYPTO_EddsaPrivateKey *pub); + + /** * Convert a string representing a public key to a public key. * @@ -994,6 +1199,12 @@ struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename); +/** + * Forward declaration to simplify #include-structure. + */ +struct GNUNET_CONFIGURATION_Handle; + + /** * @ingroup crypto * Create a new private key by reading our peer's key from @@ -1027,6 +1238,17 @@ struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create (void); +/** + * @ingroup crypto + * Create a new private key. Clear with #GNUNET_CRYPTO_ecdhe_key_clear(). + * + * @param[out] pk set to fresh private key; + * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure + */ +int +GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk); + + /** * @ingroup crypto * Create a new private key. Caller must free return value. @@ -1056,6 +1278,7 @@ GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk); void GNUNET_CRYPTO_ecdsa_key_clear (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk); + /** * @ingroup crypto * Clear memory that was used to store a private key. @@ -1102,6 +1325,7 @@ int GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst); + /** * Compare two Peer Identities. * @@ -1116,6 +1340,194 @@ GNUNET_CRYPTO_cmp_peer_identity (const struct GNUNET_PeerIdentity *first, const struct GNUNET_PeerIdentity *second); +/** + * Internal structure used to cache pre-calculated values for DLOG calculation. + */ +struct GNUNET_CRYPTO_EccDlogContext; + + +/** + * Point on a curve (always for Curve25519) encoded in a format suitable + * for network transmission (ECDH), see http://cr.yp.to/ecdh.html. + */ +struct GNUNET_CRYPTO_EccPoint +{ + /** + * Q consists of an x- and a y-value, each mod p (256 bits), given + * here in affine coordinates and Ed25519 standard compact format. + */ + unsigned char q_y[256 / 8]; +}; + + +/** + * Do pre-calculation for ECC discrete logarithm for small factors. + * + * @param max maximum value the factor can be + * @param mem memory to use (should be smaller than @a max), must not be zero. + * @return NULL on error + */ +struct GNUNET_CRYPTO_EccDlogContext * +GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, + unsigned int mem); + + +/** + * Calculate ECC discrete logarithm for small factors. + * Opposite of #GNUNET_CRYPTO_ecc_dexp(). + * + * @param dlc precalculated values, determine range of factors + * @param input point on the curve to factor + * @return INT_MAX if dlog failed, otherwise the factor + */ +int +GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, + gcry_mpi_point_t input); + + +/** + * Multiply the generator g of the elliptic curve by @a val + * to obtain the point on the curve representing @a val. + * Afterwards, point addition will correspond to integer + * addition. #GNUNET_CRYPTO_ecc_dlog() can be used to + * convert a point back to an integer (as long as the + * integer is smaller than the MAX of the @a edc context). + * + * @param edc calculation context for ECC operations + * @param val value to encode into a point + * @return representation of the value as an ECC point, + * must be freed using #GNUNET_CRYPTO_ecc_free() + */ +gcry_mpi_point_t +GNUNET_CRYPTO_ecc_dexp (struct GNUNET_CRYPTO_EccDlogContext *edc, + int val); + + +/** + * Multiply the generator g of the elliptic curve by @a val + * to obtain the point on the curve representing @a val. + * + * @param edc calculation context for ECC operations + * @param val (positive) value to encode into a point + * @return representation of the value as an ECC point, + * must be freed using #GNUNET_CRYPTO_ecc_free() + */ +gcry_mpi_point_t +GNUNET_CRYPTO_ecc_dexp_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, + gcry_mpi_t val); + + +/** + * Multiply the point @a p on the elliptic curve by @a val. + * + * @param edc calculation context for ECC operations + * @param p point to multiply + * @param val (positive) value to encode into a point + * @return representation of the value as an ECC point, + * must be freed using #GNUNET_CRYPTO_ecc_free() + */ +gcry_mpi_point_t +GNUNET_CRYPTO_ecc_pmul_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, + gcry_mpi_point_t p, + gcry_mpi_t val); + + +/** + * Convert point value to binary representation. + * + * @param edc calculation context for ECC operations + * @param point computational point representation + * @param[out] bin binary point representation + */ +void +GNUNET_CRYPTO_ecc_point_to_bin (struct GNUNET_CRYPTO_EccDlogContext *edc, + gcry_mpi_point_t point, + struct GNUNET_CRYPTO_EccPoint *bin); + + +/** + * Convert binary representation of a point to computational representation. + * + * @param edc calculation context for ECC operations + * @param bin binary point representation + * @return computational representation + */ +gcry_mpi_point_t +GNUNET_CRYPTO_ecc_bin_to_point (struct GNUNET_CRYPTO_EccDlogContext *edc, + const struct GNUNET_CRYPTO_EccPoint *bin); + + +/** + * Add two points on the elliptic curve. + * + * @param edc calculation context for ECC operations + * @param a some value + * @param b some value + * @return @a a + @a b, must be freed using #GNUNET_CRYPTO_ecc_free() + */ +gcry_mpi_point_t +GNUNET_CRYPTO_ecc_add (struct GNUNET_CRYPTO_EccDlogContext *edc, + gcry_mpi_point_t a, + gcry_mpi_point_t b); + + +/** + * Obtain a random point on the curve and its + * additive inverse. Both returned values + * must be freed using #GNUNET_CRYPTO_ecc_free(). + * + * @param edc calculation context for ECC operations + * @param[out] r set to a random point on the curve + * @param[out] r_inv set to the additive inverse of @a r + */ +void +GNUNET_CRYPTO_ecc_rnd (struct GNUNET_CRYPTO_EccDlogContext *edc, + gcry_mpi_point_t *r, + gcry_mpi_point_t *r_inv); + + +/** + * Obtain a random scalar for point multiplication on the curve and + * its multiplicative inverse. + * + * @param edc calculation context for ECC operations + * @param[out] r set to a random scalar on the curve + * @param[out] r_inv set to the multiplicative inverse of @a r + */ +void +GNUNET_CRYPTO_ecc_rnd_mpi (struct GNUNET_CRYPTO_EccDlogContext *edc, + gcry_mpi_t *r, + gcry_mpi_t *r_inv); + + +/** + * Generate a random value mod n. + * + * @param edc ECC context + * @return random value mod n. + */ +gcry_mpi_t +GNUNET_CRYPTO_ecc_random_mod_n (struct GNUNET_CRYPTO_EccDlogContext *edc); + + +/** + * Free a point value returned by the API. + * + * @param p point to free + */ +void +GNUNET_CRYPTO_ecc_free (gcry_mpi_point_t p); + + +/** + * Release precalculated values. + * + * @param dlc dlog context + */ +void +GNUNET_CRYPTO_ecc_dlog_release (struct GNUNET_CRYPTO_EccDlogContext *dlc); + + /** * @ingroup crypto * Derive key material from a public and a private ECC key. @@ -1131,6 +1543,68 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_HashCode *key_material); +/** + * @ingroup crypto + * Derive key material from a ECDH public key and a private EdDSA key. + * Dual to #GNUNET_CRRYPTO_ecdh_eddsa. + * + * @param priv private key from EdDSA to use for the ECDH (x) + * @param pub public key to use for the ECDH (yG) + * @param key_material where to write the key material H(h(x)yG) + * @return #GNUNET_SYSERR on error, #GNUNET_OK on success + */ +int +GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, + const struct GNUNET_CRYPTO_EcdhePublicKey *pub, + struct GNUNET_HashCode *key_material); + +/** + * @ingroup crypto + * Derive key material from a ECDH public key and a private ECDSA key. + * Dual to #GNUNET_CRRYPTO_ecdh_ecdsa. + * + * @param priv private key from ECDSA to use for the ECDH (x) + * @param pub public key to use for the ECDH (yG) + * @param key_material where to write the key material H(h(x)yG) + * @return #GNUNET_SYSERR on error, #GNUNET_OK on success + */ +int +GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, + const struct GNUNET_CRYPTO_EcdhePublicKey *pub, + struct GNUNET_HashCode *key_material); + + +/** + * @ingroup crypto + * Derive key material from a EdDSA public key and a private ECDH key. + * Dual to #GNUNET_CRRYPTO_eddsa_ecdh. + * + * @param priv private key to use for the ECDH (y) + * @param pub public key from EdDSA to use for the ECDH (X=h(x)G) + * @param key_material where to write the key material H(yX)=H(h(x)yG) + * @return #GNUNET_SYSERR on error, #GNUNET_OK on success + */ +int +GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, + const struct GNUNET_CRYPTO_EddsaPublicKey *pub, + struct GNUNET_HashCode *key_material); + +/** + * @ingroup crypto + * Derive key material from a EcDSA public key and a private ECDH key. + * Dual to #GNUNET_CRRYPTO_ecdsa_ecdh. + * + * @param priv private key to use for the ECDH (y) + * @param pub public key from ECDSA to use for the ECDH (X=h(x)G) + * @param key_material where to write the key material H(yX)=H(h(x)yG) + * @return #GNUNET_SYSERR on error, #GNUNET_OK on success + */ +int +GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, + const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, + struct GNUNET_HashCode *key_material); + + /** * @ingroup crypto * EdDSA sign a given block. @@ -1232,6 +1706,425 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (const struct GNUNET_CRYPTO_EcdsaPublicKey struct GNUNET_CRYPTO_EcdsaPublicKey *result); +/** + * Output the given MPI value to the given buffer in network + * byte order. The MPI @a val may not be negative. + * + * @param buf where to output to + * @param size number of bytes in @a buf + * @param val value to write to @a buf + */ +void +GNUNET_CRYPTO_mpi_print_unsigned (void *buf, + size_t size, + gcry_mpi_t val); + + +/** + * Convert data buffer into MPI value. + * The buffer is interpreted as network + * byte order, unsigned integer. + * + * @param result where to store MPI value (allocated) + * @param data raw data (GCRYMPI_FMT_USG) + * @param size number of bytes in @a data + */ +void +GNUNET_CRYPTO_mpi_scan_unsigned (gcry_mpi_t *result, + const void *data, + size_t size); + + +/** + * Create a freshly generated paillier public key. + * + * @param[out] public_key Where to store the public key? + * @param[out] private_key Where to store the private key? + */ +void +GNUNET_CRYPTO_paillier_create (struct GNUNET_CRYPTO_PaillierPublicKey *public_key, + struct GNUNET_CRYPTO_PaillierPrivateKey *private_key); + + +/** + * Encrypt a plaintext with a paillier public key. + * + * @param public_key Public key to use. + * @param m Plaintext to encrypt. + * @param desired_ops How many homomorphic ops the caller intends to use + * @param[out] ciphertext Encrytion of @a plaintext with @a public_key. + * @return guaranteed number of supported homomorphic operations >= 1, + * or desired_ops, in case that is lower, + * or -1 if less than one homomorphic operation is possible + */ +int +GNUNET_CRYPTO_paillier_encrypt (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, + const gcry_mpi_t m, + int desired_ops, + struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext); + + +/** + * Decrypt a paillier ciphertext with a private key. + * + * @param private_key Private key to use for decryption. + * @param public_key Public key to use for decryption. + * @param ciphertext Ciphertext to decrypt. + * @param[out] m Decryption of @a ciphertext with @private_key. + */ +void +GNUNET_CRYPTO_paillier_decrypt (const struct GNUNET_CRYPTO_PaillierPrivateKey *private_key, + const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, + const struct GNUNET_CRYPTO_PaillierCiphertext *ciphertext, + gcry_mpi_t m); + + +/** + * Compute a ciphertext that represents the sum of the plaintext in @a x1 and @a x2 + * + * Note that this operation can only be done a finite number of times + * before an overflow occurs. + * + * @param public_key Public key to use for encryption. + * @param c1 Paillier cipher text. + * @param c2 Paillier cipher text. + * @param[out] result Result of the homomorphic operation. + * @return #GNUNET_OK if the result could be computed, + * #GNUNET_SYSERR if no more homomorphic operations are remaining. + */ +int +GNUNET_CRYPTO_paillier_hom_add (const struct GNUNET_CRYPTO_PaillierPublicKey *public_key, + const struct GNUNET_CRYPTO_PaillierCiphertext *c1, + const struct GNUNET_CRYPTO_PaillierCiphertext *c2, + struct GNUNET_CRYPTO_PaillierCiphertext *result); + + +/** + * Get the number of remaining supported homomorphic operations. + * + * @param c Paillier cipher text. + * @return the number of remaining homomorphic operations + */ +int +GNUNET_CRYPTO_paillier_hom_get_remaining (const struct GNUNET_CRYPTO_PaillierCiphertext *c); + + +/* ********* Chaum-style RSA-based blind signatures ******************* */ + + + + +/** + * The private information of an RSA key pair. + */ +struct GNUNET_CRYPTO_RsaPrivateKey; + +/** + * The public information of an RSA key pair. + */ +struct GNUNET_CRYPTO_RsaPublicKey; + +/** + * Constant-size pre-secret for blinding key generation. + */ +struct GNUNET_CRYPTO_RsaBlindingKeySecret +{ + /** + * Bits used to generate the blinding key. 256 bits + * of entropy is enough. + */ + uint32_t pre_secret[8] GNUNET_PACKED; +}; + +/** + * @brief an RSA signature + */ +struct GNUNET_CRYPTO_RsaSignature; + + +/** + * Create a new private key. Caller must free return value. + * + * @param len length of the key in bits (i.e. 2048) + * @return fresh private key + */ +struct GNUNET_CRYPTO_RsaPrivateKey * +GNUNET_CRYPTO_rsa_private_key_create (unsigned int len); + + +/** + * Free memory occupied by the private key. + * + * @param key pointer to the memory to free + */ +void +GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key); + + +/** + * Encode the private key in a format suitable for + * storing it into a file. + * + * @param key the private key + * @param[out] buffer set to a buffer with the encoded key + * @return size of memory allocatedin @a buffer + */ +size_t +GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, + char **buffer); + + +/** + * Decode the private key from the data-format back + * to the "normal", internal format. + * + * @param buf the buffer where the private key data is stored + * @param len the length of the data in @a buf + * @return NULL on error + */ +struct GNUNET_CRYPTO_RsaPrivateKey * +GNUNET_CRYPTO_rsa_private_key_decode (const char *buf, + size_t len); + + +/** + * Duplicate the given private key + * + * @param key the private key to duplicate + * @return the duplicate key; NULL upon error + */ +struct GNUNET_CRYPTO_RsaPrivateKey * +GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key); + + +/** + * Extract the public key of the given private key. + * + * @param priv the private key + * @retur NULL on error, otherwise the public key + */ +struct GNUNET_CRYPTO_RsaPublicKey * +GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv); + + +/** + * Compute hash over the public key. + * + * @param key public key to hash + * @param hc where to store the hash code + */ +void +GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, + struct GNUNET_HashCode *hc); + + +/** + * Obtain the length of the RSA key in bits. + * + * @param key the public key to introspect + * @return length of the key in bits + */ +unsigned int +GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key); + + +/** + * Free memory occupied by the public key. + * + * @param key pointer to the memory to free + */ +void +GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key); + + +/** + * Encode the public key in a format suitable for + * storing it into a file. + * + * @param key the private key + * @param[out] buffer set to a buffer with the encoded key + * @return size of memory allocated in @a buffer + */ +size_t +GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, + char **buffer); + + +/** + * Decode the public key from the data-format back + * to the "normal", internal format. + * + * @param buf the buffer where the public key data is stored + * @param len the length of the data in @a buf + * @return NULL on error + */ +struct GNUNET_CRYPTO_RsaPublicKey * +GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, + size_t len); + + +/** + * Duplicate the given public key + * + * @param key the public key to duplicate + * @return the duplicate key; NULL upon error + */ +struct GNUNET_CRYPTO_RsaPublicKey * +GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key); + + +/** + * Compare the values of two signatures. + * + * @param s1 one signature + * @param s2 the other signature + * @return 0 if the two are equal + */ +int +GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, + struct GNUNET_CRYPTO_RsaSignature *s2); + +/** + * Compare the values of two private keys. + * + * @param p1 one private key + * @param p2 the other private key + * @return 0 if the two are equal + */ +int +GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, + struct GNUNET_CRYPTO_RsaPrivateKey *p2); + + +/** + * Compare the values of two public keys. + * + * @param p1 one public key + * @param p2 the other public key + * @return 0 if the two are equal + */ +int +GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, + struct GNUNET_CRYPTO_RsaPublicKey *p2); + + +/** + * Blinds the given message with the given blinding key + * + * @param hash hash of the message to sign + * @param bkey the blinding key + * @param pkey the public key of the signer + * @param[out] buf set to a buffer with the blinded message to be signed + * @param[out] buf_size number of bytes stored in @a buf + * @return GNUNET_YES if successful, GNUNET_NO if RSA key is malicious + */ +int +GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, + struct GNUNET_CRYPTO_RsaPublicKey *pkey, + char **buf, size_t *buf_size); + + +/** + * Sign a blinded value, which must be a full domain hash of a message. + * + * @param key private key to use for the signing + * @param msg the (blinded) message to sign + * @param msg_len number of bytes in @a msg to sign + * @return NULL on error, signature on success + */ +struct GNUNET_CRYPTO_RsaSignature * +GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, + const void *msg, size_t msg_len); + + +/** + * Create and sign a full domain hash of a message. + * + * @param key private key to use for the signing + * @param hash the hash of the message to sign + * @return NULL on error, including a malicious RSA key, signature on success + */ +struct GNUNET_CRYPTO_RsaSignature * +GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, + const struct GNUNET_HashCode *hash); + + +/** + * Free memory occupied by signature. + * + * @param sig memory to free + */ +void +GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig); + + +/** + * Encode the given signature in a format suitable for storing it into a file. + * + * @param sig the signature + * @param[out] buffer set to a buffer with the encoded key + * @return size of memory allocated in @a buffer + */ +size_t +GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, + char **buffer); + + +/** + * Decode the signature from the data-format back to the "normal", internal + * format. + * + * @param buf the buffer where the public key data is stored + * @param len the length of the data in @a buf + * @return NULL on error + */ +struct GNUNET_CRYPTO_RsaSignature * +GNUNET_CRYPTO_rsa_signature_decode (const char *buf, + size_t len); + + +/** + * Duplicate the given rsa signature + * + * @param sig the signature to duplicate + * @return the duplicate key; NULL upon error + */ +struct GNUNET_CRYPTO_RsaSignature * +GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig); + + +/** + * Unblind a blind-signed signature. The signature should have been generated + * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with + * #GNUNET_CRYPTO_rsa_blind(). + * + * @param sig the signature made on the blinded signature purpose + * @param bks the blinding key secret used to blind the signature purpose + * @param pkey the public key of the signer + * @return unblinded signature on success, NULL if RSA key is bad or malicious. + */ +struct GNUNET_CRYPTO_RsaSignature * +GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_RsaSignature *sig, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, + struct GNUNET_CRYPTO_RsaPublicKey *pkey); + + +/** + * Verify whether the given hash corresponds to the given signature and the + * signature is valid with respect to the given public key. + * + * @param hash the message to verify to match the @a sig + * @param sig signature that is being validated + * @param public_key public key of the signer + * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature + */ +int +GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, + const struct GNUNET_CRYPTO_RsaSignature *sig, + const struct GNUNET_CRYPTO_RsaPublicKey *public_key); + + #if 0 /* keep Emacsens' auto-indent happy */ { #endif