X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Finclude%2Fgnunet_crypto_lib.h;h=e886a561cd79b77a229bec577372f907cc7ffba0;hb=3f52ce03cb13118bef9a6fbe380f229e2cbec45f;hp=33ad1af2be27230423a3f4a3871a8de53d84bd48;hpb=022bc4891b9eb9701f3f003eaf995e3a4731d303;p=oweals%2Fgnunet.git diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 33ad1af2b..e886a561c 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -1,6 +1,6 @@ /* This file is part of GNUnet. - Copyright (C) 2001-2013 Christian Grothoff (and other contributing authors) + Copyright (C) 2001-2013 GNUnet e.V. GNUnet is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published @@ -27,9 +27,17 @@ * @author Gerd Knorr * @author Ioana Patrascu * @author Tzvetan Horozov + * @author Jeffrey Burdges * - * @defgroup crypto Cryptographic operations - * @defgroup hash Hashing and operations on hashes + * @defgroup crypto Crypto library: cryptographic operations + * Provides cryptographic primitives. + * + * @see [Documentation](https://gnunet.org/crypto-api) + * + * @defgroup hash Crypto library: hash operations + * Provides hashing and operations on hashes. + * + * @see [Documentation](https://gnunet.org/crypto-api) */ #ifndef GNUNET_CRYPTO_LIB_H @@ -44,9 +52,24 @@ extern "C" #endif /** - * @brief A 512-bit hashcode + * @brief A 512-bit hashcode. These are the default length for GNUnet, using SHA-512. */ -struct GNUNET_HashCode; +struct GNUNET_HashCode +{ + uint32_t bits[512 / 8 / sizeof (uint32_t)]; /* = 16 */ +}; + + + +/** + * @brief A 256-bit hashcode. Used under special conditions, like when space + * is critical and security is not impacted by it. + */ +struct GNUNET_ShortHashCode +{ + uint32_t bits[256 / 8 / sizeof (uint32_t)]; /* = 8 */ +}; + /** * The identity of the host (wraps the signing key of the peer). @@ -57,15 +80,6 @@ struct GNUNET_PeerIdentity; #include -/** - * @brief A 512-bit hashcode - */ -struct GNUNET_HashCode -{ - uint32_t bits[512 / 8 / sizeof (uint32_t)]; /* = 16 */ -}; - - /** * Maximum length of an ECC signature. * Note: round up to multiple of 8 minus 2 for alignment. @@ -395,6 +409,19 @@ void GNUNET_CRYPTO_seed_weak_random (int32_t seed); +/** + * @ingroup hash + * Calculate the checksum of a buffer in one step. + * + * @param buf buffer to calculate CRC over + * @param len number of bytes in @a buf + * @return crc8 value + */ +uint8_t +GNUNET_CRYPTO_crc8_n (const void *buf, + size_t len); + + /** * Perform an incremental step in a CRC16 (for TCP/IP) calculation. * @@ -432,6 +459,8 @@ GNUNET_CRYPTO_crc16_n (const void *buf, size_t len); + + /** * @ingroup hash * Compute the CRC32 checksum for the first len @@ -992,6 +1021,26 @@ GNUNET_CRYPTO_kdf_v (void *result, va_list argp); +/** + * Deterministically generate a pseudo-random number uniformly from the + * integers modulo a libgcrypt mpi. + * + * @param[out] r MPI value set to the FDH + * @param n MPI to work modulo + * @param xts salt + * @param xts_len length of @a xts + * @param skm source key material + * @param skm_len length of @a skm + * @param ctx context string + */ +void +GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r, + gcry_mpi_t n, + const void *xts, size_t xts_len, + const void *skm, size_t skm_len, + const char *ctx); + + /** * @ingroup hash * @brief Derive key @@ -1060,6 +1109,16 @@ char * GNUNET_CRYPTO_ecdsa_public_key_to_string (const struct GNUNET_CRYPTO_EcdsaPublicKey *pub); +/** + * Convert a private key to a string. + * + * @param priv key to convert + * @return string representing @a pub + */ +char * +GNUNET_CRYPTO_eddsa_private_key_to_string (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv); + + /** * Convert a public key to a string. * @@ -1189,6 +1248,17 @@ struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create (void); +/** + * @ingroup crypto + * Create a new private key. Clear with #GNUNET_CRYPTO_ecdhe_key_clear(). + * + * @param[out] pk set to fresh private key; + * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure + */ +int +GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk); + + /** * @ingroup crypto * Create a new private key. Caller must free return value. @@ -1305,7 +1375,7 @@ struct GNUNET_CRYPTO_EccPoint * * @param max maximum value the factor can be * @param mem memory to use (should be smaller than @a max), must not be zero. - * @return @a max if dlog failed, otherwise the factor + * @return NULL on error */ struct GNUNET_CRYPTO_EccDlogContext * GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, @@ -1318,7 +1388,7 @@ GNUNET_CRYPTO_ecc_dlog_prepare (unsigned int max, * * @param dlc precalculated values, determine range of factors * @param input point on the curve to factor - * @return `dlc->max` if dlog failed, otherwise the factor + * @return INT_MAX if dlog failed, otherwise the factor */ int GNUNET_CRYPTO_ecc_dlog (struct GNUNET_CRYPTO_EccDlogContext *edc, @@ -1498,6 +1568,21 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material); +/** + * @ingroup crypto + * Derive key material from a ECDH public key and a private ECDSA key. + * Dual to #GNUNET_CRRYPTO_ecdh_ecdsa. + * + * @param priv private key from ECDSA to use for the ECDH (x) + * @param pub public key to use for the ECDH (yG) + * @param key_material where to write the key material H(h(x)yG) + * @return #GNUNET_SYSERR on error, #GNUNET_OK on success + */ +int +GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, + const struct GNUNET_CRYPTO_EcdhePublicKey *pub, + struct GNUNET_HashCode *key_material); + /** * @ingroup crypto @@ -1514,6 +1599,21 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material); +/** + * @ingroup crypto + * Derive key material from a EcDSA public key and a private ECDH key. + * Dual to #GNUNET_CRRYPTO_ecdsa_ecdh. + * + * @param priv private key to use for the ECDH (y) + * @param pub public key from ECDSA to use for the ECDH (X=h(x)G) + * @param key_material where to write the key material H(yX)=H(h(x)yG) + * @return #GNUNET_SYSERR on error, #GNUNET_OK on success + */ +int +GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, + const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, + struct GNUNET_HashCode *key_material); + /** * @ingroup crypto @@ -1727,22 +1827,29 @@ GNUNET_CRYPTO_paillier_hom_get_remaining (const struct GNUNET_CRYPTO_PaillierCip /** * The private information of an RSA key pair. */ -struct GNUNET_CRYPTO_rsa_PrivateKey; +struct GNUNET_CRYPTO_RsaPrivateKey; /** * The public information of an RSA key pair. */ -struct GNUNET_CRYPTO_rsa_PublicKey; +struct GNUNET_CRYPTO_RsaPublicKey; /** - * Key used to blind a message + * Constant-size pre-secret for blinding key generation. */ -struct GNUNET_CRYPTO_rsa_BlindingKey; +struct GNUNET_CRYPTO_RsaBlindingKeySecret +{ + /** + * Bits used to generate the blinding key. 256 bits + * of entropy is enough. + */ + uint32_t pre_secret[8] GNUNET_PACKED; +}; /** * @brief an RSA signature */ -struct GNUNET_CRYPTO_rsa_Signature; +struct GNUNET_CRYPTO_RsaSignature; /** @@ -1751,7 +1858,7 @@ struct GNUNET_CRYPTO_rsa_Signature; * @param len length of the key in bits (i.e. 2048) * @return fresh private key */ -struct GNUNET_CRYPTO_rsa_PrivateKey * +struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_create (unsigned int len); @@ -1761,7 +1868,7 @@ GNUNET_CRYPTO_rsa_private_key_create (unsigned int len); * @param key pointer to the memory to free */ void -GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_rsa_PrivateKey *key); +GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key); /** @@ -1773,7 +1880,7 @@ GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_rsa_PrivateKey *key); * @return size of memory allocatedin @a buffer */ size_t -GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_rsa_PrivateKey *key, +GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, char **buffer); @@ -1785,7 +1892,7 @@ GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_rsa_PrivateKey * @param len the length of the data in @a buf * @return NULL on error */ -struct GNUNET_CRYPTO_rsa_PrivateKey * +struct GNUNET_CRYPTO_RsaPrivateKey * GNUNET_CRYPTO_rsa_private_key_decode (const char *buf, size_t len); @@ -1796,8 +1903,8 @@ GNUNET_CRYPTO_rsa_private_key_decode (const char *buf, * @param key the private key to duplicate * @return the duplicate key; NULL upon error */ -struct GNUNET_CRYPTO_rsa_PrivateKey * -GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_rsa_PrivateKey *key); +struct GNUNET_CRYPTO_RsaPrivateKey * +GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key); /** @@ -1806,8 +1913,8 @@ GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_rsa_PrivateKey *ke * @param priv the private key * @retur NULL on error, otherwise the public key */ -struct GNUNET_CRYPTO_rsa_PublicKey * -GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_rsa_PrivateKey *priv); +struct GNUNET_CRYPTO_RsaPublicKey * +GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv); /** @@ -1817,7 +1924,7 @@ GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_rsa_Private * @param hc where to store the hash code */ void -GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_rsa_PublicKey *key, +GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, struct GNUNET_HashCode *hc); @@ -1828,7 +1935,7 @@ GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_rsa_PublicKey *key * @return length of the key in bits */ unsigned int -GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_rsa_PublicKey *key); +GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key); /** @@ -1837,7 +1944,7 @@ GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_rsa_PublicKey *key) * @param key pointer to the memory to free */ void -GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_rsa_PublicKey *key); +GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key); /** @@ -1849,7 +1956,7 @@ GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_rsa_PublicKey *key); * @return size of memory allocated in @a buffer */ size_t -GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_rsa_PublicKey *key, +GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer); @@ -1861,7 +1968,7 @@ GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_rsa_PublicKey *k * @param len the length of the data in @a buf * @return NULL on error */ -struct GNUNET_CRYPTO_rsa_PublicKey * +struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, size_t len); @@ -1872,30 +1979,8 @@ GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, * @param key the public key to duplicate * @return the duplicate key; NULL upon error */ -struct GNUNET_CRYPTO_rsa_PublicKey * -GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_rsa_PublicKey *key); - - -/** - * Create a blinding key - * - * @param len length of the key in bits (i.e. 2048) - * @return the newly created blinding key - */ -struct GNUNET_CRYPTO_rsa_BlindingKey * -GNUNET_CRYPTO_rsa_blinding_key_create (unsigned int len); - - -/** - * Compare the values of two blinding keys. - * - * @param b1 one key - * @param b2 the other key - * @return 0 if the two are equal - */ -int -GNUNET_CRYPTO_rsa_blinding_key_cmp (struct GNUNET_CRYPTO_rsa_BlindingKey *b1, - struct GNUNET_CRYPTO_rsa_BlindingKey *b2); +struct GNUNET_CRYPTO_RsaPublicKey * +GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key); /** @@ -1906,8 +1991,8 @@ GNUNET_CRYPTO_rsa_blinding_key_cmp (struct GNUNET_CRYPTO_rsa_BlindingKey *b1, * @return 0 if the two are equal */ int -GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_rsa_Signature *s1, - struct GNUNET_CRYPTO_rsa_Signature *s2); +GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, + struct GNUNET_CRYPTO_RsaSignature *s2); /** * Compare the values of two private keys. @@ -1917,8 +2002,8 @@ GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_rsa_Signature *s1, * @return 0 if the two are equal */ int -GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_rsa_PrivateKey *p1, - struct GNUNET_CRYPTO_rsa_PrivateKey *p2); +GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, + struct GNUNET_CRYPTO_RsaPrivateKey *p2); /** @@ -1929,43 +2014,8 @@ GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_rsa_PrivateKey *p1, * @return 0 if the two are equal */ int -GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_rsa_PublicKey *p1, - struct GNUNET_CRYPTO_rsa_PublicKey *p2); - - -/** - * Destroy a blinding key - * - * @param bkey the blinding key to destroy - */ -void -GNUNET_CRYPTO_rsa_blinding_key_free (struct GNUNET_CRYPTO_rsa_BlindingKey *bkey); - - -/** - * Encode the blinding key in a format suitable for - * storing it into a file. - * - * @param bkey the blinding key - * @param[out] buffer set to a buffer with the encoded key - * @return size of memory allocated in @a buffer - */ -size_t -GNUNET_CRYPTO_rsa_blinding_key_encode (const struct GNUNET_CRYPTO_rsa_BlindingKey *bkey, - char **buffer); - - -/** - * Decode the blinding key from the data-format back - * to the "normal", internal format. - * - * @param buf the buffer where the public key data is stored - * @param len the length of the data in @a buf - * @return NULL on error - */ -struct GNUNET_CRYPTO_rsa_BlindingKey * -GNUNET_CRYPTO_rsa_blinding_key_decode (const char *buf, - size_t len); +GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, + struct GNUNET_CRYPTO_RsaPublicKey *p2); /** @@ -1974,28 +2024,42 @@ GNUNET_CRYPTO_rsa_blinding_key_decode (const char *buf, * @param hash hash of the message to sign * @param bkey the blinding key * @param pkey the public key of the signer - * @param[out] buffer set to a buffer with the blinded message to be signed - * @return number of bytes stored in @a buffer + * @param[out] buf set to a buffer with the blinded message to be signed + * @param[out] buf_size number of bytes stored in @a buf + * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious */ -size_t +int GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, - struct GNUNET_CRYPTO_rsa_BlindingKey *bkey, - struct GNUNET_CRYPTO_rsa_PublicKey *pkey, - char **buffer); + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, + struct GNUNET_CRYPTO_RsaPublicKey *pkey, + char **buf, + size_t *buf_size); /** - * Sign the given message. + * Sign a blinded value, which must be a full domain hash of a message. * * @param key private key to use for the signing * @param msg the (blinded) message to sign * @param msg_len number of bytes in @a msg to sign * @return NULL on error, signature on success */ -struct GNUNET_CRYPTO_rsa_Signature * -GNUNET_CRYPTO_rsa_sign (const struct GNUNET_CRYPTO_rsa_PrivateKey *key, - const void *msg, - size_t msg_len); +struct GNUNET_CRYPTO_RsaSignature * +GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, + const void *msg, + size_t msg_len); + + +/** + * Create and sign a full domain hash of a message. + * + * @param key private key to use for the signing + * @param hash the hash of the message to sign + * @return NULL on error, including a malicious RSA key, signature on success + */ +struct GNUNET_CRYPTO_RsaSignature * +GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, + const struct GNUNET_HashCode *hash); /** @@ -2004,7 +2068,7 @@ GNUNET_CRYPTO_rsa_sign (const struct GNUNET_CRYPTO_rsa_PrivateKey *key, * @param sig memory to free */ void -GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_rsa_Signature *sig); +GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig); /** @@ -2015,7 +2079,7 @@ GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_rsa_Signature *sig); * @return size of memory allocated in @a buffer */ size_t -GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_rsa_Signature *sig, +GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, char **buffer); @@ -2027,7 +2091,7 @@ GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_rsa_Signature *si * @param len the length of the data in @a buf * @return NULL on error */ -struct GNUNET_CRYPTO_rsa_Signature * +struct GNUNET_CRYPTO_RsaSignature * GNUNET_CRYPTO_rsa_signature_decode (const char *buf, size_t len); @@ -2038,8 +2102,8 @@ GNUNET_CRYPTO_rsa_signature_decode (const char *buf, * @param sig the signature to duplicate * @return the duplicate key; NULL upon error */ -struct GNUNET_CRYPTO_rsa_Signature * -GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_rsa_Signature *sig); +struct GNUNET_CRYPTO_RsaSignature * +GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig); /** @@ -2048,14 +2112,14 @@ GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_rsa_Signature *sig); * #GNUNET_CRYPTO_rsa_blind(). * * @param sig the signature made on the blinded signature purpose - * @param bkey the blinding key used to blind the signature purpose + * @param bks the blinding key secret used to blind the signature purpose * @param pkey the public key of the signer - * @return unblinded signature on success, NULL on error + * @return unblinded signature on success, NULL if RSA key is bad or malicious. */ -struct GNUNET_CRYPTO_rsa_Signature * -GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_rsa_Signature *sig, - struct GNUNET_CRYPTO_rsa_BlindingKey *bkey, - struct GNUNET_CRYPTO_rsa_PublicKey *pkey); +struct GNUNET_CRYPTO_RsaSignature * +GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, + struct GNUNET_CRYPTO_RsaPublicKey *pkey); /** @@ -2065,12 +2129,12 @@ GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_rsa_Signature *sig, * @param hash the message to verify to match the @a sig * @param sig signature that is being validated * @param public_key public key of the signer - * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid + * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature */ int GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, - const struct GNUNET_CRYPTO_rsa_Signature *sig, - const struct GNUNET_CRYPTO_rsa_PublicKey *public_key); + const struct GNUNET_CRYPTO_RsaSignature *sig, + const struct GNUNET_CRYPTO_RsaPublicKey *public_key); #if 0 /* keep Emacsens' auto-indent happy */