From 11ae9f030e13d07c505a4d5477d592ddb4b3acf6 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 8 Apr 2020 16:56:33 +0200 Subject: [PATCH] fix sign api for to address #6164 --- .../gnunet-service-conversation.c | 8 +- src/core/gnunet-service-core_kx.c | 14 +- src/dns/plugin_block_dns.c | 8 +- src/exit/gnunet-daemon-exit.c | 6 +- src/fs/fs_publish_ublock.c | 6 +- src/fs/fs_uri.c | 9 +- src/fs/plugin_block_fs.c | 8 +- src/gnsrecord/gnsrecord_crypto.c | 14 +- src/hello/hello-ng.c | 5 +- src/include/gnunet_crypto_lib.h | 172 +++++++++++++++--- src/nse/gnunet-service-nse.c | 15 +- src/reclaim/oidc_helper.c | 19 +- src/regex/plugin_block_regex.c | 8 +- src/regex/regex_internal_dht.c | 6 +- src/revocation/gnunet-service-revocation.c | 8 +- src/revocation/plugin_block_revocation.c | 8 +- src/revocation/revocation_api.c | 6 +- .../gnunet-service-secretsharing.c | 24 +-- src/transport/gnunet-communicator-tcp.c | 31 ++-- src/transport/gnunet-communicator-udp.c | 16 +- src/transport/gnunet-service-tng.c | 74 ++++---- .../gnunet-service-transport_neighbours.c | 8 +- .../gnunet-service-transport_validation.c | 7 +- src/util/crypto_ecc.c | 8 +- src/util/gnunet-crypto-tvg.c | 58 +++--- src/util/perf_crypto_asymmetric.c | 14 +- src/util/test_crypto_ecdsa.c | 33 ++-- src/util/test_crypto_eddsa.c | 13 +- 28 files changed, 367 insertions(+), 239 deletions(-) diff --git a/src/conversation/gnunet-service-conversation.c b/src/conversation/gnunet-service-conversation.c index 12b943217..502146255 100644 --- a/src/conversation/gnunet-service-conversation.c +++ b/src/conversation/gnunet-service-conversation.c @@ -753,7 +753,7 @@ handle_cadet_ring_message (void *cls, const struct CadetPhoneRingMessage *msg) if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_CONVERSATION_RING, - &rs.purpose, + &rs, &msg->signature, &msg->caller_id)) { @@ -1138,9 +1138,9 @@ handle_client_call_message (void *cls, const struct ClientCallMessage *msg) e = GNUNET_MQ_msg (ring, GNUNET_MESSAGE_TYPE_CONVERSATION_CADET_PHONE_RING); GNUNET_CRYPTO_ecdsa_key_get_public (&msg->caller_id, &ring->caller_id); ring->expiration_time = rs.expiration_time; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (&msg->caller_id, - &rs.purpose, - &ring->signature)); + GNUNET_CRYPTO_ecdsa_sign (&msg->caller_id, + &rs, + &ring->signature); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Sending RING message via CADET\n"); GNUNET_MQ_send (ch->mq, e); GNUNET_SERVICE_client_continue (line->client); diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c index 2f43f7d13..315095938 100644 --- a/src/core/gnunet-service-core_kx.c +++ b/src/core/gnunet-service-core_kx.c @@ -1015,10 +1015,10 @@ handle_ephemeral_key (void *cls, const struct EphemeralKeyMessage *m) + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey) + sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)) || (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, - &m->purpose, - &m->signature, - &m->origin_identity.public_key))) + GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_SET_ECC_KEY, + &m->purpose, + &m->signature, + &m->origin_identity.public_key))) { /* invalid signature */ GNUNET_break_op (0); @@ -1854,9 +1854,9 @@ sign_ephemeral_key () ¤t_ekm.ephemeral_key); current_ekm.origin_identity = GSC_my_identity; GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (my_private_key, - ¤t_ekm.purpose, - ¤t_ekm.signature)); + GNUNET_CRYPTO_eddsa_sign_ (my_private_key, + ¤t_ekm.purpose, + ¤t_ekm.signature)); } diff --git a/src/dns/plugin_block_dns.c b/src/dns/plugin_block_dns.c index 029474b49..e0beccb52 100644 --- a/src/dns/plugin_block_dns.c +++ b/src/dns/plugin_block_dns.c @@ -153,10 +153,10 @@ block_plugin_dns_evaluate (void *cls, return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; } if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD, - &ad->purpose, - &ad->signature, - &ad->peer.public_key)) + GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_DNS_RECORD, + &ad->purpose, + &ad->signature, + &ad->peer.public_key)) { GNUNET_break_op (0); return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; diff --git a/src/exit/gnunet-daemon-exit.c b/src/exit/gnunet-daemon-exit.c index 6ac4fc38c..b193176c4 100644 --- a/src/exit/gnunet-daemon-exit.c +++ b/src/exit/gnunet-daemon-exit.c @@ -3595,9 +3595,9 @@ do_dht_put (void *cls) expiration = GNUNET_TIME_relative_to_absolute (DNS_ADVERTISEMENT_TIMEOUT); dns_advertisement.expiration_time = GNUNET_TIME_absolute_hton (expiration); GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (peer_key, - &dns_advertisement.purpose, - &dns_advertisement.signature)); + GNUNET_CRYPTO_eddsa_sign_ (peer_key, + &dns_advertisement.purpose, + &dns_advertisement.signature)); } if (NULL != dht_put) GNUNET_DHT_put_cancel (dht_put); diff --git a/src/fs/fs_publish_ublock.c b/src/fs/fs_publish_ublock.c index 2d118ee51..fd6f2bd72 100644 --- a/src/fs/fs_publish_ublock.c +++ b/src/fs/fs_publish_ublock.c @@ -268,9 +268,9 @@ GNUNET_FS_publish_ublock_ (struct GNUNET_FS_Handle *h, GNUNET_CRYPTO_ecdsa_key_get_public (nsd, &ub_enc->verification_key); GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_ecdsa_sign (nsd, - &ub_enc->purpose, - &ub_enc->signature)); + GNUNET_CRYPTO_ecdsa_sign_ (nsd, + &ub_enc->purpose, + &ub_enc->signature)); GNUNET_CRYPTO_hash (&ub_enc->verification_key, sizeof(ub_enc->verification_key), &query); diff --git a/src/fs/fs_uri.c b/src/fs/fs_uri.c index c1faf4f12..410f3c815 100644 --- a/src/fs/fs_uri.c +++ b/src/fs/fs_uri.c @@ -612,7 +612,7 @@ uri_loc_parse (const char *s, char **emsg) ass.exptime = GNUNET_TIME_absolute_hton (et); if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_PEER_PLACEMENT, - &ass.purpose, + &ass, &sig, &ass.peer.public_key)) { @@ -900,10 +900,9 @@ GNUNET_FS_uri_loc_create (const struct GNUNET_FS_Uri *base_uri, uri->data.loc.fi = base_uri->data.chk; uri->data.loc.expirationTime = et; uri->data.loc.peer.public_key = my_public_key; - GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (sign_key, - &ass.purpose, - &uri->data.loc.contentSignature)); + GNUNET_CRYPTO_eddsa_sign (sign_key, + &ass, + &uri->data.loc.contentSignature); return uri; } diff --git a/src/fs/plugin_block_fs.c b/src/fs/plugin_block_fs.c index 02855f418..6a9ab3f41 100644 --- a/src/fs/plugin_block_fs.c +++ b/src/fs/plugin_block_fs.c @@ -191,10 +191,10 @@ block_plugin_fs_evaluate (void *cls, } if ((0 == (eo & GNUNET_BLOCK_EO_LOCAL_SKIP_CRYPTO)) && (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK, - &ub->purpose, - &ub->signature, - &ub->verification_key))) + GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK, + &ub->purpose, + &ub->signature, + &ub->verification_key))) { GNUNET_break_op (0); return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index ea8baa77d..c8919760a 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c @@ -166,9 +166,9 @@ block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, &block[1])); } if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_sign (dkey, - &block->purpose, - &block->signature)) + GNUNET_CRYPTO_ecdsa_sign_ (dkey, + &block->purpose, + &block->signature)) { GNUNET_break (0); GNUNET_free (dkey); @@ -280,10 +280,10 @@ GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, int GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block) { - return GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, - &block->purpose, - &block->signature, - &block->derived_key); + return GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, + &block->purpose, + &block->signature, + &block->derived_key); } diff --git a/src/hello/hello-ng.c b/src/hello/hello-ng.c index 8dea616b9..d06feadd5 100644 --- a/src/hello/hello-ng.c +++ b/src/hello/hello-ng.c @@ -79,8 +79,7 @@ GNUNET_HELLO_sign_address ( sa.purpose.size = htonl (sizeof(sa)); sa.mono_time = GNUNET_TIME_absolute_hton (mono_time); GNUNET_CRYPTO_hash (address, strlen (address), &sa.h_addr); - GNUNET_assert (GNUNET_YES == - GNUNET_CRYPTO_eddsa_sign (private_key, &sa.purpose, &sig)); + GNUNET_CRYPTO_eddsa_sign (private_key, &sa, &sig); sig_str = NULL; (void) GNUNET_STRINGS_base64_encode (&sig, sizeof(sig), &sig_str); *result_size = @@ -165,7 +164,7 @@ GNUNET_HELLO_extract_address (const void *raw, GNUNET_CRYPTO_hash (raw_addr, strlen (raw_addr), &sa.h_addr); if (GNUNET_YES != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_ADDRESS, - &sa.purpose, + &sa, sig, public_key)) { diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index c64fb4926..ba992ed56 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -1639,19 +1639,21 @@ GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, /** * @ingroup crypto - * EdDSA sign a given block. The @a purpose data is the - * beginning of the data of which the signature is to be - * created. The `size` field in @a purpose must correctly - * indicate the number of bytes of the data structure, including - * its header. + * @brief EdDSA sign a given block. + * + * The @a purpose data is the beginning of the data of which the signature is + * to be created. The `size` field in @a purpose must correctly indicate the + * number of bytes of the data structure, including its header. If possible, + * use #GNUNET_CRYPTO_eddsa_sign() instead of this function (only if @a validate + * is not fixed-size, you must use this function directly). * * @param priv private key to use for the signing * @param purpose what to sign (size, purpose) - * @param sig where to write the signature + * @param[out] sig where to write the signature * @return #GNUNET_SYSERR on error, #GNUNET_OK on success */ int -GNUNET_CRYPTO_eddsa_sign ( +GNUNET_CRYPTO_eddsa_sign_ ( const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig); @@ -1659,32 +1661,87 @@ GNUNET_CRYPTO_eddsa_sign ( /** * @ingroup crypto - * ECDSA Sign a given block. The @a purpose data is the - * beginning of the data of which the signature is to be - * created. The `size` field in @a purpose must correctly - * indicate the number of bytes of the data structure, including - * its header. + * @brief EdDSA sign a given block. + * + * The @a ps data must be a fixed-size struct for which the signature is to be + * created. The `size` field in @a ps->purpose must correctly indicate the + * number of bytes of the data structure, including its header. + * + * @param priv private key to use for the signing + * @param ps packed struct with what to sign, MUST begin with a purpose + * @param[out] sig where to write the signature + */ +#define GNUNET_CRYPTO_eddsa_sign(priv,ps,sig) do { \ + /* check size is set correctly */ \ + GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*ps)); \ + /* check 'ps' begins with the purpose */ \ + GNUNET_static_assert (((void*) (ps)) == \ + ((void*) &(ps)->purpose)); \ + GNUNET_assert (GNUNET_OK == \ + GNUNET_CRYPTO_eddsa_sign_ (priv, \ + &(ps)->purpose, \ + sig)); \ +} while (0) + + +/** + * @ingroup crypto + * @brief ECDSA Sign a given block. + * + * The @a purpose data is the beginning of the data of which the signature is + * to be created. The `size` field in @a purpose must correctly indicate the + * number of bytes of the data structure, including its header. If possible, + * use #GNUNET_CRYPTO_ecdsa_sign() instead of this function (only if @a validate + * is not fixed-size, you must use this function directly). * * @param priv private key to use for the signing * @param purpose what to sign (size, purpose) - * @param sig where to write the signature + * @param[out] sig where to write the signature * @return #GNUNET_SYSERR on error, #GNUNET_OK on success */ int -GNUNET_CRYPTO_ecdsa_sign ( +GNUNET_CRYPTO_ecdsa_sign_ ( const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig); + +/** + * @ingroup crypto + * @brief ECDSA sign a given block. + * + * The @a ps data must be a fixed-size struct for which the signature is to be + * created. The `size` field in @a ps->purpose must correctly indicate the + * number of bytes of the data structure, including its header. + * + * @param priv private key to use for the signing + * @param ps packed struct with what to sign, MUST begin with a purpose + * @param[out] sig where to write the signature + */ +#define GNUNET_CRYPTO_ecdsa_sign(priv,ps,sig) do { \ + /* check size is set correctly */ \ + GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \ + /* check 'ps' begins with the purpose */ \ + GNUNET_static_assert (((void*) (ps)) == \ + ((void*) &(ps)->purpose)); \ + GNUNET_assert (GNUNET_OK == \ + GNUNET_CRYPTO_ecdsa_sign_ (priv, \ + &(ps)->purpose, \ + sig)); \ +} while (0) + + /** * @ingroup crypto - * Verify EdDSA signature. The @a validate data is the - * beginning of the data of which the signature is to be - * verified. The `size` field in @a validate must correctly - * indicate the number of bytes of the data structure, including - * its header. If @a purpose does not match the purpose given - * in @a validate (the latter must be in big endian), signature - * verification fails. + * @brief Verify EdDSA signature. + * + * The @a validate data is the beginning of the data of which the signature + * is to be verified. The `size` field in @a validate must correctly indicate + * the number of bytes of the data structure, including its header. If @a + * purpose does not match the purpose given in @a validate (the latter must be + * in big endian), signature verification fails. If possible, + * use #GNUNET_CRYPTO_eddsa_verify() instead of this function (only if @a validate + * is not fixed-size, you must use this function directly). * * @param purpose what is the purpose that the signature should have? * @param validate block to validate (size, purpose, data) @@ -1693,7 +1750,7 @@ GNUNET_CRYPTO_ecdsa_sign ( * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid */ int -GNUNET_CRYPTO_eddsa_verify ( +GNUNET_CRYPTO_eddsa_verify_ ( uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, @@ -1702,13 +1759,42 @@ GNUNET_CRYPTO_eddsa_verify ( /** * @ingroup crypto - * Verify ECDSA signature. The @a validate data is the - * beginning of the data of which the signature is to be - * verified. The `size` field in @a validate must correctly - * indicate the number of bytes of the data structure, including - * its header. If @a purpose does not match the purpose given - * in @a validate (the latter must be in big endian), signature - * verification fails. + * @brief Verify EdDSA signature. + * + * The @a ps data must be a fixed-size struct for which the signature is to be + * created. The `size` field in @a ps->purpose must correctly indicate the + * number of bytes of the data structure, including its header. + * + * @param purp purpose of the signature, must match 'ps->purpose.purpose' + * (except in host byte order) + * @param priv private key to use for the signing + * @param ps packed struct with what to sign, MUST begin with a purpose + * @param sig where to write the signature + */ +#define GNUNET_CRYPTO_eddsa_verify(purp,ps,sig,pub) ({ \ + /* check size is set correctly */ \ + GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \ + /* check 'ps' begins with the purpose */ \ + GNUNET_static_assert (((void*) (ps)) == \ + ((void*) &(ps)->purpose)); \ + GNUNET_CRYPTO_eddsa_verify_ (purp, \ + &(ps)->purpose, \ + sig, \ + pub); \ + }) + + +/** + * @ingroup crypto + * @brief Verify ECDSA signature. + * + * The @a validate data is the beginning of the data of which the signature is + * to be verified. The `size` field in @a validate must correctly indicate the + * number of bytes of the data structure, including its header. If @a purpose + * does not match the purpose given in @a validate (the latter must be in big + * endian), signature verification fails. If possible, use + * #GNUNET_CRYPTO_eddsa_verify() instead of this function (only if @a validate + * is not fixed-size, you must use this function directly). * * @param purpose what is the purpose that the signature should have? * @param validate block to validate (size, purpose, data) @@ -1717,13 +1803,39 @@ GNUNET_CRYPTO_eddsa_verify ( * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid */ int -GNUNET_CRYPTO_ecdsa_verify ( +GNUNET_CRYPTO_ecdsa_verify_ ( uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub); +/** + * @ingroup crypto + * @brief Verify ECDSA signature. + * + * The @a ps data must be a fixed-size struct for which the signature is to be + * created. The `size` field in @a ps->purpose must correctly indicate the + * number of bytes of the data structure, including its header. + * + * @param purp purpose of the signature, must match 'ps->purpose.purpose' + * (except in host byte order) + * @param priv private key to use for the signing + * @param ps packed struct with what to sign, MUST begin with a purpose + * @param sig where to write the signature + */ +#define GNUNET_CRYPTO_ecdsa_verify(purp,ps,sig,pub) ({ \ + /* check size is set correctly */ \ + GNUNET_assert (htonl ((ps)->purpose.size) == sizeof (*(ps))); \ + /* check 'ps' begins with the purpose */ \ + GNUNET_static_assert (((void*) (ps)) == \ + ((void*) &(ps)->purpose)); \ + GNUNET_CRYPTO_ecdsa_verify_ (purp, \ + &(ps)->purpose, \ + sig, \ + pub); \ + }) + /** * @ingroup crypto * Derive a private key from a given private key and a label. diff --git a/src/nse/gnunet-service-nse.c b/src/nse/gnunet-service-nse.c index f4d4e3e2f..793f60694 100644 --- a/src/nse/gnunet-service-nse.c +++ b/src/nse/gnunet-service-nse.c @@ -668,9 +668,10 @@ setup_flood_message (unsigned int slot, struct GNUNET_TIME_Absolute ts) fm->origin = my_identity; fm->proof_of_work = my_proof; if (nse_work_required > 0) - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, - &fm->purpose, - &fm->signature)); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_eddsa_sign_ (my_private_key, + &fm->purpose, + &fm->signature)); else memset (&fm->signature, 0, sizeof(fm->signature)); } @@ -922,10 +923,10 @@ verify_message_crypto (const struct GNUNET_NSE_FloodMessage *incoming_flood) } if ((nse_work_required > 0) && (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_NSE_SEND, - &incoming_flood->purpose, - &incoming_flood->signature, - &incoming_flood->origin.public_key))) + GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_NSE_SEND, + &incoming_flood->purpose, + &incoming_flood->signature, + &incoming_flood->origin.public_key))) { GNUNET_break_op (0); return GNUNET_NO; diff --git a/src/reclaim/oidc_helper.c b/src/reclaim/oidc_helper.c index 469b8a796..dded06389 100644 --- a/src/reclaim/oidc_helper.c +++ b/src/reclaim/oidc_helper.c @@ -551,10 +551,10 @@ OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer, buf_ptr += payload_len; // Sign and store signature if (GNUNET_SYSERR == - GNUNET_CRYPTO_ecdsa_sign (issuer, - purpose, - (struct GNUNET_CRYPTO_EcdsaSignature *) - buf_ptr)) + GNUNET_CRYPTO_ecdsa_sign_ (issuer, + purpose, + (struct GNUNET_CRYPTO_EcdsaSignature *) + buf_ptr)) { GNUNET_break (0); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n"); @@ -658,7 +658,8 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, code_verifier, strlen (code_verifier)); // encode code verifier - GNUNET_STRINGS_base64url_encode (code_verifier_hash, 256 / 8, &expected_code_challenge); + GNUNET_STRINGS_base64url_encode (code_verifier_hash, 256 / 8, + &expected_code_challenge); code_challenge = (char *) ¶ms[1]; GNUNET_free (code_verifier_hash); if ((strlen (expected_code_challenge) != code_challenge_len) || @@ -692,10 +693,10 @@ OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv, return GNUNET_SYSERR; } if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, - purpose, - signature, - &ticket->identity)) + GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, + purpose, + signature, + &ticket->identity)) { GNUNET_free (code_payload); GNUNET_free (plaintext); diff --git a/src/regex/plugin_block_regex.c b/src/regex/plugin_block_regex.c index 9c7aa9119..c087abae9 100644 --- a/src/regex/plugin_block_regex.c +++ b/src/regex/plugin_block_regex.c @@ -247,10 +247,10 @@ evaluate_block_regex_accept (void *cls, return GNUNET_BLOCK_EVALUATION_OK_DUPLICATE; } if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT, - &rba->purpose, - &rba->signature, - &rba->peer.public_key)) + GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT, + &rba->purpose, + &rba->signature, + &rba->peer.public_key)) { GNUNET_break_op (0); return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; diff --git a/src/regex/regex_internal_dht.c b/src/regex/regex_internal_dht.c index 3cf48f3c2..d2c69f131 100644 --- a/src/regex/regex_internal_dht.c +++ b/src/regex/regex_internal_dht.c @@ -136,9 +136,9 @@ regex_iterator (void *cls, GNUNET_CRYPTO_eddsa_key_get_public (h->priv, &ab.peer.public_key); GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (h->priv, - &ab.purpose, - &ab.signature)); + GNUNET_CRYPTO_eddsa_sign_ (h->priv, + &ab.purpose, + &ab.signature)); GNUNET_STATISTICS_update (h->stats, "# regex accepting blocks stored", 1, GNUNET_NO); diff --git a/src/revocation/gnunet-service-revocation.c b/src/revocation/gnunet-service-revocation.c index 51286f49b..3e811cd9a 100644 --- a/src/revocation/gnunet-service-revocation.c +++ b/src/revocation/gnunet-service-revocation.c @@ -178,10 +178,10 @@ verify_revoke_message (const struct RevokeMessage *rm) return GNUNET_NO; } if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_REVOCATION, - &rm->purpose, - &rm->signature, - &rm->public_key)) + GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, + &rm->purpose, + &rm->signature, + &rm->public_key)) { GNUNET_break_op (0); return GNUNET_NO; diff --git a/src/revocation/plugin_block_revocation.c b/src/revocation/plugin_block_revocation.c index 3d0b55a0d..8d16b8781 100644 --- a/src/revocation/plugin_block_revocation.c +++ b/src/revocation/plugin_block_revocation.c @@ -151,10 +151,10 @@ block_plugin_revocation_evaluate (void *cls, return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; } if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_REVOCATION, - &rm->purpose, - &rm->signature, - &rm->public_key)) + GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_REVOCATION, + &rm->purpose, + &rm->signature, + &rm->public_key)) { GNUNET_break_op (0); return GNUNET_BLOCK_EVALUATION_RESULT_INVALID; diff --git a/src/revocation/revocation_api.c b/src/revocation/revocation_api.c index ea8db835f..4755d4816 100644 --- a/src/revocation/revocation_api.c +++ b/src/revocation/revocation_api.c @@ -389,9 +389,9 @@ GNUNET_REVOCATION_sign_revocation (const struct + sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); GNUNET_CRYPTO_ecdsa_key_get_public (key, &rm.public_key); GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_ecdsa_sign (key, - &rm.purpose, - sig)); + GNUNET_CRYPTO_ecdsa_sign_ (key, + &rm.purpose, + sig)); } diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c index d2e47da8b..2177134f6 100644 --- a/src/secretsharing/gnunet-service-secretsharing.c +++ b/src/secretsharing/gnunet-service-secretsharing.c @@ -679,7 +679,7 @@ generate_presecret_polynomial (struct KeygenSession *ks) for (i = 0; i < ks->threshold; i++) { v = ks->presecret_polynomial[i] = gcry_mpi_new ( - GNUNET_SECRETSHARING_ELGAMAL_BITS); + GNUNET_SECRETSHARING_ELGAMAL_BITS); GNUNET_assert (NULL != v); // Randomize v such that 0 < v < elgamal_q. // The '- 1' is necessary as bitlength(q) = bitlength(p) - 1. @@ -750,7 +750,7 @@ keygen_round1_new_element (void *cls, return; } - if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify ( + if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify_ ( GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1, &d->purpose, &d->signature, &d->peer.public_key)) @@ -1341,9 +1341,9 @@ insert_round2_element (struct KeygenSession *ks) purpose)); d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2); GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, - &d->purpose, - &d->signature)); + GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key, + &d->purpose, + &d->signature)); GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); GNUNET_free (element); /* FIXME: maybe stack-allocate instead? */ @@ -1485,7 +1485,7 @@ keygen_round2_new_element (void *cls, return; } - if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify ( + if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify_ ( GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2, &d->purpose, &d->signature, &d->peer.public_key)) @@ -1687,9 +1687,9 @@ insert_round1_element (struct KeygenSession *ks) purpose)); d->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1); GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, - &d->purpose, - &d->signature)); + GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key, + &d->purpose, + &d->signature)); GNUNET_CONSENSUS_insert (ks->consensus, element, NULL, NULL); @@ -2189,9 +2189,9 @@ insert_decrypt_element (struct DecryptSession *ds) d.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DECRYPTION); GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (my_peer_private_key, - &d.purpose, - &d.signature)); + GNUNET_CRYPTO_eddsa_sign_ (my_peer_private_key, + &d.purpose, + &d.signature)); GNUNET_CONSENSUS_insert (ds->consensus, &element, NULL, NULL); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, diff --git a/src/transport/gnunet-communicator-tcp.c b/src/transport/gnunet-communicator-tcp.c index 045a57d0f..2786ba184 100644 --- a/src/transport/gnunet-communicator-tcp.c +++ b/src/transport/gnunet-communicator-tcp.c @@ -880,7 +880,7 @@ do_rekey (struct Queue *queue, const struct TCPRekey *rekey) /* FIXME: check monotonic time is monotonic... */ if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_TCP_REKEY, - &thp.purpose, + &thp, &rekey->sender_sig, &queue->target.public_key)) { @@ -1063,8 +1063,7 @@ queue_read (void *cls) However, we have to take into account that the plaintext buffer may have already contained data and not jumpt too far ahead in the ciphertext. If there is no rekey and the last message is incomplete (max > total), - it is safe to keep the decryption so we shift by 'max' */ - if (GNUNET_YES == queue->rekeyed) + it is safe to keep the decryption so we shift by 'max' */if (GNUNET_YES == queue->rekeyed) { max = total - old_pread_off; queue->rekeyed = GNUNET_NO; @@ -1284,9 +1283,9 @@ inject_rekey (struct Queue *queue) thp.receiver = queue->target; thp.ephemeral = rekey.ephemeral; thp.monotonic_time = rekey.monotonic_time; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, - &thp.purpose, - &rekey.sender_sig)); + GNUNET_CRYPTO_eddsa_sign (my_private_key, + &thp, + &rekey.sender_sig); calculate_hmac (&queue->out_hmac, &rekey, sizeof(rekey), &rekey.hmac); /* Encrypt rekey message with 'old' cipher */ GNUNET_assert (0 == @@ -1586,9 +1585,9 @@ transmit_kx (struct Queue *queue, ths.receiver = queue->target; ths.ephemeral = *epub; ths.monotonic_time = tc.monotonic_time; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, - &ths.purpose, - &tc.sender_sig)); + GNUNET_CRYPTO_eddsa_sign (my_private_key, + &ths, + &tc.sender_sig); GNUNET_assert (0 == gcry_cipher_encrypt (queue->out_cipher, &queue->cwrite_buf[queue->cwrite_off], @@ -1654,7 +1653,7 @@ decrypt_and_check_tc (struct Queue *queue, from this sender! */ return GNUNET_CRYPTO_eddsa_verify ( GNUNET_SIGNATURE_COMMUNICATOR_TCP_HANDSHAKE, - &ths.purpose, + &ths, &tc->sender_sig, &tc->sender.public_key); } @@ -1953,7 +1952,7 @@ mq_init (void *cls, const struct GNUNET_PeerIdentity *peer, const char *address) queue->address_len = in_len; queue->sock = sock; boot_queue (queue, GNUNET_TRANSPORT_CS_OUTBOUND); - //queue->mq_awaits_continue = GNUNET_YES; + // queue->mq_awaits_continue = GNUNET_YES; queue->read_task = GNUNET_SCHEDULER_add_read_net (GNUNET_CONSTANTS_IDLE_CONNECTION_TIMEOUT, queue->sock, @@ -2155,9 +2154,9 @@ run (void *cls, max_queue_length = DEFAULT_MAX_QUEUE_LENGTH; if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (cfg, - COMMUNICATOR_CONFIG_SECTION, - "REKEY_INTERVAL", - &rekey_interval)) + COMMUNICATOR_CONFIG_SECTION, + "REKEY_INTERVAL", + &rekey_interval)) rekey_interval = DEFAULT_REKEY_INTERVAL; in = tcp_address_to_sockaddr (bindto, &in_len); @@ -2286,8 +2285,8 @@ main (int argc, char *const *argv) options, &run, NULL)) - ? 0 - : 1; + ? 0 + : 1; GNUNET_free ((void *) argv); return ret; } diff --git a/src/transport/gnunet-communicator-udp.c b/src/transport/gnunet-communicator-udp.c index d767689b9..1542a7702 100644 --- a/src/transport/gnunet-communicator-udp.c +++ b/src/transport/gnunet-communicator-udp.c @@ -1533,7 +1533,7 @@ verify_confirmation (const struct GNUNET_CRYPTO_EcdhePublicKey *ephemeral, uhs.monotonic_time = uc->monotonic_time; return GNUNET_CRYPTO_eddsa_verify ( GNUNET_SIGNATURE_COMMUNICATOR_UDP_HANDSHAKE, - &uhs.purpose, + &uhs, &uc->sender_sig, &uc->sender.public_key); } @@ -1634,7 +1634,7 @@ sock_read (void *cls) GNUNET_CRYPTO_hash (&sa, salen, &uhs.h_address); if (GNUNET_OK == GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_COMMUNICATOR_UDP_BROADCAST, - &uhs.purpose, + &uhs, &ub->sender_sig, &ub->sender.public_key)) { @@ -1932,9 +1932,9 @@ mq_send (struct GNUNET_MQ_Handle *mq, uhs.receiver = receiver->target; GNUNET_CRYPTO_ecdhe_key_get_public (&epriv, &uhs.ephemeral); uhs.monotonic_time = uc.monotonic_time; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, - &uhs.purpose, - &uc.sender_sig)); + GNUNET_CRYPTO_eddsa_sign (my_private_key, + &uhs, + &uc.sender_sig); /* Leave space for kx */ dpos = sizeof(kx); /* Append encrypted uc to dgram */ @@ -2534,9 +2534,9 @@ iface_proc (void *cls, ubs.purpose.size = htonl (sizeof(ubs)); ubs.sender = my_identity; GNUNET_CRYPTO_hash (addr, addrlen, &ubs.h_address); - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (my_private_key, - &ubs.purpose, - &bi->bcm.sender_sig)); + GNUNET_CRYPTO_eddsa_sign (my_private_key, + &ubs, + &bi->bcm.sender_sig); if (NULL != broadcast_addr) { bi->broadcast_task = GNUNET_SCHEDULER_add_now (&ifc_broadcast, bi); diff --git a/src/transport/gnunet-service-tng.c b/src/transport/gnunet-service-tng.c index 8d68d90a6..75763fd9d 100644 --- a/src/transport/gnunet-service-tng.c +++ b/src/transport/gnunet-service-tng.c @@ -4137,9 +4137,9 @@ update_ephemeral (struct DistanceVector *dv) ec.purpose.size = htonl (sizeof(ec)); ec.target = dv->target; ec.ephemeral_key = dv->ephemeral_key; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, - &ec.purpose, - &dv->sender_sig)); + GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, + &ec, + &dv->sender_sig); } @@ -6391,17 +6391,17 @@ forward_dv_learn (const struct GNUNET_PeerIdentity *next_hop, GNUNET_memcpy (dhops, hops, sizeof(struct DVPathEntryP) * nhops); dhops[nhops].hop = GST_my_identity; { - struct DvHopPS dhp = { .purpose.purpose = - htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP), - .purpose.size = htonl (sizeof(dhp)), - .pred = dhops[nhops - 1].hop, - .succ = *next_hop, - .challenge = msg->challenge }; + struct DvHopPS dhp = { + .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP), + .purpose.size = htonl (sizeof(dhp)), + .pred = dhops[nhops - 1].hop, + .succ = *next_hop, + .challenge = msg->challenge + }; - GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, - &dhp.purpose, - &dhops[nhops].hop_sig)); + GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, + &dhp, + &dhops[nhops].hop_sig); } route_control_message_without_fc (next_hop, &fwd->header, @@ -6434,7 +6434,7 @@ validate_dv_initiator_signature ( if ( GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR, - &ip.purpose, + &ip, init_sig, &init->public_key)) { @@ -6770,7 +6770,7 @@ handle_dv_learn (void *cls, const struct TransportDVLearnMessage *dvl) if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_HOP, - &dhp.purpose, + &dhp, &hops[i].hop_sig, &hops[i].hop.public_key)) { @@ -7422,7 +7422,7 @@ handle_dv_box (void *cls, const struct TransportDVBoxMessage *dvb) GNUNET_OK != GNUNET_CRYPTO_eddsa_verify ( GNUNET_SIGNATURE_PURPOSE_TRANSPORT_EPHEMERAL, - &ec.purpose, + &ec, &ppay.sender_sig, &ppay.sender.public_key)) { @@ -7728,15 +7728,16 @@ handle_validation_challenge ( tvr.validity_duration = validity_duration; { /* create signature */ - struct TransportValidationPS tvp = - { .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE), + struct TransportValidationPS tvp = { + .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE), .purpose.size = htonl (sizeof(tvp)), .validity_duration = validity_duration, - .challenge = tvc->challenge }; + .challenge = tvc->challenge + }; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, - &tvp.purpose, - &tvr.signature)); + GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, + &tvp, + &tvr.signature); } route_control_message_without_fc (&cmc->im.sender, &tvr.header, @@ -7921,16 +7922,17 @@ handle_validation_response ( { /* check signature */ - struct TransportValidationPS tvp = - { .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE), + struct TransportValidationPS tvp = { + .purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE), .purpose.size = htonl (sizeof(tvp)), .validity_duration = tvr->validity_duration, - .challenge = tvr->challenge }; + .challenge = tvr->challenge + }; if ( GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_CHALLENGE, - &tvp.purpose, + &tvp, &tvr->signature, &cmc->im.sender.public_key)) { @@ -9393,15 +9395,17 @@ start_dv_learn (void *cls) dvl.monotonic_time = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get_monotonic (GST_cfg)); { - struct DvInitPS dvip = { .purpose.purpose = htonl ( - GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR), - .purpose.size = htonl (sizeof(dvip)), - .monotonic_time = dvl.monotonic_time, - .challenge = lle->challenge }; - - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, - &dvip.purpose, - &dvl.init_sig)); + struct DvInitPS dvip = { + .purpose.purpose = htonl ( + GNUNET_SIGNATURE_PURPOSE_TRANSPORT_DV_INITIATOR), + .purpose.size = htonl (sizeof(dvip)), + .monotonic_time = dvl.monotonic_time, + .challenge = lle->challenge + }; + + GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, + &dvip, + &dvl.init_sig); } dvl.initiator = GST_my_identity; dvl.challenge = lle->challenge; diff --git a/src/transport/gnunet-service-transport_neighbours.c b/src/transport/gnunet-service-transport_neighbours.c index 9c6cebc24..ec64ca607 100644 --- a/src/transport/gnunet-service-transport_neighbours.c +++ b/src/transport/gnunet-service-transport_neighbours.c @@ -1045,9 +1045,9 @@ send_disconnect (struct NeighbourMapEntry *n) GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_get ()); disconnect_msg.public_key = GST_my_identity.public_key; GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, - &disconnect_msg.purpose, - &disconnect_msg.signature)); + GNUNET_CRYPTO_eddsa_sign_ (GST_my_private_key, + &disconnect_msg.purpose, + &disconnect_msg.signature)); (void) send_with_session (n, &disconnect_msg, @@ -3763,7 +3763,7 @@ GST_neighbours_handle_disconnect_message (const struct return; } if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify ( + GNUNET_CRYPTO_eddsa_verify_ ( GNUNET_MESSAGE_TYPE_TRANSPORT_SESSION_DISCONNECT, &sdm->purpose, &sdm->signature, diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index 631b0a8f8..610c45a21 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c @@ -1271,8 +1271,9 @@ GST_validation_handle_ping (const struct GNUNET_PeerIdentity *sender, *sig_cache_exp = GNUNET_TIME_relative_to_absolute (PONG_SIGNATURE_LIFETIME); pong->expiration = GNUNET_TIME_absolute_hton (*sig_cache_exp); if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_sign (GST_my_private_key, &pong->purpose, - sig_cache)) + GNUNET_CRYPTO_eddsa_sign_ (GST_my_private_key, + &pong->purpose, + sig_cache)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, _ ("Failed to create PONG signature for peer `%s'\n"), @@ -1559,7 +1560,7 @@ GST_validation_handle_pong (const struct GNUNET_PeerIdentity *sender, if (GNUNET_YES == do_verify) { /* Do expensive verification */ - sig_res = GNUNET_CRYPTO_eddsa_verify ( + sig_res = GNUNET_CRYPTO_eddsa_verify_ ( GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, &pong->purpose, &pong->signature, diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index d2cbe9450..4c1169f43 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -688,7 +688,7 @@ data_to_ecdsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose) * @return #GNUNET_SYSERR on error, #GNUNET_OK on success */ int -GNUNET_CRYPTO_ecdsa_sign ( +GNUNET_CRYPTO_ecdsa_sign_ ( const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig) @@ -750,7 +750,7 @@ GNUNET_CRYPTO_ecdsa_sign ( * @return #GNUNET_SYSERR on error, #GNUNET_OK on success */ int -GNUNET_CRYPTO_eddsa_sign ( +GNUNET_CRYPTO_eddsa_sign_ ( const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig) @@ -786,7 +786,7 @@ GNUNET_CRYPTO_eddsa_sign ( * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid */ int -GNUNET_CRYPTO_ecdsa_verify ( +GNUNET_CRYPTO_ecdsa_verify_ ( uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EcdsaSignature *sig, @@ -860,7 +860,7 @@ GNUNET_CRYPTO_ecdsa_verify ( * @returns #GNUNET_OK if ok, #GNUNET_SYSERR if invalid */ int -GNUNET_CRYPTO_eddsa_verify ( +GNUNET_CRYPTO_eddsa_verify_ ( uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, diff --git a/src/util/gnunet-crypto-tvg.c b/src/util/gnunet-crypto-tvg.c index a09a6ff50..e0ef9a622 100644 --- a/src/util/gnunet-crypto-tvg.c +++ b/src/util/gnunet-crypto-tvg.c @@ -124,16 +124,19 @@ run (void *cls, struct GNUNET_CRYPTO_EddsaPublicKey pub; struct GNUNET_CRYPTO_EddsaSignature sig; struct TestSignatureDataPS data = { 0 }; + priv = GNUNET_CRYPTO_eddsa_key_create (); GNUNET_CRYPTO_eddsa_key_get_public (priv, &pub); - data.purpose.size = htonl (sizeof (struct TestSignatureDataPS)); - data.purpose.size = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_sign (priv, &data.purpose, - &sig)); - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_eddsa_verify (0, - &data.purpose, - &sig, - &pub)); + data.purpose.size = htonl (sizeof (data)); + data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); + GNUNET_CRYPTO_eddsa_sign (priv, + &data, + &sig); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, + &data, + &sig, + &pub)); printf ("eddsa sig:\n"); display_data (" priv", priv, sizeof (struct @@ -151,15 +154,16 @@ run (void *cls, char *salt = "I'm very salty"; char *ctx = "I'm a context chunk, also known as 'info' in the RFC"; - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_kdf (&out, - out_len, - salt, - strlen (salt), - ikm, - strlen (ikm), - ctx, - strlen (ctx), - NULL)); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_kdf (&out, + out_len, + salt, + strlen (salt), + ikm, + strlen (ikm), + ctx, + strlen (ctx), + NULL)); printf ("kdf:\n"); display_data (" salt", salt, strlen (salt)); @@ -210,15 +214,19 @@ run (void *cls, size_t sig_enc_length; skey = GNUNET_CRYPTO_rsa_private_key_create (2048); pkey = GNUNET_CRYPTO_rsa_private_key_get_public (skey); - GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &message_hash, + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, + &message_hash, sizeof (struct GNUNET_HashCode)); - GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &bks, sizeof (struct - GNUNET_CRYPTO_RsaBlindingKeySecret)); - GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_rsa_blind (&message_hash, - &bks, - pkey, - &blinded_data, - &blinded_len)); + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, + &bks, + sizeof (struct + GNUNET_CRYPTO_RsaBlindingKeySecret)); + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_rsa_blind (&message_hash, + &bks, + pkey, + &blinded_data, + &blinded_len)); blinded_sig = GNUNET_CRYPTO_rsa_sign_blinded (skey, blinded_data, blinded_len); sig = GNUNET_CRYPTO_rsa_unblind (blinded_sig, &bks, pkey); diff --git a/src/util/perf_crypto_asymmetric.c b/src/util/perf_crypto_asymmetric.c index 7594733b0..49d9ec644 100644 --- a/src/util/perf_crypto_asymmetric.c +++ b/src/util/perf_crypto_asymmetric.c @@ -93,18 +93,18 @@ main (int argc, char *argv[]) start = GNUNET_TIME_absolute_get (); for (i = 0; i < l; i++) GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (eddsa[i], - &sig[i].purp, - &sig[i].sig)); + GNUNET_CRYPTO_eddsa_sign_ (eddsa[i], + &sig[i].purp, + &sig[i].sig)); log_duration ("EdDSA", "sign HashCode"); start = GNUNET_TIME_absolute_get (); for (i = 0; i < l; i++) GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_verify (0, - &sig[i].purp, - &sig[i].sig, - &dspub[i])); + GNUNET_CRYPTO_eddsa_verify_ (0, + &sig[i].purp, + &sig[i].sig, + &dspub[i])); log_duration ("EdDSA", "verify HashCode"); start = GNUNET_TIME_absolute_get (); diff --git a/src/util/test_crypto_ecdsa.c b/src/util/test_crypto_ecdsa.c index 826097d52..190c58d7d 100644 --- a/src/util/test_crypto_ecdsa.c +++ b/src/util/test_crypto_ecdsa.c @@ -55,7 +55,8 @@ testSignVerify () for (i = 0; i < ITER; i++) { fprintf (stderr, "%s", "."); fflush (stderr); - if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (key, &purp, &sig)) + if (GNUNET_SYSERR == + GNUNET_CRYPTO_ecdsa_sign_ (key, &purp, &sig)) { fprintf (stderr, "%s", @@ -64,16 +65,18 @@ testSignVerify () continue; } if (GNUNET_SYSERR == - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, &purp, &sig, - &pkey)) + GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, + &purp, &sig, + &pkey)) { printf ("GNUNET_CRYPTO_ecdsa_verify failed!\n"); ok = GNUNET_SYSERR; continue; } if (GNUNET_SYSERR != - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, - &purp, &sig, &pkey)) + GNUNET_CRYPTO_ecdsa_verify_ ( + GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, + &purp, &sig, &pkey)) { printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); ok = GNUNET_SYSERR; @@ -104,33 +107,33 @@ testDeriveSignVerify () purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)); purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); - if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (dpriv, &purp, &sig)) + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign_ (dpriv, &purp, &sig)) { fprintf (stderr, "%s", "GNUNET_CRYPTO_ecdsa_sign returned SYSERR\n"); GNUNET_free (dpriv); return GNUNET_SYSERR; } if (GNUNET_SYSERR == - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, - &purp, &sig, - &dpub)) + GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, + &purp, &sig, + &dpub)) { printf ("GNUNET_CRYPTO_ecdsa_verify failed!\n"); GNUNET_free (dpriv); return GNUNET_SYSERR; } if (GNUNET_SYSERR != - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, - &purp, &sig, - &pkey)) + GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, + &purp, &sig, + &pkey)) { printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); GNUNET_free (dpriv); return GNUNET_SYSERR; } if (GNUNET_SYSERR != - GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, - &purp, &sig, &dpub)) + GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, + &purp, &sig, &dpub)) { printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); GNUNET_free (dpriv); @@ -160,7 +163,7 @@ testSignPerformance () for (i = 0; i < ITER; i++) { fprintf (stderr, "%s", "."); fflush (stderr); - if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (key, &purp, &sig)) + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign_ (key, &purp, &sig)) { fprintf (stderr, "%s", "GNUNET_CRYPTO_ecdsa_sign returned SYSERR\n"); diff --git a/src/util/test_crypto_eddsa.c b/src/util/test_crypto_eddsa.c index c0ad387e1..87990cbac 100644 --- a/src/util/test_crypto_eddsa.c +++ b/src/util/test_crypto_eddsa.c @@ -56,23 +56,24 @@ testSignVerify () for (unsigned int i = 0; i < ITER; i++) { fprintf (stderr, "%s", "."); fflush (stderr); - if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign (key, &purp, &sig)) + if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign_ (key, &purp, &sig)) { fprintf (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n"); ok = GNUNET_SYSERR; continue; } if (GNUNET_SYSERR == - GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TEST, &purp, &sig, - &pkey)) + GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, &purp, &sig, + &pkey)) { printf ("GNUNET_CRYPTO_eddsa_verify failed!\n"); ok = GNUNET_SYSERR; continue; } if (GNUNET_SYSERR != - GNUNET_CRYPTO_eddsa_verify (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, - &purp, &sig, &pkey)) + GNUNET_CRYPTO_eddsa_verify_ ( + GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, + &purp, &sig, &pkey)) { printf ("GNUNET_CRYPTO_eddsa_verify failed to fail!\n"); ok = GNUNET_SYSERR; @@ -105,7 +106,7 @@ testSignPerformance () for (unsigned int i = 0; i < ITER; i++) { fprintf (stderr, "%s", "."); fflush (stderr); - if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign (key, &purp, &sig)) + if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign_ (key, &purp, &sig)) { fprintf (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n"); ok = GNUNET_SYSERR; -- 2.25.1