[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated (e3f580d9c -> 51603103f)
|
From: |
gnunet |
|
Subject: |
[gnunet] branch master updated (e3f580d9c -> 51603103f) |
|
Date: |
Wed, 06 Mar 2024 11:32:51 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a change to branch master
in repository gnunet.
from e3f580d9c MESSENGER: Fix potential infinite delay of peer messages
new ae50b256e elligator: code cleanup
new fbdeca812 elligator: kem encaps and decaps
new 70ba8d9eb udp communicator: ECDH with elligator
new 51603103f - uncrustify code
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/include/gnunet_crypto_lib.h | 43 ++++++-
src/lib/util/crypto_elligator.c | 151 +++++++++---------------
src/lib/util/test_crypto_elligator.c | 88 +++++++-------
src/service/transport/gnunet-communicator-udp.c | 75 ++++++++++--
4 files changed, 199 insertions(+), 158 deletions(-)
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 4580f795d..168f934e1 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -2686,13 +2686,13 @@ GNUNET_CRYPTO_ecdhe_elligator_direct_map (uint8_t
*point, bool *high_y,
*
* @param serialized_representative serialized version of an element of
Curves25519's finite field
* @param point destination for the calculated point on the curve
- * @param high_y destination set to "True" if corresponding y-coordinate is >
2 ^ 254 - 10
+ * @param high_y value pointed to will be set to true if corresponding
y-coordinate is > 2 ^ 254 - 10, otherwise 0. Can be set to NULL if not needed.
*/
bool
GNUNET_CRYPTO_ecdhe_elligator_decoding (struct
GNUNET_CRYPTO_EcdhePublicKey *point,
bool *high_y,
- struct
+ const struct
GNUNET_CRYPTO_ElligatorRepresentative *
seriliazed_representative);
@@ -2741,13 +2741,48 @@ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key
(unsigned char
*
* @param repr representative of the public key
* @param pk Curve25519 private key
- * @return GNUNET_OK if creation successful
*/
-enum GNUNET_GenericReturnValue
+void
GNUNET_CRYPTO_ecdhe_elligator_key_create (
struct GNUNET_CRYPTO_ElligatorRepresentative *repr,
struct GNUNET_CRYPTO_EcdhePrivateKey *pk);
+/**
+ * @ingroup crypto
+ * Carries out ecdh encapsulation with given public key and the private key
from a freshly created ephemeral key pair.
+ *
+ * Following the terminology in https://eprint.iacr.org/2021/509.pdf
+ * @param pub given edwards curve public key (X)
+ * @param r representative of ephemeral public key A to use for the ECDH
(direct_map(r)=A=aG)
+ * @param key_material where to write the key material H(aX)=H(x(aG))
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_elligator_kem_encaps (const struct
+ GNUNET_CRYPTO_EddsaPublicKey *pub,
+ struct
+ GNUNET_CRYPTO_ElligatorRepresentative
+ *r,
+ struct GNUNET_HashCode
*key_material);
+
+/**
+ * @ingroup crypto
+ * Carries out ecdh decapsulation with own private key and the representative
of the received public key.
+ *
+ * Following the terminology in https://eprint.iacr.org/2021/509.pdf
+ * @param priv own private key (x)
+ * @param r received representative r, from which we can obtain the public key
A (direct_map(r)=A=aG)
+ * @param key_material where to write the key material H(xA)=H(a(xG))
+ * @return #GNUNET_SYSERR on error, #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_elligator_kem_decaps (const struct
+ GNUNET_CRYPTO_EddsaPrivateKey *priv,
+ const struct
+ GNUNET_CRYPTO_ElligatorRepresentative
+ *r,
+ struct GNUNET_HashCode
*key_material);
+
/**
* Output the given MPI value to the given buffer in network
diff --git a/src/lib/util/crypto_elligator.c b/src/lib/util/crypto_elligator.c
index e512696a7..b46d30d6f 100644
--- a/src/lib/util/crypto_elligator.c
+++ b/src/lib/util/crypto_elligator.c
@@ -447,14 +447,25 @@ bool
GNUNET_CRYPTO_ecdhe_elligator_decoding (struct
GNUNET_CRYPTO_EcdhePublicKey *point,
bool *high_y,
- struct
+ const struct
GNUNET_CRYPTO_ElligatorRepresentative *
representative)
{
- representative->r[31] &= 63;
+ // if sign of direct map transformation not needed throw it away
+ bool high_y_local;
+ bool *high_y_ptr;
+ if (NULL == high_y)
+ high_y_ptr = &high_y_local;
+ else
+ high_y_ptr = high_y;
+
+ struct GNUNET_CRYPTO_ElligatorRepresentative r_tmp;
+ memcpy (&r_tmp, &representative->r, sizeof(r_tmp.r));
+ r_tmp.r[31] &= 63;
+ // GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"Print high_y\n");
return GNUNET_CRYPTO_ecdhe_elligator_direct_map ((uint8_t *) point->q_y,
- high_y,
- (uint8_t *)
representative->r);
+ high_y_ptr,
+ (uint8_t *) r_tmp.r);
}
@@ -536,10 +547,9 @@ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key
(unsigned char
*pk)
{
// eHigh
- // Note crypto_scalarmult_ed25519_base clamps the scalar (here pk->d). TODO:
test this
- // TODO: if pk-d is zero cryto_scalarmult... return -1, otherwise 0. Problem
if 0? Unlikely anyway
+ // crypto_scalarmult_ed25519_base clamps the scalar pk->d and return only 0
if pk->d is zero
unsigned char eHigh[crypto_scalarmult_SCALARBYTES] = {0};
- crypto_scalarmult_ed25519_base (eHigh, pk->d);
+ GNUNET_assert (0 == crypto_scalarmult_ed25519_base (eHigh, pk->d));
// eLow: choose a random point of low order
int sLow = (pk->d)[0] % 8;
@@ -553,13 +563,6 @@ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key
(unsigned char
return GNUNET_SYSERR;
}
- // Convert point in Ed25519 to Montgomery point
- // TODO: libsodium convert function doesn't work. Figure out why. Maybe
because we work on the whole curve rather than the prime subgroup.
- /*if (crypto_sign_ed25519_pk_to_curve25519 (pub, edPub) == -1)
- {
- return -1;
- }*/
-
if (Elligator_2_Curve25519_convert_from_Ed25519 (pub, edPub) == false)
{
return GNUNET_SYSERR;
@@ -568,86 +571,7 @@ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key
(unsigned char
}
-/**
-Doesn't work because crypto_scalarmult clamps the scalar. We don't want this.
-Unfortunately a "noclamp" version of multiplication is only available for
edwards25519 in libsodium.
-We therefore can't implement the second (alternative) method for
generate_public_key.
-Keeping this code for discussion. Delete later.
-
-// Curve25519 point (only x-coordinate) which is needed for the alternativ
method of
-//GNUNET_CRYPTO_ecdhe_elligator_generate_public_key_alternativ
-static const unsigned char kPoint[] = {
- 0xD8, 0x86, 0x1A, 0xA2, 0x78, 0x7A, 0xD9, 0x26,
- 0x8B, 0x74, 0x74, 0xB6, 0x82, 0xE3, 0xBE, 0xC3,
- 0xCE, 0x36, 0x9A, 0x1E, 0x5E, 0x31, 0x47, 0xA2,
- 0x6D, 0x37, 0x7C, 0xFD, 0x20, 0xB5, 0xDF, 0x75
-};
-
-// Curve25519 order of prime order subgroup
-static const unsigned char L[] = {
- 0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58,
- 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
-};
-
-static void multiplyLittleEndianArray(const unsigned char *input, int
multiplier, unsigned char *output, int arraySize) {
- int carry = 0;
-
- for (int i = 0; i < arraySize; ++i) {
- int result = input[i] * multiplier + carry;
- output[i] = result & 0xFF; // Store the lower 8 bits in the output
array
- carry = result >> 8; // Carry the remaining bits to the next
iteration
- }
-}
-
-static void addLittleEndianArrays(const unsigned char *array1, const unsigned
char *array2, unsigned char *result, int arraySize) {
- int carry = 0;
-
- for (int i = 0; i < arraySize; ++i) {
- int sum = array1[i] + array2[i] + carry;
- result[i] = sum & 0xFF; // Store the lower 8 bits in the result array
- carry = sum >> 8; // Carry the remaining bits to the next
iteration
- }
-}
-
-Would call GNUNET_CRYPTO_ecdhe_key_create (struct
GNUNET_CRYPTO_EcdhePrivateKey *pk) for pk which is not clamped
-Following Method 1 in description https://elligator.org/key-exchange section
Step 2: Generate a “special” public key
-int
-GNUNET_CRYPTO_ecdhe_elligator_generate_public_key_alternativ (unsigned char
- pub[
-
crypto_scalarmult_SCALARBYTES
- ],
- struct
-
GNUNET_CRYPTO_EcdhePrivateKey
- *pk)
-{
- unsigned char sClamp[crypto_scalarmult_BYTES] = {0};
- memcpy(sClamp, pk->d, sizeof(sClamp));
- sClamp[0] &= 248;
- sClamp[31] &= 127;
- sClamp[31] |= 64;
-
- unsigned char sLow[crypto_scalarmult_BYTES] = {0};
- int multiplier = (pk->d)[0] % 8;
- multiplyLittleEndianArray(L, multiplier, sLow, 32);
- unsigned char sDirty[crypto_scalarmult_BYTES] = {0};
- addLittleEndianArrays(sClamp, sLow, sDirty, 32);
-
- int check = crypto_scalarmult(pub, sDirty,
- kPoint);
-
- if (check == -1)
- {
- printf("crypto_scalarmult didn't work\n");
- return -1;
- }
-
- return 0;
-}
-**/
-
-enum GNUNET_GenericReturnValue
+void
GNUNET_CRYPTO_ecdhe_elligator_key_create (
struct GNUNET_CRYPTO_ElligatorRepresentative *repr,
struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
@@ -665,10 +589,12 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create (
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
pk,
sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
- if (GNUNET_CRYPTO_ecdhe_elligator_generate_public_key (pub, pk) ==
- GNUNET_SYSERR)
+
+ // Continue if generate_public_key fails
+ if (GNUNET_SYSERR ==
+ GNUNET_CRYPTO_ecdhe_elligator_generate_public_key (pub, pk))
{
- return GNUNET_SYSERR;
+ continue;
}
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
@@ -695,5 +621,34 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create (
{
repr->r[31] |= 64;
}
- return GNUNET_OK;
+}
+
+
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_elligator_kem_encaps (const struct
+ GNUNET_CRYPTO_EddsaPublicKey *pub,
+ struct
+ GNUNET_CRYPTO_ElligatorRepresentative
+ *r,
+ struct GNUNET_HashCode *key_material)
+{
+ struct GNUNET_CRYPTO_EcdhePrivateKey sk;
+
+ GNUNET_CRYPTO_ecdhe_elligator_key_create (r, &sk);
+
+ return GNUNET_CRYPTO_ecdh_eddsa (&sk, pub, key_material);
+}
+
+
+enum GNUNET_GenericReturnValue
+GNUNET_CRYPTO_eddsa_elligator_kem_decaps (const struct
+ GNUNET_CRYPTO_EddsaPrivateKey *priv,
+ const struct
+ GNUNET_CRYPTO_ElligatorRepresentative
+ *r,
+ struct GNUNET_HashCode *key_material)
+{
+ struct GNUNET_CRYPTO_EcdhePublicKey pub;
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&pub, NULL, r);
+ return GNUNET_CRYPTO_eddsa_ecdh (priv, &pub, key_material);
}
diff --git a/src/lib/util/test_crypto_elligator.c
b/src/lib/util/test_crypto_elligator.c
index 488a296d6..bd357a259 100644
--- a/src/lib/util/test_crypto_elligator.c
+++ b/src/lib/util/test_crypto_elligator.c
@@ -121,23 +121,6 @@ testGeneratePkScalarMult (void)
}
-/*
-* Test Description: Simply testing, if function goes through.
-*/
-static int
-testKeyPairEasy (void)
-{
- struct GNUNET_CRYPTO_ElligatorRepresentative repr;
- struct GNUNET_CRYPTO_EcdhePrivateKey pk;
- int i = GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr, &pk);
- if (i == GNUNET_SYSERR)
- {
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-
/*
* Test Description: After generating a valid private key and the corresponding
representative with
* GNUNET_CRYPTO_ecdhe_elligator_key_create(), check if using the direct map
results in the corresponding public key.
@@ -148,20 +131,15 @@ testInverseDirect (void)
struct GNUNET_CRYPTO_ElligatorRepresentative repr;
struct GNUNET_CRYPTO_EcdhePublicKey point;
struct GNUNET_CRYPTO_EcdhePrivateKey pk;
- int i = GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr, &pk);
- if (i == -1)
- {
- return GNUNET_SYSERR;
- }
+ GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr, &pk);
unsigned char pub[crypto_scalarmult_SCALARBYTES];
- bool highY;
if (GNUNET_CRYPTO_ecdhe_elligator_generate_public_key (pub, &pk) == -1)
{
return GNUNET_SYSERR;
}
- GNUNET_CRYPTO_ecdhe_elligator_decoding (&point, &highY, &repr);
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&point, NULL, &repr);
if (memcmp (pub, point.q_y, sizeof(point.q_y)) != 0)
{
@@ -194,14 +172,7 @@ testTimeKeyGenerate (void)
{
fprintf (stderr, "%s", ".");
fflush (stderr);
- if (GNUNET_SYSERR ==
- GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr, &pk))
- {
- fprintf (stderr,
- "GNUNET_CRYPTO_ecdhe_elligator_key_create SYSERR\n");
- ok = GNUNET_SYSERR;
- }
- // printLittleEndianHex(repr.r,32);
+ GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr, &pk);
}
printf ("%d encoded public keys generated in %s\n",
ITER,
@@ -218,20 +189,12 @@ testTimeDecoding (void)
struct GNUNET_CRYPTO_EcdhePublicKey point;
struct GNUNET_CRYPTO_ElligatorRepresentative repr[ITER];
struct GNUNET_CRYPTO_EcdhePrivateKey pk;
- bool high_y;
struct GNUNET_TIME_Absolute start;
int ok = GNUNET_OK;
for (unsigned int i = 0; i < ITER; i++)
{
- if (GNUNET_SYSERR ==
- GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr[i], &pk))
- {
- fprintf (stderr,
- "GNUNET_CRYPTO_ecdhe_elligator_key_create SYSERR\n");
- ok = GNUNET_SYSERR;
- continue;
- }
+ GNUNET_CRYPTO_ecdhe_elligator_key_create (&repr[i], &pk);
}
fprintf (stderr, "%s", "W");
@@ -242,7 +205,7 @@ testTimeDecoding (void)
fprintf (stderr, "%s", ".");
fflush (stderr);
if (false ==
- GNUNET_CRYPTO_ecdhe_elligator_decoding (&point, &high_y, &repr[i]))
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&point, NULL, &repr[i]))
{
fprintf (stderr,
"GNUNET_CRYPTO_ecdhe_elligator_decoding SYSERR\n");
@@ -260,6 +223,36 @@ testTimeDecoding (void)
}
+static int
+elligatorKEM ()
+{
+ struct GNUNET_CRYPTO_EddsaPrivateKey pk_receiver;
+ struct GNUNET_CRYPTO_EddsaPublicKey pub_receiver;
+ GNUNET_CRYPTO_eddsa_key_create (&pk_receiver);
+ GNUNET_CRYPTO_eddsa_key_get_public (&pk_receiver, &pub_receiver);
+
+ struct GNUNET_CRYPTO_ElligatorRepresentative r_sender;
+
+ // Sender side
+ struct GNUNET_HashCode key_material_encaps;
+ GNUNET_CRYPTO_eddsa_elligator_kem_encaps (&pub_receiver, &r_sender,
+ &key_material_encaps);
+
+ // Receiving side
+ struct GNUNET_HashCode key_material_decaps;
+ GNUNET_CRYPTO_eddsa_elligator_kem_decaps (&pk_receiver, &r_sender,
+ &key_material_decaps);
+
+ if (memcmp (&(key_material_encaps.bits),&(key_material_decaps.bits),
+ sizeof(key_material_encaps.bits)) != 0)
+ {
+ return GNUNET_SYSERR;
+ }
+
+ return GNUNET_OK;
+}
+
+
/*
*More tests to implement:
* Adding more test vectors from different sources for inverse and direct map
@@ -289,11 +282,6 @@ main (int argc, char *argv[])
printf ("generate PK failed!");
failure_count++;
}
- if (GNUNET_OK != testKeyPairEasy ())
- {
- printf ("key generation doesn't work!");
- failure_count++;
- }
if (GNUNET_OK != testInverseDirect ())
{
printf ("Inverse and direct map failed!");
@@ -310,6 +298,12 @@ main (int argc, char *argv[])
failure_count++;
}
+ if (GNUNET_OK != elligatorKEM ())
+ {
+ printf ("Elligator KEM failed!");
+ failure_count++;
+ }
+
if (0 != failure_count)
{
fprintf (stderr,
diff --git a/src/service/transport/gnunet-communicator-udp.c
b/src/service/transport/gnunet-communicator-udp.c
index 29beb4e37..9c24ea2a3 100644
--- a/src/service/transport/gnunet-communicator-udp.c
+++ b/src/service/transport/gnunet-communicator-udp.c
@@ -67,7 +67,7 @@
* How often do we scan for changes to our network interfaces?
*/
#define INTERFACE_SCAN_FREQUENCY \
- GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
+ GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MINUTES, 5)
/**
* How long do we believe our addresses to remain up (before
@@ -76,7 +76,7 @@
#define ADDRESS_VALIDITY_PERIOD GNUNET_TIME_UNIT_HOURS
#define WORKING_QUEUE_INTERVALL \
- GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MICROSECONDS,1)
+ GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MICROSECONDS,1)
/**
* AES key size.
@@ -198,9 +198,9 @@ struct UdpHandshakeSignature
struct InitialKX
{
/**
- * Ephemeral key for KX.
+ * Representative of ephemeral key for KX.
*/
- struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
+ struct GNUNET_CRYPTO_ElligatorRepresentative representative;
/**
* HMAC for the following encrypted message, using GCM. HMAC uses
@@ -1329,6 +1329,27 @@ setup_shared_secret_dec (const struct
GNUNET_CRYPTO_EcdhePublicKey *ephemeral)
}
+/**
+ * Setup shared secret for decryption for initial handshake.
+ *
+ * @param representative of ephemeral key we received from the other peer
+ * @return new shared secret
+ */
+static struct SharedSecret *
+setup_initial_shared_secret_dec (const struct
+ GNUNET_CRYPTO_ElligatorRepresentative *
+ representative)
+{
+ struct SharedSecret *ss;
+
+ ss = GNUNET_new (struct SharedSecret);
+ GNUNET_CRYPTO_eddsa_elligator_kem_decaps (my_private_key, representative,
+ &ss->master);
+ calculate_cmac (ss);
+ return ss;
+}
+
+
/**
* Setup new shared secret for encryption using KEM.
*
@@ -1355,6 +1376,35 @@ setup_shared_secret_ephemeral (struct
GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
}
+/**
+ * Setup new shared secret for encryption using KEM for initial handshake.
+ *
+ * @param[out] representative of ephemeral key to be sent to other peer
(encapsulated key from KEM)
+ * @param[in,out] receiver queue to initialize encryption key for
+ * @return new shared secret
+ */
+static struct SharedSecret *
+setup_initial_shared_secret_ephemeral (struct
+ GNUNET_CRYPTO_ElligatorRepresentative *
+ representative,
+ struct ReceiverAddress *receiver)
+{
+ struct SharedSecret *ss;
+ struct GNUNET_HashCode k;
+
+ GNUNET_CRYPTO_eddsa_elligator_kem_encaps (&receiver->target.public_key,
+ representative, &k);
+ ss = GNUNET_new (struct SharedSecret);
+ memcpy (&ss->master, &k, sizeof (k));
+ calculate_cmac (ss);
+ ss->receiver = receiver;
+ GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
+ receiver->num_secrets++;
+ GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
+ return ss;
+}
+
+
/**
* Setup the MQ for the @a receiver. If a queue exists,
* the existing one is destroyed. Then the MTU is
@@ -2072,7 +2122,7 @@ sock_read (void *cls)
struct SenderAddress *sender;
kx = (const struct InitialKX *) buf;
- ss = setup_shared_secret_dec (&kx->ephemeral);
+ ss = setup_initial_shared_secret_dec (&kx->representative);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Before DEC\n");
@@ -2097,7 +2147,11 @@ sock_read (void *cls)
"Before VERIFY\n");
uc = (const struct UDPConfirmation *) pbuf;
- if (GNUNET_OK != verify_confirmation (&kx->ephemeral, uc))
+
+ struct GNUNET_CRYPTO_EcdhePublicKey pub_ephemeral;
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&pub_ephemeral, NULL,
+ &kx->representative);
+ if (GNUNET_OK != verify_confirmation (&pub_ephemeral, uc)) // TODO: need
ephemeral instead of representative
{
GNUNET_break_op (0);
GNUNET_free (ss);
@@ -2330,8 +2384,10 @@ send_msg_with_kx (const struct GNUNET_MessageHeader
*msg, struct
reschedule_receiver_timeout (receiver);
/* setup key material */
-
- ss = setup_shared_secret_ephemeral (&uhs.ephemeral, receiver);
+ struct GNUNET_CRYPTO_ElligatorRepresentative repr;
+ ss = setup_initial_shared_secret_ephemeral (&repr, receiver);
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&uhs.ephemeral, NULL,
+ &repr);
if (receiver->num_secrets > MAX_SECRETS)
{
@@ -2371,7 +2427,7 @@ send_msg_with_kx (const struct GNUNET_MessageHeader *msg,
struct
dpos += msize;
do_pad (out_cipher, &dgram[dpos], sizeof(dgram) - dpos);
/* Datagram starts with kx */
- kx.ephemeral = uhs.ephemeral;
+ kx.representative = repr;
GNUNET_assert (
0 == gcry_cipher_gettag (out_cipher, kx.gcm_tag, sizeof(kx.gcm_tag)));
gcry_cipher_close (out_cipher);
@@ -3466,6 +3522,7 @@ run (void *cls,
int
main (int argc, char *const *argv)
{
+ GNUNET_CRYPTO_ecdhe_elligator_initialize ();
static const struct GNUNET_GETOPT_CommandLineOption options[] = {
GNUNET_GETOPT_OPTION_END
};
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnunet] branch master updated (e3f580d9c -> 51603103f),
gnunet <=