[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 03/04: udp communicator: ECDH with elligator
|
From: |
gnunet |
|
Subject: |
[gnunet] 03/04: udp communicator: ECDH with elligator |
|
Date: |
Wed, 06 Mar 2024 11:32:54 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
commit 70ba8d9eb821253bff76512c137eaa2493d8614b
Author: Pedram Fardzadeh <p.fardzadeh@protonmail.com>
AuthorDate: Mon Mar 4 22:25:40 2024 +0100
udp communicator: ECDH with elligator
---
src/include/gnunet_crypto_lib.h | 12 ++---
src/lib/util/crypto_elligator.c | 21 ++++----
src/lib/util/test_crypto_elligator.c | 16 +++---
src/service/transport/gnunet-communicator-udp.c | 71 ++++++++++++++++++++++---
4 files changed, 89 insertions(+), 31 deletions(-)
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 4af95af0f..a19e1e519 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -2692,7 +2692,7 @@ bool
GNUNET_CRYPTO_ecdhe_elligator_decoding (struct
GNUNET_CRYPTO_EcdhePublicKey *point,
bool *high_y,
- struct
+ const struct
GNUNET_CRYPTO_ElligatorRepresentative *
seriliazed_representative);
@@ -2749,10 +2749,10 @@ GNUNET_CRYPTO_ecdhe_elligator_key_create (
/**
* @ingroup crypto
- * Carries out ecdh encapsulation with given public key and a freshly created
ephemeral key pair. Ephemeral public key is given as a representative.
+ * Carries out ecdh encapsulation with given public key and the private key
from a freshly created ephemeral key pair.
*
* Following the terminology in https://eprint.iacr.org/2021/509.pdf
- * @param pub receivers edwards curve public key (X)
+ * @param pub given edwards curve public key (X)
* @param r representative of ephemeral public key A to use for the ECDH
(direct_map(r)=A=aG)
* @param key_material where to write the key material H(aX)=H(x(aG))
* @return #GNUNET_SYSERR on error, #GNUNET_OK on success
@@ -2767,18 +2767,18 @@ GNUNET_CRYPTO_eddsa_elligator_kem_encaps (const struct
/**
* @ingroup crypto
- * Carries out ecdh decapsulation with given private key and the
representative of received public key.
+ * Carries out ecdh decapsulation with own private key and the representative
of the received public key.
*
* Following the terminology in https://eprint.iacr.org/2021/509.pdf
* @param priv own private key (x)
- * @param r received representative (direct_map(r)=A=aG)
+ * @param r received representative r, from which we can obtain the public key
A (direct_map(r)=A=aG)
* @param key_material where to write the key material H(xA)=H(a(xG))
* @return #GNUNET_SYSERR on error, #GNUNET_OK on success
*/
enum GNUNET_GenericReturnValue
GNUNET_CRYPTO_eddsa_elligator_kem_decaps (const struct
GNUNET_CRYPTO_EddsaPrivateKey *priv,
- struct
+ const struct
GNUNET_CRYPTO_ElligatorRepresentative
*r,
struct GNUNET_HashCode
*key_material);
diff --git a/src/lib/util/crypto_elligator.c b/src/lib/util/crypto_elligator.c
index d7f4bb1dd..5ceebedbe 100644
--- a/src/lib/util/crypto_elligator.c
+++ b/src/lib/util/crypto_elligator.c
@@ -447,11 +447,11 @@ bool
GNUNET_CRYPTO_ecdhe_elligator_decoding (struct
GNUNET_CRYPTO_EcdhePublicKey *point,
bool *high_y,
- struct
+ const struct
GNUNET_CRYPTO_ElligatorRepresentative *
representative)
{
- // if sign of direct map transformation not needed whether throw it away
+ // if sign of direct map transformation not needed throw it away
bool high_y_local;
bool *high_y_ptr;
if (NULL == high_y)
@@ -459,11 +459,13 @@ GNUNET_CRYPTO_ecdhe_elligator_decoding (struct
else
high_y_ptr = high_y;
- representative->r[31] &= 63;
+ struct GNUNET_CRYPTO_ElligatorRepresentative r_tmp;
+ memcpy (&r_tmp, &representative->r, sizeof(r_tmp.r));
+ r_tmp.r[31] &= 63;
// GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"Print high_y\n");
return GNUNET_CRYPTO_ecdhe_elligator_direct_map ((uint8_t *) point->q_y,
high_y_ptr,
- (uint8_t *)
representative->r);
+ (uint8_t *) r_tmp.r);
}
@@ -630,21 +632,18 @@ GNUNET_CRYPTO_eddsa_elligator_kem_encaps (const struct
*r,
struct GNUNET_HashCode *key_material)
{
- struct GNUNET_CRYPTO_EcdhePrivateKey sk_eph;
- struct GNUNET_CRYPTO_EcdhePublicKey pub_eph;
+ struct GNUNET_CRYPTO_EcdhePrivateKey sk;
- GNUNET_CRYPTO_ecdhe_elligator_key_create (r, &sk_eph);
- // TODO: probably makes more sense if key_create outputs ecdhe pub instead
of repr because ecdhe pub is needed for ecdh on senders side.
- GNUNET_CRYPTO_ecdhe_elligator_decoding (&pub_eph, NULL, r);
+ GNUNET_CRYPTO_ecdhe_elligator_key_create (r, &sk);
- return GNUNET_CRYPTO_ecdh_eddsa (&sk_eph, pub, key_material);
+ return GNUNET_CRYPTO_ecdh_eddsa (&sk, pub, key_material);
}
enum GNUNET_GenericReturnValue
GNUNET_CRYPTO_eddsa_elligator_kem_decaps (const struct
GNUNET_CRYPTO_EddsaPrivateKey *priv,
- struct
+ const struct
GNUNET_CRYPTO_ElligatorRepresentative
*r,
struct GNUNET_HashCode *key_material)
diff --git a/src/lib/util/test_crypto_elligator.c
b/src/lib/util/test_crypto_elligator.c
index c42e1de3a..bd357a259 100644
--- a/src/lib/util/test_crypto_elligator.c
+++ b/src/lib/util/test_crypto_elligator.c
@@ -226,20 +226,22 @@ testTimeDecoding (void)
static int
elligatorKEM ()
{
- struct GNUNET_CRYPTO_EddsaPrivateKey pk;
- struct GNUNET_CRYPTO_EddsaPublicKey pub;
- GNUNET_CRYPTO_eddsa_key_create (&pk);
- GNUNET_CRYPTO_eddsa_key_get_public (&pk,&pub);
+ struct GNUNET_CRYPTO_EddsaPrivateKey pk_receiver;
+ struct GNUNET_CRYPTO_EddsaPublicKey pub_receiver;
+ GNUNET_CRYPTO_eddsa_key_create (&pk_receiver);
+ GNUNET_CRYPTO_eddsa_key_get_public (&pk_receiver, &pub_receiver);
- struct GNUNET_CRYPTO_ElligatorRepresentative r;
+ struct GNUNET_CRYPTO_ElligatorRepresentative r_sender;
// Sender side
struct GNUNET_HashCode key_material_encaps;
- GNUNET_CRYPTO_eddsa_elligator_kem_encaps (&pub, &r, &key_material_encaps);
+ GNUNET_CRYPTO_eddsa_elligator_kem_encaps (&pub_receiver, &r_sender,
+ &key_material_encaps);
// Receiving side
struct GNUNET_HashCode key_material_decaps;
- GNUNET_CRYPTO_eddsa_elligator_kem_decaps (&pk,&r,&key_material_decaps);
+ GNUNET_CRYPTO_eddsa_elligator_kem_decaps (&pk_receiver, &r_sender,
+ &key_material_decaps);
if (memcmp (&(key_material_encaps.bits),&(key_material_decaps.bits),
sizeof(key_material_encaps.bits)) != 0)
diff --git a/src/service/transport/gnunet-communicator-udp.c
b/src/service/transport/gnunet-communicator-udp.c
index 29beb4e37..48319461e 100644
--- a/src/service/transport/gnunet-communicator-udp.c
+++ b/src/service/transport/gnunet-communicator-udp.c
@@ -198,9 +198,9 @@ struct UdpHandshakeSignature
struct InitialKX
{
/**
- * Ephemeral key for KX.
+ * Representative of ephemeral key for KX.
*/
- struct GNUNET_CRYPTO_EcdhePublicKey ephemeral;
+ struct GNUNET_CRYPTO_ElligatorRepresentative representative;
/**
* HMAC for the following encrypted message, using GCM. HMAC uses
@@ -1329,6 +1329,27 @@ setup_shared_secret_dec (const struct
GNUNET_CRYPTO_EcdhePublicKey *ephemeral)
}
+/**
+ * Setup shared secret for decryption for initial handshake.
+ *
+ * @param representative of ephemeral key we received from the other peer
+ * @return new shared secret
+ */
+static struct SharedSecret *
+setup_initial_shared_secret_dec (const struct
+ GNUNET_CRYPTO_ElligatorRepresentative *
+ representative)
+{
+ struct SharedSecret *ss;
+
+ ss = GNUNET_new (struct SharedSecret);
+ GNUNET_CRYPTO_eddsa_elligator_kem_decaps (my_private_key, representative,
+ &ss->master);
+ calculate_cmac (ss);
+ return ss;
+}
+
+
/**
* Setup new shared secret for encryption using KEM.
*
@@ -1355,6 +1376,35 @@ setup_shared_secret_ephemeral (struct
GNUNET_CRYPTO_EcdhePublicKey *ephemeral,
}
+/**
+ * Setup new shared secret for encryption using KEM for initial handshake.
+ *
+ * @param[out] representative of ephemeral key to be sent to other peer
(encapsulated key from KEM)
+ * @param[in,out] receiver queue to initialize encryption key for
+ * @return new shared secret
+ */
+static struct SharedSecret *
+setup_initial_shared_secret_ephemeral (struct
+ GNUNET_CRYPTO_ElligatorRepresentative *
+ representative,
+ struct ReceiverAddress *receiver)
+{
+ struct SharedSecret *ss;
+ struct GNUNET_HashCode k;
+
+ GNUNET_CRYPTO_eddsa_elligator_kem_encaps (&receiver->target.public_key,
+ representative, &k);
+ ss = GNUNET_new (struct SharedSecret);
+ memcpy (&ss->master, &k, sizeof (k));
+ calculate_cmac (ss);
+ ss->receiver = receiver;
+ GNUNET_CONTAINER_DLL_insert (receiver->ss_head, receiver->ss_tail, ss);
+ receiver->num_secrets++;
+ GNUNET_STATISTICS_update (stats, "# Secrets active", 1, GNUNET_NO);
+ return ss;
+}
+
+
/**
* Setup the MQ for the @a receiver. If a queue exists,
* the existing one is destroyed. Then the MTU is
@@ -2072,7 +2122,7 @@ sock_read (void *cls)
struct SenderAddress *sender;
kx = (const struct InitialKX *) buf;
- ss = setup_shared_secret_dec (&kx->ephemeral);
+ ss = setup_initial_shared_secret_dec (&kx->representative);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Before DEC\n");
@@ -2097,7 +2147,11 @@ sock_read (void *cls)
"Before VERIFY\n");
uc = (const struct UDPConfirmation *) pbuf;
- if (GNUNET_OK != verify_confirmation (&kx->ephemeral, uc))
+
+ struct GNUNET_CRYPTO_EcdhePublicKey pub_ephemeral;
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&pub_ephemeral, NULL,
+ &kx->representative);
+ if (GNUNET_OK != verify_confirmation (&pub_ephemeral, uc)) // TODO: need
ephemeral instead of representative
{
GNUNET_break_op (0);
GNUNET_free (ss);
@@ -2330,8 +2384,10 @@ send_msg_with_kx (const struct GNUNET_MessageHeader
*msg, struct
reschedule_receiver_timeout (receiver);
/* setup key material */
-
- ss = setup_shared_secret_ephemeral (&uhs.ephemeral, receiver);
+ struct GNUNET_CRYPTO_ElligatorRepresentative repr;
+ ss = setup_initial_shared_secret_ephemeral (&repr, receiver);
+ GNUNET_CRYPTO_ecdhe_elligator_decoding (&uhs.ephemeral, NULL,
+ &repr);
if (receiver->num_secrets > MAX_SECRETS)
{
@@ -2371,7 +2427,7 @@ send_msg_with_kx (const struct GNUNET_MessageHeader *msg,
struct
dpos += msize;
do_pad (out_cipher, &dgram[dpos], sizeof(dgram) - dpos);
/* Datagram starts with kx */
- kx.ephemeral = uhs.ephemeral;
+ kx.representative = repr;
GNUNET_assert (
0 == gcry_cipher_gettag (out_cipher, kx.gcm_tag, sizeof(kx.gcm_tag)));
gcry_cipher_close (out_cipher);
@@ -3466,6 +3522,7 @@ run (void *cls,
int
main (int argc, char *const *argv)
{
+ GNUNET_CRYPTO_ecdhe_elligator_initialize ();
static const struct GNUNET_GETOPT_CommandLineOption options[] = {
GNUNET_GETOPT_OPTION_END
};
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.