diff options
| -rw-r--r-- | src/fs/fs_publish_ublock.c | 2 | ||||
| -rw-r--r-- | src/fs/fs_search.c | 2 | ||||
| -rw-r--r-- | src/include/gnunet_crypto_lib.h | 12 | ||||
| -rw-r--r-- | src/util/crypto_ecc.c | 18 | ||||
| -rw-r--r-- | src/util/test_crypto_ecc.c | 4 |
5 files changed, 28 insertions, 10 deletions
diff --git a/src/fs/fs_publish_ublock.c b/src/fs/fs_publish_ublock.c index 71997fda04..75446e8a8a 100644 --- a/src/fs/fs_publish_ublock.c +++ b/src/fs/fs_publish_ublock.c @@ -242,7 +242,7 @@ GNUNET_FS_publish_ublock_ (struct GNUNET_FS_Handle *h, ub_enc->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_FS_UBLOCK); /* derive signing-key from 'label' and public key of the namespace */ - nsd = GNUNET_CRYPTO_ecc_key_derive (ns, label); + nsd = GNUNET_CRYPTO_ecc_key_derive (ns, label, "fs-ublock"); GNUNET_CRYPTO_ecc_key_get_public (nsd, &ub_enc->verification_key); GNUNET_assert (GNUNET_OK == diff --git a/src/fs/fs_search.c b/src/fs/fs_search.c index a0fec03a1c..9bc2542547 100644 --- a/src/fs/fs_search.c +++ b/src/fs/fs_search.c @@ -1104,6 +1104,7 @@ transmit_search_request (void *cls, size_t size, void *buf) memset (&sm->target, 0, sizeof (struct GNUNET_HashCode)); GNUNET_CRYPTO_ecc_public_key_derive (&sc->uri->data.sks.ns, sc->uri->data.sks.identifier, + "fs-ublock", &dpub); GNUNET_CRYPTO_hash (&dpub, sizeof (dpub), @@ -1290,6 +1291,7 @@ GNUNET_FS_search_start_searching_ (struct GNUNET_FS_SearchContext *sc) sre->keyword = GNUNET_strdup (keyword); GNUNET_CRYPTO_ecc_public_key_derive (&anon_pub, keyword, + "fs-ublock", &sre->dpub); GNUNET_CRYPTO_hash (&sre->dpub, sizeof (struct GNUNET_CRYPTO_EccPublicKey), diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 1704fce078..96bbdc2145 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h @@ -1,10 +1,10 @@ /* This file is part of GNUnet. - (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2012 Christian Grothoff (and other contributing authors) + (C) 2001-2013 Christian Grothoff (and other contributing authors) GNUnet is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 2, or (at your + by the Free Software Foundation; either version 3, or (at your option) any later version. GNUnet is distributed in the hope that it will be useful, but @@ -979,11 +979,14 @@ GNUNET_CRYPTO_ecc_verify (uint32_t purpose, * * @param priv original private key * @param label label to use for key deriviation + * @param context additional context to use for HKDF of 'h'; + * typically the name of the subsystem/application * @return derived private key */ struct GNUNET_CRYPTO_EccPrivateKey * GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, - const char *label); + const char *label, + const char *context); /** @@ -992,11 +995,14 @@ GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, * * @param pub original public key * @param label label to use for key deriviation + * @param context additional context to use for HKDF of 'h'. + * typically the name of the subsystem/application * @param result where to write the derived public key */ void GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pub, const char *label, + const char *context, struct GNUNET_CRYPTO_EccPublicKey *result); diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 191892bce6..4d949eaf85 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -926,11 +926,14 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *priv, * * @param pub public key for deriviation * @param label label for deriviation + * @param context additional context to use for HKDF of 'h'; + * typically the name of the subsystem/application * @return h value */ static gcry_mpi_t derive_h (const struct GNUNET_CRYPTO_EccPublicKey *pub, - const char *label) + const char *label, + const char *context) { gcry_mpi_t h; struct GNUNET_HashCode hc; @@ -939,6 +942,7 @@ derive_h (const struct GNUNET_CRYPTO_EccPublicKey *pub, "key-derivation", strlen ("key-derivation"), pub, sizeof (*pub), label, strlen (label), + context, strlen (context), NULL, 0); mpi_scan (&h, (unsigned char *) &hc, sizeof (hc)); return h; @@ -953,11 +957,14 @@ derive_h (const struct GNUNET_CRYPTO_EccPublicKey *pub, * * @param priv original private key * @param label label to use for key deriviation + * @param context additional context to use for HKDF of 'h'; + * typically the name of the subsystem/application * @return derived private key */ struct GNUNET_CRYPTO_EccPrivateKey * GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, - const char *label) + const char *label, + const char *context) { struct GNUNET_CRYPTO_EccPublicKey pub; struct GNUNET_CRYPTO_EccPrivateKey *ret; @@ -970,7 +977,7 @@ GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, NULL, CURVE)); n = gcry_mpi_ec_get_mpi ("n", ctx, 0 /* no copy */); GNUNET_CRYPTO_ecc_key_get_public (priv, &pub); - h = derive_h (&pub, label); + h = derive_h (&pub, label, context); mpi_scan (&x, priv->d, sizeof (priv->d)); d = gcry_mpi_new (256); gcry_mpi_mulm (d, h, x, n); @@ -989,11 +996,14 @@ GNUNET_CRYPTO_ecc_key_derive (const struct GNUNET_CRYPTO_EccPrivateKey *priv, * * @param pub original public key * @param label label to use for key deriviation + * @param context additional context to use for HKDF of 'h'; + * typically the name of the subsystem/application * @param result where to write the derived public key */ void GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pub, const char *label, + const char *context, struct GNUNET_CRYPTO_EccPublicKey *result) { gcry_ctx_t ctx; @@ -1017,7 +1027,7 @@ GNUNET_CRYPTO_ecc_public_key_derive (const struct GNUNET_CRYPTO_EccPublicKey *pu gcry_mpi_release (q_y); /* calulcate h_mod_n = h % n */ - h = derive_h (pub, label); + h = derive_h (pub, label, context); n = gcry_mpi_ec_get_mpi ("n", ctx, 0 /* no copy */); h_mod_n = gcry_mpi_new (256); gcry_mpi_mod (h_mod_n, h, n); diff --git a/src/util/test_crypto_ecc.c b/src/util/test_crypto_ecc.c index 891256b110..00d264e0ff 100644 --- a/src/util/test_crypto_ecc.c +++ b/src/util/test_crypto_ecc.c @@ -95,9 +95,9 @@ testDeriveSignVerify () struct GNUNET_CRYPTO_EccPublicKey pkey; struct GNUNET_CRYPTO_EccPublicKey dpub; - dpriv = GNUNET_CRYPTO_ecc_key_derive (key, "test-derive"); + dpriv = GNUNET_CRYPTO_ecc_key_derive (key, "test-derive", "test-CTX"); GNUNET_CRYPTO_ecc_key_get_public (key, &pkey); - GNUNET_CRYPTO_ecc_public_key_derive (&pkey, "test-derive", &dpub); + GNUNET_CRYPTO_ecc_public_key_derive (&pkey, "test-derive", "test-CTX", &dpub); purp.size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose)); purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); |