diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-04-15 16:26:26 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-04-15 16:26:26 +0000 |
commit | 0016a5eca2ada2df9de375022a73677c3d7b9247 (patch) | |
tree | f5ef17d0c0bdd7345b6df96ae252ac6e6a904246 /src/fs | |
parent | 30438ae068cdc7a96eb252ea611f822270db8264 (diff) | |
download | gnunet-0016a5eca2ada2df9de375022a73677c3d7b9247.tar.gz gnunet-0016a5eca2ada2df9de375022a73677c3d7b9247.zip |
-gcrypt works better now, removing some debug logic
Diffstat (limited to 'src/fs')
-rw-r--r-- | src/fs/fs_pseudonym.c | 86 | ||||
-rw-r--r-- | src/fs/test_pseudonym.c | 16 |
2 files changed, 21 insertions, 81 deletions
diff --git a/src/fs/fs_pseudonym.c b/src/fs/fs_pseudonym.c index 7394fb0c6..896a26e59 100644 --- a/src/fs/fs_pseudonym.c +++ b/src/fs/fs_pseudonym.c | |||
@@ -1067,8 +1067,6 @@ data_to_pkcs1 (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose) | |||
1067 | return data; | 1067 | return data; |
1068 | } | 1068 | } |
1069 | 1069 | ||
1070 | gcry_ctx_t xctx; | ||
1071 | |||
1072 | 1070 | ||
1073 | /** | 1071 | /** |
1074 | * Cryptographically sign some data with the pseudonym. | 1072 | * Cryptographically sign some data with the pseudonym. |
@@ -1085,10 +1083,10 @@ gcry_ctx_t xctx; | |||
1085 | */ | 1083 | */ |
1086 | int | 1084 | int |
1087 | GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph, | 1085 | GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph, |
1088 | const struct GNUNET_FS_PseudonymSignaturePurpose *purpose, | 1086 | const struct GNUNET_FS_PseudonymSignaturePurpose *purpose, |
1089 | const struct GNUNET_HashCode *seed, | 1087 | const struct GNUNET_HashCode *seed, |
1090 | const struct GNUNET_HashCode *signing_key, | 1088 | const struct GNUNET_HashCode *signing_key, |
1091 | struct GNUNET_FS_PseudonymSignature *signature) | 1089 | struct GNUNET_FS_PseudonymSignature *signature) |
1092 | { | 1090 | { |
1093 | size_t size; | 1091 | size_t size; |
1094 | size_t erroff; | 1092 | size_t erroff; |
@@ -1136,47 +1134,9 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph, | |||
1136 | /* calculate dx = d + h mod n */ | 1134 | /* calculate dx = d + h mod n */ |
1137 | dh = gcry_mpi_new (256); | 1135 | dh = gcry_mpi_new (256); |
1138 | gcry_mpi_addm (dh, d, h, n); | 1136 | gcry_mpi_addm (dh, d, h, n); |
1139 | // gcry_mpi_release (d); | 1137 | gcry_mpi_release (d); |
1140 | // gcry_mpi_release (h); | 1138 | gcry_mpi_release (h); |
1141 | gcry_mpi_release (n); | 1139 | gcry_mpi_release (n); |
1142 | |||
1143 | if (1) { | ||
1144 | gcry_mpi_point_t g; | ||
1145 | gcry_mpi_point_t v; | ||
1146 | gcry_mpi_point_t hg; | ||
1147 | gcry_mpi_point_t q; | ||
1148 | gcry_mpi_t v_x; | ||
1149 | gcry_mpi_t v_y; | ||
1150 | |||
1151 | gcry_mpi_ec_new (&xctx, NULL, "NIST P-256"); | ||
1152 | g = gcry_mpi_ec_get_point ("g", xctx, 0); | ||
1153 | |||
1154 | hg = gcry_mpi_point_new (0); | ||
1155 | gcry_mpi_ec_mul (hg, h, g, xctx); | ||
1156 | fprintf (stderr, "\nExpected verification hG value:\n"); | ||
1157 | v_x = gcry_mpi_new (256); | ||
1158 | v_y = gcry_mpi_new (256); | ||
1159 | gcry_mpi_ec_get_affine (v_x, v_y, hg, xctx); | ||
1160 | gcry_mpi_dump (v_x); | ||
1161 | gcry_mpi_dump (v_y); | ||
1162 | |||
1163 | q = gcry_mpi_point_new (0); | ||
1164 | gcry_mpi_ec_mul (q, d, g, xctx); | ||
1165 | fprintf (stderr, "\nExpected verification q value:\n"); | ||
1166 | gcry_mpi_ec_get_affine (v_x, v_y, q, xctx); | ||
1167 | gcry_mpi_dump (v_x); | ||
1168 | gcry_mpi_dump (v_y); | ||
1169 | |||
1170 | v = gcry_mpi_point_new (0); | ||
1171 | gcry_mpi_ec_add (v, q, hg, xctx); | ||
1172 | gcry_mpi_ec_get_affine (v_x, v_y, v, xctx); | ||
1173 | fprintf (stderr, "\nExpected verification key public point value V := q + hG:\n"); | ||
1174 | gcry_mpi_dump (v_x); | ||
1175 | gcry_mpi_dump (v_y); | ||
1176 | fprintf (stderr, "\n"); | ||
1177 | |||
1178 | } | ||
1179 | |||
1180 | 1140 | ||
1181 | /* now build sexpression with the signing key */ | 1141 | /* now build sexpression with the signing key */ |
1182 | if (0 != (rc = gcry_sexp_build (&spriv, &erroff, | 1142 | if (0 != (rc = gcry_sexp_build (&spriv, &erroff, |
@@ -1241,6 +1201,7 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph, | |||
1241 | gcry_mpi_release (rs[1]); | 1201 | gcry_mpi_release (rs[1]); |
1242 | return GNUNET_SYSERR; | 1202 | return GNUNET_SYSERR; |
1243 | } | 1203 | } |
1204 | |||
1244 | gcry_mpi_release (rs[0]); | 1205 | gcry_mpi_release (rs[0]); |
1245 | size = sizeof (signature->sig_s); | 1206 | size = sizeof (signature->sig_s); |
1246 | if (0 != (rc = gcry_mpi_print (GCRYMPI_FMT_USG, signature->sig_s, size, | 1207 | if (0 != (rc = gcry_mpi_print (GCRYMPI_FMT_USG, signature->sig_s, size, |
@@ -1353,42 +1314,19 @@ GNUNET_FS_pseudonym_derive_verification_key (struct GNUNET_FS_PseudonymIdentifie | |||
1353 | /* then call the 'multiply' function, to compute the product hG */ | 1314 | /* then call the 'multiply' function, to compute the product hG */ |
1354 | hg = gcry_mpi_point_new (0); | 1315 | hg = gcry_mpi_point_new (0); |
1355 | gcry_mpi_ec_mul (hg, h, g, ctx); | 1316 | gcry_mpi_ec_mul (hg, h, g, ctx); |
1356 | |||
1357 | { | ||
1358 | fprintf (stderr, "\nVerification hG value:\n"); | ||
1359 | v_x = gcry_mpi_new (256); | ||
1360 | v_y = gcry_mpi_new (256); | ||
1361 | gcry_mpi_ec_get_affine (v_x, v_y, hg, ctx); | ||
1362 | gcry_mpi_dump (v_x); | ||
1363 | gcry_mpi_dump (v_y); | ||
1364 | } | ||
1365 | gcry_mpi_release (h); | 1317 | gcry_mpi_release (h); |
1366 | 1318 | ||
1367 | /* get Q = dG from 'pseudonym' */ | 1319 | /* get Q = dG from 'pseudonym' */ |
1368 | q = gcry_mpi_ec_get_point ("q", ctx, 0); | 1320 | q = gcry_mpi_ec_get_point ("q", ctx, 0); |
1369 | { | ||
1370 | fprintf (stderr, "\nVerification q value:\n"); | ||
1371 | v_x = gcry_mpi_new (256); | ||
1372 | v_y = gcry_mpi_new (256); | ||
1373 | gcry_mpi_ec_get_affine (v_x, v_y, q, ctx); | ||
1374 | gcry_mpi_dump (v_x); | ||
1375 | gcry_mpi_dump (v_y); | ||
1376 | } | ||
1377 | /* calculate V = Q + hG = dG + hG = (d + h)G*/ | 1321 | /* calculate V = Q + hG = dG + hG = (d + h)G*/ |
1378 | v = gcry_mpi_point_new (0); | 1322 | v = gcry_mpi_point_new (0); |
1379 | gcry_mpi_ec_add (v, q, hg, xctx); | 1323 | gcry_mpi_ec_add (v, q, hg, ctx); |
1380 | /* FIXME: free 'hg'? */ | 1324 | /* FIXME: free 'hg'? */ |
1381 | 1325 | ||
1382 | /* store 'v' point in "verification_key" */ | 1326 | /* store 'v' point in "verification_key" */ |
1383 | v_x = gcry_mpi_new (256); | 1327 | v_x = gcry_mpi_new (256); |
1384 | v_y = gcry_mpi_new (256); | 1328 | v_y = gcry_mpi_new (256); |
1385 | gcry_mpi_ec_get_affine (v_x, v_y, v, xctx); | 1329 | gcry_mpi_ec_get_affine (v_x, v_y, v, ctx); |
1386 | |||
1387 | { | ||
1388 | fprintf (stderr, "\nVerification key public point value V := q + hG:\n"); | ||
1389 | gcry_mpi_dump (v_x); | ||
1390 | gcry_mpi_dump (v_y); | ||
1391 | } | ||
1392 | 1330 | ||
1393 | gcry_mpi_point_release (v); | 1331 | gcry_mpi_point_release (v); |
1394 | gcry_ctx_release (ctx); | 1332 | gcry_ctx_release (ctx); |
@@ -1428,8 +1366,8 @@ GNUNET_FS_pseudonym_derive_verification_key (struct GNUNET_FS_PseudonymIdentifie | |||
1428 | */ | 1366 | */ |
1429 | int | 1367 | int |
1430 | GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose, | 1368 | GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose, |
1431 | const struct GNUNET_FS_PseudonymSignature *signature, | 1369 | const struct GNUNET_FS_PseudonymSignature *signature, |
1432 | const struct GNUNET_FS_PseudonymIdentifier *verification_key) | 1370 | const struct GNUNET_FS_PseudonymIdentifier *verification_key) |
1433 | { | 1371 | { |
1434 | gcry_sexp_t data; | 1372 | gcry_sexp_t data; |
1435 | gcry_sexp_t sig_sexpr; | 1373 | gcry_sexp_t sig_sexpr; |
@@ -1471,6 +1409,7 @@ GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *pu | |||
1471 | gcry_mpi_release (r); | 1409 | gcry_mpi_release (r); |
1472 | gcry_mpi_release (s); | 1410 | gcry_mpi_release (s); |
1473 | 1411 | ||
1412 | |||
1474 | /* build s-expression for data that was signed */ | 1413 | /* build s-expression for data that was signed */ |
1475 | data = data_to_pkcs1 (purpose); | 1414 | data = data_to_pkcs1 (purpose); |
1476 | 1415 | ||
@@ -1533,7 +1472,6 @@ GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *pu | |||
1533 | LOG (GNUNET_ERROR_TYPE_WARNING, | 1472 | LOG (GNUNET_ERROR_TYPE_WARNING, |
1534 | _("ECDSA signature verification failed at %s:%d: %s\n"), __FILE__, | 1473 | _("ECDSA signature verification failed at %s:%d: %s\n"), __FILE__, |
1535 | __LINE__, gcry_strerror (rc)); | 1474 | __LINE__, gcry_strerror (rc)); |
1536 | exit (1); | ||
1537 | return GNUNET_SYSERR; | 1475 | return GNUNET_SYSERR; |
1538 | } | 1476 | } |
1539 | return GNUNET_OK; | 1477 | return GNUNET_OK; |
diff --git a/src/fs/test_pseudonym.c b/src/fs/test_pseudonym.c index 0615f5a5b..a6e258038 100644 --- a/src/fs/test_pseudonym.c +++ b/src/fs/test_pseudonym.c | |||
@@ -223,26 +223,24 @@ test_signature (struct GNUNET_FS_PseudonymHandle *ph, | |||
223 | struct GNUNET_FS_PseudonymIdentifier verification_key; | 223 | struct GNUNET_FS_PseudonymIdentifier verification_key; |
224 | 224 | ||
225 | GNUNET_FS_pseudonym_sign (ph, purpose, seed, signing_key, &signature); | 225 | GNUNET_FS_pseudonym_sign (ph, purpose, seed, signing_key, &signature); |
226 | if (0) | ||
227 | { | ||
228 | GNUNET_FS_pseudonym_sign (ph, purpose, seed, signing_key, &signature2); | 226 | GNUNET_FS_pseudonym_sign (ph, purpose, seed, signing_key, &signature2); |
229 | /* with seed, two sigs must be identical, without, they must be different! */ | 227 | /* with seed, two sigs must be identical, without, they must be different! */ |
230 | if (NULL != seed) | 228 | if (NULL != seed) |
231 | GNUNET_break (0 == memcmp (&signature, &signature2, sizeof (signature))); | 229 | GNUNET_break (0 == memcmp (&signature, &signature2, sizeof (signature))); |
232 | else /* crypto not implemented, thus for now 'break' */ | 230 | else /* crypto not implemented, thus for now 'break' */ |
233 | GNUNET_break (0 != memcmp (&signature, &signature2, sizeof (signature))); | 231 | GNUNET_break (0 != memcmp (&signature, &signature2, sizeof (signature))); |
234 | } | ||
235 | GNUNET_FS_pseudonym_get_identifier (ph, &pseudonym); | 232 | GNUNET_FS_pseudonym_get_identifier (ph, &pseudonym); |
236 | GNUNET_FS_pseudonym_derive_verification_key (&pseudonym, | 233 | GNUNET_FS_pseudonym_derive_verification_key (&pseudonym, |
237 | signing_key, | 234 | signing_key, |
238 | &verification_key); | 235 | &verification_key); |
239 | GNUNET_break (GNUNET_OK == | 236 | GNUNET_break (GNUNET_OK == |
240 | GNUNET_FS_pseudonym_verify (purpose, &signature, &verification_key)); | 237 | GNUNET_FS_pseudonym_verify (purpose, &signature, &verification_key)); |
241 | /* also check that if the data is changed, the signature no longer matches */ | 238 | /* also check that if the data is changed, the signature no longer matches */ |
242 | (*bit)++; | 239 | (*bit)++; |
240 | GNUNET_log_skip (1, GNUNET_NO); | ||
243 | /* crypto not implemented, thus for now 'break' */ | 241 | /* crypto not implemented, thus for now 'break' */ |
244 | GNUNET_break (GNUNET_OK != | 242 | GNUNET_break (GNUNET_OK != |
245 | GNUNET_FS_pseudonym_verify (purpose, &signature, &verification_key)); | 243 | GNUNET_FS_pseudonym_verify (purpose, &signature, &verification_key)); |
246 | (*bit)--; | 244 | (*bit)--; |
247 | } | 245 | } |
248 | 246 | ||
@@ -266,8 +264,10 @@ test_crypto_ops (struct GNUNET_FS_PseudonymHandle *ph) | |||
266 | purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); | 264 | purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); |
267 | memset (&seed, 41, sizeof (seed)); | 265 | memset (&seed, 41, sizeof (seed)); |
268 | memset (&signing_key, 40, sizeof (signing_key)); | 266 | memset (&signing_key, 40, sizeof (signing_key)); |
269 | test_signature (ph, purpose, &seed, &signing_key, &data[sizeof (struct GNUNET_FS_PseudonymSignaturePurpose)]); | 267 | test_signature (ph, purpose, &seed, |
270 | test_signature (ph, purpose, NULL, &signing_key, &data[sizeof (struct GNUNET_FS_PseudonymSignaturePurpose)]); | 268 | &signing_key, &data[sizeof (struct GNUNET_FS_PseudonymSignaturePurpose)]); |
269 | test_signature (ph, purpose, NULL, | ||
270 | &signing_key, &data[sizeof (struct GNUNET_FS_PseudonymSignaturePurpose)]); | ||
271 | } | 271 | } |
272 | 272 | ||
273 | 273 | ||
@@ -301,6 +301,7 @@ test_crypto () | |||
301 | GNUNET_FS_pseudonym_destroy (ph); | 301 | GNUNET_FS_pseudonym_destroy (ph); |
302 | 302 | ||
303 | /* check anonymous pseudonym operations generation */ | 303 | /* check anonymous pseudonym operations generation */ |
304 | fprintf (stderr, "Checking anonymous ops\n"); | ||
304 | ph = GNUNET_FS_pseudonym_get_anonymous_pseudonym_handle (); | 305 | ph = GNUNET_FS_pseudonym_get_anonymous_pseudonym_handle (); |
305 | GNUNET_FS_pseudonym_get_identifier (ph, &pseudonym2); | 306 | GNUNET_FS_pseudonym_get_identifier (ph, &pseudonym2); |
306 | if (0 == memcmp (&pseudonym, &pseudonym2, sizeof (pseudonym))) | 307 | if (0 == memcmp (&pseudonym, &pseudonym2, sizeof (pseudonym))) |
@@ -314,6 +315,7 @@ test_crypto () | |||
314 | int | 315 | int |
315 | main (int argc, char *argv[]) | 316 | main (int argc, char *argv[]) |
316 | { | 317 | { |
318 | GNUNET_log_setup ("test-pseudonym", "WARNING", NULL); | ||
317 | if (0 != test_io ()) | 319 | if (0 != test_io ()) |
318 | return 1; | 320 | return 1; |
319 | if (0 != test_crypto ()) | 321 | if (0 != test_crypto ()) |