aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto_rsa.c
diff options
context:
space:
mode:
authorJeff Burdges <burdges@gnunet.org>2016-06-07 19:06:46 +0000
committerJeff Burdges <burdges@gnunet.org>2016-06-07 19:06:46 +0000
commit1f33c505c42ac2b3d628b2b70b2da62e8f621a89 (patch)
treef0b71b8a3e1de30e3914e432c5fb43418a792a44 /src/util/crypto_rsa.c
parent8459cba759d85ef512c8400ba7622332cf5ed652 (diff)
downloadgnunet-1f33c505c42ac2b3d628b2b70b2da62e8f621a89.tar.gz
gnunet-1f33c505c42ac2b3d628b2b70b2da62e8f621a89.zip
Abstract out previous GCD(m,n)=1 commit into a single function
This should make it easier to report properly in the wallet.
Diffstat (limited to 'src/util/crypto_rsa.c')
-rw-r--r--src/util/crypto_rsa.c41
1 files changed, 27 insertions, 14 deletions
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index c09daa412..cddb87bf7 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -393,6 +393,31 @@ GNUNET_CRYPTO_rsa_public_key_decode (const char *buf,
393 393
394 394
395/** 395/**
396 * Test for malicious RSA key.
397 *
398 * Assuming n is an RSA modulous and r is generated using a call to
399 * GNUNET_CRYPTO_kdf_mod_mpi, if gcd(r,n) != 1 then n must be a
400 * malicious RSA key designed to deanomize the user.
401 *
402 * @param r KDF result
403 * @param n RSA modulus
404 * @return Asserts gcd(r,n) = 1
405 */
406static int
407rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
408{
409 gcry_mpi_t g;
410 int t;
411
412 g = gcry_mpi_new (0);
413 t = gcry_mpi_gcd(g,r,n);
414 gcry_mpi_release (g);
415 GNUNET_assert( t );
416 return t;
417}
418
419
420/**
396 * Create a blinding key 421 * Create a blinding key
397 * 422 *
398 * @param len length of the key in bits (i.e. 2048) 423 * @param len length of the key in bits (i.e. 2048)
@@ -406,7 +431,6 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
406 char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */ 431 char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */
407 struct RsaBlindingKey *blind; 432 struct RsaBlindingKey *blind;
408 gcry_mpi_t n; 433 gcry_mpi_t n;
409 gcry_mpi_t g;
410 434
411 blind = GNUNET_new (struct RsaBlindingKey); 435 blind = GNUNET_new (struct RsaBlindingKey);
412 436
@@ -419,12 +443,7 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
419 xts, strlen(xts), 443 xts, strlen(xts),
420 bks, sizeof(*bks), 444 bks, sizeof(*bks),
421 "Blinding KDF"); 445 "Blinding KDF");
422 446 rsa_gcd_validate(blind->r,n);
423 /* If gcd(*r,n) != 1 then n must be a malicious fake RSA key
424 designed to deanomize the user. */
425 g = gcry_mpi_new (0);
426 GNUNET_assert( gcry_mpi_gcd(g,blind->r,n) );
427 gcry_mpi_release (g);
428 447
429 gcry_mpi_release (n); 448 gcry_mpi_release (n);
430 return blind; 449 return blind;
@@ -661,7 +680,6 @@ rsa_full_domain_hash (gcry_mpi_t *r,
661 gcry_mpi_t n; 680 gcry_mpi_t n;
662 char *xts; 681 char *xts;
663 size_t xts_len; 682 size_t xts_len;
664 gcry_mpi_t g;
665 683
666 /* Extract the composite n from the RSA public key */ 684 /* Extract the composite n from the RSA public key */
667 GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") ); 685 GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") );
@@ -678,14 +696,9 @@ rsa_full_domain_hash (gcry_mpi_t *r,
678 xts, xts_len, 696 xts, xts_len,
679 hash, sizeof(*hash), 697 hash, sizeof(*hash),
680 "RSA-FDA FTpsW!"); 698 "RSA-FDA FTpsW!");
681
682 GNUNET_free (xts); 699 GNUNET_free (xts);
683 700
684 /* If gcd(*r,n) != 1 then n must be a malicious fake RSA key 701 rsa_gcd_validate(*r,n);
685 designed to deanomize the user. */
686 g = gcry_mpi_new (0);
687 GNUNET_assert( gcry_mpi_gcd(g,*r,n) );
688 gcry_mpi_release (g);
689 702
690 gcry_mpi_release (n); 703 gcry_mpi_release (n);
691} 704}