util: add component name to LOG macros; util/client: log incoming message type/size/source for gnunet-logread

author: tg(x) <*@tg-x.net> 2017-02-24 20:10:42 +0100
committer: tg(x) <*@tg-x.net> 2017-02-24 20:10:42 +0100
commit: cb1165ecfc5c89c22aa4a6fffb72e27e0bde43a3 (patch)
tree: 401701a61ae8245f212364df7b44b228a9f4c225 /src/util/crypto_rsa.c
parent: 435ef0a62ffe830ccee159f430157cfc8cc6a3d4 (diff)
download: gnunet-cb1165ecfc5c89c22aa4a6fffb72e27e0bde43a3.tar.gz
gnunet-cb1165ecfc5c89c22aa4a6fffb72e27e0bde43a3.zip
1 files changed, 19 insertions, 19 deletions
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index 443d597e4..7a108c21b 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -25,7 +25,7 @@
 #include <gcrypt.h>
 #include "gnunet_crypto_lib.h"
-#define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)
+#define LOG(kind,...) GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__)
 /**
@@ -430,7 +430,7 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
  char *xts = "Blinding KDF extrator HMAC key";  /* Trusts bks' randomness more */
  struct RsaBlindingKey *blind;
  gcry_mpi_t n;
- 
  blind = GNUNET_new (struct RsaBlindingKey);
  GNUNET_assert( NULL != blind );
@@ -454,25 +454,25 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
 }
-/* 
+/*
 We originally added GNUNET_CRYPTO_kdf_mod_mpi for the benifit of the
 previous routine.
-There was previously a call to GNUNET_CRYPTO_kdf in 
+There was previously a call to GNUNET_CRYPTO_kdf in
  bkey = rsa_blinding_key_derive (len, bks);
-that gives exactly len bits where 
+that gives exactly len bits where
  len = GNUNET_CRYPTO_rsa_public_key_len (pkey);
 Now r = 2^(len-1)/pkey.n is the probability that a set high bit being
 okay, meaning bkey < pkey.n.  It follows that (1-r)/2 of the time bkey >
-pkey.n making the effective bkey be 
+pkey.n making the effective bkey be
  bkey mod pkey.n = bkey - pkey.n
 so the effective bkey has its high bit set with probability r/2.
 We expect r to be close to 1/2 if the exchange is honest, but the
 exchange can choose r otherwise.
-In blind signing, the exchange sees  
+In blind signing, the exchange sees
  B = bkey * S mod pkey.n
 On deposit, the exchange sees S so they can compute bkey' = B/S mod
 pkey.n for all B they recorded to see if bkey' has it's high bit set.
@@ -489,7 +489,7 @@ the wrong and right probabilities 1/3 and 1/4, respectively.
 I feared this gives the exchange a meaningful fraction of a bit of
 information per coin involved in the transaction.  It sounds damaging if
 numerous coins were involved.  And it could run across transactions in
-some scenarios. 
+some scenarios.
 We fixed this by using a more uniform deterministic pseudo-random number
 generator for blinding factors.  I do not believe this to be a problem
@@ -748,7 +748,7 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
  }
  data = rsa_full_domain_hash (pkey, hash);
-  if (NULL == data) 
+  if (NULL == data)
    goto rsa_gcd_validate_failure;
  bkey = rsa_blinding_key_derive (pkey, bks);
@@ -771,7 +771,7 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
  gcry_mpi_release (ne[0]);
  gcry_mpi_release (ne[1]);
  gcry_mpi_release (r_e);
-  rsa_blinding_key_free (bkey);  
+  rsa_blinding_key_free (bkey);
  *buf_size = numeric_mpi_alloc_n_print (data_r_e, buf);
  gcry_mpi_release (data_r_e);
@@ -917,7 +917,7 @@ GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
  GNUNET_CRYPTO_rsa_public_key_free (pkey);
  if (NULL == v)   /* rsa_gcd_validate failed meaning */
    return NULL;   /* our *own* RSA key is malicious. */
- 
  sig = rsa_sign_mpi (key, v);
  gcry_mpi_release (v);
  return sig;
@@ -1077,11 +1077,11 @@ GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_RsaSignature *sig,
  }
  bkey = rsa_blinding_key_derive (pkey, bks);
-  if (NULL == bkey) 
+  if (NULL == bkey)
  {
-    /* RSA key is malicious since rsa_gcd_validate failed here. 
+    /* RSA key is malicious since rsa_gcd_validate failed here.
     * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
-     * so the exchange is being malicious in an unfamilair way, maybe 
+     * so the exchange is being malicious in an unfamilair way, maybe
     * just trying to crash us.  */
    GNUNET_break_op (0);
    gcry_mpi_release (n);
@@ -1096,10 +1096,10 @@ GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_RsaSignature *sig,
                     n))
  {
    /* We cannot find r mod n, so gcd(r,n) != 1, which should get *
-     * caught above, but we handle it the same here.              */  
+     * caught above, but we handle it the same here.              */
    GNUNET_break_op (0);
    gcry_mpi_release (r_inv);
-    rsa_blinding_key_free (bkey);  
+    rsa_blinding_key_free (bkey);
    gcry_mpi_release (n);
    gcry_mpi_release (s);
    return NULL;
@@ -1144,11 +1144,11 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
  r = rsa_full_domain_hash (pkey, hash);
  if (NULL == r) {
    GNUNET_break_op (0);
-    /* RSA key is malicious since rsa_gcd_validate failed here. 
+    /* RSA key is malicious since rsa_gcd_validate failed here.
     * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
-     * so the exchange is being malicious in an unfamilair way, maybe 
+     * so the exchange is being malicious in an unfamilair way, maybe
     * just trying to crash us.  Arguably, we've only an internal error
-     * though because we should've detected this in our previous call 
+     * though because we should've detected this in our previous call
     * to GNUNET_CRYPTO_rsa_unblind. */
    return GNUNET_NO;
  }
author	tg(x) <*@tg-x.net>	2017-02-24 20:10:42 +0100
committer	tg(x) <*@tg-x.net>	2017-02-24 20:10:42 +0100
commit	cb1165ecfc5c89c22aa4a6fffb72e27e0bde43a3 (patch)
tree	401701a61ae8245f212364df7b44b228a9f4c225 /src/util/crypto_rsa.c
parent	435ef0a62ffe830ccee159f430157cfc8cc6a3d4 (diff)
download	gnunet-cb1165ecfc5c89c22aa4a6fffb72e27e0bde43a3.tar.gz gnunet-cb1165ecfc5c89c22aa4a6fffb72e27e0bde43a3.zip

diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c index 443d597e4..7a108c21b 100644 --- a/src/util/crypto_rsa.c +++ b/src/util/crypto_rsa.c
@@ -25,7 +25,7 @@
25	#include <gcrypt.h>	25	#include <gcrypt.h>
26	#include "gnunet_crypto_lib.h"	26	#include "gnunet_crypto_lib.h"
27		27
28	#define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)	28	#define LOG(kind,...) GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__)
29		29
30		30
31	/**	31	/**
@@ -430,7 +430,7 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
430	char xts = "Blinding KDF extrator HMAC key"; / Trusts bks' randomness more */	430	char xts = "Blinding KDF extrator HMAC key"; / Trusts bks' randomness more */
431	struct RsaBlindingKey *blind;	431	struct RsaBlindingKey *blind;
432	gcry_mpi_t n;	432	gcry_mpi_t n;
433		433
434	blind = GNUNET_new (struct RsaBlindingKey);	434	blind = GNUNET_new (struct RsaBlindingKey);
435	GNUNET_assert( NULL != blind );	435	GNUNET_assert( NULL != blind );
436		436
@@ -454,25 +454,25 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
454	}	454	}
455		455
456		456
457	/*	457	/*
458	We originally added GNUNET_CRYPTO_kdf_mod_mpi for the benifit of the	458	We originally added GNUNET_CRYPTO_kdf_mod_mpi for the benifit of the
459	previous routine.	459	previous routine.
460		460
461	There was previously a call to GNUNET_CRYPTO_kdf in	461	There was previously a call to GNUNET_CRYPTO_kdf in
462	bkey = rsa_blinding_key_derive (len, bks);	462	bkey = rsa_blinding_key_derive (len, bks);
463	that gives exactly len bits where	463	that gives exactly len bits where
464	len = GNUNET_CRYPTO_rsa_public_key_len (pkey);	464	len = GNUNET_CRYPTO_rsa_public_key_len (pkey);
465		465
466	Now r = 2^(len-1)/pkey.n is the probability that a set high bit being	466	Now r = 2^(len-1)/pkey.n is the probability that a set high bit being
467	okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey >	467	okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey >
468	pkey.n making the effective bkey be	468	pkey.n making the effective bkey be
469	bkey mod pkey.n = bkey - pkey.n	469	bkey mod pkey.n = bkey - pkey.n
470	so the effective bkey has its high bit set with probability r/2.	470	so the effective bkey has its high bit set with probability r/2.
471		471
472	We expect r to be close to 1/2 if the exchange is honest, but the	472	We expect r to be close to 1/2 if the exchange is honest, but the
473	exchange can choose r otherwise.	473	exchange can choose r otherwise.
474		474
475	In blind signing, the exchange sees	475	In blind signing, the exchange sees
476	B = bkey * S mod pkey.n	476	B = bkey * S mod pkey.n
477	On deposit, the exchange sees S so they can compute bkey' = B/S mod	477	On deposit, the exchange sees S so they can compute bkey' = B/S mod
478	pkey.n for all B they recorded to see if bkey' has it's high bit set.	478	pkey.n for all B they recorded to see if bkey' has it's high bit set.
@@ -489,7 +489,7 @@ the wrong and right probabilities 1/3 and 1/4, respectively.
489	I feared this gives the exchange a meaningful fraction of a bit of	489	I feared this gives the exchange a meaningful fraction of a bit of
490	information per coin involved in the transaction. It sounds damaging if	490	information per coin involved in the transaction. It sounds damaging if
491	numerous coins were involved. And it could run across transactions in	491	numerous coins were involved. And it could run across transactions in
492	some scenarios.	492	some scenarios.
493		493
494	We fixed this by using a more uniform deterministic pseudo-random number	494	We fixed this by using a more uniform deterministic pseudo-random number
495	generator for blinding factors. I do not believe this to be a problem	495	generator for blinding factors. I do not believe this to be a problem
@@ -748,7 +748,7 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
748	}	748	}
749		749
750	data = rsa_full_domain_hash (pkey, hash);	750	data = rsa_full_domain_hash (pkey, hash);
751	if (NULL == data)	751	if (NULL == data)
752	goto rsa_gcd_validate_failure;	752	goto rsa_gcd_validate_failure;
753		753
754	bkey = rsa_blinding_key_derive (pkey, bks);	754	bkey = rsa_blinding_key_derive (pkey, bks);
@@ -771,7 +771,7 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
771	gcry_mpi_release (ne[0]);	771	gcry_mpi_release (ne[0]);
772	gcry_mpi_release (ne[1]);	772	gcry_mpi_release (ne[1]);
773	gcry_mpi_release (r_e);	773	gcry_mpi_release (r_e);
774	rsa_blinding_key_free (bkey);	774	rsa_blinding_key_free (bkey);
775		775
776	*buf_size = numeric_mpi_alloc_n_print (data_r_e, buf);	776	*buf_size = numeric_mpi_alloc_n_print (data_r_e, buf);
777	gcry_mpi_release (data_r_e);	777	gcry_mpi_release (data_r_e);
@@ -917,7 +917,7 @@ GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
917	GNUNET_CRYPTO_rsa_public_key_free (pkey);	917	GNUNET_CRYPTO_rsa_public_key_free (pkey);
918	if (NULL == v) /* rsa_gcd_validate failed meaning */	918	if (NULL == v) /* rsa_gcd_validate failed meaning */
919	return NULL; /* our own RSA key is malicious. */	919	return NULL; /* our own RSA key is malicious. */
920		920
921	sig = rsa_sign_mpi (key, v);	921	sig = rsa_sign_mpi (key, v);
922	gcry_mpi_release (v);	922	gcry_mpi_release (v);
923	return sig;	923	return sig;
@@ -1077,11 +1077,11 @@ GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_RsaSignature *sig,
1077	}	1077	}
1078		1078
1079	bkey = rsa_blinding_key_derive (pkey, bks);	1079	bkey = rsa_blinding_key_derive (pkey, bks);
1080	if (NULL == bkey)	1080	if (NULL == bkey)
1081	{	1081	{
1082	/* RSA key is malicious since rsa_gcd_validate failed here.	1082	/* RSA key is malicious since rsa_gcd_validate failed here.
1083	* It should have failed during GNUNET_CRYPTO_rsa_blind too though,	1083	* It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1084	* so the exchange is being malicious in an unfamilair way, maybe	1084	* so the exchange is being malicious in an unfamilair way, maybe
1085	* just trying to crash us. */	1085	* just trying to crash us. */
1086	GNUNET_break_op (0);	1086	GNUNET_break_op (0);
1087	gcry_mpi_release (n);	1087	gcry_mpi_release (n);
@@ -1096,10 +1096,10 @@ GNUNET_CRYPTO_rsa_unblind (struct GNUNET_CRYPTO_RsaSignature *sig,
1096	n))	1096	n))
1097	{	1097	{
1098	/* We cannot find r mod n, so gcd(r,n) != 1, which should get *	1098	/* We cannot find r mod n, so gcd(r,n) != 1, which should get *
1099	* caught above, but we handle it the same here. */	1099	* caught above, but we handle it the same here. */
1100	GNUNET_break_op (0);	1100	GNUNET_break_op (0);
1101	gcry_mpi_release (r_inv);	1101	gcry_mpi_release (r_inv);
1102	rsa_blinding_key_free (bkey);	1102	rsa_blinding_key_free (bkey);
1103	gcry_mpi_release (n);	1103	gcry_mpi_release (n);
1104	gcry_mpi_release (s);	1104	gcry_mpi_release (s);
1105	return NULL;	1105	return NULL;
@@ -1144,11 +1144,11 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
1144	r = rsa_full_domain_hash (pkey, hash);	1144	r = rsa_full_domain_hash (pkey, hash);
1145	if (NULL == r) {	1145	if (NULL == r) {
1146	GNUNET_break_op (0);	1146	GNUNET_break_op (0);
1147	/* RSA key is malicious since rsa_gcd_validate failed here.	1147	/* RSA key is malicious since rsa_gcd_validate failed here.
1148	* It should have failed during GNUNET_CRYPTO_rsa_blind too though,	1148	* It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1149	* so the exchange is being malicious in an unfamilair way, maybe	1149	* so the exchange is being malicious in an unfamilair way, maybe
1150	* just trying to crash us. Arguably, we've only an internal error	1150	* just trying to crash us. Arguably, we've only an internal error
1151	* though because we should've detected this in our previous call	1151	* though because we should've detected this in our previous call
1152	* to GNUNET_CRYPTO_rsa_unblind. */	1152	* to GNUNET_CRYPTO_rsa_unblind. */
1153	return GNUNET_NO;	1153	return GNUNET_NO;
1154	}	1154	}