diff options
author | Christian Grothoff <christian@grothoff.org> | 2019-12-07 14:37:44 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2019-12-07 14:37:44 +0100 |
commit | a6b9d2e1879a4072dbece09f37d3bec672ec4a09 (patch) | |
tree | bc2bef9a206e070dbb1cbcf90870862feebc0ffe /src | |
parent | 7bb0b3291244286a114e652949a181e31f70364f (diff) | |
download | gnunet-a6b9d2e1879a4072dbece09f37d3bec672ec4a09.tar.gz gnunet-a6b9d2e1879a4072dbece09f37d3bec672ec4a09.zip |
fix #3795/5968/5398
Diffstat (limited to 'src')
-rw-r--r-- | src/util/crypto_ecc.c | 578 | ||||
-rw-r--r-- | src/util/crypto_pow.c | 14 | ||||
-rw-r--r-- | src/util/crypto_rsa.c | 101 |
3 files changed, 2 insertions, 691 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index f9efcf6e7..bd7c425d4 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
@@ -33,8 +33,6 @@ | |||
33 | 33 | ||
34 | #define EXTRA_CHECKS 0 | 34 | #define EXTRA_CHECKS 0 |
35 | 35 | ||
36 | #define NEW_CRYPTO 0 | ||
37 | |||
38 | 36 | ||
39 | /** | 37 | /** |
40 | * Name of the curve we are using. Note that we have hard-coded | 38 | * Name of the curve we are using. Note that we have hard-coded |
@@ -164,80 +162,6 @@ decode_private_ecdsa_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv) | |||
164 | } | 162 | } |
165 | 163 | ||
166 | 164 | ||
167 | #if !NEW_CRYPTO | ||
168 | /** | ||
169 | * Convert the given private key from the network format to the | ||
170 | * S-expression that can be used by libgcrypt. | ||
171 | * | ||
172 | * @param priv private key to decode | ||
173 | * @return NULL on error | ||
174 | */ | ||
175 | static gcry_sexp_t | ||
176 | decode_private_eddsa_key (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv) | ||
177 | { | ||
178 | gcry_sexp_t result; | ||
179 | int rc; | ||
180 | |||
181 | rc = gcry_sexp_build (&result, | ||
182 | NULL, | ||
183 | "(private-key(ecc(curve \"" CURVE "\")" | ||
184 | "(flags eddsa)(d %b)))", | ||
185 | (int) sizeof(priv->d), | ||
186 | priv->d); | ||
187 | if (0 != rc) | ||
188 | { | ||
189 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | ||
190 | GNUNET_assert (0); | ||
191 | } | ||
192 | #if EXTRA_CHECKS | ||
193 | if (0 != (rc = gcry_pk_testkey (result))) | ||
194 | { | ||
195 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); | ||
196 | GNUNET_assert (0); | ||
197 | } | ||
198 | #endif | ||
199 | return result; | ||
200 | } | ||
201 | #endif /* !NEW_CRYPTO */ | ||
202 | |||
203 | |||
204 | #if !NEW_CRYPTO | ||
205 | /** | ||
206 | * Convert the given private key from the network format to the | ||
207 | * S-expression that can be used by libgcrypt. | ||
208 | * | ||
209 | * @param priv private key to decode | ||
210 | * @return NULL on error | ||
211 | */ | ||
212 | static gcry_sexp_t | ||
213 | decode_private_ecdhe_key (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv) | ||
214 | { | ||
215 | gcry_sexp_t result; | ||
216 | int rc; | ||
217 | |||
218 | rc = gcry_sexp_build (&result, | ||
219 | NULL, | ||
220 | "(private-key(ecc(curve \"" CURVE "\")" | ||
221 | "(d %b)))", | ||
222 | (int) sizeof(priv->d), | ||
223 | priv->d); | ||
224 | if (0 != rc) | ||
225 | { | ||
226 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | ||
227 | GNUNET_assert (0); | ||
228 | } | ||
229 | #if EXTRA_CHECKS | ||
230 | if (0 != (rc = gcry_pk_testkey (result))) | ||
231 | { | ||
232 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); | ||
233 | GNUNET_assert (0); | ||
234 | } | ||
235 | #endif | ||
236 | return result; | ||
237 | } | ||
238 | #endif /* !NEW_CRYPTO */ | ||
239 | |||
240 | |||
241 | /** | 165 | /** |
242 | * Extract the public key for the given private key. | 166 | * Extract the public key for the given private key. |
243 | * | 167 | * |
@@ -280,29 +204,9 @@ GNUNET_CRYPTO_eddsa_key_get_public ( | |||
280 | const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | 204 | const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, |
281 | struct GNUNET_CRYPTO_EddsaPublicKey *pub) | 205 | struct GNUNET_CRYPTO_EddsaPublicKey *pub) |
282 | { | 206 | { |
283 | #if NEW_CRYPTO | ||
284 | BENCHMARK_START (eddsa_key_get_public); | 207 | BENCHMARK_START (eddsa_key_get_public); |
285 | GNUNET_TWEETNACL_sign_pk_from_seed (pub->q_y, priv->d); | 208 | GNUNET_TWEETNACL_sign_pk_from_seed (pub->q_y, priv->d); |
286 | BENCHMARK_END (eddsa_key_get_public); | 209 | BENCHMARK_END (eddsa_key_get_public); |
287 | #else | ||
288 | gcry_sexp_t sexp; | ||
289 | gcry_ctx_t ctx; | ||
290 | gcry_mpi_t q; | ||
291 | |||
292 | BENCHMARK_START (eddsa_key_get_public); | ||
293 | |||
294 | sexp = decode_private_eddsa_key (priv); | ||
295 | GNUNET_assert (NULL != sexp); | ||
296 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL)); | ||
297 | gcry_sexp_release (sexp); | ||
298 | q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); | ||
299 | GNUNET_assert (q); | ||
300 | GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof(pub->q_y), q); | ||
301 | gcry_mpi_release (q); | ||
302 | gcry_ctx_release (ctx); | ||
303 | |||
304 | BENCHMARK_END (eddsa_key_get_public); | ||
305 | #endif | ||
306 | } | 210 | } |
307 | 211 | ||
308 | 212 | ||
@@ -317,29 +221,9 @@ GNUNET_CRYPTO_ecdhe_key_get_public ( | |||
317 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | 221 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, |
318 | struct GNUNET_CRYPTO_EcdhePublicKey *pub) | 222 | struct GNUNET_CRYPTO_EcdhePublicKey *pub) |
319 | { | 223 | { |
320 | #if NEW_CRYPTO | ||
321 | BENCHMARK_START (ecdhe_key_get_public); | 224 | BENCHMARK_START (ecdhe_key_get_public); |
322 | GNUNET_TWEETNACL_scalarmult_curve25519_base (pub->q_y, priv->d); | 225 | GNUNET_TWEETNACL_scalarmult_curve25519_base (pub->q_y, priv->d); |
323 | BENCHMARK_END (ecdhe_key_get_public); | 226 | BENCHMARK_END (ecdhe_key_get_public); |
324 | #else | ||
325 | gcry_sexp_t sexp; | ||
326 | gcry_ctx_t ctx; | ||
327 | gcry_mpi_t q; | ||
328 | |||
329 | BENCHMARK_START (ecdhe_key_get_public); | ||
330 | |||
331 | sexp = decode_private_ecdhe_key (priv); | ||
332 | GNUNET_assert (NULL != sexp); | ||
333 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL)); | ||
334 | gcry_sexp_release (sexp); | ||
335 | q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); | ||
336 | GNUNET_assert (q); | ||
337 | GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof(pub->q_y), q); | ||
338 | gcry_mpi_release (q); | ||
339 | gcry_ctx_release (ctx); | ||
340 | |||
341 | BENCHMARK_END (ecdhe_key_get_public); | ||
342 | #endif | ||
343 | } | 227 | } |
344 | 228 | ||
345 | 229 | ||
@@ -650,62 +534,12 @@ GNUNET_CRYPTO_ecdhe_key_create () | |||
650 | int | 534 | int |
651 | GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk) | 535 | GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk) |
652 | { | 536 | { |
653 | #if NEW_CRYPTO | ||
654 | BENCHMARK_START (ecdhe_key_create); | 537 | BENCHMARK_START (ecdhe_key_create); |
655 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, | 538 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, |
656 | pk, | 539 | pk, |
657 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | 540 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); |
658 | BENCHMARK_END (ecdhe_key_create); | 541 | BENCHMARK_END (ecdhe_key_create); |
659 | return GNUNET_OK; | 542 | return GNUNET_OK; |
660 | #else | ||
661 | gcry_sexp_t priv_sexp; | ||
662 | gcry_sexp_t s_keyparam; | ||
663 | gcry_mpi_t d; | ||
664 | int rc; | ||
665 | |||
666 | BENCHMARK_START (ecdhe_key_create); | ||
667 | |||
668 | /* NOTE: For libgcrypt >= 1.7, we do not need the 'eddsa' flag here, | ||
669 | but should also be harmless. For libgcrypt < 1.7, using 'eddsa' | ||
670 | disables an expensive key testing routine. We do not want to run | ||
671 | the expensive check for ECDHE, as we generate TONS of keys to | ||
672 | use for a very short time. */if (0 != (rc = gcry_sexp_build (&s_keyparam, | ||
673 | NULL, | ||
674 | "(genkey(ecc(curve \"" CURVE "\")" | ||
675 | "(flags eddsa no-keytest)))"))) | ||
676 | { | ||
677 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | ||
678 | return GNUNET_SYSERR; | ||
679 | } | ||
680 | if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam))) | ||
681 | { | ||
682 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc); | ||
683 | gcry_sexp_release (s_keyparam); | ||
684 | return GNUNET_SYSERR; | ||
685 | } | ||
686 | gcry_sexp_release (s_keyparam); | ||
687 | #if EXTRA_CHECKS | ||
688 | if (0 != (rc = gcry_pk_testkey (priv_sexp))) | ||
689 | { | ||
690 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); | ||
691 | gcry_sexp_release (priv_sexp); | ||
692 | return GNUNET_SYSERR; | ||
693 | } | ||
694 | #endif | ||
695 | if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d"))) | ||
696 | { | ||
697 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc); | ||
698 | gcry_sexp_release (priv_sexp); | ||
699 | return GNUNET_SYSERR; | ||
700 | } | ||
701 | gcry_sexp_release (priv_sexp); | ||
702 | GNUNET_CRYPTO_mpi_print_unsigned (pk->d, sizeof(pk->d), d); | ||
703 | gcry_mpi_release (d); | ||
704 | |||
705 | BENCHMARK_END (ecdhe_key_create); | ||
706 | |||
707 | return GNUNET_OK; | ||
708 | #endif | ||
709 | } | 543 | } |
710 | 544 | ||
711 | 545 | ||
@@ -773,7 +607,6 @@ GNUNET_CRYPTO_ecdsa_key_create () | |||
773 | struct GNUNET_CRYPTO_EddsaPrivateKey * | 607 | struct GNUNET_CRYPTO_EddsaPrivateKey * |
774 | GNUNET_CRYPTO_eddsa_key_create () | 608 | GNUNET_CRYPTO_eddsa_key_create () |
775 | { | 609 | { |
776 | #if NEW_CRYPTO | ||
777 | struct GNUNET_CRYPTO_EddsaPrivateKey *priv; | 610 | struct GNUNET_CRYPTO_EddsaPrivateKey *priv; |
778 | 611 | ||
779 | BENCHMARK_START (eddsa_key_create); | 612 | BENCHMARK_START (eddsa_key_create); |
@@ -784,65 +617,6 @@ GNUNET_CRYPTO_eddsa_key_create () | |||
784 | BENCHMARK_END (eddsa_key_create); | 617 | BENCHMARK_END (eddsa_key_create); |
785 | 618 | ||
786 | return priv; | 619 | return priv; |
787 | #else | ||
788 | struct GNUNET_CRYPTO_EddsaPrivateKey *priv; | ||
789 | gcry_sexp_t priv_sexp; | ||
790 | gcry_sexp_t s_keyparam; | ||
791 | gcry_mpi_t d; | ||
792 | int rc; | ||
793 | |||
794 | BENCHMARK_START (eddsa_key_create); | ||
795 | |||
796 | #if CRYPTO_BUG | ||
797 | again: | ||
798 | #endif | ||
799 | if (0 != (rc = gcry_sexp_build (&s_keyparam, | ||
800 | NULL, | ||
801 | "(genkey(ecc(curve \"" CURVE "\")" | ||
802 | "(flags eddsa)))"))) | ||
803 | { | ||
804 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | ||
805 | return NULL; | ||
806 | } | ||
807 | if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam))) | ||
808 | { | ||
809 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc); | ||
810 | gcry_sexp_release (s_keyparam); | ||
811 | return NULL; | ||
812 | } | ||
813 | gcry_sexp_release (s_keyparam); | ||
814 | #if EXTRA_CHECKS | ||
815 | if (0 != (rc = gcry_pk_testkey (priv_sexp))) | ||
816 | { | ||
817 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); | ||
818 | gcry_sexp_release (priv_sexp); | ||
819 | return NULL; | ||
820 | } | ||
821 | #endif | ||
822 | if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d"))) | ||
823 | { | ||
824 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc); | ||
825 | gcry_sexp_release (priv_sexp); | ||
826 | return NULL; | ||
827 | } | ||
828 | gcry_sexp_release (priv_sexp); | ||
829 | priv = GNUNET_new (struct GNUNET_CRYPTO_EddsaPrivateKey); | ||
830 | GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof(priv->d), d); | ||
831 | gcry_mpi_release (d); | ||
832 | |||
833 | #if CRYPTO_BUG | ||
834 | if (GNUNET_OK != check_eddsa_key (priv)) | ||
835 | { | ||
836 | GNUNET_break (0); | ||
837 | GNUNET_free (priv); | ||
838 | goto again; | ||
839 | } | ||
840 | #endif | ||
841 | |||
842 | BENCHMARK_END (eddsa_key_create); | ||
843 | |||
844 | return priv; | ||
845 | #endif | ||
846 | } | 620 | } |
847 | 621 | ||
848 | 622 | ||
@@ -871,52 +645,6 @@ GNUNET_CRYPTO_ecdsa_key_get_anonymous () | |||
871 | } | 645 | } |
872 | 646 | ||
873 | 647 | ||
874 | #if !NEW_CRYPTO | ||
875 | /** | ||
876 | * Convert the data specified in the given purpose argument to an | ||
877 | * S-expression suitable for signature operations. | ||
878 | * | ||
879 | * @param purpose data to convert | ||
880 | * @return converted s-expression | ||
881 | */ | ||
882 | static gcry_sexp_t | ||
883 | data_to_eddsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose) | ||
884 | { | ||
885 | gcry_sexp_t data; | ||
886 | int rc; | ||
887 | |||
888 | /* SEE #5398 */ | ||
889 | #if 1 | ||
890 | struct GNUNET_HashCode hc; | ||
891 | |||
892 | GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc); | ||
893 | if (0 != (rc = gcry_sexp_build (&data, | ||
894 | NULL, | ||
895 | "(data(flags eddsa)(hash-algo %s)(value %b))", | ||
896 | "sha512", | ||
897 | (int) sizeof(hc), | ||
898 | &hc))) | ||
899 | { | ||
900 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | ||
901 | return NULL; | ||
902 | } | ||
903 | #else | ||
904 | if (0 != (rc = gcry_sexp_build (&data, | ||
905 | NULL, | ||
906 | "(data(flags eddsa)(hash-algo %s)(value %b))", | ||
907 | "sha512", | ||
908 | ntohl (purpose->size), | ||
909 | purpose))) | ||
910 | { | ||
911 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | ||
912 | return NULL; | ||
913 | } | ||
914 | #endif | ||
915 | return data; | ||
916 | } | ||
917 | #endif /* !NEW_CRYPTO */ | ||
918 | |||
919 | |||
920 | /** | 648 | /** |
921 | * Convert the data specified in the given purpose argument to an | 649 | * Convert the data specified in the given purpose argument to an |
922 | * S-expression suitable for signature operations. | 650 | * S-expression suitable for signature operations. |
@@ -1034,7 +762,6 @@ GNUNET_CRYPTO_eddsa_sign ( | |||
1034 | struct GNUNET_CRYPTO_EddsaSignature *sig) | 762 | struct GNUNET_CRYPTO_EddsaSignature *sig) |
1035 | { | 763 | { |
1036 | 764 | ||
1037 | #if NEW_CRYPTO | ||
1038 | size_t mlen = ntohl (purpose->size); | 765 | size_t mlen = ntohl (purpose->size); |
1039 | unsigned char sk[GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES]; | 766 | unsigned char sk[GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES]; |
1040 | int res; | 767 | int res; |
@@ -1047,50 +774,6 @@ GNUNET_CRYPTO_eddsa_sign ( | |||
1047 | sk); | 774 | sk); |
1048 | BENCHMARK_END (eddsa_sign); | 775 | BENCHMARK_END (eddsa_sign); |
1049 | return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; | 776 | return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; |
1050 | #else | ||
1051 | |||
1052 | gcry_sexp_t priv_sexp; | ||
1053 | gcry_sexp_t sig_sexp; | ||
1054 | gcry_sexp_t data; | ||
1055 | int rc; | ||
1056 | gcry_mpi_t rs[2]; | ||
1057 | |||
1058 | BENCHMARK_START (eddsa_sign); | ||
1059 | |||
1060 | priv_sexp = decode_private_eddsa_key (priv); | ||
1061 | data = data_to_eddsa_value (purpose); | ||
1062 | if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp))) | ||
1063 | { | ||
1064 | LOG (GNUNET_ERROR_TYPE_WARNING, | ||
1065 | _ ("EdDSA signing failed at %s:%d: %s\n"), | ||
1066 | __FILE__, | ||
1067 | __LINE__, | ||
1068 | gcry_strerror (rc)); | ||
1069 | gcry_sexp_release (data); | ||
1070 | gcry_sexp_release (priv_sexp); | ||
1071 | return GNUNET_SYSERR; | ||
1072 | } | ||
1073 | gcry_sexp_release (priv_sexp); | ||
1074 | gcry_sexp_release (data); | ||
1075 | |||
1076 | /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in | ||
1077 | 'signature' */ | ||
1078 | if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs"))) | ||
1079 | { | ||
1080 | GNUNET_break (0); | ||
1081 | gcry_sexp_release (sig_sexp); | ||
1082 | return GNUNET_SYSERR; | ||
1083 | } | ||
1084 | gcry_sexp_release (sig_sexp); | ||
1085 | GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]); | ||
1086 | GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]); | ||
1087 | gcry_mpi_release (rs[0]); | ||
1088 | gcry_mpi_release (rs[1]); | ||
1089 | |||
1090 | BENCHMARK_END (eddsa_sign); | ||
1091 | |||
1092 | return GNUNET_OK; | ||
1093 | #endif | ||
1094 | } | 777 | } |
1095 | 778 | ||
1096 | 779 | ||
@@ -1178,7 +861,6 @@ GNUNET_CRYPTO_eddsa_verify ( | |||
1178 | const struct GNUNET_CRYPTO_EddsaSignature *sig, | 861 | const struct GNUNET_CRYPTO_EddsaSignature *sig, |
1179 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub) | 862 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub) |
1180 | { | 863 | { |
1181 | #if NEW_CRYPTO | ||
1182 | unsigned char *m = (void *) validate; | 864 | unsigned char *m = (void *) validate; |
1183 | size_t mlen = ntohl (validate->size); | 865 | size_t mlen = ntohl (validate->size); |
1184 | unsigned char *s = (void *) sig; | 866 | unsigned char *s = (void *) sig; |
@@ -1192,59 +874,6 @@ GNUNET_CRYPTO_eddsa_verify ( | |||
1192 | res = GNUNET_TWEETNACL_sign_detached_verify (s, m, mlen, pub->q_y); | 874 | res = GNUNET_TWEETNACL_sign_detached_verify (s, m, mlen, pub->q_y); |
1193 | BENCHMARK_END (eddsa_verify); | 875 | BENCHMARK_END (eddsa_verify); |
1194 | return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; | 876 | return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; |
1195 | #else | ||
1196 | gcry_sexp_t data; | ||
1197 | gcry_sexp_t sig_sexpr; | ||
1198 | gcry_sexp_t pub_sexpr; | ||
1199 | int rc; | ||
1200 | |||
1201 | BENCHMARK_START (eddsa_verify); | ||
1202 | |||
1203 | if (purpose != ntohl (validate->purpose)) | ||
1204 | return GNUNET_SYSERR; /* purpose mismatch */ | ||
1205 | |||
1206 | /* build s-expression for signature */ | ||
1207 | if (0 != (rc = gcry_sexp_build (&sig_sexpr, | ||
1208 | NULL, | ||
1209 | "(sig-val(eddsa(r %b)(s %b)))", | ||
1210 | (int) sizeof(sig->r), | ||
1211 | sig->r, | ||
1212 | (int) sizeof(sig->s), | ||
1213 | sig->s))) | ||
1214 | { | ||
1215 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | ||
1216 | return GNUNET_SYSERR; | ||
1217 | } | ||
1218 | data = data_to_eddsa_value (validate); | ||
1219 | if (0 != (rc = gcry_sexp_build (&pub_sexpr, | ||
1220 | NULL, | ||
1221 | "(public-key(ecc(curve " CURVE | ||
1222 | ")(flags eddsa)(q %b)))", | ||
1223 | (int) sizeof(pub->q_y), | ||
1224 | pub->q_y))) | ||
1225 | { | ||
1226 | gcry_sexp_release (data); | ||
1227 | gcry_sexp_release (sig_sexpr); | ||
1228 | return GNUNET_SYSERR; | ||
1229 | } | ||
1230 | rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr); | ||
1231 | gcry_sexp_release (pub_sexpr); | ||
1232 | gcry_sexp_release (data); | ||
1233 | gcry_sexp_release (sig_sexpr); | ||
1234 | if (0 != rc) | ||
1235 | { | ||
1236 | LOG (GNUNET_ERROR_TYPE_INFO, | ||
1237 | _ ("EdDSA signature verification of type %u failed at %s:%d: %s\n"), | ||
1238 | (unsigned int) purpose, | ||
1239 | __FILE__, | ||
1240 | __LINE__, | ||
1241 | gcry_strerror (rc)); | ||
1242 | BENCHMARK_END (eddsa_verify); | ||
1243 | return GNUNET_SYSERR; | ||
1244 | } | ||
1245 | BENCHMARK_END (eddsa_verify); | ||
1246 | return GNUNET_OK; | ||
1247 | #endif | ||
1248 | } | 877 | } |
1249 | 878 | ||
1250 | 879 | ||
@@ -1261,68 +890,10 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | |||
1261 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, | 890 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, |
1262 | struct GNUNET_HashCode *key_material) | 891 | struct GNUNET_HashCode *key_material) |
1263 | { | 892 | { |
1264 | #if NEW_CRYPTO | ||
1265 | uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; | 893 | uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; |
1266 | GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, pub->q_y); | 894 | GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, pub->q_y); |
1267 | GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); | 895 | GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); |
1268 | return GNUNET_OK; | 896 | return GNUNET_OK; |
1269 | #else | ||
1270 | gcry_mpi_point_t result; | ||
1271 | gcry_mpi_point_t q; | ||
1272 | gcry_mpi_t d; | ||
1273 | gcry_ctx_t ctx; | ||
1274 | gcry_sexp_t pub_sexpr; | ||
1275 | gcry_mpi_t result_x; | ||
1276 | unsigned char xbuf[256 / 8]; | ||
1277 | size_t rsize; | ||
1278 | |||
1279 | BENCHMARK_START (ecc_ecdh); | ||
1280 | |||
1281 | /* first, extract the q = dP value from the public key */ | ||
1282 | if (0 != gcry_sexp_build (&pub_sexpr, | ||
1283 | NULL, | ||
1284 | "(public-key(ecc(curve " CURVE ")(q %b)))", | ||
1285 | (int) sizeof(pub->q_y), | ||
1286 | pub->q_y)) | ||
1287 | return GNUNET_SYSERR; | ||
1288 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL)); | ||
1289 | gcry_sexp_release (pub_sexpr); | ||
1290 | q = gcry_mpi_ec_get_point ("q", ctx, 0); | ||
1291 | |||
1292 | /* second, extract the d value from our private key */ | ||
1293 | GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d)); | ||
1294 | |||
1295 | /* then call the 'multiply' function, to compute the product */ | ||
1296 | result = gcry_mpi_point_new (0); | ||
1297 | gcry_mpi_ec_mul (result, d, q, ctx); | ||
1298 | gcry_mpi_point_release (q); | ||
1299 | gcry_mpi_release (d); | ||
1300 | |||
1301 | /* finally, convert point to string for hashing */ | ||
1302 | result_x = gcry_mpi_new (256); | ||
1303 | if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx)) | ||
1304 | { | ||
1305 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0); | ||
1306 | gcry_mpi_point_release (result); | ||
1307 | gcry_ctx_release (ctx); | ||
1308 | return GNUNET_SYSERR; | ||
1309 | } | ||
1310 | gcry_mpi_point_release (result); | ||
1311 | gcry_ctx_release (ctx); | ||
1312 | |||
1313 | rsize = sizeof(xbuf); | ||
1314 | GNUNET_assert (! gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE)); | ||
1315 | /* result_x can be negative here, so we do not use 'GNUNET_CRYPTO_mpi_print_unsigned' | ||
1316 | as that does not include the sign bit; x should be a 255-bit | ||
1317 | value, so with the sign it should fit snugly into the 256-bit | ||
1318 | xbuf */ | ||
1319 | GNUNET_assert ( | ||
1320 | 0 == gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize, result_x)); | ||
1321 | GNUNET_CRYPTO_hash (xbuf, rsize, key_material); | ||
1322 | gcry_mpi_release (result_x); | ||
1323 | BENCHMARK_END (ecc_ecdh); | ||
1324 | return GNUNET_OK; | ||
1325 | #endif | ||
1326 | } | 897 | } |
1327 | 898 | ||
1328 | 899 | ||
@@ -1469,73 +1040,6 @@ GNUNET_CRYPTO_ecdsa_public_key_derive ( | |||
1469 | } | 1040 | } |
1470 | 1041 | ||
1471 | 1042 | ||
1472 | #if !NEW_CRYPTO | ||
1473 | /** | ||
1474 | * Reverse the sequence of the bytes in @a buffer | ||
1475 | * | ||
1476 | * @param[in|out] buffer buffer to invert | ||
1477 | * @param length number of bytes in @a buffer | ||
1478 | */ | ||
1479 | static void | ||
1480 | reverse_buffer (unsigned char *buffer, size_t length) | ||
1481 | { | ||
1482 | unsigned char tmp; | ||
1483 | size_t i; | ||
1484 | |||
1485 | for (i = 0; i < length / 2; i++) | ||
1486 | { | ||
1487 | tmp = buffer[i]; | ||
1488 | buffer[i] = buffer[length - 1 - i]; | ||
1489 | buffer[length - 1 - i] = tmp; | ||
1490 | } | ||
1491 | } | ||
1492 | |||
1493 | |||
1494 | /** | ||
1495 | * Convert the secret @a d of an EdDSA key to the | ||
1496 | * value that is actually used in the EdDSA computation. | ||
1497 | * | ||
1498 | * @param d secret input | ||
1499 | * @return value used for the calculation in EdDSA | ||
1500 | */ | ||
1501 | static gcry_mpi_t | ||
1502 | eddsa_d_to_a (gcry_mpi_t d) | ||
1503 | { | ||
1504 | unsigned char rawmpi[32]; /* 256-bit value */ | ||
1505 | size_t rawmpilen; | ||
1506 | unsigned char digest[64]; /* 512-bit hash value */ | ||
1507 | gcry_buffer_t hvec[2]; | ||
1508 | unsigned int b; | ||
1509 | gcry_mpi_t a; | ||
1510 | |||
1511 | b = 256 / 8; /* number of bytes in `d` */ | ||
1512 | |||
1513 | /* Note that we clear DIGEST so we can use it as input to left pad | ||
1514 | the key with zeroes for hashing. */ | ||
1515 | memset (digest, 0, sizeof digest); | ||
1516 | memset (hvec, 0, sizeof hvec); | ||
1517 | rawmpilen = sizeof(rawmpi); | ||
1518 | GNUNET_assert ( | ||
1519 | 0 == gcry_mpi_print (GCRYMPI_FMT_USG, rawmpi, rawmpilen, &rawmpilen, d)); | ||
1520 | hvec[0].data = digest; | ||
1521 | hvec[0].off = 0; | ||
1522 | hvec[0].len = b > rawmpilen ? (b - rawmpilen) : 0; | ||
1523 | hvec[1].data = rawmpi; | ||
1524 | hvec[1].off = 0; | ||
1525 | hvec[1].len = rawmpilen; | ||
1526 | GNUNET_assert ( | ||
1527 | 0 == gcry_md_hash_buffers (GCRY_MD_SHA512, 0 /* flags */, digest, hvec, 2)); | ||
1528 | /* Compute the A value. */ | ||
1529 | reverse_buffer (digest, 32); /* Only the first half of the hash. */ | ||
1530 | digest[0] = (digest[0] & 0x7f) | 0x40; | ||
1531 | digest[31] &= 0xf8; | ||
1532 | |||
1533 | GNUNET_CRYPTO_mpi_scan_unsigned (&a, digest, 32); | ||
1534 | return a; | ||
1535 | } | ||
1536 | #endif | ||
1537 | |||
1538 | |||
1539 | /** | 1043 | /** |
1540 | * Take point from ECDH and convert it to key material. | 1044 | * Take point from ECDH and convert it to key material. |
1541 | * | 1045 | * |
@@ -1590,10 +1094,10 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | |||
1590 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, | 1094 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, |
1591 | struct GNUNET_HashCode *key_material) | 1095 | struct GNUNET_HashCode *key_material) |
1592 | { | 1096 | { |
1593 | #if NEW_CRYPTO | ||
1594 | struct GNUNET_HashCode hc; | 1097 | struct GNUNET_HashCode hc; |
1595 | uint8_t a[GNUNET_TWEETNACL_SCALARMULT_BYTES]; | 1098 | uint8_t a[GNUNET_TWEETNACL_SCALARMULT_BYTES]; |
1596 | uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; | 1099 | uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; |
1100 | |||
1597 | GNUNET_CRYPTO_hash (priv, | 1101 | GNUNET_CRYPTO_hash (priv, |
1598 | sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), | 1102 | sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), |
1599 | &hc); | 1103 | &hc); |
@@ -1603,47 +1107,6 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | |||
1603 | GNUNET_TWEETNACL_SCALARMULT_BYTES, | 1107 | GNUNET_TWEETNACL_SCALARMULT_BYTES, |
1604 | key_material); | 1108 | key_material); |
1605 | return GNUNET_OK; | 1109 | return GNUNET_OK; |
1606 | #else | ||
1607 | gcry_mpi_point_t result; | ||
1608 | gcry_mpi_point_t q; | ||
1609 | gcry_mpi_t d; | ||
1610 | gcry_mpi_t a; | ||
1611 | gcry_ctx_t ctx; | ||
1612 | gcry_sexp_t pub_sexpr; | ||
1613 | int ret; | ||
1614 | |||
1615 | BENCHMARK_START (eddsa_ecdh); | ||
1616 | |||
1617 | /* first, extract the q = dP value from the public key */ | ||
1618 | if (0 != gcry_sexp_build (&pub_sexpr, | ||
1619 | NULL, | ||
1620 | "(public-key(ecc(curve " CURVE ")(q %b)))", | ||
1621 | (int) sizeof(pub->q_y), | ||
1622 | pub->q_y)) | ||
1623 | return GNUNET_SYSERR; | ||
1624 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL)); | ||
1625 | gcry_sexp_release (pub_sexpr); | ||
1626 | q = gcry_mpi_ec_get_point ("q", ctx, 0); | ||
1627 | |||
1628 | /* second, extract the d value from our private key */ | ||
1629 | GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d)); | ||
1630 | |||
1631 | /* NOW, because this is EdDSA, HASH 'd' first! */ | ||
1632 | a = eddsa_d_to_a (d); | ||
1633 | gcry_mpi_release (d); | ||
1634 | |||
1635 | /* then call the 'multiply' function, to compute the product */ | ||
1636 | result = gcry_mpi_point_new (0); | ||
1637 | gcry_mpi_ec_mul (result, a, q, ctx); | ||
1638 | gcry_mpi_point_release (q); | ||
1639 | gcry_mpi_release (a); | ||
1640 | |||
1641 | ret = point_to_hash (result, ctx, key_material); | ||
1642 | gcry_mpi_point_release (result); | ||
1643 | gcry_ctx_release (ctx); | ||
1644 | BENCHMARK_END (eddsa_ecdh); | ||
1645 | return ret; | ||
1646 | #endif | ||
1647 | } | 1110 | } |
1648 | 1111 | ||
1649 | 1112 | ||
@@ -1715,50 +1178,13 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | |||
1715 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub, | 1178 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub, |
1716 | struct GNUNET_HashCode *key_material) | 1179 | struct GNUNET_HashCode *key_material) |
1717 | { | 1180 | { |
1718 | #if NEW_CRYPTO | ||
1719 | uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; | 1181 | uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; |
1720 | uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES]; | 1182 | uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES]; |
1183 | |||
1721 | GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y); | 1184 | GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y); |
1722 | GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk); | 1185 | GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk); |
1723 | GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); | 1186 | GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); |
1724 | return GNUNET_OK; | 1187 | return GNUNET_OK; |
1725 | #else | ||
1726 | gcry_mpi_point_t result; | ||
1727 | gcry_mpi_point_t q; | ||
1728 | gcry_mpi_t d; | ||
1729 | gcry_ctx_t ctx; | ||
1730 | gcry_sexp_t pub_sexpr; | ||
1731 | int ret; | ||
1732 | |||
1733 | BENCHMARK_START (ecdh_eddsa); | ||
1734 | |||
1735 | /* first, extract the q = dP value from the public key */ | ||
1736 | if (0 != gcry_sexp_build (&pub_sexpr, | ||
1737 | NULL, | ||
1738 | "(public-key(ecc(curve " CURVE ")(q %b)))", | ||
1739 | (int) sizeof(pub->q_y), | ||
1740 | pub->q_y)) | ||
1741 | return GNUNET_SYSERR; | ||
1742 | GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL)); | ||
1743 | gcry_sexp_release (pub_sexpr); | ||
1744 | q = gcry_mpi_ec_get_point ("q", ctx, 0); | ||
1745 | |||
1746 | /* second, extract the d value from our private key */ | ||
1747 | GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d)); | ||
1748 | |||
1749 | /* then call the 'multiply' function, to compute the product */ | ||
1750 | result = gcry_mpi_point_new (0); | ||
1751 | gcry_mpi_ec_mul (result, d, q, ctx); | ||
1752 | gcry_mpi_point_release (q); | ||
1753 | gcry_mpi_release (d); | ||
1754 | |||
1755 | /* finally, convert point to string for hashing */ | ||
1756 | ret = point_to_hash (result, ctx, key_material); | ||
1757 | gcry_mpi_point_release (result); | ||
1758 | gcry_ctx_release (ctx); | ||
1759 | BENCHMARK_END (ecdh_eddsa); | ||
1760 | return ret; | ||
1761 | #endif | ||
1762 | } | 1188 | } |
1763 | 1189 | ||
1764 | 1190 | ||
diff --git a/src/util/crypto_pow.c b/src/util/crypto_pow.c index af6837e03..be575e537 100644 --- a/src/util/crypto_pow.c +++ b/src/util/crypto_pow.c | |||
@@ -27,8 +27,6 @@ | |||
27 | #include "gnunet_crypto_lib.h" | 27 | #include "gnunet_crypto_lib.h" |
28 | #include <gcrypt.h> | 28 | #include <gcrypt.h> |
29 | 29 | ||
30 | /* FIXME: change to 1 for #3795 / 0.12! */ | ||
31 | #define NEW_CRYPTO 0 | ||
32 | 30 | ||
33 | /** | 31 | /** |
34 | * Calculate the 'proof-of-work' hash (an expensive hash). | 32 | * Calculate the 'proof-of-work' hash (an expensive hash). |
@@ -46,7 +44,6 @@ GNUNET_CRYPTO_pow_hash (const char *salt, | |||
46 | size_t buf_len, | 44 | size_t buf_len, |
47 | struct GNUNET_HashCode *result) | 45 | struct GNUNET_HashCode *result) |
48 | { | 46 | { |
49 | #if NEW_CRYPTO | ||
50 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 47 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
51 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | 48 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; |
52 | char rbuf[buf_len]; | 49 | char rbuf[buf_len]; |
@@ -81,17 +78,6 @@ GNUNET_CRYPTO_pow_hash (const char *salt, | |||
81 | 2 /* iterations; keep cost of individual op small */, | 78 | 2 /* iterations; keep cost of individual op small */, |
82 | sizeof(struct GNUNET_HashCode), | 79 | sizeof(struct GNUNET_HashCode), |
83 | result)); | 80 | result)); |
84 | #else | ||
85 | GNUNET_break (0 == gcry_kdf_derive (buf, | ||
86 | buf_len, | ||
87 | GCRY_KDF_SCRYPT, | ||
88 | 1 /* subalgo */, | ||
89 | salt, | ||
90 | strlen (salt), | ||
91 | 2 /* iterations; keep cost of individual op small */, | ||
92 | sizeof(struct GNUNET_HashCode), | ||
93 | result)); | ||
94 | #endif | ||
95 | } | 81 | } |
96 | 82 | ||
97 | 83 | ||
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c index 08bdeb2ca..2ac4fcf8a 100644 --- a/src/util/crypto_rsa.c +++ b/src/util/crypto_rsa.c | |||
@@ -32,8 +32,6 @@ | |||
32 | 32 | ||
33 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__) | 33 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__) |
34 | 34 | ||
35 | /* Flip for #5968 */ | ||
36 | #define NEW_CRYPTO 0 | ||
37 | 35 | ||
38 | /** | 36 | /** |
39 | * The private information of an RSA key pair. | 37 | * The private information of an RSA key pair. |
@@ -349,7 +347,6 @@ GNUNET_CRYPTO_rsa_public_key_encode (const struct | |||
349 | GNUNET_CRYPTO_RsaPublicKey *key, | 347 | GNUNET_CRYPTO_RsaPublicKey *key, |
350 | char **buffer) | 348 | char **buffer) |
351 | { | 349 | { |
352 | #if NEW_CRYPTO | ||
353 | gcry_mpi_t ne[2]; | 350 | gcry_mpi_t ne[2]; |
354 | size_t n_size; | 351 | size_t n_size; |
355 | size_t e_size; | 352 | size_t e_size; |
@@ -411,23 +408,6 @@ GNUNET_CRYPTO_rsa_public_key_encode (const struct | |||
411 | gcry_mpi_release (ne[0]); | 408 | gcry_mpi_release (ne[0]); |
412 | gcry_mpi_release (ne[1]); | 409 | gcry_mpi_release (ne[1]); |
413 | return buf_size; | 410 | return buf_size; |
414 | #else | ||
415 | size_t n; | ||
416 | char *b; | ||
417 | |||
418 | n = gcry_sexp_sprint (key->sexp, | ||
419 | GCRYSEXP_FMT_ADVANCED, | ||
420 | NULL, | ||
421 | 0); | ||
422 | b = GNUNET_malloc (n); | ||
423 | GNUNET_assert ((n - 1) == /* since the last byte is \0 */ | ||
424 | gcry_sexp_sprint (key->sexp, | ||
425 | GCRYSEXP_FMT_ADVANCED, | ||
426 | b, | ||
427 | n)); | ||
428 | *buffer = b; | ||
429 | return n; | ||
430 | #endif | ||
431 | } | 411 | } |
432 | 412 | ||
433 | 413 | ||
@@ -466,7 +446,6 @@ GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, | |||
466 | size_t len) | 446 | size_t len) |
467 | { | 447 | { |
468 | struct GNUNET_CRYPTO_RsaPublicKey *key; | 448 | struct GNUNET_CRYPTO_RsaPublicKey *key; |
469 | #if NEW_CRYPTO | ||
470 | struct GNUNET_CRYPTO_RsaPublicKeyHeaderP hdr; | 449 | struct GNUNET_CRYPTO_RsaPublicKeyHeaderP hdr; |
471 | size_t e_size; | 450 | size_t e_size; |
472 | size_t n_size; | 451 | size_t n_size; |
@@ -526,37 +505,6 @@ GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, | |||
526 | key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); | 505 | key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); |
527 | key->sexp = data; | 506 | key->sexp = data; |
528 | return key; | 507 | return key; |
529 | #else | ||
530 | gcry_mpi_t n; | ||
531 | int ret; | ||
532 | |||
533 | |||
534 | key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); | ||
535 | if (0 != | ||
536 | gcry_sexp_new (&key->sexp, | ||
537 | buf, | ||
538 | len, | ||
539 | 0)) | ||
540 | { | ||
541 | GNUNET_break_op (0); | ||
542 | GNUNET_free (key); | ||
543 | return NULL; | ||
544 | } | ||
545 | /* verify that this is an RSA public key */ | ||
546 | ret = key_from_sexp (&n, key->sexp, "public-key", "n"); | ||
547 | if (0 != ret) | ||
548 | ret = key_from_sexp (&n, key->sexp, "rsa", "n"); | ||
549 | if (0 != ret) | ||
550 | { | ||
551 | /* this is no public RSA key */ | ||
552 | GNUNET_break (0); | ||
553 | gcry_sexp_release (key->sexp); | ||
554 | GNUNET_free (key); | ||
555 | return NULL; | ||
556 | } | ||
557 | gcry_mpi_release (n); | ||
558 | return key; | ||
559 | #endif | ||
560 | } | 508 | } |
561 | 509 | ||
562 | 510 | ||
@@ -1128,7 +1076,6 @@ GNUNET_CRYPTO_rsa_signature_encode (const struct | |||
1128 | GNUNET_CRYPTO_RsaSignature *sig, | 1076 | GNUNET_CRYPTO_RsaSignature *sig, |
1129 | char **buffer) | 1077 | char **buffer) |
1130 | { | 1078 | { |
1131 | #if NEW_CRYPTO | ||
1132 | gcry_mpi_t s; | 1079 | gcry_mpi_t s; |
1133 | size_t buf_size; | 1080 | size_t buf_size; |
1134 | size_t rsize; | 1081 | size_t rsize; |
@@ -1160,23 +1107,6 @@ GNUNET_CRYPTO_rsa_signature_encode (const struct | |||
1160 | GNUNET_assert (rsize == buf_size); | 1107 | GNUNET_assert (rsize == buf_size); |
1161 | *buffer = (char *) buf; | 1108 | *buffer = (char *) buf; |
1162 | return buf_size; | 1109 | return buf_size; |
1163 | #else | ||
1164 | size_t n; | ||
1165 | char *b; | ||
1166 | |||
1167 | n = gcry_sexp_sprint (sig->sexp, | ||
1168 | GCRYSEXP_FMT_ADVANCED, | ||
1169 | NULL, | ||
1170 | 0); | ||
1171 | b = GNUNET_malloc (n); | ||
1172 | GNUNET_assert ((n - 1) == /* since the last byte is \0 */ | ||
1173 | gcry_sexp_sprint (sig->sexp, | ||
1174 | GCRYSEXP_FMT_ADVANCED, | ||
1175 | b, | ||
1176 | n)); | ||
1177 | *buffer = b; | ||
1178 | return n; | ||
1179 | #endif | ||
1180 | } | 1110 | } |
1181 | 1111 | ||
1182 | 1112 | ||
@@ -1193,7 +1123,6 @@ GNUNET_CRYPTO_rsa_signature_decode (const char *buf, | |||
1193 | size_t len) | 1123 | size_t len) |
1194 | { | 1124 | { |
1195 | struct GNUNET_CRYPTO_RsaSignature *sig; | 1125 | struct GNUNET_CRYPTO_RsaSignature *sig; |
1196 | #if NEW_CRYPTO | ||
1197 | gcry_mpi_t s; | 1126 | gcry_mpi_t s; |
1198 | gcry_sexp_t data; | 1127 | gcry_sexp_t data; |
1199 | 1128 | ||
@@ -1222,36 +1151,6 @@ GNUNET_CRYPTO_rsa_signature_decode (const char *buf, | |||
1222 | sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); | 1151 | sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); |
1223 | sig->sexp = data; | 1152 | sig->sexp = data; |
1224 | return sig; | 1153 | return sig; |
1225 | #else | ||
1226 | int ret; | ||
1227 | gcry_mpi_t s; | ||
1228 | |||
1229 | sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); | ||
1230 | if (0 != | ||
1231 | gcry_sexp_new (&sig->sexp, | ||
1232 | buf, | ||
1233 | len, | ||
1234 | 0)) | ||
1235 | { | ||
1236 | GNUNET_break_op (0); | ||
1237 | GNUNET_free (sig); | ||
1238 | return NULL; | ||
1239 | } | ||
1240 | /* verify that this is an RSA signature */ | ||
1241 | ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); | ||
1242 | if (0 != ret) | ||
1243 | ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); | ||
1244 | if (0 != ret) | ||
1245 | { | ||
1246 | /* this is no RSA Signature */ | ||
1247 | GNUNET_break_op (0); | ||
1248 | gcry_sexp_release (sig->sexp); | ||
1249 | GNUNET_free (sig); | ||
1250 | return NULL; | ||
1251 | } | ||
1252 | gcry_mpi_release (s); | ||
1253 | #endif | ||
1254 | return sig; | ||
1255 | } | 1154 | } |
1256 | 1155 | ||
1257 | 1156 | ||