diff options
author | Christian Grothoff <christian@grothoff.org> | 2012-03-17 16:04:18 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2012-03-17 16:04:18 +0000 |
commit | 37ec274916f6755483d9e65aabcc832f6cb1b2b7 (patch) | |
tree | e17c12c5398755577666a5e1bf6feea0b253c6e4 /src | |
parent | 9ceed8e771c4104534082ae97919677d6786f5c8 (diff) | |
download | gnunet-37ec274916f6755483d9e65aabcc832f6cb1b2b7.tar.gz gnunet-37ec274916f6755483d9e65aabcc832f6cb1b2b7.zip |
-clone elimination, adding some documentation
Diffstat (limited to 'src')
-rw-r--r-- | src/util/crypto_ksk.c | 195 |
1 files changed, 29 insertions, 166 deletions
diff --git a/src/util/crypto_ksk.c b/src/util/crypto_ksk.c index 0f5a29507..274457b61 100644 --- a/src/util/crypto_ksk.c +++ b/src/util/crypto_ksk.c | |||
@@ -557,202 +557,65 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc) | |||
557 | 557 | ||
558 | 558 | ||
559 | /** | 559 | /** |
560 | * Decode the internal format into the format used | 560 | * Entry in the KSK cache. |
561 | * by libgcrypt. | ||
562 | */ | 561 | */ |
563 | static struct GNUNET_CRYPTO_RsaPrivateKey * | ||
564 | ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding) | ||
565 | { | ||
566 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; | ||
567 | gcry_sexp_t res; | ||
568 | gcry_mpi_t n, e, d, p, q, u; | ||
569 | int rc; | ||
570 | size_t size; | ||
571 | int pos; | ||
572 | |||
573 | pos = 0; | ||
574 | size = ntohs (encoding->sizen); | ||
575 | rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG, | ||
576 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
577 | &size); | ||
578 | pos += ntohs (encoding->sizen); | ||
579 | if (rc) | ||
580 | { | ||
581 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
582 | return NULL; | ||
583 | } | ||
584 | size = ntohs (encoding->sizee); | ||
585 | rc = gcry_mpi_scan (&e, GCRYMPI_FMT_USG, | ||
586 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
587 | &size); | ||
588 | pos += ntohs (encoding->sizee); | ||
589 | if (rc) | ||
590 | { | ||
591 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
592 | gcry_mpi_release (n); | ||
593 | return NULL; | ||
594 | } | ||
595 | size = ntohs (encoding->sized); | ||
596 | rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG, | ||
597 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
598 | &size); | ||
599 | pos += ntohs (encoding->sized); | ||
600 | if (rc) | ||
601 | { | ||
602 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
603 | gcry_mpi_release (n); | ||
604 | gcry_mpi_release (e); | ||
605 | return NULL; | ||
606 | } | ||
607 | /* swap p and q! */ | ||
608 | size = ntohs (encoding->sizep); | ||
609 | if (size > 0) | ||
610 | { | ||
611 | rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG, | ||
612 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
613 | &size); | ||
614 | pos += ntohs (encoding->sizep); | ||
615 | if (rc) | ||
616 | { | ||
617 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
618 | gcry_mpi_release (n); | ||
619 | gcry_mpi_release (e); | ||
620 | gcry_mpi_release (d); | ||
621 | return NULL; | ||
622 | } | ||
623 | } | ||
624 | else | ||
625 | q = NULL; | ||
626 | size = ntohs (encoding->sizeq); | ||
627 | if (size > 0) | ||
628 | { | ||
629 | rc = gcry_mpi_scan (&p, GCRYMPI_FMT_USG, | ||
630 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
631 | &size); | ||
632 | pos += ntohs (encoding->sizeq); | ||
633 | if (rc) | ||
634 | { | ||
635 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
636 | gcry_mpi_release (n); | ||
637 | gcry_mpi_release (e); | ||
638 | gcry_mpi_release (d); | ||
639 | if (q != NULL) | ||
640 | gcry_mpi_release (q); | ||
641 | return NULL; | ||
642 | } | ||
643 | } | ||
644 | else | ||
645 | p = NULL; | ||
646 | pos += ntohs (encoding->sizedmp1); | ||
647 | pos += ntohs (encoding->sizedmq1); | ||
648 | size = | ||
649 | ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) - | ||
650 | pos; | ||
651 | if (size > 0) | ||
652 | { | ||
653 | rc = gcry_mpi_scan (&u, GCRYMPI_FMT_USG, | ||
654 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
655 | &size); | ||
656 | if (rc) | ||
657 | { | ||
658 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
659 | gcry_mpi_release (n); | ||
660 | gcry_mpi_release (e); | ||
661 | gcry_mpi_release (d); | ||
662 | if (p != NULL) | ||
663 | gcry_mpi_release (p); | ||
664 | if (q != NULL) | ||
665 | gcry_mpi_release (q); | ||
666 | return NULL; | ||
667 | } | ||
668 | } | ||
669 | else | ||
670 | u = NULL; | ||
671 | |||
672 | if ((p != NULL) && (q != NULL) && (u != NULL)) | ||
673 | { | ||
674 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
675 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))", | ||
676 | n, e, d, p, q, u); | ||
677 | } | ||
678 | else | ||
679 | { | ||
680 | if ((p != NULL) && (q != NULL)) | ||
681 | { | ||
682 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
683 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))", | ||
684 | n, e, d, p, q); | ||
685 | } | ||
686 | else | ||
687 | { | ||
688 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
689 | "(private-key(rsa(n %m)(e %m)(d %m)))", n, e, d); | ||
690 | } | ||
691 | } | ||
692 | gcry_mpi_release (n); | ||
693 | gcry_mpi_release (e); | ||
694 | gcry_mpi_release (d); | ||
695 | if (p != NULL) | ||
696 | gcry_mpi_release (p); | ||
697 | if (q != NULL) | ||
698 | gcry_mpi_release (q); | ||
699 | if (u != NULL) | ||
700 | gcry_mpi_release (u); | ||
701 | |||
702 | if (rc) | ||
703 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | ||
704 | #if EXTRA_CHECKS | ||
705 | if (gcry_pk_testkey (res)) | ||
706 | { | ||
707 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); | ||
708 | return NULL; | ||
709 | } | ||
710 | #endif | ||
711 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); | ||
712 | ret->sexp = res; | ||
713 | return ret; | ||
714 | } | ||
715 | |||
716 | |||
717 | struct KBlockKeyCacheLine | 562 | struct KBlockKeyCacheLine |
718 | { | 563 | { |
564 | /** | ||
565 | * Hash from which the key was generated. | ||
566 | */ | ||
719 | GNUNET_HashCode hc; | 567 | GNUNET_HashCode hc; |
568 | |||
569 | /** | ||
570 | * The encoded key. | ||
571 | */ | ||
720 | struct KskRsaPrivateKeyBinaryEncoded *pke; | 572 | struct KskRsaPrivateKeyBinaryEncoded *pke; |
721 | }; | 573 | }; |
722 | 574 | ||
575 | |||
576 | /** | ||
577 | * Cached KSK keys so that we don't have to recompute them | ||
578 | * all the time. | ||
579 | */ | ||
723 | static struct KBlockKeyCacheLine **cache; | 580 | static struct KBlockKeyCacheLine **cache; |
724 | 581 | ||
582 | |||
583 | /** | ||
584 | * Size of the 'cache' array. | ||
585 | */ | ||
725 | static unsigned int cacheSize; | 586 | static unsigned int cacheSize; |
726 | 587 | ||
588 | |||
727 | /** | 589 | /** |
728 | * Deterministically (!) create a hostkey using only the | 590 | * Deterministically (!) create a hostkey using only the |
729 | * given HashCode as input to the PRNG. | 591 | * given HashCode as input to the PRNG. |
592 | * | ||
593 | * @param hc hash code to generate the key from | ||
594 | * @return corresponding private key; must not be freed! | ||
730 | */ | 595 | */ |
731 | struct GNUNET_CRYPTO_RsaPrivateKey * | 596 | struct GNUNET_CRYPTO_RsaPrivateKey * |
732 | GNUNET_CRYPTO_rsa_key_create_from_hash (const GNUNET_HashCode * hc) | 597 | GNUNET_CRYPTO_rsa_key_create_from_hash (const GNUNET_HashCode * hc) |
733 | { | 598 | { |
734 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; | ||
735 | struct KBlockKeyCacheLine *line; | 599 | struct KBlockKeyCacheLine *line; |
736 | unsigned int i; | 600 | unsigned int i; |
737 | 601 | ||
738 | for (i = 0; i < cacheSize; i++) | 602 | for (i = 0; i < cacheSize; i++) |
739 | { | ||
740 | if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode))) | 603 | if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode))) |
741 | { | 604 | return GNUNET_CRYPTO_rsa_decode_key ((const char*) cache[i]->pke, |
742 | ret = ksk_decode_key (cache[i]->pke); | 605 | ntohs (cache[i]->pke->len)); |
743 | return ret; | ||
744 | } | ||
745 | } | ||
746 | |||
747 | line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine)); | 606 | line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine)); |
748 | line->hc = *hc; | 607 | line->hc = *hc; |
749 | line->pke = makeKblockKeyInternal (hc); | 608 | line->pke = makeKblockKeyInternal (hc); |
750 | GNUNET_array_grow (cache, cacheSize, cacheSize + 1); | 609 | GNUNET_array_grow (cache, cacheSize, cacheSize + 1); |
751 | cache[cacheSize - 1] = line; | 610 | cache[cacheSize - 1] = line; |
752 | return ksk_decode_key (line->pke); | 611 | return GNUNET_CRYPTO_rsa_decode_key ((const char*) line->pke, |
612 | ntohs (line->pke->len)); | ||
753 | } | 613 | } |
754 | 614 | ||
755 | 615 | ||
616 | /** | ||
617 | * Destructor that frees the KSK cache. | ||
618 | */ | ||
756 | void __attribute__ ((destructor)) GNUNET_CRYPTO_ksk_fini () | 619 | void __attribute__ ((destructor)) GNUNET_CRYPTO_ksk_fini () |
757 | { | 620 | { |
758 | unsigned int i; | 621 | unsigned int i; |