-make use of deterministic ECDSA in FS, requires libgcrypt from Git as of yesterday

author: Christian Grothoff <christian@grothoff.org> 2013-07-30 15:43:08 +0000
committer: Christian Grothoff <christian@grothoff.org> 2013-07-30 15:43:08 +0000
commit: b87f43cb7ca0ceec933054e6b224b1b321eb7238 (patch)
tree: ad54c100aed9b9cfe730fa8c50f49a511cca9170 /src
parent: 4ea563a1d1fbdf020af2432c0b0320e8422051f7 (diff)
download: gnunet-b87f43cb7ca0ceec933054e6b224b1b321eb7238.tar.gz
gnunet-b87f43cb7ca0ceec933054e6b224b1b321eb7238.zip
4 files changed, 54 insertions, 27 deletions
diff --git a/src/fs/fs_api.c b/src/fs/fs_api.c
index 3ccb67105..ab49139b9 100644
--- a/src/fs/fs_api.c
+++ b/src/fs/fs_api.c
@@ -2725,7 +2725,6 @@ deserialize_download (struct GNUNET_FS_Handle *h,
  }
  if (NULL != parent)
  {
-    GNUNET_abort ();            // for debugging for now - FIXME
    GNUNET_CONTAINER_DLL_insert (parent->child_head, parent->child_tail, dc);
  }
  if (NULL != search)
diff --git a/src/fs/fs_namespace.c b/src/fs/fs_namespace.c
index e838c489f..d456dc34b 100644
--- a/src/fs/fs_namespace.c
+++ b/src/fs/fs_namespace.c
@@ -723,10 +723,10 @@ GNUNET_FS_publish_sks (struct GNUNET_FS_Handle *h,
                      sizeof (ub_enc->verification_key),
                      &query);
  GNUNET_FS_pseudonym_sign (ns->key,
-                         &ub_enc->purpose,
+                            &ub_enc->purpose,
-                         NULL,
+                            NULL,
-                         &signing_key,
+                            &signing_key,
-                         &ub_enc->signature);
+                            &ub_enc->signature);
  psc = GNUNET_malloc (sizeof (struct GNUNET_FS_PublishSksContext));
  psc->uri = sks_uri;
  psc->cont = cont;
diff --git a/src/fs/fs_pseudonym.c b/src/fs/fs_pseudonym.c
index 32164fa11..49a084199 100644
--- a/src/fs/fs_pseudonym.c
+++ b/src/fs/fs_pseudonym.c
@@ -1,10 +1,10 @@
 /*
     This file is part of GNUnet
-     (C) 2003, 2004, 2005, 2006, 2007, 2008, 2013 Christian Grothoff (and other contributing authors)
+     (C) 2003-2013 Christian Grothoff (and other contributing authors)
     GNUnet is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published
-     by the Free Software Foundation; either version 2, or (at your
+     by the Free Software Foundation; either version 3, or (at your
     option) any later version.
     GNUnet is distributed in the hope that it will be useful, but
@@ -1042,30 +1042,48 @@ GNUNET_FS_pseudonym_destroy (struct GNUNET_FS_PseudonymHandle *ph)
 * S-expression suitable for signature operations.
 *
 * @param purpose data to convert
+ * @param rfc6979 GNUNET_YES if we are to use deterministic ECDSA
 * @return converted s-expression
 */
 static gcry_sexp_t
-data_to_pkcs1 (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose)
+data_to_pkcs1 (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose,
+               int rfc6979)
 {
  struct GNUNET_CRYPTO_ShortHashCode hc;
  size_t bufSize;
  gcry_sexp_t data;
+  const char *fmt;
+  int rc;
  GNUNET_CRYPTO_short_hash (purpose, ntohl (purpose->size), &hc);
-#define FORMATSTRING "(4:data(5:flags3:raw)(5:value32:01234567890123456789012345678901))"
+  if (rfc6979)
-  bufSize = strlen (FORMATSTRING) + 1;
+  {
+    if (0 != (rc = gcry_sexp_build (&data, NULL,
+                                    "(data(flags rfc6979)(hash %s %b))",
+                                    "sha256",
+                                    sizeof (hc),
+                                    &hc)))
+    {
+      LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
+      return NULL;
+    }
+  }
+  else
  {
-    char buff[bufSize];
+    fmt = "(data(flags raw)(5:value32:01234567890123456789012345678901))";
+    bufSize = strlen (fmt) + 1;
-    memcpy (buff, FORMATSTRING, bufSize);
+    {
-    memcpy (&buff
+      char buff[bufSize];
-            [bufSize -
+      
-             strlen
+      memcpy (buff, fmt, bufSize);
-             ("01234567890123456789012345678901))")
+      memcpy (&buff
-             - 1], &hc, sizeof (struct GNUNET_CRYPTO_ShortHashCode));
+              [bufSize -
-    GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
+               strlen
+               ("01234567890123456789012345678901))")
+               - 1], &hc, sizeof (struct GNUNET_CRYPTO_ShortHashCode));
+      GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
+    }
  }
-#undef FORMATSTRING
  return data;
 }
@@ -1159,8 +1177,12 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph,
  }
  gcry_mpi_release (dh);
  /* prepare data for signing */
-  data = data_to_pkcs1 (purpose);
+  data = data_to_pkcs1 (purpose, NULL != seed);
-  
+  if (NULL == data)
+  {
+    gcry_sexp_release (spriv);
+    return GNUNET_SYSERR;
+  }
  /* get 'k' value from seed, if available */
  if (NULL != seed)
  {
@@ -1170,6 +1192,8 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph,
                                  size, &size)))
    {
      LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
+      gcry_sexp_release (spriv);
+      gcry_sexp_release (data);
      return GNUNET_SYSERR;
    }
  }
@@ -1461,8 +1485,12 @@ GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *pu
  /* build s-expression for data that was signed */
-  data = data_to_pkcs1 (purpose);
+  data = data_to_pkcs1 (purpose, GNUNET_NO);
+  if (NULL == data)
+  {
+    gcry_sexp_release (sig_sexpr);
+    return GNUNET_SYSERR;
+  }
  /* create context of public key and initialize Q */
  size = sizeof (verification_key->q_x);
  if (0 != (rc = gcry_mpi_scan (&q_x, GCRYMPI_FMT_USG,
diff --git a/src/util/disk.c b/src/util/disk.c
index cda28ce6d..e815afb2b 100644
--- a/src/util/disk.c
+++ b/src/util/disk.c
@@ -1,10 +1,10 @@
 /*
     This file is part of GNUnet.
-     (C) 2001--2012 Christian Grothoff (and other contributing authors)
+     (C) 2001--2013 Christian Grothoff (and other contributing authors)
     GNUnet is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published
-     by the Free Software Foundation; either version 2, or (at your
+     by the Free Software Foundation; either version 3, or (at your
     option) any later version.
     GNUnet is distributed in the hope that it will be useful, but
@@ -587,7 +587,7 @@ GNUNET_DISK_directory_test (const char *fil, int is_readable)
  }
  if (!S_ISDIR (filestat.st_mode))
  {
-    LOG (GNUNET_ERROR_TYPE_WARNING,
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
         "A file already exits with the same name %s\n", fil);
    return GNUNET_NO;
  }
author	Christian Grothoff <christian@grothoff.org>	2013-07-30 15:43:08 +0000
committer	Christian Grothoff <christian@grothoff.org>	2013-07-30 15:43:08 +0000
commit	b87f43cb7ca0ceec933054e6b224b1b321eb7238 (patch)
tree	ad54c100aed9b9cfe730fa8c50f49a511cca9170 /src
parent	4ea563a1d1fbdf020af2432c0b0320e8422051f7 (diff)
download	gnunet-b87f43cb7ca0ceec933054e6b224b1b321eb7238.tar.gz gnunet-b87f43cb7ca0ceec933054e6b224b1b321eb7238.zip

diff --git a/src/fs/fs_api.c b/src/fs/fs_api.c index 3ccb67105..ab49139b9 100644 --- a/src/fs/fs_api.c +++ b/src/fs/fs_api.c
@@ -2725,7 +2725,6 @@ deserialize_download (struct GNUNET_FS_Handle *h,
2725	}	2725	}
2726	if (NULL != parent)	2726	if (NULL != parent)
2727	{	2727	{
2728	GNUNET_abort (); // for debugging for now - FIXME
2729	GNUNET_CONTAINER_DLL_insert (parent->child_head, parent->child_tail, dc);	2728	GNUNET_CONTAINER_DLL_insert (parent->child_head, parent->child_tail, dc);
2730	}	2729	}
2731	if (NULL != search)	2730	if (NULL != search)


diff --git a/src/fs/fs_namespace.c b/src/fs/fs_namespace.c index e838c489f..d456dc34b 100644 --- a/src/fs/fs_namespace.c +++ b/src/fs/fs_namespace.c
@@ -723,10 +723,10 @@ GNUNET_FS_publish_sks (struct GNUNET_FS_Handle *h,
723	sizeof (ub_enc->verification_key),	723	sizeof (ub_enc->verification_key),
724	&query);	724	&query);
725	GNUNET_FS_pseudonym_sign (ns->key,	725	GNUNET_FS_pseudonym_sign (ns->key,
726	&ub_enc->purpose,	726	&ub_enc->purpose,
727	NULL,	727	NULL,
728	&signing_key,	728	&signing_key,
729	&ub_enc->signature);	729	&ub_enc->signature);
730	psc = GNUNET_malloc (sizeof (struct GNUNET_FS_PublishSksContext));	730	psc = GNUNET_malloc (sizeof (struct GNUNET_FS_PublishSksContext));
731	psc->uri = sks_uri;	731	psc->uri = sks_uri;
732	psc->cont = cont;	732	psc->cont = cont;


diff --git a/src/fs/fs_pseudonym.c b/src/fs/fs_pseudonym.c index 32164fa11..49a084199 100644 --- a/src/fs/fs_pseudonym.c +++ b/src/fs/fs_pseudonym.c
@@ -1,10 +1,10 @@
1	/*	1	/*
2	This file is part of GNUnet	2	This file is part of GNUnet
3	(C) 2003, 2004, 2005, 2006, 2007, 2008, 2013 Christian Grothoff (and other contributing authors)	3	(C) 2003-2013 Christian Grothoff (and other contributing authors)
4		4
5	GNUnet is free software; you can redistribute it and/or modify	5	GNUnet is free software; you can redistribute it and/or modify
6	it under the terms of the GNU General Public License as published	6	it under the terms of the GNU General Public License as published
7	by the Free Software Foundation; either version 2, or (at your	7	by the Free Software Foundation; either version 3, or (at your
8	option) any later version.	8	option) any later version.
9		9
10	GNUnet is distributed in the hope that it will be useful, but	10	GNUnet is distributed in the hope that it will be useful, but
@@ -1042,30 +1042,48 @@ GNUNET_FS_pseudonym_destroy (struct GNUNET_FS_PseudonymHandle *ph)
1042	* S-expression suitable for signature operations.	1042	* S-expression suitable for signature operations.
1043	*	1043	*
1044	* @param purpose data to convert	1044	* @param purpose data to convert
		1045	* @param rfc6979 GNUNET_YES if we are to use deterministic ECDSA
1045	* @return converted s-expression	1046	* @return converted s-expression
1046	*/	1047	*/
1047	static gcry_sexp_t	1048	static gcry_sexp_t
1048	data_to_pkcs1 (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose)	1049	data_to_pkcs1 (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose,
		1050	int rfc6979)
1049	{	1051	{
1050	struct GNUNET_CRYPTO_ShortHashCode hc;	1052	struct GNUNET_CRYPTO_ShortHashCode hc;
1051	size_t bufSize;	1053	size_t bufSize;
1052	gcry_sexp_t data;	1054	gcry_sexp_t data;
		1055	const char *fmt;
		1056	int rc;
1053		1057
1054	GNUNET_CRYPTO_short_hash (purpose, ntohl (purpose->size), &hc);	1058	GNUNET_CRYPTO_short_hash (purpose, ntohl (purpose->size), &hc);
1055	#define FORMATSTRING "(4:data(5:flags3:raw)(5:value32:01234567890123456789012345678901))"	1059	if (rfc6979)
1056	bufSize = strlen (FORMATSTRING) + 1;	1060	{
		1061	if (0 != (rc = gcry_sexp_build (&data, NULL,
		1062	"(data(flags rfc6979)(hash %s %b))",
		1063	"sha256",
		1064	sizeof (hc),
		1065	&hc)))
		1066	{
		1067	LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
		1068	return NULL;
		1069	}
		1070	}
		1071	else
1057	{	1072	{
1058	char buff[bufSize];	1073	fmt = "(data(flags raw)(5:value32:01234567890123456789012345678901))";
1059		1074	bufSize = strlen (fmt) + 1;
1060	memcpy (buff, FORMATSTRING, bufSize);	1075	{
1061	memcpy (&buff	1076	char buff[bufSize];
1062	[bufSize -	1077
1063	strlen	1078	memcpy (buff, fmt, bufSize);
1064	("01234567890123456789012345678901))")	1079	memcpy (&buff
1065	- 1], &hc, sizeof (struct GNUNET_CRYPTO_ShortHashCode));	1080	[bufSize -
1066	GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));	1081	strlen
		1082	("01234567890123456789012345678901))")
		1083	- 1], &hc, sizeof (struct GNUNET_CRYPTO_ShortHashCode));
		1084	GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
		1085	}
1067	}	1086	}
1068	#undef FORMATSTRING
1069	return data;	1087	return data;
1070	}	1088	}
1071		1089
@@ -1159,8 +1177,12 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph,
1159	}	1177	}
1160	gcry_mpi_release (dh);	1178	gcry_mpi_release (dh);
1161	/* prepare data for signing */	1179	/* prepare data for signing */
1162	data = data_to_pkcs1 (purpose);	1180	data = data_to_pkcs1 (purpose, NULL != seed);
1163		1181	if (NULL == data)
		1182	{
		1183	gcry_sexp_release (spriv);
		1184	return GNUNET_SYSERR;
		1185	}
1164	/* get 'k' value from seed, if available */	1186	/* get 'k' value from seed, if available */
1165	if (NULL != seed)	1187	if (NULL != seed)
1166	{	1188	{
@@ -1170,6 +1192,8 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph,
1170	size, &size)))	1192	size, &size)))
1171	{	1193	{
1172	LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);	1194	LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
		1195	gcry_sexp_release (spriv);
		1196	gcry_sexp_release (data);
1173	return GNUNET_SYSERR;	1197	return GNUNET_SYSERR;
1174	}	1198	}
1175	}	1199	}
@@ -1461,8 +1485,12 @@ GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *pu
1461		1485
1462		1486
1463	/* build s-expression for data that was signed */	1487	/* build s-expression for data that was signed */
1464	data = data_to_pkcs1 (purpose);	1488	data = data_to_pkcs1 (purpose, GNUNET_NO);
1465		1489	if (NULL == data)
		1490	{
		1491	gcry_sexp_release (sig_sexpr);
		1492	return GNUNET_SYSERR;
		1493	}
1466	/* create context of public key and initialize Q */	1494	/* create context of public key and initialize Q */
1467	size = sizeof (verification_key->q_x);	1495	size = sizeof (verification_key->q_x);
1468	if (0 != (rc = gcry_mpi_scan (&q_x, GCRYMPI_FMT_USG,	1496	if (0 != (rc = gcry_mpi_scan (&q_x, GCRYMPI_FMT_USG,


diff --git a/src/util/disk.c b/src/util/disk.c index cda28ce6d..e815afb2b 100644 --- a/src/util/disk.c +++ b/src/util/disk.c
@@ -1,10 +1,10 @@
1	/*	1	/*
2	This file is part of GNUnet.	2	This file is part of GNUnet.
3	(C) 2001--2012 Christian Grothoff (and other contributing authors)	3	(C) 2001--2013 Christian Grothoff (and other contributing authors)
4		4
5	GNUnet is free software; you can redistribute it and/or modify	5	GNUnet is free software; you can redistribute it and/or modify
6	it under the terms of the GNU General Public License as published	6	it under the terms of the GNU General Public License as published
7	by the Free Software Foundation; either version 2, or (at your	7	by the Free Software Foundation; either version 3, or (at your
8	option) any later version.	8	option) any later version.
9		9
10	GNUnet is distributed in the hope that it will be useful, but	10	GNUnet is distributed in the hope that it will be useful, but
@@ -587,7 +587,7 @@ GNUNET_DISK_directory_test (const char *fil, int is_readable)
587	}	587	}
588	if (!S_ISDIR (filestat.st_mode))	588	if (!S_ISDIR (filestat.st_mode))
589	{	589	{
590	LOG (GNUNET_ERROR_TYPE_WARNING,	590	LOG (GNUNET_ERROR_TYPE_DEBUG,
591	"A file already exits with the same name %s\n", fil);	591	"A file already exits with the same name %s\n", fil);
592	return GNUNET_NO;	592	return GNUNET_NO;
593	}	593	}