diff options
-rw-r--r-- | src/util/crypto_rsa.c | 64 |
1 files changed, 35 insertions, 29 deletions
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c index 949c0e430..cb782282e 100644 --- a/src/util/crypto_rsa.c +++ b/src/util/crypto_rsa.c | |||
@@ -1237,6 +1237,39 @@ GNUNET_CRYPTO_rsa_decrypt (const struct GNUNET_CRYPTO_RsaPrivateKey * key, | |||
1237 | 1237 | ||
1238 | 1238 | ||
1239 | /** | 1239 | /** |
1240 | * Convert the data specified in the given purpose argument to an | ||
1241 | * S-expression suitable for signature operations. | ||
1242 | * | ||
1243 | * @param purpose data to convert | ||
1244 | * @return converted s-expression | ||
1245 | */ | ||
1246 | static gcry_sexp_t | ||
1247 | data_to_pkcs1 (const struct GNUNET_CRYPTO_RsaSignaturePurpose *purpose) | ||
1248 | { | ||
1249 | struct GNUNET_HashCode hc; | ||
1250 | size_t bufSize; | ||
1251 | gcry_sexp_t data; | ||
1252 | |||
1253 | GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc); | ||
1254 | #define FORMATSTRING "(4:data(5:flags5:pkcs1)(4:hash6:sha51264:0123456789012345678901234567890123456789012345678901234567890123))" | ||
1255 | bufSize = strlen (FORMATSTRING) + 1; | ||
1256 | { | ||
1257 | char buff[bufSize]; | ||
1258 | |||
1259 | memcpy (buff, FORMATSTRING, bufSize); | ||
1260 | memcpy (&buff | ||
1261 | [bufSize - | ||
1262 | strlen | ||
1263 | ("0123456789012345678901234567890123456789012345678901234567890123))") | ||
1264 | - 1], &hc, sizeof (struct GNUNET_HashCode)); | ||
1265 | GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0)); | ||
1266 | } | ||
1267 | #undef FORMATSTRING | ||
1268 | return data; | ||
1269 | } | ||
1270 | |||
1271 | |||
1272 | /** | ||
1240 | * Sign a given block. | 1273 | * Sign a given block. |
1241 | * | 1274 | * |
1242 | * @param key private key to use for the signing | 1275 | * @param key private key to use for the signing |
@@ -1253,22 +1286,8 @@ GNUNET_CRYPTO_rsa_sign (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
1253 | gcry_sexp_t data; | 1286 | gcry_sexp_t data; |
1254 | size_t ssize; | 1287 | size_t ssize; |
1255 | gcry_mpi_t rval; | 1288 | gcry_mpi_t rval; |
1256 | struct GNUNET_HashCode hc; | ||
1257 | char *buff; | ||
1258 | int bufSize; | ||
1259 | 1289 | ||
1260 | GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc); | 1290 | data = data_to_pkcs1 (purpose); |
1261 | #define FORMATSTRING "(4:data(5:flags5:pkcs1)(4:hash6:sha51264:0123456789012345678901234567890123456789012345678901234567890123))" | ||
1262 | bufSize = strlen (FORMATSTRING) + 1; | ||
1263 | buff = GNUNET_malloc (bufSize); | ||
1264 | memcpy (buff, FORMATSTRING, bufSize); | ||
1265 | memcpy (&buff | ||
1266 | [bufSize - | ||
1267 | strlen | ||
1268 | ("0123456789012345678901234567890123456789012345678901234567890123))") | ||
1269 | - 1], &hc, sizeof (struct GNUNET_HashCode)); | ||
1270 | GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0)); | ||
1271 | GNUNET_free (buff); | ||
1272 | GNUNET_assert (0 == gcry_pk_sign (&result, data, key->sexp)); | 1291 | GNUNET_assert (0 == gcry_pk_sign (&result, data, key->sexp)); |
1273 | gcry_sexp_release (data); | 1292 | gcry_sexp_release (data); |
1274 | GNUNET_assert (0 == key_from_sexp (&rval, result, "rsa", "s")); | 1293 | GNUNET_assert (0 == key_from_sexp (&rval, result, "rsa", "s")); |
@@ -1305,15 +1324,11 @@ GNUNET_CRYPTO_rsa_verify (uint32_t purpose, | |||
1305 | size_t size; | 1324 | size_t size; |
1306 | gcry_mpi_t val; | 1325 | gcry_mpi_t val; |
1307 | gcry_sexp_t psexp; | 1326 | gcry_sexp_t psexp; |
1308 | struct GNUNET_HashCode hc; | ||
1309 | char *buff; | ||
1310 | int bufSize; | ||
1311 | size_t erroff; | 1327 | size_t erroff; |
1312 | int rc; | 1328 | int rc; |
1313 | 1329 | ||
1314 | if (purpose != ntohl (validate->purpose)) | 1330 | if (purpose != ntohl (validate->purpose)) |
1315 | return GNUNET_SYSERR; /* purpose mismatch */ | 1331 | return GNUNET_SYSERR; /* purpose mismatch */ |
1316 | GNUNET_CRYPTO_hash (validate, ntohl (validate->size), &hc); | ||
1317 | size = sizeof (struct GNUNET_CRYPTO_RsaSignature); | 1332 | size = sizeof (struct GNUNET_CRYPTO_RsaSignature); |
1318 | GNUNET_assert (0 == | 1333 | GNUNET_assert (0 == |
1319 | gcry_mpi_scan (&val, GCRYMPI_FMT_USG, | 1334 | gcry_mpi_scan (&val, GCRYMPI_FMT_USG, |
@@ -1322,16 +1337,7 @@ GNUNET_CRYPTO_rsa_verify (uint32_t purpose, | |||
1322 | gcry_sexp_build (&sigdata, &erroff, "(sig-val(rsa(s %m)))", | 1337 | gcry_sexp_build (&sigdata, &erroff, "(sig-val(rsa(s %m)))", |
1323 | val)); | 1338 | val)); |
1324 | gcry_mpi_release (val); | 1339 | gcry_mpi_release (val); |
1325 | bufSize = strlen (FORMATSTRING) + 1; | 1340 | data = data_to_pkcs1 (validate); |
1326 | buff = GNUNET_malloc (bufSize); | ||
1327 | memcpy (buff, FORMATSTRING, bufSize); | ||
1328 | memcpy (&buff | ||
1329 | [strlen (FORMATSTRING) - | ||
1330 | strlen | ||
1331 | ("0123456789012345678901234567890123456789012345678901234567890123))")], | ||
1332 | &hc, sizeof (struct GNUNET_HashCode)); | ||
1333 | GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0)); | ||
1334 | GNUNET_free (buff); | ||
1335 | if (! (psexp = decode_public_key (publicKey))) | 1341 | if (! (psexp = decode_public_key (publicKey))) |
1336 | { | 1342 | { |
1337 | gcry_sexp_release (data); | 1343 | gcry_sexp_release (data); |