1 files changed, 47 insertions, 19 deletions
diff --git a/src/fs/fs_pseudonym.c b/src/fs/fs_pseudonym.c
index 32164fa11..49a084199 100644
--- a/src/fs/fs_pseudonym.c
+++ b/src/fs/fs_pseudonym.c
@@ -1,10 +1,10 @@
 /*
     This file is part of GNUnet
-     (C) 2003, 2004, 2005, 2006, 2007, 2008, 2013 Christian Grothoff (and other contributing authors)
+     (C) 2003-2013 Christian Grothoff (and other contributing authors)
     GNUnet is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published
-     by the Free Software Foundation; either version 2, or (at your
+     by the Free Software Foundation; either version 3, or (at your
     option) any later version.
     GNUnet is distributed in the hope that it will be useful, but
@@ -1042,30 +1042,48 @@ GNUNET_FS_pseudonym_destroy (struct GNUNET_FS_PseudonymHandle *ph)
 * S-expression suitable for signature operations.
 *
 * @param purpose data to convert
+ * @param rfc6979 GNUNET_YES if we are to use deterministic ECDSA
 * @return converted s-expression
 */
 static gcry_sexp_t
-data_to_pkcs1 (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose)
+data_to_pkcs1 (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose,
+               int rfc6979)
 {
  struct GNUNET_CRYPTO_ShortHashCode hc;
  size_t bufSize;
  gcry_sexp_t data;
+  const char *fmt;
+  int rc;
  GNUNET_CRYPTO_short_hash (purpose, ntohl (purpose->size), &hc);
-#define FORMATSTRING "(4:data(5:flags3:raw)(5:value32:01234567890123456789012345678901))"
+  if (rfc6979)
-  bufSize = strlen (FORMATSTRING) + 1;
+  {
+    if (0 != (rc = gcry_sexp_build (&data, NULL,
+                                    "(data(flags rfc6979)(hash %s %b))",
+                                    "sha256",
+                                    sizeof (hc),
+                                    &hc)))
+    {
+      LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
+      return NULL;
+    }
+  }
+  else
  {
-    char buff[bufSize];
+    fmt = "(data(flags raw)(5:value32:01234567890123456789012345678901))";
+    bufSize = strlen (fmt) + 1;
-    memcpy (buff, FORMATSTRING, bufSize);
+    {
-    memcpy (&buff
+      char buff[bufSize];
-            [bufSize -
+      
-             strlen
+      memcpy (buff, fmt, bufSize);
-             ("01234567890123456789012345678901))")
+      memcpy (&buff
-             - 1], &hc, sizeof (struct GNUNET_CRYPTO_ShortHashCode));
+              [bufSize -
-    GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
+               strlen
+               ("01234567890123456789012345678901))")
+               - 1], &hc, sizeof (struct GNUNET_CRYPTO_ShortHashCode));
+      GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
+    }
  }
-#undef FORMATSTRING
  return data;
 }
@@ -1159,8 +1177,12 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph,
  }
  gcry_mpi_release (dh);
  /* prepare data for signing */
-  data = data_to_pkcs1 (purpose);
+  data = data_to_pkcs1 (purpose, NULL != seed);
-  
+  if (NULL == data)
+  {
+    gcry_sexp_release (spriv);
+    return GNUNET_SYSERR;
+  }
  /* get 'k' value from seed, if available */
  if (NULL != seed)
  {
@@ -1170,6 +1192,8 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph,
                                  size, &size)))
    {
      LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
+      gcry_sexp_release (spriv);
+      gcry_sexp_release (data);
      return GNUNET_SYSERR;
    }
  }
@@ -1461,8 +1485,12 @@ GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *pu
  /* build s-expression for data that was signed */
-  data = data_to_pkcs1 (purpose);
+  data = data_to_pkcs1 (purpose, GNUNET_NO);
+  if (NULL == data)
+  {
+    gcry_sexp_release (sig_sexpr);
+    return GNUNET_SYSERR;
+  }
  /* create context of public key and initialize Q */
  size = sizeof (verification_key->q_x);
  if (0 != (rc = gcry_mpi_scan (&q_x, GCRYMPI_FMT_USG,

diff --git a/src/fs/fs_pseudonym.c b/src/fs/fs_pseudonym.c index 32164fa11..49a084199 100644 --- a/src/fs/fs_pseudonym.c +++ b/src/fs/fs_pseudonym.c
@@ -1,10 +1,10 @@
1	/*	1	/*
2	This file is part of GNUnet	2	This file is part of GNUnet
3	(C) 2003, 2004, 2005, 2006, 2007, 2008, 2013 Christian Grothoff (and other contributing authors)	3	(C) 2003-2013 Christian Grothoff (and other contributing authors)
4		4
5	GNUnet is free software; you can redistribute it and/or modify	5	GNUnet is free software; you can redistribute it and/or modify
6	it under the terms of the GNU General Public License as published	6	it under the terms of the GNU General Public License as published
7	by the Free Software Foundation; either version 2, or (at your	7	by the Free Software Foundation; either version 3, or (at your
8	option) any later version.	8	option) any later version.
9		9
10	GNUnet is distributed in the hope that it will be useful, but	10	GNUnet is distributed in the hope that it will be useful, but
@@ -1042,30 +1042,48 @@ GNUNET_FS_pseudonym_destroy (struct GNUNET_FS_PseudonymHandle *ph)
1042	* S-expression suitable for signature operations.	1042	* S-expression suitable for signature operations.
1043	*	1043	*
1044	* @param purpose data to convert	1044	* @param purpose data to convert
		1045	* @param rfc6979 GNUNET_YES if we are to use deterministic ECDSA
1045	* @return converted s-expression	1046	* @return converted s-expression
1046	*/	1047	*/
1047	static gcry_sexp_t	1048	static gcry_sexp_t
1048	data_to_pkcs1 (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose)	1049	data_to_pkcs1 (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose,
		1050	int rfc6979)
1049	{	1051	{
1050	struct GNUNET_CRYPTO_ShortHashCode hc;	1052	struct GNUNET_CRYPTO_ShortHashCode hc;
1051	size_t bufSize;	1053	size_t bufSize;
1052	gcry_sexp_t data;	1054	gcry_sexp_t data;
		1055	const char *fmt;
		1056	int rc;
1053		1057
1054	GNUNET_CRYPTO_short_hash (purpose, ntohl (purpose->size), &hc);	1058	GNUNET_CRYPTO_short_hash (purpose, ntohl (purpose->size), &hc);
1055	#define FORMATSTRING "(4:data(5:flags3:raw)(5:value32:01234567890123456789012345678901))"	1059	if (rfc6979)
1056	bufSize = strlen (FORMATSTRING) + 1;	1060	{
		1061	if (0 != (rc = gcry_sexp_build (&data, NULL,
		1062	"(data(flags rfc6979)(hash %s %b))",
		1063	"sha256",
		1064	sizeof (hc),
		1065	&hc)))
		1066	{
		1067	LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
		1068	return NULL;
		1069	}
		1070	}
		1071	else
1057	{	1072	{
1058	char buff[bufSize];	1073	fmt = "(data(flags raw)(5:value32:01234567890123456789012345678901))";
1059		1074	bufSize = strlen (fmt) + 1;
1060	memcpy (buff, FORMATSTRING, bufSize);	1075	{
1061	memcpy (&buff	1076	char buff[bufSize];
1062	[bufSize -	1077
1063	strlen	1078	memcpy (buff, fmt, bufSize);
1064	("01234567890123456789012345678901))")	1079	memcpy (&buff
1065	- 1], &hc, sizeof (struct GNUNET_CRYPTO_ShortHashCode));	1080	[bufSize -
1066	GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));	1081	strlen
		1082	("01234567890123456789012345678901))")
		1083	- 1], &hc, sizeof (struct GNUNET_CRYPTO_ShortHashCode));
		1084	GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
		1085	}
1067	}	1086	}
1068	#undef FORMATSTRING
1069	return data;	1087	return data;
1070	}	1088	}
1071		1089
@@ -1159,8 +1177,12 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph,
1159	}	1177	}
1160	gcry_mpi_release (dh);	1178	gcry_mpi_release (dh);
1161	/* prepare data for signing */	1179	/* prepare data for signing */
1162	data = data_to_pkcs1 (purpose);	1180	data = data_to_pkcs1 (purpose, NULL != seed);
1163		1181	if (NULL == data)
		1182	{
		1183	gcry_sexp_release (spriv);
		1184	return GNUNET_SYSERR;
		1185	}
1164	/* get 'k' value from seed, if available */	1186	/* get 'k' value from seed, if available */
1165	if (NULL != seed)	1187	if (NULL != seed)
1166	{	1188	{
@@ -1170,6 +1192,8 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph,
1170	size, &size)))	1192	size, &size)))
1171	{	1193	{
1172	LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);	1194	LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
		1195	gcry_sexp_release (spriv);
		1196	gcry_sexp_release (data);
1173	return GNUNET_SYSERR;	1197	return GNUNET_SYSERR;
1174	}	1198	}
1175	}	1199	}
@@ -1461,8 +1485,12 @@ GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *pu
1461		1485
1462		1486
1463	/* build s-expression for data that was signed */	1487	/* build s-expression for data that was signed */
1464	data = data_to_pkcs1 (purpose);	1488	data = data_to_pkcs1 (purpose, GNUNET_NO);
1465		1489	if (NULL == data)
		1490	{
		1491	gcry_sexp_release (sig_sexpr);
		1492	return GNUNET_SYSERR;
		1493	}
1466	/* create context of public key and initialize Q */	1494	/* create context of public key and initialize Q */
1467	size = sizeof (verification_key->q_x);	1495	size = sizeof (verification_key->q_x);
1468	if (0 != (rc = gcry_mpi_scan (&q_x, GCRYMPI_FMT_USG,	1496	if (0 != (rc = gcry_mpi_scan (&q_x, GCRYMPI_FMT_USG,