1 files changed, 19 insertions, 110 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 88806a8dd..95d157eb1 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -386,14 +386,28 @@ ecc_key_create ()
  struct GNUNET_CRYPTO_EccPrivateKey *ret;
  gcry_sexp_t s_key;
  gcry_sexp_t s_keyparam;
+  int rc;
-  GNUNET_assert (0 ==
+  if (0 != (rc = gcry_sexp_build (&s_keyparam, NULL,
-                 gcry_sexp_build (&s_keyparam, NULL,
+                                  "(genkey(ecdsa(curve 10:NIST P-521)))")))
-                                  "(genkey(ecc(curve \"" CURVE "\")))"));
+  {
-  GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam));
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
+    return NULL;
+  }
+  if (0 != (rc = gcry_pk_genkey (&s_key, s_keyparam)))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
+    gcry_sexp_release (s_keyparam);
+    return NULL;
+  }
  gcry_sexp_release (s_keyparam);
 #if EXTRA_CHECKS
-  GNUNET_assert (0 == gcry_pk_testkey (s_key));
+  if (0 != (rc = gcry_pk_testkey (s_key)))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
+    gcry_sexp_release (s_key);
+    return NULL;
+  }
 #endif
  ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey));
  ret->sexp = s_key;
@@ -927,111 +941,6 @@ GNUNET_CRYPTO_ecc_setup_hostkey (const char *cfg_name)
 /**
- * Encrypt a block with the public key of another host that uses the
- * same cipher.
- *
- * @param block the block to encrypt
- * @param size the size of block
- * @param publicKey the encoded public key used to encrypt
- * @param target where to store the encrypted block
- * @returns GNUNET_SYSERR on error, GNUNET_OK if ok
- */
-int
-GNUNET_CRYPTO_ecc_encrypt (const void *block, size_t size,
-                           const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
-                           *publicKey,
-                           struct GNUNET_CRYPTO_EccEncryptedData *target)
-{
-  gcry_sexp_t result;
-  gcry_sexp_t data;
-  gcry_sexp_t psexp;
-  gcry_mpi_t val;
-  size_t isize;
-  size_t erroff;
-  GNUNET_assert (size <= sizeof (struct GNUNET_HashCode));
-  if (! (psexp = decode_public_key (publicKey)))
-    return GNUNET_SYSERR;
-  isize = size;
-  GNUNET_assert (0 ==
-                 gcry_mpi_scan (&val, GCRYMPI_FMT_USG, block, isize, &isize));
-  GNUNET_assert (0 ==
-                 gcry_sexp_build (&data, &erroff,
-                                  "(data (flags pkcs1)(value %m))", val));
-  gcry_mpi_release (val);
-  GNUNET_assert (0 == gcry_pk_encrypt (&result, data, psexp));
-  gcry_sexp_release (data);
-  gcry_sexp_release (psexp);
-  isize = gcry_sexp_sprint (result, 
-                            GCRYSEXP_FMT_DEFAULT,
-                            target->encoding,
-                            GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH);
-  if (0 == isize)
-  {
-    GNUNET_break (0);
-    return GNUNET_SYSERR;
-  }
-  target->size = htons ((uint16_t) (isize + sizeof (uint16_t)));
-  /* padd with zeros */
-  memset (&target->encoding[isize], 0, GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH - isize);
-  return GNUNET_OK;
-}
-/**
- * Decrypt a given block with the hostkey.
- *
- * @param key the key with which to decrypt this block
- * @param block the data to decrypt, encoded as returned by encrypt
- * @param result pointer to a location where the result can be stored
- * @param max the maximum number of bits to store for the result, if
- *        the decrypted block is bigger, an error is returned
- * @return the size of the decrypted block, -1 on error
- */
-ssize_t
-GNUNET_CRYPTO_ecc_decrypt (const struct GNUNET_CRYPTO_EccPrivateKey *key,
-                           const struct GNUNET_CRYPTO_EccEncryptedData *block,
-                           void *result, size_t max)
-{
-  gcry_sexp_t resultsexp;
-  gcry_sexp_t data;
-  size_t erroff;
-  size_t size;
-  gcry_mpi_t val;
-  unsigned char *endp;
-#if EXTRA_CHECKS
-  GNUNET_assert (0 == gcry_pk_testkey (key->sexp));
-#endif
-  size = ntohs (block->size);
-  if (size < sizeof (uint16_t))
-    return -1;
-  GNUNET_assert (0 ==
-                 gcry_sexp_sscan (&data,
-                                  &erroff,
-                                  block->encoding, size - sizeof (uint16_t)));
-  GNUNET_assert (0 == gcry_pk_decrypt (&resultsexp, data, key->sexp));
-  gcry_sexp_release (data);
-  /* resultsexp has format "(value %m)" */
-  GNUNET_assert (NULL !=
-                 (val = gcry_sexp_nth_mpi (resultsexp, 1, GCRYMPI_FMT_USG)));
-  gcry_sexp_release (resultsexp);
-  size = max + GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH * 2;
-  {
-    unsigned char tmp[size];
-    GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, tmp, size, &size, val));
-    gcry_mpi_release (val);
-    endp = tmp;
-    endp += (size - max);
-    size = max;
-    memcpy (result, endp, size);
-  }
-  return size;
-}
-/**
 * Convert the data specified in the given purpose argument to an
 * S-expression suitable for signature operations.
 *

diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 88806a8dd..95d157eb1 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c
@@ -386,14 +386,28 @@ ecc_key_create ()
386	struct GNUNET_CRYPTO_EccPrivateKey *ret;	386	struct GNUNET_CRYPTO_EccPrivateKey *ret;
387	gcry_sexp_t s_key;	387	gcry_sexp_t s_key;
388	gcry_sexp_t s_keyparam;	388	gcry_sexp_t s_keyparam;
		389	int rc;
389		390
390	GNUNET_assert (0 ==	391	if (0 != (rc = gcry_sexp_build (&s_keyparam, NULL,
391	gcry_sexp_build (&s_keyparam, NULL,	392	"(genkey(ecdsa(curve 10:NIST P-521)))")))
392	"(genkey(ecc(curve \"" CURVE "\")))"));	393	{
393	GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam));	394	LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
		395	return NULL;
		396	}
		397	if (0 != (rc = gcry_pk_genkey (&s_key, s_keyparam)))
		398	{
		399	LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
		400	gcry_sexp_release (s_keyparam);
		401	return NULL;
		402	}
394	gcry_sexp_release (s_keyparam);	403	gcry_sexp_release (s_keyparam);
395	#if EXTRA_CHECKS	404	#if EXTRA_CHECKS
396	GNUNET_assert (0 == gcry_pk_testkey (s_key));	405	if (0 != (rc = gcry_pk_testkey (s_key)))
		406	{
		407	LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
		408	gcry_sexp_release (s_key);
		409	return NULL;
		410	}
397	#endif	411	#endif
398	ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey));	412	ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey));
399	ret->sexp = s_key;	413	ret->sexp = s_key;
@@ -927,111 +941,6 @@ GNUNET_CRYPTO_ecc_setup_hostkey (const char *cfg_name)
927		941
928		942
929	/**	943	/**
930	* Encrypt a block with the public key of another host that uses the
931	* same cipher.
932	*
933	* @param block the block to encrypt
934	* @param size the size of block
935	* @param publicKey the encoded public key used to encrypt
936	* @param target where to store the encrypted block
937	* @returns GNUNET_SYSERR on error, GNUNET_OK if ok
938	*/
939	int
940	GNUNET_CRYPTO_ecc_encrypt (const void *block, size_t size,
941	const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded
942	*publicKey,
943	struct GNUNET_CRYPTO_EccEncryptedData *target)
944	{
945	gcry_sexp_t result;
946	gcry_sexp_t data;
947	gcry_sexp_t psexp;
948	gcry_mpi_t val;
949	size_t isize;
950	size_t erroff;
951
952	GNUNET_assert (size <= sizeof (struct GNUNET_HashCode));
953	if (! (psexp = decode_public_key (publicKey)))
954	return GNUNET_SYSERR;
955	isize = size;
956	GNUNET_assert (0 ==
957	gcry_mpi_scan (&val, GCRYMPI_FMT_USG, block, isize, &isize));
958	GNUNET_assert (0 ==
959	gcry_sexp_build (&data, &erroff,
960	"(data (flags pkcs1)(value %m))", val));
961	gcry_mpi_release (val);
962	GNUNET_assert (0 == gcry_pk_encrypt (&result, data, psexp));
963	gcry_sexp_release (data);
964	gcry_sexp_release (psexp);
965	isize = gcry_sexp_sprint (result,
966	GCRYSEXP_FMT_DEFAULT,
967	target->encoding,
968	GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH);
969	if (0 == isize)
970	{
971	GNUNET_break (0);
972	return GNUNET_SYSERR;
973	}
974	target->size = htons ((uint16_t) (isize + sizeof (uint16_t)));
975	/* padd with zeros */
976	memset (&target->encoding[isize], 0, GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH - isize);
977	return GNUNET_OK;
978	}
979
980
981	/**
982	* Decrypt a given block with the hostkey.
983	*
984	* @param key the key with which to decrypt this block
985	* @param block the data to decrypt, encoded as returned by encrypt
986	* @param result pointer to a location where the result can be stored
987	* @param max the maximum number of bits to store for the result, if
988	* the decrypted block is bigger, an error is returned
989	* @return the size of the decrypted block, -1 on error
990	*/
991	ssize_t
992	GNUNET_CRYPTO_ecc_decrypt (const struct GNUNET_CRYPTO_EccPrivateKey *key,
993	const struct GNUNET_CRYPTO_EccEncryptedData *block,
994	void *result, size_t max)
995	{
996	gcry_sexp_t resultsexp;
997	gcry_sexp_t data;
998	size_t erroff;
999	size_t size;
1000	gcry_mpi_t val;
1001	unsigned char *endp;
1002
1003	#if EXTRA_CHECKS
1004	GNUNET_assert (0 == gcry_pk_testkey (key->sexp));
1005	#endif
1006	size = ntohs (block->size);
1007	if (size < sizeof (uint16_t))
1008	return -1;
1009	GNUNET_assert (0 ==
1010	gcry_sexp_sscan (&data,
1011	&erroff,
1012	block->encoding, size - sizeof (uint16_t)));
1013	GNUNET_assert (0 == gcry_pk_decrypt (&resultsexp, data, key->sexp));
1014	gcry_sexp_release (data);
1015	/* resultsexp has format "(value %m)" */
1016	GNUNET_assert (NULL !=
1017	(val = gcry_sexp_nth_mpi (resultsexp, 1, GCRYMPI_FMT_USG)));
1018	gcry_sexp_release (resultsexp);
1019	size = max + GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH * 2;
1020	{
1021	unsigned char tmp[size];
1022
1023	GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, tmp, size, &size, val));
1024	gcry_mpi_release (val);
1025	endp = tmp;
1026	endp += (size - max);
1027	size = max;
1028	memcpy (result, endp, size);
1029	}
1030	return size;
1031	}
1032
1033
1034	/**
1035	* Convert the data specified in the given purpose argument to an	944	* Convert the data specified in the given purpose argument to an
1036	* S-expression suitable for signature operations.	945	* S-expression suitable for signature operations.
1037	*	946	*