aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto_ecc_setup.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/crypto_ecc_setup.c')
-rw-r--r--src/util/crypto_ecc_setup.c431
1 files changed, 431 insertions, 0 deletions
diff --git a/src/util/crypto_ecc_setup.c b/src/util/crypto_ecc_setup.c
new file mode 100644
index 000000000..32e1acee3
--- /dev/null
+++ b/src/util/crypto_ecc_setup.c
@@ -0,0 +1,431 @@
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2012, 2013, 2015 Christian Grothoff (and other contributing authors)
4
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
18 Boston, MA 02111-1307, USA.
19*/
20
21/**
22 * @file util/crypto_ecc_setup.c
23 * @brief helper function for easy EdDSA key setup
24 * @author Christian Grothoff
25 */
26#include "platform.h"
27#include <gcrypt.h>
28#include "gnunet_util_lib.h"
29
30
31/**
32 * Wait for a short time (we're trying to lock a file or want
33 * to give another process a shot at finishing a disk write, etc.).
34 * Sleeps for 100ms (as that should be long enough for virtually all
35 * modern systems to context switch and allow another process to do
36 * some 'real' work).
37 */
38static void
39short_wait ()
40{
41 struct GNUNET_TIME_Relative timeout;
42
43 timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, 100);
44 (void) GNUNET_NETWORK_socket_select (NULL, NULL, NULL, timeout);
45}
46
47
48/**
49 * Create a new private key by reading it from a file. If the
50 * files does not exist, create a new key and write it to the
51 * file. Caller must free return value. Note that this function
52 * can not guarantee that another process might not be trying
53 * the same operation on the same file at the same time.
54 * If the contents of the file
55 * are invalid the old file is deleted and a fresh key is
56 * created.
57 *
58 * @param filename name of file to use to store the key
59 * @return new private key, NULL on error (for example,
60 * permission denied)
61 */
62struct GNUNET_CRYPTO_EddsaPrivateKey *
63GNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename)
64{
65 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
66 struct GNUNET_DISK_FileHandle *fd;
67 unsigned int cnt;
68 int ec;
69 uint64_t fs;
70
71 if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename))
72 return NULL;
73 while (GNUNET_YES != GNUNET_DISK_file_test (filename))
74 {
75 fd = GNUNET_DISK_file_open (filename,
76 GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE
77 | GNUNET_DISK_OPEN_FAILIFEXISTS,
78 GNUNET_DISK_PERM_USER_READ |
79 GNUNET_DISK_PERM_USER_WRITE);
80 if (NULL == fd)
81 {
82 if (EEXIST == errno)
83 {
84 if (GNUNET_YES != GNUNET_DISK_file_test (filename))
85 {
86 /* must exist but not be accessible, fail for good! */
87 if (0 != ACCESS (filename, R_OK))
88 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "access", filename);
89 else
90 GNUNET_break (0); /* what is going on!? */
91 return NULL;
92 }
93 continue;
94 }
95 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
96 return NULL;
97 }
98 cnt = 0;
99 while (GNUNET_YES !=
100 GNUNET_DISK_file_lock (fd, 0,
101 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey),
102 GNUNET_YES))
103 {
104 short_wait ();
105 if (0 == ++cnt % 10)
106 {
107 ec = errno;
108 LOG (GNUNET_ERROR_TYPE_ERROR,
109 _("Could not acquire lock on file `%s': %s...\n"), filename,
110 STRERROR (ec));
111 }
112 }
113 LOG (GNUNET_ERROR_TYPE_INFO,
114 _("Creating a new private key. This may take a while.\n"));
115 priv = GNUNET_CRYPTO_eddsa_key_create ();
116 GNUNET_assert (NULL != priv);
117 GNUNET_assert (sizeof (*priv) ==
118 GNUNET_DISK_file_write (fd, priv, sizeof (*priv)));
119 GNUNET_DISK_file_sync (fd);
120 if (GNUNET_YES !=
121 GNUNET_DISK_file_unlock (fd, 0,
122 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
123 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
124 GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
125 return priv;
126 }
127 /* key file exists already, read it! */
128 fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ,
129 GNUNET_DISK_PERM_NONE);
130 if (NULL == fd)
131 {
132 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
133 return NULL;
134 }
135 cnt = 0;
136 while (1)
137 {
138 if (GNUNET_YES !=
139 GNUNET_DISK_file_lock (fd, 0,
140 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey),
141 GNUNET_NO))
142 {
143 if (0 == ++cnt % 60)
144 {
145 ec = errno;
146 LOG (GNUNET_ERROR_TYPE_ERROR,
147 _("Could not acquire lock on file `%s': %s...\n"), filename,
148 STRERROR (ec));
149 LOG (GNUNET_ERROR_TYPE_ERROR,
150 _
151 ("This may be ok if someone is currently generating a private key.\n"));
152 }
153 short_wait ();
154 continue;
155 }
156 if (GNUNET_YES != GNUNET_DISK_file_test (filename))
157 {
158 /* eh, what!? File we opened is now gone!? */
159 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "stat", filename);
160 if (GNUNET_YES !=
161 GNUNET_DISK_file_unlock (fd, 0,
162 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
163 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
164 GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd));
165
166 return NULL;
167 }
168 if (GNUNET_OK != GNUNET_DISK_file_size (filename, &fs, GNUNET_YES, GNUNET_YES))
169 fs = 0;
170 if (fs < sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey))
171 {
172 /* maybe we got the read lock before the key generating
173 * process had a chance to get the write lock; give it up! */
174 if (GNUNET_YES !=
175 GNUNET_DISK_file_unlock (fd, 0,
176 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
177 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
178 if (0 == ++cnt % 10)
179 {
180 LOG (GNUNET_ERROR_TYPE_ERROR,
181 _("When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
182 filename, (unsigned int) fs,
183 (unsigned int) sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
184 LOG (GNUNET_ERROR_TYPE_ERROR,
185 _("This may be ok if someone is currently generating a key.\n"));
186 }
187 short_wait (); /* wait a bit longer! */
188 continue;
189 }
190 break;
191 }
192 fs = sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey);
193 priv = GNUNET_malloc (fs);
194 GNUNET_assert (fs == GNUNET_DISK_file_read (fd, priv, fs));
195 if (GNUNET_YES !=
196 GNUNET_DISK_file_unlock (fd, 0,
197 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
198 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
199 GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
200 return priv;
201}
202
203
204/**
205 * Create a new private key by reading it from a file. If the
206 * files does not exist, create a new key and write it to the
207 * file. Caller must free return value. Note that this function
208 * can not guarantee that another process might not be trying
209 * the same operation on the same file at the same time.
210 * If the contents of the file
211 * are invalid the old file is deleted and a fresh key is
212 * created.
213 *
214 * @param filename name of file to use to store the key
215 * @return new private key, NULL on error (for example,
216 * permission denied)
217 */
218struct GNUNET_CRYPTO_EcdsaPrivateKey *
219GNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename)
220{
221 struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
222 struct GNUNET_DISK_FileHandle *fd;
223 unsigned int cnt;
224 int ec;
225 uint64_t fs;
226
227 if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename))
228 return NULL;
229 while (GNUNET_YES != GNUNET_DISK_file_test (filename))
230 {
231 fd = GNUNET_DISK_file_open (filename,
232 GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE
233 | GNUNET_DISK_OPEN_FAILIFEXISTS,
234 GNUNET_DISK_PERM_USER_READ |
235 GNUNET_DISK_PERM_USER_WRITE);
236 if (NULL == fd)
237 {
238 if (EEXIST == errno)
239 {
240 if (GNUNET_YES != GNUNET_DISK_file_test (filename))
241 {
242 /* must exist but not be accessible, fail for good! */
243 if (0 != ACCESS (filename, R_OK))
244 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "access", filename);
245 else
246 GNUNET_break (0); /* what is going on!? */
247 return NULL;
248 }
249 continue;
250 }
251 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
252 return NULL;
253 }
254 cnt = 0;
255 while (GNUNET_YES !=
256 GNUNET_DISK_file_lock (fd, 0,
257 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
258 GNUNET_YES))
259 {
260 short_wait ();
261 if (0 == ++cnt % 10)
262 {
263 ec = errno;
264 LOG (GNUNET_ERROR_TYPE_ERROR,
265 _("Could not acquire lock on file `%s': %s...\n"), filename,
266 STRERROR (ec));
267 }
268 }
269 LOG (GNUNET_ERROR_TYPE_INFO,
270 _("Creating a new private key. This may take a while.\n"));
271 priv = GNUNET_CRYPTO_ecdsa_key_create ();
272 GNUNET_assert (NULL != priv);
273 GNUNET_assert (sizeof (*priv) ==
274 GNUNET_DISK_file_write (fd, priv, sizeof (*priv)));
275 GNUNET_DISK_file_sync (fd);
276 if (GNUNET_YES !=
277 GNUNET_DISK_file_unlock (fd, 0,
278 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
279 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
280 GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
281 return priv;
282 }
283 /* key file exists already, read it! */
284 fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ,
285 GNUNET_DISK_PERM_NONE);
286 if (NULL == fd)
287 {
288 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
289 return NULL;
290 }
291 cnt = 0;
292 while (1)
293 {
294 if (GNUNET_YES !=
295 GNUNET_DISK_file_lock (fd, 0,
296 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
297 GNUNET_NO))
298 {
299 if (0 == ++cnt % 60)
300 {
301 ec = errno;
302 LOG (GNUNET_ERROR_TYPE_ERROR,
303 _("Could not acquire lock on file `%s': %s...\n"), filename,
304 STRERROR (ec));
305 LOG (GNUNET_ERROR_TYPE_ERROR,
306 _
307 ("This may be ok if someone is currently generating a private key.\n"));
308 }
309 short_wait ();
310 continue;
311 }
312 if (GNUNET_YES != GNUNET_DISK_file_test (filename))
313 {
314 /* eh, what!? File we opened is now gone!? */
315 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "stat", filename);
316 if (GNUNET_YES !=
317 GNUNET_DISK_file_unlock (fd, 0,
318 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
319 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
320 GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd));
321
322 return NULL;
323 }
324 if (GNUNET_OK != GNUNET_DISK_file_size (filename, &fs, GNUNET_YES, GNUNET_YES))
325 fs = 0;
326 if (fs < sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey))
327 {
328 /* maybe we got the read lock before the key generating
329 * process had a chance to get the write lock; give it up! */
330 if (GNUNET_YES !=
331 GNUNET_DISK_file_unlock (fd, 0,
332 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
333 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
334 if (0 == ++cnt % 10)
335 {
336 LOG (GNUNET_ERROR_TYPE_ERROR,
337 _("When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
338 filename, (unsigned int) fs,
339 (unsigned int) sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
340 LOG (GNUNET_ERROR_TYPE_ERROR,
341 _("This may be ok if someone is currently generating a key.\n"));
342 }
343 short_wait (); /* wait a bit longer! */
344 continue;
345 }
346 break;
347 }
348 fs = sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
349 priv = GNUNET_malloc (fs);
350 GNUNET_assert (fs == GNUNET_DISK_file_read (fd, priv, fs));
351 if (GNUNET_YES !=
352 GNUNET_DISK_file_unlock (fd, 0,
353 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
354 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
355 GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
356 return priv;
357}
358
359
360/**
361 * Create a new private key by reading our peer's key from
362 * the file specified in the configuration.
363 *
364 * @param cfg the configuration to use
365 * @return new private key, NULL on error (for example,
366 * permission denied)
367 */
368struct GNUNET_CRYPTO_EddsaPrivateKey *
369GNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
370{
371 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
372 char *fn;
373
374 if (GNUNET_OK !=
375 GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn))
376 return NULL;
377 priv = GNUNET_CRYPTO_eddsa_key_create_from_file (fn);
378 GNUNET_free (fn);
379 return priv;
380}
381
382
383/**
384 * Retrieve the identity of the host's peer.
385 *
386 * @param cfg configuration to use
387 * @param dst pointer to where to write the peer identity
388 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the identity
389 * could not be retrieved
390 */
391int
392GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
393 struct GNUNET_PeerIdentity *dst)
394{
395 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
396
397 if (NULL == (priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg)))
398 {
399 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
400 _("Could not load peer's private key\n"));
401 return GNUNET_SYSERR;
402 }
403 GNUNET_CRYPTO_eddsa_key_get_public (priv, &dst->public_key);
404 GNUNET_free (priv);
405 return GNUNET_OK;
406}
407
408
409/**
410 * Setup a key file for a peer given the name of the
411 * configuration file (!). This function is used so that
412 * at a later point code can be certain that reading a
413 * key is fast (for example in time-dependent testcases).
414 *
415 * @param cfg_name name of the configuration file to use
416 */
417void
418GNUNET_CRYPTO_eddsa_setup_key (const char *cfg_name)
419{
420 struct GNUNET_CONFIGURATION_Handle *cfg;
421 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
422
423 cfg = GNUNET_CONFIGURATION_create ();
424 (void) GNUNET_CONFIGURATION_load (cfg, cfg_name);
425 priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
426 if (NULL != priv)
427 GNUNET_free (priv);
428 GNUNET_CONFIGURATION_destroy (cfg);
429}
430
431/* end of crypto_ecc_setup.c */