aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto_ksk.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/crypto_ksk.c')
-rw-r--r--src/util/crypto_ksk.c520
1 files changed, 260 insertions, 260 deletions
diff --git a/src/util/crypto_ksk.c b/src/util/crypto_ksk.c
index 7a0b4410a..7c23fc1e0 100644
--- a/src/util/crypto_ksk.c
+++ b/src/util/crypto_ksk.c
@@ -49,12 +49,12 @@
49 49
50typedef struct 50typedef struct
51{ 51{
52 gcry_mpi_t n; /* public modulus */ 52 gcry_mpi_t n; /* public modulus */
53 gcry_mpi_t e; /* public exponent */ 53 gcry_mpi_t e; /* public exponent */
54 gcry_mpi_t d; /* exponent */ 54 gcry_mpi_t d; /* exponent */
55 gcry_mpi_t p; /* prime p. */ 55 gcry_mpi_t p; /* prime p. */
56 gcry_mpi_t q; /* prime q. */ 56 gcry_mpi_t q; /* prime q. */
57 gcry_mpi_t u; /* inverse of p mod q. */ 57 gcry_mpi_t u; /* inverse of p mod q. */
58} KBlock_secret_key; 58} KBlock_secret_key;
59 59
60/** 60/**
@@ -82,23 +82,23 @@ mpz_randomize (gcry_mpi_t n, unsigned int nbits, GNUNET_HashCode * rnd)
82 82
83 tmp = *rnd; 83 tmp = *rnd;
84 for (i = 0; i < cnt; i++) 84 for (i = 0; i < cnt; i++)
85 {
86 int j;
87
88 if (i > 0)
89 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp);
90 for (j = 0; j < sizeof (GNUNET_HashCode) / sizeof (uint32_t); j++)
85 { 91 {
86 int j; 92#if HAVE_GCRY_MPI_LSHIFT
87 93 gcry_mpi_lshift (n, n, sizeof (uint32_t) * 8);
88 if (i > 0)
89 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp);
90 for (j=0;j<sizeof(GNUNET_HashCode) / sizeof(uint32_t); j++)
91 {
92#if HAVE_GCRY_MPI_LSHIFT
93 gcry_mpi_lshift (n, n, sizeof(uint32_t)*8);
94#else 94#else
95 gcry_mpi_mul_ui(n, n, 1 << (sizeof(uint32_t)*4)); 95 gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4));
96 gcry_mpi_mul_ui(n, n, 1 << (sizeof(uint32_t)*4)); 96 gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4));
97#endif 97#endif
98 gcry_mpi_add_ui(n, n, ntohl (((uint32_t *) &tmp)[j])); 98 gcry_mpi_add_ui (n, n, ntohl (((uint32_t *) & tmp)[j]));
99 }
100 hc = tmp;
101 } 99 }
100 hc = tmp;
101 }
102 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd); 102 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd);
103 i = gcry_mpi_get_nbits (n); 103 i = gcry_mpi_get_nbits (n);
104 while (i > nbits) 104 while (i > nbits)
@@ -110,12 +110,12 @@ mpz_trailing_zeroes (gcry_mpi_t n)
110{ 110{
111 unsigned int idx, cnt; 111 unsigned int idx, cnt;
112 112
113 cnt = gcry_mpi_get_nbits(n); 113 cnt = gcry_mpi_get_nbits (n);
114 for (idx = 0; idx < cnt; idx++) 114 for (idx = 0; idx < cnt; idx++)
115 { 115 {
116 if (gcry_mpi_test_bit(n, idx) == 0) 116 if (gcry_mpi_test_bit (n, idx) == 0)
117 return idx; 117 return idx;
118 } 118 }
119 119
120 return ULONG_MAX; 120 return ULONG_MAX;
121} 121}
@@ -154,7 +154,7 @@ is_prime (gcry_mpi_t n, int steps, GNUNET_HashCode * hc)
154 a2 = gcry_mpi_set_ui (NULL, 2); 154 a2 = gcry_mpi_set_ui (NULL, 2);
155 155
156 nbits = gcry_mpi_get_nbits (n); 156 nbits = gcry_mpi_get_nbits (n);
157 gcry_mpi_sub_ui(nminus1, n, 1); 157 gcry_mpi_sub_ui (nminus1, n, 1);
158 158
159 /* Find q and k, so that n = 1 + 2^k * q . */ 159 /* Find q and k, so that n = 1 + 2^k * q . */
160 q = gcry_mpi_set (NULL, nminus1); 160 q = gcry_mpi_set (NULL, nminus1);
@@ -162,30 +162,30 @@ is_prime (gcry_mpi_t n, int steps, GNUNET_HashCode * hc)
162 mpz_tdiv_q_2exp (q, q, k); 162 mpz_tdiv_q_2exp (q, q, k);
163 163
164 for (i = 0; i < steps; i++) 164 for (i = 0; i < steps; i++)
165 {
166 if (!i)
167 {
168 gcry_mpi_set_ui (x, 2);
169 }
170 else
171 {
172 mpz_randomize (x, nbits - 1, hc);
173 GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0);
174 GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0);
175 }
176 gcry_mpi_powm (y, x, q, n);
177 if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1))
165 { 178 {
166 if (!i) 179 for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++)
167 { 180 {
168 gcry_mpi_set_ui (x, 2); 181 gcry_mpi_powm (y, y, a2, n);
169 } 182 if (!gcry_mpi_cmp_ui (y, 1))
170 else 183 goto leave; /* Not a prime. */
171 { 184 }
172 mpz_randomize (x, nbits - 1, hc); 185 if (gcry_mpi_cmp (y, nminus1))
173 GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0); 186 goto leave; /* Not a prime. */
174 GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0);
175 }
176 gcry_mpi_powm (y, x, q, n);
177 if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1))
178 {
179 for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++)
180 {
181 gcry_mpi_powm (y, y, a2, n);
182 if (!gcry_mpi_cmp_ui (y, 1))
183 goto leave; /* Not a prime. */
184 }
185 if (gcry_mpi_cmp (y, nminus1))
186 goto leave; /* Not a prime. */
187 }
188 } 187 }
188 }
189 rc = 1; /* May be a prime. */ 189 rc = 1; /* May be a prime. */
190 190
191leave: 191leave:
@@ -208,18 +208,18 @@ static void
208adjust (unsigned char *buf, size_t size, size_t target) 208adjust (unsigned char *buf, size_t size, size_t target)
209{ 209{
210 if (size < target) 210 if (size < target)
211 { 211 {
212 memmove (&buf[target - size], buf, size); 212 memmove (&buf[target - size], buf, size);
213 memset (buf, 0, target - size); 213 memset (buf, 0, target - size);
214 } 214 }
215} 215}
216 216
217 217
218static void 218static void
219gen_prime (gcry_mpi_t *ptest, unsigned int nbits, GNUNET_HashCode * hc) 219gen_prime (gcry_mpi_t * ptest, unsigned int nbits, GNUNET_HashCode * hc)
220{ 220{
221 /* Note: 2 is not included because it can be tested more easily by 221 /* Note: 2 is not included because it can be tested more easily by
222 looking at bit 0. The last entry in this list is marked by a zero */ 222 * looking at bit 0. The last entry in this list is marked by a zero */
223 static const uint16_t small_prime_numbers[] = { 223 static const uint16_t small_prime_numbers[] = {
224 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 224 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43,
225 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 225 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101,
@@ -317,76 +317,77 @@ gen_prime (gcry_mpi_t *ptest, unsigned int nbits, GNUNET_HashCode * hc)
317 /* Make nbits fit into mpz_t implementation. */ 317 /* Make nbits fit into mpz_t implementation. */
318 val_2 = gcry_mpi_set_ui (NULL, 2); 318 val_2 = gcry_mpi_set_ui (NULL, 2);
319 val_3 = gcry_mpi_set_ui (NULL, 3); 319 val_3 = gcry_mpi_set_ui (NULL, 3);
320 prime = gcry_mpi_snew(0); 320 prime = gcry_mpi_snew (0);
321 result = gcry_mpi_new(0); 321 result = gcry_mpi_new (0);
322 pminus1 = gcry_mpi_new(0); 322 pminus1 = gcry_mpi_new (0);
323 *ptest = gcry_mpi_new(0); 323 *ptest = gcry_mpi_new (0);
324 tmp = gcry_mpi_new (0); 324 tmp = gcry_mpi_new (0);
325 sp = gcry_mpi_new (0); 325 sp = gcry_mpi_new (0);
326 while (1) 326 while (1)
327 {
328 /* generate a random number */
329 mpz_randomize (prime, nbits, hc);
330 /* Set high order bit to 1, set low order bit to 1. If we are
331 * generating a secret prime we are most probably doing that
332 * for RSA, to make sure that the modulus does have the
333 * requested key size we set the 2 high order bits. */
334 gcry_mpi_set_bit (prime, nbits - 1);
335 gcry_mpi_set_bit (prime, nbits - 2);
336 gcry_mpi_set_bit (prime, 0);
337
338 /* Calculate all remainders. */
339 for (i = 0; i < no_of_small_prime_numbers; i++)
340 {
341 size_t written;
342
343 gcry_mpi_set_ui (sp, small_prime_numbers[i]);
344 gcry_mpi_div (NULL, tmp, prime, sp, -1);
345 mods[i] = 0;
346 written = sizeof (unsigned int);
347 GNUNET_assert (0 ==
348 gcry_mpi_print (GCRYMPI_FMT_USG,
349 (unsigned char *) &mods[i], written,
350 &written, tmp));
351 adjust ((unsigned char *) &mods[i], written, sizeof (unsigned int));
352 mods[i] = ntohl (mods[i]);
353 }
354 /* Now try some primes starting with prime. */
355 for (step = 0; step < 20000; step += 2)
327 { 356 {
328 /* generate a random number */ 357 /* Check against all the small primes we have in mods. */
329 mpz_randomize (prime, nbits, hc);
330 /* Set high order bit to 1, set low order bit to 1. If we are
331 generating a secret prime we are most probably doing that
332 for RSA, to make sure that the modulus does have the
333 requested key size we set the 2 high order bits. */
334 gcry_mpi_set_bit (prime, nbits - 1);
335 gcry_mpi_set_bit (prime, nbits - 2);
336 gcry_mpi_set_bit (prime, 0);
337
338 /* Calculate all remainders. */
339 for (i = 0; i < no_of_small_prime_numbers; i++) 358 for (i = 0; i < no_of_small_prime_numbers; i++)
340 { 359 {
341 size_t written; 360 uint16_t x = small_prime_numbers[i];
342 361
343 gcry_mpi_set_ui(sp, small_prime_numbers[i]); 362 while (mods[i] + step >= x)
344 gcry_mpi_div (NULL, tmp, prime, sp, -1); 363 mods[i] -= x;
345 mods[i] = 0; 364 if (!(mods[i] + step))
346 written = sizeof (unsigned int); 365 break;
347 GNUNET_assert (0 == 366 }
348 gcry_mpi_print (GCRYMPI_FMT_USG, 367 if (i < no_of_small_prime_numbers)
349 (unsigned char*) &mods[i], written, &written, 368 continue; /* Found a multiple of an already known prime. */
350 tmp)); 369
351 adjust ( (unsigned char*) &mods[i], written, sizeof (unsigned int)); 370 gcry_mpi_add_ui (*ptest, prime, step);
352 mods[i] = ntohl (mods[i]); 371 if (!gcry_mpi_test_bit (*ptest, nbits - 2))
353 } 372 break;
354 /* Now try some primes starting with prime. */ 373
355 for (step = 0; step < 20000; step += 2) 374 /* Do a fast Fermat test now. */
356 { 375 gcry_mpi_sub_ui (pminus1, *ptest, 1);
357 /* Check against all the small primes we have in mods. */ 376 gcry_mpi_powm (result, val_2, pminus1, *ptest);
358 for (i = 0; i < no_of_small_prime_numbers; i++) 377 if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc)))
359 { 378 {
360 uint16_t x = small_prime_numbers[i]; 379 /* Got it. */
361 while (mods[i] + step >= x) 380 gcry_mpi_release (sp);
362 mods[i] -= x; 381 gcry_mpi_release (tmp);
363 if (!(mods[i] + step)) 382 gcry_mpi_release (val_2);
364 break; 383 gcry_mpi_release (val_3);
365 } 384 gcry_mpi_release (result);
366 if (i < no_of_small_prime_numbers) 385 gcry_mpi_release (pminus1);
367 continue; /* Found a multiple of an already known prime. */ 386 gcry_mpi_release (prime);
368 387 return;
369 gcry_mpi_add_ui (*ptest, prime, step); 388 }
370 if (!gcry_mpi_test_bit (*ptest, nbits - 2))
371 break;
372
373 /* Do a fast Fermat test now. */
374 gcry_mpi_sub_ui (pminus1, *ptest, 1);
375 gcry_mpi_powm (result, val_2, pminus1, *ptest);
376 if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc)))
377 {
378 /* Got it. */
379 gcry_mpi_release (sp);
380 gcry_mpi_release (tmp);
381 gcry_mpi_release (val_2);
382 gcry_mpi_release (val_3);
383 gcry_mpi_release (result);
384 gcry_mpi_release (pminus1);
385 gcry_mpi_release (prime);
386 return;
387 }
388 }
389 } 389 }
390 }
390} 391}
391 392
392/** 393/**
@@ -396,11 +397,11 @@ gen_prime (gcry_mpi_t *ptest, unsigned int nbits, GNUNET_HashCode * hc)
396 * @param hc the HC to use for PRNG (modified!) 397 * @param hc the HC to use for PRNG (modified!)
397 */ 398 */
398static void 399static void
399generate_kblock_key (KBlock_secret_key * sk, 400generate_kblock_key (KBlock_secret_key *sk,
400 unsigned int nbits, GNUNET_HashCode * hc) 401 unsigned int nbits, GNUNET_HashCode * hc)
401{ 402{
402 gcry_mpi_t t1, t2; 403 gcry_mpi_t t1, t2;
403 gcry_mpi_t phi; /* helper: (p-1)(q-1) */ 404 gcry_mpi_t phi; /* helper: (p-1)(q-1) */
404 gcry_mpi_t g; 405 gcry_mpi_t g;
405 gcry_mpi_t f; 406 gcry_mpi_t f;
406 407
@@ -409,47 +410,47 @@ generate_kblock_key (KBlock_secret_key * sk,
409 nbits++; 410 nbits++;
410 411
411 sk->e = gcry_mpi_set_ui (NULL, 257); 412 sk->e = gcry_mpi_set_ui (NULL, 257);
412 sk->n = gcry_mpi_new(0); 413 sk->n = gcry_mpi_new (0);
413 sk->p = gcry_mpi_new(0); 414 sk->p = gcry_mpi_new (0);
414 sk->q = gcry_mpi_new(0); 415 sk->q = gcry_mpi_new (0);
415 sk->d = gcry_mpi_new(0); 416 sk->d = gcry_mpi_new (0);
416 sk->u = gcry_mpi_new(0); 417 sk->u = gcry_mpi_new (0);
417 418
418 t1 = gcry_mpi_new(0); 419 t1 = gcry_mpi_new (0);
419 t2 = gcry_mpi_new(0); 420 t2 = gcry_mpi_new (0);
420 phi = gcry_mpi_new(0); 421 phi = gcry_mpi_new (0);
421 g = gcry_mpi_new(0); 422 g = gcry_mpi_new (0);
422 f = gcry_mpi_new(0); 423 f = gcry_mpi_new (0);
423 424
424 do 425 do
426 {
427 do
425 { 428 {
426 do 429 gcry_mpi_release (sk->p);
427 { 430 gcry_mpi_release (sk->q);
428 gcry_mpi_release (sk->p); 431 gen_prime (&sk->p, nbits / 2, hc);
429 gcry_mpi_release (sk->q); 432 gen_prime (&sk->q, nbits / 2, hc);
430 gen_prime (&sk->p, nbits / 2, hc); 433
431 gen_prime (&sk->q, nbits / 2, hc); 434 if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */
432 435 gcry_mpi_swap (sk->p, sk->q);
433 if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */ 436 /* calculate the modulus */
434 gcry_mpi_swap (sk->p, sk->q); 437 gcry_mpi_mul (sk->n, sk->p, sk->q);
435 /* calculate the modulus */ 438 }
436 gcry_mpi_mul (sk->n, sk->p, sk->q); 439 while (gcry_mpi_get_nbits (sk->n) != nbits);
437 } 440
438 while (gcry_mpi_get_nbits (sk->n) != nbits); 441 /* calculate Euler totient: phi = (p-1)(q-1) */
439 442 gcry_mpi_sub_ui (t1, sk->p, 1);
440 /* calculate Euler totient: phi = (p-1)(q-1) */ 443 gcry_mpi_sub_ui (t2, sk->q, 1);
441 gcry_mpi_sub_ui (t1, sk->p, 1); 444 gcry_mpi_mul (phi, t1, t2);
442 gcry_mpi_sub_ui (t2, sk->q, 1); 445 gcry_mpi_gcd (g, t1, t2);
443 gcry_mpi_mul (phi, t1, t2); 446 gcry_mpi_div (f, NULL, phi, g, 0);
444 gcry_mpi_gcd (g, t1, t2); 447 while (0 == gcry_mpi_gcd (t1, sk->e, phi))
445 gcry_mpi_div (f, NULL, phi, g, 0); 448 { /* (while gcd is not 1) */
446 while (0 == gcry_mpi_gcd (t1, sk->e, phi)) 449 gcry_mpi_add_ui (sk->e, sk->e, 2);
447 { /* (while gcd is not 1) */
448 gcry_mpi_add_ui (sk->e, sk->e, 2);
449 }
450
451 /* calculate the secret key d = e^1 mod phi */
452 } 450 }
451
452 /* calculate the secret key d = e^1 mod phi */
453 }
453 while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) || 454 while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) ||
454 (0 == gcry_mpi_invm (sk->u, sk->p, sk->q))); 455 (0 == gcry_mpi_invm (sk->u, sk->p, sk->q)));
455 456
@@ -499,14 +500,14 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc)
499 500
500 hx = *hc; 501 hx = *hc;
501 generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits 502 generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits
502 -- we simply cannot afford 2048 bits 503 * -- we simply cannot afford 2048 bits
503 even on modern hardware, and especially 504 * even on modern hardware, and especially
504 not since clearly a dictionary attack 505 * not since clearly a dictionary attack
505 will still be much cheaper 506 * will still be much cheaper
506 than breaking a 1024 bit RSA key. 507 * than breaking a 1024 bit RSA key.
507 If an adversary can spend the time to 508 * If an adversary can spend the time to
508 break a 1024 bit RSA key just to forge 509 * break a 1024 bit RSA key just to forge
509 a signature -- SO BE IT. [ CG, 6/2005 ] */ 510 * a signature -- SO BE IT. [ CG, 6/2005 ] */
510 &hx); 511 &hx);
511 pkv[0] = &sk.n; 512 pkv[0] = &sk.n;
512 pkv[1] = &sk.e; 513 pkv[1] = &sk.e;
@@ -516,10 +517,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc)
516 pkv[5] = &sk.u; 517 pkv[5] = &sk.u;
517 size = sizeof (struct KskRsaPrivateKeyBinaryEncoded); 518 size = sizeof (struct KskRsaPrivateKeyBinaryEncoded);
518 for (i = 0; i < 6; i++) 519 for (i = 0; i < 6; i++)
519 { 520 {
520 gcry_mpi_aprint(GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]); 521 gcry_mpi_aprint (GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]);
521 size += sizes[i]; 522 size += sizes[i];
522 } 523 }
523 GNUNET_assert (size < 65536); 524 GNUNET_assert (size < 65536);
524 retval = GNUNET_malloc (size); 525 retval = GNUNET_malloc (size);
525 retval->len = htons (size); 526 retval->len = htons (size);
@@ -544,10 +545,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc)
544 retval->sizedmq1 = htons (0); 545 retval->sizedmq1 = htons (0);
545 memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]); 546 memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]);
546 for (i = 0; i < 6; i++) 547 for (i = 0; i < 6; i++)
547 { 548 {
548 gcry_mpi_release (*pkv[i]); 549 gcry_mpi_release (*pkv[i]);
549 free (pbu[i]); 550 free (pbu[i]);
550 } 551 }
551 return retval; 552 return retval;
552} 553}
553 554
@@ -574,10 +575,10 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding)
574 size, &size); 575 size, &size);
575 pos += ntohs (encoding->sizen); 576 pos += ntohs (encoding->sizen);
576 if (rc) 577 if (rc)
577 { 578 {
578 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 579 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
579 return NULL; 580 return NULL;
580 } 581 }
581 size = ntohs (encoding->sizee); 582 size = ntohs (encoding->sizee);
582 rc = gcry_mpi_scan (&e, 583 rc = gcry_mpi_scan (&e,
583 GCRYMPI_FMT_USG, 584 GCRYMPI_FMT_USG,
@@ -585,11 +586,11 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding)
585 size, &size); 586 size, &size);
586 pos += ntohs (encoding->sizee); 587 pos += ntohs (encoding->sizee);
587 if (rc) 588 if (rc)
588 { 589 {
589 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 590 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
590 gcry_mpi_release (n); 591 gcry_mpi_release (n);
591 return NULL; 592 return NULL;
592 } 593 }
593 size = ntohs (encoding->sized); 594 size = ntohs (encoding->sized);
594 rc = gcry_mpi_scan (&d, 595 rc = gcry_mpi_scan (&d,
595 GCRYMPI_FMT_USG, 596 GCRYMPI_FMT_USG,
@@ -597,101 +598,100 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding)
597 size, &size); 598 size, &size);
598 pos += ntohs (encoding->sized); 599 pos += ntohs (encoding->sized);
599 if (rc) 600 if (rc)
601 {
602 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
603 gcry_mpi_release (n);
604 gcry_mpi_release (e);
605 return NULL;
606 }
607 /* swap p and q! */
608 size = ntohs (encoding->sizep);
609 if (size > 0)
610 {
611 rc = gcry_mpi_scan (&q,
612 GCRYMPI_FMT_USG,
613 &((const unsigned char *) (&encoding[1]))[pos],
614 size, &size);
615 pos += ntohs (encoding->sizep);
616 if (rc)
600 { 617 {
601 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 618 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
602 gcry_mpi_release (n); 619 gcry_mpi_release (n);
603 gcry_mpi_release (e); 620 gcry_mpi_release (e);
621 gcry_mpi_release (d);
604 return NULL; 622 return NULL;
605 } 623 }
606 /* swap p and q! */ 624 }
607 size = ntohs (encoding->sizep);
608 if (size > 0)
609 {
610 rc = gcry_mpi_scan (&q,
611 GCRYMPI_FMT_USG,
612 &((const unsigned char *) (&encoding[1]))[pos],
613 size, &size);
614 pos += ntohs (encoding->sizep);
615 if (rc)
616 {
617 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
618 gcry_mpi_release (n);
619 gcry_mpi_release (e);
620 gcry_mpi_release (d);
621 return NULL;
622 }
623 }
624 else 625 else
625 q = NULL; 626 q = NULL;
626 size = ntohs (encoding->sizeq); 627 size = ntohs (encoding->sizeq);
627 if (size > 0) 628 if (size > 0)
629 {
630 rc = gcry_mpi_scan (&p,
631 GCRYMPI_FMT_USG,
632 &((const unsigned char *) (&encoding[1]))[pos],
633 size, &size);
634 pos += ntohs (encoding->sizeq);
635 if (rc)
628 { 636 {
629 rc = gcry_mpi_scan (&p, 637 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
630 GCRYMPI_FMT_USG, 638 gcry_mpi_release (n);
631 &((const unsigned char *) (&encoding[1]))[pos], 639 gcry_mpi_release (e);
632 size, &size); 640 gcry_mpi_release (d);
633 pos += ntohs (encoding->sizeq); 641 if (q != NULL)
634 if (rc) 642 gcry_mpi_release (q);
635 { 643 return NULL;
636 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
637 gcry_mpi_release (n);
638 gcry_mpi_release (e);
639 gcry_mpi_release (d);
640 if (q != NULL)
641 gcry_mpi_release (q);
642 return NULL;
643 }
644 } 644 }
645 }
645 else 646 else
646 p = NULL; 647 p = NULL;
647 pos += ntohs (encoding->sizedmp1); 648 pos += ntohs (encoding->sizedmp1);
648 pos += ntohs (encoding->sizedmq1); 649 pos += ntohs (encoding->sizedmq1);
649 size = 650 size =
650 ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) - 651 ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) -
651 pos; 652 pos;
652 if (size > 0) 653 if (size > 0)
654 {
655 rc = gcry_mpi_scan (&u,
656 GCRYMPI_FMT_USG,
657 &((const unsigned char *) (&encoding[1]))[pos],
658 size, &size);
659 if (rc)
653 { 660 {
654 rc = gcry_mpi_scan (&u, 661 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
655 GCRYMPI_FMT_USG, 662 gcry_mpi_release (n);
656 &((const unsigned char *) (&encoding[1]))[pos], 663 gcry_mpi_release (e);
657 size, &size); 664 gcry_mpi_release (d);
658 if (rc) 665 if (p != NULL)
659 { 666 gcry_mpi_release (p);
660 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 667 if (q != NULL)
661 gcry_mpi_release (n); 668 gcry_mpi_release (q);
662 gcry_mpi_release (e); 669 return NULL;
663 gcry_mpi_release (d);
664 if (p != NULL)
665 gcry_mpi_release (p);
666 if (q != NULL)
667 gcry_mpi_release (q);
668 return NULL;
669 }
670 } 670 }
671 }
671 else 672 else
672 u = NULL; 673 u = NULL;
673 674
674 if ((p != NULL) && (q != NULL) && (u != NULL)) 675 if ((p != NULL) && (q != NULL) && (u != NULL))
676 {
677 rc = gcry_sexp_build (&res, &size, /* erroff */
678 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))",
679 n, e, d, p, q, u);
680 }
681 else
682 {
683 if ((p != NULL) && (q != NULL))
675 { 684 {
676 rc = gcry_sexp_build (&res, &size, /* erroff */ 685 rc = gcry_sexp_build (&res, &size, /* erroff */
677 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))", 686 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))",
678 n, e, d, p, q, u); 687 n, e, d, p, q);
679 } 688 }
680 else 689 else
681 { 690 {
682 if ((p != NULL) && (q != NULL)) 691 rc = gcry_sexp_build (&res, &size, /* erroff */
683 { 692 "(private-key(rsa(n %m)(e %m)(d %m)))", n, e, d);
684 rc = gcry_sexp_build (&res, &size, /* erroff */
685 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))",
686 n, e, d, p, q);
687 }
688 else
689 {
690 rc = gcry_sexp_build (&res, &size, /* erroff */
691 "(private-key(rsa(n %m)(e %m)(d %m)))",
692 n, e, d);
693 }
694 } 693 }
694 }
695 gcry_mpi_release (n); 695 gcry_mpi_release (n);
696 gcry_mpi_release (e); 696 gcry_mpi_release (e);
697 gcry_mpi_release (d); 697 gcry_mpi_release (d);
@@ -706,10 +706,10 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding)
706 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); 706 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
707#if EXTRA_CHECKS 707#if EXTRA_CHECKS
708 if (gcry_pk_testkey (res)) 708 if (gcry_pk_testkey (res))
709 { 709 {
710 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); 710 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
711 return NULL; 711 return NULL;
712 } 712 }
713#endif 713#endif
714 ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); 714 ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey));
715 ret->sexp = res; 715 ret->sexp = res;
@@ -739,13 +739,13 @@ GNUNET_CRYPTO_rsa_key_create_from_hash (const GNUNET_HashCode * hc)
739 unsigned int i; 739 unsigned int i;
740 740
741 for (i = 0; i < cacheSize; i++) 741 for (i = 0; i < cacheSize; i++)
742 {
743 if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode)))
742 { 744 {
743 if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode))) 745 ret = ksk_decode_key (cache[i]->pke);
744 { 746 return ret;
745 ret = ksk_decode_key (cache[i]->pke);
746 return ret;
747 }
748 } 747 }
748 }
749 749
750 line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine)); 750 line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine));
751 line->hc = *hc; 751 line->hc = *hc;
@@ -761,10 +761,10 @@ void __attribute__ ((destructor)) GNUNET_CRYPTO_ksk_fini ()
761 unsigned int i; 761 unsigned int i;
762 762
763 for (i = 0; i < cacheSize; i++) 763 for (i = 0; i < cacheSize; i++)
764 { 764 {
765 GNUNET_free (cache[i]->pke); 765 GNUNET_free (cache[i]->pke);
766 GNUNET_free (cache[i]); 766 GNUNET_free (cache[i]);
767 } 767 }
768 GNUNET_array_grow (cache, cacheSize, 0); 768 GNUNET_array_grow (cache, cacheSize, 0);
769} 769}
770 770
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-26 21:37:13 +0000