diff options
Diffstat (limited to 'src/util/crypto_ksk.c')
-rw-r--r-- | src/util/crypto_ksk.c | 520 |
1 files changed, 260 insertions, 260 deletions
diff --git a/src/util/crypto_ksk.c b/src/util/crypto_ksk.c index 7a0b4410a..7c23fc1e0 100644 --- a/src/util/crypto_ksk.c +++ b/src/util/crypto_ksk.c | |||
@@ -49,12 +49,12 @@ | |||
49 | 49 | ||
50 | typedef struct | 50 | typedef struct |
51 | { | 51 | { |
52 | gcry_mpi_t n; /* public modulus */ | 52 | gcry_mpi_t n; /* public modulus */ |
53 | gcry_mpi_t e; /* public exponent */ | 53 | gcry_mpi_t e; /* public exponent */ |
54 | gcry_mpi_t d; /* exponent */ | 54 | gcry_mpi_t d; /* exponent */ |
55 | gcry_mpi_t p; /* prime p. */ | 55 | gcry_mpi_t p; /* prime p. */ |
56 | gcry_mpi_t q; /* prime q. */ | 56 | gcry_mpi_t q; /* prime q. */ |
57 | gcry_mpi_t u; /* inverse of p mod q. */ | 57 | gcry_mpi_t u; /* inverse of p mod q. */ |
58 | } KBlock_secret_key; | 58 | } KBlock_secret_key; |
59 | 59 | ||
60 | /** | 60 | /** |
@@ -82,23 +82,23 @@ mpz_randomize (gcry_mpi_t n, unsigned int nbits, GNUNET_HashCode * rnd) | |||
82 | 82 | ||
83 | tmp = *rnd; | 83 | tmp = *rnd; |
84 | for (i = 0; i < cnt; i++) | 84 | for (i = 0; i < cnt; i++) |
85 | { | ||
86 | int j; | ||
87 | |||
88 | if (i > 0) | ||
89 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp); | ||
90 | for (j = 0; j < sizeof (GNUNET_HashCode) / sizeof (uint32_t); j++) | ||
85 | { | 91 | { |
86 | int j; | 92 | #if HAVE_GCRY_MPI_LSHIFT |
87 | 93 | gcry_mpi_lshift (n, n, sizeof (uint32_t) * 8); | |
88 | if (i > 0) | ||
89 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp); | ||
90 | for (j=0;j<sizeof(GNUNET_HashCode) / sizeof(uint32_t); j++) | ||
91 | { | ||
92 | #if HAVE_GCRY_MPI_LSHIFT | ||
93 | gcry_mpi_lshift (n, n, sizeof(uint32_t)*8); | ||
94 | #else | 94 | #else |
95 | gcry_mpi_mul_ui(n, n, 1 << (sizeof(uint32_t)*4)); | 95 | gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); |
96 | gcry_mpi_mul_ui(n, n, 1 << (sizeof(uint32_t)*4)); | 96 | gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); |
97 | #endif | 97 | #endif |
98 | gcry_mpi_add_ui(n, n, ntohl (((uint32_t *) &tmp)[j])); | 98 | gcry_mpi_add_ui (n, n, ntohl (((uint32_t *) & tmp)[j])); |
99 | } | ||
100 | hc = tmp; | ||
101 | } | 99 | } |
100 | hc = tmp; | ||
101 | } | ||
102 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd); | 102 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd); |
103 | i = gcry_mpi_get_nbits (n); | 103 | i = gcry_mpi_get_nbits (n); |
104 | while (i > nbits) | 104 | while (i > nbits) |
@@ -110,12 +110,12 @@ mpz_trailing_zeroes (gcry_mpi_t n) | |||
110 | { | 110 | { |
111 | unsigned int idx, cnt; | 111 | unsigned int idx, cnt; |
112 | 112 | ||
113 | cnt = gcry_mpi_get_nbits(n); | 113 | cnt = gcry_mpi_get_nbits (n); |
114 | for (idx = 0; idx < cnt; idx++) | 114 | for (idx = 0; idx < cnt; idx++) |
115 | { | 115 | { |
116 | if (gcry_mpi_test_bit(n, idx) == 0) | 116 | if (gcry_mpi_test_bit (n, idx) == 0) |
117 | return idx; | 117 | return idx; |
118 | } | 118 | } |
119 | 119 | ||
120 | return ULONG_MAX; | 120 | return ULONG_MAX; |
121 | } | 121 | } |
@@ -154,7 +154,7 @@ is_prime (gcry_mpi_t n, int steps, GNUNET_HashCode * hc) | |||
154 | a2 = gcry_mpi_set_ui (NULL, 2); | 154 | a2 = gcry_mpi_set_ui (NULL, 2); |
155 | 155 | ||
156 | nbits = gcry_mpi_get_nbits (n); | 156 | nbits = gcry_mpi_get_nbits (n); |
157 | gcry_mpi_sub_ui(nminus1, n, 1); | 157 | gcry_mpi_sub_ui (nminus1, n, 1); |
158 | 158 | ||
159 | /* Find q and k, so that n = 1 + 2^k * q . */ | 159 | /* Find q and k, so that n = 1 + 2^k * q . */ |
160 | q = gcry_mpi_set (NULL, nminus1); | 160 | q = gcry_mpi_set (NULL, nminus1); |
@@ -162,30 +162,30 @@ is_prime (gcry_mpi_t n, int steps, GNUNET_HashCode * hc) | |||
162 | mpz_tdiv_q_2exp (q, q, k); | 162 | mpz_tdiv_q_2exp (q, q, k); |
163 | 163 | ||
164 | for (i = 0; i < steps; i++) | 164 | for (i = 0; i < steps; i++) |
165 | { | ||
166 | if (!i) | ||
167 | { | ||
168 | gcry_mpi_set_ui (x, 2); | ||
169 | } | ||
170 | else | ||
171 | { | ||
172 | mpz_randomize (x, nbits - 1, hc); | ||
173 | GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0); | ||
174 | GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0); | ||
175 | } | ||
176 | gcry_mpi_powm (y, x, q, n); | ||
177 | if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1)) | ||
165 | { | 178 | { |
166 | if (!i) | 179 | for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++) |
167 | { | 180 | { |
168 | gcry_mpi_set_ui (x, 2); | 181 | gcry_mpi_powm (y, y, a2, n); |
169 | } | 182 | if (!gcry_mpi_cmp_ui (y, 1)) |
170 | else | 183 | goto leave; /* Not a prime. */ |
171 | { | 184 | } |
172 | mpz_randomize (x, nbits - 1, hc); | 185 | if (gcry_mpi_cmp (y, nminus1)) |
173 | GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0); | 186 | goto leave; /* Not a prime. */ |
174 | GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0); | ||
175 | } | ||
176 | gcry_mpi_powm (y, x, q, n); | ||
177 | if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1)) | ||
178 | { | ||
179 | for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++) | ||
180 | { | ||
181 | gcry_mpi_powm (y, y, a2, n); | ||
182 | if (!gcry_mpi_cmp_ui (y, 1)) | ||
183 | goto leave; /* Not a prime. */ | ||
184 | } | ||
185 | if (gcry_mpi_cmp (y, nminus1)) | ||
186 | goto leave; /* Not a prime. */ | ||
187 | } | ||
188 | } | 187 | } |
188 | } | ||
189 | rc = 1; /* May be a prime. */ | 189 | rc = 1; /* May be a prime. */ |
190 | 190 | ||
191 | leave: | 191 | leave: |
@@ -208,18 +208,18 @@ static void | |||
208 | adjust (unsigned char *buf, size_t size, size_t target) | 208 | adjust (unsigned char *buf, size_t size, size_t target) |
209 | { | 209 | { |
210 | if (size < target) | 210 | if (size < target) |
211 | { | 211 | { |
212 | memmove (&buf[target - size], buf, size); | 212 | memmove (&buf[target - size], buf, size); |
213 | memset (buf, 0, target - size); | 213 | memset (buf, 0, target - size); |
214 | } | 214 | } |
215 | } | 215 | } |
216 | 216 | ||
217 | 217 | ||
218 | static void | 218 | static void |
219 | gen_prime (gcry_mpi_t *ptest, unsigned int nbits, GNUNET_HashCode * hc) | 219 | gen_prime (gcry_mpi_t * ptest, unsigned int nbits, GNUNET_HashCode * hc) |
220 | { | 220 | { |
221 | /* Note: 2 is not included because it can be tested more easily by | 221 | /* Note: 2 is not included because it can be tested more easily by |
222 | looking at bit 0. The last entry in this list is marked by a zero */ | 222 | * looking at bit 0. The last entry in this list is marked by a zero */ |
223 | static const uint16_t small_prime_numbers[] = { | 223 | static const uint16_t small_prime_numbers[] = { |
224 | 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, | 224 | 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, |
225 | 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, | 225 | 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, |
@@ -317,76 +317,77 @@ gen_prime (gcry_mpi_t *ptest, unsigned int nbits, GNUNET_HashCode * hc) | |||
317 | /* Make nbits fit into mpz_t implementation. */ | 317 | /* Make nbits fit into mpz_t implementation. */ |
318 | val_2 = gcry_mpi_set_ui (NULL, 2); | 318 | val_2 = gcry_mpi_set_ui (NULL, 2); |
319 | val_3 = gcry_mpi_set_ui (NULL, 3); | 319 | val_3 = gcry_mpi_set_ui (NULL, 3); |
320 | prime = gcry_mpi_snew(0); | 320 | prime = gcry_mpi_snew (0); |
321 | result = gcry_mpi_new(0); | 321 | result = gcry_mpi_new (0); |
322 | pminus1 = gcry_mpi_new(0); | 322 | pminus1 = gcry_mpi_new (0); |
323 | *ptest = gcry_mpi_new(0); | 323 | *ptest = gcry_mpi_new (0); |
324 | tmp = gcry_mpi_new (0); | 324 | tmp = gcry_mpi_new (0); |
325 | sp = gcry_mpi_new (0); | 325 | sp = gcry_mpi_new (0); |
326 | while (1) | 326 | while (1) |
327 | { | ||
328 | /* generate a random number */ | ||
329 | mpz_randomize (prime, nbits, hc); | ||
330 | /* Set high order bit to 1, set low order bit to 1. If we are | ||
331 | * generating a secret prime we are most probably doing that | ||
332 | * for RSA, to make sure that the modulus does have the | ||
333 | * requested key size we set the 2 high order bits. */ | ||
334 | gcry_mpi_set_bit (prime, nbits - 1); | ||
335 | gcry_mpi_set_bit (prime, nbits - 2); | ||
336 | gcry_mpi_set_bit (prime, 0); | ||
337 | |||
338 | /* Calculate all remainders. */ | ||
339 | for (i = 0; i < no_of_small_prime_numbers; i++) | ||
340 | { | ||
341 | size_t written; | ||
342 | |||
343 | gcry_mpi_set_ui (sp, small_prime_numbers[i]); | ||
344 | gcry_mpi_div (NULL, tmp, prime, sp, -1); | ||
345 | mods[i] = 0; | ||
346 | written = sizeof (unsigned int); | ||
347 | GNUNET_assert (0 == | ||
348 | gcry_mpi_print (GCRYMPI_FMT_USG, | ||
349 | (unsigned char *) &mods[i], written, | ||
350 | &written, tmp)); | ||
351 | adjust ((unsigned char *) &mods[i], written, sizeof (unsigned int)); | ||
352 | mods[i] = ntohl (mods[i]); | ||
353 | } | ||
354 | /* Now try some primes starting with prime. */ | ||
355 | for (step = 0; step < 20000; step += 2) | ||
327 | { | 356 | { |
328 | /* generate a random number */ | 357 | /* Check against all the small primes we have in mods. */ |
329 | mpz_randomize (prime, nbits, hc); | ||
330 | /* Set high order bit to 1, set low order bit to 1. If we are | ||
331 | generating a secret prime we are most probably doing that | ||
332 | for RSA, to make sure that the modulus does have the | ||
333 | requested key size we set the 2 high order bits. */ | ||
334 | gcry_mpi_set_bit (prime, nbits - 1); | ||
335 | gcry_mpi_set_bit (prime, nbits - 2); | ||
336 | gcry_mpi_set_bit (prime, 0); | ||
337 | |||
338 | /* Calculate all remainders. */ | ||
339 | for (i = 0; i < no_of_small_prime_numbers; i++) | 358 | for (i = 0; i < no_of_small_prime_numbers; i++) |
340 | { | 359 | { |
341 | size_t written; | 360 | uint16_t x = small_prime_numbers[i]; |
342 | 361 | ||
343 | gcry_mpi_set_ui(sp, small_prime_numbers[i]); | 362 | while (mods[i] + step >= x) |
344 | gcry_mpi_div (NULL, tmp, prime, sp, -1); | 363 | mods[i] -= x; |
345 | mods[i] = 0; | 364 | if (!(mods[i] + step)) |
346 | written = sizeof (unsigned int); | 365 | break; |
347 | GNUNET_assert (0 == | 366 | } |
348 | gcry_mpi_print (GCRYMPI_FMT_USG, | 367 | if (i < no_of_small_prime_numbers) |
349 | (unsigned char*) &mods[i], written, &written, | 368 | continue; /* Found a multiple of an already known prime. */ |
350 | tmp)); | 369 | |
351 | adjust ( (unsigned char*) &mods[i], written, sizeof (unsigned int)); | 370 | gcry_mpi_add_ui (*ptest, prime, step); |
352 | mods[i] = ntohl (mods[i]); | 371 | if (!gcry_mpi_test_bit (*ptest, nbits - 2)) |
353 | } | 372 | break; |
354 | /* Now try some primes starting with prime. */ | 373 | |
355 | for (step = 0; step < 20000; step += 2) | 374 | /* Do a fast Fermat test now. */ |
356 | { | 375 | gcry_mpi_sub_ui (pminus1, *ptest, 1); |
357 | /* Check against all the small primes we have in mods. */ | 376 | gcry_mpi_powm (result, val_2, pminus1, *ptest); |
358 | for (i = 0; i < no_of_small_prime_numbers; i++) | 377 | if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc))) |
359 | { | 378 | { |
360 | uint16_t x = small_prime_numbers[i]; | 379 | /* Got it. */ |
361 | while (mods[i] + step >= x) | 380 | gcry_mpi_release (sp); |
362 | mods[i] -= x; | 381 | gcry_mpi_release (tmp); |
363 | if (!(mods[i] + step)) | 382 | gcry_mpi_release (val_2); |
364 | break; | 383 | gcry_mpi_release (val_3); |
365 | } | 384 | gcry_mpi_release (result); |
366 | if (i < no_of_small_prime_numbers) | 385 | gcry_mpi_release (pminus1); |
367 | continue; /* Found a multiple of an already known prime. */ | 386 | gcry_mpi_release (prime); |
368 | 387 | return; | |
369 | gcry_mpi_add_ui (*ptest, prime, step); | 388 | } |
370 | if (!gcry_mpi_test_bit (*ptest, nbits - 2)) | ||
371 | break; | ||
372 | |||
373 | /* Do a fast Fermat test now. */ | ||
374 | gcry_mpi_sub_ui (pminus1, *ptest, 1); | ||
375 | gcry_mpi_powm (result, val_2, pminus1, *ptest); | ||
376 | if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc))) | ||
377 | { | ||
378 | /* Got it. */ | ||
379 | gcry_mpi_release (sp); | ||
380 | gcry_mpi_release (tmp); | ||
381 | gcry_mpi_release (val_2); | ||
382 | gcry_mpi_release (val_3); | ||
383 | gcry_mpi_release (result); | ||
384 | gcry_mpi_release (pminus1); | ||
385 | gcry_mpi_release (prime); | ||
386 | return; | ||
387 | } | ||
388 | } | ||
389 | } | 389 | } |
390 | } | ||
390 | } | 391 | } |
391 | 392 | ||
392 | /** | 393 | /** |
@@ -396,11 +397,11 @@ gen_prime (gcry_mpi_t *ptest, unsigned int nbits, GNUNET_HashCode * hc) | |||
396 | * @param hc the HC to use for PRNG (modified!) | 397 | * @param hc the HC to use for PRNG (modified!) |
397 | */ | 398 | */ |
398 | static void | 399 | static void |
399 | generate_kblock_key (KBlock_secret_key * sk, | 400 | generate_kblock_key (KBlock_secret_key *sk, |
400 | unsigned int nbits, GNUNET_HashCode * hc) | 401 | unsigned int nbits, GNUNET_HashCode * hc) |
401 | { | 402 | { |
402 | gcry_mpi_t t1, t2; | 403 | gcry_mpi_t t1, t2; |
403 | gcry_mpi_t phi; /* helper: (p-1)(q-1) */ | 404 | gcry_mpi_t phi; /* helper: (p-1)(q-1) */ |
404 | gcry_mpi_t g; | 405 | gcry_mpi_t g; |
405 | gcry_mpi_t f; | 406 | gcry_mpi_t f; |
406 | 407 | ||
@@ -409,47 +410,47 @@ generate_kblock_key (KBlock_secret_key * sk, | |||
409 | nbits++; | 410 | nbits++; |
410 | 411 | ||
411 | sk->e = gcry_mpi_set_ui (NULL, 257); | 412 | sk->e = gcry_mpi_set_ui (NULL, 257); |
412 | sk->n = gcry_mpi_new(0); | 413 | sk->n = gcry_mpi_new (0); |
413 | sk->p = gcry_mpi_new(0); | 414 | sk->p = gcry_mpi_new (0); |
414 | sk->q = gcry_mpi_new(0); | 415 | sk->q = gcry_mpi_new (0); |
415 | sk->d = gcry_mpi_new(0); | 416 | sk->d = gcry_mpi_new (0); |
416 | sk->u = gcry_mpi_new(0); | 417 | sk->u = gcry_mpi_new (0); |
417 | 418 | ||
418 | t1 = gcry_mpi_new(0); | 419 | t1 = gcry_mpi_new (0); |
419 | t2 = gcry_mpi_new(0); | 420 | t2 = gcry_mpi_new (0); |
420 | phi = gcry_mpi_new(0); | 421 | phi = gcry_mpi_new (0); |
421 | g = gcry_mpi_new(0); | 422 | g = gcry_mpi_new (0); |
422 | f = gcry_mpi_new(0); | 423 | f = gcry_mpi_new (0); |
423 | 424 | ||
424 | do | 425 | do |
426 | { | ||
427 | do | ||
425 | { | 428 | { |
426 | do | 429 | gcry_mpi_release (sk->p); |
427 | { | 430 | gcry_mpi_release (sk->q); |
428 | gcry_mpi_release (sk->p); | 431 | gen_prime (&sk->p, nbits / 2, hc); |
429 | gcry_mpi_release (sk->q); | 432 | gen_prime (&sk->q, nbits / 2, hc); |
430 | gen_prime (&sk->p, nbits / 2, hc); | 433 | |
431 | gen_prime (&sk->q, nbits / 2, hc); | 434 | if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */ |
432 | 435 | gcry_mpi_swap (sk->p, sk->q); | |
433 | if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */ | 436 | /* calculate the modulus */ |
434 | gcry_mpi_swap (sk->p, sk->q); | 437 | gcry_mpi_mul (sk->n, sk->p, sk->q); |
435 | /* calculate the modulus */ | 438 | } |
436 | gcry_mpi_mul (sk->n, sk->p, sk->q); | 439 | while (gcry_mpi_get_nbits (sk->n) != nbits); |
437 | } | 440 | |
438 | while (gcry_mpi_get_nbits (sk->n) != nbits); | 441 | /* calculate Euler totient: phi = (p-1)(q-1) */ |
439 | 442 | gcry_mpi_sub_ui (t1, sk->p, 1); | |
440 | /* calculate Euler totient: phi = (p-1)(q-1) */ | 443 | gcry_mpi_sub_ui (t2, sk->q, 1); |
441 | gcry_mpi_sub_ui (t1, sk->p, 1); | 444 | gcry_mpi_mul (phi, t1, t2); |
442 | gcry_mpi_sub_ui (t2, sk->q, 1); | 445 | gcry_mpi_gcd (g, t1, t2); |
443 | gcry_mpi_mul (phi, t1, t2); | 446 | gcry_mpi_div (f, NULL, phi, g, 0); |
444 | gcry_mpi_gcd (g, t1, t2); | 447 | while (0 == gcry_mpi_gcd (t1, sk->e, phi)) |
445 | gcry_mpi_div (f, NULL, phi, g, 0); | 448 | { /* (while gcd is not 1) */ |
446 | while (0 == gcry_mpi_gcd (t1, sk->e, phi)) | 449 | gcry_mpi_add_ui (sk->e, sk->e, 2); |
447 | { /* (while gcd is not 1) */ | ||
448 | gcry_mpi_add_ui (sk->e, sk->e, 2); | ||
449 | } | ||
450 | |||
451 | /* calculate the secret key d = e^1 mod phi */ | ||
452 | } | 450 | } |
451 | |||
452 | /* calculate the secret key d = e^1 mod phi */ | ||
453 | } | ||
453 | while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) || | 454 | while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) || |
454 | (0 == gcry_mpi_invm (sk->u, sk->p, sk->q))); | 455 | (0 == gcry_mpi_invm (sk->u, sk->p, sk->q))); |
455 | 456 | ||
@@ -499,14 +500,14 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc) | |||
499 | 500 | ||
500 | hx = *hc; | 501 | hx = *hc; |
501 | generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits | 502 | generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits |
502 | -- we simply cannot afford 2048 bits | 503 | * -- we simply cannot afford 2048 bits |
503 | even on modern hardware, and especially | 504 | * even on modern hardware, and especially |
504 | not since clearly a dictionary attack | 505 | * not since clearly a dictionary attack |
505 | will still be much cheaper | 506 | * will still be much cheaper |
506 | than breaking a 1024 bit RSA key. | 507 | * than breaking a 1024 bit RSA key. |
507 | If an adversary can spend the time to | 508 | * If an adversary can spend the time to |
508 | break a 1024 bit RSA key just to forge | 509 | * break a 1024 bit RSA key just to forge |
509 | a signature -- SO BE IT. [ CG, 6/2005 ] */ | 510 | * a signature -- SO BE IT. [ CG, 6/2005 ] */ |
510 | &hx); | 511 | &hx); |
511 | pkv[0] = &sk.n; | 512 | pkv[0] = &sk.n; |
512 | pkv[1] = &sk.e; | 513 | pkv[1] = &sk.e; |
@@ -516,10 +517,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc) | |||
516 | pkv[5] = &sk.u; | 517 | pkv[5] = &sk.u; |
517 | size = sizeof (struct KskRsaPrivateKeyBinaryEncoded); | 518 | size = sizeof (struct KskRsaPrivateKeyBinaryEncoded); |
518 | for (i = 0; i < 6; i++) | 519 | for (i = 0; i < 6; i++) |
519 | { | 520 | { |
520 | gcry_mpi_aprint(GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]); | 521 | gcry_mpi_aprint (GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]); |
521 | size += sizes[i]; | 522 | size += sizes[i]; |
522 | } | 523 | } |
523 | GNUNET_assert (size < 65536); | 524 | GNUNET_assert (size < 65536); |
524 | retval = GNUNET_malloc (size); | 525 | retval = GNUNET_malloc (size); |
525 | retval->len = htons (size); | 526 | retval->len = htons (size); |
@@ -544,10 +545,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc) | |||
544 | retval->sizedmq1 = htons (0); | 545 | retval->sizedmq1 = htons (0); |
545 | memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]); | 546 | memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]); |
546 | for (i = 0; i < 6; i++) | 547 | for (i = 0; i < 6; i++) |
547 | { | 548 | { |
548 | gcry_mpi_release (*pkv[i]); | 549 | gcry_mpi_release (*pkv[i]); |
549 | free (pbu[i]); | 550 | free (pbu[i]); |
550 | } | 551 | } |
551 | return retval; | 552 | return retval; |
552 | } | 553 | } |
553 | 554 | ||
@@ -574,10 +575,10 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding) | |||
574 | size, &size); | 575 | size, &size); |
575 | pos += ntohs (encoding->sizen); | 576 | pos += ntohs (encoding->sizen); |
576 | if (rc) | 577 | if (rc) |
577 | { | 578 | { |
578 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 579 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
579 | return NULL; | 580 | return NULL; |
580 | } | 581 | } |
581 | size = ntohs (encoding->sizee); | 582 | size = ntohs (encoding->sizee); |
582 | rc = gcry_mpi_scan (&e, | 583 | rc = gcry_mpi_scan (&e, |
583 | GCRYMPI_FMT_USG, | 584 | GCRYMPI_FMT_USG, |
@@ -585,11 +586,11 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding) | |||
585 | size, &size); | 586 | size, &size); |
586 | pos += ntohs (encoding->sizee); | 587 | pos += ntohs (encoding->sizee); |
587 | if (rc) | 588 | if (rc) |
588 | { | 589 | { |
589 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 590 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
590 | gcry_mpi_release (n); | 591 | gcry_mpi_release (n); |
591 | return NULL; | 592 | return NULL; |
592 | } | 593 | } |
593 | size = ntohs (encoding->sized); | 594 | size = ntohs (encoding->sized); |
594 | rc = gcry_mpi_scan (&d, | 595 | rc = gcry_mpi_scan (&d, |
595 | GCRYMPI_FMT_USG, | 596 | GCRYMPI_FMT_USG, |
@@ -597,101 +598,100 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding) | |||
597 | size, &size); | 598 | size, &size); |
598 | pos += ntohs (encoding->sized); | 599 | pos += ntohs (encoding->sized); |
599 | if (rc) | 600 | if (rc) |
601 | { | ||
602 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
603 | gcry_mpi_release (n); | ||
604 | gcry_mpi_release (e); | ||
605 | return NULL; | ||
606 | } | ||
607 | /* swap p and q! */ | ||
608 | size = ntohs (encoding->sizep); | ||
609 | if (size > 0) | ||
610 | { | ||
611 | rc = gcry_mpi_scan (&q, | ||
612 | GCRYMPI_FMT_USG, | ||
613 | &((const unsigned char *) (&encoding[1]))[pos], | ||
614 | size, &size); | ||
615 | pos += ntohs (encoding->sizep); | ||
616 | if (rc) | ||
600 | { | 617 | { |
601 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 618 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
602 | gcry_mpi_release (n); | 619 | gcry_mpi_release (n); |
603 | gcry_mpi_release (e); | 620 | gcry_mpi_release (e); |
621 | gcry_mpi_release (d); | ||
604 | return NULL; | 622 | return NULL; |
605 | } | 623 | } |
606 | /* swap p and q! */ | 624 | } |
607 | size = ntohs (encoding->sizep); | ||
608 | if (size > 0) | ||
609 | { | ||
610 | rc = gcry_mpi_scan (&q, | ||
611 | GCRYMPI_FMT_USG, | ||
612 | &((const unsigned char *) (&encoding[1]))[pos], | ||
613 | size, &size); | ||
614 | pos += ntohs (encoding->sizep); | ||
615 | if (rc) | ||
616 | { | ||
617 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
618 | gcry_mpi_release (n); | ||
619 | gcry_mpi_release (e); | ||
620 | gcry_mpi_release (d); | ||
621 | return NULL; | ||
622 | } | ||
623 | } | ||
624 | else | 625 | else |
625 | q = NULL; | 626 | q = NULL; |
626 | size = ntohs (encoding->sizeq); | 627 | size = ntohs (encoding->sizeq); |
627 | if (size > 0) | 628 | if (size > 0) |
629 | { | ||
630 | rc = gcry_mpi_scan (&p, | ||
631 | GCRYMPI_FMT_USG, | ||
632 | &((const unsigned char *) (&encoding[1]))[pos], | ||
633 | size, &size); | ||
634 | pos += ntohs (encoding->sizeq); | ||
635 | if (rc) | ||
628 | { | 636 | { |
629 | rc = gcry_mpi_scan (&p, | 637 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
630 | GCRYMPI_FMT_USG, | 638 | gcry_mpi_release (n); |
631 | &((const unsigned char *) (&encoding[1]))[pos], | 639 | gcry_mpi_release (e); |
632 | size, &size); | 640 | gcry_mpi_release (d); |
633 | pos += ntohs (encoding->sizeq); | 641 | if (q != NULL) |
634 | if (rc) | 642 | gcry_mpi_release (q); |
635 | { | 643 | return NULL; |
636 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
637 | gcry_mpi_release (n); | ||
638 | gcry_mpi_release (e); | ||
639 | gcry_mpi_release (d); | ||
640 | if (q != NULL) | ||
641 | gcry_mpi_release (q); | ||
642 | return NULL; | ||
643 | } | ||
644 | } | 644 | } |
645 | } | ||
645 | else | 646 | else |
646 | p = NULL; | 647 | p = NULL; |
647 | pos += ntohs (encoding->sizedmp1); | 648 | pos += ntohs (encoding->sizedmp1); |
648 | pos += ntohs (encoding->sizedmq1); | 649 | pos += ntohs (encoding->sizedmq1); |
649 | size = | 650 | size = |
650 | ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) - | 651 | ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) - |
651 | pos; | 652 | pos; |
652 | if (size > 0) | 653 | if (size > 0) |
654 | { | ||
655 | rc = gcry_mpi_scan (&u, | ||
656 | GCRYMPI_FMT_USG, | ||
657 | &((const unsigned char *) (&encoding[1]))[pos], | ||
658 | size, &size); | ||
659 | if (rc) | ||
653 | { | 660 | { |
654 | rc = gcry_mpi_scan (&u, | 661 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
655 | GCRYMPI_FMT_USG, | 662 | gcry_mpi_release (n); |
656 | &((const unsigned char *) (&encoding[1]))[pos], | 663 | gcry_mpi_release (e); |
657 | size, &size); | 664 | gcry_mpi_release (d); |
658 | if (rc) | 665 | if (p != NULL) |
659 | { | 666 | gcry_mpi_release (p); |
660 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 667 | if (q != NULL) |
661 | gcry_mpi_release (n); | 668 | gcry_mpi_release (q); |
662 | gcry_mpi_release (e); | 669 | return NULL; |
663 | gcry_mpi_release (d); | ||
664 | if (p != NULL) | ||
665 | gcry_mpi_release (p); | ||
666 | if (q != NULL) | ||
667 | gcry_mpi_release (q); | ||
668 | return NULL; | ||
669 | } | ||
670 | } | 670 | } |
671 | } | ||
671 | else | 672 | else |
672 | u = NULL; | 673 | u = NULL; |
673 | 674 | ||
674 | if ((p != NULL) && (q != NULL) && (u != NULL)) | 675 | if ((p != NULL) && (q != NULL) && (u != NULL)) |
676 | { | ||
677 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
678 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))", | ||
679 | n, e, d, p, q, u); | ||
680 | } | ||
681 | else | ||
682 | { | ||
683 | if ((p != NULL) && (q != NULL)) | ||
675 | { | 684 | { |
676 | rc = gcry_sexp_build (&res, &size, /* erroff */ | 685 | rc = gcry_sexp_build (&res, &size, /* erroff */ |
677 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))", | 686 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))", |
678 | n, e, d, p, q, u); | 687 | n, e, d, p, q); |
679 | } | 688 | } |
680 | else | 689 | else |
681 | { | 690 | { |
682 | if ((p != NULL) && (q != NULL)) | 691 | rc = gcry_sexp_build (&res, &size, /* erroff */ |
683 | { | 692 | "(private-key(rsa(n %m)(e %m)(d %m)))", n, e, d); |
684 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
685 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))", | ||
686 | n, e, d, p, q); | ||
687 | } | ||
688 | else | ||
689 | { | ||
690 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
691 | "(private-key(rsa(n %m)(e %m)(d %m)))", | ||
692 | n, e, d); | ||
693 | } | ||
694 | } | 693 | } |
694 | } | ||
695 | gcry_mpi_release (n); | 695 | gcry_mpi_release (n); |
696 | gcry_mpi_release (e); | 696 | gcry_mpi_release (e); |
697 | gcry_mpi_release (d); | 697 | gcry_mpi_release (d); |
@@ -706,10 +706,10 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding) | |||
706 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | 706 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); |
707 | #if EXTRA_CHECKS | 707 | #if EXTRA_CHECKS |
708 | if (gcry_pk_testkey (res)) | 708 | if (gcry_pk_testkey (res)) |
709 | { | 709 | { |
710 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); | 710 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); |
711 | return NULL; | 711 | return NULL; |
712 | } | 712 | } |
713 | #endif | 713 | #endif |
714 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); | 714 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); |
715 | ret->sexp = res; | 715 | ret->sexp = res; |
@@ -739,13 +739,13 @@ GNUNET_CRYPTO_rsa_key_create_from_hash (const GNUNET_HashCode * hc) | |||
739 | unsigned int i; | 739 | unsigned int i; |
740 | 740 | ||
741 | for (i = 0; i < cacheSize; i++) | 741 | for (i = 0; i < cacheSize; i++) |
742 | { | ||
743 | if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode))) | ||
742 | { | 744 | { |
743 | if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode))) | 745 | ret = ksk_decode_key (cache[i]->pke); |
744 | { | 746 | return ret; |
745 | ret = ksk_decode_key (cache[i]->pke); | ||
746 | return ret; | ||
747 | } | ||
748 | } | 747 | } |
748 | } | ||
749 | 749 | ||
750 | line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine)); | 750 | line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine)); |
751 | line->hc = *hc; | 751 | line->hc = *hc; |
@@ -761,10 +761,10 @@ void __attribute__ ((destructor)) GNUNET_CRYPTO_ksk_fini () | |||
761 | unsigned int i; | 761 | unsigned int i; |
762 | 762 | ||
763 | for (i = 0; i < cacheSize; i++) | 763 | for (i = 0; i < cacheSize; i++) |
764 | { | 764 | { |
765 | GNUNET_free (cache[i]->pke); | 765 | GNUNET_free (cache[i]->pke); |
766 | GNUNET_free (cache[i]); | 766 | GNUNET_free (cache[i]); |
767 | } | 767 | } |
768 | GNUNET_array_grow (cache, cacheSize, 0); | 768 | GNUNET_array_grow (cache, cacheSize, 0); |
769 | } | 769 | } |
770 | 770 | ||