diff options
Diffstat (limited to 'src/util/crypto_ksk.c')
-rw-r--r-- | src/util/crypto_ksk.c | 513 |
1 files changed, 256 insertions, 257 deletions
diff --git a/src/util/crypto_ksk.c b/src/util/crypto_ksk.c index 3d40ce27b..60639a709 100644 --- a/src/util/crypto_ksk.c +++ b/src/util/crypto_ksk.c | |||
@@ -51,12 +51,12 @@ | |||
51 | 51 | ||
52 | typedef struct | 52 | typedef struct |
53 | { | 53 | { |
54 | gcry_mpi_t n; /* public modulus */ | 54 | gcry_mpi_t n; /* public modulus */ |
55 | gcry_mpi_t e; /* public exponent */ | 55 | gcry_mpi_t e; /* public exponent */ |
56 | gcry_mpi_t d; /* exponent */ | 56 | gcry_mpi_t d; /* exponent */ |
57 | gcry_mpi_t p; /* prime p. */ | 57 | gcry_mpi_t p; /* prime p. */ |
58 | gcry_mpi_t q; /* prime q. */ | 58 | gcry_mpi_t q; /* prime q. */ |
59 | gcry_mpi_t u; /* inverse of p mod q. */ | 59 | gcry_mpi_t u; /* inverse of p mod q. */ |
60 | } KBlock_secret_key; | 60 | } KBlock_secret_key; |
61 | 61 | ||
62 | /** | 62 | /** |
@@ -84,23 +84,23 @@ mpz_randomize (gcry_mpi_t n, unsigned int nbits, GNUNET_HashCode * rnd) | |||
84 | 84 | ||
85 | tmp = *rnd; | 85 | tmp = *rnd; |
86 | for (i = 0; i < cnt; i++) | 86 | for (i = 0; i < cnt; i++) |
87 | { | 87 | { |
88 | int j; | 88 | int j; |
89 | 89 | ||
90 | if (i > 0) | 90 | if (i > 0) |
91 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp); | 91 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp); |
92 | for (j = 0; j < sizeof (GNUNET_HashCode) / sizeof (uint32_t); j++) | 92 | for (j = 0; j < sizeof (GNUNET_HashCode) / sizeof (uint32_t); j++) |
93 | { | 93 | { |
94 | #if HAVE_GCRY_MPI_LSHIFT | 94 | #if HAVE_GCRY_MPI_LSHIFT |
95 | gcry_mpi_lshift (n, n, sizeof (uint32_t) * 8); | 95 | gcry_mpi_lshift (n, n, sizeof (uint32_t) * 8); |
96 | #else | 96 | #else |
97 | gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); | 97 | gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); |
98 | gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); | 98 | gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); |
99 | #endif | 99 | #endif |
100 | gcry_mpi_add_ui (n, n, ntohl (((uint32_t *) & tmp)[j])); | 100 | gcry_mpi_add_ui (n, n, ntohl (((uint32_t *) & tmp)[j])); |
101 | } | ||
102 | hc = tmp; | ||
103 | } | 101 | } |
102 | hc = tmp; | ||
103 | } | ||
104 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd); | 104 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd); |
105 | i = gcry_mpi_get_nbits (n); | 105 | i = gcry_mpi_get_nbits (n); |
106 | while (i > nbits) | 106 | while (i > nbits) |
@@ -114,10 +114,10 @@ mpz_trailing_zeroes (gcry_mpi_t n) | |||
114 | 114 | ||
115 | cnt = gcry_mpi_get_nbits (n); | 115 | cnt = gcry_mpi_get_nbits (n); |
116 | for (idx = 0; idx < cnt; idx++) | 116 | for (idx = 0; idx < cnt; idx++) |
117 | { | 117 | { |
118 | if (gcry_mpi_test_bit (n, idx) == 0) | 118 | if (gcry_mpi_test_bit (n, idx) == 0) |
119 | return idx; | 119 | return idx; |
120 | } | 120 | } |
121 | 121 | ||
122 | return ULONG_MAX; | 122 | return ULONG_MAX; |
123 | } | 123 | } |
@@ -164,31 +164,31 @@ is_prime (gcry_mpi_t n, int steps, GNUNET_HashCode * hc) | |||
164 | mpz_tdiv_q_2exp (q, q, k); | 164 | mpz_tdiv_q_2exp (q, q, k); |
165 | 165 | ||
166 | for (i = 0; i < steps; i++) | 166 | for (i = 0; i < steps; i++) |
167 | { | ||
168 | if (!i) | ||
167 | { | 169 | { |
168 | if (!i) | 170 | gcry_mpi_set_ui (x, 2); |
169 | { | ||
170 | gcry_mpi_set_ui (x, 2); | ||
171 | } | ||
172 | else | ||
173 | { | ||
174 | mpz_randomize (x, nbits - 1, hc); | ||
175 | GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0); | ||
176 | GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0); | ||
177 | } | ||
178 | gcry_mpi_powm (y, x, q, n); | ||
179 | if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1)) | ||
180 | { | ||
181 | for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++) | ||
182 | { | ||
183 | gcry_mpi_powm (y, y, a2, n); | ||
184 | if (!gcry_mpi_cmp_ui (y, 1)) | ||
185 | goto leave; /* Not a prime. */ | ||
186 | } | ||
187 | if (gcry_mpi_cmp (y, nminus1)) | ||
188 | goto leave; /* Not a prime. */ | ||
189 | } | ||
190 | } | 171 | } |
191 | rc = 1; /* May be a prime. */ | 172 | else |
173 | { | ||
174 | mpz_randomize (x, nbits - 1, hc); | ||
175 | GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0); | ||
176 | GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0); | ||
177 | } | ||
178 | gcry_mpi_powm (y, x, q, n); | ||
179 | if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1)) | ||
180 | { | ||
181 | for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++) | ||
182 | { | ||
183 | gcry_mpi_powm (y, y, a2, n); | ||
184 | if (!gcry_mpi_cmp_ui (y, 1)) | ||
185 | goto leave; /* Not a prime. */ | ||
186 | } | ||
187 | if (gcry_mpi_cmp (y, nminus1)) | ||
188 | goto leave; /* Not a prime. */ | ||
189 | } | ||
190 | } | ||
191 | rc = 1; /* May be a prime. */ | ||
192 | 192 | ||
193 | leave: | 193 | leave: |
194 | gcry_mpi_release (x); | 194 | gcry_mpi_release (x); |
@@ -210,10 +210,10 @@ static void | |||
210 | adjust (unsigned char *buf, size_t size, size_t target) | 210 | adjust (unsigned char *buf, size_t size, size_t target) |
211 | { | 211 | { |
212 | if (size < target) | 212 | if (size < target) |
213 | { | 213 | { |
214 | memmove (&buf[target - size], buf, size); | 214 | memmove (&buf[target - size], buf, size); |
215 | memset (buf, 0, target - size); | 215 | memset (buf, 0, target - size); |
216 | } | 216 | } |
217 | } | 217 | } |
218 | 218 | ||
219 | 219 | ||
@@ -326,70 +326,70 @@ gen_prime (gcry_mpi_t * ptest, unsigned int nbits, GNUNET_HashCode * hc) | |||
326 | tmp = gcry_mpi_new (0); | 326 | tmp = gcry_mpi_new (0); |
327 | sp = gcry_mpi_new (0); | 327 | sp = gcry_mpi_new (0); |
328 | while (1) | 328 | while (1) |
329 | { | ||
330 | /* generate a random number */ | ||
331 | mpz_randomize (prime, nbits, hc); | ||
332 | /* Set high order bit to 1, set low order bit to 1. If we are | ||
333 | * generating a secret prime we are most probably doing that | ||
334 | * for RSA, to make sure that the modulus does have the | ||
335 | * requested key size we set the 2 high order bits. */ | ||
336 | gcry_mpi_set_bit (prime, nbits - 1); | ||
337 | gcry_mpi_set_bit (prime, nbits - 2); | ||
338 | gcry_mpi_set_bit (prime, 0); | ||
339 | |||
340 | /* Calculate all remainders. */ | ||
341 | for (i = 0; i < no_of_small_prime_numbers; i++) | ||
329 | { | 342 | { |
330 | /* generate a random number */ | 343 | size_t written; |
331 | mpz_randomize (prime, nbits, hc); | 344 | |
332 | /* Set high order bit to 1, set low order bit to 1. If we are | 345 | gcry_mpi_set_ui (sp, small_prime_numbers[i]); |
333 | * generating a secret prime we are most probably doing that | 346 | gcry_mpi_div (NULL, tmp, prime, sp, -1); |
334 | * for RSA, to make sure that the modulus does have the | 347 | mods[i] = 0; |
335 | * requested key size we set the 2 high order bits. */ | 348 | written = sizeof (unsigned int); |
336 | gcry_mpi_set_bit (prime, nbits - 1); | 349 | GNUNET_assert (0 == |
337 | gcry_mpi_set_bit (prime, nbits - 2); | 350 | gcry_mpi_print (GCRYMPI_FMT_USG, |
338 | gcry_mpi_set_bit (prime, 0); | 351 | (unsigned char *) &mods[i], written, |
339 | 352 | &written, tmp)); | |
340 | /* Calculate all remainders. */ | 353 | adjust ((unsigned char *) &mods[i], written, sizeof (unsigned int)); |
354 | mods[i] = ntohl (mods[i]); | ||
355 | } | ||
356 | /* Now try some primes starting with prime. */ | ||
357 | for (step = 0; step < 20000; step += 2) | ||
358 | { | ||
359 | /* Check against all the small primes we have in mods. */ | ||
341 | for (i = 0; i < no_of_small_prime_numbers; i++) | 360 | for (i = 0; i < no_of_small_prime_numbers; i++) |
342 | { | 361 | { |
343 | size_t written; | 362 | uint16_t x = small_prime_numbers[i]; |
344 | 363 | ||
345 | gcry_mpi_set_ui (sp, small_prime_numbers[i]); | 364 | while (mods[i] + step >= x) |
346 | gcry_mpi_div (NULL, tmp, prime, sp, -1); | 365 | mods[i] -= x; |
347 | mods[i] = 0; | 366 | if (!(mods[i] + step)) |
348 | written = sizeof (unsigned int); | 367 | break; |
349 | GNUNET_assert (0 == | 368 | } |
350 | gcry_mpi_print (GCRYMPI_FMT_USG, | 369 | if (i < no_of_small_prime_numbers) |
351 | (unsigned char *) &mods[i], written, | 370 | continue; /* Found a multiple of an already known prime. */ |
352 | &written, tmp)); | 371 | |
353 | adjust ((unsigned char *) &mods[i], written, sizeof (unsigned int)); | 372 | gcry_mpi_add_ui (*ptest, prime, step); |
354 | mods[i] = ntohl (mods[i]); | 373 | if (!gcry_mpi_test_bit (*ptest, nbits - 2)) |
355 | } | 374 | break; |
356 | /* Now try some primes starting with prime. */ | 375 | |
357 | for (step = 0; step < 20000; step += 2) | 376 | /* Do a fast Fermat test now. */ |
358 | { | 377 | gcry_mpi_sub_ui (pminus1, *ptest, 1); |
359 | /* Check against all the small primes we have in mods. */ | 378 | gcry_mpi_powm (result, val_2, pminus1, *ptest); |
360 | for (i = 0; i < no_of_small_prime_numbers; i++) | 379 | if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc))) |
361 | { | 380 | { |
362 | uint16_t x = small_prime_numbers[i]; | 381 | /* Got it. */ |
363 | 382 | gcry_mpi_release (sp); | |
364 | while (mods[i] + step >= x) | 383 | gcry_mpi_release (tmp); |
365 | mods[i] -= x; | 384 | gcry_mpi_release (val_2); |
366 | if (!(mods[i] + step)) | 385 | gcry_mpi_release (val_3); |
367 | break; | 386 | gcry_mpi_release (result); |
368 | } | 387 | gcry_mpi_release (pminus1); |
369 | if (i < no_of_small_prime_numbers) | 388 | gcry_mpi_release (prime); |
370 | continue; /* Found a multiple of an already known prime. */ | 389 | return; |
371 | 390 | } | |
372 | gcry_mpi_add_ui (*ptest, prime, step); | ||
373 | if (!gcry_mpi_test_bit (*ptest, nbits - 2)) | ||
374 | break; | ||
375 | |||
376 | /* Do a fast Fermat test now. */ | ||
377 | gcry_mpi_sub_ui (pminus1, *ptest, 1); | ||
378 | gcry_mpi_powm (result, val_2, pminus1, *ptest); | ||
379 | if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc))) | ||
380 | { | ||
381 | /* Got it. */ | ||
382 | gcry_mpi_release (sp); | ||
383 | gcry_mpi_release (tmp); | ||
384 | gcry_mpi_release (val_2); | ||
385 | gcry_mpi_release (val_3); | ||
386 | gcry_mpi_release (result); | ||
387 | gcry_mpi_release (pminus1); | ||
388 | gcry_mpi_release (prime); | ||
389 | return; | ||
390 | } | ||
391 | } | ||
392 | } | 391 | } |
392 | } | ||
393 | } | 393 | } |
394 | 394 | ||
395 | /** | 395 | /** |
@@ -399,11 +399,11 @@ gen_prime (gcry_mpi_t * ptest, unsigned int nbits, GNUNET_HashCode * hc) | |||
399 | * @param hc the HC to use for PRNG (modified!) | 399 | * @param hc the HC to use for PRNG (modified!) |
400 | */ | 400 | */ |
401 | static void | 401 | static void |
402 | generate_kblock_key (KBlock_secret_key * sk, unsigned int nbits, | 402 | generate_kblock_key (KBlock_secret_key *sk, unsigned int nbits, |
403 | GNUNET_HashCode * hc) | 403 | GNUNET_HashCode * hc) |
404 | { | 404 | { |
405 | gcry_mpi_t t1, t2; | 405 | gcry_mpi_t t1, t2; |
406 | gcry_mpi_t phi; /* helper: (p-1)(q-1) */ | 406 | gcry_mpi_t phi; /* helper: (p-1)(q-1) */ |
407 | gcry_mpi_t g; | 407 | gcry_mpi_t g; |
408 | gcry_mpi_t f; | 408 | gcry_mpi_t f; |
409 | 409 | ||
@@ -425,36 +425,36 @@ generate_kblock_key (KBlock_secret_key * sk, unsigned int nbits, | |||
425 | f = gcry_mpi_new (0); | 425 | f = gcry_mpi_new (0); |
426 | 426 | ||
427 | do | 427 | do |
428 | { | ||
429 | do | ||
428 | { | 430 | { |
429 | do | 431 | gcry_mpi_release (sk->p); |
430 | { | 432 | gcry_mpi_release (sk->q); |
431 | gcry_mpi_release (sk->p); | 433 | gen_prime (&sk->p, nbits / 2, hc); |
432 | gcry_mpi_release (sk->q); | 434 | gen_prime (&sk->q, nbits / 2, hc); |
433 | gen_prime (&sk->p, nbits / 2, hc); | 435 | |
434 | gen_prime (&sk->q, nbits / 2, hc); | 436 | if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */ |
435 | 437 | gcry_mpi_swap (sk->p, sk->q); | |
436 | if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */ | 438 | /* calculate the modulus */ |
437 | gcry_mpi_swap (sk->p, sk->q); | 439 | gcry_mpi_mul (sk->n, sk->p, sk->q); |
438 | /* calculate the modulus */ | 440 | } |
439 | gcry_mpi_mul (sk->n, sk->p, sk->q); | 441 | while (gcry_mpi_get_nbits (sk->n) != nbits); |
440 | } | 442 | |
441 | while (gcry_mpi_get_nbits (sk->n) != nbits); | 443 | /* calculate Euler totient: phi = (p-1)(q-1) */ |
442 | 444 | gcry_mpi_sub_ui (t1, sk->p, 1); | |
443 | /* calculate Euler totient: phi = (p-1)(q-1) */ | 445 | gcry_mpi_sub_ui (t2, sk->q, 1); |
444 | gcry_mpi_sub_ui (t1, sk->p, 1); | 446 | gcry_mpi_mul (phi, t1, t2); |
445 | gcry_mpi_sub_ui (t2, sk->q, 1); | 447 | gcry_mpi_gcd (g, t1, t2); |
446 | gcry_mpi_mul (phi, t1, t2); | 448 | gcry_mpi_div (f, NULL, phi, g, 0); |
447 | gcry_mpi_gcd (g, t1, t2); | 449 | while (0 == gcry_mpi_gcd (t1, sk->e, phi)) |
448 | gcry_mpi_div (f, NULL, phi, g, 0); | 450 | { /* (while gcd is not 1) */ |
449 | while (0 == gcry_mpi_gcd (t1, sk->e, phi)) | 451 | gcry_mpi_add_ui (sk->e, sk->e, 2); |
450 | { /* (while gcd is not 1) */ | ||
451 | gcry_mpi_add_ui (sk->e, sk->e, 2); | ||
452 | } | ||
453 | |||
454 | /* calculate the secret key d = e^1 mod phi */ | ||
455 | } | 452 | } |
453 | |||
454 | /* calculate the secret key d = e^1 mod phi */ | ||
455 | } | ||
456 | while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) || | 456 | while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) || |
457 | (0 == gcry_mpi_invm (sk->u, sk->p, sk->q))); | 457 | (0 == gcry_mpi_invm (sk->u, sk->p, sk->q))); |
458 | 458 | ||
459 | gcry_mpi_release (t1); | 459 | gcry_mpi_release (t1); |
460 | gcry_mpi_release (t2); | 460 | gcry_mpi_release (t2); |
@@ -473,13 +473,13 @@ struct KskRsaPrivateKeyBinaryEncoded | |||
473 | * Total size of the structure, in bytes, in big-endian! | 473 | * Total size of the structure, in bytes, in big-endian! |
474 | */ | 474 | */ |
475 | uint16_t len GNUNET_PACKED; | 475 | uint16_t len GNUNET_PACKED; |
476 | uint16_t sizen GNUNET_PACKED; /* in big-endian! */ | 476 | uint16_t sizen GNUNET_PACKED; /* in big-endian! */ |
477 | uint16_t sizee GNUNET_PACKED; /* in big-endian! */ | 477 | uint16_t sizee GNUNET_PACKED; /* in big-endian! */ |
478 | uint16_t sized GNUNET_PACKED; /* in big-endian! */ | 478 | uint16_t sized GNUNET_PACKED; /* in big-endian! */ |
479 | uint16_t sizep GNUNET_PACKED; /* in big-endian! */ | 479 | uint16_t sizep GNUNET_PACKED; /* in big-endian! */ |
480 | uint16_t sizeq GNUNET_PACKED; /* in big-endian! */ | 480 | uint16_t sizeq GNUNET_PACKED; /* in big-endian! */ |
481 | uint16_t sizedmp1 GNUNET_PACKED; /* in big-endian! */ | 481 | uint16_t sizedmp1 GNUNET_PACKED; /* in big-endian! */ |
482 | uint16_t sizedmq1 GNUNET_PACKED; /* in big-endian! */ | 482 | uint16_t sizedmq1 GNUNET_PACKED; /* in big-endian! */ |
483 | /* followed by the actual values */ | 483 | /* followed by the actual values */ |
484 | }; | 484 | }; |
485 | 485 | ||
@@ -501,16 +501,16 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc) | |||
501 | size_t size; | 501 | size_t size; |
502 | 502 | ||
503 | hx = *hc; | 503 | hx = *hc; |
504 | generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits | 504 | generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits |
505 | * -- we simply cannot afford 2048 bits | 505 | * -- we simply cannot afford 2048 bits |
506 | * even on modern hardware, and especially | 506 | * even on modern hardware, and especially |
507 | * not since clearly a dictionary attack | 507 | * not since clearly a dictionary attack |
508 | * will still be much cheaper | 508 | * will still be much cheaper |
509 | * than breaking a 1024 bit RSA key. | 509 | * than breaking a 1024 bit RSA key. |
510 | * If an adversary can spend the time to | 510 | * If an adversary can spend the time to |
511 | * break a 1024 bit RSA key just to forge | 511 | * break a 1024 bit RSA key just to forge |
512 | * a signature -- SO BE IT. [ CG, 6/2005 ] */ | 512 | * a signature -- SO BE IT. [ CG, 6/2005 ] */ |
513 | &hx); | 513 | &hx); |
514 | pkv[0] = &sk.n; | 514 | pkv[0] = &sk.n; |
515 | pkv[1] = &sk.e; | 515 | pkv[1] = &sk.e; |
516 | pkv[2] = &sk.d; | 516 | pkv[2] = &sk.d; |
@@ -519,10 +519,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc) | |||
519 | pkv[5] = &sk.u; | 519 | pkv[5] = &sk.u; |
520 | size = sizeof (struct KskRsaPrivateKeyBinaryEncoded); | 520 | size = sizeof (struct KskRsaPrivateKeyBinaryEncoded); |
521 | for (i = 0; i < 6; i++) | 521 | for (i = 0; i < 6; i++) |
522 | { | 522 | { |
523 | gcry_mpi_aprint (GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]); | 523 | gcry_mpi_aprint (GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]); |
524 | size += sizes[i]; | 524 | size += sizes[i]; |
525 | } | 525 | } |
526 | GNUNET_assert (size < 65536); | 526 | GNUNET_assert (size < 65536); |
527 | retval = GNUNET_malloc (size); | 527 | retval = GNUNET_malloc (size); |
528 | retval->len = htons (size); | 528 | retval->len = htons (size); |
@@ -547,10 +547,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc) | |||
547 | retval->sizedmq1 = htons (0); | 547 | retval->sizedmq1 = htons (0); |
548 | memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]); | 548 | memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]); |
549 | for (i = 0; i < 6; i++) | 549 | for (i = 0; i < 6; i++) |
550 | { | 550 | { |
551 | gcry_mpi_release (*pkv[i]); | 551 | gcry_mpi_release (*pkv[i]); |
552 | free (pbu[i]); | 552 | free (pbu[i]); |
553 | } | 553 | } |
554 | return retval; | 554 | return retval; |
555 | } | 555 | } |
556 | 556 | ||
@@ -572,123 +572,122 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding) | |||
572 | pos = 0; | 572 | pos = 0; |
573 | size = ntohs (encoding->sizen); | 573 | size = ntohs (encoding->sizen); |
574 | rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG, | 574 | rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG, |
575 | &((const unsigned char *) (&encoding[1]))[pos], size, | 575 | &((const unsigned char *) (&encoding[1]))[pos], size, |
576 | &size); | 576 | &size); |
577 | pos += ntohs (encoding->sizen); | 577 | pos += ntohs (encoding->sizen); |
578 | if (rc) | 578 | if (rc) |
579 | { | 579 | { |
580 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 580 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
581 | return NULL; | 581 | return NULL; |
582 | } | 582 | } |
583 | size = ntohs (encoding->sizee); | 583 | size = ntohs (encoding->sizee); |
584 | rc = gcry_mpi_scan (&e, GCRYMPI_FMT_USG, | 584 | rc = gcry_mpi_scan (&e, GCRYMPI_FMT_USG, |
585 | &((const unsigned char *) (&encoding[1]))[pos], size, | 585 | &((const unsigned char *) (&encoding[1]))[pos], size, |
586 | &size); | 586 | &size); |
587 | pos += ntohs (encoding->sizee); | 587 | pos += ntohs (encoding->sizee); |
588 | if (rc) | 588 | if (rc) |
589 | { | 589 | { |
590 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 590 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
591 | gcry_mpi_release (n); | 591 | gcry_mpi_release (n); |
592 | return NULL; | 592 | return NULL; |
593 | } | 593 | } |
594 | size = ntohs (encoding->sized); | 594 | size = ntohs (encoding->sized); |
595 | rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG, | 595 | rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG, |
596 | &((const unsigned char *) (&encoding[1]))[pos], size, | 596 | &((const unsigned char *) (&encoding[1]))[pos], size, |
597 | &size); | 597 | &size); |
598 | pos += ntohs (encoding->sized); | 598 | pos += ntohs (encoding->sized); |
599 | if (rc) | 599 | if (rc) |
600 | { | ||
601 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
602 | gcry_mpi_release (n); | ||
603 | gcry_mpi_release (e); | ||
604 | return NULL; | ||
605 | } | ||
606 | /* swap p and q! */ | ||
607 | size = ntohs (encoding->sizep); | ||
608 | if (size > 0) | ||
609 | { | ||
610 | rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG, | ||
611 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
612 | &size); | ||
613 | pos += ntohs (encoding->sizep); | ||
614 | if (rc) | ||
600 | { | 615 | { |
601 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 616 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
602 | gcry_mpi_release (n); | 617 | gcry_mpi_release (n); |
603 | gcry_mpi_release (e); | 618 | gcry_mpi_release (e); |
619 | gcry_mpi_release (d); | ||
604 | return NULL; | 620 | return NULL; |
605 | } | 621 | } |
606 | /* swap p and q! */ | 622 | } |
607 | size = ntohs (encoding->sizep); | ||
608 | if (size > 0) | ||
609 | { | ||
610 | rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG, | ||
611 | &((const unsigned char *) (&encoding[1]))[pos], | ||
612 | size, &size); | ||
613 | pos += ntohs (encoding->sizep); | ||
614 | if (rc) | ||
615 | { | ||
616 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
617 | gcry_mpi_release (n); | ||
618 | gcry_mpi_release (e); | ||
619 | gcry_mpi_release (d); | ||
620 | return NULL; | ||
621 | } | ||
622 | } | ||
623 | else | 623 | else |
624 | q = NULL; | 624 | q = NULL; |
625 | size = ntohs (encoding->sizeq); | 625 | size = ntohs (encoding->sizeq); |
626 | if (size > 0) | 626 | if (size > 0) |
627 | { | ||
628 | rc = gcry_mpi_scan (&p, GCRYMPI_FMT_USG, | ||
629 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
630 | &size); | ||
631 | pos += ntohs (encoding->sizeq); | ||
632 | if (rc) | ||
627 | { | 633 | { |
628 | rc = gcry_mpi_scan (&p, GCRYMPI_FMT_USG, | 634 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
629 | &((const unsigned char *) (&encoding[1]))[pos], | 635 | gcry_mpi_release (n); |
630 | size, &size); | 636 | gcry_mpi_release (e); |
631 | pos += ntohs (encoding->sizeq); | 637 | gcry_mpi_release (d); |
632 | if (rc) | 638 | if (q != NULL) |
633 | { | 639 | gcry_mpi_release (q); |
634 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 640 | return NULL; |
635 | gcry_mpi_release (n); | ||
636 | gcry_mpi_release (e); | ||
637 | gcry_mpi_release (d); | ||
638 | if (q != NULL) | ||
639 | gcry_mpi_release (q); | ||
640 | return NULL; | ||
641 | } | ||
642 | } | 641 | } |
642 | } | ||
643 | else | 643 | else |
644 | p = NULL; | 644 | p = NULL; |
645 | pos += ntohs (encoding->sizedmp1); | 645 | pos += ntohs (encoding->sizedmp1); |
646 | pos += ntohs (encoding->sizedmq1); | 646 | pos += ntohs (encoding->sizedmq1); |
647 | size = | 647 | size = |
648 | ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) - | 648 | ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) - |
649 | pos; | 649 | pos; |
650 | if (size > 0) | 650 | if (size > 0) |
651 | { | ||
652 | rc = gcry_mpi_scan (&u, GCRYMPI_FMT_USG, | ||
653 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
654 | &size); | ||
655 | if (rc) | ||
651 | { | 656 | { |
652 | rc = gcry_mpi_scan (&u, GCRYMPI_FMT_USG, | 657 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
653 | &((const unsigned char *) (&encoding[1]))[pos], | 658 | gcry_mpi_release (n); |
654 | size, &size); | 659 | gcry_mpi_release (e); |
655 | if (rc) | 660 | gcry_mpi_release (d); |
656 | { | 661 | if (p != NULL) |
657 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 662 | gcry_mpi_release (p); |
658 | gcry_mpi_release (n); | 663 | if (q != NULL) |
659 | gcry_mpi_release (e); | 664 | gcry_mpi_release (q); |
660 | gcry_mpi_release (d); | 665 | return NULL; |
661 | if (p != NULL) | ||
662 | gcry_mpi_release (p); | ||
663 | if (q != NULL) | ||
664 | gcry_mpi_release (q); | ||
665 | return NULL; | ||
666 | } | ||
667 | } | 666 | } |
667 | } | ||
668 | else | 668 | else |
669 | u = NULL; | 669 | u = NULL; |
670 | 670 | ||
671 | if ((p != NULL) && (q != NULL) && (u != NULL)) | 671 | if ((p != NULL) && (q != NULL) && (u != NULL)) |
672 | { | ||
673 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
674 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))", | ||
675 | n, e, d, p, q, u); | ||
676 | } | ||
677 | else | ||
678 | { | ||
679 | if ((p != NULL) && (q != NULL)) | ||
672 | { | 680 | { |
673 | rc = gcry_sexp_build (&res, &size, /* erroff */ | 681 | rc = gcry_sexp_build (&res, &size, /* erroff */ |
674 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))", | 682 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))", |
675 | n, e, d, p, q, u); | 683 | n, e, d, p, q); |
676 | } | 684 | } |
677 | else | 685 | else |
678 | { | 686 | { |
679 | if ((p != NULL) && (q != NULL)) | 687 | rc = gcry_sexp_build (&res, &size, /* erroff */ |
680 | { | 688 | "(private-key(rsa(n %m)(e %m)(d %m)))", n, e, d); |
681 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
682 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))", | ||
683 | n, e, d, p, q); | ||
684 | } | ||
685 | else | ||
686 | { | ||
687 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
688 | "(private-key(rsa(n %m)(e %m)(d %m)))", n, e, | ||
689 | d); | ||
690 | } | ||
691 | } | 689 | } |
690 | } | ||
692 | gcry_mpi_release (n); | 691 | gcry_mpi_release (n); |
693 | gcry_mpi_release (e); | 692 | gcry_mpi_release (e); |
694 | gcry_mpi_release (d); | 693 | gcry_mpi_release (d); |
@@ -703,10 +702,10 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding) | |||
703 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | 702 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); |
704 | #if EXTRA_CHECKS | 703 | #if EXTRA_CHECKS |
705 | if (gcry_pk_testkey (res)) | 704 | if (gcry_pk_testkey (res)) |
706 | { | 705 | { |
707 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); | 706 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); |
708 | return NULL; | 707 | return NULL; |
709 | } | 708 | } |
710 | #endif | 709 | #endif |
711 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); | 710 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); |
712 | ret->sexp = res; | 711 | ret->sexp = res; |
@@ -736,13 +735,13 @@ GNUNET_CRYPTO_rsa_key_create_from_hash (const GNUNET_HashCode * hc) | |||
736 | unsigned int i; | 735 | unsigned int i; |
737 | 736 | ||
738 | for (i = 0; i < cacheSize; i++) | 737 | for (i = 0; i < cacheSize; i++) |
738 | { | ||
739 | if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode))) | ||
739 | { | 740 | { |
740 | if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode))) | 741 | ret = ksk_decode_key (cache[i]->pke); |
741 | { | 742 | return ret; |
742 | ret = ksk_decode_key (cache[i]->pke); | ||
743 | return ret; | ||
744 | } | ||
745 | } | 743 | } |
744 | } | ||
746 | 745 | ||
747 | line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine)); | 746 | line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine)); |
748 | line->hc = *hc; | 747 | line->hc = *hc; |
@@ -758,10 +757,10 @@ void __attribute__ ((destructor)) GNUNET_CRYPTO_ksk_fini () | |||
758 | unsigned int i; | 757 | unsigned int i; |
759 | 758 | ||
760 | for (i = 0; i < cacheSize; i++) | 759 | for (i = 0; i < cacheSize; i++) |
761 | { | 760 | { |
762 | GNUNET_free (cache[i]->pke); | 761 | GNUNET_free (cache[i]->pke); |
763 | GNUNET_free (cache[i]); | 762 | GNUNET_free (cache[i]); |
764 | } | 763 | } |
765 | GNUNET_array_grow (cache, cacheSize, 0); | 764 | GNUNET_array_grow (cache, cacheSize, 0); |
766 | } | 765 | } |
767 | 766 | ||