aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto_ksk.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/crypto_ksk.c')
-rw-r--r--src/util/crypto_ksk.c513
1 files changed, 256 insertions, 257 deletions
diff --git a/src/util/crypto_ksk.c b/src/util/crypto_ksk.c
index 3d40ce27b..60639a709 100644
--- a/src/util/crypto_ksk.c
+++ b/src/util/crypto_ksk.c
@@ -51,12 +51,12 @@
51 51
52typedef struct 52typedef struct
53{ 53{
54 gcry_mpi_t n; /* public modulus */ 54 gcry_mpi_t n; /* public modulus */
55 gcry_mpi_t e; /* public exponent */ 55 gcry_mpi_t e; /* public exponent */
56 gcry_mpi_t d; /* exponent */ 56 gcry_mpi_t d; /* exponent */
57 gcry_mpi_t p; /* prime p. */ 57 gcry_mpi_t p; /* prime p. */
58 gcry_mpi_t q; /* prime q. */ 58 gcry_mpi_t q; /* prime q. */
59 gcry_mpi_t u; /* inverse of p mod q. */ 59 gcry_mpi_t u; /* inverse of p mod q. */
60} KBlock_secret_key; 60} KBlock_secret_key;
61 61
62/** 62/**
@@ -84,23 +84,23 @@ mpz_randomize (gcry_mpi_t n, unsigned int nbits, GNUNET_HashCode * rnd)
84 84
85 tmp = *rnd; 85 tmp = *rnd;
86 for (i = 0; i < cnt; i++) 86 for (i = 0; i < cnt; i++)
87 { 87 {
88 int j; 88 int j;
89 89
90 if (i > 0) 90 if (i > 0)
91 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp); 91 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp);
92 for (j = 0; j < sizeof (GNUNET_HashCode) / sizeof (uint32_t); j++) 92 for (j = 0; j < sizeof (GNUNET_HashCode) / sizeof (uint32_t); j++)
93 { 93 {
94#if HAVE_GCRY_MPI_LSHIFT 94#if HAVE_GCRY_MPI_LSHIFT
95 gcry_mpi_lshift (n, n, sizeof (uint32_t) * 8); 95 gcry_mpi_lshift (n, n, sizeof (uint32_t) * 8);
96#else 96#else
97 gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); 97 gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4));
98 gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); 98 gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4));
99#endif 99#endif
100 gcry_mpi_add_ui (n, n, ntohl (((uint32_t *) & tmp)[j])); 100 gcry_mpi_add_ui (n, n, ntohl (((uint32_t *) & tmp)[j]));
101 }
102 hc = tmp;
103 } 101 }
102 hc = tmp;
103 }
104 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd); 104 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd);
105 i = gcry_mpi_get_nbits (n); 105 i = gcry_mpi_get_nbits (n);
106 while (i > nbits) 106 while (i > nbits)
@@ -114,10 +114,10 @@ mpz_trailing_zeroes (gcry_mpi_t n)
114 114
115 cnt = gcry_mpi_get_nbits (n); 115 cnt = gcry_mpi_get_nbits (n);
116 for (idx = 0; idx < cnt; idx++) 116 for (idx = 0; idx < cnt; idx++)
117 { 117 {
118 if (gcry_mpi_test_bit (n, idx) == 0) 118 if (gcry_mpi_test_bit (n, idx) == 0)
119 return idx; 119 return idx;
120 } 120 }
121 121
122 return ULONG_MAX; 122 return ULONG_MAX;
123} 123}
@@ -164,31 +164,31 @@ is_prime (gcry_mpi_t n, int steps, GNUNET_HashCode * hc)
164 mpz_tdiv_q_2exp (q, q, k); 164 mpz_tdiv_q_2exp (q, q, k);
165 165
166 for (i = 0; i < steps; i++) 166 for (i = 0; i < steps; i++)
167 {
168 if (!i)
167 { 169 {
168 if (!i) 170 gcry_mpi_set_ui (x, 2);
169 {
170 gcry_mpi_set_ui (x, 2);
171 }
172 else
173 {
174 mpz_randomize (x, nbits - 1, hc);
175 GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0);
176 GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0);
177 }
178 gcry_mpi_powm (y, x, q, n);
179 if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1))
180 {
181 for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++)
182 {
183 gcry_mpi_powm (y, y, a2, n);
184 if (!gcry_mpi_cmp_ui (y, 1))
185 goto leave; /* Not a prime. */
186 }
187 if (gcry_mpi_cmp (y, nminus1))
188 goto leave; /* Not a prime. */
189 }
190 } 171 }
191 rc = 1; /* May be a prime. */ 172 else
173 {
174 mpz_randomize (x, nbits - 1, hc);
175 GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0);
176 GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0);
177 }
178 gcry_mpi_powm (y, x, q, n);
179 if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1))
180 {
181 for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++)
182 {
183 gcry_mpi_powm (y, y, a2, n);
184 if (!gcry_mpi_cmp_ui (y, 1))
185 goto leave; /* Not a prime. */
186 }
187 if (gcry_mpi_cmp (y, nminus1))
188 goto leave; /* Not a prime. */
189 }
190 }
191 rc = 1; /* May be a prime. */
192 192
193leave: 193leave:
194 gcry_mpi_release (x); 194 gcry_mpi_release (x);
@@ -210,10 +210,10 @@ static void
210adjust (unsigned char *buf, size_t size, size_t target) 210adjust (unsigned char *buf, size_t size, size_t target)
211{ 211{
212 if (size < target) 212 if (size < target)
213 { 213 {
214 memmove (&buf[target - size], buf, size); 214 memmove (&buf[target - size], buf, size);
215 memset (buf, 0, target - size); 215 memset (buf, 0, target - size);
216 } 216 }
217} 217}
218 218
219 219
@@ -326,70 +326,70 @@ gen_prime (gcry_mpi_t * ptest, unsigned int nbits, GNUNET_HashCode * hc)
326 tmp = gcry_mpi_new (0); 326 tmp = gcry_mpi_new (0);
327 sp = gcry_mpi_new (0); 327 sp = gcry_mpi_new (0);
328 while (1) 328 while (1)
329 {
330 /* generate a random number */
331 mpz_randomize (prime, nbits, hc);
332 /* Set high order bit to 1, set low order bit to 1. If we are
333 * generating a secret prime we are most probably doing that
334 * for RSA, to make sure that the modulus does have the
335 * requested key size we set the 2 high order bits. */
336 gcry_mpi_set_bit (prime, nbits - 1);
337 gcry_mpi_set_bit (prime, nbits - 2);
338 gcry_mpi_set_bit (prime, 0);
339
340 /* Calculate all remainders. */
341 for (i = 0; i < no_of_small_prime_numbers; i++)
329 { 342 {
330 /* generate a random number */ 343 size_t written;
331 mpz_randomize (prime, nbits, hc); 344
332 /* Set high order bit to 1, set low order bit to 1. If we are 345 gcry_mpi_set_ui (sp, small_prime_numbers[i]);
333 * generating a secret prime we are most probably doing that 346 gcry_mpi_div (NULL, tmp, prime, sp, -1);
334 * for RSA, to make sure that the modulus does have the 347 mods[i] = 0;
335 * requested key size we set the 2 high order bits. */ 348 written = sizeof (unsigned int);
336 gcry_mpi_set_bit (prime, nbits - 1); 349 GNUNET_assert (0 ==
337 gcry_mpi_set_bit (prime, nbits - 2); 350 gcry_mpi_print (GCRYMPI_FMT_USG,
338 gcry_mpi_set_bit (prime, 0); 351 (unsigned char *) &mods[i], written,
339 352 &written, tmp));
340 /* Calculate all remainders. */ 353 adjust ((unsigned char *) &mods[i], written, sizeof (unsigned int));
354 mods[i] = ntohl (mods[i]);
355 }
356 /* Now try some primes starting with prime. */
357 for (step = 0; step < 20000; step += 2)
358 {
359 /* Check against all the small primes we have in mods. */
341 for (i = 0; i < no_of_small_prime_numbers; i++) 360 for (i = 0; i < no_of_small_prime_numbers; i++)
342 { 361 {
343 size_t written; 362 uint16_t x = small_prime_numbers[i];
344 363
345 gcry_mpi_set_ui (sp, small_prime_numbers[i]); 364 while (mods[i] + step >= x)
346 gcry_mpi_div (NULL, tmp, prime, sp, -1); 365 mods[i] -= x;
347 mods[i] = 0; 366 if (!(mods[i] + step))
348 written = sizeof (unsigned int); 367 break;
349 GNUNET_assert (0 == 368 }
350 gcry_mpi_print (GCRYMPI_FMT_USG, 369 if (i < no_of_small_prime_numbers)
351 (unsigned char *) &mods[i], written, 370 continue; /* Found a multiple of an already known prime. */
352 &written, tmp)); 371
353 adjust ((unsigned char *) &mods[i], written, sizeof (unsigned int)); 372 gcry_mpi_add_ui (*ptest, prime, step);
354 mods[i] = ntohl (mods[i]); 373 if (!gcry_mpi_test_bit (*ptest, nbits - 2))
355 } 374 break;
356 /* Now try some primes starting with prime. */ 375
357 for (step = 0; step < 20000; step += 2) 376 /* Do a fast Fermat test now. */
358 { 377 gcry_mpi_sub_ui (pminus1, *ptest, 1);
359 /* Check against all the small primes we have in mods. */ 378 gcry_mpi_powm (result, val_2, pminus1, *ptest);
360 for (i = 0; i < no_of_small_prime_numbers; i++) 379 if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc)))
361 { 380 {
362 uint16_t x = small_prime_numbers[i]; 381 /* Got it. */
363 382 gcry_mpi_release (sp);
364 while (mods[i] + step >= x) 383 gcry_mpi_release (tmp);
365 mods[i] -= x; 384 gcry_mpi_release (val_2);
366 if (!(mods[i] + step)) 385 gcry_mpi_release (val_3);
367 break; 386 gcry_mpi_release (result);
368 } 387 gcry_mpi_release (pminus1);
369 if (i < no_of_small_prime_numbers) 388 gcry_mpi_release (prime);
370 continue; /* Found a multiple of an already known prime. */ 389 return;
371 390 }
372 gcry_mpi_add_ui (*ptest, prime, step);
373 if (!gcry_mpi_test_bit (*ptest, nbits - 2))
374 break;
375
376 /* Do a fast Fermat test now. */
377 gcry_mpi_sub_ui (pminus1, *ptest, 1);
378 gcry_mpi_powm (result, val_2, pminus1, *ptest);
379 if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc)))
380 {
381 /* Got it. */
382 gcry_mpi_release (sp);
383 gcry_mpi_release (tmp);
384 gcry_mpi_release (val_2);
385 gcry_mpi_release (val_3);
386 gcry_mpi_release (result);
387 gcry_mpi_release (pminus1);
388 gcry_mpi_release (prime);
389 return;
390 }
391 }
392 } 391 }
392 }
393} 393}
394 394
395/** 395/**
@@ -399,11 +399,11 @@ gen_prime (gcry_mpi_t * ptest, unsigned int nbits, GNUNET_HashCode * hc)
399 * @param hc the HC to use for PRNG (modified!) 399 * @param hc the HC to use for PRNG (modified!)
400 */ 400 */
401static void 401static void
402generate_kblock_key (KBlock_secret_key * sk, unsigned int nbits, 402generate_kblock_key (KBlock_secret_key *sk, unsigned int nbits,
403 GNUNET_HashCode * hc) 403 GNUNET_HashCode * hc)
404{ 404{
405 gcry_mpi_t t1, t2; 405 gcry_mpi_t t1, t2;
406 gcry_mpi_t phi; /* helper: (p-1)(q-1) */ 406 gcry_mpi_t phi; /* helper: (p-1)(q-1) */
407 gcry_mpi_t g; 407 gcry_mpi_t g;
408 gcry_mpi_t f; 408 gcry_mpi_t f;
409 409
@@ -425,36 +425,36 @@ generate_kblock_key (KBlock_secret_key * sk, unsigned int nbits,
425 f = gcry_mpi_new (0); 425 f = gcry_mpi_new (0);
426 426
427 do 427 do
428 {
429 do
428 { 430 {
429 do 431 gcry_mpi_release (sk->p);
430 { 432 gcry_mpi_release (sk->q);
431 gcry_mpi_release (sk->p); 433 gen_prime (&sk->p, nbits / 2, hc);
432 gcry_mpi_release (sk->q); 434 gen_prime (&sk->q, nbits / 2, hc);
433 gen_prime (&sk->p, nbits / 2, hc); 435
434 gen_prime (&sk->q, nbits / 2, hc); 436 if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */
435 437 gcry_mpi_swap (sk->p, sk->q);
436 if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */ 438 /* calculate the modulus */
437 gcry_mpi_swap (sk->p, sk->q); 439 gcry_mpi_mul (sk->n, sk->p, sk->q);
438 /* calculate the modulus */ 440 }
439 gcry_mpi_mul (sk->n, sk->p, sk->q); 441 while (gcry_mpi_get_nbits (sk->n) != nbits);
440 } 442
441 while (gcry_mpi_get_nbits (sk->n) != nbits); 443 /* calculate Euler totient: phi = (p-1)(q-1) */
442 444 gcry_mpi_sub_ui (t1, sk->p, 1);
443 /* calculate Euler totient: phi = (p-1)(q-1) */ 445 gcry_mpi_sub_ui (t2, sk->q, 1);
444 gcry_mpi_sub_ui (t1, sk->p, 1); 446 gcry_mpi_mul (phi, t1, t2);
445 gcry_mpi_sub_ui (t2, sk->q, 1); 447 gcry_mpi_gcd (g, t1, t2);
446 gcry_mpi_mul (phi, t1, t2); 448 gcry_mpi_div (f, NULL, phi, g, 0);
447 gcry_mpi_gcd (g, t1, t2); 449 while (0 == gcry_mpi_gcd (t1, sk->e, phi))
448 gcry_mpi_div (f, NULL, phi, g, 0); 450 { /* (while gcd is not 1) */
449 while (0 == gcry_mpi_gcd (t1, sk->e, phi)) 451 gcry_mpi_add_ui (sk->e, sk->e, 2);
450 { /* (while gcd is not 1) */
451 gcry_mpi_add_ui (sk->e, sk->e, 2);
452 }
453
454 /* calculate the secret key d = e^1 mod phi */
455 } 452 }
453
454 /* calculate the secret key d = e^1 mod phi */
455 }
456 while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) || 456 while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) ||
457 (0 == gcry_mpi_invm (sk->u, sk->p, sk->q))); 457 (0 == gcry_mpi_invm (sk->u, sk->p, sk->q)));
458 458
459 gcry_mpi_release (t1); 459 gcry_mpi_release (t1);
460 gcry_mpi_release (t2); 460 gcry_mpi_release (t2);
@@ -473,13 +473,13 @@ struct KskRsaPrivateKeyBinaryEncoded
473 * Total size of the structure, in bytes, in big-endian! 473 * Total size of the structure, in bytes, in big-endian!
474 */ 474 */
475 uint16_t len GNUNET_PACKED; 475 uint16_t len GNUNET_PACKED;
476 uint16_t sizen GNUNET_PACKED; /* in big-endian! */ 476 uint16_t sizen GNUNET_PACKED; /* in big-endian! */
477 uint16_t sizee GNUNET_PACKED; /* in big-endian! */ 477 uint16_t sizee GNUNET_PACKED; /* in big-endian! */
478 uint16_t sized GNUNET_PACKED; /* in big-endian! */ 478 uint16_t sized GNUNET_PACKED; /* in big-endian! */
479 uint16_t sizep GNUNET_PACKED; /* in big-endian! */ 479 uint16_t sizep GNUNET_PACKED; /* in big-endian! */
480 uint16_t sizeq GNUNET_PACKED; /* in big-endian! */ 480 uint16_t sizeq GNUNET_PACKED; /* in big-endian! */
481 uint16_t sizedmp1 GNUNET_PACKED; /* in big-endian! */ 481 uint16_t sizedmp1 GNUNET_PACKED; /* in big-endian! */
482 uint16_t sizedmq1 GNUNET_PACKED; /* in big-endian! */ 482 uint16_t sizedmq1 GNUNET_PACKED; /* in big-endian! */
483 /* followed by the actual values */ 483 /* followed by the actual values */
484}; 484};
485 485
@@ -501,16 +501,16 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc)
501 size_t size; 501 size_t size;
502 502
503 hx = *hc; 503 hx = *hc;
504 generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits 504 generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits
505 * -- we simply cannot afford 2048 bits 505 * -- we simply cannot afford 2048 bits
506 * even on modern hardware, and especially 506 * even on modern hardware, and especially
507 * not since clearly a dictionary attack 507 * not since clearly a dictionary attack
508 * will still be much cheaper 508 * will still be much cheaper
509 * than breaking a 1024 bit RSA key. 509 * than breaking a 1024 bit RSA key.
510 * If an adversary can spend the time to 510 * If an adversary can spend the time to
511 * break a 1024 bit RSA key just to forge 511 * break a 1024 bit RSA key just to forge
512 * a signature -- SO BE IT. [ CG, 6/2005 ] */ 512 * a signature -- SO BE IT. [ CG, 6/2005 ] */
513 &hx); 513 &hx);
514 pkv[0] = &sk.n; 514 pkv[0] = &sk.n;
515 pkv[1] = &sk.e; 515 pkv[1] = &sk.e;
516 pkv[2] = &sk.d; 516 pkv[2] = &sk.d;
@@ -519,10 +519,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc)
519 pkv[5] = &sk.u; 519 pkv[5] = &sk.u;
520 size = sizeof (struct KskRsaPrivateKeyBinaryEncoded); 520 size = sizeof (struct KskRsaPrivateKeyBinaryEncoded);
521 for (i = 0; i < 6; i++) 521 for (i = 0; i < 6; i++)
522 { 522 {
523 gcry_mpi_aprint (GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]); 523 gcry_mpi_aprint (GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]);
524 size += sizes[i]; 524 size += sizes[i];
525 } 525 }
526 GNUNET_assert (size < 65536); 526 GNUNET_assert (size < 65536);
527 retval = GNUNET_malloc (size); 527 retval = GNUNET_malloc (size);
528 retval->len = htons (size); 528 retval->len = htons (size);
@@ -547,10 +547,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc)
547 retval->sizedmq1 = htons (0); 547 retval->sizedmq1 = htons (0);
548 memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]); 548 memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]);
549 for (i = 0; i < 6; i++) 549 for (i = 0; i < 6; i++)
550 { 550 {
551 gcry_mpi_release (*pkv[i]); 551 gcry_mpi_release (*pkv[i]);
552 free (pbu[i]); 552 free (pbu[i]);
553 } 553 }
554 return retval; 554 return retval;
555} 555}
556 556
@@ -572,123 +572,122 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding)
572 pos = 0; 572 pos = 0;
573 size = ntohs (encoding->sizen); 573 size = ntohs (encoding->sizen);
574 rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG, 574 rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG,
575 &((const unsigned char *) (&encoding[1]))[pos], size, 575 &((const unsigned char *) (&encoding[1]))[pos], size,
576 &size); 576 &size);
577 pos += ntohs (encoding->sizen); 577 pos += ntohs (encoding->sizen);
578 if (rc) 578 if (rc)
579 { 579 {
580 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 580 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
581 return NULL; 581 return NULL;
582 } 582 }
583 size = ntohs (encoding->sizee); 583 size = ntohs (encoding->sizee);
584 rc = gcry_mpi_scan (&e, GCRYMPI_FMT_USG, 584 rc = gcry_mpi_scan (&e, GCRYMPI_FMT_USG,
585 &((const unsigned char *) (&encoding[1]))[pos], size, 585 &((const unsigned char *) (&encoding[1]))[pos], size,
586 &size); 586 &size);
587 pos += ntohs (encoding->sizee); 587 pos += ntohs (encoding->sizee);
588 if (rc) 588 if (rc)
589 { 589 {
590 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 590 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
591 gcry_mpi_release (n); 591 gcry_mpi_release (n);
592 return NULL; 592 return NULL;
593 } 593 }
594 size = ntohs (encoding->sized); 594 size = ntohs (encoding->sized);
595 rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG, 595 rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG,
596 &((const unsigned char *) (&encoding[1]))[pos], size, 596 &((const unsigned char *) (&encoding[1]))[pos], size,
597 &size); 597 &size);
598 pos += ntohs (encoding->sized); 598 pos += ntohs (encoding->sized);
599 if (rc) 599 if (rc)
600 {
601 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
602 gcry_mpi_release (n);
603 gcry_mpi_release (e);
604 return NULL;
605 }
606 /* swap p and q! */
607 size = ntohs (encoding->sizep);
608 if (size > 0)
609 {
610 rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG,
611 &((const unsigned char *) (&encoding[1]))[pos], size,
612 &size);
613 pos += ntohs (encoding->sizep);
614 if (rc)
600 { 615 {
601 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 616 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
602 gcry_mpi_release (n); 617 gcry_mpi_release (n);
603 gcry_mpi_release (e); 618 gcry_mpi_release (e);
619 gcry_mpi_release (d);
604 return NULL; 620 return NULL;
605 } 621 }
606 /* swap p and q! */ 622 }
607 size = ntohs (encoding->sizep);
608 if (size > 0)
609 {
610 rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG,
611 &((const unsigned char *) (&encoding[1]))[pos],
612 size, &size);
613 pos += ntohs (encoding->sizep);
614 if (rc)
615 {
616 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
617 gcry_mpi_release (n);
618 gcry_mpi_release (e);
619 gcry_mpi_release (d);
620 return NULL;
621 }
622 }
623 else 623 else
624 q = NULL; 624 q = NULL;
625 size = ntohs (encoding->sizeq); 625 size = ntohs (encoding->sizeq);
626 if (size > 0) 626 if (size > 0)
627 {
628 rc = gcry_mpi_scan (&p, GCRYMPI_FMT_USG,
629 &((const unsigned char *) (&encoding[1]))[pos], size,
630 &size);
631 pos += ntohs (encoding->sizeq);
632 if (rc)
627 { 633 {
628 rc = gcry_mpi_scan (&p, GCRYMPI_FMT_USG, 634 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
629 &((const unsigned char *) (&encoding[1]))[pos], 635 gcry_mpi_release (n);
630 size, &size); 636 gcry_mpi_release (e);
631 pos += ntohs (encoding->sizeq); 637 gcry_mpi_release (d);
632 if (rc) 638 if (q != NULL)
633 { 639 gcry_mpi_release (q);
634 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 640 return NULL;
635 gcry_mpi_release (n);
636 gcry_mpi_release (e);
637 gcry_mpi_release (d);
638 if (q != NULL)
639 gcry_mpi_release (q);
640 return NULL;
641 }
642 } 641 }
642 }
643 else 643 else
644 p = NULL; 644 p = NULL;
645 pos += ntohs (encoding->sizedmp1); 645 pos += ntohs (encoding->sizedmp1);
646 pos += ntohs (encoding->sizedmq1); 646 pos += ntohs (encoding->sizedmq1);
647 size = 647 size =
648 ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) - 648 ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) -
649 pos; 649 pos;
650 if (size > 0) 650 if (size > 0)
651 {
652 rc = gcry_mpi_scan (&u, GCRYMPI_FMT_USG,
653 &((const unsigned char *) (&encoding[1]))[pos], size,
654 &size);
655 if (rc)
651 { 656 {
652 rc = gcry_mpi_scan (&u, GCRYMPI_FMT_USG, 657 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
653 &((const unsigned char *) (&encoding[1]))[pos], 658 gcry_mpi_release (n);
654 size, &size); 659 gcry_mpi_release (e);
655 if (rc) 660 gcry_mpi_release (d);
656 { 661 if (p != NULL)
657 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 662 gcry_mpi_release (p);
658 gcry_mpi_release (n); 663 if (q != NULL)
659 gcry_mpi_release (e); 664 gcry_mpi_release (q);
660 gcry_mpi_release (d); 665 return NULL;
661 if (p != NULL)
662 gcry_mpi_release (p);
663 if (q != NULL)
664 gcry_mpi_release (q);
665 return NULL;
666 }
667 } 666 }
667 }
668 else 668 else
669 u = NULL; 669 u = NULL;
670 670
671 if ((p != NULL) && (q != NULL) && (u != NULL)) 671 if ((p != NULL) && (q != NULL) && (u != NULL))
672 {
673 rc = gcry_sexp_build (&res, &size, /* erroff */
674 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))",
675 n, e, d, p, q, u);
676 }
677 else
678 {
679 if ((p != NULL) && (q != NULL))
672 { 680 {
673 rc = gcry_sexp_build (&res, &size, /* erroff */ 681 rc = gcry_sexp_build (&res, &size, /* erroff */
674 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))", 682 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))",
675 n, e, d, p, q, u); 683 n, e, d, p, q);
676 } 684 }
677 else 685 else
678 { 686 {
679 if ((p != NULL) && (q != NULL)) 687 rc = gcry_sexp_build (&res, &size, /* erroff */
680 { 688 "(private-key(rsa(n %m)(e %m)(d %m)))", n, e, d);
681 rc = gcry_sexp_build (&res, &size, /* erroff */
682 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))",
683 n, e, d, p, q);
684 }
685 else
686 {
687 rc = gcry_sexp_build (&res, &size, /* erroff */
688 "(private-key(rsa(n %m)(e %m)(d %m)))", n, e,
689 d);
690 }
691 } 689 }
690 }
692 gcry_mpi_release (n); 691 gcry_mpi_release (n);
693 gcry_mpi_release (e); 692 gcry_mpi_release (e);
694 gcry_mpi_release (d); 693 gcry_mpi_release (d);
@@ -703,10 +702,10 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding)
703 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); 702 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
704#if EXTRA_CHECKS 703#if EXTRA_CHECKS
705 if (gcry_pk_testkey (res)) 704 if (gcry_pk_testkey (res))
706 { 705 {
707 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); 706 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
708 return NULL; 707 return NULL;
709 } 708 }
710#endif 709#endif
711 ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); 710 ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey));
712 ret->sexp = res; 711 ret->sexp = res;
@@ -736,13 +735,13 @@ GNUNET_CRYPTO_rsa_key_create_from_hash (const GNUNET_HashCode * hc)
736 unsigned int i; 735 unsigned int i;
737 736
738 for (i = 0; i < cacheSize; i++) 737 for (i = 0; i < cacheSize; i++)
738 {
739 if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode)))
739 { 740 {
740 if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode))) 741 ret = ksk_decode_key (cache[i]->pke);
741 { 742 return ret;
742 ret = ksk_decode_key (cache[i]->pke);
743 return ret;
744 }
745 } 743 }
744 }
746 745
747 line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine)); 746 line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine));
748 line->hc = *hc; 747 line->hc = *hc;
@@ -758,10 +757,10 @@ void __attribute__ ((destructor)) GNUNET_CRYPTO_ksk_fini ()
758 unsigned int i; 757 unsigned int i;
759 758
760 for (i = 0; i < cacheSize; i++) 759 for (i = 0; i < cacheSize; i++)
761 { 760 {
762 GNUNET_free (cache[i]->pke); 761 GNUNET_free (cache[i]->pke);
763 GNUNET_free (cache[i]); 762 GNUNET_free (cache[i]);
764 } 763 }
765 GNUNET_array_grow (cache, cacheSize, 0); 764 GNUNET_array_grow (cache, cacheSize, 0);
766} 765}
767 766
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-18 15:07:20 +0000