aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto_ksk.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/crypto_ksk.c')
-rw-r--r--src/util/crypto_ksk.c517
1 files changed, 260 insertions, 257 deletions
diff --git a/src/util/crypto_ksk.c b/src/util/crypto_ksk.c
index bec87c803..3d40ce27b 100644
--- a/src/util/crypto_ksk.c
+++ b/src/util/crypto_ksk.c
@@ -39,22 +39,24 @@
39#include <gcrypt.h> 39#include <gcrypt.h>
40#include <limits.h> 40#include <limits.h>
41 41
42#define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)
43
42/** 44/**
43 * Log an error message at log-level 'level' that indicates 45 * Log an error message at log-level 'level' that indicates
44 * a failure of the command 'cmd' with the message given 46 * a failure of the command 'cmd' with the message given
45 * by gcry_strerror(rc). 47 * by gcry_strerror(rc).
46 */ 48 */
47#define LOG_GCRY(level, cmd, rc) do { GNUNET_log(level, _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, gcry_strerror(rc)); } while(0); 49#define LOG_GCRY(level, cmd, rc) do { LOG(level, _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, gcry_strerror(rc)); } while(0);
48 50
49 51
50typedef struct 52typedef struct
51{ 53{
52 gcry_mpi_t n; /* public modulus */ 54 gcry_mpi_t n; /* public modulus */
53 gcry_mpi_t e; /* public exponent */ 55 gcry_mpi_t e; /* public exponent */
54 gcry_mpi_t d; /* exponent */ 56 gcry_mpi_t d; /* exponent */
55 gcry_mpi_t p; /* prime p. */ 57 gcry_mpi_t p; /* prime p. */
56 gcry_mpi_t q; /* prime q. */ 58 gcry_mpi_t q; /* prime q. */
57 gcry_mpi_t u; /* inverse of p mod q. */ 59 gcry_mpi_t u; /* inverse of p mod q. */
58} KBlock_secret_key; 60} KBlock_secret_key;
59 61
60/** 62/**
@@ -82,23 +84,23 @@ mpz_randomize (gcry_mpi_t n, unsigned int nbits, GNUNET_HashCode * rnd)
82 84
83 tmp = *rnd; 85 tmp = *rnd;
84 for (i = 0; i < cnt; i++) 86 for (i = 0; i < cnt; i++)
85 {
86 int j;
87
88 if (i > 0)
89 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp);
90 for (j = 0; j < sizeof (GNUNET_HashCode) / sizeof (uint32_t); j++)
91 { 87 {
88 int j;
89
90 if (i > 0)
91 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp);
92 for (j = 0; j < sizeof (GNUNET_HashCode) / sizeof (uint32_t); j++)
93 {
92#if HAVE_GCRY_MPI_LSHIFT 94#if HAVE_GCRY_MPI_LSHIFT
93 gcry_mpi_lshift (n, n, sizeof (uint32_t) * 8); 95 gcry_mpi_lshift (n, n, sizeof (uint32_t) * 8);
94#else 96#else
95 gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); 97 gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4));
96 gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); 98 gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4));
97#endif 99#endif
98 gcry_mpi_add_ui (n, n, ntohl (((uint32_t *) & tmp)[j])); 100 gcry_mpi_add_ui (n, n, ntohl (((uint32_t *) & tmp)[j]));
101 }
102 hc = tmp;
99 } 103 }
100 hc = tmp;
101 }
102 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd); 104 GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd);
103 i = gcry_mpi_get_nbits (n); 105 i = gcry_mpi_get_nbits (n);
104 while (i > nbits) 106 while (i > nbits)
@@ -112,10 +114,10 @@ mpz_trailing_zeroes (gcry_mpi_t n)
112 114
113 cnt = gcry_mpi_get_nbits (n); 115 cnt = gcry_mpi_get_nbits (n);
114 for (idx = 0; idx < cnt; idx++) 116 for (idx = 0; idx < cnt; idx++)
115 { 117 {
116 if (gcry_mpi_test_bit (n, idx) == 0) 118 if (gcry_mpi_test_bit (n, idx) == 0)
117 return idx; 119 return idx;
118 } 120 }
119 121
120 return ULONG_MAX; 122 return ULONG_MAX;
121} 123}
@@ -162,31 +164,31 @@ is_prime (gcry_mpi_t n, int steps, GNUNET_HashCode * hc)
162 mpz_tdiv_q_2exp (q, q, k); 164 mpz_tdiv_q_2exp (q, q, k);
163 165
164 for (i = 0; i < steps; i++) 166 for (i = 0; i < steps; i++)
165 {
166 if (!i)
167 {
168 gcry_mpi_set_ui (x, 2);
169 }
170 else
171 { 167 {
172 mpz_randomize (x, nbits - 1, hc); 168 if (!i)
173 GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0); 169 {
174 GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0); 170 gcry_mpi_set_ui (x, 2);
171 }
172 else
173 {
174 mpz_randomize (x, nbits - 1, hc);
175 GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0);
176 GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0);
177 }
178 gcry_mpi_powm (y, x, q, n);
179 if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1))
180 {
181 for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++)
182 {
183 gcry_mpi_powm (y, y, a2, n);
184 if (!gcry_mpi_cmp_ui (y, 1))
185 goto leave; /* Not a prime. */
186 }
187 if (gcry_mpi_cmp (y, nminus1))
188 goto leave; /* Not a prime. */
189 }
175 } 190 }
176 gcry_mpi_powm (y, x, q, n); 191 rc = 1; /* May be a prime. */
177 if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1))
178 {
179 for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++)
180 {
181 gcry_mpi_powm (y, y, a2, n);
182 if (!gcry_mpi_cmp_ui (y, 1))
183 goto leave; /* Not a prime. */
184 }
185 if (gcry_mpi_cmp (y, nminus1))
186 goto leave; /* Not a prime. */
187 }
188 }
189 rc = 1; /* May be a prime. */
190 192
191leave: 193leave:
192 gcry_mpi_release (x); 194 gcry_mpi_release (x);
@@ -208,10 +210,10 @@ static void
208adjust (unsigned char *buf, size_t size, size_t target) 210adjust (unsigned char *buf, size_t size, size_t target)
209{ 211{
210 if (size < target) 212 if (size < target)
211 { 213 {
212 memmove (&buf[target - size], buf, size); 214 memmove (&buf[target - size], buf, size);
213 memset (buf, 0, target - size); 215 memset (buf, 0, target - size);
214 } 216 }
215} 217}
216 218
217 219
@@ -324,70 +326,70 @@ gen_prime (gcry_mpi_t * ptest, unsigned int nbits, GNUNET_HashCode * hc)
324 tmp = gcry_mpi_new (0); 326 tmp = gcry_mpi_new (0);
325 sp = gcry_mpi_new (0); 327 sp = gcry_mpi_new (0);
326 while (1) 328 while (1)
327 {
328 /* generate a random number */
329 mpz_randomize (prime, nbits, hc);
330 /* Set high order bit to 1, set low order bit to 1. If we are
331 * generating a secret prime we are most probably doing that
332 * for RSA, to make sure that the modulus does have the
333 * requested key size we set the 2 high order bits. */
334 gcry_mpi_set_bit (prime, nbits - 1);
335 gcry_mpi_set_bit (prime, nbits - 2);
336 gcry_mpi_set_bit (prime, 0);
337
338 /* Calculate all remainders. */
339 for (i = 0; i < no_of_small_prime_numbers; i++)
340 {
341 size_t written;
342
343 gcry_mpi_set_ui (sp, small_prime_numbers[i]);
344 gcry_mpi_div (NULL, tmp, prime, sp, -1);
345 mods[i] = 0;
346 written = sizeof (unsigned int);
347 GNUNET_assert (0 ==
348 gcry_mpi_print (GCRYMPI_FMT_USG,
349 (unsigned char *) &mods[i], written,
350 &written, tmp));
351 adjust ((unsigned char *) &mods[i], written, sizeof (unsigned int));
352 mods[i] = ntohl (mods[i]);
353 }
354 /* Now try some primes starting with prime. */
355 for (step = 0; step < 20000; step += 2)
356 { 329 {
357 /* Check against all the small primes we have in mods. */ 330 /* generate a random number */
331 mpz_randomize (prime, nbits, hc);
332 /* Set high order bit to 1, set low order bit to 1. If we are
333 * generating a secret prime we are most probably doing that
334 * for RSA, to make sure that the modulus does have the
335 * requested key size we set the 2 high order bits. */
336 gcry_mpi_set_bit (prime, nbits - 1);
337 gcry_mpi_set_bit (prime, nbits - 2);
338 gcry_mpi_set_bit (prime, 0);
339
340 /* Calculate all remainders. */
358 for (i = 0; i < no_of_small_prime_numbers; i++) 341 for (i = 0; i < no_of_small_prime_numbers; i++)
359 { 342 {
360 uint16_t x = small_prime_numbers[i]; 343 size_t written;
361 344
362 while (mods[i] + step >= x) 345 gcry_mpi_set_ui (sp, small_prime_numbers[i]);
363 mods[i] -= x; 346 gcry_mpi_div (NULL, tmp, prime, sp, -1);
364 if (!(mods[i] + step)) 347 mods[i] = 0;
365 break; 348 written = sizeof (unsigned int);
366 } 349 GNUNET_assert (0 ==
367 if (i < no_of_small_prime_numbers) 350 gcry_mpi_print (GCRYMPI_FMT_USG,
368 continue; /* Found a multiple of an already known prime. */ 351 (unsigned char *) &mods[i], written,
369 352 &written, tmp));
370 gcry_mpi_add_ui (*ptest, prime, step); 353 adjust ((unsigned char *) &mods[i], written, sizeof (unsigned int));
371 if (!gcry_mpi_test_bit (*ptest, nbits - 2)) 354 mods[i] = ntohl (mods[i]);
372 break; 355 }
373 356 /* Now try some primes starting with prime. */
374 /* Do a fast Fermat test now. */ 357 for (step = 0; step < 20000; step += 2)
375 gcry_mpi_sub_ui (pminus1, *ptest, 1); 358 {
376 gcry_mpi_powm (result, val_2, pminus1, *ptest); 359 /* Check against all the small primes we have in mods. */
377 if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc))) 360 for (i = 0; i < no_of_small_prime_numbers; i++)
378 { 361 {
379 /* Got it. */ 362 uint16_t x = small_prime_numbers[i];
380 gcry_mpi_release (sp); 363
381 gcry_mpi_release (tmp); 364 while (mods[i] + step >= x)
382 gcry_mpi_release (val_2); 365 mods[i] -= x;
383 gcry_mpi_release (val_3); 366 if (!(mods[i] + step))
384 gcry_mpi_release (result); 367 break;
385 gcry_mpi_release (pminus1); 368 }
386 gcry_mpi_release (prime); 369 if (i < no_of_small_prime_numbers)
387 return; 370 continue; /* Found a multiple of an already known prime. */
388 } 371
372 gcry_mpi_add_ui (*ptest, prime, step);
373 if (!gcry_mpi_test_bit (*ptest, nbits - 2))
374 break;
375
376 /* Do a fast Fermat test now. */
377 gcry_mpi_sub_ui (pminus1, *ptest, 1);
378 gcry_mpi_powm (result, val_2, pminus1, *ptest);
379 if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc)))
380 {
381 /* Got it. */
382 gcry_mpi_release (sp);
383 gcry_mpi_release (tmp);
384 gcry_mpi_release (val_2);
385 gcry_mpi_release (val_3);
386 gcry_mpi_release (result);
387 gcry_mpi_release (pminus1);
388 gcry_mpi_release (prime);
389 return;
390 }
391 }
389 } 392 }
390 }
391} 393}
392 394
393/** 395/**
@@ -397,11 +399,11 @@ gen_prime (gcry_mpi_t * ptest, unsigned int nbits, GNUNET_HashCode * hc)
397 * @param hc the HC to use for PRNG (modified!) 399 * @param hc the HC to use for PRNG (modified!)
398 */ 400 */
399static void 401static void
400generate_kblock_key (KBlock_secret_key *sk, unsigned int nbits, 402generate_kblock_key (KBlock_secret_key * sk, unsigned int nbits,
401 GNUNET_HashCode * hc) 403 GNUNET_HashCode * hc)
402{ 404{
403 gcry_mpi_t t1, t2; 405 gcry_mpi_t t1, t2;
404 gcry_mpi_t phi; /* helper: (p-1)(q-1) */ 406 gcry_mpi_t phi; /* helper: (p-1)(q-1) */
405 gcry_mpi_t g; 407 gcry_mpi_t g;
406 gcry_mpi_t f; 408 gcry_mpi_t f;
407 409
@@ -423,36 +425,36 @@ generate_kblock_key (KBlock_secret_key *sk, unsigned int nbits,
423 f = gcry_mpi_new (0); 425 f = gcry_mpi_new (0);
424 426
425 do 427 do
426 {
427 do
428 { 428 {
429 gcry_mpi_release (sk->p); 429 do
430 gcry_mpi_release (sk->q); 430 {
431 gen_prime (&sk->p, nbits / 2, hc); 431 gcry_mpi_release (sk->p);
432 gen_prime (&sk->q, nbits / 2, hc); 432 gcry_mpi_release (sk->q);
433 433 gen_prime (&sk->p, nbits / 2, hc);
434 if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */ 434 gen_prime (&sk->q, nbits / 2, hc);
435 gcry_mpi_swap (sk->p, sk->q); 435
436 /* calculate the modulus */ 436 if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */
437 gcry_mpi_mul (sk->n, sk->p, sk->q); 437 gcry_mpi_swap (sk->p, sk->q);
438 /* calculate the modulus */
439 gcry_mpi_mul (sk->n, sk->p, sk->q);
440 }
441 while (gcry_mpi_get_nbits (sk->n) != nbits);
442
443 /* calculate Euler totient: phi = (p-1)(q-1) */
444 gcry_mpi_sub_ui (t1, sk->p, 1);
445 gcry_mpi_sub_ui (t2, sk->q, 1);
446 gcry_mpi_mul (phi, t1, t2);
447 gcry_mpi_gcd (g, t1, t2);
448 gcry_mpi_div (f, NULL, phi, g, 0);
449 while (0 == gcry_mpi_gcd (t1, sk->e, phi))
450 { /* (while gcd is not 1) */
451 gcry_mpi_add_ui (sk->e, sk->e, 2);
452 }
453
454 /* calculate the secret key d = e^1 mod phi */
438 } 455 }
439 while (gcry_mpi_get_nbits (sk->n) != nbits);
440
441 /* calculate Euler totient: phi = (p-1)(q-1) */
442 gcry_mpi_sub_ui (t1, sk->p, 1);
443 gcry_mpi_sub_ui (t2, sk->q, 1);
444 gcry_mpi_mul (phi, t1, t2);
445 gcry_mpi_gcd (g, t1, t2);
446 gcry_mpi_div (f, NULL, phi, g, 0);
447 while (0 == gcry_mpi_gcd (t1, sk->e, phi))
448 { /* (while gcd is not 1) */
449 gcry_mpi_add_ui (sk->e, sk->e, 2);
450 }
451
452 /* calculate the secret key d = e^1 mod phi */
453 }
454 while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) || 456 while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) ||
455 (0 == gcry_mpi_invm (sk->u, sk->p, sk->q))); 457 (0 == gcry_mpi_invm (sk->u, sk->p, sk->q)));
456 458
457 gcry_mpi_release (t1); 459 gcry_mpi_release (t1);
458 gcry_mpi_release (t2); 460 gcry_mpi_release (t2);
@@ -471,13 +473,13 @@ struct KskRsaPrivateKeyBinaryEncoded
471 * Total size of the structure, in bytes, in big-endian! 473 * Total size of the structure, in bytes, in big-endian!
472 */ 474 */
473 uint16_t len GNUNET_PACKED; 475 uint16_t len GNUNET_PACKED;
474 uint16_t sizen GNUNET_PACKED; /* in big-endian! */ 476 uint16_t sizen GNUNET_PACKED; /* in big-endian! */
475 uint16_t sizee GNUNET_PACKED; /* in big-endian! */ 477 uint16_t sizee GNUNET_PACKED; /* in big-endian! */
476 uint16_t sized GNUNET_PACKED; /* in big-endian! */ 478 uint16_t sized GNUNET_PACKED; /* in big-endian! */
477 uint16_t sizep GNUNET_PACKED; /* in big-endian! */ 479 uint16_t sizep GNUNET_PACKED; /* in big-endian! */
478 uint16_t sizeq GNUNET_PACKED; /* in big-endian! */ 480 uint16_t sizeq GNUNET_PACKED; /* in big-endian! */
479 uint16_t sizedmp1 GNUNET_PACKED; /* in big-endian! */ 481 uint16_t sizedmp1 GNUNET_PACKED; /* in big-endian! */
480 uint16_t sizedmq1 GNUNET_PACKED; /* in big-endian! */ 482 uint16_t sizedmq1 GNUNET_PACKED; /* in big-endian! */
481 /* followed by the actual values */ 483 /* followed by the actual values */
482}; 484};
483 485
@@ -499,16 +501,16 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc)
499 size_t size; 501 size_t size;
500 502
501 hx = *hc; 503 hx = *hc;
502 generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits 504 generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits
503 * -- we simply cannot afford 2048 bits 505 * -- we simply cannot afford 2048 bits
504 * even on modern hardware, and especially 506 * even on modern hardware, and especially
505 * not since clearly a dictionary attack 507 * not since clearly a dictionary attack
506 * will still be much cheaper 508 * will still be much cheaper
507 * than breaking a 1024 bit RSA key. 509 * than breaking a 1024 bit RSA key.
508 * If an adversary can spend the time to 510 * If an adversary can spend the time to
509 * break a 1024 bit RSA key just to forge 511 * break a 1024 bit RSA key just to forge
510 * a signature -- SO BE IT. [ CG, 6/2005 ] */ 512 * a signature -- SO BE IT. [ CG, 6/2005 ] */
511 &hx); 513 &hx);
512 pkv[0] = &sk.n; 514 pkv[0] = &sk.n;
513 pkv[1] = &sk.e; 515 pkv[1] = &sk.e;
514 pkv[2] = &sk.d; 516 pkv[2] = &sk.d;
@@ -517,10 +519,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc)
517 pkv[5] = &sk.u; 519 pkv[5] = &sk.u;
518 size = sizeof (struct KskRsaPrivateKeyBinaryEncoded); 520 size = sizeof (struct KskRsaPrivateKeyBinaryEncoded);
519 for (i = 0; i < 6; i++) 521 for (i = 0; i < 6; i++)
520 { 522 {
521 gcry_mpi_aprint (GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]); 523 gcry_mpi_aprint (GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]);
522 size += sizes[i]; 524 size += sizes[i];
523 } 525 }
524 GNUNET_assert (size < 65536); 526 GNUNET_assert (size < 65536);
525 retval = GNUNET_malloc (size); 527 retval = GNUNET_malloc (size);
526 retval->len = htons (size); 528 retval->len = htons (size);
@@ -545,10 +547,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc)
545 retval->sizedmq1 = htons (0); 547 retval->sizedmq1 = htons (0);
546 memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]); 548 memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]);
547 for (i = 0; i < 6; i++) 549 for (i = 0; i < 6; i++)
548 { 550 {
549 gcry_mpi_release (*pkv[i]); 551 gcry_mpi_release (*pkv[i]);
550 free (pbu[i]); 552 free (pbu[i]);
551 } 553 }
552 return retval; 554 return retval;
553} 555}
554 556
@@ -570,122 +572,123 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding)
570 pos = 0; 572 pos = 0;
571 size = ntohs (encoding->sizen); 573 size = ntohs (encoding->sizen);
572 rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG, 574 rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG,
573 &((const unsigned char *) (&encoding[1]))[pos], size, 575 &((const unsigned char *) (&encoding[1]))[pos], size,
574 &size); 576 &size);
575 pos += ntohs (encoding->sizen); 577 pos += ntohs (encoding->sizen);
576 if (rc) 578 if (rc)
577 { 579 {
578 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 580 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
579 return NULL; 581 return NULL;
580 } 582 }
581 size = ntohs (encoding->sizee); 583 size = ntohs (encoding->sizee);
582 rc = gcry_mpi_scan (&e, GCRYMPI_FMT_USG, 584 rc = gcry_mpi_scan (&e, GCRYMPI_FMT_USG,
583 &((const unsigned char *) (&encoding[1]))[pos], size, 585 &((const unsigned char *) (&encoding[1]))[pos], size,
584 &size); 586 &size);
585 pos += ntohs (encoding->sizee); 587 pos += ntohs (encoding->sizee);
586 if (rc) 588 if (rc)
587 { 589 {
588 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 590 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
589 gcry_mpi_release (n); 591 gcry_mpi_release (n);
590 return NULL; 592 return NULL;
591 } 593 }
592 size = ntohs (encoding->sized); 594 size = ntohs (encoding->sized);
593 rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG, 595 rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG,
594 &((const unsigned char *) (&encoding[1]))[pos], size, 596 &((const unsigned char *) (&encoding[1]))[pos], size,
595 &size); 597 &size);
596 pos += ntohs (encoding->sized); 598 pos += ntohs (encoding->sized);
597 if (rc) 599 if (rc)
598 {
599 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
600 gcry_mpi_release (n);
601 gcry_mpi_release (e);
602 return NULL;
603 }
604 /* swap p and q! */
605 size = ntohs (encoding->sizep);
606 if (size > 0)
607 {
608 rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG,
609 &((const unsigned char *) (&encoding[1]))[pos], size,
610 &size);
611 pos += ntohs (encoding->sizep);
612 if (rc)
613 { 600 {
614 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 601 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
615 gcry_mpi_release (n); 602 gcry_mpi_release (n);
616 gcry_mpi_release (e); 603 gcry_mpi_release (e);
617 gcry_mpi_release (d);
618 return NULL; 604 return NULL;
619 } 605 }
620 } 606 /* swap p and q! */
607 size = ntohs (encoding->sizep);
608 if (size > 0)
609 {
610 rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG,
611 &((const unsigned char *) (&encoding[1]))[pos],
612 size, &size);
613 pos += ntohs (encoding->sizep);
614 if (rc)
615 {
616 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
617 gcry_mpi_release (n);
618 gcry_mpi_release (e);
619 gcry_mpi_release (d);
620 return NULL;
621 }
622 }
621 else 623 else
622 q = NULL; 624 q = NULL;
623 size = ntohs (encoding->sizeq); 625 size = ntohs (encoding->sizeq);
624 if (size > 0) 626 if (size > 0)
625 {
626 rc = gcry_mpi_scan (&p, GCRYMPI_FMT_USG,
627 &((const unsigned char *) (&encoding[1]))[pos], size,
628 &size);
629 pos += ntohs (encoding->sizeq);
630 if (rc)
631 { 627 {
632 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 628 rc = gcry_mpi_scan (&p, GCRYMPI_FMT_USG,
633 gcry_mpi_release (n); 629 &((const unsigned char *) (&encoding[1]))[pos],
634 gcry_mpi_release (e); 630 size, &size);
635 gcry_mpi_release (d); 631 pos += ntohs (encoding->sizeq);
636 if (q != NULL) 632 if (rc)
637 gcry_mpi_release (q); 633 {
638 return NULL; 634 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
635 gcry_mpi_release (n);
636 gcry_mpi_release (e);
637 gcry_mpi_release (d);
638 if (q != NULL)
639 gcry_mpi_release (q);
640 return NULL;
641 }
639 } 642 }
640 }
641 else 643 else
642 p = NULL; 644 p = NULL;
643 pos += ntohs (encoding->sizedmp1); 645 pos += ntohs (encoding->sizedmp1);
644 pos += ntohs (encoding->sizedmq1); 646 pos += ntohs (encoding->sizedmq1);
645 size = 647 size =
646 ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) - 648 ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) -
647 pos; 649 pos;
648 if (size > 0) 650 if (size > 0)
649 {
650 rc = gcry_mpi_scan (&u, GCRYMPI_FMT_USG,
651 &((const unsigned char *) (&encoding[1]))[pos], size,
652 &size);
653 if (rc)
654 { 651 {
655 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); 652 rc = gcry_mpi_scan (&u, GCRYMPI_FMT_USG,
656 gcry_mpi_release (n); 653 &((const unsigned char *) (&encoding[1]))[pos],
657 gcry_mpi_release (e); 654 size, &size);
658 gcry_mpi_release (d); 655 if (rc)
659 if (p != NULL) 656 {
660 gcry_mpi_release (p); 657 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
661 if (q != NULL) 658 gcry_mpi_release (n);
662 gcry_mpi_release (q); 659 gcry_mpi_release (e);
663 return NULL; 660 gcry_mpi_release (d);
661 if (p != NULL)
662 gcry_mpi_release (p);
663 if (q != NULL)
664 gcry_mpi_release (q);
665 return NULL;
666 }
664 } 667 }
665 }
666 else 668 else
667 u = NULL; 669 u = NULL;
668 670
669 if ((p != NULL) && (q != NULL) && (u != NULL)) 671 if ((p != NULL) && (q != NULL) && (u != NULL))
670 {
671 rc = gcry_sexp_build (&res, &size, /* erroff */
672 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))",
673 n, e, d, p, q, u);
674 }
675 else
676 {
677 if ((p != NULL) && (q != NULL))
678 { 672 {
679 rc = gcry_sexp_build (&res, &size, /* erroff */ 673 rc = gcry_sexp_build (&res, &size, /* erroff */
680 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))", 674 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))",
681 n, e, d, p, q); 675 n, e, d, p, q, u);
682 } 676 }
683 else 677 else
684 { 678 {
685 rc = gcry_sexp_build (&res, &size, /* erroff */ 679 if ((p != NULL) && (q != NULL))
686 "(private-key(rsa(n %m)(e %m)(d %m)))", n, e, d); 680 {
681 rc = gcry_sexp_build (&res, &size, /* erroff */
682 "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))",
683 n, e, d, p, q);
684 }
685 else
686 {
687 rc = gcry_sexp_build (&res, &size, /* erroff */
688 "(private-key(rsa(n %m)(e %m)(d %m)))", n, e,
689 d);
690 }
687 } 691 }
688 }
689 gcry_mpi_release (n); 692 gcry_mpi_release (n);
690 gcry_mpi_release (e); 693 gcry_mpi_release (e);
691 gcry_mpi_release (d); 694 gcry_mpi_release (d);
@@ -700,10 +703,10 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding)
700 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); 703 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
701#if EXTRA_CHECKS 704#if EXTRA_CHECKS
702 if (gcry_pk_testkey (res)) 705 if (gcry_pk_testkey (res))
703 { 706 {
704 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); 707 LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
705 return NULL; 708 return NULL;
706 } 709 }
707#endif 710#endif
708 ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); 711 ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey));
709 ret->sexp = res; 712 ret->sexp = res;
@@ -733,13 +736,13 @@ GNUNET_CRYPTO_rsa_key_create_from_hash (const GNUNET_HashCode * hc)
733 unsigned int i; 736 unsigned int i;
734 737
735 for (i = 0; i < cacheSize; i++) 738 for (i = 0; i < cacheSize; i++)
736 {
737 if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode)))
738 { 739 {
739 ret = ksk_decode_key (cache[i]->pke); 740 if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode)))
740 return ret; 741 {
742 ret = ksk_decode_key (cache[i]->pke);
743 return ret;
744 }
741 } 745 }
742 }
743 746
744 line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine)); 747 line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine));
745 line->hc = *hc; 748 line->hc = *hc;
@@ -755,10 +758,10 @@ void __attribute__ ((destructor)) GNUNET_CRYPTO_ksk_fini ()
755 unsigned int i; 758 unsigned int i;
756 759
757 for (i = 0; i < cacheSize; i++) 760 for (i = 0; i < cacheSize; i++)
758 { 761 {
759 GNUNET_free (cache[i]->pke); 762 GNUNET_free (cache[i]->pke);
760 GNUNET_free (cache[i]); 763 GNUNET_free (cache[i]);
761 } 764 }
762 GNUNET_array_grow (cache, cacheSize, 0); 765 GNUNET_array_grow (cache, cacheSize, 0);
763} 766}
764 767
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-01 12:03:12 +0000