diff options
Diffstat (limited to 'src/util/crypto_ksk.c')
-rw-r--r-- | src/util/crypto_ksk.c | 517 |
1 files changed, 260 insertions, 257 deletions
diff --git a/src/util/crypto_ksk.c b/src/util/crypto_ksk.c index bec87c803..3d40ce27b 100644 --- a/src/util/crypto_ksk.c +++ b/src/util/crypto_ksk.c | |||
@@ -39,22 +39,24 @@ | |||
39 | #include <gcrypt.h> | 39 | #include <gcrypt.h> |
40 | #include <limits.h> | 40 | #include <limits.h> |
41 | 41 | ||
42 | #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__) | ||
43 | |||
42 | /** | 44 | /** |
43 | * Log an error message at log-level 'level' that indicates | 45 | * Log an error message at log-level 'level' that indicates |
44 | * a failure of the command 'cmd' with the message given | 46 | * a failure of the command 'cmd' with the message given |
45 | * by gcry_strerror(rc). | 47 | * by gcry_strerror(rc). |
46 | */ | 48 | */ |
47 | #define LOG_GCRY(level, cmd, rc) do { GNUNET_log(level, _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, gcry_strerror(rc)); } while(0); | 49 | #define LOG_GCRY(level, cmd, rc) do { LOG(level, _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, gcry_strerror(rc)); } while(0); |
48 | 50 | ||
49 | 51 | ||
50 | typedef struct | 52 | typedef struct |
51 | { | 53 | { |
52 | gcry_mpi_t n; /* public modulus */ | 54 | gcry_mpi_t n; /* public modulus */ |
53 | gcry_mpi_t e; /* public exponent */ | 55 | gcry_mpi_t e; /* public exponent */ |
54 | gcry_mpi_t d; /* exponent */ | 56 | gcry_mpi_t d; /* exponent */ |
55 | gcry_mpi_t p; /* prime p. */ | 57 | gcry_mpi_t p; /* prime p. */ |
56 | gcry_mpi_t q; /* prime q. */ | 58 | gcry_mpi_t q; /* prime q. */ |
57 | gcry_mpi_t u; /* inverse of p mod q. */ | 59 | gcry_mpi_t u; /* inverse of p mod q. */ |
58 | } KBlock_secret_key; | 60 | } KBlock_secret_key; |
59 | 61 | ||
60 | /** | 62 | /** |
@@ -82,23 +84,23 @@ mpz_randomize (gcry_mpi_t n, unsigned int nbits, GNUNET_HashCode * rnd) | |||
82 | 84 | ||
83 | tmp = *rnd; | 85 | tmp = *rnd; |
84 | for (i = 0; i < cnt; i++) | 86 | for (i = 0; i < cnt; i++) |
85 | { | ||
86 | int j; | ||
87 | |||
88 | if (i > 0) | ||
89 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp); | ||
90 | for (j = 0; j < sizeof (GNUNET_HashCode) / sizeof (uint32_t); j++) | ||
91 | { | 87 | { |
88 | int j; | ||
89 | |||
90 | if (i > 0) | ||
91 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), &tmp); | ||
92 | for (j = 0; j < sizeof (GNUNET_HashCode) / sizeof (uint32_t); j++) | ||
93 | { | ||
92 | #if HAVE_GCRY_MPI_LSHIFT | 94 | #if HAVE_GCRY_MPI_LSHIFT |
93 | gcry_mpi_lshift (n, n, sizeof (uint32_t) * 8); | 95 | gcry_mpi_lshift (n, n, sizeof (uint32_t) * 8); |
94 | #else | 96 | #else |
95 | gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); | 97 | gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); |
96 | gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); | 98 | gcry_mpi_mul_ui (n, n, 1 << (sizeof (uint32_t) * 4)); |
97 | #endif | 99 | #endif |
98 | gcry_mpi_add_ui (n, n, ntohl (((uint32_t *) & tmp)[j])); | 100 | gcry_mpi_add_ui (n, n, ntohl (((uint32_t *) & tmp)[j])); |
101 | } | ||
102 | hc = tmp; | ||
99 | } | 103 | } |
100 | hc = tmp; | ||
101 | } | ||
102 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd); | 104 | GNUNET_CRYPTO_hash (&hc, sizeof (GNUNET_HashCode), rnd); |
103 | i = gcry_mpi_get_nbits (n); | 105 | i = gcry_mpi_get_nbits (n); |
104 | while (i > nbits) | 106 | while (i > nbits) |
@@ -112,10 +114,10 @@ mpz_trailing_zeroes (gcry_mpi_t n) | |||
112 | 114 | ||
113 | cnt = gcry_mpi_get_nbits (n); | 115 | cnt = gcry_mpi_get_nbits (n); |
114 | for (idx = 0; idx < cnt; idx++) | 116 | for (idx = 0; idx < cnt; idx++) |
115 | { | 117 | { |
116 | if (gcry_mpi_test_bit (n, idx) == 0) | 118 | if (gcry_mpi_test_bit (n, idx) == 0) |
117 | return idx; | 119 | return idx; |
118 | } | 120 | } |
119 | 121 | ||
120 | return ULONG_MAX; | 122 | return ULONG_MAX; |
121 | } | 123 | } |
@@ -162,31 +164,31 @@ is_prime (gcry_mpi_t n, int steps, GNUNET_HashCode * hc) | |||
162 | mpz_tdiv_q_2exp (q, q, k); | 164 | mpz_tdiv_q_2exp (q, q, k); |
163 | 165 | ||
164 | for (i = 0; i < steps; i++) | 166 | for (i = 0; i < steps; i++) |
165 | { | ||
166 | if (!i) | ||
167 | { | ||
168 | gcry_mpi_set_ui (x, 2); | ||
169 | } | ||
170 | else | ||
171 | { | 167 | { |
172 | mpz_randomize (x, nbits - 1, hc); | 168 | if (!i) |
173 | GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0); | 169 | { |
174 | GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0); | 170 | gcry_mpi_set_ui (x, 2); |
171 | } | ||
172 | else | ||
173 | { | ||
174 | mpz_randomize (x, nbits - 1, hc); | ||
175 | GNUNET_assert (gcry_mpi_cmp (x, nminus1) < 0); | ||
176 | GNUNET_assert (gcry_mpi_cmp_ui (x, 1) > 0); | ||
177 | } | ||
178 | gcry_mpi_powm (y, x, q, n); | ||
179 | if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1)) | ||
180 | { | ||
181 | for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++) | ||
182 | { | ||
183 | gcry_mpi_powm (y, y, a2, n); | ||
184 | if (!gcry_mpi_cmp_ui (y, 1)) | ||
185 | goto leave; /* Not a prime. */ | ||
186 | } | ||
187 | if (gcry_mpi_cmp (y, nminus1)) | ||
188 | goto leave; /* Not a prime. */ | ||
189 | } | ||
175 | } | 190 | } |
176 | gcry_mpi_powm (y, x, q, n); | 191 | rc = 1; /* May be a prime. */ |
177 | if (gcry_mpi_cmp_ui (y, 1) && gcry_mpi_cmp (y, nminus1)) | ||
178 | { | ||
179 | for (j = 1; j < k && gcry_mpi_cmp (y, nminus1); j++) | ||
180 | { | ||
181 | gcry_mpi_powm (y, y, a2, n); | ||
182 | if (!gcry_mpi_cmp_ui (y, 1)) | ||
183 | goto leave; /* Not a prime. */ | ||
184 | } | ||
185 | if (gcry_mpi_cmp (y, nminus1)) | ||
186 | goto leave; /* Not a prime. */ | ||
187 | } | ||
188 | } | ||
189 | rc = 1; /* May be a prime. */ | ||
190 | 192 | ||
191 | leave: | 193 | leave: |
192 | gcry_mpi_release (x); | 194 | gcry_mpi_release (x); |
@@ -208,10 +210,10 @@ static void | |||
208 | adjust (unsigned char *buf, size_t size, size_t target) | 210 | adjust (unsigned char *buf, size_t size, size_t target) |
209 | { | 211 | { |
210 | if (size < target) | 212 | if (size < target) |
211 | { | 213 | { |
212 | memmove (&buf[target - size], buf, size); | 214 | memmove (&buf[target - size], buf, size); |
213 | memset (buf, 0, target - size); | 215 | memset (buf, 0, target - size); |
214 | } | 216 | } |
215 | } | 217 | } |
216 | 218 | ||
217 | 219 | ||
@@ -324,70 +326,70 @@ gen_prime (gcry_mpi_t * ptest, unsigned int nbits, GNUNET_HashCode * hc) | |||
324 | tmp = gcry_mpi_new (0); | 326 | tmp = gcry_mpi_new (0); |
325 | sp = gcry_mpi_new (0); | 327 | sp = gcry_mpi_new (0); |
326 | while (1) | 328 | while (1) |
327 | { | ||
328 | /* generate a random number */ | ||
329 | mpz_randomize (prime, nbits, hc); | ||
330 | /* Set high order bit to 1, set low order bit to 1. If we are | ||
331 | * generating a secret prime we are most probably doing that | ||
332 | * for RSA, to make sure that the modulus does have the | ||
333 | * requested key size we set the 2 high order bits. */ | ||
334 | gcry_mpi_set_bit (prime, nbits - 1); | ||
335 | gcry_mpi_set_bit (prime, nbits - 2); | ||
336 | gcry_mpi_set_bit (prime, 0); | ||
337 | |||
338 | /* Calculate all remainders. */ | ||
339 | for (i = 0; i < no_of_small_prime_numbers; i++) | ||
340 | { | ||
341 | size_t written; | ||
342 | |||
343 | gcry_mpi_set_ui (sp, small_prime_numbers[i]); | ||
344 | gcry_mpi_div (NULL, tmp, prime, sp, -1); | ||
345 | mods[i] = 0; | ||
346 | written = sizeof (unsigned int); | ||
347 | GNUNET_assert (0 == | ||
348 | gcry_mpi_print (GCRYMPI_FMT_USG, | ||
349 | (unsigned char *) &mods[i], written, | ||
350 | &written, tmp)); | ||
351 | adjust ((unsigned char *) &mods[i], written, sizeof (unsigned int)); | ||
352 | mods[i] = ntohl (mods[i]); | ||
353 | } | ||
354 | /* Now try some primes starting with prime. */ | ||
355 | for (step = 0; step < 20000; step += 2) | ||
356 | { | 329 | { |
357 | /* Check against all the small primes we have in mods. */ | 330 | /* generate a random number */ |
331 | mpz_randomize (prime, nbits, hc); | ||
332 | /* Set high order bit to 1, set low order bit to 1. If we are | ||
333 | * generating a secret prime we are most probably doing that | ||
334 | * for RSA, to make sure that the modulus does have the | ||
335 | * requested key size we set the 2 high order bits. */ | ||
336 | gcry_mpi_set_bit (prime, nbits - 1); | ||
337 | gcry_mpi_set_bit (prime, nbits - 2); | ||
338 | gcry_mpi_set_bit (prime, 0); | ||
339 | |||
340 | /* Calculate all remainders. */ | ||
358 | for (i = 0; i < no_of_small_prime_numbers; i++) | 341 | for (i = 0; i < no_of_small_prime_numbers; i++) |
359 | { | 342 | { |
360 | uint16_t x = small_prime_numbers[i]; | 343 | size_t written; |
361 | 344 | ||
362 | while (mods[i] + step >= x) | 345 | gcry_mpi_set_ui (sp, small_prime_numbers[i]); |
363 | mods[i] -= x; | 346 | gcry_mpi_div (NULL, tmp, prime, sp, -1); |
364 | if (!(mods[i] + step)) | 347 | mods[i] = 0; |
365 | break; | 348 | written = sizeof (unsigned int); |
366 | } | 349 | GNUNET_assert (0 == |
367 | if (i < no_of_small_prime_numbers) | 350 | gcry_mpi_print (GCRYMPI_FMT_USG, |
368 | continue; /* Found a multiple of an already known prime. */ | 351 | (unsigned char *) &mods[i], written, |
369 | 352 | &written, tmp)); | |
370 | gcry_mpi_add_ui (*ptest, prime, step); | 353 | adjust ((unsigned char *) &mods[i], written, sizeof (unsigned int)); |
371 | if (!gcry_mpi_test_bit (*ptest, nbits - 2)) | 354 | mods[i] = ntohl (mods[i]); |
372 | break; | 355 | } |
373 | 356 | /* Now try some primes starting with prime. */ | |
374 | /* Do a fast Fermat test now. */ | 357 | for (step = 0; step < 20000; step += 2) |
375 | gcry_mpi_sub_ui (pminus1, *ptest, 1); | 358 | { |
376 | gcry_mpi_powm (result, val_2, pminus1, *ptest); | 359 | /* Check against all the small primes we have in mods. */ |
377 | if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc))) | 360 | for (i = 0; i < no_of_small_prime_numbers; i++) |
378 | { | 361 | { |
379 | /* Got it. */ | 362 | uint16_t x = small_prime_numbers[i]; |
380 | gcry_mpi_release (sp); | 363 | |
381 | gcry_mpi_release (tmp); | 364 | while (mods[i] + step >= x) |
382 | gcry_mpi_release (val_2); | 365 | mods[i] -= x; |
383 | gcry_mpi_release (val_3); | 366 | if (!(mods[i] + step)) |
384 | gcry_mpi_release (result); | 367 | break; |
385 | gcry_mpi_release (pminus1); | 368 | } |
386 | gcry_mpi_release (prime); | 369 | if (i < no_of_small_prime_numbers) |
387 | return; | 370 | continue; /* Found a multiple of an already known prime. */ |
388 | } | 371 | |
372 | gcry_mpi_add_ui (*ptest, prime, step); | ||
373 | if (!gcry_mpi_test_bit (*ptest, nbits - 2)) | ||
374 | break; | ||
375 | |||
376 | /* Do a fast Fermat test now. */ | ||
377 | gcry_mpi_sub_ui (pminus1, *ptest, 1); | ||
378 | gcry_mpi_powm (result, val_2, pminus1, *ptest); | ||
379 | if ((!gcry_mpi_cmp_ui (result, 1)) && (is_prime (*ptest, 5, hc))) | ||
380 | { | ||
381 | /* Got it. */ | ||
382 | gcry_mpi_release (sp); | ||
383 | gcry_mpi_release (tmp); | ||
384 | gcry_mpi_release (val_2); | ||
385 | gcry_mpi_release (val_3); | ||
386 | gcry_mpi_release (result); | ||
387 | gcry_mpi_release (pminus1); | ||
388 | gcry_mpi_release (prime); | ||
389 | return; | ||
390 | } | ||
391 | } | ||
389 | } | 392 | } |
390 | } | ||
391 | } | 393 | } |
392 | 394 | ||
393 | /** | 395 | /** |
@@ -397,11 +399,11 @@ gen_prime (gcry_mpi_t * ptest, unsigned int nbits, GNUNET_HashCode * hc) | |||
397 | * @param hc the HC to use for PRNG (modified!) | 399 | * @param hc the HC to use for PRNG (modified!) |
398 | */ | 400 | */ |
399 | static void | 401 | static void |
400 | generate_kblock_key (KBlock_secret_key *sk, unsigned int nbits, | 402 | generate_kblock_key (KBlock_secret_key * sk, unsigned int nbits, |
401 | GNUNET_HashCode * hc) | 403 | GNUNET_HashCode * hc) |
402 | { | 404 | { |
403 | gcry_mpi_t t1, t2; | 405 | gcry_mpi_t t1, t2; |
404 | gcry_mpi_t phi; /* helper: (p-1)(q-1) */ | 406 | gcry_mpi_t phi; /* helper: (p-1)(q-1) */ |
405 | gcry_mpi_t g; | 407 | gcry_mpi_t g; |
406 | gcry_mpi_t f; | 408 | gcry_mpi_t f; |
407 | 409 | ||
@@ -423,36 +425,36 @@ generate_kblock_key (KBlock_secret_key *sk, unsigned int nbits, | |||
423 | f = gcry_mpi_new (0); | 425 | f = gcry_mpi_new (0); |
424 | 426 | ||
425 | do | 427 | do |
426 | { | ||
427 | do | ||
428 | { | 428 | { |
429 | gcry_mpi_release (sk->p); | 429 | do |
430 | gcry_mpi_release (sk->q); | 430 | { |
431 | gen_prime (&sk->p, nbits / 2, hc); | 431 | gcry_mpi_release (sk->p); |
432 | gen_prime (&sk->q, nbits / 2, hc); | 432 | gcry_mpi_release (sk->q); |
433 | 433 | gen_prime (&sk->p, nbits / 2, hc); | |
434 | if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */ | 434 | gen_prime (&sk->q, nbits / 2, hc); |
435 | gcry_mpi_swap (sk->p, sk->q); | 435 | |
436 | /* calculate the modulus */ | 436 | if (gcry_mpi_cmp (sk->p, sk->q) > 0) /* p shall be smaller than q (for calc of u) */ |
437 | gcry_mpi_mul (sk->n, sk->p, sk->q); | 437 | gcry_mpi_swap (sk->p, sk->q); |
438 | /* calculate the modulus */ | ||
439 | gcry_mpi_mul (sk->n, sk->p, sk->q); | ||
440 | } | ||
441 | while (gcry_mpi_get_nbits (sk->n) != nbits); | ||
442 | |||
443 | /* calculate Euler totient: phi = (p-1)(q-1) */ | ||
444 | gcry_mpi_sub_ui (t1, sk->p, 1); | ||
445 | gcry_mpi_sub_ui (t2, sk->q, 1); | ||
446 | gcry_mpi_mul (phi, t1, t2); | ||
447 | gcry_mpi_gcd (g, t1, t2); | ||
448 | gcry_mpi_div (f, NULL, phi, g, 0); | ||
449 | while (0 == gcry_mpi_gcd (t1, sk->e, phi)) | ||
450 | { /* (while gcd is not 1) */ | ||
451 | gcry_mpi_add_ui (sk->e, sk->e, 2); | ||
452 | } | ||
453 | |||
454 | /* calculate the secret key d = e^1 mod phi */ | ||
438 | } | 455 | } |
439 | while (gcry_mpi_get_nbits (sk->n) != nbits); | ||
440 | |||
441 | /* calculate Euler totient: phi = (p-1)(q-1) */ | ||
442 | gcry_mpi_sub_ui (t1, sk->p, 1); | ||
443 | gcry_mpi_sub_ui (t2, sk->q, 1); | ||
444 | gcry_mpi_mul (phi, t1, t2); | ||
445 | gcry_mpi_gcd (g, t1, t2); | ||
446 | gcry_mpi_div (f, NULL, phi, g, 0); | ||
447 | while (0 == gcry_mpi_gcd (t1, sk->e, phi)) | ||
448 | { /* (while gcd is not 1) */ | ||
449 | gcry_mpi_add_ui (sk->e, sk->e, 2); | ||
450 | } | ||
451 | |||
452 | /* calculate the secret key d = e^1 mod phi */ | ||
453 | } | ||
454 | while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) || | 456 | while ((0 == gcry_mpi_invm (sk->d, sk->e, f)) || |
455 | (0 == gcry_mpi_invm (sk->u, sk->p, sk->q))); | 457 | (0 == gcry_mpi_invm (sk->u, sk->p, sk->q))); |
456 | 458 | ||
457 | gcry_mpi_release (t1); | 459 | gcry_mpi_release (t1); |
458 | gcry_mpi_release (t2); | 460 | gcry_mpi_release (t2); |
@@ -471,13 +473,13 @@ struct KskRsaPrivateKeyBinaryEncoded | |||
471 | * Total size of the structure, in bytes, in big-endian! | 473 | * Total size of the structure, in bytes, in big-endian! |
472 | */ | 474 | */ |
473 | uint16_t len GNUNET_PACKED; | 475 | uint16_t len GNUNET_PACKED; |
474 | uint16_t sizen GNUNET_PACKED; /* in big-endian! */ | 476 | uint16_t sizen GNUNET_PACKED; /* in big-endian! */ |
475 | uint16_t sizee GNUNET_PACKED; /* in big-endian! */ | 477 | uint16_t sizee GNUNET_PACKED; /* in big-endian! */ |
476 | uint16_t sized GNUNET_PACKED; /* in big-endian! */ | 478 | uint16_t sized GNUNET_PACKED; /* in big-endian! */ |
477 | uint16_t sizep GNUNET_PACKED; /* in big-endian! */ | 479 | uint16_t sizep GNUNET_PACKED; /* in big-endian! */ |
478 | uint16_t sizeq GNUNET_PACKED; /* in big-endian! */ | 480 | uint16_t sizeq GNUNET_PACKED; /* in big-endian! */ |
479 | uint16_t sizedmp1 GNUNET_PACKED; /* in big-endian! */ | 481 | uint16_t sizedmp1 GNUNET_PACKED; /* in big-endian! */ |
480 | uint16_t sizedmq1 GNUNET_PACKED; /* in big-endian! */ | 482 | uint16_t sizedmq1 GNUNET_PACKED; /* in big-endian! */ |
481 | /* followed by the actual values */ | 483 | /* followed by the actual values */ |
482 | }; | 484 | }; |
483 | 485 | ||
@@ -499,16 +501,16 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc) | |||
499 | size_t size; | 501 | size_t size; |
500 | 502 | ||
501 | hx = *hc; | 503 | hx = *hc; |
502 | generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits | 504 | generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits |
503 | * -- we simply cannot afford 2048 bits | 505 | * -- we simply cannot afford 2048 bits |
504 | * even on modern hardware, and especially | 506 | * even on modern hardware, and especially |
505 | * not since clearly a dictionary attack | 507 | * not since clearly a dictionary attack |
506 | * will still be much cheaper | 508 | * will still be much cheaper |
507 | * than breaking a 1024 bit RSA key. | 509 | * than breaking a 1024 bit RSA key. |
508 | * If an adversary can spend the time to | 510 | * If an adversary can spend the time to |
509 | * break a 1024 bit RSA key just to forge | 511 | * break a 1024 bit RSA key just to forge |
510 | * a signature -- SO BE IT. [ CG, 6/2005 ] */ | 512 | * a signature -- SO BE IT. [ CG, 6/2005 ] */ |
511 | &hx); | 513 | &hx); |
512 | pkv[0] = &sk.n; | 514 | pkv[0] = &sk.n; |
513 | pkv[1] = &sk.e; | 515 | pkv[1] = &sk.e; |
514 | pkv[2] = &sk.d; | 516 | pkv[2] = &sk.d; |
@@ -517,10 +519,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc) | |||
517 | pkv[5] = &sk.u; | 519 | pkv[5] = &sk.u; |
518 | size = sizeof (struct KskRsaPrivateKeyBinaryEncoded); | 520 | size = sizeof (struct KskRsaPrivateKeyBinaryEncoded); |
519 | for (i = 0; i < 6; i++) | 521 | for (i = 0; i < 6; i++) |
520 | { | 522 | { |
521 | gcry_mpi_aprint (GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]); | 523 | gcry_mpi_aprint (GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]); |
522 | size += sizes[i]; | 524 | size += sizes[i]; |
523 | } | 525 | } |
524 | GNUNET_assert (size < 65536); | 526 | GNUNET_assert (size < 65536); |
525 | retval = GNUNET_malloc (size); | 527 | retval = GNUNET_malloc (size); |
526 | retval->len = htons (size); | 528 | retval->len = htons (size); |
@@ -545,10 +547,10 @@ makeKblockKeyInternal (const GNUNET_HashCode * hc) | |||
545 | retval->sizedmq1 = htons (0); | 547 | retval->sizedmq1 = htons (0); |
546 | memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]); | 548 | memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]); |
547 | for (i = 0; i < 6; i++) | 549 | for (i = 0; i < 6; i++) |
548 | { | 550 | { |
549 | gcry_mpi_release (*pkv[i]); | 551 | gcry_mpi_release (*pkv[i]); |
550 | free (pbu[i]); | 552 | free (pbu[i]); |
551 | } | 553 | } |
552 | return retval; | 554 | return retval; |
553 | } | 555 | } |
554 | 556 | ||
@@ -570,122 +572,123 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding) | |||
570 | pos = 0; | 572 | pos = 0; |
571 | size = ntohs (encoding->sizen); | 573 | size = ntohs (encoding->sizen); |
572 | rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG, | 574 | rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG, |
573 | &((const unsigned char *) (&encoding[1]))[pos], size, | 575 | &((const unsigned char *) (&encoding[1]))[pos], size, |
574 | &size); | 576 | &size); |
575 | pos += ntohs (encoding->sizen); | 577 | pos += ntohs (encoding->sizen); |
576 | if (rc) | 578 | if (rc) |
577 | { | 579 | { |
578 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 580 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
579 | return NULL; | 581 | return NULL; |
580 | } | 582 | } |
581 | size = ntohs (encoding->sizee); | 583 | size = ntohs (encoding->sizee); |
582 | rc = gcry_mpi_scan (&e, GCRYMPI_FMT_USG, | 584 | rc = gcry_mpi_scan (&e, GCRYMPI_FMT_USG, |
583 | &((const unsigned char *) (&encoding[1]))[pos], size, | 585 | &((const unsigned char *) (&encoding[1]))[pos], size, |
584 | &size); | 586 | &size); |
585 | pos += ntohs (encoding->sizee); | 587 | pos += ntohs (encoding->sizee); |
586 | if (rc) | 588 | if (rc) |
587 | { | 589 | { |
588 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 590 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
589 | gcry_mpi_release (n); | 591 | gcry_mpi_release (n); |
590 | return NULL; | 592 | return NULL; |
591 | } | 593 | } |
592 | size = ntohs (encoding->sized); | 594 | size = ntohs (encoding->sized); |
593 | rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG, | 595 | rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG, |
594 | &((const unsigned char *) (&encoding[1]))[pos], size, | 596 | &((const unsigned char *) (&encoding[1]))[pos], size, |
595 | &size); | 597 | &size); |
596 | pos += ntohs (encoding->sized); | 598 | pos += ntohs (encoding->sized); |
597 | if (rc) | 599 | if (rc) |
598 | { | ||
599 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
600 | gcry_mpi_release (n); | ||
601 | gcry_mpi_release (e); | ||
602 | return NULL; | ||
603 | } | ||
604 | /* swap p and q! */ | ||
605 | size = ntohs (encoding->sizep); | ||
606 | if (size > 0) | ||
607 | { | ||
608 | rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG, | ||
609 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
610 | &size); | ||
611 | pos += ntohs (encoding->sizep); | ||
612 | if (rc) | ||
613 | { | 600 | { |
614 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 601 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
615 | gcry_mpi_release (n); | 602 | gcry_mpi_release (n); |
616 | gcry_mpi_release (e); | 603 | gcry_mpi_release (e); |
617 | gcry_mpi_release (d); | ||
618 | return NULL; | 604 | return NULL; |
619 | } | 605 | } |
620 | } | 606 | /* swap p and q! */ |
607 | size = ntohs (encoding->sizep); | ||
608 | if (size > 0) | ||
609 | { | ||
610 | rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG, | ||
611 | &((const unsigned char *) (&encoding[1]))[pos], | ||
612 | size, &size); | ||
613 | pos += ntohs (encoding->sizep); | ||
614 | if (rc) | ||
615 | { | ||
616 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
617 | gcry_mpi_release (n); | ||
618 | gcry_mpi_release (e); | ||
619 | gcry_mpi_release (d); | ||
620 | return NULL; | ||
621 | } | ||
622 | } | ||
621 | else | 623 | else |
622 | q = NULL; | 624 | q = NULL; |
623 | size = ntohs (encoding->sizeq); | 625 | size = ntohs (encoding->sizeq); |
624 | if (size > 0) | 626 | if (size > 0) |
625 | { | ||
626 | rc = gcry_mpi_scan (&p, GCRYMPI_FMT_USG, | ||
627 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
628 | &size); | ||
629 | pos += ntohs (encoding->sizeq); | ||
630 | if (rc) | ||
631 | { | 627 | { |
632 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 628 | rc = gcry_mpi_scan (&p, GCRYMPI_FMT_USG, |
633 | gcry_mpi_release (n); | 629 | &((const unsigned char *) (&encoding[1]))[pos], |
634 | gcry_mpi_release (e); | 630 | size, &size); |
635 | gcry_mpi_release (d); | 631 | pos += ntohs (encoding->sizeq); |
636 | if (q != NULL) | 632 | if (rc) |
637 | gcry_mpi_release (q); | 633 | { |
638 | return NULL; | 634 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
635 | gcry_mpi_release (n); | ||
636 | gcry_mpi_release (e); | ||
637 | gcry_mpi_release (d); | ||
638 | if (q != NULL) | ||
639 | gcry_mpi_release (q); | ||
640 | return NULL; | ||
641 | } | ||
639 | } | 642 | } |
640 | } | ||
641 | else | 643 | else |
642 | p = NULL; | 644 | p = NULL; |
643 | pos += ntohs (encoding->sizedmp1); | 645 | pos += ntohs (encoding->sizedmp1); |
644 | pos += ntohs (encoding->sizedmq1); | 646 | pos += ntohs (encoding->sizedmq1); |
645 | size = | 647 | size = |
646 | ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) - | 648 | ntohs (encoding->len) - sizeof (struct KskRsaPrivateKeyBinaryEncoded) - |
647 | pos; | 649 | pos; |
648 | if (size > 0) | 650 | if (size > 0) |
649 | { | ||
650 | rc = gcry_mpi_scan (&u, GCRYMPI_FMT_USG, | ||
651 | &((const unsigned char *) (&encoding[1]))[pos], size, | ||
652 | &size); | ||
653 | if (rc) | ||
654 | { | 651 | { |
655 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | 652 | rc = gcry_mpi_scan (&u, GCRYMPI_FMT_USG, |
656 | gcry_mpi_release (n); | 653 | &((const unsigned char *) (&encoding[1]))[pos], |
657 | gcry_mpi_release (e); | 654 | size, &size); |
658 | gcry_mpi_release (d); | 655 | if (rc) |
659 | if (p != NULL) | 656 | { |
660 | gcry_mpi_release (p); | 657 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); |
661 | if (q != NULL) | 658 | gcry_mpi_release (n); |
662 | gcry_mpi_release (q); | 659 | gcry_mpi_release (e); |
663 | return NULL; | 660 | gcry_mpi_release (d); |
661 | if (p != NULL) | ||
662 | gcry_mpi_release (p); | ||
663 | if (q != NULL) | ||
664 | gcry_mpi_release (q); | ||
665 | return NULL; | ||
666 | } | ||
664 | } | 667 | } |
665 | } | ||
666 | else | 668 | else |
667 | u = NULL; | 669 | u = NULL; |
668 | 670 | ||
669 | if ((p != NULL) && (q != NULL) && (u != NULL)) | 671 | if ((p != NULL) && (q != NULL) && (u != NULL)) |
670 | { | ||
671 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
672 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))", | ||
673 | n, e, d, p, q, u); | ||
674 | } | ||
675 | else | ||
676 | { | ||
677 | if ((p != NULL) && (q != NULL)) | ||
678 | { | 672 | { |
679 | rc = gcry_sexp_build (&res, &size, /* erroff */ | 673 | rc = gcry_sexp_build (&res, &size, /* erroff */ |
680 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))", | 674 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))", |
681 | n, e, d, p, q); | 675 | n, e, d, p, q, u); |
682 | } | 676 | } |
683 | else | 677 | else |
684 | { | 678 | { |
685 | rc = gcry_sexp_build (&res, &size, /* erroff */ | 679 | if ((p != NULL) && (q != NULL)) |
686 | "(private-key(rsa(n %m)(e %m)(d %m)))", n, e, d); | 680 | { |
681 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
682 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))", | ||
683 | n, e, d, p, q); | ||
684 | } | ||
685 | else | ||
686 | { | ||
687 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
688 | "(private-key(rsa(n %m)(e %m)(d %m)))", n, e, | ||
689 | d); | ||
690 | } | ||
687 | } | 691 | } |
688 | } | ||
689 | gcry_mpi_release (n); | 692 | gcry_mpi_release (n); |
690 | gcry_mpi_release (e); | 693 | gcry_mpi_release (e); |
691 | gcry_mpi_release (d); | 694 | gcry_mpi_release (d); |
@@ -700,10 +703,10 @@ ksk_decode_key (const struct KskRsaPrivateKeyBinaryEncoded *encoding) | |||
700 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | 703 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); |
701 | #if EXTRA_CHECKS | 704 | #if EXTRA_CHECKS |
702 | if (gcry_pk_testkey (res)) | 705 | if (gcry_pk_testkey (res)) |
703 | { | 706 | { |
704 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); | 707 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); |
705 | return NULL; | 708 | return NULL; |
706 | } | 709 | } |
707 | #endif | 710 | #endif |
708 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); | 711 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); |
709 | ret->sexp = res; | 712 | ret->sexp = res; |
@@ -733,13 +736,13 @@ GNUNET_CRYPTO_rsa_key_create_from_hash (const GNUNET_HashCode * hc) | |||
733 | unsigned int i; | 736 | unsigned int i; |
734 | 737 | ||
735 | for (i = 0; i < cacheSize; i++) | 738 | for (i = 0; i < cacheSize; i++) |
736 | { | ||
737 | if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode))) | ||
738 | { | 739 | { |
739 | ret = ksk_decode_key (cache[i]->pke); | 740 | if (0 == memcmp (hc, &cache[i]->hc, sizeof (GNUNET_HashCode))) |
740 | return ret; | 741 | { |
742 | ret = ksk_decode_key (cache[i]->pke); | ||
743 | return ret; | ||
744 | } | ||
741 | } | 745 | } |
742 | } | ||
743 | 746 | ||
744 | line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine)); | 747 | line = GNUNET_malloc (sizeof (struct KBlockKeyCacheLine)); |
745 | line->hc = *hc; | 748 | line->hc = *hc; |
@@ -755,10 +758,10 @@ void __attribute__ ((destructor)) GNUNET_CRYPTO_ksk_fini () | |||
755 | unsigned int i; | 758 | unsigned int i; |
756 | 759 | ||
757 | for (i = 0; i < cacheSize; i++) | 760 | for (i = 0; i < cacheSize; i++) |
758 | { | 761 | { |
759 | GNUNET_free (cache[i]->pke); | 762 | GNUNET_free (cache[i]->pke); |
760 | GNUNET_free (cache[i]); | 763 | GNUNET_free (cache[i]); |
761 | } | 764 | } |
762 | GNUNET_array_grow (cache, cacheSize, 0); | 765 | GNUNET_array_grow (cache, cacheSize, 0); |
763 | } | 766 | } |
764 | 767 | ||