diff options
Diffstat (limited to 'src/util/crypto_rsa.c')
-rw-r--r-- | src/util/crypto_rsa.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c index ae96a99ad..c09daa412 100644 --- a/src/util/crypto_rsa.c +++ b/src/util/crypto_rsa.c | |||
@@ -406,6 +406,7 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | |||
406 | char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */ | 406 | char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */ |
407 | struct RsaBlindingKey *blind; | 407 | struct RsaBlindingKey *blind; |
408 | gcry_mpi_t n; | 408 | gcry_mpi_t n; |
409 | gcry_mpi_t g; | ||
409 | 410 | ||
410 | blind = GNUNET_new (struct RsaBlindingKey); | 411 | blind = GNUNET_new (struct RsaBlindingKey); |
411 | 412 | ||
@@ -418,6 +419,14 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | |||
418 | xts, strlen(xts), | 419 | xts, strlen(xts), |
419 | bks, sizeof(*bks), | 420 | bks, sizeof(*bks), |
420 | "Blinding KDF"); | 421 | "Blinding KDF"); |
422 | |||
423 | /* If gcd(*r,n) != 1 then n must be a malicious fake RSA key | ||
424 | designed to deanomize the user. */ | ||
425 | g = gcry_mpi_new (0); | ||
426 | GNUNET_assert( gcry_mpi_gcd(g,blind->r,n) ); | ||
427 | gcry_mpi_release (g); | ||
428 | |||
429 | gcry_mpi_release (n); | ||
421 | return blind; | 430 | return blind; |
422 | } | 431 | } |
423 | 432 | ||
@@ -652,6 +661,7 @@ rsa_full_domain_hash (gcry_mpi_t *r, | |||
652 | gcry_mpi_t n; | 661 | gcry_mpi_t n; |
653 | char *xts; | 662 | char *xts; |
654 | size_t xts_len; | 663 | size_t xts_len; |
664 | gcry_mpi_t g; | ||
655 | 665 | ||
656 | /* Extract the composite n from the RSA public key */ | 666 | /* Extract the composite n from the RSA public key */ |
657 | GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") ); | 667 | GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") ); |
@@ -670,6 +680,14 @@ rsa_full_domain_hash (gcry_mpi_t *r, | |||
670 | "RSA-FDA FTpsW!"); | 680 | "RSA-FDA FTpsW!"); |
671 | 681 | ||
672 | GNUNET_free (xts); | 682 | GNUNET_free (xts); |
683 | |||
684 | /* If gcd(*r,n) != 1 then n must be a malicious fake RSA key | ||
685 | designed to deanomize the user. */ | ||
686 | g = gcry_mpi_new (0); | ||
687 | GNUNET_assert( gcry_mpi_gcd(g,*r,n) ); | ||
688 | gcry_mpi_release (g); | ||
689 | |||
690 | gcry_mpi_release (n); | ||
673 | } | 691 | } |
674 | 692 | ||
675 | 693 | ||