diff options
Diffstat (limited to 'src/util/crypto_rsa.c')
-rw-r--r-- | src/util/crypto_rsa.c | 181 |
1 files changed, 6 insertions, 175 deletions
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c index fec4d13db..63232cab6 100644 --- a/src/util/crypto_rsa.c +++ b/src/util/crypto_rsa.c | |||
@@ -139,12 +139,6 @@ key_from_sexp (gcry_mpi_t *array, | |||
139 | } | 139 | } |
140 | 140 | ||
141 | 141 | ||
142 | /** | ||
143 | * Create a new private key. Caller must free return value. | ||
144 | * | ||
145 | * @param len length of the key in bits (i.e. 2048) | ||
146 | * @return fresh private key | ||
147 | */ | ||
148 | struct GNUNET_CRYPTO_RsaPrivateKey * | 142 | struct GNUNET_CRYPTO_RsaPrivateKey * |
149 | GNUNET_CRYPTO_rsa_private_key_create (unsigned int len) | 143 | GNUNET_CRYPTO_rsa_private_key_create (unsigned int len) |
150 | { | 144 | { |
@@ -174,11 +168,6 @@ GNUNET_CRYPTO_rsa_private_key_create (unsigned int len) | |||
174 | } | 168 | } |
175 | 169 | ||
176 | 170 | ||
177 | /** | ||
178 | * Free memory occupied by the private key. | ||
179 | * | ||
180 | * @param key pointer to the memory to free | ||
181 | */ | ||
182 | void | 171 | void |
183 | GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key) | 172 | GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key) |
184 | { | 173 | { |
@@ -187,14 +176,6 @@ GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key) | |||
187 | } | 176 | } |
188 | 177 | ||
189 | 178 | ||
190 | /** | ||
191 | * Encode the private key in a format suitable for | ||
192 | * storing it into a file. | ||
193 | * | ||
194 | * @param key the private key | ||
195 | * @param[out] buffer set to a buffer with the encoded key | ||
196 | * @return size of memory allocated in @a buffer | ||
197 | */ | ||
198 | size_t | 179 | size_t |
199 | GNUNET_CRYPTO_rsa_private_key_encode (const struct | 180 | GNUNET_CRYPTO_rsa_private_key_encode (const struct |
200 | GNUNET_CRYPTO_RsaPrivateKey *key, | 181 | GNUNET_CRYPTO_RsaPrivateKey *key, |
@@ -218,14 +199,6 @@ GNUNET_CRYPTO_rsa_private_key_encode (const struct | |||
218 | } | 199 | } |
219 | 200 | ||
220 | 201 | ||
221 | /** | ||
222 | * Decode the private key from the data-format back | ||
223 | * to the "normal", internal format. | ||
224 | * | ||
225 | * @param buf the buffer where the private key data is stored | ||
226 | * @param buf_size the size of the data in @a buf | ||
227 | * @return NULL on error | ||
228 | */ | ||
229 | struct GNUNET_CRYPTO_RsaPrivateKey * | 202 | struct GNUNET_CRYPTO_RsaPrivateKey * |
230 | GNUNET_CRYPTO_rsa_private_key_decode (const void *buf, | 203 | GNUNET_CRYPTO_rsa_private_key_decode (const void *buf, |
231 | size_t buf_size) | 204 | size_t buf_size) |
@@ -255,12 +228,6 @@ GNUNET_CRYPTO_rsa_private_key_decode (const void *buf, | |||
255 | } | 228 | } |
256 | 229 | ||
257 | 230 | ||
258 | /** | ||
259 | * Extract the public key of the given private key. | ||
260 | * | ||
261 | * @param priv the private key | ||
262 | * @return NULL on error, otherwise the public key | ||
263 | */ | ||
264 | struct GNUNET_CRYPTO_RsaPublicKey * | 231 | struct GNUNET_CRYPTO_RsaPublicKey * |
265 | GNUNET_CRYPTO_rsa_private_key_get_public ( | 232 | GNUNET_CRYPTO_rsa_private_key_get_public ( |
266 | const struct GNUNET_CRYPTO_RsaPrivateKey *priv) | 233 | const struct GNUNET_CRYPTO_RsaPrivateKey *priv) |
@@ -296,11 +263,6 @@ GNUNET_CRYPTO_rsa_private_key_get_public ( | |||
296 | } | 263 | } |
297 | 264 | ||
298 | 265 | ||
299 | /** | ||
300 | * Free memory occupied by the public key. | ||
301 | * | ||
302 | * @param key pointer to the memory to free | ||
303 | */ | ||
304 | void | 266 | void |
305 | GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key) | 267 | GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key) |
306 | { | 268 | { |
@@ -334,14 +296,6 @@ struct GNUNET_CRYPTO_RsaPublicKeyHeaderP | |||
334 | GNUNET_NETWORK_STRUCT_END | 296 | GNUNET_NETWORK_STRUCT_END |
335 | 297 | ||
336 | 298 | ||
337 | /** | ||
338 | * Encode the public key in a format suitable for | ||
339 | * storing it into a file. | ||
340 | * | ||
341 | * @param key the private key | ||
342 | * @param[out] buffer set to a buffer with the encoded key | ||
343 | * @return size of memory allocated in @a buffer | ||
344 | */ | ||
345 | size_t | 299 | size_t |
346 | GNUNET_CRYPTO_rsa_public_key_encode ( | 300 | GNUNET_CRYPTO_rsa_public_key_encode ( |
347 | const struct GNUNET_CRYPTO_RsaPublicKey *key, | 301 | const struct GNUNET_CRYPTO_RsaPublicKey *key, |
@@ -409,12 +363,6 @@ GNUNET_CRYPTO_rsa_public_key_encode ( | |||
409 | } | 363 | } |
410 | 364 | ||
411 | 365 | ||
412 | /** | ||
413 | * Compute hash over the public key. | ||
414 | * | ||
415 | * @param key public key to hash | ||
416 | * @param hc where to store the hash code | ||
417 | */ | ||
418 | void | 366 | void |
419 | GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, | 367 | GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, |
420 | struct GNUNET_HashCode *hc) | 368 | struct GNUNET_HashCode *hc) |
@@ -431,14 +379,6 @@ GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, | |||
431 | } | 379 | } |
432 | 380 | ||
433 | 381 | ||
434 | /** | ||
435 | * Decode the public key from the data-format back | ||
436 | * to the "normal", internal format. | ||
437 | * | ||
438 | * @param buf the buffer where the public key data is stored | ||
439 | * @param len the length of the data in @a buf | ||
440 | * @return NULL on error | ||
441 | */ | ||
442 | struct GNUNET_CRYPTO_RsaPublicKey * | 382 | struct GNUNET_CRYPTO_RsaPublicKey * |
443 | GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, | 383 | GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, |
444 | size_t len) | 384 | size_t len) |
@@ -612,13 +552,6 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | |||
612 | */ | 552 | */ |
613 | 553 | ||
614 | 554 | ||
615 | /** | ||
616 | * Compare the values of two signatures. | ||
617 | * | ||
618 | * @param s1 one signature | ||
619 | * @param s2 the other signature | ||
620 | * @return 0 if the two are equal | ||
621 | */ | ||
622 | int | 555 | int |
623 | GNUNET_CRYPTO_rsa_signature_cmp (const struct GNUNET_CRYPTO_RsaSignature *s1, | 556 | GNUNET_CRYPTO_rsa_signature_cmp (const struct GNUNET_CRYPTO_RsaSignature *s1, |
624 | const struct GNUNET_CRYPTO_RsaSignature *s2) | 557 | const struct GNUNET_CRYPTO_RsaSignature *s2) |
@@ -645,13 +578,6 @@ GNUNET_CRYPTO_rsa_signature_cmp (const struct GNUNET_CRYPTO_RsaSignature *s1, | |||
645 | } | 578 | } |
646 | 579 | ||
647 | 580 | ||
648 | /** | ||
649 | * Compare the values of two public keys. | ||
650 | * | ||
651 | * @param p1 one public key | ||
652 | * @param p2 the other public key | ||
653 | * @return 0 if the two are equal | ||
654 | */ | ||
655 | int | 581 | int |
656 | GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1, | 582 | GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1, |
657 | const struct GNUNET_CRYPTO_RsaPublicKey *p2) | 583 | const struct GNUNET_CRYPTO_RsaPublicKey *p2) |
@@ -678,13 +604,6 @@ GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1, | |||
678 | } | 604 | } |
679 | 605 | ||
680 | 606 | ||
681 | /** | ||
682 | * Compare the values of two private keys. | ||
683 | * | ||
684 | * @param p1 one private key | ||
685 | * @param p2 the other private key | ||
686 | * @return 0 if the two are equal | ||
687 | */ | ||
688 | int | 607 | int |
689 | GNUNET_CRYPTO_rsa_private_key_cmp (const struct GNUNET_CRYPTO_RsaPrivateKey *p1, | 608 | GNUNET_CRYPTO_rsa_private_key_cmp (const struct GNUNET_CRYPTO_RsaPrivateKey *p1, |
690 | const struct GNUNET_CRYPTO_RsaPrivateKey *p2) | 609 | const struct GNUNET_CRYPTO_RsaPrivateKey *p2) |
@@ -711,12 +630,6 @@ GNUNET_CRYPTO_rsa_private_key_cmp (const struct GNUNET_CRYPTO_RsaPrivateKey *p1, | |||
711 | } | 630 | } |
712 | 631 | ||
713 | 632 | ||
714 | /** | ||
715 | * Obtain the length of the RSA key in bits. | ||
716 | * | ||
717 | * @param key the public key to introspect | ||
718 | * @return length of the key in bits | ||
719 | */ | ||
720 | unsigned int | 633 | unsigned int |
721 | GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key) | 634 | GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key) |
722 | { | 635 | { |
@@ -827,17 +740,7 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | |||
827 | } | 740 | } |
828 | 741 | ||
829 | 742 | ||
830 | /** | 743 | enum GNUNET_GenericReturnValue |
831 | * Blinds the given message with the given blinding key | ||
832 | * | ||
833 | * @param hash hash of the message to sign | ||
834 | * @param bkey the blinding key | ||
835 | * @param pkey the public key of the signer | ||
836 | * @param[out] buf set to a buffer with the blinded message to be signed | ||
837 | * @param[out] buf_size number of bytes stored in @a buf | ||
838 | * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious | ||
839 | */ | ||
840 | int | ||
841 | GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, | 744 | GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, |
842 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, | 745 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, |
843 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, | 746 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, |
@@ -863,7 +766,7 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, | |||
863 | GNUNET_break (0); | 766 | GNUNET_break (0); |
864 | *buf = NULL; | 767 | *buf = NULL; |
865 | *buf_size = 0; | 768 | *buf_size = 0; |
866 | return 0; | 769 | return GNUNET_NO; |
867 | } | 770 | } |
868 | 771 | ||
869 | data = rsa_full_domain_hash (pkey, hash); | 772 | data = rsa_full_domain_hash (pkey, hash); |
@@ -993,14 +896,6 @@ rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
993 | } | 896 | } |
994 | 897 | ||
995 | 898 | ||
996 | /** | ||
997 | * Sign a blinded value, which must be a full domain hash of a message. | ||
998 | * | ||
999 | * @param key private key to use for the signing | ||
1000 | * @param msg the message to sign | ||
1001 | * @param msg_len number of bytes in @a msg to sign | ||
1002 | * @return NULL on error, signature on success | ||
1003 | */ | ||
1004 | struct GNUNET_CRYPTO_RsaSignature * | 899 | struct GNUNET_CRYPTO_RsaSignature * |
1005 | GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 900 | GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
1006 | const void *msg, | 901 | const void *msg, |
@@ -1025,13 +920,6 @@ GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
1025 | } | 920 | } |
1026 | 921 | ||
1027 | 922 | ||
1028 | /** | ||
1029 | * Create and sign a full domain hash of a message. | ||
1030 | * | ||
1031 | * @param key private key to use for the signing | ||
1032 | * @param hash the hash of the message to sign | ||
1033 | * @return NULL on error, including a malicious RSA key, signature on success | ||
1034 | */ | ||
1035 | struct GNUNET_CRYPTO_RsaSignature * | 923 | struct GNUNET_CRYPTO_RsaSignature * |
1036 | GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 924 | GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
1037 | const struct GNUNET_HashCode *hash) | 925 | const struct GNUNET_HashCode *hash) |
@@ -1052,11 +940,6 @@ GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
1052 | } | 940 | } |
1053 | 941 | ||
1054 | 942 | ||
1055 | /** | ||
1056 | * Free memory occupied by signature. | ||
1057 | * | ||
1058 | * @param sig memory to free | ||
1059 | */ | ||
1060 | void | 943 | void |
1061 | GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig) | 944 | GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig) |
1062 | { | 945 | { |
@@ -1065,13 +948,6 @@ GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig) | |||
1065 | } | 948 | } |
1066 | 949 | ||
1067 | 950 | ||
1068 | /** | ||
1069 | * Encode the given signature in a format suitable for storing it into a file. | ||
1070 | * | ||
1071 | * @param sig the signature | ||
1072 | * @param[out] buffer set to a buffer with the encoded key | ||
1073 | * @return size of memory allocated in @a buffer | ||
1074 | */ | ||
1075 | size_t | 951 | size_t |
1076 | GNUNET_CRYPTO_rsa_signature_encode ( | 952 | GNUNET_CRYPTO_rsa_signature_encode ( |
1077 | const struct GNUNET_CRYPTO_RsaSignature *sig, | 953 | const struct GNUNET_CRYPTO_RsaSignature *sig, |
@@ -1112,14 +988,6 @@ GNUNET_CRYPTO_rsa_signature_encode ( | |||
1112 | } | 988 | } |
1113 | 989 | ||
1114 | 990 | ||
1115 | /** | ||
1116 | * Decode the signature from the data-format back to the "normal", internal | ||
1117 | * format. | ||
1118 | * | ||
1119 | * @param buf the buffer where the public key data is stored | ||
1120 | * @param buf_size the size of the data in @a buf | ||
1121 | * @return NULL on error | ||
1122 | */ | ||
1123 | struct GNUNET_CRYPTO_RsaSignature * | 991 | struct GNUNET_CRYPTO_RsaSignature * |
1124 | GNUNET_CRYPTO_rsa_signature_decode (const void *buf, | 992 | GNUNET_CRYPTO_rsa_signature_decode (const void *buf, |
1125 | size_t buf_size) | 993 | size_t buf_size) |
@@ -1156,12 +1024,6 @@ GNUNET_CRYPTO_rsa_signature_decode (const void *buf, | |||
1156 | } | 1024 | } |
1157 | 1025 | ||
1158 | 1026 | ||
1159 | /** | ||
1160 | * Duplicate the given public key | ||
1161 | * | ||
1162 | * @param key the public key to duplicate | ||
1163 | * @return the duplicate key; NULL upon error | ||
1164 | */ | ||
1165 | struct GNUNET_CRYPTO_RsaPublicKey * | 1027 | struct GNUNET_CRYPTO_RsaPublicKey * |
1166 | GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key) | 1028 | GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key) |
1167 | { | 1029 | { |
@@ -1181,16 +1043,6 @@ GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key) | |||
1181 | } | 1043 | } |
1182 | 1044 | ||
1183 | 1045 | ||
1184 | /** | ||
1185 | * Unblind a blind-signed signature. The signature should have been generated | ||
1186 | * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with | ||
1187 | * #GNUNET_CRYPTO_rsa_blind(). | ||
1188 | * | ||
1189 | * @param sig the signature made on the blinded signature purpose | ||
1190 | * @param bks the blinding key secret used to blind the signature purpose | ||
1191 | * @param pkey the public key of the signer | ||
1192 | * @return unblinded signature on success, NULL if RSA key is bad or malicious. | ||
1193 | */ | ||
1194 | struct GNUNET_CRYPTO_RsaSignature * | 1046 | struct GNUNET_CRYPTO_RsaSignature * |
1195 | GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, | 1047 | GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, |
1196 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, | 1048 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, |
@@ -1272,16 +1124,7 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, | |||
1272 | } | 1124 | } |
1273 | 1125 | ||
1274 | 1126 | ||
1275 | /** | 1127 | enum GNUNET_GenericReturnValue |
1276 | * Verify whether the given hash corresponds to the given signature and | ||
1277 | * the signature is valid with respect to the given public key. | ||
1278 | * | ||
1279 | * @param hash hash of the message to verify to match the @a sig | ||
1280 | * @param sig signature that is being validated | ||
1281 | * @param pkey public key of the signer | ||
1282 | * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid | ||
1283 | */ | ||
1284 | int | ||
1285 | GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, | 1128 | GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, |
1286 | const struct GNUNET_CRYPTO_RsaSignature *sig, | 1129 | const struct GNUNET_CRYPTO_RsaSignature *sig, |
1287 | const struct GNUNET_CRYPTO_RsaPublicKey *pkey) | 1130 | const struct GNUNET_CRYPTO_RsaPublicKey *pkey) |
@@ -1319,23 +1162,17 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, | |||
1319 | __FILE__, | 1162 | __FILE__, |
1320 | __LINE__, | 1163 | __LINE__, |
1321 | gcry_strerror (rc)); | 1164 | gcry_strerror (rc)); |
1322 | return GNUNET_SYSERR; | ||
1323 | BENCHMARK_END (rsa_verify); | 1165 | BENCHMARK_END (rsa_verify); |
1166 | return GNUNET_SYSERR; | ||
1324 | } | 1167 | } |
1325 | BENCHMARK_END (rsa_verify); | 1168 | BENCHMARK_END (rsa_verify); |
1326 | return GNUNET_OK; | 1169 | return GNUNET_OK; |
1327 | } | 1170 | } |
1328 | 1171 | ||
1329 | 1172 | ||
1330 | /** | ||
1331 | * Duplicate the given private key | ||
1332 | * | ||
1333 | * @param key the private key to duplicate | ||
1334 | * @return the duplicate key; NULL upon error | ||
1335 | */ | ||
1336 | struct GNUNET_CRYPTO_RsaPrivateKey * | 1173 | struct GNUNET_CRYPTO_RsaPrivateKey * |
1337 | GNUNET_CRYPTO_rsa_private_key_dup (const struct | 1174 | GNUNET_CRYPTO_rsa_private_key_dup ( |
1338 | GNUNET_CRYPTO_RsaPrivateKey *key) | 1175 | const struct GNUNET_CRYPTO_RsaPrivateKey *key) |
1339 | { | 1176 | { |
1340 | struct GNUNET_CRYPTO_RsaPrivateKey *dup; | 1177 | struct GNUNET_CRYPTO_RsaPrivateKey *dup; |
1341 | gcry_sexp_t dup_sexp; | 1178 | gcry_sexp_t dup_sexp; |
@@ -1353,12 +1190,6 @@ GNUNET_CRYPTO_rsa_private_key_dup (const struct | |||
1353 | } | 1190 | } |
1354 | 1191 | ||
1355 | 1192 | ||
1356 | /** | ||
1357 | * Duplicate the given private key | ||
1358 | * | ||
1359 | * @param key the private key to duplicate | ||
1360 | * @return the duplicate key; NULL upon error | ||
1361 | */ | ||
1362 | struct GNUNET_CRYPTO_RsaSignature * | 1193 | struct GNUNET_CRYPTO_RsaSignature * |
1363 | GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig) | 1194 | GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig) |
1364 | { | 1195 | { |