aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto_rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/crypto_rsa.c')
-rw-r--r--src/util/crypto_rsa.c1106
1 files changed, 553 insertions, 553 deletions
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index 8cb0fe6c6..0a20fdffa 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -1,22 +1,22 @@
1/* 1/*
2 This file is part of GNUnet 2 This file is part of GNUnet
3 Copyright (C) 2014,2016 GNUnet e.V. 3 Copyright (C) 2014,2016 GNUnet e.V.
4 4
5 GNUnet is free software: you can redistribute it and/or modify it 5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published 6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License, 7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version. 8 or (at your option) any later version.
9 9
10 GNUnet is distributed in the hope that it will be useful, but 10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of 11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details. 13 Affero General Public License for more details.
14 14
15 You should have received a copy of the GNU Affero General Public License 15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. 16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17 17
18 SPDX-License-Identifier: AGPL3.0-or-later 18 SPDX-License-Identifier: AGPL3.0-or-later
19*/ 19 */
20 20
21/** 21/**
22 * @file util/crypto_rsa.c 22 * @file util/crypto_rsa.c
@@ -30,14 +30,13 @@
30#include "gnunet_crypto_lib.h" 30#include "gnunet_crypto_lib.h"
31#include "benchmark.h" 31#include "benchmark.h"
32 32
33#define LOG(kind,...) GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__) 33#define LOG(kind, ...) GNUNET_log_from(kind, "util-crypto-rsa", __VA_ARGS__)
34 34
35 35
36/** 36/**
37 * The private information of an RSA key pair. 37 * The private information of an RSA key pair.
38 */ 38 */
39struct GNUNET_CRYPTO_RsaPrivateKey 39struct GNUNET_CRYPTO_RsaPrivateKey {
40{
41 /** 40 /**
42 * Libgcrypt S-expression for the RSA private key. 41 * Libgcrypt S-expression for the RSA private key.
43 */ 42 */
@@ -48,8 +47,7 @@ struct GNUNET_CRYPTO_RsaPrivateKey
48/** 47/**
49 * The public information of an RSA key pair. 48 * The public information of an RSA key pair.
50 */ 49 */
51struct GNUNET_CRYPTO_RsaPublicKey 50struct GNUNET_CRYPTO_RsaPublicKey {
52{
53 /** 51 /**
54 * Libgcrypt S-expression for the RSA public key. 52 * Libgcrypt S-expression for the RSA public key.
55 */ 53 */
@@ -60,8 +58,7 @@ struct GNUNET_CRYPTO_RsaPublicKey
60/** 58/**
61 * @brief an RSA signature 59 * @brief an RSA signature
62 */ 60 */
63struct GNUNET_CRYPTO_RsaSignature 61struct GNUNET_CRYPTO_RsaSignature {
64{
65 /** 62 /**
66 * Libgcrypt S-expression for the RSA signature. 63 * Libgcrypt S-expression for the RSA signature.
67 */ 64 */
@@ -72,8 +69,7 @@ struct GNUNET_CRYPTO_RsaSignature
72/** 69/**
73 * @brief RSA blinding key 70 * @brief RSA blinding key
74 */ 71 */
75struct RsaBlindingKey 72struct RsaBlindingKey {
76{
77 /** 73 /**
78 * Random value used for blinding. 74 * Random value used for blinding.
79 */ 75 */
@@ -91,50 +87,50 @@ struct RsaBlindingKey
91 * @return 0 on success 87 * @return 0 on success
92 */ 88 */
93static int 89static int
94key_from_sexp (gcry_mpi_t *array, 90key_from_sexp(gcry_mpi_t *array,
95 gcry_sexp_t sexp, 91 gcry_sexp_t sexp,
96 const char *topname, 92 const char *topname,
97 const char *elems) 93 const char *elems)
98{ 94{
99 gcry_sexp_t list; 95 gcry_sexp_t list;
100 gcry_sexp_t l2; 96 gcry_sexp_t l2;
101 const char *s; 97 const char *s;
102 unsigned int idx; 98 unsigned int idx;
103 99
104 if (! (list = gcry_sexp_find_token (sexp, topname, 0))) 100 if (!(list = gcry_sexp_find_token(sexp, topname, 0)))
105 return 1; 101 return 1;
106 l2 = gcry_sexp_cadr (list); 102 l2 = gcry_sexp_cadr(list);
107 gcry_sexp_release (list); 103 gcry_sexp_release(list);
108 list = l2; 104 list = l2;
109 if (! list) 105 if (!list)
110 return 2; 106 return 2;
111 idx = 0; 107 idx = 0;
112 for (s = elems; *s; s++, idx++) 108 for (s = elems; *s; s++, idx++)
113 {
114 if (! (l2 = gcry_sexp_find_token (list, s, 1)))
115 {
116 for (unsigned int i = 0; i < idx; i++)
117 {
118 gcry_free (array[i]);
119 array[i] = NULL;
120 }
121 gcry_sexp_release (list);
122 return 3; /* required parameter not found */
123 }
124 array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
125 gcry_sexp_release (l2);
126 if (! array[idx])
127 { 109 {
128 for (unsigned int i = 0; i < idx; i++) 110 if (!(l2 = gcry_sexp_find_token(list, s, 1)))
129 { 111 {
130 gcry_free (array[i]); 112 for (unsigned int i = 0; i < idx; i++)
131 array[i] = NULL; 113 {
132 } 114 gcry_free(array[i]);
133 gcry_sexp_release (list); 115 array[i] = NULL;
134 return 4; /* required parameter is invalid */ 116 }
117 gcry_sexp_release(list);
118 return 3; /* required parameter not found */
119 }
120 array[idx] = gcry_sexp_nth_mpi(l2, 1, GCRYMPI_FMT_USG);
121 gcry_sexp_release(l2);
122 if (!array[idx])
123 {
124 for (unsigned int i = 0; i < idx; i++)
125 {
126 gcry_free(array[i]);
127 array[i] = NULL;
128 }
129 gcry_sexp_release(list);
130 return 4; /* required parameter is invalid */
131 }
135 } 132 }
136 } 133 gcry_sexp_release(list);
137 gcry_sexp_release (list);
138 return 0; 134 return 0;
139} 135}
140 136
@@ -146,30 +142,30 @@ key_from_sexp (gcry_mpi_t *array,
146 * @return fresh private key 142 * @return fresh private key
147 */ 143 */
148struct GNUNET_CRYPTO_RsaPrivateKey * 144struct GNUNET_CRYPTO_RsaPrivateKey *
149GNUNET_CRYPTO_rsa_private_key_create (unsigned int len) 145GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
150{ 146{
151 struct GNUNET_CRYPTO_RsaPrivateKey *ret; 147 struct GNUNET_CRYPTO_RsaPrivateKey *ret;
152 gcry_sexp_t s_key; 148 gcry_sexp_t s_key;
153 gcry_sexp_t s_keyparam; 149 gcry_sexp_t s_keyparam;
154 150
155 BENCHMARK_START (rsa_private_key_create); 151 BENCHMARK_START(rsa_private_key_create);
156 152
157 GNUNET_assert (0 == 153 GNUNET_assert(0 ==
158 gcry_sexp_build (&s_keyparam, 154 gcry_sexp_build(&s_keyparam,
159 NULL, 155 NULL,
160 "(genkey(rsa(nbits %d)))", 156 "(genkey(rsa(nbits %d)))",
161 len)); 157 len));
162 GNUNET_assert (0 == 158 GNUNET_assert(0 ==
163 gcry_pk_genkey (&s_key, 159 gcry_pk_genkey(&s_key,
164 s_keyparam)); 160 s_keyparam));
165 gcry_sexp_release (s_keyparam); 161 gcry_sexp_release(s_keyparam);
166#if EXTRA_CHECKS 162#if EXTRA_CHECKS
167 GNUNET_assert (0 == 163 GNUNET_assert(0 ==
168 gcry_pk_testkey (s_key)); 164 gcry_pk_testkey(s_key));
169#endif 165#endif
170 ret = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); 166 ret = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey);
171 ret->sexp = s_key; 167 ret->sexp = s_key;
172 BENCHMARK_END (rsa_private_key_create); 168 BENCHMARK_END(rsa_private_key_create);
173 return ret; 169 return ret;
174} 170}
175 171
@@ -180,10 +176,10 @@ GNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
180 * @param key pointer to the memory to free 176 * @param key pointer to the memory to free
181 */ 177 */
182void 178void
183GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key) 179GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
184{ 180{
185 gcry_sexp_release (key->sexp); 181 gcry_sexp_release(key->sexp);
186 GNUNET_free (key); 182 GNUNET_free(key);
187} 183}
188 184
189 185
@@ -196,22 +192,22 @@ GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
196 * @return size of memory allocated in @a buffer 192 * @return size of memory allocated in @a buffer
197 */ 193 */
198size_t 194size_t
199GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, 195GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key,
200 char **buffer) 196 char **buffer)
201{ 197{
202 size_t n; 198 size_t n;
203 char *b; 199 char *b;
204 200
205 n = gcry_sexp_sprint (key->sexp, 201 n = gcry_sexp_sprint(key->sexp,
206 GCRYSEXP_FMT_DEFAULT, 202 GCRYSEXP_FMT_DEFAULT,
207 NULL, 203 NULL,
208 0); 204 0);
209 b = GNUNET_malloc (n); 205 b = GNUNET_malloc(n);
210 GNUNET_assert ((n - 1) == /* since the last byte is \0 */ 206 GNUNET_assert((n - 1) == /* since the last byte is \0 */
211 gcry_sexp_sprint (key->sexp, 207 gcry_sexp_sprint(key->sexp,
212 GCRYSEXP_FMT_DEFAULT, 208 GCRYSEXP_FMT_DEFAULT,
213 b, 209 b,
214 n)); 210 n));
215 *buffer = b; 211 *buffer = b;
216 return n; 212 return n;
217} 213}
@@ -226,29 +222,30 @@ GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *
226 * @return NULL on error 222 * @return NULL on error
227 */ 223 */
228struct GNUNET_CRYPTO_RsaPrivateKey * 224struct GNUNET_CRYPTO_RsaPrivateKey *
229GNUNET_CRYPTO_rsa_private_key_decode (const char *buf, 225GNUNET_CRYPTO_rsa_private_key_decode(const char *buf,
230 size_t len) 226 size_t len)
231{ 227{
232 struct GNUNET_CRYPTO_RsaPrivateKey *key; 228 struct GNUNET_CRYPTO_RsaPrivateKey *key;
233 key = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); 229
230 key = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey);
234 if (0 != 231 if (0 !=
235 gcry_sexp_new (&key->sexp, 232 gcry_sexp_new(&key->sexp,
236 buf, 233 buf,
237 len, 234 len,
238 0)) 235 0))
239 { 236 {
240 LOG (GNUNET_ERROR_TYPE_WARNING, 237 LOG(GNUNET_ERROR_TYPE_WARNING,
241 "Decoded private key is not valid\n"); 238 "Decoded private key is not valid\n");
242 GNUNET_free (key); 239 GNUNET_free(key);
243 return NULL; 240 return NULL;
244 } 241 }
245 if (0 != gcry_pk_testkey (key->sexp)) 242 if (0 != gcry_pk_testkey(key->sexp))
246 { 243 {
247 LOG (GNUNET_ERROR_TYPE_WARNING, 244 LOG(GNUNET_ERROR_TYPE_WARNING,
248 "Decoded private key is not valid\n"); 245 "Decoded private key is not valid\n");
249 GNUNET_CRYPTO_rsa_private_key_free (key); 246 GNUNET_CRYPTO_rsa_private_key_free(key);
250 return NULL; 247 return NULL;
251 } 248 }
252 return key; 249 return key;
253} 250}
254 251
@@ -260,35 +257,35 @@ GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
260 * @retur NULL on error, otherwise the public key 257 * @retur NULL on error, otherwise the public key
261 */ 258 */
262struct GNUNET_CRYPTO_RsaPublicKey * 259struct GNUNET_CRYPTO_RsaPublicKey *
263GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv) 260GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
264{ 261{
265 struct GNUNET_CRYPTO_RsaPublicKey *pub; 262 struct GNUNET_CRYPTO_RsaPublicKey *pub;
266 gcry_mpi_t ne[2]; 263 gcry_mpi_t ne[2];
267 int rc; 264 int rc;
268 gcry_sexp_t result; 265 gcry_sexp_t result;
269 266
270 BENCHMARK_START (rsa_private_key_get_public); 267 BENCHMARK_START(rsa_private_key_get_public);
271 268
272 rc = key_from_sexp (ne, priv->sexp, "public-key", "ne"); 269 rc = key_from_sexp(ne, priv->sexp, "public-key", "ne");
273 if (0 != rc) 270 if (0 != rc)
274 rc = key_from_sexp (ne, priv->sexp, "private-key", "ne"); 271 rc = key_from_sexp(ne, priv->sexp, "private-key", "ne");
275 if (0 != rc) 272 if (0 != rc)
276 rc = key_from_sexp (ne, priv->sexp, "rsa", "ne"); 273 rc = key_from_sexp(ne, priv->sexp, "rsa", "ne");
277 if (0 != rc) 274 if (0 != rc)
278 { 275 {
279 GNUNET_break_op (0); 276 GNUNET_break_op(0);
280 return NULL; 277 return NULL;
281 } 278 }
282 rc = gcry_sexp_build (&result, 279 rc = gcry_sexp_build(&result,
283 NULL, 280 NULL,
284 "(public-key(rsa(n %m)(e %m)))", 281 "(public-key(rsa(n %m)(e %m)))",
285 ne[0], 282 ne[0],
286 ne[1]); 283 ne[1]);
287 gcry_mpi_release (ne[0]); 284 gcry_mpi_release(ne[0]);
288 gcry_mpi_release (ne[1]); 285 gcry_mpi_release(ne[1]);
289 pub = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); 286 pub = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey);
290 pub->sexp = result; 287 pub->sexp = result;
291 BENCHMARK_END (rsa_private_key_get_public); 288 BENCHMARK_END(rsa_private_key_get_public);
292 return pub; 289 return pub;
293} 290}
294 291
@@ -299,10 +296,10 @@ GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateK
299 * @param key pointer to the memory to free 296 * @param key pointer to the memory to free
300 */ 297 */
301void 298void
302GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key) 299GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
303{ 300{
304 gcry_sexp_release (key->sexp); 301 gcry_sexp_release(key->sexp);
305 GNUNET_free (key); 302 GNUNET_free(key);
306} 303}
307 304
308 305
@@ -315,22 +312,22 @@ GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key)
315 * @return size of memory allocated in @a buffer 312 * @return size of memory allocated in @a buffer
316 */ 313 */
317size_t 314size_t
318GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, 315GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key,
319 char **buffer) 316 char **buffer)
320{ 317{
321 size_t n; 318 size_t n;
322 char *b; 319 char *b;
323 320
324 n = gcry_sexp_sprint (key->sexp, 321 n = gcry_sexp_sprint(key->sexp,
325 GCRYSEXP_FMT_ADVANCED, 322 GCRYSEXP_FMT_ADVANCED,
326 NULL, 323 NULL,
327 0); 324 0);
328 b = GNUNET_malloc (n); 325 b = GNUNET_malloc(n);
329 GNUNET_assert ((n -1) == /* since the last byte is \0 */ 326 GNUNET_assert((n - 1) == /* since the last byte is \0 */
330 gcry_sexp_sprint (key->sexp, 327 gcry_sexp_sprint(key->sexp,
331 GCRYSEXP_FMT_ADVANCED, 328 GCRYSEXP_FMT_ADVANCED,
332 b, 329 b,
333 n)); 330 n));
334 *buffer = b; 331 *buffer = b;
335 return n; 332 return n;
336} 333}
@@ -343,18 +340,18 @@ GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *ke
343 * @param hc where to store the hash code 340 * @param hc where to store the hash code
344 */ 341 */
345void 342void
346GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, 343GNUNET_CRYPTO_rsa_public_key_hash(const struct GNUNET_CRYPTO_RsaPublicKey *key,
347 struct GNUNET_HashCode *hc) 344 struct GNUNET_HashCode *hc)
348{ 345{
349 char *buf; 346 char *buf;
350 size_t buf_size; 347 size_t buf_size;
351 348
352 buf_size = GNUNET_CRYPTO_rsa_public_key_encode (key, 349 buf_size = GNUNET_CRYPTO_rsa_public_key_encode(key,
353 &buf); 350 &buf);
354 GNUNET_CRYPTO_hash (buf, 351 GNUNET_CRYPTO_hash(buf,
355 buf_size, 352 buf_size,
356 hc); 353 hc);
357 GNUNET_free (buf); 354 GNUNET_free(buf);
358} 355}
359 356
360 357
@@ -367,37 +364,37 @@ GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key,
367 * @return NULL on error 364 * @return NULL on error
368 */ 365 */
369struct GNUNET_CRYPTO_RsaPublicKey * 366struct GNUNET_CRYPTO_RsaPublicKey *
370GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, 367GNUNET_CRYPTO_rsa_public_key_decode(const char *buf,
371 size_t len) 368 size_t len)
372{ 369{
373 struct GNUNET_CRYPTO_RsaPublicKey *key; 370 struct GNUNET_CRYPTO_RsaPublicKey *key;
374 gcry_mpi_t n; 371 gcry_mpi_t n;
375 int ret; 372 int ret;
376 373
377 key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); 374 key = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey);
378 if (0 != 375 if (0 !=
379 gcry_sexp_new (&key->sexp, 376 gcry_sexp_new(&key->sexp,
380 buf, 377 buf,
381 len, 378 len,
382 0)) 379 0))
383 { 380 {
384 GNUNET_break_op (0); 381 GNUNET_break_op(0);
385 GNUNET_free (key); 382 GNUNET_free(key);
386 return NULL; 383 return NULL;
387 } 384 }
388 /* verify that this is an RSA public key */ 385 /* verify that this is an RSA public key */
389 ret = key_from_sexp (&n, key->sexp, "public-key", "n"); 386 ret = key_from_sexp(&n, key->sexp, "public-key", "n");
390 if (0 != ret) 387 if (0 != ret)
391 ret = key_from_sexp (&n, key->sexp, "rsa", "n"); 388 ret = key_from_sexp(&n, key->sexp, "rsa", "n");
392 if (0 != ret) 389 if (0 != ret)
393 { 390 {
394 /* this is no public RSA key */ 391 /* this is no public RSA key */
395 GNUNET_break (0); 392 GNUNET_break(0);
396 gcry_sexp_release (key->sexp); 393 gcry_sexp_release(key->sexp);
397 GNUNET_free (key); 394 GNUNET_free(key);
398 return NULL; 395 return NULL;
399 } 396 }
400 gcry_mpi_release (n); 397 gcry_mpi_release(n);
401 return key; 398 return key;
402} 399}
403 400
@@ -419,9 +416,9 @@ rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
419 gcry_mpi_t g; 416 gcry_mpi_t g;
420 int t; 417 int t;
421 418
422 g = gcry_mpi_new (0); 419 g = gcry_mpi_new(0);
423 t = gcry_mpi_gcd(g,r,n); 420 t = gcry_mpi_gcd(g, r, n);
424 gcry_mpi_release (g); 421 gcry_mpi_release(g);
425 return t; 422 return t;
426} 423}
427 424
@@ -434,77 +431,78 @@ rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
434 * @return the newly created blinding key, NULL if RSA key is malicious 431 * @return the newly created blinding key, NULL if RSA key is malicious
435 */ 432 */
436static struct RsaBlindingKey * 433static struct RsaBlindingKey *
437rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, 434rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
438 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks) 435 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
439{ 436{
440 char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */ 437 char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */
441 struct RsaBlindingKey *blind; 438 struct RsaBlindingKey *blind;
442 gcry_mpi_t n; 439 gcry_mpi_t n;
443 440
444 blind = GNUNET_new (struct RsaBlindingKey); 441 blind = GNUNET_new(struct RsaBlindingKey);
445 GNUNET_assert( NULL != blind ); 442 GNUNET_assert(NULL != blind);
446 443
447 /* Extract the composite n from the RSA public key */ 444 /* Extract the composite n from the RSA public key */
448 GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") ); 445 GNUNET_assert(0 == key_from_sexp(&n, pkey->sexp, "rsa", "n"));
449 /* Assert that it at least looks like an RSA key */ 446 /* Assert that it at least looks like an RSA key */
450 GNUNET_assert( 0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE) ); 447 GNUNET_assert(0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE));
451 448
452 GNUNET_CRYPTO_kdf_mod_mpi (&blind->r, 449 GNUNET_CRYPTO_kdf_mod_mpi(&blind->r,
453 n, 450 n,
454 xts, strlen(xts), 451 xts, strlen(xts),
455 bks, sizeof(*bks), 452 bks, sizeof(*bks),
456 "Blinding KDF"); 453 "Blinding KDF");
457 if (0 == rsa_gcd_validate(blind->r, n)) { 454 if (0 == rsa_gcd_validate(blind->r, n))
458 GNUNET_free (blind); 455 {
459 blind = NULL; 456 GNUNET_free(blind);
460 } 457 blind = NULL;
461 458 }
462 gcry_mpi_release (n); 459
460 gcry_mpi_release(n);
463 return blind; 461 return blind;
464} 462}
465 463
466 464
467/* 465/*
468We originally added GNUNET_CRYPTO_kdf_mod_mpi for the benifit of the 466 We originally added GNUNET_CRYPTO_kdf_mod_mpi for the benifit of the
469previous routine. 467 previous routine.
470 468
471There was previously a call to GNUNET_CRYPTO_kdf in 469 There was previously a call to GNUNET_CRYPTO_kdf in
472 bkey = rsa_blinding_key_derive (len, bks); 470 bkey = rsa_blinding_key_derive (len, bks);
473that gives exactly len bits where 471 that gives exactly len bits where
474 len = GNUNET_CRYPTO_rsa_public_key_len (pkey); 472 len = GNUNET_CRYPTO_rsa_public_key_len (pkey);
475 473
476Now r = 2^(len-1)/pkey.n is the probability that a set high bit being 474 Now r = 2^(len-1)/pkey.n is the probability that a set high bit being
477okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey > 475 okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey >
478pkey.n making the effective bkey be 476 pkey.n making the effective bkey be
479 bkey mod pkey.n = bkey - pkey.n 477 bkey mod pkey.n = bkey - pkey.n
480so the effective bkey has its high bit set with probability r/2. 478 so the effective bkey has its high bit set with probability r/2.
481 479
482We expect r to be close to 1/2 if the exchange is honest, but the 480 We expect r to be close to 1/2 if the exchange is honest, but the
483exchange can choose r otherwise. 481 exchange can choose r otherwise.
484 482
485In blind signing, the exchange sees 483 In blind signing, the exchange sees
486 B = bkey * S mod pkey.n 484 B = bkey * S mod pkey.n
487On deposit, the exchange sees S so they can compute bkey' = B/S mod 485 On deposit, the exchange sees S so they can compute bkey' = B/S mod
488pkey.n for all B they recorded to see if bkey' has it's high bit set. 486 pkey.n for all B they recorded to see if bkey' has it's high bit set.
489Also, note the exchange can compute 1/S efficiently since they know the 487 Also, note the exchange can compute 1/S efficiently since they know the
490factors of pkey.n. 488 factors of pkey.n.
491 489
492I suppose that happens with probability r/(1+r) if its the wrong B, not 490 I suppose that happens with probability r/(1+r) if its the wrong B, not
493completely sure. If otoh we've the right B, then we've the probability 491 completely sure. If otoh we've the right B, then we've the probability
494r/2 of a set high bit in the effective bkey. 492 r/2 of a set high bit in the effective bkey.
495 493
496Interestingly, r^2-r has a maximum at the default r=1/2 anyways, giving 494 Interestingly, r^2-r has a maximum at the default r=1/2 anyways, giving
497the wrong and right probabilities 1/3 and 1/4, respectively. 495 the wrong and right probabilities 1/3 and 1/4, respectively.
498 496
499I feared this gives the exchange a meaningful fraction of a bit of 497 I feared this gives the exchange a meaningful fraction of a bit of
500information per coin involved in the transaction. It sounds damaging if 498 information per coin involved in the transaction. It sounds damaging if
501numerous coins were involved. And it could run across transactions in 499 numerous coins were involved. And it could run across transactions in
502some scenarios. 500 some scenarios.
503 501
504We fixed this by using a more uniform deterministic pseudo-random number 502 We fixed this by using a more uniform deterministic pseudo-random number
505generator for blinding factors. I do not believe this to be a problem 503 generator for blinding factors. I do not believe this to be a problem
506for the rsa_full_domain_hash routine, but better safe than sorry. 504 for the rsa_full_domain_hash routine, but better safe than sorry.
507*/ 505 */
508 506
509 507
510/** 508/**
@@ -515,8 +513,8 @@ for the rsa_full_domain_hash routine, but better safe than sorry.
515 * @return 0 if the two are equal 513 * @return 0 if the two are equal
516 */ 514 */
517int 515int
518GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, 516GNUNET_CRYPTO_rsa_signature_cmp(struct GNUNET_CRYPTO_RsaSignature *s1,
519 struct GNUNET_CRYPTO_RsaSignature *s2) 517 struct GNUNET_CRYPTO_RsaSignature *s2)
520{ 518{
521 char *b1; 519 char *b1;
522 char *b2; 520 char *b2;
@@ -524,18 +522,18 @@ GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1,
524 size_t z2; 522 size_t z2;
525 int ret; 523 int ret;
526 524
527 z1 = GNUNET_CRYPTO_rsa_signature_encode (s1, 525 z1 = GNUNET_CRYPTO_rsa_signature_encode(s1,
528 &b1); 526 &b1);
529 z2 = GNUNET_CRYPTO_rsa_signature_encode (s2, 527 z2 = GNUNET_CRYPTO_rsa_signature_encode(s2,
530 &b2); 528 &b2);
531 if (z1 != z2) 529 if (z1 != z2)
532 ret = 1; 530 ret = 1;
533 else 531 else
534 ret = memcmp (b1, 532 ret = memcmp(b1,
535 b2, 533 b2,
536 z1); 534 z1);
537 GNUNET_free (b1); 535 GNUNET_free(b1);
538 GNUNET_free (b2); 536 GNUNET_free(b2);
539 return ret; 537 return ret;
540} 538}
541 539
@@ -548,8 +546,8 @@ GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1,
548 * @return 0 if the two are equal 546 * @return 0 if the two are equal
549 */ 547 */
550int 548int
551GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, 549GNUNET_CRYPTO_rsa_public_key_cmp(struct GNUNET_CRYPTO_RsaPublicKey *p1,
552 struct GNUNET_CRYPTO_RsaPublicKey *p2) 550 struct GNUNET_CRYPTO_RsaPublicKey *p2)
553{ 551{
554 char *b1; 552 char *b1;
555 char *b2; 553 char *b2;
@@ -557,18 +555,18 @@ GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1,
557 size_t z2; 555 size_t z2;
558 int ret; 556 int ret;
559 557
560 z1 = GNUNET_CRYPTO_rsa_public_key_encode (p1, 558 z1 = GNUNET_CRYPTO_rsa_public_key_encode(p1,
561 &b1); 559 &b1);
562 z2 = GNUNET_CRYPTO_rsa_public_key_encode (p2, 560 z2 = GNUNET_CRYPTO_rsa_public_key_encode(p2,
563 &b2); 561 &b2);
564 if (z1 != z2) 562 if (z1 != z2)
565 ret = 1; 563 ret = 1;
566 else 564 else
567 ret = memcmp (b1, 565 ret = memcmp(b1,
568 b2, 566 b2,
569 z1); 567 z1);
570 GNUNET_free (b1); 568 GNUNET_free(b1);
571 GNUNET_free (b2); 569 GNUNET_free(b2);
572 return ret; 570 return ret;
573} 571}
574 572
@@ -581,8 +579,8 @@ GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1,
581 * @return 0 if the two are equal 579 * @return 0 if the two are equal
582 */ 580 */
583int 581int
584GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, 582GNUNET_CRYPTO_rsa_private_key_cmp(struct GNUNET_CRYPTO_RsaPrivateKey *p1,
585 struct GNUNET_CRYPTO_RsaPrivateKey *p2) 583 struct GNUNET_CRYPTO_RsaPrivateKey *p2)
586{ 584{
587 char *b1; 585 char *b1;
588 char *b2; 586 char *b2;
@@ -590,18 +588,18 @@ GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1,
590 size_t z2; 588 size_t z2;
591 int ret; 589 int ret;
592 590
593 z1 = GNUNET_CRYPTO_rsa_private_key_encode (p1, 591 z1 = GNUNET_CRYPTO_rsa_private_key_encode(p1,
594 &b1); 592 &b1);
595 z2 = GNUNET_CRYPTO_rsa_private_key_encode (p2, 593 z2 = GNUNET_CRYPTO_rsa_private_key_encode(p2,
596 &b2); 594 &b2);
597 if (z1 != z2) 595 if (z1 != z2)
598 ret = 1; 596 ret = 1;
599 else 597 else
600 ret = memcmp (b1, 598 ret = memcmp(b1,
601 b2, 599 b2,
602 z1); 600 z1);
603 GNUNET_free (b1); 601 GNUNET_free(b1);
604 GNUNET_free (b2); 602 GNUNET_free(b2);
605 return ret; 603 return ret;
606} 604}
607 605
@@ -613,18 +611,18 @@ GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1,
613 * @return length of the key in bits 611 * @return length of the key in bits
614 */ 612 */
615unsigned int 613unsigned int
616GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key) 614GNUNET_CRYPTO_rsa_public_key_len(const struct GNUNET_CRYPTO_RsaPublicKey *key)
617{ 615{
618 gcry_mpi_t n; 616 gcry_mpi_t n;
619 unsigned int rval; 617 unsigned int rval;
620 618
621 if (0 != key_from_sexp (&n, key->sexp, "rsa", "n")) 619 if (0 != key_from_sexp(&n, key->sexp, "rsa", "n"))
622 { /* Not an RSA public key */ 620 { /* Not an RSA public key */
623 GNUNET_break (0); 621 GNUNET_break(0);
624 return 0; 622 return 0;
625 } 623 }
626 rval = gcry_mpi_get_nbits (n); 624 rval = gcry_mpi_get_nbits(n);
627 gcry_mpi_release (n); 625 gcry_mpi_release(n);
628 return rval; 626 return rval;
629} 627}
630 628
@@ -635,10 +633,10 @@ GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key)
635 * @param bkey the blinding key to destroy 633 * @param bkey the blinding key to destroy
636 */ 634 */
637static void 635static void
638rsa_blinding_key_free (struct RsaBlindingKey *bkey) 636rsa_blinding_key_free(struct RsaBlindingKey *bkey)
639{ 637{
640 gcry_mpi_release (bkey->r); 638 gcry_mpi_release(bkey->r);
641 GNUNET_free (bkey); 639 GNUNET_free(bkey);
642} 640}
643 641
644 642
@@ -650,25 +648,25 @@ rsa_blinding_key_free (struct RsaBlindingKey *bkey)
650 * @return number of bytes stored in @a buffer 648 * @return number of bytes stored in @a buffer
651 */ 649 */
652static size_t 650static size_t
653numeric_mpi_alloc_n_print (gcry_mpi_t v, 651numeric_mpi_alloc_n_print(gcry_mpi_t v,
654 char **buffer) 652 char **buffer)
655{ 653{
656 size_t n; 654 size_t n;
657 char *b; 655 char *b;
658 size_t rsize; 656 size_t rsize;
659 657
660 gcry_mpi_print (GCRYMPI_FMT_USG, 658 gcry_mpi_print(GCRYMPI_FMT_USG,
661 NULL, 659 NULL,
662 0, 660 0,
663 &n, 661 &n,
664 v); 662 v);
665 b = GNUNET_malloc (n); 663 b = GNUNET_malloc(n);
666 GNUNET_assert (0 == 664 GNUNET_assert(0 ==
667 gcry_mpi_print (GCRYMPI_FMT_USG, 665 gcry_mpi_print(GCRYMPI_FMT_USG,
668 (unsigned char *) b, 666 (unsigned char *)b,
669 n, 667 n,
670 &rsize, 668 &rsize,
671 v)); 669 v));
672 *buffer = b; 670 *buffer = b;
673 return n; 671 return n;
674} 672}
@@ -687,37 +685,37 @@ numeric_mpi_alloc_n_print (gcry_mpi_t v,
687 * @return MPI value set to the FDH, NULL if RSA key is malicious 685 * @return MPI value set to the FDH, NULL if RSA key is malicious
688 */ 686 */
689static gcry_mpi_t 687static gcry_mpi_t
690rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, 688rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
691 const struct GNUNET_HashCode *hash) 689 const struct GNUNET_HashCode *hash)
692{ 690{
693 gcry_mpi_t r,n; 691 gcry_mpi_t r, n;
694 char *xts; 692 char *xts;
695 size_t xts_len; 693 size_t xts_len;
696 int ok; 694 int ok;
697 695
698 /* Extract the composite n from the RSA public key */ 696 /* Extract the composite n from the RSA public key */
699 GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") ); 697 GNUNET_assert(0 == key_from_sexp(&n, pkey->sexp, "rsa", "n"));
700 /* Assert that it at least looks like an RSA key */ 698 /* Assert that it at least looks like an RSA key */
701 GNUNET_assert( 0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE) ); 699 GNUNET_assert(0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE));
702 700
703 /* We key with the public denomination key as a homage to RSA-PSS by * 701 /* We key with the public denomination key as a homage to RSA-PSS by *
704 * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree * 702 * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree *
705 * of the hypothetical polyomial-time attack on RSA-KTI created by a * 703 * of the hypothetical polyomial-time attack on RSA-KTI created by a *
706 * polynomial-time one-more forgary attack. Yey seeding! */ 704 * polynomial-time one-more forgary attack. Yey seeding! */
707 xts_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, &xts); 705 xts_len = GNUNET_CRYPTO_rsa_public_key_encode(pkey, &xts);
708 706
709 GNUNET_CRYPTO_kdf_mod_mpi (&r, 707 GNUNET_CRYPTO_kdf_mod_mpi(&r,
710 n, 708 n,
711 xts, xts_len, 709 xts, xts_len,
712 hash, sizeof(*hash), 710 hash, sizeof(*hash),
713 "RSA-FDA FTpsW!"); 711 "RSA-FDA FTpsW!");
714 GNUNET_free (xts); 712 GNUNET_free(xts);
715 713
716 ok = rsa_gcd_validate(r,n); 714 ok = rsa_gcd_validate(r, n);
717 gcry_mpi_release (n); 715 gcry_mpi_release(n);
718 if (ok) 716 if (ok)
719 return r; 717 return r;
720 gcry_mpi_release (r); 718 gcry_mpi_release(r);
721 return NULL; 719 return NULL;
722} 720}
723 721
@@ -733,10 +731,10 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
733 * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious 731 * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
734 */ 732 */
735int 733int
736GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, 734GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash,
737 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, 735 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
738 struct GNUNET_CRYPTO_RsaPublicKey *pkey, 736 struct GNUNET_CRYPTO_RsaPublicKey *pkey,
739 char **buf, size_t *buf_size) 737 char **buf, size_t *buf_size)
740{ 738{
741 struct RsaBlindingKey *bkey; 739 struct RsaBlindingKey *bkey;
742 gcry_mpi_t data; 740 gcry_mpi_t data;
@@ -745,58 +743,59 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
745 gcry_mpi_t data_r_e; 743 gcry_mpi_t data_r_e;
746 int ret; 744 int ret;
747 745
748 BENCHMARK_START (rsa_blind); 746 BENCHMARK_START(rsa_blind);
749 747
750 GNUNET_assert (buf != NULL && buf_size != NULL); 748 GNUNET_assert(buf != NULL && buf_size != NULL);
751 ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne"); 749 ret = key_from_sexp(ne, pkey->sexp, "public-key", "ne");
752 if (0 != ret) 750 if (0 != ret)
753 ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne"); 751 ret = key_from_sexp(ne, pkey->sexp, "rsa", "ne");
754 if (0 != ret) 752 if (0 != ret)
755 { 753 {
756 GNUNET_break (0); 754 GNUNET_break(0);
757 *buf = NULL; 755 *buf = NULL;
758 *buf_size = 0; 756 *buf_size = 0;
759 return 0; 757 return 0;
760 } 758 }
761 759
762 data = rsa_full_domain_hash (pkey, hash); 760 data = rsa_full_domain_hash(pkey, hash);
763 if (NULL == data) 761 if (NULL == data)
764 goto rsa_gcd_validate_failure; 762 goto rsa_gcd_validate_failure;
765 763
766 bkey = rsa_blinding_key_derive (pkey, bks); 764 bkey = rsa_blinding_key_derive(pkey, bks);
767 if (NULL == bkey) { 765 if (NULL == bkey)
768 gcry_mpi_release (data); 766 {
769 goto rsa_gcd_validate_failure; 767 gcry_mpi_release(data);
770 } 768 goto rsa_gcd_validate_failure;
771 769 }
772 r_e = gcry_mpi_new (0); 770
773 gcry_mpi_powm (r_e, 771 r_e = gcry_mpi_new(0);
774 bkey->r, 772 gcry_mpi_powm(r_e,
775 ne[1], 773 bkey->r,
776 ne[0]); 774 ne[1],
777 data_r_e = gcry_mpi_new (0); 775 ne[0]);
778 gcry_mpi_mulm (data_r_e, 776 data_r_e = gcry_mpi_new(0);
779 data, 777 gcry_mpi_mulm(data_r_e,
780 r_e, 778 data,
781 ne[0]); 779 r_e,
782 gcry_mpi_release (data); 780 ne[0]);
783 gcry_mpi_release (ne[0]); 781 gcry_mpi_release(data);
784 gcry_mpi_release (ne[1]); 782 gcry_mpi_release(ne[0]);
785 gcry_mpi_release (r_e); 783 gcry_mpi_release(ne[1]);
786 rsa_blinding_key_free (bkey); 784 gcry_mpi_release(r_e);
787 785 rsa_blinding_key_free(bkey);
788 *buf_size = numeric_mpi_alloc_n_print (data_r_e, buf); 786
789 gcry_mpi_release (data_r_e); 787 *buf_size = numeric_mpi_alloc_n_print(data_r_e, buf);
790 788 gcry_mpi_release(data_r_e);
791 BENCHMARK_END (rsa_blind); 789
790 BENCHMARK_END(rsa_blind);
792 791
793 return GNUNET_YES; 792 return GNUNET_YES;
794 793
795rsa_gcd_validate_failure: 794rsa_gcd_validate_failure:
796 /* We know the RSA key is malicious here, so warn the wallet. */ 795 /* We know the RSA key is malicious here, so warn the wallet. */
797 /* GNUNET_break_op (0); */ 796 /* GNUNET_break_op (0); */
798 gcry_mpi_release (ne[0]); 797 gcry_mpi_release(ne[0]);
799 gcry_mpi_release (ne[1]); 798 gcry_mpi_release(ne[1]);
800 *buf = NULL; 799 *buf = NULL;
801 *buf_size = 0; 800 *buf_size = 0;
802 return GNUNET_NO; 801 return GNUNET_NO;
@@ -810,15 +809,15 @@ rsa_gcd_validate_failure:
810 * @return converted s-expression 809 * @return converted s-expression
811 */ 810 */
812static gcry_sexp_t 811static gcry_sexp_t
813mpi_to_sexp (gcry_mpi_t value) 812mpi_to_sexp(gcry_mpi_t value)
814{ 813{
815 gcry_sexp_t data = NULL; 814 gcry_sexp_t data = NULL;
816 815
817 GNUNET_assert (0 == 816 GNUNET_assert(0 ==
818 gcry_sexp_build (&data, 817 gcry_sexp_build(&data,
819 NULL, 818 NULL,
820 "(data (flags raw) (value %M))", 819 "(data (flags raw) (value %M))",
821 value)); 820 value));
822 return data; 821 return data;
823} 822}
824 823
@@ -831,53 +830,53 @@ mpi_to_sexp (gcry_mpi_t value)
831 * @return NULL on error, signature on success 830 * @return NULL on error, signature on success
832 */ 831 */
833static struct GNUNET_CRYPTO_RsaSignature * 832static struct GNUNET_CRYPTO_RsaSignature *
834rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, 833rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key,
835 gcry_mpi_t value) 834 gcry_mpi_t value)
836{ 835{
837 struct GNUNET_CRYPTO_RsaSignature *sig; 836 struct GNUNET_CRYPTO_RsaSignature *sig;
838 gcry_sexp_t data; 837 gcry_sexp_t data;
839 gcry_sexp_t result; 838 gcry_sexp_t result;
840 int rc; 839 int rc;
841 840
842 data = mpi_to_sexp (value); 841 data = mpi_to_sexp(value);
843 842
844 if (0 != 843 if (0 !=
845 (rc = gcry_pk_sign (&result, 844 (rc = gcry_pk_sign(&result,
846 data, 845 data,
847 key->sexp))) 846 key->sexp)))
848 { 847 {
849 LOG (GNUNET_ERROR_TYPE_WARNING, 848 LOG(GNUNET_ERROR_TYPE_WARNING,
850 _("RSA signing failed at %s:%d: %s\n"), 849 _("RSA signing failed at %s:%d: %s\n"),
851 __FILE__, 850 __FILE__,
852 __LINE__, 851 __LINE__,
853 gcry_strerror (rc)); 852 gcry_strerror(rc));
854 GNUNET_break (0); 853 GNUNET_break(0);
855 return NULL; 854 return NULL;
856 } 855 }
857 856
858 /* Lenstra protection was first added to libgcrypt 1.6.4 857 /* Lenstra protection was first added to libgcrypt 1.6.4
859 * with commit c17f84bd02d7ee93845e92e20f6ddba814961588. 858 * with commit c17f84bd02d7ee93845e92e20f6ddba814961588.
860 */ 859 */
861#if GCRYPT_VERSION_NUMBER < 0x010604 860#if GCRYPT_VERSION_NUMBER < 0x010604
862 /* verify signature (guards against Lenstra's attack with fault injection...) */ 861 /* verify signature (guards against Lenstra's attack with fault injection...) */
863 struct GNUNET_CRYPTO_RsaPublicKey *public_key = GNUNET_CRYPTO_rsa_private_key_get_public (key); 862 struct GNUNET_CRYPTO_RsaPublicKey *public_key = GNUNET_CRYPTO_rsa_private_key_get_public(key);
864 if (0 != 863 if (0 !=
865 gcry_pk_verify (result, 864 gcry_pk_verify(result,
866 data, 865 data,
867 public_key->sexp)) 866 public_key->sexp))
868 { 867 {
869 GNUNET_break (0); 868 GNUNET_break(0);
870 GNUNET_CRYPTO_rsa_public_key_free (public_key); 869 GNUNET_CRYPTO_rsa_public_key_free(public_key);
871 gcry_sexp_release (data); 870 gcry_sexp_release(data);
872 gcry_sexp_release (result); 871 gcry_sexp_release(result);
873 return NULL; 872 return NULL;
874 } 873 }
875 GNUNET_CRYPTO_rsa_public_key_free (public_key); 874 GNUNET_CRYPTO_rsa_public_key_free(public_key);
876#endif 875#endif
877 876
878 /* return signature */ 877 /* return signature */
879 gcry_sexp_release (data); 878 gcry_sexp_release(data);
880 sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); 879 sig = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature);
881 sig->sexp = result; 880 sig->sexp = result;
882 return sig; 881 return sig;
883} 882}
@@ -892,25 +891,25 @@ rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
892 * @return NULL on error, signature on success 891 * @return NULL on error, signature on success
893 */ 892 */
894struct GNUNET_CRYPTO_RsaSignature * 893struct GNUNET_CRYPTO_RsaSignature *
895GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, 894GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key,
896 const void *msg, 895 const void *msg,
897 size_t msg_len) 896 size_t msg_len)
898{ 897{
899 gcry_mpi_t v = NULL; 898 gcry_mpi_t v = NULL;
900 struct GNUNET_CRYPTO_RsaSignature *sig; 899 struct GNUNET_CRYPTO_RsaSignature *sig;
901 900
902 BENCHMARK_START (rsa_sign_blinded); 901 BENCHMARK_START(rsa_sign_blinded);
903 902
904 GNUNET_assert (0 == 903 GNUNET_assert(0 ==
905 gcry_mpi_scan (&v, 904 gcry_mpi_scan(&v,
906 GCRYMPI_FMT_USG, 905 GCRYMPI_FMT_USG,
907 msg, 906 msg,
908 msg_len, 907 msg_len,
909 NULL)); 908 NULL));
910 909
911 sig = rsa_sign_mpi (key, v); 910 sig = rsa_sign_mpi(key, v);
912 gcry_mpi_release (v); 911 gcry_mpi_release(v);
913 BENCHMARK_END (rsa_sign_blinded); 912 BENCHMARK_END(rsa_sign_blinded);
914 return sig; 913 return sig;
915} 914}
916 915
@@ -923,21 +922,21 @@ GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
923 * @return NULL on error, including a malicious RSA key, signature on success 922 * @return NULL on error, including a malicious RSA key, signature on success
924 */ 923 */
925struct GNUNET_CRYPTO_RsaSignature * 924struct GNUNET_CRYPTO_RsaSignature *
926GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, 925GNUNET_CRYPTO_rsa_sign_fdh(const struct GNUNET_CRYPTO_RsaPrivateKey *key,
927 const struct GNUNET_HashCode *hash) 926 const struct GNUNET_HashCode *hash)
928{ 927{
929 struct GNUNET_CRYPTO_RsaPublicKey *pkey; 928 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
930 gcry_mpi_t v = NULL; 929 gcry_mpi_t v = NULL;
931 struct GNUNET_CRYPTO_RsaSignature *sig; 930 struct GNUNET_CRYPTO_RsaSignature *sig;
932 931
933 pkey = GNUNET_CRYPTO_rsa_private_key_get_public (key); 932 pkey = GNUNET_CRYPTO_rsa_private_key_get_public(key);
934 v = rsa_full_domain_hash (pkey, hash); 933 v = rsa_full_domain_hash(pkey, hash);
935 GNUNET_CRYPTO_rsa_public_key_free (pkey); 934 GNUNET_CRYPTO_rsa_public_key_free(pkey);
936 if (NULL == v) /* rsa_gcd_validate failed meaning */ 935 if (NULL == v) /* rsa_gcd_validate failed meaning */
937 return NULL; /* our *own* RSA key is malicious. */ 936 return NULL; /* our *own* RSA key is malicious. */
938 937
939 sig = rsa_sign_mpi (key, v); 938 sig = rsa_sign_mpi(key, v);
940 gcry_mpi_release (v); 939 gcry_mpi_release(v);
941 return sig; 940 return sig;
942} 941}
943 942
@@ -948,10 +947,10 @@ GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
948 * @param sig memory to freee 947 * @param sig memory to freee
949 */ 948 */
950void 949void
951GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig) 950GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
952{ 951{
953 gcry_sexp_release (sig->sexp); 952 gcry_sexp_release(sig->sexp);
954 GNUNET_free (sig); 953 GNUNET_free(sig);
955} 954}
956 955
957 956
@@ -963,22 +962,22 @@ GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
963 * @return size of memory allocated in @a buffer 962 * @return size of memory allocated in @a buffer
964 */ 963 */
965size_t 964size_t
966GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, 965GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig,
967 char **buffer) 966 char **buffer)
968{ 967{
969 size_t n; 968 size_t n;
970 char *b; 969 char *b;
971 970
972 n = gcry_sexp_sprint (sig->sexp, 971 n = gcry_sexp_sprint(sig->sexp,
973 GCRYSEXP_FMT_ADVANCED, 972 GCRYSEXP_FMT_ADVANCED,
974 NULL, 973 NULL,
975 0); 974 0);
976 b = GNUNET_malloc (n); 975 b = GNUNET_malloc(n);
977 GNUNET_assert ((n - 1) == /* since the last byte is \0 */ 976 GNUNET_assert((n - 1) == /* since the last byte is \0 */
978 gcry_sexp_sprint (sig->sexp, 977 gcry_sexp_sprint(sig->sexp,
979 GCRYSEXP_FMT_ADVANCED, 978 GCRYSEXP_FMT_ADVANCED,
980 b, 979 b,
981 n)); 980 n));
982 *buffer = b; 981 *buffer = b;
983 return n; 982 return n;
984} 983}
@@ -993,37 +992,37 @@ GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig
993 * @return NULL on error 992 * @return NULL on error
994 */ 993 */
995struct GNUNET_CRYPTO_RsaSignature * 994struct GNUNET_CRYPTO_RsaSignature *
996GNUNET_CRYPTO_rsa_signature_decode (const char *buf, 995GNUNET_CRYPTO_rsa_signature_decode(const char *buf,
997 size_t len) 996 size_t len)
998{ 997{
999 struct GNUNET_CRYPTO_RsaSignature *sig; 998 struct GNUNET_CRYPTO_RsaSignature *sig;
1000 int ret; 999 int ret;
1001 gcry_mpi_t s; 1000 gcry_mpi_t s;
1002 1001
1003 sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); 1002 sig = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature);
1004 if (0 != 1003 if (0 !=
1005 gcry_sexp_new (&sig->sexp, 1004 gcry_sexp_new(&sig->sexp,
1006 buf, 1005 buf,
1007 len, 1006 len,
1008 0)) 1007 0))
1009 { 1008 {
1010 GNUNET_break_op (0); 1009 GNUNET_break_op(0);
1011 GNUNET_free (sig); 1010 GNUNET_free(sig);
1012 return NULL; 1011 return NULL;
1013 } 1012 }
1014 /* verify that this is an RSA signature */ 1013 /* verify that this is an RSA signature */
1015 ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); 1014 ret = key_from_sexp(&s, sig->sexp, "sig-val", "s");
1016 if (0 != ret) 1015 if (0 != ret)
1017 ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); 1016 ret = key_from_sexp(&s, sig->sexp, "rsa", "s");
1018 if (0 != ret) 1017 if (0 != ret)
1019 { 1018 {
1020 /* this is no RSA Signature */ 1019 /* this is no RSA Signature */
1021 GNUNET_break_op (0); 1020 GNUNET_break_op(0);
1022 gcry_sexp_release (sig->sexp); 1021 gcry_sexp_release(sig->sexp);
1023 GNUNET_free (sig); 1022 GNUNET_free(sig);
1024 return NULL; 1023 return NULL;
1025 } 1024 }
1026 gcry_mpi_release (s); 1025 gcry_mpi_release(s);
1027 return sig; 1026 return sig;
1028} 1027}
1029 1028
@@ -1035,19 +1034,19 @@ GNUNET_CRYPTO_rsa_signature_decode (const char *buf,
1035 * @return the duplicate key; NULL upon error 1034 * @return the duplicate key; NULL upon error
1036 */ 1035 */
1037struct GNUNET_CRYPTO_RsaPublicKey * 1036struct GNUNET_CRYPTO_RsaPublicKey *
1038GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key) 1037GNUNET_CRYPTO_rsa_public_key_dup(const struct GNUNET_CRYPTO_RsaPublicKey *key)
1039{ 1038{
1040 struct GNUNET_CRYPTO_RsaPublicKey *dup; 1039 struct GNUNET_CRYPTO_RsaPublicKey *dup;
1041 gcry_sexp_t dup_sexp; 1040 gcry_sexp_t dup_sexp;
1042 size_t erroff; 1041 size_t erroff;
1043 1042
1044 /* check if we really are exporting a public key */ 1043 /* check if we really are exporting a public key */
1045 dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0); 1044 dup_sexp = gcry_sexp_find_token(key->sexp, "public-key", 0);
1046 GNUNET_assert (NULL != dup_sexp); 1045 GNUNET_assert(NULL != dup_sexp);
1047 gcry_sexp_release (dup_sexp); 1046 gcry_sexp_release(dup_sexp);
1048 /* copy the sexp */ 1047 /* copy the sexp */
1049 GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp)); 1048 GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", key->sexp));
1050 dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); 1049 dup = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey);
1051 dup->sexp = dup_sexp; 1050 dup->sexp = dup_sexp;
1052 return dup; 1051 return dup;
1053} 1052}
@@ -1064,9 +1063,9 @@ GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
1064 * @return unblinded signature on success, NULL if RSA key is bad or malicious. 1063 * @return unblinded signature on success, NULL if RSA key is bad or malicious.
1065 */ 1064 */
1066struct GNUNET_CRYPTO_RsaSignature * 1065struct GNUNET_CRYPTO_RsaSignature *
1067GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, 1066GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig,
1068 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, 1067 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
1069 struct GNUNET_CRYPTO_RsaPublicKey *pkey) 1068 struct GNUNET_CRYPTO_RsaPublicKey *pkey)
1070{ 1069{
1071 struct RsaBlindingKey *bkey; 1070 struct RsaBlindingKey *bkey;
1072 gcry_mpi_t n; 1071 gcry_mpi_t n;
@@ -1076,70 +1075,70 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
1076 int ret; 1075 int ret;
1077 struct GNUNET_CRYPTO_RsaSignature *sret; 1076 struct GNUNET_CRYPTO_RsaSignature *sret;
1078 1077
1079 BENCHMARK_START (rsa_unblind); 1078 BENCHMARK_START(rsa_unblind);
1080 1079
1081 ret = key_from_sexp (&n, pkey->sexp, "public-key", "n"); 1080 ret = key_from_sexp(&n, pkey->sexp, "public-key", "n");
1082 if (0 != ret) 1081 if (0 != ret)
1083 ret = key_from_sexp (&n, pkey->sexp, "rsa", "n"); 1082 ret = key_from_sexp(&n, pkey->sexp, "rsa", "n");
1084 if (0 != ret) 1083 if (0 != ret)
1085 { 1084 {
1086 GNUNET_break_op (0); 1085 GNUNET_break_op(0);
1087 return NULL; 1086 return NULL;
1088 } 1087 }
1089 ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); 1088 ret = key_from_sexp(&s, sig->sexp, "sig-val", "s");
1090 if (0 != ret) 1089 if (0 != ret)
1091 ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); 1090 ret = key_from_sexp(&s, sig->sexp, "rsa", "s");
1092 if (0 != ret) 1091 if (0 != ret)
1093 { 1092 {
1094 gcry_mpi_release (n); 1093 gcry_mpi_release(n);
1095 GNUNET_break_op (0); 1094 GNUNET_break_op(0);
1096 return NULL; 1095 return NULL;
1097 } 1096 }
1098 1097
1099 bkey = rsa_blinding_key_derive (pkey, bks); 1098 bkey = rsa_blinding_key_derive(pkey, bks);
1100 if (NULL == bkey) 1099 if (NULL == bkey)
1101 { 1100 {
1102 /* RSA key is malicious since rsa_gcd_validate failed here. 1101 /* RSA key is malicious since rsa_gcd_validate failed here.
1103 * It should have failed during GNUNET_CRYPTO_rsa_blind too though, 1102 * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1104 * so the exchange is being malicious in an unfamilair way, maybe 1103 * so the exchange is being malicious in an unfamilair way, maybe
1105 * just trying to crash us. */ 1104 * just trying to crash us. */
1106 GNUNET_break_op (0); 1105 GNUNET_break_op(0);
1107 gcry_mpi_release (n); 1106 gcry_mpi_release(n);
1108 gcry_mpi_release (s); 1107 gcry_mpi_release(s);
1109 return NULL; 1108 return NULL;
1110 } 1109 }
1111 1110
1112 r_inv = gcry_mpi_new (0); 1111 r_inv = gcry_mpi_new(0);
1113 if (1 != 1112 if (1 !=
1114 gcry_mpi_invm (r_inv, 1113 gcry_mpi_invm(r_inv,
1115 bkey->r, 1114 bkey->r,
1116 n)) 1115 n))
1117 { 1116 {
1118 /* We cannot find r mod n, so gcd(r,n) != 1, which should get * 1117 /* We cannot find r mod n, so gcd(r,n) != 1, which should get *
1119 * caught above, but we handle it the same here. */ 1118 * caught above, but we handle it the same here. */
1120 GNUNET_break_op (0); 1119 GNUNET_break_op(0);
1121 gcry_mpi_release (r_inv); 1120 gcry_mpi_release(r_inv);
1122 rsa_blinding_key_free (bkey); 1121 rsa_blinding_key_free(bkey);
1123 gcry_mpi_release (n); 1122 gcry_mpi_release(n);
1124 gcry_mpi_release (s); 1123 gcry_mpi_release(s);
1125 return NULL; 1124 return NULL;
1126 } 1125 }
1127 1126
1128 ubsig = gcry_mpi_new (0); 1127 ubsig = gcry_mpi_new(0);
1129 gcry_mpi_mulm (ubsig, s, r_inv, n); 1128 gcry_mpi_mulm(ubsig, s, r_inv, n);
1130 gcry_mpi_release (n); 1129 gcry_mpi_release(n);
1131 gcry_mpi_release (r_inv); 1130 gcry_mpi_release(r_inv);
1132 gcry_mpi_release (s); 1131 gcry_mpi_release(s);
1133 rsa_blinding_key_free (bkey); 1132 rsa_blinding_key_free(bkey);
1134 1133
1135 sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); 1134 sret = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature);
1136 GNUNET_assert (0 == 1135 GNUNET_assert(0 ==
1137 gcry_sexp_build (&sret->sexp, 1136 gcry_sexp_build(&sret->sexp,
1138 NULL, 1137 NULL,
1139 "(sig-val (rsa (s %M)))", 1138 "(sig-val (rsa (s %M)))",
1140 ubsig)); 1139 ubsig));
1141 gcry_mpi_release (ubsig); 1140 gcry_mpi_release(ubsig);
1142 BENCHMARK_END (rsa_unblind); 1141 BENCHMARK_END(rsa_unblind);
1143 return sret; 1142 return sret;
1144} 1143}
1145 1144
@@ -1154,46 +1153,47 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
1154 * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid 1153 * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid
1155 */ 1154 */
1156int 1155int
1157GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, 1156GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash,
1158 const struct GNUNET_CRYPTO_RsaSignature *sig, 1157 const struct GNUNET_CRYPTO_RsaSignature *sig,
1159 const struct GNUNET_CRYPTO_RsaPublicKey *pkey) 1158 const struct GNUNET_CRYPTO_RsaPublicKey *pkey)
1160{ 1159{
1161 gcry_sexp_t data; 1160 gcry_sexp_t data;
1162 gcry_mpi_t r; 1161 gcry_mpi_t r;
1163 int rc; 1162 int rc;
1164 1163
1165 BENCHMARK_START (rsa_verify); 1164 BENCHMARK_START(rsa_verify);
1166 1165
1167 r = rsa_full_domain_hash (pkey, hash); 1166 r = rsa_full_domain_hash(pkey, hash);
1168 if (NULL == r) { 1167 if (NULL == r)
1169 GNUNET_break_op (0); 1168 {
1170 /* RSA key is malicious since rsa_gcd_validate failed here. 1169 GNUNET_break_op(0);
1171 * It should have failed during GNUNET_CRYPTO_rsa_blind too though, 1170 /* RSA key is malicious since rsa_gcd_validate failed here.
1172 * so the exchange is being malicious in an unfamilair way, maybe 1171 * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1173 * just trying to crash us. Arguably, we've only an internal error 1172 * so the exchange is being malicious in an unfamilair way, maybe
1174 * though because we should've detected this in our previous call 1173 * just trying to crash us. Arguably, we've only an internal error
1175 * to GNUNET_CRYPTO_rsa_unblind. */ 1174 * though because we should've detected this in our previous call
1176 return GNUNET_NO; 1175 * to GNUNET_CRYPTO_rsa_unblind. */
1177 } 1176 return GNUNET_NO;
1177 }
1178 1178
1179 data = mpi_to_sexp(r); 1179 data = mpi_to_sexp(r);
1180 gcry_mpi_release (r); 1180 gcry_mpi_release(r);
1181 1181
1182 rc = gcry_pk_verify (sig->sexp, 1182 rc = gcry_pk_verify(sig->sexp,
1183 data, 1183 data,
1184 pkey->sexp); 1184 pkey->sexp);
1185 gcry_sexp_release (data); 1185 gcry_sexp_release(data);
1186 if (0 != rc) 1186 if (0 != rc)
1187 { 1187 {
1188 LOG (GNUNET_ERROR_TYPE_WARNING, 1188 LOG(GNUNET_ERROR_TYPE_WARNING,
1189 _("RSA signature verification failed at %s:%d: %s\n"), 1189 _("RSA signature verification failed at %s:%d: %s\n"),
1190 __FILE__, 1190 __FILE__,
1191 __LINE__, 1191 __LINE__,
1192 gcry_strerror (rc)); 1192 gcry_strerror(rc));
1193 return GNUNET_SYSERR; 1193 return GNUNET_SYSERR;
1194 BENCHMARK_END (rsa_verify); 1194 BENCHMARK_END(rsa_verify);
1195 } 1195 }
1196 BENCHMARK_END (rsa_verify); 1196 BENCHMARK_END(rsa_verify);
1197 return GNUNET_OK; 1197 return GNUNET_OK;
1198} 1198}
1199 1199
@@ -1205,19 +1205,19 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
1205 * @return the duplicate key; NULL upon error 1205 * @return the duplicate key; NULL upon error
1206 */ 1206 */
1207struct GNUNET_CRYPTO_RsaPrivateKey * 1207struct GNUNET_CRYPTO_RsaPrivateKey *
1208GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key) 1208GNUNET_CRYPTO_rsa_private_key_dup(const struct GNUNET_CRYPTO_RsaPrivateKey *key)
1209{ 1209{
1210 struct GNUNET_CRYPTO_RsaPrivateKey *dup; 1210 struct GNUNET_CRYPTO_RsaPrivateKey *dup;
1211 gcry_sexp_t dup_sexp; 1211 gcry_sexp_t dup_sexp;
1212 size_t erroff; 1212 size_t erroff;
1213 1213
1214 /* check if we really are exporting a private key */ 1214 /* check if we really are exporting a private key */
1215 dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0); 1215 dup_sexp = gcry_sexp_find_token(key->sexp, "private-key", 0);
1216 GNUNET_assert (NULL != dup_sexp); 1216 GNUNET_assert(NULL != dup_sexp);
1217 gcry_sexp_release (dup_sexp); 1217 gcry_sexp_release(dup_sexp);
1218 /* copy the sexp */ 1218 /* copy the sexp */
1219 GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp)); 1219 GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", key->sexp));
1220 dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); 1220 dup = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey);
1221 dup->sexp = dup_sexp; 1221 dup->sexp = dup_sexp;
1222 return dup; 1222 return dup;
1223} 1223}
@@ -1230,7 +1230,7 @@ GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key
1230 * @return the duplicate key; NULL upon error 1230 * @return the duplicate key; NULL upon error
1231 */ 1231 */
1232struct GNUNET_CRYPTO_RsaSignature * 1232struct GNUNET_CRYPTO_RsaSignature *
1233GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig) 1233GNUNET_CRYPTO_rsa_signature_dup(const struct GNUNET_CRYPTO_RsaSignature *sig)
1234{ 1234{
1235 struct GNUNET_CRYPTO_RsaSignature *dup; 1235 struct GNUNET_CRYPTO_RsaSignature *dup;
1236 gcry_sexp_t dup_sexp; 1236 gcry_sexp_t dup_sexp;
@@ -1239,14 +1239,14 @@ GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
1239 int ret; 1239 int ret;
1240 1240
1241 /* verify that this is an RSA signature */ 1241 /* verify that this is an RSA signature */
1242 ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); 1242 ret = key_from_sexp(&s, sig->sexp, "sig-val", "s");
1243 if (0 != ret) 1243 if (0 != ret)
1244 ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); 1244 ret = key_from_sexp(&s, sig->sexp, "rsa", "s");
1245 GNUNET_assert (0 == ret); 1245 GNUNET_assert(0 == ret);
1246 gcry_mpi_release (s); 1246 gcry_mpi_release(s);
1247 /* copy the sexp */ 1247 /* copy the sexp */
1248 GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp)); 1248 GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", sig->sexp));
1249 dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); 1249 dup = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature);
1250 dup->sexp = dup_sexp; 1250 dup->sexp = dup_sexp;
1251 return dup; 1251 return dup;
1252} 1252}
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-23 23:18:45 +0000