diff options
Diffstat (limited to 'src/util/crypto_rsa.c')
-rw-r--r-- | src/util/crypto_rsa.c | 1106 |
1 files changed, 553 insertions, 553 deletions
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c index 8cb0fe6c6..0a20fdffa 100644 --- a/src/util/crypto_rsa.c +++ b/src/util/crypto_rsa.c | |||
@@ -1,22 +1,22 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of GNUnet | 2 | This file is part of GNUnet |
3 | Copyright (C) 2014,2016 GNUnet e.V. | 3 | Copyright (C) 2014,2016 GNUnet e.V. |
4 | 4 | ||
5 | GNUnet is free software: you can redistribute it and/or modify it | 5 | GNUnet is free software: you can redistribute it and/or modify it |
6 | under the terms of the GNU Affero General Public License as published | 6 | under the terms of the GNU Affero General Public License as published |
7 | by the Free Software Foundation, either version 3 of the License, | 7 | by the Free Software Foundation, either version 3 of the License, |
8 | or (at your option) any later version. | 8 | or (at your option) any later version. |
9 | 9 | ||
10 | GNUnet is distributed in the hope that it will be useful, but | 10 | GNUnet is distributed in the hope that it will be useful, but |
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | 11 | WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
13 | Affero General Public License for more details. | 13 | Affero General Public License for more details. |
14 | 14 | ||
15 | You should have received a copy of the GNU Affero General Public License | 15 | You should have received a copy of the GNU Affero General Public License |
16 | along with this program. If not, see <http://www.gnu.org/licenses/>. | 16 | along with this program. If not, see <http://www.gnu.org/licenses/>. |
17 | 17 | ||
18 | SPDX-License-Identifier: AGPL3.0-or-later | 18 | SPDX-License-Identifier: AGPL3.0-or-later |
19 | */ | 19 | */ |
20 | 20 | ||
21 | /** | 21 | /** |
22 | * @file util/crypto_rsa.c | 22 | * @file util/crypto_rsa.c |
@@ -30,14 +30,13 @@ | |||
30 | #include "gnunet_crypto_lib.h" | 30 | #include "gnunet_crypto_lib.h" |
31 | #include "benchmark.h" | 31 | #include "benchmark.h" |
32 | 32 | ||
33 | #define LOG(kind,...) GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__) | 33 | #define LOG(kind, ...) GNUNET_log_from(kind, "util-crypto-rsa", __VA_ARGS__) |
34 | 34 | ||
35 | 35 | ||
36 | /** | 36 | /** |
37 | * The private information of an RSA key pair. | 37 | * The private information of an RSA key pair. |
38 | */ | 38 | */ |
39 | struct GNUNET_CRYPTO_RsaPrivateKey | 39 | struct GNUNET_CRYPTO_RsaPrivateKey { |
40 | { | ||
41 | /** | 40 | /** |
42 | * Libgcrypt S-expression for the RSA private key. | 41 | * Libgcrypt S-expression for the RSA private key. |
43 | */ | 42 | */ |
@@ -48,8 +47,7 @@ struct GNUNET_CRYPTO_RsaPrivateKey | |||
48 | /** | 47 | /** |
49 | * The public information of an RSA key pair. | 48 | * The public information of an RSA key pair. |
50 | */ | 49 | */ |
51 | struct GNUNET_CRYPTO_RsaPublicKey | 50 | struct GNUNET_CRYPTO_RsaPublicKey { |
52 | { | ||
53 | /** | 51 | /** |
54 | * Libgcrypt S-expression for the RSA public key. | 52 | * Libgcrypt S-expression for the RSA public key. |
55 | */ | 53 | */ |
@@ -60,8 +58,7 @@ struct GNUNET_CRYPTO_RsaPublicKey | |||
60 | /** | 58 | /** |
61 | * @brief an RSA signature | 59 | * @brief an RSA signature |
62 | */ | 60 | */ |
63 | struct GNUNET_CRYPTO_RsaSignature | 61 | struct GNUNET_CRYPTO_RsaSignature { |
64 | { | ||
65 | /** | 62 | /** |
66 | * Libgcrypt S-expression for the RSA signature. | 63 | * Libgcrypt S-expression for the RSA signature. |
67 | */ | 64 | */ |
@@ -72,8 +69,7 @@ struct GNUNET_CRYPTO_RsaSignature | |||
72 | /** | 69 | /** |
73 | * @brief RSA blinding key | 70 | * @brief RSA blinding key |
74 | */ | 71 | */ |
75 | struct RsaBlindingKey | 72 | struct RsaBlindingKey { |
76 | { | ||
77 | /** | 73 | /** |
78 | * Random value used for blinding. | 74 | * Random value used for blinding. |
79 | */ | 75 | */ |
@@ -91,50 +87,50 @@ struct RsaBlindingKey | |||
91 | * @return 0 on success | 87 | * @return 0 on success |
92 | */ | 88 | */ |
93 | static int | 89 | static int |
94 | key_from_sexp (gcry_mpi_t *array, | 90 | key_from_sexp(gcry_mpi_t *array, |
95 | gcry_sexp_t sexp, | 91 | gcry_sexp_t sexp, |
96 | const char *topname, | 92 | const char *topname, |
97 | const char *elems) | 93 | const char *elems) |
98 | { | 94 | { |
99 | gcry_sexp_t list; | 95 | gcry_sexp_t list; |
100 | gcry_sexp_t l2; | 96 | gcry_sexp_t l2; |
101 | const char *s; | 97 | const char *s; |
102 | unsigned int idx; | 98 | unsigned int idx; |
103 | 99 | ||
104 | if (! (list = gcry_sexp_find_token (sexp, topname, 0))) | 100 | if (!(list = gcry_sexp_find_token(sexp, topname, 0))) |
105 | return 1; | 101 | return 1; |
106 | l2 = gcry_sexp_cadr (list); | 102 | l2 = gcry_sexp_cadr(list); |
107 | gcry_sexp_release (list); | 103 | gcry_sexp_release(list); |
108 | list = l2; | 104 | list = l2; |
109 | if (! list) | 105 | if (!list) |
110 | return 2; | 106 | return 2; |
111 | idx = 0; | 107 | idx = 0; |
112 | for (s = elems; *s; s++, idx++) | 108 | for (s = elems; *s; s++, idx++) |
113 | { | ||
114 | if (! (l2 = gcry_sexp_find_token (list, s, 1))) | ||
115 | { | ||
116 | for (unsigned int i = 0; i < idx; i++) | ||
117 | { | ||
118 | gcry_free (array[i]); | ||
119 | array[i] = NULL; | ||
120 | } | ||
121 | gcry_sexp_release (list); | ||
122 | return 3; /* required parameter not found */ | ||
123 | } | ||
124 | array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); | ||
125 | gcry_sexp_release (l2); | ||
126 | if (! array[idx]) | ||
127 | { | 109 | { |
128 | for (unsigned int i = 0; i < idx; i++) | 110 | if (!(l2 = gcry_sexp_find_token(list, s, 1))) |
129 | { | 111 | { |
130 | gcry_free (array[i]); | 112 | for (unsigned int i = 0; i < idx; i++) |
131 | array[i] = NULL; | 113 | { |
132 | } | 114 | gcry_free(array[i]); |
133 | gcry_sexp_release (list); | 115 | array[i] = NULL; |
134 | return 4; /* required parameter is invalid */ | 116 | } |
117 | gcry_sexp_release(list); | ||
118 | return 3; /* required parameter not found */ | ||
119 | } | ||
120 | array[idx] = gcry_sexp_nth_mpi(l2, 1, GCRYMPI_FMT_USG); | ||
121 | gcry_sexp_release(l2); | ||
122 | if (!array[idx]) | ||
123 | { | ||
124 | for (unsigned int i = 0; i < idx; i++) | ||
125 | { | ||
126 | gcry_free(array[i]); | ||
127 | array[i] = NULL; | ||
128 | } | ||
129 | gcry_sexp_release(list); | ||
130 | return 4; /* required parameter is invalid */ | ||
131 | } | ||
135 | } | 132 | } |
136 | } | 133 | gcry_sexp_release(list); |
137 | gcry_sexp_release (list); | ||
138 | return 0; | 134 | return 0; |
139 | } | 135 | } |
140 | 136 | ||
@@ -146,30 +142,30 @@ key_from_sexp (gcry_mpi_t *array, | |||
146 | * @return fresh private key | 142 | * @return fresh private key |
147 | */ | 143 | */ |
148 | struct GNUNET_CRYPTO_RsaPrivateKey * | 144 | struct GNUNET_CRYPTO_RsaPrivateKey * |
149 | GNUNET_CRYPTO_rsa_private_key_create (unsigned int len) | 145 | GNUNET_CRYPTO_rsa_private_key_create(unsigned int len) |
150 | { | 146 | { |
151 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; | 147 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; |
152 | gcry_sexp_t s_key; | 148 | gcry_sexp_t s_key; |
153 | gcry_sexp_t s_keyparam; | 149 | gcry_sexp_t s_keyparam; |
154 | 150 | ||
155 | BENCHMARK_START (rsa_private_key_create); | 151 | BENCHMARK_START(rsa_private_key_create); |
156 | 152 | ||
157 | GNUNET_assert (0 == | 153 | GNUNET_assert(0 == |
158 | gcry_sexp_build (&s_keyparam, | 154 | gcry_sexp_build(&s_keyparam, |
159 | NULL, | 155 | NULL, |
160 | "(genkey(rsa(nbits %d)))", | 156 | "(genkey(rsa(nbits %d)))", |
161 | len)); | 157 | len)); |
162 | GNUNET_assert (0 == | 158 | GNUNET_assert(0 == |
163 | gcry_pk_genkey (&s_key, | 159 | gcry_pk_genkey(&s_key, |
164 | s_keyparam)); | 160 | s_keyparam)); |
165 | gcry_sexp_release (s_keyparam); | 161 | gcry_sexp_release(s_keyparam); |
166 | #if EXTRA_CHECKS | 162 | #if EXTRA_CHECKS |
167 | GNUNET_assert (0 == | 163 | GNUNET_assert(0 == |
168 | gcry_pk_testkey (s_key)); | 164 | gcry_pk_testkey(s_key)); |
169 | #endif | 165 | #endif |
170 | ret = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); | 166 | ret = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); |
171 | ret->sexp = s_key; | 167 | ret->sexp = s_key; |
172 | BENCHMARK_END (rsa_private_key_create); | 168 | BENCHMARK_END(rsa_private_key_create); |
173 | return ret; | 169 | return ret; |
174 | } | 170 | } |
175 | 171 | ||
@@ -180,10 +176,10 @@ GNUNET_CRYPTO_rsa_private_key_create (unsigned int len) | |||
180 | * @param key pointer to the memory to free | 176 | * @param key pointer to the memory to free |
181 | */ | 177 | */ |
182 | void | 178 | void |
183 | GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key) | 179 | GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key) |
184 | { | 180 | { |
185 | gcry_sexp_release (key->sexp); | 181 | gcry_sexp_release(key->sexp); |
186 | GNUNET_free (key); | 182 | GNUNET_free(key); |
187 | } | 183 | } |
188 | 184 | ||
189 | 185 | ||
@@ -196,22 +192,22 @@ GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key) | |||
196 | * @return size of memory allocated in @a buffer | 192 | * @return size of memory allocated in @a buffer |
197 | */ | 193 | */ |
198 | size_t | 194 | size_t |
199 | GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 195 | GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
200 | char **buffer) | 196 | char **buffer) |
201 | { | 197 | { |
202 | size_t n; | 198 | size_t n; |
203 | char *b; | 199 | char *b; |
204 | 200 | ||
205 | n = gcry_sexp_sprint (key->sexp, | 201 | n = gcry_sexp_sprint(key->sexp, |
206 | GCRYSEXP_FMT_DEFAULT, | 202 | GCRYSEXP_FMT_DEFAULT, |
207 | NULL, | 203 | NULL, |
208 | 0); | 204 | 0); |
209 | b = GNUNET_malloc (n); | 205 | b = GNUNET_malloc(n); |
210 | GNUNET_assert ((n - 1) == /* since the last byte is \0 */ | 206 | GNUNET_assert((n - 1) == /* since the last byte is \0 */ |
211 | gcry_sexp_sprint (key->sexp, | 207 | gcry_sexp_sprint(key->sexp, |
212 | GCRYSEXP_FMT_DEFAULT, | 208 | GCRYSEXP_FMT_DEFAULT, |
213 | b, | 209 | b, |
214 | n)); | 210 | n)); |
215 | *buffer = b; | 211 | *buffer = b; |
216 | return n; | 212 | return n; |
217 | } | 213 | } |
@@ -226,29 +222,30 @@ GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey * | |||
226 | * @return NULL on error | 222 | * @return NULL on error |
227 | */ | 223 | */ |
228 | struct GNUNET_CRYPTO_RsaPrivateKey * | 224 | struct GNUNET_CRYPTO_RsaPrivateKey * |
229 | GNUNET_CRYPTO_rsa_private_key_decode (const char *buf, | 225 | GNUNET_CRYPTO_rsa_private_key_decode(const char *buf, |
230 | size_t len) | 226 | size_t len) |
231 | { | 227 | { |
232 | struct GNUNET_CRYPTO_RsaPrivateKey *key; | 228 | struct GNUNET_CRYPTO_RsaPrivateKey *key; |
233 | key = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); | 229 | |
230 | key = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); | ||
234 | if (0 != | 231 | if (0 != |
235 | gcry_sexp_new (&key->sexp, | 232 | gcry_sexp_new(&key->sexp, |
236 | buf, | 233 | buf, |
237 | len, | 234 | len, |
238 | 0)) | 235 | 0)) |
239 | { | 236 | { |
240 | LOG (GNUNET_ERROR_TYPE_WARNING, | 237 | LOG(GNUNET_ERROR_TYPE_WARNING, |
241 | "Decoded private key is not valid\n"); | 238 | "Decoded private key is not valid\n"); |
242 | GNUNET_free (key); | 239 | GNUNET_free(key); |
243 | return NULL; | 240 | return NULL; |
244 | } | 241 | } |
245 | if (0 != gcry_pk_testkey (key->sexp)) | 242 | if (0 != gcry_pk_testkey(key->sexp)) |
246 | { | 243 | { |
247 | LOG (GNUNET_ERROR_TYPE_WARNING, | 244 | LOG(GNUNET_ERROR_TYPE_WARNING, |
248 | "Decoded private key is not valid\n"); | 245 | "Decoded private key is not valid\n"); |
249 | GNUNET_CRYPTO_rsa_private_key_free (key); | 246 | GNUNET_CRYPTO_rsa_private_key_free(key); |
250 | return NULL; | 247 | return NULL; |
251 | } | 248 | } |
252 | return key; | 249 | return key; |
253 | } | 250 | } |
254 | 251 | ||
@@ -260,35 +257,35 @@ GNUNET_CRYPTO_rsa_private_key_decode (const char *buf, | |||
260 | * @retur NULL on error, otherwise the public key | 257 | * @retur NULL on error, otherwise the public key |
261 | */ | 258 | */ |
262 | struct GNUNET_CRYPTO_RsaPublicKey * | 259 | struct GNUNET_CRYPTO_RsaPublicKey * |
263 | GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv) | 260 | GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv) |
264 | { | 261 | { |
265 | struct GNUNET_CRYPTO_RsaPublicKey *pub; | 262 | struct GNUNET_CRYPTO_RsaPublicKey *pub; |
266 | gcry_mpi_t ne[2]; | 263 | gcry_mpi_t ne[2]; |
267 | int rc; | 264 | int rc; |
268 | gcry_sexp_t result; | 265 | gcry_sexp_t result; |
269 | 266 | ||
270 | BENCHMARK_START (rsa_private_key_get_public); | 267 | BENCHMARK_START(rsa_private_key_get_public); |
271 | 268 | ||
272 | rc = key_from_sexp (ne, priv->sexp, "public-key", "ne"); | 269 | rc = key_from_sexp(ne, priv->sexp, "public-key", "ne"); |
273 | if (0 != rc) | 270 | if (0 != rc) |
274 | rc = key_from_sexp (ne, priv->sexp, "private-key", "ne"); | 271 | rc = key_from_sexp(ne, priv->sexp, "private-key", "ne"); |
275 | if (0 != rc) | 272 | if (0 != rc) |
276 | rc = key_from_sexp (ne, priv->sexp, "rsa", "ne"); | 273 | rc = key_from_sexp(ne, priv->sexp, "rsa", "ne"); |
277 | if (0 != rc) | 274 | if (0 != rc) |
278 | { | 275 | { |
279 | GNUNET_break_op (0); | 276 | GNUNET_break_op(0); |
280 | return NULL; | 277 | return NULL; |
281 | } | 278 | } |
282 | rc = gcry_sexp_build (&result, | 279 | rc = gcry_sexp_build(&result, |
283 | NULL, | 280 | NULL, |
284 | "(public-key(rsa(n %m)(e %m)))", | 281 | "(public-key(rsa(n %m)(e %m)))", |
285 | ne[0], | 282 | ne[0], |
286 | ne[1]); | 283 | ne[1]); |
287 | gcry_mpi_release (ne[0]); | 284 | gcry_mpi_release(ne[0]); |
288 | gcry_mpi_release (ne[1]); | 285 | gcry_mpi_release(ne[1]); |
289 | pub = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); | 286 | pub = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); |
290 | pub->sexp = result; | 287 | pub->sexp = result; |
291 | BENCHMARK_END (rsa_private_key_get_public); | 288 | BENCHMARK_END(rsa_private_key_get_public); |
292 | return pub; | 289 | return pub; |
293 | } | 290 | } |
294 | 291 | ||
@@ -299,10 +296,10 @@ GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateK | |||
299 | * @param key pointer to the memory to free | 296 | * @param key pointer to the memory to free |
300 | */ | 297 | */ |
301 | void | 298 | void |
302 | GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key) | 299 | GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key) |
303 | { | 300 | { |
304 | gcry_sexp_release (key->sexp); | 301 | gcry_sexp_release(key->sexp); |
305 | GNUNET_free (key); | 302 | GNUNET_free(key); |
306 | } | 303 | } |
307 | 304 | ||
308 | 305 | ||
@@ -315,22 +312,22 @@ GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key) | |||
315 | * @return size of memory allocated in @a buffer | 312 | * @return size of memory allocated in @a buffer |
316 | */ | 313 | */ |
317 | size_t | 314 | size_t |
318 | GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, | 315 | GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, |
319 | char **buffer) | 316 | char **buffer) |
320 | { | 317 | { |
321 | size_t n; | 318 | size_t n; |
322 | char *b; | 319 | char *b; |
323 | 320 | ||
324 | n = gcry_sexp_sprint (key->sexp, | 321 | n = gcry_sexp_sprint(key->sexp, |
325 | GCRYSEXP_FMT_ADVANCED, | 322 | GCRYSEXP_FMT_ADVANCED, |
326 | NULL, | 323 | NULL, |
327 | 0); | 324 | 0); |
328 | b = GNUNET_malloc (n); | 325 | b = GNUNET_malloc(n); |
329 | GNUNET_assert ((n -1) == /* since the last byte is \0 */ | 326 | GNUNET_assert((n - 1) == /* since the last byte is \0 */ |
330 | gcry_sexp_sprint (key->sexp, | 327 | gcry_sexp_sprint(key->sexp, |
331 | GCRYSEXP_FMT_ADVANCED, | 328 | GCRYSEXP_FMT_ADVANCED, |
332 | b, | 329 | b, |
333 | n)); | 330 | n)); |
334 | *buffer = b; | 331 | *buffer = b; |
335 | return n; | 332 | return n; |
336 | } | 333 | } |
@@ -343,18 +340,18 @@ GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *ke | |||
343 | * @param hc where to store the hash code | 340 | * @param hc where to store the hash code |
344 | */ | 341 | */ |
345 | void | 342 | void |
346 | GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, | 343 | GNUNET_CRYPTO_rsa_public_key_hash(const struct GNUNET_CRYPTO_RsaPublicKey *key, |
347 | struct GNUNET_HashCode *hc) | 344 | struct GNUNET_HashCode *hc) |
348 | { | 345 | { |
349 | char *buf; | 346 | char *buf; |
350 | size_t buf_size; | 347 | size_t buf_size; |
351 | 348 | ||
352 | buf_size = GNUNET_CRYPTO_rsa_public_key_encode (key, | 349 | buf_size = GNUNET_CRYPTO_rsa_public_key_encode(key, |
353 | &buf); | 350 | &buf); |
354 | GNUNET_CRYPTO_hash (buf, | 351 | GNUNET_CRYPTO_hash(buf, |
355 | buf_size, | 352 | buf_size, |
356 | hc); | 353 | hc); |
357 | GNUNET_free (buf); | 354 | GNUNET_free(buf); |
358 | } | 355 | } |
359 | 356 | ||
360 | 357 | ||
@@ -367,37 +364,37 @@ GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, | |||
367 | * @return NULL on error | 364 | * @return NULL on error |
368 | */ | 365 | */ |
369 | struct GNUNET_CRYPTO_RsaPublicKey * | 366 | struct GNUNET_CRYPTO_RsaPublicKey * |
370 | GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, | 367 | GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, |
371 | size_t len) | 368 | size_t len) |
372 | { | 369 | { |
373 | struct GNUNET_CRYPTO_RsaPublicKey *key; | 370 | struct GNUNET_CRYPTO_RsaPublicKey *key; |
374 | gcry_mpi_t n; | 371 | gcry_mpi_t n; |
375 | int ret; | 372 | int ret; |
376 | 373 | ||
377 | key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); | 374 | key = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); |
378 | if (0 != | 375 | if (0 != |
379 | gcry_sexp_new (&key->sexp, | 376 | gcry_sexp_new(&key->sexp, |
380 | buf, | 377 | buf, |
381 | len, | 378 | len, |
382 | 0)) | 379 | 0)) |
383 | { | 380 | { |
384 | GNUNET_break_op (0); | 381 | GNUNET_break_op(0); |
385 | GNUNET_free (key); | 382 | GNUNET_free(key); |
386 | return NULL; | 383 | return NULL; |
387 | } | 384 | } |
388 | /* verify that this is an RSA public key */ | 385 | /* verify that this is an RSA public key */ |
389 | ret = key_from_sexp (&n, key->sexp, "public-key", "n"); | 386 | ret = key_from_sexp(&n, key->sexp, "public-key", "n"); |
390 | if (0 != ret) | 387 | if (0 != ret) |
391 | ret = key_from_sexp (&n, key->sexp, "rsa", "n"); | 388 | ret = key_from_sexp(&n, key->sexp, "rsa", "n"); |
392 | if (0 != ret) | 389 | if (0 != ret) |
393 | { | 390 | { |
394 | /* this is no public RSA key */ | 391 | /* this is no public RSA key */ |
395 | GNUNET_break (0); | 392 | GNUNET_break(0); |
396 | gcry_sexp_release (key->sexp); | 393 | gcry_sexp_release(key->sexp); |
397 | GNUNET_free (key); | 394 | GNUNET_free(key); |
398 | return NULL; | 395 | return NULL; |
399 | } | 396 | } |
400 | gcry_mpi_release (n); | 397 | gcry_mpi_release(n); |
401 | return key; | 398 | return key; |
402 | } | 399 | } |
403 | 400 | ||
@@ -419,9 +416,9 @@ rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n) | |||
419 | gcry_mpi_t g; | 416 | gcry_mpi_t g; |
420 | int t; | 417 | int t; |
421 | 418 | ||
422 | g = gcry_mpi_new (0); | 419 | g = gcry_mpi_new(0); |
423 | t = gcry_mpi_gcd(g,r,n); | 420 | t = gcry_mpi_gcd(g, r, n); |
424 | gcry_mpi_release (g); | 421 | gcry_mpi_release(g); |
425 | return t; | 422 | return t; |
426 | } | 423 | } |
427 | 424 | ||
@@ -434,77 +431,78 @@ rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n) | |||
434 | * @return the newly created blinding key, NULL if RSA key is malicious | 431 | * @return the newly created blinding key, NULL if RSA key is malicious |
435 | */ | 432 | */ |
436 | static struct RsaBlindingKey * | 433 | static struct RsaBlindingKey * |
437 | rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | 434 | rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, |
438 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks) | 435 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks) |
439 | { | 436 | { |
440 | char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */ | 437 | char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */ |
441 | struct RsaBlindingKey *blind; | 438 | struct RsaBlindingKey *blind; |
442 | gcry_mpi_t n; | 439 | gcry_mpi_t n; |
443 | 440 | ||
444 | blind = GNUNET_new (struct RsaBlindingKey); | 441 | blind = GNUNET_new(struct RsaBlindingKey); |
445 | GNUNET_assert( NULL != blind ); | 442 | GNUNET_assert(NULL != blind); |
446 | 443 | ||
447 | /* Extract the composite n from the RSA public key */ | 444 | /* Extract the composite n from the RSA public key */ |
448 | GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") ); | 445 | GNUNET_assert(0 == key_from_sexp(&n, pkey->sexp, "rsa", "n")); |
449 | /* Assert that it at least looks like an RSA key */ | 446 | /* Assert that it at least looks like an RSA key */ |
450 | GNUNET_assert( 0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE) ); | 447 | GNUNET_assert(0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE)); |
451 | 448 | ||
452 | GNUNET_CRYPTO_kdf_mod_mpi (&blind->r, | 449 | GNUNET_CRYPTO_kdf_mod_mpi(&blind->r, |
453 | n, | 450 | n, |
454 | xts, strlen(xts), | 451 | xts, strlen(xts), |
455 | bks, sizeof(*bks), | 452 | bks, sizeof(*bks), |
456 | "Blinding KDF"); | 453 | "Blinding KDF"); |
457 | if (0 == rsa_gcd_validate(blind->r, n)) { | 454 | if (0 == rsa_gcd_validate(blind->r, n)) |
458 | GNUNET_free (blind); | 455 | { |
459 | blind = NULL; | 456 | GNUNET_free(blind); |
460 | } | 457 | blind = NULL; |
461 | 458 | } | |
462 | gcry_mpi_release (n); | 459 | |
460 | gcry_mpi_release(n); | ||
463 | return blind; | 461 | return blind; |
464 | } | 462 | } |
465 | 463 | ||
466 | 464 | ||
467 | /* | 465 | /* |
468 | We originally added GNUNET_CRYPTO_kdf_mod_mpi for the benifit of the | 466 | We originally added GNUNET_CRYPTO_kdf_mod_mpi for the benifit of the |
469 | previous routine. | 467 | previous routine. |
470 | 468 | ||
471 | There was previously a call to GNUNET_CRYPTO_kdf in | 469 | There was previously a call to GNUNET_CRYPTO_kdf in |
472 | bkey = rsa_blinding_key_derive (len, bks); | 470 | bkey = rsa_blinding_key_derive (len, bks); |
473 | that gives exactly len bits where | 471 | that gives exactly len bits where |
474 | len = GNUNET_CRYPTO_rsa_public_key_len (pkey); | 472 | len = GNUNET_CRYPTO_rsa_public_key_len (pkey); |
475 | 473 | ||
476 | Now r = 2^(len-1)/pkey.n is the probability that a set high bit being | 474 | Now r = 2^(len-1)/pkey.n is the probability that a set high bit being |
477 | okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey > | 475 | okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey > |
478 | pkey.n making the effective bkey be | 476 | pkey.n making the effective bkey be |
479 | bkey mod pkey.n = bkey - pkey.n | 477 | bkey mod pkey.n = bkey - pkey.n |
480 | so the effective bkey has its high bit set with probability r/2. | 478 | so the effective bkey has its high bit set with probability r/2. |
481 | 479 | ||
482 | We expect r to be close to 1/2 if the exchange is honest, but the | 480 | We expect r to be close to 1/2 if the exchange is honest, but the |
483 | exchange can choose r otherwise. | 481 | exchange can choose r otherwise. |
484 | 482 | ||
485 | In blind signing, the exchange sees | 483 | In blind signing, the exchange sees |
486 | B = bkey * S mod pkey.n | 484 | B = bkey * S mod pkey.n |
487 | On deposit, the exchange sees S so they can compute bkey' = B/S mod | 485 | On deposit, the exchange sees S so they can compute bkey' = B/S mod |
488 | pkey.n for all B they recorded to see if bkey' has it's high bit set. | 486 | pkey.n for all B they recorded to see if bkey' has it's high bit set. |
489 | Also, note the exchange can compute 1/S efficiently since they know the | 487 | Also, note the exchange can compute 1/S efficiently since they know the |
490 | factors of pkey.n. | 488 | factors of pkey.n. |
491 | 489 | ||
492 | I suppose that happens with probability r/(1+r) if its the wrong B, not | 490 | I suppose that happens with probability r/(1+r) if its the wrong B, not |
493 | completely sure. If otoh we've the right B, then we've the probability | 491 | completely sure. If otoh we've the right B, then we've the probability |
494 | r/2 of a set high bit in the effective bkey. | 492 | r/2 of a set high bit in the effective bkey. |
495 | 493 | ||
496 | Interestingly, r^2-r has a maximum at the default r=1/2 anyways, giving | 494 | Interestingly, r^2-r has a maximum at the default r=1/2 anyways, giving |
497 | the wrong and right probabilities 1/3 and 1/4, respectively. | 495 | the wrong and right probabilities 1/3 and 1/4, respectively. |
498 | 496 | ||
499 | I feared this gives the exchange a meaningful fraction of a bit of | 497 | I feared this gives the exchange a meaningful fraction of a bit of |
500 | information per coin involved in the transaction. It sounds damaging if | 498 | information per coin involved in the transaction. It sounds damaging if |
501 | numerous coins were involved. And it could run across transactions in | 499 | numerous coins were involved. And it could run across transactions in |
502 | some scenarios. | 500 | some scenarios. |
503 | 501 | ||
504 | We fixed this by using a more uniform deterministic pseudo-random number | 502 | We fixed this by using a more uniform deterministic pseudo-random number |
505 | generator for blinding factors. I do not believe this to be a problem | 503 | generator for blinding factors. I do not believe this to be a problem |
506 | for the rsa_full_domain_hash routine, but better safe than sorry. | 504 | for the rsa_full_domain_hash routine, but better safe than sorry. |
507 | */ | 505 | */ |
508 | 506 | ||
509 | 507 | ||
510 | /** | 508 | /** |
@@ -515,8 +513,8 @@ for the rsa_full_domain_hash routine, but better safe than sorry. | |||
515 | * @return 0 if the two are equal | 513 | * @return 0 if the two are equal |
516 | */ | 514 | */ |
517 | int | 515 | int |
518 | GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, | 516 | GNUNET_CRYPTO_rsa_signature_cmp(struct GNUNET_CRYPTO_RsaSignature *s1, |
519 | struct GNUNET_CRYPTO_RsaSignature *s2) | 517 | struct GNUNET_CRYPTO_RsaSignature *s2) |
520 | { | 518 | { |
521 | char *b1; | 519 | char *b1; |
522 | char *b2; | 520 | char *b2; |
@@ -524,18 +522,18 @@ GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, | |||
524 | size_t z2; | 522 | size_t z2; |
525 | int ret; | 523 | int ret; |
526 | 524 | ||
527 | z1 = GNUNET_CRYPTO_rsa_signature_encode (s1, | 525 | z1 = GNUNET_CRYPTO_rsa_signature_encode(s1, |
528 | &b1); | 526 | &b1); |
529 | z2 = GNUNET_CRYPTO_rsa_signature_encode (s2, | 527 | z2 = GNUNET_CRYPTO_rsa_signature_encode(s2, |
530 | &b2); | 528 | &b2); |
531 | if (z1 != z2) | 529 | if (z1 != z2) |
532 | ret = 1; | 530 | ret = 1; |
533 | else | 531 | else |
534 | ret = memcmp (b1, | 532 | ret = memcmp(b1, |
535 | b2, | 533 | b2, |
536 | z1); | 534 | z1); |
537 | GNUNET_free (b1); | 535 | GNUNET_free(b1); |
538 | GNUNET_free (b2); | 536 | GNUNET_free(b2); |
539 | return ret; | 537 | return ret; |
540 | } | 538 | } |
541 | 539 | ||
@@ -548,8 +546,8 @@ GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, | |||
548 | * @return 0 if the two are equal | 546 | * @return 0 if the two are equal |
549 | */ | 547 | */ |
550 | int | 548 | int |
551 | GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, | 549 | GNUNET_CRYPTO_rsa_public_key_cmp(struct GNUNET_CRYPTO_RsaPublicKey *p1, |
552 | struct GNUNET_CRYPTO_RsaPublicKey *p2) | 550 | struct GNUNET_CRYPTO_RsaPublicKey *p2) |
553 | { | 551 | { |
554 | char *b1; | 552 | char *b1; |
555 | char *b2; | 553 | char *b2; |
@@ -557,18 +555,18 @@ GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, | |||
557 | size_t z2; | 555 | size_t z2; |
558 | int ret; | 556 | int ret; |
559 | 557 | ||
560 | z1 = GNUNET_CRYPTO_rsa_public_key_encode (p1, | 558 | z1 = GNUNET_CRYPTO_rsa_public_key_encode(p1, |
561 | &b1); | 559 | &b1); |
562 | z2 = GNUNET_CRYPTO_rsa_public_key_encode (p2, | 560 | z2 = GNUNET_CRYPTO_rsa_public_key_encode(p2, |
563 | &b2); | 561 | &b2); |
564 | if (z1 != z2) | 562 | if (z1 != z2) |
565 | ret = 1; | 563 | ret = 1; |
566 | else | 564 | else |
567 | ret = memcmp (b1, | 565 | ret = memcmp(b1, |
568 | b2, | 566 | b2, |
569 | z1); | 567 | z1); |
570 | GNUNET_free (b1); | 568 | GNUNET_free(b1); |
571 | GNUNET_free (b2); | 569 | GNUNET_free(b2); |
572 | return ret; | 570 | return ret; |
573 | } | 571 | } |
574 | 572 | ||
@@ -581,8 +579,8 @@ GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, | |||
581 | * @return 0 if the two are equal | 579 | * @return 0 if the two are equal |
582 | */ | 580 | */ |
583 | int | 581 | int |
584 | GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, | 582 | GNUNET_CRYPTO_rsa_private_key_cmp(struct GNUNET_CRYPTO_RsaPrivateKey *p1, |
585 | struct GNUNET_CRYPTO_RsaPrivateKey *p2) | 583 | struct GNUNET_CRYPTO_RsaPrivateKey *p2) |
586 | { | 584 | { |
587 | char *b1; | 585 | char *b1; |
588 | char *b2; | 586 | char *b2; |
@@ -590,18 +588,18 @@ GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, | |||
590 | size_t z2; | 588 | size_t z2; |
591 | int ret; | 589 | int ret; |
592 | 590 | ||
593 | z1 = GNUNET_CRYPTO_rsa_private_key_encode (p1, | 591 | z1 = GNUNET_CRYPTO_rsa_private_key_encode(p1, |
594 | &b1); | 592 | &b1); |
595 | z2 = GNUNET_CRYPTO_rsa_private_key_encode (p2, | 593 | z2 = GNUNET_CRYPTO_rsa_private_key_encode(p2, |
596 | &b2); | 594 | &b2); |
597 | if (z1 != z2) | 595 | if (z1 != z2) |
598 | ret = 1; | 596 | ret = 1; |
599 | else | 597 | else |
600 | ret = memcmp (b1, | 598 | ret = memcmp(b1, |
601 | b2, | 599 | b2, |
602 | z1); | 600 | z1); |
603 | GNUNET_free (b1); | 601 | GNUNET_free(b1); |
604 | GNUNET_free (b2); | 602 | GNUNET_free(b2); |
605 | return ret; | 603 | return ret; |
606 | } | 604 | } |
607 | 605 | ||
@@ -613,18 +611,18 @@ GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, | |||
613 | * @return length of the key in bits | 611 | * @return length of the key in bits |
614 | */ | 612 | */ |
615 | unsigned int | 613 | unsigned int |
616 | GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key) | 614 | GNUNET_CRYPTO_rsa_public_key_len(const struct GNUNET_CRYPTO_RsaPublicKey *key) |
617 | { | 615 | { |
618 | gcry_mpi_t n; | 616 | gcry_mpi_t n; |
619 | unsigned int rval; | 617 | unsigned int rval; |
620 | 618 | ||
621 | if (0 != key_from_sexp (&n, key->sexp, "rsa", "n")) | 619 | if (0 != key_from_sexp(&n, key->sexp, "rsa", "n")) |
622 | { /* Not an RSA public key */ | 620 | { /* Not an RSA public key */ |
623 | GNUNET_break (0); | 621 | GNUNET_break(0); |
624 | return 0; | 622 | return 0; |
625 | } | 623 | } |
626 | rval = gcry_mpi_get_nbits (n); | 624 | rval = gcry_mpi_get_nbits(n); |
627 | gcry_mpi_release (n); | 625 | gcry_mpi_release(n); |
628 | return rval; | 626 | return rval; |
629 | } | 627 | } |
630 | 628 | ||
@@ -635,10 +633,10 @@ GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key) | |||
635 | * @param bkey the blinding key to destroy | 633 | * @param bkey the blinding key to destroy |
636 | */ | 634 | */ |
637 | static void | 635 | static void |
638 | rsa_blinding_key_free (struct RsaBlindingKey *bkey) | 636 | rsa_blinding_key_free(struct RsaBlindingKey *bkey) |
639 | { | 637 | { |
640 | gcry_mpi_release (bkey->r); | 638 | gcry_mpi_release(bkey->r); |
641 | GNUNET_free (bkey); | 639 | GNUNET_free(bkey); |
642 | } | 640 | } |
643 | 641 | ||
644 | 642 | ||
@@ -650,25 +648,25 @@ rsa_blinding_key_free (struct RsaBlindingKey *bkey) | |||
650 | * @return number of bytes stored in @a buffer | 648 | * @return number of bytes stored in @a buffer |
651 | */ | 649 | */ |
652 | static size_t | 650 | static size_t |
653 | numeric_mpi_alloc_n_print (gcry_mpi_t v, | 651 | numeric_mpi_alloc_n_print(gcry_mpi_t v, |
654 | char **buffer) | 652 | char **buffer) |
655 | { | 653 | { |
656 | size_t n; | 654 | size_t n; |
657 | char *b; | 655 | char *b; |
658 | size_t rsize; | 656 | size_t rsize; |
659 | 657 | ||
660 | gcry_mpi_print (GCRYMPI_FMT_USG, | 658 | gcry_mpi_print(GCRYMPI_FMT_USG, |
661 | NULL, | 659 | NULL, |
662 | 0, | 660 | 0, |
663 | &n, | 661 | &n, |
664 | v); | 662 | v); |
665 | b = GNUNET_malloc (n); | 663 | b = GNUNET_malloc(n); |
666 | GNUNET_assert (0 == | 664 | GNUNET_assert(0 == |
667 | gcry_mpi_print (GCRYMPI_FMT_USG, | 665 | gcry_mpi_print(GCRYMPI_FMT_USG, |
668 | (unsigned char *) b, | 666 | (unsigned char *)b, |
669 | n, | 667 | n, |
670 | &rsize, | 668 | &rsize, |
671 | v)); | 669 | v)); |
672 | *buffer = b; | 670 | *buffer = b; |
673 | return n; | 671 | return n; |
674 | } | 672 | } |
@@ -687,37 +685,37 @@ numeric_mpi_alloc_n_print (gcry_mpi_t v, | |||
687 | * @return MPI value set to the FDH, NULL if RSA key is malicious | 685 | * @return MPI value set to the FDH, NULL if RSA key is malicious |
688 | */ | 686 | */ |
689 | static gcry_mpi_t | 687 | static gcry_mpi_t |
690 | rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | 688 | rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, |
691 | const struct GNUNET_HashCode *hash) | 689 | const struct GNUNET_HashCode *hash) |
692 | { | 690 | { |
693 | gcry_mpi_t r,n; | 691 | gcry_mpi_t r, n; |
694 | char *xts; | 692 | char *xts; |
695 | size_t xts_len; | 693 | size_t xts_len; |
696 | int ok; | 694 | int ok; |
697 | 695 | ||
698 | /* Extract the composite n from the RSA public key */ | 696 | /* Extract the composite n from the RSA public key */ |
699 | GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") ); | 697 | GNUNET_assert(0 == key_from_sexp(&n, pkey->sexp, "rsa", "n")); |
700 | /* Assert that it at least looks like an RSA key */ | 698 | /* Assert that it at least looks like an RSA key */ |
701 | GNUNET_assert( 0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE) ); | 699 | GNUNET_assert(0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE)); |
702 | 700 | ||
703 | /* We key with the public denomination key as a homage to RSA-PSS by * | 701 | /* We key with the public denomination key as a homage to RSA-PSS by * |
704 | * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree * | 702 | * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree * |
705 | * of the hypothetical polyomial-time attack on RSA-KTI created by a * | 703 | * of the hypothetical polyomial-time attack on RSA-KTI created by a * |
706 | * polynomial-time one-more forgary attack. Yey seeding! */ | 704 | * polynomial-time one-more forgary attack. Yey seeding! */ |
707 | xts_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, &xts); | 705 | xts_len = GNUNET_CRYPTO_rsa_public_key_encode(pkey, &xts); |
708 | 706 | ||
709 | GNUNET_CRYPTO_kdf_mod_mpi (&r, | 707 | GNUNET_CRYPTO_kdf_mod_mpi(&r, |
710 | n, | 708 | n, |
711 | xts, xts_len, | 709 | xts, xts_len, |
712 | hash, sizeof(*hash), | 710 | hash, sizeof(*hash), |
713 | "RSA-FDA FTpsW!"); | 711 | "RSA-FDA FTpsW!"); |
714 | GNUNET_free (xts); | 712 | GNUNET_free(xts); |
715 | 713 | ||
716 | ok = rsa_gcd_validate(r,n); | 714 | ok = rsa_gcd_validate(r, n); |
717 | gcry_mpi_release (n); | 715 | gcry_mpi_release(n); |
718 | if (ok) | 716 | if (ok) |
719 | return r; | 717 | return r; |
720 | gcry_mpi_release (r); | 718 | gcry_mpi_release(r); |
721 | return NULL; | 719 | return NULL; |
722 | } | 720 | } |
723 | 721 | ||
@@ -733,10 +731,10 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | |||
733 | * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious | 731 | * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious |
734 | */ | 732 | */ |
735 | int | 733 | int |
736 | GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, | 734 | GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash, |
737 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, | 735 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, |
738 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, | 736 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, |
739 | char **buf, size_t *buf_size) | 737 | char **buf, size_t *buf_size) |
740 | { | 738 | { |
741 | struct RsaBlindingKey *bkey; | 739 | struct RsaBlindingKey *bkey; |
742 | gcry_mpi_t data; | 740 | gcry_mpi_t data; |
@@ -745,58 +743,59 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, | |||
745 | gcry_mpi_t data_r_e; | 743 | gcry_mpi_t data_r_e; |
746 | int ret; | 744 | int ret; |
747 | 745 | ||
748 | BENCHMARK_START (rsa_blind); | 746 | BENCHMARK_START(rsa_blind); |
749 | 747 | ||
750 | GNUNET_assert (buf != NULL && buf_size != NULL); | 748 | GNUNET_assert(buf != NULL && buf_size != NULL); |
751 | ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne"); | 749 | ret = key_from_sexp(ne, pkey->sexp, "public-key", "ne"); |
752 | if (0 != ret) | 750 | if (0 != ret) |
753 | ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne"); | 751 | ret = key_from_sexp(ne, pkey->sexp, "rsa", "ne"); |
754 | if (0 != ret) | 752 | if (0 != ret) |
755 | { | 753 | { |
756 | GNUNET_break (0); | 754 | GNUNET_break(0); |
757 | *buf = NULL; | 755 | *buf = NULL; |
758 | *buf_size = 0; | 756 | *buf_size = 0; |
759 | return 0; | 757 | return 0; |
760 | } | 758 | } |
761 | 759 | ||
762 | data = rsa_full_domain_hash (pkey, hash); | 760 | data = rsa_full_domain_hash(pkey, hash); |
763 | if (NULL == data) | 761 | if (NULL == data) |
764 | goto rsa_gcd_validate_failure; | 762 | goto rsa_gcd_validate_failure; |
765 | 763 | ||
766 | bkey = rsa_blinding_key_derive (pkey, bks); | 764 | bkey = rsa_blinding_key_derive(pkey, bks); |
767 | if (NULL == bkey) { | 765 | if (NULL == bkey) |
768 | gcry_mpi_release (data); | 766 | { |
769 | goto rsa_gcd_validate_failure; | 767 | gcry_mpi_release(data); |
770 | } | 768 | goto rsa_gcd_validate_failure; |
771 | 769 | } | |
772 | r_e = gcry_mpi_new (0); | 770 | |
773 | gcry_mpi_powm (r_e, | 771 | r_e = gcry_mpi_new(0); |
774 | bkey->r, | 772 | gcry_mpi_powm(r_e, |
775 | ne[1], | 773 | bkey->r, |
776 | ne[0]); | 774 | ne[1], |
777 | data_r_e = gcry_mpi_new (0); | 775 | ne[0]); |
778 | gcry_mpi_mulm (data_r_e, | 776 | data_r_e = gcry_mpi_new(0); |
779 | data, | 777 | gcry_mpi_mulm(data_r_e, |
780 | r_e, | 778 | data, |
781 | ne[0]); | 779 | r_e, |
782 | gcry_mpi_release (data); | 780 | ne[0]); |
783 | gcry_mpi_release (ne[0]); | 781 | gcry_mpi_release(data); |
784 | gcry_mpi_release (ne[1]); | 782 | gcry_mpi_release(ne[0]); |
785 | gcry_mpi_release (r_e); | 783 | gcry_mpi_release(ne[1]); |
786 | rsa_blinding_key_free (bkey); | 784 | gcry_mpi_release(r_e); |
787 | 785 | rsa_blinding_key_free(bkey); | |
788 | *buf_size = numeric_mpi_alloc_n_print (data_r_e, buf); | 786 | |
789 | gcry_mpi_release (data_r_e); | 787 | *buf_size = numeric_mpi_alloc_n_print(data_r_e, buf); |
790 | 788 | gcry_mpi_release(data_r_e); | |
791 | BENCHMARK_END (rsa_blind); | 789 | |
790 | BENCHMARK_END(rsa_blind); | ||
792 | 791 | ||
793 | return GNUNET_YES; | 792 | return GNUNET_YES; |
794 | 793 | ||
795 | rsa_gcd_validate_failure: | 794 | rsa_gcd_validate_failure: |
796 | /* We know the RSA key is malicious here, so warn the wallet. */ | 795 | /* We know the RSA key is malicious here, so warn the wallet. */ |
797 | /* GNUNET_break_op (0); */ | 796 | /* GNUNET_break_op (0); */ |
798 | gcry_mpi_release (ne[0]); | 797 | gcry_mpi_release(ne[0]); |
799 | gcry_mpi_release (ne[1]); | 798 | gcry_mpi_release(ne[1]); |
800 | *buf = NULL; | 799 | *buf = NULL; |
801 | *buf_size = 0; | 800 | *buf_size = 0; |
802 | return GNUNET_NO; | 801 | return GNUNET_NO; |
@@ -810,15 +809,15 @@ rsa_gcd_validate_failure: | |||
810 | * @return converted s-expression | 809 | * @return converted s-expression |
811 | */ | 810 | */ |
812 | static gcry_sexp_t | 811 | static gcry_sexp_t |
813 | mpi_to_sexp (gcry_mpi_t value) | 812 | mpi_to_sexp(gcry_mpi_t value) |
814 | { | 813 | { |
815 | gcry_sexp_t data = NULL; | 814 | gcry_sexp_t data = NULL; |
816 | 815 | ||
817 | GNUNET_assert (0 == | 816 | GNUNET_assert(0 == |
818 | gcry_sexp_build (&data, | 817 | gcry_sexp_build(&data, |
819 | NULL, | 818 | NULL, |
820 | "(data (flags raw) (value %M))", | 819 | "(data (flags raw) (value %M))", |
821 | value)); | 820 | value)); |
822 | return data; | 821 | return data; |
823 | } | 822 | } |
824 | 823 | ||
@@ -831,53 +830,53 @@ mpi_to_sexp (gcry_mpi_t value) | |||
831 | * @return NULL on error, signature on success | 830 | * @return NULL on error, signature on success |
832 | */ | 831 | */ |
833 | static struct GNUNET_CRYPTO_RsaSignature * | 832 | static struct GNUNET_CRYPTO_RsaSignature * |
834 | rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 833 | rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
835 | gcry_mpi_t value) | 834 | gcry_mpi_t value) |
836 | { | 835 | { |
837 | struct GNUNET_CRYPTO_RsaSignature *sig; | 836 | struct GNUNET_CRYPTO_RsaSignature *sig; |
838 | gcry_sexp_t data; | 837 | gcry_sexp_t data; |
839 | gcry_sexp_t result; | 838 | gcry_sexp_t result; |
840 | int rc; | 839 | int rc; |
841 | 840 | ||
842 | data = mpi_to_sexp (value); | 841 | data = mpi_to_sexp(value); |
843 | 842 | ||
844 | if (0 != | 843 | if (0 != |
845 | (rc = gcry_pk_sign (&result, | 844 | (rc = gcry_pk_sign(&result, |
846 | data, | 845 | data, |
847 | key->sexp))) | 846 | key->sexp))) |
848 | { | 847 | { |
849 | LOG (GNUNET_ERROR_TYPE_WARNING, | 848 | LOG(GNUNET_ERROR_TYPE_WARNING, |
850 | _("RSA signing failed at %s:%d: %s\n"), | 849 | _("RSA signing failed at %s:%d: %s\n"), |
851 | __FILE__, | 850 | __FILE__, |
852 | __LINE__, | 851 | __LINE__, |
853 | gcry_strerror (rc)); | 852 | gcry_strerror(rc)); |
854 | GNUNET_break (0); | 853 | GNUNET_break(0); |
855 | return NULL; | 854 | return NULL; |
856 | } | 855 | } |
857 | 856 | ||
858 | /* Lenstra protection was first added to libgcrypt 1.6.4 | 857 | /* Lenstra protection was first added to libgcrypt 1.6.4 |
859 | * with commit c17f84bd02d7ee93845e92e20f6ddba814961588. | 858 | * with commit c17f84bd02d7ee93845e92e20f6ddba814961588. |
860 | */ | 859 | */ |
861 | #if GCRYPT_VERSION_NUMBER < 0x010604 | 860 | #if GCRYPT_VERSION_NUMBER < 0x010604 |
862 | /* verify signature (guards against Lenstra's attack with fault injection...) */ | 861 | /* verify signature (guards against Lenstra's attack with fault injection...) */ |
863 | struct GNUNET_CRYPTO_RsaPublicKey *public_key = GNUNET_CRYPTO_rsa_private_key_get_public (key); | 862 | struct GNUNET_CRYPTO_RsaPublicKey *public_key = GNUNET_CRYPTO_rsa_private_key_get_public(key); |
864 | if (0 != | 863 | if (0 != |
865 | gcry_pk_verify (result, | 864 | gcry_pk_verify(result, |
866 | data, | 865 | data, |
867 | public_key->sexp)) | 866 | public_key->sexp)) |
868 | { | 867 | { |
869 | GNUNET_break (0); | 868 | GNUNET_break(0); |
870 | GNUNET_CRYPTO_rsa_public_key_free (public_key); | 869 | GNUNET_CRYPTO_rsa_public_key_free(public_key); |
871 | gcry_sexp_release (data); | 870 | gcry_sexp_release(data); |
872 | gcry_sexp_release (result); | 871 | gcry_sexp_release(result); |
873 | return NULL; | 872 | return NULL; |
874 | } | 873 | } |
875 | GNUNET_CRYPTO_rsa_public_key_free (public_key); | 874 | GNUNET_CRYPTO_rsa_public_key_free(public_key); |
876 | #endif | 875 | #endif |
877 | 876 | ||
878 | /* return signature */ | 877 | /* return signature */ |
879 | gcry_sexp_release (data); | 878 | gcry_sexp_release(data); |
880 | sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); | 879 | sig = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); |
881 | sig->sexp = result; | 880 | sig->sexp = result; |
882 | return sig; | 881 | return sig; |
883 | } | 882 | } |
@@ -892,25 +891,25 @@ rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
892 | * @return NULL on error, signature on success | 891 | * @return NULL on error, signature on success |
893 | */ | 892 | */ |
894 | struct GNUNET_CRYPTO_RsaSignature * | 893 | struct GNUNET_CRYPTO_RsaSignature * |
895 | GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 894 | GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
896 | const void *msg, | 895 | const void *msg, |
897 | size_t msg_len) | 896 | size_t msg_len) |
898 | { | 897 | { |
899 | gcry_mpi_t v = NULL; | 898 | gcry_mpi_t v = NULL; |
900 | struct GNUNET_CRYPTO_RsaSignature *sig; | 899 | struct GNUNET_CRYPTO_RsaSignature *sig; |
901 | 900 | ||
902 | BENCHMARK_START (rsa_sign_blinded); | 901 | BENCHMARK_START(rsa_sign_blinded); |
903 | 902 | ||
904 | GNUNET_assert (0 == | 903 | GNUNET_assert(0 == |
905 | gcry_mpi_scan (&v, | 904 | gcry_mpi_scan(&v, |
906 | GCRYMPI_FMT_USG, | 905 | GCRYMPI_FMT_USG, |
907 | msg, | 906 | msg, |
908 | msg_len, | 907 | msg_len, |
909 | NULL)); | 908 | NULL)); |
910 | 909 | ||
911 | sig = rsa_sign_mpi (key, v); | 910 | sig = rsa_sign_mpi(key, v); |
912 | gcry_mpi_release (v); | 911 | gcry_mpi_release(v); |
913 | BENCHMARK_END (rsa_sign_blinded); | 912 | BENCHMARK_END(rsa_sign_blinded); |
914 | return sig; | 913 | return sig; |
915 | } | 914 | } |
916 | 915 | ||
@@ -923,21 +922,21 @@ GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
923 | * @return NULL on error, including a malicious RSA key, signature on success | 922 | * @return NULL on error, including a malicious RSA key, signature on success |
924 | */ | 923 | */ |
925 | struct GNUNET_CRYPTO_RsaSignature * | 924 | struct GNUNET_CRYPTO_RsaSignature * |
926 | GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 925 | GNUNET_CRYPTO_rsa_sign_fdh(const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
927 | const struct GNUNET_HashCode *hash) | 926 | const struct GNUNET_HashCode *hash) |
928 | { | 927 | { |
929 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; | 928 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; |
930 | gcry_mpi_t v = NULL; | 929 | gcry_mpi_t v = NULL; |
931 | struct GNUNET_CRYPTO_RsaSignature *sig; | 930 | struct GNUNET_CRYPTO_RsaSignature *sig; |
932 | 931 | ||
933 | pkey = GNUNET_CRYPTO_rsa_private_key_get_public (key); | 932 | pkey = GNUNET_CRYPTO_rsa_private_key_get_public(key); |
934 | v = rsa_full_domain_hash (pkey, hash); | 933 | v = rsa_full_domain_hash(pkey, hash); |
935 | GNUNET_CRYPTO_rsa_public_key_free (pkey); | 934 | GNUNET_CRYPTO_rsa_public_key_free(pkey); |
936 | if (NULL == v) /* rsa_gcd_validate failed meaning */ | 935 | if (NULL == v) /* rsa_gcd_validate failed meaning */ |
937 | return NULL; /* our *own* RSA key is malicious. */ | 936 | return NULL; /* our *own* RSA key is malicious. */ |
938 | 937 | ||
939 | sig = rsa_sign_mpi (key, v); | 938 | sig = rsa_sign_mpi(key, v); |
940 | gcry_mpi_release (v); | 939 | gcry_mpi_release(v); |
941 | return sig; | 940 | return sig; |
942 | } | 941 | } |
943 | 942 | ||
@@ -948,10 +947,10 @@ GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
948 | * @param sig memory to freee | 947 | * @param sig memory to freee |
949 | */ | 948 | */ |
950 | void | 949 | void |
951 | GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig) | 950 | GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig) |
952 | { | 951 | { |
953 | gcry_sexp_release (sig->sexp); | 952 | gcry_sexp_release(sig->sexp); |
954 | GNUNET_free (sig); | 953 | GNUNET_free(sig); |
955 | } | 954 | } |
956 | 955 | ||
957 | 956 | ||
@@ -963,22 +962,22 @@ GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig) | |||
963 | * @return size of memory allocated in @a buffer | 962 | * @return size of memory allocated in @a buffer |
964 | */ | 963 | */ |
965 | size_t | 964 | size_t |
966 | GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, | 965 | GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, |
967 | char **buffer) | 966 | char **buffer) |
968 | { | 967 | { |
969 | size_t n; | 968 | size_t n; |
970 | char *b; | 969 | char *b; |
971 | 970 | ||
972 | n = gcry_sexp_sprint (sig->sexp, | 971 | n = gcry_sexp_sprint(sig->sexp, |
973 | GCRYSEXP_FMT_ADVANCED, | 972 | GCRYSEXP_FMT_ADVANCED, |
974 | NULL, | 973 | NULL, |
975 | 0); | 974 | 0); |
976 | b = GNUNET_malloc (n); | 975 | b = GNUNET_malloc(n); |
977 | GNUNET_assert ((n - 1) == /* since the last byte is \0 */ | 976 | GNUNET_assert((n - 1) == /* since the last byte is \0 */ |
978 | gcry_sexp_sprint (sig->sexp, | 977 | gcry_sexp_sprint(sig->sexp, |
979 | GCRYSEXP_FMT_ADVANCED, | 978 | GCRYSEXP_FMT_ADVANCED, |
980 | b, | 979 | b, |
981 | n)); | 980 | n)); |
982 | *buffer = b; | 981 | *buffer = b; |
983 | return n; | 982 | return n; |
984 | } | 983 | } |
@@ -993,37 +992,37 @@ GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig | |||
993 | * @return NULL on error | 992 | * @return NULL on error |
994 | */ | 993 | */ |
995 | struct GNUNET_CRYPTO_RsaSignature * | 994 | struct GNUNET_CRYPTO_RsaSignature * |
996 | GNUNET_CRYPTO_rsa_signature_decode (const char *buf, | 995 | GNUNET_CRYPTO_rsa_signature_decode(const char *buf, |
997 | size_t len) | 996 | size_t len) |
998 | { | 997 | { |
999 | struct GNUNET_CRYPTO_RsaSignature *sig; | 998 | struct GNUNET_CRYPTO_RsaSignature *sig; |
1000 | int ret; | 999 | int ret; |
1001 | gcry_mpi_t s; | 1000 | gcry_mpi_t s; |
1002 | 1001 | ||
1003 | sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); | 1002 | sig = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); |
1004 | if (0 != | 1003 | if (0 != |
1005 | gcry_sexp_new (&sig->sexp, | 1004 | gcry_sexp_new(&sig->sexp, |
1006 | buf, | 1005 | buf, |
1007 | len, | 1006 | len, |
1008 | 0)) | 1007 | 0)) |
1009 | { | 1008 | { |
1010 | GNUNET_break_op (0); | 1009 | GNUNET_break_op(0); |
1011 | GNUNET_free (sig); | 1010 | GNUNET_free(sig); |
1012 | return NULL; | 1011 | return NULL; |
1013 | } | 1012 | } |
1014 | /* verify that this is an RSA signature */ | 1013 | /* verify that this is an RSA signature */ |
1015 | ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); | 1014 | ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); |
1016 | if (0 != ret) | 1015 | if (0 != ret) |
1017 | ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); | 1016 | ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); |
1018 | if (0 != ret) | 1017 | if (0 != ret) |
1019 | { | 1018 | { |
1020 | /* this is no RSA Signature */ | 1019 | /* this is no RSA Signature */ |
1021 | GNUNET_break_op (0); | 1020 | GNUNET_break_op(0); |
1022 | gcry_sexp_release (sig->sexp); | 1021 | gcry_sexp_release(sig->sexp); |
1023 | GNUNET_free (sig); | 1022 | GNUNET_free(sig); |
1024 | return NULL; | 1023 | return NULL; |
1025 | } | 1024 | } |
1026 | gcry_mpi_release (s); | 1025 | gcry_mpi_release(s); |
1027 | return sig; | 1026 | return sig; |
1028 | } | 1027 | } |
1029 | 1028 | ||
@@ -1035,19 +1034,19 @@ GNUNET_CRYPTO_rsa_signature_decode (const char *buf, | |||
1035 | * @return the duplicate key; NULL upon error | 1034 | * @return the duplicate key; NULL upon error |
1036 | */ | 1035 | */ |
1037 | struct GNUNET_CRYPTO_RsaPublicKey * | 1036 | struct GNUNET_CRYPTO_RsaPublicKey * |
1038 | GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key) | 1037 | GNUNET_CRYPTO_rsa_public_key_dup(const struct GNUNET_CRYPTO_RsaPublicKey *key) |
1039 | { | 1038 | { |
1040 | struct GNUNET_CRYPTO_RsaPublicKey *dup; | 1039 | struct GNUNET_CRYPTO_RsaPublicKey *dup; |
1041 | gcry_sexp_t dup_sexp; | 1040 | gcry_sexp_t dup_sexp; |
1042 | size_t erroff; | 1041 | size_t erroff; |
1043 | 1042 | ||
1044 | /* check if we really are exporting a public key */ | 1043 | /* check if we really are exporting a public key */ |
1045 | dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0); | 1044 | dup_sexp = gcry_sexp_find_token(key->sexp, "public-key", 0); |
1046 | GNUNET_assert (NULL != dup_sexp); | 1045 | GNUNET_assert(NULL != dup_sexp); |
1047 | gcry_sexp_release (dup_sexp); | 1046 | gcry_sexp_release(dup_sexp); |
1048 | /* copy the sexp */ | 1047 | /* copy the sexp */ |
1049 | GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp)); | 1048 | GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", key->sexp)); |
1050 | dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); | 1049 | dup = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); |
1051 | dup->sexp = dup_sexp; | 1050 | dup->sexp = dup_sexp; |
1052 | return dup; | 1051 | return dup; |
1053 | } | 1052 | } |
@@ -1064,9 +1063,9 @@ GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key) | |||
1064 | * @return unblinded signature on success, NULL if RSA key is bad or malicious. | 1063 | * @return unblinded signature on success, NULL if RSA key is bad or malicious. |
1065 | */ | 1064 | */ |
1066 | struct GNUNET_CRYPTO_RsaSignature * | 1065 | struct GNUNET_CRYPTO_RsaSignature * |
1067 | GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, | 1066 | GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, |
1068 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, | 1067 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, |
1069 | struct GNUNET_CRYPTO_RsaPublicKey *pkey) | 1068 | struct GNUNET_CRYPTO_RsaPublicKey *pkey) |
1070 | { | 1069 | { |
1071 | struct RsaBlindingKey *bkey; | 1070 | struct RsaBlindingKey *bkey; |
1072 | gcry_mpi_t n; | 1071 | gcry_mpi_t n; |
@@ -1076,70 +1075,70 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, | |||
1076 | int ret; | 1075 | int ret; |
1077 | struct GNUNET_CRYPTO_RsaSignature *sret; | 1076 | struct GNUNET_CRYPTO_RsaSignature *sret; |
1078 | 1077 | ||
1079 | BENCHMARK_START (rsa_unblind); | 1078 | BENCHMARK_START(rsa_unblind); |
1080 | 1079 | ||
1081 | ret = key_from_sexp (&n, pkey->sexp, "public-key", "n"); | 1080 | ret = key_from_sexp(&n, pkey->sexp, "public-key", "n"); |
1082 | if (0 != ret) | 1081 | if (0 != ret) |
1083 | ret = key_from_sexp (&n, pkey->sexp, "rsa", "n"); | 1082 | ret = key_from_sexp(&n, pkey->sexp, "rsa", "n"); |
1084 | if (0 != ret) | 1083 | if (0 != ret) |
1085 | { | 1084 | { |
1086 | GNUNET_break_op (0); | 1085 | GNUNET_break_op(0); |
1087 | return NULL; | 1086 | return NULL; |
1088 | } | 1087 | } |
1089 | ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); | 1088 | ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); |
1090 | if (0 != ret) | 1089 | if (0 != ret) |
1091 | ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); | 1090 | ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); |
1092 | if (0 != ret) | 1091 | if (0 != ret) |
1093 | { | 1092 | { |
1094 | gcry_mpi_release (n); | 1093 | gcry_mpi_release(n); |
1095 | GNUNET_break_op (0); | 1094 | GNUNET_break_op(0); |
1096 | return NULL; | 1095 | return NULL; |
1097 | } | 1096 | } |
1098 | 1097 | ||
1099 | bkey = rsa_blinding_key_derive (pkey, bks); | 1098 | bkey = rsa_blinding_key_derive(pkey, bks); |
1100 | if (NULL == bkey) | 1099 | if (NULL == bkey) |
1101 | { | 1100 | { |
1102 | /* RSA key is malicious since rsa_gcd_validate failed here. | 1101 | /* RSA key is malicious since rsa_gcd_validate failed here. |
1103 | * It should have failed during GNUNET_CRYPTO_rsa_blind too though, | 1102 | * It should have failed during GNUNET_CRYPTO_rsa_blind too though, |
1104 | * so the exchange is being malicious in an unfamilair way, maybe | 1103 | * so the exchange is being malicious in an unfamilair way, maybe |
1105 | * just trying to crash us. */ | 1104 | * just trying to crash us. */ |
1106 | GNUNET_break_op (0); | 1105 | GNUNET_break_op(0); |
1107 | gcry_mpi_release (n); | 1106 | gcry_mpi_release(n); |
1108 | gcry_mpi_release (s); | 1107 | gcry_mpi_release(s); |
1109 | return NULL; | 1108 | return NULL; |
1110 | } | 1109 | } |
1111 | 1110 | ||
1112 | r_inv = gcry_mpi_new (0); | 1111 | r_inv = gcry_mpi_new(0); |
1113 | if (1 != | 1112 | if (1 != |
1114 | gcry_mpi_invm (r_inv, | 1113 | gcry_mpi_invm(r_inv, |
1115 | bkey->r, | 1114 | bkey->r, |
1116 | n)) | 1115 | n)) |
1117 | { | 1116 | { |
1118 | /* We cannot find r mod n, so gcd(r,n) != 1, which should get * | 1117 | /* We cannot find r mod n, so gcd(r,n) != 1, which should get * |
1119 | * caught above, but we handle it the same here. */ | 1118 | * caught above, but we handle it the same here. */ |
1120 | GNUNET_break_op (0); | 1119 | GNUNET_break_op(0); |
1121 | gcry_mpi_release (r_inv); | 1120 | gcry_mpi_release(r_inv); |
1122 | rsa_blinding_key_free (bkey); | 1121 | rsa_blinding_key_free(bkey); |
1123 | gcry_mpi_release (n); | 1122 | gcry_mpi_release(n); |
1124 | gcry_mpi_release (s); | 1123 | gcry_mpi_release(s); |
1125 | return NULL; | 1124 | return NULL; |
1126 | } | 1125 | } |
1127 | 1126 | ||
1128 | ubsig = gcry_mpi_new (0); | 1127 | ubsig = gcry_mpi_new(0); |
1129 | gcry_mpi_mulm (ubsig, s, r_inv, n); | 1128 | gcry_mpi_mulm(ubsig, s, r_inv, n); |
1130 | gcry_mpi_release (n); | 1129 | gcry_mpi_release(n); |
1131 | gcry_mpi_release (r_inv); | 1130 | gcry_mpi_release(r_inv); |
1132 | gcry_mpi_release (s); | 1131 | gcry_mpi_release(s); |
1133 | rsa_blinding_key_free (bkey); | 1132 | rsa_blinding_key_free(bkey); |
1134 | 1133 | ||
1135 | sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); | 1134 | sret = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); |
1136 | GNUNET_assert (0 == | 1135 | GNUNET_assert(0 == |
1137 | gcry_sexp_build (&sret->sexp, | 1136 | gcry_sexp_build(&sret->sexp, |
1138 | NULL, | 1137 | NULL, |
1139 | "(sig-val (rsa (s %M)))", | 1138 | "(sig-val (rsa (s %M)))", |
1140 | ubsig)); | 1139 | ubsig)); |
1141 | gcry_mpi_release (ubsig); | 1140 | gcry_mpi_release(ubsig); |
1142 | BENCHMARK_END (rsa_unblind); | 1141 | BENCHMARK_END(rsa_unblind); |
1143 | return sret; | 1142 | return sret; |
1144 | } | 1143 | } |
1145 | 1144 | ||
@@ -1154,46 +1153,47 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, | |||
1154 | * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid | 1153 | * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid |
1155 | */ | 1154 | */ |
1156 | int | 1155 | int |
1157 | GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, | 1156 | GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash, |
1158 | const struct GNUNET_CRYPTO_RsaSignature *sig, | 1157 | const struct GNUNET_CRYPTO_RsaSignature *sig, |
1159 | const struct GNUNET_CRYPTO_RsaPublicKey *pkey) | 1158 | const struct GNUNET_CRYPTO_RsaPublicKey *pkey) |
1160 | { | 1159 | { |
1161 | gcry_sexp_t data; | 1160 | gcry_sexp_t data; |
1162 | gcry_mpi_t r; | 1161 | gcry_mpi_t r; |
1163 | int rc; | 1162 | int rc; |
1164 | 1163 | ||
1165 | BENCHMARK_START (rsa_verify); | 1164 | BENCHMARK_START(rsa_verify); |
1166 | 1165 | ||
1167 | r = rsa_full_domain_hash (pkey, hash); | 1166 | r = rsa_full_domain_hash(pkey, hash); |
1168 | if (NULL == r) { | 1167 | if (NULL == r) |
1169 | GNUNET_break_op (0); | 1168 | { |
1170 | /* RSA key is malicious since rsa_gcd_validate failed here. | 1169 | GNUNET_break_op(0); |
1171 | * It should have failed during GNUNET_CRYPTO_rsa_blind too though, | 1170 | /* RSA key is malicious since rsa_gcd_validate failed here. |
1172 | * so the exchange is being malicious in an unfamilair way, maybe | 1171 | * It should have failed during GNUNET_CRYPTO_rsa_blind too though, |
1173 | * just trying to crash us. Arguably, we've only an internal error | 1172 | * so the exchange is being malicious in an unfamilair way, maybe |
1174 | * though because we should've detected this in our previous call | 1173 | * just trying to crash us. Arguably, we've only an internal error |
1175 | * to GNUNET_CRYPTO_rsa_unblind. */ | 1174 | * though because we should've detected this in our previous call |
1176 | return GNUNET_NO; | 1175 | * to GNUNET_CRYPTO_rsa_unblind. */ |
1177 | } | 1176 | return GNUNET_NO; |
1177 | } | ||
1178 | 1178 | ||
1179 | data = mpi_to_sexp(r); | 1179 | data = mpi_to_sexp(r); |
1180 | gcry_mpi_release (r); | 1180 | gcry_mpi_release(r); |
1181 | 1181 | ||
1182 | rc = gcry_pk_verify (sig->sexp, | 1182 | rc = gcry_pk_verify(sig->sexp, |
1183 | data, | 1183 | data, |
1184 | pkey->sexp); | 1184 | pkey->sexp); |
1185 | gcry_sexp_release (data); | 1185 | gcry_sexp_release(data); |
1186 | if (0 != rc) | 1186 | if (0 != rc) |
1187 | { | 1187 | { |
1188 | LOG (GNUNET_ERROR_TYPE_WARNING, | 1188 | LOG(GNUNET_ERROR_TYPE_WARNING, |
1189 | _("RSA signature verification failed at %s:%d: %s\n"), | 1189 | _("RSA signature verification failed at %s:%d: %s\n"), |
1190 | __FILE__, | 1190 | __FILE__, |
1191 | __LINE__, | 1191 | __LINE__, |
1192 | gcry_strerror (rc)); | 1192 | gcry_strerror(rc)); |
1193 | return GNUNET_SYSERR; | 1193 | return GNUNET_SYSERR; |
1194 | BENCHMARK_END (rsa_verify); | 1194 | BENCHMARK_END(rsa_verify); |
1195 | } | 1195 | } |
1196 | BENCHMARK_END (rsa_verify); | 1196 | BENCHMARK_END(rsa_verify); |
1197 | return GNUNET_OK; | 1197 | return GNUNET_OK; |
1198 | } | 1198 | } |
1199 | 1199 | ||
@@ -1205,19 +1205,19 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, | |||
1205 | * @return the duplicate key; NULL upon error | 1205 | * @return the duplicate key; NULL upon error |
1206 | */ | 1206 | */ |
1207 | struct GNUNET_CRYPTO_RsaPrivateKey * | 1207 | struct GNUNET_CRYPTO_RsaPrivateKey * |
1208 | GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key) | 1208 | GNUNET_CRYPTO_rsa_private_key_dup(const struct GNUNET_CRYPTO_RsaPrivateKey *key) |
1209 | { | 1209 | { |
1210 | struct GNUNET_CRYPTO_RsaPrivateKey *dup; | 1210 | struct GNUNET_CRYPTO_RsaPrivateKey *dup; |
1211 | gcry_sexp_t dup_sexp; | 1211 | gcry_sexp_t dup_sexp; |
1212 | size_t erroff; | 1212 | size_t erroff; |
1213 | 1213 | ||
1214 | /* check if we really are exporting a private key */ | 1214 | /* check if we really are exporting a private key */ |
1215 | dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0); | 1215 | dup_sexp = gcry_sexp_find_token(key->sexp, "private-key", 0); |
1216 | GNUNET_assert (NULL != dup_sexp); | 1216 | GNUNET_assert(NULL != dup_sexp); |
1217 | gcry_sexp_release (dup_sexp); | 1217 | gcry_sexp_release(dup_sexp); |
1218 | /* copy the sexp */ | 1218 | /* copy the sexp */ |
1219 | GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp)); | 1219 | GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", key->sexp)); |
1220 | dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); | 1220 | dup = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); |
1221 | dup->sexp = dup_sexp; | 1221 | dup->sexp = dup_sexp; |
1222 | return dup; | 1222 | return dup; |
1223 | } | 1223 | } |
@@ -1230,7 +1230,7 @@ GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key | |||
1230 | * @return the duplicate key; NULL upon error | 1230 | * @return the duplicate key; NULL upon error |
1231 | */ | 1231 | */ |
1232 | struct GNUNET_CRYPTO_RsaSignature * | 1232 | struct GNUNET_CRYPTO_RsaSignature * |
1233 | GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig) | 1233 | GNUNET_CRYPTO_rsa_signature_dup(const struct GNUNET_CRYPTO_RsaSignature *sig) |
1234 | { | 1234 | { |
1235 | struct GNUNET_CRYPTO_RsaSignature *dup; | 1235 | struct GNUNET_CRYPTO_RsaSignature *dup; |
1236 | gcry_sexp_t dup_sexp; | 1236 | gcry_sexp_t dup_sexp; |
@@ -1239,14 +1239,14 @@ GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig) | |||
1239 | int ret; | 1239 | int ret; |
1240 | 1240 | ||
1241 | /* verify that this is an RSA signature */ | 1241 | /* verify that this is an RSA signature */ |
1242 | ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); | 1242 | ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); |
1243 | if (0 != ret) | 1243 | if (0 != ret) |
1244 | ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); | 1244 | ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); |
1245 | GNUNET_assert (0 == ret); | 1245 | GNUNET_assert(0 == ret); |
1246 | gcry_mpi_release (s); | 1246 | gcry_mpi_release(s); |
1247 | /* copy the sexp */ | 1247 | /* copy the sexp */ |
1248 | GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp)); | 1248 | GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", sig->sexp)); |
1249 | dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); | 1249 | dup = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); |
1250 | dup->sexp = dup_sexp; | 1250 | dup->sexp = dup_sexp; |
1251 | return dup; | 1251 | return dup; |
1252 | } | 1252 | } |