summaryrefslogtreecommitdiff
path: root/src/util/crypto_rsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/util/crypto_rsa.c')
-rw-r--r--src/util/crypto_rsa.c994
1 files changed, 502 insertions, 492 deletions
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index 0a20fdffa..edabcd6d5 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -30,13 +30,14 @@
30#include "gnunet_crypto_lib.h" 30#include "gnunet_crypto_lib.h"
31#include "benchmark.h" 31#include "benchmark.h"
32 32
33#define LOG(kind, ...) GNUNET_log_from(kind, "util-crypto-rsa", __VA_ARGS__) 33#define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__)
34 34
35 35
36/** 36/**
37 * The private information of an RSA key pair. 37 * The private information of an RSA key pair.
38 */ 38 */
39struct GNUNET_CRYPTO_RsaPrivateKey { 39struct GNUNET_CRYPTO_RsaPrivateKey
40{
40 /** 41 /**
41 * Libgcrypt S-expression for the RSA private key. 42 * Libgcrypt S-expression for the RSA private key.
42 */ 43 */
@@ -47,7 +48,8 @@ struct GNUNET_CRYPTO_RsaPrivateKey {
47/** 48/**
48 * The public information of an RSA key pair. 49 * The public information of an RSA key pair.
49 */ 50 */
50struct GNUNET_CRYPTO_RsaPublicKey { 51struct GNUNET_CRYPTO_RsaPublicKey
52{
51 /** 53 /**
52 * Libgcrypt S-expression for the RSA public key. 54 * Libgcrypt S-expression for the RSA public key.
53 */ 55 */
@@ -58,7 +60,8 @@ struct GNUNET_CRYPTO_RsaPublicKey {
58/** 60/**
59 * @brief an RSA signature 61 * @brief an RSA signature
60 */ 62 */
61struct GNUNET_CRYPTO_RsaSignature { 63struct GNUNET_CRYPTO_RsaSignature
64{
62 /** 65 /**
63 * Libgcrypt S-expression for the RSA signature. 66 * Libgcrypt S-expression for the RSA signature.
64 */ 67 */
@@ -69,7 +72,8 @@ struct GNUNET_CRYPTO_RsaSignature {
69/** 72/**
70 * @brief RSA blinding key 73 * @brief RSA blinding key
71 */ 74 */
72struct RsaBlindingKey { 75struct RsaBlindingKey
76{
73 /** 77 /**
74 * Random value used for blinding. 78 * Random value used for blinding.
75 */ 79 */
@@ -87,50 +91,50 @@ struct RsaBlindingKey {
87 * @return 0 on success 91 * @return 0 on success
88 */ 92 */
89static int 93static int
90key_from_sexp(gcry_mpi_t *array, 94key_from_sexp (gcry_mpi_t *array,
91 gcry_sexp_t sexp, 95 gcry_sexp_t sexp,
92 const char *topname, 96 const char *topname,
93 const char *elems) 97 const char *elems)
94{ 98{
95 gcry_sexp_t list; 99 gcry_sexp_t list;
96 gcry_sexp_t l2; 100 gcry_sexp_t l2;
97 const char *s; 101 const char *s;
98 unsigned int idx; 102 unsigned int idx;
99 103
100 if (!(list = gcry_sexp_find_token(sexp, topname, 0))) 104 if (! (list = gcry_sexp_find_token (sexp, topname, 0)))
101 return 1; 105 return 1;
102 l2 = gcry_sexp_cadr(list); 106 l2 = gcry_sexp_cadr (list);
103 gcry_sexp_release(list); 107 gcry_sexp_release (list);
104 list = l2; 108 list = l2;
105 if (!list) 109 if (! list)
106 return 2; 110 return 2;
107 idx = 0; 111 idx = 0;
108 for (s = elems; *s; s++, idx++) 112 for (s = elems; *s; s++, idx++)
113 {
114 if (! (l2 = gcry_sexp_find_token (list, s, 1)))
109 { 115 {
110 if (!(l2 = gcry_sexp_find_token(list, s, 1))) 116 for (unsigned int i = 0; i < idx; i++)
111 { 117 {
112 for (unsigned int i = 0; i < idx; i++) 118 gcry_free (array[i]);
113 { 119 array[i] = NULL;
114 gcry_free(array[i]); 120 }
115 array[i] = NULL; 121 gcry_sexp_release (list);
116 } 122 return 3; /* required parameter not found */
117 gcry_sexp_release(list);
118 return 3; /* required parameter not found */
119 }
120 array[idx] = gcry_sexp_nth_mpi(l2, 1, GCRYMPI_FMT_USG);
121 gcry_sexp_release(l2);
122 if (!array[idx])
123 {
124 for (unsigned int i = 0; i < idx; i++)
125 {
126 gcry_free(array[i]);
127 array[i] = NULL;
128 }
129 gcry_sexp_release(list);
130 return 4; /* required parameter is invalid */
131 }
132 } 123 }
133 gcry_sexp_release(list); 124 array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
125 gcry_sexp_release (l2);
126 if (! array[idx])
127 {
128 for (unsigned int i = 0; i < idx; i++)
129 {
130 gcry_free (array[i]);
131 array[i] = NULL;
132 }
133 gcry_sexp_release (list);
134 return 4; /* required parameter is invalid */
135 }
136 }
137 gcry_sexp_release (list);
134 return 0; 138 return 0;
135} 139}
136 140
@@ -142,30 +146,30 @@ key_from_sexp(gcry_mpi_t *array,
142 * @return fresh private key 146 * @return fresh private key
143 */ 147 */
144struct GNUNET_CRYPTO_RsaPrivateKey * 148struct GNUNET_CRYPTO_RsaPrivateKey *
145GNUNET_CRYPTO_rsa_private_key_create(unsigned int len) 149GNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
146{ 150{
147 struct GNUNET_CRYPTO_RsaPrivateKey *ret; 151 struct GNUNET_CRYPTO_RsaPrivateKey *ret;
148 gcry_sexp_t s_key; 152 gcry_sexp_t s_key;
149 gcry_sexp_t s_keyparam; 153 gcry_sexp_t s_keyparam;
150 154
151 BENCHMARK_START(rsa_private_key_create); 155 BENCHMARK_START (rsa_private_key_create);
152 156
153 GNUNET_assert(0 == 157 GNUNET_assert (0 ==
154 gcry_sexp_build(&s_keyparam, 158 gcry_sexp_build (&s_keyparam,
155 NULL, 159 NULL,
156 "(genkey(rsa(nbits %d)))", 160 "(genkey(rsa(nbits %d)))",
157 len)); 161 len));
158 GNUNET_assert(0 == 162 GNUNET_assert (0 ==
159 gcry_pk_genkey(&s_key, 163 gcry_pk_genkey (&s_key,
160 s_keyparam)); 164 s_keyparam));
161 gcry_sexp_release(s_keyparam); 165 gcry_sexp_release (s_keyparam);
162#if EXTRA_CHECKS 166#if EXTRA_CHECKS
163 GNUNET_assert(0 == 167 GNUNET_assert (0 ==
164 gcry_pk_testkey(s_key)); 168 gcry_pk_testkey (s_key));
165#endif 169#endif
166 ret = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); 170 ret = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
167 ret->sexp = s_key; 171 ret->sexp = s_key;
168 BENCHMARK_END(rsa_private_key_create); 172 BENCHMARK_END (rsa_private_key_create);
169 return ret; 173 return ret;
170} 174}
171 175
@@ -176,10 +180,10 @@ GNUNET_CRYPTO_rsa_private_key_create(unsigned int len)
176 * @param key pointer to the memory to free 180 * @param key pointer to the memory to free
177 */ 181 */
178void 182void
179GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key) 183GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
180{ 184{
181 gcry_sexp_release(key->sexp); 185 gcry_sexp_release (key->sexp);
182 GNUNET_free(key); 186 GNUNET_free (key);
183} 187}
184 188
185 189
@@ -192,22 +196,23 @@ GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
192 * @return size of memory allocated in @a buffer 196 * @return size of memory allocated in @a buffer
193 */ 197 */
194size_t 198size_t
195GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, 199GNUNET_CRYPTO_rsa_private_key_encode (const struct
196 char **buffer) 200 GNUNET_CRYPTO_RsaPrivateKey *key,
201 char **buffer)
197{ 202{
198 size_t n; 203 size_t n;
199 char *b; 204 char *b;
200 205
201 n = gcry_sexp_sprint(key->sexp, 206 n = gcry_sexp_sprint (key->sexp,
202 GCRYSEXP_FMT_DEFAULT, 207 GCRYSEXP_FMT_DEFAULT,
203 NULL, 208 NULL,
204 0); 209 0);
205 b = GNUNET_malloc(n); 210 b = GNUNET_malloc (n);
206 GNUNET_assert((n - 1) == /* since the last byte is \0 */ 211 GNUNET_assert ((n - 1) == /* since the last byte is \0 */
207 gcry_sexp_sprint(key->sexp, 212 gcry_sexp_sprint (key->sexp,
208 GCRYSEXP_FMT_DEFAULT, 213 GCRYSEXP_FMT_DEFAULT,
209 b, 214 b,
210 n)); 215 n));
211 *buffer = b; 216 *buffer = b;
212 return n; 217 return n;
213} 218}
@@ -222,30 +227,30 @@ GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *k
222 * @return NULL on error 227 * @return NULL on error
223 */ 228 */
224struct GNUNET_CRYPTO_RsaPrivateKey * 229struct GNUNET_CRYPTO_RsaPrivateKey *
225GNUNET_CRYPTO_rsa_private_key_decode(const char *buf, 230GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
226 size_t len) 231 size_t len)
227{ 232{
228 struct GNUNET_CRYPTO_RsaPrivateKey *key; 233 struct GNUNET_CRYPTO_RsaPrivateKey *key;
229 234
230 key = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); 235 key = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
231 if (0 != 236 if (0 !=
232 gcry_sexp_new(&key->sexp, 237 gcry_sexp_new (&key->sexp,
233 buf, 238 buf,
234 len, 239 len,
235 0)) 240 0))
236 { 241 {
237 LOG(GNUNET_ERROR_TYPE_WARNING, 242 LOG (GNUNET_ERROR_TYPE_WARNING,
238 "Decoded private key is not valid\n"); 243 "Decoded private key is not valid\n");
239 GNUNET_free(key); 244 GNUNET_free (key);
240 return NULL; 245 return NULL;
241 } 246 }
242 if (0 != gcry_pk_testkey(key->sexp)) 247 if (0 != gcry_pk_testkey (key->sexp))
243 { 248 {
244 LOG(GNUNET_ERROR_TYPE_WARNING, 249 LOG (GNUNET_ERROR_TYPE_WARNING,
245 "Decoded private key is not valid\n"); 250 "Decoded private key is not valid\n");
246 GNUNET_CRYPTO_rsa_private_key_free(key); 251 GNUNET_CRYPTO_rsa_private_key_free (key);
247 return NULL; 252 return NULL;
248 } 253 }
249 return key; 254 return key;
250} 255}
251 256
@@ -257,35 +262,36 @@ GNUNET_CRYPTO_rsa_private_key_decode(const char *buf,
257 * @retur NULL on error, otherwise the public key 262 * @retur NULL on error, otherwise the public key
258 */ 263 */
259struct GNUNET_CRYPTO_RsaPublicKey * 264struct GNUNET_CRYPTO_RsaPublicKey *
260GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv) 265GNUNET_CRYPTO_rsa_private_key_get_public (const struct
266 GNUNET_CRYPTO_RsaPrivateKey *priv)
261{ 267{
262 struct GNUNET_CRYPTO_RsaPublicKey *pub; 268 struct GNUNET_CRYPTO_RsaPublicKey *pub;
263 gcry_mpi_t ne[2]; 269 gcry_mpi_t ne[2];
264 int rc; 270 int rc;
265 gcry_sexp_t result; 271 gcry_sexp_t result;
266 272
267 BENCHMARK_START(rsa_private_key_get_public); 273 BENCHMARK_START (rsa_private_key_get_public);
268 274
269 rc = key_from_sexp(ne, priv->sexp, "public-key", "ne"); 275 rc = key_from_sexp (ne, priv->sexp, "public-key", "ne");
270 if (0 != rc) 276 if (0 != rc)
271 rc = key_from_sexp(ne, priv->sexp, "private-key", "ne"); 277 rc = key_from_sexp (ne, priv->sexp, "private-key", "ne");
272 if (0 != rc) 278 if (0 != rc)
273 rc = key_from_sexp(ne, priv->sexp, "rsa", "ne"); 279 rc = key_from_sexp (ne, priv->sexp, "rsa", "ne");
274 if (0 != rc) 280 if (0 != rc)
275 { 281 {
276 GNUNET_break_op(0); 282 GNUNET_break_op (0);
277 return NULL; 283 return NULL;
278 } 284 }
279 rc = gcry_sexp_build(&result, 285 rc = gcry_sexp_build (&result,
280 NULL, 286 NULL,
281 "(public-key(rsa(n %m)(e %m)))", 287 "(public-key(rsa(n %m)(e %m)))",
282 ne[0], 288 ne[0],
283 ne[1]); 289 ne[1]);
284 gcry_mpi_release(ne[0]); 290 gcry_mpi_release (ne[0]);
285 gcry_mpi_release(ne[1]); 291 gcry_mpi_release (ne[1]);
286 pub = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); 292 pub = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
287 pub->sexp = result; 293 pub->sexp = result;
288 BENCHMARK_END(rsa_private_key_get_public); 294 BENCHMARK_END (rsa_private_key_get_public);
289 return pub; 295 return pub;
290} 296}
291 297
@@ -296,10 +302,10 @@ GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKe
296 * @param key pointer to the memory to free 302 * @param key pointer to the memory to free
297 */ 303 */
298void 304void
299GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key) 305GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key)
300{ 306{
301 gcry_sexp_release(key->sexp); 307 gcry_sexp_release (key->sexp);
302 GNUNET_free(key); 308 GNUNET_free (key);
303} 309}
304 310
305 311
@@ -312,22 +318,23 @@ GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
312 * @return size of memory allocated in @a buffer 318 * @return size of memory allocated in @a buffer
313 */ 319 */
314size_t 320size_t
315GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, 321GNUNET_CRYPTO_rsa_public_key_encode (const struct
316 char **buffer) 322 GNUNET_CRYPTO_RsaPublicKey *key,
323 char **buffer)
317{ 324{
318 size_t n; 325 size_t n;
319 char *b; 326 char *b;
320 327
321 n = gcry_sexp_sprint(key->sexp, 328 n = gcry_sexp_sprint (key->sexp,
322 GCRYSEXP_FMT_ADVANCED, 329 GCRYSEXP_FMT_ADVANCED,
323 NULL, 330 NULL,
324 0); 331 0);
325 b = GNUNET_malloc(n); 332 b = GNUNET_malloc (n);
326 GNUNET_assert((n - 1) == /* since the last byte is \0 */ 333 GNUNET_assert ((n - 1) == /* since the last byte is \0 */
327 gcry_sexp_sprint(key->sexp, 334 gcry_sexp_sprint (key->sexp,
328 GCRYSEXP_FMT_ADVANCED, 335 GCRYSEXP_FMT_ADVANCED,
329 b, 336 b,
330 n)); 337 n));
331 *buffer = b; 338 *buffer = b;
332 return n; 339 return n;
333} 340}
@@ -340,18 +347,18 @@ GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key
340 * @param hc where to store the hash code 347 * @param hc where to store the hash code
341 */ 348 */
342void 349void
343GNUNET_CRYPTO_rsa_public_key_hash(const struct GNUNET_CRYPTO_RsaPublicKey *key, 350GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key,
344 struct GNUNET_HashCode *hc) 351 struct GNUNET_HashCode *hc)
345{ 352{
346 char *buf; 353 char *buf;
347 size_t buf_size; 354 size_t buf_size;
348 355
349 buf_size = GNUNET_CRYPTO_rsa_public_key_encode(key, 356 buf_size = GNUNET_CRYPTO_rsa_public_key_encode (key,
350 &buf); 357 &buf);
351 GNUNET_CRYPTO_hash(buf, 358 GNUNET_CRYPTO_hash (buf,
352 buf_size, 359 buf_size,
353 hc); 360 hc);
354 GNUNET_free(buf); 361 GNUNET_free (buf);
355} 362}
356 363
357 364
@@ -364,37 +371,37 @@ GNUNET_CRYPTO_rsa_public_key_hash(const struct GNUNET_CRYPTO_RsaPublicKey *key,
364 * @return NULL on error 371 * @return NULL on error
365 */ 372 */
366struct GNUNET_CRYPTO_RsaPublicKey * 373struct GNUNET_CRYPTO_RsaPublicKey *
367GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, 374GNUNET_CRYPTO_rsa_public_key_decode (const char *buf,
368 size_t len) 375 size_t len)
369{ 376{
370 struct GNUNET_CRYPTO_RsaPublicKey *key; 377 struct GNUNET_CRYPTO_RsaPublicKey *key;
371 gcry_mpi_t n; 378 gcry_mpi_t n;
372 int ret; 379 int ret;
373 380
374 key = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); 381 key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
375 if (0 != 382 if (0 !=
376 gcry_sexp_new(&key->sexp, 383 gcry_sexp_new (&key->sexp,
377 buf, 384 buf,
378 len, 385 len,
379 0)) 386 0))
380 { 387 {
381 GNUNET_break_op(0); 388 GNUNET_break_op (0);
382 GNUNET_free(key); 389 GNUNET_free (key);
383 return NULL; 390 return NULL;
384 } 391 }
385 /* verify that this is an RSA public key */ 392 /* verify that this is an RSA public key */
386 ret = key_from_sexp(&n, key->sexp, "public-key", "n"); 393 ret = key_from_sexp (&n, key->sexp, "public-key", "n");
387 if (0 != ret) 394 if (0 != ret)
388 ret = key_from_sexp(&n, key->sexp, "rsa", "n"); 395 ret = key_from_sexp (&n, key->sexp, "rsa", "n");
389 if (0 != ret) 396 if (0 != ret)
390 { 397 {
391 /* this is no public RSA key */ 398 /* this is no public RSA key */
392 GNUNET_break(0); 399 GNUNET_break (0);
393 gcry_sexp_release(key->sexp); 400 gcry_sexp_release (key->sexp);
394 GNUNET_free(key); 401 GNUNET_free (key);
395 return NULL; 402 return NULL;
396 } 403 }
397 gcry_mpi_release(n); 404 gcry_mpi_release (n);
398 return key; 405 return key;
399} 406}
400 407
@@ -411,14 +418,14 @@ GNUNET_CRYPTO_rsa_public_key_decode(const char *buf,
411 * @return True if gcd(r,n) = 1, False means RSA key is malicious 418 * @return True if gcd(r,n) = 1, False means RSA key is malicious
412 */ 419 */
413static int 420static int
414rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n) 421rsa_gcd_validate (gcry_mpi_t r, gcry_mpi_t n)
415{ 422{
416 gcry_mpi_t g; 423 gcry_mpi_t g;
417 int t; 424 int t;
418 425
419 g = gcry_mpi_new(0); 426 g = gcry_mpi_new (0);
420 t = gcry_mpi_gcd(g, r, n); 427 t = gcry_mpi_gcd (g, r, n);
421 gcry_mpi_release(g); 428 gcry_mpi_release (g);
422 return t; 429 return t;
423} 430}
424 431
@@ -431,33 +438,33 @@ rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
431 * @return the newly created blinding key, NULL if RSA key is malicious 438 * @return the newly created blinding key, NULL if RSA key is malicious
432 */ 439 */
433static struct RsaBlindingKey * 440static struct RsaBlindingKey *
434rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, 441rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
435 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks) 442 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
436{ 443{
437 char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */ 444 char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */
438 struct RsaBlindingKey *blind; 445 struct RsaBlindingKey *blind;
439 gcry_mpi_t n; 446 gcry_mpi_t n;
440 447
441 blind = GNUNET_new(struct RsaBlindingKey); 448 blind = GNUNET_new (struct RsaBlindingKey);
442 GNUNET_assert(NULL != blind); 449 GNUNET_assert (NULL != blind);
443 450
444 /* Extract the composite n from the RSA public key */ 451 /* Extract the composite n from the RSA public key */
445 GNUNET_assert(0 == key_from_sexp(&n, pkey->sexp, "rsa", "n")); 452 GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n"));
446 /* Assert that it at least looks like an RSA key */ 453 /* Assert that it at least looks like an RSA key */
447 GNUNET_assert(0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE)); 454 GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE));
448 455
449 GNUNET_CRYPTO_kdf_mod_mpi(&blind->r, 456 GNUNET_CRYPTO_kdf_mod_mpi (&blind->r,
450 n, 457 n,
451 xts, strlen(xts), 458 xts, strlen (xts),
452 bks, sizeof(*bks), 459 bks, sizeof(*bks),
453 "Blinding KDF"); 460 "Blinding KDF");
454 if (0 == rsa_gcd_validate(blind->r, n)) 461 if (0 == rsa_gcd_validate (blind->r, n))
455 { 462 {
456 GNUNET_free(blind); 463 GNUNET_free (blind);
457 blind = NULL; 464 blind = NULL;
458 } 465 }
459 466
460 gcry_mpi_release(n); 467 gcry_mpi_release (n);
461 return blind; 468 return blind;
462} 469}
463 470
@@ -513,8 +520,8 @@ rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
513 * @return 0 if the two are equal 520 * @return 0 if the two are equal
514 */ 521 */
515int 522int
516GNUNET_CRYPTO_rsa_signature_cmp(struct GNUNET_CRYPTO_RsaSignature *s1, 523GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1,
517 struct GNUNET_CRYPTO_RsaSignature *s2) 524 struct GNUNET_CRYPTO_RsaSignature *s2)
518{ 525{
519 char *b1; 526 char *b1;
520 char *b2; 527 char *b2;
@@ -522,18 +529,18 @@ GNUNET_CRYPTO_rsa_signature_cmp(struct GNUNET_CRYPTO_RsaSignature *s1,
522 size_t z2; 529 size_t z2;
523 int ret; 530 int ret;
524 531
525 z1 = GNUNET_CRYPTO_rsa_signature_encode(s1, 532 z1 = GNUNET_CRYPTO_rsa_signature_encode (s1,
526 &b1); 533 &b1);
527 z2 = GNUNET_CRYPTO_rsa_signature_encode(s2, 534 z2 = GNUNET_CRYPTO_rsa_signature_encode (s2,
528 &b2); 535 &b2);
529 if (z1 != z2) 536 if (z1 != z2)
530 ret = 1; 537 ret = 1;
531 else 538 else
532 ret = memcmp(b1, 539 ret = memcmp (b1,
533 b2, 540 b2,
534 z1); 541 z1);
535 GNUNET_free(b1); 542 GNUNET_free (b1);
536 GNUNET_free(b2); 543 GNUNET_free (b2);
537 return ret; 544 return ret;
538} 545}
539 546
@@ -546,8 +553,8 @@ GNUNET_CRYPTO_rsa_signature_cmp(struct GNUNET_CRYPTO_RsaSignature *s1,
546 * @return 0 if the two are equal 553 * @return 0 if the two are equal
547 */ 554 */
548int 555int
549GNUNET_CRYPTO_rsa_public_key_cmp(struct GNUNET_CRYPTO_RsaPublicKey *p1, 556GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1,
550 struct GNUNET_CRYPTO_RsaPublicKey *p2) 557 struct GNUNET_CRYPTO_RsaPublicKey *p2)
551{ 558{
552 char *b1; 559 char *b1;
553 char *b2; 560 char *b2;
@@ -555,18 +562,18 @@ GNUNET_CRYPTO_rsa_public_key_cmp(struct GNUNET_CRYPTO_RsaPublicKey *p1,
555 size_t z2; 562 size_t z2;
556 int ret; 563 int ret;
557 564
558 z1 = GNUNET_CRYPTO_rsa_public_key_encode(p1, 565 z1 = GNUNET_CRYPTO_rsa_public_key_encode (p1,
559 &b1); 566 &b1);
560 z2 = GNUNET_CRYPTO_rsa_public_key_encode(p2, 567 z2 = GNUNET_CRYPTO_rsa_public_key_encode (p2,
561 &b2); 568 &b2);
562 if (z1 != z2) 569 if (z1 != z2)
563 ret = 1; 570 ret = 1;
564 else 571 else
565 ret = memcmp(b1, 572 ret = memcmp (b1,
566 b2, 573 b2,
567 z1); 574 z1);
568 GNUNET_free(b1); 575 GNUNET_free (b1);
569 GNUNET_free(b2); 576 GNUNET_free (b2);
570 return ret; 577 return ret;
571} 578}
572 579
@@ -579,8 +586,8 @@ GNUNET_CRYPTO_rsa_public_key_cmp(struct GNUNET_CRYPTO_RsaPublicKey *p1,
579 * @return 0 if the two are equal 586 * @return 0 if the two are equal
580 */ 587 */
581int 588int
582GNUNET_CRYPTO_rsa_private_key_cmp(struct GNUNET_CRYPTO_RsaPrivateKey *p1, 589GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1,
583 struct GNUNET_CRYPTO_RsaPrivateKey *p2) 590 struct GNUNET_CRYPTO_RsaPrivateKey *p2)
584{ 591{
585 char *b1; 592 char *b1;
586 char *b2; 593 char *b2;
@@ -588,18 +595,18 @@ GNUNET_CRYPTO_rsa_private_key_cmp(struct GNUNET_CRYPTO_RsaPrivateKey *p1,
588 size_t z2; 595 size_t z2;
589 int ret; 596 int ret;
590 597
591 z1 = GNUNET_CRYPTO_rsa_private_key_encode(p1, 598 z1 = GNUNET_CRYPTO_rsa_private_key_encode (p1,
592 &b1); 599 &b1);
593 z2 = GNUNET_CRYPTO_rsa_private_key_encode(p2, 600 z2 = GNUNET_CRYPTO_rsa_private_key_encode (p2,
594 &b2); 601 &b2);
595 if (z1 != z2) 602 if (z1 != z2)
596 ret = 1; 603 ret = 1;
597 else 604 else
598 ret = memcmp(b1, 605 ret = memcmp (b1,
599 b2, 606 b2,
600 z1); 607 z1);
601 GNUNET_free(b1); 608 GNUNET_free (b1);
602 GNUNET_free(b2); 609 GNUNET_free (b2);
603 return ret; 610 return ret;
604} 611}
605 612
@@ -611,18 +618,18 @@ GNUNET_CRYPTO_rsa_private_key_cmp(struct GNUNET_CRYPTO_RsaPrivateKey *p1,
611 * @return length of the key in bits 618 * @return length of the key in bits
612 */ 619 */
613unsigned int 620unsigned int
614GNUNET_CRYPTO_rsa_public_key_len(const struct GNUNET_CRYPTO_RsaPublicKey *key) 621GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key)
615{ 622{
616 gcry_mpi_t n; 623 gcry_mpi_t n;
617 unsigned int rval; 624 unsigned int rval;
618 625
619 if (0 != key_from_sexp(&n, key->sexp, "rsa", "n")) 626 if (0 != key_from_sexp (&n, key->sexp, "rsa", "n"))
620 { /* Not an RSA public key */ 627 { /* Not an RSA public key */
621 GNUNET_break(0); 628 GNUNET_break (0);
622 return 0; 629 return 0;
623 } 630 }
624 rval = gcry_mpi_get_nbits(n); 631 rval = gcry_mpi_get_nbits (n);
625 gcry_mpi_release(n); 632 gcry_mpi_release (n);
626 return rval; 633 return rval;
627} 634}
628 635
@@ -633,10 +640,10 @@ GNUNET_CRYPTO_rsa_public_key_len(const struct GNUNET_CRYPTO_RsaPublicKey *key)
633 * @param bkey the blinding key to destroy 640 * @param bkey the blinding key to destroy
634 */ 641 */
635static void 642static void
636rsa_blinding_key_free(struct RsaBlindingKey *bkey) 643rsa_blinding_key_free (struct RsaBlindingKey *bkey)
637{ 644{
638 gcry_mpi_release(bkey->r); 645 gcry_mpi_release (bkey->r);
639 GNUNET_free(bkey); 646 GNUNET_free (bkey);
640} 647}
641 648
642 649
@@ -648,25 +655,25 @@ rsa_blinding_key_free(struct RsaBlindingKey *bkey)
648 * @return number of bytes stored in @a buffer 655 * @return number of bytes stored in @a buffer
649 */ 656 */
650static size_t 657static size_t
651numeric_mpi_alloc_n_print(gcry_mpi_t v, 658numeric_mpi_alloc_n_print (gcry_mpi_t v,
652 char **buffer) 659 char **buffer)
653{ 660{
654 size_t n; 661 size_t n;
655 char *b; 662 char *b;
656 size_t rsize; 663 size_t rsize;
657 664
658 gcry_mpi_print(GCRYMPI_FMT_USG, 665 gcry_mpi_print (GCRYMPI_FMT_USG,
659 NULL, 666 NULL,
660 0, 667 0,
661 &n, 668 &n,
662 v); 669 v);
663 b = GNUNET_malloc(n); 670 b = GNUNET_malloc (n);
664 GNUNET_assert(0 == 671 GNUNET_assert (0 ==
665 gcry_mpi_print(GCRYMPI_FMT_USG, 672 gcry_mpi_print (GCRYMPI_FMT_USG,
666 (unsigned char *)b, 673 (unsigned char *) b,
667 n, 674 n,
668 &rsize, 675 &rsize,
669 v)); 676 v));
670 *buffer = b; 677 *buffer = b;
671 return n; 678 return n;
672} 679}
@@ -685,8 +692,8 @@ numeric_mpi_alloc_n_print(gcry_mpi_t v,
685 * @return MPI value set to the FDH, NULL if RSA key is malicious 692 * @return MPI value set to the FDH, NULL if RSA key is malicious
686 */ 693 */
687static gcry_mpi_t 694static gcry_mpi_t
688rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, 695rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
689 const struct GNUNET_HashCode *hash) 696 const struct GNUNET_HashCode *hash)
690{ 697{
691 gcry_mpi_t r, n; 698 gcry_mpi_t r, n;
692 char *xts; 699 char *xts;
@@ -694,28 +701,28 @@ rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
694 int ok; 701 int ok;
695 702
696 /* Extract the composite n from the RSA public key */ 703 /* Extract the composite n from the RSA public key */
697 GNUNET_assert(0 == key_from_sexp(&n, pkey->sexp, "rsa", "n")); 704 GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n"));
698 /* Assert that it at least looks like an RSA key */ 705 /* Assert that it at least looks like an RSA key */
699 GNUNET_assert(0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE)); 706 GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE));
700 707
701 /* We key with the public denomination key as a homage to RSA-PSS by * 708 /* We key with the public denomination key as a homage to RSA-PSS by *
702 * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree * 709 * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree *
703 * of the hypothetical polyomial-time attack on RSA-KTI created by a * 710 * of the hypothetical polyomial-time attack on RSA-KTI created by a *
704 * polynomial-time one-more forgary attack. Yey seeding! */ 711 * polynomial-time one-more forgary attack. Yey seeding! */
705 xts_len = GNUNET_CRYPTO_rsa_public_key_encode(pkey, &xts); 712 xts_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, &xts);
706 713
707 GNUNET_CRYPTO_kdf_mod_mpi(&r, 714 GNUNET_CRYPTO_kdf_mod_mpi (&r,
708 n, 715 n,
709 xts, xts_len, 716 xts, xts_len,
710 hash, sizeof(*hash), 717 hash, sizeof(*hash),
711 "RSA-FDA FTpsW!"); 718 "RSA-FDA FTpsW!");
712 GNUNET_free(xts); 719 GNUNET_free (xts);
713 720
714 ok = rsa_gcd_validate(r, n); 721 ok = rsa_gcd_validate (r, n);
715 gcry_mpi_release(n); 722 gcry_mpi_release (n);
716 if (ok) 723 if (ok)
717 return r; 724 return r;
718 gcry_mpi_release(r); 725 gcry_mpi_release (r);
719 return NULL; 726 return NULL;
720} 727}
721 728
@@ -731,10 +738,10 @@ rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
731 * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious 738 * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
732 */ 739 */
733int 740int
734GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash, 741GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash,
735 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, 742 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
736 struct GNUNET_CRYPTO_RsaPublicKey *pkey, 743 struct GNUNET_CRYPTO_RsaPublicKey *pkey,
737 char **buf, size_t *buf_size) 744 char **buf, size_t *buf_size)
738{ 745{
739 struct RsaBlindingKey *bkey; 746 struct RsaBlindingKey *bkey;
740 gcry_mpi_t data; 747 gcry_mpi_t data;
@@ -743,59 +750,59 @@ GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash,
743 gcry_mpi_t data_r_e; 750 gcry_mpi_t data_r_e;
744 int ret; 751 int ret;
745 752
746 BENCHMARK_START(rsa_blind); 753 BENCHMARK_START (rsa_blind);
747 754
748 GNUNET_assert(buf != NULL && buf_size != NULL); 755 GNUNET_assert (buf != NULL && buf_size != NULL);
749 ret = key_from_sexp(ne, pkey->sexp, "public-key", "ne"); 756 ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne");
750 if (0 != ret) 757 if (0 != ret)
751 ret = key_from_sexp(ne, pkey->sexp, "rsa", "ne"); 758 ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne");
752 if (0 != ret) 759 if (0 != ret)
753 { 760 {
754 GNUNET_break(0); 761 GNUNET_break (0);
755 *buf = NULL; 762 *buf = NULL;
756 *buf_size = 0; 763 *buf_size = 0;
757 return 0; 764 return 0;
758 } 765 }
759 766
760 data = rsa_full_domain_hash(pkey, hash); 767 data = rsa_full_domain_hash (pkey, hash);
761 if (NULL == data) 768 if (NULL == data)
762 goto rsa_gcd_validate_failure; 769 goto rsa_gcd_validate_failure;
763 770
764 bkey = rsa_blinding_key_derive(pkey, bks); 771 bkey = rsa_blinding_key_derive (pkey, bks);
765 if (NULL == bkey) 772 if (NULL == bkey)
766 { 773 {
767 gcry_mpi_release(data); 774 gcry_mpi_release (data);
768 goto rsa_gcd_validate_failure; 775 goto rsa_gcd_validate_failure;
769 } 776 }
770 777
771 r_e = gcry_mpi_new(0); 778 r_e = gcry_mpi_new (0);
772 gcry_mpi_powm(r_e, 779 gcry_mpi_powm (r_e,
773 bkey->r, 780 bkey->r,
774 ne[1], 781 ne[1],
775 ne[0]); 782 ne[0]);
776 data_r_e = gcry_mpi_new(0); 783 data_r_e = gcry_mpi_new (0);
777 gcry_mpi_mulm(data_r_e, 784 gcry_mpi_mulm (data_r_e,
778 data, 785 data,
779 r_e, 786 r_e,
780 ne[0]); 787 ne[0]);
781 gcry_mpi_release(data); 788 gcry_mpi_release (data);
782 gcry_mpi_release(ne[0]); 789 gcry_mpi_release (ne[0]);
783 gcry_mpi_release(ne[1]); 790 gcry_mpi_release (ne[1]);
784 gcry_mpi_release(r_e); 791 gcry_mpi_release (r_e);
785 rsa_blinding_key_free(bkey); 792 rsa_blinding_key_free (bkey);
786 793
787 *buf_size = numeric_mpi_alloc_n_print(data_r_e, buf); 794 *buf_size = numeric_mpi_alloc_n_print (data_r_e, buf);
788 gcry_mpi_release(data_r_e); 795 gcry_mpi_release (data_r_e);
789 796
790 BENCHMARK_END(rsa_blind); 797 BENCHMARK_END (rsa_blind);
791 798
792 return GNUNET_YES; 799 return GNUNET_YES;
793 800
794rsa_gcd_validate_failure: 801rsa_gcd_validate_failure:
795 /* We know the RSA key is malicious here, so warn the wallet. */ 802 /* We know the RSA key is malicious here, so warn the wallet. */
796 /* GNUNET_break_op (0); */ 803 /* GNUNET_break_op (0); */
797 gcry_mpi_release(ne[0]); 804 gcry_mpi_release (ne[0]);
798 gcry_mpi_release(ne[1]); 805 gcry_mpi_release (ne[1]);
799 *buf = NULL; 806 *buf = NULL;
800 *buf_size = 0; 807 *buf_size = 0;
801 return GNUNET_NO; 808 return GNUNET_NO;
@@ -809,15 +816,15 @@ rsa_gcd_validate_failure:
809 * @return converted s-expression 816 * @return converted s-expression
810 */ 817 */
811static gcry_sexp_t 818static gcry_sexp_t
812mpi_to_sexp(gcry_mpi_t value) 819mpi_to_sexp (gcry_mpi_t value)
813{ 820{
814 gcry_sexp_t data = NULL; 821 gcry_sexp_t data = NULL;
815 822
816 GNUNET_assert(0 == 823 GNUNET_assert (0 ==
817 gcry_sexp_build(&data, 824 gcry_sexp_build (&data,
818 NULL, 825 NULL,
819 "(data (flags raw) (value %M))", 826 "(data (flags raw) (value %M))",
820 value)); 827 value));
821 return data; 828 return data;
822} 829}
823 830
@@ -830,53 +837,54 @@ mpi_to_sexp(gcry_mpi_t value)
830 * @return NULL on error, signature on success 837 * @return NULL on error, signature on success
831 */ 838 */
832static struct GNUNET_CRYPTO_RsaSignature * 839static struct GNUNET_CRYPTO_RsaSignature *
833rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, 840rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
834 gcry_mpi_t value) 841 gcry_mpi_t value)
835{ 842{
836 struct GNUNET_CRYPTO_RsaSignature *sig; 843 struct GNUNET_CRYPTO_RsaSignature *sig;
837 gcry_sexp_t data; 844 gcry_sexp_t data;
838 gcry_sexp_t result; 845 gcry_sexp_t result;
839 int rc; 846 int rc;
840 847
841 data = mpi_to_sexp(value); 848 data = mpi_to_sexp (value);
842 849
843 if (0 != 850 if (0 !=
844 (rc = gcry_pk_sign(&result, 851 (rc = gcry_pk_sign (&result,
845 data, 852 data,
846 key->sexp))) 853 key->sexp)))
847 { 854 {
848 LOG(GNUNET_ERROR_TYPE_WARNING, 855 LOG (GNUNET_ERROR_TYPE_WARNING,
849 _("RSA signing failed at %s:%d: %s\n"), 856 _ ("RSA signing failed at %s:%d: %s\n"),
850 __FILE__, 857 __FILE__,
851 __LINE__, 858 __LINE__,
852 gcry_strerror(rc)); 859 gcry_strerror (rc));
853 GNUNET_break(0); 860 GNUNET_break (0);
854 return NULL; 861 return NULL;
855 } 862 }
856 863
857 /* Lenstra protection was first added to libgcrypt 1.6.4 864 /* Lenstra protection was first added to libgcrypt 1.6.4
858 * with commit c17f84bd02d7ee93845e92e20f6ddba814961588. 865 * with commit c17f84bd02d7ee93845e92e20f6ddba814961588.
859 */ 866 */
860#if GCRYPT_VERSION_NUMBER < 0x010604 867#if GCRYPT_VERSION_NUMBER < 0x010604
861 /* verify signature (guards against Lenstra's attack with fault injection...) */ 868 /* verify signature (guards against Lenstra's attack with fault injection...) */
862 struct GNUNET_CRYPTO_RsaPublicKey *public_key = GNUNET_CRYPTO_rsa_private_key_get_public(key); 869 struct GNUNET_CRYPTO_RsaPublicKey *public_key =
870 GNUNET_CRYPTO_rsa_private_key_get_public (key);
863 if (0 != 871 if (0 !=
864 gcry_pk_verify(result, 872 gcry_pk_verify (result,
865 data, 873 data,
866 public_key->sexp)) 874 public_key->sexp))
867 { 875 {
868 GNUNET_break(0); 876 GNUNET_break (0);
869 GNUNET_CRYPTO_rsa_public_key_free(public_key); 877 GNUNET_CRYPTO_rsa_public_key_free (public_key);
870 gcry_sexp_release(data); 878 gcry_sexp_release (data);
871 gcry_sexp_release(result); 879 gcry_sexp_release (result);
872 return NULL; 880 return NULL;
873 } 881 }
874 GNUNET_CRYPTO_rsa_public_key_free(public_key); 882 GNUNET_CRYPTO_rsa_public_key_free (public_key);
875#endif 883#endif
876 884
877 /* return signature */ 885 /* return signature */
878 gcry_sexp_release(data); 886 gcry_sexp_release (data);
879 sig = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); 887 sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
880 sig->sexp = result; 888 sig->sexp = result;
881 return sig; 889 return sig;
882} 890}
@@ -891,25 +899,25 @@ rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key,
891 * @return NULL on error, signature on success 899 * @return NULL on error, signature on success
892 */ 900 */
893struct GNUNET_CRYPTO_RsaSignature * 901struct GNUNET_CRYPTO_RsaSignature *
894GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, 902GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
895 const void *msg, 903 const void *msg,
896 size_t msg_len) 904 size_t msg_len)
897{ 905{
898 gcry_mpi_t v = NULL; 906 gcry_mpi_t v = NULL;
899 struct GNUNET_CRYPTO_RsaSignature *sig; 907 struct GNUNET_CRYPTO_RsaSignature *sig;
900 908
901 BENCHMARK_START(rsa_sign_blinded); 909 BENCHMARK_START (rsa_sign_blinded);
902 910
903 GNUNET_assert(0 == 911 GNUNET_assert (0 ==
904 gcry_mpi_scan(&v, 912 gcry_mpi_scan (&v,
905 GCRYMPI_FMT_USG, 913 GCRYMPI_FMT_USG,
906 msg, 914 msg,
907 msg_len, 915 msg_len,
908 NULL)); 916 NULL));
909 917
910 sig = rsa_sign_mpi(key, v); 918 sig = rsa_sign_mpi (key, v);
911 gcry_mpi_release(v); 919 gcry_mpi_release (v);
912 BENCHMARK_END(rsa_sign_blinded); 920 BENCHMARK_END (rsa_sign_blinded);
913 return sig; 921 return sig;
914} 922}
915 923
@@ -922,21 +930,21 @@ GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key,
922 * @return NULL on error, including a malicious RSA key, signature on success 930 * @return NULL on error, including a malicious RSA key, signature on success
923 */ 931 */
924struct GNUNET_CRYPTO_RsaSignature * 932struct GNUNET_CRYPTO_RsaSignature *
925GNUNET_CRYPTO_rsa_sign_fdh(const struct GNUNET_CRYPTO_RsaPrivateKey *key, 933GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
926 const struct GNUNET_HashCode *hash) 934 const struct GNUNET_HashCode *hash)
927{ 935{
928 struct GNUNET_CRYPTO_RsaPublicKey *pkey; 936 struct GNUNET_CRYPTO_RsaPublicKey *pkey;
929 gcry_mpi_t v = NULL; 937 gcry_mpi_t v = NULL;
930 struct GNUNET_CRYPTO_RsaSignature *sig; 938 struct GNUNET_CRYPTO_RsaSignature *sig;
931 939
932 pkey = GNUNET_CRYPTO_rsa_private_key_get_public(key); 940 pkey = GNUNET_CRYPTO_rsa_private_key_get_public (key);
933 v = rsa_full_domain_hash(pkey, hash); 941 v = rsa_full_domain_hash (pkey, hash);
934 GNUNET_CRYPTO_rsa_public_key_free(pkey); 942 GNUNET_CRYPTO_rsa_public_key_free (pkey);
935 if (NULL == v) /* rsa_gcd_validate failed meaning */ 943 if (NULL == v) /* rsa_gcd_validate failed meaning */
936 return NULL; /* our *own* RSA key is malicious. */ 944 return NULL; /* our *own* RSA key is malicious. */
937 945
938 sig = rsa_sign_mpi(key, v); 946 sig = rsa_sign_mpi (key, v);
939 gcry_mpi_release(v); 947 gcry_mpi_release (v);
940 return sig; 948 return sig;
941} 949}
942 950
@@ -947,10 +955,10 @@ GNUNET_CRYPTO_rsa_sign_fdh(const struct GNUNET_CRYPTO_RsaPrivateKey *key,
947 * @param sig memory to freee 955 * @param sig memory to freee
948 */ 956 */
949void 957void
950GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig) 958GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
951{ 959{
952 gcry_sexp_release(sig->sexp); 960 gcry_sexp_release (sig->sexp);
953 GNUNET_free(sig); 961 GNUNET_free (sig);
954} 962}
955 963
956 964
@@ -962,22 +970,23 @@ GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig)
962 * @return size of memory allocated in @a buffer 970 * @return size of memory allocated in @a buffer
963 */ 971 */
964size_t 972size_t
965GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, 973GNUNET_CRYPTO_rsa_signature_encode (const struct
966 char **buffer) 974 GNUNET_CRYPTO_RsaSignature *sig,
975 char **buffer)
967{ 976{
968 size_t n; 977 size_t n;
969 char *b; 978 char *b;
970 979
971 n = gcry_sexp_sprint(sig->sexp, 980 n = gcry_sexp_sprint (sig->sexp,
972 GCRYSEXP_FMT_ADVANCED, 981 GCRYSEXP_FMT_ADVANCED,
973 NULL, 982 NULL,
974 0); 983 0);
975 b = GNUNET_malloc(n); 984 b = GNUNET_malloc (n);
976 GNUNET_assert((n - 1) == /* since the last byte is \0 */ 985 GNUNET_assert ((n - 1) == /* since the last byte is \0 */
977 gcry_sexp_sprint(sig->sexp, 986 gcry_sexp_sprint (sig->sexp,
978 GCRYSEXP_FMT_ADVANCED, 987 GCRYSEXP_FMT_ADVANCED,
979 b, 988 b,
980 n)); 989 n));
981 *buffer = b; 990 *buffer = b;
982 return n; 991 return n;
983} 992}
@@ -992,37 +1001,37 @@ GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig,
992 * @return NULL on error 1001 * @return NULL on error
993 */ 1002 */
994struct GNUNET_CRYPTO_RsaSignature * 1003struct GNUNET_CRYPTO_RsaSignature *
995GNUNET_CRYPTO_rsa_signature_decode(const char *buf, 1004GNUNET_CRYPTO_rsa_signature_decode (const char *buf,
996 size_t len) 1005 size_t len)
997{ 1006{
998 struct GNUNET_CRYPTO_RsaSignature *sig; 1007 struct GNUNET_CRYPTO_RsaSignature *sig;
999 int ret; 1008 int ret;
1000 gcry_mpi_t s; 1009 gcry_mpi_t s;
1001 1010
1002 sig = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); 1011 sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1003 if (0 != 1012 if (0 !=
1004 gcry_sexp_new(&sig->sexp, 1013 gcry_sexp_new (&sig->sexp,
1005 buf, 1014 buf,
1006 len, 1015 len,
1007 0)) 1016 0))
1008 { 1017 {
1009 GNUNET_break_op(0); 1018 GNUNET_break_op (0);
1010 GNUNET_free(sig); 1019 GNUNET_free (sig);
1011 return NULL; 1020 return NULL;
1012 } 1021 }
1013 /* verify that this is an RSA signature */ 1022 /* verify that this is an RSA signature */
1014 ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); 1023 ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1015 if (0 != ret) 1024 if (0 != ret)
1016 ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); 1025 ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1017 if (0 != ret) 1026 if (0 != ret)
1018 { 1027 {
1019 /* this is no RSA Signature */ 1028 /* this is no RSA Signature */
1020 GNUNET_break_op(0); 1029 GNUNET_break_op (0);
1021 gcry_sexp_release(sig->sexp); 1030 gcry_sexp_release (sig->sexp);
1022 GNUNET_free(sig); 1031 GNUNET_free (sig);
1023 return NULL; 1032 return NULL;
1024 } 1033 }
1025 gcry_mpi_release(s); 1034 gcry_mpi_release (s);
1026 return sig; 1035 return sig;
1027} 1036}
1028 1037
@@ -1034,19 +1043,19 @@ GNUNET_CRYPTO_rsa_signature_decode(const char *buf,
1034 * @return the duplicate key; NULL upon error 1043 * @return the duplicate key; NULL upon error
1035 */ 1044 */
1036struct GNUNET_CRYPTO_RsaPublicKey * 1045struct GNUNET_CRYPTO_RsaPublicKey *
1037GNUNET_CRYPTO_rsa_public_key_dup(const struct GNUNET_CRYPTO_RsaPublicKey *key) 1046GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
1038{ 1047{
1039 struct GNUNET_CRYPTO_RsaPublicKey *dup; 1048 struct GNUNET_CRYPTO_RsaPublicKey *dup;
1040 gcry_sexp_t dup_sexp; 1049 gcry_sexp_t dup_sexp;
1041 size_t erroff; 1050 size_t erroff;
1042 1051
1043 /* check if we really are exporting a public key */ 1052 /* check if we really are exporting a public key */
1044 dup_sexp = gcry_sexp_find_token(key->sexp, "public-key", 0); 1053 dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0);
1045 GNUNET_assert(NULL != dup_sexp); 1054 GNUNET_assert (NULL != dup_sexp);
1046 gcry_sexp_release(dup_sexp); 1055 gcry_sexp_release (dup_sexp);
1047 /* copy the sexp */ 1056 /* copy the sexp */
1048 GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", key->sexp)); 1057 GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1049 dup = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); 1058 dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
1050 dup->sexp = dup_sexp; 1059 dup->sexp = dup_sexp;
1051 return dup; 1060 return dup;
1052} 1061}
@@ -1063,9 +1072,9 @@ GNUNET_CRYPTO_rsa_public_key_dup(const struct GNUNET_CRYPTO_RsaPublicKey *key)
1063 * @return unblinded signature on success, NULL if RSA key is bad or malicious. 1072 * @return unblinded signature on success, NULL if RSA key is bad or malicious.
1064 */ 1073 */
1065struct GNUNET_CRYPTO_RsaSignature * 1074struct GNUNET_CRYPTO_RsaSignature *
1066GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, 1075GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
1067 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, 1076 const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
1068 struct GNUNET_CRYPTO_RsaPublicKey *pkey) 1077 struct GNUNET_CRYPTO_RsaPublicKey *pkey)
1069{ 1078{
1070 struct RsaBlindingKey *bkey; 1079 struct RsaBlindingKey *bkey;
1071 gcry_mpi_t n; 1080 gcry_mpi_t n;
@@ -1075,70 +1084,70 @@ GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig,
1075 int ret; 1084 int ret;
1076 struct GNUNET_CRYPTO_RsaSignature *sret; 1085 struct GNUNET_CRYPTO_RsaSignature *sret;
1077 1086
1078 BENCHMARK_START(rsa_unblind); 1087 BENCHMARK_START (rsa_unblind);
1079 1088
1080 ret = key_from_sexp(&n, pkey->sexp, "public-key", "n"); 1089 ret = key_from_sexp (&n, pkey->sexp, "public-key", "n");
1081 if (0 != ret) 1090 if (0 != ret)
1082 ret = key_from_sexp(&n, pkey->sexp, "rsa", "n"); 1091 ret = key_from_sexp (&n, pkey->sexp, "rsa", "n");
1083 if (0 != ret) 1092 if (0 != ret)
1084 { 1093 {
1085 GNUNET_break_op(0); 1094 GNUNET_break_op (0);
1086 return NULL; 1095 return NULL;
1087 } 1096 }
1088 ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); 1097 ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1089 if (0 != ret) 1098 if (0 != ret)
1090 ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); 1099 ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1091 if (0 != ret) 1100 if (0 != ret)
1092 { 1101 {
1093 gcry_mpi_release(n); 1102 gcry_mpi_release (n);
1094 GNUNET_break_op(0); 1103 GNUNET_break_op (0);
1095 return NULL; 1104 return NULL;
1096 } 1105 }
1097 1106
1098 bkey = rsa_blinding_key_derive(pkey, bks); 1107 bkey = rsa_blinding_key_derive (pkey, bks);
1099 if (NULL == bkey) 1108 if (NULL == bkey)
1100 { 1109 {
1101 /* RSA key is malicious since rsa_gcd_validate failed here. 1110 /* RSA key is malicious since rsa_gcd_validate failed here.
1102 * It should have failed during GNUNET_CRYPTO_rsa_blind too though, 1111 * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1103 * so the exchange is being malicious in an unfamilair way, maybe 1112 * so the exchange is being malicious in an unfamilair way, maybe
1104 * just trying to crash us. */ 1113 * just trying to crash us. */
1105 GNUNET_break_op(0); 1114 GNUNET_break_op (0);
1106 gcry_mpi_release(n); 1115 gcry_mpi_release (n);
1107 gcry_mpi_release(s); 1116 gcry_mpi_release (s);
1108 return NULL; 1117 return NULL;
1109 } 1118 }
1110 1119
1111 r_inv = gcry_mpi_new(0); 1120 r_inv = gcry_mpi_new (0);
1112 if (1 != 1121 if (1 !=
1113 gcry_mpi_invm(r_inv, 1122 gcry_mpi_invm (r_inv,
1114 bkey->r, 1123 bkey->r,
1115 n)) 1124 n))
1116 { 1125 {
1117 /* We cannot find r mod n, so gcd(r,n) != 1, which should get * 1126 /* We cannot find r mod n, so gcd(r,n) != 1, which should get *
1118 * caught above, but we handle it the same here. */ 1127 * caught above, but we handle it the same here. */
1119 GNUNET_break_op(0); 1128 GNUNET_break_op (0);
1120 gcry_mpi_release(r_inv); 1129 gcry_mpi_release (r_inv);
1121 rsa_blinding_key_free(bkey); 1130 rsa_blinding_key_free (bkey);
1122 gcry_mpi_release(n); 1131 gcry_mpi_release (n);
1123 gcry_mpi_release(s); 1132 gcry_mpi_release (s);
1124 return NULL; 1133 return NULL;
1125 } 1134 }
1126 1135
1127 ubsig = gcry_mpi_new(0); 1136 ubsig = gcry_mpi_new (0);
1128 gcry_mpi_mulm(ubsig, s, r_inv, n); 1137 gcry_mpi_mulm (ubsig, s, r_inv, n);
1129 gcry_mpi_release(n); 1138 gcry_mpi_release (n);
1130 gcry_mpi_release(r_inv); 1139 gcry_mpi_release (r_inv);
1131 gcry_mpi_release(s); 1140 gcry_mpi_release (s);
1132 rsa_blinding_key_free(bkey); 1141 rsa_blinding_key_free (bkey);
1133 1142
1134 sret = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); 1143 sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1135 GNUNET_assert(0 == 1144 GNUNET_assert (0 ==
1136 gcry_sexp_build(&sret->sexp, 1145 gcry_sexp_build (&sret->sexp,
1137 NULL, 1146 NULL,
1138 "(sig-val (rsa (s %M)))", 1147 "(sig-val (rsa (s %M)))",
1139 ubsig)); 1148 ubsig));
1140 gcry_mpi_release(ubsig); 1149 gcry_mpi_release (ubsig);
1141 BENCHMARK_END(rsa_unblind); 1150 BENCHMARK_END (rsa_unblind);
1142 return sret; 1151 return sret;
1143} 1152}
1144 1153
@@ -1153,47 +1162,47 @@ GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig,
1153 * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid 1162 * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid
1154 */ 1163 */
1155int 1164int
1156GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash, 1165GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash,
1157 const struct GNUNET_CRYPTO_RsaSignature *sig, 1166 const struct GNUNET_CRYPTO_RsaSignature *sig,
1158 const struct GNUNET_CRYPTO_RsaPublicKey *pkey) 1167 const struct GNUNET_CRYPTO_RsaPublicKey *pkey)
1159{ 1168{
1160 gcry_sexp_t data; 1169 gcry_sexp_t data;
1161 gcry_mpi_t r; 1170 gcry_mpi_t r;
1162 int rc; 1171 int rc;
1163 1172
1164 BENCHMARK_START(rsa_verify); 1173 BENCHMARK_START (rsa_verify);
1165 1174
1166 r = rsa_full_domain_hash(pkey, hash); 1175 r = rsa_full_domain_hash (pkey, hash);
1167 if (NULL == r) 1176 if (NULL == r)
1168 { 1177 {
1169 GNUNET_break_op(0); 1178 GNUNET_break_op (0);
1170 /* RSA key is malicious since rsa_gcd_validate failed here. 1179 /* RSA key is malicious since rsa_gcd_validate failed here.
1171 * It should have failed during GNUNET_CRYPTO_rsa_blind too though, 1180 * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1172 * so the exchange is being malicious in an unfamilair way, maybe 1181 * so the exchange is being malicious in an unfamilair way, maybe
1173 * just trying to crash us. Arguably, we've only an internal error 1182 * just trying to crash us. Arguably, we've only an internal error
1174 * though because we should've detected this in our previous call 1183 * though because we should've detected this in our previous call
1175 * to GNUNET_CRYPTO_rsa_unblind. */ 1184 * to GNUNET_CRYPTO_rsa_unblind. */
1176 return GNUNET_NO; 1185 return GNUNET_NO;
1177 } 1186 }
1178 1187
1179 data = mpi_to_sexp(r); 1188 data = mpi_to_sexp (r);
1180 gcry_mpi_release(r); 1189 gcry_mpi_release (r);
1181 1190
1182 rc = gcry_pk_verify(sig->sexp, 1191 rc = gcry_pk_verify (sig->sexp,
1183 data, 1192 data,
1184 pkey->sexp); 1193 pkey->sexp);
1185 gcry_sexp_release(data); 1194 gcry_sexp_release (data);
1186 if (0 != rc) 1195 if (0 != rc)
1187 { 1196 {
1188 LOG(GNUNET_ERROR_TYPE_WARNING, 1197 LOG (GNUNET_ERROR_TYPE_WARNING,
1189 _("RSA signature verification failed at %s:%d: %s\n"), 1198 _ ("RSA signature verification failed at %s:%d: %s\n"),
1190 __FILE__, 1199 __FILE__,
1191 __LINE__, 1200 __LINE__,
1192 gcry_strerror(rc)); 1201 gcry_strerror (rc));
1193 return GNUNET_SYSERR; 1202 return GNUNET_SYSERR;
1194 BENCHMARK_END(rsa_verify); 1203 BENCHMARK_END (rsa_verify);
1195 } 1204 }
1196 BENCHMARK_END(rsa_verify); 1205 BENCHMARK_END (rsa_verify);
1197 return GNUNET_OK; 1206 return GNUNET_OK;
1198} 1207}
1199 1208
@@ -1205,19 +1214,20 @@ GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash,
1205 * @return the duplicate key; NULL upon error 1214 * @return the duplicate key; NULL upon error
1206 */ 1215 */
1207struct GNUNET_CRYPTO_RsaPrivateKey * 1216struct GNUNET_CRYPTO_RsaPrivateKey *
1208GNUNET_CRYPTO_rsa_private_key_dup(const struct GNUNET_CRYPTO_RsaPrivateKey *key) 1217GNUNET_CRYPTO_rsa_private_key_dup (const struct
1218 GNUNET_CRYPTO_RsaPrivateKey *key)
1209{ 1219{
1210 struct GNUNET_CRYPTO_RsaPrivateKey *dup; 1220 struct GNUNET_CRYPTO_RsaPrivateKey *dup;
1211 gcry_sexp_t dup_sexp; 1221 gcry_sexp_t dup_sexp;
1212 size_t erroff; 1222 size_t erroff;
1213 1223
1214 /* check if we really are exporting a private key */ 1224 /* check if we really are exporting a private key */
1215 dup_sexp = gcry_sexp_find_token(key->sexp, "private-key", 0); 1225 dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0);
1216 GNUNET_assert(NULL != dup_sexp); 1226 GNUNET_assert (NULL != dup_sexp);
1217 gcry_sexp_release(dup_sexp); 1227 gcry_sexp_release (dup_sexp);
1218 /* copy the sexp */ 1228 /* copy the sexp */
1219 GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", key->sexp)); 1229 GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1220 dup = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); 1230 dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
1221 dup->sexp = dup_sexp; 1231 dup->sexp = dup_sexp;
1222 return dup; 1232 return dup;
1223} 1233}
@@ -1230,7 +1240,7 @@ GNUNET_CRYPTO_rsa_private_key_dup(const struct GNUNET_CRYPTO_RsaPrivateKey *key)
1230 * @return the duplicate key; NULL upon error 1240 * @return the duplicate key; NULL upon error
1231 */ 1241 */
1232struct GNUNET_CRYPTO_RsaSignature * 1242struct GNUNET_CRYPTO_RsaSignature *
1233GNUNET_CRYPTO_rsa_signature_dup(const struct GNUNET_CRYPTO_RsaSignature *sig) 1243GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
1234{ 1244{
1235 struct GNUNET_CRYPTO_RsaSignature *dup; 1245 struct GNUNET_CRYPTO_RsaSignature *dup;
1236 gcry_sexp_t dup_sexp; 1246 gcry_sexp_t dup_sexp;
@@ -1239,14 +1249,14 @@ GNUNET_CRYPTO_rsa_signature_dup(const struct GNUNET_CRYPTO_RsaSignature *sig)
1239 int ret; 1249 int ret;
1240 1250
1241 /* verify that this is an RSA signature */ 1251 /* verify that this is an RSA signature */
1242 ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); 1252 ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1243 if (0 != ret) 1253 if (0 != ret)
1244 ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); 1254 ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1245 GNUNET_assert(0 == ret); 1255 GNUNET_assert (0 == ret);
1246 gcry_mpi_release(s); 1256 gcry_mpi_release (s);
1247 /* copy the sexp */ 1257 /* copy the sexp */
1248 GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", sig->sexp)); 1258 GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp));
1249 dup = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); 1259 dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1250 dup->sexp = dup_sexp; 1260 dup->sexp = dup_sexp;
1251 return dup; 1261 return dup;
1252} 1262}