diff options
Diffstat (limited to 'src/util/crypto_rsa.c')
-rw-r--r-- | src/util/crypto_rsa.c | 948 |
1 files changed, 948 insertions, 0 deletions
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c new file mode 100644 index 000000000..b61729e06 --- /dev/null +++ b/src/util/crypto_rsa.c | |||
@@ -0,0 +1,948 @@ | |||
1 | /* | ||
2 | This file is part of GNUnet. | ||
3 | (C) 2001, 2002, 2003, 2004, 2005, 2006, 2009 Christian Grothoff (and other contributing authors) | ||
4 | |||
5 | GNUnet is free software; you can redistribute it and/or modify | ||
6 | it under the terms of the GNU General Public License as published | ||
7 | by the Free Software Foundation; either version 2, or (at your | ||
8 | option) any later version. | ||
9 | |||
10 | GNUnet is distributed in the hope that it will be useful, but | ||
11 | WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | General Public License for more details. | ||
14 | |||
15 | You should have received a copy of the GNU General Public License | ||
16 | along with GNUnet; see the file COPYING. If not, write to the | ||
17 | Free Software Foundation, Inc., 59 Temple Place - Suite 330, | ||
18 | Boston, MA 02111-1307, USA. | ||
19 | */ | ||
20 | |||
21 | /** | ||
22 | * @file util/crypto_rsa.c | ||
23 | * @brief public key cryptography (RSA) with libgcrypt | ||
24 | * @author Christian Grothoff | ||
25 | * | ||
26 | * Note that the code locks often needlessly on the gcrypt-locking api. | ||
27 | * One would think that simple MPI operations should not require locking | ||
28 | * (since only global operations on the random pool must be locked, | ||
29 | * strictly speaking). But libgcrypt does sometimes require locking in | ||
30 | * unexpected places, so the safe solution is to always lock even if it | ||
31 | * is not required. The performance impact is minimal anyway. | ||
32 | */ | ||
33 | |||
34 | #include "platform.h" | ||
35 | #include <gcrypt.h> | ||
36 | #include "gnunet_common.h" | ||
37 | #include "gnunet_crypto_lib.h" | ||
38 | #include "gnunet_disk_lib.h" | ||
39 | |||
40 | /** | ||
41 | * The private information of an RSA key pair. | ||
42 | * NOTE: this must match the definition in crypto_ksk.c | ||
43 | */ | ||
44 | struct GNUNET_CRYPTO_RsaPrivateKey | ||
45 | { | ||
46 | gcry_sexp_t sexp; | ||
47 | }; | ||
48 | |||
49 | |||
50 | /** | ||
51 | * GNUnet mandates a certain format for the encoding | ||
52 | * of private RSA key information that is provided | ||
53 | * by the RSA implementations. This format is used | ||
54 | * to serialize a private RSA key (typically when | ||
55 | * writing it to disk). | ||
56 | */ | ||
57 | struct RsaPrivateKeyBinaryEncoded | ||
58 | { | ||
59 | /** | ||
60 | * Total size of the structure, in bytes, in big-endian! | ||
61 | */ | ||
62 | uint16_t len GNUNET_PACKED; | ||
63 | uint16_t sizen GNUNET_PACKED; /* in big-endian! */ | ||
64 | uint16_t sizee GNUNET_PACKED; /* in big-endian! */ | ||
65 | uint16_t sized GNUNET_PACKED; /* in big-endian! */ | ||
66 | uint16_t sizep GNUNET_PACKED; /* in big-endian! */ | ||
67 | uint16_t sizeq GNUNET_PACKED; /* in big-endian! */ | ||
68 | uint16_t sizedmp1 GNUNET_PACKED; /* in big-endian! */ | ||
69 | uint16_t sizedmq1 GNUNET_PACKED; /* in big-endian! */ | ||
70 | /* followed by the actual values */ | ||
71 | }; | ||
72 | |||
73 | |||
74 | #define HOSTKEY_LEN 2048 | ||
75 | |||
76 | #define EXTRA_CHECKS ALLOW_EXTRA_CHECKS | ||
77 | |||
78 | |||
79 | /** | ||
80 | * Log an error message at log-level 'level' that indicates | ||
81 | * a failure of the command 'cmd' with the message given | ||
82 | * by gcry_strerror(rc). | ||
83 | */ | ||
84 | #define LOG_GCRY(level, cmd, rc) do { GNUNET_log(level, _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, gcry_strerror(rc)); } while(0); | ||
85 | |||
86 | /** | ||
87 | * If target != size, move target bytes to the | ||
88 | * end of the size-sized buffer and zero out the | ||
89 | * first target-size bytes. | ||
90 | */ | ||
91 | static void | ||
92 | adjust (unsigned char *buf, size_t size, size_t target) | ||
93 | { | ||
94 | if (size < target) | ||
95 | { | ||
96 | memmove (&buf[target - size], buf, size); | ||
97 | memset (buf, 0, target - size); | ||
98 | } | ||
99 | } | ||
100 | |||
101 | /** | ||
102 | * This HostKey implementation uses RSA. | ||
103 | */ | ||
104 | struct GNUNET_CRYPTO_RsaPrivateKey * | ||
105 | GNUNET_CRYPTO_rsa_key_create () | ||
106 | { | ||
107 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; | ||
108 | gcry_sexp_t s_key; | ||
109 | gcry_sexp_t s_keyparam; | ||
110 | |||
111 | GNUNET_assert (0 == gcry_sexp_build (&s_keyparam, | ||
112 | NULL, | ||
113 | "(genkey(rsa(nbits %d)(rsa-use-e 3:257)))", | ||
114 | HOSTKEY_LEN)); | ||
115 | GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam)); | ||
116 | gcry_sexp_release (s_keyparam); | ||
117 | #if EXTRA_CHECKS | ||
118 | GNUNET_assert (0 == gcry_pk_testkey (s_key)); | ||
119 | #endif | ||
120 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); | ||
121 | ret->sexp = s_key; | ||
122 | return ret; | ||
123 | } | ||
124 | |||
125 | /** | ||
126 | * Free memory occupied by hostkey | ||
127 | */ | ||
128 | void | ||
129 | GNUNET_CRYPTO_rsa_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *hostkey) | ||
130 | { | ||
131 | gcry_sexp_release (hostkey->sexp); | ||
132 | GNUNET_free (hostkey); | ||
133 | } | ||
134 | |||
135 | static int | ||
136 | key_from_sexp (gcry_mpi_t * array, | ||
137 | gcry_sexp_t sexp, const char *topname, const char *elems) | ||
138 | { | ||
139 | gcry_sexp_t list, l2; | ||
140 | const char *s; | ||
141 | int i, idx; | ||
142 | |||
143 | list = gcry_sexp_find_token (sexp, topname, 0); | ||
144 | if (!list) | ||
145 | { | ||
146 | return 1; | ||
147 | } | ||
148 | l2 = gcry_sexp_cadr (list); | ||
149 | gcry_sexp_release (list); | ||
150 | list = l2; | ||
151 | if (!list) | ||
152 | { | ||
153 | return 2; | ||
154 | } | ||
155 | |||
156 | idx = 0; | ||
157 | for (s = elems; *s; s++, idx++) | ||
158 | { | ||
159 | l2 = gcry_sexp_find_token (list, s, 1); | ||
160 | if (!l2) | ||
161 | { | ||
162 | for (i = 0; i < idx; i++) | ||
163 | { | ||
164 | gcry_free (array[i]); | ||
165 | array[i] = NULL; | ||
166 | } | ||
167 | gcry_sexp_release (list); | ||
168 | return 3; /* required parameter not found */ | ||
169 | } | ||
170 | array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); | ||
171 | gcry_sexp_release (l2); | ||
172 | if (!array[idx]) | ||
173 | { | ||
174 | for (i = 0; i < idx; i++) | ||
175 | { | ||
176 | gcry_free (array[i]); | ||
177 | array[i] = NULL; | ||
178 | } | ||
179 | gcry_sexp_release (list); | ||
180 | return 4; /* required parameter is invalid */ | ||
181 | } | ||
182 | } | ||
183 | gcry_sexp_release (list); | ||
184 | return 0; | ||
185 | } | ||
186 | |||
187 | /** | ||
188 | * Extract the public key of the host. | ||
189 | * @param hostkey the hostkey to extract into the result. | ||
190 | * @param result where to write the result. | ||
191 | */ | ||
192 | void | ||
193 | GNUNET_CRYPTO_rsa_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey | ||
194 | *hostkey, | ||
195 | struct | ||
196 | GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | ||
197 | *result) | ||
198 | { | ||
199 | gcry_mpi_t skey[2]; | ||
200 | size_t size; | ||
201 | int rc; | ||
202 | |||
203 | rc = key_from_sexp (skey, hostkey->sexp, "public-key", "ne"); | ||
204 | if (rc) | ||
205 | rc = key_from_sexp (skey, hostkey->sexp, "private-key", "ne"); | ||
206 | if (rc) | ||
207 | rc = key_from_sexp (skey, hostkey->sexp, "rsa", "ne"); | ||
208 | GNUNET_assert (0 == rc); | ||
209 | result->len = | ||
210 | htons (sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded) - | ||
211 | sizeof (result->padding)); | ||
212 | result->sizen = htons (GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH); | ||
213 | result->padding = 0; | ||
214 | size = GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH; | ||
215 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | ||
216 | &result->key[0], size, &size, skey[0])); | ||
217 | adjust (&result->key[0], size, GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH); | ||
218 | size = | ||
219 | GNUNET_CRYPTO_RSA_KEY_LENGTH - GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH; | ||
220 | GNUNET_assert (0 == | ||
221 | gcry_mpi_print (GCRYMPI_FMT_USG, | ||
222 | &result-> | ||
223 | key[GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH], | ||
224 | size, &size, skey[1])); | ||
225 | adjust (&result->key[GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH], size, | ||
226 | GNUNET_CRYPTO_RSA_KEY_LENGTH - | ||
227 | GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH); | ||
228 | gcry_mpi_release (skey[0]); | ||
229 | gcry_mpi_release (skey[1]); | ||
230 | } | ||
231 | |||
232 | |||
233 | /** | ||
234 | * Internal: publicKey => RSA-Key. | ||
235 | * | ||
236 | * Note that the return type is not actually a private | ||
237 | * key but rather an sexpression for the public key! | ||
238 | */ | ||
239 | static struct GNUNET_CRYPTO_RsaPrivateKey * | ||
240 | public2PrivateKey (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | ||
241 | *publicKey) | ||
242 | { | ||
243 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; | ||
244 | gcry_sexp_t result; | ||
245 | gcry_mpi_t n; | ||
246 | gcry_mpi_t e; | ||
247 | size_t size; | ||
248 | size_t erroff; | ||
249 | int rc; | ||
250 | |||
251 | if ((ntohs (publicKey->sizen) != GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH) || | ||
252 | (ntohs (publicKey->len) != | ||
253 | sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded) - | ||
254 | sizeof (publicKey->padding))) | ||
255 | { | ||
256 | GNUNET_break (0); | ||
257 | return NULL; | ||
258 | } | ||
259 | size = GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH; | ||
260 | rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG, &publicKey->key[0], size, &size); | ||
261 | if (rc) | ||
262 | { | ||
263 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
264 | return NULL; | ||
265 | } | ||
266 | size = | ||
267 | GNUNET_CRYPTO_RSA_KEY_LENGTH - GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH; | ||
268 | rc = | ||
269 | gcry_mpi_scan (&e, GCRYMPI_FMT_USG, | ||
270 | &publicKey->key[GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH], | ||
271 | size, &size); | ||
272 | if (rc) | ||
273 | { | ||
274 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
275 | gcry_mpi_release (n); | ||
276 | return NULL; | ||
277 | } | ||
278 | rc = gcry_sexp_build (&result, | ||
279 | &erroff, "(public-key(rsa(n %m)(e %m)))", n, e); | ||
280 | gcry_mpi_release (n); | ||
281 | gcry_mpi_release (e); | ||
282 | if (rc) | ||
283 | { | ||
284 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); /* erroff gives more info */ | ||
285 | return NULL; | ||
286 | } | ||
287 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); | ||
288 | ret->sexp = result; | ||
289 | return ret; | ||
290 | } | ||
291 | |||
292 | |||
293 | /** | ||
294 | * Encode the private key in a format suitable for | ||
295 | * storing it into a file. | ||
296 | * @returns encoding of the private key. | ||
297 | * The first 4 bytes give the size of the array, as usual. | ||
298 | */ | ||
299 | static struct RsaPrivateKeyBinaryEncoded * | ||
300 | rsa_encode_key (const struct GNUNET_CRYPTO_RsaPrivateKey *hostkey) | ||
301 | { | ||
302 | struct RsaPrivateKeyBinaryEncoded *retval; | ||
303 | gcry_mpi_t pkv[6]; | ||
304 | void *pbu[6]; | ||
305 | size_t sizes[6]; | ||
306 | int rc; | ||
307 | int i; | ||
308 | int size; | ||
309 | |||
310 | #if EXTRA_CHECKS | ||
311 | if (gcry_pk_testkey (hostkey->sexp)) | ||
312 | { | ||
313 | GNUNET_break (0); | ||
314 | return NULL; | ||
315 | } | ||
316 | #endif | ||
317 | |||
318 | memset (pkv, 0, sizeof (gcry_mpi_t) * 6); | ||
319 | rc = key_from_sexp (pkv, hostkey->sexp, "private-key", "nedpqu"); | ||
320 | if (rc) | ||
321 | rc = key_from_sexp (pkv, hostkey->sexp, "rsa", "nedpqu"); | ||
322 | if (rc) | ||
323 | rc = key_from_sexp (pkv, hostkey->sexp, "private-key", "nedpq"); | ||
324 | if (rc) | ||
325 | rc = key_from_sexp (pkv, hostkey->sexp, "rsa", "nedpq"); | ||
326 | if (rc) | ||
327 | rc = key_from_sexp (pkv, hostkey->sexp, "private-key", "ned"); | ||
328 | if (rc) | ||
329 | rc = key_from_sexp (pkv, hostkey->sexp, "rsa", "ned"); | ||
330 | GNUNET_assert (0 == rc); | ||
331 | size = sizeof (struct RsaPrivateKeyBinaryEncoded); | ||
332 | for (i = 0; i < 6; i++) | ||
333 | { | ||
334 | if (pkv[i] != NULL) | ||
335 | { | ||
336 | GNUNET_assert (0 == gcry_mpi_aprint (GCRYMPI_FMT_USG, | ||
337 | (unsigned char **) &pbu[i], | ||
338 | &sizes[i], pkv[i])); | ||
339 | size += sizes[i]; | ||
340 | } | ||
341 | else | ||
342 | { | ||
343 | pbu[i] = NULL; | ||
344 | sizes[i] = 0; | ||
345 | } | ||
346 | } | ||
347 | GNUNET_assert (size < 65536); | ||
348 | retval = GNUNET_malloc (size); | ||
349 | retval->len = htons (size); | ||
350 | i = 0; | ||
351 | retval->sizen = htons (sizes[0]); | ||
352 | memcpy (&((char *) (&retval[1]))[i], pbu[0], sizes[0]); | ||
353 | i += sizes[0]; | ||
354 | retval->sizee = htons (sizes[1]); | ||
355 | memcpy (&((char *) (&retval[1]))[i], pbu[1], sizes[1]); | ||
356 | i += sizes[1]; | ||
357 | retval->sized = htons (sizes[2]); | ||
358 | memcpy (&((char *) (&retval[1]))[i], pbu[2], sizes[2]); | ||
359 | i += sizes[2]; | ||
360 | /* swap p and q! */ | ||
361 | retval->sizep = htons (sizes[4]); | ||
362 | memcpy (&((char *) (&retval[1]))[i], pbu[4], sizes[4]); | ||
363 | i += sizes[4]; | ||
364 | retval->sizeq = htons (sizes[3]); | ||
365 | memcpy (&((char *) (&retval[1]))[i], pbu[3], sizes[3]); | ||
366 | i += sizes[3]; | ||
367 | retval->sizedmp1 = htons (0); | ||
368 | retval->sizedmq1 = htons (0); | ||
369 | memcpy (&((char *) (&retval[1]))[i], pbu[5], sizes[5]); | ||
370 | for (i = 0; i < 6; i++) | ||
371 | { | ||
372 | if (pkv[i] != NULL) | ||
373 | gcry_mpi_release (pkv[i]); | ||
374 | if (pbu[i] != NULL) | ||
375 | free (pbu[i]); | ||
376 | } | ||
377 | return retval; | ||
378 | } | ||
379 | |||
380 | /** | ||
381 | * Decode the private key from the file-format back | ||
382 | * to the "normal", internal format. | ||
383 | */ | ||
384 | static struct GNUNET_CRYPTO_RsaPrivateKey * | ||
385 | rsa_decode_key (const struct RsaPrivateKeyBinaryEncoded *encoding) | ||
386 | { | ||
387 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; | ||
388 | gcry_sexp_t res; | ||
389 | gcry_mpi_t n, e, d, p, q, u; | ||
390 | int rc; | ||
391 | size_t size; | ||
392 | int pos; | ||
393 | |||
394 | pos = 0; | ||
395 | size = ntohs (encoding->sizen); | ||
396 | rc = gcry_mpi_scan (&n, | ||
397 | GCRYMPI_FMT_USG, | ||
398 | &((const unsigned char *) (&encoding[1]))[pos], | ||
399 | size, &size); | ||
400 | pos += ntohs (encoding->sizen); | ||
401 | if (rc) | ||
402 | { | ||
403 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
404 | return NULL; | ||
405 | } | ||
406 | size = ntohs (encoding->sizee); | ||
407 | rc = gcry_mpi_scan (&e, | ||
408 | GCRYMPI_FMT_USG, | ||
409 | &((const unsigned char *) (&encoding[1]))[pos], | ||
410 | size, &size); | ||
411 | pos += ntohs (encoding->sizee); | ||
412 | if (rc) | ||
413 | { | ||
414 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
415 | gcry_mpi_release (n); | ||
416 | return NULL; | ||
417 | } | ||
418 | size = ntohs (encoding->sized); | ||
419 | rc = gcry_mpi_scan (&d, | ||
420 | GCRYMPI_FMT_USG, | ||
421 | &((const unsigned char *) (&encoding[1]))[pos], | ||
422 | size, &size); | ||
423 | pos += ntohs (encoding->sized); | ||
424 | if (rc) | ||
425 | { | ||
426 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
427 | gcry_mpi_release (n); | ||
428 | gcry_mpi_release (e); | ||
429 | return NULL; | ||
430 | } | ||
431 | /* swap p and q! */ | ||
432 | size = ntohs (encoding->sizep); | ||
433 | if (size > 0) | ||
434 | { | ||
435 | rc = gcry_mpi_scan (&q, | ||
436 | GCRYMPI_FMT_USG, | ||
437 | &((const unsigned char *) (&encoding[1]))[pos], | ||
438 | size, &size); | ||
439 | pos += ntohs (encoding->sizep); | ||
440 | if (rc) | ||
441 | { | ||
442 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
443 | gcry_mpi_release (n); | ||
444 | gcry_mpi_release (e); | ||
445 | gcry_mpi_release (d); | ||
446 | return NULL; | ||
447 | } | ||
448 | } | ||
449 | else | ||
450 | q = NULL; | ||
451 | size = ntohs (encoding->sizeq); | ||
452 | if (size > 0) | ||
453 | { | ||
454 | rc = gcry_mpi_scan (&p, | ||
455 | GCRYMPI_FMT_USG, | ||
456 | &((const unsigned char *) (&encoding[1]))[pos], | ||
457 | size, &size); | ||
458 | pos += ntohs (encoding->sizeq); | ||
459 | if (rc) | ||
460 | { | ||
461 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
462 | gcry_mpi_release (n); | ||
463 | gcry_mpi_release (e); | ||
464 | gcry_mpi_release (d); | ||
465 | if (q != NULL) | ||
466 | gcry_mpi_release (q); | ||
467 | return NULL; | ||
468 | } | ||
469 | } | ||
470 | else | ||
471 | p = NULL; | ||
472 | pos += ntohs (encoding->sizedmp1); | ||
473 | pos += ntohs (encoding->sizedmq1); | ||
474 | size = | ||
475 | ntohs (encoding->len) - sizeof (struct RsaPrivateKeyBinaryEncoded) - pos; | ||
476 | if (size > 0) | ||
477 | { | ||
478 | rc = gcry_mpi_scan (&u, | ||
479 | GCRYMPI_FMT_USG, | ||
480 | &((const unsigned char *) (&encoding[1]))[pos], | ||
481 | size, &size); | ||
482 | if (rc) | ||
483 | { | ||
484 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); | ||
485 | gcry_mpi_release (n); | ||
486 | gcry_mpi_release (e); | ||
487 | gcry_mpi_release (d); | ||
488 | if (p != NULL) | ||
489 | gcry_mpi_release (p); | ||
490 | if (q != NULL) | ||
491 | gcry_mpi_release (q); | ||
492 | return NULL; | ||
493 | } | ||
494 | } | ||
495 | else | ||
496 | u = NULL; | ||
497 | |||
498 | if ((p != NULL) && (q != NULL) && (u != NULL)) | ||
499 | { | ||
500 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
501 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))", | ||
502 | n, e, d, p, q, u); | ||
503 | } | ||
504 | else | ||
505 | { | ||
506 | if ((p != NULL) && (q != NULL)) | ||
507 | { | ||
508 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
509 | "(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))", | ||
510 | n, e, d, p, q); | ||
511 | } | ||
512 | else | ||
513 | { | ||
514 | rc = gcry_sexp_build (&res, &size, /* erroff */ | ||
515 | "(private-key(rsa(n %m)(e %m)(d %m)))", | ||
516 | n, e, d); | ||
517 | } | ||
518 | } | ||
519 | gcry_mpi_release (n); | ||
520 | gcry_mpi_release (e); | ||
521 | gcry_mpi_release (d); | ||
522 | if (p != NULL) | ||
523 | gcry_mpi_release (p); | ||
524 | if (q != NULL) | ||
525 | gcry_mpi_release (q); | ||
526 | if (u != NULL) | ||
527 | gcry_mpi_release (u); | ||
528 | |||
529 | if (rc) | ||
530 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); | ||
531 | #if EXTRA_CHECKS | ||
532 | if (gcry_pk_testkey (res)) | ||
533 | { | ||
534 | LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); | ||
535 | return NULL; | ||
536 | } | ||
537 | #endif | ||
538 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); | ||
539 | ret->sexp = res; | ||
540 | return ret; | ||
541 | } | ||
542 | |||
543 | |||
544 | /** | ||
545 | * Create a new private key by reading it from a file. If the | ||
546 | * files does not exist, create a new key and write it to the | ||
547 | * file. Caller must free return value. Note that this function | ||
548 | * can not guarantee that another process might not be trying | ||
549 | * the same operation on the same file at the same time. The | ||
550 | * caller must somehow know that the file either already exists | ||
551 | * with a valid key OR be sure that no other process is calling | ||
552 | * this function at the same time. If the contents of the file | ||
553 | * are invalid the old file is deleted and a fresh key is | ||
554 | * created. | ||
555 | * | ||
556 | * @return new private key, NULL on error (for example, | ||
557 | * permission denied) | ||
558 | */ | ||
559 | struct GNUNET_CRYPTO_RsaPrivateKey * | ||
560 | GNUNET_CRYPTO_rsa_key_create_from_file (const char *filename) | ||
561 | { | ||
562 | struct flock fl; | ||
563 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; | ||
564 | struct RsaPrivateKeyBinaryEncoded *enc; | ||
565 | struct stat sbuf; | ||
566 | uint16_t len; | ||
567 | int fd; | ||
568 | unsigned int cnt; | ||
569 | int ec; | ||
570 | |||
571 | if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename)) | ||
572 | return NULL; | ||
573 | while (0 != STAT (filename, &sbuf)) | ||
574 | { | ||
575 | fd = open (filename, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); | ||
576 | if (-1 == fd) | ||
577 | { | ||
578 | if (errno == EEXIST) | ||
579 | continue; | ||
580 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, | ||
581 | "open", filename); | ||
582 | return NULL; | ||
583 | } | ||
584 | memset (&fl, 0, sizeof (struct flock)); | ||
585 | fl.l_type = F_WRLCK; | ||
586 | fl.l_whence = SEEK_SET; | ||
587 | fl.l_len = sizeof (struct RsaPrivateKeyBinaryEncoded); | ||
588 | cnt = 0; | ||
589 | while (0 != fcntl (fd, F_SETLK, &fl)) | ||
590 | { | ||
591 | sleep (1); | ||
592 | if (0 == ++cnt % 10) | ||
593 | { | ||
594 | ec = errno; | ||
595 | fl.l_type = F_GETLK; | ||
596 | fcntl (fd, F_GETLK, &fl); | ||
597 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
598 | _ | ||
599 | ("Could not aquire lock on file `%s' due to process %u: %s...\n"), | ||
600 | filename, fl.l_pid, STRERROR (errno)); | ||
601 | } | ||
602 | memset (&fl, 0, sizeof (struct flock)); | ||
603 | fl.l_type = F_WRLCK; | ||
604 | fl.l_whence = SEEK_SET; | ||
605 | fl.l_len = sizeof (struct RsaPrivateKeyBinaryEncoded); | ||
606 | } | ||
607 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
608 | _("Creating a new private key. This may take a while.\n")); | ||
609 | ret = GNUNET_CRYPTO_rsa_key_create (); | ||
610 | GNUNET_assert (ret != NULL); | ||
611 | enc = rsa_encode_key (ret); | ||
612 | GNUNET_assert (enc != NULL); | ||
613 | GNUNET_assert (ntohs (enc->len) == WRITE (fd, enc, ntohs (enc->len))); | ||
614 | GNUNET_free (enc); | ||
615 | fdatasync (fd); | ||
616 | memset (&fl, 0, sizeof (struct flock)); | ||
617 | fl.l_type = F_UNLCK; | ||
618 | fl.l_whence = SEEK_SET; | ||
619 | fl.l_len = sizeof (struct RsaPrivateKeyBinaryEncoded); | ||
620 | cnt = 0; | ||
621 | if (0 != fcntl (fd, F_SETLK, &fl)) | ||
622 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, | ||
623 | "fcntl", filename); | ||
624 | GNUNET_assert (0 == CLOSE (fd)); | ||
625 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | ||
626 | _("Stored new private key in `%s'.\n"), filename); | ||
627 | return ret; | ||
628 | } | ||
629 | /* hostkey file exists already, read it! */ | ||
630 | fd = open (filename, O_RDONLY); | ||
631 | if (-1 == fd) | ||
632 | { | ||
633 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "open", filename); | ||
634 | return NULL; | ||
635 | } | ||
636 | cnt = 0; | ||
637 | while (1) | ||
638 | { | ||
639 | memset (&fl, 0, sizeof (struct flock)); | ||
640 | fl.l_type = F_RDLCK; | ||
641 | fl.l_whence = SEEK_SET; | ||
642 | fl.l_len = sizeof (struct RsaPrivateKeyBinaryEncoded); | ||
643 | if (0 != fcntl (fd, F_SETLK, &fl)) | ||
644 | { | ||
645 | if (0 == ++cnt % 10) | ||
646 | { | ||
647 | ec = errno; | ||
648 | fl.l_type = F_GETLK; | ||
649 | fcntl (fd, F_GETLK, &fl); | ||
650 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
651 | _ | ||
652 | ("Could not aquire lock on file `%s' due to process %u: %s...\n"), | ||
653 | filename, fl.l_pid, STRERROR (errno)); | ||
654 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
655 | _ | ||
656 | ("This may be ok if someone is currently generating a hostkey.\n")); | ||
657 | } | ||
658 | sleep (1); | ||
659 | continue; | ||
660 | } | ||
661 | if (0 != STAT (filename, &sbuf)) | ||
662 | { | ||
663 | /* eh, what!? File we opened is now gone!? */ | ||
664 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, | ||
665 | "stat", filename); | ||
666 | memset (&fl, 0, sizeof (struct flock)); | ||
667 | fl.l_type = F_UNLCK; | ||
668 | fl.l_whence = SEEK_SET; | ||
669 | fl.l_len = sizeof (struct RsaPrivateKeyBinaryEncoded); | ||
670 | if (0 != fcntl (fd, F_SETLK, &fl)) | ||
671 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, | ||
672 | "fcntl", filename); | ||
673 | GNUNET_assert (0 == CLOSE (fd)); | ||
674 | return NULL; | ||
675 | } | ||
676 | if (sbuf.st_size < sizeof (struct RsaPrivateKeyBinaryEncoded)) | ||
677 | { | ||
678 | /* maybe we got the read lock before the hostkey generating | ||
679 | process had a chance to get the write lock; give it up! */ | ||
680 | memset (&fl, 0, sizeof (struct flock)); | ||
681 | fl.l_type = F_UNLCK; | ||
682 | fl.l_whence = SEEK_SET; | ||
683 | fl.l_len = sizeof (struct RsaPrivateKeyBinaryEncoded); | ||
684 | if (0 != fcntl (fd, F_SETLK, &fl)) | ||
685 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, | ||
686 | "fcntl", filename); | ||
687 | if (0 == ++cnt % 10) | ||
688 | { | ||
689 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
690 | _ | ||
691 | ("When trying to read hostkey file `%s' I found %u bytes but I need at least %u.\n"), | ||
692 | filename, (unsigned int) sbuf.st_size, | ||
693 | (unsigned int) sizeof (struct | ||
694 | RsaPrivateKeyBinaryEncoded)); | ||
695 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
696 | _ | ||
697 | ("This may be ok if someone is currently generating a hostkey.\n")); | ||
698 | } | ||
699 | sleep (2); /* wait a bit longer! */ | ||
700 | continue; | ||
701 | } | ||
702 | break; | ||
703 | } | ||
704 | enc = GNUNET_malloc (sbuf.st_size); | ||
705 | GNUNET_assert (sbuf.st_size == READ (fd, enc, sbuf.st_size)); | ||
706 | len = ntohs (enc->len); | ||
707 | if ((len != sbuf.st_size) || (NULL == (ret = rsa_decode_key (enc)))) | ||
708 | { | ||
709 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
710 | _ | ||
711 | ("File `%s' does not contain a valid private key. You should delete it.\n"), | ||
712 | filename); | ||
713 | GNUNET_free (enc); | ||
714 | } | ||
715 | memset (&fl, 0, sizeof (struct flock)); | ||
716 | fl.l_type = F_UNLCK; | ||
717 | fl.l_whence = SEEK_SET; | ||
718 | fl.l_len = sizeof (struct RsaPrivateKeyBinaryEncoded); | ||
719 | if (0 != fcntl (fd, F_SETLK, &fl)) | ||
720 | GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); | ||
721 | GNUNET_assert (0 == CLOSE (fd)); | ||
722 | return ret; | ||
723 | } | ||
724 | |||
725 | |||
726 | /** | ||
727 | * Encrypt a block with the public key of another host that uses the | ||
728 | * same cyper. | ||
729 | * | ||
730 | * @param block the block to encrypt | ||
731 | * @param size the size of block | ||
732 | * @param publicKey the encoded public key used to encrypt | ||
733 | * @param target where to store the encrypted block | ||
734 | * @returns GNUNET_SYSERR on error, GNUNET_OK if ok | ||
735 | */ | ||
736 | int | ||
737 | GNUNET_CRYPTO_rsa_encrypt (const void *block, | ||
738 | uint16_t size, | ||
739 | const struct | ||
740 | GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *publicKey, | ||
741 | struct GNUNET_CRYPTO_RsaEncryptedData *target) | ||
742 | { | ||
743 | gcry_sexp_t result; | ||
744 | gcry_sexp_t data; | ||
745 | struct GNUNET_CRYPTO_RsaPrivateKey *pubkey; | ||
746 | gcry_mpi_t val; | ||
747 | gcry_mpi_t rval; | ||
748 | size_t isize; | ||
749 | size_t erroff; | ||
750 | |||
751 | GNUNET_assert (size <= sizeof (GNUNET_HashCode)); | ||
752 | pubkey = public2PrivateKey (publicKey); | ||
753 | isize = size; | ||
754 | GNUNET_assert (0 == | ||
755 | gcry_mpi_scan (&val, GCRYMPI_FMT_USG, block, isize, &isize)); | ||
756 | GNUNET_assert (0 == | ||
757 | gcry_sexp_build (&data, &erroff, | ||
758 | "(data (flags pkcs1)(value %m))", val)); | ||
759 | gcry_mpi_release (val); | ||
760 | GNUNET_assert (0 == gcry_pk_encrypt (&result, data, pubkey->sexp)); | ||
761 | gcry_sexp_release (data); | ||
762 | GNUNET_CRYPTO_rsa_key_free (pubkey); | ||
763 | |||
764 | GNUNET_assert (0 == key_from_sexp (&rval, result, "rsa", "a")); | ||
765 | gcry_sexp_release (result); | ||
766 | isize = sizeof (struct GNUNET_CRYPTO_RsaEncryptedData); | ||
767 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | ||
768 | (unsigned char *) target, isize, &isize, | ||
769 | rval)); | ||
770 | gcry_mpi_release (rval); | ||
771 | adjust (&target->encoding[0], isize, | ||
772 | sizeof (struct GNUNET_CRYPTO_RsaEncryptedData)); | ||
773 | return GNUNET_OK; | ||
774 | } | ||
775 | |||
776 | /** | ||
777 | * Decrypt a given block with the hostkey. | ||
778 | * | ||
779 | * @param hostkey the hostkey with which to decrypt this block | ||
780 | * @param block the data to decrypt, encoded as returned by encrypt | ||
781 | * @param result pointer to a location where the result can be stored | ||
782 | * @param max the maximum number of bits to store for the result, if | ||
783 | * the decrypted block is bigger, an error is returned | ||
784 | * @returns the size of the decrypted block, -1 on error | ||
785 | */ | ||
786 | int | ||
787 | GNUNET_CRYPTO_rsa_decrypt (const struct GNUNET_CRYPTO_RsaPrivateKey *hostkey, | ||
788 | const struct GNUNET_CRYPTO_RsaEncryptedData *block, | ||
789 | void *result, uint16_t max) | ||
790 | { | ||
791 | gcry_sexp_t resultsexp; | ||
792 | gcry_sexp_t data; | ||
793 | size_t erroff; | ||
794 | size_t size; | ||
795 | gcry_mpi_t val; | ||
796 | unsigned char *endp; | ||
797 | unsigned char *tmp; | ||
798 | |||
799 | #if EXTRA_CHECKS | ||
800 | GNUNET_assert (0 == gcry_pk_testkey (hostkey->sexp)); | ||
801 | #endif | ||
802 | size = sizeof (struct GNUNET_CRYPTO_RsaEncryptedData); | ||
803 | GNUNET_assert (0 == gcry_mpi_scan (&val, | ||
804 | GCRYMPI_FMT_USG, &block->encoding[0], | ||
805 | size, &size)); | ||
806 | GNUNET_assert (0 == | ||
807 | gcry_sexp_build (&data, &erroff, | ||
808 | "(enc-val(flags)(rsa(a %m)))", val)); | ||
809 | gcry_mpi_release (val); | ||
810 | GNUNET_assert (0 == gcry_pk_decrypt (&resultsexp, data, hostkey->sexp)); | ||
811 | gcry_sexp_release (data); | ||
812 | /* resultsexp has format "(value %m)" */ | ||
813 | GNUNET_assert (NULL != | ||
814 | (val = gcry_sexp_nth_mpi (resultsexp, 1, GCRYMPI_FMT_USG))); | ||
815 | gcry_sexp_release (resultsexp); | ||
816 | tmp = GNUNET_malloc (max + HOSTKEY_LEN / 8); | ||
817 | size = max + HOSTKEY_LEN / 8; | ||
818 | GNUNET_assert (0 == | ||
819 | gcry_mpi_print (GCRYMPI_FMT_USG, tmp, size, &size, val)); | ||
820 | gcry_mpi_release (val); | ||
821 | endp = tmp; | ||
822 | endp += (size - max); | ||
823 | size = max; | ||
824 | memcpy (result, endp, size); | ||
825 | GNUNET_free (tmp); | ||
826 | return size; | ||
827 | } | ||
828 | |||
829 | |||
830 | /** | ||
831 | * Sign a given block. | ||
832 | * | ||
833 | * @param hostkey private key to use for the signing | ||
834 | * @param purpose what to sign (size, purpose) | ||
835 | * @param result where to write the signature | ||
836 | * @return GNUNET_SYSERR on error, GNUNET_OK on success | ||
837 | */ | ||
838 | int | ||
839 | GNUNET_CRYPTO_rsa_sign (const struct GNUNET_CRYPTO_RsaPrivateKey *hostkey, | ||
840 | const struct GNUNET_CRYPTO_RsaSignaturePurpose | ||
841 | *purpose, struct GNUNET_CRYPTO_RsaSignature *sig) | ||
842 | { | ||
843 | gcry_sexp_t result; | ||
844 | gcry_sexp_t data; | ||
845 | size_t ssize; | ||
846 | gcry_mpi_t rval; | ||
847 | GNUNET_HashCode hc; | ||
848 | char *buff; | ||
849 | int bufSize; | ||
850 | |||
851 | GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc); | ||
852 | #define FORMATSTRING "(4:data(5:flags5:pkcs1)(4:hash6:sha51264:0123456789012345678901234567890123456789012345678901234567890123))" | ||
853 | bufSize = strlen (FORMATSTRING) + 1; | ||
854 | buff = GNUNET_malloc (bufSize); | ||
855 | memcpy (buff, FORMATSTRING, bufSize); | ||
856 | memcpy (&buff | ||
857 | [bufSize - | ||
858 | strlen | ||
859 | ("0123456789012345678901234567890123456789012345678901234567890123))") | ||
860 | - 1], &hc, sizeof (GNUNET_HashCode)); | ||
861 | GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0)); | ||
862 | GNUNET_free (buff); | ||
863 | GNUNET_assert (0 == gcry_pk_sign (&result, data, hostkey->sexp)); | ||
864 | gcry_sexp_release (data); | ||
865 | GNUNET_assert (0 == key_from_sexp (&rval, result, "rsa", "s")); | ||
866 | gcry_sexp_release (result); | ||
867 | ssize = sizeof (struct GNUNET_CRYPTO_RsaSignature); | ||
868 | GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, | ||
869 | (unsigned char *) sig, ssize, &ssize, | ||
870 | rval)); | ||
871 | gcry_mpi_release (rval); | ||
872 | adjust (sig->sig, ssize, sizeof (struct GNUNET_CRYPTO_RsaSignature)); | ||
873 | return GNUNET_OK; | ||
874 | } | ||
875 | |||
876 | |||
877 | /** | ||
878 | * Verify signature. | ||
879 | * | ||
880 | * @param purpose what is the purpose that the signature should have? | ||
881 | * @param validate block to validate (size, purpose, data) | ||
882 | * @param sig signature that is being validated | ||
883 | * @param publicKey public key of the signer | ||
884 | * @returns GNUNET_OK if ok, GNUNET_SYSERR if invalid | ||
885 | */ | ||
886 | int | ||
887 | GNUNET_CRYPTO_rsa_verify (uint32_t purpose, | ||
888 | const struct GNUNET_CRYPTO_RsaSignaturePurpose | ||
889 | *validate, | ||
890 | const struct GNUNET_CRYPTO_RsaSignature *sig, | ||
891 | const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded | ||
892 | *publicKey) | ||
893 | { | ||
894 | gcry_sexp_t data; | ||
895 | gcry_sexp_t sigdata; | ||
896 | size_t size; | ||
897 | gcry_mpi_t val; | ||
898 | struct GNUNET_CRYPTO_RsaPrivateKey *hostkey; | ||
899 | GNUNET_HashCode hc; | ||
900 | char *buff; | ||
901 | int bufSize; | ||
902 | size_t erroff; | ||
903 | int rc; | ||
904 | |||
905 | if (purpose != ntohl (validate->purpose)) | ||
906 | return GNUNET_SYSERR; /* purpose mismatch */ | ||
907 | GNUNET_CRYPTO_hash (validate, ntohl (validate->size), &hc); | ||
908 | size = sizeof (struct GNUNET_CRYPTO_RsaSignature); | ||
909 | GNUNET_assert (0 == gcry_mpi_scan (&val, | ||
910 | GCRYMPI_FMT_USG, | ||
911 | (const unsigned char *) sig, size, | ||
912 | &size)); | ||
913 | GNUNET_assert (0 == | ||
914 | gcry_sexp_build (&sigdata, &erroff, "(sig-val(rsa(s %m)))", | ||
915 | val)); | ||
916 | gcry_mpi_release (val); | ||
917 | bufSize = strlen (FORMATSTRING) + 1; | ||
918 | buff = GNUNET_malloc (bufSize); | ||
919 | memcpy (buff, FORMATSTRING, bufSize); | ||
920 | memcpy (&buff[strlen (FORMATSTRING) - | ||
921 | strlen | ||
922 | ("0123456789012345678901234567890123456789012345678901234567890123))")], | ||
923 | &hc, sizeof (GNUNET_HashCode)); | ||
924 | GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0)); | ||
925 | GNUNET_free (buff); | ||
926 | hostkey = public2PrivateKey (publicKey); | ||
927 | if (hostkey == NULL) | ||
928 | { | ||
929 | gcry_sexp_release (data); | ||
930 | gcry_sexp_release (sigdata); | ||
931 | return GNUNET_SYSERR; | ||
932 | } | ||
933 | rc = gcry_pk_verify (sigdata, data, hostkey->sexp); | ||
934 | GNUNET_CRYPTO_rsa_key_free (hostkey); | ||
935 | gcry_sexp_release (data); | ||
936 | gcry_sexp_release (sigdata); | ||
937 | if (rc) | ||
938 | { | ||
939 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | ||
940 | _("RSA signature verification failed at %s:%d: %s\n"), | ||
941 | __FILE__, __LINE__, gcry_strerror (rc)); | ||
942 | return GNUNET_SYSERR; | ||
943 | } | ||
944 | return GNUNET_OK; | ||
945 | } | ||
946 | |||
947 | |||
948 | /* end of crypto_rsa.c */ | ||