diff options
Diffstat (limited to 'src/util/crypto_rsa.c')
-rw-r--r-- | src/util/crypto_rsa.c | 994 |
1 files changed, 502 insertions, 492 deletions
diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c index 0a20fdffa..edabcd6d5 100644 --- a/src/util/crypto_rsa.c +++ b/src/util/crypto_rsa.c | |||
@@ -30,13 +30,14 @@ | |||
30 | #include "gnunet_crypto_lib.h" | 30 | #include "gnunet_crypto_lib.h" |
31 | #include "benchmark.h" | 31 | #include "benchmark.h" |
32 | 32 | ||
33 | #define LOG(kind, ...) GNUNET_log_from(kind, "util-crypto-rsa", __VA_ARGS__) | 33 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__) |
34 | 34 | ||
35 | 35 | ||
36 | /** | 36 | /** |
37 | * The private information of an RSA key pair. | 37 | * The private information of an RSA key pair. |
38 | */ | 38 | */ |
39 | struct GNUNET_CRYPTO_RsaPrivateKey { | 39 | struct GNUNET_CRYPTO_RsaPrivateKey |
40 | { | ||
40 | /** | 41 | /** |
41 | * Libgcrypt S-expression for the RSA private key. | 42 | * Libgcrypt S-expression for the RSA private key. |
42 | */ | 43 | */ |
@@ -47,7 +48,8 @@ struct GNUNET_CRYPTO_RsaPrivateKey { | |||
47 | /** | 48 | /** |
48 | * The public information of an RSA key pair. | 49 | * The public information of an RSA key pair. |
49 | */ | 50 | */ |
50 | struct GNUNET_CRYPTO_RsaPublicKey { | 51 | struct GNUNET_CRYPTO_RsaPublicKey |
52 | { | ||
51 | /** | 53 | /** |
52 | * Libgcrypt S-expression for the RSA public key. | 54 | * Libgcrypt S-expression for the RSA public key. |
53 | */ | 55 | */ |
@@ -58,7 +60,8 @@ struct GNUNET_CRYPTO_RsaPublicKey { | |||
58 | /** | 60 | /** |
59 | * @brief an RSA signature | 61 | * @brief an RSA signature |
60 | */ | 62 | */ |
61 | struct GNUNET_CRYPTO_RsaSignature { | 63 | struct GNUNET_CRYPTO_RsaSignature |
64 | { | ||
62 | /** | 65 | /** |
63 | * Libgcrypt S-expression for the RSA signature. | 66 | * Libgcrypt S-expression for the RSA signature. |
64 | */ | 67 | */ |
@@ -69,7 +72,8 @@ struct GNUNET_CRYPTO_RsaSignature { | |||
69 | /** | 72 | /** |
70 | * @brief RSA blinding key | 73 | * @brief RSA blinding key |
71 | */ | 74 | */ |
72 | struct RsaBlindingKey { | 75 | struct RsaBlindingKey |
76 | { | ||
73 | /** | 77 | /** |
74 | * Random value used for blinding. | 78 | * Random value used for blinding. |
75 | */ | 79 | */ |
@@ -87,50 +91,50 @@ struct RsaBlindingKey { | |||
87 | * @return 0 on success | 91 | * @return 0 on success |
88 | */ | 92 | */ |
89 | static int | 93 | static int |
90 | key_from_sexp(gcry_mpi_t *array, | 94 | key_from_sexp (gcry_mpi_t *array, |
91 | gcry_sexp_t sexp, | 95 | gcry_sexp_t sexp, |
92 | const char *topname, | 96 | const char *topname, |
93 | const char *elems) | 97 | const char *elems) |
94 | { | 98 | { |
95 | gcry_sexp_t list; | 99 | gcry_sexp_t list; |
96 | gcry_sexp_t l2; | 100 | gcry_sexp_t l2; |
97 | const char *s; | 101 | const char *s; |
98 | unsigned int idx; | 102 | unsigned int idx; |
99 | 103 | ||
100 | if (!(list = gcry_sexp_find_token(sexp, topname, 0))) | 104 | if (! (list = gcry_sexp_find_token (sexp, topname, 0))) |
101 | return 1; | 105 | return 1; |
102 | l2 = gcry_sexp_cadr(list); | 106 | l2 = gcry_sexp_cadr (list); |
103 | gcry_sexp_release(list); | 107 | gcry_sexp_release (list); |
104 | list = l2; | 108 | list = l2; |
105 | if (!list) | 109 | if (! list) |
106 | return 2; | 110 | return 2; |
107 | idx = 0; | 111 | idx = 0; |
108 | for (s = elems; *s; s++, idx++) | 112 | for (s = elems; *s; s++, idx++) |
113 | { | ||
114 | if (! (l2 = gcry_sexp_find_token (list, s, 1))) | ||
109 | { | 115 | { |
110 | if (!(l2 = gcry_sexp_find_token(list, s, 1))) | 116 | for (unsigned int i = 0; i < idx; i++) |
111 | { | 117 | { |
112 | for (unsigned int i = 0; i < idx; i++) | 118 | gcry_free (array[i]); |
113 | { | 119 | array[i] = NULL; |
114 | gcry_free(array[i]); | 120 | } |
115 | array[i] = NULL; | 121 | gcry_sexp_release (list); |
116 | } | 122 | return 3; /* required parameter not found */ |
117 | gcry_sexp_release(list); | ||
118 | return 3; /* required parameter not found */ | ||
119 | } | ||
120 | array[idx] = gcry_sexp_nth_mpi(l2, 1, GCRYMPI_FMT_USG); | ||
121 | gcry_sexp_release(l2); | ||
122 | if (!array[idx]) | ||
123 | { | ||
124 | for (unsigned int i = 0; i < idx; i++) | ||
125 | { | ||
126 | gcry_free(array[i]); | ||
127 | array[i] = NULL; | ||
128 | } | ||
129 | gcry_sexp_release(list); | ||
130 | return 4; /* required parameter is invalid */ | ||
131 | } | ||
132 | } | 123 | } |
133 | gcry_sexp_release(list); | 124 | array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); |
125 | gcry_sexp_release (l2); | ||
126 | if (! array[idx]) | ||
127 | { | ||
128 | for (unsigned int i = 0; i < idx; i++) | ||
129 | { | ||
130 | gcry_free (array[i]); | ||
131 | array[i] = NULL; | ||
132 | } | ||
133 | gcry_sexp_release (list); | ||
134 | return 4; /* required parameter is invalid */ | ||
135 | } | ||
136 | } | ||
137 | gcry_sexp_release (list); | ||
134 | return 0; | 138 | return 0; |
135 | } | 139 | } |
136 | 140 | ||
@@ -142,30 +146,30 @@ key_from_sexp(gcry_mpi_t *array, | |||
142 | * @return fresh private key | 146 | * @return fresh private key |
143 | */ | 147 | */ |
144 | struct GNUNET_CRYPTO_RsaPrivateKey * | 148 | struct GNUNET_CRYPTO_RsaPrivateKey * |
145 | GNUNET_CRYPTO_rsa_private_key_create(unsigned int len) | 149 | GNUNET_CRYPTO_rsa_private_key_create (unsigned int len) |
146 | { | 150 | { |
147 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; | 151 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; |
148 | gcry_sexp_t s_key; | 152 | gcry_sexp_t s_key; |
149 | gcry_sexp_t s_keyparam; | 153 | gcry_sexp_t s_keyparam; |
150 | 154 | ||
151 | BENCHMARK_START(rsa_private_key_create); | 155 | BENCHMARK_START (rsa_private_key_create); |
152 | 156 | ||
153 | GNUNET_assert(0 == | 157 | GNUNET_assert (0 == |
154 | gcry_sexp_build(&s_keyparam, | 158 | gcry_sexp_build (&s_keyparam, |
155 | NULL, | 159 | NULL, |
156 | "(genkey(rsa(nbits %d)))", | 160 | "(genkey(rsa(nbits %d)))", |
157 | len)); | 161 | len)); |
158 | GNUNET_assert(0 == | 162 | GNUNET_assert (0 == |
159 | gcry_pk_genkey(&s_key, | 163 | gcry_pk_genkey (&s_key, |
160 | s_keyparam)); | 164 | s_keyparam)); |
161 | gcry_sexp_release(s_keyparam); | 165 | gcry_sexp_release (s_keyparam); |
162 | #if EXTRA_CHECKS | 166 | #if EXTRA_CHECKS |
163 | GNUNET_assert(0 == | 167 | GNUNET_assert (0 == |
164 | gcry_pk_testkey(s_key)); | 168 | gcry_pk_testkey (s_key)); |
165 | #endif | 169 | #endif |
166 | ret = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); | 170 | ret = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); |
167 | ret->sexp = s_key; | 171 | ret->sexp = s_key; |
168 | BENCHMARK_END(rsa_private_key_create); | 172 | BENCHMARK_END (rsa_private_key_create); |
169 | return ret; | 173 | return ret; |
170 | } | 174 | } |
171 | 175 | ||
@@ -176,10 +180,10 @@ GNUNET_CRYPTO_rsa_private_key_create(unsigned int len) | |||
176 | * @param key pointer to the memory to free | 180 | * @param key pointer to the memory to free |
177 | */ | 181 | */ |
178 | void | 182 | void |
179 | GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key) | 183 | GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key) |
180 | { | 184 | { |
181 | gcry_sexp_release(key->sexp); | 185 | gcry_sexp_release (key->sexp); |
182 | GNUNET_free(key); | 186 | GNUNET_free (key); |
183 | } | 187 | } |
184 | 188 | ||
185 | 189 | ||
@@ -192,22 +196,23 @@ GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key) | |||
192 | * @return size of memory allocated in @a buffer | 196 | * @return size of memory allocated in @a buffer |
193 | */ | 197 | */ |
194 | size_t | 198 | size_t |
195 | GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 199 | GNUNET_CRYPTO_rsa_private_key_encode (const struct |
196 | char **buffer) | 200 | GNUNET_CRYPTO_RsaPrivateKey *key, |
201 | char **buffer) | ||
197 | { | 202 | { |
198 | size_t n; | 203 | size_t n; |
199 | char *b; | 204 | char *b; |
200 | 205 | ||
201 | n = gcry_sexp_sprint(key->sexp, | 206 | n = gcry_sexp_sprint (key->sexp, |
202 | GCRYSEXP_FMT_DEFAULT, | 207 | GCRYSEXP_FMT_DEFAULT, |
203 | NULL, | 208 | NULL, |
204 | 0); | 209 | 0); |
205 | b = GNUNET_malloc(n); | 210 | b = GNUNET_malloc (n); |
206 | GNUNET_assert((n - 1) == /* since the last byte is \0 */ | 211 | GNUNET_assert ((n - 1) == /* since the last byte is \0 */ |
207 | gcry_sexp_sprint(key->sexp, | 212 | gcry_sexp_sprint (key->sexp, |
208 | GCRYSEXP_FMT_DEFAULT, | 213 | GCRYSEXP_FMT_DEFAULT, |
209 | b, | 214 | b, |
210 | n)); | 215 | n)); |
211 | *buffer = b; | 216 | *buffer = b; |
212 | return n; | 217 | return n; |
213 | } | 218 | } |
@@ -222,30 +227,30 @@ GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *k | |||
222 | * @return NULL on error | 227 | * @return NULL on error |
223 | */ | 228 | */ |
224 | struct GNUNET_CRYPTO_RsaPrivateKey * | 229 | struct GNUNET_CRYPTO_RsaPrivateKey * |
225 | GNUNET_CRYPTO_rsa_private_key_decode(const char *buf, | 230 | GNUNET_CRYPTO_rsa_private_key_decode (const char *buf, |
226 | size_t len) | 231 | size_t len) |
227 | { | 232 | { |
228 | struct GNUNET_CRYPTO_RsaPrivateKey *key; | 233 | struct GNUNET_CRYPTO_RsaPrivateKey *key; |
229 | 234 | ||
230 | key = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); | 235 | key = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); |
231 | if (0 != | 236 | if (0 != |
232 | gcry_sexp_new(&key->sexp, | 237 | gcry_sexp_new (&key->sexp, |
233 | buf, | 238 | buf, |
234 | len, | 239 | len, |
235 | 0)) | 240 | 0)) |
236 | { | 241 | { |
237 | LOG(GNUNET_ERROR_TYPE_WARNING, | 242 | LOG (GNUNET_ERROR_TYPE_WARNING, |
238 | "Decoded private key is not valid\n"); | 243 | "Decoded private key is not valid\n"); |
239 | GNUNET_free(key); | 244 | GNUNET_free (key); |
240 | return NULL; | 245 | return NULL; |
241 | } | 246 | } |
242 | if (0 != gcry_pk_testkey(key->sexp)) | 247 | if (0 != gcry_pk_testkey (key->sexp)) |
243 | { | 248 | { |
244 | LOG(GNUNET_ERROR_TYPE_WARNING, | 249 | LOG (GNUNET_ERROR_TYPE_WARNING, |
245 | "Decoded private key is not valid\n"); | 250 | "Decoded private key is not valid\n"); |
246 | GNUNET_CRYPTO_rsa_private_key_free(key); | 251 | GNUNET_CRYPTO_rsa_private_key_free (key); |
247 | return NULL; | 252 | return NULL; |
248 | } | 253 | } |
249 | return key; | 254 | return key; |
250 | } | 255 | } |
251 | 256 | ||
@@ -257,35 +262,36 @@ GNUNET_CRYPTO_rsa_private_key_decode(const char *buf, | |||
257 | * @retur NULL on error, otherwise the public key | 262 | * @retur NULL on error, otherwise the public key |
258 | */ | 263 | */ |
259 | struct GNUNET_CRYPTO_RsaPublicKey * | 264 | struct GNUNET_CRYPTO_RsaPublicKey * |
260 | GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv) | 265 | GNUNET_CRYPTO_rsa_private_key_get_public (const struct |
266 | GNUNET_CRYPTO_RsaPrivateKey *priv) | ||
261 | { | 267 | { |
262 | struct GNUNET_CRYPTO_RsaPublicKey *pub; | 268 | struct GNUNET_CRYPTO_RsaPublicKey *pub; |
263 | gcry_mpi_t ne[2]; | 269 | gcry_mpi_t ne[2]; |
264 | int rc; | 270 | int rc; |
265 | gcry_sexp_t result; | 271 | gcry_sexp_t result; |
266 | 272 | ||
267 | BENCHMARK_START(rsa_private_key_get_public); | 273 | BENCHMARK_START (rsa_private_key_get_public); |
268 | 274 | ||
269 | rc = key_from_sexp(ne, priv->sexp, "public-key", "ne"); | 275 | rc = key_from_sexp (ne, priv->sexp, "public-key", "ne"); |
270 | if (0 != rc) | 276 | if (0 != rc) |
271 | rc = key_from_sexp(ne, priv->sexp, "private-key", "ne"); | 277 | rc = key_from_sexp (ne, priv->sexp, "private-key", "ne"); |
272 | if (0 != rc) | 278 | if (0 != rc) |
273 | rc = key_from_sexp(ne, priv->sexp, "rsa", "ne"); | 279 | rc = key_from_sexp (ne, priv->sexp, "rsa", "ne"); |
274 | if (0 != rc) | 280 | if (0 != rc) |
275 | { | 281 | { |
276 | GNUNET_break_op(0); | 282 | GNUNET_break_op (0); |
277 | return NULL; | 283 | return NULL; |
278 | } | 284 | } |
279 | rc = gcry_sexp_build(&result, | 285 | rc = gcry_sexp_build (&result, |
280 | NULL, | 286 | NULL, |
281 | "(public-key(rsa(n %m)(e %m)))", | 287 | "(public-key(rsa(n %m)(e %m)))", |
282 | ne[0], | 288 | ne[0], |
283 | ne[1]); | 289 | ne[1]); |
284 | gcry_mpi_release(ne[0]); | 290 | gcry_mpi_release (ne[0]); |
285 | gcry_mpi_release(ne[1]); | 291 | gcry_mpi_release (ne[1]); |
286 | pub = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); | 292 | pub = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); |
287 | pub->sexp = result; | 293 | pub->sexp = result; |
288 | BENCHMARK_END(rsa_private_key_get_public); | 294 | BENCHMARK_END (rsa_private_key_get_public); |
289 | return pub; | 295 | return pub; |
290 | } | 296 | } |
291 | 297 | ||
@@ -296,10 +302,10 @@ GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKe | |||
296 | * @param key pointer to the memory to free | 302 | * @param key pointer to the memory to free |
297 | */ | 303 | */ |
298 | void | 304 | void |
299 | GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key) | 305 | GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key) |
300 | { | 306 | { |
301 | gcry_sexp_release(key->sexp); | 307 | gcry_sexp_release (key->sexp); |
302 | GNUNET_free(key); | 308 | GNUNET_free (key); |
303 | } | 309 | } |
304 | 310 | ||
305 | 311 | ||
@@ -312,22 +318,23 @@ GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key) | |||
312 | * @return size of memory allocated in @a buffer | 318 | * @return size of memory allocated in @a buffer |
313 | */ | 319 | */ |
314 | size_t | 320 | size_t |
315 | GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, | 321 | GNUNET_CRYPTO_rsa_public_key_encode (const struct |
316 | char **buffer) | 322 | GNUNET_CRYPTO_RsaPublicKey *key, |
323 | char **buffer) | ||
317 | { | 324 | { |
318 | size_t n; | 325 | size_t n; |
319 | char *b; | 326 | char *b; |
320 | 327 | ||
321 | n = gcry_sexp_sprint(key->sexp, | 328 | n = gcry_sexp_sprint (key->sexp, |
322 | GCRYSEXP_FMT_ADVANCED, | 329 | GCRYSEXP_FMT_ADVANCED, |
323 | NULL, | 330 | NULL, |
324 | 0); | 331 | 0); |
325 | b = GNUNET_malloc(n); | 332 | b = GNUNET_malloc (n); |
326 | GNUNET_assert((n - 1) == /* since the last byte is \0 */ | 333 | GNUNET_assert ((n - 1) == /* since the last byte is \0 */ |
327 | gcry_sexp_sprint(key->sexp, | 334 | gcry_sexp_sprint (key->sexp, |
328 | GCRYSEXP_FMT_ADVANCED, | 335 | GCRYSEXP_FMT_ADVANCED, |
329 | b, | 336 | b, |
330 | n)); | 337 | n)); |
331 | *buffer = b; | 338 | *buffer = b; |
332 | return n; | 339 | return n; |
333 | } | 340 | } |
@@ -340,18 +347,18 @@ GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key | |||
340 | * @param hc where to store the hash code | 347 | * @param hc where to store the hash code |
341 | */ | 348 | */ |
342 | void | 349 | void |
343 | GNUNET_CRYPTO_rsa_public_key_hash(const struct GNUNET_CRYPTO_RsaPublicKey *key, | 350 | GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, |
344 | struct GNUNET_HashCode *hc) | 351 | struct GNUNET_HashCode *hc) |
345 | { | 352 | { |
346 | char *buf; | 353 | char *buf; |
347 | size_t buf_size; | 354 | size_t buf_size; |
348 | 355 | ||
349 | buf_size = GNUNET_CRYPTO_rsa_public_key_encode(key, | 356 | buf_size = GNUNET_CRYPTO_rsa_public_key_encode (key, |
350 | &buf); | 357 | &buf); |
351 | GNUNET_CRYPTO_hash(buf, | 358 | GNUNET_CRYPTO_hash (buf, |
352 | buf_size, | 359 | buf_size, |
353 | hc); | 360 | hc); |
354 | GNUNET_free(buf); | 361 | GNUNET_free (buf); |
355 | } | 362 | } |
356 | 363 | ||
357 | 364 | ||
@@ -364,37 +371,37 @@ GNUNET_CRYPTO_rsa_public_key_hash(const struct GNUNET_CRYPTO_RsaPublicKey *key, | |||
364 | * @return NULL on error | 371 | * @return NULL on error |
365 | */ | 372 | */ |
366 | struct GNUNET_CRYPTO_RsaPublicKey * | 373 | struct GNUNET_CRYPTO_RsaPublicKey * |
367 | GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, | 374 | GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, |
368 | size_t len) | 375 | size_t len) |
369 | { | 376 | { |
370 | struct GNUNET_CRYPTO_RsaPublicKey *key; | 377 | struct GNUNET_CRYPTO_RsaPublicKey *key; |
371 | gcry_mpi_t n; | 378 | gcry_mpi_t n; |
372 | int ret; | 379 | int ret; |
373 | 380 | ||
374 | key = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); | 381 | key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); |
375 | if (0 != | 382 | if (0 != |
376 | gcry_sexp_new(&key->sexp, | 383 | gcry_sexp_new (&key->sexp, |
377 | buf, | 384 | buf, |
378 | len, | 385 | len, |
379 | 0)) | 386 | 0)) |
380 | { | 387 | { |
381 | GNUNET_break_op(0); | 388 | GNUNET_break_op (0); |
382 | GNUNET_free(key); | 389 | GNUNET_free (key); |
383 | return NULL; | 390 | return NULL; |
384 | } | 391 | } |
385 | /* verify that this is an RSA public key */ | 392 | /* verify that this is an RSA public key */ |
386 | ret = key_from_sexp(&n, key->sexp, "public-key", "n"); | 393 | ret = key_from_sexp (&n, key->sexp, "public-key", "n"); |
387 | if (0 != ret) | 394 | if (0 != ret) |
388 | ret = key_from_sexp(&n, key->sexp, "rsa", "n"); | 395 | ret = key_from_sexp (&n, key->sexp, "rsa", "n"); |
389 | if (0 != ret) | 396 | if (0 != ret) |
390 | { | 397 | { |
391 | /* this is no public RSA key */ | 398 | /* this is no public RSA key */ |
392 | GNUNET_break(0); | 399 | GNUNET_break (0); |
393 | gcry_sexp_release(key->sexp); | 400 | gcry_sexp_release (key->sexp); |
394 | GNUNET_free(key); | 401 | GNUNET_free (key); |
395 | return NULL; | 402 | return NULL; |
396 | } | 403 | } |
397 | gcry_mpi_release(n); | 404 | gcry_mpi_release (n); |
398 | return key; | 405 | return key; |
399 | } | 406 | } |
400 | 407 | ||
@@ -411,14 +418,14 @@ GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, | |||
411 | * @return True if gcd(r,n) = 1, False means RSA key is malicious | 418 | * @return True if gcd(r,n) = 1, False means RSA key is malicious |
412 | */ | 419 | */ |
413 | static int | 420 | static int |
414 | rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n) | 421 | rsa_gcd_validate (gcry_mpi_t r, gcry_mpi_t n) |
415 | { | 422 | { |
416 | gcry_mpi_t g; | 423 | gcry_mpi_t g; |
417 | int t; | 424 | int t; |
418 | 425 | ||
419 | g = gcry_mpi_new(0); | 426 | g = gcry_mpi_new (0); |
420 | t = gcry_mpi_gcd(g, r, n); | 427 | t = gcry_mpi_gcd (g, r, n); |
421 | gcry_mpi_release(g); | 428 | gcry_mpi_release (g); |
422 | return t; | 429 | return t; |
423 | } | 430 | } |
424 | 431 | ||
@@ -431,33 +438,33 @@ rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n) | |||
431 | * @return the newly created blinding key, NULL if RSA key is malicious | 438 | * @return the newly created blinding key, NULL if RSA key is malicious |
432 | */ | 439 | */ |
433 | static struct RsaBlindingKey * | 440 | static struct RsaBlindingKey * |
434 | rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | 441 | rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, |
435 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks) | 442 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks) |
436 | { | 443 | { |
437 | char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */ | 444 | char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */ |
438 | struct RsaBlindingKey *blind; | 445 | struct RsaBlindingKey *blind; |
439 | gcry_mpi_t n; | 446 | gcry_mpi_t n; |
440 | 447 | ||
441 | blind = GNUNET_new(struct RsaBlindingKey); | 448 | blind = GNUNET_new (struct RsaBlindingKey); |
442 | GNUNET_assert(NULL != blind); | 449 | GNUNET_assert (NULL != blind); |
443 | 450 | ||
444 | /* Extract the composite n from the RSA public key */ | 451 | /* Extract the composite n from the RSA public key */ |
445 | GNUNET_assert(0 == key_from_sexp(&n, pkey->sexp, "rsa", "n")); | 452 | GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n")); |
446 | /* Assert that it at least looks like an RSA key */ | 453 | /* Assert that it at least looks like an RSA key */ |
447 | GNUNET_assert(0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE)); | 454 | GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE)); |
448 | 455 | ||
449 | GNUNET_CRYPTO_kdf_mod_mpi(&blind->r, | 456 | GNUNET_CRYPTO_kdf_mod_mpi (&blind->r, |
450 | n, | 457 | n, |
451 | xts, strlen(xts), | 458 | xts, strlen (xts), |
452 | bks, sizeof(*bks), | 459 | bks, sizeof(*bks), |
453 | "Blinding KDF"); | 460 | "Blinding KDF"); |
454 | if (0 == rsa_gcd_validate(blind->r, n)) | 461 | if (0 == rsa_gcd_validate (blind->r, n)) |
455 | { | 462 | { |
456 | GNUNET_free(blind); | 463 | GNUNET_free (blind); |
457 | blind = NULL; | 464 | blind = NULL; |
458 | } | 465 | } |
459 | 466 | ||
460 | gcry_mpi_release(n); | 467 | gcry_mpi_release (n); |
461 | return blind; | 468 | return blind; |
462 | } | 469 | } |
463 | 470 | ||
@@ -513,8 +520,8 @@ rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | |||
513 | * @return 0 if the two are equal | 520 | * @return 0 if the two are equal |
514 | */ | 521 | */ |
515 | int | 522 | int |
516 | GNUNET_CRYPTO_rsa_signature_cmp(struct GNUNET_CRYPTO_RsaSignature *s1, | 523 | GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, |
517 | struct GNUNET_CRYPTO_RsaSignature *s2) | 524 | struct GNUNET_CRYPTO_RsaSignature *s2) |
518 | { | 525 | { |
519 | char *b1; | 526 | char *b1; |
520 | char *b2; | 527 | char *b2; |
@@ -522,18 +529,18 @@ GNUNET_CRYPTO_rsa_signature_cmp(struct GNUNET_CRYPTO_RsaSignature *s1, | |||
522 | size_t z2; | 529 | size_t z2; |
523 | int ret; | 530 | int ret; |
524 | 531 | ||
525 | z1 = GNUNET_CRYPTO_rsa_signature_encode(s1, | 532 | z1 = GNUNET_CRYPTO_rsa_signature_encode (s1, |
526 | &b1); | 533 | &b1); |
527 | z2 = GNUNET_CRYPTO_rsa_signature_encode(s2, | 534 | z2 = GNUNET_CRYPTO_rsa_signature_encode (s2, |
528 | &b2); | 535 | &b2); |
529 | if (z1 != z2) | 536 | if (z1 != z2) |
530 | ret = 1; | 537 | ret = 1; |
531 | else | 538 | else |
532 | ret = memcmp(b1, | 539 | ret = memcmp (b1, |
533 | b2, | 540 | b2, |
534 | z1); | 541 | z1); |
535 | GNUNET_free(b1); | 542 | GNUNET_free (b1); |
536 | GNUNET_free(b2); | 543 | GNUNET_free (b2); |
537 | return ret; | 544 | return ret; |
538 | } | 545 | } |
539 | 546 | ||
@@ -546,8 +553,8 @@ GNUNET_CRYPTO_rsa_signature_cmp(struct GNUNET_CRYPTO_RsaSignature *s1, | |||
546 | * @return 0 if the two are equal | 553 | * @return 0 if the two are equal |
547 | */ | 554 | */ |
548 | int | 555 | int |
549 | GNUNET_CRYPTO_rsa_public_key_cmp(struct GNUNET_CRYPTO_RsaPublicKey *p1, | 556 | GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, |
550 | struct GNUNET_CRYPTO_RsaPublicKey *p2) | 557 | struct GNUNET_CRYPTO_RsaPublicKey *p2) |
551 | { | 558 | { |
552 | char *b1; | 559 | char *b1; |
553 | char *b2; | 560 | char *b2; |
@@ -555,18 +562,18 @@ GNUNET_CRYPTO_rsa_public_key_cmp(struct GNUNET_CRYPTO_RsaPublicKey *p1, | |||
555 | size_t z2; | 562 | size_t z2; |
556 | int ret; | 563 | int ret; |
557 | 564 | ||
558 | z1 = GNUNET_CRYPTO_rsa_public_key_encode(p1, | 565 | z1 = GNUNET_CRYPTO_rsa_public_key_encode (p1, |
559 | &b1); | 566 | &b1); |
560 | z2 = GNUNET_CRYPTO_rsa_public_key_encode(p2, | 567 | z2 = GNUNET_CRYPTO_rsa_public_key_encode (p2, |
561 | &b2); | 568 | &b2); |
562 | if (z1 != z2) | 569 | if (z1 != z2) |
563 | ret = 1; | 570 | ret = 1; |
564 | else | 571 | else |
565 | ret = memcmp(b1, | 572 | ret = memcmp (b1, |
566 | b2, | 573 | b2, |
567 | z1); | 574 | z1); |
568 | GNUNET_free(b1); | 575 | GNUNET_free (b1); |
569 | GNUNET_free(b2); | 576 | GNUNET_free (b2); |
570 | return ret; | 577 | return ret; |
571 | } | 578 | } |
572 | 579 | ||
@@ -579,8 +586,8 @@ GNUNET_CRYPTO_rsa_public_key_cmp(struct GNUNET_CRYPTO_RsaPublicKey *p1, | |||
579 | * @return 0 if the two are equal | 586 | * @return 0 if the two are equal |
580 | */ | 587 | */ |
581 | int | 588 | int |
582 | GNUNET_CRYPTO_rsa_private_key_cmp(struct GNUNET_CRYPTO_RsaPrivateKey *p1, | 589 | GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, |
583 | struct GNUNET_CRYPTO_RsaPrivateKey *p2) | 590 | struct GNUNET_CRYPTO_RsaPrivateKey *p2) |
584 | { | 591 | { |
585 | char *b1; | 592 | char *b1; |
586 | char *b2; | 593 | char *b2; |
@@ -588,18 +595,18 @@ GNUNET_CRYPTO_rsa_private_key_cmp(struct GNUNET_CRYPTO_RsaPrivateKey *p1, | |||
588 | size_t z2; | 595 | size_t z2; |
589 | int ret; | 596 | int ret; |
590 | 597 | ||
591 | z1 = GNUNET_CRYPTO_rsa_private_key_encode(p1, | 598 | z1 = GNUNET_CRYPTO_rsa_private_key_encode (p1, |
592 | &b1); | 599 | &b1); |
593 | z2 = GNUNET_CRYPTO_rsa_private_key_encode(p2, | 600 | z2 = GNUNET_CRYPTO_rsa_private_key_encode (p2, |
594 | &b2); | 601 | &b2); |
595 | if (z1 != z2) | 602 | if (z1 != z2) |
596 | ret = 1; | 603 | ret = 1; |
597 | else | 604 | else |
598 | ret = memcmp(b1, | 605 | ret = memcmp (b1, |
599 | b2, | 606 | b2, |
600 | z1); | 607 | z1); |
601 | GNUNET_free(b1); | 608 | GNUNET_free (b1); |
602 | GNUNET_free(b2); | 609 | GNUNET_free (b2); |
603 | return ret; | 610 | return ret; |
604 | } | 611 | } |
605 | 612 | ||
@@ -611,18 +618,18 @@ GNUNET_CRYPTO_rsa_private_key_cmp(struct GNUNET_CRYPTO_RsaPrivateKey *p1, | |||
611 | * @return length of the key in bits | 618 | * @return length of the key in bits |
612 | */ | 619 | */ |
613 | unsigned int | 620 | unsigned int |
614 | GNUNET_CRYPTO_rsa_public_key_len(const struct GNUNET_CRYPTO_RsaPublicKey *key) | 621 | GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key) |
615 | { | 622 | { |
616 | gcry_mpi_t n; | 623 | gcry_mpi_t n; |
617 | unsigned int rval; | 624 | unsigned int rval; |
618 | 625 | ||
619 | if (0 != key_from_sexp(&n, key->sexp, "rsa", "n")) | 626 | if (0 != key_from_sexp (&n, key->sexp, "rsa", "n")) |
620 | { /* Not an RSA public key */ | 627 | { /* Not an RSA public key */ |
621 | GNUNET_break(0); | 628 | GNUNET_break (0); |
622 | return 0; | 629 | return 0; |
623 | } | 630 | } |
624 | rval = gcry_mpi_get_nbits(n); | 631 | rval = gcry_mpi_get_nbits (n); |
625 | gcry_mpi_release(n); | 632 | gcry_mpi_release (n); |
626 | return rval; | 633 | return rval; |
627 | } | 634 | } |
628 | 635 | ||
@@ -633,10 +640,10 @@ GNUNET_CRYPTO_rsa_public_key_len(const struct GNUNET_CRYPTO_RsaPublicKey *key) | |||
633 | * @param bkey the blinding key to destroy | 640 | * @param bkey the blinding key to destroy |
634 | */ | 641 | */ |
635 | static void | 642 | static void |
636 | rsa_blinding_key_free(struct RsaBlindingKey *bkey) | 643 | rsa_blinding_key_free (struct RsaBlindingKey *bkey) |
637 | { | 644 | { |
638 | gcry_mpi_release(bkey->r); | 645 | gcry_mpi_release (bkey->r); |
639 | GNUNET_free(bkey); | 646 | GNUNET_free (bkey); |
640 | } | 647 | } |
641 | 648 | ||
642 | 649 | ||
@@ -648,25 +655,25 @@ rsa_blinding_key_free(struct RsaBlindingKey *bkey) | |||
648 | * @return number of bytes stored in @a buffer | 655 | * @return number of bytes stored in @a buffer |
649 | */ | 656 | */ |
650 | static size_t | 657 | static size_t |
651 | numeric_mpi_alloc_n_print(gcry_mpi_t v, | 658 | numeric_mpi_alloc_n_print (gcry_mpi_t v, |
652 | char **buffer) | 659 | char **buffer) |
653 | { | 660 | { |
654 | size_t n; | 661 | size_t n; |
655 | char *b; | 662 | char *b; |
656 | size_t rsize; | 663 | size_t rsize; |
657 | 664 | ||
658 | gcry_mpi_print(GCRYMPI_FMT_USG, | 665 | gcry_mpi_print (GCRYMPI_FMT_USG, |
659 | NULL, | 666 | NULL, |
660 | 0, | 667 | 0, |
661 | &n, | 668 | &n, |
662 | v); | 669 | v); |
663 | b = GNUNET_malloc(n); | 670 | b = GNUNET_malloc (n); |
664 | GNUNET_assert(0 == | 671 | GNUNET_assert (0 == |
665 | gcry_mpi_print(GCRYMPI_FMT_USG, | 672 | gcry_mpi_print (GCRYMPI_FMT_USG, |
666 | (unsigned char *)b, | 673 | (unsigned char *) b, |
667 | n, | 674 | n, |
668 | &rsize, | 675 | &rsize, |
669 | v)); | 676 | v)); |
670 | *buffer = b; | 677 | *buffer = b; |
671 | return n; | 678 | return n; |
672 | } | 679 | } |
@@ -685,8 +692,8 @@ numeric_mpi_alloc_n_print(gcry_mpi_t v, | |||
685 | * @return MPI value set to the FDH, NULL if RSA key is malicious | 692 | * @return MPI value set to the FDH, NULL if RSA key is malicious |
686 | */ | 693 | */ |
687 | static gcry_mpi_t | 694 | static gcry_mpi_t |
688 | rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | 695 | rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, |
689 | const struct GNUNET_HashCode *hash) | 696 | const struct GNUNET_HashCode *hash) |
690 | { | 697 | { |
691 | gcry_mpi_t r, n; | 698 | gcry_mpi_t r, n; |
692 | char *xts; | 699 | char *xts; |
@@ -694,28 +701,28 @@ rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | |||
694 | int ok; | 701 | int ok; |
695 | 702 | ||
696 | /* Extract the composite n from the RSA public key */ | 703 | /* Extract the composite n from the RSA public key */ |
697 | GNUNET_assert(0 == key_from_sexp(&n, pkey->sexp, "rsa", "n")); | 704 | GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n")); |
698 | /* Assert that it at least looks like an RSA key */ | 705 | /* Assert that it at least looks like an RSA key */ |
699 | GNUNET_assert(0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE)); | 706 | GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE)); |
700 | 707 | ||
701 | /* We key with the public denomination key as a homage to RSA-PSS by * | 708 | /* We key with the public denomination key as a homage to RSA-PSS by * |
702 | * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree * | 709 | * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree * |
703 | * of the hypothetical polyomial-time attack on RSA-KTI created by a * | 710 | * of the hypothetical polyomial-time attack on RSA-KTI created by a * |
704 | * polynomial-time one-more forgary attack. Yey seeding! */ | 711 | * polynomial-time one-more forgary attack. Yey seeding! */ |
705 | xts_len = GNUNET_CRYPTO_rsa_public_key_encode(pkey, &xts); | 712 | xts_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, &xts); |
706 | 713 | ||
707 | GNUNET_CRYPTO_kdf_mod_mpi(&r, | 714 | GNUNET_CRYPTO_kdf_mod_mpi (&r, |
708 | n, | 715 | n, |
709 | xts, xts_len, | 716 | xts, xts_len, |
710 | hash, sizeof(*hash), | 717 | hash, sizeof(*hash), |
711 | "RSA-FDA FTpsW!"); | 718 | "RSA-FDA FTpsW!"); |
712 | GNUNET_free(xts); | 719 | GNUNET_free (xts); |
713 | 720 | ||
714 | ok = rsa_gcd_validate(r, n); | 721 | ok = rsa_gcd_validate (r, n); |
715 | gcry_mpi_release(n); | 722 | gcry_mpi_release (n); |
716 | if (ok) | 723 | if (ok) |
717 | return r; | 724 | return r; |
718 | gcry_mpi_release(r); | 725 | gcry_mpi_release (r); |
719 | return NULL; | 726 | return NULL; |
720 | } | 727 | } |
721 | 728 | ||
@@ -731,10 +738,10 @@ rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, | |||
731 | * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious | 738 | * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious |
732 | */ | 739 | */ |
733 | int | 740 | int |
734 | GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash, | 741 | GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, |
735 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, | 742 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, |
736 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, | 743 | struct GNUNET_CRYPTO_RsaPublicKey *pkey, |
737 | char **buf, size_t *buf_size) | 744 | char **buf, size_t *buf_size) |
738 | { | 745 | { |
739 | struct RsaBlindingKey *bkey; | 746 | struct RsaBlindingKey *bkey; |
740 | gcry_mpi_t data; | 747 | gcry_mpi_t data; |
@@ -743,59 +750,59 @@ GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash, | |||
743 | gcry_mpi_t data_r_e; | 750 | gcry_mpi_t data_r_e; |
744 | int ret; | 751 | int ret; |
745 | 752 | ||
746 | BENCHMARK_START(rsa_blind); | 753 | BENCHMARK_START (rsa_blind); |
747 | 754 | ||
748 | GNUNET_assert(buf != NULL && buf_size != NULL); | 755 | GNUNET_assert (buf != NULL && buf_size != NULL); |
749 | ret = key_from_sexp(ne, pkey->sexp, "public-key", "ne"); | 756 | ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne"); |
750 | if (0 != ret) | 757 | if (0 != ret) |
751 | ret = key_from_sexp(ne, pkey->sexp, "rsa", "ne"); | 758 | ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne"); |
752 | if (0 != ret) | 759 | if (0 != ret) |
753 | { | 760 | { |
754 | GNUNET_break(0); | 761 | GNUNET_break (0); |
755 | *buf = NULL; | 762 | *buf = NULL; |
756 | *buf_size = 0; | 763 | *buf_size = 0; |
757 | return 0; | 764 | return 0; |
758 | } | 765 | } |
759 | 766 | ||
760 | data = rsa_full_domain_hash(pkey, hash); | 767 | data = rsa_full_domain_hash (pkey, hash); |
761 | if (NULL == data) | 768 | if (NULL == data) |
762 | goto rsa_gcd_validate_failure; | 769 | goto rsa_gcd_validate_failure; |
763 | 770 | ||
764 | bkey = rsa_blinding_key_derive(pkey, bks); | 771 | bkey = rsa_blinding_key_derive (pkey, bks); |
765 | if (NULL == bkey) | 772 | if (NULL == bkey) |
766 | { | 773 | { |
767 | gcry_mpi_release(data); | 774 | gcry_mpi_release (data); |
768 | goto rsa_gcd_validate_failure; | 775 | goto rsa_gcd_validate_failure; |
769 | } | 776 | } |
770 | 777 | ||
771 | r_e = gcry_mpi_new(0); | 778 | r_e = gcry_mpi_new (0); |
772 | gcry_mpi_powm(r_e, | 779 | gcry_mpi_powm (r_e, |
773 | bkey->r, | 780 | bkey->r, |
774 | ne[1], | 781 | ne[1], |
775 | ne[0]); | 782 | ne[0]); |
776 | data_r_e = gcry_mpi_new(0); | 783 | data_r_e = gcry_mpi_new (0); |
777 | gcry_mpi_mulm(data_r_e, | 784 | gcry_mpi_mulm (data_r_e, |
778 | data, | 785 | data, |
779 | r_e, | 786 | r_e, |
780 | ne[0]); | 787 | ne[0]); |
781 | gcry_mpi_release(data); | 788 | gcry_mpi_release (data); |
782 | gcry_mpi_release(ne[0]); | 789 | gcry_mpi_release (ne[0]); |
783 | gcry_mpi_release(ne[1]); | 790 | gcry_mpi_release (ne[1]); |
784 | gcry_mpi_release(r_e); | 791 | gcry_mpi_release (r_e); |
785 | rsa_blinding_key_free(bkey); | 792 | rsa_blinding_key_free (bkey); |
786 | 793 | ||
787 | *buf_size = numeric_mpi_alloc_n_print(data_r_e, buf); | 794 | *buf_size = numeric_mpi_alloc_n_print (data_r_e, buf); |
788 | gcry_mpi_release(data_r_e); | 795 | gcry_mpi_release (data_r_e); |
789 | 796 | ||
790 | BENCHMARK_END(rsa_blind); | 797 | BENCHMARK_END (rsa_blind); |
791 | 798 | ||
792 | return GNUNET_YES; | 799 | return GNUNET_YES; |
793 | 800 | ||
794 | rsa_gcd_validate_failure: | 801 | rsa_gcd_validate_failure: |
795 | /* We know the RSA key is malicious here, so warn the wallet. */ | 802 | /* We know the RSA key is malicious here, so warn the wallet. */ |
796 | /* GNUNET_break_op (0); */ | 803 | /* GNUNET_break_op (0); */ |
797 | gcry_mpi_release(ne[0]); | 804 | gcry_mpi_release (ne[0]); |
798 | gcry_mpi_release(ne[1]); | 805 | gcry_mpi_release (ne[1]); |
799 | *buf = NULL; | 806 | *buf = NULL; |
800 | *buf_size = 0; | 807 | *buf_size = 0; |
801 | return GNUNET_NO; | 808 | return GNUNET_NO; |
@@ -809,15 +816,15 @@ rsa_gcd_validate_failure: | |||
809 | * @return converted s-expression | 816 | * @return converted s-expression |
810 | */ | 817 | */ |
811 | static gcry_sexp_t | 818 | static gcry_sexp_t |
812 | mpi_to_sexp(gcry_mpi_t value) | 819 | mpi_to_sexp (gcry_mpi_t value) |
813 | { | 820 | { |
814 | gcry_sexp_t data = NULL; | 821 | gcry_sexp_t data = NULL; |
815 | 822 | ||
816 | GNUNET_assert(0 == | 823 | GNUNET_assert (0 == |
817 | gcry_sexp_build(&data, | 824 | gcry_sexp_build (&data, |
818 | NULL, | 825 | NULL, |
819 | "(data (flags raw) (value %M))", | 826 | "(data (flags raw) (value %M))", |
820 | value)); | 827 | value)); |
821 | return data; | 828 | return data; |
822 | } | 829 | } |
823 | 830 | ||
@@ -830,53 +837,54 @@ mpi_to_sexp(gcry_mpi_t value) | |||
830 | * @return NULL on error, signature on success | 837 | * @return NULL on error, signature on success |
831 | */ | 838 | */ |
832 | static struct GNUNET_CRYPTO_RsaSignature * | 839 | static struct GNUNET_CRYPTO_RsaSignature * |
833 | rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 840 | rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
834 | gcry_mpi_t value) | 841 | gcry_mpi_t value) |
835 | { | 842 | { |
836 | struct GNUNET_CRYPTO_RsaSignature *sig; | 843 | struct GNUNET_CRYPTO_RsaSignature *sig; |
837 | gcry_sexp_t data; | 844 | gcry_sexp_t data; |
838 | gcry_sexp_t result; | 845 | gcry_sexp_t result; |
839 | int rc; | 846 | int rc; |
840 | 847 | ||
841 | data = mpi_to_sexp(value); | 848 | data = mpi_to_sexp (value); |
842 | 849 | ||
843 | if (0 != | 850 | if (0 != |
844 | (rc = gcry_pk_sign(&result, | 851 | (rc = gcry_pk_sign (&result, |
845 | data, | 852 | data, |
846 | key->sexp))) | 853 | key->sexp))) |
847 | { | 854 | { |
848 | LOG(GNUNET_ERROR_TYPE_WARNING, | 855 | LOG (GNUNET_ERROR_TYPE_WARNING, |
849 | _("RSA signing failed at %s:%d: %s\n"), | 856 | _ ("RSA signing failed at %s:%d: %s\n"), |
850 | __FILE__, | 857 | __FILE__, |
851 | __LINE__, | 858 | __LINE__, |
852 | gcry_strerror(rc)); | 859 | gcry_strerror (rc)); |
853 | GNUNET_break(0); | 860 | GNUNET_break (0); |
854 | return NULL; | 861 | return NULL; |
855 | } | 862 | } |
856 | 863 | ||
857 | /* Lenstra protection was first added to libgcrypt 1.6.4 | 864 | /* Lenstra protection was first added to libgcrypt 1.6.4 |
858 | * with commit c17f84bd02d7ee93845e92e20f6ddba814961588. | 865 | * with commit c17f84bd02d7ee93845e92e20f6ddba814961588. |
859 | */ | 866 | */ |
860 | #if GCRYPT_VERSION_NUMBER < 0x010604 | 867 | #if GCRYPT_VERSION_NUMBER < 0x010604 |
861 | /* verify signature (guards against Lenstra's attack with fault injection...) */ | 868 | /* verify signature (guards against Lenstra's attack with fault injection...) */ |
862 | struct GNUNET_CRYPTO_RsaPublicKey *public_key = GNUNET_CRYPTO_rsa_private_key_get_public(key); | 869 | struct GNUNET_CRYPTO_RsaPublicKey *public_key = |
870 | GNUNET_CRYPTO_rsa_private_key_get_public (key); | ||
863 | if (0 != | 871 | if (0 != |
864 | gcry_pk_verify(result, | 872 | gcry_pk_verify (result, |
865 | data, | 873 | data, |
866 | public_key->sexp)) | 874 | public_key->sexp)) |
867 | { | 875 | { |
868 | GNUNET_break(0); | 876 | GNUNET_break (0); |
869 | GNUNET_CRYPTO_rsa_public_key_free(public_key); | 877 | GNUNET_CRYPTO_rsa_public_key_free (public_key); |
870 | gcry_sexp_release(data); | 878 | gcry_sexp_release (data); |
871 | gcry_sexp_release(result); | 879 | gcry_sexp_release (result); |
872 | return NULL; | 880 | return NULL; |
873 | } | 881 | } |
874 | GNUNET_CRYPTO_rsa_public_key_free(public_key); | 882 | GNUNET_CRYPTO_rsa_public_key_free (public_key); |
875 | #endif | 883 | #endif |
876 | 884 | ||
877 | /* return signature */ | 885 | /* return signature */ |
878 | gcry_sexp_release(data); | 886 | gcry_sexp_release (data); |
879 | sig = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); | 887 | sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); |
880 | sig->sexp = result; | 888 | sig->sexp = result; |
881 | return sig; | 889 | return sig; |
882 | } | 890 | } |
@@ -891,25 +899,25 @@ rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
891 | * @return NULL on error, signature on success | 899 | * @return NULL on error, signature on success |
892 | */ | 900 | */ |
893 | struct GNUNET_CRYPTO_RsaSignature * | 901 | struct GNUNET_CRYPTO_RsaSignature * |
894 | GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 902 | GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
895 | const void *msg, | 903 | const void *msg, |
896 | size_t msg_len) | 904 | size_t msg_len) |
897 | { | 905 | { |
898 | gcry_mpi_t v = NULL; | 906 | gcry_mpi_t v = NULL; |
899 | struct GNUNET_CRYPTO_RsaSignature *sig; | 907 | struct GNUNET_CRYPTO_RsaSignature *sig; |
900 | 908 | ||
901 | BENCHMARK_START(rsa_sign_blinded); | 909 | BENCHMARK_START (rsa_sign_blinded); |
902 | 910 | ||
903 | GNUNET_assert(0 == | 911 | GNUNET_assert (0 == |
904 | gcry_mpi_scan(&v, | 912 | gcry_mpi_scan (&v, |
905 | GCRYMPI_FMT_USG, | 913 | GCRYMPI_FMT_USG, |
906 | msg, | 914 | msg, |
907 | msg_len, | 915 | msg_len, |
908 | NULL)); | 916 | NULL)); |
909 | 917 | ||
910 | sig = rsa_sign_mpi(key, v); | 918 | sig = rsa_sign_mpi (key, v); |
911 | gcry_mpi_release(v); | 919 | gcry_mpi_release (v); |
912 | BENCHMARK_END(rsa_sign_blinded); | 920 | BENCHMARK_END (rsa_sign_blinded); |
913 | return sig; | 921 | return sig; |
914 | } | 922 | } |
915 | 923 | ||
@@ -922,21 +930,21 @@ GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
922 | * @return NULL on error, including a malicious RSA key, signature on success | 930 | * @return NULL on error, including a malicious RSA key, signature on success |
923 | */ | 931 | */ |
924 | struct GNUNET_CRYPTO_RsaSignature * | 932 | struct GNUNET_CRYPTO_RsaSignature * |
925 | GNUNET_CRYPTO_rsa_sign_fdh(const struct GNUNET_CRYPTO_RsaPrivateKey *key, | 933 | GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, |
926 | const struct GNUNET_HashCode *hash) | 934 | const struct GNUNET_HashCode *hash) |
927 | { | 935 | { |
928 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; | 936 | struct GNUNET_CRYPTO_RsaPublicKey *pkey; |
929 | gcry_mpi_t v = NULL; | 937 | gcry_mpi_t v = NULL; |
930 | struct GNUNET_CRYPTO_RsaSignature *sig; | 938 | struct GNUNET_CRYPTO_RsaSignature *sig; |
931 | 939 | ||
932 | pkey = GNUNET_CRYPTO_rsa_private_key_get_public(key); | 940 | pkey = GNUNET_CRYPTO_rsa_private_key_get_public (key); |
933 | v = rsa_full_domain_hash(pkey, hash); | 941 | v = rsa_full_domain_hash (pkey, hash); |
934 | GNUNET_CRYPTO_rsa_public_key_free(pkey); | 942 | GNUNET_CRYPTO_rsa_public_key_free (pkey); |
935 | if (NULL == v) /* rsa_gcd_validate failed meaning */ | 943 | if (NULL == v) /* rsa_gcd_validate failed meaning */ |
936 | return NULL; /* our *own* RSA key is malicious. */ | 944 | return NULL; /* our *own* RSA key is malicious. */ |
937 | 945 | ||
938 | sig = rsa_sign_mpi(key, v); | 946 | sig = rsa_sign_mpi (key, v); |
939 | gcry_mpi_release(v); | 947 | gcry_mpi_release (v); |
940 | return sig; | 948 | return sig; |
941 | } | 949 | } |
942 | 950 | ||
@@ -947,10 +955,10 @@ GNUNET_CRYPTO_rsa_sign_fdh(const struct GNUNET_CRYPTO_RsaPrivateKey *key, | |||
947 | * @param sig memory to freee | 955 | * @param sig memory to freee |
948 | */ | 956 | */ |
949 | void | 957 | void |
950 | GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig) | 958 | GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig) |
951 | { | 959 | { |
952 | gcry_sexp_release(sig->sexp); | 960 | gcry_sexp_release (sig->sexp); |
953 | GNUNET_free(sig); | 961 | GNUNET_free (sig); |
954 | } | 962 | } |
955 | 963 | ||
956 | 964 | ||
@@ -962,22 +970,23 @@ GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig) | |||
962 | * @return size of memory allocated in @a buffer | 970 | * @return size of memory allocated in @a buffer |
963 | */ | 971 | */ |
964 | size_t | 972 | size_t |
965 | GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, | 973 | GNUNET_CRYPTO_rsa_signature_encode (const struct |
966 | char **buffer) | 974 | GNUNET_CRYPTO_RsaSignature *sig, |
975 | char **buffer) | ||
967 | { | 976 | { |
968 | size_t n; | 977 | size_t n; |
969 | char *b; | 978 | char *b; |
970 | 979 | ||
971 | n = gcry_sexp_sprint(sig->sexp, | 980 | n = gcry_sexp_sprint (sig->sexp, |
972 | GCRYSEXP_FMT_ADVANCED, | 981 | GCRYSEXP_FMT_ADVANCED, |
973 | NULL, | 982 | NULL, |
974 | 0); | 983 | 0); |
975 | b = GNUNET_malloc(n); | 984 | b = GNUNET_malloc (n); |
976 | GNUNET_assert((n - 1) == /* since the last byte is \0 */ | 985 | GNUNET_assert ((n - 1) == /* since the last byte is \0 */ |
977 | gcry_sexp_sprint(sig->sexp, | 986 | gcry_sexp_sprint (sig->sexp, |
978 | GCRYSEXP_FMT_ADVANCED, | 987 | GCRYSEXP_FMT_ADVANCED, |
979 | b, | 988 | b, |
980 | n)); | 989 | n)); |
981 | *buffer = b; | 990 | *buffer = b; |
982 | return n; | 991 | return n; |
983 | } | 992 | } |
@@ -992,37 +1001,37 @@ GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, | |||
992 | * @return NULL on error | 1001 | * @return NULL on error |
993 | */ | 1002 | */ |
994 | struct GNUNET_CRYPTO_RsaSignature * | 1003 | struct GNUNET_CRYPTO_RsaSignature * |
995 | GNUNET_CRYPTO_rsa_signature_decode(const char *buf, | 1004 | GNUNET_CRYPTO_rsa_signature_decode (const char *buf, |
996 | size_t len) | 1005 | size_t len) |
997 | { | 1006 | { |
998 | struct GNUNET_CRYPTO_RsaSignature *sig; | 1007 | struct GNUNET_CRYPTO_RsaSignature *sig; |
999 | int ret; | 1008 | int ret; |
1000 | gcry_mpi_t s; | 1009 | gcry_mpi_t s; |
1001 | 1010 | ||
1002 | sig = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); | 1011 | sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); |
1003 | if (0 != | 1012 | if (0 != |
1004 | gcry_sexp_new(&sig->sexp, | 1013 | gcry_sexp_new (&sig->sexp, |
1005 | buf, | 1014 | buf, |
1006 | len, | 1015 | len, |
1007 | 0)) | 1016 | 0)) |
1008 | { | 1017 | { |
1009 | GNUNET_break_op(0); | 1018 | GNUNET_break_op (0); |
1010 | GNUNET_free(sig); | 1019 | GNUNET_free (sig); |
1011 | return NULL; | 1020 | return NULL; |
1012 | } | 1021 | } |
1013 | /* verify that this is an RSA signature */ | 1022 | /* verify that this is an RSA signature */ |
1014 | ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); | 1023 | ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); |
1015 | if (0 != ret) | 1024 | if (0 != ret) |
1016 | ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); | 1025 | ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); |
1017 | if (0 != ret) | 1026 | if (0 != ret) |
1018 | { | 1027 | { |
1019 | /* this is no RSA Signature */ | 1028 | /* this is no RSA Signature */ |
1020 | GNUNET_break_op(0); | 1029 | GNUNET_break_op (0); |
1021 | gcry_sexp_release(sig->sexp); | 1030 | gcry_sexp_release (sig->sexp); |
1022 | GNUNET_free(sig); | 1031 | GNUNET_free (sig); |
1023 | return NULL; | 1032 | return NULL; |
1024 | } | 1033 | } |
1025 | gcry_mpi_release(s); | 1034 | gcry_mpi_release (s); |
1026 | return sig; | 1035 | return sig; |
1027 | } | 1036 | } |
1028 | 1037 | ||
@@ -1034,19 +1043,19 @@ GNUNET_CRYPTO_rsa_signature_decode(const char *buf, | |||
1034 | * @return the duplicate key; NULL upon error | 1043 | * @return the duplicate key; NULL upon error |
1035 | */ | 1044 | */ |
1036 | struct GNUNET_CRYPTO_RsaPublicKey * | 1045 | struct GNUNET_CRYPTO_RsaPublicKey * |
1037 | GNUNET_CRYPTO_rsa_public_key_dup(const struct GNUNET_CRYPTO_RsaPublicKey *key) | 1046 | GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key) |
1038 | { | 1047 | { |
1039 | struct GNUNET_CRYPTO_RsaPublicKey *dup; | 1048 | struct GNUNET_CRYPTO_RsaPublicKey *dup; |
1040 | gcry_sexp_t dup_sexp; | 1049 | gcry_sexp_t dup_sexp; |
1041 | size_t erroff; | 1050 | size_t erroff; |
1042 | 1051 | ||
1043 | /* check if we really are exporting a public key */ | 1052 | /* check if we really are exporting a public key */ |
1044 | dup_sexp = gcry_sexp_find_token(key->sexp, "public-key", 0); | 1053 | dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0); |
1045 | GNUNET_assert(NULL != dup_sexp); | 1054 | GNUNET_assert (NULL != dup_sexp); |
1046 | gcry_sexp_release(dup_sexp); | 1055 | gcry_sexp_release (dup_sexp); |
1047 | /* copy the sexp */ | 1056 | /* copy the sexp */ |
1048 | GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", key->sexp)); | 1057 | GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp)); |
1049 | dup = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); | 1058 | dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); |
1050 | dup->sexp = dup_sexp; | 1059 | dup->sexp = dup_sexp; |
1051 | return dup; | 1060 | return dup; |
1052 | } | 1061 | } |
@@ -1063,9 +1072,9 @@ GNUNET_CRYPTO_rsa_public_key_dup(const struct GNUNET_CRYPTO_RsaPublicKey *key) | |||
1063 | * @return unblinded signature on success, NULL if RSA key is bad or malicious. | 1072 | * @return unblinded signature on success, NULL if RSA key is bad or malicious. |
1064 | */ | 1073 | */ |
1065 | struct GNUNET_CRYPTO_RsaSignature * | 1074 | struct GNUNET_CRYPTO_RsaSignature * |
1066 | GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, | 1075 | GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, |
1067 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, | 1076 | const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, |
1068 | struct GNUNET_CRYPTO_RsaPublicKey *pkey) | 1077 | struct GNUNET_CRYPTO_RsaPublicKey *pkey) |
1069 | { | 1078 | { |
1070 | struct RsaBlindingKey *bkey; | 1079 | struct RsaBlindingKey *bkey; |
1071 | gcry_mpi_t n; | 1080 | gcry_mpi_t n; |
@@ -1075,70 +1084,70 @@ GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, | |||
1075 | int ret; | 1084 | int ret; |
1076 | struct GNUNET_CRYPTO_RsaSignature *sret; | 1085 | struct GNUNET_CRYPTO_RsaSignature *sret; |
1077 | 1086 | ||
1078 | BENCHMARK_START(rsa_unblind); | 1087 | BENCHMARK_START (rsa_unblind); |
1079 | 1088 | ||
1080 | ret = key_from_sexp(&n, pkey->sexp, "public-key", "n"); | 1089 | ret = key_from_sexp (&n, pkey->sexp, "public-key", "n"); |
1081 | if (0 != ret) | 1090 | if (0 != ret) |
1082 | ret = key_from_sexp(&n, pkey->sexp, "rsa", "n"); | 1091 | ret = key_from_sexp (&n, pkey->sexp, "rsa", "n"); |
1083 | if (0 != ret) | 1092 | if (0 != ret) |
1084 | { | 1093 | { |
1085 | GNUNET_break_op(0); | 1094 | GNUNET_break_op (0); |
1086 | return NULL; | 1095 | return NULL; |
1087 | } | 1096 | } |
1088 | ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); | 1097 | ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); |
1089 | if (0 != ret) | 1098 | if (0 != ret) |
1090 | ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); | 1099 | ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); |
1091 | if (0 != ret) | 1100 | if (0 != ret) |
1092 | { | 1101 | { |
1093 | gcry_mpi_release(n); | 1102 | gcry_mpi_release (n); |
1094 | GNUNET_break_op(0); | 1103 | GNUNET_break_op (0); |
1095 | return NULL; | 1104 | return NULL; |
1096 | } | 1105 | } |
1097 | 1106 | ||
1098 | bkey = rsa_blinding_key_derive(pkey, bks); | 1107 | bkey = rsa_blinding_key_derive (pkey, bks); |
1099 | if (NULL == bkey) | 1108 | if (NULL == bkey) |
1100 | { | 1109 | { |
1101 | /* RSA key is malicious since rsa_gcd_validate failed here. | 1110 | /* RSA key is malicious since rsa_gcd_validate failed here. |
1102 | * It should have failed during GNUNET_CRYPTO_rsa_blind too though, | 1111 | * It should have failed during GNUNET_CRYPTO_rsa_blind too though, |
1103 | * so the exchange is being malicious in an unfamilair way, maybe | 1112 | * so the exchange is being malicious in an unfamilair way, maybe |
1104 | * just trying to crash us. */ | 1113 | * just trying to crash us. */ |
1105 | GNUNET_break_op(0); | 1114 | GNUNET_break_op (0); |
1106 | gcry_mpi_release(n); | 1115 | gcry_mpi_release (n); |
1107 | gcry_mpi_release(s); | 1116 | gcry_mpi_release (s); |
1108 | return NULL; | 1117 | return NULL; |
1109 | } | 1118 | } |
1110 | 1119 | ||
1111 | r_inv = gcry_mpi_new(0); | 1120 | r_inv = gcry_mpi_new (0); |
1112 | if (1 != | 1121 | if (1 != |
1113 | gcry_mpi_invm(r_inv, | 1122 | gcry_mpi_invm (r_inv, |
1114 | bkey->r, | 1123 | bkey->r, |
1115 | n)) | 1124 | n)) |
1116 | { | 1125 | { |
1117 | /* We cannot find r mod n, so gcd(r,n) != 1, which should get * | 1126 | /* We cannot find r mod n, so gcd(r,n) != 1, which should get * |
1118 | * caught above, but we handle it the same here. */ | 1127 | * caught above, but we handle it the same here. */ |
1119 | GNUNET_break_op(0); | 1128 | GNUNET_break_op (0); |
1120 | gcry_mpi_release(r_inv); | 1129 | gcry_mpi_release (r_inv); |
1121 | rsa_blinding_key_free(bkey); | 1130 | rsa_blinding_key_free (bkey); |
1122 | gcry_mpi_release(n); | 1131 | gcry_mpi_release (n); |
1123 | gcry_mpi_release(s); | 1132 | gcry_mpi_release (s); |
1124 | return NULL; | 1133 | return NULL; |
1125 | } | 1134 | } |
1126 | 1135 | ||
1127 | ubsig = gcry_mpi_new(0); | 1136 | ubsig = gcry_mpi_new (0); |
1128 | gcry_mpi_mulm(ubsig, s, r_inv, n); | 1137 | gcry_mpi_mulm (ubsig, s, r_inv, n); |
1129 | gcry_mpi_release(n); | 1138 | gcry_mpi_release (n); |
1130 | gcry_mpi_release(r_inv); | 1139 | gcry_mpi_release (r_inv); |
1131 | gcry_mpi_release(s); | 1140 | gcry_mpi_release (s); |
1132 | rsa_blinding_key_free(bkey); | 1141 | rsa_blinding_key_free (bkey); |
1133 | 1142 | ||
1134 | sret = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); | 1143 | sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); |
1135 | GNUNET_assert(0 == | 1144 | GNUNET_assert (0 == |
1136 | gcry_sexp_build(&sret->sexp, | 1145 | gcry_sexp_build (&sret->sexp, |
1137 | NULL, | 1146 | NULL, |
1138 | "(sig-val (rsa (s %M)))", | 1147 | "(sig-val (rsa (s %M)))", |
1139 | ubsig)); | 1148 | ubsig)); |
1140 | gcry_mpi_release(ubsig); | 1149 | gcry_mpi_release (ubsig); |
1141 | BENCHMARK_END(rsa_unblind); | 1150 | BENCHMARK_END (rsa_unblind); |
1142 | return sret; | 1151 | return sret; |
1143 | } | 1152 | } |
1144 | 1153 | ||
@@ -1153,47 +1162,47 @@ GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, | |||
1153 | * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid | 1162 | * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid |
1154 | */ | 1163 | */ |
1155 | int | 1164 | int |
1156 | GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash, | 1165 | GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, |
1157 | const struct GNUNET_CRYPTO_RsaSignature *sig, | 1166 | const struct GNUNET_CRYPTO_RsaSignature *sig, |
1158 | const struct GNUNET_CRYPTO_RsaPublicKey *pkey) | 1167 | const struct GNUNET_CRYPTO_RsaPublicKey *pkey) |
1159 | { | 1168 | { |
1160 | gcry_sexp_t data; | 1169 | gcry_sexp_t data; |
1161 | gcry_mpi_t r; | 1170 | gcry_mpi_t r; |
1162 | int rc; | 1171 | int rc; |
1163 | 1172 | ||
1164 | BENCHMARK_START(rsa_verify); | 1173 | BENCHMARK_START (rsa_verify); |
1165 | 1174 | ||
1166 | r = rsa_full_domain_hash(pkey, hash); | 1175 | r = rsa_full_domain_hash (pkey, hash); |
1167 | if (NULL == r) | 1176 | if (NULL == r) |
1168 | { | 1177 | { |
1169 | GNUNET_break_op(0); | 1178 | GNUNET_break_op (0); |
1170 | /* RSA key is malicious since rsa_gcd_validate failed here. | 1179 | /* RSA key is malicious since rsa_gcd_validate failed here. |
1171 | * It should have failed during GNUNET_CRYPTO_rsa_blind too though, | 1180 | * It should have failed during GNUNET_CRYPTO_rsa_blind too though, |
1172 | * so the exchange is being malicious in an unfamilair way, maybe | 1181 | * so the exchange is being malicious in an unfamilair way, maybe |
1173 | * just trying to crash us. Arguably, we've only an internal error | 1182 | * just trying to crash us. Arguably, we've only an internal error |
1174 | * though because we should've detected this in our previous call | 1183 | * though because we should've detected this in our previous call |
1175 | * to GNUNET_CRYPTO_rsa_unblind. */ | 1184 | * to GNUNET_CRYPTO_rsa_unblind. */ |
1176 | return GNUNET_NO; | 1185 | return GNUNET_NO; |
1177 | } | 1186 | } |
1178 | 1187 | ||
1179 | data = mpi_to_sexp(r); | 1188 | data = mpi_to_sexp (r); |
1180 | gcry_mpi_release(r); | 1189 | gcry_mpi_release (r); |
1181 | 1190 | ||
1182 | rc = gcry_pk_verify(sig->sexp, | 1191 | rc = gcry_pk_verify (sig->sexp, |
1183 | data, | 1192 | data, |
1184 | pkey->sexp); | 1193 | pkey->sexp); |
1185 | gcry_sexp_release(data); | 1194 | gcry_sexp_release (data); |
1186 | if (0 != rc) | 1195 | if (0 != rc) |
1187 | { | 1196 | { |
1188 | LOG(GNUNET_ERROR_TYPE_WARNING, | 1197 | LOG (GNUNET_ERROR_TYPE_WARNING, |
1189 | _("RSA signature verification failed at %s:%d: %s\n"), | 1198 | _ ("RSA signature verification failed at %s:%d: %s\n"), |
1190 | __FILE__, | 1199 | __FILE__, |
1191 | __LINE__, | 1200 | __LINE__, |
1192 | gcry_strerror(rc)); | 1201 | gcry_strerror (rc)); |
1193 | return GNUNET_SYSERR; | 1202 | return GNUNET_SYSERR; |
1194 | BENCHMARK_END(rsa_verify); | 1203 | BENCHMARK_END (rsa_verify); |
1195 | } | 1204 | } |
1196 | BENCHMARK_END(rsa_verify); | 1205 | BENCHMARK_END (rsa_verify); |
1197 | return GNUNET_OK; | 1206 | return GNUNET_OK; |
1198 | } | 1207 | } |
1199 | 1208 | ||
@@ -1205,19 +1214,20 @@ GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash, | |||
1205 | * @return the duplicate key; NULL upon error | 1214 | * @return the duplicate key; NULL upon error |
1206 | */ | 1215 | */ |
1207 | struct GNUNET_CRYPTO_RsaPrivateKey * | 1216 | struct GNUNET_CRYPTO_RsaPrivateKey * |
1208 | GNUNET_CRYPTO_rsa_private_key_dup(const struct GNUNET_CRYPTO_RsaPrivateKey *key) | 1217 | GNUNET_CRYPTO_rsa_private_key_dup (const struct |
1218 | GNUNET_CRYPTO_RsaPrivateKey *key) | ||
1209 | { | 1219 | { |
1210 | struct GNUNET_CRYPTO_RsaPrivateKey *dup; | 1220 | struct GNUNET_CRYPTO_RsaPrivateKey *dup; |
1211 | gcry_sexp_t dup_sexp; | 1221 | gcry_sexp_t dup_sexp; |
1212 | size_t erroff; | 1222 | size_t erroff; |
1213 | 1223 | ||
1214 | /* check if we really are exporting a private key */ | 1224 | /* check if we really are exporting a private key */ |
1215 | dup_sexp = gcry_sexp_find_token(key->sexp, "private-key", 0); | 1225 | dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0); |
1216 | GNUNET_assert(NULL != dup_sexp); | 1226 | GNUNET_assert (NULL != dup_sexp); |
1217 | gcry_sexp_release(dup_sexp); | 1227 | gcry_sexp_release (dup_sexp); |
1218 | /* copy the sexp */ | 1228 | /* copy the sexp */ |
1219 | GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", key->sexp)); | 1229 | GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp)); |
1220 | dup = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); | 1230 | dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); |
1221 | dup->sexp = dup_sexp; | 1231 | dup->sexp = dup_sexp; |
1222 | return dup; | 1232 | return dup; |
1223 | } | 1233 | } |
@@ -1230,7 +1240,7 @@ GNUNET_CRYPTO_rsa_private_key_dup(const struct GNUNET_CRYPTO_RsaPrivateKey *key) | |||
1230 | * @return the duplicate key; NULL upon error | 1240 | * @return the duplicate key; NULL upon error |
1231 | */ | 1241 | */ |
1232 | struct GNUNET_CRYPTO_RsaSignature * | 1242 | struct GNUNET_CRYPTO_RsaSignature * |
1233 | GNUNET_CRYPTO_rsa_signature_dup(const struct GNUNET_CRYPTO_RsaSignature *sig) | 1243 | GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig) |
1234 | { | 1244 | { |
1235 | struct GNUNET_CRYPTO_RsaSignature *dup; | 1245 | struct GNUNET_CRYPTO_RsaSignature *dup; |
1236 | gcry_sexp_t dup_sexp; | 1246 | gcry_sexp_t dup_sexp; |
@@ -1239,14 +1249,14 @@ GNUNET_CRYPTO_rsa_signature_dup(const struct GNUNET_CRYPTO_RsaSignature *sig) | |||
1239 | int ret; | 1249 | int ret; |
1240 | 1250 | ||
1241 | /* verify that this is an RSA signature */ | 1251 | /* verify that this is an RSA signature */ |
1242 | ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); | 1252 | ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); |
1243 | if (0 != ret) | 1253 | if (0 != ret) |
1244 | ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); | 1254 | ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); |
1245 | GNUNET_assert(0 == ret); | 1255 | GNUNET_assert (0 == ret); |
1246 | gcry_mpi_release(s); | 1256 | gcry_mpi_release (s); |
1247 | /* copy the sexp */ | 1257 | /* copy the sexp */ |
1248 | GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", sig->sexp)); | 1258 | GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp)); |
1249 | dup = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); | 1259 | dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); |
1250 | dup->sexp = dup_sexp; | 1260 | dup->sexp = dup_sexp; |
1251 | return dup; | 1261 | return dup; |
1252 | } | 1262 | } |