diff options
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/crypto_aes.c | 29 | ||||
-rw-r--r-- | src/util/crypto_hash.c | 2 | ||||
-rw-r--r-- | src/util/gnunet-ecc.c | 60 | ||||
-rw-r--r-- | src/util/gnunet-rsa.c | 110 | ||||
-rw-r--r-- | src/util/test_crypto_aes.c | 11 | ||||
-rw-r--r-- | src/util/test_crypto_aes_weak.c | 3 |
6 files changed, 20 insertions, 195 deletions
diff --git a/src/util/crypto_aes.c b/src/util/crypto_aes.c index d5c36d703..11b894f69 100644 --- a/src/util/crypto_aes.c +++ b/src/util/crypto_aes.c | |||
@@ -42,29 +42,6 @@ GNUNET_CRYPTO_aes_create_session_key (struct GNUNET_CRYPTO_AesSessionKey *key) | |||
42 | { | 42 | { |
43 | gcry_randomize (&key->key[0], GNUNET_CRYPTO_AES_KEY_LENGTH, | 43 | gcry_randomize (&key->key[0], GNUNET_CRYPTO_AES_KEY_LENGTH, |
44 | GCRY_STRONG_RANDOM); | 44 | GCRY_STRONG_RANDOM); |
45 | key->crc32 = | ||
46 | htonl (GNUNET_CRYPTO_crc32_n (key, GNUNET_CRYPTO_AES_KEY_LENGTH)); | ||
47 | } | ||
48 | |||
49 | |||
50 | /** | ||
51 | * Check that a new session key is well-formed. | ||
52 | * | ||
53 | * @return GNUNET_OK if the key is valid | ||
54 | */ | ||
55 | int | ||
56 | GNUNET_CRYPTO_aes_check_session_key (const struct GNUNET_CRYPTO_AesSessionKey | ||
57 | *key) | ||
58 | { | ||
59 | uint32_t crc; | ||
60 | |||
61 | crc = GNUNET_CRYPTO_crc32_n (key, GNUNET_CRYPTO_AES_KEY_LENGTH); | ||
62 | if (ntohl (key->crc32) != crc) | ||
63 | { | ||
64 | GNUNET_break_op (0); | ||
65 | return GNUNET_SYSERR; | ||
66 | } | ||
67 | return GNUNET_OK; | ||
68 | } | 45 | } |
69 | 46 | ||
70 | 47 | ||
@@ -85,12 +62,6 @@ setup_cipher (gcry_cipher_hd_t *handle, | |||
85 | { | 62 | { |
86 | int rc; | 63 | int rc; |
87 | 64 | ||
88 | if (GNUNET_OK != | ||
89 | GNUNET_CRYPTO_aes_check_session_key (sessionkey)) | ||
90 | { | ||
91 | GNUNET_break (0); | ||
92 | return GNUNET_SYSERR; | ||
93 | } | ||
94 | GNUNET_assert (0 == | 65 | GNUNET_assert (0 == |
95 | gcry_cipher_open (handle, GCRY_CIPHER_AES256, | 66 | gcry_cipher_open (handle, GCRY_CIPHER_AES256, |
96 | GCRY_CIPHER_MODE_CFB, 0)); | 67 | GCRY_CIPHER_MODE_CFB, 0)); |
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c index 04225b3dc..fca66aed4 100644 --- a/src/util/crypto_hash.c +++ b/src/util/crypto_hash.c | |||
@@ -419,8 +419,6 @@ GNUNET_CRYPTO_hash_to_aes_key (const struct GNUNET_HashCode * hc, | |||
419 | GNUNET_CRYPTO_AES_KEY_LENGTH + | 419 | GNUNET_CRYPTO_AES_KEY_LENGTH + |
420 | sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); | 420 | sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); |
421 | memcpy (skey, hc, GNUNET_CRYPTO_AES_KEY_LENGTH); | 421 | memcpy (skey, hc, GNUNET_CRYPTO_AES_KEY_LENGTH); |
422 | skey->crc32 = | ||
423 | htonl (GNUNET_CRYPTO_crc32_n (skey, GNUNET_CRYPTO_AES_KEY_LENGTH)); | ||
424 | memcpy (iv, &((char *) hc)[GNUNET_CRYPTO_AES_KEY_LENGTH], | 422 | memcpy (iv, &((char *) hc)[GNUNET_CRYPTO_AES_KEY_LENGTH], |
425 | sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); | 423 | sizeof (struct GNUNET_CRYPTO_AesInitializationVector)); |
426 | } | 424 | } |
diff --git a/src/util/gnunet-ecc.c b/src/util/gnunet-ecc.c index b19fc1998..d7f1dd58d 100644 --- a/src/util/gnunet-ecc.c +++ b/src/util/gnunet-ecc.c | |||
@@ -65,38 +65,12 @@ struct GNUNET_CRYPTO_EccPrivateKey | |||
65 | 65 | ||
66 | 66 | ||
67 | /** | 67 | /** |
68 | * Create a new private key. Caller must free return value. | ||
69 | * | ||
70 | * @return fresh private key | ||
71 | */ | ||
72 | static struct GNUNET_CRYPTO_EccPrivateKey * | ||
73 | ecc_key_create () | ||
74 | { | ||
75 | struct GNUNET_CRYPTO_EccPrivateKey *ret; | ||
76 | gcry_sexp_t s_key; | ||
77 | gcry_sexp_t s_keyparam; | ||
78 | |||
79 | GNUNET_assert (0 == | ||
80 | gcry_sexp_build (&s_keyparam, NULL, | ||
81 | "(genkey(ecc(nbits %d)(ecc-use-e 3:257)))", | ||
82 | 2048)); | ||
83 | GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam)); | ||
84 | gcry_sexp_release (s_keyparam); | ||
85 | #if EXTRA_CHECKS | ||
86 | GNUNET_assert (0 == gcry_pk_testkey (s_key)); | ||
87 | #endif | ||
88 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey)); | ||
89 | ret->sexp = s_key; | ||
90 | return ret; | ||
91 | } | ||
92 | |||
93 | |||
94 | /** | ||
95 | * Create a flat file with a large number of key pairs for testing. | 68 | * Create a flat file with a large number of key pairs for testing. |
96 | */ | 69 | */ |
97 | static void | 70 | static void |
98 | create_keys (const char *fn) | 71 | create_keys (const char *fn) |
99 | { | 72 | { |
73 | static char pad[GNUNET_TESTING_HOSTKEYFILESIZE]; | ||
100 | FILE *f; | 74 | FILE *f; |
101 | struct GNUNET_CRYPTO_EccPrivateKey *pk; | 75 | struct GNUNET_CRYPTO_EccPrivateKey *pk; |
102 | struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc; | 76 | struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc; |
@@ -116,28 +90,34 @@ create_keys (const char *fn) | |||
116 | { | 90 | { |
117 | fprintf (stderr, | 91 | fprintf (stderr, |
118 | "."); | 92 | "."); |
119 | if (NULL == (pk = ecc_key_create ())) | 93 | if (NULL == (pk = GNUNET_CRYPTO_ecc_key_create ())) |
120 | { | 94 | { |
121 | GNUNET_break (0); | 95 | GNUNET_break (0); |
122 | break; | 96 | break; |
123 | } | 97 | } |
124 | enc = GNUNET_CRYPTO_ecc_encode_key (pk); | 98 | enc = GNUNET_CRYPTO_ecc_encode_key (pk); |
125 | if (htons (enc->size) != fwrite (enc, 1, htons (enc->size), f)) | 99 | GNUNET_assert (ntohs (enc->size) <= GNUNET_TESTING_HOSTKEYFILESIZE); |
126 | { | 100 | if ( (ntohs (enc->size) != fwrite (enc, 1, ntohs (enc->size), f)) || |
127 | fprintf (stderr, | 101 | (GNUNET_TESTING_HOSTKEYFILESIZE - ntohs (enc->size) |
128 | _("\nFailed to write to `%s': %s\n"), | 102 | != fwrite (pad, 1, GNUNET_TESTING_HOSTKEYFILESIZE - ntohs (enc->size), f)) ) |
129 | fn, | 103 | { |
130 | STRERROR (errno)); | 104 | fprintf (stderr, |
131 | GNUNET_CRYPTO_ecc_key_free (pk); | 105 | _("\nFailed to write to `%s': %s\n"), |
132 | GNUNET_free (enc); | 106 | fn, |
133 | break; | 107 | STRERROR (errno)); |
134 | } | 108 | GNUNET_CRYPTO_ecc_key_free (pk); |
109 | GNUNET_free (enc); | ||
110 | break; | ||
111 | } | ||
135 | GNUNET_CRYPTO_ecc_key_free (pk); | 112 | GNUNET_CRYPTO_ecc_key_free (pk); |
136 | GNUNET_free (enc); | 113 | GNUNET_free (enc); |
137 | } | 114 | } |
138 | if (0 == make_keys) | 115 | if (UINT_MAX == make_keys) |
116 | fprintf (stderr, | ||
117 | _("\nFinished!\n")); | ||
118 | else | ||
139 | fprintf (stderr, | 119 | fprintf (stderr, |
140 | _("Finished!\n")); | 120 | _("\nError, %u keys not generated\n"), make_keys); |
141 | fclose (f); | 121 | fclose (f); |
142 | } | 122 | } |
143 | 123 | ||
diff --git a/src/util/gnunet-rsa.c b/src/util/gnunet-rsa.c index 917ee50f4..1e7132d3f 100644 --- a/src/util/gnunet-rsa.c +++ b/src/util/gnunet-rsa.c | |||
@@ -25,7 +25,6 @@ | |||
25 | */ | 25 | */ |
26 | #include "platform.h" | 26 | #include "platform.h" |
27 | #include "gnunet_util_lib.h" | 27 | #include "gnunet_util_lib.h" |
28 | #include "gnunet_testing_lib.h" | ||
29 | #include <gcrypt.h> | 28 | #include <gcrypt.h> |
30 | 29 | ||
31 | 30 | ||
@@ -49,107 +48,6 @@ static int print_short_identity; | |||
49 | */ | 48 | */ |
50 | static int weak_random; | 49 | static int weak_random; |
51 | 50 | ||
52 | /** | ||
53 | * Option set to create a bunch of keys at once. | ||
54 | */ | ||
55 | static unsigned int make_keys; | ||
56 | |||
57 | /** | ||
58 | * The private information of an RSA key pair. | ||
59 | * NOTE: this must match the definition in crypto_ksk.c and crypto_rsa.c! | ||
60 | */ | ||
61 | struct GNUNET_CRYPTO_RsaPrivateKey | ||
62 | { | ||
63 | gcry_sexp_t sexp; | ||
64 | }; | ||
65 | |||
66 | |||
67 | /** | ||
68 | * Create a new private key. Caller must free return value. | ||
69 | * | ||
70 | * @return fresh private key | ||
71 | */ | ||
72 | static struct GNUNET_CRYPTO_RsaPrivateKey * | ||
73 | rsa_key_create () | ||
74 | { | ||
75 | struct GNUNET_CRYPTO_RsaPrivateKey *ret; | ||
76 | gcry_sexp_t s_key; | ||
77 | gcry_sexp_t s_keyparam; | ||
78 | |||
79 | GNUNET_assert (0 == | ||
80 | gcry_sexp_build (&s_keyparam, NULL, | ||
81 | "(genkey(rsa(nbits %d)(rsa-use-e 3:257)))", | ||
82 | 2048)); | ||
83 | GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam)); | ||
84 | gcry_sexp_release (s_keyparam); | ||
85 | #if EXTRA_CHECKS | ||
86 | GNUNET_assert (0 == gcry_pk_testkey (s_key)); | ||
87 | #endif | ||
88 | ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); | ||
89 | ret->sexp = s_key; | ||
90 | return ret; | ||
91 | } | ||
92 | |||
93 | |||
94 | /** | ||
95 | * Create a flat file with a large number of key pairs for testing. | ||
96 | */ | ||
97 | static void | ||
98 | create_keys (const char *fn) | ||
99 | { | ||
100 | FILE *f; | ||
101 | struct GNUNET_CRYPTO_RsaPrivateKey *pk; | ||
102 | struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *enc; | ||
103 | |||
104 | if (NULL == (f = fopen (fn, "w+"))) | ||
105 | { | ||
106 | fprintf (stderr, | ||
107 | _("Failed to open `%s': %s\n"), | ||
108 | fn, | ||
109 | STRERROR (errno)); | ||
110 | return; | ||
111 | } | ||
112 | fprintf (stderr, | ||
113 | _("Generating %u keys, please wait"), | ||
114 | make_keys); | ||
115 | while (0 < make_keys--) | ||
116 | { | ||
117 | fprintf (stderr, | ||
118 | "."); | ||
119 | if (NULL == (pk = rsa_key_create ())) | ||
120 | { | ||
121 | GNUNET_break (0); | ||
122 | break; | ||
123 | } | ||
124 | enc = GNUNET_CRYPTO_rsa_encode_key (pk); | ||
125 | if (GNUNET_TESTING_HOSTKEYFILESIZE != htons (enc->len)) | ||
126 | { | ||
127 | /* sometimes we get a different key length because 'd' or 'u' start | ||
128 | with leading bits; skip those... */ | ||
129 | GNUNET_CRYPTO_rsa_key_free (pk); | ||
130 | GNUNET_free (enc); | ||
131 | make_keys++; | ||
132 | continue; | ||
133 | } | ||
134 | if (htons (enc->len) != fwrite (enc, 1, htons (enc->len), f)) | ||
135 | { | ||
136 | fprintf (stderr, | ||
137 | _("\nFailed to write to `%s': %s\n"), | ||
138 | fn, | ||
139 | STRERROR (errno)); | ||
140 | GNUNET_CRYPTO_rsa_key_free (pk); | ||
141 | GNUNET_free (enc); | ||
142 | break; | ||
143 | } | ||
144 | GNUNET_CRYPTO_rsa_key_free (pk); | ||
145 | GNUNET_free (enc); | ||
146 | } | ||
147 | if (0 == make_keys) | ||
148 | fprintf (stderr, | ||
149 | _("Finished!\n")); | ||
150 | fclose (f); | ||
151 | } | ||
152 | |||
153 | 51 | ||
154 | /** | 52 | /** |
155 | * Main function that will be run by the scheduler. | 53 | * Main function that will be run by the scheduler. |
@@ -174,11 +72,6 @@ run (void *cls, char *const *args, const char *cfgfile, | |||
174 | } | 72 | } |
175 | if (0 != weak_random) | 73 | if (0 != weak_random) |
176 | GNUNET_CRYPTO_random_disable_entropy_gathering (); | 74 | GNUNET_CRYPTO_random_disable_entropy_gathering (); |
177 | if (make_keys > 0) | ||
178 | { | ||
179 | create_keys (args[0]); | ||
180 | return; | ||
181 | } | ||
182 | pk = GNUNET_CRYPTO_rsa_key_create_from_file (args[0]); | 75 | pk = GNUNET_CRYPTO_rsa_key_create_from_file (args[0]); |
183 | if (NULL == pk) | 76 | if (NULL == pk) |
184 | return; | 77 | return; |
@@ -225,9 +118,6 @@ int | |||
225 | main (int argc, char *const*argv) | 118 | main (int argc, char *const*argv) |
226 | { | 119 | { |
227 | static const struct GNUNET_GETOPT_CommandLineOption options[] = { | 120 | static const struct GNUNET_GETOPT_CommandLineOption options[] = { |
228 | { 'g', "generate-keys", "COUNT", | ||
229 | gettext_noop ("create COUNT public-private key pairs (for testing)"), | ||
230 | 1, &GNUNET_GETOPT_set_uint, &make_keys }, | ||
231 | { 'p', "print-public-key", NULL, | 121 | { 'p', "print-public-key", NULL, |
232 | gettext_noop ("print the public key in ASCII format"), | 122 | gettext_noop ("print the public key in ASCII format"), |
233 | 0, &GNUNET_GETOPT_set_one, &print_public_key }, | 123 | 0, &GNUNET_GETOPT_set_one, &print_public_key }, |
diff --git a/src/util/test_crypto_aes.c b/src/util/test_crypto_aes.c index 971e9afbe..88b51188e 100644 --- a/src/util/test_crypto_aes.c +++ b/src/util/test_crypto_aes.c | |||
@@ -95,17 +95,6 @@ verifyCrypto () | |||
95 | ret = 0; | 95 | ret = 0; |
96 | 96 | ||
97 | memcpy (key.key, raw_key, GNUNET_CRYPTO_AES_KEY_LENGTH); | 97 | memcpy (key.key, raw_key, GNUNET_CRYPTO_AES_KEY_LENGTH); |
98 | key.crc32 = | ||
99 | htonl (GNUNET_CRYPTO_crc32_n (&key, GNUNET_CRYPTO_AES_KEY_LENGTH)); | ||
100 | |||
101 | if (ntohl (key.crc32) != (unsigned int) 38125195LL) | ||
102 | { | ||
103 | printf ("Static key has different CRC: %u - %u\n", ntohl (key.crc32), | ||
104 | key.crc32); | ||
105 | |||
106 | ret = 1; | ||
107 | goto error; | ||
108 | } | ||
109 | 98 | ||
110 | if (GNUNET_CRYPTO_AES_KEY_LENGTH != | 99 | if (GNUNET_CRYPTO_AES_KEY_LENGTH != |
111 | GNUNET_CRYPTO_aes_encrypt (plain, GNUNET_CRYPTO_AES_KEY_LENGTH, &key, | 100 | GNUNET_CRYPTO_aes_encrypt (plain, GNUNET_CRYPTO_AES_KEY_LENGTH, &key, |
diff --git a/src/util/test_crypto_aes_weak.c b/src/util/test_crypto_aes_weak.c index 0b7ba5c54..201bfeb5d 100644 --- a/src/util/test_crypto_aes_weak.c +++ b/src/util/test_crypto_aes_weak.c | |||
@@ -91,9 +91,6 @@ testWeakKey () | |||
91 | weak_key.key[30] = (char) (0xaa); | 91 | weak_key.key[30] = (char) (0xaa); |
92 | weak_key.key[31] = (char) (0xaa); | 92 | weak_key.key[31] = (char) (0xaa); |
93 | /* memset(&weak_key, 0, 32); */ | 93 | /* memset(&weak_key, 0, 32); */ |
94 | weak_key.crc32 = | ||
95 | htonl (GNUNET_CRYPTO_crc32_n (&weak_key, GNUNET_CRYPTO_AES_KEY_LENGTH)); | ||
96 | |||
97 | size = | 94 | size = |
98 | GNUNET_CRYPTO_aes_encrypt (WEAK_KEY_TESTSTRING, | 95 | GNUNET_CRYPTO_aes_encrypt (WEAK_KEY_TESTSTRING, |
99 | strlen (WEAK_KEY_TESTSTRING) + 1, &weak_key, | 96 | strlen (WEAK_KEY_TESTSTRING) + 1, &weak_key, |