From 0016a5eca2ada2df9de375022a73677c3d7b9247 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Mon, 15 Apr 2013 16:26:26 +0000 Subject: -gcrypt works better now, removing some debug logic --- src/fs/fs_pseudonym.c | 86 +++++++------------------------------------------ src/fs/test_pseudonym.c | 16 +++++---- 2 files changed, 21 insertions(+), 81 deletions(-) diff --git a/src/fs/fs_pseudonym.c b/src/fs/fs_pseudonym.c index 7394fb0c6..896a26e59 100644 --- a/src/fs/fs_pseudonym.c +++ b/src/fs/fs_pseudonym.c @@ -1067,8 +1067,6 @@ data_to_pkcs1 (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose) return data; } -gcry_ctx_t xctx; - /** * Cryptographically sign some data with the pseudonym. @@ -1085,10 +1083,10 @@ gcry_ctx_t xctx; */ int GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph, - const struct GNUNET_FS_PseudonymSignaturePurpose *purpose, - const struct GNUNET_HashCode *seed, - const struct GNUNET_HashCode *signing_key, - struct GNUNET_FS_PseudonymSignature *signature) + const struct GNUNET_FS_PseudonymSignaturePurpose *purpose, + const struct GNUNET_HashCode *seed, + const struct GNUNET_HashCode *signing_key, + struct GNUNET_FS_PseudonymSignature *signature) { size_t size; size_t erroff; @@ -1136,47 +1134,9 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph, /* calculate dx = d + h mod n */ dh = gcry_mpi_new (256); gcry_mpi_addm (dh, d, h, n); - // gcry_mpi_release (d); - // gcry_mpi_release (h); + gcry_mpi_release (d); + gcry_mpi_release (h); gcry_mpi_release (n); - - if (1) { - gcry_mpi_point_t g; - gcry_mpi_point_t v; - gcry_mpi_point_t hg; - gcry_mpi_point_t q; - gcry_mpi_t v_x; - gcry_mpi_t v_y; - - gcry_mpi_ec_new (&xctx, NULL, "NIST P-256"); - g = gcry_mpi_ec_get_point ("g", xctx, 0); - - hg = gcry_mpi_point_new (0); - gcry_mpi_ec_mul (hg, h, g, xctx); - fprintf (stderr, "\nExpected verification hG value:\n"); - v_x = gcry_mpi_new (256); - v_y = gcry_mpi_new (256); - gcry_mpi_ec_get_affine (v_x, v_y, hg, xctx); - gcry_mpi_dump (v_x); - gcry_mpi_dump (v_y); - - q = gcry_mpi_point_new (0); - gcry_mpi_ec_mul (q, d, g, xctx); - fprintf (stderr, "\nExpected verification q value:\n"); - gcry_mpi_ec_get_affine (v_x, v_y, q, xctx); - gcry_mpi_dump (v_x); - gcry_mpi_dump (v_y); - - v = gcry_mpi_point_new (0); - gcry_mpi_ec_add (v, q, hg, xctx); - gcry_mpi_ec_get_affine (v_x, v_y, v, xctx); - fprintf (stderr, "\nExpected verification key public point value V := q + hG:\n"); - gcry_mpi_dump (v_x); - gcry_mpi_dump (v_y); - fprintf (stderr, "\n"); - - } - /* now build sexpression with the signing key */ if (0 != (rc = gcry_sexp_build (&spriv, &erroff, @@ -1241,6 +1201,7 @@ GNUNET_FS_pseudonym_sign (struct GNUNET_FS_PseudonymHandle *ph, gcry_mpi_release (rs[1]); return GNUNET_SYSERR; } + gcry_mpi_release (rs[0]); size = sizeof (signature->sig_s); if (0 != (rc = gcry_mpi_print (GCRYMPI_FMT_USG, signature->sig_s, size, @@ -1353,42 +1314,19 @@ GNUNET_FS_pseudonym_derive_verification_key (struct GNUNET_FS_PseudonymIdentifie /* then call the 'multiply' function, to compute the product hG */ hg = gcry_mpi_point_new (0); gcry_mpi_ec_mul (hg, h, g, ctx); - - { - fprintf (stderr, "\nVerification hG value:\n"); - v_x = gcry_mpi_new (256); - v_y = gcry_mpi_new (256); - gcry_mpi_ec_get_affine (v_x, v_y, hg, ctx); - gcry_mpi_dump (v_x); - gcry_mpi_dump (v_y); - } gcry_mpi_release (h); /* get Q = dG from 'pseudonym' */ q = gcry_mpi_ec_get_point ("q", ctx, 0); - { - fprintf (stderr, "\nVerification q value:\n"); - v_x = gcry_mpi_new (256); - v_y = gcry_mpi_new (256); - gcry_mpi_ec_get_affine (v_x, v_y, q, ctx); - gcry_mpi_dump (v_x); - gcry_mpi_dump (v_y); - } /* calculate V = Q + hG = dG + hG = (d + h)G*/ v = gcry_mpi_point_new (0); - gcry_mpi_ec_add (v, q, hg, xctx); + gcry_mpi_ec_add (v, q, hg, ctx); /* FIXME: free 'hg'? */ /* store 'v' point in "verification_key" */ v_x = gcry_mpi_new (256); v_y = gcry_mpi_new (256); - gcry_mpi_ec_get_affine (v_x, v_y, v, xctx); - - { - fprintf (stderr, "\nVerification key public point value V := q + hG:\n"); - gcry_mpi_dump (v_x); - gcry_mpi_dump (v_y); - } + gcry_mpi_ec_get_affine (v_x, v_y, v, ctx); gcry_mpi_point_release (v); gcry_ctx_release (ctx); @@ -1428,8 +1366,8 @@ GNUNET_FS_pseudonym_derive_verification_key (struct GNUNET_FS_PseudonymIdentifie */ int GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *purpose, - const struct GNUNET_FS_PseudonymSignature *signature, - const struct GNUNET_FS_PseudonymIdentifier *verification_key) + const struct GNUNET_FS_PseudonymSignature *signature, + const struct GNUNET_FS_PseudonymIdentifier *verification_key) { gcry_sexp_t data; gcry_sexp_t sig_sexpr; @@ -1471,6 +1409,7 @@ GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *pu gcry_mpi_release (r); gcry_mpi_release (s); + /* build s-expression for data that was signed */ data = data_to_pkcs1 (purpose); @@ -1533,7 +1472,6 @@ GNUNET_FS_pseudonym_verify (const struct GNUNET_FS_PseudonymSignaturePurpose *pu LOG (GNUNET_ERROR_TYPE_WARNING, _("ECDSA signature verification failed at %s:%d: %s\n"), __FILE__, __LINE__, gcry_strerror (rc)); -exit (1); return GNUNET_SYSERR; } return GNUNET_OK; diff --git a/src/fs/test_pseudonym.c b/src/fs/test_pseudonym.c index 0615f5a5b..a6e258038 100644 --- a/src/fs/test_pseudonym.c +++ b/src/fs/test_pseudonym.c @@ -223,26 +223,24 @@ test_signature (struct GNUNET_FS_PseudonymHandle *ph, struct GNUNET_FS_PseudonymIdentifier verification_key; GNUNET_FS_pseudonym_sign (ph, purpose, seed, signing_key, &signature); - if (0) - { GNUNET_FS_pseudonym_sign (ph, purpose, seed, signing_key, &signature2); /* with seed, two sigs must be identical, without, they must be different! */ if (NULL != seed) GNUNET_break (0 == memcmp (&signature, &signature2, sizeof (signature))); else /* crypto not implemented, thus for now 'break' */ GNUNET_break (0 != memcmp (&signature, &signature2, sizeof (signature))); - } GNUNET_FS_pseudonym_get_identifier (ph, &pseudonym); GNUNET_FS_pseudonym_derive_verification_key (&pseudonym, signing_key, &verification_key); GNUNET_break (GNUNET_OK == - GNUNET_FS_pseudonym_verify (purpose, &signature, &verification_key)); + GNUNET_FS_pseudonym_verify (purpose, &signature, &verification_key)); /* also check that if the data is changed, the signature no longer matches */ (*bit)++; + GNUNET_log_skip (1, GNUNET_NO); /* crypto not implemented, thus for now 'break' */ GNUNET_break (GNUNET_OK != - GNUNET_FS_pseudonym_verify (purpose, &signature, &verification_key)); + GNUNET_FS_pseudonym_verify (purpose, &signature, &verification_key)); (*bit)--; } @@ -266,8 +264,10 @@ test_crypto_ops (struct GNUNET_FS_PseudonymHandle *ph) purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); memset (&seed, 41, sizeof (seed)); memset (&signing_key, 40, sizeof (signing_key)); - test_signature (ph, purpose, &seed, &signing_key, &data[sizeof (struct GNUNET_FS_PseudonymSignaturePurpose)]); - test_signature (ph, purpose, NULL, &signing_key, &data[sizeof (struct GNUNET_FS_PseudonymSignaturePurpose)]); + test_signature (ph, purpose, &seed, + &signing_key, &data[sizeof (struct GNUNET_FS_PseudonymSignaturePurpose)]); + test_signature (ph, purpose, NULL, + &signing_key, &data[sizeof (struct GNUNET_FS_PseudonymSignaturePurpose)]); } @@ -301,6 +301,7 @@ test_crypto () GNUNET_FS_pseudonym_destroy (ph); /* check anonymous pseudonym operations generation */ + fprintf (stderr, "Checking anonymous ops\n"); ph = GNUNET_FS_pseudonym_get_anonymous_pseudonym_handle (); GNUNET_FS_pseudonym_get_identifier (ph, &pseudonym2); if (0 == memcmp (&pseudonym, &pseudonym2, sizeof (pseudonym))) @@ -314,6 +315,7 @@ test_crypto () int main (int argc, char *argv[]) { + GNUNET_log_setup ("test-pseudonym", "WARNING", NULL); if (0 != test_io ()) return 1; if (0 != test_crypto ()) -- cgit v1.2.3