From 5306c3356854b535fe09654b270f06615bf94e94 Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Tue, 10 Nov 2020 09:01:17 +0900 Subject: -fix signatures in revocation --- src/identity/identity_api.c | 190 +++++++++++++++++++++++++------------------- 1 file changed, 107 insertions(+), 83 deletions(-) (limited to 'src/identity/identity_api.c') diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c index 6f7c5d860..f40472240 100644 --- a/src/identity/identity_api.c +++ b/src/identity/identity_api.c @@ -953,6 +953,7 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h) GNUNET_free (h); } + ssize_t private_key_get_length (const struct GNUNET_IDENTITY_PrivateKey *key) { @@ -971,7 +972,6 @@ private_key_get_length (const struct GNUNET_IDENTITY_PrivateKey *key) } - ssize_t GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key) { @@ -992,106 +992,116 @@ GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key) ssize_t GNUNET_IDENTITY_read_key_from_buffer (struct GNUNET_IDENTITY_PublicKey *key, - const void* buffer, - size_t len) + const void*buffer, + size_t len) { if (len < sizeof (key->type)) return -1; - GNUNET_memcpy(&(key->type), buffer, sizeof (key->type)); - const ssize_t length = GNUNET_IDENTITY_key_get_length(key); + GNUNET_memcpy (&(key->type), buffer, sizeof (key->type)); + const ssize_t length = GNUNET_IDENTITY_key_get_length (key); if (len < length) - return -1; + return -1; if (length < 0) return -2; - GNUNET_memcpy(&(key->ecdsa_key), buffer + sizeof (key->type), length - sizeof (key->type)); + GNUNET_memcpy (&(key->ecdsa_key), buffer + sizeof (key->type), length + - sizeof (key->type)); return length; } ssize_t -GNUNET_IDENTITY_write_key_to_buffer (const struct GNUNET_IDENTITY_PublicKey *key, - void* buffer, - size_t len) +GNUNET_IDENTITY_write_key_to_buffer (const struct + GNUNET_IDENTITY_PublicKey *key, + void*buffer, + size_t len) { - const ssize_t length = GNUNET_IDENTITY_key_get_length(key); + const ssize_t length = GNUNET_IDENTITY_key_get_length (key); if (len < length) - return -1; + return -1; if (length < 0) - return -2; - GNUNET_memcpy(buffer, &(key->type), sizeof (key->type)); - GNUNET_memcpy(buffer + sizeof (key->type), &(key->ecdsa_key), length - sizeof (key->type)); + return -2; + GNUNET_memcpy (buffer, key, length); return length; } ssize_t -GNUNET_IDENTITY_signature_get_length (const struct GNUNET_IDENTITY_Signature *sig) +GNUNET_IDENTITY_signature_get_length (const struct + GNUNET_IDENTITY_Signature *sig) { switch (ntohl (sig->type)) { case GNUNET_IDENTITY_TYPE_ECDSA: - return sizeof (sig->type) + sizeof (sig->ecdsa_signature); - break; + return sizeof (sig->type) + sizeof (sig->ecdsa_signature); + break; case GNUNET_IDENTITY_TYPE_EDDSA: - return sizeof (sig->type) + sizeof (sig->eddsa_signature); - break; + return sizeof (sig->type) + sizeof (sig->eddsa_signature); + break; default: - GNUNET_break (0); + GNUNET_break (0); } return -1; } ssize_t -GNUNET_IDENTITY_read_signature_from_buffer (struct GNUNET_IDENTITY_Signature *sig, - const void* buffer, - size_t len) +GNUNET_IDENTITY_read_signature_from_buffer (struct + GNUNET_IDENTITY_Signature *sig, + const void*buffer, + size_t len) { if (len < sizeof (sig->type)) - return -1; - GNUNET_memcpy(&(sig->type), buffer, sizeof (sig->type)); - const ssize_t length = GNUNET_IDENTITY_signature_get_length(sig); + return -1; + GNUNET_memcpy (&(sig->type), buffer, sizeof (sig->type)); + const ssize_t length = GNUNET_IDENTITY_signature_get_length (sig); if (len < length) - return -1; + return -1; if (length < 0) - return -2; - GNUNET_memcpy(&(sig->ecdsa_signature), buffer + sizeof (sig->type), length - sizeof (sig->type)); + return -2; + GNUNET_memcpy (&(sig->ecdsa_signature), buffer + sizeof (sig->type), length + - sizeof (sig->type)); return length; } ssize_t -GNUNET_IDENTITY_write_signature_to_buffer (const struct GNUNET_IDENTITY_Signature *sig, - void* buffer, - size_t len) +GNUNET_IDENTITY_write_signature_to_buffer (const struct + GNUNET_IDENTITY_Signature *sig, + void*buffer, + size_t len) { - const ssize_t length = GNUNET_IDENTITY_signature_get_length(sig); + const ssize_t length = GNUNET_IDENTITY_signature_get_length (sig); if (len < length) - return -1; + return -1; if (length < 0) - return -2; - GNUNET_memcpy(buffer, &(sig->type), sizeof (sig->type)); - GNUNET_memcpy(buffer + sizeof (sig->type), &(sig->ecdsa_signature), length - sizeof (sig->type)); + return -2; + GNUNET_memcpy (buffer, &(sig->type), sizeof (sig->type)); + GNUNET_memcpy (buffer + sizeof (sig->type), &(sig->ecdsa_signature), length + - sizeof (sig->type)); return length; } int -GNUNET_IDENTITY_private_key_sign_ (const struct GNUNET_IDENTITY_PrivateKey *priv, - const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, - struct GNUNET_IDENTITY_Signature *sig) +GNUNET_IDENTITY_private_key_sign_ (const struct + GNUNET_IDENTITY_PrivateKey *priv, + const struct + GNUNET_CRYPTO_EccSignaturePurpose *purpose, + struct GNUNET_IDENTITY_Signature *sig) { sig->type = priv->type; switch (ntohl (priv->type)) { case GNUNET_IDENTITY_TYPE_ECDSA: - return GNUNET_CRYPTO_ecdsa_sign_ (& (priv->ecdsa_key), purpose, & (sig->ecdsa_signature)); - break; + return GNUNET_CRYPTO_ecdsa_sign_ (&(priv->ecdsa_key), purpose, + &(sig->ecdsa_signature)); + break; case GNUNET_IDENTITY_TYPE_EDDSA: - return GNUNET_CRYPTO_eddsa_sign_ (& (priv->eddsa_key), purpose, & (sig->eddsa_signature)); - break; + return GNUNET_CRYPTO_eddsa_sign_ (&(priv->eddsa_key), purpose, + &(sig->eddsa_signature)); + break; default: - GNUNET_break (0); + GNUNET_break (0); } return GNUNET_SYSERR; @@ -1100,22 +1110,27 @@ GNUNET_IDENTITY_private_key_sign_ (const struct GNUNET_IDENTITY_PrivateKey *priv int GNUNET_IDENTITY_public_key_verify_ (uint32_t purpose, - const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, - const struct GNUNET_IDENTITY_Signature *sig, - const struct GNUNET_IDENTITY_PublicKey *pub) + const struct + GNUNET_CRYPTO_EccSignaturePurpose *validate, + const struct GNUNET_IDENTITY_Signature *sig, + const struct GNUNET_IDENTITY_PublicKey *pub) { /* check type matching of 'sig' and 'pub' */ GNUNET_assert (ntohl (pub->type) == ntohl (sig->type)); switch (ntohl (pub->type)) { case GNUNET_IDENTITY_TYPE_ECDSA: - return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate, & (sig->ecdsa_signature), & (pub->ecdsa_key)); - break; + return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate, + &(sig->ecdsa_signature), + &(pub->ecdsa_key)); + break; case GNUNET_IDENTITY_TYPE_EDDSA: - return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate, & (sig->eddsa_signature), & (pub->eddsa_key)); - break; + return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate, + &(sig->eddsa_signature), + &(pub->eddsa_key)); + break; default: - GNUNET_break (0); + GNUNET_break (0); } return GNUNET_SYSERR; @@ -1123,56 +1138,64 @@ GNUNET_IDENTITY_public_key_verify_ (uint32_t purpose, ssize_t -GNUNET_IDENTITY_public_key_encrypt(const void *block, - size_t size, - const struct GNUNET_IDENTITY_PublicKey *pub, - struct GNUNET_CRYPTO_EcdhePublicKey *ecc, - void *result) +GNUNET_IDENTITY_public_key_encrypt (const void *block, + size_t size, + const struct GNUNET_IDENTITY_PublicKey *pub, + struct GNUNET_CRYPTO_EcdhePublicKey *ecc, + void *result) { struct GNUNET_CRYPTO_EcdhePrivateKey pk; - GNUNET_CRYPTO_ecdhe_key_create(&pk); + GNUNET_CRYPTO_ecdhe_key_create (&pk); struct GNUNET_HashCode hash; switch (ntohl (pub->type)) { case GNUNET_IDENTITY_TYPE_ECDSA: - if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa(&pk, &(pub->ecdsa_key), &hash)) + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa (&pk, &(pub->ecdsa_key), + &hash)) return -1; break; case GNUNET_IDENTITY_TYPE_EDDSA: - if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_eddsa(&pk, &(pub->eddsa_key), &hash)) + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_eddsa (&pk, &(pub->eddsa_key), + &hash)) return -1; break; default: return -1; } - GNUNET_CRYPTO_ecdhe_key_get_public(&pk, ecc); - GNUNET_CRYPTO_ecdhe_key_clear(&pk); + GNUNET_CRYPTO_ecdhe_key_get_public (&pk, ecc); + GNUNET_CRYPTO_ecdhe_key_clear (&pk); struct GNUNET_CRYPTO_SymmetricSessionKey key; struct GNUNET_CRYPTO_SymmetricInitializationVector iv; - GNUNET_CRYPTO_hash_to_aes_key(&hash, &key, &iv); - GNUNET_CRYPTO_zero_keys(&hash, sizeof(hash)); - const ssize_t encrypted = GNUNET_CRYPTO_symmetric_encrypt(block, size, &key, &iv, result); - GNUNET_CRYPTO_zero_keys(&key, sizeof(key)); - GNUNET_CRYPTO_zero_keys(&iv, sizeof(iv)); + GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv); + GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash)); + const ssize_t encrypted = GNUNET_CRYPTO_symmetric_encrypt (block, size, &key, + &iv, result); + GNUNET_CRYPTO_zero_keys (&key, sizeof(key)); + GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv)); return encrypted; } ssize_t -GNUNET_IDENTITY_private_key_decrypt(const void *block, - size_t size, - const struct GNUNET_IDENTITY_PrivateKey *priv, - const struct GNUNET_CRYPTO_EcdhePublicKey *ecc, - void *result) { +GNUNET_IDENTITY_private_key_decrypt (const void *block, + size_t size, + const struct + GNUNET_IDENTITY_PrivateKey *priv, + const struct + GNUNET_CRYPTO_EcdhePublicKey *ecc, + void *result) +{ struct GNUNET_HashCode hash; switch (ntohl (priv->type)) { case GNUNET_IDENTITY_TYPE_ECDSA: - if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_ecdh(&(priv->ecdsa_key), ecc, &hash)) + if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_ecdh (&(priv->ecdsa_key), ecc, + &hash)) return -1; break; case GNUNET_IDENTITY_TYPE_EDDSA: - if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_ecdh(&(priv->eddsa_key), ecc, &hash)) + if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_ecdh (&(priv->eddsa_key), ecc, + &hash)) return -1; break; default: @@ -1180,11 +1203,12 @@ GNUNET_IDENTITY_private_key_decrypt(const void *block, } struct GNUNET_CRYPTO_SymmetricSessionKey key; struct GNUNET_CRYPTO_SymmetricInitializationVector iv; - GNUNET_CRYPTO_hash_to_aes_key(&hash, &key, &iv); - GNUNET_CRYPTO_zero_keys(&hash, sizeof(hash)); - const ssize_t decrypted = GNUNET_CRYPTO_symmetric_decrypt(block, size, &key, &iv, result); - GNUNET_CRYPTO_zero_keys(&key, sizeof(key)); - GNUNET_CRYPTO_zero_keys(&iv, sizeof(iv)); + GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv); + GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash)); + const ssize_t decrypted = GNUNET_CRYPTO_symmetric_decrypt (block, size, &key, + &iv, result); + GNUNET_CRYPTO_zero_keys (&key, sizeof(key)); + GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv)); return decrypted; } @@ -1222,7 +1246,7 @@ GNUNET_IDENTITY_public_key_from_string (const char *str, if (GNUNET_OK != ret) return GNUNET_SYSERR; ktype = ntohl (key->type); - return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; //FIXME other keys, cleaner way? + return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; // FIXME other keys, cleaner way? } @@ -1240,7 +1264,7 @@ GNUNET_IDENTITY_private_key_from_string (const char *str, if (GNUNET_OK != ret) return GNUNET_SYSERR; ktype = ntohl (key->type); - return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; //FIXME other keys, cleaner way? + return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; // FIXME other keys, cleaner way? } -- cgit v1.2.3