From d41ed82a4ea0cc8e1674b6d5d2c49fd6462610bb Mon Sep 17 00:00:00 2001 From: ng0 Date: Sun, 8 Sep 2019 12:33:09 +0000 Subject: uncrustify as demanded. --- src/util/crypto_rsa.c | 1106 ++++++++++++++++++++++++------------------------- 1 file changed, 553 insertions(+), 553 deletions(-) (limited to 'src/util/crypto_rsa.c') diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c index 8cb0fe6c6..0a20fdffa 100644 --- a/src/util/crypto_rsa.c +++ b/src/util/crypto_rsa.c @@ -1,22 +1,22 @@ /* - This file is part of GNUnet - Copyright (C) 2014,2016 GNUnet e.V. - - GNUnet is free software: you can redistribute it and/or modify it - under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, - or (at your option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . + This file is part of GNUnet + Copyright (C) 2014,2016 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . SPDX-License-Identifier: AGPL3.0-or-later -*/ + */ /** * @file util/crypto_rsa.c @@ -30,14 +30,13 @@ #include "gnunet_crypto_lib.h" #include "benchmark.h" -#define LOG(kind,...) GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__) +#define LOG(kind, ...) GNUNET_log_from(kind, "util-crypto-rsa", __VA_ARGS__) /** * The private information of an RSA key pair. */ -struct GNUNET_CRYPTO_RsaPrivateKey -{ +struct GNUNET_CRYPTO_RsaPrivateKey { /** * Libgcrypt S-expression for the RSA private key. */ @@ -48,8 +47,7 @@ struct GNUNET_CRYPTO_RsaPrivateKey /** * The public information of an RSA key pair. */ -struct GNUNET_CRYPTO_RsaPublicKey -{ +struct GNUNET_CRYPTO_RsaPublicKey { /** * Libgcrypt S-expression for the RSA public key. */ @@ -60,8 +58,7 @@ struct GNUNET_CRYPTO_RsaPublicKey /** * @brief an RSA signature */ -struct GNUNET_CRYPTO_RsaSignature -{ +struct GNUNET_CRYPTO_RsaSignature { /** * Libgcrypt S-expression for the RSA signature. */ @@ -72,8 +69,7 @@ struct GNUNET_CRYPTO_RsaSignature /** * @brief RSA blinding key */ -struct RsaBlindingKey -{ +struct RsaBlindingKey { /** * Random value used for blinding. */ @@ -91,50 +87,50 @@ struct RsaBlindingKey * @return 0 on success */ static int -key_from_sexp (gcry_mpi_t *array, - gcry_sexp_t sexp, - const char *topname, - const char *elems) +key_from_sexp(gcry_mpi_t *array, + gcry_sexp_t sexp, + const char *topname, + const char *elems) { gcry_sexp_t list; gcry_sexp_t l2; const char *s; unsigned int idx; - if (! (list = gcry_sexp_find_token (sexp, topname, 0))) + if (!(list = gcry_sexp_find_token(sexp, topname, 0))) return 1; - l2 = gcry_sexp_cadr (list); - gcry_sexp_release (list); + l2 = gcry_sexp_cadr(list); + gcry_sexp_release(list); list = l2; - if (! list) + if (!list) return 2; idx = 0; for (s = elems; *s; s++, idx++) - { - if (! (l2 = gcry_sexp_find_token (list, s, 1))) - { - for (unsigned int i = 0; i < idx; i++) - { - gcry_free (array[i]); - array[i] = NULL; - } - gcry_sexp_release (list); - return 3; /* required parameter not found */ - } - array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); - gcry_sexp_release (l2); - if (! array[idx]) { - for (unsigned int i = 0; i < idx; i++) - { - gcry_free (array[i]); - array[i] = NULL; - } - gcry_sexp_release (list); - return 4; /* required parameter is invalid */ + if (!(l2 = gcry_sexp_find_token(list, s, 1))) + { + for (unsigned int i = 0; i < idx; i++) + { + gcry_free(array[i]); + array[i] = NULL; + } + gcry_sexp_release(list); + return 3; /* required parameter not found */ + } + array[idx] = gcry_sexp_nth_mpi(l2, 1, GCRYMPI_FMT_USG); + gcry_sexp_release(l2); + if (!array[idx]) + { + for (unsigned int i = 0; i < idx; i++) + { + gcry_free(array[i]); + array[i] = NULL; + } + gcry_sexp_release(list); + return 4; /* required parameter is invalid */ + } } - } - gcry_sexp_release (list); + gcry_sexp_release(list); return 0; } @@ -146,30 +142,30 @@ key_from_sexp (gcry_mpi_t *array, * @return fresh private key */ struct GNUNET_CRYPTO_RsaPrivateKey * -GNUNET_CRYPTO_rsa_private_key_create (unsigned int len) +GNUNET_CRYPTO_rsa_private_key_create(unsigned int len) { struct GNUNET_CRYPTO_RsaPrivateKey *ret; gcry_sexp_t s_key; gcry_sexp_t s_keyparam; - BENCHMARK_START (rsa_private_key_create); - - GNUNET_assert (0 == - gcry_sexp_build (&s_keyparam, - NULL, - "(genkey(rsa(nbits %d)))", - len)); - GNUNET_assert (0 == - gcry_pk_genkey (&s_key, - s_keyparam)); - gcry_sexp_release (s_keyparam); + BENCHMARK_START(rsa_private_key_create); + + GNUNET_assert(0 == + gcry_sexp_build(&s_keyparam, + NULL, + "(genkey(rsa(nbits %d)))", + len)); + GNUNET_assert(0 == + gcry_pk_genkey(&s_key, + s_keyparam)); + gcry_sexp_release(s_keyparam); #if EXTRA_CHECKS - GNUNET_assert (0 == - gcry_pk_testkey (s_key)); + GNUNET_assert(0 == + gcry_pk_testkey(s_key)); #endif - ret = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); + ret = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); ret->sexp = s_key; - BENCHMARK_END (rsa_private_key_create); + BENCHMARK_END(rsa_private_key_create); return ret; } @@ -180,10 +176,10 @@ GNUNET_CRYPTO_rsa_private_key_create (unsigned int len) * @param key pointer to the memory to free */ void -GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key) +GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key) { - gcry_sexp_release (key->sexp); - GNUNET_free (key); + gcry_sexp_release(key->sexp); + GNUNET_free(key); } @@ -196,22 +192,22 @@ GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key) * @return size of memory allocated in @a buffer */ size_t -GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, - char **buffer) +GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, + char **buffer) { size_t n; char *b; - n = gcry_sexp_sprint (key->sexp, - GCRYSEXP_FMT_DEFAULT, - NULL, - 0); - b = GNUNET_malloc (n); - GNUNET_assert ((n - 1) == /* since the last byte is \0 */ - gcry_sexp_sprint (key->sexp, - GCRYSEXP_FMT_DEFAULT, - b, - n)); + n = gcry_sexp_sprint(key->sexp, + GCRYSEXP_FMT_DEFAULT, + NULL, + 0); + b = GNUNET_malloc(n); + GNUNET_assert((n - 1) == /* since the last byte is \0 */ + gcry_sexp_sprint(key->sexp, + GCRYSEXP_FMT_DEFAULT, + b, + n)); *buffer = b; return n; } @@ -226,29 +222,30 @@ GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey * * @return NULL on error */ struct GNUNET_CRYPTO_RsaPrivateKey * -GNUNET_CRYPTO_rsa_private_key_decode (const char *buf, - size_t len) +GNUNET_CRYPTO_rsa_private_key_decode(const char *buf, + size_t len) { struct GNUNET_CRYPTO_RsaPrivateKey *key; - key = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); + + key = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); if (0 != - gcry_sexp_new (&key->sexp, - buf, - len, - 0)) - { - LOG (GNUNET_ERROR_TYPE_WARNING, - "Decoded private key is not valid\n"); - GNUNET_free (key); - return NULL; - } - if (0 != gcry_pk_testkey (key->sexp)) - { - LOG (GNUNET_ERROR_TYPE_WARNING, - "Decoded private key is not valid\n"); - GNUNET_CRYPTO_rsa_private_key_free (key); - return NULL; - } + gcry_sexp_new(&key->sexp, + buf, + len, + 0)) + { + LOG(GNUNET_ERROR_TYPE_WARNING, + "Decoded private key is not valid\n"); + GNUNET_free(key); + return NULL; + } + if (0 != gcry_pk_testkey(key->sexp)) + { + LOG(GNUNET_ERROR_TYPE_WARNING, + "Decoded private key is not valid\n"); + GNUNET_CRYPTO_rsa_private_key_free(key); + return NULL; + } return key; } @@ -260,35 +257,35 @@ GNUNET_CRYPTO_rsa_private_key_decode (const char *buf, * @retur NULL on error, otherwise the public key */ struct GNUNET_CRYPTO_RsaPublicKey * -GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv) +GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv) { struct GNUNET_CRYPTO_RsaPublicKey *pub; gcry_mpi_t ne[2]; int rc; gcry_sexp_t result; - BENCHMARK_START (rsa_private_key_get_public); + BENCHMARK_START(rsa_private_key_get_public); - rc = key_from_sexp (ne, priv->sexp, "public-key", "ne"); + rc = key_from_sexp(ne, priv->sexp, "public-key", "ne"); if (0 != rc) - rc = key_from_sexp (ne, priv->sexp, "private-key", "ne"); + rc = key_from_sexp(ne, priv->sexp, "private-key", "ne"); if (0 != rc) - rc = key_from_sexp (ne, priv->sexp, "rsa", "ne"); + rc = key_from_sexp(ne, priv->sexp, "rsa", "ne"); if (0 != rc) - { - GNUNET_break_op (0); - return NULL; - } - rc = gcry_sexp_build (&result, - NULL, - "(public-key(rsa(n %m)(e %m)))", - ne[0], - ne[1]); - gcry_mpi_release (ne[0]); - gcry_mpi_release (ne[1]); - pub = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); + { + GNUNET_break_op(0); + return NULL; + } + rc = gcry_sexp_build(&result, + NULL, + "(public-key(rsa(n %m)(e %m)))", + ne[0], + ne[1]); + gcry_mpi_release(ne[0]); + gcry_mpi_release(ne[1]); + pub = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); pub->sexp = result; - BENCHMARK_END (rsa_private_key_get_public); + BENCHMARK_END(rsa_private_key_get_public); return pub; } @@ -299,10 +296,10 @@ GNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateK * @param key pointer to the memory to free */ void -GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key) +GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key) { - gcry_sexp_release (key->sexp); - GNUNET_free (key); + gcry_sexp_release(key->sexp); + GNUNET_free(key); } @@ -315,22 +312,22 @@ GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key) * @return size of memory allocated in @a buffer */ size_t -GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, - char **buffer) +GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, + char **buffer) { size_t n; char *b; - n = gcry_sexp_sprint (key->sexp, - GCRYSEXP_FMT_ADVANCED, - NULL, - 0); - b = GNUNET_malloc (n); - GNUNET_assert ((n -1) == /* since the last byte is \0 */ - gcry_sexp_sprint (key->sexp, - GCRYSEXP_FMT_ADVANCED, - b, - n)); + n = gcry_sexp_sprint(key->sexp, + GCRYSEXP_FMT_ADVANCED, + NULL, + 0); + b = GNUNET_malloc(n); + GNUNET_assert((n - 1) == /* since the last byte is \0 */ + gcry_sexp_sprint(key->sexp, + GCRYSEXP_FMT_ADVANCED, + b, + n)); *buffer = b; return n; } @@ -343,18 +340,18 @@ GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *ke * @param hc where to store the hash code */ void -GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, - struct GNUNET_HashCode *hc) +GNUNET_CRYPTO_rsa_public_key_hash(const struct GNUNET_CRYPTO_RsaPublicKey *key, + struct GNUNET_HashCode *hc) { char *buf; size_t buf_size; - buf_size = GNUNET_CRYPTO_rsa_public_key_encode (key, - &buf); - GNUNET_CRYPTO_hash (buf, - buf_size, - hc); - GNUNET_free (buf); + buf_size = GNUNET_CRYPTO_rsa_public_key_encode(key, + &buf); + GNUNET_CRYPTO_hash(buf, + buf_size, + hc); + GNUNET_free(buf); } @@ -367,37 +364,37 @@ GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, * @return NULL on error */ struct GNUNET_CRYPTO_RsaPublicKey * -GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, - size_t len) +GNUNET_CRYPTO_rsa_public_key_decode(const char *buf, + size_t len) { struct GNUNET_CRYPTO_RsaPublicKey *key; gcry_mpi_t n; int ret; - key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); + key = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); if (0 != - gcry_sexp_new (&key->sexp, - buf, - len, - 0)) - { - GNUNET_break_op (0); - GNUNET_free (key); - return NULL; - } + gcry_sexp_new(&key->sexp, + buf, + len, + 0)) + { + GNUNET_break_op(0); + GNUNET_free(key); + return NULL; + } /* verify that this is an RSA public key */ - ret = key_from_sexp (&n, key->sexp, "public-key", "n"); + ret = key_from_sexp(&n, key->sexp, "public-key", "n"); if (0 != ret) - ret = key_from_sexp (&n, key->sexp, "rsa", "n"); + ret = key_from_sexp(&n, key->sexp, "rsa", "n"); if (0 != ret) - { - /* this is no public RSA key */ - GNUNET_break (0); - gcry_sexp_release (key->sexp); - GNUNET_free (key); - return NULL; - } - gcry_mpi_release (n); + { + /* this is no public RSA key */ + GNUNET_break(0); + gcry_sexp_release(key->sexp); + GNUNET_free(key); + return NULL; + } + gcry_mpi_release(n); return key; } @@ -419,9 +416,9 @@ rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n) gcry_mpi_t g; int t; - g = gcry_mpi_new (0); - t = gcry_mpi_gcd(g,r,n); - gcry_mpi_release (g); + g = gcry_mpi_new(0); + t = gcry_mpi_gcd(g, r, n); + gcry_mpi_release(g); return t; } @@ -434,77 +431,78 @@ rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n) * @return the newly created blinding key, NULL if RSA key is malicious */ static struct RsaBlindingKey * -rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, - const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks) +rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks) { char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */ struct RsaBlindingKey *blind; gcry_mpi_t n; - blind = GNUNET_new (struct RsaBlindingKey); - GNUNET_assert( NULL != blind ); + blind = GNUNET_new(struct RsaBlindingKey); + GNUNET_assert(NULL != blind); /* Extract the composite n from the RSA public key */ - GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") ); + GNUNET_assert(0 == key_from_sexp(&n, pkey->sexp, "rsa", "n")); /* Assert that it at least looks like an RSA key */ - GNUNET_assert( 0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE) ); - - GNUNET_CRYPTO_kdf_mod_mpi (&blind->r, - n, - xts, strlen(xts), - bks, sizeof(*bks), - "Blinding KDF"); - if (0 == rsa_gcd_validate(blind->r, n)) { - GNUNET_free (blind); - blind = NULL; - } - - gcry_mpi_release (n); + GNUNET_assert(0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE)); + + GNUNET_CRYPTO_kdf_mod_mpi(&blind->r, + n, + xts, strlen(xts), + bks, sizeof(*bks), + "Blinding KDF"); + if (0 == rsa_gcd_validate(blind->r, n)) + { + GNUNET_free(blind); + blind = NULL; + } + + gcry_mpi_release(n); return blind; } /* -We originally added GNUNET_CRYPTO_kdf_mod_mpi for the benifit of the -previous routine. - -There was previously a call to GNUNET_CRYPTO_kdf in - bkey = rsa_blinding_key_derive (len, bks); -that gives exactly len bits where - len = GNUNET_CRYPTO_rsa_public_key_len (pkey); - -Now r = 2^(len-1)/pkey.n is the probability that a set high bit being -okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey > -pkey.n making the effective bkey be - bkey mod pkey.n = bkey - pkey.n -so the effective bkey has its high bit set with probability r/2. - -We expect r to be close to 1/2 if the exchange is honest, but the -exchange can choose r otherwise. - -In blind signing, the exchange sees - B = bkey * S mod pkey.n -On deposit, the exchange sees S so they can compute bkey' = B/S mod -pkey.n for all B they recorded to see if bkey' has it's high bit set. -Also, note the exchange can compute 1/S efficiently since they know the -factors of pkey.n. - -I suppose that happens with probability r/(1+r) if its the wrong B, not -completely sure. If otoh we've the right B, then we've the probability -r/2 of a set high bit in the effective bkey. - -Interestingly, r^2-r has a maximum at the default r=1/2 anyways, giving -the wrong and right probabilities 1/3 and 1/4, respectively. - -I feared this gives the exchange a meaningful fraction of a bit of -information per coin involved in the transaction. It sounds damaging if -numerous coins were involved. And it could run across transactions in -some scenarios. - -We fixed this by using a more uniform deterministic pseudo-random number -generator for blinding factors. I do not believe this to be a problem -for the rsa_full_domain_hash routine, but better safe than sorry. -*/ + We originally added GNUNET_CRYPTO_kdf_mod_mpi for the benifit of the + previous routine. + + There was previously a call to GNUNET_CRYPTO_kdf in + bkey = rsa_blinding_key_derive (len, bks); + that gives exactly len bits where + len = GNUNET_CRYPTO_rsa_public_key_len (pkey); + + Now r = 2^(len-1)/pkey.n is the probability that a set high bit being + okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey > + pkey.n making the effective bkey be + bkey mod pkey.n = bkey - pkey.n + so the effective bkey has its high bit set with probability r/2. + + We expect r to be close to 1/2 if the exchange is honest, but the + exchange can choose r otherwise. + + In blind signing, the exchange sees + B = bkey * S mod pkey.n + On deposit, the exchange sees S so they can compute bkey' = B/S mod + pkey.n for all B they recorded to see if bkey' has it's high bit set. + Also, note the exchange can compute 1/S efficiently since they know the + factors of pkey.n. + + I suppose that happens with probability r/(1+r) if its the wrong B, not + completely sure. If otoh we've the right B, then we've the probability + r/2 of a set high bit in the effective bkey. + + Interestingly, r^2-r has a maximum at the default r=1/2 anyways, giving + the wrong and right probabilities 1/3 and 1/4, respectively. + + I feared this gives the exchange a meaningful fraction of a bit of + information per coin involved in the transaction. It sounds damaging if + numerous coins were involved. And it could run across transactions in + some scenarios. + + We fixed this by using a more uniform deterministic pseudo-random number + generator for blinding factors. I do not believe this to be a problem + for the rsa_full_domain_hash routine, but better safe than sorry. + */ /** @@ -515,8 +513,8 @@ for the rsa_full_domain_hash routine, but better safe than sorry. * @return 0 if the two are equal */ int -GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, - struct GNUNET_CRYPTO_RsaSignature *s2) +GNUNET_CRYPTO_rsa_signature_cmp(struct GNUNET_CRYPTO_RsaSignature *s1, + struct GNUNET_CRYPTO_RsaSignature *s2) { char *b1; char *b2; @@ -524,18 +522,18 @@ GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, size_t z2; int ret; - z1 = GNUNET_CRYPTO_rsa_signature_encode (s1, - &b1); - z2 = GNUNET_CRYPTO_rsa_signature_encode (s2, - &b2); + z1 = GNUNET_CRYPTO_rsa_signature_encode(s1, + &b1); + z2 = GNUNET_CRYPTO_rsa_signature_encode(s2, + &b2); if (z1 != z2) ret = 1; else - ret = memcmp (b1, - b2, - z1); - GNUNET_free (b1); - GNUNET_free (b2); + ret = memcmp(b1, + b2, + z1); + GNUNET_free(b1); + GNUNET_free(b2); return ret; } @@ -548,8 +546,8 @@ GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, * @return 0 if the two are equal */ int -GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, - struct GNUNET_CRYPTO_RsaPublicKey *p2) +GNUNET_CRYPTO_rsa_public_key_cmp(struct GNUNET_CRYPTO_RsaPublicKey *p1, + struct GNUNET_CRYPTO_RsaPublicKey *p2) { char *b1; char *b2; @@ -557,18 +555,18 @@ GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, size_t z2; int ret; - z1 = GNUNET_CRYPTO_rsa_public_key_encode (p1, - &b1); - z2 = GNUNET_CRYPTO_rsa_public_key_encode (p2, - &b2); + z1 = GNUNET_CRYPTO_rsa_public_key_encode(p1, + &b1); + z2 = GNUNET_CRYPTO_rsa_public_key_encode(p2, + &b2); if (z1 != z2) ret = 1; else - ret = memcmp (b1, - b2, - z1); - GNUNET_free (b1); - GNUNET_free (b2); + ret = memcmp(b1, + b2, + z1); + GNUNET_free(b1); + GNUNET_free(b2); return ret; } @@ -581,8 +579,8 @@ GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, * @return 0 if the two are equal */ int -GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, - struct GNUNET_CRYPTO_RsaPrivateKey *p2) +GNUNET_CRYPTO_rsa_private_key_cmp(struct GNUNET_CRYPTO_RsaPrivateKey *p1, + struct GNUNET_CRYPTO_RsaPrivateKey *p2) { char *b1; char *b2; @@ -590,18 +588,18 @@ GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, size_t z2; int ret; - z1 = GNUNET_CRYPTO_rsa_private_key_encode (p1, - &b1); - z2 = GNUNET_CRYPTO_rsa_private_key_encode (p2, - &b2); + z1 = GNUNET_CRYPTO_rsa_private_key_encode(p1, + &b1); + z2 = GNUNET_CRYPTO_rsa_private_key_encode(p2, + &b2); if (z1 != z2) ret = 1; else - ret = memcmp (b1, - b2, - z1); - GNUNET_free (b1); - GNUNET_free (b2); + ret = memcmp(b1, + b2, + z1); + GNUNET_free(b1); + GNUNET_free(b2); return ret; } @@ -613,18 +611,18 @@ GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, * @return length of the key in bits */ unsigned int -GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key) +GNUNET_CRYPTO_rsa_public_key_len(const struct GNUNET_CRYPTO_RsaPublicKey *key) { gcry_mpi_t n; unsigned int rval; - if (0 != key_from_sexp (&n, key->sexp, "rsa", "n")) - { /* Not an RSA public key */ - GNUNET_break (0); - return 0; - } - rval = gcry_mpi_get_nbits (n); - gcry_mpi_release (n); + if (0 != key_from_sexp(&n, key->sexp, "rsa", "n")) + { /* Not an RSA public key */ + GNUNET_break(0); + return 0; + } + rval = gcry_mpi_get_nbits(n); + gcry_mpi_release(n); return rval; } @@ -635,10 +633,10 @@ GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key) * @param bkey the blinding key to destroy */ static void -rsa_blinding_key_free (struct RsaBlindingKey *bkey) +rsa_blinding_key_free(struct RsaBlindingKey *bkey) { - gcry_mpi_release (bkey->r); - GNUNET_free (bkey); + gcry_mpi_release(bkey->r); + GNUNET_free(bkey); } @@ -650,25 +648,25 @@ rsa_blinding_key_free (struct RsaBlindingKey *bkey) * @return number of bytes stored in @a buffer */ static size_t -numeric_mpi_alloc_n_print (gcry_mpi_t v, - char **buffer) +numeric_mpi_alloc_n_print(gcry_mpi_t v, + char **buffer) { size_t n; char *b; size_t rsize; - gcry_mpi_print (GCRYMPI_FMT_USG, - NULL, - 0, - &n, - v); - b = GNUNET_malloc (n); - GNUNET_assert (0 == - gcry_mpi_print (GCRYMPI_FMT_USG, - (unsigned char *) b, - n, - &rsize, - v)); + gcry_mpi_print(GCRYMPI_FMT_USG, + NULL, + 0, + &n, + v); + b = GNUNET_malloc(n); + GNUNET_assert(0 == + gcry_mpi_print(GCRYMPI_FMT_USG, + (unsigned char *)b, + n, + &rsize, + v)); *buffer = b; return n; } @@ -687,37 +685,37 @@ numeric_mpi_alloc_n_print (gcry_mpi_t v, * @return MPI value set to the FDH, NULL if RSA key is malicious */ static gcry_mpi_t -rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, - const struct GNUNET_HashCode *hash) +rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, + const struct GNUNET_HashCode *hash) { - gcry_mpi_t r,n; + gcry_mpi_t r, n; char *xts; size_t xts_len; int ok; /* Extract the composite n from the RSA public key */ - GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") ); + GNUNET_assert(0 == key_from_sexp(&n, pkey->sexp, "rsa", "n")); /* Assert that it at least looks like an RSA key */ - GNUNET_assert( 0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE) ); + GNUNET_assert(0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE)); /* We key with the public denomination key as a homage to RSA-PSS by * - * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree * - * of the hypothetical polyomial-time attack on RSA-KTI created by a * - * polynomial-time one-more forgary attack. Yey seeding! */ - xts_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, &xts); - - GNUNET_CRYPTO_kdf_mod_mpi (&r, - n, - xts, xts_len, - hash, sizeof(*hash), - "RSA-FDA FTpsW!"); - GNUNET_free (xts); - - ok = rsa_gcd_validate(r,n); - gcry_mpi_release (n); + * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree * + * of the hypothetical polyomial-time attack on RSA-KTI created by a * + * polynomial-time one-more forgary attack. Yey seeding! */ + xts_len = GNUNET_CRYPTO_rsa_public_key_encode(pkey, &xts); + + GNUNET_CRYPTO_kdf_mod_mpi(&r, + n, + xts, xts_len, + hash, sizeof(*hash), + "RSA-FDA FTpsW!"); + GNUNET_free(xts); + + ok = rsa_gcd_validate(r, n); + gcry_mpi_release(n); if (ok) return r; - gcry_mpi_release (r); + gcry_mpi_release(r); return NULL; } @@ -733,10 +731,10 @@ rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious */ int -GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, - const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, - struct GNUNET_CRYPTO_RsaPublicKey *pkey, - char **buf, size_t *buf_size) +GNUNET_CRYPTO_rsa_blind(const struct GNUNET_HashCode *hash, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, + struct GNUNET_CRYPTO_RsaPublicKey *pkey, + char **buf, size_t *buf_size) { struct RsaBlindingKey *bkey; gcry_mpi_t data; @@ -745,58 +743,59 @@ GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, gcry_mpi_t data_r_e; int ret; - BENCHMARK_START (rsa_blind); + BENCHMARK_START(rsa_blind); - GNUNET_assert (buf != NULL && buf_size != NULL); - ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne"); + GNUNET_assert(buf != NULL && buf_size != NULL); + ret = key_from_sexp(ne, pkey->sexp, "public-key", "ne"); if (0 != ret) - ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne"); + ret = key_from_sexp(ne, pkey->sexp, "rsa", "ne"); if (0 != ret) - { - GNUNET_break (0); - *buf = NULL; - *buf_size = 0; - return 0; - } - - data = rsa_full_domain_hash (pkey, hash); + { + GNUNET_break(0); + *buf = NULL; + *buf_size = 0; + return 0; + } + + data = rsa_full_domain_hash(pkey, hash); if (NULL == data) goto rsa_gcd_validate_failure; - bkey = rsa_blinding_key_derive (pkey, bks); - if (NULL == bkey) { - gcry_mpi_release (data); - goto rsa_gcd_validate_failure; - } - - r_e = gcry_mpi_new (0); - gcry_mpi_powm (r_e, - bkey->r, - ne[1], - ne[0]); - data_r_e = gcry_mpi_new (0); - gcry_mpi_mulm (data_r_e, - data, - r_e, - ne[0]); - gcry_mpi_release (data); - gcry_mpi_release (ne[0]); - gcry_mpi_release (ne[1]); - gcry_mpi_release (r_e); - rsa_blinding_key_free (bkey); - - *buf_size = numeric_mpi_alloc_n_print (data_r_e, buf); - gcry_mpi_release (data_r_e); - - BENCHMARK_END (rsa_blind); + bkey = rsa_blinding_key_derive(pkey, bks); + if (NULL == bkey) + { + gcry_mpi_release(data); + goto rsa_gcd_validate_failure; + } + + r_e = gcry_mpi_new(0); + gcry_mpi_powm(r_e, + bkey->r, + ne[1], + ne[0]); + data_r_e = gcry_mpi_new(0); + gcry_mpi_mulm(data_r_e, + data, + r_e, + ne[0]); + gcry_mpi_release(data); + gcry_mpi_release(ne[0]); + gcry_mpi_release(ne[1]); + gcry_mpi_release(r_e); + rsa_blinding_key_free(bkey); + + *buf_size = numeric_mpi_alloc_n_print(data_r_e, buf); + gcry_mpi_release(data_r_e); + + BENCHMARK_END(rsa_blind); return GNUNET_YES; rsa_gcd_validate_failure: /* We know the RSA key is malicious here, so warn the wallet. */ /* GNUNET_break_op (0); */ - gcry_mpi_release (ne[0]); - gcry_mpi_release (ne[1]); + gcry_mpi_release(ne[0]); + gcry_mpi_release(ne[1]); *buf = NULL; *buf_size = 0; return GNUNET_NO; @@ -810,15 +809,15 @@ rsa_gcd_validate_failure: * @return converted s-expression */ static gcry_sexp_t -mpi_to_sexp (gcry_mpi_t value) +mpi_to_sexp(gcry_mpi_t value) { gcry_sexp_t data = NULL; - GNUNET_assert (0 == - gcry_sexp_build (&data, - NULL, - "(data (flags raw) (value %M))", - value)); + GNUNET_assert(0 == + gcry_sexp_build(&data, + NULL, + "(data (flags raw) (value %M))", + value)); return data; } @@ -831,53 +830,53 @@ mpi_to_sexp (gcry_mpi_t value) * @return NULL on error, signature on success */ static struct GNUNET_CRYPTO_RsaSignature * -rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, - gcry_mpi_t value) +rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, + gcry_mpi_t value) { struct GNUNET_CRYPTO_RsaSignature *sig; gcry_sexp_t data; gcry_sexp_t result; int rc; - data = mpi_to_sexp (value); + data = mpi_to_sexp(value); if (0 != - (rc = gcry_pk_sign (&result, - data, - key->sexp))) - { - LOG (GNUNET_ERROR_TYPE_WARNING, - _("RSA signing failed at %s:%d: %s\n"), - __FILE__, - __LINE__, - gcry_strerror (rc)); - GNUNET_break (0); - return NULL; - } + (rc = gcry_pk_sign(&result, + data, + key->sexp))) + { + LOG(GNUNET_ERROR_TYPE_WARNING, + _("RSA signing failed at %s:%d: %s\n"), + __FILE__, + __LINE__, + gcry_strerror(rc)); + GNUNET_break(0); + return NULL; + } /* Lenstra protection was first added to libgcrypt 1.6.4 * with commit c17f84bd02d7ee93845e92e20f6ddba814961588. */ #if GCRYPT_VERSION_NUMBER < 0x010604 /* verify signature (guards against Lenstra's attack with fault injection...) */ - struct GNUNET_CRYPTO_RsaPublicKey *public_key = GNUNET_CRYPTO_rsa_private_key_get_public (key); + struct GNUNET_CRYPTO_RsaPublicKey *public_key = GNUNET_CRYPTO_rsa_private_key_get_public(key); if (0 != - gcry_pk_verify (result, - data, - public_key->sexp)) - { - GNUNET_break (0); - GNUNET_CRYPTO_rsa_public_key_free (public_key); - gcry_sexp_release (data); - gcry_sexp_release (result); - return NULL; - } - GNUNET_CRYPTO_rsa_public_key_free (public_key); + gcry_pk_verify(result, + data, + public_key->sexp)) + { + GNUNET_break(0); + GNUNET_CRYPTO_rsa_public_key_free(public_key); + gcry_sexp_release(data); + gcry_sexp_release(result); + return NULL; + } + GNUNET_CRYPTO_rsa_public_key_free(public_key); #endif /* return signature */ - gcry_sexp_release (data); - sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); + gcry_sexp_release(data); + sig = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); sig->sexp = result; return sig; } @@ -892,25 +891,25 @@ rsa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, * @return NULL on error, signature on success */ struct GNUNET_CRYPTO_RsaSignature * -GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, - const void *msg, - size_t msg_len) +GNUNET_CRYPTO_rsa_sign_blinded(const struct GNUNET_CRYPTO_RsaPrivateKey *key, + const void *msg, + size_t msg_len) { gcry_mpi_t v = NULL; struct GNUNET_CRYPTO_RsaSignature *sig; - BENCHMARK_START (rsa_sign_blinded); + BENCHMARK_START(rsa_sign_blinded); - GNUNET_assert (0 == - gcry_mpi_scan (&v, - GCRYMPI_FMT_USG, - msg, - msg_len, - NULL)); + GNUNET_assert(0 == + gcry_mpi_scan(&v, + GCRYMPI_FMT_USG, + msg, + msg_len, + NULL)); - sig = rsa_sign_mpi (key, v); - gcry_mpi_release (v); - BENCHMARK_END (rsa_sign_blinded); + sig = rsa_sign_mpi(key, v); + gcry_mpi_release(v); + BENCHMARK_END(rsa_sign_blinded); return sig; } @@ -923,21 +922,21 @@ GNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, * @return NULL on error, including a malicious RSA key, signature on success */ struct GNUNET_CRYPTO_RsaSignature * -GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, - const struct GNUNET_HashCode *hash) +GNUNET_CRYPTO_rsa_sign_fdh(const struct GNUNET_CRYPTO_RsaPrivateKey *key, + const struct GNUNET_HashCode *hash) { struct GNUNET_CRYPTO_RsaPublicKey *pkey; gcry_mpi_t v = NULL; struct GNUNET_CRYPTO_RsaSignature *sig; - pkey = GNUNET_CRYPTO_rsa_private_key_get_public (key); - v = rsa_full_domain_hash (pkey, hash); - GNUNET_CRYPTO_rsa_public_key_free (pkey); + pkey = GNUNET_CRYPTO_rsa_private_key_get_public(key); + v = rsa_full_domain_hash(pkey, hash); + GNUNET_CRYPTO_rsa_public_key_free(pkey); if (NULL == v) /* rsa_gcd_validate failed meaning */ return NULL; /* our *own* RSA key is malicious. */ - sig = rsa_sign_mpi (key, v); - gcry_mpi_release (v); + sig = rsa_sign_mpi(key, v); + gcry_mpi_release(v); return sig; } @@ -948,10 +947,10 @@ GNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, * @param sig memory to freee */ void -GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig) +GNUNET_CRYPTO_rsa_signature_free(struct GNUNET_CRYPTO_RsaSignature *sig) { - gcry_sexp_release (sig->sexp); - GNUNET_free (sig); + gcry_sexp_release(sig->sexp); + GNUNET_free(sig); } @@ -963,22 +962,22 @@ GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig) * @return size of memory allocated in @a buffer */ size_t -GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, - char **buffer) +GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, + char **buffer) { size_t n; char *b; - n = gcry_sexp_sprint (sig->sexp, - GCRYSEXP_FMT_ADVANCED, - NULL, - 0); - b = GNUNET_malloc (n); - GNUNET_assert ((n - 1) == /* since the last byte is \0 */ - gcry_sexp_sprint (sig->sexp, - GCRYSEXP_FMT_ADVANCED, - b, - n)); + n = gcry_sexp_sprint(sig->sexp, + GCRYSEXP_FMT_ADVANCED, + NULL, + 0); + b = GNUNET_malloc(n); + GNUNET_assert((n - 1) == /* since the last byte is \0 */ + gcry_sexp_sprint(sig->sexp, + GCRYSEXP_FMT_ADVANCED, + b, + n)); *buffer = b; return n; } @@ -993,37 +992,37 @@ GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig * @return NULL on error */ struct GNUNET_CRYPTO_RsaSignature * -GNUNET_CRYPTO_rsa_signature_decode (const char *buf, - size_t len) +GNUNET_CRYPTO_rsa_signature_decode(const char *buf, + size_t len) { struct GNUNET_CRYPTO_RsaSignature *sig; int ret; gcry_mpi_t s; - sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); + sig = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); if (0 != - gcry_sexp_new (&sig->sexp, - buf, - len, - 0)) - { - GNUNET_break_op (0); - GNUNET_free (sig); - return NULL; - } + gcry_sexp_new(&sig->sexp, + buf, + len, + 0)) + { + GNUNET_break_op(0); + GNUNET_free(sig); + return NULL; + } /* verify that this is an RSA signature */ - ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); + ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); if (0 != ret) - ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); + ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); if (0 != ret) - { - /* this is no RSA Signature */ - GNUNET_break_op (0); - gcry_sexp_release (sig->sexp); - GNUNET_free (sig); - return NULL; - } - gcry_mpi_release (s); + { + /* this is no RSA Signature */ + GNUNET_break_op(0); + gcry_sexp_release(sig->sexp); + GNUNET_free(sig); + return NULL; + } + gcry_mpi_release(s); return sig; } @@ -1035,19 +1034,19 @@ GNUNET_CRYPTO_rsa_signature_decode (const char *buf, * @return the duplicate key; NULL upon error */ struct GNUNET_CRYPTO_RsaPublicKey * -GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key) +GNUNET_CRYPTO_rsa_public_key_dup(const struct GNUNET_CRYPTO_RsaPublicKey *key) { struct GNUNET_CRYPTO_RsaPublicKey *dup; gcry_sexp_t dup_sexp; size_t erroff; /* check if we really are exporting a public key */ - dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0); - GNUNET_assert (NULL != dup_sexp); - gcry_sexp_release (dup_sexp); + dup_sexp = gcry_sexp_find_token(key->sexp, "public-key", 0); + GNUNET_assert(NULL != dup_sexp); + gcry_sexp_release(dup_sexp); /* copy the sexp */ - GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp)); - dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); + GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", key->sexp)); + dup = GNUNET_new(struct GNUNET_CRYPTO_RsaPublicKey); dup->sexp = dup_sexp; return dup; } @@ -1064,9 +1063,9 @@ GNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key) * @return unblinded signature on success, NULL if RSA key is bad or malicious. */ struct GNUNET_CRYPTO_RsaSignature * -GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, - const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, - struct GNUNET_CRYPTO_RsaPublicKey *pkey) +GNUNET_CRYPTO_rsa_unblind(const struct GNUNET_CRYPTO_RsaSignature *sig, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, + struct GNUNET_CRYPTO_RsaPublicKey *pkey) { struct RsaBlindingKey *bkey; gcry_mpi_t n; @@ -1076,70 +1075,70 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, int ret; struct GNUNET_CRYPTO_RsaSignature *sret; - BENCHMARK_START (rsa_unblind); + BENCHMARK_START(rsa_unblind); - ret = key_from_sexp (&n, pkey->sexp, "public-key", "n"); + ret = key_from_sexp(&n, pkey->sexp, "public-key", "n"); if (0 != ret) - ret = key_from_sexp (&n, pkey->sexp, "rsa", "n"); + ret = key_from_sexp(&n, pkey->sexp, "rsa", "n"); if (0 != ret) - { - GNUNET_break_op (0); - return NULL; - } - ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); + { + GNUNET_break_op(0); + return NULL; + } + ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); if (0 != ret) - ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); + ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); if (0 != ret) - { - gcry_mpi_release (n); - GNUNET_break_op (0); - return NULL; - } + { + gcry_mpi_release(n); + GNUNET_break_op(0); + return NULL; + } - bkey = rsa_blinding_key_derive (pkey, bks); + bkey = rsa_blinding_key_derive(pkey, bks); if (NULL == bkey) - { - /* RSA key is malicious since rsa_gcd_validate failed here. - * It should have failed during GNUNET_CRYPTO_rsa_blind too though, - * so the exchange is being malicious in an unfamilair way, maybe - * just trying to crash us. */ - GNUNET_break_op (0); - gcry_mpi_release (n); - gcry_mpi_release (s); - return NULL; - } - - r_inv = gcry_mpi_new (0); + { + /* RSA key is malicious since rsa_gcd_validate failed here. + * It should have failed during GNUNET_CRYPTO_rsa_blind too though, + * so the exchange is being malicious in an unfamilair way, maybe + * just trying to crash us. */ + GNUNET_break_op(0); + gcry_mpi_release(n); + gcry_mpi_release(s); + return NULL; + } + + r_inv = gcry_mpi_new(0); if (1 != - gcry_mpi_invm (r_inv, - bkey->r, - n)) - { - /* We cannot find r mod n, so gcd(r,n) != 1, which should get * - * caught above, but we handle it the same here. */ - GNUNET_break_op (0); - gcry_mpi_release (r_inv); - rsa_blinding_key_free (bkey); - gcry_mpi_release (n); - gcry_mpi_release (s); - return NULL; - } - - ubsig = gcry_mpi_new (0); - gcry_mpi_mulm (ubsig, s, r_inv, n); - gcry_mpi_release (n); - gcry_mpi_release (r_inv); - gcry_mpi_release (s); - rsa_blinding_key_free (bkey); - - sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); - GNUNET_assert (0 == - gcry_sexp_build (&sret->sexp, - NULL, - "(sig-val (rsa (s %M)))", - ubsig)); - gcry_mpi_release (ubsig); - BENCHMARK_END (rsa_unblind); + gcry_mpi_invm(r_inv, + bkey->r, + n)) + { + /* We cannot find r mod n, so gcd(r,n) != 1, which should get * + * caught above, but we handle it the same here. */ + GNUNET_break_op(0); + gcry_mpi_release(r_inv); + rsa_blinding_key_free(bkey); + gcry_mpi_release(n); + gcry_mpi_release(s); + return NULL; + } + + ubsig = gcry_mpi_new(0); + gcry_mpi_mulm(ubsig, s, r_inv, n); + gcry_mpi_release(n); + gcry_mpi_release(r_inv); + gcry_mpi_release(s); + rsa_blinding_key_free(bkey); + + sret = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); + GNUNET_assert(0 == + gcry_sexp_build(&sret->sexp, + NULL, + "(sig-val (rsa (s %M)))", + ubsig)); + gcry_mpi_release(ubsig); + BENCHMARK_END(rsa_unblind); return sret; } @@ -1154,46 +1153,47 @@ GNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, * @returns #GNUNET_YES if ok, #GNUNET_NO if RSA key is malicious, #GNUNET_SYSERR if signature is invalid */ int -GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, - const struct GNUNET_CRYPTO_RsaSignature *sig, - const struct GNUNET_CRYPTO_RsaPublicKey *pkey) +GNUNET_CRYPTO_rsa_verify(const struct GNUNET_HashCode *hash, + const struct GNUNET_CRYPTO_RsaSignature *sig, + const struct GNUNET_CRYPTO_RsaPublicKey *pkey) { gcry_sexp_t data; gcry_mpi_t r; int rc; - BENCHMARK_START (rsa_verify); + BENCHMARK_START(rsa_verify); - r = rsa_full_domain_hash (pkey, hash); - if (NULL == r) { - GNUNET_break_op (0); - /* RSA key is malicious since rsa_gcd_validate failed here. - * It should have failed during GNUNET_CRYPTO_rsa_blind too though, - * so the exchange is being malicious in an unfamilair way, maybe - * just trying to crash us. Arguably, we've only an internal error - * though because we should've detected this in our previous call - * to GNUNET_CRYPTO_rsa_unblind. */ - return GNUNET_NO; - } + r = rsa_full_domain_hash(pkey, hash); + if (NULL == r) + { + GNUNET_break_op(0); + /* RSA key is malicious since rsa_gcd_validate failed here. + * It should have failed during GNUNET_CRYPTO_rsa_blind too though, + * so the exchange is being malicious in an unfamilair way, maybe + * just trying to crash us. Arguably, we've only an internal error + * though because we should've detected this in our previous call + * to GNUNET_CRYPTO_rsa_unblind. */ + return GNUNET_NO; + } data = mpi_to_sexp(r); - gcry_mpi_release (r); + gcry_mpi_release(r); - rc = gcry_pk_verify (sig->sexp, - data, - pkey->sexp); - gcry_sexp_release (data); + rc = gcry_pk_verify(sig->sexp, + data, + pkey->sexp); + gcry_sexp_release(data); if (0 != rc) - { - LOG (GNUNET_ERROR_TYPE_WARNING, - _("RSA signature verification failed at %s:%d: %s\n"), - __FILE__, - __LINE__, - gcry_strerror (rc)); - return GNUNET_SYSERR; - BENCHMARK_END (rsa_verify); - } - BENCHMARK_END (rsa_verify); + { + LOG(GNUNET_ERROR_TYPE_WARNING, + _("RSA signature verification failed at %s:%d: %s\n"), + __FILE__, + __LINE__, + gcry_strerror(rc)); + return GNUNET_SYSERR; + BENCHMARK_END(rsa_verify); + } + BENCHMARK_END(rsa_verify); return GNUNET_OK; } @@ -1205,19 +1205,19 @@ GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, * @return the duplicate key; NULL upon error */ struct GNUNET_CRYPTO_RsaPrivateKey * -GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key) +GNUNET_CRYPTO_rsa_private_key_dup(const struct GNUNET_CRYPTO_RsaPrivateKey *key) { struct GNUNET_CRYPTO_RsaPrivateKey *dup; gcry_sexp_t dup_sexp; size_t erroff; /* check if we really are exporting a private key */ - dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0); - GNUNET_assert (NULL != dup_sexp); - gcry_sexp_release (dup_sexp); + dup_sexp = gcry_sexp_find_token(key->sexp, "private-key", 0); + GNUNET_assert(NULL != dup_sexp); + gcry_sexp_release(dup_sexp); /* copy the sexp */ - GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp)); - dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey); + GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", key->sexp)); + dup = GNUNET_new(struct GNUNET_CRYPTO_RsaPrivateKey); dup->sexp = dup_sexp; return dup; } @@ -1230,7 +1230,7 @@ GNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key * @return the duplicate key; NULL upon error */ struct GNUNET_CRYPTO_RsaSignature * -GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig) +GNUNET_CRYPTO_rsa_signature_dup(const struct GNUNET_CRYPTO_RsaSignature *sig) { struct GNUNET_CRYPTO_RsaSignature *dup; gcry_sexp_t dup_sexp; @@ -1239,14 +1239,14 @@ GNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig) int ret; /* verify that this is an RSA signature */ - ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); + ret = key_from_sexp(&s, sig->sexp, "sig-val", "s"); if (0 != ret) - ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); - GNUNET_assert (0 == ret); - gcry_mpi_release (s); + ret = key_from_sexp(&s, sig->sexp, "rsa", "s"); + GNUNET_assert(0 == ret); + gcry_mpi_release(s); /* copy the sexp */ - GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp)); - dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); + GNUNET_assert(0 == gcry_sexp_build(&dup_sexp, &erroff, "%S", sig->sexp)); + dup = GNUNET_new(struct GNUNET_CRYPTO_RsaSignature); dup->sexp = dup_sexp; return dup; } -- cgit v1.2.3