From 90ff9edfa9c5fcfa3a36d1653ff105e89b888e21 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 11 Apr 2020 21:43:28 +0200 Subject: fixing #6149 --- src/util/crypto_ecc.c | 96 +++---- src/util/crypto_ecc_setup.c | 573 ++++++++++++++++---------------------- src/util/disk.c | 64 ----- src/util/gnunet-crypto-tvg.c | 123 ++++---- src/util/gnunet-ecc.c | 108 ++++--- src/util/gnunet-scrypt.c | 11 +- src/util/os_priority.c | 2 +- src/util/test_crypto_ecdh_ecdsa.c | 27 +- src/util/test_crypto_ecdh_eddsa.c | 24 +- src/util/test_crypto_ecdhe.c | 27 +- src/util/test_crypto_ecdsa.c | 100 ++++--- src/util/test_crypto_eddsa.c | 108 ++++--- 12 files changed, 582 insertions(+), 681 deletions(-) (limited to 'src/util') diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 4c1169f43..851a45f93 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -491,118 +491,98 @@ GNUNET_CRYPTO_eddsa_key_clear (struct GNUNET_CRYPTO_EddsaPrivateKey *pk) /** - * Create a new private key. Caller must free return value. + * Create a new private key. * - * @return fresh private key + * @param[out] pk fresh private key */ -struct GNUNET_CRYPTO_EcdhePrivateKey * -GNUNET_CRYPTO_ecdhe_key_create () -{ - struct GNUNET_CRYPTO_EcdhePrivateKey *priv; - - priv = GNUNET_new (struct GNUNET_CRYPTO_EcdhePrivateKey); - if (GNUNET_OK != GNUNET_CRYPTO_ecdhe_key_create2 (priv)) - { - GNUNET_free (priv); - return NULL; - } - return priv; -} - - -/** - * @ingroup crypto - * Create a new private key. Clear with #GNUNET_CRYPTO_ecdhe_key_clear(). - * - * @param[out] pk set to fresh private key; - * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure - */ -int -GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk) +void +GNUNET_CRYPTO_ecdhe_key_create (struct GNUNET_CRYPTO_EcdhePrivateKey *pk) { BENCHMARK_START (ecdhe_key_create); GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, pk, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); BENCHMARK_END (ecdhe_key_create); - return GNUNET_OK; } /** - * Create a new private key. Caller must free return value. + * Create a new private key. * - * @return fresh private key + * @param[out] pk private key to initialize */ -struct GNUNET_CRYPTO_EcdsaPrivateKey * -GNUNET_CRYPTO_ecdsa_key_create () +void +GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk) { - struct GNUNET_CRYPTO_EcdsaPrivateKey *priv; gcry_sexp_t priv_sexp; gcry_sexp_t s_keyparam; gcry_mpi_t d; int rc; BENCHMARK_START (ecdsa_key_create); - if (0 != (rc = gcry_sexp_build (&s_keyparam, NULL, "(genkey(ecc(curve \"" CURVE "\")" "(flags)))"))) { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); - return NULL; + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, + "gcry_sexp_build", + rc); + GNUNET_assert (0); } - if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam))) + if (0 != (rc = gcry_pk_genkey (&priv_sexp, + s_keyparam))) { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc); + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, + "gcry_pk_genkey", + rc); gcry_sexp_release (s_keyparam); - return NULL; + GNUNET_assert (0); } gcry_sexp_release (s_keyparam); #if EXTRA_CHECKS if (0 != (rc = gcry_pk_testkey (priv_sexp))) { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, + "gcry_pk_testkey", + rc); gcry_sexp_release (priv_sexp); - return NULL; + GNUNET_assert (0); } #endif - if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d"))) + if (0 != (rc = key_from_sexp (&d, priv_sexp, + "private-key", + "d"))) { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc); + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, + "key_from_sexp", + rc); gcry_sexp_release (priv_sexp); - return NULL; + GNUNET_assert (0); } gcry_sexp_release (priv_sexp); - priv = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPrivateKey); - GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof(priv->d), d); + GNUNET_CRYPTO_mpi_print_unsigned (pk->d, + sizeof(pk->d), + d); gcry_mpi_release (d); - BENCHMARK_END (ecdsa_key_create); - - return priv; } /** - * Create a new private key. Caller must free return value. + * Create a new private key. * - * @return fresh private key + * @param[out] pk set to fresh private key */ -struct GNUNET_CRYPTO_EddsaPrivateKey * -GNUNET_CRYPTO_eddsa_key_create () +void +GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk) { - struct GNUNET_CRYPTO_EddsaPrivateKey *priv; - BENCHMARK_START (eddsa_key_create); - priv = GNUNET_new (struct GNUNET_CRYPTO_EddsaPrivateKey); GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, - priv, + pk, sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); + // FIXME: should we not do the clamping here? Or is this done elsewhere? BENCHMARK_END (eddsa_key_create); - - return priv; } diff --git a/src/util/crypto_ecc_setup.c b/src/util/crypto_ecc_setup.c index b3d410b7a..5167a33fb 100644 --- a/src/util/crypto_ecc_setup.c +++ b/src/util/crypto_ecc_setup.c @@ -1,6 +1,6 @@ /* This file is part of GNUnet. - Copyright (C) 2012, 2013, 2015 GNUnet e.V. + Copyright (C) 2012, 2013, 2015, 2020 GNUnet e.V. GNUnet is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published @@ -53,375 +53,261 @@ /** - * Wait for a short time (we're trying to lock a file or want - * to give another process a shot at finishing a disk write, etc.). - * Sleeps for 100ms (as that should be long enough for virtually all - * modern systems to context switch and allow another process to do - * some 'real' work). + * Read file to @a buf. Fails if the file does not exist or + * does not have precisely @a buf_size bytes. + * + * @param filename file to read + * @param[out] buf where to write the file contents + * @param buf_size number of bytes in @a buf + * @return #GNUNET_OK on success */ -static void -short_wait () +static int +read_from_file (const char *filename, + void *buf, + size_t buf_size) { - struct GNUNET_TIME_Relative timeout; + int fd; + struct stat sb; - timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, 100); - (void) GNUNET_NETWORK_socket_select (NULL, NULL, NULL, timeout); + fd = open (filename, + O_RDONLY); + if (-1 == fd) + { + memset (buf, + 0, + buf_size); + return GNUNET_SYSERR; + } + if (0 != fstat (fd, + &sb)) + { + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, + "stat", + filename); + GNUNET_assert (0 == close (fd)); + memset (buf, + 0, + buf_size); + return GNUNET_SYSERR; + } + if (sb.st_size != buf_size) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "File `%s' has wrong size (%llu), expected %llu bytes\n", + filename, + (unsigned long long) sb.st_size, + (unsigned long long) buf_size); + GNUNET_assert (0 == close (fd)); + memset (buf, + 0, + buf_size); + return GNUNET_SYSERR; + } + if (buf_size != + read (fd, + buf, + buf_size)) + { + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, + "read", + filename); + GNUNET_assert (0 == close (fd)); + memset (buf, + 0, + buf_size); + return GNUNET_SYSERR; + } + GNUNET_assert (0 == close (fd)); + return GNUNET_OK; } /** - * Create a new private key by reading it from a file. If the - * files does not exist, create a new key and write it to the - * file. Caller must free return value. Note that this function - * can not guarantee that another process might not be trying - * the same operation on the same file at the same time. - * If the contents of the file - * are invalid the old file is deleted and a fresh key is - * created. + * Write contents of @a buf atomically to @a filename. + * Fail if @a filename already exists or if not exactly + * @a buf with @a buf_size bytes could be written to + * @a filename. * - * @param filename name of file to use to store the key - * @return new private key, NULL on error (for example, - * permission denied) + * @param filename where to write + * @param buf buffer to write + * @param buf_size number of bytes in @a buf to write + * @return #GNUNET_OK on success, + * #GNUNET_NO if a file existed under @a filename + * #GNUNET_SYSERR on failure */ -struct GNUNET_CRYPTO_EddsaPrivateKey * -GNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename) +static int +atomic_write_to_file (const char *filename, + const void *buf, + size_t buf_size) { - struct GNUNET_CRYPTO_EddsaPrivateKey *priv; - struct GNUNET_DISK_FileHandle *fd; - unsigned int cnt; - int ec; - uint64_t fs; - ssize_t sret; + char *tmpl; + int fd; - if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename)) - return NULL; - while (GNUNET_YES != GNUNET_DISK_file_test (filename)) { - fd = - GNUNET_DISK_file_open (filename, - GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE - | GNUNET_DISK_OPEN_FAILIFEXISTS, - GNUNET_DISK_PERM_USER_READ - | GNUNET_DISK_PERM_USER_WRITE); - if (NULL == fd) - { - if (EEXIST == errno) - { - if (GNUNET_YES != GNUNET_DISK_file_test (filename)) - { - /* must exist but not be accessible, fail for good! */ - if (0 != access (filename, R_OK)) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "access", filename); - else - GNUNET_break (0); /* what is going on!? */ - return NULL; - } - continue; - } - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename); - return NULL; - } - cnt = 0; - while (GNUNET_YES != - GNUNET_DISK_file_lock (fd, - 0, - sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey), - GNUNET_YES)) - { - short_wait (); - if (0 == ++cnt % 10) - { - ec = errno; - LOG (GNUNET_ERROR_TYPE_ERROR, - _ ("Could not acquire lock on file `%s': %s...\n"), - filename, - strerror (ec)); - } - } - LOG (GNUNET_ERROR_TYPE_INFO, - _ ("Creating a new private key. This may take a while.\n")); - priv = GNUNET_CRYPTO_eddsa_key_create (); - GNUNET_assert (NULL != priv); - GNUNET_assert (sizeof(*priv) == - GNUNET_DISK_file_write (fd, priv, sizeof(*priv))); - GNUNET_DISK_file_sync (fd); - if (GNUNET_YES != - GNUNET_DISK_file_unlock (fd, - 0, - sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey))) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); - GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd)); - return priv; + char *dname; + + dname = GNUNET_strdup (filename); + GNUNET_asprintf (&tmpl, + "%s/XXXXXX", + dirname (dname)); + GNUNET_free (dname); } - /* key file exists already, read it! */ - fd = GNUNET_DISK_file_open (filename, - GNUNET_DISK_OPEN_READ, - GNUNET_DISK_PERM_NONE); - if (NULL == fd) + fd = mkstemp (tmpl); + if (-1 == fd) { - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename); - return NULL; + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, + "mkstemp", + tmpl); + GNUNET_free (tmpl); + return GNUNET_SYSERR; } - cnt = 0; - while (1) + if (0 != fchmod (fd, + S_IRUSR)) { - if (GNUNET_YES != - GNUNET_DISK_file_lock (fd, - 0, - sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey), - GNUNET_NO)) - { - if (0 == ++cnt % 60) - { - ec = errno; - LOG (GNUNET_ERROR_TYPE_ERROR, - _ ("Could not acquire lock on file `%s': %s...\n"), - filename, - strerror (ec)); - LOG ( - GNUNET_ERROR_TYPE_ERROR, - _ ( - "This may be ok if someone is currently generating a private key.\n")); - } - short_wait (); - continue; - } - if (GNUNET_YES != GNUNET_DISK_file_test (filename)) - { - /* eh, what!? File we opened is now gone!? */ - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "stat", filename); - if (GNUNET_YES != - GNUNET_DISK_file_unlock (fd, - 0, - sizeof( - struct GNUNET_CRYPTO_EddsaPrivateKey))) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); - GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd)); - - return NULL; - } - if (GNUNET_OK != - GNUNET_DISK_file_size (filename, &fs, GNUNET_YES, GNUNET_YES)) - fs = 0; - if (fs < sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)) - { - /* maybe we got the read lock before the key generating - * process had a chance to get the write lock; give it up! */ - if (GNUNET_YES != - GNUNET_DISK_file_unlock (fd, - 0, - sizeof( - struct GNUNET_CRYPTO_EddsaPrivateKey))) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); - if (0 == ++cnt % 10) - { - LOG (GNUNET_ERROR_TYPE_ERROR, - _ ( - "When trying to read key file `%s' I found %u bytes but I need at least %u.\n"), - filename, - (unsigned int) fs, - (unsigned int) sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)); - LOG (GNUNET_ERROR_TYPE_ERROR, - _ ("This may be ok if someone is currently generating a key.\n")); - } - short_wait (); /* wait a bit longer! */ - continue; - } - break; + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, + "chmod", + tmpl); + GNUNET_assert (0 == close (fd)); + if (0 != unlink (tmpl)) + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, + "unlink", + tmpl); + GNUNET_free (tmpl); + return GNUNET_SYSERR; } - fs = sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey); - priv = GNUNET_malloc (fs); - sret = GNUNET_DISK_file_read (fd, priv, fs); - GNUNET_assert ((sret >= 0) && (fs == (size_t) sret)); - if (GNUNET_YES != - GNUNET_DISK_file_unlock (fd, - 0, - sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey))) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); - GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd)); -#if CRYPTO_BUG - if (GNUNET_OK != check_eddsa_key (priv)) + if (buf_size != + write (fd, + buf, + buf_size)) { - GNUNET_break (0); - GNUNET_free (priv); - return NULL; + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, + "write", + tmpl); + GNUNET_assert (0 == close (fd)); + if (0 != unlink (tmpl)) + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, + "unlink", + tmpl); + GNUNET_free (tmpl); + return GNUNET_SYSERR; } -#endif - return priv; + GNUNET_assert (0 == close (fd)); + + if (0 != link (tmpl, + filename)) + { + if (0 != unlink (tmpl)) + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, + "unlink", + tmpl); + GNUNET_free (tmpl); + return GNUNET_NO; + } + if (0 != unlink (tmpl)) + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, + "unlink", + tmpl); + GNUNET_free (tmpl); + return GNUNET_OK; } /** - * Create a new private key by reading it from a file. If the - * files does not exist, create a new key and write it to the - * file. Caller must free return value. Note that this function - * can not guarantee that another process might not be trying - * the same operation on the same file at the same time. - * If the contents of the file - * are invalid the old file is deleted and a fresh key is - * created. + * @ingroup crypto + * @brief Create a new private key by reading it from a file. + * + * If the files does not exist and @a do_create is set, creates a new key and + * write it to the file. + * + * If the contents of the file are invalid, an error is returned. * * @param filename name of file to use to store the key - * @return new private key, NULL on error (for example, - * permission denied) + * @param do_create should a file be created? + * @param[out] pkey set to the private key from @a filename on success + * @return #GNUNET_OK on success, #GNUNET_NO if @a do_create was set but + * we found an existing file, #GNUNET_SYSERR on failure */ -struct GNUNET_CRYPTO_EcdsaPrivateKey * -GNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename) +int +GNUNET_CRYPTO_eddsa_key_from_file (const char *filename, + int do_create, + struct GNUNET_CRYPTO_EddsaPrivateKey *pkey) { - struct GNUNET_CRYPTO_EcdsaPrivateKey *priv; - struct GNUNET_DISK_FileHandle *fd; - unsigned int cnt; - int ec; - uint64_t fs; - ssize_t sret; - - if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename)) - return NULL; - while (GNUNET_YES != GNUNET_DISK_file_test (filename)) + int ret; + + if (GNUNET_OK == + read_from_file (filename, + pkey, + sizeof (*pkey))) { - fd = - GNUNET_DISK_file_open (filename, - GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE - | GNUNET_DISK_OPEN_FAILIFEXISTS, - GNUNET_DISK_PERM_USER_READ - | GNUNET_DISK_PERM_USER_WRITE); - if (NULL == fd) - { - if (EEXIST == errno) - { - if (GNUNET_YES != GNUNET_DISK_file_test (filename)) - { - /* must exist but not be accessible, fail for good! */ - if (0 != access (filename, R_OK)) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "access", filename); - else - GNUNET_break (0); /* what is going on!? */ - return NULL; - } - continue; - } - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename); - return NULL; - } - cnt = 0; - while (GNUNET_YES != - GNUNET_DISK_file_lock (fd, - 0, - sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey), - GNUNET_YES)) - { - short_wait (); - if (0 == ++cnt % 10) - { - ec = errno; - LOG (GNUNET_ERROR_TYPE_ERROR, - _ ("Could not acquire lock on file `%s': %s...\n"), - filename, - strerror (ec)); - } - } - LOG (GNUNET_ERROR_TYPE_INFO, - _ ("Creating a new private key. This may take a while.\n")); - priv = GNUNET_CRYPTO_ecdsa_key_create (); - GNUNET_assert (NULL != priv); - GNUNET_assert (sizeof(*priv) == - GNUNET_DISK_file_write (fd, priv, sizeof(*priv))); - GNUNET_DISK_file_sync (fd); - if (GNUNET_YES != - GNUNET_DISK_file_unlock (fd, - 0, - sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey))) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); - GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd)); - return priv; + /* file existed, report that we didn't create it... */ + return (do_create) ? GNUNET_NO : GNUNET_OK; } - /* key file exists already, read it! */ - fd = GNUNET_DISK_file_open (filename, - GNUNET_DISK_OPEN_READ, - GNUNET_DISK_PERM_NONE); - if (NULL == fd) + GNUNET_CRYPTO_eddsa_key_create (pkey); + ret = atomic_write_to_file (filename, + pkey, + sizeof (*pkey)); + if ( (GNUNET_OK == ret) || + (GNUNET_SYSERR == ret) ) + return ret; + /* maybe another process succeeded in the meantime, try reading one more time */ + if (GNUNET_OK == + read_from_file (filename, + pkey, + sizeof (*pkey))) { - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename); - return NULL; + /* file existed, report that *we* didn't create it... */ + return (do_create) ? GNUNET_NO : GNUNET_OK; } - cnt = 0; - while (1) + /* give up */ + return GNUNET_SYSERR; +} + + +/** + * @ingroup crypto + * @brief Create a new private key by reading it from a file. + * + * If the files does not exist and @a do_create is set, creates a new key and + * write it to the file. + * + * If the contents of the file are invalid, an error is returned. + * + * @param filename name of file to use to store the key + * @param do_create should a file be created? + * @param[out] pkey set to the private key from @a filename on success + * @return #GNUNET_OK on success, #GNUNET_NO if @a do_create was set but + * we found an existing file, #GNUNET_SYSERR on failure + */ +int +GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename, + int do_create, + struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey) +{ + if (GNUNET_OK == + read_from_file (filename, + pkey, + sizeof (*pkey))) { - if (GNUNET_YES != - GNUNET_DISK_file_lock (fd, - 0, - sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey), - GNUNET_NO)) - { - if (0 == ++cnt % 60) - { - ec = errno; - LOG (GNUNET_ERROR_TYPE_ERROR, - _ ("Could not acquire lock on file `%s': %s...\n"), - filename, - strerror (ec)); - LOG ( - GNUNET_ERROR_TYPE_ERROR, - _ ( - "This may be ok if someone is currently generating a private key.\n")); - } - short_wait (); - continue; - } - if (GNUNET_YES != GNUNET_DISK_file_test (filename)) - { - /* eh, what!? File we opened is now gone!? */ - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "stat", filename); - if (GNUNET_YES != - GNUNET_DISK_file_unlock (fd, - 0, - sizeof( - struct GNUNET_CRYPTO_EcdsaPrivateKey))) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); - GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd)); - - return NULL; - } - if (GNUNET_OK != - GNUNET_DISK_file_size (filename, &fs, GNUNET_YES, GNUNET_YES)) - fs = 0; - if (fs < sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)) - { - /* maybe we got the read lock before the key generating - * process had a chance to get the write lock; give it up! */ - if (GNUNET_YES != - GNUNET_DISK_file_unlock (fd, - 0, - sizeof( - struct GNUNET_CRYPTO_EcdsaPrivateKey))) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); - if (0 == ++cnt % 10) - { - LOG (GNUNET_ERROR_TYPE_ERROR, - _ ( - "When trying to read key file `%s' I found %u bytes but I need at least %u.\n"), - filename, - (unsigned int) fs, - (unsigned int) sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)); - LOG (GNUNET_ERROR_TYPE_ERROR, - _ ("This may be ok if someone is currently generating a key.\n")); - } - short_wait (); /* wait a bit longer! */ - continue; - } - break; + /* file existed, report that we didn't create it... */ + return (do_create) ? GNUNET_NO : GNUNET_OK; } - fs = sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey); - priv = GNUNET_malloc (fs); - sret = GNUNET_DISK_file_read (fd, priv, fs); - GNUNET_assert ((sret >= 0) && (fs == (size_t) sret)); - if (GNUNET_YES != - GNUNET_DISK_file_unlock (fd, - 0, - sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey))) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); - GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd)); - return priv; + GNUNET_CRYPTO_ecdsa_key_create (pkey); + if (GNUNET_OK == + atomic_write_to_file (filename, + pkey, + sizeof (*pkey))) + return GNUNET_OK; + /* maybe another process succeeded in the meantime, try reading one more time */ + if (GNUNET_OK == + read_from_file (filename, + pkey, + sizeof (*pkey))) + { + /* file existed, report that *we* didn't create it... */ + return (do_create) ? GNUNET_NO : GNUNET_OK; + } + /* give up */ + return GNUNET_SYSERR; } @@ -441,9 +327,15 @@ GNUNET_CRYPTO_eddsa_key_create_from_configuration ( char *fn; if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn)) + GNUNET_CONFIGURATION_get_value_filename (cfg, + "PEER", + "PRIVATE_KEY", + &fn)) return NULL; - priv = GNUNET_CRYPTO_eddsa_key_create_from_file (fn); + priv = GNUNET_new (struct GNUNET_CRYPTO_EddsaPrivateKey); + GNUNET_CRYPTO_eddsa_key_from_file (fn, + GNUNET_YES, + priv); GNUNET_free (fn); return priv; } @@ -469,7 +361,8 @@ GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, _ ("Could not load peer's private key\n")); return GNUNET_SYSERR; } - GNUNET_CRYPTO_eddsa_key_get_public (priv, &dst->public_key); + GNUNET_CRYPTO_eddsa_key_get_public (priv, + &dst->public_key); GNUNET_free (priv); return GNUNET_OK; } diff --git a/src/util/disk.c b/src/util/disk.c index b98c81e4b..9018aa955 100644 --- a/src/util/disk.c +++ b/src/util/disk.c @@ -1187,70 +1187,6 @@ GNUNET_DISK_file_change_owner (const char *filename, const char *user) } -/** - * Lock a part of a file - * - * @param fh file handle - * @param lock_start absolute position from where to lock - * @param lock_end absolute position until where to lock - * @param excl #GNUNET_YES for an exclusive lock - * @return #GNUNET_OK on success, #GNUNET_SYSERR on error - */ -int -GNUNET_DISK_file_lock (struct GNUNET_DISK_FileHandle *fh, - off_t lock_start, - off_t lock_end, - int excl) -{ - if (fh == NULL) - { - errno = EINVAL; - return GNUNET_SYSERR; - } - - struct flock fl; - - memset (&fl, 0, sizeof(struct flock)); - fl.l_type = excl ? F_WRLCK : F_RDLCK; - fl.l_whence = SEEK_SET; - fl.l_start = lock_start; - fl.l_len = lock_end; - - return fcntl (fh->fd, F_SETLK, &fl) != 0 ? GNUNET_SYSERR : GNUNET_OK; -} - - -/** - * Unlock a part of a file - * - * @param fh file handle - * @param unlock_start absolute position from where to unlock - * @param unlock_end absolute position until where to unlock - * @return #GNUNET_OK on success, #GNUNET_SYSERR on error - */ -int -GNUNET_DISK_file_unlock (struct GNUNET_DISK_FileHandle *fh, - off_t unlock_start, - off_t unlock_end) -{ - if (fh == NULL) - { - errno = EINVAL; - return GNUNET_SYSERR; - } - - struct flock fl; - - memset (&fl, 0, sizeof(struct flock)); - fl.l_type = F_UNLCK; - fl.l_whence = SEEK_SET; - fl.l_start = unlock_start; - fl.l_len = unlock_end; - - return fcntl (fh->fd, F_SETLK, &fl) != 0 ? GNUNET_SYSERR : GNUNET_OK; -} - - /** * Open a file. Note that the access permissions will only be * used if a new file is created and if the underlying operating diff --git a/src/util/gnunet-crypto-tvg.c b/src/util/gnunet-crypto-tvg.c index e0ef9a622..c3fead62e 100644 --- a/src/util/gnunet-crypto-tvg.c +++ b/src/util/gnunet-crypto-tvg.c @@ -86,50 +86,63 @@ run (void *cls, display_data (" output", &hc, sizeof (struct GNUNET_HashCode)); } { - struct GNUNET_CRYPTO_EcdhePrivateKey *priv1; + struct GNUNET_CRYPTO_EcdhePrivateKey priv1; struct GNUNET_CRYPTO_EcdhePublicKey pub1; - struct GNUNET_CRYPTO_EcdhePrivateKey *priv2; + struct GNUNET_CRYPTO_EcdhePrivateKey priv2; struct GNUNET_HashCode skm; - priv1 = GNUNET_CRYPTO_ecdhe_key_create (); - priv2 = GNUNET_CRYPTO_ecdhe_key_create (); - GNUNET_CRYPTO_ecdhe_key_get_public (priv1, &pub1); - GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecc_ecdh (priv2, &pub1, &skm)); + + GNUNET_CRYPTO_ecdhe_key_create (&priv1); + GNUNET_CRYPTO_ecdhe_key_create (&priv2); + GNUNET_CRYPTO_ecdhe_key_get_public (&priv1, + &pub1); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_ecc_ecdh (&priv2, + &pub1, + &skm)); printf ("ecdhe key:\n"); - display_data (" priv1", priv1, sizeof (struct - GNUNET_CRYPTO_EcdhePrivateKey)); - display_data (" pub1", &pub1, sizeof (struct - GNUNET_CRYPTO_EcdhePublicKey)); - display_data (" priv2", priv2, sizeof (struct - GNUNET_CRYPTO_EcdhePrivateKey)); - display_data (" skm", &skm, sizeof (struct GNUNET_HashCode)); - GNUNET_free (priv1); - GNUNET_free (priv2); + display_data (" priv1", + &priv1, + sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); + display_data (" pub1", + &pub1, + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + display_data (" priv2", + &priv2, + sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); + display_data (" skm", + &skm, + sizeof (struct GNUNET_HashCode)); } { - struct GNUNET_CRYPTO_EddsaPrivateKey *priv; + struct GNUNET_CRYPTO_EddsaPrivateKey priv; struct GNUNET_CRYPTO_EddsaPublicKey pub; - priv = GNUNET_CRYPTO_eddsa_key_create (); - GNUNET_CRYPTO_eddsa_key_get_public (priv, &pub); + + GNUNET_CRYPTO_eddsa_key_create (&priv); + GNUNET_CRYPTO_eddsa_key_get_public (&priv, + &pub); printf ("eddsa key:\n"); - display_data (" priv", priv, sizeof (struct - GNUNET_CRYPTO_EddsaPrivateKey)); - display_data (" pub", &pub, sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); - GNUNET_free (priv); + display_data (" priv", + &priv, + sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); + display_data (" pub", + &pub, + sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); } { - struct GNUNET_CRYPTO_EddsaPrivateKey *priv; + struct GNUNET_CRYPTO_EddsaPrivateKey priv; struct GNUNET_CRYPTO_EddsaPublicKey pub; struct GNUNET_CRYPTO_EddsaSignature sig; struct TestSignatureDataPS data = { 0 }; - priv = GNUNET_CRYPTO_eddsa_key_create (); - GNUNET_CRYPTO_eddsa_key_get_public (priv, &pub); + GNUNET_CRYPTO_eddsa_key_create (&priv); + GNUNET_CRYPTO_eddsa_key_get_public (&priv, + &pub); data.purpose.size = htonl (sizeof (data)); data.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); - GNUNET_CRYPTO_eddsa_sign (priv, + GNUNET_CRYPTO_eddsa_sign (&priv, &data, &sig); GNUNET_assert (GNUNET_OK == @@ -139,12 +152,18 @@ run (void *cls, &pub)); printf ("eddsa sig:\n"); - display_data (" priv", priv, sizeof (struct - GNUNET_CRYPTO_EddsaPrivateKey)); - display_data (" pub", &pub, sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); - display_data (" data", &data, sizeof (struct TestSignatureDataPS)); - display_data (" sig", &sig, sizeof (struct GNUNET_CRYPTO_EddsaSignature)); - GNUNET_free (priv); + display_data (" priv", + &priv, + sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); + display_data (" pub", + &pub, + sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); + display_data (" data", + &data, + sizeof (struct TestSignatureDataPS)); + display_data (" sig", + &sig, + sizeof (struct GNUNET_CRYPTO_EddsaSignature)); } { @@ -173,28 +192,34 @@ run (void *cls, display_data (" out", out, out_len); } { - struct GNUNET_CRYPTO_EcdhePrivateKey *priv_ecdhe; + struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdhe; struct GNUNET_CRYPTO_EcdhePublicKey pub_ecdhe; - struct GNUNET_CRYPTO_EddsaPrivateKey *priv_eddsa; + struct GNUNET_CRYPTO_EddsaPrivateKey priv_eddsa; struct GNUNET_CRYPTO_EddsaPublicKey pub_eddsa; struct GNUNET_HashCode key_material; - priv_ecdhe = GNUNET_CRYPTO_ecdhe_key_create (); - GNUNET_CRYPTO_ecdhe_key_get_public (priv_ecdhe, &pub_ecdhe); - priv_eddsa = GNUNET_CRYPTO_eddsa_key_create (); - GNUNET_CRYPTO_eddsa_key_get_public (priv_eddsa, &pub_eddsa); - GNUNET_CRYPTO_ecdh_eddsa (priv_ecdhe, &pub_eddsa, &key_material); + + GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdhe); + GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdhe, &pub_ecdhe); + GNUNET_CRYPTO_eddsa_key_create (&priv_eddsa); + GNUNET_CRYPTO_eddsa_key_get_public (&priv_eddsa, &pub_eddsa); + GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdhe, &pub_eddsa, &key_material); printf ("eddsa_ecdh:\n"); - display_data (" priv_ecdhe", priv_ecdhe, sizeof (struct - GNUNET_CRYPTO_EcdhePrivateKey)); - display_data (" pub_ecdhe", &pub_ecdhe, sizeof (struct - GNUNET_CRYPTO_EcdhePublicKey)); - display_data (" priv_eddsa", priv_eddsa, sizeof (struct - GNUNET_CRYPTO_EddsaPrivateKey)); - display_data (" pub_eddsa", &pub_eddsa, sizeof (struct - GNUNET_CRYPTO_EddsaPublicKey)); - display_data (" key_material", &key_material, sizeof (struct - GNUNET_HashCode)); + display_data (" priv_ecdhe", + &priv_ecdhe, + sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); + display_data (" pub_ecdhe", + &pub_ecdhe, + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + display_data (" priv_eddsa", + &priv_eddsa, + sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); + display_data (" pub_eddsa", + &pub_eddsa, + sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)); + display_data (" key_material", + &key_material, + sizeof (struct GNUNET_HashCode)); } { diff --git a/src/util/gnunet-ecc.c b/src/util/gnunet-ecc.c index 02d2020ad..764a507b6 100644 --- a/src/util/gnunet-ecc.c +++ b/src/util/gnunet-ecc.c @@ -79,7 +79,7 @@ static void create_keys (const char *fn, const char *prefix) { FILE *f; - struct GNUNET_CRYPTO_EddsaPrivateKey *pk; + struct GNUNET_CRYPTO_EddsaPrivateKey pk; struct GNUNET_CRYPTO_EddsaPublicKey target_pub; static char vanity[KEY_STR_LEN + 1]; size_t len; @@ -141,17 +141,16 @@ create_keys (const char *fn, const char *prefix) while (0 < make_keys--) { fprintf (stderr, "."); - if (NULL == (pk = GNUNET_CRYPTO_eddsa_key_create ())) - { - GNUNET_break (0); - break; - } + GNUNET_CRYPTO_eddsa_key_create (&pk); if (NULL != prefix) { struct GNUNET_CRYPTO_EddsaPublicKey newkey; - GNUNET_CRYPTO_eddsa_key_get_public (pk, &newkey); - if (0 != memcmp (&target_pub, &newkey, n)) + GNUNET_CRYPTO_eddsa_key_get_public (&pk, + &newkey); + if (0 != memcmp (&target_pub, + &newkey, + n)) { make_keys++; continue; @@ -169,16 +168,17 @@ create_keys (const char *fn, const char *prefix) } } if (GNUNET_TESTING_HOSTKEYFILESIZE != - fwrite (pk, 1, GNUNET_TESTING_HOSTKEYFILESIZE, f)) + fwrite (&pk, + 1, + GNUNET_TESTING_HOSTKEYFILESIZE, + f)) { fprintf (stderr, _ ("\nFailed to write to `%s': %s\n"), fn, strerror (errno)); - GNUNET_free (pk); break; } - GNUNET_free (pk); } if (UINT_MAX == make_keys) fprintf (stderr, _ ("\nFinished!\n")); @@ -201,49 +201,75 @@ print_hex (const char *msg, const void *buf, size_t size) static void -print_examples_ecdh () +print_examples_ecdh (void) { - struct GNUNET_CRYPTO_EcdhePrivateKey *dh_priv1; - struct GNUNET_CRYPTO_EcdhePublicKey *dh_pub1; - struct GNUNET_CRYPTO_EcdhePrivateKey *dh_priv2; - struct GNUNET_CRYPTO_EcdhePublicKey *dh_pub2; + struct GNUNET_CRYPTO_EcdhePrivateKey dh_priv1; + struct GNUNET_CRYPTO_EcdhePublicKey dh_pub1; + struct GNUNET_CRYPTO_EcdhePrivateKey dh_priv2; + struct GNUNET_CRYPTO_EcdhePublicKey dh_pub2; struct GNUNET_HashCode hash; char buf[128]; - dh_pub1 = GNUNET_new (struct GNUNET_CRYPTO_EcdhePublicKey); - dh_priv1 = GNUNET_CRYPTO_ecdhe_key_create (); - dh_pub2 = GNUNET_new (struct GNUNET_CRYPTO_EcdhePublicKey); - dh_priv2 = GNUNET_CRYPTO_ecdhe_key_create (); - GNUNET_CRYPTO_ecdhe_key_get_public (dh_priv1, dh_pub1); - GNUNET_CRYPTO_ecdhe_key_get_public (dh_priv2, dh_pub2); + GNUNET_CRYPTO_ecdhe_key_create (&dh_priv1); + GNUNET_CRYPTO_ecdhe_key_create (&dh_priv2); + GNUNET_CRYPTO_ecdhe_key_get_public (&dh_priv1, + &dh_pub1); + GNUNET_CRYPTO_ecdhe_key_get_public (&dh_priv2, + &dh_pub2); GNUNET_assert (NULL != - GNUNET_STRINGS_data_to_string (dh_priv1, 32, buf, 128)); + GNUNET_STRINGS_data_to_string (&dh_priv1, + sizeof (dh_priv1), + buf, + sizeof (buf))); printf ("ECDHE key 1:\n"); - printf ("private: %s\n", buf); - print_hex ("private(hex)", dh_priv1, sizeof *dh_priv1); - GNUNET_assert (NULL != GNUNET_STRINGS_data_to_string (dh_pub1, 32, buf, 128)); - printf ("public: %s\n", buf); - print_hex ("public(hex)", dh_pub1, sizeof *dh_pub1); + printf ("private: %s\n", + buf); + print_hex ("private(hex)", + &dh_priv1, sizeof (dh_priv1)); + GNUNET_assert (NULL != + GNUNET_STRINGS_data_to_string (&dh_pub1, + sizeof (dh_pub1), + buf, + sizeof (buf))); + printf ("public: %s\n", + buf); + print_hex ("public(hex)", + &dh_pub1, + sizeof (dh_pub1)); GNUNET_assert (NULL != - GNUNET_STRINGS_data_to_string (dh_priv2, 32, buf, 128)); + GNUNET_STRINGS_data_to_string (&dh_priv2, + sizeof (dh_priv2), + buf, + sizeof (buf))); printf ("ECDHE key 2:\n"); printf ("private: %s\n", buf); - print_hex ("private(hex)", dh_priv2, sizeof *dh_priv2); - GNUNET_assert (NULL != GNUNET_STRINGS_data_to_string (dh_pub2, 32, buf, 128)); + print_hex ("private(hex)", + &dh_priv2, + sizeof (dh_priv2)); + GNUNET_assert (NULL != + GNUNET_STRINGS_data_to_string (&dh_pub2, + sizeof (dh_pub2), + buf, + sizeof (buf))); printf ("public: %s\n", buf); - print_hex ("public(hex)", dh_pub2, sizeof *dh_pub2); + print_hex ("public(hex)", + &dh_pub2, + sizeof (dh_pub2)); GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_ecc_ecdh (dh_priv1, dh_pub2, &hash)); - GNUNET_assert (NULL != GNUNET_STRINGS_data_to_string (&hash, 64, buf, 128)); - printf ("ECDH shared secret: %s\n", buf); - - GNUNET_free (dh_priv1); - GNUNET_free (dh_priv2); - GNUNET_free (dh_pub1); - GNUNET_free (dh_pub2); + GNUNET_CRYPTO_ecc_ecdh (&dh_priv1, + &dh_pub2, + &hash)); + GNUNET_assert (NULL != + GNUNET_STRINGS_data_to_string (&hash, + sizeof (hash), + buf, + sizeof (buf))); + printf ("ECDH shared secret: %s\n", + buf); + } @@ -251,7 +277,7 @@ print_examples_ecdh () * Print some random example operations to stdout. */ static void -print_examples () +print_examples (void) { print_examples_ecdh (); // print_examples_ecdsa (); diff --git a/src/util/gnunet-scrypt.c b/src/util/gnunet-scrypt.c index bc8ce83c0..8c46136b9 100644 --- a/src/util/gnunet-scrypt.c +++ b/src/util/gnunet-scrypt.c @@ -174,7 +174,7 @@ run (void *cls, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *config) { - struct GNUNET_CRYPTO_EddsaPrivateKey *pk; + struct GNUNET_CRYPTO_EddsaPrivateKey pk; char *pids; (void) cls; @@ -214,15 +214,18 @@ run (void *cls, } } GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Private Key file: %s\n", pkfn); - if (NULL == (pk = GNUNET_CRYPTO_eddsa_key_create_from_file (pkfn))) + if (GNUNET_SYSERR == + GNUNET_CRYPTO_eddsa_key_from_file (pkfn, + GNUNET_YES, + &pk)) { fprintf (stderr, _ ("Loading hostkey from `%s' failed.\n"), pkfn); GNUNET_free (pkfn); return; } GNUNET_free (pkfn); - GNUNET_CRYPTO_eddsa_key_get_public (pk, &pub); - GNUNET_free (pk); + GNUNET_CRYPTO_eddsa_key_get_public (&pk, + &pub); pids = GNUNET_CRYPTO_eddsa_public_key_to_string (&pub); GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Peer ID: %s\n", pids); GNUNET_free (pids); diff --git a/src/util/os_priority.c b/src/util/os_priority.c index 722aac872..36f0d8e30 100644 --- a/src/util/os_priority.c +++ b/src/util/os_priority.c @@ -975,7 +975,7 @@ GNUNET_OS_process_status (struct GNUNET_OS_Process *proc, * @param proc pointer to process structure * @param type status type * @param code return code/signal number - * @return #GNUNET_OK on success, #GNUNET_NO if the process is still running, #GNUNET_SYSERR otherwise + * @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise */ int GNUNET_OS_process_wait_status (struct GNUNET_OS_Process *proc, diff --git a/src/util/test_crypto_ecdh_ecdsa.c b/src/util/test_crypto_ecdh_ecdsa.c index 8a581ef73..3cc12de9b 100644 --- a/src/util/test_crypto_ecdh_ecdsa.c +++ b/src/util/test_crypto_ecdh_ecdsa.c @@ -32,39 +32,37 @@ static int test_ecdh () { - struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_dsa; - struct GNUNET_CRYPTO_EcdhePrivateKey *priv_ecdh; + struct GNUNET_CRYPTO_EcdsaPrivateKey priv_dsa; + struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdh; struct GNUNET_CRYPTO_EcdsaPublicKey id1; struct GNUNET_CRYPTO_EcdhePublicKey id2; struct GNUNET_HashCode dh[2]; /* Generate keys */ - priv_dsa = GNUNET_CRYPTO_ecdsa_key_create (); - GNUNET_CRYPTO_ecdsa_key_get_public (priv_dsa, + GNUNET_CRYPTO_ecdsa_key_create (&priv_dsa); + GNUNET_CRYPTO_ecdsa_key_get_public (&priv_dsa, &id1); for (unsigned int j = 0; j < 4; j++) { fprintf (stderr, ","); - priv_ecdh = GNUNET_CRYPTO_ecdhe_key_create (); + GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdh); /* Extract public keys */ - GNUNET_CRYPTO_ecdhe_key_get_public (priv_ecdh, + GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdh, &id2); /* Do ECDH */ GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_ecdsa_ecdh (priv_dsa, + GNUNET_CRYPTO_ecdsa_ecdh (&priv_dsa, &id2, &dh[0])); GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_ecdh_ecdsa (priv_ecdh, + GNUNET_CRYPTO_ecdh_ecdsa (&priv_ecdh, &id1, &dh[1])); /* Check that both DH results are equal. */ - GNUNET_assert (0 == memcmp (&dh[0], - &dh[1], - sizeof(struct GNUNET_HashCode))); - GNUNET_free (priv_ecdh); + GNUNET_assert (0 == + GNUNET_memcmp (&dh[0], + &dh[1])); } - GNUNET_free (priv_dsa); return 0; } @@ -75,8 +73,7 @@ main (int argc, char *argv[]) if (! gcry_check_version ("1.6.0")) { fprintf (stderr, - _ ( - "libgcrypt has not the expected version (version %s is required).\n"), + "libgcrypt has not the expected version (version %s is required).\n", "1.6.0"); return 0; } diff --git a/src/util/test_crypto_ecdh_eddsa.c b/src/util/test_crypto_ecdh_eddsa.c index 68f8c4671..6efd4d2fe 100644 --- a/src/util/test_crypto_ecdh_eddsa.c +++ b/src/util/test_crypto_ecdh_eddsa.c @@ -32,39 +32,37 @@ static int test_ecdh () { - struct GNUNET_CRYPTO_EddsaPrivateKey *priv_dsa; - struct GNUNET_CRYPTO_EcdhePrivateKey *priv_ecdh; + struct GNUNET_CRYPTO_EddsaPrivateKey priv_dsa; + struct GNUNET_CRYPTO_EcdhePrivateKey priv_ecdh; struct GNUNET_CRYPTO_EddsaPublicKey id1; struct GNUNET_CRYPTO_EcdhePublicKey id2; struct GNUNET_HashCode dh[2]; /* Generate keys */ - priv_dsa = GNUNET_CRYPTO_eddsa_key_create (); - GNUNET_CRYPTO_eddsa_key_get_public (priv_dsa, + GNUNET_CRYPTO_eddsa_key_create (&priv_dsa); + GNUNET_CRYPTO_eddsa_key_get_public (&priv_dsa, &id1); for (unsigned int j = 0; j < 4; j++) { fprintf (stderr, ","); - priv_ecdh = GNUNET_CRYPTO_ecdhe_key_create (); + GNUNET_CRYPTO_ecdhe_key_create (&priv_ecdh); /* Extract public keys */ - GNUNET_CRYPTO_ecdhe_key_get_public (priv_ecdh, + GNUNET_CRYPTO_ecdhe_key_get_public (&priv_ecdh, &id2); /* Do ECDH */ GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_ecdh (priv_dsa, + GNUNET_CRYPTO_eddsa_ecdh (&priv_dsa, &id2, &dh[0])); GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_ecdh_eddsa (priv_ecdh, + GNUNET_CRYPTO_ecdh_eddsa (&priv_ecdh, &id1, &dh[1])); /* Check that both DH results are equal. */ - GNUNET_assert (0 == memcmp (&dh[0], - &dh[1], - sizeof(struct GNUNET_HashCode))); - GNUNET_free (priv_ecdh); + GNUNET_assert (0 == + GNUNET_memcmp (&dh[0], + &dh[1])); } - GNUNET_free (priv_dsa); return 0; } diff --git a/src/util/test_crypto_ecdhe.c b/src/util/test_crypto_ecdhe.c index 6f91be746..1144f1fe5 100644 --- a/src/util/test_crypto_ecdhe.c +++ b/src/util/test_crypto_ecdhe.c @@ -31,8 +31,8 @@ int main (int argc, char *argv[]) { - struct GNUNET_CRYPTO_EcdhePrivateKey *priv1; - struct GNUNET_CRYPTO_EcdhePrivateKey *priv2; + struct GNUNET_CRYPTO_EcdhePrivateKey priv1; + struct GNUNET_CRYPTO_EcdhePrivateKey priv2; struct GNUNET_CRYPTO_EcdhePublicKey pub1; struct GNUNET_CRYPTO_EcdhePublicKey pub2; struct GNUNET_HashCode ecdh1; @@ -41,9 +41,7 @@ main (int argc, char *argv[]) if (! gcry_check_version ("1.6.0")) { fprintf (stderr, - _ - ( - "libgcrypt has not the expected version (version %s is required).\n"), + "libgcrypt has not the expected version (version %s is required).\n", "1.6.0"); return 0; } @@ -55,16 +53,15 @@ main (int argc, char *argv[]) { fprintf (stderr, "."); - priv1 = GNUNET_CRYPTO_ecdhe_key_create (); - priv2 = GNUNET_CRYPTO_ecdhe_key_create (); - GNUNET_CRYPTO_ecdhe_key_get_public (priv1, &pub1); - GNUNET_CRYPTO_ecdhe_key_get_public (priv2, &pub2); - GNUNET_CRYPTO_ecc_ecdh (priv1, &pub2, &ecdh1); - GNUNET_CRYPTO_ecc_ecdh (priv2, &pub1, &ecdh2); - GNUNET_assert (0 == memcmp (&ecdh1, &ecdh2, - sizeof(struct GNUNET_HashCode))); - GNUNET_free (priv1); - GNUNET_free (priv2); + GNUNET_CRYPTO_ecdhe_key_create (&priv1); + GNUNET_CRYPTO_ecdhe_key_create (&priv2); + GNUNET_CRYPTO_ecdhe_key_get_public (&priv1, &pub1); + GNUNET_CRYPTO_ecdhe_key_get_public (&priv2, &pub2); + GNUNET_CRYPTO_ecc_ecdh (&priv1, &pub2, &ecdh1); + GNUNET_CRYPTO_ecc_ecdh (&priv2, &pub1, &ecdh2); + GNUNET_assert (0 == + GNUNET_memcmp (&ecdh1, + &ecdh2)); } return 0; } diff --git a/src/util/test_crypto_ecdsa.c b/src/util/test_crypto_ecdsa.c index 190c58d7d..cfa236d6d 100644 --- a/src/util/test_crypto_ecdsa.c +++ b/src/util/test_crypto_ecdsa.c @@ -33,65 +33,74 @@ #define PERF GNUNET_YES -static struct GNUNET_CRYPTO_EcdsaPrivateKey *key; +static struct GNUNET_CRYPTO_EcdsaPrivateKey key; static int -testSignVerify () +testSignVerify (void) { struct GNUNET_CRYPTO_EcdsaSignature sig; struct GNUNET_CRYPTO_EccSignaturePurpose purp; struct GNUNET_CRYPTO_EcdsaPublicKey pkey; - int i; struct GNUNET_TIME_Absolute start; int ok = GNUNET_OK; fprintf (stderr, "%s", "W"); - GNUNET_CRYPTO_ecdsa_key_get_public (key, &pkey); + GNUNET_CRYPTO_ecdsa_key_get_public (&key, + &pkey); start = GNUNET_TIME_absolute_get (); purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)); purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); - for (i = 0; i < ITER; i++) + for (unsigned int i = 0; i < ITER; i++) { - fprintf (stderr, "%s", "."); fflush (stderr); + fprintf (stderr, "%s", "."); + fflush (stderr); if (GNUNET_SYSERR == - GNUNET_CRYPTO_ecdsa_sign_ (key, &purp, &sig)) + GNUNET_CRYPTO_ecdsa_sign_ (&key, + &purp, + &sig)) { fprintf (stderr, - "%s", "GNUNET_CRYPTO_ecdsa_sign returned SYSERR\n"); ok = GNUNET_SYSERR; continue; } if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, - &purp, &sig, + &purp, + &sig, &pkey)) { - printf ("GNUNET_CRYPTO_ecdsa_verify failed!\n"); + fprintf (stderr, + "GNUNET_CRYPTO_ecdsa_verify failed!\n"); ok = GNUNET_SYSERR; continue; } if (GNUNET_SYSERR != GNUNET_CRYPTO_ecdsa_verify_ ( GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, - &purp, &sig, &pkey)) + &purp, + &sig, + &pkey)) { - printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); + fprintf (stderr, + "GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); ok = GNUNET_SYSERR; continue; } } - printf ("%d ECDSA sign/verify operations %s\n", ITER, + printf ("%d ECDSA sign/verify operations %s\n", + ITER, GNUNET_STRINGS_relative_time_to_string ( - GNUNET_TIME_absolute_get_duration (start), GNUNET_YES)); + GNUNET_TIME_absolute_get_duration (start), + GNUNET_YES)); return ok; } static int -testDeriveSignVerify () +testDeriveSignVerify (void) { struct GNUNET_CRYPTO_EcdsaSignature sig; struct GNUNET_CRYPTO_EccSignaturePurpose purp; @@ -99,15 +108,22 @@ testDeriveSignVerify () struct GNUNET_CRYPTO_EcdsaPublicKey pkey; struct GNUNET_CRYPTO_EcdsaPublicKey dpub; - dpriv = GNUNET_CRYPTO_ecdsa_private_key_derive (key, "test-derive", + dpriv = GNUNET_CRYPTO_ecdsa_private_key_derive (&key, + "test-derive", "test-CTX"); - GNUNET_CRYPTO_ecdsa_key_get_public (key, &pkey); - GNUNET_CRYPTO_ecdsa_public_key_derive (&pkey, "test-derive", "test-CTX", + GNUNET_CRYPTO_ecdsa_key_get_public (&key, + &pkey); + GNUNET_CRYPTO_ecdsa_public_key_derive (&pkey, + "test-derive", + "test-CTX", &dpub); purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)); purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); - if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign_ (dpriv, &purp, &sig)) + if (GNUNET_SYSERR == + GNUNET_CRYPTO_ecdsa_sign_ (dpriv, + &purp, + &sig)) { fprintf (stderr, "%s", "GNUNET_CRYPTO_ecdsa_sign returned SYSERR\n"); GNUNET_free (dpriv); @@ -115,27 +131,34 @@ testDeriveSignVerify () } if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, - &purp, &sig, + &purp, + &sig, &dpub)) { - printf ("GNUNET_CRYPTO_ecdsa_verify failed!\n"); + fprintf (stderr, + "GNUNET_CRYPTO_ecdsa_verify failed!\n"); GNUNET_free (dpriv); return GNUNET_SYSERR; } if (GNUNET_SYSERR != GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, - &purp, &sig, + &purp, + &sig, &pkey)) { - printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); + fprintf (stderr, + "GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); GNUNET_free (dpriv); return GNUNET_SYSERR; } if (GNUNET_SYSERR != GNUNET_CRYPTO_ecdsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, - &purp, &sig, &dpub)) + &purp, + &sig, + &dpub)) { - printf ("GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); + fprintf (stderr, + "GNUNET_CRYPTO_ecdsa_verify failed to fail!\n"); GNUNET_free (dpriv); return GNUNET_SYSERR; } @@ -146,7 +169,7 @@ testDeriveSignVerify () #if PERF static int -testSignPerformance () +testSignPerformance (void) { struct GNUNET_CRYPTO_EccSignaturePurpose purp; struct GNUNET_CRYPTO_EcdsaSignature sig; @@ -183,26 +206,24 @@ testSignPerformance () static void -perf_keygen () +perf_keygen (void) { struct GNUNET_TIME_Absolute start; - struct GNUNET_CRYPTO_EcdsaPrivateKey *pk; - int i; + struct GNUNET_CRYPTO_EcdsaPrivateKey pk; fprintf (stderr, "%s", "W"); start = GNUNET_TIME_absolute_get (); - for (i = 0; i < 10; i++) + for (unsigned int i = 0; i < 10; i++) { - fprintf (stderr, "."); fflush (stderr); - pk = GNUNET_CRYPTO_ecdsa_key_create (); - GNUNET_free (pk); - } - for (; i < 25; i++) fprintf (stderr, "."); + fflush (stderr); + GNUNET_CRYPTO_ecdsa_key_create (&pk); + } fflush (stderr); printf ("10 ECDSA keys created in %s\n", GNUNET_STRINGS_relative_time_to_string ( - GNUNET_TIME_absolute_get_duration (start), GNUNET_YES)); + GNUNET_TIME_absolute_get_duration (start), + GNUNET_YES)); } @@ -214,16 +235,14 @@ main (int argc, char *argv[]) if (! gcry_check_version ("1.6.0")) { fprintf (stderr, - _ - ( - "libgcrypt has not the expected version (version %s is required).\n"), + "libgcrypt has not the expected version (version %s is required).\n", "1.6.0"); return 0; } if (getenv ("GNUNET_GCRYPT_DEBUG")) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); GNUNET_log_setup ("test-crypto-ecc", "WARNING", NULL); - key = GNUNET_CRYPTO_ecdsa_key_create (); + GNUNET_CRYPTO_ecdsa_key_create (&key); if (GNUNET_OK != testDeriveSignVerify ()) { failure_count++; @@ -237,7 +256,6 @@ main (int argc, char *argv[]) #endif if (GNUNET_OK != testSignVerify ()) failure_count++; - GNUNET_free (key); perf_keygen (); if (0 != failure_count) diff --git a/src/util/test_crypto_eddsa.c b/src/util/test_crypto_eddsa.c index 87990cbac..5baf696b1 100644 --- a/src/util/test_crypto_eddsa.c +++ b/src/util/test_crypto_eddsa.c @@ -35,11 +35,11 @@ #define PERF GNUNET_YES -static struct GNUNET_CRYPTO_EddsaPrivateKey *key; +static struct GNUNET_CRYPTO_EddsaPrivateKey key; static int -testSignVerify () +testSignVerify (void) { struct GNUNET_CRYPTO_EddsaSignature sig; struct GNUNET_CRYPTO_EccSignaturePurpose purp; @@ -48,7 +48,8 @@ testSignVerify () int ok = GNUNET_OK; fprintf (stderr, "%s", "W"); - GNUNET_CRYPTO_eddsa_key_get_public (key, &pkey); + GNUNET_CRYPTO_eddsa_key_get_public (&key, + &pkey); start = GNUNET_TIME_absolute_get (); purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)); purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); @@ -56,34 +57,45 @@ testSignVerify () for (unsigned int i = 0; i < ITER; i++) { fprintf (stderr, "%s", "."); fflush (stderr); - if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign_ (key, &purp, &sig)) + if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign_ (&key, + &purp, + &sig)) { - fprintf (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n"); + fprintf (stderr, + "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n"); ok = GNUNET_SYSERR; continue; } if (GNUNET_SYSERR == - GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, &purp, &sig, + GNUNET_CRYPTO_eddsa_verify_ (GNUNET_SIGNATURE_PURPOSE_TEST, + &purp, + &sig, &pkey)) { - printf ("GNUNET_CRYPTO_eddsa_verify failed!\n"); + fprintf (stderr, + "GNUNET_CRYPTO_eddsa_verify failed!\n"); ok = GNUNET_SYSERR; continue; } if (GNUNET_SYSERR != GNUNET_CRYPTO_eddsa_verify_ ( GNUNET_SIGNATURE_PURPOSE_TRANSPORT_PONG_OWN, - &purp, &sig, &pkey)) + &purp, + &sig, + &pkey)) { - printf ("GNUNET_CRYPTO_eddsa_verify failed to fail!\n"); + fprintf (stderr, + "GNUNET_CRYPTO_eddsa_verify failed to fail!\n"); ok = GNUNET_SYSERR; continue; } } fprintf (stderr, "\n"); - printf ("%d EdDSA sign/verify operations %s\n", ITER, + printf ("%d EdDSA sign/verify operations %s\n", + ITER, GNUNET_STRINGS_relative_time_to_string ( - GNUNET_TIME_absolute_get_duration (start), GNUNET_YES)); + GNUNET_TIME_absolute_get_duration (start), + GNUNET_YES)); return ok; } @@ -101,12 +113,17 @@ testSignPerformance () purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)); purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST); fprintf (stderr, "%s", "W"); - GNUNET_CRYPTO_eddsa_key_get_public (key, &pkey); + GNUNET_CRYPTO_eddsa_key_get_public (&key, + &pkey); start = GNUNET_TIME_absolute_get (); for (unsigned int i = 0; i < ITER; i++) { - fprintf (stderr, "%s", "."); fflush (stderr); - if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_sign_ (key, &purp, &sig)) + fprintf (stderr, "%s", "."); + fflush (stderr); + if (GNUNET_SYSERR == + GNUNET_CRYPTO_eddsa_sign_ (&key, + &purp, + &sig)) { fprintf (stderr, "%s", "GNUNET_CRYPTO_eddsa_sign returned SYSERR\n"); ok = GNUNET_SYSERR; @@ -114,7 +131,8 @@ testSignPerformance () } } fprintf (stderr, "\n"); - printf ("%d EdDSA sign operations %s\n", ITER, + printf ("%d EdDSA sign operations %s\n", + ITER, GNUNET_STRINGS_relative_time_to_string ( GNUNET_TIME_absolute_get_duration (start), GNUNET_YES)); @@ -126,43 +144,53 @@ testSignPerformance () static int -testCreateFromFile () +testCreateFromFile (void) { struct GNUNET_CRYPTO_EddsaPublicKey p1; struct GNUNET_CRYPTO_EddsaPublicKey p2; - key = GNUNET_CRYPTO_eddsa_key_create_from_file (KEYFILE); - GNUNET_assert (NULL != key); - GNUNET_CRYPTO_eddsa_key_get_public (key, &p1); - GNUNET_free (key); - key = GNUNET_CRYPTO_eddsa_key_create_from_file (KEYFILE); - GNUNET_assert (NULL != key); - GNUNET_CRYPTO_eddsa_key_get_public (key, &p2); - GNUNET_assert (0 == memcmp (&p1, &p2, sizeof(p1))); - GNUNET_free (key); + GNUNET_assert (0 <= + GNUNET_CRYPTO_eddsa_key_from_file (KEYFILE, + GNUNET_YES, + &key)); + GNUNET_CRYPTO_eddsa_key_get_public (&key, + &p1); + GNUNET_assert (GNUNET_NO == + GNUNET_CRYPTO_eddsa_key_from_file (KEYFILE, + GNUNET_YES, + &key)); + GNUNET_CRYPTO_eddsa_key_get_public (&key, + &p2); + GNUNET_assert (0 == + GNUNET_memcmp (&p1, + &p2)); GNUNET_assert (0 == unlink (KEYFILE)); - key = GNUNET_CRYPTO_eddsa_key_create_from_file (KEYFILE); - GNUNET_assert (NULL != key); - GNUNET_CRYPTO_eddsa_key_get_public (key, &p2); - GNUNET_assert (0 != memcmp (&p1, &p2, sizeof(p1))); - GNUNET_free (key); + GNUNET_assert (GNUNET_OK == + GNUNET_CRYPTO_eddsa_key_from_file (KEYFILE, + GNUNET_NO, + &key)); + GNUNET_CRYPTO_eddsa_key_get_public (&key, + &p2); + GNUNET_assert (0 != + GNUNET_memcmp (&p1, + &p2)); return GNUNET_OK; } static void -perf_keygen () +perf_keygen (void) { struct GNUNET_TIME_Absolute start; - struct GNUNET_CRYPTO_EddsaPrivateKey *pk; + struct GNUNET_CRYPTO_EddsaPrivateKey pk; fprintf (stderr, "%s", "W"); start = GNUNET_TIME_absolute_get (); for (unsigned int i = 0; i < 10; i++) { - fprintf (stderr, "."); fflush (stderr); - pk = GNUNET_CRYPTO_eddsa_key_create (); - GNUNET_free (pk); + fprintf (stderr, "."); + fflush (stderr); + GNUNET_CRYPTO_eddsa_key_create (&pk); } fprintf (stderr, "\n"); printf ("10 EdDSA keys created in %s\n", @@ -179,22 +207,22 @@ main (int argc, char *argv[]) if (! gcry_check_version ("1.6.0")) { fprintf (stderr, - _ ( - "libgcrypt has not the expected version (version %s is required).\n"), + "libgcrypt has not the expected version (version %s is required).\n", "1.6.0"); return 0; } if (getenv ("GNUNET_GCRYPT_DEBUG")) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); - GNUNET_log_setup ("test-crypto-eddsa", "WARNING", NULL); - key = GNUNET_CRYPTO_eddsa_key_create (); + GNUNET_log_setup ("test-crypto-eddsa", + "WARNING", + NULL); + GNUNET_CRYPTO_eddsa_key_create (&key); #if PERF if (GNUNET_OK != testSignPerformance ()) failure_count++; #endif if (GNUNET_OK != testSignVerify ()) failure_count++; - GNUNET_free (key); if (GNUNET_OK != testCreateFromFile ()) failure_count++; GNUNET_assert (0 == unlink (KEYFILE)); -- cgit v1.2.3