2 This file is part of GNUnet.
3 Copyright (C) 2012, 2013, 2015 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @file util/crypto_ecc_setup.c
23 * @brief helper function for easy EdDSA key setup
24 * @author Christian Grothoff
28 #include "gnunet_util_lib.h"
30 #define LOG(kind,...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)
32 #define LOG_STRERROR(kind,syscall) GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)
34 #define LOG_STRERROR_FILE(kind,syscall,filename) GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, filename)
37 * Log an error message at log-level 'level' that indicates
38 * a failure of the command 'cmd' with the message given
39 * by gcry_strerror(rc).
41 #define LOG_GCRY(level, cmd, rc) do { LOG(level, _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, gcry_strerror(rc)); } while(0)
44 #include "crypto_bug.c"
48 * Wait for a short time (we're trying to lock a file or want
49 * to give another process a shot at finishing a disk write, etc.).
50 * Sleeps for 100ms (as that should be long enough for virtually all
51 * modern systems to context switch and allow another process to do
57 struct GNUNET_TIME_Relative timeout;
59 timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, 100);
60 (void) GNUNET_NETWORK_socket_select (NULL, NULL, NULL, timeout);
65 * Create a new private key by reading it from a file. If the
66 * files does not exist, create a new key and write it to the
67 * file. Caller must free return value. Note that this function
68 * can not guarantee that another process might not be trying
69 * the same operation on the same file at the same time.
70 * If the contents of the file
71 * are invalid the old file is deleted and a fresh key is
74 * @param filename name of file to use to store the key
75 * @return new private key, NULL on error (for example,
78 struct GNUNET_CRYPTO_EddsaPrivateKey *
79 GNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename)
81 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
82 struct GNUNET_DISK_FileHandle *fd;
88 if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename))
90 while (GNUNET_YES != GNUNET_DISK_file_test (filename))
92 fd = GNUNET_DISK_file_open (filename,
93 GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE
94 | GNUNET_DISK_OPEN_FAILIFEXISTS,
95 GNUNET_DISK_PERM_USER_READ |
96 GNUNET_DISK_PERM_USER_WRITE);
101 if (GNUNET_YES != GNUNET_DISK_file_test (filename))
103 /* must exist but not be accessible, fail for good! */
104 if (0 != ACCESS (filename, R_OK))
105 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "access", filename);
107 GNUNET_break (0); /* what is going on!? */
112 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
117 GNUNET_DISK_file_lock (fd, 0,
118 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey),
125 LOG (GNUNET_ERROR_TYPE_ERROR,
126 _("Could not acquire lock on file `%s': %s...\n"),
131 LOG (GNUNET_ERROR_TYPE_INFO,
132 _("Creating a new private key. This may take a while.\n"));
133 priv = GNUNET_CRYPTO_eddsa_key_create ();
134 GNUNET_assert (NULL != priv);
135 GNUNET_assert (sizeof (*priv) ==
136 GNUNET_DISK_file_write (fd, priv, sizeof (*priv)));
137 GNUNET_DISK_file_sync (fd);
139 GNUNET_DISK_file_unlock (fd, 0,
140 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
141 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
142 GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
145 /* key file exists already, read it! */
146 fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ,
147 GNUNET_DISK_PERM_NONE);
150 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
157 GNUNET_DISK_file_lock (fd, 0,
158 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey),
164 LOG (GNUNET_ERROR_TYPE_ERROR,
165 _("Could not acquire lock on file `%s': %s...\n"), filename,
167 LOG (GNUNET_ERROR_TYPE_ERROR,
169 ("This may be ok if someone is currently generating a private key.\n"));
174 if (GNUNET_YES != GNUNET_DISK_file_test (filename))
176 /* eh, what!? File we opened is now gone!? */
177 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "stat", filename);
179 GNUNET_DISK_file_unlock (fd, 0,
180 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
181 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
182 GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd));
186 if (GNUNET_OK != GNUNET_DISK_file_size (filename, &fs, GNUNET_YES, GNUNET_YES))
188 if (fs < sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey))
190 /* maybe we got the read lock before the key generating
191 * process had a chance to get the write lock; give it up! */
193 GNUNET_DISK_file_unlock (fd, 0,
194 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
195 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
198 LOG (GNUNET_ERROR_TYPE_ERROR,
199 _("When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
202 (unsigned int) sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
203 LOG (GNUNET_ERROR_TYPE_ERROR,
204 _("This may be ok if someone is currently generating a key.\n"));
206 short_wait (); /* wait a bit longer! */
211 fs = sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey);
212 priv = GNUNET_malloc (fs);
213 sret = GNUNET_DISK_file_read (fd,
216 GNUNET_assert ( (sret >= 0) &&
217 (fs == (size_t) sret) );
219 GNUNET_DISK_file_unlock (fd,
221 sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)))
222 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING,
225 GNUNET_assert (GNUNET_YES ==
226 GNUNET_DISK_file_close (fd));
229 check_eddsa_key (priv))
241 * Create a new private key by reading it from a file. If the
242 * files does not exist, create a new key and write it to the
243 * file. Caller must free return value. Note that this function
244 * can not guarantee that another process might not be trying
245 * the same operation on the same file at the same time.
246 * If the contents of the file
247 * are invalid the old file is deleted and a fresh key is
250 * @param filename name of file to use to store the key
251 * @return new private key, NULL on error (for example,
254 struct GNUNET_CRYPTO_EcdsaPrivateKey *
255 GNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename)
257 struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
258 struct GNUNET_DISK_FileHandle *fd;
265 GNUNET_DISK_directory_create_for_file (filename))
267 while (GNUNET_YES != GNUNET_DISK_file_test (filename))
269 fd = GNUNET_DISK_file_open (filename,
270 GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE
271 | GNUNET_DISK_OPEN_FAILIFEXISTS,
272 GNUNET_DISK_PERM_USER_READ |
273 GNUNET_DISK_PERM_USER_WRITE);
278 if (GNUNET_YES != GNUNET_DISK_file_test (filename))
280 /* must exist but not be accessible, fail for good! */
281 if (0 != ACCESS (filename, R_OK))
282 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR,
286 GNUNET_break (0); /* what is going on!? */
291 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR,
298 GNUNET_DISK_file_lock (fd,
300 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
307 LOG (GNUNET_ERROR_TYPE_ERROR,
308 _("Could not acquire lock on file `%s': %s...\n"),
313 LOG (GNUNET_ERROR_TYPE_INFO,
314 _("Creating a new private key. This may take a while.\n"));
315 priv = GNUNET_CRYPTO_ecdsa_key_create ();
316 GNUNET_assert (NULL != priv);
317 GNUNET_assert (sizeof (*priv) ==
318 GNUNET_DISK_file_write (fd,
321 GNUNET_DISK_file_sync (fd);
323 GNUNET_DISK_file_unlock (fd, 0,
324 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
325 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING,
328 GNUNET_assert (GNUNET_YES ==
329 GNUNET_DISK_file_close (fd));
332 /* key file exists already, read it! */
333 fd = GNUNET_DISK_file_open (filename,
334 GNUNET_DISK_OPEN_READ,
335 GNUNET_DISK_PERM_NONE);
338 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR,
347 GNUNET_DISK_file_lock (fd, 0,
348 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
354 LOG (GNUNET_ERROR_TYPE_ERROR,
355 _("Could not acquire lock on file `%s': %s...\n"),
358 LOG (GNUNET_ERROR_TYPE_ERROR,
359 _("This may be ok if someone is currently generating a private key.\n"));
365 GNUNET_DISK_file_test (filename))
367 /* eh, what!? File we opened is now gone!? */
368 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING,
372 GNUNET_DISK_file_unlock (fd, 0,
373 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
374 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING,
377 GNUNET_assert (GNUNET_OK ==
378 GNUNET_DISK_file_close (fd));
383 GNUNET_DISK_file_size (filename,
388 if (fs < sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey))
390 /* maybe we got the read lock before the key generating
391 * process had a chance to get the write lock; give it up! */
393 GNUNET_DISK_file_unlock (fd, 0,
394 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
395 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING,
400 LOG (GNUNET_ERROR_TYPE_ERROR,
401 _("When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
402 filename, (unsigned int) fs,
403 (unsigned int) sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
404 LOG (GNUNET_ERROR_TYPE_ERROR,
405 _("This may be ok if someone is currently generating a key.\n"));
407 short_wait (); /* wait a bit longer! */
412 fs = sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
413 priv = GNUNET_malloc (fs);
414 sret = GNUNET_DISK_file_read (fd,
417 GNUNET_assert ( (sret >= 0) &&
418 (fs == (size_t) sret) );
420 GNUNET_DISK_file_unlock (fd, 0,
421 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
422 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING,
425 GNUNET_assert (GNUNET_YES ==
426 GNUNET_DISK_file_close (fd));
432 * Create a new private key by reading our peer's key from
433 * the file specified in the configuration.
435 * @param cfg the configuration to use
436 * @return new private key, NULL on error (for example,
439 struct GNUNET_CRYPTO_EddsaPrivateKey *
440 GNUNET_CRYPTO_eddsa_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg)
442 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
446 GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn))
448 priv = GNUNET_CRYPTO_eddsa_key_create_from_file (fn);
455 * Retrieve the identity of the host's peer.
457 * @param cfg configuration to use
458 * @param dst pointer to where to write the peer identity
459 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the identity
460 * could not be retrieved
463 GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
464 struct GNUNET_PeerIdentity *dst)
466 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
468 if (NULL == (priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg)))
470 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
471 _("Could not load peer's private key\n"));
472 return GNUNET_SYSERR;
474 GNUNET_CRYPTO_eddsa_key_get_public (priv, &dst->public_key);
481 * Setup a key file for a peer given the name of the
482 * configuration file (!). This function is used so that
483 * at a later point code can be certain that reading a
484 * key is fast (for example in time-dependent testcases).
486 * @param cfg_name name of the configuration file to use
489 GNUNET_CRYPTO_eddsa_setup_key (const char *cfg_name)
491 struct GNUNET_CONFIGURATION_Handle *cfg;
492 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
494 cfg = GNUNET_CONFIGURATION_create ();
495 (void) GNUNET_CONFIGURATION_load (cfg, cfg_name);
496 priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
499 GNUNET_CONFIGURATION_destroy (cfg);
502 /* end of crypto_ecc_setup.c */