2 This file is part of GNUnet.
3 Copyright (C) 2012, 2013, 2015 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
22 * @file util/crypto_ecc_setup.c
23 * @brief helper function for easy EdDSA key setup
24 * @author Christian Grothoff
28 #include "gnunet_util_lib.h"
30 #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)
32 #define LOG_STRERROR(kind, syscall) \
33 GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)
35 #define LOG_STRERROR_FILE(kind, syscall, filename) \
36 GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, filename)
39 * Log an error message at log-level 'level' that indicates
40 * a failure of the command 'cmd' with the message given
41 * by gcry_strerror(rc).
43 #define LOG_GCRY(level, cmd, rc) \
47 _ ("`%s' failed at %s:%d with error: %s\n"), \
51 gcry_strerror (rc)); \
56 * Wait for a short time (we're trying to lock a file or want
57 * to give another process a shot at finishing a disk write, etc.).
58 * Sleeps for 100ms (as that should be long enough for virtually all
59 * modern systems to context switch and allow another process to do
65 struct GNUNET_TIME_Relative timeout;
67 timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, 100);
68 (void) GNUNET_NETWORK_socket_select (NULL, NULL, NULL, timeout);
73 * Create a new private key by reading it from a file. If the
74 * files does not exist, create a new key and write it to the
75 * file. Caller must free return value. Note that this function
76 * can not guarantee that another process might not be trying
77 * the same operation on the same file at the same time.
78 * If the contents of the file
79 * are invalid the old file is deleted and a fresh key is
82 * @param filename name of file to use to store the key
83 * @return new private key, NULL on error (for example,
86 struct GNUNET_CRYPTO_EddsaPrivateKey *
87 GNUNET_CRYPTO_eddsa_key_create_from_file (const char *filename)
89 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
90 struct GNUNET_DISK_FileHandle *fd;
96 if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename))
98 while (GNUNET_YES != GNUNET_DISK_file_test (filename))
101 GNUNET_DISK_file_open (filename,
102 GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE
103 | GNUNET_DISK_OPEN_FAILIFEXISTS,
104 GNUNET_DISK_PERM_USER_READ
105 | GNUNET_DISK_PERM_USER_WRITE);
110 if (GNUNET_YES != GNUNET_DISK_file_test (filename))
112 /* must exist but not be accessible, fail for good! */
113 if (0 != access (filename, R_OK))
114 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "access", filename);
116 GNUNET_break (0); /* what is going on!? */
121 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
126 GNUNET_DISK_file_lock (fd,
128 sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey),
135 LOG (GNUNET_ERROR_TYPE_ERROR,
136 _ ("Could not acquire lock on file `%s': %s...\n"),
141 LOG (GNUNET_ERROR_TYPE_INFO,
142 _ ("Creating a new private key. This may take a while.\n"));
143 priv = GNUNET_CRYPTO_eddsa_key_create ();
144 GNUNET_assert (NULL != priv);
145 GNUNET_assert (sizeof(*priv) ==
146 GNUNET_DISK_file_write (fd, priv, sizeof(*priv)));
147 GNUNET_DISK_file_sync (fd);
149 GNUNET_DISK_file_unlock (fd,
151 sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)))
152 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
153 GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
156 /* key file exists already, read it! */
157 fd = GNUNET_DISK_file_open (filename,
158 GNUNET_DISK_OPEN_READ,
159 GNUNET_DISK_PERM_NONE);
162 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
169 GNUNET_DISK_file_lock (fd,
171 sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey),
177 LOG (GNUNET_ERROR_TYPE_ERROR,
178 _ ("Could not acquire lock on file `%s': %s...\n"),
182 GNUNET_ERROR_TYPE_ERROR,
184 "This may be ok if someone is currently generating a private key.\n"));
189 if (GNUNET_YES != GNUNET_DISK_file_test (filename))
191 /* eh, what!? File we opened is now gone!? */
192 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "stat", filename);
194 GNUNET_DISK_file_unlock (fd,
197 struct GNUNET_CRYPTO_EddsaPrivateKey)))
198 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
199 GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd));
204 GNUNET_DISK_file_size (filename, &fs, GNUNET_YES, GNUNET_YES))
206 if (fs < sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey))
208 /* maybe we got the read lock before the key generating
209 * process had a chance to get the write lock; give it up! */
211 GNUNET_DISK_file_unlock (fd,
214 struct GNUNET_CRYPTO_EddsaPrivateKey)))
215 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
218 LOG (GNUNET_ERROR_TYPE_ERROR,
220 "When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
223 (unsigned int) sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey));
224 LOG (GNUNET_ERROR_TYPE_ERROR,
225 _ ("This may be ok if someone is currently generating a key.\n"));
227 short_wait (); /* wait a bit longer! */
232 fs = sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey);
233 priv = GNUNET_malloc (fs);
234 sret = GNUNET_DISK_file_read (fd, priv, fs);
235 GNUNET_assert ((sret >= 0) && (fs == (size_t) sret));
237 GNUNET_DISK_file_unlock (fd,
239 sizeof(struct GNUNET_CRYPTO_EddsaPrivateKey)))
240 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
241 GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
243 if (GNUNET_OK != check_eddsa_key (priv))
255 * Create a new private key by reading it from a file. If the
256 * files does not exist, create a new key and write it to the
257 * file. Caller must free return value. Note that this function
258 * can not guarantee that another process might not be trying
259 * the same operation on the same file at the same time.
260 * If the contents of the file
261 * are invalid the old file is deleted and a fresh key is
264 * @param filename name of file to use to store the key
265 * @return new private key, NULL on error (for example,
268 struct GNUNET_CRYPTO_EcdsaPrivateKey *
269 GNUNET_CRYPTO_ecdsa_key_create_from_file (const char *filename)
271 struct GNUNET_CRYPTO_EcdsaPrivateKey *priv;
272 struct GNUNET_DISK_FileHandle *fd;
278 if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename))
280 while (GNUNET_YES != GNUNET_DISK_file_test (filename))
283 GNUNET_DISK_file_open (filename,
284 GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE
285 | GNUNET_DISK_OPEN_FAILIFEXISTS,
286 GNUNET_DISK_PERM_USER_READ
287 | GNUNET_DISK_PERM_USER_WRITE);
292 if (GNUNET_YES != GNUNET_DISK_file_test (filename))
294 /* must exist but not be accessible, fail for good! */
295 if (0 != access (filename, R_OK))
296 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "access", filename);
298 GNUNET_break (0); /* what is going on!? */
303 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
308 GNUNET_DISK_file_lock (fd,
310 sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey),
317 LOG (GNUNET_ERROR_TYPE_ERROR,
318 _ ("Could not acquire lock on file `%s': %s...\n"),
323 LOG (GNUNET_ERROR_TYPE_INFO,
324 _ ("Creating a new private key. This may take a while.\n"));
325 priv = GNUNET_CRYPTO_ecdsa_key_create ();
326 GNUNET_assert (NULL != priv);
327 GNUNET_assert (sizeof(*priv) ==
328 GNUNET_DISK_file_write (fd, priv, sizeof(*priv)));
329 GNUNET_DISK_file_sync (fd);
331 GNUNET_DISK_file_unlock (fd,
333 sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)))
334 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
335 GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
338 /* key file exists already, read it! */
339 fd = GNUNET_DISK_file_open (filename,
340 GNUNET_DISK_OPEN_READ,
341 GNUNET_DISK_PERM_NONE);
344 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
351 GNUNET_DISK_file_lock (fd,
353 sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey),
359 LOG (GNUNET_ERROR_TYPE_ERROR,
360 _ ("Could not acquire lock on file `%s': %s...\n"),
364 GNUNET_ERROR_TYPE_ERROR,
366 "This may be ok if someone is currently generating a private key.\n"));
371 if (GNUNET_YES != GNUNET_DISK_file_test (filename))
373 /* eh, what!? File we opened is now gone!? */
374 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "stat", filename);
376 GNUNET_DISK_file_unlock (fd,
379 struct GNUNET_CRYPTO_EcdsaPrivateKey)))
380 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
381 GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd));
386 GNUNET_DISK_file_size (filename, &fs, GNUNET_YES, GNUNET_YES))
388 if (fs < sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey))
390 /* maybe we got the read lock before the key generating
391 * process had a chance to get the write lock; give it up! */
393 GNUNET_DISK_file_unlock (fd,
396 struct GNUNET_CRYPTO_EcdsaPrivateKey)))
397 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
400 LOG (GNUNET_ERROR_TYPE_ERROR,
402 "When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
405 (unsigned int) sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey));
406 LOG (GNUNET_ERROR_TYPE_ERROR,
407 _ ("This may be ok if someone is currently generating a key.\n"));
409 short_wait (); /* wait a bit longer! */
414 fs = sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey);
415 priv = GNUNET_malloc (fs);
416 sret = GNUNET_DISK_file_read (fd, priv, fs);
417 GNUNET_assert ((sret >= 0) && (fs == (size_t) sret));
419 GNUNET_DISK_file_unlock (fd,
421 sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey)))
422 LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
423 GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
429 * Create a new private key by reading our peer's key from
430 * the file specified in the configuration.
432 * @param cfg the configuration to use
433 * @return new private key, NULL on error (for example,
436 struct GNUNET_CRYPTO_EddsaPrivateKey *
437 GNUNET_CRYPTO_eddsa_key_create_from_configuration (
438 const struct GNUNET_CONFIGURATION_Handle *cfg)
440 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
444 GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn))
446 priv = GNUNET_CRYPTO_eddsa_key_create_from_file (fn);
453 * Retrieve the identity of the host's peer.
455 * @param cfg configuration to use
456 * @param dst pointer to where to write the peer identity
457 * @return #GNUNET_OK on success, #GNUNET_SYSERR if the identity
458 * could not be retrieved
461 GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
462 struct GNUNET_PeerIdentity *dst)
464 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
466 if (NULL == (priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg)))
468 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
469 _ ("Could not load peer's private key\n"));
470 return GNUNET_SYSERR;
472 GNUNET_CRYPTO_eddsa_key_get_public (priv, &dst->public_key);
479 * Setup a key file for a peer given the name of the
480 * configuration file (!). This function is used so that
481 * at a later point code can be certain that reading a
482 * key is fast (for example in time-dependent testcases).
484 * @param cfg_name name of the configuration file to use
487 GNUNET_CRYPTO_eddsa_setup_key (const char *cfg_name)
489 struct GNUNET_CONFIGURATION_Handle *cfg;
490 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
492 cfg = GNUNET_CONFIGURATION_create ();
493 (void) GNUNET_CONFIGURATION_load (cfg, cfg_name);
494 priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
497 GNUNET_CONFIGURATION_destroy (cfg);
501 /* end of crypto_ecc_setup.c */