#include "gnunet_common.h"
#include "gnunet_util_lib.h"
-#define EXTRA_CHECKS ALLOW_EXTRA_CHECKS || 1
+#define EXTRA_CHECKS ALLOW_EXTRA_CHECKS
-#define CURVE "NIST P-521"
+#define CURVE "NIST P-256"
#define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__)
*
* @param buf the buffer where the private key data is stored
* @param len the length of the data in 'buffer'
+ * @param validate GNUNET_YES to validate that the key is well-formed,
+ * GNUNET_NO if the key comes from a totally trusted source
+ * and validation is considered too expensive
* @return NULL on error
*/
struct GNUNET_CRYPTO_EccPrivateKey *
GNUNET_CRYPTO_ecc_decode_key (const char *buf,
- size_t len)
+ size_t len,
+ int validate)
{
struct GNUNET_CRYPTO_EccPrivateKey *ret;
uint16_t be;
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_scan", rc);
return NULL;
- }
- if (0 != (rc = gcry_pk_testkey (sexp)))
+ }
+ if ( (GNUNET_YES == validate) &&
+ (0 != (rc = gcry_pk_testkey (sexp))) )
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
return NULL;
char enc[fs];
GNUNET_break (fs == GNUNET_DISK_file_read (fd, enc, fs));
- if (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, fs)))
+ if (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, fs, GNUNET_YES)))
{
LOG (GNUNET_ERROR_TYPE_ERROR,
_("File `%s' does not contain a valid private key (failed decode, %llu bytes). Deleting it.\n"),
len = ntohs (enc->size);
ret = NULL;
if ((len > fs) ||
- (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len))))
+ (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len, GNUNET_YES))))
{
LOG (GNUNET_ERROR_TYPE_ERROR,
_("File `%s' does not contain a valid private key. Deleting it.\n"),
LOG (GNUNET_ERROR_TYPE_WARNING,
_("ECC signing failed at %s:%d: %s\n"), __FILE__,
__LINE__, gcry_strerror (rc));
+ gcry_sexp_release (data);
+ return GNUNET_SYSERR;
}
gcry_sexp_release (data);
ssize = gcry_sexp_sprint (result,
projects / oweals / gnunet.git / blobdiff