* @file util/crypto_rsa.c
* @brief public key cryptography (RSA) with libgcrypt
* @author Christian Grothoff
- *
- * Note that the code locks often needlessly on the gcrypt-locking api.
- * One would think that simple MPI operations should not require locking
- * (since only global operations on the random pool must be locked,
- * strictly speaking). But libgcrypt does sometimes require locking in
- * unexpected places, so the safe solution is to always lock even if it
- * is not required. The performance impact is minimal anyway.
*/
-
#include "platform.h"
#include <gcrypt.h>
#include "gnunet_common.h"
#define LOG_STRERROR_FILE(kind,syscall,filename) GNUNET_log_from_strerror_file (kind, "util", syscall, filename)
+#define HOSTKEY_LEN 2048
+
+#define EXTRA_CHECKS ALLOW_EXTRA_CHECKS
+
/**
* The private information of an RSA key pair.
*/
struct GNUNET_CRYPTO_RsaPrivateKey
{
+ /**
+ * Libgcrypt S-expression for the ECC key.
+ */
gcry_sexp_t sexp;
};
-
-#define HOSTKEY_LEN 2048
-
-#define EXTRA_CHECKS ALLOW_EXTRA_CHECKS
-
-
/**
* Log an error message at log-level 'level' that indicates
* a failure of the command 'cmd' with the message given
* If target != size, move target bytes to the
* end of the size-sized buffer and zero out the
* first target-size bytes.
+ *
+ * @param buf original buffer
+ * @param size number of bytes in the buffer
+ * @param target target size of the buffer
*/
static void
adjust (unsigned char *buf, size_t size, size_t target)
/**
- * Free memory occupied by hostkey
- * @param hostkey pointer to the memory to free
+ * Free memory occupied by RSA private key.
+ *
+ * @param key pointer to the memory to free
*/
void
-GNUNET_CRYPTO_rsa_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *hostkey)
+GNUNET_CRYPTO_rsa_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
{
- gcry_sexp_release (hostkey->sexp);
- GNUNET_free (hostkey);
+ gcry_sexp_release (key->sexp);
+ GNUNET_free (key);
}
/**
- * FIXME: document!
+ * Extract values from an S-expression.
+ *
+ * @param array where to store the result(s)
+ * @param sexp S-expression to parse
+ * @param topname top-level name in the S-expression that is of interest
+ * @param elems names of the elements to extract
+ * @return 0 on success
*/
static int
key_from_sexp (gcry_mpi_t * array, gcry_sexp_t sexp, const char *topname,
const char *elems)
{
- gcry_sexp_t list, l2;
+ gcry_sexp_t list;
+ gcry_sexp_t l2;
const char *s;
- int i, idx;
+ unsigned int i;
+ unsigned int idx;
- list = gcry_sexp_find_token (sexp, topname, 0);
- if (!list)
- {
- return 1;
- }
+ if (! (list = gcry_sexp_find_token (sexp, topname, 0)))
+ return 1;
l2 = gcry_sexp_cadr (list);
gcry_sexp_release (list);
list = l2;
- if (!list)
- {
+ if (! list)
return 2;
- }
-
idx = 0;
for (s = elems; *s; s++, idx++)
{
- l2 = gcry_sexp_find_token (list, s, 1);
- if (!l2)
+ if (! (l2 = gcry_sexp_find_token (list, s, 1)))
{
for (i = 0; i < idx; i++)
{
}
array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (l2);
- if (!array[idx])
+ if (! array[idx])
{
for (i = 0; i < idx; i++)
{
return 0;
}
+
/**
* Extract the public key of the host.
+ *
* @param priv the private key
* @param pub where to write the public key
*/
int rc;
rc = key_from_sexp (skey, priv->sexp, "public-key", "ne");
- if (rc)
+ if (0 != rc)
rc = key_from_sexp (skey, priv->sexp, "private-key", "ne");
- if (rc)
+ if (0 != rc)
rc = key_from_sexp (skey, priv->sexp, "rsa", "ne");
GNUNET_assert (0 == rc);
pub->len =
}
+/**
+ * Get hash of the public key that corresponds to a private key.
+ *
+ * @param key RSA private key
+ * @param id buffer for hash of the public key
+ */
+void
+GNUNET_CRYPTO_rsa_get_public_key_hash (struct GNUNET_CRYPTO_RsaPrivateKey *key,
+ struct GNUNET_HashCode *id)
+{
+ struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pk;
+ GNUNET_CRYPTO_rsa_key_get_public (key, &pk);
+ GNUNET_CRYPTO_hash (&pk, sizeof (pk), id);
+}
+
+
/**
* Convert a public key to a string.
*
* @return string representing 'pub'
*/
char *
-GNUNET_CRYPTO_rsa_public_key_to_string (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *pub)
+GNUNET_CRYPTO_rsa_public_key_to_string (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *pub)
{
char *pubkeybuf;
size_t keylen = (sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded)) * 8;
/**
- * Internal: publicKey => RSA-Key.
+ * Convert the given public key from the network format to the
+ * S-expression that can be used by libgcrypt.
*
- * Note that the return type is not actually a private
- * key but rather an sexpression for the public key!
+ * @param publicKey public key to decode
+ * @return NULL on error
*/
-static struct GNUNET_CRYPTO_RsaPrivateKey *
-public2PrivateKey (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
- *publicKey)
+static gcry_sexp_t
+decode_public_key (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *publicKey)
{
- struct GNUNET_CRYPTO_RsaPrivateKey *ret;
gcry_sexp_t result;
gcry_mpi_t n;
gcry_mpi_t e;
return NULL;
}
size = GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH;
- rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG, &publicKey->key[0], size, &size);
- if (rc)
+ if (0 != (rc = gcry_mpi_scan (&n, GCRYMPI_FMT_USG, &publicKey->key[0], size, &size)))
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
return NULL;
}
size = GNUNET_CRYPTO_RSA_KEY_LENGTH - GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH;
- rc = gcry_mpi_scan (&e, GCRYMPI_FMT_USG,
- &publicKey->key[GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH],
- size, &size);
- if (rc)
+ if (0 != (rc = gcry_mpi_scan (&e, GCRYMPI_FMT_USG,
+ &publicKey->key[GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH],
+ size, &size)))
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
gcry_mpi_release (n);
e);
gcry_mpi_release (n);
gcry_mpi_release (e);
- if (rc)
+ if (0 != rc)
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); /* erroff gives more info */
return NULL;
}
- ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey));
- ret->sexp = result;
- return ret;
+ return result;
}
/**
* Encode the private key in a format suitable for
* storing it into a file.
- * @returns encoding of the private key.
+ *
+ * @return encoding of the private key.
* The first 4 bytes give the size of the array, as usual.
*/
struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *
size = sizeof (struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded);
for (i = 0; i < 6; i++)
{
- if (pkv[i] != NULL)
+ if (NULL != pkv[i])
{
GNUNET_assert (0 ==
gcry_mpi_aprint (GCRYMPI_FMT_USG,
*
* @param buf the buffer where the private key data is stored
* @param len the length of the data in 'buffer'
+ * @return NULL on error
*/
struct GNUNET_CRYPTO_RsaPrivateKey *
GNUNET_CRYPTO_rsa_decode_key (const char *buf, uint16_t len)
const struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *encoding =
(const struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *) buf;
gcry_sexp_t res;
- gcry_mpi_t n, e, d, p, q, u;
+ gcry_mpi_t n;
+ gcry_mpi_t e;
+ gcry_mpi_t d;
+ gcry_mpi_t p;
+ gcry_mpi_t q;
+ gcry_mpi_t u;
int rc;
size_t size;
- int pos;
+ size_t pos;
uint16_t enc_len;
+ size_t erroff;
enc_len = ntohs (encoding->len);
if (len != enc_len)
&((const unsigned char *) (&encoding[1]))[pos], size,
&size);
pos += ntohs (encoding->sizen);
- if (rc)
+ if (0 != rc)
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
return NULL;
&((const unsigned char *) (&encoding[1]))[pos], size,
&size);
pos += ntohs (encoding->sizee);
- if (rc)
+ if (0 != rc)
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
gcry_mpi_release (n);
&((const unsigned char *) (&encoding[1]))[pos], size,
&size);
pos += ntohs (encoding->sized);
- if (rc)
+ if (0 != rc)
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
gcry_mpi_release (n);
&((const unsigned char *) (&encoding[1]))[pos], size,
&size);
pos += ntohs (encoding->sizep);
- if (rc)
+ if (0 != rc)
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
gcry_mpi_release (n);
&((const unsigned char *) (&encoding[1]))[pos], size,
&size);
pos += ntohs (encoding->sizeq);
- if (rc)
+ if (0 != rc)
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
gcry_mpi_release (n);
gcry_mpi_release (e);
gcry_mpi_release (d);
- if (q != NULL)
+ if (NULL != q)
gcry_mpi_release (q);
return NULL;
}
rc = gcry_mpi_scan (&u, GCRYMPI_FMT_USG,
&((const unsigned char *) (&encoding[1]))[pos], size,
&size);
- if (rc)
+ if (0 != rc)
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc);
gcry_mpi_release (n);
gcry_mpi_release (e);
gcry_mpi_release (d);
- if (p != NULL)
+ if (NULL != p)
gcry_mpi_release (p);
- if (q != NULL)
+ if (NULL != q)
gcry_mpi_release (q);
return NULL;
}
else
u = NULL;
- if ((p != NULL) && (q != NULL) && (u != NULL))
+ if ((NULL != p) && (NULL != q) && (NULL != u))
{
- rc = gcry_sexp_build (&res, &size, /* erroff */
+ rc = gcry_sexp_build (&res, &erroff,
"(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))",
n, e, d, p, q, u);
}
else
{
- if ((p != NULL) && (q != NULL))
+ if ((NULL != p) && (NULL != q))
{
- rc = gcry_sexp_build (&res, &size, /* erroff */
+ rc = gcry_sexp_build (&res, &erroff,
"(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))",
n, e, d, p, q);
}
else
{
- rc = gcry_sexp_build (&res, &size, /* erroff */
+ rc = gcry_sexp_build (&res, &erroff,
"(private-key(rsa(n %m)(e %m)(d %m)))", n, e, d);
}
}
gcry_mpi_release (n);
gcry_mpi_release (e);
gcry_mpi_release (d);
- if (p != NULL)
+ if (NULL != p)
gcry_mpi_release (p);
- if (q != NULL)
+ if (NULL != q)
gcry_mpi_release (q);
- if (u != NULL)
+ if (NULL != u)
gcry_mpi_release (u);
- if (rc)
+ if (0 != rc)
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
#if EXTRA_CHECKS
- if (gcry_pk_testkey (res))
+ if (0 != (rc = gcry_pk_testkey (res)))
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
return NULL;
if (fs > UINT16_MAX)
{
LOG (GNUNET_ERROR_TYPE_ERROR,
- _("File `%s' does not contain a valid private key (too long, %llu bytes). Deleting it.\n"),
+ _("File `%s' does not contain a valid private key (too long, %llu bytes). Renaming it.\n"),
filename,
(unsigned long long) fs);
GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd));
- if (0 != UNLINK (filename))
- LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename);
+ GNUNET_DISK_file_backup (filename);
return NULL;
}
filename,
(unsigned long long) fs);
GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd));
- if (0 != UNLINK (filename))
- LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename);
+ GNUNET_DISK_file_backup (filename);
GNUNET_free (enc);
return NULL;
}
struct GNUNET_TIME_Relative timeout;
timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, 100);
- GNUNET_NETWORK_socket_select (NULL, NULL, NULL, timeout);
+ (void) GNUNET_NETWORK_socket_select (NULL, NULL, NULL, timeout);
}
/**
- * Create a new private key by reading it from a file. If the
- * files does not exist, create a new key and write it to the
- * file. Caller must free return value. Note that this function
- * can not guarantee that another process might not be trying
- * the same operation on the same file at the same time.
- * If the contents of the file
- * are invalid the old file is deleted and a fresh key is
- * created.
+ * Open existing private key file and read it. If the
+ * file does not exist, or the contents of the file are
+ * invalid, the function fails
+ * Caller must free returned value.
*
- * @return new private key, NULL on error (for example,
- * permission denied)
+ * @return a private key, NULL on error (for example,
+ * permission denied) or when file does not exist or contains invalid
+ * data.
*/
struct GNUNET_CRYPTO_RsaPrivateKey *
-GNUNET_CRYPTO_rsa_key_create_from_file (const char *filename)
+GNUNET_CRYPTO_rsa_key_create_from_existing_file (const char *filename)
{
struct GNUNET_CRYPTO_RsaPrivateKey *ret;
struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *enc;
struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pub;
struct GNUNET_PeerIdentity pid;
- if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename))
- return NULL;
- while (GNUNET_YES != GNUNET_DISK_file_test (filename))
- {
- fd = GNUNET_DISK_file_open (filename,
- GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE
- | GNUNET_DISK_OPEN_FAILIFEXISTS,
- GNUNET_DISK_PERM_USER_READ |
- GNUNET_DISK_PERM_USER_WRITE);
- if (NULL == fd)
- {
- if (errno == EEXIST)
- {
- if (GNUNET_YES != GNUNET_DISK_file_test (filename))
- {
- /* must exist but not be accessible, fail for good! */
- if (0 != ACCESS (filename, R_OK))
- LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "access", filename);
- else
- GNUNET_break (0); /* what is going on!? */
- return NULL;
- }
- continue;
- }
- LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
- return NULL;
- }
- cnt = 0;
-
- while (GNUNET_YES !=
- GNUNET_DISK_file_lock (fd, 0,
- sizeof (struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded),
- GNUNET_YES))
- {
- short_wait (1);
- if (0 == ++cnt % 10)
- {
- ec = errno;
- LOG (GNUNET_ERROR_TYPE_ERROR,
- _("Could not acquire lock on file `%s': %s...\n"), filename,
- STRERROR (ec));
- }
- }
- LOG (GNUNET_ERROR_TYPE_INFO,
- _("Creating a new private key. This may take a while.\n"));
- ret = rsa_key_create ();
- GNUNET_assert (ret != NULL);
- enc = GNUNET_CRYPTO_rsa_encode_key (ret);
- GNUNET_assert (enc != NULL);
- GNUNET_assert (ntohs (enc->len) ==
- GNUNET_DISK_file_write (fd, enc, ntohs (enc->len)));
- GNUNET_free (enc);
-
- GNUNET_DISK_file_sync (fd);
- if (GNUNET_YES !=
- GNUNET_DISK_file_unlock (fd, 0,
- sizeof (struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded)))
- LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
- GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
- GNUNET_CRYPTO_rsa_key_get_public (ret, &pub);
- GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey);
- LOG (GNUNET_ERROR_TYPE_INFO,
- _("I am host `%s'. Stored new private key in `%s'.\n"),
- GNUNET_i2s (&pid), filename);
- return ret;
- }
- /* hostkey file exists already, read it! */
fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ,
GNUNET_DISK_PERM_NONE);
if (NULL == fd)
STRERROR (ec));
LOG (GNUNET_ERROR_TYPE_ERROR,
_
- ("This may be ok if someone is currently generating a hostkey.\n"));
+ ("This may be ok if someone is currently generating a private key.\n"));
}
- short_wait (1);
+ short_wait ();
continue;
}
if (GNUNET_YES != GNUNET_DISK_file_test (filename))
fs = 0;
if (fs < sizeof (struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded))
{
- /* maybe we got the read lock before the hostkey generating
+ /* maybe we got the read lock before the key generating
* process had a chance to get the write lock; give it up! */
if (GNUNET_YES !=
GNUNET_DISK_file_unlock (fd, 0,
{
LOG (GNUNET_ERROR_TYPE_ERROR,
_
- ("When trying to read hostkey file `%s' I found %u bytes but I need at least %u.\n"),
+ ("When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
filename, (unsigned int) fs,
(unsigned int) sizeof (struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded));
LOG (GNUNET_ERROR_TYPE_ERROR,
_
- ("This may be ok if someone is currently generating a hostkey.\n"));
+ ("This may be ok if someone is currently generating a private key.\n"));
}
- short_wait (1); /* wait a bit longer! */
+ short_wait (); /* wait a bit longer! */
continue;
}
break;
LOG (GNUNET_ERROR_TYPE_ERROR,
_("File `%s' does not contain a valid private key. Deleting it.\n"),
filename);
- if (0 != UNLINK (filename))
- {
- LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename);
- }
+ GNUNET_DISK_file_backup (filename);
}
GNUNET_free (enc);
if (GNUNET_YES !=
{
GNUNET_CRYPTO_rsa_key_get_public (ret, &pub);
GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey);
- LOG (GNUNET_ERROR_TYPE_INFO,
- _("I am host `%s'. Read private key from `%s'.\n"), GNUNET_i2s (&pid),
- filename);
}
return ret;
}
+/**
+ * Create a new private key by reading it from a file. If the
+ * files does not exist, create a new key and write it to the
+ * file. Caller must free return value. Note that this function
+ * can not guarantee that another process might not be trying
+ * the same operation on the same file at the same time.
+ * If the contents of the file
+ * are invalid the old file is deleted and a fresh key is
+ * created.
+ *
+ * @return new private key, NULL on error (for example,
+ * permission denied)
+ */
+struct GNUNET_CRYPTO_RsaPrivateKey *
+GNUNET_CRYPTO_rsa_key_create_from_file (const char *filename)
+{
+ struct GNUNET_CRYPTO_RsaPrivateKey *ret;
+ struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *enc;
+ struct GNUNET_DISK_FileHandle *fd;
+ unsigned int cnt;
+ int ec;
+ struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pub;
+ struct GNUNET_PeerIdentity pid;
+
+ if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename))
+ return NULL;
+
+ while (GNUNET_YES != GNUNET_DISK_file_test (filename))
+ {
+ fd = GNUNET_DISK_file_open (filename,
+ GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE
+ | GNUNET_DISK_OPEN_FAILIFEXISTS,
+ GNUNET_DISK_PERM_USER_READ |
+ GNUNET_DISK_PERM_USER_WRITE);
+ if (NULL == fd)
+ {
+ if (EEXIST == errno)
+ {
+ if (GNUNET_YES != GNUNET_DISK_file_test (filename))
+ {
+ /* must exist but not be accessible, fail for good! */
+ if (0 != ACCESS (filename, R_OK))
+ LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "access", filename);
+ else
+ GNUNET_break (0); /* what is going on!? */
+ return NULL;
+ }
+ continue;
+ }
+ LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename);
+ return NULL;
+ }
+ cnt = 0;
+
+ while (GNUNET_YES !=
+ GNUNET_DISK_file_lock (fd, 0,
+ sizeof (struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded),
+ GNUNET_YES))
+ {
+ short_wait ();
+ if (0 == ++cnt % 10)
+ {
+ ec = errno;
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ _("Could not acquire lock on file `%s': %s...\n"), filename,
+ STRERROR (ec));
+ }
+ }
+ LOG (GNUNET_ERROR_TYPE_INFO,
+ _("Creating a new private key. This may take a while.\n"));
+ ret = rsa_key_create ();
+ GNUNET_assert (ret != NULL);
+ enc = GNUNET_CRYPTO_rsa_encode_key (ret);
+ GNUNET_assert (enc != NULL);
+ GNUNET_assert (ntohs (enc->len) ==
+ GNUNET_DISK_file_write (fd, enc, ntohs (enc->len)));
+ GNUNET_free (enc);
+
+ GNUNET_DISK_file_sync (fd);
+ if (GNUNET_YES !=
+ GNUNET_DISK_file_unlock (fd, 0,
+ sizeof (struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded)))
+ LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
+ GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
+ GNUNET_CRYPTO_rsa_key_get_public (ret, &pub);
+ GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey);
+ return ret;
+ }
+ /* hostkey file exists already, read it! */
+ return GNUNET_CRYPTO_rsa_key_create_from_existing_file (filename);
+}
+
/**
* Handle to cancel private key generation and state for the
const struct GNUNET_SCHEDULER_TaskContext *tc)
{
struct GNUNET_CRYPTO_RsaKeyGenerationContext *gc = cls;
- enum GNUNET_OS_ProcessStatusType type;
- unsigned long code;
struct GNUNET_CRYPTO_RsaPrivateKey *pk;
gc->read_task = GNUNET_SCHEDULER_NO_TASK;
GNUNET_CRYPTO_rsa_key_create_stop (gc);
return;
}
- if (GNUNET_OK !=
- GNUNET_OS_process_status (gc->gnunet_rsa,
- &type, &code))
- {
- GNUNET_break (0);
- gc->cont (gc->cont_cls, NULL, _("internal error"));
- GNUNET_CRYPTO_rsa_key_create_stop (gc);
- return;
- }
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_OS_process_wait (gc->gnunet_rsa));
GNUNET_OS_process_destroy (gc->gnunet_rsa);
gc->gnunet_rsa = NULL;
- if ( (GNUNET_OS_PROCESS_EXITED != type) ||
- (0 != code) )
- {
- gc->cont (gc->cont_cls, NULL, _("gnunet-rsa failed"));
- GNUNET_CRYPTO_rsa_key_create_stop (gc);
- return;
- }
if (NULL == (pk = try_read_key (gc->filename)))
{
GNUNET_break (0);
return;
}
gc->cont (gc->cont_cls, pk, NULL);
+ GNUNET_DISK_pipe_close (gc->gnunet_rsa_out);
GNUNET_free (gc->filename);
GNUNET_free (gc);
}
{
struct GNUNET_CRYPTO_RsaKeyGenerationContext *gc;
struct GNUNET_CRYPTO_RsaPrivateKey *pk;
- const char *weak_random;
if (NULL != (pk = try_read_key (filename)))
{
GNUNET_free (gc);
return NULL;
}
- weak_random = NULL;
- if (GNUNET_YES ==
- GNUNET_CRYPTO_random_is_weak ())
- weak_random = "-w";
gc->gnunet_rsa = GNUNET_OS_start_process (GNUNET_NO,
GNUNET_OS_INHERIT_STD_ERR,
NULL,
"gnunet-rsa",
"gnunet-rsa",
gc->filename,
- weak_random,
NULL);
if (NULL == gc->gnunet_rsa)
{
/**
- * Setup a hostkey file for a peer given the name of the
+ * Setup a key file for a peer given the name of the
* configuration file (!). This function is used so that
* at a later point code can be certain that reading a
- * hostkey is fast (for example in time-dependent testcases).
+ * key is fast (for example in time-dependent testcases).
*
* @param cfg_name name of the configuration file to use
*/
void
-GNUNET_CRYPTO_setup_hostkey (const char *cfg_name)
+GNUNET_CRYPTO_rsa_setup_hostkey (const char *cfg_name)
{
struct GNUNET_CONFIGURATION_Handle *cfg;
struct GNUNET_CRYPTO_RsaPrivateKey *pk;
{
gcry_sexp_t result;
gcry_sexp_t data;
- struct GNUNET_CRYPTO_RsaPrivateKey *pubkey;
+ gcry_sexp_t psexp;
gcry_mpi_t val;
gcry_mpi_t rval;
size_t isize;
size_t erroff;
GNUNET_assert (size <= sizeof (struct GNUNET_HashCode));
- pubkey = public2PrivateKey (publicKey);
- if (pubkey == NULL)
+ if (! (psexp = decode_public_key (publicKey)))
return GNUNET_SYSERR;
isize = size;
GNUNET_assert (0 ==
gcry_sexp_build (&data, &erroff,
"(data (flags pkcs1)(value %m))", val));
gcry_mpi_release (val);
- GNUNET_assert (0 == gcry_pk_encrypt (&result, data, pubkey->sexp));
+ GNUNET_assert (0 == gcry_pk_encrypt (&result, data, psexp));
gcry_sexp_release (data);
- GNUNET_CRYPTO_rsa_key_free (pubkey);
-
+ gcry_sexp_release (psexp);
GNUNET_assert (0 == key_from_sexp (&rval, result, "rsa", "a"));
gcry_sexp_release (result);
isize = sizeof (struct GNUNET_CRYPTO_RsaEncryptedData);
/**
- * Decrypt a given block with the hostkey.
+ * Decrypt a given block with the key.
*
* @param key the key with which to decrypt this block
* @param block the data to decrypt, encoded as returned by encrypt
}
+/**
+ * Convert the data specified in the given purpose argument to an
+ * S-expression suitable for signature operations.
+ *
+ * @param purpose data to convert
+ * @return converted s-expression
+ */
+static gcry_sexp_t
+data_to_pkcs1 (const struct GNUNET_CRYPTO_RsaSignaturePurpose *purpose)
+{
+ struct GNUNET_HashCode hc;
+ size_t bufSize;
+ gcry_sexp_t data;
+
+ GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
+#define FORMATSTRING "(4:data(5:flags5:pkcs1)(4:hash6:sha51264:0123456789012345678901234567890123456789012345678901234567890123))"
+ bufSize = strlen (FORMATSTRING) + 1;
+ {
+ char buff[bufSize];
+
+ memcpy (buff, FORMATSTRING, bufSize);
+ memcpy (&buff
+ [bufSize -
+ strlen
+ ("0123456789012345678901234567890123456789012345678901234567890123))")
+ - 1], &hc, sizeof (struct GNUNET_HashCode));
+ GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
+ }
+#undef FORMATSTRING
+ return data;
+}
+
+
/**
* Sign a given block.
*
gcry_sexp_t data;
size_t ssize;
gcry_mpi_t rval;
- struct GNUNET_HashCode hc;
- char *buff;
- int bufSize;
- GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
-#define FORMATSTRING "(4:data(5:flags5:pkcs1)(4:hash6:sha51264:0123456789012345678901234567890123456789012345678901234567890123))"
- bufSize = strlen (FORMATSTRING) + 1;
- buff = GNUNET_malloc (bufSize);
- memcpy (buff, FORMATSTRING, bufSize);
- memcpy (&buff
- [bufSize -
- strlen
- ("0123456789012345678901234567890123456789012345678901234567890123))")
- - 1], &hc, sizeof (struct GNUNET_HashCode));
- GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
- GNUNET_free (buff);
+ data = data_to_pkcs1 (purpose);
GNUNET_assert (0 == gcry_pk_sign (&result, data, key->sexp));
gcry_sexp_release (data);
GNUNET_assert (0 == key_from_sexp (&rval, result, "rsa", "s"));
gcry_sexp_t sigdata;
size_t size;
gcry_mpi_t val;
- struct GNUNET_CRYPTO_RsaPrivateKey *hostkey;
- struct GNUNET_HashCode hc;
- char *buff;
- int bufSize;
+ gcry_sexp_t psexp;
size_t erroff;
int rc;
if (purpose != ntohl (validate->purpose))
return GNUNET_SYSERR; /* purpose mismatch */
- GNUNET_CRYPTO_hash (validate, ntohl (validate->size), &hc);
size = sizeof (struct GNUNET_CRYPTO_RsaSignature);
GNUNET_assert (0 ==
gcry_mpi_scan (&val, GCRYMPI_FMT_USG,
gcry_sexp_build (&sigdata, &erroff, "(sig-val(rsa(s %m)))",
val));
gcry_mpi_release (val);
- bufSize = strlen (FORMATSTRING) + 1;
- buff = GNUNET_malloc (bufSize);
- memcpy (buff, FORMATSTRING, bufSize);
- memcpy (&buff
- [strlen (FORMATSTRING) -
- strlen
- ("0123456789012345678901234567890123456789012345678901234567890123))")],
- &hc, sizeof (struct GNUNET_HashCode));
- GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
- GNUNET_free (buff);
- hostkey = public2PrivateKey (publicKey);
- if (hostkey == NULL)
+ data = data_to_pkcs1 (validate);
+ if (! (psexp = decode_public_key (publicKey)))
{
gcry_sexp_release (data);
gcry_sexp_release (sigdata);
return GNUNET_SYSERR;
}
- rc = gcry_pk_verify (sigdata, data, hostkey->sexp);
- GNUNET_CRYPTO_rsa_key_free (hostkey);
+ rc = gcry_pk_verify (sigdata, data, psexp);
+ gcry_sexp_release (psexp);
gcry_sexp_release (data);
gcry_sexp_release (sigdata);
if (rc)
projects / oweals / gnunet.git / blobdiff