/**
* Extract the public key of the host.
- * @param hostkey the hostkey to extract into the result.
- * @param result where to write the result.
+ * @param priv the private key
+ * @param pub where to write the public key
*/
void
GNUNET_CRYPTO_rsa_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey
- *hostkey,
+ *priv,
struct
GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded
- *result)
+ *pub)
{
gcry_mpi_t skey[2];
size_t size;
int rc;
- rc = key_from_sexp (skey, hostkey->sexp, "public-key", "ne");
+ rc = key_from_sexp (skey, priv->sexp, "public-key", "ne");
if (rc)
- rc = key_from_sexp (skey, hostkey->sexp, "private-key", "ne");
+ rc = key_from_sexp (skey, priv->sexp, "private-key", "ne");
if (rc)
- rc = key_from_sexp (skey, hostkey->sexp, "rsa", "ne");
+ rc = key_from_sexp (skey, priv->sexp, "rsa", "ne");
GNUNET_assert (0 == rc);
- result->len =
+ pub->len =
htons (sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded) -
- sizeof (result->padding));
- result->sizen = htons (GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH);
- result->padding = 0;
+ sizeof (pub->padding));
+ pub->sizen = htons (GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH);
+ pub->padding = 0;
size = GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH;
GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG,
- &result->key[0], size, &size, skey[0]));
- adjust (&result->key[0], size, GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH);
+ &pub->key[0], size, &size, skey[0]));
+ adjust (&pub->key[0], size, GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH);
size =
GNUNET_CRYPTO_RSA_KEY_LENGTH - GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH;
GNUNET_assert (0 ==
gcry_mpi_print (GCRYMPI_FMT_USG,
- &result->key
+ &pub->key
[GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH],
size, &size, skey[1]));
- adjust (&result->key[GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH], size,
+ adjust (&pub->key[GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH], size,
GNUNET_CRYPTO_RSA_KEY_LENGTH -
GNUNET_CRYPTO_RSA_DATA_ENCODING_LENGTH);
gcry_mpi_release (skey[0]);
unsigned int cnt;
int ec;
uint64_t fs;
+ struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pub;
+ struct GNUNET_PeerIdentity pid;
if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename))
return NULL;
while (GNUNET_YES != GNUNET_DISK_file_test (filename))
{
- fd = GNUNET_DISK_file_open (filename,
- GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE | GNUNET_DISK_OPEN_FAILIFEXISTS,
- GNUNET_DISK_PERM_USER_READ| GNUNET_DISK_PERM_USER_WRITE | GNUNET_DISK_PERM_GROUP_READ);
+ fd = GNUNET_DISK_file_open (filename,
+ GNUNET_DISK_OPEN_WRITE |
+ GNUNET_DISK_OPEN_CREATE |
+ GNUNET_DISK_OPEN_FAILIFEXISTS,
+ GNUNET_DISK_PERM_USER_READ |
+ GNUNET_DISK_PERM_USER_WRITE);
if (NULL == fd)
{
if (errno == EEXIST)
- continue;
+ {
+ if (GNUNET_YES != GNUNET_DISK_file_test (filename))
+ {
+ /* must exist but not be accessible, fail for good! */
+ if (0 != ACCESS (filename, R_OK))
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+ "access", filename);
+ else
+ GNUNET_break (0); /* what is going on!? */
+ return NULL;
+ }
+ continue;
+ }
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
"open", filename);
return NULL;
}
cnt = 0;
- while (GNUNET_YES != GNUNET_DISK_file_lock (fd, 0, sizeof (struct RsaPrivateKeyBinaryEncoded), GNUNET_YES))
+ while (GNUNET_YES !=
+ GNUNET_DISK_file_lock (fd, 0,
+ sizeof (struct
+ RsaPrivateKeyBinaryEncoded),
+ GNUNET_YES))
{
sleep (1);
if (0 == ++cnt % 10)
GNUNET_assert (ret != NULL);
enc = rsa_encode_key (ret);
GNUNET_assert (enc != NULL);
- GNUNET_assert (ntohs (enc->len) == GNUNET_DISK_file_write (fd, enc, ntohs (enc->len)));
+ GNUNET_assert (ntohs (enc->len) ==
+ GNUNET_DISK_file_write (fd, enc, ntohs (enc->len)));
GNUNET_free (enc);
GNUNET_DISK_file_sync (fd);
- if (GNUNET_YES != GNUNET_DISK_file_unlock (fd, 0, sizeof (struct RsaPrivateKeyBinaryEncoded)))
- GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
- "fcntl", filename);
+ if (GNUNET_YES !=
+ GNUNET_DISK_file_unlock (fd, 0,
+ sizeof (struct
+ RsaPrivateKeyBinaryEncoded)))
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "fcntl",
+ filename);
GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
+ GNUNET_CRYPTO_rsa_key_get_public (ret, &pub);
+ GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- _("Stored new private key in `%s'.\n"), filename);
+ _("I am host `%s'. Stored new private key in `%s'.\n"),
+ GNUNET_i2s (&pid),
+ filename);
return ret;
}
/* hostkey file exists already, read it! */
- fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ);
+ fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ,
+ GNUNET_DISK_PERM_NONE);
if (NULL == fd)
{
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "open", filename);
cnt = 0;
while (1)
{
- if (GNUNET_YES != GNUNET_DISK_file_lock (fd, 0, sizeof (struct RsaPrivateKeyBinaryEncoded), GNUNET_NO))
+ if (GNUNET_YES !=
+ GNUNET_DISK_file_lock (fd, 0,
+ sizeof (struct RsaPrivateKeyBinaryEncoded),
+ GNUNET_NO))
{
if (0 == ++cnt % 10)
{
if (GNUNET_YES != GNUNET_DISK_file_test (filename))
{
/* eh, what!? File we opened is now gone!? */
- GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
"stat", filename);
- if (GNUNET_YES != GNUNET_DISK_file_unlock (fd, 0, sizeof (struct RsaPrivateKeyBinaryEncoded)))
- GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
- "fcntl", filename);
- GNUNET_assert (0 == GNUNET_DISK_file_close (fd));
+ if (GNUNET_YES !=
+ GNUNET_DISK_file_unlock (fd, 0,
+ sizeof (struct
+ RsaPrivateKeyBinaryEncoded)))
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "fcntl",
+ filename);
+ GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd));
return NULL;
}
{
/* maybe we got the read lock before the hostkey generating
process had a chance to get the write lock; give it up! */
- if (GNUNET_YES != GNUNET_DISK_file_unlock (fd, 0, sizeof (struct RsaPrivateKeyBinaryEncoded)))
- GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
- "fcntl", filename);
+ if (GNUNET_YES !=
+ GNUNET_DISK_file_unlock (fd, 0,
+ sizeof (struct
+ RsaPrivateKeyBinaryEncoded)))
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "fcntl",
+ filename);
if (0 == ++cnt % 10)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
_
- ("File `%s' does not contain a valid private key. You should delete it.\n"),
+ ("File `%s' does not contain a valid private key. Deleting it.\n"),
filename);
+ if (0 != UNLINK (filename))
+ {
+ GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+ "unlink",
+ filename);
+ }
}
GNUNET_free (enc);
- if (GNUNET_YES != GNUNET_DISK_file_unlock (fd, 0, sizeof (struct RsaPrivateKeyBinaryEncoded)))
+ if (GNUNET_YES !=
+ GNUNET_DISK_file_unlock (fd, 0,
+ sizeof (struct RsaPrivateKeyBinaryEncoded)))
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename);
GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
+ if (ret != NULL)
+ {
+ GNUNET_CRYPTO_rsa_key_get_public (ret, &pub);
+ GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ _("I am host `%s'. Read private key from `%s'.\n"),
+ GNUNET_i2s (&pid),
+ filename);
+ }
return ret;
}
/**
* Decrypt a given block with the hostkey.
*
- * @param hostkey the hostkey with which to decrypt this block
+ * @param key the key with which to decrypt this block
* @param block the data to decrypt, encoded as returned by encrypt
* @param result pointer to a location where the result can be stored
* @param max the maximum number of bits to store for the result, if
* the decrypted block is bigger, an error is returned
- * @returns the size of the decrypted block, -1 on error
+ * @return the size of the decrypted block, -1 on error
*/
ssize_t
-GNUNET_CRYPTO_rsa_decrypt (const struct GNUNET_CRYPTO_RsaPrivateKey *hostkey,
- const struct GNUNET_CRYPTO_RsaEncryptedData *block,
- void *result,
- size_t max)
+GNUNET_CRYPTO_rsa_decrypt (const struct GNUNET_CRYPTO_RsaPrivateKey * key,
+ const struct GNUNET_CRYPTO_RsaEncryptedData *
+ block, void *result, size_t max)
{
gcry_sexp_t resultsexp;
gcry_sexp_t data;
unsigned char *tmp;
#if EXTRA_CHECKS
- GNUNET_assert (0 == gcry_pk_testkey (hostkey->sexp));
+ GNUNET_assert (0 == gcry_pk_testkey (key->sexp));
#endif
size = sizeof (struct GNUNET_CRYPTO_RsaEncryptedData);
GNUNET_assert (0 == gcry_mpi_scan (&val,
gcry_sexp_build (&data, &erroff,
"(enc-val(flags)(rsa(a %m)))", val));
gcry_mpi_release (val);
- GNUNET_assert (0 == gcry_pk_decrypt (&resultsexp, data, hostkey->sexp));
+ GNUNET_assert (0 == gcry_pk_decrypt (&resultsexp, data, key->sexp));
gcry_sexp_release (data);
/* resultsexp has format "(value %m)" */
GNUNET_assert (NULL !=
/**
* Sign a given block.
*
- * @param hostkey private key to use for the signing
+ * @param key private key to use for the signing
* @param purpose what to sign (size, purpose)
* @param sig where to write the signature
* @return GNUNET_SYSERR on error, GNUNET_OK on success
*/
int
-GNUNET_CRYPTO_rsa_sign (const struct GNUNET_CRYPTO_RsaPrivateKey *hostkey,
+GNUNET_CRYPTO_rsa_sign (const struct GNUNET_CRYPTO_RsaPrivateKey *key,
const struct GNUNET_CRYPTO_RsaSignaturePurpose
*purpose, struct GNUNET_CRYPTO_RsaSignature *sig)
{
- 1], &hc, sizeof (GNUNET_HashCode));
GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
GNUNET_free (buff);
- GNUNET_assert (0 == gcry_pk_sign (&result, data, hostkey->sexp));
+ GNUNET_assert (0 == gcry_pk_sign (&result, data, key->sexp));
gcry_sexp_release (data);
GNUNET_assert (0 == key_from_sexp (&rval, result, "rsa", "s"));
gcry_sexp_release (result);