X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Futil%2Fcrypto_ecc.c;h=3cec128680f7e2bd38d9d4baf26557b80260a655;hb=72c8645af31896829b674b575c5375706f362a30;hp=af3fe33599def8e4628c7eef6b979159fb262f67;hpb=69c3f226a7e62844b7dc08da92affeed8a062f4b;p=oweals%2Fgnunet.git diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index af3fe3359..3cec12868 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -1,6 +1,6 @@ /* This file is part of GNUnet. - (C) 2001, 2002, 2003, 2004, 2005, 2006, 2009, 2012 Christian Grothoff (and other contributing authors) + (C) 2012, 2013 Christian Grothoff (and other contributing authors) GNUnet is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published @@ -22,23 +22,15 @@ * @file util/crypto_ecc.c * @brief public key cryptography (ECC) with libgcrypt * @author Christian Grothoff - * - * This is just a first, completely untested, draft hack for future ECC support. - * TODO: - * - declare public API in gnunet_crypto_lib (move some structs, etc.) - * - implement gnunet-ecc binary - * - convert existing RSA testcases - * - adjust encoding length and other parameters - * - actually test it! */ #include "platform.h" #include #include "gnunet_common.h" #include "gnunet_util_lib.h" -#define EXTRA_CHECKS ALLOW_EXTRA_CHECKS +#define EXTRA_CHECKS ALLOW_EXTRA_CHECKS -#define CURVE "NIST P-521" +#define CURVE "NIST P-256" #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__) @@ -67,26 +59,6 @@ struct GNUNET_CRYPTO_EccPrivateKey }; -/** - * If target != size, move target bytes to the - * end of the size-sized buffer and zero out the - * first target-size bytes. - * - * @param buf original buffer - * @param size number of bytes in the buffer - * @param target target size of the buffer - */ -static void -adjust (unsigned char *buf, size_t size, size_t target) -{ - if (size < target) - { - memmove (&buf[target - size], buf, size); - memset (buf, 0, target - size); - } -} - - /** * Free memory occupied by ECC key * @@ -174,6 +146,7 @@ GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv size_t size; int rc; + memset (pub, 0, sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)); rc = key_from_sexp (&skey, priv->sexp, "public-key", "q"); if (rc) rc = key_from_sexp (&skey, priv->sexp, "private-key", "q"); @@ -186,7 +159,6 @@ GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv gcry_mpi_print (GCRYMPI_FMT_USG, pub->key, size, &size, skey)); pub->len = htons (size); - adjust (&pub->key[0], size, GNUNET_CRYPTO_ECC_MAX_PUBLIC_KEY_LENGTH); gcry_mpi_release (skey); } @@ -198,7 +170,7 @@ GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv * @return string representing 'pub' */ char * -GNUNET_CRYPTO_ecc_public_key_to_string (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub) +GNUNET_CRYPTO_ecc_public_key_to_string (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub) { char *pubkeybuf; size_t keylen = (sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) * 8; @@ -244,11 +216,11 @@ GNUNET_CRYPTO_ecc_public_key_from_string (const char *enc, return GNUNET_SYSERR; if (GNUNET_OK != GNUNET_STRINGS_string_to_data (enc, enclen, - (unsigned char*) pub, - sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded))) + pub, + sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded))) return GNUNET_SYSERR; if ( (ntohs (pub->size) != sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) || - (ntohs (pub->len) > GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH) ) + (ntohs (pub->len) > GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH) ) return GNUNET_SYSERR; return GNUNET_OK; } @@ -270,24 +242,35 @@ decode_public_key (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *publicK size_t erroff; int rc; - if (ntohs (publicKey->len) > GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH) + if (ntohs (publicKey->len) > GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH) { GNUNET_break (0); return NULL; } - size = ntohs (publicKey->size); + size = ntohs (publicKey->len); if (0 != (rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG, publicKey->key, size, &size))) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); return NULL; } - rc = gcry_sexp_build (&result, &erroff, "(public-key(ecc((curve \"" CURVE "\")(q %m)))", q); + + rc = gcry_sexp_build (&result, &erroff, + "(public-key(ecdsa(curve \"" CURVE "\")(q %m)))", + q); gcry_mpi_release (q); if (0 != rc) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); /* erroff gives more info */ return NULL; } +#if EXTRA_CHECKS + if (0 != (rc = gcry_pk_testkey (result))) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); + gcry_sexp_release (result); + return NULL; + } +#endif return result; } @@ -309,7 +292,7 @@ GNUNET_CRYPTO_ecc_encode_key (const struct GNUNET_CRYPTO_EccPrivateKey *key) size_t size; #if EXTRA_CHECKS - if (gcry_pk_testkey (hostkey->sexp)) + if (0 != gcry_pk_testkey (key->sexp)) { GNUNET_break (0); return NULL; @@ -324,7 +307,7 @@ GNUNET_CRYPTO_ecc_encode_key (const struct GNUNET_CRYPTO_EccPrivateKey *key) return NULL; } GNUNET_assert (size < 65536 - sizeof (uint16_t)); - be = htons ((uint16_t) size); + be = htons ((uint16_t) size + (sizeof (be))); memcpy (buf, &be, sizeof (be)); size += sizeof (be); retval = GNUNET_malloc (size); @@ -339,11 +322,15 @@ GNUNET_CRYPTO_ecc_encode_key (const struct GNUNET_CRYPTO_EccPrivateKey *key) * * @param buf the buffer where the private key data is stored * @param len the length of the data in 'buffer' + * @param validate GNUNET_YES to validate that the key is well-formed, + * GNUNET_NO if the key comes from a totally trusted source + * and validation is considered too expensive * @return NULL on error */ struct GNUNET_CRYPTO_EccPrivateKey * GNUNET_CRYPTO_ecc_decode_key (const char *buf, - size_t len) + size_t len, + int validate) { struct GNUNET_CRYPTO_EccPrivateKey *ret; uint16_t be; @@ -354,8 +341,9 @@ GNUNET_CRYPTO_ecc_decode_key (const char *buf, if (len < sizeof (uint16_t)) return NULL; memcpy (&be, buf, sizeof (be)); - if (len != ntohs (be)) + if (len < ntohs (be)) return NULL; + len = ntohs (be); if (0 != (rc = gcry_sexp_sscan (&sexp, &erroff, &buf[2], @@ -363,8 +351,9 @@ GNUNET_CRYPTO_ecc_decode_key (const char *buf, { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_scan", rc); return NULL; - } - if (0 != (rc = gcry_pk_testkey (sexp))) + } + if ( (GNUNET_YES == validate) && + (0 != (rc = gcry_pk_testkey (sexp))) ) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); return NULL; @@ -380,90 +369,38 @@ GNUNET_CRYPTO_ecc_decode_key (const char *buf, * * @return fresh private key */ -static struct GNUNET_CRYPTO_EccPrivateKey * -ecc_key_create () +struct GNUNET_CRYPTO_EccPrivateKey * +GNUNET_CRYPTO_ecc_key_create () { struct GNUNET_CRYPTO_EccPrivateKey *ret; gcry_sexp_t s_key; gcry_sexp_t s_keyparam; + int rc; - GNUNET_assert (0 == - gcry_sexp_build (&s_keyparam, NULL, - "(genkey(ecc(curve \"" CURVE "\")))")); - GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam)); - gcry_sexp_release (s_keyparam); -#if EXTRA_CHECKS - GNUNET_assert (0 == gcry_pk_testkey (s_key)); -#endif - ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey)); - ret->sexp = s_key; - return ret; -} - - -/** - * Try to read the private key from the given file. - * - * @param filename file to read the key from - * @return NULL on error - */ -static struct GNUNET_CRYPTO_EccPrivateKey * -try_read_key (const char *filename) -{ - struct GNUNET_CRYPTO_EccPrivateKey *ret; - struct GNUNET_DISK_FileHandle *fd; - OFF_T fs; - - if (GNUNET_YES != GNUNET_DISK_file_test (filename)) - return NULL; - - /* hostkey file exists already, read it! */ - if (NULL == (fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ, - GNUNET_DISK_PERM_NONE))) - { - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename); - return NULL; - } - if (GNUNET_OK != (GNUNET_DISK_file_handle_size (fd, &fs))) + if (0 != (rc = gcry_sexp_build (&s_keyparam, NULL, + "(genkey(ecdsa(curve \"" CURVE "\")))"))) { - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "stat", filename); - (void) GNUNET_DISK_file_close (fd); + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); return NULL; } - if (0 == fs) + if (0 != (rc = gcry_pk_genkey (&s_key, s_keyparam))) { - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc); + gcry_sexp_release (s_keyparam); return NULL; } - if (fs > UINT16_MAX) + gcry_sexp_release (s_keyparam); +#if EXTRA_CHECKS + if (0 != (rc = gcry_pk_testkey (s_key))) { - LOG (GNUNET_ERROR_TYPE_ERROR, - _("File `%s' does not contain a valid private key (too long, %llu bytes). Deleting it.\n"), - filename, - (unsigned long long) fs); - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); - if (0 != UNLINK (filename)) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename); + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); + gcry_sexp_release (s_key); return NULL; } - { - char enc[fs]; - - GNUNET_break (fs == GNUNET_DISK_file_read (fd, enc, fs)); - if (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, fs))) - { - LOG (GNUNET_ERROR_TYPE_ERROR, - _("File `%s' does not contain a valid private key (failed decode, %llu bytes). Deleting it.\n"), - filename, - (unsigned long long) fs); - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); - if (0 != UNLINK (filename)) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename); - return NULL; - } - } - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); - return ret; +#endif + ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey)); + ret->sexp = s_key; + return ret; } @@ -555,7 +492,7 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) } LOG (GNUNET_ERROR_TYPE_INFO, _("Creating a new private key. This may take a while.\n")); - ret = ecc_key_create (); + ret = GNUNET_CRYPTO_ecc_key_create (); GNUNET_assert (ret != NULL); enc = GNUNET_CRYPTO_ecc_encode_key (ret); GNUNET_assert (enc != NULL); @@ -571,12 +508,9 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd)); GNUNET_CRYPTO_ecc_key_get_public (ret, &pub); GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey); - LOG (GNUNET_ERROR_TYPE_INFO, - _("I am host `%s'. Stored new private key in `%s'.\n"), - GNUNET_i2s (&pid), filename); return ret; } - /* hostkey file exists already, read it! */ + /* key file exists already, read it! */ fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ, GNUNET_DISK_PERM_NONE); if (NULL == fd) @@ -600,7 +534,7 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) STRERROR (ec)); LOG (GNUNET_ERROR_TYPE_ERROR, _ - ("This may be ok if someone is currently generating a hostkey.\n")); + ("This may be ok if someone is currently generating a private key.\n")); } short_wait (); continue; @@ -621,7 +555,7 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) fs = 0; if (fs < sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded)) { - /* maybe we got the read lock before the hostkey generating + /* maybe we got the read lock before the key generating * process had a chance to get the write lock; give it up! */ if (GNUNET_YES != GNUNET_DISK_file_unlock (fd, 0, @@ -631,12 +565,12 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) { LOG (GNUNET_ERROR_TYPE_ERROR, _ - ("When trying to read hostkey file `%s' I found %u bytes but I need at least %u.\n"), + ("When trying to read key file `%s' I found %u bytes but I need at least %u.\n"), filename, (unsigned int) fs, (unsigned int) sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded)); LOG (GNUNET_ERROR_TYPE_ERROR, _ - ("This may be ok if someone is currently generating a hostkey.\n")); + ("This may be ok if someone is currently generating a key.\n")); } short_wait (); /* wait a bit longer! */ continue; @@ -647,8 +581,8 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) GNUNET_assert (fs == GNUNET_DISK_file_read (fd, enc, fs)); len = ntohs (enc->size); ret = NULL; - if ((len != fs) || - (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len)))) + if ((len > fs) || + (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len, GNUNET_YES)))) { LOG (GNUNET_ERROR_TYPE_ERROR, _("File `%s' does not contain a valid private key. Deleting it.\n"), @@ -668,367 +602,84 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) { GNUNET_CRYPTO_ecc_key_get_public (ret, &pub); GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey); - LOG (GNUNET_ERROR_TYPE_INFO, - _("I am host `%s'. Read private key from `%s'.\n"), GNUNET_i2s (&pid), - filename); } return ret; } /** - * Handle to cancel private key generation and state for the - * key generation operation. - */ -struct GNUNET_CRYPTO_EccKeyGenerationContext -{ - - /** - * Continuation to call upon completion. - */ - GNUNET_CRYPTO_EccKeyCallback cont; - - /** - * Closure for 'cont'. - */ - void *cont_cls; - - /** - * Name of the file. - */ - char *filename; - - /** - * Handle to the helper process which does the key generation. - */ - struct GNUNET_OS_Process *gnunet_ecc; - - /** - * Handle to 'stdout' of gnunet-ecc. We 'read' on stdout to detect - * process termination (instead of messing with SIGCHLD). - */ - struct GNUNET_DISK_PipeHandle *gnunet_ecc_out; - - /** - * Location where we store the private key if it already existed. - * (if this is used, 'filename', 'gnunet_ecc' and 'gnunet_ecc_out' will - * not be used). - */ - struct GNUNET_CRYPTO_EccPrivateKey *pk; - - /** - * Task reading from 'gnunet_ecc_out' to wait for process termination. - */ - GNUNET_SCHEDULER_TaskIdentifier read_task; - -}; - - -/** - * Abort ECC key generation. - * - * @param gc key generation context to abort - */ -void -GNUNET_CRYPTO_ecc_key_create_stop (struct GNUNET_CRYPTO_EccKeyGenerationContext *gc) -{ - if (GNUNET_SCHEDULER_NO_TASK != gc->read_task) - { - GNUNET_SCHEDULER_cancel (gc->read_task); - gc->read_task = GNUNET_SCHEDULER_NO_TASK; - } - if (NULL != gc->gnunet_ecc) - { - (void) GNUNET_OS_process_kill (gc->gnunet_ecc, SIGKILL); - GNUNET_break (GNUNET_OK == - GNUNET_OS_process_wait (gc->gnunet_ecc)); - GNUNET_OS_process_destroy (gc->gnunet_ecc); - GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); - } - - if (NULL != gc->filename) - { - if (0 != UNLINK (gc->filename)) - GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "unlink", gc->filename); - GNUNET_free (gc->filename); - } - if (NULL != gc->pk) - GNUNET_CRYPTO_ecc_key_free (gc->pk); - GNUNET_free (gc); -} - - -/** - * Task called upon shutdown or process termination of 'gnunet-ecc' during - * ECC key generation. Check where we are and perform the appropriate - * action. + * Create a new private key by reading our peer's key from + * the file specified in the configuration. * - * @param cls the 'struct GNUNET_CRYPTO_EccKeyGenerationContext' - * @param tc scheduler context - */ -static void -check_key_generation_completion (void *cls, - const struct GNUNET_SCHEDULER_TaskContext *tc) -{ - struct GNUNET_CRYPTO_EccKeyGenerationContext *gc = cls; - struct GNUNET_CRYPTO_EccPrivateKey *pk; - - gc->read_task = GNUNET_SCHEDULER_NO_TASK; - if (0 != (tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN)) - { - gc->cont (gc->cont_cls, NULL, _("interrupted by shutdown")); - GNUNET_CRYPTO_ecc_key_create_stop (gc); - return; - } - GNUNET_assert (GNUNET_OK == - GNUNET_OS_process_wait (gc->gnunet_ecc)); - GNUNET_OS_process_destroy (gc->gnunet_ecc); - gc->gnunet_ecc = NULL; - if (NULL == (pk = try_read_key (gc->filename))) - { - GNUNET_break (0); - gc->cont (gc->cont_cls, NULL, _("gnunet-ecc failed")); - GNUNET_CRYPTO_ecc_key_create_stop (gc); - return; - } - gc->cont (gc->cont_cls, pk, NULL); - GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); - GNUNET_free (gc->filename); - GNUNET_free (gc); -} - - -/** - * Return the private ECC key which already existed on disk - * (asynchronously) to the caller. - * - * @param cls the 'struct GNUNET_CRYPTO_EccKeyGenerationContext' - * @param tc scheduler context (unused) - */ -static void -async_return_key (void *cls, - const struct GNUNET_SCHEDULER_TaskContext *tc) -{ - struct GNUNET_CRYPTO_EccKeyGenerationContext *gc = cls; - - gc->cont (gc->cont_cls, - gc->pk, - NULL); - GNUNET_free (gc); -} - - -/** - * Create a new private key by reading it from a file. If the files - * does not exist, create a new key and write it to the file. If the - * contents of the file are invalid the old file is deleted and a - * fresh key is created. - * - * @param filename name of file to use for storage - * @param cont function to call when done (or on errors) - * @param cont_cls closure for 'cont' - * @return handle to abort operation, NULL on fatal errors (cont will not be called if NULL is returned) + * @return new private key, NULL on error (for example, + * permission denied) */ -struct GNUNET_CRYPTO_EccKeyGenerationContext * -GNUNET_CRYPTO_ecc_key_create_start (const char *filename, - GNUNET_CRYPTO_EccKeyCallback cont, - void *cont_cls) +struct GNUNET_CRYPTO_EccPrivateKey * +GNUNET_CRYPTO_ecc_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg) { - struct GNUNET_CRYPTO_EccKeyGenerationContext *gc; struct GNUNET_CRYPTO_EccPrivateKey *pk; - const char *weak_random; + char *fn; - if (NULL != (pk = try_read_key (filename))) - { - /* quick happy ending: key already exists! */ - gc = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccKeyGenerationContext)); - gc->pk = pk; - gc->cont = cont; - gc->cont_cls = cont_cls; - gc->read_task = GNUNET_SCHEDULER_add_now (&async_return_key, - gc); - return gc; - } - gc = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccKeyGenerationContext)); - gc->filename = GNUNET_strdup (filename); - gc->cont = cont; - gc->cont_cls = cont_cls; - gc->gnunet_ecc_out = GNUNET_DISK_pipe (GNUNET_NO, - GNUNET_NO, - GNUNET_NO, - GNUNET_YES); - if (NULL == gc->gnunet_ecc_out) - { - GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "pipe"); - GNUNET_free (gc->filename); - GNUNET_free (gc); - return NULL; - } - weak_random = NULL; - if (GNUNET_YES == - GNUNET_CRYPTO_random_is_weak ()) - weak_random = "-w"; - gc->gnunet_ecc = GNUNET_OS_start_process (GNUNET_NO, - GNUNET_OS_INHERIT_STD_ERR, - NULL, - gc->gnunet_ecc_out, - "gnunet-ecc", - "gnunet-ecc", - gc->filename, - weak_random, - NULL); - if (NULL == gc->gnunet_ecc) - { - GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "fork"); - GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); - GNUNET_free (gc->filename); - GNUNET_free (gc); + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn)) return NULL; - } - GNUNET_assert (GNUNET_OK == - GNUNET_DISK_pipe_close_end (gc->gnunet_ecc_out, - GNUNET_DISK_PIPE_END_WRITE)); - gc->read_task = GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL, - GNUNET_DISK_pipe_handle (gc->gnunet_ecc_out, - GNUNET_DISK_PIPE_END_READ), - &check_key_generation_completion, - gc); - return gc; + pk = GNUNET_CRYPTO_ecc_key_create_from_file (fn); + GNUNET_free (fn); + return pk; } /** - * Setup a hostkey file for a peer given the name of the + * Setup a key file for a peer given the name of the * configuration file (!). This function is used so that * at a later point code can be certain that reading a - * hostkey is fast (for example in time-dependent testcases). + * key is fast (for example in time-dependent testcases). * * @param cfg_name name of the configuration file to use */ void -GNUNET_CRYPTO_ecc_setup_hostkey (const char *cfg_name) +GNUNET_CRYPTO_ecc_setup_key (const char *cfg_name) { struct GNUNET_CONFIGURATION_Handle *cfg; struct GNUNET_CRYPTO_EccPrivateKey *pk; - char *fn; cfg = GNUNET_CONFIGURATION_create (); (void) GNUNET_CONFIGURATION_load (cfg, cfg_name); - if (GNUNET_OK == - GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn)) - { - pk = GNUNET_CRYPTO_ecc_key_create_from_file (fn); - if (NULL != pk) - GNUNET_CRYPTO_ecc_key_free (pk); - GNUNET_free (fn); - } + pk = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg); + if (NULL != pk) + GNUNET_CRYPTO_ecc_key_free (pk); GNUNET_CONFIGURATION_destroy (cfg); } /** - * Encrypt a block with the public key of another host that uses the - * same cipher. + * Retrieve the identity of the host's peer. * - * @param block the block to encrypt - * @param size the size of block - * @param publicKey the encoded public key used to encrypt - * @param target where to store the encrypted block - * @returns GNUNET_SYSERR on error, GNUNET_OK if ok + * @param cfg configuration to use + * @param dst pointer to where to write the peer identity + * @return GNUNET_OK on success, GNUNET_SYSERR if the identity + * could not be retrieved */ int -GNUNET_CRYPTO_ecc_encrypt (const void *block, size_t size, - const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded - *publicKey, - struct GNUNET_CRYPTO_EccEncryptedData *target) +GNUNET_CRYPTO_get_host_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, + struct GNUNET_PeerIdentity *dst) { - gcry_sexp_t result; - gcry_sexp_t data; - gcry_sexp_t psexp; - gcry_mpi_t val; - size_t isize; - size_t erroff; + struct GNUNET_CRYPTO_EccPrivateKey *my_private_key; + struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key; - GNUNET_assert (size <= sizeof (struct GNUNET_HashCode)); - if (! (psexp = decode_public_key (publicKey))) - return GNUNET_SYSERR; - isize = size; - GNUNET_assert (0 == - gcry_mpi_scan (&val, GCRYMPI_FMT_USG, block, isize, &isize)); - GNUNET_assert (0 == - gcry_sexp_build (&data, &erroff, - "(data (flags pkcs1)(value %m))", val)); - gcry_mpi_release (val); - GNUNET_assert (0 == gcry_pk_encrypt (&result, data, psexp)); - gcry_sexp_release (data); - gcry_sexp_release (psexp); - isize = gcry_sexp_sprint (result, - GCRYSEXP_FMT_DEFAULT, - target->encoding, - GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH); - if (0 == isize) + if (NULL == (my_private_key = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg))) { - GNUNET_break (0); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + _("Could not load peer's private key\n")); return GNUNET_SYSERR; } - target->size = htons ((uint16_t) isize); - /* padd with zeros */ - memset (&target->encoding[isize], 0, GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH - isize); + GNUNET_CRYPTO_ecc_key_get_public (my_private_key, &my_public_key); + GNUNET_CRYPTO_ecc_key_free (my_private_key); + GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), &dst->hashPubKey); return GNUNET_OK; } -/** - * Decrypt a given block with the hostkey. - * - * @param key the key with which to decrypt this block - * @param block the data to decrypt, encoded as returned by encrypt - * @param result pointer to a location where the result can be stored - * @param max the maximum number of bits to store for the result, if - * the decrypted block is bigger, an error is returned - * @return the size of the decrypted block, -1 on error - */ -ssize_t -GNUNET_CRYPTO_ecc_decrypt (const struct GNUNET_CRYPTO_EccPrivateKey *key, - const struct GNUNET_CRYPTO_EccEncryptedData *block, - void *result, size_t max) -{ - gcry_sexp_t resultsexp; - gcry_sexp_t data; - size_t erroff; - size_t size; - gcry_mpi_t val; - unsigned char *endp; - -#if EXTRA_CHECKS - GNUNET_assert (0 == gcry_pk_testkey (key->sexp)); -#endif - size = ntohs (block->size); - GNUNET_assert (0 == - gcry_sexp_sscan (&data, - &erroff, - block->encoding, size)); - GNUNET_assert (0 == gcry_pk_decrypt (&resultsexp, data, key->sexp)); - gcry_sexp_release (data); - /* resultsexp has format "(value %m)" */ - GNUNET_assert (NULL != - (val = gcry_sexp_nth_mpi (resultsexp, 1, GCRYMPI_FMT_USG))); - gcry_sexp_release (resultsexp); - size = max + GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH * 2; - { - unsigned char tmp[size]; - - GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, tmp, size, &size, val)); - gcry_mpi_release (val); - endp = tmp; - endp += (size - max); - size = max; - memcpy (result, endp, size); - } - return size; -} - - /** * Convert the data specified in the given purpose argument to an * S-expression suitable for signature operations. @@ -1039,12 +690,12 @@ GNUNET_CRYPTO_ecc_decrypt (const struct GNUNET_CRYPTO_EccPrivateKey *key, static gcry_sexp_t data_to_pkcs1 (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose) { - struct GNUNET_HashCode hc; + struct GNUNET_CRYPTO_ShortHashCode hc; size_t bufSize; gcry_sexp_t data; - GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc); -#define FORMATSTRING "(4:data(5:flags5:pkcs1)(4:hash6:sha51264:0123456789012345678901234567890123456789012345678901234567890123))" + GNUNET_CRYPTO_short_hash (purpose, ntohl (purpose->size), &hc); +#define FORMATSTRING "(4:data(5:flags3:raw)(5:value32:01234567890123456789012345678901))" bufSize = strlen (FORMATSTRING) + 1; { char buff[bufSize]; @@ -1053,8 +704,8 @@ data_to_pkcs1 (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose) memcpy (&buff [bufSize - strlen - ("0123456789012345678901234567890123456789012345678901234567890123))") - - 1], &hc, sizeof (struct GNUNET_HashCode)); + ("01234567890123456789012345678901))") + - 1], &hc, sizeof (struct GNUNET_CRYPTO_ShortHashCode)); GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0)); } #undef FORMATSTRING @@ -1078,22 +729,30 @@ GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *key, gcry_sexp_t result; gcry_sexp_t data; size_t ssize; + int rc; data = data_to_pkcs1 (purpose); - GNUNET_assert (0 == gcry_pk_sign (&result, data, key->sexp)); + if (0 != (rc = gcry_pk_sign (&result, data, key->sexp))) + { + LOG (GNUNET_ERROR_TYPE_WARNING, + _("ECC signing failed at %s:%d: %s\n"), __FILE__, + __LINE__, gcry_strerror (rc)); + gcry_sexp_release (data); + return GNUNET_SYSERR; + } gcry_sexp_release (data); ssize = gcry_sexp_sprint (result, GCRYSEXP_FMT_DEFAULT, sig->sexpr, - GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH); + GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH); if (0 == ssize) { GNUNET_break (0); return GNUNET_SYSERR; } - sig->size = htons ((uint16_t) ssize); + sig->size = htons ((uint16_t) (ssize + sizeof (uint16_t))); /* padd with zeros */ - memset (&sig->sexpr[ssize], 0, GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH - ssize); + memset (&sig->sexpr[ssize], 0, GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH - ssize); gcry_sexp_release (result); return GNUNET_OK; } @@ -1126,11 +785,13 @@ GNUNET_CRYPTO_ecc_verify (uint32_t purpose, if (purpose != ntohl (validate->purpose)) return GNUNET_SYSERR; /* purpose mismatch */ size = ntohs (sig->size); - if (size > GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH - sizeof (uint16_t)) + if ( (size < sizeof (uint16_t)) || + (size > GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH - sizeof (uint16_t)) ) return GNUNET_SYSERR; /* size out of range */ data = data_to_pkcs1 (validate); GNUNET_assert (0 == - gcry_sexp_sscan (&sigdata, &erroff, sig->sexpr, size)); + gcry_sexp_sscan (&sigdata, &erroff, + sig->sexpr, size - sizeof (uint16_t))); if (! (psexp = decode_public_key (publicKey))) { gcry_sexp_release (data); @@ -1152,4 +813,102 @@ GNUNET_CRYPTO_ecc_verify (uint32_t purpose, } +/** + * Derive key material from a public and a private ECC key. + * + * @param key private key to use for the ECDH (x) + * @param pub public key to use for the ECDY (yG) + * @param key_material where to write the key material (xyG) + * @return GNUNET_SYSERR on error, GNUNET_OK on success + */ +int +GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *key, + const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub, + struct GNUNET_HashCode *key_material) +{ + size_t slen; + size_t erroff; + int rc; + unsigned char sdata_buf[2048]; /* big enough to print dh-shared-secret as S-expression */ + gcry_mpi_point_t result; + gcry_mpi_point_t q; + gcry_mpi_t d; + gcry_ctx_t ctx; + gcry_sexp_t psexp; + gcry_mpi_t result_x; + gcry_mpi_t result_y; + + /* first, extract the q = dP value from the public key */ + if (! (psexp = decode_public_key (pub))) + return GNUNET_SYSERR; + if (0 != (rc = gcry_mpi_ec_new (&ctx, psexp, NULL))) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc); /* erroff gives more info */ + return GNUNET_SYSERR; + } + gcry_sexp_release (psexp); + q = gcry_mpi_ec_get_point ("q", ctx, 0); + gcry_ctx_release (ctx); + + /* second, extract the d value from our private key */ + rc = key_from_sexp (&d, key->sexp, "private-key", "d"); + if (rc) + rc = key_from_sexp (&d, key->sexp, "ecc", "d"); + if (0 != rc) + { + GNUNET_break (0); + gcry_mpi_point_release (q); + return GNUNET_SYSERR; + } + + /* create a new context for definitively the correct curve; + theoretically the 'public_key' might not use the right curve */ + if (0 != (rc = gcry_mpi_ec_new (&ctx, NULL, "NIST P-256"))) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc); /* erroff gives more info */ + gcry_mpi_release (d); + gcry_mpi_point_release (q); + return GNUNET_SYSERR; + } + + /* then call the 'multiply' function, to compute the product */ + GNUNET_assert (NULL != ctx); + result = gcry_mpi_point_new (0); + gcry_mpi_ec_mul (result, d, q, ctx); + gcry_mpi_point_release (q); + gcry_mpi_release (d); + + /* finally, convert point to string for hashing */ + result_x = gcry_mpi_new (256); + result_y = gcry_mpi_new (256); + if (gcry_mpi_ec_get_affine (result_x, result_y, result, ctx)) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0); + gcry_mpi_point_release (result); + gcry_ctx_release (ctx); + return GNUNET_SYSERR; + } + gcry_mpi_point_release (result); + gcry_ctx_release (ctx); + if (0 != (rc = gcry_sexp_build (&psexp, &erroff, + "(dh-shared-secret (x %m)(y %m))", + result_x, + result_y))) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); /* erroff gives more info */ + gcry_mpi_release (result_x); + gcry_mpi_release (result_y); + return GNUNET_SYSERR; + } + gcry_mpi_release (result_x); + gcry_mpi_release (result_y); + slen = gcry_sexp_sprint (psexp, GCRYSEXP_FMT_DEFAULT, sdata_buf, sizeof (sdata_buf)); + GNUNET_assert (0 != slen); + gcry_sexp_release (psexp); + /* finally, get a string of the resulting S-expression and hash it to generate the key material */ + GNUNET_CRYPTO_hash (sdata_buf, slen, key_material); + return GNUNET_OK; +} + + /* end of crypto_ecc.c */