X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Futil%2Fcrypto_ecc.c;h=3cec128680f7e2bd38d9d4baf26557b80260a655;hb=72c8645af31896829b674b575c5375706f362a30;hp=d89989bd4c8287a4cfff2ec6aa59db7ff4d40e7b;hpb=dcb57a9e51e8fe7412948ec0c47d383ed390ed61;p=oweals%2Fgnunet.git diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index d89989bd4..3cec12868 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -1,6 +1,6 @@ /* This file is part of GNUnet. - (C) 2001, 2002, 2003, 2004, 2005, 2006, 2009, 2012 Christian Grothoff (and other contributing authors) + (C) 2012, 2013 Christian Grothoff (and other contributing authors) GNUnet is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published @@ -30,7 +30,7 @@ #define EXTRA_CHECKS ALLOW_EXTRA_CHECKS -#define CURVE "NIST P-521" +#define CURVE "NIST P-256" #define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__) @@ -216,8 +216,8 @@ GNUNET_CRYPTO_ecc_public_key_from_string (const char *enc, return GNUNET_SYSERR; if (GNUNET_OK != GNUNET_STRINGS_string_to_data (enc, enclen, - (unsigned char*) pub, - sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded))) + pub, + sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded))) return GNUNET_SYSERR; if ( (ntohs (pub->size) != sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) || (ntohs (pub->len) > GNUNET_CRYPTO_ECC_SIGNATURE_DATA_ENCODING_LENGTH) ) @@ -263,16 +263,13 @@ decode_public_key (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *publicK LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); /* erroff gives more info */ return NULL; } - // FIXME: is this key expected to pass pk_testkey? -#if 0 -#if EXTRA_CHECKS +#if EXTRA_CHECKS if (0 != (rc = gcry_pk_testkey (result))) { LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); gcry_sexp_release (result); return NULL; } -#endif #endif return result; } @@ -407,72 +404,6 @@ GNUNET_CRYPTO_ecc_key_create () } -/** - * Try to read the private key from the given file. - * - * @param filename file to read the key from - * @return NULL on error - */ -static struct GNUNET_CRYPTO_EccPrivateKey * -try_read_key (const char *filename) -{ - struct GNUNET_CRYPTO_EccPrivateKey *ret; - struct GNUNET_DISK_FileHandle *fd; - OFF_T fs; - - if (GNUNET_YES != GNUNET_DISK_file_test (filename)) - return NULL; - - /* key file exists already, read it! */ - if (NULL == (fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ, - GNUNET_DISK_PERM_NONE))) - { - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename); - return NULL; - } - if (GNUNET_OK != (GNUNET_DISK_file_handle_size (fd, &fs))) - { - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "stat", filename); - (void) GNUNET_DISK_file_close (fd); - return NULL; - } - if (0 == fs) - { - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); - return NULL; - } - if (fs > UINT16_MAX) - { - LOG (GNUNET_ERROR_TYPE_ERROR, - _("File `%s' does not contain a valid private key (too long, %llu bytes). Deleting it.\n"), - filename, - (unsigned long long) fs); - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); - if (0 != UNLINK (filename)) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename); - return NULL; - } - { - char enc[fs]; - - GNUNET_break (fs == GNUNET_DISK_file_read (fd, enc, fs)); - if (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, fs, GNUNET_YES))) - { - LOG (GNUNET_ERROR_TYPE_ERROR, - _("File `%s' does not contain a valid private key (failed decode, %llu bytes). Deleting it.\n"), - filename, - (unsigned long long) fs); - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); - if (0 != UNLINK (filename)) - LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename); - return NULL; - } - } - GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); - return ret; -} - - /** * Wait for a short time (we're trying to lock a file or want * to give another process a shot at finishing a disk write, etc.). @@ -677,217 +608,24 @@ GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) /** - * Handle to cancel private key generation and state for the - * key generation operation. - */ -struct GNUNET_CRYPTO_EccKeyGenerationContext -{ - - /** - * Continuation to call upon completion. - */ - GNUNET_CRYPTO_EccKeyCallback cont; - - /** - * Closure for 'cont'. - */ - void *cont_cls; - - /** - * Name of the file. - */ - char *filename; - - /** - * Handle to the helper process which does the key generation. - */ - struct GNUNET_OS_Process *gnunet_ecc; - - /** - * Handle to 'stdout' of gnunet-ecc. We 'read' on stdout to detect - * process termination (instead of messing with SIGCHLD). - */ - struct GNUNET_DISK_PipeHandle *gnunet_ecc_out; - - /** - * Location where we store the private key if it already existed. - * (if this is used, 'filename', 'gnunet_ecc' and 'gnunet_ecc_out' will - * not be used). - */ - struct GNUNET_CRYPTO_EccPrivateKey *pk; - - /** - * Task reading from 'gnunet_ecc_out' to wait for process termination. - */ - GNUNET_SCHEDULER_TaskIdentifier read_task; - -}; - - -/** - * Abort ECC key generation. + * Create a new private key by reading our peer's key from + * the file specified in the configuration. * - * @param gc key generation context to abort - */ -void -GNUNET_CRYPTO_ecc_key_create_stop (struct GNUNET_CRYPTO_EccKeyGenerationContext *gc) -{ - if (GNUNET_SCHEDULER_NO_TASK != gc->read_task) - { - GNUNET_SCHEDULER_cancel (gc->read_task); - gc->read_task = GNUNET_SCHEDULER_NO_TASK; - } - if (NULL != gc->gnunet_ecc) - { - (void) GNUNET_OS_process_kill (gc->gnunet_ecc, SIGKILL); - GNUNET_break (GNUNET_OK == - GNUNET_OS_process_wait (gc->gnunet_ecc)); - GNUNET_OS_process_destroy (gc->gnunet_ecc); - GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); - } - - if (NULL != gc->filename) - { - if (0 != UNLINK (gc->filename)) - GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "unlink", gc->filename); - GNUNET_free (gc->filename); - } - if (NULL != gc->pk) - GNUNET_CRYPTO_ecc_key_free (gc->pk); - GNUNET_free (gc); -} - - -/** - * Task called upon shutdown or process termination of 'gnunet-ecc' during - * ECC key generation. Check where we are and perform the appropriate - * action. - * - * @param cls the 'struct GNUNET_CRYPTO_EccKeyGenerationContext' - * @param tc scheduler context - */ -static void -check_key_generation_completion (void *cls, - const struct GNUNET_SCHEDULER_TaskContext *tc) -{ - struct GNUNET_CRYPTO_EccKeyGenerationContext *gc = cls; - struct GNUNET_CRYPTO_EccPrivateKey *pk; - - gc->read_task = GNUNET_SCHEDULER_NO_TASK; - if (0 != (tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN)) - { - gc->cont (gc->cont_cls, NULL, _("interrupted by shutdown")); - GNUNET_CRYPTO_ecc_key_create_stop (gc); - return; - } - GNUNET_assert (GNUNET_OK == - GNUNET_OS_process_wait (gc->gnunet_ecc)); - GNUNET_OS_process_destroy (gc->gnunet_ecc); - gc->gnunet_ecc = NULL; - if (NULL == (pk = try_read_key (gc->filename))) - { - GNUNET_break (0); - gc->cont (gc->cont_cls, NULL, _("gnunet-ecc failed")); - GNUNET_CRYPTO_ecc_key_create_stop (gc); - return; - } - gc->cont (gc->cont_cls, pk, NULL); - GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); - GNUNET_free (gc->filename); - GNUNET_free (gc); -} - - -/** - * Return the private ECC key which already existed on disk - * (asynchronously) to the caller. - * - * @param cls the 'struct GNUNET_CRYPTO_EccKeyGenerationContext' - * @param tc scheduler context (unused) - */ -static void -async_return_key (void *cls, - const struct GNUNET_SCHEDULER_TaskContext *tc) -{ - struct GNUNET_CRYPTO_EccKeyGenerationContext *gc = cls; - - gc->cont (gc->cont_cls, - gc->pk, - NULL); - GNUNET_free (gc); -} - - -/** - * Create a new private key by reading it from a file. If the files - * does not exist, create a new key and write it to the file. If the - * contents of the file are invalid the old file is deleted and a - * fresh key is created. - * - * @param filename name of file to use for storage - * @param cont function to call when done (or on errors) - * @param cont_cls closure for 'cont' - * @return handle to abort operation, NULL on fatal errors (cont will not be called if NULL is returned) + * @return new private key, NULL on error (for example, + * permission denied) */ -struct GNUNET_CRYPTO_EccKeyGenerationContext * -GNUNET_CRYPTO_ecc_key_create_start (const char *filename, - GNUNET_CRYPTO_EccKeyCallback cont, - void *cont_cls) +struct GNUNET_CRYPTO_EccPrivateKey * +GNUNET_CRYPTO_ecc_key_create_from_configuration (const struct GNUNET_CONFIGURATION_Handle *cfg) { - struct GNUNET_CRYPTO_EccKeyGenerationContext *gc; struct GNUNET_CRYPTO_EccPrivateKey *pk; + char *fn; - if (NULL != (pk = try_read_key (filename))) - { - /* quick happy ending: key already exists! */ - gc = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccKeyGenerationContext)); - gc->pk = pk; - gc->cont = cont; - gc->cont_cls = cont_cls; - gc->read_task = GNUNET_SCHEDULER_add_now (&async_return_key, - gc); - return gc; - } - gc = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccKeyGenerationContext)); - gc->filename = GNUNET_strdup (filename); - gc->cont = cont; - gc->cont_cls = cont_cls; - gc->gnunet_ecc_out = GNUNET_DISK_pipe (GNUNET_NO, - GNUNET_NO, - GNUNET_NO, - GNUNET_YES); - if (NULL == gc->gnunet_ecc_out) - { - GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "pipe"); - GNUNET_free (gc->filename); - GNUNET_free (gc); - return NULL; - } - gc->gnunet_ecc = GNUNET_OS_start_process (GNUNET_NO, - GNUNET_OS_INHERIT_STD_ERR, - NULL, - gc->gnunet_ecc_out, - "gnunet-ecc", - "gnunet-ecc", - gc->filename, - NULL); - if (NULL == gc->gnunet_ecc) - { - GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "fork"); - GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); - GNUNET_free (gc->filename); - GNUNET_free (gc); + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn)) return NULL; - } - GNUNET_assert (GNUNET_OK == - GNUNET_DISK_pipe_close_end (gc->gnunet_ecc_out, - GNUNET_DISK_PIPE_END_WRITE)); - gc->read_task = GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL, - GNUNET_DISK_pipe_handle (gc->gnunet_ecc_out, - GNUNET_DISK_PIPE_END_READ), - &check_key_generation_completion, - gc); - return gc; + pk = GNUNET_CRYPTO_ecc_key_create_from_file (fn); + GNUNET_free (fn); + return pk; } @@ -904,19 +642,41 @@ GNUNET_CRYPTO_ecc_setup_key (const char *cfg_name) { struct GNUNET_CONFIGURATION_Handle *cfg; struct GNUNET_CRYPTO_EccPrivateKey *pk; - char *fn; cfg = GNUNET_CONFIGURATION_create (); (void) GNUNET_CONFIGURATION_load (cfg, cfg_name); - if (GNUNET_OK == - GNUNET_CONFIGURATION_get_value_filename (cfg, "PEER", "PRIVATE_KEY", &fn)) + pk = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg); + if (NULL != pk) + GNUNET_CRYPTO_ecc_key_free (pk); + GNUNET_CONFIGURATION_destroy (cfg); +} + + +/** + * Retrieve the identity of the host's peer. + * + * @param cfg configuration to use + * @param dst pointer to where to write the peer identity + * @return GNUNET_OK on success, GNUNET_SYSERR if the identity + * could not be retrieved + */ +int +GNUNET_CRYPTO_get_host_identity (const struct GNUNET_CONFIGURATION_Handle *cfg, + struct GNUNET_PeerIdentity *dst) +{ + struct GNUNET_CRYPTO_EccPrivateKey *my_private_key; + struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded my_public_key; + + if (NULL == (my_private_key = GNUNET_CRYPTO_ecc_key_create_from_configuration (cfg))) { - pk = GNUNET_CRYPTO_ecc_key_create_from_file (fn); - if (NULL != pk) - GNUNET_CRYPTO_ecc_key_free (pk); - GNUNET_free (fn); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + _("Could not load peer's private key\n")); + return GNUNET_SYSERR; } - GNUNET_CONFIGURATION_destroy (cfg); + GNUNET_CRYPTO_ecc_key_get_public (my_private_key, &my_public_key); + GNUNET_CRYPTO_ecc_key_free (my_private_key); + GNUNET_CRYPTO_hash (&my_public_key, sizeof (my_public_key), &dst->hashPubKey); + return GNUNET_OK; } @@ -977,6 +737,8 @@ GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *key, LOG (GNUNET_ERROR_TYPE_WARNING, _("ECC signing failed at %s:%d: %s\n"), __FILE__, __LINE__, gcry_strerror (rc)); + gcry_sexp_release (data); + return GNUNET_SYSERR; } gcry_sexp_release (data); ssize = gcry_sexp_sprint (result, @@ -1064,74 +826,85 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EccPrivateKey *key, const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub, struct GNUNET_HashCode *key_material) { - size_t size; size_t slen; + size_t erroff; int rc; - gcry_sexp_t data; - unsigned char sdata_buf[2048]; /* big enough to print 'sdata' and 'r_sig' */ + unsigned char sdata_buf[2048]; /* big enough to print dh-shared-secret as S-expression */ + gcry_mpi_point_t result; + gcry_mpi_point_t q; + gcry_mpi_t d; + gcry_ctx_t ctx; + gcry_sexp_t psexp; + gcry_mpi_t result_x; + gcry_mpi_t result_y; - /* first, extract the q value from the public key */ + /* first, extract the q = dP value from the public key */ + if (! (psexp = decode_public_key (pub))) + return GNUNET_SYSERR; + if (0 != (rc = gcry_mpi_ec_new (&ctx, psexp, NULL))) { - gcry_sexp_t psexp; - gcry_mpi_t sdata; - - if (! (psexp = decode_public_key (pub))) - return GNUNET_SYSERR; - rc = key_from_sexp (&sdata, psexp, "public-key", "q"); - if (rc) - rc = key_from_sexp (&sdata, psexp, "ecc", "q"); - GNUNET_assert (0 == rc); - gcry_sexp_release (psexp); - size = sizeof (sdata_buf); - GNUNET_assert (0 == - gcry_mpi_print (GCRYMPI_FMT_USG, sdata_buf, size, &size, - sdata)); - gcry_mpi_release (sdata); + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc); /* erroff gives more info */ + return GNUNET_SYSERR; } - /* convert q value into an S-expression -- whatever format libgcrypt wants, - re-using format from sign operation for now... */ + gcry_sexp_release (psexp); + q = gcry_mpi_ec_get_point ("q", ctx, 0); + gcry_ctx_release (ctx); + + /* second, extract the d value from our private key */ + rc = key_from_sexp (&d, key->sexp, "private-key", "d"); + if (rc) + rc = key_from_sexp (&d, key->sexp, "ecc", "d"); + if (0 != rc) { - char *sexp_string; - -#define FORMATPREFIX "(4:data(5:flags3:raw)(5:value%u:" -#define FORMATPOSTFIX "))" - sexp_string = GNUNET_malloc (strlen (FORMATPREFIX) + size + 12 + - strlen (FORMATPOSTFIX) + 1); - GNUNET_snprintf (sexp_string, - strlen (FORMATPREFIX) + 12, - FORMATPREFIX, - size); - slen = strlen (sexp_string); - memcpy (&sexp_string[slen], - sdata_buf, - size); - memcpy (&sexp_string[slen + size], - FORMATPOSTFIX, - strlen (FORMATPOSTFIX) + 1); - GNUNET_assert (0 == gcry_sexp_new (&data, - sexp_string, - slen + size + strlen (FORMATPOSTFIX), - 0)); - GNUNET_free (sexp_string); + GNUNET_break (0); + gcry_mpi_point_release (q); + return GNUNET_SYSERR; } - /* then call the 'multiply' function, hoping it simply multiplies the points; - here we need essentially a WRAPPER around _gcry_mpi_ex_mul_point! - FIXME-WK!*/ -#if WK + + /* create a new context for definitively the correct curve; + theoretically the 'public_key' might not use the right curve */ + if (0 != (rc = gcry_mpi_ec_new (&ctx, NULL, "NIST P-256"))) { - gcry_sexp_t result; - - rc = gcry_ecc_mul_point (&result, data /* scalar */, key->sexp /* point and ctx */); - GNUNET_assert (0 == rc); - slen = gcry_sexp_sprint (result, GCRYSEXP_FMT_DEFAULT, sdata_buf, sizeof (sdata_buf)); - GNUNET_assert (0 != slen); + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_ec_new", rc); /* erroff gives more info */ + gcry_mpi_release (d); + gcry_mpi_point_release (q); + return GNUNET_SYSERR; } -#else - /* use broken version, insecure! */ - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, _("To be implemented: not secure at the moment, please read README\n")); - slen = sprintf ((char*) sdata_buf, "FIXME-this is not key material"); -#endif - gcry_sexp_release (data); + /* then call the 'multiply' function, to compute the product */ + GNUNET_assert (NULL != ctx); + result = gcry_mpi_point_new (0); + gcry_mpi_ec_mul (result, d, q, ctx); + gcry_mpi_point_release (q); + gcry_mpi_release (d); + + /* finally, convert point to string for hashing */ + result_x = gcry_mpi_new (256); + result_y = gcry_mpi_new (256); + if (gcry_mpi_ec_get_affine (result_x, result_y, result, ctx)) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0); + gcry_mpi_point_release (result); + gcry_ctx_release (ctx); + return GNUNET_SYSERR; + } + gcry_mpi_point_release (result); + gcry_ctx_release (ctx); + if (0 != (rc = gcry_sexp_build (&psexp, &erroff, + "(dh-shared-secret (x %m)(y %m))", + result_x, + result_y))) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); /* erroff gives more info */ + gcry_mpi_release (result_x); + gcry_mpi_release (result_y); + return GNUNET_SYSERR; + } + gcry_mpi_release (result_x); + gcry_mpi_release (result_y); + slen = gcry_sexp_sprint (psexp, GCRYSEXP_FMT_DEFAULT, sdata_buf, sizeof (sdata_buf)); + GNUNET_assert (0 != slen); + gcry_sexp_release (psexp); /* finally, get a string of the resulting S-expression and hash it to generate the key material */ GNUNET_CRYPTO_hash (sdata_buf, slen, key_material); return GNUNET_OK;