From 1f33c505c42ac2b3d628b2b70b2da62e8f621a89 Mon Sep 17 00:00:00 2001
From: Jeff Burdges <burdges@gnunet.org>
Date: Tue, 7 Jun 2016 19:06:46 +0000
Subject: [PATCH] Abstract out previous GCD(m,n)=1 commit into a single
 function

This should make it easier to report properly in the wallet.
---
 src/util/crypto_rsa.c | 41 +++++++++++++++++++++++++++--------------
 1 file changed, 27 insertions(+), 14 deletions(-)

diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c
index c09daa412..cddb87bf7 100644
--- a/src/util/crypto_rsa.c
+++ b/src/util/crypto_rsa.c
@@ -392,6 +392,31 @@ GNUNET_CRYPTO_rsa_public_key_decode (const char *buf,
 }
 
 
+/**
+ * Test for malicious RSA key.
+ *
+ * Assuming n is an RSA modulous and r is generated using a call to
+ * GNUNET_CRYPTO_kdf_mod_mpi, if gcd(r,n) != 1 then n must be a
+ * malicious RSA key designed to deanomize the user.
+ *
+ * @param r KDF result
+ * @param n RSA modulus
+ * @return Asserts gcd(r,n) = 1
+ */
+static int
+rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
+{
+  gcry_mpi_t g;
+  int t;
+
+  g = gcry_mpi_new (0);
+  t = gcry_mpi_gcd(g,r,n);
+  gcry_mpi_release (g);
+  GNUNET_assert( t );
+  return t;
+}
+
+
 /**
  * Create a blinding key
  *
@@ -406,7 +431,6 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
   char *xts = "Blinding KDF extrator HMAC key";  /* Trusts bks' randomness more */
   struct RsaBlindingKey *blind;
   gcry_mpi_t n;
-  gcry_mpi_t g;
 
   blind = GNUNET_new (struct RsaBlindingKey);
 
@@ -419,12 +443,7 @@ rsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey,
                              xts,  strlen(xts),
                              bks,  sizeof(*bks),
                              "Blinding KDF");
-
-  /* If gcd(*r,n) != 1 then n must be a malicious fake RSA key
-     designed to deanomize the user. */
-  g = gcry_mpi_new (0);
-  GNUNET_assert( gcry_mpi_gcd(g,blind->r,n) );
-  gcry_mpi_release (g);
+  rsa_gcd_validate(blind->r,n);
 
   gcry_mpi_release (n);
   return blind;
@@ -661,7 +680,6 @@ rsa_full_domain_hash (gcry_mpi_t *r,
   gcry_mpi_t n;
   char *xts;
   size_t xts_len;
-  gcry_mpi_t g;
 
   /* Extract the composite n from the RSA public key */
   GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") );
@@ -678,14 +696,9 @@ rsa_full_domain_hash (gcry_mpi_t *r,
                              xts,  xts_len,
                              hash,  sizeof(*hash),
                              "RSA-FDA FTpsW!");
-
   GNUNET_free (xts);
 
-  /* If gcd(*r,n) != 1 then n must be a malicious fake RSA key
-     designed to deanomize the user. */
-  g = gcry_mpi_new (0);
-  GNUNET_assert( gcry_mpi_gcd(g,*r,n) );
-  gcry_mpi_release (g);
+  rsa_gcd_validate(*r,n);
 
   gcry_mpi_release (n);
 }
-- 
2.25.1