From 4b452a365b674cc69bf62be7d15950ccbdd7329c Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Wed, 17 Oct 2012 15:37:12 +0000 Subject: [PATCH] -ecc draft code --- src/util/Makefile.am | 1 + src/util/crypto_ecc.c | 1319 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1320 insertions(+) create mode 100644 src/util/crypto_ecc.c diff --git a/src/util/Makefile.am b/src/util/Makefile.am index 25cc9bef5..28d3d6a3e 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -74,6 +74,7 @@ libgnunetutil_la_SOURCES = \ container_slist.c \ crypto_aes.c \ crypto_crc.c \ + crypto_ecc.c \ crypto_hash.c \ crypto_hkdf.c \ crypto_kdf.c \ diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c new file mode 100644 index 000000000..1ef1ec7b5 --- /dev/null +++ b/src/util/crypto_ecc.c @@ -0,0 +1,1319 @@ +/* + This file is part of GNUnet. + (C) 2001, 2002, 2003, 2004, 2005, 2006, 2009, 2012 Christian Grothoff (and other contributing authors) + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 2, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ + +/** + * @file util/crypto_ecc.c + * @brief public key cryptography (ECC) with libgcrypt + * @author Christian Grothoff + * + * This is just a first, completely untested, draft hack for future ECC support. + * TODO: + * - declare public API in gnunet_crypto_lib (move some structs, etc.) + * - implement gnunet-ecc binary + * - convert existing RSA testcases + * - adjust encoding length and other parameters + * - actually test it! + */ +#include "platform.h" +#include +#include "gnunet_common.h" +#include "gnunet_util_lib.h" + +#define EXTRA_CHECKS ALLOW_EXTRA_CHECKS + +#define CURVE "NIST P-521" + +#define LOG(kind,...) GNUNET_log_from (kind, "util", __VA_ARGS__) + +#define LOG_STRERROR(kind,syscall) GNUNET_log_from_strerror (kind, "util", syscall) + +#define LOG_STRERROR_FILE(kind,syscall,filename) GNUNET_log_from_strerror_file (kind, "util", syscall, filename) + + +/** + * FIXME: what is an acceptable value here? + */ +#define GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH 64 + +/** + * Length of the q-point (Q = dP) in the public key. + * FIXME: double-check that this is right. + */ +#define GNUNET_CRYPTO_ECC_PUBLIC_KEY_LENGTH 64 + + +/** + * @brief an ECC signature + */ +struct GNUNET_CRYPTO_EccSignature +{ + unsigned char sig[GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH]; +}; + + +GNUNET_NETWORK_STRUCT_BEGIN + +/** + * @brief header of what an ECC signature signs + * this must be followed by "size - 8" bytes of + * the actual signed data + */ +struct GNUNET_CRYPTO_EccSignaturePurpose +{ + /** + * How many bytes does this signature sign? + * (including this purpose header); in network + * byte order (!). + */ + uint32_t size GNUNET_PACKED; + + /** + * What does this signature vouch for? This + * must contain a GNUNET_SIGNATURE_PURPOSE_XXX + * constant (from gnunet_signatures.h). In + * network byte order! + */ + uint32_t purpose GNUNET_PACKED; + +}; + + +/** + * Public ECC key (always for NIST P-521) encoded in a format suitable + * for network transmission. + */ +struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded +{ + /** + * Size of the encoding, in network byte order. + */ + uint16_t size; + + /** + * Actual length of the q-point binary encoding. + */ + uint16_t len; + + /** + * 0-padded q-point in binary encoding (GCRYPT_MPI_FMT_USG). + */ + unsigned char key[GNUNET_CRYPTO_ECC_PUBLIC_KEY_LENGTH]; +}; + + +struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded +{ + /** + * Overall size of the private key. + */ + uint16_t size; + + /** + * Size of the q and d components of the private key. + * Note that the other parameters are from NIST P-521. + */ + uint16_t sizes[2]; +}; + + +/** + * ECC Encrypted data. + */ +struct GNUNET_CRYPTO_EccEncryptedData +{ + unsigned char encoding[GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH]; +}; + +GNUNET_NETWORK_STRUCT_END + + + +/** + * The private information of an ECC private key. + */ +struct GNUNET_CRYPTO_EccPrivateKey +{ + + /** + * Libgcrypt S-expression for the ECC key. + */ + gcry_sexp_t sexp; +}; + + +/** + * Function called upon completion of 'GNUNET_CRYPTO_ecc_key_create_async'. + * + * @param cls closure + * @param pk NULL on error, otherwise the private key (which must be free'd by the callee) + * @param emsg NULL on success, otherwise an error message + */ +typedef void (*GNUNET_CRYPTO_EccKeyCallback)(void *cls, + struct GNUNET_CRYPTO_EccPrivateKey *pk, + const char *emsg); + + + +/** + * Log an error message at log-level 'level' that indicates + * a failure of the command 'cmd' with the message given + * by gcry_strerror(rc). + */ +#define LOG_GCRY(level, cmd, rc) do { LOG(level, _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, gcry_strerror(rc)); } while(0); + + +/** + * If target != size, move target bytes to the + * end of the size-sized buffer and zero out the + * first target-size bytes. + * + * @param buf original buffer + * @param size number of bytes in the buffer + * @param target target size of the buffer + */ +static void +adjust (unsigned char *buf, size_t size, size_t target) +{ + if (size < target) + { + memmove (&buf[target - size], buf, size); + memset (buf, 0, target - size); + } +} + + +/** + * Free memory occupied by hostkey + * @param privatekey pointer to the memory to free + */ +void +GNUNET_CRYPTO_ecc_key_free (struct GNUNET_CRYPTO_EccPrivateKey *privatekey) +{ + gcry_sexp_release (privatekey->sexp); + GNUNET_free (privatekey); +} + + +/** + * Extract values from an S-expression. + * + * @param array where to store the result(s) + * @param sexp S-expression to parse + * @param topname top-level name in the S-expression that is of interest + * @param elems names of the elements to extract + * @return 0 on success + */ +static int +key_from_sexp (gcry_mpi_t * array, gcry_sexp_t sexp, const char *topname, + const char *elems) +{ + gcry_sexp_t list; + gcry_sexp_t l2; + const char *s; + unsigned int i; + unsigned int idx; + + list = gcry_sexp_find_token (sexp, topname, 0); + if (! list) + return 1; + l2 = gcry_sexp_cadr (list); + gcry_sexp_release (list); + list = l2; + if (! list) + return 2; + + idx = 0; + for (s = elems; *s; s++, idx++) + { + l2 = gcry_sexp_find_token (list, s, 1); + if (! l2) + { + for (i = 0; i < idx; i++) + { + gcry_free (array[i]); + array[i] = NULL; + } + gcry_sexp_release (list); + return 3; /* required parameter not found */ + } + array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + gcry_sexp_release (l2); + if (! array[idx]) + { + for (i = 0; i < idx; i++) + { + gcry_free (array[i]); + array[i] = NULL; + } + gcry_sexp_release (list); + return 4; /* required parameter is invalid */ + } + } + gcry_sexp_release (list); + return 0; +} + + +/** + * Extract the public key for the given private key. + * + * @param priv the private key + * @param pub where to write the public key + */ +void +GNUNET_CRYPTO_ecc_key_get_public (const struct GNUNET_CRYPTO_EccPrivateKey *priv, + struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub) +{ + gcry_mpi_t skey; + size_t size; + int rc; + + rc = key_from_sexp (&skey, priv->sexp, "public-key", "q"); + if (rc) + rc = key_from_sexp (&skey, priv->sexp, "private-key", "q"); + if (rc) + rc = key_from_sexp (&skey, priv->sexp, "ecc", "q"); + GNUNET_assert (0 == rc); + pub->size = htons (sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)); + size = GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH; + GNUNET_assert (0 == + gcry_mpi_print (GCRYMPI_FMT_USG, pub->key, size, &size, + skey)); + pub->len = htons (size); + adjust (&pub->key[0], size, GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH); + gcry_mpi_release (skey); +} + + +/** + * Convert a public key to a string. + * + * @param pub key to convert + * @return string representing 'pub' + */ +char * +GNUNET_CRYPTO_ecc_public_key_to_string (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub) +{ + char *pubkeybuf; + size_t keylen = (sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) * 8; + char *end; + + if (keylen % 5 > 0) + keylen += 5 - keylen % 5; + keylen /= 5; + pubkeybuf = GNUNET_malloc (keylen + 1); + end = GNUNET_STRINGS_data_to_string ((unsigned char *) pub, + sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded), + pubkeybuf, + keylen); + if (NULL == end) + { + GNUNET_free (pubkeybuf); + return NULL; + } + *end = '\0'; + return pubkeybuf; +} + + +/** + * Convert a string representing a public key to a public key. + * + * @param enc encoded public key + * @param enclen number of bytes in enc (without 0-terminator) + * @param pub where to store the public key + * @return GNUNET_OK on success + */ +int +GNUNET_CRYPTO_ecc_public_key_from_string (const char *enc, + size_t enclen, + struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *pub) +{ + size_t keylen = (sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) * 8; + + if (keylen % 5 > 0) + keylen += 5 - keylen % 5; + keylen /= 5; + if (enclen != keylen) + return GNUNET_SYSERR; + + if (GNUNET_OK != GNUNET_STRINGS_string_to_data (enc, enclen, + (unsigned char*) pub, + sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded))) + return GNUNET_SYSERR; + if ( (ntohs (pub->size) != sizeof (struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded)) || + (ntohs (pub->len) > GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH) ) + return GNUNET_SYSERR; + return GNUNET_OK; +} + + +/** + * Convert the given public key from the network format to the + * S-expression that can be used by libgcrypt. + * + * @param publicKey public key to decode + * @return NULL on error + */ +static gcry_sexp_t +decode_public_key (const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded *publicKey) +{ + gcry_sexp_t result; + gcry_mpi_t q; + size_t size; + size_t erroff; + int rc; + + if (ntohs (publicKey->len) > GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH) + { + GNUNET_break (0); + return NULL; + } + size = ntohs (publicKey->size); + if (0 != (rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG, publicKey->key, size, &size))) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); + return NULL; + } + rc = gcry_sexp_build (&result, &erroff, "(public-key(ecc((curve \"" CURVE "\")(q %m)))", q); + gcry_mpi_release (q); + if (0 != rc) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); /* erroff gives more info */ + return NULL; + } + return result; +} + + +/** + * Encode the private key in a format suitable for + * storing it into a file. + * + * @returns encoding of the private key. + * The first 4 bytes give the size of the array, as usual. + */ +struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded * +GNUNET_CRYPTO_ecc_encode_key (const struct GNUNET_CRYPTO_EccPrivateKey *hostkey) +{ + struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *retval; + gcry_mpi_t pkv[2]; + void *pbu[2]; + size_t sizes[2]; + size_t off; + int rc; + unsigned int i; + size_t size; + +#if EXTRA_CHECKS + if (gcry_pk_testkey (hostkey->sexp)) + { + GNUNET_break (0); + return NULL; + } +#endif + + memset (pkv, 0, sizeof (gcry_mpi_t) * 2); + rc = key_from_sexp (pkv, hostkey->sexp, "private-key", "qd"); + if (rc) + rc = key_from_sexp (pkv, hostkey->sexp, "ecc", "qd"); + GNUNET_assert (0 == rc); + size = sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded); + for (i=0;i<2;i++) + { + if (NULL != pkv[i]) + { + GNUNET_assert (0 == + gcry_mpi_aprint (GCRYMPI_FMT_USG, + (unsigned char **) &pbu[i], &sizes[i], + pkv[i])); + size += sizes[i]; + } + else + { + pbu[i] = NULL; + sizes[i] = 0; + } + } + GNUNET_assert (size < 65536); + retval = GNUNET_malloc (size); + retval->size = htons (size); + off = 0; + for (i=0;i<2;i++) + { + retval->sizes[i] = htons (sizes[0]); + memcpy (&((char *) (&retval[1]))[off], pbu[i], sizes[i]); + off += sizes[i]; + if (NULL != pkv[i]) + gcry_mpi_release (pkv[i]); + if (NULL != pbu[i]) + free (pbu[i]); + } + return retval; +} + + +/** + * Decode the private key from the file-format back + * to the "normal", internal format. + * + * @param buf the buffer where the private key data is stored + * @param len the length of the data in 'buffer' + * @return NULL on error + */ +struct GNUNET_CRYPTO_EccPrivateKey * +GNUNET_CRYPTO_ecc_decode_key (const char *buf, uint16_t len) +{ + struct GNUNET_CRYPTO_EccPrivateKey *ret; + const struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *encoding = + (const struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *) buf; + gcry_sexp_t res; + gcry_mpi_t q; + gcry_mpi_t d; + int rc; + size_t size; + size_t pos; + uint16_t enc_len; + size_t erroff; + + enc_len = ntohs (encoding->size); + if (len != enc_len) + return NULL; + pos = 0; + size = ntohs (encoding->sizes[0]); + rc = gcry_mpi_scan (&q, GCRYMPI_FMT_USG, + &((const unsigned char *) (&encoding[1]))[pos], size, + &size); + pos += ntohs (encoding->sizes[0]); + if (0 != rc) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); + return NULL; + } + size = ntohs (encoding->sizes[1]); + rc = gcry_mpi_scan (&d, GCRYMPI_FMT_USG, + &((const unsigned char *) (&encoding[1]))[pos], size, + &size); + pos += ntohs (encoding->sizes[1]); + if (0 != rc) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_mpi_scan", rc); + gcry_mpi_release (d); + return NULL; + } + rc = gcry_sexp_build (&res, &erroff, + "(private-key(ecc(q %m)(d %m)(curve \"" CURVE "\")))", + q, d); + gcry_mpi_release (q); + gcry_mpi_release (d); + if (0 != rc) + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); +#if EXTRA_CHECKS + if (0 != (rc = gcry_pk_testkey (res))) + { + LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); + return NULL; + } +#endif + ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey)); + ret->sexp = res; + return ret; +} + + +/** + * Create a new private key. Caller must free return value. + * + * @return fresh private key + */ +static struct GNUNET_CRYPTO_EccPrivateKey * +ecc_key_create () +{ + struct GNUNET_CRYPTO_EccPrivateKey *ret; + gcry_sexp_t s_key; + gcry_sexp_t s_keyparam; + + GNUNET_assert (0 == + gcry_sexp_build (&s_keyparam, NULL, + "(genkey(ecc(curve \"" CURVE "\")))")); + GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam)); + gcry_sexp_release (s_keyparam); +#if EXTRA_CHECKS + GNUNET_assert (0 == gcry_pk_testkey (s_key)); +#endif + ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccPrivateKey)); + ret->sexp = s_key; + return ret; +} + + +/** + * Try to read the private key from the given file. + * + * @param filename file to read the key from + * @return NULL on error + */ +static struct GNUNET_CRYPTO_EccPrivateKey * +try_read_key (const char *filename) +{ + struct GNUNET_CRYPTO_EccPrivateKey *ret; + struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc; + struct GNUNET_DISK_FileHandle *fd; + OFF_T fs; + uint16_t len; + + if (GNUNET_YES != GNUNET_DISK_file_test (filename)) + return NULL; + + /* hostkey file exists already, read it! */ + if (NULL == (fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ, + GNUNET_DISK_PERM_NONE))) + { + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename); + return NULL; + } + if (GNUNET_OK != (GNUNET_DISK_file_handle_size (fd, &fs))) + { + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "stat", filename); + (void) GNUNET_DISK_file_close (fd); + return NULL; + } + if (0 == fs) + { + GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); + return NULL; + } + if (fs > UINT16_MAX) + { + LOG (GNUNET_ERROR_TYPE_ERROR, + _("File `%s' does not contain a valid private key (too long, %llu bytes). Deleting it.\n"), + filename, + (unsigned long long) fs); + GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); + if (0 != UNLINK (filename)) + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename); + return NULL; + } + + enc = GNUNET_malloc (fs); + GNUNET_break (fs == GNUNET_DISK_file_read (fd, enc, fs)); + len = ntohs (enc->size); + ret = NULL; + if ((len != fs) || + (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len)))) + { + LOG (GNUNET_ERROR_TYPE_ERROR, + _("File `%s' does not contain a valid private key (failed decode, %llu bytes). Deleting it.\n"), + filename, + (unsigned long long) fs); + GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); + if (0 != UNLINK (filename)) + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename); + GNUNET_free (enc); + return NULL; + } + GNUNET_free (enc); + + GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd)); + return ret; +} + + +/** + * Wait for a short time (we're trying to lock a file or want + * to give another process a shot at finishing a disk write, etc.). + * Sleeps for 100ms (as that should be long enough for virtually all + * modern systems to context switch and allow another process to do + * some 'real' work). + */ +static void +short_wait () +{ + struct GNUNET_TIME_Relative timeout; + + timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_MILLISECONDS, 100); + (void) GNUNET_NETWORK_socket_select (NULL, NULL, NULL, timeout); +} + + +/** + * Create a new private key by reading it from a file. If the + * files does not exist, create a new key and write it to the + * file. Caller must free return value. Note that this function + * can not guarantee that another process might not be trying + * the same operation on the same file at the same time. + * If the contents of the file + * are invalid the old file is deleted and a fresh key is + * created. + * + * @return new private key, NULL on error (for example, + * permission denied) + */ +struct GNUNET_CRYPTO_EccPrivateKey * +GNUNET_CRYPTO_ecc_key_create_from_file (const char *filename) +{ + struct GNUNET_CRYPTO_EccPrivateKey *ret; + struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded *enc; + uint16_t len; + struct GNUNET_DISK_FileHandle *fd; + unsigned int cnt; + int ec; + uint64_t fs; + struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded pub; + struct GNUNET_PeerIdentity pid; + + if (GNUNET_SYSERR == GNUNET_DISK_directory_create_for_file (filename)) + return NULL; + while (GNUNET_YES != GNUNET_DISK_file_test (filename)) + { + fd = GNUNET_DISK_file_open (filename, + GNUNET_DISK_OPEN_WRITE | GNUNET_DISK_OPEN_CREATE + | GNUNET_DISK_OPEN_FAILIFEXISTS, + GNUNET_DISK_PERM_USER_READ | + GNUNET_DISK_PERM_USER_WRITE); + if (NULL == fd) + { + if (errno == EEXIST) + { + if (GNUNET_YES != GNUNET_DISK_file_test (filename)) + { + /* must exist but not be accessible, fail for good! */ + if (0 != ACCESS (filename, R_OK)) + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "access", filename); + else + GNUNET_break (0); /* what is going on!? */ + return NULL; + } + continue; + } + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename); + return NULL; + } + cnt = 0; + + while (GNUNET_YES != + GNUNET_DISK_file_lock (fd, 0, + sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded), + GNUNET_YES)) + { + short_wait (); + if (0 == ++cnt % 10) + { + ec = errno; + LOG (GNUNET_ERROR_TYPE_ERROR, + _("Could not acquire lock on file `%s': %s...\n"), filename, + STRERROR (ec)); + } + } + LOG (GNUNET_ERROR_TYPE_INFO, + _("Creating a new private key. This may take a while.\n")); + ret = ecc_key_create (); + GNUNET_assert (ret != NULL); + enc = GNUNET_CRYPTO_ecc_encode_key (ret); + GNUNET_assert (enc != NULL); + GNUNET_assert (ntohs (enc->size) == + GNUNET_DISK_file_write (fd, enc, ntohs (enc->size))); + GNUNET_free (enc); + + GNUNET_DISK_file_sync (fd); + if (GNUNET_YES != + GNUNET_DISK_file_unlock (fd, 0, + sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded))) + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); + GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd)); + GNUNET_CRYPTO_ecc_key_get_public (ret, &pub); + GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey); + LOG (GNUNET_ERROR_TYPE_INFO, + _("I am host `%s'. Stored new private key in `%s'.\n"), + GNUNET_i2s (&pid), filename); + return ret; + } + /* hostkey file exists already, read it! */ + fd = GNUNET_DISK_file_open (filename, GNUNET_DISK_OPEN_READ, + GNUNET_DISK_PERM_NONE); + if (NULL == fd) + { + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_ERROR, "open", filename); + return NULL; + } + cnt = 0; + while (1) + { + if (GNUNET_YES != + GNUNET_DISK_file_lock (fd, 0, + sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded), + GNUNET_NO)) + { + if (0 == ++cnt % 60) + { + ec = errno; + LOG (GNUNET_ERROR_TYPE_ERROR, + _("Could not acquire lock on file `%s': %s...\n"), filename, + STRERROR (ec)); + LOG (GNUNET_ERROR_TYPE_ERROR, + _ + ("This may be ok if someone is currently generating a hostkey.\n")); + } + short_wait (); + continue; + } + if (GNUNET_YES != GNUNET_DISK_file_test (filename)) + { + /* eh, what!? File we opened is now gone!? */ + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "stat", filename); + if (GNUNET_YES != + GNUNET_DISK_file_unlock (fd, 0, + sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded))) + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); + GNUNET_assert (GNUNET_OK == GNUNET_DISK_file_close (fd)); + + return NULL; + } + if (GNUNET_OK != GNUNET_DISK_file_size (filename, &fs, GNUNET_YES, GNUNET_YES)) + fs = 0; + if (fs < sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded)) + { + /* maybe we got the read lock before the hostkey generating + * process had a chance to get the write lock; give it up! */ + if (GNUNET_YES != + GNUNET_DISK_file_unlock (fd, 0, + sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded))) + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); + if (0 == ++cnt % 10) + { + LOG (GNUNET_ERROR_TYPE_ERROR, + _ + ("When trying to read hostkey file `%s' I found %u bytes but I need at least %u.\n"), + filename, (unsigned int) fs, + (unsigned int) sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded)); + LOG (GNUNET_ERROR_TYPE_ERROR, + _ + ("This may be ok if someone is currently generating a hostkey.\n")); + } + short_wait (); /* wait a bit longer! */ + continue; + } + break; + } + enc = GNUNET_malloc (fs); + GNUNET_assert (fs == GNUNET_DISK_file_read (fd, enc, fs)); + len = ntohs (enc->size); + ret = NULL; + if ((len != fs) || + (NULL == (ret = GNUNET_CRYPTO_ecc_decode_key ((char *) enc, len)))) + { + LOG (GNUNET_ERROR_TYPE_ERROR, + _("File `%s' does not contain a valid private key. Deleting it.\n"), + filename); + if (0 != UNLINK (filename)) + { + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename); + } + } + GNUNET_free (enc); + if (GNUNET_YES != + GNUNET_DISK_file_unlock (fd, 0, + sizeof (struct GNUNET_CRYPTO_EccPrivateKeyBinaryEncoded))) + LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "fcntl", filename); + GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd)); + if (ret != NULL) + { + GNUNET_CRYPTO_ecc_key_get_public (ret, &pub); + GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey); + LOG (GNUNET_ERROR_TYPE_INFO, + _("I am host `%s'. Read private key from `%s'.\n"), GNUNET_i2s (&pid), + filename); + } + return ret; +} + + +/** + * Handle to cancel private key generation and state for the + * key generation operation. + */ +struct GNUNET_CRYPTO_EccKeyGenerationContext +{ + + /** + * Continuation to call upon completion. + */ + GNUNET_CRYPTO_EccKeyCallback cont; + + /** + * Closure for 'cont'. + */ + void *cont_cls; + + /** + * Name of the file. + */ + char *filename; + + /** + * Handle to the helper process which does the key generation. + */ + struct GNUNET_OS_Process *gnunet_ecc; + + /** + * Handle to 'stdout' of gnunet-ecc. We 'read' on stdout to detect + * process termination (instead of messing with SIGCHLD). + */ + struct GNUNET_DISK_PipeHandle *gnunet_ecc_out; + + /** + * Location where we store the private key if it already existed. + * (if this is used, 'filename', 'gnunet_ecc' and 'gnunet_ecc_out' will + * not be used). + */ + struct GNUNET_CRYPTO_EccPrivateKey *pk; + + /** + * Task reading from 'gnunet_ecc_out' to wait for process termination. + */ + GNUNET_SCHEDULER_TaskIdentifier read_task; + +}; + + +/** + * Abort ECC key generation. + * + * @param gc key generation context to abort + */ +void +GNUNET_CRYPTO_ecc_key_create_stop (struct GNUNET_CRYPTO_EccKeyGenerationContext *gc) +{ + if (GNUNET_SCHEDULER_NO_TASK != gc->read_task) + { + GNUNET_SCHEDULER_cancel (gc->read_task); + gc->read_task = GNUNET_SCHEDULER_NO_TASK; + } + if (NULL != gc->gnunet_ecc) + { + (void) GNUNET_OS_process_kill (gc->gnunet_ecc, SIGKILL); + GNUNET_break (GNUNET_OK == + GNUNET_OS_process_wait (gc->gnunet_ecc)); + GNUNET_OS_process_destroy (gc->gnunet_ecc); + GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); + } + + if (NULL != gc->filename) + { + if (0 != UNLINK (gc->filename)) + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "unlink", gc->filename); + GNUNET_free (gc->filename); + } + if (NULL != gc->pk) + GNUNET_CRYPTO_ecc_key_free (gc->pk); + GNUNET_free (gc); +} + + +/** + * Task called upon shutdown or process termination of 'gnunet-ecc' during + * ECC key generation. Check where we are and perform the appropriate + * action. + * + * @param cls the 'struct GNUNET_CRYPTO_EccKeyGenerationContext' + * @param tc scheduler context + */ +static void +check_key_generation_completion (void *cls, + const struct GNUNET_SCHEDULER_TaskContext *tc) +{ + struct GNUNET_CRYPTO_EccKeyGenerationContext *gc = cls; + struct GNUNET_CRYPTO_EccPrivateKey *pk; + + gc->read_task = GNUNET_SCHEDULER_NO_TASK; + if (0 != (tc->reason & GNUNET_SCHEDULER_REASON_SHUTDOWN)) + { + gc->cont (gc->cont_cls, NULL, _("interrupted by shutdown")); + GNUNET_CRYPTO_ecc_key_create_stop (gc); + return; + } + GNUNET_assert (GNUNET_OK == + GNUNET_OS_process_wait (gc->gnunet_ecc)); + GNUNET_OS_process_destroy (gc->gnunet_ecc); + gc->gnunet_ecc = NULL; + if (NULL == (pk = try_read_key (gc->filename))) + { + GNUNET_break (0); + gc->cont (gc->cont_cls, NULL, _("gnunet-ecc failed")); + GNUNET_CRYPTO_ecc_key_create_stop (gc); + return; + } + gc->cont (gc->cont_cls, pk, NULL); + GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); + GNUNET_free (gc->filename); + GNUNET_free (gc); +} + + +/** + * Return the private ECC key which already existed on disk + * (asynchronously) to the caller. + * + * @param cls the 'struct GNUNET_CRYPTO_EccKeyGenerationContext' + * @param tc scheduler context (unused) + */ +static void +async_return_key (void *cls, + const struct GNUNET_SCHEDULER_TaskContext *tc) +{ + struct GNUNET_CRYPTO_EccKeyGenerationContext *gc = cls; + + gc->cont (gc->cont_cls, + gc->pk, + NULL); + GNUNET_free (gc); +} + + +/** + * Create a new private key by reading it from a file. If the files + * does not exist, create a new key and write it to the file. If the + * contents of the file are invalid the old file is deleted and a + * fresh key is created. + * + * @param filename name of file to use for storage + * @param cont function to call when done (or on errors) + * @param cont_cls closure for 'cont' + * @return handle to abort operation, NULL on fatal errors (cont will not be called if NULL is returned) + */ +struct GNUNET_CRYPTO_EccKeyGenerationContext * +GNUNET_CRYPTO_ecc_key_create_start (const char *filename, + GNUNET_CRYPTO_EccKeyCallback cont, + void *cont_cls) +{ + struct GNUNET_CRYPTO_EccKeyGenerationContext *gc; + struct GNUNET_CRYPTO_EccPrivateKey *pk; + const char *weak_random; + + if (NULL != (pk = try_read_key (filename))) + { + /* quick happy ending: key already exists! */ + gc = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccKeyGenerationContext)); + gc->pk = pk; + gc->cont = cont; + gc->cont_cls = cont_cls; + gc->read_task = GNUNET_SCHEDULER_add_now (&async_return_key, + gc); + return gc; + } + gc = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccKeyGenerationContext)); + gc->filename = GNUNET_strdup (filename); + gc->cont = cont; + gc->cont_cls = cont_cls; + gc->gnunet_ecc_out = GNUNET_DISK_pipe (GNUNET_NO, + GNUNET_NO, + GNUNET_NO, + GNUNET_YES); + if (NULL == gc->gnunet_ecc_out) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "pipe"); + GNUNET_free (gc->filename); + GNUNET_free (gc); + return NULL; + } + weak_random = NULL; + if (GNUNET_YES == + GNUNET_CRYPTO_random_is_weak ()) + weak_random = "-w"; + gc->gnunet_ecc = GNUNET_OS_start_process (GNUNET_NO, + GNUNET_OS_INHERIT_STD_ERR, + NULL, + gc->gnunet_ecc_out, + "gnunet-ecc", + "gnunet-ecc", + gc->filename, + weak_random, + NULL); + if (NULL == gc->gnunet_ecc) + { + GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, "fork"); + GNUNET_DISK_pipe_close (gc->gnunet_ecc_out); + GNUNET_free (gc->filename); + GNUNET_free (gc); + return NULL; + } + GNUNET_assert (GNUNET_OK == + GNUNET_DISK_pipe_close_end (gc->gnunet_ecc_out, + GNUNET_DISK_PIPE_END_WRITE)); + gc->read_task = GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL, + GNUNET_DISK_pipe_handle (gc->gnunet_ecc_out, + GNUNET_DISK_PIPE_END_READ), + &check_key_generation_completion, + gc); + return gc; +} + + +/** + * Setup a hostkey file for a peer given the name of the + * configuration file (!). This function is used so that + * at a later point code can be certain that reading a + * hostkey is fast (for example in time-dependent testcases). + * + * @param cfg_name name of the configuration file to use + */ +void +GNUNET_CRYPTO_ecc_setup_hostkey (const char *cfg_name) +{ + struct GNUNET_CONFIGURATION_Handle *cfg; + struct GNUNET_CRYPTO_EccPrivateKey *pk; + char *fn; + + cfg = GNUNET_CONFIGURATION_create (); + (void) GNUNET_CONFIGURATION_load (cfg, cfg_name); + if (GNUNET_OK == + GNUNET_CONFIGURATION_get_value_filename (cfg, "GNUNETD", "HOSTKEY", &fn)) + { + pk = GNUNET_CRYPTO_ecc_key_create_from_file (fn); + if (NULL != pk) + GNUNET_CRYPTO_ecc_key_free (pk); + GNUNET_free (fn); + } + GNUNET_CONFIGURATION_destroy (cfg); +} + + +/** + * Encrypt a block with the public key of another host that uses the + * same cipher. + * + * @param block the block to encrypt + * @param size the size of block + * @param publicKey the encoded public key used to encrypt + * @param target where to store the encrypted block + * @returns GNUNET_SYSERR on error, GNUNET_OK if ok + */ +int +GNUNET_CRYPTO_ecc_encrypt (const void *block, size_t size, + const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded + *publicKey, + struct GNUNET_CRYPTO_EccEncryptedData *target) +{ + gcry_sexp_t result; + gcry_sexp_t data; + gcry_sexp_t psexp; + gcry_mpi_t val; + gcry_mpi_t rval; + size_t isize; + size_t erroff; + + GNUNET_assert (size <= sizeof (struct GNUNET_HashCode)); + if (! (psexp = decode_public_key (publicKey))) + return GNUNET_SYSERR; + isize = size; + GNUNET_assert (0 == + gcry_mpi_scan (&val, GCRYMPI_FMT_USG, block, isize, &isize)); + GNUNET_assert (0 == + gcry_sexp_build (&data, &erroff, + "(data (flags pkcs1)(value %m))", val)); + gcry_mpi_release (val); + GNUNET_assert (0 == gcry_pk_encrypt (&result, data, psexp)); + gcry_sexp_release (data); + gcry_sexp_release (psexp); + + GNUNET_assert (0 == key_from_sexp (&rval, result, "ecc", "a")); + gcry_sexp_release (result); + isize = sizeof (struct GNUNET_CRYPTO_EccEncryptedData); + GNUNET_assert (0 == + gcry_mpi_print (GCRYMPI_FMT_USG, (unsigned char *) target, + isize, &isize, rval)); + gcry_mpi_release (rval); + adjust (&target->encoding[0], isize, + sizeof (struct GNUNET_CRYPTO_EccEncryptedData)); + return GNUNET_OK; +} + + +/** + * Decrypt a given block with the hostkey. + * + * @param key the key with which to decrypt this block + * @param block the data to decrypt, encoded as returned by encrypt + * @param result pointer to a location where the result can be stored + * @param max the maximum number of bits to store for the result, if + * the decrypted block is bigger, an error is returned + * @return the size of the decrypted block, -1 on error + */ +ssize_t +GNUNET_CRYPTO_ecc_decrypt (const struct GNUNET_CRYPTO_EccPrivateKey * key, + const struct GNUNET_CRYPTO_EccEncryptedData * block, + void *result, size_t max) +{ + gcry_sexp_t resultsexp; + gcry_sexp_t data; + size_t erroff; + size_t size; + gcry_mpi_t val; + unsigned char *endp; + unsigned char *tmp; + +#if EXTRA_CHECKS + GNUNET_assert (0 == gcry_pk_testkey (key->sexp)); +#endif + size = sizeof (struct GNUNET_CRYPTO_EccEncryptedData); + GNUNET_assert (0 == + gcry_mpi_scan (&val, GCRYMPI_FMT_USG, &block->encoding[0], + size, &size)); + GNUNET_assert (0 == + gcry_sexp_build (&data, &erroff, "(enc-val(flags)(ecc(a %m)))", + val)); + gcry_mpi_release (val); + GNUNET_assert (0 == gcry_pk_decrypt (&resultsexp, data, key->sexp)); + gcry_sexp_release (data); + /* resultsexp has format "(value %m)" */ + GNUNET_assert (NULL != + (val = gcry_sexp_nth_mpi (resultsexp, 1, GCRYMPI_FMT_USG))); + gcry_sexp_release (resultsexp); + size = max + GNUNET_CRYPTO_ECC_DATA_ENCODING_LENGTH * 2; + tmp = GNUNET_malloc (size); + GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, tmp, size, &size, val)); + gcry_mpi_release (val); + endp = tmp; + endp += (size - max); + size = max; + memcpy (result, endp, size); + GNUNET_free (tmp); + return size; +} + + +/** + * Sign a given block. + * + * @param key private key to use for the signing + * @param purpose what to sign (size, purpose) + * @param sig where to write the signature + * @return GNUNET_SYSERR on error, GNUNET_OK on success + */ +int +GNUNET_CRYPTO_ecc_sign (const struct GNUNET_CRYPTO_EccPrivateKey *key, + const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, + struct GNUNET_CRYPTO_EccSignature *sig) +{ + gcry_sexp_t result; + gcry_sexp_t data; + size_t ssize; + gcry_mpi_t rval; + struct GNUNET_HashCode hc; + char *buff; + int bufSize; + + GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc); +#define FORMATSTRING "(4:data(5:flags5:pkcs1)(4:hash6:sha51264:0123456789012345678901234567890123456789012345678901234567890123))" + bufSize = strlen (FORMATSTRING) + 1; + buff = GNUNET_malloc (bufSize); + memcpy (buff, FORMATSTRING, bufSize); + memcpy (&buff + [bufSize - + strlen + ("0123456789012345678901234567890123456789012345678901234567890123))") + - 1], &hc, sizeof (struct GNUNET_HashCode)); + GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0)); + GNUNET_free (buff); + GNUNET_assert (0 == gcry_pk_sign (&result, data, key->sexp)); + gcry_sexp_release (data); + GNUNET_assert (0 == key_from_sexp (&rval, result, "ecc", "s")); + gcry_sexp_release (result); + ssize = sizeof (struct GNUNET_CRYPTO_EccSignature); + GNUNET_assert (0 == + gcry_mpi_print (GCRYMPI_FMT_USG, (unsigned char *) sig, ssize, + &ssize, rval)); + gcry_mpi_release (rval); + adjust (sig->sig, ssize, sizeof (struct GNUNET_CRYPTO_EccSignature)); + return GNUNET_OK; +} + + +/** + * Verify signature. + * + * @param purpose what is the purpose that the signature should have? + * @param validate block to validate (size, purpose, data) + * @param sig signature that is being validated + * @param publicKey public key of the signer + * @returns GNUNET_OK if ok, GNUNET_SYSERR if invalid + */ +int +GNUNET_CRYPTO_ecc_verify (uint32_t purpose, + const struct GNUNET_CRYPTO_EccSignaturePurpose + *validate, + const struct GNUNET_CRYPTO_EccSignature *sig, + const struct GNUNET_CRYPTO_EccPublicKeyBinaryEncoded + *publicKey) +{ + gcry_sexp_t data; + gcry_sexp_t sigdata; + size_t size; + gcry_mpi_t val; + gcry_sexp_t psexp; + struct GNUNET_HashCode hc; + char *buff; + int bufSize; + size_t erroff; + int rc; + + if (purpose != ntohl (validate->purpose)) + return GNUNET_SYSERR; /* purpose mismatch */ + GNUNET_CRYPTO_hash (validate, ntohl (validate->size), &hc); + size = sizeof (struct GNUNET_CRYPTO_EccSignature); + GNUNET_assert (0 == + gcry_mpi_scan (&val, GCRYMPI_FMT_USG, + (const unsigned char *) sig, size, &size)); + GNUNET_assert (0 == + gcry_sexp_build (&sigdata, &erroff, "(sig-val(ecc(s %m)))", + val)); + gcry_mpi_release (val); + bufSize = strlen (FORMATSTRING) + 1; + buff = GNUNET_malloc (bufSize); + memcpy (buff, FORMATSTRING, bufSize); + memcpy (&buff + [strlen (FORMATSTRING) - + strlen + ("0123456789012345678901234567890123456789012345678901234567890123))")], + &hc, sizeof (struct GNUNET_HashCode)); + GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0)); + GNUNET_free (buff); + if (! (psexp = decode_public_key (publicKey))) + { + gcry_sexp_release (data); + gcry_sexp_release (sigdata); + return GNUNET_SYSERR; + } + rc = gcry_pk_verify (sigdata, data, psexp); + gcry_sexp_release (psexp); + gcry_sexp_release (data); + gcry_sexp_release (sigdata); + if (rc) + { + LOG (GNUNET_ERROR_TYPE_WARNING, + _("ECC signature verification failed at %s:%d: %s\n"), __FILE__, + __LINE__, gcry_strerror (rc)); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +/* end of crypto_ecc.c */ -- 2.25.1