From 9d32af7facac83d853764e6f4a8c28060e631723 Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 3 Oct 2019 18:56:39 +0200 Subject: [PATCH] intendation --- src/gnsrecord/gnsrecord_crypto.c | 504 ++++++++++++++++--------------- 1 file changed, 257 insertions(+), 247 deletions(-) diff --git a/src/gnsrecord/gnsrecord_crypto.c b/src/gnsrecord/gnsrecord_crypto.c index d34be30c4..c87adaa1b 100644 --- a/src/gnsrecord/gnsrecord_crypto.c +++ b/src/gnsrecord/gnsrecord_crypto.c @@ -35,7 +35,7 @@ #include "gnunet_tun_lib.h" -#define LOG(kind, ...) GNUNET_log_from(kind, "gnsrecord", __VA_ARGS__) +#define LOG(kind, ...) GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__) /** @@ -47,10 +47,10 @@ * @param pub public key to use for KDF */ static void -derive_block_aes_key(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, - struct GNUNET_CRYPTO_SymmetricSessionKey *skey, - const char *label, - const struct GNUNET_CRYPTO_EcdsaPublicKey *pub) +derive_block_aes_key (struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, + struct GNUNET_CRYPTO_SymmetricSessionKey *skey, + const char *label, + const struct GNUNET_CRYPTO_EcdsaPublicKey *pub) { static const char ctx_key[] = "gns-aes-ctx-key"; static const char ctx_iv[] = "gns-aes-ctx-iv"; @@ -60,27 +60,29 @@ derive_block_aes_key(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, * how derive_h is done in crypto_ecc.c. */ #ifdef GNUNET_PROTOCOL_V12 - GNUNET_CRYPTO_kdf(skey, sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey), - ctx_key, strlen(ctx_key), - pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), - label, strlen(label), - NULL, 0); - GNUNET_CRYPTO_kdf(iv, sizeof(struct GNUNET_CRYPTO_SymmetricInitializationVector), - ctx_iv, strlen(ctx_iv), - pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), - label, strlen(label), - NULL, 0); + GNUNET_CRYPTO_kdf (skey, sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey), + ctx_key, strlen (ctx_key), + pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), + label, strlen (label), + NULL, 0); + GNUNET_CRYPTO_kdf (iv, sizeof(struct + GNUNET_CRYPTO_SymmetricInitializationVector), + ctx_iv, strlen (ctx_iv), + pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), + label, strlen (label), + NULL, 0); #else - GNUNET_CRYPTO_kdf(skey, sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey), - pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), - label, strlen(label), - ctx_key, strlen(ctx_key), - NULL, 0); - GNUNET_CRYPTO_kdf(iv, sizeof(struct GNUNET_CRYPTO_SymmetricInitializationVector), - pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), - label, strlen(label), - ctx_iv, strlen(ctx_iv), - NULL, 0); + GNUNET_CRYPTO_kdf (skey, sizeof(struct GNUNET_CRYPTO_SymmetricSessionKey), + pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), + label, strlen (label), + ctx_key, strlen (ctx_key), + NULL, 0); + GNUNET_CRYPTO_kdf (iv, sizeof(struct + GNUNET_CRYPTO_SymmetricInitializationVector), + pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey), + label, strlen (label), + ctx_iv, strlen (ctx_iv), + NULL, 0); #endif } @@ -97,98 +99,101 @@ derive_block_aes_key(struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, * @return NULL on error (block too large) */ struct GNUNET_GNSRECORD_Block * -block_create(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, - struct GNUNET_TIME_Absolute expire, - const char *label, - const struct GNUNET_GNSRECORD_Data *rd, - unsigned int rd_count) +block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, + struct GNUNET_TIME_Absolute expire, + const char *label, + const struct GNUNET_GNSRECORD_Data *rd, + unsigned int rd_count) { - ssize_t payload_len = GNUNET_GNSRECORD_records_get_size(rd_count, - rd); + ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count, + rd); struct GNUNET_GNSRECORD_Block *block; struct GNUNET_CRYPTO_EcdsaPrivateKey *dkey; struct GNUNET_CRYPTO_SymmetricInitializationVector iv; struct GNUNET_CRYPTO_SymmetricSessionKey skey; - struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL(rd_count)]; + struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)]; uint32_t rd_count_nbo; struct GNUNET_TIME_Absolute now; if (payload_len < 0) - { - GNUNET_break(0); - return NULL; - } + { + GNUNET_break (0); + return NULL; + } if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE) - { - GNUNET_break(0); - return NULL; - } + { + GNUNET_break (0); + return NULL; + } /* convert relative to absolute times */ - now = GNUNET_TIME_absolute_get(); + now = GNUNET_TIME_absolute_get (); for (unsigned int i = 0; i < rd_count; i++) + { + rdc[i] = rd[i]; + if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION)) { - rdc[i] = rd[i]; - if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION)) - { - struct GNUNET_TIME_Relative t; + struct GNUNET_TIME_Relative t; - /* encrypted blocks must never have relative expiration times, convert! */ - rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; - t.rel_value_us = rdc[i].expiration_time; - rdc[i].expiration_time = GNUNET_TIME_absolute_add(now, t).abs_value_us; - } + /* encrypted blocks must never have relative expiration times, convert! */ + rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; + t.rel_value_us = rdc[i].expiration_time; + rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us; } + } /* serialize */ - rd_count_nbo = htonl(rd_count); + rd_count_nbo = htonl (rd_count); { char payload[sizeof(uint32_t) + payload_len]; - GNUNET_memcpy(payload, - &rd_count_nbo, - sizeof(uint32_t)); - GNUNET_assert(payload_len == - GNUNET_GNSRECORD_records_serialize(rd_count, - rdc, - payload_len, - &payload[sizeof(uint32_t)])); - block = GNUNET_malloc(sizeof(struct GNUNET_GNSRECORD_Block) + - sizeof(uint32_t) + - payload_len); - block->purpose.size = htonl(sizeof(uint32_t) + - payload_len + - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof(struct GNUNET_TIME_AbsoluteNBO)); - block->purpose.purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); - block->expiration_time = GNUNET_TIME_absolute_hton(expire); + GNUNET_memcpy (payload, + &rd_count_nbo, + sizeof(uint32_t)); + GNUNET_assert (payload_len == + GNUNET_GNSRECORD_records_serialize (rd_count, + rdc, + payload_len, + &payload[sizeof(uint32_t) + ])); + block = GNUNET_malloc (sizeof(struct GNUNET_GNSRECORD_Block) + + sizeof(uint32_t) + + payload_len); + block->purpose.size = htonl (sizeof(uint32_t) + + payload_len + + sizeof(struct + GNUNET_CRYPTO_EccSignaturePurpose) + + sizeof(struct GNUNET_TIME_AbsoluteNBO)); + block->purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN); + block->expiration_time = GNUNET_TIME_absolute_hton (expire); /* encrypt and sign */ - dkey = GNUNET_CRYPTO_ecdsa_private_key_derive(key, - label, - "gns"); - GNUNET_CRYPTO_ecdsa_key_get_public(dkey, - &block->derived_key); - derive_block_aes_key(&iv, - &skey, - label, - pkey); - GNUNET_break(payload_len + sizeof(uint32_t) == - GNUNET_CRYPTO_symmetric_encrypt(payload, - payload_len + sizeof(uint32_t), - &skey, - &iv, - &block[1])); + dkey = GNUNET_CRYPTO_ecdsa_private_key_derive (key, + label, + "gns"); + GNUNET_CRYPTO_ecdsa_key_get_public (dkey, + &block->derived_key); + derive_block_aes_key (&iv, + &skey, + label, + pkey); + GNUNET_break (payload_len + sizeof(uint32_t) == + GNUNET_CRYPTO_symmetric_encrypt (payload, + payload_len + + sizeof(uint32_t), + &skey, + &iv, + &block[1])); } if (GNUNET_OK != - GNUNET_CRYPTO_ecdsa_sign(dkey, - &block->purpose, - &block->signature)) - { - GNUNET_break(0); - GNUNET_free(dkey); - GNUNET_free(block); - return NULL; - } - GNUNET_free(dkey); + GNUNET_CRYPTO_ecdsa_sign (dkey, + &block->purpose, + &block->signature)) + { + GNUNET_break (0); + GNUNET_free (dkey); + GNUNET_free (block); + return NULL; + } + GNUNET_free (dkey); return block; } @@ -204,29 +209,30 @@ block_create(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, * @return NULL on error (block too large) */ struct GNUNET_GNSRECORD_Block * -GNUNET_GNSRECORD_block_create(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, - struct GNUNET_TIME_Absolute expire, - const char *label, - const struct GNUNET_GNSRECORD_Data *rd, - unsigned int rd_count) +GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, + struct GNUNET_TIME_Absolute expire, + const char *label, + const struct GNUNET_GNSRECORD_Data *rd, + unsigned int rd_count) { struct GNUNET_CRYPTO_EcdsaPublicKey pkey; - GNUNET_CRYPTO_ecdsa_key_get_public(key, - &pkey); - return block_create(key, - &pkey, - expire, - label, - rd, - rd_count); + GNUNET_CRYPTO_ecdsa_key_get_public (key, + &pkey); + return block_create (key, + &pkey, + expire, + label, + rd, + rd_count); } /** * Line in cache mapping private keys to public keys. */ -struct KeyCacheLine { +struct KeyCacheLine +{ /** * A private key. */ @@ -252,33 +258,33 @@ struct KeyCacheLine { * @return NULL on error (block too large) */ struct GNUNET_GNSRECORD_Block * -GNUNET_GNSRECORD_block_create2(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, - struct GNUNET_TIME_Absolute expire, - const char *label, - const struct GNUNET_GNSRECORD_Data *rd, - unsigned int rd_count) +GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, + struct GNUNET_TIME_Absolute expire, + const char *label, + const struct GNUNET_GNSRECORD_Data *rd, + unsigned int rd_count) { #define CSIZE 64 static struct KeyCacheLine cache[CSIZE]; struct KeyCacheLine *line; - line = &cache[(*(unsigned int *)key) % CSIZE]; - if (0 != memcmp(&line->key, - key, - sizeof(*key))) - { - /* cache miss, recompute */ - line->key = *key; - GNUNET_CRYPTO_ecdsa_key_get_public(key, - &line->pkey); - } + line = &cache[(*(unsigned int *) key) % CSIZE]; + if (0 != memcmp (&line->key, + key, + sizeof(*key))) + { + /* cache miss, recompute */ + line->key = *key; + GNUNET_CRYPTO_ecdsa_key_get_public (key, + &line->pkey); + } #undef CSIZE - return block_create(key, - &line->pkey, - expire, - label, - rd, - rd_count); + return block_create (key, + &line->pkey, + expire, + label, + rd, + rd_count); } @@ -291,12 +297,12 @@ GNUNET_GNSRECORD_block_create2(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, * @return #GNUNET_OK if the signature is valid */ int -GNUNET_GNSRECORD_block_verify(const struct GNUNET_GNSRECORD_Block *block) +GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block) { - return GNUNET_CRYPTO_ecdsa_verify(GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, - &block->purpose, - &block->signature, - &block->derived_key); + return GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, + &block->purpose, + &block->signature, + &block->derived_key); } @@ -312,124 +318,126 @@ GNUNET_GNSRECORD_block_verify(const struct GNUNET_GNSRECORD_Block *block) * not well-formed */ int -GNUNET_GNSRECORD_block_decrypt(const struct GNUNET_GNSRECORD_Block *block, - const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, - const char *label, - GNUNET_GNSRECORD_RecordCallback proc, - void *proc_cls) +GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, + const struct + GNUNET_CRYPTO_EcdsaPublicKey *zone_key, + const char *label, + GNUNET_GNSRECORD_RecordCallback proc, + void *proc_cls) { - size_t payload_len = ntohl(block->purpose.size) - - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) - - sizeof(struct GNUNET_TIME_AbsoluteNBO); + size_t payload_len = ntohl (block->purpose.size) + - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof(struct GNUNET_TIME_AbsoluteNBO); struct GNUNET_CRYPTO_SymmetricInitializationVector iv; struct GNUNET_CRYPTO_SymmetricSessionKey skey; - if (ntohl(block->purpose.size) < - sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + - sizeof(struct GNUNET_TIME_AbsoluteNBO)) - { - GNUNET_break_op(0); - return GNUNET_SYSERR; - } - derive_block_aes_key(&iv, - &skey, - label, - zone_key); + if (ntohl (block->purpose.size) < + sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose) + + sizeof(struct GNUNET_TIME_AbsoluteNBO)) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + derive_block_aes_key (&iv, + &skey, + label, + zone_key); { char payload[payload_len]; uint32_t rd_count; - GNUNET_break(payload_len == - GNUNET_CRYPTO_symmetric_decrypt(&block[1], payload_len, - &skey, &iv, - payload)); - GNUNET_memcpy(&rd_count, - payload, - sizeof(uint32_t)); - rd_count = ntohl(rd_count); + GNUNET_break (payload_len == + GNUNET_CRYPTO_symmetric_decrypt (&block[1], payload_len, + &skey, &iv, + payload)); + GNUNET_memcpy (&rd_count, + payload, + sizeof(uint32_t)); + rd_count = ntohl (rd_count); if (rd_count > 2048) - { - /* limit to sane value */ - GNUNET_break_op(0); - return GNUNET_SYSERR; - } { - struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL(rd_count)]; + /* limit to sane value */ + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + { + struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)]; unsigned int j; struct GNUNET_TIME_Absolute now; if (GNUNET_OK != - GNUNET_GNSRECORD_records_deserialize(payload_len - sizeof(uint32_t), - &payload[sizeof(uint32_t)], - rd_count, - rd)) - { - GNUNET_break_op(0); - return GNUNET_SYSERR; - } + GNUNET_GNSRECORD_records_deserialize (payload_len - sizeof(uint32_t), + &payload[sizeof(uint32_t)], + rd_count, + rd)) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } /* hide expired records */ - now = GNUNET_TIME_absolute_get(); + now = GNUNET_TIME_absolute_get (); j = 0; for (unsigned int i = 0; i < rd_count; i++) + { + if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION)) { - if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION)) - { - /* encrypted blocks must never have relative expiration times, skip! */ - GNUNET_break_op(0); - continue; - } + /* encrypted blocks must never have relative expiration times, skip! */ + GNUNET_break_op (0); + continue; + } - if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)) - { - int include_record = GNUNET_YES; - /* Shadow record, figure out if we have a not expired active record */ - for (unsigned int k = 0; k < rd_count; k++) - { - if (k == i) - continue; - if (rd[i].expiration_time < now.abs_value_us) - include_record = GNUNET_NO; /* Shadow record is expired */ - if ((rd[k].record_type == rd[i].record_type) && - (rd[k].expiration_time >= now.abs_value_us) && - (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))) - { - include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */ - GNUNET_log(GNUNET_ERROR_TYPE_INFO, - "Ignoring shadow record\n"); - break; - } - } - if (GNUNET_YES == include_record) - { - rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */ - if (j != i) - rd[j] = rd[i]; - j++; - } - } - else if (rd[i].expiration_time >= now.abs_value_us) - { - /* Include this record */ - if (j != i) - rd[j] = rd[i]; - j++; - } - else + if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD)) + { + int include_record = GNUNET_YES; + /* Shadow record, figure out if we have a not expired active record */ + for (unsigned int k = 0; k < rd_count; k++) + { + if (k == i) + continue; + if (rd[i].expiration_time < now.abs_value_us) + include_record = GNUNET_NO; /* Shadow record is expired */ + if ((rd[k].record_type == rd[i].record_type) && + (rd[k].expiration_time >= now.abs_value_us) && + (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW_RECORD))) { - struct GNUNET_TIME_Absolute at; - - at.abs_value_us = rd[i].expiration_time; - GNUNET_log(GNUNET_ERROR_TYPE_INFO, - "Excluding record that expired %s (%llu ago)\n", - GNUNET_STRINGS_absolute_time_to_string(at), - (unsigned long long)rd[i].expiration_time - now.abs_value_us); + include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */ + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Ignoring shadow record\n"); + break; } + } + if (GNUNET_YES == include_record) + { + rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW_RECORD; /* Remove Flag */ + if (j != i) + rd[j] = rd[i]; + j++; + } + } + else if (rd[i].expiration_time >= now.abs_value_us) + { + /* Include this record */ + if (j != i) + rd[j] = rd[i]; + j++; } + else + { + struct GNUNET_TIME_Absolute at; + + at.abs_value_us = rd[i].expiration_time; + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Excluding record that expired %s (%llu ago)\n", + GNUNET_STRINGS_absolute_time_to_string (at), + (unsigned long long) rd[i].expiration_time + - now.abs_value_us); + } + } rd_count = j; if (NULL != proc) - proc(proc_cls, - rd_count, - (0 != rd_count) ? rd : NULL); + proc (proc_cls, + rd_count, + (0 != rd_count) ? rd : NULL); } } return GNUNET_OK; @@ -444,17 +452,18 @@ GNUNET_GNSRECORD_block_decrypt(const struct GNUNET_GNSRECORD_Block *block, * @param query hash to use for the query */ void -GNUNET_GNSRECORD_query_from_private_key(const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, - const char *label, - struct GNUNET_HashCode *query) +GNUNET_GNSRECORD_query_from_private_key (const struct + GNUNET_CRYPTO_EcdsaPrivateKey *zone, + const char *label, + struct GNUNET_HashCode *query) { struct GNUNET_CRYPTO_EcdsaPublicKey pub; - GNUNET_CRYPTO_ecdsa_key_get_public(zone, - &pub); - GNUNET_GNSRECORD_query_from_public_key(&pub, - label, - query); + GNUNET_CRYPTO_ecdsa_key_get_public (zone, + &pub); + GNUNET_GNSRECORD_query_from_public_key (&pub, + label, + query); } @@ -466,18 +475,19 @@ GNUNET_GNSRECORD_query_from_private_key(const struct GNUNET_CRYPTO_EcdsaPrivateK * @param query hash to use for the query */ void -GNUNET_GNSRECORD_query_from_public_key(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, - const char *label, - struct GNUNET_HashCode *query) +GNUNET_GNSRECORD_query_from_public_key (const struct + GNUNET_CRYPTO_EcdsaPublicKey *pub, + const char *label, + struct GNUNET_HashCode *query) { struct GNUNET_CRYPTO_EcdsaPublicKey pd; - GNUNET_CRYPTO_ecdsa_public_key_derive(pub, - label, - "gns", - &pd); - GNUNET_CRYPTO_hash(&pd, - sizeof(pd), - query); + GNUNET_CRYPTO_ecdsa_public_key_derive (pub, + label, + "gns", + &pd); + GNUNET_CRYPTO_hash (&pd, + sizeof(pd), + query); } -- 2.25.1