From a6b9d2e1879a4072dbece09f37d3bec672ec4a09 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 7 Dec 2019 14:37:44 +0100 Subject: [PATCH] fix #3795/5968/5398 --- src/util/crypto_ecc.c | 578 +----------------------------------------- src/util/crypto_pow.c | 14 - src/util/crypto_rsa.c | 101 -------- 3 files changed, 2 insertions(+), 691 deletions(-) diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index f9efcf6e7..bd7c425d4 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -33,8 +33,6 @@ #define EXTRA_CHECKS 0 -#define NEW_CRYPTO 0 - /** * Name of the curve we are using. Note that we have hard-coded @@ -164,80 +162,6 @@ decode_private_ecdsa_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv) } -#if !NEW_CRYPTO -/** - * Convert the given private key from the network format to the - * S-expression that can be used by libgcrypt. - * - * @param priv private key to decode - * @return NULL on error - */ -static gcry_sexp_t -decode_private_eddsa_key (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv) -{ - gcry_sexp_t result; - int rc; - - rc = gcry_sexp_build (&result, - NULL, - "(private-key(ecc(curve \"" CURVE "\")" - "(flags eddsa)(d %b)))", - (int) sizeof(priv->d), - priv->d); - if (0 != rc) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); - GNUNET_assert (0); - } -#if EXTRA_CHECKS - if (0 != (rc = gcry_pk_testkey (result))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); - GNUNET_assert (0); - } -#endif - return result; -} -#endif /* !NEW_CRYPTO */ - - -#if !NEW_CRYPTO -/** - * Convert the given private key from the network format to the - * S-expression that can be used by libgcrypt. - * - * @param priv private key to decode - * @return NULL on error - */ -static gcry_sexp_t -decode_private_ecdhe_key (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv) -{ - gcry_sexp_t result; - int rc; - - rc = gcry_sexp_build (&result, - NULL, - "(private-key(ecc(curve \"" CURVE "\")" - "(d %b)))", - (int) sizeof(priv->d), - priv->d); - if (0 != rc) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); - GNUNET_assert (0); - } -#if EXTRA_CHECKS - if (0 != (rc = gcry_pk_testkey (result))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); - GNUNET_assert (0); - } -#endif - return result; -} -#endif /* !NEW_CRYPTO */ - - /** * Extract the public key for the given private key. * @@ -280,29 +204,9 @@ GNUNET_CRYPTO_eddsa_key_get_public ( const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub) { -#if NEW_CRYPTO BENCHMARK_START (eddsa_key_get_public); GNUNET_TWEETNACL_sign_pk_from_seed (pub->q_y, priv->d); BENCHMARK_END (eddsa_key_get_public); -#else - gcry_sexp_t sexp; - gcry_ctx_t ctx; - gcry_mpi_t q; - - BENCHMARK_START (eddsa_key_get_public); - - sexp = decode_private_eddsa_key (priv); - GNUNET_assert (NULL != sexp); - GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL)); - gcry_sexp_release (sexp); - q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); - GNUNET_assert (q); - GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof(pub->q_y), q); - gcry_mpi_release (q); - gcry_ctx_release (ctx); - - BENCHMARK_END (eddsa_key_get_public); -#endif } @@ -317,29 +221,9 @@ GNUNET_CRYPTO_ecdhe_key_get_public ( const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, struct GNUNET_CRYPTO_EcdhePublicKey *pub) { -#if NEW_CRYPTO BENCHMARK_START (ecdhe_key_get_public); GNUNET_TWEETNACL_scalarmult_curve25519_base (pub->q_y, priv->d); BENCHMARK_END (ecdhe_key_get_public); -#else - gcry_sexp_t sexp; - gcry_ctx_t ctx; - gcry_mpi_t q; - - BENCHMARK_START (ecdhe_key_get_public); - - sexp = decode_private_ecdhe_key (priv); - GNUNET_assert (NULL != sexp); - GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, sexp, NULL)); - gcry_sexp_release (sexp); - q = gcry_mpi_ec_get_mpi ("q@eddsa", ctx, 0); - GNUNET_assert (q); - GNUNET_CRYPTO_mpi_print_unsigned (pub->q_y, sizeof(pub->q_y), q); - gcry_mpi_release (q); - gcry_ctx_release (ctx); - - BENCHMARK_END (ecdhe_key_get_public); -#endif } @@ -650,62 +534,12 @@ GNUNET_CRYPTO_ecdhe_key_create () int GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk) { -#if NEW_CRYPTO BENCHMARK_START (ecdhe_key_create); GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, pk, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); BENCHMARK_END (ecdhe_key_create); return GNUNET_OK; -#else - gcry_sexp_t priv_sexp; - gcry_sexp_t s_keyparam; - gcry_mpi_t d; - int rc; - - BENCHMARK_START (ecdhe_key_create); - - /* NOTE: For libgcrypt >= 1.7, we do not need the 'eddsa' flag here, - but should also be harmless. For libgcrypt < 1.7, using 'eddsa' - disables an expensive key testing routine. We do not want to run - the expensive check for ECDHE, as we generate TONS of keys to - use for a very short time. */if (0 != (rc = gcry_sexp_build (&s_keyparam, - NULL, - "(genkey(ecc(curve \"" CURVE "\")" - "(flags eddsa no-keytest)))"))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); - return GNUNET_SYSERR; - } - if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc); - gcry_sexp_release (s_keyparam); - return GNUNET_SYSERR; - } - gcry_sexp_release (s_keyparam); -#if EXTRA_CHECKS - if (0 != (rc = gcry_pk_testkey (priv_sexp))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); - gcry_sexp_release (priv_sexp); - return GNUNET_SYSERR; - } -#endif - if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d"))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc); - gcry_sexp_release (priv_sexp); - return GNUNET_SYSERR; - } - gcry_sexp_release (priv_sexp); - GNUNET_CRYPTO_mpi_print_unsigned (pk->d, sizeof(pk->d), d); - gcry_mpi_release (d); - - BENCHMARK_END (ecdhe_key_create); - - return GNUNET_OK; -#endif } @@ -773,7 +607,6 @@ GNUNET_CRYPTO_ecdsa_key_create () struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create () { -#if NEW_CRYPTO struct GNUNET_CRYPTO_EddsaPrivateKey *priv; BENCHMARK_START (eddsa_key_create); @@ -784,65 +617,6 @@ GNUNET_CRYPTO_eddsa_key_create () BENCHMARK_END (eddsa_key_create); return priv; -#else - struct GNUNET_CRYPTO_EddsaPrivateKey *priv; - gcry_sexp_t priv_sexp; - gcry_sexp_t s_keyparam; - gcry_mpi_t d; - int rc; - - BENCHMARK_START (eddsa_key_create); - -#if CRYPTO_BUG - again: -#endif - if (0 != (rc = gcry_sexp_build (&s_keyparam, - NULL, - "(genkey(ecc(curve \"" CURVE "\")" - "(flags eddsa)))"))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); - return NULL; - } - if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc); - gcry_sexp_release (s_keyparam); - return NULL; - } - gcry_sexp_release (s_keyparam); -#if EXTRA_CHECKS - if (0 != (rc = gcry_pk_testkey (priv_sexp))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc); - gcry_sexp_release (priv_sexp); - return NULL; - } -#endif - if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d"))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc); - gcry_sexp_release (priv_sexp); - return NULL; - } - gcry_sexp_release (priv_sexp); - priv = GNUNET_new (struct GNUNET_CRYPTO_EddsaPrivateKey); - GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof(priv->d), d); - gcry_mpi_release (d); - -#if CRYPTO_BUG - if (GNUNET_OK != check_eddsa_key (priv)) - { - GNUNET_break (0); - GNUNET_free (priv); - goto again; - } -#endif - - BENCHMARK_END (eddsa_key_create); - - return priv; -#endif } @@ -871,52 +645,6 @@ GNUNET_CRYPTO_ecdsa_key_get_anonymous () } -#if !NEW_CRYPTO -/** - * Convert the data specified in the given purpose argument to an - * S-expression suitable for signature operations. - * - * @param purpose data to convert - * @return converted s-expression - */ -static gcry_sexp_t -data_to_eddsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose) -{ - gcry_sexp_t data; - int rc; - -/* SEE #5398 */ -#if 1 - struct GNUNET_HashCode hc; - - GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc); - if (0 != (rc = gcry_sexp_build (&data, - NULL, - "(data(flags eddsa)(hash-algo %s)(value %b))", - "sha512", - (int) sizeof(hc), - &hc))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); - return NULL; - } -#else - if (0 != (rc = gcry_sexp_build (&data, - NULL, - "(data(flags eddsa)(hash-algo %s)(value %b))", - "sha512", - ntohl (purpose->size), - purpose))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); - return NULL; - } -#endif - return data; -} -#endif /* !NEW_CRYPTO */ - - /** * Convert the data specified in the given purpose argument to an * S-expression suitable for signature operations. @@ -1034,7 +762,6 @@ GNUNET_CRYPTO_eddsa_sign ( struct GNUNET_CRYPTO_EddsaSignature *sig) { -#if NEW_CRYPTO size_t mlen = ntohl (purpose->size); unsigned char sk[GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES]; int res; @@ -1047,50 +774,6 @@ GNUNET_CRYPTO_eddsa_sign ( sk); BENCHMARK_END (eddsa_sign); return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; -#else - - gcry_sexp_t priv_sexp; - gcry_sexp_t sig_sexp; - gcry_sexp_t data; - int rc; - gcry_mpi_t rs[2]; - - BENCHMARK_START (eddsa_sign); - - priv_sexp = decode_private_eddsa_key (priv); - data = data_to_eddsa_value (purpose); - if (0 != (rc = gcry_pk_sign (&sig_sexp, data, priv_sexp))) - { - LOG (GNUNET_ERROR_TYPE_WARNING, - _ ("EdDSA signing failed at %s:%d: %s\n"), - __FILE__, - __LINE__, - gcry_strerror (rc)); - gcry_sexp_release (data); - gcry_sexp_release (priv_sexp); - return GNUNET_SYSERR; - } - gcry_sexp_release (priv_sexp); - gcry_sexp_release (data); - - /* extract 'r' and 's' values from sexpression 'sig_sexp' and store in - 'signature' */ - if (0 != (rc = key_from_sexp (rs, sig_sexp, "sig-val", "rs"))) - { - GNUNET_break (0); - gcry_sexp_release (sig_sexp); - return GNUNET_SYSERR; - } - gcry_sexp_release (sig_sexp); - GNUNET_CRYPTO_mpi_print_unsigned (sig->r, sizeof(sig->r), rs[0]); - GNUNET_CRYPTO_mpi_print_unsigned (sig->s, sizeof(sig->s), rs[1]); - gcry_mpi_release (rs[0]); - gcry_mpi_release (rs[1]); - - BENCHMARK_END (eddsa_sign); - - return GNUNET_OK; -#endif } @@ -1178,7 +861,6 @@ GNUNET_CRYPTO_eddsa_verify ( const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub) { -#if NEW_CRYPTO unsigned char *m = (void *) validate; size_t mlen = ntohl (validate->size); unsigned char *s = (void *) sig; @@ -1192,59 +874,6 @@ GNUNET_CRYPTO_eddsa_verify ( res = GNUNET_TWEETNACL_sign_detached_verify (s, m, mlen, pub->q_y); BENCHMARK_END (eddsa_verify); return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; -#else - gcry_sexp_t data; - gcry_sexp_t sig_sexpr; - gcry_sexp_t pub_sexpr; - int rc; - - BENCHMARK_START (eddsa_verify); - - if (purpose != ntohl (validate->purpose)) - return GNUNET_SYSERR; /* purpose mismatch */ - - /* build s-expression for signature */ - if (0 != (rc = gcry_sexp_build (&sig_sexpr, - NULL, - "(sig-val(eddsa(r %b)(s %b)))", - (int) sizeof(sig->r), - sig->r, - (int) sizeof(sig->s), - sig->s))) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc); - return GNUNET_SYSERR; - } - data = data_to_eddsa_value (validate); - if (0 != (rc = gcry_sexp_build (&pub_sexpr, - NULL, - "(public-key(ecc(curve " CURVE - ")(flags eddsa)(q %b)))", - (int) sizeof(pub->q_y), - pub->q_y))) - { - gcry_sexp_release (data); - gcry_sexp_release (sig_sexpr); - return GNUNET_SYSERR; - } - rc = gcry_pk_verify (sig_sexpr, data, pub_sexpr); - gcry_sexp_release (pub_sexpr); - gcry_sexp_release (data); - gcry_sexp_release (sig_sexpr); - if (0 != rc) - { - LOG (GNUNET_ERROR_TYPE_INFO, - _ ("EdDSA signature verification of type %u failed at %s:%d: %s\n"), - (unsigned int) purpose, - __FILE__, - __LINE__, - gcry_strerror (rc)); - BENCHMARK_END (eddsa_verify); - return GNUNET_SYSERR; - } - BENCHMARK_END (eddsa_verify); - return GNUNET_OK; -#endif } @@ -1261,68 +890,10 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material) { -#if NEW_CRYPTO uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, pub->q_y); GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); return GNUNET_OK; -#else - gcry_mpi_point_t result; - gcry_mpi_point_t q; - gcry_mpi_t d; - gcry_ctx_t ctx; - gcry_sexp_t pub_sexpr; - gcry_mpi_t result_x; - unsigned char xbuf[256 / 8]; - size_t rsize; - - BENCHMARK_START (ecc_ecdh); - - /* first, extract the q = dP value from the public key */ - if (0 != gcry_sexp_build (&pub_sexpr, - NULL, - "(public-key(ecc(curve " CURVE ")(q %b)))", - (int) sizeof(pub->q_y), - pub->q_y)) - return GNUNET_SYSERR; - GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL)); - gcry_sexp_release (pub_sexpr); - q = gcry_mpi_ec_get_point ("q", ctx, 0); - - /* second, extract the d value from our private key */ - GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d)); - - /* then call the 'multiply' function, to compute the product */ - result = gcry_mpi_point_new (0); - gcry_mpi_ec_mul (result, d, q, ctx); - gcry_mpi_point_release (q); - gcry_mpi_release (d); - - /* finally, convert point to string for hashing */ - result_x = gcry_mpi_new (256); - if (gcry_mpi_ec_get_affine (result_x, NULL, result, ctx)) - { - LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "get_affine failed", 0); - gcry_mpi_point_release (result); - gcry_ctx_release (ctx); - return GNUNET_SYSERR; - } - gcry_mpi_point_release (result); - gcry_ctx_release (ctx); - - rsize = sizeof(xbuf); - GNUNET_assert (! gcry_mpi_get_flag (result_x, GCRYMPI_FLAG_OPAQUE)); - /* result_x can be negative here, so we do not use 'GNUNET_CRYPTO_mpi_print_unsigned' - as that does not include the sign bit; x should be a 255-bit - value, so with the sign it should fit snugly into the 256-bit - xbuf */ - GNUNET_assert ( - 0 == gcry_mpi_print (GCRYMPI_FMT_STD, xbuf, rsize, &rsize, result_x)); - GNUNET_CRYPTO_hash (xbuf, rsize, key_material); - gcry_mpi_release (result_x); - BENCHMARK_END (ecc_ecdh); - return GNUNET_OK; -#endif } @@ -1469,73 +1040,6 @@ GNUNET_CRYPTO_ecdsa_public_key_derive ( } -#if !NEW_CRYPTO -/** - * Reverse the sequence of the bytes in @a buffer - * - * @param[in|out] buffer buffer to invert - * @param length number of bytes in @a buffer - */ -static void -reverse_buffer (unsigned char *buffer, size_t length) -{ - unsigned char tmp; - size_t i; - - for (i = 0; i < length / 2; i++) - { - tmp = buffer[i]; - buffer[i] = buffer[length - 1 - i]; - buffer[length - 1 - i] = tmp; - } -} - - -/** - * Convert the secret @a d of an EdDSA key to the - * value that is actually used in the EdDSA computation. - * - * @param d secret input - * @return value used for the calculation in EdDSA - */ -static gcry_mpi_t -eddsa_d_to_a (gcry_mpi_t d) -{ - unsigned char rawmpi[32]; /* 256-bit value */ - size_t rawmpilen; - unsigned char digest[64]; /* 512-bit hash value */ - gcry_buffer_t hvec[2]; - unsigned int b; - gcry_mpi_t a; - - b = 256 / 8; /* number of bytes in `d` */ - - /* Note that we clear DIGEST so we can use it as input to left pad - the key with zeroes for hashing. */ - memset (digest, 0, sizeof digest); - memset (hvec, 0, sizeof hvec); - rawmpilen = sizeof(rawmpi); - GNUNET_assert ( - 0 == gcry_mpi_print (GCRYMPI_FMT_USG, rawmpi, rawmpilen, &rawmpilen, d)); - hvec[0].data = digest; - hvec[0].off = 0; - hvec[0].len = b > rawmpilen ? (b - rawmpilen) : 0; - hvec[1].data = rawmpi; - hvec[1].off = 0; - hvec[1].len = rawmpilen; - GNUNET_assert ( - 0 == gcry_md_hash_buffers (GCRY_MD_SHA512, 0 /* flags */, digest, hvec, 2)); - /* Compute the A value. */ - reverse_buffer (digest, 32); /* Only the first half of the hash. */ - digest[0] = (digest[0] & 0x7f) | 0x40; - digest[31] &= 0xf8; - - GNUNET_CRYPTO_mpi_scan_unsigned (&a, digest, 32); - return a; -} -#endif - - /** * Take point from ECDH and convert it to key material. * @@ -1590,10 +1094,10 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EcdhePublicKey *pub, struct GNUNET_HashCode *key_material) { -#if NEW_CRYPTO struct GNUNET_HashCode hc; uint8_t a[GNUNET_TWEETNACL_SCALARMULT_BYTES]; uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; + GNUNET_CRYPTO_hash (priv, sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), &hc); @@ -1603,47 +1107,6 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); return GNUNET_OK; -#else - gcry_mpi_point_t result; - gcry_mpi_point_t q; - gcry_mpi_t d; - gcry_mpi_t a; - gcry_ctx_t ctx; - gcry_sexp_t pub_sexpr; - int ret; - - BENCHMARK_START (eddsa_ecdh); - - /* first, extract the q = dP value from the public key */ - if (0 != gcry_sexp_build (&pub_sexpr, - NULL, - "(public-key(ecc(curve " CURVE ")(q %b)))", - (int) sizeof(pub->q_y), - pub->q_y)) - return GNUNET_SYSERR; - GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL)); - gcry_sexp_release (pub_sexpr); - q = gcry_mpi_ec_get_point ("q", ctx, 0); - - /* second, extract the d value from our private key */ - GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d)); - - /* NOW, because this is EdDSA, HASH 'd' first! */ - a = eddsa_d_to_a (d); - gcry_mpi_release (d); - - /* then call the 'multiply' function, to compute the product */ - result = gcry_mpi_point_new (0); - gcry_mpi_ec_mul (result, a, q, ctx); - gcry_mpi_point_release (q); - gcry_mpi_release (a); - - ret = point_to_hash (result, ctx, key_material); - gcry_mpi_point_release (result); - gcry_ctx_release (ctx); - BENCHMARK_END (eddsa_ecdh); - return ret; -#endif } @@ -1715,50 +1178,13 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, const struct GNUNET_CRYPTO_EddsaPublicKey *pub, struct GNUNET_HashCode *key_material) { -#if NEW_CRYPTO uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES]; + GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y); GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk); GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); return GNUNET_OK; -#else - gcry_mpi_point_t result; - gcry_mpi_point_t q; - gcry_mpi_t d; - gcry_ctx_t ctx; - gcry_sexp_t pub_sexpr; - int ret; - - BENCHMARK_START (ecdh_eddsa); - - /* first, extract the q = dP value from the public key */ - if (0 != gcry_sexp_build (&pub_sexpr, - NULL, - "(public-key(ecc(curve " CURVE ")(q %b)))", - (int) sizeof(pub->q_y), - pub->q_y)) - return GNUNET_SYSERR; - GNUNET_assert (0 == gcry_mpi_ec_new (&ctx, pub_sexpr, NULL)); - gcry_sexp_release (pub_sexpr); - q = gcry_mpi_ec_get_point ("q", ctx, 0); - - /* second, extract the d value from our private key */ - GNUNET_CRYPTO_mpi_scan_unsigned (&d, priv->d, sizeof(priv->d)); - - /* then call the 'multiply' function, to compute the product */ - result = gcry_mpi_point_new (0); - gcry_mpi_ec_mul (result, d, q, ctx); - gcry_mpi_point_release (q); - gcry_mpi_release (d); - - /* finally, convert point to string for hashing */ - ret = point_to_hash (result, ctx, key_material); - gcry_mpi_point_release (result); - gcry_ctx_release (ctx); - BENCHMARK_END (ecdh_eddsa); - return ret; -#endif } diff --git a/src/util/crypto_pow.c b/src/util/crypto_pow.c index af6837e03..be575e537 100644 --- a/src/util/crypto_pow.c +++ b/src/util/crypto_pow.c @@ -27,8 +27,6 @@ #include "gnunet_crypto_lib.h" #include -/* FIXME: change to 1 for #3795 / 0.12! */ -#define NEW_CRYPTO 0 /** * Calculate the 'proof-of-work' hash (an expensive hash). @@ -46,7 +44,6 @@ GNUNET_CRYPTO_pow_hash (const char *salt, size_t buf_len, struct GNUNET_HashCode *result) { -#if NEW_CRYPTO struct GNUNET_CRYPTO_SymmetricInitializationVector iv; struct GNUNET_CRYPTO_SymmetricSessionKey skey; char rbuf[buf_len]; @@ -81,17 +78,6 @@ GNUNET_CRYPTO_pow_hash (const char *salt, 2 /* iterations; keep cost of individual op small */, sizeof(struct GNUNET_HashCode), result)); -#else - GNUNET_break (0 == gcry_kdf_derive (buf, - buf_len, - GCRY_KDF_SCRYPT, - 1 /* subalgo */, - salt, - strlen (salt), - 2 /* iterations; keep cost of individual op small */, - sizeof(struct GNUNET_HashCode), - result)); -#endif } diff --git a/src/util/crypto_rsa.c b/src/util/crypto_rsa.c index 08bdeb2ca..2ac4fcf8a 100644 --- a/src/util/crypto_rsa.c +++ b/src/util/crypto_rsa.c @@ -32,8 +32,6 @@ #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__) -/* Flip for #5968 */ -#define NEW_CRYPTO 0 /** * The private information of an RSA key pair. @@ -349,7 +347,6 @@ GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer) { -#if NEW_CRYPTO gcry_mpi_t ne[2]; size_t n_size; size_t e_size; @@ -411,23 +408,6 @@ GNUNET_CRYPTO_rsa_public_key_encode (const struct gcry_mpi_release (ne[0]); gcry_mpi_release (ne[1]); return buf_size; -#else - size_t n; - char *b; - - n = gcry_sexp_sprint (key->sexp, - GCRYSEXP_FMT_ADVANCED, - NULL, - 0); - b = GNUNET_malloc (n); - GNUNET_assert ((n - 1) == /* since the last byte is \0 */ - gcry_sexp_sprint (key->sexp, - GCRYSEXP_FMT_ADVANCED, - b, - n)); - *buffer = b; - return n; -#endif } @@ -466,7 +446,6 @@ GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, size_t len) { struct GNUNET_CRYPTO_RsaPublicKey *key; -#if NEW_CRYPTO struct GNUNET_CRYPTO_RsaPublicKeyHeaderP hdr; size_t e_size; size_t n_size; @@ -526,37 +505,6 @@ GNUNET_CRYPTO_rsa_public_key_decode (const char *buf, key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); key->sexp = data; return key; -#else - gcry_mpi_t n; - int ret; - - - key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey); - if (0 != - gcry_sexp_new (&key->sexp, - buf, - len, - 0)) - { - GNUNET_break_op (0); - GNUNET_free (key); - return NULL; - } - /* verify that this is an RSA public key */ - ret = key_from_sexp (&n, key->sexp, "public-key", "n"); - if (0 != ret) - ret = key_from_sexp (&n, key->sexp, "rsa", "n"); - if (0 != ret) - { - /* this is no public RSA key */ - GNUNET_break (0); - gcry_sexp_release (key->sexp); - GNUNET_free (key); - return NULL; - } - gcry_mpi_release (n); - return key; -#endif } @@ -1128,7 +1076,6 @@ GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, char **buffer) { -#if NEW_CRYPTO gcry_mpi_t s; size_t buf_size; size_t rsize; @@ -1160,23 +1107,6 @@ GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_assert (rsize == buf_size); *buffer = (char *) buf; return buf_size; -#else - size_t n; - char *b; - - n = gcry_sexp_sprint (sig->sexp, - GCRYSEXP_FMT_ADVANCED, - NULL, - 0); - b = GNUNET_malloc (n); - GNUNET_assert ((n - 1) == /* since the last byte is \0 */ - gcry_sexp_sprint (sig->sexp, - GCRYSEXP_FMT_ADVANCED, - b, - n)); - *buffer = b; - return n; -#endif } @@ -1193,7 +1123,6 @@ GNUNET_CRYPTO_rsa_signature_decode (const char *buf, size_t len) { struct GNUNET_CRYPTO_RsaSignature *sig; -#if NEW_CRYPTO gcry_mpi_t s; gcry_sexp_t data; @@ -1222,36 +1151,6 @@ GNUNET_CRYPTO_rsa_signature_decode (const char *buf, sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); sig->sexp = data; return sig; -#else - int ret; - gcry_mpi_t s; - - sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature); - if (0 != - gcry_sexp_new (&sig->sexp, - buf, - len, - 0)) - { - GNUNET_break_op (0); - GNUNET_free (sig); - return NULL; - } - /* verify that this is an RSA signature */ - ret = key_from_sexp (&s, sig->sexp, "sig-val", "s"); - if (0 != ret) - ret = key_from_sexp (&s, sig->sexp, "rsa", "s"); - if (0 != ret) - { - /* this is no RSA Signature */ - GNUNET_break_op (0); - gcry_sexp_release (sig->sexp); - GNUNET_free (sig); - return NULL; - } - gcry_mpi_release (s); -#endif - return sig; } -- 2.25.1