GNUnet  0.11.x
Data Structures | Macros | Functions
crypto_rsa.c File Reference

Chaum-style Blind signatures based on RSA. More...

#include "platform.h"
#include <gcrypt.h>
#include "gnunet_crypto_lib.h"
#include "benchmark.h"
Include dependency graph for crypto_rsa.c:

Go to the source code of this file.

Data Structures

struct  GNUNET_CRYPTO_RsaPrivateKey
 The private information of an RSA key pair. More...
 
struct  GNUNET_CRYPTO_RsaPublicKey
 The public information of an RSA key pair. More...
 
struct  GNUNET_CRYPTO_RsaSignature
 an RSA signature More...
 
struct  RsaBlindingKey
 RSA blinding key. More...
 
struct  GNUNET_CRYPTO_RsaPublicKeyHeaderP
 Format of the header of a serialized RSA public key. More...
 

Macros

#define LOG(kind, ...)   GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__)
 

Functions

static int key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
 Extract values from an S-expression. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
 Create a new private key. More...
 
void GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Free memory occupied by the private key. More...
 
size_t GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, char **buffer)
 Encode the private key in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_decode (const char *buf, size_t len)
 Decode the private key from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
 Extract the public key of the given private key. More...
 
void GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key)
 Free memory occupied by the public key. More...
 
GNUNET_NETWORK_STRUCT_END size_t GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
 Encode the public key in a format suitable for storing it into a file. More...
 
void GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, struct GNUNET_HashCode *hc)
 Compute hash over the public key. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_decode (const char *buf, size_t len)
 Decode the public key from the data-format back to the "normal", internal format. More...
 
static int rsa_gcd_validate (gcry_mpi_t r, gcry_mpi_t n)
 Test for malicious RSA key. More...
 
static struct RsaBlindingKeyrsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
 Create a blinding key. More...
 
int GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, struct GNUNET_CRYPTO_RsaSignature *s2)
 Compare the values of two signatures. More...
 
int GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, struct GNUNET_CRYPTO_RsaPublicKey *p2)
 Compare the values of two public keys. More...
 
int GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, struct GNUNET_CRYPTO_RsaPrivateKey *p2)
 Compare the values of two private keys. More...
 
unsigned int GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Obtain the length of the RSA key in bits. More...
 
static void rsa_blinding_key_free (struct RsaBlindingKey *bkey)
 Destroy a blinding key. More...
 
static size_t numeric_mpi_alloc_n_print (gcry_mpi_t v, char **buffer)
 Print an MPI to a newly created buffer. More...
 
static gcry_mpi_t rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
 Computes a full domain hash seeded by the given public key. More...
 
int GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, char **buf, size_t *buf_size)
 Blinds the given message with the given blinding key. More...
 
static gcry_sexp_t mpi_to_sexp (gcry_mpi_t value)
 Convert an MPI to an S-expression suitable for signature operations. More...
 
static struct GNUNET_CRYPTO_RsaSignaturersa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
 Sign the given MPI. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
 Sign a blinded value, which must be a full domain hash of a message. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_HashCode *hash)
 Create and sign a full domain hash of a message. More...
 
void GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
 Free memory occupied by signature. More...
 
size_t GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, char **buffer)
 Encode the given signature in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_decode (const char *buf, size_t len)
 Decode the signature from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Duplicate the given public key. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
 Unblind a blind-signed signature. More...
 
int GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *pkey)
 Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Duplicate the given private key. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
 Duplicate the given private key. More...
 

Detailed Description

Chaum-style Blind signatures based on RSA.

Author
Sree Harsha Totakura sreeh.nosp@m.arsh.nosp@m.a@tot.nosp@m.akur.nosp@m.a.in
Christian Grothoff
Jeffrey Burdges burdg.nosp@m.es@g.nosp@m.nunet.nosp@m..org

Definition in file crypto_rsa.c.

Macro Definition Documentation

◆ LOG

#define LOG (   kind,
  ... 
)    GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__)

Function Documentation

◆ key_from_sexp()

static int key_from_sexp ( gcry_mpi_t *  array,
gcry_sexp_t  sexp,
const char *  topname,
const char *  elems 
)
static

Extract values from an S-expression.

Parameters
arraywhere to store the result(s)
sexpS-expression to parse
topnametop-level name in the S-expression that is of interest
elemsnames of the elements to extract
Returns
0 on success

Definition at line 94 of file crypto_rsa.c.

References list.

Referenced by GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_CRYPTO_rsa_public_key_len(), GNUNET_CRYPTO_rsa_signature_dup(), GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_CRYPTO_rsa_unblind(), rsa_blinding_key_derive(), and rsa_full_domain_hash().

98 {
99  gcry_sexp_t list;
100  gcry_sexp_t l2;
101  const char *s;
102  unsigned int idx;
103 
104  if (! (list = gcry_sexp_find_token (sexp, topname, 0)))
105  return 1;
106  l2 = gcry_sexp_cadr (list);
107  gcry_sexp_release (list);
108  list = l2;
109  if (! list)
110  return 2;
111  idx = 0;
112  for (s = elems; *s; s++, idx++)
113  {
114  if (! (l2 = gcry_sexp_find_token (list, s, 1)))
115  {
116  for (unsigned int i = 0; i < idx; i++)
117  {
118  gcry_free (array[i]);
119  array[i] = NULL;
120  }
121  gcry_sexp_release (list);
122  return 3; /* required parameter not found */
123  }
124  array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
125  gcry_sexp_release (l2);
126  if (! array[idx])
127  {
128  for (unsigned int i = 0; i < idx; i++)
129  {
130  gcry_free (array[i]);
131  array[i] = NULL;
132  }
133  gcry_sexp_release (list);
134  return 4; /* required parameter is invalid */
135  }
136  }
137  gcry_sexp_release (list);
138  return 0;
139 }
static int list
Set if we should print a list of currently running services.
Definition: gnunet-arm.c:69
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_create()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_create ( unsigned int  len)

Create a new private key.

Caller must free return value.

Parameters
lenlength of the key in bits (i.e. 2048)
Returns
fresh private key

Definition at line 149 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_new, ret, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by run().

150 {
152  gcry_sexp_t s_key;
153  gcry_sexp_t s_keyparam;
154 
155  BENCHMARK_START (rsa_private_key_create);
156 
157  GNUNET_assert (0 ==
158  gcry_sexp_build (&s_keyparam,
159  NULL,
160  "(genkey(rsa(nbits %d)))",
161  len));
162  GNUNET_assert (0 ==
163  gcry_pk_genkey (&s_key,
164  s_keyparam));
165  gcry_sexp_release (s_keyparam);
166 #if EXTRA_CHECKS
167  GNUNET_assert (0 ==
168  gcry_pk_testkey (s_key));
169 #endif
171  ret->sexp = s_key;
172  BENCHMARK_END (rsa_private_key_create);
173  return ret;
174 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
The private information of an RSA key pair.
Definition: crypto_rsa.c:39
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_free()

void GNUNET_CRYPTO_rsa_private_key_free ( struct GNUNET_CRYPTO_RsaPrivateKey key)

Free memory occupied by the private key.

Parameters
keypointer to the memory to free

Definition at line 183 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_private_key_decode(), and run().

184 {
185  gcry_sexp_release (key->sexp);
186  GNUNET_free (key);
187 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_encode()

size_t GNUNET_CRYPTO_rsa_private_key_encode ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
char **  buffer 
)

Encode the private key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 199 of file crypto_rsa.c.

References testconfigure::b, GNUNET_assert, GNUNET_malloc, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_private_key_cmp().

202 {
203  size_t n;
204  char *b;
205 
206  n = gcry_sexp_sprint (key->sexp,
207  GCRYSEXP_FMT_DEFAULT,
208  NULL,
209  0);
210  b = GNUNET_malloc (n);
211  GNUNET_assert ((n - 1) == /* since the last byte is \0 */
212  gcry_sexp_sprint (key->sexp,
213  GCRYSEXP_FMT_DEFAULT,
214  b,
215  n));
216  *buffer = b;
217  return n;
218 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_decode()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_decode ( const char *  buf,
size_t  len 
)

Decode the private key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the private key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 230 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_new, key, LOG, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

232 {
234 
236  if (0 !=
237  gcry_sexp_new (&key->sexp,
238  buf,
239  len,
240  0))
241  {
243  "Decoded private key is not valid\n");
244  GNUNET_free (key);
245  return NULL;
246  }
247  if (0 != gcry_pk_testkey (key->sexp))
248  {
250  "Decoded private key is not valid\n");
252  return NULL;
253  }
254  return key;
255 }
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
static char buf[2048]
#define LOG(kind,...)
Definition: crypto_rsa.c:33
struct GNUNET_HashCode key
The key used in the DHT.
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:183
The private information of an RSA key pair.
Definition: crypto_rsa.c:39
#define GNUNET_free(ptr)
Wrapper around free.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_get_public()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_private_key_get_public ( const struct GNUNET_CRYPTO_RsaPrivateKey priv)

Extract the public key of the given private key.

Parameters
privthe private key NULL on error, otherwise the public key

Definition at line 265 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_break_op, GNUNET_new, key_from_sexp(), pub, result, GNUNET_CRYPTO_RsaPrivateKey::sexp, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_sign_fdh(), rsa_sign_mpi(), and run().

267 {
269  gcry_mpi_t ne[2];
270  int rc;
271  gcry_sexp_t result;
272 
273  BENCHMARK_START (rsa_private_key_get_public);
274 
275  rc = key_from_sexp (ne, priv->sexp, "public-key", "ne");
276  if (0 != rc)
277  rc = key_from_sexp (ne, priv->sexp, "private-key", "ne");
278  if (0 != rc)
279  rc = key_from_sexp (ne, priv->sexp, "rsa", "ne");
280  if (0 != rc)
281  {
282  GNUNET_break_op (0);
283  return NULL;
284  }
285  rc = gcry_sexp_build (&result,
286  NULL,
287  "(public-key(rsa(n %m)(e %m)))",
288  ne[0],
289  ne[1]);
290  gcry_mpi_release (ne[0]);
291  gcry_mpi_release (ne[1]);
292  pub = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
293  pub->sexp = result;
294  BENCHMARK_END (rsa_private_key_get_public);
295  return pub;
296 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static int result
Global testing status.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:39
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_free()

void GNUNET_CRYPTO_rsa_public_key_free ( struct GNUNET_CRYPTO_RsaPublicKey key)

Free memory occupied by the public key.

Parameters
keypointer to the memory to free

Definition at line 305 of file crypto_rsa.c.

References GNUNET_free, GNUNET_NETWORK_STRUCT_BEGIN, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by clean_rsa_pub(), clean_rsa_public_key(), GNUNET_CRYPTO_rsa_sign_fdh(), rsa_sign_mpi(), and run().

306 {
307  gcry_sexp_release (key->sexp);
308  GNUNET_free (key);
309 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_encode()

GNUNET_NETWORK_STRUCT_END size_t GNUNET_CRYPTO_rsa_public_key_encode ( const struct GNUNET_CRYPTO_RsaPublicKey key,
char **  buffer 
)

Encode the public key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 346 of file crypto_rsa.c.

References buf, GNUNET_assert, GNUNET_break, GNUNET_malloc, key_from_sexp(), GNUNET_CRYPTO_RsaPublicKeyHeaderP::modulus_length, GNUNET_CRYPTO_RsaPublicKeyHeaderP::public_exponent_length, ret, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by bind_rsa_pub(), GNUNET_CRYPTO_rsa_public_key_cmp(), GNUNET_CRYPTO_rsa_public_key_hash(), GNUNET_JSON_from_rsa_public_key(), my_conv_rsa_public_key(), qconv_rsa_public_key(), rsa_full_domain_hash(), and run().

349 {
350  gcry_mpi_t ne[2];
351  size_t n_size;
352  size_t e_size;
353  size_t rsize;
354  size_t buf_size;
355  char *buf;
357  int ret;
358 
359  ret = key_from_sexp (ne, key->sexp, "public-key", "ne");
360  if (0 != ret)
361  ret = key_from_sexp (ne, key->sexp, "rsa", "ne");
362  if (0 != ret)
363  {
364  GNUNET_break (0);
365  *buffer = NULL;
366  return 0;
367  }
368  gcry_mpi_print (GCRYMPI_FMT_USG,
369  NULL,
370  0,
371  &n_size,
372  ne[0]);
373  gcry_mpi_print (GCRYMPI_FMT_USG,
374  NULL,
375  0,
376  &e_size,
377  ne[1]);
378  if ( (e_size > UINT16_MAX) ||
379  (n_size > UINT16_MAX) )
380  {
381  GNUNET_break (0);
382  *buffer = NULL;
383  gcry_mpi_release (ne[0]);
384  gcry_mpi_release (ne[1]);
385  return 0;
386  }
387  buf_size = n_size + e_size + sizeof (hdr);
388  buf = GNUNET_malloc (buf_size);
389  hdr.modulus_length = htons ((uint16_t) n_size);
390  hdr.public_exponent_length = htons ((uint16_t) e_size);
391  memcpy (buf, &hdr, sizeof (hdr));
392  GNUNET_assert (0 ==
393  gcry_mpi_print (GCRYMPI_FMT_USG,
394  (unsigned char *) &buf[sizeof (hdr)],
395  n_size,
396  &rsize,
397  ne[0]));
398 
399  GNUNET_assert (0 ==
400  gcry_mpi_print (GCRYMPI_FMT_USG,
401  (unsigned char *) &buf[sizeof (hdr) + n_size],
402  e_size,
403  &rsize,
404  ne[1]));
405  *buffer = buf;
406  gcry_mpi_release (ne[0]);
407  gcry_mpi_release (ne[1]);
408  return buf_size;
409 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static char buf[2048]
Format of the header of a serialized RSA public key.
Definition: crypto_rsa.c:317
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_hash()

void GNUNET_CRYPTO_rsa_public_key_hash ( const struct GNUNET_CRYPTO_RsaPublicKey key,
struct GNUNET_HashCode hc 
)

Compute hash over the public key.

Parameters
keypublic key to hash
hcwhere to store the hash code

Definition at line 419 of file crypto_rsa.c.

References buf, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_rsa_public_key_encode(), and GNUNET_free.

421 {
422  char *buf;
423  size_t buf_size;
424 
425  buf_size = GNUNET_CRYPTO_rsa_public_key_encode (key,
426  &buf);
427  GNUNET_CRYPTO_hash (buf,
428  buf_size,
429  hc);
430  GNUNET_free (buf);
431 }
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
static char buf[2048]
GNUNET_NETWORK_STRUCT_END size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:346
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_decode()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_decode ( const char *  buf,
size_t  len 
)

Decode the public key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 443 of file crypto_rsa.c.

References data, e, GNUNET_break, GNUNET_break_op, GNUNET_new, key, GNUNET_CRYPTO_RsaPublicKeyHeaderP::modulus_length, GNUNET_CRYPTO_RsaPublicKeyHeaderP::public_exponent_length, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by extract_rsa_pub(), extract_rsa_public_key(), parse_rsa_public_key(), and post_extract_rsa_public_key().

445 {
448  size_t e_size;
449  size_t n_size;
450  gcry_mpi_t n;
451  gcry_mpi_t e;
452  gcry_sexp_t data;
453 
454  if (len < sizeof (hdr))
455  {
456  GNUNET_break_op (0);
457  return NULL;
458  }
459  memcpy (&hdr, buf, sizeof (hdr));
460  n_size = ntohs (hdr.modulus_length);
461  e_size = ntohs (hdr.public_exponent_length);
462  if (len != sizeof (hdr) + e_size + n_size)
463  {
464  GNUNET_break_op (0);
465  return NULL;
466  }
467  if (0 !=
468  gcry_mpi_scan (&n,
469  GCRYMPI_FMT_USG,
470  &buf[sizeof (hdr)],
471  n_size,
472  NULL))
473  {
474  GNUNET_break_op (0);
475  return NULL;
476  }
477  if (0 !=
478  gcry_mpi_scan (&e,
479  GCRYMPI_FMT_USG,
480  &buf[sizeof (hdr) + n_size],
481  e_size,
482  NULL))
483  {
484  GNUNET_break_op (0);
485  gcry_mpi_release (n);
486  return NULL;
487  }
488 
489  if (0 !=
490  gcry_sexp_build (&data,
491  NULL,
492  "(public-key(rsa(n %m)(e %m)))",
493  n,
494  e))
495  {
496  GNUNET_break (0);
497  gcry_mpi_release (n);
498  gcry_mpi_release (e);
499  return NULL;
500  }
501  gcry_mpi_release (n);
502  gcry_mpi_release (e);
503  key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
504  key->sexp = data;
505  return key;
506 }
static struct Experiment * e
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static char buf[2048]
Format of the header of a serialized RSA public key.
Definition: crypto_rsa.c:317
struct GNUNET_HashCode key
The key used in the DHT.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
uint32_t data
The data value.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the caller graph for this function:

◆ rsa_gcd_validate()

static int rsa_gcd_validate ( gcry_mpi_t  r,
gcry_mpi_t  n 
)
static

Test for malicious RSA key.

Assuming n is an RSA modulous and r is generated using a call to GNUNET_CRYPTO_kdf_mod_mpi, if gcd(r,n) != 1 then n must be a malicious RSA key designed to deanomize the user.

Parameters
rKDF result
nRSA modulus
Returns
True if gcd(r,n) = 1, False means RSA key is malicious

Definition at line 521 of file crypto_rsa.c.

References t.

Referenced by rsa_blinding_key_derive(), and rsa_full_domain_hash().

522 {
523  gcry_mpi_t g;
524  int t;
525 
526  g = gcry_mpi_new (0);
527  t = gcry_mpi_gcd (g, r, n);
528  gcry_mpi_release (g);
529  return t;
530 }
static struct GNUNET_SCHEDULER_Task * t
Main task.
Here is the caller graph for this function:

◆ rsa_blinding_key_derive()

static struct RsaBlindingKey* rsa_blinding_key_derive ( const struct GNUNET_CRYPTO_RsaPublicKey pkey,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks 
)
static

Create a blinding key.

Parameters
lenlength of the key in bits (i.e. 2048)
bkspre-secret to use to derive the blinding key
Returns
the newly created blinding key, NULL if RSA key is malicious

Definition at line 541 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_CRYPTO_kdf_mod_mpi(), GNUNET_free, GNUNET_new, key_from_sexp(), RsaBlindingKey::r, rsa_gcd_validate(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_blind(), and GNUNET_CRYPTO_rsa_unblind().

543 {
544  char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */
545  struct RsaBlindingKey *blind;
546  gcry_mpi_t n;
547 
548  blind = GNUNET_new (struct RsaBlindingKey);
549  GNUNET_assert (NULL != blind);
550 
551  /* Extract the composite n from the RSA public key */
552  GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n"));
553  /* Assert that it at least looks like an RSA key */
554  GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE));
555 
556  GNUNET_CRYPTO_kdf_mod_mpi (&blind->r,
557  n,
558  xts, strlen (xts),
559  bks, sizeof(*bks),
560  "Blinding KDF");
561  if (0 == rsa_gcd_validate (blind->r, n))
562  {
563  GNUNET_free (blind);
564  blind = NULL;
565  }
566 
567  gcry_mpi_release (n);
568  return blind;
569 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
void GNUNET_CRYPTO_kdf_mod_mpi(gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi...
Definition: crypto_kdf.c:126
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
Test for malicious RSA key.
Definition: crypto_rsa.c:521
RSA blinding key.
Definition: crypto_rsa.c:75
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_cmp()

int GNUNET_CRYPTO_rsa_signature_cmp ( struct GNUNET_CRYPTO_RsaSignature s1,
struct GNUNET_CRYPTO_RsaSignature s2 
)

Compare the values of two signatures.

Parameters
s1one signature
s2the other signature
Returns
0 if the two are equal

Definition at line 623 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_free, and ret.

625 {
626  char *b1;
627  char *b2;
628  size_t z1;
629  size_t z2;
630  int ret;
631 
633  &b1);
635  &b2);
636  if (z1 != z2)
637  ret = 1;
638  else
639  ret = memcmp (b1,
640  b2,
641  z1);
642  GNUNET_free (b1);
643  GNUNET_free (b2);
644  return ret;
645 }
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, char **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:1073
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_cmp()

int GNUNET_CRYPTO_rsa_public_key_cmp ( struct GNUNET_CRYPTO_RsaPublicKey p1,
struct GNUNET_CRYPTO_RsaPublicKey p2 
)

Compare the values of two public keys.

Parameters
p1one public key
p2the other public key
Returns
0 if the two are equal

Definition at line 656 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, and ret.

658 {
659  char *b1;
660  char *b2;
661  size_t z1;
662  size_t z2;
663  int ret;
664 
666  &b1);
668  &b2);
669  if (z1 != z2)
670  ret = 1;
671  else
672  ret = memcmp (b1,
673  b2,
674  z1);
675  GNUNET_free (b1);
676  GNUNET_free (b2);
677  return ret;
678 }
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
GNUNET_NETWORK_STRUCT_END size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:346
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_cmp()

int GNUNET_CRYPTO_rsa_private_key_cmp ( struct GNUNET_CRYPTO_RsaPrivateKey p1,
struct GNUNET_CRYPTO_RsaPrivateKey p2 
)

Compare the values of two private keys.

Parameters
p1one private key
p2the other private key
Returns
0 if the two are equal

Definition at line 689 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_encode(), GNUNET_free, and ret.

691 {
692  char *b1;
693  char *b2;
694  size_t z1;
695  size_t z2;
696  int ret;
697 
699  &b1);
701  &b2);
702  if (z1 != z2)
703  ret = 1;
704  else
705  ret = memcmp (b1,
706  b2,
707  z1);
708  GNUNET_free (b1);
709  GNUNET_free (b2);
710  return ret;
711 }
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, char **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:199
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_len()

unsigned int GNUNET_CRYPTO_rsa_public_key_len ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Obtain the length of the RSA key in bits.

Parameters
keythe public key to introspect
Returns
length of the key in bits

Definition at line 721 of file crypto_rsa.c.

References GNUNET_break, key_from_sexp(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

722 {
723  gcry_mpi_t n;
724  unsigned int rval;
725 
726  if (0 != key_from_sexp (&n, key->sexp, "rsa", "n"))
727  { /* Not an RSA public key */
728  GNUNET_break (0);
729  return 0;
730  }
731  rval = gcry_mpi_get_nbits (n);
732  gcry_mpi_release (n);
733  return rval;
734 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
Here is the call graph for this function:

◆ rsa_blinding_key_free()

static void rsa_blinding_key_free ( struct RsaBlindingKey bkey)
static

Destroy a blinding key.

Parameters
bkeythe blinding key to destroy

Definition at line 743 of file crypto_rsa.c.

References GNUNET_free, and RsaBlindingKey::r.

Referenced by GNUNET_CRYPTO_rsa_blind(), and GNUNET_CRYPTO_rsa_unblind().

744 {
745  gcry_mpi_release (bkey->r);
746  GNUNET_free (bkey);
747 }
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ numeric_mpi_alloc_n_print()

static size_t numeric_mpi_alloc_n_print ( gcry_mpi_t  v,
char **  buffer 
)
static

Print an MPI to a newly created buffer.

Parameters
vMPI to print.
[out]newlyallocated buffer containing the result
Returns
number of bytes stored in buffer

Definition at line 758 of file crypto_rsa.c.

References testconfigure::b, GNUNET_assert, and GNUNET_malloc.

Referenced by GNUNET_CRYPTO_rsa_blind().

760 {
761  size_t n;
762  char *b;
763  size_t rsize;
764 
765  gcry_mpi_print (GCRYMPI_FMT_USG,
766  NULL,
767  0,
768  &n,
769  v);
770  b = GNUNET_malloc (n);
771  GNUNET_assert (0 ==
772  gcry_mpi_print (GCRYMPI_FMT_USG,
773  (unsigned char *) b,
774  n,
775  &rsize,
776  v));
777  *buffer = b;
778  return n;
779 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the caller graph for this function:

◆ rsa_full_domain_hash()

static gcry_mpi_t rsa_full_domain_hash ( const struct GNUNET_CRYPTO_RsaPublicKey pkey,
const struct GNUNET_HashCode hash 
)
static

Computes a full domain hash seeded by the given public key.

This gives a measure of provable security to the Taler exchange against one-more forgery attacks. See: https://eprint.iacr.org/2001/002.pdf http://www.di.ens.fr/~pointche/Documents/Papers/2001_fcA.pdf

Parameters
hashinitial hash of the message to sign
pkeythe public key of the signer
rsizeIf not NULL, the number of bytes actually stored in buffer
Returns
MPI value set to the FDH, NULL if RSA key is malicious

Definition at line 795 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_CRYPTO_kdf_mod_mpi(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, key_from_sexp(), ok, RsaBlindingKey::r, rsa_gcd_validate(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_sign_fdh(), and GNUNET_CRYPTO_rsa_verify().

797 {
798  gcry_mpi_t r, n;
799  char *xts;
800  size_t xts_len;
801  int ok;
802 
803  /* Extract the composite n from the RSA public key */
804  GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n"));
805  /* Assert that it at least looks like an RSA key */
806  GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE));
807 
808  /* We key with the public denomination key as a homage to RSA-PSS by *
809  * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree *
810  * of the hypothetical polyomial-time attack on RSA-KTI created by a *
811  * polynomial-time one-more forgary attack. Yey seeding! */
812  xts_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, &xts);
813 
815  n,
816  xts, xts_len,
817  hash, sizeof(*hash),
818  "RSA-FDA FTpsW!");
819  GNUNET_free (xts);
820 
821  ok = rsa_gcd_validate (r, n);
822  gcry_mpi_release (n);
823  if (ok)
824  return r;
825  gcry_mpi_release (r);
826  return NULL;
827 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
void GNUNET_CRYPTO_kdf_mod_mpi(gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi...
Definition: crypto_kdf.c:126
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
static int ok
Return value from &#39;main&#39; (0 == success)
static int rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
Test for malicious RSA key.
Definition: crypto_rsa.c:521
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
GNUNET_NETWORK_STRUCT_END size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:346
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_blind()

int GNUNET_CRYPTO_rsa_blind ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey,
char **  buf,
size_t *  buf_size 
)

Blinds the given message with the given blinding key.

Parameters
hashhash of the message to sign
bkeythe blinding key
pkeythe public key of the signer
[out]bufset to a buffer with the blinded message to be signed
[out]buf_sizenumber of bytes stored in buf
Returns
GNUNET_YES if successful, GNUNET_NO if RSA key is malicious

Definition at line 841 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, data, GNUNET_assert, GNUNET_break, GNUNET_NO, GNUNET_YES, key_from_sexp(), numeric_mpi_alloc_n_print(), RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), rsa_full_domain_hash(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by run().

845 {
846  struct RsaBlindingKey *bkey;
847  gcry_mpi_t data;
848  gcry_mpi_t ne[2];
849  gcry_mpi_t r_e;
850  gcry_mpi_t data_r_e;
851  int ret;
852 
853  BENCHMARK_START (rsa_blind);
854 
855  GNUNET_assert (buf != NULL && buf_size != NULL);
856  ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne");
857  if (0 != ret)
858  ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne");
859  if (0 != ret)
860  {
861  GNUNET_break (0);
862  *buf = NULL;
863  *buf_size = 0;
864  return 0;
865  }
866 
867  data = rsa_full_domain_hash (pkey, hash);
868  if (NULL == data)
869  goto rsa_gcd_validate_failure;
870 
871  bkey = rsa_blinding_key_derive (pkey, bks);
872  if (NULL == bkey)
873  {
874  gcry_mpi_release (data);
875  goto rsa_gcd_validate_failure;
876  }
877 
878  r_e = gcry_mpi_new (0);
879  gcry_mpi_powm (r_e,
880  bkey->r,
881  ne[1],
882  ne[0]);
883  data_r_e = gcry_mpi_new (0);
884  gcry_mpi_mulm (data_r_e,
885  data,
886  r_e,
887  ne[0]);
888  gcry_mpi_release (data);
889  gcry_mpi_release (ne[0]);
890  gcry_mpi_release (ne[1]);
891  gcry_mpi_release (r_e);
892  rsa_blinding_key_free (bkey);
893 
894  *buf_size = numeric_mpi_alloc_n_print (data_r_e, buf);
895  gcry_mpi_release (data_r_e);
896 
897  BENCHMARK_END (rsa_blind);
898 
899  return GNUNET_YES;
900 
901 rsa_gcd_validate_failure:
902  /* We know the RSA key is malicious here, so warn the wallet. */
903  /* GNUNET_break_op (0); */
904  gcry_mpi_release (ne[0]);
905  gcry_mpi_release (ne[1]);
906  *buf = NULL;
907  *buf_size = 0;
908  return GNUNET_NO;
909 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
static struct RsaBlindingKey * rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
Create a blinding key.
Definition: crypto_rsa.c:541
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:795
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_NO
Definition: gnunet_common.h:86
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static size_t numeric_mpi_alloc_n_print(gcry_mpi_t v, char **buffer)
Print an MPI to a newly created buffer.
Definition: crypto_rsa.c:758
static char buf[2048]
RSA blinding key.
Definition: crypto_rsa.c:75
static void rsa_blinding_key_free(struct RsaBlindingKey *bkey)
Destroy a blinding key.
Definition: crypto_rsa.c:743
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_YES
Definition: gnunet_common.h:85
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ mpi_to_sexp()

static gcry_sexp_t mpi_to_sexp ( gcry_mpi_t  value)
static

Convert an MPI to an S-expression suitable for signature operations.

Parameters
valuepointer to the data to convert
Returns
converted s-expression

Definition at line 919 of file crypto_rsa.c.

References data, and GNUNET_assert.

Referenced by GNUNET_CRYPTO_rsa_verify(), and rsa_sign_mpi().

920 {
921  gcry_sexp_t data = NULL;
922 
923  GNUNET_assert (0 ==
924  gcry_sexp_build (&data,
925  NULL,
926  "(data (flags raw) (value %M))",
927  value));
928  return data;
929 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static char * value
Value of the record to add/remove.
uint32_t data
The data value.
Here is the caller graph for this function:

◆ rsa_sign_mpi()

static struct GNUNET_CRYPTO_RsaSignature* rsa_sign_mpi ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
gcry_mpi_t  value 
)
static

Sign the given MPI.

Parameters
keyprivate key to use for the signing
valuethe MPI to sign
Returns
NULL on error, signature on success

Definition at line 940 of file crypto_rsa.c.

References _, data, GNUNET_break, GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_free(), GNUNET_ERROR_TYPE_WARNING, GNUNET_new, LOG, mpi_to_sexp(), result, GNUNET_CRYPTO_RsaPrivateKey::sexp, GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by GNUNET_CRYPTO_rsa_sign_blinded(), and GNUNET_CRYPTO_rsa_sign_fdh().

942 {
943  struct GNUNET_CRYPTO_RsaSignature *sig;
944  gcry_sexp_t data;
945  gcry_sexp_t result;
946  int rc;
947 
948  data = mpi_to_sexp (value);
949 
950  if (0 !=
951  (rc = gcry_pk_sign (&result,
952  data,
953  key->sexp)))
954  {
956  _ ("RSA signing failed at %s:%d: %s\n"),
957  __FILE__,
958  __LINE__,
959  gcry_strerror (rc));
960  GNUNET_break (0);
961  return NULL;
962  }
963 
964  /* Lenstra protection was first added to libgcrypt 1.6.4
965  * with commit c17f84bd02d7ee93845e92e20f6ddba814961588.
966  */
967 #if GCRYPT_VERSION_NUMBER < 0x010604
968  /* verify signature (guards against Lenstra's attack with fault injection...) */
969  struct GNUNET_CRYPTO_RsaPublicKey *public_key =
971  if (0 !=
972  gcry_pk_verify (result,
973  data,
974  public_key->sexp))
975  {
976  GNUNET_break (0);
978  gcry_sexp_release (data);
979  gcry_sexp_release (result);
980  return NULL;
981  }
983 #endif
984 
985  /* return signature */
986  gcry_sexp_release (data);
987  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
988  sig->sexp = result;
989  return sig;
990 }
an RSA signature
Definition: crypto_rsa.c:63
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:305
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:265
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static gcry_sexp_t mpi_to_sexp(gcry_mpi_t value)
Convert an MPI to an S-expression suitable for signature operations.
Definition: crypto_rsa.c:919
#define _(String)
GNU gettext support macro.
Definition: platform.h:180
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
static char * value
Value of the record to add/remove.
#define LOG(kind,...)
Definition: crypto_rsa.c:33
static int result
Global testing status.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_blinded()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_blinded ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const void *  msg,
size_t  msg_len 
)

Sign a blinded value, which must be a full domain hash of a message.

Parameters
keyprivate key to use for the signing
msgthe message to sign
msg_lennumber of bytes in msg to sign
Returns
NULL on error, signature on success

Definition at line 1002 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, and rsa_sign_mpi().

Referenced by run().

1005 {
1006  gcry_mpi_t v = NULL;
1007  struct GNUNET_CRYPTO_RsaSignature *sig;
1008 
1009  BENCHMARK_START (rsa_sign_blinded);
1010 
1011  GNUNET_assert (0 ==
1012  gcry_mpi_scan (&v,
1013  GCRYMPI_FMT_USG,
1014  msg,
1015  msg_len,
1016  NULL));
1017 
1018  sig = rsa_sign_mpi (key, v);
1019  gcry_mpi_release (v);
1020  BENCHMARK_END (rsa_sign_blinded);
1021  return sig;
1022 }
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
an RSA signature
Definition: crypto_rsa.c:63
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static struct GNUNET_CRYPTO_RsaSignature * rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
Sign the given MPI.
Definition: crypto_rsa.c:940
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_fdh()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_fdh ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const struct GNUNET_HashCode hash 
)

Create and sign a full domain hash of a message.

Parameters
keyprivate key to use for the signing
hashthe hash of the message to sign
Returns
NULL on error, including a malicious RSA key, signature on success

Definition at line 1033 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_free(), pkey, rsa_full_domain_hash(), and rsa_sign_mpi().

1035 {
1037  gcry_mpi_t v = NULL;
1038  struct GNUNET_CRYPTO_RsaSignature *sig;
1039 
1041  v = rsa_full_domain_hash (pkey, hash);
1043  if (NULL == v) /* rsa_gcd_validate failed meaning */
1044  return NULL; /* our *own* RSA key is malicious. */
1045 
1046  sig = rsa_sign_mpi (key, v);
1047  gcry_mpi_release (v);
1048  return sig;
1049 }
static char * pkey
Public key of the zone to look in, in ASCII.
an RSA signature
Definition: crypto_rsa.c:63
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:795
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:305
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:265
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
static struct GNUNET_CRYPTO_RsaSignature * rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
Sign the given MPI.
Definition: crypto_rsa.c:940
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_free()

void GNUNET_CRYPTO_rsa_signature_free ( struct GNUNET_CRYPTO_RsaSignature sig)

Free memory occupied by signature.

Parameters
sigmemory to freee

Definition at line 1058 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by clean_rsa_sig(), clean_rsa_signature(), and run().

1059 {
1060  gcry_sexp_release (sig->sexp);
1061  GNUNET_free (sig);
1062 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_encode()

size_t GNUNET_CRYPTO_rsa_signature_encode ( const struct GNUNET_CRYPTO_RsaSignature sig,
char **  buffer 
)

Encode the given signature in a format suitable for storing it into a file.

Parameters
sigthe signature
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 1073 of file crypto_rsa.c.

References buf, GNUNET_assert, GNUNET_malloc, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by bind_rsa_sig(), GNUNET_CRYPTO_rsa_signature_cmp(), GNUNET_JSON_from_rsa_signature(), my_conv_rsa_signature(), qconv_rsa_signature(), and run().

1076 {
1077  gcry_mpi_t s;
1078  size_t buf_size;
1079  size_t rsize;
1080  unsigned char *buf;
1081  int ret;
1082 
1083  ret = key_from_sexp (&s,
1084  sig->sexp,
1085  "sig-val",
1086  "s");
1087  if (0 != ret)
1088  ret = key_from_sexp (&s,
1089  sig->sexp,
1090  "rsa",
1091  "s");
1092  GNUNET_assert (0 == ret);
1093  gcry_mpi_print (GCRYMPI_FMT_USG,
1094  NULL,
1095  0,
1096  &buf_size,
1097  s);
1098  buf = GNUNET_malloc (buf_size);
1099  GNUNET_assert (0 ==
1100  gcry_mpi_print (GCRYMPI_FMT_USG,
1101  buf,
1102  buf_size,
1103  &rsize,
1104  s));
1105  GNUNET_assert (rsize == buf_size);
1106  *buffer = (char *) buf;
1107  gcry_mpi_release (s);
1108  return buf_size;
1109 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static char buf[2048]
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_decode()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_decode ( const char *  buf,
size_t  len 
)

Decode the signature from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 1121 of file crypto_rsa.c.

References data, GNUNET_break, GNUNET_break_op, GNUNET_new, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by extract_rsa_sig(), extract_rsa_signature(), parse_rsa_signature(), and post_extract_rsa_signature().

1123 {
1124  struct GNUNET_CRYPTO_RsaSignature *sig;
1125  gcry_mpi_t s;
1126  gcry_sexp_t data;
1127 
1128  if (0 !=
1129  gcry_mpi_scan (&s,
1130  GCRYMPI_FMT_USG,
1131  buf,
1132  len,
1133  NULL))
1134  {
1135  GNUNET_break_op (0);
1136  return NULL;
1137  }
1138 
1139  if (0 !=
1140  gcry_sexp_build (&data,
1141  NULL,
1142  "(sig-val(rsa(s %M)))",
1143  s))
1144  {
1145  GNUNET_break (0);
1146  gcry_mpi_release (s);
1147  return NULL;
1148  }
1149  gcry_mpi_release (s);
1150  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1151  sig->sexp = data;
1152  return sig;
1153 }
an RSA signature
Definition: crypto_rsa.c:63
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static char buf[2048]
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
uint32_t data
The data value.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_dup()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_dup ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Duplicate the given public key.

Parameters
keythe public key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1163 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, and GNUNET_CRYPTO_RsaPublicKey::sexp.

1164 {
1165  struct GNUNET_CRYPTO_RsaPublicKey *dup;
1166  gcry_sexp_t dup_sexp;
1167  size_t erroff;
1168 
1169  /* check if we really are exporting a public key */
1170  dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0);
1171  GNUNET_assert (NULL != dup_sexp);
1172  gcry_sexp_release (dup_sexp);
1173  /* copy the sexp */
1174  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1175  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
1176  dup->sexp = dup_sexp;
1177  return dup;
1178 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56

◆ GNUNET_CRYPTO_rsa_unblind()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_unblind ( const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey 
)

Unblind a blind-signed signature.

The signature should have been generated with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with GNUNET_CRYPTO_rsa_blind().

Parameters
sigthe signature made on the blinded signature purpose
bksthe blinding key secret used to blind the signature purpose
pkeythe public key of the signer
Returns
unblinded signature on success, NULL if RSA key is bad or malicious.

Definition at line 1192 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_break_op, GNUNET_new, key_from_sexp(), RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by run().

1195 {
1196  struct RsaBlindingKey *bkey;
1197  gcry_mpi_t n;
1198  gcry_mpi_t s;
1199  gcry_mpi_t r_inv;
1200  gcry_mpi_t ubsig;
1201  int ret;
1202  struct GNUNET_CRYPTO_RsaSignature *sret;
1203 
1204  BENCHMARK_START (rsa_unblind);
1205 
1206  ret = key_from_sexp (&n, pkey->sexp, "public-key", "n");
1207  if (0 != ret)
1208  ret = key_from_sexp (&n, pkey->sexp, "rsa", "n");
1209  if (0 != ret)
1210  {
1211  GNUNET_break_op (0);
1212  return NULL;
1213  }
1214  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1215  if (0 != ret)
1216  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1217  if (0 != ret)
1218  {
1219  gcry_mpi_release (n);
1220  GNUNET_break_op (0);
1221  return NULL;
1222  }
1223 
1224  bkey = rsa_blinding_key_derive (pkey, bks);
1225  if (NULL == bkey)
1226  {
1227  /* RSA key is malicious since rsa_gcd_validate failed here.
1228  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1229  * so the exchange is being malicious in an unfamilair way, maybe
1230  * just trying to crash us. */
1231  GNUNET_break_op (0);
1232  gcry_mpi_release (n);
1233  gcry_mpi_release (s);
1234  return NULL;
1235  }
1236 
1237  r_inv = gcry_mpi_new (0);
1238  if (1 !=
1239  gcry_mpi_invm (r_inv,
1240  bkey->r,
1241  n))
1242  {
1243  /* We cannot find r mod n, so gcd(r,n) != 1, which should get *
1244  * caught above, but we handle it the same here. */
1245  GNUNET_break_op (0);
1246  gcry_mpi_release (r_inv);
1247  rsa_blinding_key_free (bkey);
1248  gcry_mpi_release (n);
1249  gcry_mpi_release (s);
1250  return NULL;
1251  }
1252 
1253  ubsig = gcry_mpi_new (0);
1254  gcry_mpi_mulm (ubsig, s, r_inv, n);
1255  gcry_mpi_release (n);
1256  gcry_mpi_release (r_inv);
1257  gcry_mpi_release (s);
1258  rsa_blinding_key_free (bkey);
1259 
1260  sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1261  GNUNET_assert (0 ==
1262  gcry_sexp_build (&sret->sexp,
1263  NULL,
1264  "(sig-val (rsa (s %M)))",
1265  ubsig));
1266  gcry_mpi_release (ubsig);
1267  BENCHMARK_END (rsa_unblind);
1268  return sret;
1269 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
static struct RsaBlindingKey * rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
Create a blinding key.
Definition: crypto_rsa.c:541
an RSA signature
Definition: crypto_rsa.c:63
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
RSA blinding key.
Definition: crypto_rsa.c:75
static void rsa_blinding_key_free(struct RsaBlindingKey *bkey)
Destroy a blinding key.
Definition: crypto_rsa.c:743
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_verify()

int GNUNET_CRYPTO_rsa_verify ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaPublicKey pkey 
)

Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key.

Parameters
hashhash of the message to verify to match the sig
sigsignature that is being validated
pkeypublic key of the signer
Returns
GNUNET_YES if ok, GNUNET_NO if RSA key is malicious, GNUNET_SYSERR if signature is invalid

Definition at line 1282 of file crypto_rsa.c.

References _, BENCHMARK_END, BENCHMARK_START, data, GNUNET_break_op, GNUNET_ERROR_TYPE_WARNING, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, LOG, mpi_to_sexp(), rsa_full_domain_hash(), GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by run().

1285 {
1286  gcry_sexp_t data;
1287  gcry_mpi_t r;
1288  int rc;
1289 
1290  BENCHMARK_START (rsa_verify);
1291 
1292  r = rsa_full_domain_hash (pkey, hash);
1293  if (NULL == r)
1294  {
1295  GNUNET_break_op (0);
1296  /* RSA key is malicious since rsa_gcd_validate failed here.
1297  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1298  * so the exchange is being malicious in an unfamilair way, maybe
1299  * just trying to crash us. Arguably, we've only an internal error
1300  * though because we should've detected this in our previous call
1301  * to GNUNET_CRYPTO_rsa_unblind. */return GNUNET_NO;
1302  }
1303 
1304  data = mpi_to_sexp (r);
1305  gcry_mpi_release (r);
1306 
1307  rc = gcry_pk_verify (sig->sexp,
1308  data,
1309  pkey->sexp);
1310  gcry_sexp_release (data);
1311  if (0 != rc)
1312  {
1314  _ ("RSA signature verification failed at %s:%d: %s\n"),
1315  __FILE__,
1316  __LINE__,
1317  gcry_strerror (rc));
1318  return GNUNET_SYSERR;
1319  BENCHMARK_END (rsa_verify);
1320  }
1321  BENCHMARK_END (rsa_verify);
1322  return GNUNET_OK;
1323 }
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:795
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_NO
Definition: gnunet_common.h:86
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:83
static gcry_sexp_t mpi_to_sexp(gcry_mpi_t value)
Convert an MPI to an S-expression suitable for signature operations.
Definition: crypto_rsa.c:919
#define _(String)
GNU gettext support macro.
Definition: platform.h:180
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
#define LOG(kind,...)
Definition: crypto_rsa.c:33
#define GNUNET_SYSERR
Definition: gnunet_common.h:84
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_dup()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_dup ( const struct GNUNET_CRYPTO_RsaPrivateKey key)

Duplicate the given private key.

Parameters
keythe private key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1333 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

1335 {
1336  struct GNUNET_CRYPTO_RsaPrivateKey *dup;
1337  gcry_sexp_t dup_sexp;
1338  size_t erroff;
1339 
1340  /* check if we really are exporting a private key */
1341  dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0);
1342  GNUNET_assert (NULL != dup_sexp);
1343  gcry_sexp_release (dup_sexp);
1344  /* copy the sexp */
1345  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1346  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
1347  dup->sexp = dup_sexp;
1348  return dup;
1349 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
The private information of an RSA key pair.
Definition: crypto_rsa.c:39

◆ GNUNET_CRYPTO_rsa_signature_dup()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_dup ( const struct GNUNET_CRYPTO_RsaSignature sig)

Duplicate the given private key.

Duplicate the given rsa signature.

Parameters
keythe private key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1359 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

1360 {
1361  struct GNUNET_CRYPTO_RsaSignature *dup;
1362  gcry_sexp_t dup_sexp;
1363  size_t erroff;
1364  gcry_mpi_t s;
1365  int ret;
1366 
1367  /* verify that this is an RSA signature */
1368  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1369  if (0 != ret)
1370  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1371  GNUNET_assert (0 == ret);
1372  gcry_mpi_release (s);
1373  /* copy the sexp */
1374  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp));
1375  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1376  dup->sexp = dup_sexp;
1377  return dup;
1378 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
an RSA signature
Definition: crypto_rsa.c:63
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
Here is the call graph for this function: