GNUnet  0.10.x
Data Structures | Macros | Functions
crypto_rsa.c File Reference

Chaum-style Blind signatures based on RSA. More...

#include "platform.h"
#include <gcrypt.h>
#include "gnunet_crypto_lib.h"
#include "benchmark.h"
Include dependency graph for crypto_rsa.c:

Go to the source code of this file.

Data Structures

struct  GNUNET_CRYPTO_RsaPrivateKey
 The private information of an RSA key pair. More...
 
struct  GNUNET_CRYPTO_RsaPublicKey
 The public information of an RSA key pair. More...
 
struct  GNUNET_CRYPTO_RsaSignature
 an RSA signature More...
 
struct  RsaBlindingKey
 RSA blinding key. More...
 

Macros

#define LOG(kind, ...)   GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__)
 

Functions

static int key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
 Extract values from an S-expression. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
 Create a new private key. More...
 
void GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Free memory occupied by the private key. More...
 
size_t GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, char **buffer)
 Encode the private key in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_decode (const char *buf, size_t len)
 Decode the private key from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
 Extract the public key of the given private key. More...
 
void GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key)
 Free memory occupied by the public key. More...
 
size_t GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
 Encode the public key in a format suitable for storing it into a file. More...
 
void GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, struct GNUNET_HashCode *hc)
 Compute hash over the public key. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_decode (const char *buf, size_t len)
 Decode the public key from the data-format back to the "normal", internal format. More...
 
static int rsa_gcd_validate (gcry_mpi_t r, gcry_mpi_t n)
 Test for malicious RSA key. More...
 
static struct RsaBlindingKeyrsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
 Create a blinding key. More...
 
int GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, struct GNUNET_CRYPTO_RsaSignature *s2)
 Compare the values of two signatures. More...
 
int GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, struct GNUNET_CRYPTO_RsaPublicKey *p2)
 Compare the values of two public keys. More...
 
int GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, struct GNUNET_CRYPTO_RsaPrivateKey *p2)
 Compare the values of two private keys. More...
 
unsigned int GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Obtain the length of the RSA key in bits. More...
 
static void rsa_blinding_key_free (struct RsaBlindingKey *bkey)
 Destroy a blinding key. More...
 
static size_t numeric_mpi_alloc_n_print (gcry_mpi_t v, char **buffer)
 Print an MPI to a newly created buffer. More...
 
static gcry_mpi_t rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
 Computes a full domain hash seeded by the given public key. More...
 
int GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, char **buf, size_t *buf_size)
 Blinds the given message with the given blinding key. More...
 
static gcry_sexp_t mpi_to_sexp (gcry_mpi_t value)
 Convert an MPI to an S-expression suitable for signature operations. More...
 
static struct GNUNET_CRYPTO_RsaSignaturersa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
 Sign the given MPI. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
 Sign a blinded value, which must be a full domain hash of a message. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_HashCode *hash)
 Create and sign a full domain hash of a message. More...
 
void GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
 Free memory occupied by signature. More...
 
size_t GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, char **buffer)
 Encode the given signature in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_decode (const char *buf, size_t len)
 Decode the signature from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Duplicate the given public key. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
 Unblind a blind-signed signature. More...
 
int GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *pkey)
 Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Duplicate the given private key. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
 Duplicate the given private key. More...
 

Detailed Description

Chaum-style Blind signatures based on RSA.

Author
Sree Harsha Totakura sreeh.nosp@m.arsh.nosp@m.a@tot.nosp@m.akur.nosp@m.a.in
Christian Grothoff
Jeffrey Burdges burdg.nosp@m.es@g.nosp@m.nunet.nosp@m..org

Definition in file crypto_rsa.c.

Macro Definition Documentation

◆ LOG

#define LOG (   kind,
  ... 
)    GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__)

Function Documentation

◆ key_from_sexp()

static int key_from_sexp ( gcry_mpi_t *  array,
gcry_sexp_t  sexp,
const char *  topname,
const char *  elems 
)
static

Extract values from an S-expression.

Parameters
arraywhere to store the result(s)
sexpS-expression to parse
topnametop-level name in the S-expression that is of interest
elemsnames of the elements to extract
Returns
0 on success

Definition at line 94 of file crypto_rsa.c.

References list.

Referenced by GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_decode(), GNUNET_CRYPTO_rsa_public_key_len(), GNUNET_CRYPTO_rsa_signature_decode(), GNUNET_CRYPTO_rsa_signature_dup(), GNUNET_CRYPTO_rsa_unblind(), rsa_blinding_key_derive(), and rsa_full_domain_hash().

98 {
99  gcry_sexp_t list;
100  gcry_sexp_t l2;
101  const char *s;
102  unsigned int idx;
103 
104  if (! (list = gcry_sexp_find_token (sexp, topname, 0)))
105  return 1;
106  l2 = gcry_sexp_cadr (list);
107  gcry_sexp_release (list);
108  list = l2;
109  if (! list)
110  return 2;
111  idx = 0;
112  for (s = elems; *s; s++, idx++)
113  {
114  if (! (l2 = gcry_sexp_find_token (list, s, 1)))
115  {
116  for (unsigned int i = 0; i < idx; i++)
117  {
118  gcry_free (array[i]);
119  array[i] = NULL;
120  }
121  gcry_sexp_release (list);
122  return 3; /* required parameter not found */
123  }
124  array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
125  gcry_sexp_release (l2);
126  if (! array[idx])
127  {
128  for (unsigned int i = 0; i < idx; i++)
129  {
130  gcry_free (array[i]);
131  array[i] = NULL;
132  }
133  gcry_sexp_release (list);
134  return 4; /* required parameter is invalid */
135  }
136  }
137  gcry_sexp_release (list);
138  return 0;
139 }
static int list
Set if we should print a list of currently running services.
Definition: gnunet-arm.c:64
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_create()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_create ( unsigned int  len)

Create a new private key.

Caller must free return value.

Parameters
lenlength of the key in bits (i.e. 2048)
Returns
fresh private key

Definition at line 149 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_new, ret, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

150 {
152  gcry_sexp_t s_key;
153  gcry_sexp_t s_keyparam;
154 
155  BENCHMARK_START (rsa_private_key_create);
156 
157  GNUNET_assert (0 ==
158  gcry_sexp_build (&s_keyparam,
159  NULL,
160  "(genkey(rsa(nbits %d)))",
161  len));
162  GNUNET_assert (0 ==
163  gcry_pk_genkey (&s_key,
164  s_keyparam));
165  gcry_sexp_release (s_keyparam);
166 #if EXTRA_CHECKS
167  GNUNET_assert (0 ==
168  gcry_pk_testkey (s_key));
169 #endif
171  ret->sexp = s_key;
172  BENCHMARK_END (rsa_private_key_create);
173  return ret;
174 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int ret
Final status code.
Definition: gnunet-arm.c:89
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
The private information of an RSA key pair.
Definition: crypto_rsa.c:39
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...

◆ GNUNET_CRYPTO_rsa_private_key_free()

void GNUNET_CRYPTO_rsa_private_key_free ( struct GNUNET_CRYPTO_RsaPrivateKey key)

Free memory occupied by the private key.

Parameters
keypointer to the memory to free

Definition at line 183 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_private_key_decode().

184 {
185  gcry_sexp_release (key->sexp);
186  GNUNET_free (key);
187 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_encode()

size_t GNUNET_CRYPTO_rsa_private_key_encode ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
char **  buffer 
)

Encode the private key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 199 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_malloc, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_private_key_cmp().

201 {
202  size_t n;
203  char *b;
204 
205  n = gcry_sexp_sprint (key->sexp,
206  GCRYSEXP_FMT_DEFAULT,
207  NULL,
208  0);
209  b = GNUNET_malloc (n);
210  GNUNET_assert ((n - 1) == /* since the last byte is \0 */
211  gcry_sexp_sprint (key->sexp,
212  GCRYSEXP_FMT_DEFAULT,
213  b,
214  n));
215  *buffer = b;
216  return n;
217 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_decode()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_decode ( const char *  buf,
size_t  len 
)

Decode the private key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the private key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 229 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_new, key, LOG, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

231 {
234  if (0 !=
235  gcry_sexp_new (&key->sexp,
236  buf,
237  len,
238  0))
239  {
241  "Decoded private key is not valid\n");
242  GNUNET_free (key);
243  return NULL;
244  }
245  if (0 != gcry_pk_testkey (key->sexp))
246  {
248  "Decoded private key is not valid\n");
250  return NULL;
251  }
252  return key;
253 }
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
static char buf[2048]
#define LOG(kind,...)
Definition: crypto_rsa.c:33
struct GNUNET_HashCode key
The key used in the DHT.
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:183
The private information of an RSA key pair.
Definition: crypto_rsa.c:39
#define GNUNET_free(ptr)
Wrapper around free.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_get_public()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_private_key_get_public ( const struct GNUNET_CRYPTO_RsaPrivateKey priv)

Extract the public key of the given private key.

Parameters
privthe private key NULL on error, otherwise the public key

Definition at line 263 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_break_op, GNUNET_new, key_from_sexp(), pub, result, GNUNET_CRYPTO_RsaPrivateKey::sexp, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_sign_fdh(), and rsa_sign_mpi().

264 {
266  gcry_mpi_t ne[2];
267  int rc;
268  gcry_sexp_t result;
269 
270  BENCHMARK_START (rsa_private_key_get_public);
271 
272  rc = key_from_sexp (ne, priv->sexp, "public-key", "ne");
273  if (0 != rc)
274  rc = key_from_sexp (ne, priv->sexp, "private-key", "ne");
275  if (0 != rc)
276  rc = key_from_sexp (ne, priv->sexp, "rsa", "ne");
277  if (0 != rc)
278  {
279  GNUNET_break_op (0);
280  return NULL;
281  }
282  rc = gcry_sexp_build (&result,
283  NULL,
284  "(public-key(rsa(n %m)(e %m)))",
285  ne[0],
286  ne[1]);
287  gcry_mpi_release (ne[0]);
288  gcry_mpi_release (ne[1]);
289  pub = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
290  pub->sexp = result;
291  BENCHMARK_END (rsa_private_key_get_public);
292  return pub;
293 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static int result
Global testing status.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:39
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_free()

void GNUNET_CRYPTO_rsa_public_key_free ( struct GNUNET_CRYPTO_RsaPublicKey key)

Free memory occupied by the public key.

Parameters
keypointer to the memory to free

Definition at line 302 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by clean_rsa_pub(), clean_rsa_public_key(), GNUNET_CRYPTO_rsa_sign_fdh(), and rsa_sign_mpi().

303 {
304  gcry_sexp_release (key->sexp);
305  GNUNET_free (key);
306 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_encode()

size_t GNUNET_CRYPTO_rsa_public_key_encode ( const struct GNUNET_CRYPTO_RsaPublicKey key,
char **  buffer 
)

Encode the public key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 318 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_malloc, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by bind_rsa_pub(), GNUNET_CRYPTO_rsa_public_key_cmp(), GNUNET_CRYPTO_rsa_public_key_hash(), GNUNET_JSON_from_rsa_public_key(), my_conv_rsa_public_key(), qconv_rsa_public_key(), and rsa_full_domain_hash().

320 {
321  size_t n;
322  char *b;
323 
324  n = gcry_sexp_sprint (key->sexp,
325  GCRYSEXP_FMT_ADVANCED,
326  NULL,
327  0);
328  b = GNUNET_malloc (n);
329  GNUNET_assert ((n -1) == /* since the last byte is \0 */
330  gcry_sexp_sprint (key->sexp,
331  GCRYSEXP_FMT_ADVANCED,
332  b,
333  n));
334  *buffer = b;
335  return n;
336 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_hash()

void GNUNET_CRYPTO_rsa_public_key_hash ( const struct GNUNET_CRYPTO_RsaPublicKey key,
struct GNUNET_HashCode hc 
)

Compute hash over the public key.

Parameters
keypublic key to hash
hcwhere to store the hash code

Definition at line 346 of file crypto_rsa.c.

References buf, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_rsa_public_key_encode(), and GNUNET_free.

348 {
349  char *buf;
350  size_t buf_size;
351 
352  buf_size = GNUNET_CRYPTO_rsa_public_key_encode (key,
353  &buf);
354  GNUNET_CRYPTO_hash (buf,
355  buf_size,
356  hc);
357  GNUNET_free (buf);
358 }
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:318
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:44
static char buf[2048]
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_decode()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_decode ( const char *  buf,
size_t  len 
)

Decode the public key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 370 of file crypto_rsa.c.

References GNUNET_break, GNUNET_break_op, GNUNET_free, GNUNET_new, key, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by extract_rsa_pub(), extract_rsa_public_key(), parse_rsa_public_key(), and post_extract_rsa_public_key().

372 {
374  gcry_mpi_t n;
375  int ret;
376 
377  key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
378  if (0 !=
379  gcry_sexp_new (&key->sexp,
380  buf,
381  len,
382  0))
383  {
384  GNUNET_break_op (0);
385  GNUNET_free (key);
386  return NULL;
387  }
388  /* verify that this is an RSA public key */
389  ret = key_from_sexp (&n, key->sexp, "public-key", "n");
390  if (0 != ret)
391  ret = key_from_sexp (&n, key->sexp, "rsa", "n");
392  if (0 != ret)
393  {
394  /* this is no public RSA key */
395  GNUNET_break (0);
396  gcry_sexp_release (key->sexp);
397  GNUNET_free (key);
398  return NULL;
399  }
400  gcry_mpi_release (n);
401  return key;
402 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int ret
Final status code.
Definition: gnunet-arm.c:89
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static char buf[2048]
struct GNUNET_HashCode key
The key used in the DHT.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_free(ptr)
Wrapper around free.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ rsa_gcd_validate()

static int rsa_gcd_validate ( gcry_mpi_t  r,
gcry_mpi_t  n 
)
static

Test for malicious RSA key.

Assuming n is an RSA modulous and r is generated using a call to GNUNET_CRYPTO_kdf_mod_mpi, if gcd(r,n) != 1 then n must be a malicious RSA key designed to deanomize the user.

Parameters
rKDF result
nRSA modulus
Returns
True if gcd(r,n) = 1, False means RSA key is malicious

Definition at line 417 of file crypto_rsa.c.

References t.

Referenced by rsa_blinding_key_derive(), and rsa_full_domain_hash().

418 {
419  gcry_mpi_t g;
420  int t;
421 
422  g = gcry_mpi_new (0);
423  t = gcry_mpi_gcd(g,r,n);
424  gcry_mpi_release (g);
425  return t;
426 }
static struct GNUNET_SCHEDULER_Task * t
Main task.
Here is the caller graph for this function:

◆ rsa_blinding_key_derive()

static struct RsaBlindingKey* rsa_blinding_key_derive ( const struct GNUNET_CRYPTO_RsaPublicKey pkey,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks 
)
static

Create a blinding key.

Parameters
lenlength of the key in bits (i.e. 2048)
bkspre-secret to use to derive the blinding key
Returns
the newly created blinding key, NULL if RSA key is malicious

Definition at line 437 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_CRYPTO_kdf_mod_mpi(), GNUNET_free, GNUNET_new, key_from_sexp(), RsaBlindingKey::r, rsa_gcd_validate(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_blind(), and GNUNET_CRYPTO_rsa_unblind().

439 {
440  char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */
441  struct RsaBlindingKey *blind;
442  gcry_mpi_t n;
443 
444  blind = GNUNET_new (struct RsaBlindingKey);
445  GNUNET_assert( NULL != blind );
446 
447  /* Extract the composite n from the RSA public key */
448  GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") );
449  /* Assert that it at least looks like an RSA key */
450  GNUNET_assert( 0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE) );
451 
452  GNUNET_CRYPTO_kdf_mod_mpi (&blind->r,
453  n,
454  xts, strlen(xts),
455  bks, sizeof(*bks),
456  "Blinding KDF");
457  if (0 == rsa_gcd_validate(blind->r, n)) {
458  GNUNET_free (blind);
459  blind = NULL;
460  }
461 
462  gcry_mpi_release (n);
463  return blind;
464 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
void GNUNET_CRYPTO_kdf_mod_mpi(gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi...
Definition: crypto_kdf.c:128
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
Test for malicious RSA key.
Definition: crypto_rsa.c:417
RSA blinding key.
Definition: crypto_rsa.c:75
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_cmp()

int GNUNET_CRYPTO_rsa_signature_cmp ( struct GNUNET_CRYPTO_RsaSignature s1,
struct GNUNET_CRYPTO_RsaSignature s2 
)

Compare the values of two signatures.

Parameters
s1one signature
s2the other signature
Returns
0 if the two are equal

Definition at line 518 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_free, and ret.

520 {
521  char *b1;
522  char *b2;
523  size_t z1;
524  size_t z2;
525  int ret;
526 
528  &b1);
530  &b2);
531  if (z1 != z2)
532  ret = 1;
533  else
534  ret = memcmp (b1,
535  b2,
536  z1);
537  GNUNET_free (b1);
538  GNUNET_free (b2);
539  return ret;
540 }
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, char **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:966
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_cmp()

int GNUNET_CRYPTO_rsa_public_key_cmp ( struct GNUNET_CRYPTO_RsaPublicKey p1,
struct GNUNET_CRYPTO_RsaPublicKey p2 
)

Compare the values of two public keys.

Parameters
p1one public key
p2the other public key
Returns
0 if the two are equal

Definition at line 551 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, and ret.

553 {
554  char *b1;
555  char *b2;
556  size_t z1;
557  size_t z2;
558  int ret;
559 
561  &b1);
563  &b2);
564  if (z1 != z2)
565  ret = 1;
566  else
567  ret = memcmp (b1,
568  b2,
569  z1);
570  GNUNET_free (b1);
571  GNUNET_free (b2);
572  return ret;
573 }
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:318
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_cmp()

int GNUNET_CRYPTO_rsa_private_key_cmp ( struct GNUNET_CRYPTO_RsaPrivateKey p1,
struct GNUNET_CRYPTO_RsaPrivateKey p2 
)

Compare the values of two private keys.

Parameters
p1one private key
p2the other private key
Returns
0 if the two are equal

Definition at line 584 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_encode(), GNUNET_free, and ret.

586 {
587  char *b1;
588  char *b2;
589  size_t z1;
590  size_t z2;
591  int ret;
592 
594  &b1);
596  &b2);
597  if (z1 != z2)
598  ret = 1;
599  else
600  ret = memcmp (b1,
601  b2,
602  z1);
603  GNUNET_free (b1);
604  GNUNET_free (b2);
605  return ret;
606 }
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, char **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:199
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_len()

unsigned int GNUNET_CRYPTO_rsa_public_key_len ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Obtain the length of the RSA key in bits.

Parameters
keythe public key to introspect
Returns
length of the key in bits

Definition at line 616 of file crypto_rsa.c.

References GNUNET_break, key_from_sexp(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

617 {
618  gcry_mpi_t n;
619  unsigned int rval;
620 
621  if (0 != key_from_sexp (&n, key->sexp, "rsa", "n"))
622  { /* Not an RSA public key */
623  GNUNET_break (0);
624  return 0;
625  }
626  rval = gcry_mpi_get_nbits (n);
627  gcry_mpi_release (n);
628  return rval;
629 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
Here is the call graph for this function:

◆ rsa_blinding_key_free()

static void rsa_blinding_key_free ( struct RsaBlindingKey bkey)
static

Destroy a blinding key.

Parameters
bkeythe blinding key to destroy

Definition at line 638 of file crypto_rsa.c.

References GNUNET_free, and RsaBlindingKey::r.

Referenced by GNUNET_CRYPTO_rsa_blind(), and GNUNET_CRYPTO_rsa_unblind().

639 {
640  gcry_mpi_release (bkey->r);
641  GNUNET_free (bkey);
642 }
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ numeric_mpi_alloc_n_print()

static size_t numeric_mpi_alloc_n_print ( gcry_mpi_t  v,
char **  buffer 
)
static

Print an MPI to a newly created buffer.

Parameters
vMPI to print.
[out]newlyallocated buffer containing the result
Returns
number of bytes stored in buffer

Definition at line 653 of file crypto_rsa.c.

References GNUNET_assert, and GNUNET_malloc.

Referenced by GNUNET_CRYPTO_rsa_blind().

655 {
656  size_t n;
657  char *b;
658  size_t rsize;
659 
660  gcry_mpi_print (GCRYMPI_FMT_USG,
661  NULL,
662  0,
663  &n,
664  v);
665  b = GNUNET_malloc (n);
666  GNUNET_assert (0 ==
667  gcry_mpi_print (GCRYMPI_FMT_USG,
668  (unsigned char *) b,
669  n,
670  &rsize,
671  v));
672  *buffer = b;
673  return n;
674 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the caller graph for this function:

◆ rsa_full_domain_hash()

static gcry_mpi_t rsa_full_domain_hash ( const struct GNUNET_CRYPTO_RsaPublicKey pkey,
const struct GNUNET_HashCode hash 
)
static

Computes a full domain hash seeded by the given public key.

This gives a measure of provable security to the Taler exchange against one-more forgery attacks. See: https://eprint.iacr.org/2001/002.pdf http://www.di.ens.fr/~pointche/Documents/Papers/2001_fcA.pdf

Parameters
hashinitial hash of the message to sign
pkeythe public key of the signer
rsizeIf not NULL, the number of bytes actually stored in buffer
Returns
MPI value set to the FDH, NULL if RSA key is malicious

Definition at line 690 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_CRYPTO_kdf_mod_mpi(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, key_from_sexp(), ok, RsaBlindingKey::r, rsa_gcd_validate(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_sign_fdh(), and GNUNET_CRYPTO_rsa_verify().

692 {
693  gcry_mpi_t r,n;
694  char *xts;
695  size_t xts_len;
696  int ok;
697 
698  /* Extract the composite n from the RSA public key */
699  GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") );
700  /* Assert that it at least looks like an RSA key */
701  GNUNET_assert( 0 == gcry_mpi_get_flag(n, GCRYMPI_FLAG_OPAQUE) );
702 
703  /* We key with the public denomination key as a homage to RSA-PSS by *
704  * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree *
705  * of the hypothetical polyomial-time attack on RSA-KTI created by a *
706  * polynomial-time one-more forgary attack. Yey seeding! */
707  xts_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, &xts);
708 
710  n,
711  xts, xts_len,
712  hash, sizeof(*hash),
713  "RSA-FDA FTpsW!");
714  GNUNET_free (xts);
715 
716  ok = rsa_gcd_validate(r,n);
717  gcry_mpi_release (n);
718  if (ok)
719  return r;
720  gcry_mpi_release (r);
721  return NULL;
722 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
void GNUNET_CRYPTO_kdf_mod_mpi(gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi...
Definition: crypto_kdf.c:128
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:318
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
static int ok
Return value from &#39;main&#39; (0 == success)
static int rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
Test for malicious RSA key.
Definition: crypto_rsa.c:417
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_blind()

int GNUNET_CRYPTO_rsa_blind ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey,
char **  buf,
size_t *  buf_size 
)

Blinds the given message with the given blinding key.

Parameters
hashhash of the message to sign
bkeythe blinding key
pkeythe public key of the signer
[out]bufset to a buffer with the blinded message to be signed
[out]buf_sizenumber of bytes stored in buf
Returns
GNUNET_YES if successful, GNUNET_NO if RSA key is malicious

Definition at line 736 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, data, GNUNET_assert, GNUNET_break, GNUNET_NO, GNUNET_YES, key_from_sexp(), numeric_mpi_alloc_n_print(), RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), rsa_full_domain_hash(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

740 {
741  struct RsaBlindingKey *bkey;
742  gcry_mpi_t data;
743  gcry_mpi_t ne[2];
744  gcry_mpi_t r_e;
745  gcry_mpi_t data_r_e;
746  int ret;
747 
748  BENCHMARK_START (rsa_blind);
749 
750  GNUNET_assert (buf != NULL && buf_size != NULL);
751  ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne");
752  if (0 != ret)
753  ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne");
754  if (0 != ret)
755  {
756  GNUNET_break (0);
757  *buf = NULL;
758  *buf_size = 0;
759  return 0;
760  }
761 
762  data = rsa_full_domain_hash (pkey, hash);
763  if (NULL == data)
764  goto rsa_gcd_validate_failure;
765 
766  bkey = rsa_blinding_key_derive (pkey, bks);
767  if (NULL == bkey) {
768  gcry_mpi_release (data);
769  goto rsa_gcd_validate_failure;
770  }
771 
772  r_e = gcry_mpi_new (0);
773  gcry_mpi_powm (r_e,
774  bkey->r,
775  ne[1],
776  ne[0]);
777  data_r_e = gcry_mpi_new (0);
778  gcry_mpi_mulm (data_r_e,
779  data,
780  r_e,
781  ne[0]);
782  gcry_mpi_release (data);
783  gcry_mpi_release (ne[0]);
784  gcry_mpi_release (ne[1]);
785  gcry_mpi_release (r_e);
786  rsa_blinding_key_free (bkey);
787 
788  *buf_size = numeric_mpi_alloc_n_print (data_r_e, buf);
789  gcry_mpi_release (data_r_e);
790 
791  BENCHMARK_END (rsa_blind);
792 
793  return GNUNET_YES;
794 
795 rsa_gcd_validate_failure:
796  /* We know the RSA key is malicious here, so warn the wallet. */
797  /* GNUNET_break_op (0); */
798  gcry_mpi_release (ne[0]);
799  gcry_mpi_release (ne[1]);
800  *buf = NULL;
801  *buf_size = 0;
802  return GNUNET_NO;
803 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
static struct RsaBlindingKey * rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
Create a blinding key.
Definition: crypto_rsa.c:437
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:690
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_NO
Definition: gnunet_common.h:81
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static size_t numeric_mpi_alloc_n_print(gcry_mpi_t v, char **buffer)
Print an MPI to a newly created buffer.
Definition: crypto_rsa.c:653
static char buf[2048]
RSA blinding key.
Definition: crypto_rsa.c:75
static void rsa_blinding_key_free(struct RsaBlindingKey *bkey)
Destroy a blinding key.
Definition: crypto_rsa.c:638
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
#define GNUNET_YES
Definition: gnunet_common.h:80
uint32_t data
The data value.
Here is the call graph for this function:

◆ mpi_to_sexp()

static gcry_sexp_t mpi_to_sexp ( gcry_mpi_t  value)
static

Convert an MPI to an S-expression suitable for signature operations.

Parameters
valuepointer to the data to convert
Returns
converted s-expression

Definition at line 813 of file crypto_rsa.c.

References data, and GNUNET_assert.

Referenced by GNUNET_CRYPTO_rsa_verify(), and rsa_sign_mpi().

814 {
815  gcry_sexp_t data = NULL;
816 
817  GNUNET_assert (0 ==
818  gcry_sexp_build (&data,
819  NULL,
820  "(data (flags raw) (value %M))",
821  value));
822  return data;
823 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static char * value
Value of the record to add/remove.
uint32_t data
The data value.
Here is the caller graph for this function:

◆ rsa_sign_mpi()

static struct GNUNET_CRYPTO_RsaSignature* rsa_sign_mpi ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
gcry_mpi_t  value 
)
static

Sign the given MPI.

Parameters
keyprivate key to use for the signing
valuethe MPI to sign
Returns
NULL on error, signature on success

Definition at line 834 of file crypto_rsa.c.

References _, data, GNUNET_break, GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_free(), GNUNET_ERROR_TYPE_WARNING, GNUNET_new, LOG, mpi_to_sexp(), result, GNUNET_CRYPTO_RsaPrivateKey::sexp, GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by GNUNET_CRYPTO_rsa_sign_blinded(), and GNUNET_CRYPTO_rsa_sign_fdh().

836 {
837  struct GNUNET_CRYPTO_RsaSignature *sig;
838  gcry_sexp_t data;
839  gcry_sexp_t result;
840  int rc;
841 
842  data = mpi_to_sexp (value);
843 
844  if (0 !=
845  (rc = gcry_pk_sign (&result,
846  data,
847  key->sexp)))
848  {
850  _("RSA signing failed at %s:%d: %s\n"),
851  __FILE__,
852  __LINE__,
853  gcry_strerror (rc));
854  GNUNET_break (0);
855  return NULL;
856  }
857 
858  /* Lenstra protection was first added to libgcrypt 1.6.4
859  * with commit c17f84bd02d7ee93845e92e20f6ddba814961588.
860  */
861 #if GCRYPT_VERSION_NUMBER < 0x010604
862  /* verify signature (guards against Lenstra's attack with fault injection...) */
864  if (0 !=
865  gcry_pk_verify (result,
866  data,
867  public_key->sexp))
868  {
869  GNUNET_break (0);
871  gcry_sexp_release (data);
872  gcry_sexp_release (result);
873  return NULL;
874  }
876 #endif
877 
878  /* return signature */
879  gcry_sexp_release (data);
880  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
881  sig->sexp = result;
882  return sig;
883 }
an RSA signature
Definition: crypto_rsa.c:63
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:302
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:263
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static gcry_sexp_t mpi_to_sexp(gcry_mpi_t value)
Convert an MPI to an S-expression suitable for signature operations.
Definition: crypto_rsa.c:813
#define _(String)
GNU gettext support macro.
Definition: platform.h:208
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
static char * value
Value of the record to add/remove.
#define LOG(kind,...)
Definition: crypto_rsa.c:33
static int result
Global testing status.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_blinded()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_blinded ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const void *  msg,
size_t  msg_len 
)

Sign a blinded value, which must be a full domain hash of a message.

Parameters
keyprivate key to use for the signing
msgthe message to sign
msg_lennumber of bytes in msg to sign
Returns
NULL on error, signature on success

Definition at line 895 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, and rsa_sign_mpi().

898 {
899  gcry_mpi_t v = NULL;
900  struct GNUNET_CRYPTO_RsaSignature *sig;
901 
902  BENCHMARK_START (rsa_sign_blinded);
903 
904  GNUNET_assert (0 ==
905  gcry_mpi_scan (&v,
906  GCRYMPI_FMT_USG,
907  msg,
908  msg_len,
909  NULL));
910 
911  sig = rsa_sign_mpi (key, v);
912  gcry_mpi_release (v);
913  BENCHMARK_END (rsa_sign_blinded);
914  return sig;
915 }
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
an RSA signature
Definition: crypto_rsa.c:63
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
static struct GNUNET_CRYPTO_RsaSignature * rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
Sign the given MPI.
Definition: crypto_rsa.c:834
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_fdh()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_fdh ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const struct GNUNET_HashCode hash 
)

Create and sign a full domain hash of a message.

Parameters
keyprivate key to use for the signing
hashthe hash of the message to sign
Returns
NULL on error, including a malicious RSA key, signature on success

Definition at line 926 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_free(), pkey, rsa_full_domain_hash(), and rsa_sign_mpi().

928 {
930  gcry_mpi_t v = NULL;
931  struct GNUNET_CRYPTO_RsaSignature *sig;
932 
934  v = rsa_full_domain_hash (pkey, hash);
936  if (NULL == v) /* rsa_gcd_validate failed meaning */
937  return NULL; /* our *own* RSA key is malicious. */
938 
939  sig = rsa_sign_mpi (key, v);
940  gcry_mpi_release (v);
941  return sig;
942 }
static char * pkey
Public key of the zone to look in, in ASCII.
an RSA signature
Definition: crypto_rsa.c:63
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:690
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:302
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:263
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
static struct GNUNET_CRYPTO_RsaSignature * rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
Sign the given MPI.
Definition: crypto_rsa.c:834
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_free()

void GNUNET_CRYPTO_rsa_signature_free ( struct GNUNET_CRYPTO_RsaSignature sig)

Free memory occupied by signature.

Parameters
sigmemory to freee

Definition at line 951 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by clean_rsa_sig(), and clean_rsa_signature().

952 {
953  gcry_sexp_release (sig->sexp);
954  GNUNET_free (sig);
955 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_encode()

size_t GNUNET_CRYPTO_rsa_signature_encode ( const struct GNUNET_CRYPTO_RsaSignature sig,
char **  buffer 
)

Encode the given signature in a format suitable for storing it into a file.

Parameters
sigthe signature
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 966 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_malloc, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by bind_rsa_sig(), GNUNET_CRYPTO_rsa_signature_cmp(), GNUNET_JSON_from_rsa_signature(), my_conv_rsa_signature(), and qconv_rsa_signature().

968 {
969  size_t n;
970  char *b;
971 
972  n = gcry_sexp_sprint (sig->sexp,
973  GCRYSEXP_FMT_ADVANCED,
974  NULL,
975  0);
976  b = GNUNET_malloc (n);
977  GNUNET_assert ((n - 1) == /* since the last byte is \0 */
978  gcry_sexp_sprint (sig->sexp,
979  GCRYSEXP_FMT_ADVANCED,
980  b,
981  n));
982  *buffer = b;
983  return n;
984 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_decode()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_decode ( const char *  buf,
size_t  len 
)

Decode the signature from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 996 of file crypto_rsa.c.

References GNUNET_break_op, GNUNET_free, GNUNET_new, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by extract_rsa_sig(), extract_rsa_signature(), parse_rsa_signature(), and post_extract_rsa_signature().

998 {
999  struct GNUNET_CRYPTO_RsaSignature *sig;
1000  int ret;
1001  gcry_mpi_t s;
1002 
1003  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1004  if (0 !=
1005  gcry_sexp_new (&sig->sexp,
1006  buf,
1007  len,
1008  0))
1009  {
1010  GNUNET_break_op (0);
1011  GNUNET_free (sig);
1012  return NULL;
1013  }
1014  /* verify that this is an RSA signature */
1015  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1016  if (0 != ret)
1017  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1018  if (0 != ret)
1019  {
1020  /* this is no RSA Signature */
1021  GNUNET_break_op (0);
1022  gcry_sexp_release (sig->sexp);
1023  GNUNET_free (sig);
1024  return NULL;
1025  }
1026  gcry_mpi_release (s);
1027  return sig;
1028 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
an RSA signature
Definition: crypto_rsa.c:63
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static char buf[2048]
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
#define GNUNET_free(ptr)
Wrapper around free.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_dup()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_dup ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Duplicate the given public key.

Parameters
keythe public key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1038 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, and GNUNET_CRYPTO_RsaPublicKey::sexp.

1039 {
1040  struct GNUNET_CRYPTO_RsaPublicKey *dup;
1041  gcry_sexp_t dup_sexp;
1042  size_t erroff;
1043 
1044  /* check if we really are exporting a public key */
1045  dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0);
1046  GNUNET_assert (NULL != dup_sexp);
1047  gcry_sexp_release (dup_sexp);
1048  /* copy the sexp */
1049  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1050  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
1051  dup->sexp = dup_sexp;
1052  return dup;
1053 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:51
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56

◆ GNUNET_CRYPTO_rsa_unblind()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_unblind ( const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey 
)

Unblind a blind-signed signature.

The signature should have been generated with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with GNUNET_CRYPTO_rsa_blind().

Parameters
sigthe signature made on the blinded signature purpose
bksthe blinding key secret used to blind the signature purpose
pkeythe public key of the signer
Returns
unblinded signature on success, NULL if RSA key is bad or malicious.

Definition at line 1067 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_break_op, GNUNET_new, key_from_sexp(), RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

1070 {
1071  struct RsaBlindingKey *bkey;
1072  gcry_mpi_t n;
1073  gcry_mpi_t s;
1074  gcry_mpi_t r_inv;
1075  gcry_mpi_t ubsig;
1076  int ret;
1077  struct GNUNET_CRYPTO_RsaSignature *sret;
1078 
1079  BENCHMARK_START (rsa_unblind);
1080 
1081  ret = key_from_sexp (&n, pkey->sexp, "public-key", "n");
1082  if (0 != ret)
1083  ret = key_from_sexp (&n, pkey->sexp, "rsa", "n");
1084  if (0 != ret)
1085  {
1086  GNUNET_break_op (0);
1087  return NULL;
1088  }
1089  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1090  if (0 != ret)
1091  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1092  if (0 != ret)
1093  {
1094  gcry_mpi_release (n);
1095  GNUNET_break_op (0);
1096  return NULL;
1097  }
1098 
1099  bkey = rsa_blinding_key_derive (pkey, bks);
1100  if (NULL == bkey)
1101  {
1102  /* RSA key is malicious since rsa_gcd_validate failed here.
1103  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1104  * so the exchange is being malicious in an unfamilair way, maybe
1105  * just trying to crash us. */
1106  GNUNET_break_op (0);
1107  gcry_mpi_release (n);
1108  gcry_mpi_release (s);
1109  return NULL;
1110  }
1111 
1112  r_inv = gcry_mpi_new (0);
1113  if (1 !=
1114  gcry_mpi_invm (r_inv,
1115  bkey->r,
1116  n))
1117  {
1118  /* We cannot find r mod n, so gcd(r,n) != 1, which should get *
1119  * caught above, but we handle it the same here. */
1120  GNUNET_break_op (0);
1121  gcry_mpi_release (r_inv);
1122  rsa_blinding_key_free (bkey);
1123  gcry_mpi_release (n);
1124  gcry_mpi_release (s);
1125  return NULL;
1126  }
1127 
1128  ubsig = gcry_mpi_new (0);
1129  gcry_mpi_mulm (ubsig, s, r_inv, n);
1130  gcry_mpi_release (n);
1131  gcry_mpi_release (r_inv);
1132  gcry_mpi_release (s);
1133  rsa_blinding_key_free (bkey);
1134 
1135  sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1136  GNUNET_assert (0 ==
1137  gcry_sexp_build (&sret->sexp,
1138  NULL,
1139  "(sig-val (rsa (s %M)))",
1140  ubsig));
1141  gcry_mpi_release (ubsig);
1142  BENCHMARK_END (rsa_unblind);
1143  return sret;
1144 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
static struct RsaBlindingKey * rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
Create a blinding key.
Definition: crypto_rsa.c:437
an RSA signature
Definition: crypto_rsa.c:63
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int ret
Final status code.
Definition: gnunet-arm.c:89
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
RSA blinding key.
Definition: crypto_rsa.c:75
static void rsa_blinding_key_free(struct RsaBlindingKey *bkey)
Destroy a blinding key.
Definition: crypto_rsa.c:638
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_verify()

int GNUNET_CRYPTO_rsa_verify ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaPublicKey pkey 
)

Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key.

Parameters
hashhash of the message to verify to match the sig
sigsignature that is being validated
pkeypublic key of the signer
Returns
GNUNET_YES if ok, GNUNET_NO if RSA key is malicious, GNUNET_SYSERR if signature is invalid

Definition at line 1157 of file crypto_rsa.c.

References _, BENCHMARK_END, BENCHMARK_START, data, GNUNET_break_op, GNUNET_ERROR_TYPE_WARNING, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, LOG, mpi_to_sexp(), rsa_full_domain_hash(), GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

1160 {
1161  gcry_sexp_t data;
1162  gcry_mpi_t r;
1163  int rc;
1164 
1165  BENCHMARK_START (rsa_verify);
1166 
1167  r = rsa_full_domain_hash (pkey, hash);
1168  if (NULL == r) {
1169  GNUNET_break_op (0);
1170  /* RSA key is malicious since rsa_gcd_validate failed here.
1171  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1172  * so the exchange is being malicious in an unfamilair way, maybe
1173  * just trying to crash us. Arguably, we've only an internal error
1174  * though because we should've detected this in our previous call
1175  * to GNUNET_CRYPTO_rsa_unblind. */
1176  return GNUNET_NO;
1177  }
1178 
1179  data = mpi_to_sexp(r);
1180  gcry_mpi_release (r);
1181 
1182  rc = gcry_pk_verify (sig->sexp,
1183  data,
1184  pkey->sexp);
1185  gcry_sexp_release (data);
1186  if (0 != rc)
1187  {
1189  _("RSA signature verification failed at %s:%d: %s\n"),
1190  __FILE__,
1191  __LINE__,
1192  gcry_strerror (rc));
1193  return GNUNET_SYSERR;
1194  BENCHMARK_END (rsa_verify);
1195  }
1196  BENCHMARK_END (rsa_verify);
1197  return GNUNET_OK;
1198 }
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:690
#define BENCHMARK_START(opname)
Definition: benchmark.h:53
#define BENCHMARK_END(opname)
Definition: benchmark.h:54
#define GNUNET_NO
Definition: gnunet_common.h:81
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:78
static gcry_sexp_t mpi_to_sexp(gcry_mpi_t value)
Convert an MPI to an S-expression suitable for signature operations.
Definition: crypto_rsa.c:813
#define _(String)
GNU gettext support macro.
Definition: platform.h:208
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
#define LOG(kind,...)
Definition: crypto_rsa.c:33
#define GNUNET_SYSERR
Definition: gnunet_common.h:79
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
uint32_t data
The data value.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_dup()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_dup ( const struct GNUNET_CRYPTO_RsaPrivateKey key)

Duplicate the given private key.

Parameters
keythe private key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1208 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

1209 {
1210  struct GNUNET_CRYPTO_RsaPrivateKey *dup;
1211  gcry_sexp_t dup_sexp;
1212  size_t erroff;
1213 
1214  /* check if we really are exporting a private key */
1215  dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0);
1216  GNUNET_assert (NULL != dup_sexp);
1217  gcry_sexp_release (dup_sexp);
1218  /* copy the sexp */
1219  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1220  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
1221  dup->sexp = dup_sexp;
1222  return dup;
1223 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
The private information of an RSA key pair.
Definition: crypto_rsa.c:39

◆ GNUNET_CRYPTO_rsa_signature_dup()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_dup ( const struct GNUNET_CRYPTO_RsaSignature sig)

Duplicate the given private key.

Duplicate the given rsa signature.

Parameters
keythe private key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1233 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

1234 {
1235  struct GNUNET_CRYPTO_RsaSignature *dup;
1236  gcry_sexp_t dup_sexp;
1237  size_t erroff;
1238  gcry_mpi_t s;
1239  int ret;
1240 
1241  /* verify that this is an RSA signature */
1242  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1243  if (0 != ret)
1244  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1245  GNUNET_assert (0 == ret);
1246  gcry_mpi_release (s);
1247  /* copy the sexp */
1248  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp));
1249  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1250  dup->sexp = dup_sexp;
1251  return dup;
1252 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
an RSA signature
Definition: crypto_rsa.c:63
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int ret
Final status code.
Definition: gnunet-arm.c:89
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68
Here is the call graph for this function: