GNUnet  0.11.x
Data Structures | Macros | Functions
crypto_rsa.c File Reference

Chaum-style Blind signatures based on RSA. More...

#include "platform.h"
#include <gcrypt.h>
#include "gnunet_crypto_lib.h"
#include "benchmark.h"
Include dependency graph for crypto_rsa.c:

Go to the source code of this file.

Data Structures

struct  GNUNET_CRYPTO_RsaPrivateKey
 The private information of an RSA key pair. More...
 
struct  GNUNET_CRYPTO_RsaPublicKey
 The public information of an RSA key pair. More...
 
struct  GNUNET_CRYPTO_RsaSignature
 an RSA signature More...
 
struct  RsaBlindingKey
 RSA blinding key. More...
 
struct  GNUNET_CRYPTO_RsaPublicKeyHeaderP
 Format of the header of a serialized RSA public key. More...
 

Macros

#define LOG(kind, ...)   GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__)
 
#define NEW_CRYPTO   0
 

Functions

static int key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
 Extract values from an S-expression. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
 Create a new private key. More...
 
void GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Free memory occupied by the private key. More...
 
size_t GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, char **buffer)
 Encode the private key in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_decode (const char *buf, size_t len)
 Decode the private key from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
 Extract the public key of the given private key. More...
 
void GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key)
 Free memory occupied by the public key. More...
 
GNUNET_NETWORK_STRUCT_END size_t GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
 Encode the public key in a format suitable for storing it into a file. More...
 
void GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, struct GNUNET_HashCode *hc)
 Compute hash over the public key. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_decode (const char *buf, size_t len)
 Decode the public key from the data-format back to the "normal", internal format. More...
 
static int rsa_gcd_validate (gcry_mpi_t r, gcry_mpi_t n)
 Test for malicious RSA key. More...
 
static struct RsaBlindingKeyrsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
 Create a blinding key. More...
 
int GNUNET_CRYPTO_rsa_signature_cmp (struct GNUNET_CRYPTO_RsaSignature *s1, struct GNUNET_CRYPTO_RsaSignature *s2)
 Compare the values of two signatures. More...
 
int GNUNET_CRYPTO_rsa_public_key_cmp (struct GNUNET_CRYPTO_RsaPublicKey *p1, struct GNUNET_CRYPTO_RsaPublicKey *p2)
 Compare the values of two public keys. More...
 
int GNUNET_CRYPTO_rsa_private_key_cmp (struct GNUNET_CRYPTO_RsaPrivateKey *p1, struct GNUNET_CRYPTO_RsaPrivateKey *p2)
 Compare the values of two private keys. More...
 
unsigned int GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Obtain the length of the RSA key in bits. More...
 
static void rsa_blinding_key_free (struct RsaBlindingKey *bkey)
 Destroy a blinding key. More...
 
static size_t numeric_mpi_alloc_n_print (gcry_mpi_t v, char **buffer)
 Print an MPI to a newly created buffer. More...
 
static gcry_mpi_t rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
 Computes a full domain hash seeded by the given public key. More...
 
int GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, char **buf, size_t *buf_size)
 Blinds the given message with the given blinding key. More...
 
static gcry_sexp_t mpi_to_sexp (gcry_mpi_t value)
 Convert an MPI to an S-expression suitable for signature operations. More...
 
static struct GNUNET_CRYPTO_RsaSignaturersa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
 Sign the given MPI. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
 Sign a blinded value, which must be a full domain hash of a message. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_HashCode *hash)
 Create and sign a full domain hash of a message. More...
 
void GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
 Free memory occupied by signature. More...
 
size_t GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, char **buffer)
 Encode the given signature in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_decode (const char *buf, size_t len)
 Decode the signature from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Duplicate the given public key. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
 Unblind a blind-signed signature. More...
 
int GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *pkey)
 Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Duplicate the given private key. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
 Duplicate the given private key. More...
 

Detailed Description

Chaum-style Blind signatures based on RSA.

Author
Sree Harsha Totakura sreeh.nosp@m.arsh.nosp@m.a@tot.nosp@m.akur.nosp@m.a.in
Christian Grothoff
Jeffrey Burdges burdg.nosp@m.es@g.nosp@m.nunet.nosp@m..org

Definition in file crypto_rsa.c.

Macro Definition Documentation

◆ LOG

#define LOG (   kind,
  ... 
)    GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__)

◆ NEW_CRYPTO

#define NEW_CRYPTO   0

Definition at line 36 of file crypto_rsa.c.

Function Documentation

◆ key_from_sexp()

static int key_from_sexp ( gcry_mpi_t *  array,
gcry_sexp_t  sexp,
const char *  topname,
const char *  elems 
)
static

Extract values from an S-expression.

Parameters
arraywhere to store the result(s)
sexpS-expression to parse
topnametop-level name in the S-expression that is of interest
elemsnames of the elements to extract
Returns
0 on success

Definition at line 96 of file crypto_rsa.c.

References list.

Referenced by GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_decode(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_CRYPTO_rsa_public_key_len(), GNUNET_CRYPTO_rsa_signature_decode(), GNUNET_CRYPTO_rsa_signature_dup(), GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_CRYPTO_rsa_unblind(), rsa_blinding_key_derive(), and rsa_full_domain_hash().

100 {
101  gcry_sexp_t list;
102  gcry_sexp_t l2;
103  const char *s;
104  unsigned int idx;
105 
106  if (! (list = gcry_sexp_find_token (sexp, topname, 0)))
107  return 1;
108  l2 = gcry_sexp_cadr (list);
109  gcry_sexp_release (list);
110  list = l2;
111  if (! list)
112  return 2;
113  idx = 0;
114  for (s = elems; *s; s++, idx++)
115  {
116  if (! (l2 = gcry_sexp_find_token (list, s, 1)))
117  {
118  for (unsigned int i = 0; i < idx; i++)
119  {
120  gcry_free (array[i]);
121  array[i] = NULL;
122  }
123  gcry_sexp_release (list);
124  return 3; /* required parameter not found */
125  }
126  array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
127  gcry_sexp_release (l2);
128  if (! array[idx])
129  {
130  for (unsigned int i = 0; i < idx; i++)
131  {
132  gcry_free (array[i]);
133  array[i] = NULL;
134  }
135  gcry_sexp_release (list);
136  return 4; /* required parameter is invalid */
137  }
138  }
139  gcry_sexp_release (list);
140  return 0;
141 }
static int list
Set if we should print a list of currently running services.
Definition: gnunet-arm.c:69
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_create()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_create ( unsigned int  len)

Create a new private key.

Caller must free return value.

Parameters
lenlength of the key in bits (i.e. 2048)
Returns
fresh private key

Definition at line 151 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_new, ret, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

152 {
154  gcry_sexp_t s_key;
155  gcry_sexp_t s_keyparam;
156 
157  BENCHMARK_START (rsa_private_key_create);
158 
159  GNUNET_assert (0 ==
160  gcry_sexp_build (&s_keyparam,
161  NULL,
162  "(genkey(rsa(nbits %d)))",
163  len));
164  GNUNET_assert (0 ==
165  gcry_pk_genkey (&s_key,
166  s_keyparam));
167  gcry_sexp_release (s_keyparam);
168 #if EXTRA_CHECKS
169  GNUNET_assert (0 ==
170  gcry_pk_testkey (s_key));
171 #endif
173  ret->sexp = s_key;
174  BENCHMARK_END (rsa_private_key_create);
175  return ret;
176 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:46
The private information of an RSA key pair.
Definition: crypto_rsa.c:41
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...

◆ GNUNET_CRYPTO_rsa_private_key_free()

void GNUNET_CRYPTO_rsa_private_key_free ( struct GNUNET_CRYPTO_RsaPrivateKey key)

Free memory occupied by the private key.

Parameters
keypointer to the memory to free

Definition at line 185 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_private_key_decode().

186 {
187  gcry_sexp_release (key->sexp);
188  GNUNET_free (key);
189 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:46
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_encode()

size_t GNUNET_CRYPTO_rsa_private_key_encode ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
char **  buffer 
)

Encode the private key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 201 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_malloc, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_private_key_cmp().

204 {
205  size_t n;
206  char *b;
207 
208  n = gcry_sexp_sprint (key->sexp,
209  GCRYSEXP_FMT_DEFAULT,
210  NULL,
211  0);
212  b = GNUNET_malloc (n);
213  GNUNET_assert ((n - 1) == /* since the last byte is \0 */
214  gcry_sexp_sprint (key->sexp,
215  GCRYSEXP_FMT_DEFAULT,
216  b,
217  n));
218  *buffer = b;
219  return n;
220 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:46
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_decode()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_decode ( const char *  buf,
size_t  len 
)

Decode the private key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the private key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 232 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_new, key, LOG, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

234 {
236 
238  if (0 !=
239  gcry_sexp_new (&key->sexp,
240  buf,
241  len,
242  0))
243  {
245  "Decoded private key is not valid\n");
246  GNUNET_free (key);
247  return NULL;
248  }
249  if (0 != gcry_pk_testkey (key->sexp))
250  {
252  "Decoded private key is not valid\n");
254  return NULL;
255  }
256  return key;
257 }
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:46
static char buf[2048]
#define LOG(kind,...)
Definition: crypto_rsa.c:33
struct GNUNET_HashCode key
The key used in the DHT.
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:185
The private information of an RSA key pair.
Definition: crypto_rsa.c:41
#define GNUNET_free(ptr)
Wrapper around free.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_get_public()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_private_key_get_public ( const struct GNUNET_CRYPTO_RsaPrivateKey priv)

Extract the public key of the given private key.

Parameters
privthe private key NULL on error, otherwise the public key

Definition at line 267 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_break_op, GNUNET_new, key_from_sexp(), pub, result, GNUNET_CRYPTO_RsaPrivateKey::sexp, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_sign_fdh(), and rsa_sign_mpi().

269 {
271  gcry_mpi_t ne[2];
272  int rc;
273  gcry_sexp_t result;
274 
275  BENCHMARK_START (rsa_private_key_get_public);
276 
277  rc = key_from_sexp (ne, priv->sexp, "public-key", "ne");
278  if (0 != rc)
279  rc = key_from_sexp (ne, priv->sexp, "private-key", "ne");
280  if (0 != rc)
281  rc = key_from_sexp (ne, priv->sexp, "rsa", "ne");
282  if (0 != rc)
283  {
284  GNUNET_break_op (0);
285  return NULL;
286  }
287  rc = gcry_sexp_build (&result,
288  NULL,
289  "(public-key(rsa(n %m)(e %m)))",
290  ne[0],
291  ne[1]);
292  gcry_mpi_release (ne[0]);
293  gcry_mpi_release (ne[1]);
294  pub = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
295  pub->sexp = result;
296  BENCHMARK_END (rsa_private_key_get_public);
297  return pub;
298 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:96
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:53
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:46
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static int result
Global testing status.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:39
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_free()

void GNUNET_CRYPTO_rsa_public_key_free ( struct GNUNET_CRYPTO_RsaPublicKey key)

Free memory occupied by the public key.

Parameters
keypointer to the memory to free

Definition at line 307 of file crypto_rsa.c.

References GNUNET_free, GNUNET_NETWORK_STRUCT_BEGIN, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by clean_rsa_pub(), clean_rsa_public_key(), GNUNET_CRYPTO_rsa_sign_fdh(), and rsa_sign_mpi().

308 {
309  gcry_sexp_release (key->sexp);
310  GNUNET_free (key);
311 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_encode()

GNUNET_NETWORK_STRUCT_END size_t GNUNET_CRYPTO_rsa_public_key_encode ( const struct GNUNET_CRYPTO_RsaPublicKey key,
char **  buffer 
)

Encode the public key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 348 of file crypto_rsa.c.

References buf, GNUNET_assert, GNUNET_break, GNUNET_malloc, key_from_sexp(), GNUNET_CRYPTO_RsaPublicKeyHeaderP::modulus_length, GNUNET_CRYPTO_RsaPublicKeyHeaderP::public_exponent_length, ret, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by bind_rsa_pub(), GNUNET_CRYPTO_rsa_public_key_cmp(), GNUNET_CRYPTO_rsa_public_key_hash(), GNUNET_JSON_from_rsa_public_key(), my_conv_rsa_public_key(), qconv_rsa_public_key(), and rsa_full_domain_hash().

351 {
352 #if NEW_CRYPTO
353  gcry_mpi_t ne[2];
354  size_t n_size;
355  size_t e_size;
356  size_t rsize;
357  size_t buf_size;
358  char *buf;
360  int ret;
361 
362 /* SEE #5398 / #5968 */
363  ret = key_from_sexp (ne, key->sexp, "public-key", "ne");
364  if (0 != ret)
365  ret = key_from_sexp (ne, key->sexp, "rsa", "ne");
366  if (0 != ret)
367  {
368  GNUNET_break (0);
369  *buffer = NULL;
370  return 0;
371  }
372 
373  gcry_mpi_print (GCRYMPI_FMT_USG,
374  NULL,
375  0,
376  &n_size,
377  ne[0]);
378  gcry_mpi_print (GCRYMPI_FMT_USG,
379  NULL,
380  0,
381  &e_size,
382  ne[1]);
383  if ( (e_size > UINT16_MAX) ||
384  (n_size > UINT16_MAX) )
385  {
386  GNUNET_break (0);
387  *buffer = NULL;
388  gcry_mpi_release (ne[0]);
389  gcry_mpi_release (ne[1]);
390  return 0;
391  }
392  buf_size = n_size + e_size + sizeof (hdr);
393  buf = GNUNET_malloc (buf_size);
394  hdr.modulus_length = htons ((uint16_t) n_size);
395  hdr.public_exponent_length = htons ((uint16_t) e_size);
396  memcpy (buf, &hdr, sizeof (hdr));
397  GNUNET_assert (0 ==
398  gcry_mpi_print (GCRYMPI_FMT_USG,
399  (unsigned char *) &buf[sizeof (hdr)],
400  n_size,
401  &rsize,
402  ne[0]));
403 
404  GNUNET_assert (0 ==
405  gcry_mpi_print (GCRYMPI_FMT_USG,
406  (unsigned char *) &buf[sizeof (hdr) + n_size],
407  e_size,
408  &rsize,
409  ne[1]));
410  *buffer = buf;
411  gcry_mpi_release (ne[0]);
412  gcry_mpi_release (ne[1]);
413  return buf_size;
414 #else
415  size_t n;
416  char *b;
417 
418  n = gcry_sexp_sprint (key->sexp,
419  GCRYSEXP_FMT_ADVANCED,
420  NULL,
421  0);
422  b = GNUNET_malloc (n);
423  GNUNET_assert ((n - 1) == /* since the last byte is \0 */
424  gcry_sexp_sprint (key->sexp,
425  GCRYSEXP_FMT_ADVANCED,
426  b,
427  n));
428  *buffer = b;
429  return n;
430 #endif
431 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:96
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static char buf[2048]
Format of the header of a serialized RSA public key.
Definition: crypto_rsa.c:319
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_hash()

void GNUNET_CRYPTO_rsa_public_key_hash ( const struct GNUNET_CRYPTO_RsaPublicKey key,
struct GNUNET_HashCode hc 
)

Compute hash over the public key.

Parameters
keypublic key to hash
hcwhere to store the hash code

Definition at line 441 of file crypto_rsa.c.

References buf, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_rsa_public_key_encode(), and GNUNET_free.

443 {
444  char *buf;
445  size_t buf_size;
446 
447  buf_size = GNUNET_CRYPTO_rsa_public_key_encode (key,
448  &buf);
449  GNUNET_CRYPTO_hash (buf,
450  buf_size,
451  hc);
452  GNUNET_free (buf);
453 }
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:48
static char buf[2048]
GNUNET_NETWORK_STRUCT_END size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:348
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_decode()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_decode ( const char *  buf,
size_t  len 
)

Decode the public key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 465 of file crypto_rsa.c.

References data, e, GNUNET_break, GNUNET_break_op, GNUNET_free, GNUNET_new, key, key_from_sexp(), GNUNET_CRYPTO_RsaPublicKeyHeaderP::modulus_length, GNUNET_CRYPTO_RsaPublicKeyHeaderP::public_exponent_length, ret, and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by extract_rsa_pub(), extract_rsa_public_key(), parse_rsa_public_key(), and post_extract_rsa_public_key().

467 {
469 #if NEW_CRYPTO
471  size_t e_size;
472  size_t n_size;
473  gcry_mpi_t n;
474  gcry_mpi_t e;
475  gcry_sexp_t data;
476 
477  if (len < sizeof (hdr))
478  {
479  GNUNET_break_op (0);
480  return NULL;
481  }
482  memcpy (&hdr, buf, sizeof (hdr));
483  n_size = ntohs (hdr.modulus_length);
484  e_size = ntohs (hdr.public_exponent_length);
485  if (len != sizeof (hdr) + e_size + n_size)
486  {
487  GNUNET_break_op (0);
488  return NULL;
489  }
490  if (0 !=
491  gcry_mpi_scan (&n,
492  GCRYMPI_FMT_USG,
493  &buf[sizeof (hdr)],
494  n_size,
495  NULL))
496  {
497  GNUNET_break_op (0);
498  return NULL;
499  }
500  if (0 !=
501  gcry_mpi_scan (&e,
502  GCRYMPI_FMT_USG,
503  &buf[sizeof (hdr) + n_size],
504  e_size,
505  NULL))
506  {
507  GNUNET_break_op (0);
508  gcry_mpi_release (n);
509  return NULL;
510  }
511 
512  if (0 !=
513  gcry_sexp_build (&data,
514  NULL,
515  "(public-key(rsa(n %m)(e %m)))",
516  n,
517  e))
518  {
519  GNUNET_break (0);
520  gcry_mpi_release (n);
521  gcry_mpi_release (e);
522  return NULL;
523  }
524  gcry_mpi_release (n);
525  gcry_mpi_release (e);
526  key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
527  key->sexp = data;
528  return key;
529 #else
530  gcry_mpi_t n;
531  int ret;
532 
533 
534  key = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
535  if (0 !=
536  gcry_sexp_new (&key->sexp,
537  buf,
538  len,
539  0))
540  {
541  GNUNET_break_op (0);
542  GNUNET_free (key);
543  return NULL;
544  }
545  /* verify that this is an RSA public key */
546  ret = key_from_sexp (&n, key->sexp, "public-key", "n");
547  if (0 != ret)
548  ret = key_from_sexp (&n, key->sexp, "rsa", "n");
549  if (0 != ret)
550  {
551  /* this is no public RSA key */
552  GNUNET_break (0);
553  gcry_sexp_release (key->sexp);
554  GNUNET_free (key);
555  return NULL;
556  }
557  gcry_mpi_release (n);
558  return key;
559 #endif
560 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:96
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static struct Experiment * e
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:53
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static char buf[2048]
Format of the header of a serialized RSA public key.
Definition: crypto_rsa.c:319
struct GNUNET_HashCode key
The key used in the DHT.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58
uint32_t data
The data value.
#define GNUNET_free(ptr)
Wrapper around free.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ rsa_gcd_validate()

static int rsa_gcd_validate ( gcry_mpi_t  r,
gcry_mpi_t  n 
)
static

Test for malicious RSA key.

Assuming n is an RSA modulous and r is generated using a call to GNUNET_CRYPTO_kdf_mod_mpi, if gcd(r,n) != 1 then n must be a malicious RSA key designed to deanomize the user.

Parameters
rKDF result
nRSA modulus
Returns
True if gcd(r,n) = 1, False means RSA key is malicious

Definition at line 575 of file crypto_rsa.c.

References t.

Referenced by rsa_blinding_key_derive(), and rsa_full_domain_hash().

576 {
577  gcry_mpi_t g;
578  int t;
579 
580  g = gcry_mpi_new (0);
581  t = gcry_mpi_gcd (g, r, n);
582  gcry_mpi_release (g);
583  return t;
584 }
static struct GNUNET_SCHEDULER_Task * t
Main task.
Here is the caller graph for this function:

◆ rsa_blinding_key_derive()

static struct RsaBlindingKey* rsa_blinding_key_derive ( const struct GNUNET_CRYPTO_RsaPublicKey pkey,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks 
)
static

Create a blinding key.

Parameters
lenlength of the key in bits (i.e. 2048)
bkspre-secret to use to derive the blinding key
Returns
the newly created blinding key, NULL if RSA key is malicious

Definition at line 595 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_CRYPTO_kdf_mod_mpi(), GNUNET_free, GNUNET_new, key_from_sexp(), RsaBlindingKey::r, rsa_gcd_validate(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_blind(), and GNUNET_CRYPTO_rsa_unblind().

597 {
598  char *xts = "Blinding KDF extrator HMAC key"; /* Trusts bks' randomness more */
599  struct RsaBlindingKey *blind;
600  gcry_mpi_t n;
601 
602  blind = GNUNET_new (struct RsaBlindingKey);
603  GNUNET_assert (NULL != blind);
604 
605  /* Extract the composite n from the RSA public key */
606  GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n"));
607  /* Assert that it at least looks like an RSA key */
608  GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE));
609 
610  GNUNET_CRYPTO_kdf_mod_mpi (&blind->r,
611  n,
612  xts, strlen (xts),
613  bks, sizeof(*bks),
614  "Blinding KDF");
615  if (0 == rsa_gcd_validate (blind->r, n))
616  {
617  GNUNET_free (blind);
618  blind = NULL;
619  }
620 
621  gcry_mpi_release (n);
622  return blind;
623 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:96
void GNUNET_CRYPTO_kdf_mod_mpi(gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi...
Definition: crypto_kdf.c:126
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:82
#define GNUNET_new(type)
Allocate a struct or union of the given type.
static int rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
Test for malicious RSA key.
Definition: crypto_rsa.c:575
RSA blinding key.
Definition: crypto_rsa.c:77
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_cmp()

int GNUNET_CRYPTO_rsa_signature_cmp ( struct GNUNET_CRYPTO_RsaSignature s1,
struct GNUNET_CRYPTO_RsaSignature s2 
)

Compare the values of two signatures.

Parameters
s1one signature
s2the other signature
Returns
0 if the two are equal

Definition at line 677 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_free, and ret.

679 {
680  char *b1;
681  char *b2;
682  size_t z1;
683  size_t z2;
684  int ret;
685 
687  &b1);
689  &b2);
690  if (z1 != z2)
691  ret = 1;
692  else
693  ret = memcmp (b1,
694  b2,
695  z1);
696  GNUNET_free (b1);
697  GNUNET_free (b2);
698  return ret;
699 }
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, char **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:1127
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_cmp()

int GNUNET_CRYPTO_rsa_public_key_cmp ( struct GNUNET_CRYPTO_RsaPublicKey p1,
struct GNUNET_CRYPTO_RsaPublicKey p2 
)

Compare the values of two public keys.

Parameters
p1one public key
p2the other public key
Returns
0 if the two are equal

Definition at line 710 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, and ret.

712 {
713  char *b1;
714  char *b2;
715  size_t z1;
716  size_t z2;
717  int ret;
718 
720  &b1);
722  &b2);
723  if (z1 != z2)
724  ret = 1;
725  else
726  ret = memcmp (b1,
727  b2,
728  z1);
729  GNUNET_free (b1);
730  GNUNET_free (b2);
731  return ret;
732 }
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
GNUNET_NETWORK_STRUCT_END size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:348
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_cmp()

int GNUNET_CRYPTO_rsa_private_key_cmp ( struct GNUNET_CRYPTO_RsaPrivateKey p1,
struct GNUNET_CRYPTO_RsaPrivateKey p2 
)

Compare the values of two private keys.

Parameters
p1one private key
p2the other private key
Returns
0 if the two are equal

Definition at line 743 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_encode(), GNUNET_free, and ret.

745 {
746  char *b1;
747  char *b2;
748  size_t z1;
749  size_t z2;
750  int ret;
751 
753  &b1);
755  &b2);
756  if (z1 != z2)
757  ret = 1;
758  else
759  ret = memcmp (b1,
760  b2,
761  z1);
762  GNUNET_free (b1);
763  GNUNET_free (b2);
764  return ret;
765 }
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, char **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:201
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_len()

unsigned int GNUNET_CRYPTO_rsa_public_key_len ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Obtain the length of the RSA key in bits.

Parameters
keythe public key to introspect
Returns
length of the key in bits

Definition at line 775 of file crypto_rsa.c.

References GNUNET_break, key_from_sexp(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

776 {
777  gcry_mpi_t n;
778  unsigned int rval;
779 
780  if (0 != key_from_sexp (&n, key->sexp, "rsa", "n"))
781  { /* Not an RSA public key */
782  GNUNET_break (0);
783  return 0;
784  }
785  rval = gcry_mpi_get_nbits (n);
786  gcry_mpi_release (n);
787  return rval;
788 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:96
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58
Here is the call graph for this function:

◆ rsa_blinding_key_free()

static void rsa_blinding_key_free ( struct RsaBlindingKey bkey)
static

Destroy a blinding key.

Parameters
bkeythe blinding key to destroy

Definition at line 797 of file crypto_rsa.c.

References GNUNET_free, and RsaBlindingKey::r.

Referenced by GNUNET_CRYPTO_rsa_blind(), and GNUNET_CRYPTO_rsa_unblind().

798 {
799  gcry_mpi_release (bkey->r);
800  GNUNET_free (bkey);
801 }
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:82
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ numeric_mpi_alloc_n_print()

static size_t numeric_mpi_alloc_n_print ( gcry_mpi_t  v,
char **  buffer 
)
static

Print an MPI to a newly created buffer.

Parameters
vMPI to print.
[out]newlyallocated buffer containing the result
Returns
number of bytes stored in buffer

Definition at line 812 of file crypto_rsa.c.

References GNUNET_assert, and GNUNET_malloc.

Referenced by GNUNET_CRYPTO_rsa_blind().

814 {
815  size_t n;
816  char *b;
817  size_t rsize;
818 
819  gcry_mpi_print (GCRYMPI_FMT_USG,
820  NULL,
821  0,
822  &n,
823  v);
824  b = GNUNET_malloc (n);
825  GNUNET_assert (0 ==
826  gcry_mpi_print (GCRYMPI_FMT_USG,
827  (unsigned char *) b,
828  n,
829  &rsize,
830  v));
831  *buffer = b;
832  return n;
833 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the caller graph for this function:

◆ rsa_full_domain_hash()

static gcry_mpi_t rsa_full_domain_hash ( const struct GNUNET_CRYPTO_RsaPublicKey pkey,
const struct GNUNET_HashCode hash 
)
static

Computes a full domain hash seeded by the given public key.

This gives a measure of provable security to the Taler exchange against one-more forgery attacks. See: https://eprint.iacr.org/2001/002.pdf http://www.di.ens.fr/~pointche/Documents/Papers/2001_fcA.pdf

Parameters
hashinitial hash of the message to sign
pkeythe public key of the signer
rsizeIf not NULL, the number of bytes actually stored in buffer
Returns
MPI value set to the FDH, NULL if RSA key is malicious

Definition at line 849 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_CRYPTO_kdf_mod_mpi(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, key_from_sexp(), ok, RsaBlindingKey::r, rsa_gcd_validate(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_sign_fdh(), and GNUNET_CRYPTO_rsa_verify().

851 {
852  gcry_mpi_t r, n;
853  char *xts;
854  size_t xts_len;
855  int ok;
856 
857  /* Extract the composite n from the RSA public key */
858  GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n"));
859  /* Assert that it at least looks like an RSA key */
860  GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE));
861 
862  /* We key with the public denomination key as a homage to RSA-PSS by *
863  * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree *
864  * of the hypothetical polyomial-time attack on RSA-KTI created by a *
865  * polynomial-time one-more forgary attack. Yey seeding! */
866  xts_len = GNUNET_CRYPTO_rsa_public_key_encode (pkey, &xts);
867 
869  n,
870  xts, xts_len,
871  hash, sizeof(*hash),
872  "RSA-FDA FTpsW!");
873  GNUNET_free (xts);
874 
875  ok = rsa_gcd_validate (r, n);
876  gcry_mpi_release (n);
877  if (ok)
878  return r;
879  gcry_mpi_release (r);
880  return NULL;
881 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:96
void GNUNET_CRYPTO_kdf_mod_mpi(gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi...
Definition: crypto_kdf.c:126
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:82
static int ok
Return value from &#39;main&#39; (0 == success)
static int rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
Test for malicious RSA key.
Definition: crypto_rsa.c:575
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58
GNUNET_NETWORK_STRUCT_END size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, char **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:348
#define GNUNET_free(ptr)
Wrapper around free.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_blind()

int GNUNET_CRYPTO_rsa_blind ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey,
char **  buf,
size_t *  buf_size 
)

Blinds the given message with the given blinding key.

Parameters
hashhash of the message to sign
bkeythe blinding key
pkeythe public key of the signer
[out]bufset to a buffer with the blinded message to be signed
[out]buf_sizenumber of bytes stored in buf
Returns
GNUNET_YES if successful, GNUNET_NO if RSA key is malicious

Definition at line 895 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, data, GNUNET_assert, GNUNET_break, GNUNET_NO, GNUNET_YES, key_from_sexp(), numeric_mpi_alloc_n_print(), RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), rsa_full_domain_hash(), and GNUNET_CRYPTO_RsaPublicKey::sexp.

899 {
900  struct RsaBlindingKey *bkey;
901  gcry_mpi_t data;
902  gcry_mpi_t ne[2];
903  gcry_mpi_t r_e;
904  gcry_mpi_t data_r_e;
905  int ret;
906 
907  BENCHMARK_START (rsa_blind);
908 
909  GNUNET_assert (buf != NULL && buf_size != NULL);
910  ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne");
911  if (0 != ret)
912  ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne");
913  if (0 != ret)
914  {
915  GNUNET_break (0);
916  *buf = NULL;
917  *buf_size = 0;
918  return 0;
919  }
920 
921  data = rsa_full_domain_hash (pkey, hash);
922  if (NULL == data)
923  goto rsa_gcd_validate_failure;
924 
925  bkey = rsa_blinding_key_derive (pkey, bks);
926  if (NULL == bkey)
927  {
928  gcry_mpi_release (data);
929  goto rsa_gcd_validate_failure;
930  }
931 
932  r_e = gcry_mpi_new (0);
933  gcry_mpi_powm (r_e,
934  bkey->r,
935  ne[1],
936  ne[0]);
937  data_r_e = gcry_mpi_new (0);
938  gcry_mpi_mulm (data_r_e,
939  data,
940  r_e,
941  ne[0]);
942  gcry_mpi_release (data);
943  gcry_mpi_release (ne[0]);
944  gcry_mpi_release (ne[1]);
945  gcry_mpi_release (r_e);
946  rsa_blinding_key_free (bkey);
947 
948  *buf_size = numeric_mpi_alloc_n_print (data_r_e, buf);
949  gcry_mpi_release (data_r_e);
950 
951  BENCHMARK_END (rsa_blind);
952 
953  return GNUNET_YES;
954 
955 rsa_gcd_validate_failure:
956  /* We know the RSA key is malicious here, so warn the wallet. */
957  /* GNUNET_break_op (0); */
958  gcry_mpi_release (ne[0]);
959  gcry_mpi_release (ne[1]);
960  *buf = NULL;
961  *buf_size = 0;
962  return GNUNET_NO;
963 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:96
static struct RsaBlindingKey * rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
Create a blinding key.
Definition: crypto_rsa.c:595
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:849
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:82
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_NO
Definition: gnunet_common.h:78
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static size_t numeric_mpi_alloc_n_print(gcry_mpi_t v, char **buffer)
Print an MPI to a newly created buffer.
Definition: crypto_rsa.c:812
static char buf[2048]
RSA blinding key.
Definition: crypto_rsa.c:77
static void rsa_blinding_key_free(struct RsaBlindingKey *bkey)
Destroy a blinding key.
Definition: crypto_rsa.c:797
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58
#define GNUNET_YES
Definition: gnunet_common.h:77
uint32_t data
The data value.
Here is the call graph for this function:

◆ mpi_to_sexp()

static gcry_sexp_t mpi_to_sexp ( gcry_mpi_t  value)
static

Convert an MPI to an S-expression suitable for signature operations.

Parameters
valuepointer to the data to convert
Returns
converted s-expression

Definition at line 973 of file crypto_rsa.c.

References data, and GNUNET_assert.

Referenced by GNUNET_CRYPTO_rsa_verify(), and rsa_sign_mpi().

974 {
975  gcry_sexp_t data = NULL;
976 
977  GNUNET_assert (0 ==
978  gcry_sexp_build (&data,
979  NULL,
980  "(data (flags raw) (value %M))",
981  value));
982  return data;
983 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static char * value
Value of the record to add/remove.
uint32_t data
The data value.
Here is the caller graph for this function:

◆ rsa_sign_mpi()

static struct GNUNET_CRYPTO_RsaSignature* rsa_sign_mpi ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
gcry_mpi_t  value 
)
static

Sign the given MPI.

Parameters
keyprivate key to use for the signing
valuethe MPI to sign
Returns
NULL on error, signature on success

Definition at line 994 of file crypto_rsa.c.

References _, data, GNUNET_break, GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_free(), GNUNET_ERROR_TYPE_WARNING, GNUNET_new, LOG, mpi_to_sexp(), result, GNUNET_CRYPTO_RsaPrivateKey::sexp, GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by GNUNET_CRYPTO_rsa_sign_blinded(), and GNUNET_CRYPTO_rsa_sign_fdh().

996 {
997  struct GNUNET_CRYPTO_RsaSignature *sig;
998  gcry_sexp_t data;
999  gcry_sexp_t result;
1000  int rc;
1001 
1002  data = mpi_to_sexp (value);
1003 
1004  if (0 !=
1005  (rc = gcry_pk_sign (&result,
1006  data,
1007  key->sexp)))
1008  {
1010  _ ("RSA signing failed at %s:%d: %s\n"),
1011  __FILE__,
1012  __LINE__,
1013  gcry_strerror (rc));
1014  GNUNET_break (0);
1015  return NULL;
1016  }
1017 
1018  /* Lenstra protection was first added to libgcrypt 1.6.4
1019  * with commit c17f84bd02d7ee93845e92e20f6ddba814961588.
1020  */
1021 #if GCRYPT_VERSION_NUMBER < 0x010604
1022  /* verify signature (guards against Lenstra's attack with fault injection...) */
1023  struct GNUNET_CRYPTO_RsaPublicKey *public_key =
1025  if (0 !=
1026  gcry_pk_verify (result,
1027  data,
1028  public_key->sexp))
1029  {
1030  GNUNET_break (0);
1031  GNUNET_CRYPTO_rsa_public_key_free (public_key);
1032  gcry_sexp_release (data);
1033  gcry_sexp_release (result);
1034  return NULL;
1035  }
1036  GNUNET_CRYPTO_rsa_public_key_free (public_key);
1037 #endif
1038 
1039  /* return signature */
1040  gcry_sexp_release (data);
1041  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1042  sig->sexp = result;
1043  return sig;
1044 }
an RSA signature
Definition: crypto_rsa.c:65
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:307
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:267
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:53
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
static gcry_sexp_t mpi_to_sexp(gcry_mpi_t value)
Convert an MPI to an S-expression suitable for signature operations.
Definition: crypto_rsa.c:973
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:46
static char * value
Value of the record to add/remove.
#define LOG(kind,...)
Definition: crypto_rsa.c:33
static int result
Global testing status.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:70
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58
uint32_t data
The data value.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_blinded()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_blinded ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const void *  msg,
size_t  msg_len 
)

Sign a blinded value, which must be a full domain hash of a message.

Parameters
keyprivate key to use for the signing
msgthe message to sign
msg_lennumber of bytes in msg to sign
Returns
NULL on error, signature on success

Definition at line 1056 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, and rsa_sign_mpi().

1059 {
1060  gcry_mpi_t v = NULL;
1061  struct GNUNET_CRYPTO_RsaSignature *sig;
1062 
1063  BENCHMARK_START (rsa_sign_blinded);
1064 
1065  GNUNET_assert (0 ==
1066  gcry_mpi_scan (&v,
1067  GCRYMPI_FMT_USG,
1068  msg,
1069  msg_len,
1070  NULL));
1071 
1072  sig = rsa_sign_mpi (key, v);
1073  gcry_mpi_release (v);
1074  BENCHMARK_END (rsa_sign_blinded);
1075  return sig;
1076 }
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
an RSA signature
Definition: crypto_rsa.c:65
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static struct GNUNET_CRYPTO_RsaSignature * rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
Sign the given MPI.
Definition: crypto_rsa.c:994
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_fdh()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_fdh ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const struct GNUNET_HashCode hash 
)

Create and sign a full domain hash of a message.

Parameters
keyprivate key to use for the signing
hashthe hash of the message to sign
Returns
NULL on error, including a malicious RSA key, signature on success

Definition at line 1087 of file crypto_rsa.c.

References GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_free(), pkey, rsa_full_domain_hash(), and rsa_sign_mpi().

1089 {
1091  gcry_mpi_t v = NULL;
1092  struct GNUNET_CRYPTO_RsaSignature *sig;
1093 
1095  v = rsa_full_domain_hash (pkey, hash);
1097  if (NULL == v) /* rsa_gcd_validate failed meaning */
1098  return NULL; /* our *own* RSA key is malicious. */
1099 
1100  sig = rsa_sign_mpi (key, v);
1101  gcry_mpi_release (v);
1102  return sig;
1103 }
static char * pkey
Public key of the zone to look in, in ASCII.
an RSA signature
Definition: crypto_rsa.c:65
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:849
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:307
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:267
The public information of an RSA key pair.
Definition: crypto_rsa.c:53
static struct GNUNET_CRYPTO_RsaSignature * rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
Sign the given MPI.
Definition: crypto_rsa.c:994
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_free()

void GNUNET_CRYPTO_rsa_signature_free ( struct GNUNET_CRYPTO_RsaSignature sig)

Free memory occupied by signature.

Parameters
sigmemory to freee

Definition at line 1112 of file crypto_rsa.c.

References GNUNET_free, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by clean_rsa_sig(), and clean_rsa_signature().

1113 {
1114  gcry_sexp_release (sig->sexp);
1115  GNUNET_free (sig);
1116 }
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:70
#define GNUNET_free(ptr)
Wrapper around free.
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_encode()

size_t GNUNET_CRYPTO_rsa_signature_encode ( const struct GNUNET_CRYPTO_RsaSignature sig,
char **  buffer 
)

Encode the given signature in a format suitable for storing it into a file.

Parameters
sigthe signature
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 1127 of file crypto_rsa.c.

References buf, GNUNET_assert, GNUNET_malloc, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by bind_rsa_sig(), GNUNET_CRYPTO_rsa_signature_cmp(), GNUNET_JSON_from_rsa_signature(), my_conv_rsa_signature(), and qconv_rsa_signature().

1130 {
1131 #if NEW_CRYPTO
1132  gcry_mpi_t s;
1133  size_t buf_size;
1134  size_t rsize;
1135  unsigned char *buf;
1136  int ret;
1137 
1138  ret = key_from_sexp (&s,
1139  sig->sexp,
1140  "sig-val",
1141  "s");
1142  if (0 != ret)
1143  ret = key_from_sexp (&s,
1144  sig->sexp,
1145  "rsa",
1146  "s");
1147  GNUNET_assert (0 == ret);
1148  gcry_mpi_print (GCRYMPI_FMT_USG,
1149  NULL,
1150  0,
1151  &buf_size,
1152  s);
1153  buf = GNUNET_malloc (buf_size);
1154  GNUNET_assert (0 ==
1155  gcry_mpi_print (GCRYMPI_FMT_USG,
1156  buf,
1157  buf_size,
1158  &rsize,
1159  s));
1160  GNUNET_assert (rsize == buf_size);
1161  *buffer = (char *) buf;
1162  return buf_size;
1163 #else
1164  size_t n;
1165  char *b;
1166 
1167  n = gcry_sexp_sprint (sig->sexp,
1168  GCRYSEXP_FMT_ADVANCED,
1169  NULL,
1170  0);
1171  b = GNUNET_malloc (n);
1172  GNUNET_assert ((n - 1) == /* since the last byte is \0 */
1173  gcry_sexp_sprint (sig->sexp,
1174  GCRYSEXP_FMT_ADVANCED,
1175  b,
1176  n));
1177  *buffer = b;
1178  return n;
1179 #endif
1180 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:96
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
static char buf[2048]
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:70
#define GNUNET_malloc(size)
Wrapper around malloc.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_decode()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_decode ( const char *  buf,
size_t  len 
)

Decode the signature from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 1192 of file crypto_rsa.c.

References data, GNUNET_break, GNUNET_break_op, GNUNET_free, GNUNET_new, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by extract_rsa_sig(), extract_rsa_signature(), parse_rsa_signature(), and post_extract_rsa_signature().

1194 {
1195  struct GNUNET_CRYPTO_RsaSignature *sig;
1196 #if NEW_CRYPTO
1197  gcry_mpi_t s;
1198  gcry_sexp_t data;
1199 
1200  if (0 !=
1201  gcry_mpi_scan (&s,
1202  GCRYMPI_FMT_USG,
1203  buf,
1204  len,
1205  NULL))
1206  {
1207  GNUNET_break_op (0);
1208  return NULL;
1209  }
1210 
1211  if (0 !=
1212  gcry_sexp_build (&data,
1213  NULL,
1214  "(sig-val(rsa(s %M)))",
1215  s))
1216  {
1217  GNUNET_break (0);
1218  gcry_mpi_release (s);
1219  return NULL;
1220  }
1221  gcry_mpi_release (s);
1222  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1223  sig->sexp = data;
1224  return sig;
1225 #else
1226  int ret;
1227  gcry_mpi_t s;
1228 
1229  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1230  if (0 !=
1231  gcry_sexp_new (&sig->sexp,
1232  buf,
1233  len,
1234  0))
1235  {
1236  GNUNET_break_op (0);
1237  GNUNET_free (sig);
1238  return NULL;
1239  }
1240  /* verify that this is an RSA signature */
1241  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1242  if (0 != ret)
1243  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1244  if (0 != ret)
1245  {
1246  /* this is no RSA Signature */
1247  GNUNET_break_op (0);
1248  gcry_sexp_release (sig->sexp);
1249  GNUNET_free (sig);
1250  return NULL;
1251  }
1252  gcry_mpi_release (s);
1253 #endif
1254  return sig;
1255 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:96
an RSA signature
Definition: crypto_rsa.c:65
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur...
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
static char buf[2048]
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:70
uint32_t data
The data value.
#define GNUNET_free(ptr)
Wrapper around free.
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_dup()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_dup ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Duplicate the given public key.

Parameters
keythe public key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1265 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, and GNUNET_CRYPTO_RsaPublicKey::sexp.

1266 {
1267  struct GNUNET_CRYPTO_RsaPublicKey *dup;
1268  gcry_sexp_t dup_sexp;
1269  size_t erroff;
1270 
1271  /* check if we really are exporting a public key */
1272  dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0);
1273  GNUNET_assert (NULL != dup_sexp);
1274  gcry_sexp_release (dup_sexp);
1275  /* copy the sexp */
1276  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1277  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
1278  dup->sexp = dup_sexp;
1279  return dup;
1280 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The public information of an RSA key pair.
Definition: crypto_rsa.c:53
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58

◆ GNUNET_CRYPTO_rsa_unblind()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_unblind ( const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey 
)

Unblind a blind-signed signature.

The signature should have been generated with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with GNUNET_CRYPTO_rsa_blind().

Parameters
sigthe signature made on the blinded signature purpose
bksthe blinding key secret used to blind the signature purpose
pkeythe public key of the signer
Returns
unblinded signature on success, NULL if RSA key is bad or malicious.

Definition at line 1294 of file crypto_rsa.c.

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_break_op, GNUNET_new, key_from_sexp(), RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

1297 {
1298  struct RsaBlindingKey *bkey;
1299  gcry_mpi_t n;
1300  gcry_mpi_t s;
1301  gcry_mpi_t r_inv;
1302  gcry_mpi_t ubsig;
1303  int ret;
1304  struct GNUNET_CRYPTO_RsaSignature *sret;
1305 
1306  BENCHMARK_START (rsa_unblind);
1307 
1308  ret = key_from_sexp (&n, pkey->sexp, "public-key", "n");
1309  if (0 != ret)
1310  ret = key_from_sexp (&n, pkey->sexp, "rsa", "n");
1311  if (0 != ret)
1312  {
1313  GNUNET_break_op (0);
1314  return NULL;
1315  }
1316  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1317  if (0 != ret)
1318  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1319  if (0 != ret)
1320  {
1321  gcry_mpi_release (n);
1322  GNUNET_break_op (0);
1323  return NULL;
1324  }
1325 
1326  bkey = rsa_blinding_key_derive (pkey, bks);
1327  if (NULL == bkey)
1328  {
1329  /* RSA key is malicious since rsa_gcd_validate failed here.
1330  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1331  * so the exchange is being malicious in an unfamilair way, maybe
1332  * just trying to crash us. */
1333  GNUNET_break_op (0);
1334  gcry_mpi_release (n);
1335  gcry_mpi_release (s);
1336  return NULL;
1337  }
1338 
1339  r_inv = gcry_mpi_new (0);
1340  if (1 !=
1341  gcry_mpi_invm (r_inv,
1342  bkey->r,
1343  n))
1344  {
1345  /* We cannot find r mod n, so gcd(r,n) != 1, which should get *
1346  * caught above, but we handle it the same here. */
1347  GNUNET_break_op (0);
1348  gcry_mpi_release (r_inv);
1349  rsa_blinding_key_free (bkey);
1350  gcry_mpi_release (n);
1351  gcry_mpi_release (s);
1352  return NULL;
1353  }
1354 
1355  ubsig = gcry_mpi_new (0);
1356  gcry_mpi_mulm (ubsig, s, r_inv, n);
1357  gcry_mpi_release (n);
1358  gcry_mpi_release (r_inv);
1359  gcry_mpi_release (s);
1360  rsa_blinding_key_free (bkey);
1361 
1362  sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1363  GNUNET_assert (0 ==
1364  gcry_sexp_build (&sret->sexp,
1365  NULL,
1366  "(sig-val (rsa (s %M)))",
1367  ubsig));
1368  gcry_mpi_release (ubsig);
1369  BENCHMARK_END (rsa_unblind);
1370  return sret;
1371 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:96
static struct RsaBlindingKey * rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
Create a blinding key.
Definition: crypto_rsa.c:595
an RSA signature
Definition: crypto_rsa.c:65
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:82
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
RSA blinding key.
Definition: crypto_rsa.c:77
static void rsa_blinding_key_free(struct RsaBlindingKey *bkey)
Destroy a blinding key.
Definition: crypto_rsa.c:797
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:70
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_verify()

int GNUNET_CRYPTO_rsa_verify ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaPublicKey pkey 
)

Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key.

Parameters
hashhash of the message to verify to match the sig
sigsignature that is being validated
pkeypublic key of the signer
Returns
GNUNET_YES if ok, GNUNET_NO if RSA key is malicious, GNUNET_SYSERR if signature is invalid

Definition at line 1384 of file crypto_rsa.c.

References _, BENCHMARK_END, BENCHMARK_START, data, GNUNET_break_op, GNUNET_ERROR_TYPE_WARNING, GNUNET_NO, GNUNET_OK, GNUNET_SYSERR, LOG, mpi_to_sexp(), rsa_full_domain_hash(), GNUNET_CRYPTO_RsaPublicKey::sexp, and GNUNET_CRYPTO_RsaSignature::sexp.

1387 {
1388  gcry_sexp_t data;
1389  gcry_mpi_t r;
1390  int rc;
1391 
1392  BENCHMARK_START (rsa_verify);
1393 
1394  r = rsa_full_domain_hash (pkey, hash);
1395  if (NULL == r)
1396  {
1397  GNUNET_break_op (0);
1398  /* RSA key is malicious since rsa_gcd_validate failed here.
1399  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1400  * so the exchange is being malicious in an unfamilair way, maybe
1401  * just trying to crash us. Arguably, we've only an internal error
1402  * though because we should've detected this in our previous call
1403  * to GNUNET_CRYPTO_rsa_unblind. */return GNUNET_NO;
1404  }
1405 
1406  data = mpi_to_sexp (r);
1407  gcry_mpi_release (r);
1408 
1409  rc = gcry_pk_verify (sig->sexp,
1410  data,
1411  pkey->sexp);
1412  gcry_sexp_release (data);
1413  if (0 != rc)
1414  {
1416  _ ("RSA signature verification failed at %s:%d: %s\n"),
1417  __FILE__,
1418  __LINE__,
1419  gcry_strerror (rc));
1420  return GNUNET_SYSERR;
1421  BENCHMARK_END (rsa_verify);
1422  }
1423  BENCHMARK_END (rsa_verify);
1424  return GNUNET_OK;
1425 }
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:849
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
#define GNUNET_NO
Definition: gnunet_common.h:78
#define GNUNET_OK
Named constants for return values.
Definition: gnunet_common.h:75
static gcry_sexp_t mpi_to_sexp(gcry_mpi_t value)
Convert an MPI to an S-expression suitable for signature operations.
Definition: crypto_rsa.c:973
#define _(String)
GNU gettext support macro.
Definition: platform.h:181
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
#define LOG(kind,...)
Definition: crypto_rsa.c:33
#define GNUNET_SYSERR
Definition: gnunet_common.h:76
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:70
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:58
uint32_t data
The data value.
Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_dup()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_dup ( const struct GNUNET_CRYPTO_RsaPrivateKey key)

Duplicate the given private key.

Parameters
keythe private key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1435 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

1437 {
1438  struct GNUNET_CRYPTO_RsaPrivateKey *dup;
1439  gcry_sexp_t dup_sexp;
1440  size_t erroff;
1441 
1442  /* check if we really are exporting a private key */
1443  dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0);
1444  GNUNET_assert (NULL != dup_sexp);
1445  gcry_sexp_release (dup_sexp);
1446  /* copy the sexp */
1447  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1448  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
1449  dup->sexp = dup_sexp;
1450  return dup;
1451 }
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:46
The private information of an RSA key pair.
Definition: crypto_rsa.c:41

◆ GNUNET_CRYPTO_rsa_signature_dup()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_dup ( const struct GNUNET_CRYPTO_RsaSignature sig)

Duplicate the given private key.

Duplicate the given rsa signature.

Parameters
keythe private key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1461 of file crypto_rsa.c.

References GNUNET_assert, GNUNET_new, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

1462 {
1463  struct GNUNET_CRYPTO_RsaSignature *dup;
1464  gcry_sexp_t dup_sexp;
1465  size_t erroff;
1466  gcry_mpi_t s;
1467  int ret;
1468 
1469  /* verify that this is an RSA signature */
1470  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1471  if (0 != ret)
1472  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1473  GNUNET_assert (0 == ret);
1474  gcry_mpi_release (s);
1475  /* copy the sexp */
1476  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp));
1477  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1478  dup->sexp = dup_sexp;
1479  return dup;
1480 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:96
an RSA signature
Definition: crypto_rsa.c:65
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
#define GNUNET_new(type)
Allocate a struct or union of the given type.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:70
Here is the call graph for this function: