GNUnet 0.21.1
crypto_ecc_setup.c
Go to the documentation of this file.
1/*
2 This file is part of GNUnet.
3 Copyright (C) 2012, 2013, 2015, 2020, 2023 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
27#include "platform.h"
28#include <gcrypt.h>
29#include "gnunet_util_lib.h"
30
31#define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-ecc", __VA_ARGS__)
32
33#define LOG_STRERROR(kind, syscall) \
34 GNUNET_log_from_strerror (kind, "util-crypto-ecc", syscall)
35
36#define LOG_STRERROR_FILE(kind, syscall, filename) \
37 GNUNET_log_from_strerror_file (kind, "util-crypto-ecc", syscall, filename)
38
44#define LOG_GCRY(level, cmd, rc) \
45 do \
46 { \
47 LOG (level, \
48 _ ("`%s' failed at %s:%d with error: %s\n"), \
49 cmd, \
50 __FILE__, \
51 __LINE__, \
52 gcry_strerror (rc)); \
53 } while (0)
54
55
65static enum GNUNET_GenericReturnValue
66read_from_file (const char *filename,
67 void *buf,
68 size_t buf_size)
69{
70 int fd;
71 struct stat sb;
72
73 fd = open (filename,
74 O_RDONLY);
75 if (-1 == fd)
76 {
77 memset (buf,
78 0,
79 buf_size);
80 return GNUNET_SYSERR;
81 }
82 if (0 != fstat (fd,
83 &sb))
84 {
85 GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
86 "stat",
87 filename);
88 GNUNET_assert (0 == close (fd));
89 memset (buf,
90 0,
91 buf_size);
92 return GNUNET_SYSERR;
93 }
94 if (sb.st_size != buf_size)
95 {
96 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
97 "File `%s' has wrong size (%llu), expected %llu bytes\n",
98 filename,
99 (unsigned long long) sb.st_size,
100 (unsigned long long) buf_size);
101 GNUNET_assert (0 == close (fd));
102 memset (buf,
103 0,
104 buf_size);
105 return GNUNET_SYSERR;
106 }
107 if (buf_size !=
108 read (fd,
109 buf,
110 buf_size))
111 {
112 GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
113 "read",
114 filename);
115 GNUNET_assert (0 == close (fd));
116 memset (buf,
117 0,
118 buf_size);
119 return GNUNET_SYSERR;
120 }
121 GNUNET_assert (0 == close (fd));
122 return GNUNET_OK;
123}
124
125
143enum GNUNET_GenericReturnValue
144GNUNET_CRYPTO_eddsa_key_from_file (const char *filename,
145 int do_create,
146 struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
147{
148 enum GNUNET_GenericReturnValue ret;
149
150 if (GNUNET_OK ==
151 read_from_file (filename,
152 pkey,
153 sizeof (*pkey)))
154 {
155 /* file existed, report that we didn't create it... */
156 return (do_create) ? GNUNET_NO : GNUNET_OK;
157 }
158 else if (! do_create)
159 {
160 return GNUNET_SYSERR;
161 }
162
163 GNUNET_CRYPTO_eddsa_key_create (pkey);
164 ret = GNUNET_DISK_fn_write (filename,
165 pkey,
166 sizeof (*pkey),
167 GNUNET_DISK_PERM_USER_READ);
168 if ( (GNUNET_OK == ret) ||
169 (GNUNET_SYSERR == ret) )
170 return ret;
171 /* maybe another process succeeded in the meantime, try reading one more time */
172 if (GNUNET_OK ==
173 read_from_file (filename,
174 pkey,
175 sizeof (*pkey)))
176 {
177 /* file existed, report that *we* didn't create it... */
178 return GNUNET_NO;
179 }
180 /* give up */
181 return GNUNET_SYSERR;
182}
183
184
200enum GNUNET_GenericReturnValue
201GNUNET_CRYPTO_ecdsa_key_from_file (const char *filename,
202 int do_create,
203 struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
204{
205 if (GNUNET_OK ==
206 read_from_file (filename,
207 pkey,
208 sizeof (*pkey)))
209 {
210 /* file existed, report that we didn't create it... */
211 return (do_create) ? GNUNET_NO : GNUNET_OK;
212 }
213 else if (! do_create)
214 {
215 return GNUNET_SYSERR;
216 }
217 GNUNET_CRYPTO_ecdsa_key_create (pkey);
218 if (GNUNET_OK ==
219 GNUNET_DISK_fn_write (filename,
220 pkey,
221 sizeof (*pkey),
222 GNUNET_DISK_PERM_USER_READ))
223 return GNUNET_OK;
224 /* maybe another process succeeded in the meantime, try reading one more time */
225 if (GNUNET_OK ==
226 read_from_file (filename,
227 pkey,
228 sizeof (*pkey)))
229 {
230 /* file existed, report that *we* didn't create it... */
231 return GNUNET_NO;
232 }
233 /* give up */
234 return GNUNET_SYSERR;
235}
236
237
246struct GNUNET_CRYPTO_EddsaPrivateKey *
247GNUNET_CRYPTO_eddsa_key_create_from_configuration (
248 const struct GNUNET_CONFIGURATION_Handle *cfg)
249{
250 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
251 char *fn;
252
253 if (GNUNET_OK !=
254 GNUNET_CONFIGURATION_get_value_filename (cfg,
255 "PEER",
256 "PRIVATE_KEY",
257 &fn))
258 return NULL;
259 priv = GNUNET_new (struct GNUNET_CRYPTO_EddsaPrivateKey);
260 if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_key_from_file (fn,
261 GNUNET_YES,
262 priv))
263 {
264 GNUNET_free (fn);
265 GNUNET_free (priv);
266 return NULL;
267 }
268 GNUNET_free (fn);
269 return priv;
270}
271
272
273enum GNUNET_GenericReturnValue
274GNUNET_CRYPTO_get_peer_identity (const struct GNUNET_CONFIGURATION_Handle *cfg,
275 struct GNUNET_PeerIdentity *dst)
276{
277 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
278
279 if (NULL == (priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg)))
280 {
281 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
282 _ ("Could not load peer's private key\n"));
283 return GNUNET_SYSERR;
284 }
285 GNUNET_CRYPTO_eddsa_key_get_public (priv,
286 &dst->public_key);
287 GNUNET_free (priv);
288 return GNUNET_OK;
289}
290
291
292enum GNUNET_GenericReturnValue
293GNUNET_CRYPTO_sign_by_peer_identity (const struct
294 GNUNET_CONFIGURATION_Handle *cfg,
295 const struct
296 GNUNET_CRYPTO_EccSignaturePurpose *purpose,
297 struct GNUNET_CRYPTO_EddsaSignature *sig)
298{
299 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
300
301 if (NULL == (priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg)))
302 {
303 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
304 _ ("Could not load peer's private key\n"));
305 return GNUNET_SYSERR;
306 }
307
308 return GNUNET_CRYPTO_eddsa_sign_ (priv, purpose, sig);
309}
310
311
312enum GNUNET_GenericReturnValue
313GNUNET_CRYPTO_verify_peer_identity (uint32_t purpose,
314 const struct
315 GNUNET_CRYPTO_EccSignaturePurpose *validate,
316 const struct
317 GNUNET_CRYPTO_EddsaSignature *sig,
318 const struct GNUNET_PeerIdentity *identity)
319{
320 return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate, sig,
321 &identity->public_key);
322}
323
324
333void
334GNUNET_CRYPTO_eddsa_setup_key (const char *cfg_name)
335{
336 struct GNUNET_CONFIGURATION_Handle *cfg;
337 struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
338
339 cfg = GNUNET_CONFIGURATION_create ();
340 (void) GNUNET_CONFIGURATION_load (cfg, cfg_name);
341 priv = GNUNET_CRYPTO_eddsa_key_create_from_configuration (cfg);
342 if (NULL != priv)
343 GNUNET_free (priv);
344 GNUNET_CONFIGURATION_destroy (cfg);
345}
346
347
348/* end of crypto_ecc_setup.c */
read_from_file
static enum GNUNET_GenericReturnValue read_from_file(const char *filename, void *buf, size_t buf_size)
Read file to buf.
Definition: crypto_ecc_setup.c:66
GNUNET_CRYPTO_eddsa_setup_key
void GNUNET_CRYPTO_eddsa_setup_key(const char *cfg_name)
Setup a key file for a peer given the name of the configuration file (!).
Definition: crypto_ecc_setup.c:334
ret
static int ret
Final status code.
Definition: gnunet-arm.c:94
cfg
static struct GNUNET_CONFIGURATION_Handle * cfg
Our configuration.
Definition: gnunet-arm.c:109
filename
static char * filename
Definition: gnunet-download.c:52
pkey
static char * pkey
Public key of the zone to look in, in ASCII.
Definition: gnunet-namecache.c:58
identity
static struct GNUNET_IDENTITY_Handle * identity
Which namespace do we publish to? NULL if we do not publish to a namespace.
Definition: gnunet-publish.c:142
gnunet_util_lib.h
GNUNET_CONFIGURATION_get_value_filename
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_get_value_filename(const struct GNUNET_CONFIGURATION_Handle *cfg, const char *section, const char *option, char **value)
Get a configuration value that should be the name of a file or directory.
Definition: configuration.c:2041
GNUNET_CONFIGURATION_destroy
void GNUNET_CONFIGURATION_destroy(struct GNUNET_CONFIGURATION_Handle *cfg)
Destroy configuration object.
Definition: configuration.c:307
GNUNET_CONFIGURATION_create
struct GNUNET_CONFIGURATION_Handle * GNUNET_CONFIGURATION_create(void)
Create a new configuration object.
Definition: configuration.c:222
GNUNET_CONFIGURATION_load
enum GNUNET_GenericReturnValue GNUNET_CONFIGURATION_load(struct GNUNET_CONFIGURATION_Handle *cfg, const char *filename)
Load configuration.
Definition: configuration.c:2495
GNUNET_CRYPTO_sign_by_peer_identity
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_sign_by_peer_identity(const struct GNUNET_CONFIGURATION_Handle *cfg, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
Sign a given block with a specific purpose using the host's peer identity.
Definition: crypto_ecc_setup.c:293
GNUNET_CRYPTO_ecdsa_key_from_file
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_key_from_file(const char *filename, int do_create, struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey)
Create a new private key by reading it from a file.
Definition: crypto_ecc_setup.c:201
GNUNET_CRYPTO_eddsa_key_from_file
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_key_from_file(const char *filename, int do_create, struct GNUNET_CRYPTO_EddsaPrivateKey *pkey)
Create a new private key by reading it from a file.
Definition: crypto_ecc_setup.c:144
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:198
GNUNET_CRYPTO_eddsa_key_create
void GNUNET_CRYPTO_eddsa_key_create(struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:462
GNUNET_CRYPTO_ecdsa_key_create
void GNUNET_CRYPTO_ecdsa_key_create(struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
Create a new private key.
Definition: crypto_ecc.c:447
GNUNET_CRYPTO_eddsa_sign_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
EdDSA sign a given block.
Definition: crypto_ecc.c:607
GNUNET_CRYPTO_eddsa_verify_
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Verify EdDSA signature.
Definition: crypto_ecc.c:690
GNUNET_CRYPTO_get_peer_identity
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_get_peer_identity(const struct GNUNET_CONFIGURATION_Handle *cfg, struct GNUNET_PeerIdentity *dst)
Retrieve the identity of the host's peer.
Definition: crypto_ecc_setup.c:274
GNUNET_CRYPTO_verify_peer_identity
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_verify_peer_identity(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_CRYPTO_EddsaSignature *sig, const struct GNUNET_PeerIdentity *identity)
Verify a given signature with a peer's identity.
Definition: crypto_ecc_setup.c:313
GNUNET_CRYPTO_eddsa_key_create_from_configuration
struct GNUNET_CRYPTO_EddsaPrivateKey * GNUNET_CRYPTO_eddsa_key_create_from_configuration(const struct GNUNET_CONFIGURATION_Handle *cfg)
Create a new private key by reading our peer's key from the file specified in the configuration.
Definition: crypto_ecc_setup.c:247
GNUNET_DISK_fn_write
enum GNUNET_GenericReturnValue GNUNET_DISK_fn_write(const char *fn, const void *buf, size_t buf_size, enum GNUNET_DISK_AccessPermissions mode)
Write a buffer to a file atomically.
Definition: disk.c:725
GNUNET_DISK_PERM_USER_READ
@ GNUNET_DISK_PERM_USER_READ
Owner can read.
Definition: gnunet_disk_lib.h:174
GNUNET_log
#define GNUNET_log(kind,...)
Definition: gnunet_common.h:562
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:106
GNUNET_OK
@ GNUNET_OK
Definition: gnunet_common.h:109
GNUNET_YES
@ GNUNET_YES
Definition: gnunet_common.h:111
GNUNET_NO
@ GNUNET_NO
Definition: gnunet_common.h:108
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition: gnunet_common.h:107
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition: gnunet_common.h:937
GNUNET_log_strerror_file
#define GNUNET_log_strerror_file(level, cmd, filename)
Log an error message at log-level 'level' that indicates a failure of the command 'cmd' with the mess...
Definition: gnunet_common.h:1096
GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_WARNING
Definition: gnunet_common.h:432
GNUNET_ERROR_TYPE_ERROR
@ GNUNET_ERROR_TYPE_ERROR
Definition: gnunet_common.h:431
GNUNET_new
#define GNUNET_new(type)
Allocate a struct or union of the given type.
Definition: gnunet_common.h:1208
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition: gnunet_common.h:1406
_
#define _(String)
GNU gettext support macro.
Definition: platform.h:178
GNUNET_CONFIGURATION_Handle
configuration data
Definition: configuration.c:149
GNUNET_CRYPTO_EccSignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition: gnunet_crypto_lib.h:141
GNUNET_CRYPTO_EcdsaPrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:266
GNUNET_CRYPTO_EddsaPrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:278
GNUNET_CRYPTO_EddsaSignature
an ECC signature using EdDSA.
Definition: gnunet_crypto_lib.h:164
GNUNET_PeerIdentity
The identity of the host (wraps the signing key of the peer).
Definition: gnunet_crypto_lib.h:229
GNUNET_PeerIdentity::public_key
struct GNUNET_CRYPTO_EddsaPublicKey public_key
Definition: gnunet_crypto_lib.h:230