GNUnet  0.11.x
Data Structures | Macros | Functions
crypto_rsa.c File Reference

Chaum-style Blind signatures based on RSA. More...

#include "platform.h"
#include <gcrypt.h>
#include "gnunet_crypto_lib.h"
#include "benchmark.h"
Include dependency graph for crypto_rsa.c:

Go to the source code of this file.

Data Structures

struct  GNUNET_CRYPTO_RsaPrivateKey
 The private information of an RSA key pair. More...
 
struct  GNUNET_CRYPTO_RsaPublicKey
 The public information of an RSA key pair. More...
 
struct  GNUNET_CRYPTO_RsaSignature
 an RSA signature More...
 
struct  RsaBlindingKey
 RSA blinding key. More...
 
struct  GNUNET_CRYPTO_RsaPublicKeyHeaderP
 Format of the header of a serialized RSA public key. More...
 

Macros

#define LOG(kind, ...)   GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__)
 

Functions

static int key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
 Extract values from an S-expression. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
 Create a new private key. More...
 
void GNUNET_CRYPTO_rsa_private_key_free (struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Free memory occupied by the private key. More...
 
size_t GNUNET_CRYPTO_rsa_private_key_encode (const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
 Encode the private key in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_decode (const void *buf, size_t buf_size)
 Decode the private key from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_private_key_get_public (const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
 Extract the public key of the given private key. More...
 
void GNUNET_CRYPTO_rsa_public_key_free (struct GNUNET_CRYPTO_RsaPublicKey *key)
 Free memory occupied by the public key. More...
 
GNUNET_NETWORK_STRUCT_END bool GNUNET_CRYPTO_rsa_public_key_check (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Check if key is well-formed. More...
 
size_t GNUNET_CRYPTO_rsa_public_key_encode (const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
 Encode the public key in a format suitable for storing it into a file. More...
 
void GNUNET_CRYPTO_rsa_public_key_hash (const struct GNUNET_CRYPTO_RsaPublicKey *key, struct GNUNET_HashCode *hc)
 Compute hash over the public key. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_decode (const char *buf, size_t len)
 Decode the public key from the data-format back to the "normal", internal format. More...
 
static int rsa_gcd_validate (gcry_mpi_t r, gcry_mpi_t n)
 Test for malicious RSA key. More...
 
static struct RsaBlindingKeyrsa_blinding_key_derive (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
 Create a blinding key. More...
 
int GNUNET_CRYPTO_rsa_signature_cmp (const struct GNUNET_CRYPTO_RsaSignature *s1, const struct GNUNET_CRYPTO_RsaSignature *s2)
 Compare the values of two signatures. More...
 
int GNUNET_CRYPTO_rsa_public_key_cmp (const struct GNUNET_CRYPTO_RsaPublicKey *p1, const struct GNUNET_CRYPTO_RsaPublicKey *p2)
 Compare the values of two public keys. More...
 
int GNUNET_CRYPTO_rsa_private_key_cmp (const struct GNUNET_CRYPTO_RsaPrivateKey *p1, const struct GNUNET_CRYPTO_RsaPrivateKey *p2)
 Compare the values of two private keys. More...
 
unsigned int GNUNET_CRYPTO_rsa_public_key_len (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Obtain the length of the RSA key in bits. More...
 
static void rsa_blinding_key_free (struct RsaBlindingKey *bkey)
 Destroy a blinding key. More...
 
static size_t numeric_mpi_alloc_n_print (gcry_mpi_t v, char **buffer)
 Print an MPI to a newly created buffer. More...
 
static gcry_mpi_t rsa_full_domain_hash (const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
 Computes a full domain hash seeded by the given public key. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_blind (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey, void **buf, size_t *buf_size)
 Blinds the given message with the given blinding key. More...
 
static gcry_sexp_t mpi_to_sexp (gcry_mpi_t value)
 Convert an MPI to an S-expression suitable for signature operations. More...
 
static struct GNUNET_CRYPTO_RsaSignaturersa_sign_mpi (const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
 Sign the given MPI. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_blinded (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const void *msg, size_t msg_len)
 Sign a blinded value, which must be a full domain hash of a message. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_sign_fdh (const struct GNUNET_CRYPTO_RsaPrivateKey *key, const struct GNUNET_HashCode *hash)
 Create and sign a full domain hash of a message. More...
 
void GNUNET_CRYPTO_rsa_signature_free (struct GNUNET_CRYPTO_RsaSignature *sig)
 Free memory occupied by signature. More...
 
size_t GNUNET_CRYPTO_rsa_signature_encode (const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
 Encode the given signature in a format suitable for storing it into a file. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_decode (const void *buf, size_t buf_size)
 Decode the signature from the data-format back to the "normal", internal format. More...
 
struct GNUNET_CRYPTO_RsaPublicKeyGNUNET_CRYPTO_rsa_public_key_dup (const struct GNUNET_CRYPTO_RsaPublicKey *key)
 Duplicate the given public key. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, struct GNUNET_CRYPTO_RsaPublicKey *pkey)
 Unblind a blind-signed signature. More...
 
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify (const struct GNUNET_HashCode *hash, const struct GNUNET_CRYPTO_RsaSignature *sig, const struct GNUNET_CRYPTO_RsaPublicKey *pkey)
 Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key. More...
 
struct GNUNET_CRYPTO_RsaPrivateKeyGNUNET_CRYPTO_rsa_private_key_dup (const struct GNUNET_CRYPTO_RsaPrivateKey *key)
 Duplicate the given private key. More...
 
struct GNUNET_CRYPTO_RsaSignatureGNUNET_CRYPTO_rsa_signature_dup (const struct GNUNET_CRYPTO_RsaSignature *sig)
 Duplicate the given rsa signature. More...
 

Detailed Description

Chaum-style Blind signatures based on RSA.

Author
Sree Harsha Totakura sreeh.nosp@m.arsh.nosp@m.a@tot.nosp@m.akur.nosp@m.a.in
Christian Grothoff
Jeffrey Burdges burdg.nosp@m.es@g.nosp@m.nunet.nosp@m..org

Definition in file crypto_rsa.c.

Macro Definition Documentation

◆ LOG

#define LOG (   kind,
  ... 
)    GNUNET_log_from (kind, "util-crypto-rsa", __VA_ARGS__)

Definition at line 33 of file crypto_rsa.c.

Function Documentation

◆ key_from_sexp()

static int key_from_sexp ( gcry_mpi_t *  array,
gcry_sexp_t  sexp,
const char *  topname,
const char *  elems 
)
static

Extract values from an S-expression.

Parameters
arraywhere to store the result(s)
sexpS-expression to parse
topnametop-level name in the S-expression that is of interest
elemsnames of the elements to extract
Returns
0 on success

Definition at line 94 of file crypto_rsa.c.

98 {
99  gcry_sexp_t list;
100  gcry_sexp_t l2;
101  const char *s;
102  unsigned int idx;
103 
104  if (! (list = gcry_sexp_find_token (sexp, topname, 0)))
105  return 1;
106  l2 = gcry_sexp_cadr (list);
107  gcry_sexp_release (list);
108  list = l2;
109  if (! list)
110  return 2;
111  idx = 0;
112  for (s = elems; *s; s++, idx++)
113  {
114  if (! (l2 = gcry_sexp_find_token (list, s, 1)))
115  {
116  for (unsigned int i = 0; i < idx; i++)
117  {
118  gcry_free (array[i]);
119  array[i] = NULL;
120  }
121  gcry_sexp_release (list);
122  return 3; /* required parameter not found */
123  }
124  array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
125  gcry_sexp_release (l2);
126  if (! array[idx])
127  {
128  for (unsigned int i = 0; i < idx; i++)
129  {
130  gcry_free (array[i]);
131  array[i] = NULL;
132  }
133  gcry_sexp_release (list);
134  return 4; /* required parameter is invalid */
135  }
136  }
137  gcry_sexp_release (list);
138  return 0;
139 }
static int list
Set if we should print a list of currently running services.
Definition: gnunet-arm.c:69

References list.

Referenced by GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_check(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_CRYPTO_rsa_public_key_len(), GNUNET_CRYPTO_rsa_signature_dup(), GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_CRYPTO_rsa_unblind(), and rsa_blinding_key_derive().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_create()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_create ( unsigned int  len)

Create a new private key.

Caller must free return value.

Parameters
lenlength of the key in bits (e.g. 2048)
Returns
fresh private key

Definition at line 143 of file crypto_rsa.c.

144 {
146  gcry_sexp_t s_key;
147  gcry_sexp_t s_keyparam;
148 
149  BENCHMARK_START (rsa_private_key_create);
150 
151  GNUNET_assert (0 ==
152  gcry_sexp_build (&s_keyparam,
153  NULL,
154  "(genkey(rsa(nbits %d)))",
155  len));
156  GNUNET_assert (0 ==
157  gcry_pk_genkey (&s_key,
158  s_keyparam));
159  gcry_sexp_release (s_keyparam);
160 #if EXTRA_CHECKS
161  GNUNET_assert (0 ==
162  gcry_pk_testkey (s_key));
163 #endif
165  ret->sexp = s_key;
166  BENCHMARK_END (rsa_private_key_create);
167  return ret;
168 }
#define BENCHMARK_START(opname)
Definition: benchmark.h:57
#define BENCHMARK_END(opname)
Definition: benchmark.h:58
static int ret
Return value of the commandline.
Definition: gnunet-abd.c:81
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_new(type)
Allocate a struct or union of the given type.
The private information of an RSA key pair.
Definition: crypto_rsa.c:40

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_new, len, and ret.

Referenced by output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_free()

void GNUNET_CRYPTO_rsa_private_key_free ( struct GNUNET_CRYPTO_RsaPrivateKey key)

Free memory occupied by the private key.

Parameters
keypointer to the memory to free

Definition at line 172 of file crypto_rsa.c.

173 {
174  gcry_sexp_release (key->sexp);
175  GNUNET_free (key);
176 }
struct GNUNET_HashCode key
The key used in the DHT.
#define GNUNET_free(ptr)
Wrapper around free.

References GNUNET_free, and key.

Referenced by GNUNET_CRYPTO_rsa_private_key_decode(), and output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_encode()

size_t GNUNET_CRYPTO_rsa_private_key_encode ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
void **  buffer 
)

Encode the private key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocatedin buffer

Definition at line 180 of file crypto_rsa.c.

183 {
184  size_t n;
185  char *b;
186 
187  n = gcry_sexp_sprint (key->sexp,
188  GCRYSEXP_FMT_DEFAULT,
189  NULL,
190  0);
191  b = GNUNET_malloc (n);
192  GNUNET_assert ((n - 1) == /* since the last byte is \0 */
193  gcry_sexp_sprint (key->sexp,
194  GCRYSEXP_FMT_DEFAULT,
195  b,
196  n));
197  *buffer = b;
198  return n;
199 }
#define GNUNET_malloc(size)
Wrapper around malloc.

References GNUNET_assert, GNUNET_malloc, and key.

Referenced by GNUNET_CRYPTO_rsa_private_key_cmp(), and output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_decode()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_decode ( const void *  buf,
size_t  buf_size 
)

Decode the private key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the private key data is stored
buf_sizethe size of the data in buf
Returns
NULL on error

Definition at line 203 of file crypto_rsa.c.

205 {
207 
209  if (0 !=
210  gcry_sexp_new (&key->sexp,
211  buf,
212  buf_size,
213  0))
214  {
216  "Decoded private key is not valid\n");
217  GNUNET_free (key);
218  return NULL;
219  }
220  if (0 != gcry_pk_testkey (key->sexp))
221  {
223  "Decoded private key is not valid\n");
225  return NULL;
226  }
227  return key;
228 }
void GNUNET_CRYPTO_rsa_private_key_free(struct GNUNET_CRYPTO_RsaPrivateKey *key)
Free memory occupied by the private key.
Definition: crypto_rsa.c:172
#define LOG(kind,...)
Definition: crypto_rsa.c:33
static char buf[2048]
@ GNUNET_ERROR_TYPE_WARNING

References buf, GNUNET_CRYPTO_rsa_private_key_free(), GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_new, key, and LOG.

Referenced by checkvec().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_get_public()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_private_key_get_public ( const struct GNUNET_CRYPTO_RsaPrivateKey priv)

Extract the public key of the given private key.

Parameters
privthe private key
Returns
NULL on error, otherwise the public key

Definition at line 232 of file crypto_rsa.c.

234 {
236  gcry_mpi_t ne[2];
237  int rc;
238  gcry_sexp_t result;
239 
240  BENCHMARK_START (rsa_private_key_get_public);
241 
242  rc = key_from_sexp (ne, priv->sexp, "public-key", "ne");
243  if (0 != rc)
244  rc = key_from_sexp (ne, priv->sexp, "private-key", "ne");
245  if (0 != rc)
246  rc = key_from_sexp (ne, priv->sexp, "rsa", "ne");
247  if (0 != rc)
248  {
249  GNUNET_break_op (0);
250  return NULL;
251  }
252  rc = gcry_sexp_build (&result,
253  NULL,
254  "(public-key(rsa(n %m)(e %m)))",
255  ne[0],
256  ne[1]);
257  gcry_mpi_release (ne[0]);
258  gcry_mpi_release (ne[1]);
260  pub->sexp = result;
261  BENCHMARK_END (rsa_private_key_get_public);
262  return pub;
263 }
static int key_from_sexp(gcry_mpi_t *array, gcry_sexp_t sexp, const char *topname, const char *elems)
Extract values from an S-expression.
Definition: crypto_rsa.c:94
static int result
Global testing status.
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:46
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA private key.
Definition: crypto_rsa.c:44
The public information of an RSA key pair.
Definition: crypto_rsa.c:52

References BENCHMARK_END, BENCHMARK_START, GNUNET_break_op, GNUNET_new, key_from_sexp(), pub, result, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

Referenced by GNUNET_CRYPTO_rsa_sign_fdh(), output_vectors(), and rsa_sign_mpi().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_free()

void GNUNET_CRYPTO_rsa_public_key_free ( struct GNUNET_CRYPTO_RsaPublicKey key)

Free memory occupied by the public key.

Parameters
keypointer to the memory to free

Definition at line 267 of file crypto_rsa.c.

268 {
269  gcry_sexp_release (key->sexp);
270  GNUNET_free (key);
271 }

References GNUNET_free, and key.

Referenced by clean_rsa_pub(), clean_rsa_public_key(), GNUNET_CRYPTO_rsa_sign_fdh(), output_vectors(), and rsa_sign_mpi().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_check()

GNUNET_NETWORK_STRUCT_END bool GNUNET_CRYPTO_rsa_public_key_check ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Check if key is well-formed.

Returns
true if key is well-formed.

Definition at line 300 of file crypto_rsa.c.

302 {
303  gcry_mpi_t ne[2];
304  int ret;
305 
306  ret = key_from_sexp (ne,
307  key->sexp,
308  "public-key",
309  "ne");
310  if (0 != ret)
311  ret = key_from_sexp (ne,
312  key->sexp,
313  "rsa",
314  "ne");
315  if (0 != ret)
316  return false;
317  gcry_mpi_release (ne[0]);
318  gcry_mpi_release (ne[1]);
319  return true;
320 }

References key, key_from_sexp(), and ret.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_encode()

size_t GNUNET_CRYPTO_rsa_public_key_encode ( const struct GNUNET_CRYPTO_RsaPublicKey key,
void **  buffer 
)

Encode the public key in a format suitable for storing it into a file.

Parameters
keythe private key
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 324 of file crypto_rsa.c.

327 {
328  gcry_mpi_t ne[2];
329  size_t n_size;
330  size_t e_size;
331  size_t rsize;
332  size_t buf_size;
333  char *buf;
335  int ret;
336 
337  ret = key_from_sexp (ne,
338  key->sexp,
339  "public-key",
340  "ne");
341  if (0 != ret)
342  ret = key_from_sexp (ne,
343  key->sexp,
344  "rsa",
345  "ne");
346  if (0 != ret)
347  {
348  GNUNET_break (0);
349  *buffer = NULL;
350  return 0;
351  }
352  gcry_mpi_print (GCRYMPI_FMT_USG,
353  NULL,
354  0,
355  &n_size,
356  ne[0]);
357  gcry_mpi_print (GCRYMPI_FMT_USG,
358  NULL,
359  0,
360  &e_size,
361  ne[1]);
362  if ( (e_size > UINT16_MAX) ||
363  (n_size > UINT16_MAX) )
364  {
365  GNUNET_break (0);
366  if (NULL != buffer)
367  *buffer = NULL;
368  gcry_mpi_release (ne[0]);
369  gcry_mpi_release (ne[1]);
370  return 0;
371  }
372  buf_size = n_size + e_size + sizeof (hdr);
373  if (NULL == buffer)
374  {
375  gcry_mpi_release (ne[0]);
376  gcry_mpi_release (ne[1]);
377  return buf_size;
378  }
379  buf = GNUNET_malloc (buf_size);
380  hdr.modulus_length = htons ((uint16_t) n_size);
381  hdr.public_exponent_length = htons ((uint16_t) e_size);
382  memcpy (buf,
383  &hdr,
384  sizeof (hdr));
385  GNUNET_assert (0 ==
386  gcry_mpi_print (GCRYMPI_FMT_USG,
387  (unsigned char *) &buf[sizeof (hdr)],
388  n_size,
389  &rsize,
390  ne[0]));
391 
392  GNUNET_assert (0 ==
393  gcry_mpi_print (GCRYMPI_FMT_USG,
394  (unsigned char *) &buf[sizeof (hdr) + n_size],
395  e_size,
396  &rsize,
397  ne[1]));
398  *buffer = buf;
399  gcry_mpi_release (ne[0]);
400  gcry_mpi_release (ne[1]);
401  return buf_size;
402 }
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Format of the header of a serialized RSA public key.
Definition: crypto_rsa.c:280

References buf, GNUNET_assert, GNUNET_break, GNUNET_malloc, key, key_from_sexp(), GNUNET_CRYPTO_RsaPublicKeyHeaderP::modulus_length, GNUNET_CRYPTO_RsaPublicKeyHeaderP::public_exponent_length, and ret.

Referenced by bind_rsa_pub(), checkvec(), GNUNET_CRYPTO_rsa_blind(), GNUNET_CRYPTO_rsa_public_key_cmp(), GNUNET_CRYPTO_rsa_public_key_hash(), GNUNET_JSON_from_rsa_public_key(), GNUNET_PQ_query_param_rsa_public_key(), my_conv_rsa_public_key(), and output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_hash()

void GNUNET_CRYPTO_rsa_public_key_hash ( const struct GNUNET_CRYPTO_RsaPublicKey key,
struct GNUNET_HashCode hc 
)

Compute hash over the public key.

Parameters
keypublic key to hash
hcwhere to store the hash code

Definition at line 406 of file crypto_rsa.c.

408 {
409  void *buf;
410  size_t buf_size;
411 
413  &buf);
415  buf_size,
416  hc);
417  GNUNET_free (buf);
418 }
size_t GNUNET_CRYPTO_rsa_public_key_encode(const struct GNUNET_CRYPTO_RsaPublicKey *key, void **buffer)
Encode the public key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:324
void GNUNET_CRYPTO_hash(const void *block, size_t size, struct GNUNET_HashCode *ret)
Compute hash of a given block.
Definition: crypto_hash.c:41

References buf, GNUNET_CRYPTO_hash(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, and key.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_decode()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_decode ( const char *  buf,
size_t  len 
)

Decode the public key from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
lenthe length of the data in buf
Returns
NULL on error

Definition at line 422 of file crypto_rsa.c.

424 {
427  size_t e_size;
428  size_t n_size;
429  gcry_mpi_t n;
430  gcry_mpi_t e;
431  gcry_sexp_t data;
432 
433  if (len < sizeof (hdr))
434  {
435  GNUNET_break_op (0);
436  return NULL;
437  }
438  memcpy (&hdr, buf, sizeof (hdr));
439  n_size = ntohs (hdr.modulus_length);
440  e_size = ntohs (hdr.public_exponent_length);
441  if (len != sizeof (hdr) + e_size + n_size)
442  {
443  GNUNET_break_op (0);
444  return NULL;
445  }
446  if (0 !=
447  gcry_mpi_scan (&n,
448  GCRYMPI_FMT_USG,
449  &buf[sizeof (hdr)],
450  n_size,
451  NULL))
452  {
453  GNUNET_break_op (0);
454  return NULL;
455  }
456  if (0 !=
457  gcry_mpi_scan (&e,
458  GCRYMPI_FMT_USG,
459  &buf[sizeof (hdr) + n_size],
460  e_size,
461  NULL))
462  {
463  GNUNET_break_op (0);
464  gcry_mpi_release (n);
465  return NULL;
466  }
467 
468  if (0 !=
469  gcry_sexp_build (&data,
470  NULL,
471  "(public-key(rsa(n %m)(e %m)))",
472  n,
473  e))
474  {
475  GNUNET_break (0);
476  gcry_mpi_release (n);
477  gcry_mpi_release (e);
478  return NULL;
479  }
480  gcry_mpi_release (n);
481  gcry_mpi_release (e);
483  key->sexp = data;
484  return key;
485 }
static struct Experiment * e
uint32_t data
The data value.

References buf, data, e, GNUNET_break, GNUNET_break_op, GNUNET_new, key, len, GNUNET_CRYPTO_RsaPublicKeyHeaderP::modulus_length, and GNUNET_CRYPTO_RsaPublicKeyHeaderP::public_exponent_length.

Referenced by checkvec(), extract_rsa_pub(), and post_extract_rsa_public_key().

Here is the caller graph for this function:

◆ rsa_gcd_validate()

static int rsa_gcd_validate ( gcry_mpi_t  r,
gcry_mpi_t  n 
)
static

Test for malicious RSA key.

Assuming n is an RSA modulous and r is generated using a call to GNUNET_CRYPTO_kdf_mod_mpi, if gcd(r,n) != 1 then n must be a malicious RSA key designed to deanomize the user.

Parameters
rKDF result
nRSA modulus
Returns
True if gcd(r,n) = 1, False means RSA key is malicious

Definition at line 500 of file crypto_rsa.c.

502 {
503  gcry_mpi_t g;
504  int t;
505 
506  g = gcry_mpi_new (0);
507  t = gcry_mpi_gcd (g, r, n);
508  gcry_mpi_release (g);
509  return t;
510 }
static struct GNUNET_SCHEDULER_Task * t
Main task.

References t.

Referenced by GNUNET_CRYPTO_rsa_blind(), and rsa_blinding_key_derive().

Here is the caller graph for this function:

◆ rsa_blinding_key_derive()

static struct RsaBlindingKey* rsa_blinding_key_derive ( const struct GNUNET_CRYPTO_RsaPublicKey pkey,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks 
)
static

Create a blinding key.

Parameters
lenlength of the key in bits (e.g. 2048)
bkspre-secret to use to derive the blinding key
Returns
the newly created blinding key, NULL if RSA key is malicious

Definition at line 521 of file crypto_rsa.c.

523 {
524  const char *xts = "Blinding KDF extractor HMAC key"; /* Trusts bks' randomness more */
525  struct RsaBlindingKey *blind;
526  gcry_mpi_t n;
527 
528  blind = GNUNET_new (struct RsaBlindingKey);
529 
530  /* Extract the composite n from the RSA public key */
531  GNUNET_assert (0 ==
532  key_from_sexp (&n,
533  pkey->sexp,
534  "rsa",
535  "n"));
536  /* Assert that it at least looks like an RSA key */
537  GNUNET_assert (0 ==
538  gcry_mpi_get_flag (n,
539  GCRYMPI_FLAG_OPAQUE));
540  GNUNET_CRYPTO_kdf_mod_mpi (&blind->r,
541  n,
542  xts, strlen (xts),
543  bks, sizeof(*bks),
544  "Blinding KDF");
545  if (0 == rsa_gcd_validate (blind->r,
546  n))
547  {
548  gcry_mpi_release (blind->r);
549  GNUNET_free (blind);
550  blind = NULL;
551  }
552  gcry_mpi_release (n);
553  return blind;
554 }
static int rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
Test for malicious RSA key.
Definition: crypto_rsa.c:500
static char * pkey
Public key of the zone to look in, in ASCII.
void GNUNET_CRYPTO_kdf_mod_mpi(gcry_mpi_t *r, gcry_mpi_t n, const void *xts, size_t xts_len, const void *skm, size_t skm_len, const char *ctx)
Deterministically generate a pseudo-random number uniformly from the integers modulo a libgcrypt mpi.
Definition: crypto_kdf.c:94
RSA blinding key.
Definition: crypto_rsa.c:76
gcry_mpi_t r
Random value used for blinding.
Definition: crypto_rsa.c:80

References GNUNET_assert, GNUNET_CRYPTO_kdf_mod_mpi(), GNUNET_free, GNUNET_new, key_from_sexp(), pkey, RsaBlindingKey::r, and rsa_gcd_validate().

Referenced by GNUNET_CRYPTO_rsa_unblind().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_cmp()

int GNUNET_CRYPTO_rsa_signature_cmp ( const struct GNUNET_CRYPTO_RsaSignature s1,
const struct GNUNET_CRYPTO_RsaSignature s2 
)

Compare the values of two signatures.

Parameters
s1one signature
s2the other signature
Returns
0 if the two are equal

Definition at line 601 of file crypto_rsa.c.

603 {
604  void *b1;
605  void *b2;
606  size_t z1;
607  size_t z2;
608  int ret;
609 
611  &b1);
613  &b2);
614  if (z1 != z2)
615  ret = 1;
616  else
617  ret = memcmp (b1,
618  b2,
619  z1);
620  GNUNET_free (b1);
621  GNUNET_free (b2);
622  return ret;
623 }
size_t GNUNET_CRYPTO_rsa_signature_encode(const struct GNUNET_CRYPTO_RsaSignature *sig, void **buffer)
Encode the given signature in a format suitable for storing it into a file.
Definition: crypto_rsa.c:998

References GNUNET_CRYPTO_rsa_signature_encode(), GNUNET_free, and ret.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_cmp()

int GNUNET_CRYPTO_rsa_public_key_cmp ( const struct GNUNET_CRYPTO_RsaPublicKey p1,
const struct GNUNET_CRYPTO_RsaPublicKey p2 
)

Compare the values of two public keys.

Parameters
p1one public key
p2the other public key
Returns
0 if the two are equal

Definition at line 627 of file crypto_rsa.c.

629 {
630  void *b1;
631  void *b2;
632  size_t z1;
633  size_t z2;
634  int ret;
635 
637  &b1);
639  &b2);
640  if (z1 != z2)
641  ret = 1;
642  else
643  ret = memcmp (b1,
644  b2,
645  z1);
646  GNUNET_free (b1);
647  GNUNET_free (b2);
648  return ret;
649 }

References GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, and ret.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_cmp()

int GNUNET_CRYPTO_rsa_private_key_cmp ( const struct GNUNET_CRYPTO_RsaPrivateKey p1,
const struct GNUNET_CRYPTO_RsaPrivateKey p2 
)

Compare the values of two private keys.

Parameters
p1one private key
p2the other private key
Returns
0 if the two are equal

Definition at line 653 of file crypto_rsa.c.

655 {
656  void *b1;
657  void *b2;
658  size_t z1;
659  size_t z2;
660  int ret;
661 
663  &b1);
665  &b2);
666  if (z1 != z2)
667  ret = 1;
668  else
669  ret = memcmp (b1,
670  b2,
671  z1);
672  GNUNET_free (b1);
673  GNUNET_free (b2);
674  return ret;
675 }
size_t GNUNET_CRYPTO_rsa_private_key_encode(const struct GNUNET_CRYPTO_RsaPrivateKey *key, void **buffer)
Encode the private key in a format suitable for storing it into a file.
Definition: crypto_rsa.c:180

References GNUNET_CRYPTO_rsa_private_key_encode(), GNUNET_free, and ret.

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_len()

unsigned int GNUNET_CRYPTO_rsa_public_key_len ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Obtain the length of the RSA key in bits.

Parameters
keythe public key to introspect
Returns
length of the key in bits

Definition at line 679 of file crypto_rsa.c.

680 {
681  gcry_mpi_t n;
682  unsigned int rval;
683 
684  if (0 != key_from_sexp (&n, key->sexp, "rsa", "n"))
685  { /* Not an RSA public key */
686  GNUNET_break (0);
687  return 0;
688  }
689  rval = gcry_mpi_get_nbits (n);
690  gcry_mpi_release (n);
691  return rval;
692 }

References GNUNET_break, key, and key_from_sexp().

Here is the call graph for this function:

◆ rsa_blinding_key_free()

static void rsa_blinding_key_free ( struct RsaBlindingKey bkey)
static

Destroy a blinding key.

Parameters
bkeythe blinding key to destroy

Definition at line 701 of file crypto_rsa.c.

702 {
703  gcry_mpi_release (bkey->r);
704  GNUNET_free (bkey);
705 }

References GNUNET_free, and RsaBlindingKey::r.

Referenced by GNUNET_CRYPTO_rsa_unblind().

Here is the caller graph for this function:

◆ numeric_mpi_alloc_n_print()

static size_t numeric_mpi_alloc_n_print ( gcry_mpi_t  v,
char **  buffer 
)
static

Print an MPI to a newly created buffer.

Parameters
vMPI to print.
[out]newlyallocated buffer containing the result
Returns
number of bytes stored in buffer

Definition at line 716 of file crypto_rsa.c.

718 {
719  size_t n;
720  char *b;
721  size_t rsize;
722 
723  gcry_mpi_print (GCRYMPI_FMT_USG,
724  NULL,
725  0,
726  &n,
727  v);
728  b = GNUNET_malloc (n);
729  GNUNET_assert (0 ==
730  gcry_mpi_print (GCRYMPI_FMT_USG,
731  (unsigned char *) b,
732  n,
733  &rsize,
734  v));
735  *buffer = b;
736  return n;
737 }

References GNUNET_assert, and GNUNET_malloc.

◆ rsa_full_domain_hash()

static gcry_mpi_t rsa_full_domain_hash ( const struct GNUNET_CRYPTO_RsaPublicKey pkey,
const struct GNUNET_HashCode hash 
)
static

Computes a full domain hash seeded by the given public key.

This gives a measure of provable security to the Taler exchange against one-more forgery attacks. See: https://eprint.iacr.org/2001/002.pdf http://www.di.ens.fr/~pointche/Documents/Papers/2001_fcA.pdf

Parameters
hashinitial hash of the message to sign
pkeythe public key of the signer
rsizeIf not NULL, the number of bytes actually stored in buffer
Returns
MPI value set to the FDH, NULL if RSA key is malicious

Definition at line 753 of file crypto_rsa.c.

755 {
756  gcry_mpi_t r, n;
757  void *xts;
758  size_t xts_len;
759  int ok;
760 
761  /* Extract the composite n from the RSA public key */
762  GNUNET_assert (0 == key_from_sexp (&n, pkey->sexp, "rsa", "n"));
763  /* Assert that it at least looks like an RSA key */
764  GNUNET_assert (0 == gcry_mpi_get_flag (n, GCRYMPI_FLAG_OPAQUE));
765 
766  /* We key with the public denomination key as a homage to RSA-PSS by *
767  * Mihir Bellare and Phillip Rogaway. Doing this lowers the degree *
768  * of the hypothetical polyomial-time attack on RSA-KTI created by a *
769  * polynomial-time one-more forgary attack. Yey seeding! */
771  &xts);
772 
774  n,
775  xts, xts_len,
776  hash, sizeof(*hash),
777  "RSA-FDA FTpsW!");
778  GNUNET_free (xts);
779  ok = rsa_gcd_validate (r, n);
780  gcry_mpi_release (n);
781  if (ok)
782  return r;
783  gcry_mpi_release (r);
784  return NULL;
785 }
static int ok
Return value from 'main' (0 == success)

Referenced by GNUNET_CRYPTO_rsa_sign_fdh().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_blind()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_blind ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey,
void **  buf,
size_t *  buf_size 
)

Blinds the given message with the given blinding key.

Parameters
hashhash of the message to sign
bkeythe blinding key
pkeythe public key of the signer
[out]bufset to a buffer with the blinded message to be signed
[out]buf_sizenumber of bytes stored in buf
Returns
GNUNET_YES if successful, GNUNET_NO if RSA key is malicious

Definition at line 753 of file crypto_rsa.c.

794 {
795  struct RsaBlindingKey *bkey;
796  gcry_mpi_t data;
797  gcry_mpi_t ne[2];
798  gcry_mpi_t r_e;
799  gcry_mpi_t data_r_e;
800  int ret;
801 
802  BENCHMARK_START (rsa_blind);
803 
804  GNUNET_assert (buf != NULL);
805  GNUNET_assert (buf_size != NULL);
806  ret = key_from_sexp (ne, pkey->sexp, "public-key", "ne");
807  if (0 != ret)
808  ret = key_from_sexp (ne, pkey->sexp, "rsa", "ne");
809  if (0 != ret)
810  {
811  GNUNET_break (0);
812  *buf = NULL;
813  *buf_size = 0;
814  return GNUNET_NO;
815  }
816 
817  data = rsa_full_domain_hash (pkey, hash);
818  if (NULL == data)
819  goto rsa_gcd_validate_failure;
820 
821  bkey = rsa_blinding_key_derive (pkey, bks);
822  if (NULL == bkey)
823  {
824  gcry_mpi_release (data);
825  goto rsa_gcd_validate_failure;
826  }
827 
828  r_e = gcry_mpi_new (0);
829  gcry_mpi_powm (r_e,
830  bkey->r,
831  ne[1],
832  ne[0]);
833  data_r_e = gcry_mpi_new (0);
834  gcry_mpi_mulm (data_r_e,
835  data,
836  r_e,
837  ne[0]);
838  gcry_mpi_release (data);
839  gcry_mpi_release (ne[0]);
840  gcry_mpi_release (ne[1]);
841  gcry_mpi_release (r_e);
842  rsa_blinding_key_free (bkey);
843 
844  *buf_size = numeric_mpi_alloc_n_print (data_r_e,
845  (char **) buf);
846  gcry_mpi_release (data_r_e);
847 
848  BENCHMARK_END (rsa_blind);
849 
850  return GNUNET_YES;
851 
852 rsa_gcd_validate_failure:
853  /* We know the RSA key is malicious here, so warn the wallet. */
854  /* GNUNET_break_op (0); */
855  gcry_mpi_release (ne[0]);
856  gcry_mpi_release (ne[1]);
857  *buf = NULL;
858  *buf_size = 0;
859  return GNUNET_NO;
860 }
static void rsa_blinding_key_free(struct RsaBlindingKey *bkey)
Destroy a blinding key.
Definition: crypto_rsa.c:701
static gcry_mpi_t rsa_full_domain_hash(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_HashCode *hash)
Computes a full domain hash seeded by the given public key.
Definition: crypto_rsa.c:753
static struct RsaBlindingKey * rsa_blinding_key_derive(const struct GNUNET_CRYPTO_RsaPublicKey *pkey, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks)
Create a blinding key.
Definition: crypto_rsa.c:521
static size_t numeric_mpi_alloc_n_print(gcry_mpi_t v, char **buffer)
Print an MPI to a newly created buffer.
Definition: crypto_rsa.c:716
@ GNUNET_YES
Definition: gnunet_common.h:97
@ GNUNET_NO
Definition: gnunet_common.h:94

References GNUNET_assert, GNUNET_CRYPTO_kdf_mod_mpi(), GNUNET_CRYPTO_rsa_public_key_encode(), GNUNET_free, key_from_sexp(), ok, pkey, RsaBlindingKey::r, and rsa_gcd_validate().

Referenced by checkvec(), and output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ mpi_to_sexp()

static gcry_sexp_t mpi_to_sexp ( gcry_mpi_t  value)
static

Convert an MPI to an S-expression suitable for signature operations.

Parameters
valuepointer to the data to convert
Returns
converted s-expression

Definition at line 870 of file crypto_rsa.c.

871 {
872  gcry_sexp_t data = NULL;
873 
874  GNUNET_assert (0 ==
875  gcry_sexp_build (&data,
876  NULL,
877  "(data (flags raw) (value %M))",
878  value));
879  return data;
880 }
static char * value
Value of the record to add/remove.

References data, GNUNET_assert, and value.

Referenced by rsa_sign_mpi().

Here is the caller graph for this function:

◆ rsa_sign_mpi()

static struct GNUNET_CRYPTO_RsaSignature* rsa_sign_mpi ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
gcry_mpi_t  value 
)
static

Sign the given MPI.

Parameters
keyprivate key to use for the signing
valuethe MPI to sign
Returns
NULL on error, signature on success

Definition at line 891 of file crypto_rsa.c.

893 {
894  struct GNUNET_CRYPTO_RsaSignature *sig;
895  gcry_sexp_t data;
896  gcry_sexp_t result;
897  int rc;
898 
899  data = mpi_to_sexp (value);
900 
901  if (0 !=
902  (rc = gcry_pk_sign (&result,
903  data,
904  key->sexp)))
905  {
907  _ ("RSA signing failed at %s:%d: %s\n"),
908  __FILE__,
909  __LINE__,
910  gcry_strerror (rc));
911  gcry_sexp_release (data);
912  GNUNET_break (0);
913  return NULL;
914  }
915 
916  /* Lenstra protection was first added to libgcrypt 1.6.4
917  * with commit c17f84bd02d7ee93845e92e20f6ddba814961588.
918  */
919 #if GCRYPT_VERSION_NUMBER < 0x010604
920  /* verify signature (guards against Lenstra's attack with fault injection...) */
921  struct GNUNET_CRYPTO_RsaPublicKey *public_key =
923  if (0 !=
924  gcry_pk_verify (result,
925  data,
926  public_key->sexp))
927  {
928  GNUNET_break (0);
930  gcry_sexp_release (data);
931  gcry_sexp_release (result);
932  return NULL;
933  }
935 #endif
936 
937  /* return signature */
938  gcry_sexp_release (data);
939  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
940  sig->sexp = result;
941  return sig;
942 }
static gcry_sexp_t mpi_to_sexp(gcry_mpi_t value)
Convert an MPI to an S-expression suitable for signature operations.
Definition: crypto_rsa.c:870
void GNUNET_CRYPTO_rsa_public_key_free(struct GNUNET_CRYPTO_RsaPublicKey *key)
Free memory occupied by the public key.
Definition: crypto_rsa.c:267
struct GNUNET_CRYPTO_RsaPublicKey * GNUNET_CRYPTO_rsa_private_key_get_public(const struct GNUNET_CRYPTO_RsaPrivateKey *priv)
Extract the public key of the given private key.
Definition: crypto_rsa.c:232
#define _(String)
GNU gettext support macro.
Definition: platform.h:177
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA public key.
Definition: crypto_rsa.c:56
an RSA signature
Definition: crypto_rsa.c:64
gcry_sexp_t sexp
Libgcrypt S-expression for the RSA signature.
Definition: crypto_rsa.c:68

References _, data, GNUNET_break, GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_free(), GNUNET_ERROR_TYPE_WARNING, GNUNET_new, key, LOG, mpi_to_sexp(), result, GNUNET_CRYPTO_RsaPublicKey::sexp, GNUNET_CRYPTO_RsaSignature::sexp, and value.

Referenced by GNUNET_CRYPTO_rsa_sign_blinded(), and GNUNET_CRYPTO_rsa_sign_fdh().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_blinded()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_blinded ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const void *  msg,
size_t  msg_len 
)

Sign a blinded value, which must be a full domain hash of a message.

Parameters
keyprivate key to use for the signing
msgthe (blinded) message to sign
msg_lennumber of bytes in msg to sign
Returns
NULL on error, signature on success

Definition at line 946 of file crypto_rsa.c.

949 {
950  gcry_mpi_t v = NULL;
951  struct GNUNET_CRYPTO_RsaSignature *sig;
952 
953  BENCHMARK_START (rsa_sign_blinded);
954 
955  GNUNET_assert (0 ==
956  gcry_mpi_scan (&v,
957  GCRYMPI_FMT_USG,
958  msg,
959  msg_len,
960  NULL));
961 
962  sig = rsa_sign_mpi (key, v);
963  gcry_mpi_release (v);
964  BENCHMARK_END (rsa_sign_blinded);
965  return sig;
966 }
struct GNUNET_MessageHeader * msg
Definition: 005.c:2
static struct GNUNET_CRYPTO_RsaSignature * rsa_sign_mpi(const struct GNUNET_CRYPTO_RsaPrivateKey *key, gcry_mpi_t value)
Sign the given MPI.
Definition: crypto_rsa.c:891

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, key, msg, and rsa_sign_mpi().

Referenced by checkvec(), and output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_sign_fdh()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_sign_fdh ( const struct GNUNET_CRYPTO_RsaPrivateKey key,
const struct GNUNET_HashCode hash 
)

Create and sign a full domain hash of a message.

Parameters
keyprivate key to use for the signing
hashthe hash of the message to sign
Returns
NULL on error, including a malicious RSA key, signature on success

Definition at line 970 of file crypto_rsa.c.

972 {
974  gcry_mpi_t v = NULL;
975  struct GNUNET_CRYPTO_RsaSignature *sig;
976 
978  v = rsa_full_domain_hash (pkey, hash);
980  if (NULL == v) /* rsa_gcd_validate failed meaning */
981  return NULL; /* our *own* RSA key is malicious. */
982 
983  sig = rsa_sign_mpi (key, v);
984  gcry_mpi_release (v);
985  return sig;
986 }

References GNUNET_CRYPTO_rsa_private_key_get_public(), GNUNET_CRYPTO_rsa_public_key_free(), key, pkey, rsa_full_domain_hash(), and rsa_sign_mpi().

Here is the call graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_free()

void GNUNET_CRYPTO_rsa_signature_free ( struct GNUNET_CRYPTO_RsaSignature sig)

Free memory occupied by signature.

Parameters
sigmemory to free

Definition at line 990 of file crypto_rsa.c.

991 {
992  gcry_sexp_release (sig->sexp);
993  GNUNET_free (sig);
994 }

References GNUNET_free, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by clean_rsa_sig(), clean_rsa_signature(), and output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_encode()

size_t GNUNET_CRYPTO_rsa_signature_encode ( const struct GNUNET_CRYPTO_RsaSignature sig,
void **  buffer 
)

Encode the given signature in a format suitable for storing it into a file.

Parameters
sigthe signature
[out]bufferset to a buffer with the encoded key
Returns
size of memory allocated in buffer

Definition at line 998 of file crypto_rsa.c.

1001 {
1002  gcry_mpi_t s;
1003  size_t buf_size;
1004  size_t rsize;
1005  unsigned char *buf;
1006  int ret;
1007 
1008  ret = key_from_sexp (&s,
1009  sig->sexp,
1010  "sig-val",
1011  "s");
1012  if (0 != ret)
1013  ret = key_from_sexp (&s,
1014  sig->sexp,
1015  "rsa",
1016  "s");
1017  GNUNET_assert (0 == ret);
1018  gcry_mpi_print (GCRYMPI_FMT_USG,
1019  NULL,
1020  0,
1021  &buf_size,
1022  s);
1023  buf = GNUNET_malloc (buf_size);
1024  GNUNET_assert (0 ==
1025  gcry_mpi_print (GCRYMPI_FMT_USG,
1026  buf,
1027  buf_size,
1028  &rsize,
1029  s));
1030  GNUNET_assert (rsize == buf_size);
1031  *buffer = (void *) buf;
1032  gcry_mpi_release (s);
1033  return buf_size;
1034 }

References buf, GNUNET_assert, GNUNET_malloc, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by bind_rsa_sig(), checkvec(), GNUNET_CRYPTO_rsa_signature_cmp(), GNUNET_JSON_from_rsa_signature(), GNUNET_PQ_query_param_rsa_signature(), my_conv_rsa_signature(), and output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_signature_decode()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_decode ( const void *  buf,
size_t  buf_size 
)

Decode the signature from the data-format back to the "normal", internal format.

Parameters
bufthe buffer where the public key data is stored
buf_sizethe number of bytes of the data in buf
Returns
NULL on error

Definition at line 1038 of file crypto_rsa.c.

1040 {
1041  struct GNUNET_CRYPTO_RsaSignature *sig;
1042  gcry_mpi_t s;
1043  gcry_sexp_t data;
1044 
1045  if (0 !=
1046  gcry_mpi_scan (&s,
1047  GCRYMPI_FMT_USG,
1048  buf,
1049  buf_size,
1050  NULL))
1051  {
1052  GNUNET_break_op (0);
1053  return NULL;
1054  }
1055 
1056  if (0 !=
1057  gcry_sexp_build (&data,
1058  NULL,
1059  "(sig-val(rsa(s %M)))",
1060  s))
1061  {
1062  GNUNET_break (0);
1063  gcry_mpi_release (s);
1064  return NULL;
1065  }
1066  gcry_mpi_release (s);
1067  sig = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1068  sig->sexp = data;
1069  return sig;
1070 }

References buf, data, GNUNET_break, GNUNET_break_op, GNUNET_new, and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by extract_rsa_sig(), and post_extract_rsa_signature().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_public_key_dup()

struct GNUNET_CRYPTO_RsaPublicKey* GNUNET_CRYPTO_rsa_public_key_dup ( const struct GNUNET_CRYPTO_RsaPublicKey key)

Duplicate the given public key.

Parameters
keythe public key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1074 of file crypto_rsa.c.

1075 {
1076  struct GNUNET_CRYPTO_RsaPublicKey *dup;
1077  gcry_sexp_t dup_sexp;
1078  size_t erroff;
1079 
1080  /* check if we really are exporting a public key */
1081  dup_sexp = gcry_sexp_find_token (key->sexp, "public-key", 0);
1082  GNUNET_assert (NULL != dup_sexp);
1083  gcry_sexp_release (dup_sexp);
1084  /* copy the sexp */
1085  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1086  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPublicKey);
1087  dup->sexp = dup_sexp;
1088  return dup;
1089 }

References GNUNET_assert, GNUNET_new, key, and GNUNET_CRYPTO_RsaPublicKey::sexp.

◆ GNUNET_CRYPTO_rsa_unblind()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_unblind ( const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret bks,
struct GNUNET_CRYPTO_RsaPublicKey pkey 
)

Unblind a blind-signed signature.

The signature should have been generated with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with GNUNET_CRYPTO_rsa_blind().

Parameters
sigthe signature made on the blinded signature purpose
bksthe blinding key secret used to blind the signature purpose
pkeythe public key of the signer
Returns
unblinded signature on success, NULL if RSA key is bad or malicious.

Definition at line 1093 of file crypto_rsa.c.

1096 {
1097  struct RsaBlindingKey *bkey;
1098  gcry_mpi_t n;
1099  gcry_mpi_t s;
1100  gcry_mpi_t r_inv;
1101  gcry_mpi_t ubsig;
1102  int ret;
1103  struct GNUNET_CRYPTO_RsaSignature *sret;
1104 
1105  BENCHMARK_START (rsa_unblind);
1106 
1107  ret = key_from_sexp (&n, pkey->sexp, "public-key", "n");
1108  if (0 != ret)
1109  ret = key_from_sexp (&n, pkey->sexp, "rsa", "n");
1110  if (0 != ret)
1111  {
1112  GNUNET_break_op (0);
1113  return NULL;
1114  }
1115  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1116  if (0 != ret)
1117  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1118  if (0 != ret)
1119  {
1120  gcry_mpi_release (n);
1121  GNUNET_break_op (0);
1122  return NULL;
1123  }
1124 
1125  bkey = rsa_blinding_key_derive (pkey, bks);
1126  if (NULL == bkey)
1127  {
1128  /* RSA key is malicious since rsa_gcd_validate failed here.
1129  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1130  * so the exchange is being malicious in an unfamilair way, maybe
1131  * just trying to crash us. */
1132  GNUNET_break_op (0);
1133  gcry_mpi_release (n);
1134  gcry_mpi_release (s);
1135  return NULL;
1136  }
1137 
1138  r_inv = gcry_mpi_new (0);
1139  if (1 !=
1140  gcry_mpi_invm (r_inv,
1141  bkey->r,
1142  n))
1143  {
1144  /* We cannot find r mod n, so gcd(r,n) != 1, which should get *
1145  * caught above, but we handle it the same here. */
1146  GNUNET_break_op (0);
1147  gcry_mpi_release (r_inv);
1148  rsa_blinding_key_free (bkey);
1149  gcry_mpi_release (n);
1150  gcry_mpi_release (s);
1151  return NULL;
1152  }
1153 
1154  ubsig = gcry_mpi_new (0);
1155  gcry_mpi_mulm (ubsig, s, r_inv, n);
1156  gcry_mpi_release (n);
1157  gcry_mpi_release (r_inv);
1158  gcry_mpi_release (s);
1159  rsa_blinding_key_free (bkey);
1160 
1161  sret = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1162  GNUNET_assert (0 ==
1163  gcry_sexp_build (&sret->sexp,
1164  NULL,
1165  "(sig-val (rsa (s %M)))",
1166  ubsig));
1167  gcry_mpi_release (ubsig);
1168  BENCHMARK_END (rsa_unblind);
1169  return sret;
1170 }

References BENCHMARK_END, BENCHMARK_START, GNUNET_assert, GNUNET_break_op, GNUNET_new, key_from_sexp(), pkey, RsaBlindingKey::r, ret, rsa_blinding_key_derive(), rsa_blinding_key_free(), and GNUNET_CRYPTO_RsaSignature::sexp.

Referenced by checkvec(), and output_vectors().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_verify()

enum GNUNET_GenericReturnValue GNUNET_CRYPTO_rsa_verify ( const struct GNUNET_HashCode hash,
const struct GNUNET_CRYPTO_RsaSignature sig,
const struct GNUNET_CRYPTO_RsaPublicKey public_key 
)

Verify whether the given hash corresponds to the given signature and the signature is valid with respect to the given public key.

Parameters
hashthe message to verify to match the sig
sigsignature that is being validated
public_keypublic key of the signer
Returns
GNUNET_YES if ok, GNUNET_NO if RSA key is malicious, GNUNET_SYSERR if signature

Definition at line 1093 of file crypto_rsa.c.

1177 {
1178  gcry_sexp_t data;
1179  gcry_mpi_t r;
1180  int rc;
1181 
1182  BENCHMARK_START (rsa_verify);
1183 
1184  r = rsa_full_domain_hash (pkey, hash);
1185  if (NULL == r)
1186  {
1187  GNUNET_break_op (0);
1188  /* RSA key is malicious since rsa_gcd_validate failed here.
1189  * It should have failed during GNUNET_CRYPTO_rsa_blind too though,
1190  * so the exchange is being malicious in an unfamilair way, maybe
1191  * just trying to crash us. Arguably, we've only an internal error
1192  * though because we should've detected this in our previous call
1193  * to GNUNET_CRYPTO_rsa_unblind. *///
1194  return GNUNET_NO;
1195  }
1196 
1197  data = mpi_to_sexp (r);
1198  gcry_mpi_release (r);
1199 
1200  rc = gcry_pk_verify (sig->sexp,
1201  data,
1202  pkey->sexp);
1203  gcry_sexp_release (data);
1204  if (0 != rc)
1205  {
1207  _ ("RSA signature verification failed at %s:%d: %s\n"),
1208  __FILE__,
1209  __LINE__,
1210  gcry_strerror (rc));
1211  BENCHMARK_END (rsa_verify);
1212  return GNUNET_SYSERR;
1213  }
1214  BENCHMARK_END (rsa_verify);
1215  return GNUNET_OK;
1216 }
@ GNUNET_OK
Definition: gnunet_common.h:95
@ GNUNET_SYSERR
Definition: gnunet_common.h:93

Referenced by checkvec(), and output_vectors().

Here is the caller graph for this function:

◆ GNUNET_CRYPTO_rsa_private_key_dup()

struct GNUNET_CRYPTO_RsaPrivateKey* GNUNET_CRYPTO_rsa_private_key_dup ( const struct GNUNET_CRYPTO_RsaPrivateKey key)

Duplicate the given private key.

Parameters
keythe private key to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1220 of file crypto_rsa.c.

1222 {
1223  struct GNUNET_CRYPTO_RsaPrivateKey *dup;
1224  gcry_sexp_t dup_sexp;
1225  size_t erroff;
1226 
1227  /* check if we really are exporting a private key */
1228  dup_sexp = gcry_sexp_find_token (key->sexp, "private-key", 0);
1229  GNUNET_assert (NULL != dup_sexp);
1230  gcry_sexp_release (dup_sexp);
1231  /* copy the sexp */
1232  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", key->sexp));
1233  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaPrivateKey);
1234  dup->sexp = dup_sexp;
1235  return dup;
1236 }

References GNUNET_assert, GNUNET_new, key, and GNUNET_CRYPTO_RsaPrivateKey::sexp.

◆ GNUNET_CRYPTO_rsa_signature_dup()

struct GNUNET_CRYPTO_RsaSignature* GNUNET_CRYPTO_rsa_signature_dup ( const struct GNUNET_CRYPTO_RsaSignature sig)

Duplicate the given rsa signature.

Parameters
sigthe signature to duplicate
Returns
the duplicate key; NULL upon error

Definition at line 1240 of file crypto_rsa.c.

1241 {
1242  struct GNUNET_CRYPTO_RsaSignature *dup;
1243  gcry_sexp_t dup_sexp;
1244  size_t erroff;
1245  gcry_mpi_t s;
1246  int ret;
1247 
1248  /* verify that this is an RSA signature */
1249  ret = key_from_sexp (&s, sig->sexp, "sig-val", "s");
1250  if (0 != ret)
1251  ret = key_from_sexp (&s, sig->sexp, "rsa", "s");
1252  GNUNET_assert (0 == ret);
1253  gcry_mpi_release (s);
1254  /* copy the sexp */
1255  GNUNET_assert (0 == gcry_sexp_build (&dup_sexp, &erroff, "%S", sig->sexp));
1256  dup = GNUNET_new (struct GNUNET_CRYPTO_RsaSignature);
1257  dup->sexp = dup_sexp;
1258  return dup;
1259 }

References GNUNET_assert, GNUNET_new, key_from_sexp(), ret, and GNUNET_CRYPTO_RsaSignature::sexp.

Here is the call graph for this function: