gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r37255 - gnunet/src/util


From: gnunet
Subject: [GNUnet-SVN] r37255 - gnunet/src/util
Date: Tue, 7 Jun 2016 21:06:46 +0200

Author: burdges
Date: 2016-06-07 21:06:46 +0200 (Tue, 07 Jun 2016)
New Revision: 37255

Modified:
   gnunet/src/util/crypto_rsa.c
Log:
Abstract out previous GCD(m,n)=1 commit into a single function

This should make it easier to report properly in the wallet.



Modified: gnunet/src/util/crypto_rsa.c
===================================================================
--- gnunet/src/util/crypto_rsa.c        2016-06-07 18:32:25 UTC (rev 37254)
+++ gnunet/src/util/crypto_rsa.c        2016-06-07 19:06:46 UTC (rev 37255)
@@ -393,6 +393,31 @@
 
 
 /**
+ * Test for malicious RSA key.
+ *
+ * Assuming n is an RSA modulous and r is generated using a call to
+ * GNUNET_CRYPTO_kdf_mod_mpi, if gcd(r,n) != 1 then n must be a
+ * malicious RSA key designed to deanomize the user.
+ *
+ * @param r KDF result
+ * @param n RSA modulus
+ * @return Asserts gcd(r,n) = 1
+ */
+static int
+rsa_gcd_validate(gcry_mpi_t r, gcry_mpi_t n)
+{
+  gcry_mpi_t g;
+  int t;
+
+  g = gcry_mpi_new (0);
+  t = gcry_mpi_gcd(g,r,n);
+  gcry_mpi_release (g);
+  GNUNET_assert( t );
+  return t;
+}
+
+
+/**
  * Create a blinding key
  *
  * @param len length of the key in bits (i.e. 2048)
@@ -406,7 +431,6 @@
   char *xts = "Blinding KDF extrator HMAC key";  /* Trusts bks' randomness 
more */
   struct RsaBlindingKey *blind;
   gcry_mpi_t n;
-  gcry_mpi_t g;
 
   blind = GNUNET_new (struct RsaBlindingKey);
 
@@ -419,13 +443,8 @@
                              xts,  strlen(xts),
                              bks,  sizeof(*bks),
                              "Blinding KDF");
+  rsa_gcd_validate(blind->r,n);
 
-  /* If gcd(*r,n) != 1 then n must be a malicious fake RSA key
-     designed to deanomize the user. */
-  g = gcry_mpi_new (0);
-  GNUNET_assert( gcry_mpi_gcd(g,blind->r,n) );
-  gcry_mpi_release (g);
-
   gcry_mpi_release (n);
   return blind;
 }
@@ -661,7 +680,6 @@
   gcry_mpi_t n;
   char *xts;
   size_t xts_len;
-  gcry_mpi_t g;
 
   /* Extract the composite n from the RSA public key */
   GNUNET_assert( 0 == key_from_sexp (&n, pkey->sexp, "rsa", "n") );
@@ -678,14 +696,9 @@
                              xts,  xts_len,
                              hash,  sizeof(*hash),
                              "RSA-FDA FTpsW!");
-
   GNUNET_free (xts);
 
-  /* If gcd(*r,n) != 1 then n must be a malicious fake RSA key
-     designed to deanomize the user. */
-  g = gcry_mpi_new (0);
-  GNUNET_assert( gcry_mpi_gcd(g,*r,n) );
-  gcry_mpi_release (g);
+  rsa_gcd_validate(*r,n);
 
   gcry_mpi_release (n);
 }




reply via email to

[Prev in Thread] Current Thread [Next in Thread]