[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] branch master updated (bc82b006f -> e6fbcee25)
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] branch master updated (bc82b006f -> e6fbcee25) |
|
Date: |
Wed, 15 Feb 2017 16:55:36 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a change to branch master
in repository gnunet.
from bc82b006f fix #4890
new b3503c51f fix format string bug
new 7a7ec54a3 introducing GNUNET_CRYPTO_ecdhe_create2() to avoid malloc
nonsense
new 1df412a8f update ignore file
new e6fbcee25 fixing #4878 -- by avoiding allocation in the first place
The 4 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/cadet/.gitignore | 1 +
src/cadet/gnunet-service-cadet-new_tunnels.c | 51 +++++++++++-----------------
src/cadet/test_cadet_local_mq.c | 5 +--
src/include/gnunet_crypto_lib.h | 11 ++++++
src/util/crypto_ecc.c | 35 +++++++++++++++----
5 files changed, 63 insertions(+), 40 deletions(-)
diff --git a/src/cadet/.gitignore b/src/cadet/.gitignore
index 154eabf3b..a38b8f495 100644
--- a/src/cadet/.gitignore
+++ b/src/cadet/.gitignore
@@ -20,3 +20,4 @@ test_cadet_5_speed_reliable_backwards
test_cadet_local
test_cadet_single
gnunet-service-cadet-new
+test_cadet_local_mq
diff --git a/src/cadet/gnunet-service-cadet-new_tunnels.c
b/src/cadet/gnunet-service-cadet-new_tunnels.c
index ffc38af18..9d2ea451b 100644
--- a/src/cadet/gnunet-service-cadet-new_tunnels.c
+++ b/src/cadet/gnunet-service-cadet-new_tunnels.c
@@ -173,18 +173,14 @@ struct CadetTunnelAxolotl
struct GNUNET_CRYPTO_SymmetricSessionKey CKr;
/**
- * ECDH for key exchange (A0 / B0). Note that for the
- * 'unverified_ax', this member is an alias with the main
- * 't->ax.kx_0' value, so do not free it!
+ * ECDH for key exchange (A0 / B0).
*/
- struct GNUNET_CRYPTO_EcdhePrivateKey *kx_0;
+ struct GNUNET_CRYPTO_EcdhePrivateKey kx_0;
/**
- * ECDH Ratchet key (our private key in the current DH). Note that
- * for the 'unverified_ax', this member is an alias with the main
- * 't->ax.kx_0' value, so do not free it!
+ * ECDH Ratchet key (our private key in the current DH).
*/
- struct GNUNET_CRYPTO_EcdhePrivateKey *DHRs;
+ struct GNUNET_CRYPTO_EcdhePrivateKey DHRs;
/**
* ECDH Ratchet key (other peer's public key in the current DH).
@@ -648,10 +644,10 @@ trigger_transmissions (void *cls);
static void
new_ephemeral (struct CadetTunnelAxolotl *ax)
{
- GNUNET_free_non_null (ax->DHRs);
LOG (GNUNET_ERROR_TYPE_DEBUG,
"Creating new ephemeral ratchet key (DHRs)\n");
- ax->DHRs = GNUNET_CRYPTO_ecdhe_key_create ();
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecdhe_key_create2 (&ax->DHRs));
}
@@ -786,7 +782,7 @@ t_ax_encrypt (struct CadetTunnelAxolotl *ax,
ax->HKs = ax->NHKs;
/* RK, NHKs, CKs = KDF( HMAC-HASH(RK, DH(DHRs, DHRr)) ) */
- GNUNET_CRYPTO_ecc_ecdh (ax->DHRs,
+ GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs,
&ax->DHRr,
&dh);
t_ax_hmac_hash (&ax->RK,
@@ -1192,7 +1188,7 @@ t_ax_decrypt_and_validate (struct CadetTunnelAxolotl *ax,
PNp);
/* RKp, NHKp, CKp = KDF (HMAC-HASH (RK, DH (DHRp, DHRs))) */
- GNUNET_CRYPTO_ecc_ecdh (ax->DHRs,
+ GNUNET_CRYPTO_ecc_ecdh (&ax->DHRs,
DHRp,
&dh);
t_ax_hmac_hash (&ax->RK,
@@ -1341,9 +1337,9 @@ send_kx (struct CadetTunnel *t,
flags = GNUNET_CADET_KX_FLAG_FORCE_REPLY; /* always for KX */
msg->flags = htonl (flags);
msg->cid = *GCC_get_id (cc);
- GNUNET_CRYPTO_ecdhe_key_get_public (ax->kx_0,
+ GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0,
&msg->ephemeral_key);
- GNUNET_CRYPTO_ecdhe_key_get_public (ax->DHRs,
+ GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs,
&msg->ratchet_key);
mark_connection_unready (ct);
t->kx_retry_delay = GNUNET_TIME_STD_BACKOFF (t->kx_retry_delay);
@@ -1406,9 +1402,9 @@ send_kx_auth (struct CadetTunnel *t,
flags |= GNUNET_CADET_KX_FLAG_FORCE_REPLY;
msg->kx.flags = htonl (flags);
msg->kx.cid = *GCC_get_id (cc);
- GNUNET_CRYPTO_ecdhe_key_get_public (ax->kx_0,
+ GNUNET_CRYPTO_ecdhe_key_get_public (&ax->kx_0,
&msg->kx.ephemeral_key);
- GNUNET_CRYPTO_ecdhe_key_get_public (ax->DHRs,
+ GNUNET_CRYPTO_ecdhe_key_get_public (&ax->DHRs,
&msg->kx.ratchet_key);
/* Compute authenticator (this is the main difference to #send_kx()) */
GNUNET_CRYPTO_hash (&ax->RK,
@@ -1447,8 +1443,8 @@ cleanup_ax (struct CadetTunnelAxolotl *ax)
delete_skipped_key (ax,
ax->skipped_head);
GNUNET_assert (0 == ax->skipped);
- GNUNET_free_non_null (ax->kx_0);
- GNUNET_free_non_null (ax->DHRs);
+ GNUNET_CRYPTO_ecdhe_key_clear (&ax->kx_0);
+ GNUNET_CRYPTO_ecdhe_key_clear (&ax->DHRs);
}
@@ -1508,7 +1504,7 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax,
}
else
{
- GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* B0 */
+ GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* B0 */
&pid->public_key, /* A */
&key_material[0]);
}
@@ -1516,7 +1512,7 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax,
/* ECDH A0 B */
if (GNUNET_YES == am_I_alice)
{
- GNUNET_CRYPTO_ecdh_eddsa (ax->kx_0, /* A0 */
+ GNUNET_CRYPTO_ecdh_eddsa (&ax->kx_0, /* A0 */
&pid->public_key, /* B */
&key_material[1]);
}
@@ -1532,7 +1528,7 @@ update_ax_by_kx (struct CadetTunnelAxolotl *ax,
/* ECDH A0 B0 */
/* (This is the triple-DH, we could probably safely skip this,
as A0/B0 are already in the key material.) */
- GNUNET_CRYPTO_ecc_ecdh (ax->kx_0, /* A0 or B0 */
+ GNUNET_CRYPTO_ecc_ecdh (&ax->kx_0, /* A0 or B0 */
ephemeral_key, /* B0 or A0 */
&key_material[2]);
@@ -1835,8 +1831,6 @@ GCT_handle_kx_auth (struct CadetTConnection *ct,
if (NULL != t->unverified_ax)
{
/* We got some "stale" KX before, drop that. */
- t->unverified_ax->DHRs = NULL; /* aliased with ax.DHRs */
- t->unverified_ax->kx_0 = NULL; /* aliased with ax.DHRs */
cleanup_ax (t->unverified_ax);
GNUNET_free (t->unverified_ax);
t->unverified_ax = NULL;
@@ -2054,8 +2048,6 @@ destroy_tunnel (void *cls)
GNUNET_MQ_destroy (t->mq);
if (NULL != t->unverified_ax)
{
- t->unverified_ax->DHRs = NULL; /* aliased with ax.DHRs */
- t->unverified_ax->kx_0 = NULL; /* aliased with ax.DHRs */
cleanup_ax (t->unverified_ax);
GNUNET_free (t->unverified_ax);
}
@@ -2917,7 +2909,8 @@ GCT_create_tunnel (struct CadetPeer *destination)
t->kx_retry_delay = INITIAL_KX_RETRY_DELAY;
new_ephemeral (&t->ax);
- t->ax.kx_0 = GNUNET_CRYPTO_ecdhe_key_create ();
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecdhe_key_create2 (&t->ax.kx_0));
t->destination = destination;
t->channels = GNUNET_CONTAINER_multihashmap32_create (8);
t->maintain_connections_task
@@ -3086,8 +3079,6 @@ GCT_handle_encrypted (struct CadetTConnection *ct,
if (-1 != decrypted_size)
{
/* It worked! Treat this as authentication of the AX data! */
- t->ax.DHRs = NULL; /* aliased with ax.DHRs */
- t->ax.kx_0 = NULL; /* aliased with ax.DHRs */
cleanup_ax (&t->ax);
t->ax = *t->unverified_ax;
GNUNET_free (t->unverified_ax);
@@ -3118,8 +3109,6 @@ GCT_handle_encrypted (struct CadetTConnection *ct,
t->unverified_attempts);
if (t->unverified_attempts > MAX_UNVERIFIED_ATTEMPTS)
{
- t->unverified_ax->DHRs = NULL; /* aliased with ax.DHRs */
- t->unverified_ax->kx_0 = NULL; /* aliased with ax.DHRs */
cleanup_ax (t->unverified_ax);
GNUNET_free (t->unverified_ax);
t->unverified_ax = NULL;
@@ -3195,7 +3184,7 @@ GCT_send (struct CadetTunnel *t,
/* FIXME: we should do this once, not once per message;
this is a point multiplication, and DHRs does not
change all the time. */
- GNUNET_CRYPTO_ecdhe_key_get_public (t->ax.DHRs,
+ GNUNET_CRYPTO_ecdhe_key_get_public (&t->ax.DHRs,
&ax_msg->ax_header.DHRs);
t_h_encrypt (&t->ax,
ax_msg);
diff --git a/src/cadet/test_cadet_local_mq.c b/src/cadet/test_cadet_local_mq.c
index 988ec725e..d3917b94a 100644
--- a/src/cadet/test_cadet_local_mq.c
+++ b/src/cadet/test_cadet_local_mq.c
@@ -189,8 +189,9 @@ handle_data_received (void *cls,
payload = GNUNET_ntohll (msg->payload);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Data callback payload %lu with cls: %p! Shutting down.\n",
- payload, cls);
+ "Data callback payload %llu with cls: %p! Shutting down.\n",
+ (unsigned long long) payload,
+ cls);
GNUNET_assert (42 == payload);
got_data = GNUNET_YES;
GNUNET_SCHEDULER_shutdown ();
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 43fd32a58..07cade0e3 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -1240,6 +1240,17 @@ GNUNET_CRYPTO_eddsa_key_create (void);
/**
* @ingroup crypto
+ * Create a new private key. Clear with #GNUNET_CRYPTO_ecdhe_key_clear().
+ *
+ * @param[out] pk set to fresh private key;
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
+ */
+int
+GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk);
+
+
+/**
+ * @ingroup crypto
* Create a new private key. Caller must free return value.
*
* @return fresh private key; free using #GNUNET_free
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 4bba395b3..3f9150762 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -488,6 +488,28 @@ struct GNUNET_CRYPTO_EcdhePrivateKey *
GNUNET_CRYPTO_ecdhe_key_create ()
{
struct GNUNET_CRYPTO_EcdhePrivateKey *priv;
+
+ priv = GNUNET_new (struct GNUNET_CRYPTO_EcdhePrivateKey);
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_ecdhe_key_create2 (priv))
+ {
+ GNUNET_free (priv);
+ return NULL;
+ }
+ return priv;
+}
+
+
+/**
+ * @ingroup crypto
+ * Create a new private key. Clear with #GNUNET_CRYPTO_ecdhe_key_clear().
+ *
+ * @param[out] pk set to fresh private key;
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
+ */
+int
+GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk)
+{
gcry_sexp_t priv_sexp;
gcry_sexp_t s_keyparam;
gcry_mpi_t d;
@@ -503,13 +525,13 @@ GNUNET_CRYPTO_ecdhe_key_create ()
"(flags eddsa no-keytest)))")))
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
- return NULL;
+ return GNUNET_SYSERR;
}
if (0 != (rc = gcry_pk_genkey (&priv_sexp, s_keyparam)))
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_genkey", rc);
gcry_sexp_release (s_keyparam);
- return NULL;
+ return GNUNET_SYSERR;
}
gcry_sexp_release (s_keyparam);
#if EXTRA_CHECKS
@@ -517,20 +539,19 @@ GNUNET_CRYPTO_ecdhe_key_create ()
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
gcry_sexp_release (priv_sexp);
- return NULL;
+ return GNUNET_SYSERR;
}
#endif
if (0 != (rc = key_from_sexp (&d, priv_sexp, "private-key", "d")))
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "key_from_sexp", rc);
gcry_sexp_release (priv_sexp);
- return NULL;
+ return GNUNET_SYSERR;
}
gcry_sexp_release (priv_sexp);
- priv = GNUNET_new (struct GNUNET_CRYPTO_EcdhePrivateKey);
- GNUNET_CRYPTO_mpi_print_unsigned (priv->d, sizeof (priv->d), d);
+ GNUNET_CRYPTO_mpi_print_unsigned (pk->d, sizeof (pk->d), d);
gcry_mpi_release (d);
- return priv;
+ return GNUNET_OK;
}
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnunet] branch master updated (bc82b006f -> e6fbcee25),
gnunet <=