work-around for crypto bug (to be documented more)

1 files changed, 79 insertions, 0 deletions

diff --git a/src/util/crypto_bug.c b/src/util/crypto_bug.c
new file mode 100644
index 0000000000..c25e79c63e
--- /dev/null
+++ b/src/util/crypto_bug.c
@@ -0,0 +1,79 @@
+/*
+     This file is part of GNUnet.
+     Copyright (C) 2018 GNUnet e.V.
+
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA 02110-1301, USA.
+*/
+
+/**
+ * @file util/crypto_bug.c
+ * @brief work around unidentified public key cryptography bug
+ * @author Christian Grothoff
+ */
+
+/**
+ * Enable work-around.  Will cause code to call #check_eddsa_key() to
+ * see if we have a bad key, and if so, create a new one.
+ */
+#define CRYPTO_BUG 1
+
+
+#if CRYPTO_BUG
+/**
+ * Check if ECDH works with @a priv_dsa and this version
+ * of libgcrypt.
+ *
+ * @param priv_dsa key to check
+ * @return #GNUNET_OK if key passes
+ */
+static int
+check_eddsa_key (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv_dsa)
+{
+  struct GNUNET_CRYPTO_EcdhePrivateKey *priv_ecdh;
+  struct GNUNET_CRYPTO_EddsaPublicKey id1;
+  struct GNUNET_CRYPTO_EcdhePublicKey id2;
+  struct GNUNET_HashCode dh[2];
+
+  GNUNET_CRYPTO_eddsa_key_get_public (priv_dsa,
+                                      &id1);
+  for (unsigned int j=0;j<4;j++)
+  {
+    priv_ecdh = GNUNET_CRYPTO_ecdhe_key_create ();
+    /* Extract public keys */
+    GNUNET_CRYPTO_ecdhe_key_get_public (priv_ecdh,
+                                        &id2);
+    /* Do ECDH */
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_eddsa_ecdh (priv_dsa,
+                                             &id2,
+                                             &dh[0]));
+    GNUNET_assert (GNUNET_OK ==
+                   GNUNET_CRYPTO_ecdh_eddsa (priv_ecdh,
+                                             &id1,
+                                             &dh[1]));
+    /* Check that both DH results are equal. */
+    if (0 != memcmp (&dh[0],
+                     &dh[1],
+                     sizeof (struct GNUNET_HashCode)))
+    {
+      GNUNET_break (0); /* bad EdDSA key! */
+      return GNUNET_SYSERR;
+    }
+    GNUNET_free (priv_ecdh);
+  }
+  return GNUNET_OK;
+}
+#endif