#include "orconfig.h"#include <stdio.h>#include "torint.h"#include "compat.h"#include "util.h"#include "crypto_rsa.h"
Go to the source code of this file.
Macros | |
| #define | CIPHER_KEY_LEN 16 |
| #define | CIPHER_IV_LEN 16 |
| #define | CIPHER256_KEY_LEN 32 |
| #define | DH_BYTES (1024/8) |
| #define | FINGERPRINT_LEN 49 |
| #define | crypto_cipher_free(c) FREE_AND_NULL(crypto_cipher_t, crypto_cipher_free_, (c)) |
| #define | DH_TYPE_CIRCUIT 1 |
| #define | DH_TYPE_REND 2 |
| #define | DH_TYPE_TLS 3 |
| #define | crypto_dh_free(dh) FREE_AND_NULL(crypto_dh_t, crypto_dh_free_, (dh)) |
Typedefs | |
| typedef struct aes_cnt_cipher | crypto_cipher_t |
| typedef struct crypto_dh_t | crypto_dh_t |
Functions | |
| int | crypto_init_siphash_key (void) |
| int | crypto_early_init (void) ATTR_WUR |
| int | crypto_global_init (int hardwareAccel, const char *accelName, const char *accelPath) ATTR_WUR |
| void | crypto_thread_cleanup (void) |
| int | crypto_global_cleanup (void) |
| void | crypto_set_tls_dh_prime (void) |
| crypto_cipher_t * | crypto_cipher_new (const char *key) |
| crypto_cipher_t * | crypto_cipher_new_with_bits (const char *key, int bits) |
| crypto_cipher_t * | crypto_cipher_new_with_iv (const char *key, const char *iv) |
| crypto_cipher_t * | crypto_cipher_new_with_iv_and_bits (const uint8_t *key, const uint8_t *iv, int bits) |
| void | crypto_cipher_free_ (crypto_cipher_t *env) |
| const char * | crypto_cipher_get_key (crypto_cipher_t *env) |
| int | crypto_cipher_encrypt (crypto_cipher_t *env, char *to, const char *from, size_t fromlen) |
| int | crypto_cipher_decrypt (crypto_cipher_t *env, char *to, const char *from, size_t fromlen) |
| void | crypto_cipher_crypt_inplace (crypto_cipher_t *env, char *d, size_t len) |
| int | crypto_cipher_encrypt_with_iv (const char *key, char *to, size_t tolen, const char *from, size_t fromlen) |
| int | crypto_cipher_decrypt_with_iv (const char *key, char *to, size_t tolen, const char *from, size_t fromlen) |
| crypto_dh_t * | crypto_dh_new (int dh_type) |
| crypto_dh_t * | crypto_dh_dup (const crypto_dh_t *dh) |
| int | crypto_dh_get_bytes (crypto_dh_t *dh) |
| int | crypto_dh_generate_public (crypto_dh_t *dh) |
| int | crypto_dh_get_public (crypto_dh_t *dh, char *pubkey_out, size_t pubkey_out_len) |
| ssize_t | crypto_dh_compute_secret (int severity, crypto_dh_t *dh, const char *pubkey, size_t pubkey_len, char *secret_out, size_t secret_out_len) |
| void | crypto_dh_free_ (crypto_dh_t *dh) |
| int | crypto_expand_key_material_TAP (const uint8_t *key_in, size_t key_in_len, uint8_t *key_out, size_t key_out_len) |
| int | crypto_expand_key_material_rfc5869_sha256 (const uint8_t *key_in, size_t key_in_len, const uint8_t *salt_in, size_t salt_in_len, const uint8_t *info_in, size_t info_in_len, uint8_t *key_out, size_t key_out_len) |
| struct dh_st * | crypto_dh_get_dh_ (crypto_dh_t *dh) |
| void | crypto_add_spaces_to_fp (char *out, size_t outlen, const char *in) |
Detailed Description
Headers for crypto.c.
Macro Definition Documentation
◆ CIPHER256_KEY_LEN
| #define CIPHER256_KEY_LEN 32 |
Length of our symmetric cipher's keys of 256-bit.
◆ CIPHER_IV_LEN
| #define CIPHER_IV_LEN 16 |
Length of our symmetric cipher's IV of 128-bit.
◆ CIPHER_KEY_LEN
| #define CIPHER_KEY_LEN 16 |
Length of our symmetric cipher's keys of 128-bit.
◆ DH_BYTES
| #define DH_BYTES (1024/8) |
Length of our DH keys.
◆ FINGERPRINT_LEN
| #define FINGERPRINT_LEN 49 |
Length of encoded public key fingerprints, including space; but not including terminating NUL.
Function Documentation
◆ crypto_add_spaces_to_fp()
| void crypto_add_spaces_to_fp | ( | char * | out, |
| size_t | outlen, | ||
| const char * | in | ||
| ) |
Copy in to the outlen-byte buffer out, adding spaces every four characters.
◆ crypto_cipher_crypt_inplace()
| void crypto_cipher_crypt_inplace | ( | crypto_cipher_t * | env, |
| char * | buf, | ||
| size_t | len | ||
| ) |
Encrypt len bytes on from using the cipher in env; on success. Does not check for failure.
◆ crypto_cipher_decrypt()
| int crypto_cipher_decrypt | ( | crypto_cipher_t * | env, |
| char * | to, | ||
| const char * | from, | ||
| size_t | fromlen | ||
| ) |
Decrypt fromlen bytes from from using the cipher env; on success, store the result to to and return 0. Does not check for failure.
◆ crypto_cipher_decrypt_with_iv()
| int crypto_cipher_decrypt_with_iv | ( | const char * | key, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen | ||
| ) |
Decrypt fromlen bytes (at least 1+CIPHER_IV_LEN) from from with the key in key to the buffer in to of length tolen. tolen must be at least fromlen minus CIPHER_IV_LEN bytes for the initialization vector. On success, return the number of bytes written, on failure, return -1.
◆ crypto_cipher_encrypt()
| int crypto_cipher_encrypt | ( | crypto_cipher_t * | env, |
| char * | to, | ||
| const char * | from, | ||
| size_t | fromlen | ||
| ) |
Encrypt fromlen bytes from from using the cipher env; on success, store the result to to and return 0. Does not check for failure.
◆ crypto_cipher_encrypt_with_iv()
| int crypto_cipher_encrypt_with_iv | ( | const char * | key, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen | ||
| ) |
Encrypt fromlen bytes (at least 1) from from with the key in key to the buffer in to of length tolen. tolen must be at least fromlen plus CIPHER_IV_LEN bytes for the initialization vector. On success, return the number of bytes written, on failure, return -1.
◆ crypto_cipher_free_()
| void crypto_cipher_free_ | ( | crypto_cipher_t * | env | ) |
Free a symmetric cipher.
◆ crypto_cipher_new()
| crypto_cipher_t* crypto_cipher_new | ( | const char * | key | ) |
Return a new crypto_cipher_t with the provided key (of CIPHER_KEY_LEN bytes) and an IV of all zero bytes.
◆ crypto_cipher_new_with_bits()
| crypto_cipher_t* crypto_cipher_new_with_bits | ( | const char * | key, |
| int | bits | ||
| ) |
Return a new crypto_cipher_t with the provided key and an IV of all zero bytes and key length bits. Key length must be 128, 192, or
◆ crypto_cipher_new_with_iv()
| crypto_cipher_t* crypto_cipher_new_with_iv | ( | const char * | key, |
| const char * | iv | ||
| ) |
Allocate and return a new symmetric cipher using the provided key and iv. The key is CIPHER_KEY_LEN bytes; the IV is CIPHER_IV_LEN bytes. Both must be provided.
◆ crypto_cipher_new_with_iv_and_bits()
| crypto_cipher_t* crypto_cipher_new_with_iv_and_bits | ( | const uint8_t * | key, |
| const uint8_t * | iv, | ||
| int | bits | ||
| ) |
Allocate and return a new symmetric cipher using the provided key and iv. The key is bits bits long; the IV is CIPHER_IV_LEN bytes. Both must be provided. Key length must be 128, 192, or 256
◆ crypto_dh_compute_secret()
| ssize_t crypto_dh_compute_secret | ( | int | severity, |
| crypto_dh_t * | dh, | ||
| const char * | pubkey, | ||
| size_t | pubkey_len, | ||
| char * | secret_out, | ||
| size_t | secret_bytes_out | ||
| ) |
Given a DH key exchange object, and our peer's value of g^y (as a pubkey_len-byte value in pubkey) generate secret_bytes_out bytes of shared key material and write them to secret_out. Return the number of bytes generated on success, or -1 on failure.
(We generate key material by computing SHA1( g^xy || "\x00" ) || SHA1( g^xy || "\x01" ) || ... where || is concatenation.)
◆ crypto_dh_dup()
| crypto_dh_t* crypto_dh_dup | ( | const crypto_dh_t * | dh | ) |
Return a copy of dh, sharing its internal state.
◆ crypto_dh_free_()
| void crypto_dh_free_ | ( | crypto_dh_t * | dh | ) |
Free a DH key exchange object.
◆ crypto_dh_generate_public()
| int crypto_dh_generate_public | ( | crypto_dh_t * | dh | ) |
Generate <x,g^x> for our part of the key exchange. Return 0 on success, -1 on failure.
◆ crypto_dh_get_bytes()
| int crypto_dh_get_bytes | ( | crypto_dh_t * | dh | ) |
Return the length of the DH key in dh, in bytes.
◆ crypto_dh_get_dh_()
| struct dh_st* crypto_dh_get_dh_ | ( | crypto_dh_t * | dh | ) |
Used by tortls.c: Get the DH* from a crypto_dh_t.
◆ crypto_dh_get_public()
| int crypto_dh_get_public | ( | crypto_dh_t * | dh, |
| char * | pubkey, | ||
| size_t | pubkey_len | ||
| ) |
Generate g^x as necessary, and write the g^x for the key exchange as a pubkey_len-byte value into pubkey. Return 0 on success, -1 on failure. pubkey_len must be >= DH_BYTES.
◆ crypto_dh_new()
| crypto_dh_t* crypto_dh_new | ( | int | dh_type | ) |
Allocate and return a new DH object for a key exchange. Returns NULL on failure.
◆ crypto_early_init()
| int crypto_early_init | ( | void | ) |
Initialize the crypto library. Return 0 on success, -1 on failure.
◆ crypto_expand_key_material_rfc5869_sha256()
| int crypto_expand_key_material_rfc5869_sha256 | ( | const uint8_t * | key_in, |
| size_t | key_in_len, | ||
| const uint8_t * | salt_in, | ||
| size_t | salt_in_len, | ||
| const uint8_t * | info_in, | ||
| size_t | info_in_len, | ||
| uint8_t * | key_out, | ||
| size_t | key_out_len | ||
| ) |
Expand some secret key material according to RFC5869, using SHA256 as the underlying hash. The key_in_len bytes at key_in are the secret key material; the salt_in_len bytes at salt_in and the info_in_len bytes in info_in_len are the algorithm's "salt" and "info" parameters respectively. On success, write key_out_len bytes to key_out and return 0. Assert on failure.
◆ crypto_expand_key_material_TAP()
| int crypto_expand_key_material_TAP | ( | const uint8_t * | key_in, |
| size_t | key_in_len, | ||
| uint8_t * | key_out, | ||
| size_t | key_out_len | ||
| ) |
Given key_in_len bytes of negotiated randomness in key_in ("K"), expand it into key_out_len bytes of negotiated key material in key_out by taking the first key_out_len bytes of H(K | [00]) | H(K | [01]) | ....
This is the key expansion algorithm used in the "TAP" circuit extension mechanism; it shouldn't be used for new protocols.
Return 0 on success, -1 on failure.
◆ crypto_global_cleanup()
| int crypto_global_cleanup | ( | void | ) |
Uninitialize the crypto library. Return 0 on success. Does not detect failure.
◆ crypto_global_init()
| int crypto_global_init | ( | int | useAccel, |
| const char * | accelName, | ||
| const char * | accelDir | ||
| ) |
Initialize the crypto library. Return 0 on success, -1 on failure.
◆ crypto_init_siphash_key()
| int crypto_init_siphash_key | ( | void | ) |
Set up the siphash key if we haven't already done so.
◆ crypto_set_tls_dh_prime()
| void crypto_set_tls_dh_prime | ( | void | ) |
Set the global TLS Diffie-Hellman modulus. Use the Apache mod_ssl DH modulus.
◆ crypto_thread_cleanup()
| void crypto_thread_cleanup | ( | void | ) |
Free crypto resources held by this thread.
