tor
master
|
#include "orconfig.h"
#include <stdio.h>
#include "torint.h"
#include "compat.h"
#include "util.h"
#include "crypto_rsa.h"
Go to the source code of this file.
Macros | |
#define | CIPHER_KEY_LEN 16 |
#define | CIPHER_IV_LEN 16 |
#define | CIPHER256_KEY_LEN 32 |
#define | DH_BYTES (1024/8) |
#define | FINGERPRINT_LEN 49 |
#define | crypto_cipher_free(c) FREE_AND_NULL(crypto_cipher_t, crypto_cipher_free_, (c)) |
#define | DH_TYPE_CIRCUIT 1 |
#define | DH_TYPE_REND 2 |
#define | DH_TYPE_TLS 3 |
#define | crypto_dh_free(dh) FREE_AND_NULL(crypto_dh_t, crypto_dh_free_, (dh)) |
Typedefs | |
typedef struct aes_cnt_cipher | crypto_cipher_t |
typedef struct crypto_dh_t | crypto_dh_t |
Functions | |
int | crypto_init_siphash_key (void) |
int | crypto_early_init (void) ATTR_WUR |
int | crypto_global_init (int hardwareAccel, const char *accelName, const char *accelPath) ATTR_WUR |
void | crypto_thread_cleanup (void) |
int | crypto_global_cleanup (void) |
void | crypto_set_tls_dh_prime (void) |
crypto_cipher_t * | crypto_cipher_new (const char *key) |
crypto_cipher_t * | crypto_cipher_new_with_bits (const char *key, int bits) |
crypto_cipher_t * | crypto_cipher_new_with_iv (const char *key, const char *iv) |
crypto_cipher_t * | crypto_cipher_new_with_iv_and_bits (const uint8_t *key, const uint8_t *iv, int bits) |
void | crypto_cipher_free_ (crypto_cipher_t *env) |
const char * | crypto_cipher_get_key (crypto_cipher_t *env) |
int | crypto_cipher_encrypt (crypto_cipher_t *env, char *to, const char *from, size_t fromlen) |
int | crypto_cipher_decrypt (crypto_cipher_t *env, char *to, const char *from, size_t fromlen) |
void | crypto_cipher_crypt_inplace (crypto_cipher_t *env, char *d, size_t len) |
int | crypto_cipher_encrypt_with_iv (const char *key, char *to, size_t tolen, const char *from, size_t fromlen) |
int | crypto_cipher_decrypt_with_iv (const char *key, char *to, size_t tolen, const char *from, size_t fromlen) |
crypto_dh_t * | crypto_dh_new (int dh_type) |
crypto_dh_t * | crypto_dh_dup (const crypto_dh_t *dh) |
int | crypto_dh_get_bytes (crypto_dh_t *dh) |
int | crypto_dh_generate_public (crypto_dh_t *dh) |
int | crypto_dh_get_public (crypto_dh_t *dh, char *pubkey_out, size_t pubkey_out_len) |
ssize_t | crypto_dh_compute_secret (int severity, crypto_dh_t *dh, const char *pubkey, size_t pubkey_len, char *secret_out, size_t secret_out_len) |
void | crypto_dh_free_ (crypto_dh_t *dh) |
int | crypto_expand_key_material_TAP (const uint8_t *key_in, size_t key_in_len, uint8_t *key_out, size_t key_out_len) |
int | crypto_expand_key_material_rfc5869_sha256 (const uint8_t *key_in, size_t key_in_len, const uint8_t *salt_in, size_t salt_in_len, const uint8_t *info_in, size_t info_in_len, uint8_t *key_out, size_t key_out_len) |
struct dh_st * | crypto_dh_get_dh_ (crypto_dh_t *dh) |
void | crypto_add_spaces_to_fp (char *out, size_t outlen, const char *in) |
Headers for crypto.c.
#define CIPHER256_KEY_LEN 32 |
Length of our symmetric cipher's keys of 256-bit.
#define CIPHER_IV_LEN 16 |
Length of our symmetric cipher's IV of 128-bit.
#define CIPHER_KEY_LEN 16 |
Length of our symmetric cipher's keys of 128-bit.
#define DH_BYTES (1024/8) |
Length of our DH keys.
#define FINGERPRINT_LEN 49 |
Length of encoded public key fingerprints, including space; but not including terminating NUL.
void crypto_add_spaces_to_fp | ( | char * | out, |
size_t | outlen, | ||
const char * | in | ||
) |
Copy in to the outlen-byte buffer out, adding spaces every four characters.
void crypto_cipher_crypt_inplace | ( | crypto_cipher_t * | env, |
char * | buf, | ||
size_t | len | ||
) |
Encrypt len bytes on from using the cipher in env; on success. Does not check for failure.
int crypto_cipher_decrypt | ( | crypto_cipher_t * | env, |
char * | to, | ||
const char * | from, | ||
size_t | fromlen | ||
) |
Decrypt fromlen bytes from from using the cipher env; on success, store the result to to and return 0. Does not check for failure.
int crypto_cipher_decrypt_with_iv | ( | const char * | key, |
char * | to, | ||
size_t | tolen, | ||
const char * | from, | ||
size_t | fromlen | ||
) |
Decrypt fromlen bytes (at least 1+CIPHER_IV_LEN) from from with the key in key to the buffer in to of length tolen. tolen must be at least fromlen minus CIPHER_IV_LEN bytes for the initialization vector. On success, return the number of bytes written, on failure, return -1.
int crypto_cipher_encrypt | ( | crypto_cipher_t * | env, |
char * | to, | ||
const char * | from, | ||
size_t | fromlen | ||
) |
Encrypt fromlen bytes from from using the cipher env; on success, store the result to to and return 0. Does not check for failure.
int crypto_cipher_encrypt_with_iv | ( | const char * | key, |
char * | to, | ||
size_t | tolen, | ||
const char * | from, | ||
size_t | fromlen | ||
) |
Encrypt fromlen bytes (at least 1) from from with the key in key to the buffer in to of length tolen. tolen must be at least fromlen plus CIPHER_IV_LEN bytes for the initialization vector. On success, return the number of bytes written, on failure, return -1.
void crypto_cipher_free_ | ( | crypto_cipher_t * | env | ) |
Free a symmetric cipher.
crypto_cipher_t* crypto_cipher_new | ( | const char * | key | ) |
Return a new crypto_cipher_t with the provided key (of CIPHER_KEY_LEN bytes) and an IV of all zero bytes.
crypto_cipher_t* crypto_cipher_new_with_bits | ( | const char * | key, |
int | bits | ||
) |
Return a new crypto_cipher_t with the provided key and an IV of all zero bytes and key length bits. Key length must be 128, 192, or
crypto_cipher_t* crypto_cipher_new_with_iv | ( | const char * | key, |
const char * | iv | ||
) |
Allocate and return a new symmetric cipher using the provided key and iv. The key is CIPHER_KEY_LEN bytes; the IV is CIPHER_IV_LEN bytes. Both must be provided.
crypto_cipher_t* crypto_cipher_new_with_iv_and_bits | ( | const uint8_t * | key, |
const uint8_t * | iv, | ||
int | bits | ||
) |
Allocate and return a new symmetric cipher using the provided key and iv. The key is bits bits long; the IV is CIPHER_IV_LEN bytes. Both must be provided. Key length must be 128, 192, or 256
ssize_t crypto_dh_compute_secret | ( | int | severity, |
crypto_dh_t * | dh, | ||
const char * | pubkey, | ||
size_t | pubkey_len, | ||
char * | secret_out, | ||
size_t | secret_bytes_out | ||
) |
Given a DH key exchange object, and our peer's value of g^y (as a pubkey_len-byte value in pubkey) generate secret_bytes_out bytes of shared key material and write them to secret_out. Return the number of bytes generated on success, or -1 on failure.
(We generate key material by computing SHA1( g^xy || "\x00" ) || SHA1( g^xy || "\x01" ) || ... where || is concatenation.)
crypto_dh_t* crypto_dh_dup | ( | const crypto_dh_t * | dh | ) |
Return a copy of dh, sharing its internal state.
void crypto_dh_free_ | ( | crypto_dh_t * | dh | ) |
Free a DH key exchange object.
int crypto_dh_generate_public | ( | crypto_dh_t * | dh | ) |
Generate <x,g^x> for our part of the key exchange. Return 0 on success, -1 on failure.
int crypto_dh_get_bytes | ( | crypto_dh_t * | dh | ) |
Return the length of the DH key in dh, in bytes.
struct dh_st* crypto_dh_get_dh_ | ( | crypto_dh_t * | dh | ) |
Used by tortls.c: Get the DH* from a crypto_dh_t.
int crypto_dh_get_public | ( | crypto_dh_t * | dh, |
char * | pubkey, | ||
size_t | pubkey_len | ||
) |
Generate g^x as necessary, and write the g^x for the key exchange as a pubkey_len-byte value into pubkey. Return 0 on success, -1 on failure. pubkey_len must be >= DH_BYTES.
crypto_dh_t* crypto_dh_new | ( | int | dh_type | ) |
Allocate and return a new DH object for a key exchange. Returns NULL on failure.
int crypto_early_init | ( | void | ) |
Initialize the crypto library. Return 0 on success, -1 on failure.
int crypto_expand_key_material_rfc5869_sha256 | ( | const uint8_t * | key_in, |
size_t | key_in_len, | ||
const uint8_t * | salt_in, | ||
size_t | salt_in_len, | ||
const uint8_t * | info_in, | ||
size_t | info_in_len, | ||
uint8_t * | key_out, | ||
size_t | key_out_len | ||
) |
Expand some secret key material according to RFC5869, using SHA256 as the underlying hash. The key_in_len bytes at key_in are the secret key material; the salt_in_len bytes at salt_in and the info_in_len bytes in info_in_len are the algorithm's "salt" and "info" parameters respectively. On success, write key_out_len bytes to key_out and return 0. Assert on failure.
int crypto_expand_key_material_TAP | ( | const uint8_t * | key_in, |
size_t | key_in_len, | ||
uint8_t * | key_out, | ||
size_t | key_out_len | ||
) |
Given key_in_len bytes of negotiated randomness in key_in ("K"), expand it into key_out_len bytes of negotiated key material in key_out by taking the first key_out_len bytes of H(K | [00]) | H(K | [01]) | ....
This is the key expansion algorithm used in the "TAP" circuit extension mechanism; it shouldn't be used for new protocols.
Return 0 on success, -1 on failure.
int crypto_global_cleanup | ( | void | ) |
Uninitialize the crypto library. Return 0 on success. Does not detect failure.
int crypto_global_init | ( | int | useAccel, |
const char * | accelName, | ||
const char * | accelDir | ||
) |
Initialize the crypto library. Return 0 on success, -1 on failure.
int crypto_init_siphash_key | ( | void | ) |
Set up the siphash key if we haven't already done so.
void crypto_set_tls_dh_prime | ( | void | ) |
Set the global TLS Diffie-Hellman modulus. Use the Apache mod_ssl DH modulus.
void crypto_thread_cleanup | ( | void | ) |
Free crypto resources held by this thread.