Block of functions related with RSA utilities and operations. More...
#include "crypto.h"#include "crypto_curve25519.h"#include "crypto_digest.h"#include "crypto_format.h"#include "compat_openssl.h"#include "crypto_rand.h"#include "crypto_rsa.h"#include "crypto_util.h"#include <openssl/err.h>#include <openssl/rsa.h>#include <openssl/pem.h>#include <openssl/evp.h>#include <openssl/engine.h>#include <openssl/rand.h>#include <openssl/bn.h>#include <openssl/dh.h>#include <openssl/conf.h>#include <openssl/hmac.h>#include "torlog.h"#include "util.h"#include "util_format.h"
Data Structures | |
| struct | crypto_pk_t |
Functions | |
| int | crypto_get_rsa_padding_overhead (int padding) |
| int | crypto_get_rsa_padding (int padding) |
| crypto_pk_t * | crypto_new_pk_from_rsa_ (RSA *rsa) |
| RSA * | crypto_pk_get_rsa_ (crypto_pk_t *env) |
| MOCK_IMPL (EVP_PKEY *, crypto_pk_get_evp_pkey_,(crypto_pk_t *env, int private)) | |
| MOCK_IMPL (crypto_pk_t *, crypto_pk_new,(void)) | |
| void | crypto_pk_free_ (crypto_pk_t *env) |
| MOCK_IMPL (int, crypto_pk_generate_key_with_bits,(crypto_pk_t *env, int bits)) | |
| int | crypto_pk_read_private_key_from_string (crypto_pk_t *env, const char *s, ssize_t len) |
| int | crypto_pk_read_private_key_from_filename (crypto_pk_t *env, const char *keyfile) |
| int | crypto_pk_write_public_key_to_string (crypto_pk_t *env, char **dest, size_t *len) |
| int | crypto_pk_write_private_key_to_string (crypto_pk_t *env, char **dest, size_t *len) |
| int | crypto_pk_read_public_key_from_string (crypto_pk_t *env, const char *src, size_t len) |
| int | crypto_pk_write_private_key_to_filename (crypto_pk_t *env, const char *fname) |
| int | crypto_pk_check_key (crypto_pk_t *env) |
| int | crypto_pk_key_is_private (const crypto_pk_t *key) |
| int | crypto_pk_public_exponent_ok (crypto_pk_t *env) |
| int | crypto_pk_cmp_keys (const crypto_pk_t *a, const crypto_pk_t *b) |
| int | crypto_pk_eq_keys (const crypto_pk_t *a, const crypto_pk_t *b) |
| size_t | crypto_pk_keysize (const crypto_pk_t *env) |
| int | crypto_pk_num_bits (crypto_pk_t *env) |
| crypto_pk_t * | crypto_pk_dup_key (crypto_pk_t *env) |
| crypto_pk_t * | crypto_pk_copy_full (crypto_pk_t *env) |
| int | crypto_pk_obsolete_public_hybrid_encrypt (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int force) |
| int | crypto_pk_obsolete_private_hybrid_decrypt (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int warnOnFailure) |
| int | crypto_pk_public_encrypt (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding) |
| int | crypto_pk_private_decrypt (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int warnOnFailure) |
| MOCK_IMPL (int, crypto_pk_public_checksig,(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)) | |
| int | crypto_pk_private_sign (const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen) |
| int | crypto_pk_asn1_encode (const crypto_pk_t *pk, char *dest, size_t dest_len) |
| crypto_pk_t * | crypto_pk_asn1_decode (const char *str, size_t len) |
| int | crypto_pk_get_fingerprint (crypto_pk_t *pk, char *fp_out, int add_space) |
| int | crypto_pk_get_hashed_fingerprint (crypto_pk_t *pk, char *fp_out) |
| MOCK_IMPL (int, crypto_pk_public_checksig_digest,(crypto_pk_t *env, const char *data, size_t datalen, const char *sig, size_t siglen)) | |
| int | crypto_pk_private_sign_digest (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen) |
| int | crypto_pk_get_digest (const crypto_pk_t *pk, char *digest_out) |
| int | crypto_pk_get_common_digests (crypto_pk_t *pk, common_digests_t *digests_out) |
| int | crypto_pk_base64_encode (const crypto_pk_t *pk, char **priv_out) |
| crypto_pk_t * | crypto_pk_base64_decode (const char *str, size_t len) |
Detailed Description
Block of functions related with RSA utilities and operations.
Function Documentation
◆ crypto_get_rsa_padding()
| int crypto_get_rsa_padding | ( | int | padding | ) |
Given a padding method padding, return the correct OpenSSL constant.
◆ crypto_get_rsa_padding_overhead()
| int crypto_get_rsa_padding_overhead | ( | int | padding | ) |
Return the number of bytes added by padding method padding.
◆ crypto_new_pk_from_rsa_()
| crypto_pk_t* crypto_new_pk_from_rsa_ | ( | RSA * | rsa | ) |
◆ crypto_pk_asn1_decode()
| crypto_pk_t* crypto_pk_asn1_decode | ( | const char * | str, |
| size_t | len | ||
| ) |
Decode an ASN.1-encoded public key from str; return the result on success and NULL on failure.
◆ crypto_pk_asn1_encode()
| int crypto_pk_asn1_encode | ( | const crypto_pk_t * | pk, |
| char * | dest, | ||
| size_t | dest_len | ||
| ) |
ASN.1-encode the public portion of pk into dest. Return -1 on error, or the number of characters used on success.
◆ crypto_pk_base64_decode()
| crypto_pk_t* crypto_pk_base64_decode | ( | const char * | str, |
| size_t | len | ||
| ) |
Given a string containing the Base64 encoded DER representation of the private key str, decode and return the result on success, or NULL on failure.
◆ crypto_pk_base64_encode()
| int crypto_pk_base64_encode | ( | const crypto_pk_t * | pk, |
| char ** | priv_out | ||
| ) |
Given a crypto_pk_t pk, allocate a new buffer containing the Base64 encoding of the DER representation of the private key as a NUL terminated string, and return it via priv_out. Return 0 on success, -1 on failure.
It is the caller's responsibility to sanitize and free the resulting buffer.
◆ crypto_pk_check_key()
| int crypto_pk_check_key | ( | crypto_pk_t * | env | ) |
Return true iff env has a valid key.
◆ crypto_pk_cmp_keys()
| int crypto_pk_cmp_keys | ( | const crypto_pk_t * | a, |
| const crypto_pk_t * | b | ||
| ) |
Compare the public-key components of a and b. Return less than 0 if a<b, 0 if a==b, and greater than 0 if a>b. A NULL key is considered to be less than all non-NULL keys, and equal to itself.
Note that this may leak information about the keys through timing.
◆ crypto_pk_copy_full()
| crypto_pk_t* crypto_pk_copy_full | ( | crypto_pk_t * | env | ) |
Make a real honest-to-goodness copy of env, and return it. Returns NULL on failure.
◆ crypto_pk_dup_key()
| crypto_pk_t* crypto_pk_dup_key | ( | crypto_pk_t * | env | ) |
Increase the reference count of env, and return it.
◆ crypto_pk_eq_keys()
| int crypto_pk_eq_keys | ( | const crypto_pk_t * | a, |
| const crypto_pk_t * | b | ||
| ) |
Compare the public-key components of a and b. Return non-zero iff a==b. A NULL key is considered to be distinct from all non-NULL keys, and equal to itself.
Note that this may leak information about the keys through timing.
◆ crypto_pk_free_()
| void crypto_pk_free_ | ( | crypto_pk_t * | env | ) |
Release a reference to an asymmetric key; when all the references are released, free the key.
◆ crypto_pk_get_common_digests()
| int crypto_pk_get_common_digests | ( | crypto_pk_t * | pk, |
| common_digests_t * | digests_out | ||
| ) |
Compute all digests of the DER encoding of pk, and store them in digests_out. Return 0 on success, -1 on failure.
◆ crypto_pk_get_digest()
| int crypto_pk_get_digest | ( | const crypto_pk_t * | pk, |
| char * | digest_out | ||
| ) |
Given a private or public key pk, put a SHA1 hash of the public key into digest_out (must have DIGEST_LEN bytes of space). Return 0 on success, -1 on failure.
◆ crypto_pk_get_fingerprint()
| int crypto_pk_get_fingerprint | ( | crypto_pk_t * | pk, |
| char * | fp_out, | ||
| int | add_space | ||
| ) |
Given a private or public key pk, put a fingerprint of the public key into fp_out (must have at least FINGERPRINT_LEN+1 bytes of space). Return 0 on success, -1 on failure.
Fingerprints are computed as the SHA1 digest of the ASN.1 encoding of the public key, converted to hexadecimal, in upper case, with a space after every four digits.
If add_space is false, omit the spaces.
◆ crypto_pk_get_hashed_fingerprint()
| int crypto_pk_get_hashed_fingerprint | ( | crypto_pk_t * | pk, |
| char * | fp_out | ||
| ) |
Given a private or public key pk, put a hashed fingerprint of the public key into fp_out (must have at least FINGERPRINT_LEN+1 bytes of space). Return 0 on success, -1 on failure.
Hashed fingerprints are computed as the SHA1 digest of the SHA1 digest of the ASN.1 encoding of the public key, converted to hexadecimal, in upper case.
◆ crypto_pk_get_rsa_()
| RSA* crypto_pk_get_rsa_ | ( | crypto_pk_t * | env | ) |
Helper, used by tor-gencert.c. Return the RSA from a crypto_pk_t.
◆ crypto_pk_key_is_private()
| int crypto_pk_key_is_private | ( | const crypto_pk_t * | key | ) |
Return true iff key contains the private-key portion of the RSA key.
◆ crypto_pk_keysize()
| size_t crypto_pk_keysize | ( | const crypto_pk_t * | env | ) |
Return the size of the public key modulus in env, in bytes.
◆ crypto_pk_num_bits()
| int crypto_pk_num_bits | ( | crypto_pk_t * | env | ) |
Return the size of the public key modulus of env, in bits.
◆ crypto_pk_obsolete_private_hybrid_decrypt()
| int crypto_pk_obsolete_private_hybrid_decrypt | ( | crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen, | ||
| int | padding, | ||
| int | warnOnFailure | ||
| ) |
Invert crypto_pk_obsolete_public_hybrid_encrypt. Returns the number of bytes written on success, -1 on failure.
NOTE that this format does not authenticate the symmetrically encrypted part of the data, and SHOULD NOT BE USED for new protocols.
◆ crypto_pk_obsolete_public_hybrid_encrypt()
| int crypto_pk_obsolete_public_hybrid_encrypt | ( | crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen, | ||
| int | padding, | ||
| int | force | ||
| ) |
Perform a hybrid (public/secret) encryption on fromlen bytes of data from from, with padding type 'padding', storing the results on to.
Returns the number of bytes written on success, -1 on failure.
The encrypted data consists of:
- The source data, padded and encrypted with the public key, if the padded source data is no longer than the public key, and force is false, OR
- The beginning of the source data prefixed with a 16-byte symmetric key, padded and encrypted with the public key; followed by the rest of the source data encrypted in AES-CTR mode with the symmetric key.
NOTE that this format does not authenticate the symmetrically encrypted part of the data, and SHOULD NOT BE USED for new protocols.
◆ crypto_pk_private_decrypt()
| int crypto_pk_private_decrypt | ( | crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen, | ||
| int | padding, | ||
| int | warnOnFailure | ||
| ) |
Decrypt fromlen bytes from from with the private key in env, using the padding method padding. On success, write the result to to, and return the number of bytes written. On failure, return -1.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of env.
◆ crypto_pk_private_sign()
| int crypto_pk_private_sign | ( | const crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen | ||
| ) |
Sign fromlen bytes of data from from with the private key in env, using PKCS1 padding. On success, write the signature to to, and return the number of bytes written. On failure, return -1.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of env.
◆ crypto_pk_private_sign_digest()
| int crypto_pk_private_sign_digest | ( | crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen | ||
| ) |
Compute a SHA1 digest of fromlen bytes of data stored at from; sign the data with the private key in env, and store it in to. Return the number of bytes written on success, and -1 on failure.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of env.
◆ crypto_pk_public_encrypt()
| int crypto_pk_public_encrypt | ( | crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen, | ||
| int | padding | ||
| ) |
Encrypt fromlen bytes from from with the public key in env, using the padding method padding. On success, write the result to to, and return the number of bytes written. On failure, return -1.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of env.
◆ crypto_pk_public_exponent_ok()
| int crypto_pk_public_exponent_ok | ( | crypto_pk_t * | env | ) |
Return true iff env contains a public key whose public exponent equals 65537.
◆ crypto_pk_read_private_key_from_filename()
| int crypto_pk_read_private_key_from_filename | ( | crypto_pk_t * | env, |
| const char * | keyfile | ||
| ) |
Read a PEM-encoded private key from the file named by keyfile into env. Return 0 on success, -1 on failure.
◆ crypto_pk_read_private_key_from_string()
| int crypto_pk_read_private_key_from_string | ( | crypto_pk_t * | env, |
| const char * | s, | ||
| ssize_t | len | ||
| ) |
Read a PEM-encoded private key from the len-byte string s into env. Return 0 on success, -1 on failure. If len is -1, the string is nul-terminated.
◆ crypto_pk_read_public_key_from_string()
| int crypto_pk_read_public_key_from_string | ( | crypto_pk_t * | env, |
| const char * | src, | ||
| size_t | len | ||
| ) |
Read a PEM-encoded public key from the first len characters of src, and store the result in env. Return 0 on success, -1 on failure.
◆ crypto_pk_write_private_key_to_filename()
| int crypto_pk_write_private_key_to_filename | ( | crypto_pk_t * | env, |
| const char * | fname | ||
| ) |
Write the private key from env into the file named by fname, PEM-encoded. Return 0 on success, -1 on failure.
◆ crypto_pk_write_private_key_to_string()
| int crypto_pk_write_private_key_to_string | ( | crypto_pk_t * | env, |
| char ** | dest, | ||
| size_t * | len | ||
| ) |
PEM-encode the private key portion of env and write it to a newly allocated string. On success, set *dest to the new string, *len to the string's length, and return 0. On failure, return -1.
◆ crypto_pk_write_public_key_to_string()
| int crypto_pk_write_public_key_to_string | ( | crypto_pk_t * | env, |
| char ** | dest, | ||
| size_t * | len | ||
| ) |
PEM-encode the public key portion of env and write it to a newly allocated string. On success, set *dest to the new string, *len to the string's length, and return 0. On failure, return -1.
◆ MOCK_IMPL() [1/5]
| MOCK_IMPL | ( | EVP_PKEY * | , |
| crypto_pk_get_evp_pkey_ | , | ||
| (crypto_pk_t *env, int private) | |||
| ) |
used by tortls.c: get an equivalent EVP_PKEY* for a crypto_pk_t. Iff private is set, include the private-key portion of the key. Return a valid pointer on success, and NULL on failure.
◆ MOCK_IMPL() [2/5]
| MOCK_IMPL | ( | crypto_pk_t * | , |
| crypto_pk_new | , | ||
| (void) | |||
| ) |
Allocate and return storage for a public key. The key itself will not yet be set.
◆ MOCK_IMPL() [3/5]
| MOCK_IMPL | ( | int | , |
| crypto_pk_generate_key_with_bits | , | ||
| (crypto_pk_t *env, int bits) | |||
| ) |
Generate a bits-bit new public/private keypair in env. Return 0 on success, -1 on failure.
◆ MOCK_IMPL() [4/5]
| MOCK_IMPL | ( | int | , |
| crypto_pk_public_checksig | , | ||
| (const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen) | |||
| ) |
Check the signature in from (fromlen bytes long) with the public key in env, using PKCS1 padding. On success, write the signed data to to, and return the number of bytes written. On failure, return -1.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of env.
◆ MOCK_IMPL() [5/5]
| MOCK_IMPL | ( | int | , |
| crypto_pk_public_checksig_digest | , | ||
| (crypto_pk_t *env, const char *data, size_t datalen, const char *sig, size_t siglen) | |||
| ) |
Check a siglen-byte long signature at sig against datalen bytes of data at data, using the public key in env. Return 0 if sig is a correct signature for SHA1(data). Else return -1.
