[or-cvs] Refactor the heck out of crypto interface: admit that we wi...
Nick Mathewson
nickm at seul.org
Sat Apr 3 02:40:32 UTC 2004
Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/tmp/cvs-serv17147/src/common
Modified Files:
aes.c aes.h crypto.c crypto.h log.c tortls.c
Log Message:
Refactor the heck out of crypto interface: admit that we will stick with one ciphersuite at a time, make const things const, and stop putting openssl in the headers.
Index: aes.c
===================================================================
RCS file: /home/or/cvsroot/src/common/aes.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- aes.c 18 Feb 2004 03:17:35 -0000 1.7
+++ aes.c 3 Apr 2004 02:40:29 -0000 1.8
@@ -67,7 +67,7 @@
aes_cnt_cipher_t*
aes_new_cipher()
{
- aes_cnt_cipher_t* result = (aes_cnt_cipher_t*) tor_malloc(sizeof(aes_cnt_cipher_t));
+ aes_cnt_cipher_t* result = tor_malloc(sizeof(aes_cnt_cipher_t));
memset(result->rk, 0, 4*(MAXNR+1));
memset(result->buf, 0, 16);
@@ -75,7 +75,7 @@
}
void
-aes_set_key(aes_cnt_cipher_t *cipher, unsigned char *key, int key_bits)
+aes_set_key(aes_cnt_cipher_t *cipher, const unsigned char *key, int key_bits)
{
cipher->nr = rijndaelKeySetupEnc(cipher->rk, key, key_bits);
cipher->counter0 = 0;
@@ -93,7 +93,7 @@
}
void
-aes_crypt(aes_cnt_cipher_t *cipher, char *input, int len, char *output)
+aes_crypt(aes_cnt_cipher_t *cipher, const char *input, int len, char *output)
{
int c = cipher->pos;
if (!len) return;
Index: aes.h
===================================================================
RCS file: /home/or/cvsroot/src/common/aes.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- aes.h 11 Aug 2003 20:40:21 -0000 1.2
+++ aes.h 3 Apr 2004 02:40:29 -0000 1.3
@@ -14,8 +14,8 @@
aes_cnt_cipher_t* aes_new_cipher();
void aes_free_cipher(aes_cnt_cipher_t *cipher);
-void aes_set_key(aes_cnt_cipher_t *cipher, unsigned char *key, int key_bits);
-void aes_crypt(aes_cnt_cipher_t *cipher, char *input, int len, char *output);
+void aes_set_key(aes_cnt_cipher_t *cipher, const unsigned char *key, int key_bits);
+void aes_crypt(aes_cnt_cipher_t *cipher, const char *input, int len, char *output);
uint64_t aes_get_counter(aes_cnt_cipher_t *cipher);
void aes_set_counter(aes_cnt_cipher_t *cipher, uint64_t counter);
void aes_adjust_counter(aes_cnt_cipher_t *cipher, long delta);
Index: crypto.c
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.c,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -d -r1.66 -r1.67
--- crypto.c 2 Apr 2004 23:30:52 -0000 1.66
+++ crypto.c 3 Apr 2004 02:40:29 -0000 1.67
@@ -14,6 +14,8 @@
#include <openssl/opensslv.h>
#include <openssl/bn.h>
#include <openssl/dh.h>
+#include <openssl/rsa.h>
+#include <openssl/dh.h>
#include <stdlib.h>
#include <assert.h>
@@ -48,79 +50,39 @@
struct crypto_pk_env_t
[...1110 lines suppressed...]
-char *crypto_perror()
+const char *crypto_perror()
{
- return (char *)ERR_reason_error_string(ERR_get_error());
+ return (const char *)ERR_reason_error_string(ERR_get_error());
}
int
@@ -1427,3 +1199,11 @@
dest[i] = '\0';
return 0;
}
+
+/*
+ Local Variables:
+ mode:c
+ indent-tabs-mode:nil
+ c-basic-offset:2
+ End:
+*/
Index: crypto.h
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.h,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35
--- crypto.h 2 Apr 2004 23:30:52 -0000 1.34
+++ crypto.h 3 Apr 2004 02:40:29 -0000 1.35
@@ -6,35 +6,32 @@
#define __CRYPTO_H
#include <stdio.h>
-#include <openssl/rsa.h>
-#include <openssl/dh.h>
-
-/* available encryption primitives */
-#define CRYPTO_CIPHER_IDENTITY 0
-#define CRYPTO_CIPHER_DES 1
-#define CRYPTO_CIPHER_RC4 2
-#define CRYPTO_CIPHER_3DES 3
-#define CRYPTO_CIPHER_AES_CTR 4
-
-#define CRYPTO_PK_RSA 0
-#define CRYPTO_SHA1_DIGEST 0
+#define DIGEST_LEN 20
+#define CIPHER_KEY_LEN 16
+#define CIPHER_IV_LEN 0
+#define PK_BITS 1024
+#define PK_BYTES (PK_BITS/8)
+#define CRYPTO_DH_SIZE (1024 / 8)
-#define CRYPTO_SHA1_DIGEST_LEN 20
+#define PK_NO_PADDING 60000
+#define PK_PKCS1_PADDING 60001
+#define PK_PKCS1_OAEP_PADDING 60002
typedef struct crypto_pk_env_t crypto_pk_env_t;
typedef struct crypto_cipher_env_t crypto_cipher_env_t;
typedef struct crypto_digest_env_t crypto_digest_env_t;
+typedef struct crypto_dh_env_t crypto_dh_env_t;
/* global state */
int crypto_global_init();
int crypto_global_cleanup();
/* environment setup */
-crypto_pk_env_t *crypto_new_pk_env(int type);
+crypto_pk_env_t *crypto_new_pk_env(void);
void crypto_free_pk_env(crypto_pk_env_t *env);
-crypto_cipher_env_t *crypto_new_cipher_env(int type);
+crypto_cipher_env_t *crypto_new_cipher_env(void);
void crypto_free_cipher_env(crypto_cipher_env_t *env);
/* public key crypto */
@@ -50,23 +47,22 @@
int crypto_pk_check_key(crypto_pk_env_t *env);
int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, const char *keyfile);
-int crypto_pk_set_key(crypto_pk_env_t *env, unsigned char *key);
int crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b);
crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig);
int crypto_pk_keysize(crypto_pk_env_t *env);
-int crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
-int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
-int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
-int crypto_pk_private_sign_digest(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
-int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
-int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, unsigned char *data, int datalen, unsigned char *sig, int siglen);
-int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, unsigned char *from,
- int fromlen, unsigned char *to,
- int padding);
-int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, unsigned char *from,
- int fromlen, unsigned char *to,
- int padding);
+int crypto_pk_public_encrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding);
+int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding);
+int crypto_pk_private_sign(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to);
+int crypto_pk_private_sign_digest(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to);
+int crypto_pk_public_checksig(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to);
+int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char *data, int datalen, unsigned char *sig, int siglen);
+int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
+ const unsigned char *from, int fromlen,
+ unsigned char *to, int padding);
+int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
+ const unsigned char *from, int fromlen,
+ unsigned char *to,int padding);
#define FINGERPRINT_LEN 49
int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, int dest_len);
@@ -81,43 +77,37 @@
int base32_encode(char *dest, int destlen, const char *src, int srclen);
/* Key negotiation */
-typedef struct crypto_dh_env_st {
- DH *dh;
-} crypto_dh_env_t;
-
-/* #define CRYPTO_DH_SIZE (1536 / 8) */
-#define CRYPTO_DH_SIZE (1024 / 8)
crypto_dh_env_t *crypto_dh_new();
int crypto_dh_get_bytes(crypto_dh_env_t *dh);
int crypto_dh_generate_public(crypto_dh_env_t *dh);
int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out,
int pubkey_out_len);
int crypto_dh_compute_secret(crypto_dh_env_t *dh,
- char *pubkey, int pubkey_len,
+ const char *pubkey, int pubkey_len,
char *secret_out, int secret_out_len);
void crypto_dh_free(crypto_dh_env_t *dh);
/* symmetric crypto */
int crypto_cipher_generate_key(crypto_cipher_env_t *env);
-int crypto_cipher_set_iv(crypto_cipher_env_t *env, unsigned char *iv);
-int crypto_cipher_set_key(crypto_cipher_env_t *env, unsigned char *key);
+int crypto_cipher_set_iv(crypto_cipher_env_t *env, const unsigned char *iv);
+int crypto_cipher_set_key(crypto_cipher_env_t *env, const unsigned char *key);
int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env);
int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env);
-unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env);
+const unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env);
-int crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
-int crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
+int crypto_cipher_encrypt(crypto_cipher_env_t *env, const unsigned char *from, unsigned int fromlen, unsigned char *to);
+int crypto_cipher_decrypt(crypto_cipher_env_t *env, const unsigned char *from, unsigned int fromlen, unsigned char *to);
/* only implemented for CRYPTO_CIPHER_AES_CTR */
int crypto_cipher_rewind(crypto_cipher_env_t *env, long delta);
int crypto_cipher_advance(crypto_cipher_env_t *env, long delta);
/* convenience function: wraps crypto_create_crypto_env, set_key, set_iv, and init. */
-crypto_cipher_env_t *crypto_create_init_cipher(int cipher_type, char *key, char *iv, int encrypt_mode);
+crypto_cipher_env_t *crypto_create_init_cipher(const char *key, const char *iv, int encrypt_mode);
/* SHA-1 */
-int crypto_SHA_digest(const unsigned char *m, int len, unsigned char *digest);
-crypto_digest_env_t *crypto_new_digest_env(int type);
+int crypto_digest(const unsigned char *m, int len, unsigned char *digest);
+crypto_digest_env_t *crypto_new_digest_env();
void crypto_free_digest_env(crypto_digest_env_t *digest);
void crypto_digest_add_bytes(crypto_digest_env_t *digest, const char *data,
size_t len);
@@ -134,5 +124,13 @@
int crypto_pseudo_rand_int(unsigned int max);
/* errors */
-char *crypto_perror();
+const char *crypto_perror();
#endif
+
+/*
+ Local Variables:
+ mode:c
+ indent-tabs-mode:nil
+ c-basic-offset:2
+ End:
+*/
Index: log.c
===================================================================
RCS file: /home/or/cvsroot/src/common/log.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35
--- log.c 30 Mar 2004 03:15:23 -0000 1.34
+++ log.c 3 Apr 2004 02:40:29 -0000 1.35
@@ -3,6 +3,8 @@
/* $Id$ */
#include "../or/or.h"
+#include <stdarg.h>
+
#ifdef MS_WINDOWS
#define vsnprintf _vsnprintf
#endif
Index: tortls.c
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.c,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -d -r1.37 -r1.38
--- tortls.c 9 Mar 2004 22:01:16 -0000 1.37
+++ tortls.c 3 Apr 2004 02:40:29 -0000 1.38
@@ -55,6 +55,7 @@
/* These functions are declared in crypto.c but not exported. */
EVP_PKEY *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env);
crypto_pk_env_t *_crypto_new_pk_env_rsa(RSA *rsa);
+DH *_crypto_dh_env_get_dh(crypto_dh_env_t *dh);
static void
tls_log_errors(int severity, const char *doing)
@@ -261,7 +262,7 @@
}
}
dh = crypto_dh_new();
- SSL_CTX_set_tmp_dh(result->ctx, dh->dh);
+ SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh));
crypto_dh_free(dh);
SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER,
always_accept_verify_cb);
More information about the tor-commits
mailing list