[or-cvs] Refactor the heck out of crypto interface: admit that we wi...

Nick Mathewson nickm at seul.org
Sat Apr 3 02:40:32 UTC 2004


Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv17147/src/or

Modified Files:
	circuit.c onion.c or.h rendcommon.c rendmid.c rendservice.c 
	router.c routerlist.c test.c 
Log Message:
Refactor the heck out of crypto interface: admit that we will stick with one ciphersuite at a time, make const things const, and stop putting openssl in the headers.

Index: circuit.c
===================================================================
RCS file: /home/or/cvsroot/src/or/circuit.c,v
retrieving revision 1.177
retrieving revision 1.178
diff -u -d -r1.177 -r1.178
--- circuit.c	3 Apr 2004 01:59:53 -0000	1.177
+++ circuit.c	3 Apr 2004 02:40:29 -0000	1.178
@@ -354,7 +354,7 @@
       continue;
     if (circ->purpose != purpose)
       continue;
-    if (!memcmp(circ->rend_pk_digest, digest, CRYPTO_SHA1_DIGEST_LEN))
+    if (!memcmp(circ->rend_pk_digest, digest, DIGEST_LEN))
       return circ;
   }
   return NULL;
@@ -1373,29 +1373,27 @@
  */
 int circuit_init_cpath_crypto(crypt_path_t *cpath, char *key_data)
 {
-  unsigned char iv[16];
+  unsigned char iv[CIPHER_IV_LEN];
   assert(cpath && key_data);
   assert(!(cpath->f_crypto || cpath->b_crypto ||
            cpath->f_digest || cpath->b_digest));
 
-  memset(iv, 0, 16);
+  memset(iv, 0, CIPHER_IV_LEN);
 
   log_fn(LOG_DEBUG,"hop init digest forward 0x%.8x, backward 0x%.8x.",
          (unsigned int)*(uint32_t*)key_data, (unsigned int)*(uint32_t*)(key_data+20));
-  cpath->f_digest = crypto_new_digest_env(CRYPTO_SHA1_DIGEST);
-  crypto_digest_add_bytes(cpath->f_digest, key_data, 20);
-  cpath->b_digest = crypto_new_digest_env(CRYPTO_SHA1_DIGEST);
-  crypto_digest_add_bytes(cpath->b_digest, key_data+20, 20);
+  cpath->f_digest = crypto_new_digest_env();
+  crypto_digest_add_bytes(cpath->f_digest, key_data, DIGEST_LEN);
+  cpath->b_digest = crypto_new_digest_env();
+  crypto_digest_add_bytes(cpath->b_digest, key_data+DIGEST_LEN, DIGEST_LEN);
 
   log_fn(LOG_DEBUG,"hop init cipher forward 0x%.8x, backward 0x%.8x.",
-        (unsigned int)*(uint32_t*)(key_data+40), (unsigned int)*(uint32_t*)(key_data+40+16));
-  if (!(cpath->f_crypto =
-        crypto_create_init_cipher(CIRCUIT_CIPHER,key_data+40,iv,1))) {
+         (unsigned int)*(uint32_t*)(key_data+40), (unsigned int)*(uint32_t*)(key_data+40+16));
+  if (!(cpath->f_crypto = crypto_create_init_cipher(key_data+40,iv,1))) {
     log(LOG_WARN,"forward cipher initialization failed.");
     return -1;
   }
-  if (!(cpath->b_crypto =
-        crypto_create_init_cipher(CIRCUIT_CIPHER,key_data+40+16,iv,0))) {
+  if (!(cpath->b_crypto = crypto_create_init_cipher(key_data+40+16,iv,0))) {
     log(LOG_WARN,"backward cipher initialization failed.");
     return -1;
   }
@@ -1429,7 +1427,7 @@
   crypto_dh_free(hop->handshake_state); /* don't need it anymore */
   hop->handshake_state = NULL;
   /* Remember hash of g^xy */
-  memcpy(hop->handshake_digest, reply+DH_KEY_LEN, CRYPTO_SHA1_DIGEST_LEN);
+  memcpy(hop->handshake_digest, reply+DH_KEY_LEN, DIGEST_LEN);
 
   if (circuit_init_cpath_crypto(hop, keys)<0) {
     return -1;

Index: onion.c
===================================================================
RCS file: /home/or/cvsroot/src/or/onion.c,v
retrieving revision 1.141
retrieving revision 1.142
diff -u -d -r1.141 -r1.142
--- onion.c	3 Apr 2004 01:59:53 -0000	1.141
+++ onion.c	3 Apr 2004 02:40:30 -0000	1.142
@@ -122,10 +122,10 @@
 
 /* given a response payload and keys, initialize, then send a created cell back */
 int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *keys) {
-  unsigned char iv[16];
+  unsigned char iv[CIPHER_IV_LEN];
   cell_t cell;
 
-  memset(iv, 0, 16);
+  memset(iv, 0, CIPHER_IV_LEN);
 
   memset(&cell, 0, sizeof(cell_t));
   cell.command = CELL_CREATED;
@@ -139,25 +139,23 @@
 
   log_fn(LOG_INFO,"init digest forward 0x%.8x, backward 0x%.8x.",
          (unsigned int)*(uint32_t*)(keys), (unsigned int)*(uint32_t*)(keys+20));
-  circ->n_digest = crypto_new_digest_env(CRYPTO_SHA1_DIGEST);
-  crypto_digest_add_bytes(circ->n_digest, keys, 20);
-  circ->p_digest = crypto_new_digest_env(CRYPTO_SHA1_DIGEST);
-  crypto_digest_add_bytes(circ->p_digest, keys+20, 20);
+  circ->n_digest = crypto_new_digest_env();
+  crypto_digest_add_bytes(circ->n_digest, keys, DIGEST_LEN);
+  circ->p_digest = crypto_new_digest_env();
+  crypto_digest_add_bytes(circ->p_digest, keys+DIGEST_LEN, DIGEST_LEN);
 
   log_fn(LOG_DEBUG,"init cipher forward 0x%.8x, backward 0x%.8x.",
          (unsigned int)*(uint32_t*)(keys+40), (unsigned int)*(uint32_t*)(keys+40+16));
-  if (!(circ->n_crypto =
-        crypto_create_init_cipher(CIRCUIT_CIPHER,keys+40,iv,0))) {
+  if (!(circ->n_crypto = crypto_create_init_cipher(keys+40,iv,0))) {
     log_fn(LOG_WARN,"Cipher initialization failed (n).");
     return -1;
   }
-  if (!(circ->p_crypto =
-        crypto_create_init_cipher(CIRCUIT_CIPHER,keys+40+16,iv,1))) {
+  if (!(circ->p_crypto = crypto_create_init_cipher(keys+40+16,iv,1))) {
     log_fn(LOG_WARN,"Cipher initialization failed (p).");
     return -1;
   }
 
-  memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, CRYPTO_SHA1_DIGEST_LEN);
+  memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN);
 
   connection_or_write_cell_to_buf(&cell, circ->p_conn);
   log_fn(LOG_DEBUG,"Finished sending 'created' cell.");
@@ -605,13 +603,13 @@
 
   /* set meeting point, meeting cookie, etc here. Leave zero for now. */
 
-  cipher = crypto_create_init_cipher(ONION_CIPHER, challenge, iv, 1);
+  cipher = crypto_create_init_cipher(challenge, iv, 1);
 
   if (!cipher)
     goto err;
 
   if (crypto_pk_public_encrypt(dest_router_key, challenge, pkbytes,
-                               onion_skin_out, RSA_NO_PADDING)==-1)
+                               onion_skin_out, PK_NO_PADDING)==-1)
     goto err;
 
   if (crypto_cipher_encrypt(cipher, challenge+pkbytes, ONIONSKIN_CHALLENGE_LEN-pkbytes,
@@ -655,7 +653,7 @@
 
   if (crypto_pk_private_decrypt(private_key,
                                 onion_skin, pkbytes,
-                                challenge, RSA_NO_PADDING) == -1)
+                                challenge, PK_NO_PADDING) == -1)
     goto err;
 
 #ifdef DEBUG_ONION_SKINS
@@ -664,7 +662,7 @@
   puts("");
 #endif
 
-  cipher = crypto_create_init_cipher(ONION_CIPHER, challenge, iv, 0);
+  cipher = crypto_create_init_cipher(challenge, iv, 0);
 
   if (crypto_cipher_decrypt(cipher, onion_skin+pkbytes, ONIONSKIN_CHALLENGE_LEN-pkbytes,
                             challenge+pkbytes))

Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.289
retrieving revision 1.290
diff -u -d -r1.289 -r1.290
--- or.h	3 Apr 2004 01:59:53 -0000	1.289
+++ or.h	3 Apr 2004 02:40:30 -0000	1.290
@@ -251,13 +251,6 @@
 /* Reasons used by connection_mark_for_close */
 #define CLOSE_REASON_UNUSED_OR_CONN 100
 
-/* default cipher function */
-#define DEFAULT_CIPHER CRYPTO_CIPHER_AES_CTR
-/* Used to en/decrypt onion skins */
-#define ONION_CIPHER      DEFAULT_CIPHER
-/* Used to en/decrypt RELAY cells */
-#define CIRCUIT_CIPHER    DEFAULT_CIPHER
-
 #define CELL_DIRECTION_IN 1
 #define CELL_DIRECTION_OUT 2
 #define EDGE_EXIT CONN_TYPE_EXIT
@@ -482,7 +475,7 @@
   crypto_digest_env_t *b_digest;
 
   crypto_dh_env_t *handshake_state;
-  char handshake_digest[CRYPTO_SHA1_DIGEST_LEN];/* KH in tor-spec.txt */
+  char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */
 
   uint32_t addr;
   uint16_t port;
@@ -501,7 +494,7 @@
 #define DH_KEY_LEN CRYPTO_DH_SIZE
 #define ONIONSKIN_CHALLENGE_LEN (16+DH_KEY_LEN)
 #define ONIONSKIN_REPLY_LEN (DH_KEY_LEN+20)
-#define REND_COOKIE_LEN CRYPTO_SHA1_DIGEST_LEN
+#define REND_COOKIE_LEN DIGEST_LEN
 
 typedef struct crypt_path_t crypt_path_t;
 
@@ -545,7 +538,7 @@
   crypt_path_t *cpath;
 
   char onionskin[ONIONSKIN_CHALLENGE_LEN]; /* for storage while onionskin pending */
-  char handshake_digest[CRYPTO_SHA1_DIGEST_LEN]; /* Stores KH for intermediate hops */
+  char handshake_digest[DIGEST_LEN]; /* Stores KH for intermediate hops */
 
   time_t timestamp_created;
   time_t timestamp_dirty; /* when the circuit was first used, or 0 if clean */
@@ -563,7 +556,7 @@
   /* rend_pk_digest holds a hash of location-hidden service's PK if
    * purpose is INTRO_POINT or S_ESTABLISH_INTRO or S_RENDEZVOUSING
    */
-  char rend_pk_digest[CRYPTO_SHA1_DIGEST_LEN];
+  char rend_pk_digest[DIGEST_LEN];
 
   /* Holds rendezvous cookie if purpose is REND_POINT_WAITING or
    * C_ESTABLISH_REND. Filled with zeroes otherwise.

Index: rendcommon.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendcommon.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- rendcommon.c	3 Apr 2004 02:14:20 -0000	1.11
+++ rendcommon.c	3 Apr 2004 02:40:30 -0000	1.12
@@ -112,7 +112,7 @@
 
 int rend_get_service_id(crypto_pk_env_t *pk, char *out)
 {
-  char buf[CRYPTO_SHA1_DIGEST_LEN];
+  char buf[DIGEST_LEN];
   assert(pk);
   if (crypto_pk_get_digest(pk, buf) < 0)
     return -1;

Index: rendmid.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendmid.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- rendmid.c	3 Apr 2004 00:58:54 -0000	1.5
+++ rendmid.c	3 Apr 2004 02:40:30 -0000	1.6
@@ -42,7 +42,7 @@
   /* Next 20 bytes: Hash of handshake_digest | "INTRODUCE" */
   memcpy(buf, circ->handshake_digest, 20);
   memcpy(buf+20, "INTRODUCE", 9);
-  if (crypto_SHA_digest(buf, 29, expected_digest)<0) {
+  if (crypto_digest(buf, 29, expected_digest)<0) {
     log_fn(LOG_WARN, "Error computing digest");
     goto err;
   }

Index: rendservice.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendservice.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- rendservice.c	3 Apr 2004 02:14:20 -0000	1.16
+++ rendservice.c	3 Apr 2004 02:40:30 -0000	1.17
@@ -352,7 +352,7 @@
   }
   /* Next N bytes is encrypted with service key */
   len = crypto_pk_private_hybrid_decrypt(
-       service->private_key,request,request_len-20,buf, RSA_PKCS1_PADDING);
+       service->private_key,request,request_len-20,buf, PK_PKCS1_PADDING);
   if (len<0) {
     log_fn(LOG_WARN, "Couldn't decrypt INTRODUCE2 cell");
     return -1;
@@ -404,7 +404,7 @@
   assert(launched->build_state);
   /* Fill in the circuit's state. */
   memcpy(launched->rend_pk_digest, circuit->rend_pk_digest,
-         CRYPTO_SHA1_DIGEST_LEN);
+         DIGEST_LEN);
   memcpy(launched->rend_cookie, r_cookie, REND_COOKIE_LEN);
   launched->build_state->pending_final_cpath = cpath =
     tor_malloc_zero(sizeof(crypt_path_t));
@@ -442,7 +442,7 @@
            nickname);
     return -1;
   }
-  memcpy(launched->rend_pk_digest, service->pk_digest, CRYPTO_SHA1_DIGEST_LEN);
+  memcpy(launched->rend_pk_digest, service->pk_digest, DIGEST_LEN);
 
   return 0;
 }
@@ -456,7 +456,7 @@
   rend_service_t *service;
   int len, r;
   char buf[RELAY_PAYLOAD_SIZE];
-  char auth[CRYPTO_SHA1_DIGEST_LEN + 10];
+  char auth[DIGEST_LEN + 10];
   char hexid[9];
 
   assert(circuit->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
@@ -479,9 +479,9 @@
                               RELAY_PAYLOAD_SIZE-2);
   set_uint16(buf, len);
   len += 2;
-  memcpy(auth, circuit->cpath->prev->handshake_digest, CRYPTO_SHA1_DIGEST_LEN);
-  memcpy(auth+CRYPTO_SHA1_DIGEST_LEN, "INTRODUCE", 9);
-  if (crypto_SHA_digest(auth, CRYPTO_SHA1_DIGEST_LEN+9, buf+len))
+  memcpy(auth, circuit->cpath->prev->handshake_digest, DIGEST_LEN);
+  memcpy(auth+DIGEST_LEN, "INTRODUCE", 9);
+  if (crypto_digest(auth, DIGEST_LEN+9, buf+len))
     goto err;
   len += 20;
   r = crypto_pk_private_sign_digest(service->private_key, buf, len, buf+len);
@@ -543,7 +543,7 @@
     goto err;
   }
   memcpy(buf+REND_COOKIE_LEN+DH_KEY_LEN, hop->handshake_digest,
-         CRYPTO_SHA1_DIGEST_LEN);
+         DIGEST_LEN);
 
   /* Send the cell */
   if (connection_edge_send_command(NULL, circuit, RELAY_COMMAND_RENDEZVOUS1,

Index: router.c
===================================================================
RCS file: /home/or/cvsroot/src/or/router.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- router.c	1 Apr 2004 03:23:28 -0000	1.19
+++ router.c	3 Apr 2004 02:40:30 -0000	1.20
@@ -54,7 +54,7 @@
   int fd = -1;
   FILE *file = NULL;
 
-  if (!(prkey = crypto_new_pk_env(CRYPTO_PK_RSA))) {
+  if (!(prkey = crypto_new_pk_env())) {
     log(LOG_ERR, "Error creating crypto environment.");
     goto error;
   }

Index: routerlist.c
===================================================================
RCS file: /home/or/cvsroot/src/or/routerlist.c,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -d -r1.49 -r1.50
--- routerlist.c	3 Apr 2004 00:58:54 -0000	1.49
+++ routerlist.c	3 Apr 2004 02:40:30 -0000	1.50
@@ -1356,7 +1356,7 @@
     if (strncmp(next, "-----END RSA PUBLIC KEY-----\n", 29))
       RET_ERR("Malformed object: mismatched end line");
     next = strchr(next,'\n')+1;
-    tok->key = crypto_new_pk_env(CRYPTO_PK_RSA);
+    tok->key = crypto_new_pk_env();
     if (crypto_pk_read_public_key_from_string(tok->key, obstart, next-obstart))
       RET_ERR("Couldn't parse public key.");
     *s = next;
@@ -1490,7 +1490,7 @@
   }
   ++end;
 
-  if (crypto_SHA_digest(start, end-start, digest)) {
+  if (crypto_digest(start, end-start, digest)) {
     log_fn(LOG_WARN,"couldn't compute digest");
     return -1;
   }

Index: test.c
===================================================================
RCS file: /home/or/cvsroot/src/or/test.c,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -d -r1.73 -r1.74
--- test.c	3 Apr 2004 01:59:53 -0000	1.73
+++ test.c	3 Apr 2004 02:40:30 -0000	1.74
@@ -243,12 +243,6 @@
   char *data1, *data2, *data3, *cp;
   FILE *f;
   int i, j, p, len;
-  int str_ciphers[] = { CRYPTO_CIPHER_IDENTITY,
-                        CRYPTO_CIPHER_DES,
-                        CRYPTO_CIPHER_RC4,
-                        CRYPTO_CIPHER_3DES,
-                        CRYPTO_CIPHER_AES_CTR,
-                        -1 };
 
   data1 = tor_malloc(1024);
   data2 = tor_malloc(1024);
@@ -261,6 +255,7 @@
   crypto_rand(100, data2);
   test_memneq(data1,data2,100);
 
+#if 0
   /* Try out identity ciphers. */
   env1 = crypto_new_cipher_env(CRYPTO_CIPHER_IDENTITY);
   test_neq(env1, 0);
@@ -273,90 +268,82 @@
   crypto_cipher_encrypt(env1, data1, 1024, data2);
   test_memeq(data1, data2, 1024);
   crypto_free_cipher_env(env1);
+#endif
 
-  /* Now, test encryption and decryption with stream ciphers. */
+  /* Now, test encryption and decryption with stream cipher. */
   data1[0]='\0';
   for(i = 1023; i>0; i -= 35)
     strncat(data1, "Now is the time for all good onions", i);
-  for(i=0; str_ciphers[i] >= 0; ++i) {
-    /* For each cipher... */
-    memset(data2, 0, 1024);
-    memset(data3, 0, 1024);
-    env1 = crypto_new_cipher_env(str_ciphers[i]);
-    test_neq(env1, 0);
-    env2 = crypto_new_cipher_env(str_ciphers[i]);
-    test_neq(env2, 0);
-    j = crypto_cipher_generate_key(env1);
-    if (str_ciphers[i] != CRYPTO_CIPHER_IDENTITY) {
-      crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
-    }
-    crypto_cipher_set_iv(env1, "12345678901234567890");
-    crypto_cipher_set_iv(env2, "12345678901234567890");
-    crypto_cipher_encrypt_init_cipher(env1);
-    crypto_cipher_decrypt_init_cipher(env2);
 
-    /* Try encrypting 512 chars. */
-    crypto_cipher_encrypt(env1, data1, 512, data2);
-    crypto_cipher_decrypt(env2, data2, 512, data3);
-    test_memeq(data1, data3, 512);
-    if (str_ciphers[i] == CRYPTO_CIPHER_IDENTITY) {
-      test_memeq(data1, data2, 512);
-    } else {
-      test_memneq(data1, data2, 512);
-    }
-    /* Now encrypt 1 at a time, and get 1 at a time. */
-    for (j = 512; j < 560; ++j) {
-      crypto_cipher_encrypt(env1, data1+j, 1, data2+j);
-    }
-    for (j = 512; j < 560; ++j) {
-      crypto_cipher_decrypt(env2, data2+j, 1, data3+j);
-    }
-    test_memeq(data1, data3, 560);
-    /* Now encrypt 3 at a time, and get 5 at a time. */
-    for (j = 560; j < 1024-5; j += 3) {
-      crypto_cipher_encrypt(env1, data1+j, 3, data2+j);
-    }
-    for (j = 560; j < 1024-5; j += 5) {
-      crypto_cipher_decrypt(env2, data2+j, 5, data3+j);
-    }
-    test_memeq(data1, data3, 1024-5);
-    /* Now make sure that when we encrypt with different chunk sizes, we get
-       the same results. */
-    crypto_free_cipher_env(env2);
+  memset(data2, 0, 1024);
+  memset(data3, 0, 1024);
+  env1 = crypto_new_cipher_env();
+  test_neq(env1, 0);
+  env2 = crypto_new_cipher_env();
+  test_neq(env2, 0);
+  j = crypto_cipher_generate_key(env1);
+  crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
+  crypto_cipher_set_iv(env1, "12345678901234567890");
+  crypto_cipher_set_iv(env2, "12345678901234567890");
+  crypto_cipher_encrypt_init_cipher(env1);
+  crypto_cipher_decrypt_init_cipher(env2);
 
-    memset(data3, 0, 1024);
-    env2 = crypto_new_cipher_env(str_ciphers[i]);
-    test_neq(env2, 0);
-    if (str_ciphers[i] != CRYPTO_CIPHER_IDENTITY) {
-      crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
-    }
-    crypto_cipher_set_iv(env2, "12345678901234567890");
-    crypto_cipher_encrypt_init_cipher(env2);
-    for (j = 0; j < 1024-16; j += 17) {
-      crypto_cipher_encrypt(env2, data1+j, 17, data3+j);
-    }
-    for (j= 0; j < 1024-16; ++j) {
-      if (data2[j] != data3[j]) {
-        printf("%d:  %d\t%d\n", j, (int) data2[j], (int) data3[j]);
-      }
+  /* Try encrypting 512 chars. */
+  crypto_cipher_encrypt(env1, data1, 512, data2);
+  crypto_cipher_decrypt(env2, data2, 512, data3);
+  test_memeq(data1, data3, 512);
+  test_memneq(data1, data2, 512);
+
+  /* Now encrypt 1 at a time, and get 1 at a time. */
+  for (j = 512; j < 560; ++j) {
+    crypto_cipher_encrypt(env1, data1+j, 1, data2+j);
+  }
+  for (j = 512; j < 560; ++j) {
+    crypto_cipher_decrypt(env2, data2+j, 1, data3+j);
+  }
+  test_memeq(data1, data3, 560);
+  /* Now encrypt 3 at a time, and get 5 at a time. */
+  for (j = 560; j < 1024-5; j += 3) {
+    crypto_cipher_encrypt(env1, data1+j, 3, data2+j);
+  }
+  for (j = 560; j < 1024-5; j += 5) {
+    crypto_cipher_decrypt(env2, data2+j, 5, data3+j);
+  }
+  test_memeq(data1, data3, 1024-5);
+  /* Now make sure that when we encrypt with different chunk sizes, we get
+     the same results. */
+  crypto_free_cipher_env(env2);
+
+  memset(data3, 0, 1024);
+  env2 = crypto_new_cipher_env();
+  test_neq(env2, 0);
+  crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
+  crypto_cipher_set_iv(env2, "12345678901234567890");
+  crypto_cipher_encrypt_init_cipher(env2);
+  for (j = 0; j < 1024-16; j += 17) {
+    crypto_cipher_encrypt(env2, data1+j, 17, data3+j);
+  }
+  for (j= 0; j < 1024-16; ++j) {
+    if (data2[j] != data3[j]) {
+      printf("%d:  %d\t%d\n", j, (int) data2[j], (int) data3[j]);
     }
-    test_memeq(data2, data3, 1024-16);
-    crypto_free_cipher_env(env1);
-    crypto_free_cipher_env(env2);
   }
+  test_memeq(data2, data3, 1024-16);
+  crypto_free_cipher_env(env1);
+  crypto_free_cipher_env(env2);
 
   /* Test vectors for stream ciphers. */
   /* XXXX Look up some test vectors for the ciphers and make sure we match. */
 
   /* Test SHA-1 with a test vector from the specification. */
-  i = crypto_SHA_digest("abc", 3, data1);
+  i = crypto_digest("abc", 3, data1);
   test_memeq(data1,
              "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78"
              "\x50\xC2\x6C\x9C\xD0\xD8\x9D", 20);
 
   /* Public-key ciphers */
-  pk1 = crypto_new_pk_env(CRYPTO_PK_RSA);
-  pk2 = crypto_new_pk_env(CRYPTO_PK_RSA);
+  pk1 = crypto_new_pk_env();
+  pk2 = crypto_new_pk_env();
   test_assert(pk1 && pk2);
   test_assert(! crypto_pk_generate_key(pk1));
   test_assert(! crypto_pk_write_public_key_to_string(pk1, &cp, &i));
@@ -367,25 +354,25 @@
   test_eq(128, crypto_pk_keysize(pk2));
 
   test_eq(128, crypto_pk_public_encrypt(pk2, "Hello whirled.", 15, data1,
-                                        RSA_PKCS1_OAEP_PADDING));
+                                        PK_PKCS1_OAEP_PADDING));
   test_eq(128, crypto_pk_public_encrypt(pk1, "Hello whirled.", 15, data2,
-                                        RSA_PKCS1_OAEP_PADDING));
+                                        PK_PKCS1_OAEP_PADDING));
   /* oaep padding should make encryption not match */
   test_memneq(data1, data2, 128);
   test_eq(15, crypto_pk_private_decrypt(pk1, data1, 128, data3,
-                                        RSA_PKCS1_OAEP_PADDING));
+                                        PK_PKCS1_OAEP_PADDING));
   test_streq(data3, "Hello whirled.");
   memset(data3, 0, 1024);
   test_eq(15, crypto_pk_private_decrypt(pk1, data2, 128, data3,
-                                        RSA_PKCS1_OAEP_PADDING));
+                                        PK_PKCS1_OAEP_PADDING));
   test_streq(data3, "Hello whirled.");
   /* Can't decrypt with public key. */
   test_eq(-1, crypto_pk_private_decrypt(pk2, data2, 128, data3,
-                                        RSA_PKCS1_OAEP_PADDING));
+                                        PK_PKCS1_OAEP_PADDING));
   /* Try again with bad padding */
   memcpy(data2+1, "XYZZY", 5);  /* This has fails ~ once-in-2^40 */
   test_eq(-1, crypto_pk_private_decrypt(pk1, data2, 128, data3,
-                                        RSA_PKCS1_OAEP_PADDING));
+                                        PK_PKCS1_OAEP_PADDING));
 
   /* File operations: save and load private key */
   f = fopen("/tmp/tor_test/pkey1", "wb");
@@ -395,11 +382,11 @@
   test_assert(! crypto_pk_read_private_key_from_file(pk2, f));
   fclose(f);
   test_eq(15, crypto_pk_private_decrypt(pk2, data1, 128, data3,
-                                        RSA_PKCS1_OAEP_PADDING));
+                                        PK_PKCS1_OAEP_PADDING));
   test_assert(! crypto_pk_read_private_key_from_filename(pk2,
                                                "/tmp/tor_test/pkey1"));
   test_eq(15, crypto_pk_private_decrypt(pk2, data1, 128, data3,
-                                        RSA_PKCS1_OAEP_PADDING));
+                                        PK_PKCS1_OAEP_PADDING));
 
   /* Now try signing. */
   strcpy(data1, "Ossifrage");
@@ -429,8 +416,8 @@
       memset(data3,0,1024);
       if (i == 0 && j < 129)
         continue;
-      p = (i==0)?RSA_NO_PADDING:
-        (i==1)?RSA_PKCS1_PADDING:RSA_PKCS1_OAEP_PADDING;
+      p = (i==0)?PK_NO_PADDING:
+        (i==1)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING;
       len = crypto_pk_public_hybrid_encrypt(pk1,data1,j,data2,p);
       test_assert(len>=0);
       len = crypto_pk_private_hybrid_decrypt(pk1,data2,len,data3,p);
@@ -626,7 +613,7 @@
   /* shared */
   crypto_pk_env_t *pk = NULL;
 
-  pk = crypto_new_pk_env(CRYPTO_PK_RSA);
+  pk = crypto_new_pk_env();
   test_assert(! crypto_pk_generate_key(pk));
 
   /* client handshake 1. */
@@ -669,9 +656,9 @@
   struct exit_policy_t ex1, ex2;
   routerlist_t *dir1 = NULL, *dir2 = NULL;
 
-  test_assert( (pk1 = crypto_new_pk_env(CRYPTO_PK_RSA)) );
-  test_assert( (pk2 = crypto_new_pk_env(CRYPTO_PK_RSA)) );
-  test_assert( (pk3 = crypto_new_pk_env(CRYPTO_PK_RSA)) );
+  test_assert( (pk1 = crypto_new_pk_env()) );
+  test_assert( (pk2 = crypto_new_pk_env()) );
+  test_assert( (pk3 = crypto_new_pk_env()) );
   test_assert(! crypto_pk_generate_key(pk1));
   test_assert(! crypto_pk_generate_key(pk2));
   test_assert(! crypto_pk_generate_key(pk3));
@@ -835,7 +822,7 @@
   int len;
   crypto_pk_env_t *pk1;
   time_t now;
-  pk1 = crypto_new_pk_env(CRYPTO_PK_RSA);
+  pk1 = crypto_new_pk_env();
 
   test_assert(!crypto_pk_generate_key(pk1));
   d1 = tor_malloc_zero(sizeof(rend_service_descriptor_t));



More information about the tor-commits mailing list