[tor-commits] [tor/master] Move curve25519 keypair type to src/common; give it functions
nickm at torproject.org
nickm at torproject.org
Thu Jan 3 16:52:57 UTC 2013
commit 6c883bc6384b3260d791e407b42ffcabb8276beb
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Dec 4 15:57:16 2012 -0500
Move curve25519 keypair type to src/common; give it functions
This patch moves curve25519_keypair_t from src/or/onion_ntor.h to
src/common/crypto_curve25519.h, and adds new functions to generate,
load, and store keypairs.
---
src/common/crypto_curve25519.c | 82 ++++++++++++++++++++++++++++++++++++++++
src/common/crypto_curve25519.h | 18 +++++++++
src/or/onion_ntor.h | 8 ----
3 files changed, 100 insertions(+), 8 deletions(-)
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index ce0cd0d..6034706 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -5,9 +5,13 @@
#define CRYPTO_CURVE25519_PRIVATE
#include "orconfig.h"
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
#include "crypto.h"
#include "crypto_curve25519.h"
#include "util.h"
+#include "torlog.h"
/* ==============================
Part 1: wrap a suitable curve25519 implementation as curve25519_impl
@@ -85,6 +89,84 @@ curve25519_public_key_generate(curve25519_public_key_t *key_out,
curve25519_impl(key_out->public_key, seckey->secret_key, basepoint);
}
+void
+curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
+ int extra_strong)
+{
+ curve25519_secret_key_generate(&keypair_out->seckey, extra_strong);
+ curve25519_public_key_generate(&keypair_out->pubkey, &keypair_out->seckey);
+}
+
+int
+curve25519_keypair_write_to_file(const curve25519_keypair_t *keypair,
+ const char *fname,
+ const char *tag)
+{
+ char contents[32 + CURVE25519_SECKEY_LEN + CURVE25519_PUBKEY_LEN];
+ int r;
+
+ memset(contents, 0, sizeof(contents));
+ tor_snprintf(contents, sizeof(contents), "== c25519v1: %s ==", tag);
+ tor_assert(strlen(contents) <= 32);
+ memcpy(contents+32, keypair->seckey.secret_key, CURVE25519_SECKEY_LEN);
+ memcpy(contents+32+CURVE25519_SECKEY_LEN,
+ keypair->pubkey.public_key, CURVE25519_PUBKEY_LEN);
+
+ r = write_bytes_to_file(fname, contents, sizeof(contents), 1);
+
+ memwipe(contents, 0, sizeof(contents));
+ return r;
+}
+
+int
+curve25519_keypair_read_from_file(curve25519_keypair_t *keypair_out,
+ char **tag_out,
+ const char *fname)
+{
+ char prefix[33];
+ char *content;
+ struct stat st;
+ int r = -1;
+
+ *tag_out = NULL;
+
+ st.st_size = 0;
+ content = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st);
+ if (! content)
+ goto end;
+ if (st.st_size != 32 + CURVE25519_SECKEY_LEN + CURVE25519_PUBKEY_LEN)
+ goto end;
+
+ memcpy(prefix, content, 32);
+ prefix[32] = '\0';
+ if (strcmpstart(prefix, "== c25519v1: ") ||
+ strcmpend(prefix, " =="))
+ goto end;
+
+ *tag_out = tor_strndup(prefix+strlen("== c25519v1: "),
+ strlen(prefix) - strlen("== c25519v1: =="));
+
+ memcpy(keypair_out->seckey.secret_key, content+32, CURVE25519_SECKEY_LEN);
+ curve25519_public_key_generate(&keypair_out->pubkey, &keypair_out->seckey);
+ if (tor_memneq(keypair_out->pubkey.public_key,
+ content + 32 + CURVE25519_SECKEY_LEN,
+ CURVE25519_PUBKEY_LEN))
+ goto end;
+
+ r = 0;
+
+ end:
+ if (content) {
+ memwipe(content, 0, st.st_size);
+ tor_free(content);
+ }
+ if (r != 0) {
+ memset(keypair_out, 0, sizeof(*keypair_out));
+ tor_free(*tag_out);
+ }
+ return r;
+}
+
/** Perform the curve25519 ECDH handshake with <b>skey</b> and <b>pkey</b>,
* writing CURVE25519_OUTPUT_LEN bytes of output into <b>output</b>. */
void
diff --git a/src/common/crypto_curve25519.h b/src/common/crypto_curve25519.h
index 3e093be..c43017e 100644
--- a/src/common/crypto_curve25519.h
+++ b/src/common/crypto_curve25519.h
@@ -23,21 +23,39 @@ typedef struct curve25519_secret_key_t {
uint8_t secret_key[CURVE25519_SECKEY_LEN];
} curve25519_secret_key_t;
+/** A paired public and private key for curve25519. **/
+typedef struct curve25519_keypair_t {
+ curve25519_public_key_t pubkey;
+ curve25519_secret_key_t seckey;
+} curve25519_keypair_t;
+
+#ifdef CURVE25519_ENABLED
int curve25519_public_key_is_ok(const curve25519_public_key_t *);
void curve25519_secret_key_generate(curve25519_secret_key_t *key_out,
int extra_strong);
void curve25519_public_key_generate(curve25519_public_key_t *key_out,
const curve25519_secret_key_t *seckey);
+void curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
+ int extra_strong);
void curve25519_handshake(uint8_t *output,
const curve25519_secret_key_t *,
const curve25519_public_key_t *);
+int curve25519_keypair_write_to_file(const curve25519_keypair_t *keypair,
+ const char *fname,
+ const char *tag);
+
+int curve25519_keypair_read_from_file(curve25519_keypair_t *keypair_out,
+ char **tag_out,
+ const char *fname);
+
#ifdef CRYPTO_CURVE25519_PRIVATE
int curve25519_impl(uint8_t *output, const uint8_t *secret,
const uint8_t *basepoint);
#endif
+#endif
#endif
diff --git a/src/or/onion_ntor.h b/src/or/onion_ntor.h
index 03b83da..4f305a4 100644
--- a/src/or/onion_ntor.h
+++ b/src/or/onion_ntor.h
@@ -17,14 +17,6 @@ typedef struct ntor_handshake_state_t ntor_handshake_state_t;
/** Length of an ntor reply, as sent from server to client. */
#define NTOR_REPLY_LEN 64
-/** A paired public and private key for curve25519.
- * XXXX024 move this structure somewhere smarter.
- **/
-typedef struct curve25519_keypair_t {
- curve25519_public_key_t pubkey;
- curve25519_secret_key_t seckey;
-} curve25519_keypair_t;
-
void ntor_handshake_state_free(ntor_handshake_state_t *state);
int onion_skin_ntor_create(const uint8_t *router_id,
More information about the tor-commits
mailing list