[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Refactor the heck out of crypto interface: admit that we wi...



Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/tmp/cvs-serv17147/src/common

Modified Files:
	aes.c aes.h crypto.c crypto.h log.c tortls.c 
Log Message:
Refactor the heck out of crypto interface: admit that we will stick with one ciphersuite at a time, make const things const, and stop putting openssl in the headers.

Index: aes.c
===================================================================
RCS file: /home/or/cvsroot/src/common/aes.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- aes.c	18 Feb 2004 03:17:35 -0000	1.7
+++ aes.c	3 Apr 2004 02:40:29 -0000	1.8
@@ -67,7 +67,7 @@
 aes_cnt_cipher_t*
 aes_new_cipher()
 {
-  aes_cnt_cipher_t* result = (aes_cnt_cipher_t*) tor_malloc(sizeof(aes_cnt_cipher_t));
+  aes_cnt_cipher_t* result = tor_malloc(sizeof(aes_cnt_cipher_t));
   memset(result->rk, 0, 4*(MAXNR+1));
   memset(result->buf, 0, 16);
 
@@ -75,7 +75,7 @@
 }
 
 void
-aes_set_key(aes_cnt_cipher_t *cipher, unsigned char *key, int key_bits)
+aes_set_key(aes_cnt_cipher_t *cipher, const unsigned char *key, int key_bits)
 {
   cipher->nr = rijndaelKeySetupEnc(cipher->rk, key, key_bits);
   cipher->counter0 = 0;
@@ -93,7 +93,7 @@
 }
 
 void
-aes_crypt(aes_cnt_cipher_t *cipher, char *input, int len, char *output)
+aes_crypt(aes_cnt_cipher_t *cipher, const char *input, int len, char *output)
 {
   int c = cipher->pos;
   if (!len) return;

Index: aes.h
===================================================================
RCS file: /home/or/cvsroot/src/common/aes.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- aes.h	11 Aug 2003 20:40:21 -0000	1.2
+++ aes.h	3 Apr 2004 02:40:29 -0000	1.3
@@ -14,8 +14,8 @@
 
 aes_cnt_cipher_t* aes_new_cipher();
 void aes_free_cipher(aes_cnt_cipher_t *cipher);
-void aes_set_key(aes_cnt_cipher_t *cipher, unsigned char *key, int key_bits);
-void aes_crypt(aes_cnt_cipher_t *cipher, char *input, int len, char *output);
+void aes_set_key(aes_cnt_cipher_t *cipher, const unsigned char *key, int key_bits);
+void aes_crypt(aes_cnt_cipher_t *cipher, const char *input, int len, char *output);
 uint64_t aes_get_counter(aes_cnt_cipher_t *cipher);
 void aes_set_counter(aes_cnt_cipher_t *cipher, uint64_t counter);
 void aes_adjust_counter(aes_cnt_cipher_t *cipher, long delta);

Index: crypto.c
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.c,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -d -r1.66 -r1.67
--- crypto.c	2 Apr 2004 23:30:52 -0000	1.66
+++ crypto.c	3 Apr 2004 02:40:29 -0000	1.67
@@ -14,6 +14,8 @@
 #include <openssl/opensslv.h>
 #include <openssl/bn.h>
 #include <openssl/dh.h>
+#include <openssl/rsa.h>
+#include <openssl/dh.h>
 
 #include <stdlib.h>
 #include <assert.h>
@@ -48,79 +50,39 @@
 
 struct crypto_pk_env_t
[...1110 lines suppressed...]
-char *crypto_perror()
+const char *crypto_perror()
 {
-  return (char *)ERR_reason_error_string(ERR_get_error());
+  return (const char *)ERR_reason_error_string(ERR_get_error());
 }
 
 int
@@ -1427,3 +1199,11 @@
   dest[i] = '\0';
   return 0;
 }
+
+/*
+  Local Variables:
+  mode:c
+  indent-tabs-mode:nil
+  c-basic-offset:2
+  End:
+*/

Index: crypto.h
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.h,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35
--- crypto.h	2 Apr 2004 23:30:52 -0000	1.34
+++ crypto.h	3 Apr 2004 02:40:29 -0000	1.35
@@ -6,35 +6,32 @@
 #define __CRYPTO_H
 
 #include <stdio.h>
-#include <openssl/rsa.h>
-#include <openssl/dh.h>
-
-/* available encryption primitives */
-#define CRYPTO_CIPHER_IDENTITY 0
-#define CRYPTO_CIPHER_DES 1
-#define CRYPTO_CIPHER_RC4 2
-#define CRYPTO_CIPHER_3DES 3
-#define CRYPTO_CIPHER_AES_CTR 4
-
-#define CRYPTO_PK_RSA 0
 
-#define CRYPTO_SHA1_DIGEST 0
+#define DIGEST_LEN 20
+#define CIPHER_KEY_LEN 16
+#define CIPHER_IV_LEN 0
+#define PK_BITS 1024
+#define PK_BYTES (PK_BITS/8)
+#define CRYPTO_DH_SIZE (1024 / 8)
 
-#define CRYPTO_SHA1_DIGEST_LEN 20
+#define PK_NO_PADDING         60000
+#define PK_PKCS1_PADDING      60001
+#define PK_PKCS1_OAEP_PADDING 60002
 
 typedef struct crypto_pk_env_t crypto_pk_env_t;
 typedef struct crypto_cipher_env_t crypto_cipher_env_t;
 typedef struct crypto_digest_env_t crypto_digest_env_t;
+typedef struct crypto_dh_env_t crypto_dh_env_t;
 
 /* global state */
 int crypto_global_init();
 int crypto_global_cleanup();
 
 /* environment setup */
-crypto_pk_env_t *crypto_new_pk_env(int type);
+crypto_pk_env_t *crypto_new_pk_env(void);
 void crypto_free_pk_env(crypto_pk_env_t *env);
 
-crypto_cipher_env_t *crypto_new_cipher_env(int type);
+crypto_cipher_env_t *crypto_new_cipher_env(void);
 void crypto_free_cipher_env(crypto_cipher_env_t *env);
 
 /* public key crypto */
@@ -50,23 +47,22 @@
 int crypto_pk_check_key(crypto_pk_env_t *env);
 int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, const char *keyfile);
 
-int crypto_pk_set_key(crypto_pk_env_t *env, unsigned char *key);
 int crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b);
 crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig);
 int crypto_pk_keysize(crypto_pk_env_t *env);
 
-int crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
-int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
-int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
-int crypto_pk_private_sign_digest(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
-int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
-int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, unsigned char *data, int datalen, unsigned char *sig, int siglen);
-int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, unsigned char *from,
-				    int fromlen, unsigned char *to,
-				    int padding);
-int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, unsigned char *from,
-				    int fromlen, unsigned char *to,
-				    int padding);
+int crypto_pk_public_encrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding);
+int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding);
+int crypto_pk_private_sign(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to);
+int crypto_pk_private_sign_digest(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to);
+int crypto_pk_public_checksig(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to);
+int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char *data, int datalen, unsigned char *sig, int siglen);
+int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
+                                    const unsigned char *from, int fromlen,
+                                    unsigned char *to, int padding);
+int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
+                                     const unsigned char *from, int fromlen,
+                                     unsigned char *to,int padding);
 
 #define FINGERPRINT_LEN 49
 int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, int dest_len);
@@ -81,43 +77,37 @@
 int base32_encode(char *dest, int destlen, const char *src, int srclen);
 
 /* Key negotiation */
-typedef struct crypto_dh_env_st {
-  DH *dh;
-} crypto_dh_env_t;
-
-/* #define CRYPTO_DH_SIZE (1536 / 8) */
-#define CRYPTO_DH_SIZE (1024 / 8)
 crypto_dh_env_t *crypto_dh_new();
 int crypto_dh_get_bytes(crypto_dh_env_t *dh);
 int crypto_dh_generate_public(crypto_dh_env_t *dh);
 int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out,
                          int pubkey_out_len);
 int crypto_dh_compute_secret(crypto_dh_env_t *dh,
-                             char *pubkey, int pubkey_len,
+                             const char *pubkey, int pubkey_len,
                              char *secret_out, int secret_out_len);
 void crypto_dh_free(crypto_dh_env_t *dh);
 
 /* symmetric crypto */
 int crypto_cipher_generate_key(crypto_cipher_env_t *env);
-int crypto_cipher_set_iv(crypto_cipher_env_t *env, unsigned char *iv);
-int crypto_cipher_set_key(crypto_cipher_env_t *env, unsigned char *key);
+int crypto_cipher_set_iv(crypto_cipher_env_t *env, const unsigned char *iv);
+int crypto_cipher_set_key(crypto_cipher_env_t *env, const unsigned char *key);
 int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env);
 int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env);
-unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env);
+const unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env);
 
-int crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
-int crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
+int crypto_cipher_encrypt(crypto_cipher_env_t *env, const unsigned char *from, unsigned int fromlen, unsigned char *to);
+int crypto_cipher_decrypt(crypto_cipher_env_t *env, const unsigned char *from, unsigned int fromlen, unsigned char *to);
 
 /* only implemented for CRYPTO_CIPHER_AES_CTR */
 int crypto_cipher_rewind(crypto_cipher_env_t *env, long delta);
 int crypto_cipher_advance(crypto_cipher_env_t *env, long delta);
 
 /* convenience function: wraps crypto_create_crypto_env, set_key, set_iv, and init. */
-crypto_cipher_env_t *crypto_create_init_cipher(int cipher_type, char *key, char *iv, int encrypt_mode);
+crypto_cipher_env_t *crypto_create_init_cipher(const char *key, const char *iv, int encrypt_mode);
 
 /* SHA-1 */
-int crypto_SHA_digest(const unsigned char *m, int len, unsigned char *digest);
-crypto_digest_env_t *crypto_new_digest_env(int type);
+int crypto_digest(const unsigned char *m, int len, unsigned char *digest);
+crypto_digest_env_t *crypto_new_digest_env();
 void crypto_free_digest_env(crypto_digest_env_t *digest);
 void crypto_digest_add_bytes(crypto_digest_env_t *digest, const char *data,
                              size_t len);
@@ -134,5 +124,13 @@
 int crypto_pseudo_rand_int(unsigned int max);
 
 /* errors */
-char *crypto_perror();
+const char *crypto_perror();
 #endif
+
+/*
+  Local Variables:
+  mode:c
+  indent-tabs-mode:nil
+  c-basic-offset:2
+  End:
+*/

Index: log.c
===================================================================
RCS file: /home/or/cvsroot/src/common/log.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -d -r1.34 -r1.35
--- log.c	30 Mar 2004 03:15:23 -0000	1.34
+++ log.c	3 Apr 2004 02:40:29 -0000	1.35
@@ -3,6 +3,8 @@
 /* $Id$ */
 
 #include "../or/or.h"
+#include <stdarg.h>
+
 #ifdef MS_WINDOWS
 #define vsnprintf _vsnprintf
 #endif

Index: tortls.c
===================================================================
RCS file: /home/or/cvsroot/src/common/tortls.c,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -d -r1.37 -r1.38
--- tortls.c	9 Mar 2004 22:01:16 -0000	1.37
+++ tortls.c	3 Apr 2004 02:40:29 -0000	1.38
@@ -55,6 +55,7 @@
 /* These functions are declared in crypto.c but not exported. */
 EVP_PKEY *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env);
 crypto_pk_env_t *_crypto_new_pk_env_rsa(RSA *rsa);
+DH *_crypto_dh_env_get_dh(crypto_dh_env_t *dh);
 
 static void
 tls_log_errors(int severity, const char *doing)
@@ -261,7 +262,7 @@
     }
   }
   dh = crypto_dh_new();
-  SSL_CTX_set_tmp_dh(result->ctx, dh->dh);
+  SSL_CTX_set_tmp_dh(result->ctx, _crypto_dh_env_get_dh(dh));
   crypto_dh_free(dh);
   SSL_CTX_set_verify(result->ctx, SSL_VERIFY_PEER,
                      always_accept_verify_cb);