[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [or-cvs] Added the crypto abstraction to libor. Need to testand cha...
- To: or-dev@freehaven.net
- Subject: Re: [or-cvs] Added the crypto abstraction to libor. Need to testand cha...
- From: Matej Pfajfar <badbytes@freehaven.net>
- Date: Thu, 25 Jul 2002 06:17:21 -0400 (EDT)
- Delivered-To: archiver@seul.org
- Delivered-To: or-dev-outgoing@seul.org
- Delivered-To: or-dev@seul.org
- Delivery-Date: Thu, 25 Jul 2002 06:17:23 -0400
- In-Reply-To: <20020725081725.49EA3146977@moria.seul.org>
- Reply-To: or-dev@freehaven.net
- Sender: owner-or-dev@freehaven.net
I forgot to add :
In case anyone is eager to help revamping the crypto calls ;-),
thanks but no need - I've already changed most of it, only onion.c left.
But I won't commit until I've tested it and Roger OKs the patch.
Mat
On Thu, 25 Jul 2002 badbytes@seul.org wrote:
> Update of /home/or/cvsroot/src/common
> In directory moria.seul.org:/tmp/cvs-serv23615
>
> Modified Files:
> Makefile.am crypto.c crypto.h
> Log Message:
> Added the crypto abstraction to libor. Need to test and change the code to use this instead of OpenSSL.
>
>
> Index: Makefile.am
> ===================================================================
> RCS file: /home/or/cvsroot/src/common/Makefile.am,v
> retrieving revision 1.3
> retrieving revision 1.4
> diff -u -d -r1.3 -r1.4
> --- Makefile.am 19 Jul 2002 18:47:04 -0000 1.3
> +++ Makefile.am 25 Jul 2002 08:17:22 -0000 1.4
> @@ -3,9 +3,9 @@
>
> #CFLAGS = -Wall -Wpointer-arith -O2
>
> -libor_a_SOURCES = config.c key.c log.c utils.c
> +libor_a_SOURCES = config.c key.c log.c utils.c crypto.c
>
> noinst_HEADERS = config.h key.h log.h \
> policies.h utils.h \
> - ss.h version.h
> + ss.h version.h crypto.h
>
>
> Index: crypto.c
> ===================================================================
> RCS file: /home/or/cvsroot/src/common/crypto.c,v
> retrieving revision 1.1
> retrieving revision 1.2
> diff -u -d -r1.1 -r1.2
> --- crypto.c 24 Jul 2002 14:02:39 -0000 1.1
> +++ crypto.c 25 Jul 2002 08:17:22 -0000 1.2
> @@ -5,6 +5,7 @@
> #include "crypto.h"
>
> #include <stdlib.h>
> +#include <assert.h>
>
> int crypto_global_init()
> {
> @@ -32,16 +33,16 @@
>
> switch(type) {
> case CRYPTO_PK_RSA:
> - env->key = (unsigned char *)RSA_new();
> - if (!env->key) {
> - free((void *)env);
> - return NULL;
> - }
> - break;
> + env->key = (unsigned char *)RSA_new();
> + if (!env->key) {
> + free((void *)env);
> + return NULL;
> + }
> + break;
> default:
> - free((void *)env);
> - return NULL;
> - break;
> + free((void *)env);
> + return NULL;
> + break;
> }
>
> return env;
> @@ -49,16 +50,15 @@
>
> void crypto_free_pk_env(crypto_pk_env_t *env)
> {
> - if (!env)
> - return;
> + assert(env);
>
> switch(env->type) {
> case CRYPTO_PK_RSA:
> - if (env->key)
> + if (env->key)
> RSA_free((RSA *)env->key);
> - break;
> + break;
> default:
> - break;
> + break;
> }
>
> free((void *)env);
> @@ -80,96 +80,95 @@
>
> switch(type) {
> case CRYPTO_CIPHER_IDENTITY:
> - env->aux = (unsigned char *)malloc(sizeof(EVP_CIPHER_CTX));
> - if (!env->aux) {
> - free((void *)env);
> - return NULL;
> - }
> - EVP_CIPHER_CTX_init((EVP_CIPHER_CTX *)env->aux);
> - break;
> + env->aux = (unsigned char *)malloc(sizeof(EVP_CIPHER_CTX));
> + if (!env->aux) {
> + free((void *)env);
> + return NULL;
> + }
> + EVP_CIPHER_CTX_init((EVP_CIPHER_CTX *)env->aux);
> + break;
> case CRYPTO_CIPHER_DES:
> - env->aux = (unsigned char *)malloc(sizeof(EVP_CIPHER_CTX));
> - if (!env->aux) {
> - free((void *)env);
> - return NULL;
> - }
> - env->key = (unsigned char *)malloc(8);
> - if (!env->key) {
> - free((void *)env->aux);
> - free((void *)env);
> - return NULL;
> - }
> - env->iv = (unsigned char *)malloc(8);
> - if (!env->iv) {
> - free((void *)env->key);
> - free((void *)env->aux);
> - return NULL;
> - }
> - EVP_CIPHER_CTX_init((EVP_CIPHER_CTX *)env->aux);
> - break;
> + env->aux = (unsigned char *)malloc(sizeof(EVP_CIPHER_CTX));
> + if (!env->aux) {
> + free((void *)env);
> + return NULL;
> + }
> + env->key = (unsigned char *)malloc(8);
> + if (!env->key) {
> + free((void *)env->aux);
> + free((void *)env);
> + return NULL;
> + }
> + env->iv = (unsigned char *)malloc(8);
> + if (!env->iv) {
> + free((void *)env->key);
> + free((void *)env->aux);
> + return NULL;
> + }
> + EVP_CIPHER_CTX_init((EVP_CIPHER_CTX *)env->aux);
> + break;
> case CRYPTO_CIPHER_RC4:
> - env->aux = (unsigned char *)malloc(sizeof(EVP_CIPHER_CTX));
> - if (!env->aux) {
> - free((void *)env);
> - return NULL;
> - }
> - env->key = (unsigned char *)malloc(16);
> - if (!env->key) {
> - free((void *)env->aux);
> - free((void *)env);
> - return NULL;
> - }
> - env->iv = (unsigned char *)malloc(16);
> - if (!env->iv) {
> - free((void *)env->key);
> - free((void *)env->aux);
> - return NULL;
> - }
> - break;
> - EVP_CIPHER_CTX_init((EVP_CIPHER_CTX *)env->aux);
> + env->aux = (unsigned char *)malloc(sizeof(EVP_CIPHER_CTX));
> + if (!env->aux) {
> + free((void *)env);
> + return NULL;
> + }
> + env->key = (unsigned char *)malloc(16);
> + if (!env->key) {
> + free((void *)env->aux);
> + free((void *)env);
> + return NULL;
> + }
> + env->iv = (unsigned char *)malloc(16);
> + if (!env->iv) {
> + free((void *)env->key);
> + free((void *)env->aux);
> + return NULL;
> + }
> + break;
> + EVP_CIPHER_CTX_init((EVP_CIPHER_CTX *)env->aux);
> default:
> - free((void *)env);
> - return NULL;
> - break;
> + free((void *)env);
> + return NULL;
> + break;
> }
> -
> +
> return env;
> }
>
> void crypto_free_cipher_env(crypto_cipher_env_t *env)
> {
> - if (!env)
> - return;
> + assert(env);
>
> switch(env->type) {
> case CRYPTO_CIPHER_IDENTITY:
> - if (env->aux) {
> - EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX *)env->aux);
> - free((void *)env->aux);
> - }
> - break;
> + if (env->aux) {
> + EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX *)env->aux);
> + free((void *)env->aux);
> + }
> + break;
> case CRYPTO_CIPHER_DES:
> - if (env->aux) {
> - EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX *)env->aux);
> - free((void *)env->aux);
> - }
> - if (env->key)
> + if (env->aux) {
> + EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX *)env->aux);
> + free((void *)env->aux);
> + }
> + if (env->key)
> free((void *)env->key);
> - if (env->iv)
> + if (env->iv)
> free((void *)env->iv);
> - break;
> + break;
> case CRYPTO_CIPHER_RC4:
> - if (env->aux) {
> - EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX *)env->aux);
> - free((void *)env->aux);
> - }
> - if (env->key)
> + if (env->aux) {
> + EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX *)env->aux);
> + free((void *)env->aux);
> + }
> + if (env->key)
> free((void *)env->key);
> - if (env->iv)
> + if (env->iv)
> free((void *)env->iv);
> - break;
> + break;
> default:
> - break;
> + break;
> }
>
> free((void *)env);
> @@ -179,67 +178,264 @@
> /* public key crypto */
> int crypto_pk_generate_key(crypto_pk_env_t *env)
> {
> + assert(env);
> +
> + switch(env->type) {
> + case CRYPTO_PK_RSA:
> + if (env->key)
> + RSA_free((RSA *)env->key);
> + env->key = (unsigned char *)RSA_generate_key(1024,65535, NULL, NULL);
> + if (!env->key)
> + return -1;
> + break;
> + default:
> + return -1;
> + }
> +
> return 0;
> }
>
> int crypto_pk_read_private_key(crypto_pk_env_t *env, FILE *src)
> {
> + assert(env && src);
> +
> + switch(env->type) {
> + case CRYPTO_PK_RSA:
> + if (env->key)
> + RSA_free((RSA *)env->key);
> + env->key = (unsigned char *)PEM_read_RSAPrivateKey(src, (RSA **)&env->key, NULL, NULL);
> + if (!env->key)
> + return -1;
> + break;
> + default :
> + return -1;
> + }
> +
> return 0;
> }
> int crypto_pk_read_public_key(crypto_pk_env_t *env, FILE *src)
> {
> + assert(env && src);
> +
> + switch(env->type) {
> + case CRYPTO_PK_RSA:
> + if (env->key)
> + RSA_free((RSA *)env->key);
> + env->key = (unsigned char *)PEM_read_RSAPublicKey(src, (RSA **)&env->key, NULL, NULL);
> + if (!env->key)
> + return -1;
> + break;
> + default :
> + return -1;
> + }
> +
> return 0;
> }
> +
> int crypto_pk_write_private_key(crypto_pk_env_t *env, FILE *dest)
> {
> + assert(env && dest);
> +
> + switch(env->type) {
> + case CRYPTO_PK_RSA:
> + if (!env->key)
> + return -1;
> + if (PEM_write_RSAPrivateKey(dest, (RSA *)env->key, NULL, NULL, 0,0, NULL) == 0)
> + return -1;
> + break;
> + default :
> + return -1;
> + }
> +
> return 0;
> }
> int crypto_pk_write_public_key(crypto_pk_env_t *env, FILE *dest)
> {
> + assert(env && dest);
> +
> + switch(env->type) {
> + case CRYPTO_PK_RSA:
> + if (!env->key)
> + return -1;
> + if (PEM_write_RSAPublicKey(dest, (RSA *)env->key) == 0)
> + return -1;
> + break;
> + default :
> + return -1;
> + }
> +
> return 0;
> }
>
> +int crypto_pk_check_key(crypto_pk_env_t *env)
> +{
> + assert(env);
> +
> + switch(env->type) {
> + case CRYPTO_PK_RSA:
> + return RSA_check_key((RSA *)env->key);
> + default:
> + return -1;
> + }
> +}
> +
> int crypto_pk_set_key(crypto_pk_env_t *env, unsigned char *key)
> {
> + assert(env && key);
> +
> + switch(env->type) {
> + case CRYPTO_PK_RSA:
> + if (env->key)
> + RSA_free((RSA *)env->key);
> + env->key = key;
> + break;
> + default :
> + return -1;
> + }
> +
> return 0;
> }
>
> +int crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding)
> +{
> + assert(env && from && to);
> +
> + switch(env->type) {
> + case CRYPTO_PK_RSA:
> + return RSA_public_encrypt(fromlen, from, to, (RSA *)env->key, padding);
> + default:
> + return -1;
> + }
> +}
> +
> +int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding)
> +{
> + assert(env && from && to);
> +
> + switch(env->type) {
> + case CRYPTO_PK_RSA:
> + return RSA_private_decrypt(fromlen, from, to, (RSA *)env->key, padding);
> + default:
> + return -1;
> + }
> +}
> +
> /* symmetric crypto */
> int crypto_cipher_set_iv(crypto_cipher_env_t *env, unsigned char *iv)
> {
> + assert(env && iv);
> +
> + switch(env->type) {
> + case CRYPTO_CIPHER_IDENTITY:
> + break;
> + case CRYPTO_CIPHER_DES:
> + case CRYPTO_CIPHER_RC4:
> + if (env->iv)
> + free((void *)env->iv);
> + env->iv = iv;
> + break;
> + default:
> + return -1;
> + }
> +
> return 0;
> }
> int crypto_cipher_set_key(crypto_cipher_env_t *env, unsigned char *key)
> {
> + assert(env && key);
> +
> + switch(env->type) {
> + case CRYPTO_CIPHER_IDENTITY:
> + break;
> + case CRYPTO_CIPHER_DES:
> + case CRYPTO_CIPHER_RC4:
> + if (env->key)
> + free((void *)env->key);
> + env->key = key;
> + break;
> + default:
> + return -1;
> + }
> +
> return 0;
> }
> -int crypto_cipher_init_cipher()
> +
> +int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env)
> {
> + assert(env);
> +
> + switch(env->type) {
> + case CRYPTO_CIPHER_IDENTITY:
> + return !(EVP_EncryptInit((EVP_CIPHER_CTX *)env->aux, EVP_enc_null(), env->key, env->iv));
> + case CRYPTO_CIPHER_DES:
> + return !(EVP_EncryptInit((EVP_CIPHER_CTX *)env->aux, EVP_des_ofb(), env->key, env->iv));
> + case CRYPTO_CIPHER_RC4:
> + return !(EVP_EncryptInit((EVP_CIPHER_CTX *)env->aux, EVP_rc4(), env->key, env->iv));
> + default:
> + return -1;
> + }
> +
> return 0;
> }
>
> +int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env)
> +{
> + assert(env);
> +
> + switch(env->type) {
> + case CRYPTO_CIPHER_IDENTITY:
> + return !(EVP_DecryptInit((EVP_CIPHER_CTX *)env->aux, EVP_enc_null(), env->key, env->iv));
> + case CRYPTO_CIPHER_DES:
> + return !(EVP_DecryptInit((EVP_CIPHER_CTX *)env->aux, EVP_des_ofb(), env->key, env->iv));
> + case CRYPTO_CIPHER_RC4:
> + return !(EVP_DecryptInit((EVP_CIPHER_CTX *)env->aux, EVP_rc4(), env->key, env->iv));
> + default:
> + return -1;
> + }
> +
> + return 0;
> +}
> +
> int crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to)
> {
> - return 0;
> + int tolen;
> +
> + assert(env && from && to);
> +
> + return !(EVP_EncryptUpdate((EVP_CIPHER_CTX *)env->aux, to, &tolen, from, fromlen));
> }
>
> int crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to)
> {
> - return 0;
> + int tolen;
> +
> + assert(env && from && to);
> +
> + return !(EVP_DecryptUpdate((EVP_CIPHER_CTX *)env->aux, to, &tolen, from, fromlen));
> }
>
> /* SHA-1 */
> -int crypto_SHA_digest(unsigned char *m, unsigned char *digest)
> +int crypto_SHA_digest(unsigned char *m, int len, unsigned char *digest)
> {
> - return 0;
> + assert(m && digest);
> + return (SHA1(m,len,digest) == NULL);
> }
>
> /* random numbers */
> int crypto_rand(unsigned int n, unsigned char *to)
> {
> - return 0;
> + assert(to);
> + return (RAND_bytes(to, n) == -1);
> }
> +
> int crypto_pseudo_rand(unsigned int n, unsigned char *to)
> {
> - return 0;
> + assert(to);
> + return (RAND_pseudo_bytes(to, n) == -1);
> +}
> +
> +/* errors */
> +char *crypto_perror()
> +{
> + return (char *)ERR_reason_error_string(ERR_get_error());
> }
>
> Index: crypto.h
> ===================================================================
> RCS file: /home/or/cvsroot/src/common/crypto.h,v
> retrieving revision 1.1
> retrieving revision 1.2
> diff -u -d -r1.1 -r1.2
> --- crypto.h 24 Jul 2002 14:02:39 -0000 1.1
> +++ crypto.h 25 Jul 2002 08:17:22 -0000 1.2
> @@ -53,22 +53,29 @@
> int crypto_pk_read_public_key(crypto_pk_env_t *env, FILE *src);
> int crypto_pk_write_private_key(crypto_pk_env_t *env, FILE *dest);
> int crypto_pk_write_public_key(crypto_pk_env_t *env, FILE *dest);
> +int crypto_pk_check_key(crypto_pk_env_t *env);
>
> int crypto_pk_set_key(crypto_pk_env_t *env, unsigned char *key);
>
> +int crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
> +int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
> +
> /* symmetric crypto */
> int crypto_cipher_set_iv(crypto_cipher_env_t *env, unsigned char *iv);
> int crypto_cipher_set_key(crypto_cipher_env_t *env, unsigned char *key);
> -int crypto_cipher_init_cipher();
> +int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env);
> +int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env);
>
> int crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
> int crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
>
> /* SHA-1 */
> -int crypto_SHA_digest(unsigned char *m, unsigned char *digest);
> +int crypto_SHA_digest(unsigned char *m, int len, unsigned char *digest);
>
> /* random numbers */
> int crypto_rand(unsigned int n, unsigned char *to);
> int crypto_pseudo_rand(unsigned int n, unsigned char *to);
>
> +/* errors */
> +char *crypto_perror();
> #endif
>
--
Matej Pfajfar
GPG Public Keys @ http://matejpfajfar.co.uk/keys