tor  0.4.1.0-alpha-dev
Data Structures | Macros | Functions | Variables
crypto_dh_openssl.c File Reference
#include "lib/crypt_ops/compat_openssl.h"
#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_digest.h"
#include "lib/crypt_ops/crypto_hkdf.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/log/log.h"
#include "lib/log/util_bug.h"
#include <openssl/dh.h>
#include <openssl/bn.h>
#include <string.h>

Go to the source code of this file.

Data Structures

struct  crypto_dh_t
 

Macros

#define DH_PRIVATE_KEY_BITS   320
 

Functions

static int tor_check_dh_key (int severity, const BIGNUM *bn)
 
static DH * new_openssl_dh_from_params (BIGNUM *p, BIGNUM *g)
 
static BIGNUM * bignum_from_hex (const char *hex)
 
static void crypto_set_dh_generator (void)
 
void crypto_dh_init_openssl (void)
 
DH * crypto_dh_new_openssl_tls (void)
 
crypto_dh_tcrypto_dh_new (int dh_type)
 
crypto_dh_tcrypto_dh_dup (const crypto_dh_t *dh)
 
int crypto_dh_get_bytes (crypto_dh_t *dh)
 
int crypto_dh_generate_public (crypto_dh_t *dh)
 
int crypto_dh_get_public (crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
 
ssize_t crypto_dh_handshake (int severity, crypto_dh_t *dh, const char *pubkey, size_t pubkey_len, unsigned char *secret_out, size_t secret_bytes_out)
 
void crypto_dh_free_ (crypto_dh_t *dh)
 
void crypto_dh_free_all_openssl (void)
 

Variables

static BIGNUM * dh_param_p = NULL
 
static BIGNUM * dh_param_p_tls = NULL
 
static BIGNUM * dh_param_g = NULL
 

Detailed Description

Implement Tor's Z_p diffie-hellman stuff for OpenSSL.

Definition in file crypto_dh_openssl.c.

Macro Definition Documentation

◆ DH_PRIVATE_KEY_BITS

#define DH_PRIVATE_KEY_BITS   320

Number of bits to use when choosing the x or y value in a Diffie-Hellman handshake. Since we exponentiate by this value, choosing a smaller one lets our handhake go faster.

Definition at line 168 of file crypto_dh_openssl.c.

Referenced by new_openssl_dh_from_params().

Function Documentation

◆ bignum_from_hex()

static BIGNUM* bignum_from_hex ( const char *  hex)
static

Helper: convert hex to a bignum, and return it. Assert that the operation was successful.

Definition at line 110 of file crypto_dh_openssl.c.

References tor_assert().

Referenced by crypto_dh_init_openssl().

◆ crypto_dh_dup()

crypto_dh_t* crypto_dh_dup ( const crypto_dh_t dh)

Return a copy of dh, sharing its internal state.

Definition at line 254 of file crypto_dh_openssl.c.

References crypto_dh_new(), and tor_assert().

◆ crypto_dh_free_()

void crypto_dh_free_ ( crypto_dh_t dh)

Free a DH key exchange object.

Definition at line 456 of file crypto_dh_openssl.c.

References crypto_dh_t::dh, tor_assert(), and tor_free.

◆ crypto_dh_generate_public()

int crypto_dh_generate_public ( crypto_dh_t dh)

Generate <x,g^x> for our part of the key exchange. Return 0 on success, -1 on failure.

Definition at line 277 of file crypto_dh_openssl.c.

References crypto_openssl_log_errors(), crypto_dh_t::dh, LOG_WARN, tor_assert(), and tor_check_dh_key().

Referenced by crypto_dh_get_public().

◆ crypto_dh_get_bytes()

int crypto_dh_get_bytes ( crypto_dh_t dh)

Return the length of the DH key in dh, in bytes.

Definition at line 267 of file crypto_dh_openssl.c.

References crypto_dh_t::dh, DH1024_KEY_LEN, and tor_assert().

Referenced by crypto_dh_compute_secret(), and onion_skin_TAP_client_handshake().

◆ crypto_dh_get_public()

int crypto_dh_get_public ( crypto_dh_t dh,
char *  pubkey,
size_t  pubkey_len 
)

Generate g^x as necessary, and write the g^x for the key exchange as a pubkey_len-byte value into pubkey. Return 0 on success, -1 on failure. pubkey_len must be >= DH1024_KEY_LEN.

Definition at line 323 of file crypto_dh_openssl.c.

References crypto_dh_generate_public(), crypto_dh_t::dh, and tor_assert().

◆ crypto_dh_handshake()

ssize_t crypto_dh_handshake ( int  severity,
crypto_dh_t dh,
const char *  pubkey,
size_t  pubkey_len,
unsigned char *  secret_out,
size_t  secret_bytes_out 
)

Given a DH key exchange object, and our peer's value of g^y (as a pubkey_len-byte value in pubkey) generate g^xy as a big-endian integer in secret_out. Return the number of bytes generated on success, or -1 on failure.

This function MUST validate that g^y is actually in the group.

Definition at line 409 of file crypto_dh_openssl.c.

References DH1024_KEY_LEN, DIGEST_LEN, and tor_assert().

◆ crypto_dh_init_openssl()

void crypto_dh_init_openssl ( void  )

Initialize our DH parameters. Idempotent.

Definition at line 144 of file crypto_dh_openssl.c.

References bignum_from_hex(), crypto_set_dh_generator(), dh_param_g, dh_param_p, dh_param_p_tls, OAKLEY_PRIME_2, TLS_DH_PRIME, and tor_assert().

◆ crypto_dh_new()

crypto_dh_t* crypto_dh_new ( int  dh_type)

Allocate and return a new DH object for a key exchange. Returns NULL on failure.

Definition at line 183 of file crypto_dh_openssl.c.

Referenced by crypto_dh_dup().

◆ crypto_dh_new_openssl_tls()

DH* crypto_dh_new_openssl_tls ( void  )

Used by tortls.c: Get the DH* for use with TLS.

Definition at line 173 of file crypto_dh_openssl.c.

References dh_param_g, dh_param_p_tls, and new_openssl_dh_from_params().

◆ crypto_set_dh_generator()

static void crypto_set_dh_generator ( void  )
static

Set the global Diffie-Hellman generator, used for both TLS and internal DH stuff.

Definition at line 125 of file crypto_dh_openssl.c.

References DH_GENERATOR, dh_param_g, and tor_assert().

Referenced by crypto_dh_init_openssl().

◆ new_openssl_dh_from_params()

static DH * new_openssl_dh_from_params ( BIGNUM *  p,
BIGNUM *  g 
)
static

Create and return a new openssl DH from a given prime and generator.

Definition at line 209 of file crypto_dh_openssl.c.

References crypto_openssl_log_errors(), DH_PRIVATE_KEY_BITS, and LOG_WARN.

Referenced by crypto_dh_new_openssl_tls().

◆ tor_check_dh_key()

static int tor_check_dh_key ( int  severity,
const BIGNUM *  bn 
)
static

Check for bad Diffie-Hellman public keys (g^x). Return 0 if the key is okay (in the subgroup [2,p-2]), or -1 if it's bad. See http://www.cl.cam.ac.uk/ftp/users/rja14/psandqs.ps.gz for some tips.

Definition at line 370 of file crypto_dh_openssl.c.

References tor_assert().

Referenced by crypto_dh_generate_public().

Variable Documentation

◆ dh_param_g

BIGNUM* dh_param_g = NULL
static

Shared G parameter for our DH key exchanges.

Definition at line 46 of file crypto_dh_openssl.c.

Referenced by crypto_dh_init_openssl(), crypto_dh_new_openssl_tls(), and crypto_set_dh_generator().

◆ dh_param_p

BIGNUM* dh_param_p = NULL
static

Shared P parameter for our circuit-crypto DH key exchanges.

Definition at line 42 of file crypto_dh_openssl.c.

Referenced by crypto_dh_init_openssl().

◆ dh_param_p_tls

BIGNUM* dh_param_p_tls = NULL
static

Shared P parameter for our TLS DH key exchanges.

Definition at line 44 of file crypto_dh_openssl.c.

Referenced by crypto_dh_init_openssl(), and crypto_dh_new_openssl_tls().