Data Structures | Macros | Typedefs | Functions
crypto_ope.c File Reference

A rudimentary order-preserving encryption scheme. More...

#include "orconfig.h"
#include "lib/crypt_ops/crypto_ope.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/log/util_bug.h"
#include "lib/malloc/malloc.h"
#include "lib/arch/bytes.h"
#include <string.h>

Go to the source code of this file.

Data Structures

struct  crypto_ope_t


#define SAMPLE_INTERVAL   1024
#define ope_val_from_le(x)   (x)
#define BUFSZ   256


typedef uint16_t ope_val_t


STATIC crypto_cipher_t * ope_get_cipher (const crypto_ope_t *ope, uint32_t initial_idx)
STATIC uint64_t sum_values_from_cipher (crypto_cipher_t *c, size_t n)
crypto_ope_tcrypto_ope_new (const uint8_t *key)
void crypto_ope_free_ (crypto_ope_t *ope)
uint64_t crypto_ope_encrypt (const crypto_ope_t *ope, int plaintext)

Detailed Description

A rudimentary order-preserving encryption scheme.

To compute the encryption of N, this scheme uses an AES-CTR stream to generate M-byte values, and adds the first N of them together. (+1 each to insure that the ciphertexts are strictly decreasing.)

We use this for generating onion service revision counters based on the current time, without leaking the amount of skew in our view of the current time. MUCH more analysis would be needed before using it for anything else!

Definition in file crypto_ope.c.

Macro Definition Documentation



Number of precomputed samples to make for each OPE key.

Definition at line 39 of file crypto_ope.c.


#define SAMPLE_INTERVAL   1024

How infrequent should the precomputed values be for this encryption? The choice of this value creates a space/time tradeoff.

Note that this value must be a multiple of 16; see ope_get_cipher()

Definition at line 37 of file crypto_ope.c.

Typedef Documentation

◆ ope_val_t

typedef uint16_t ope_val_t

The type to add up in order to produce our OPE ciphertexts

Definition at line 50 of file crypto_ope.c.

Function Documentation

◆ crypto_ope_encrypt()

uint64_t crypto_ope_encrypt ( const crypto_ope_t ope,
int  plaintext 

Return the encrypted value corresponding to input. The input value must be in range 1..OPE_INPUT_MAX. Returns CRYPTO_OPE_ERROR on an invalid input.

NOTE: this function is not constant-time.

Definition at line 165 of file crypto_ope.c.

◆ crypto_ope_free_()

void crypto_ope_free_ ( crypto_ope_t ope)

Free all storage held in ope.

Definition at line 149 of file crypto_ope.c.

◆ crypto_ope_new()

crypto_ope_t* crypto_ope_new ( const uint8_t *  key)

Return a new crypto_ope_t object, using the provided 256-bit key.

Definition at line 129 of file crypto_ope.c.

◆ ope_get_cipher()

STATIC crypto_cipher_t* ope_get_cipher ( const crypto_ope_t ope,
uint32_t  initial_idx 

Return a new AES256-CTR stream cipher object for ope, ready to yield bytes from the stream at position initial_idx.

Note that because the index is converted directly to an IV, it must be a multiple of the AES block size (16).

Definition at line 73 of file crypto_ope.c.

◆ sum_values_from_cipher()

STATIC uint64_t sum_values_from_cipher ( crypto_cipher_t *  c,
size_t  n 

Retrieve and add the next n values from the stream cipher c, and return their sum.

Note that values are taken in little-endian order (for performance on prevalent hardware), and are mapped from range 0..2^n-1 to range 1..2^n (so that each input encrypts to a different output).

NOTE: this function is not constant-time.

Definition at line 97 of file crypto_ope.c.