|
Tor
0.4.7.0-alpha-dev
|
Headers for crypto_rsa.c. More...
#include "orconfig.h"#include "lib/crypt_ops/crypto_digest.h"#include "lib/cc/torint.h"#include "lib/testsupport/testsupport.h"#include "lib/log/log.h"Go to the source code of this file.
Macros | |
| #define | PK_BYTES (1024/8) |
| #define | PK_PKCS1_OAEP_PADDING 60002 |
| #define | PKCS1_OAEP_PADDING_OVERHEAD 42 |
| #define | FINGERPRINT_LEN 49 |
| #define | TOR_RSA_EXPONENT 65537 |
| #define | crypto_pk_free(pk) FREE_AND_NULL(crypto_pk_t, crypto_pk_free_, (pk)) |
| #define | crypto_pk_generate_key(env) crypto_pk_generate_key_with_bits((env), (PK_BYTES*8)) |
Functions | |
| crypto_pk_t * | crypto_pk_new (void) |
| void | crypto_pk_free_ (crypto_pk_t *env) |
| int | crypto_get_rsa_padding_overhead (int padding) |
| int | crypto_get_rsa_padding (int padding) |
| int | crypto_pk_generate_key_with_bits (crypto_pk_t *env, int bits) |
| int | crypto_pk_read_private_key_from_filename (crypto_pk_t *env, const char *keyfile) |
| int | crypto_pk_write_public_key_to_string (crypto_pk_t *env, char **dest, size_t *len) |
| int | crypto_pk_write_private_key_to_string (crypto_pk_t *env, char **dest, size_t *len) |
| int | crypto_pk_read_public_key_from_string (crypto_pk_t *env, const char *src, size_t len) |
| int | crypto_pk_read_private_key_from_string (crypto_pk_t *env, const char *s, ssize_t len) |
| int | crypto_pk_read_private_key1024_from_string (crypto_pk_t *env, const char *src, ssize_t len) |
| int | crypto_pk_write_private_key_to_filename (crypto_pk_t *env, const char *fname) |
| int | crypto_pk_is_valid_private_key (const crypto_pk_t *env) |
| int | crypto_pk_cmp_keys (const crypto_pk_t *a, const crypto_pk_t *b) |
| int | crypto_pk_eq_keys (const crypto_pk_t *a, const crypto_pk_t *b) |
| size_t | crypto_pk_keysize (const crypto_pk_t *env) |
| int | crypto_pk_num_bits (crypto_pk_t *env) |
| crypto_pk_t * | crypto_pk_dup_key (crypto_pk_t *orig) |
| crypto_pk_t * | crypto_pk_copy_full (crypto_pk_t *orig) |
| int | crypto_pk_key_is_private (const crypto_pk_t *key) |
| int | crypto_pk_public_exponent_ok (const crypto_pk_t *env) |
| int | crypto_pk_obsolete_public_hybrid_encrypt (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int force) |
| int | crypto_pk_obsolete_private_hybrid_decrypt (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int warnOnFailure) |
| int | crypto_pk_public_encrypt (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding) |
| int | crypto_pk_private_decrypt (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int warnOnFailure) |
| int | crypto_pk_public_checksig (const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen) |
| int | crypto_pk_private_sign (const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen) |
| int | crypto_pk_asn1_encode (const crypto_pk_t *pk, char *dest, size_t dest_len) |
| crypto_pk_t * | crypto_pk_asn1_decode (const char *str, size_t len) |
| int | crypto_pk_asn1_encode_private (const crypto_pk_t *pk, char *dest, size_t dest_len) |
| crypto_pk_t * | crypto_pk_asn1_decode_private (const char *str, size_t len, int max_bits) |
| int | crypto_pk_get_fingerprint (crypto_pk_t *pk, char *fp_out, int add_space) |
| int | crypto_pk_get_hashed_fingerprint (crypto_pk_t *pk, char *fp_out) |
| void | crypto_add_spaces_to_fp (char *out, size_t outlen, const char *in) |
| int | crypto_pk_public_checksig_digest (crypto_pk_t *env, const char *data, size_t datalen, const char *sig, size_t siglen) |
| int | crypto_pk_private_sign_digest (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen) |
| int | crypto_pk_get_digest (const crypto_pk_t *pk, char *digest_out) |
| int | crypto_pk_get_common_digests (crypto_pk_t *pk, common_digests_t *digests_out) |
| int | crypto_pk_base64_encode_private (const crypto_pk_t *pk, char **priv_out) |
| crypto_pk_t * | crypto_pk_base64_decode_private (const char *str, size_t len) |
| void | crypto_pk_assign_public (crypto_pk_t *dest, const crypto_pk_t *src) |
| void | crypto_pk_assign_private (crypto_pk_t *dest, const crypto_pk_t *src) |
Headers for crypto_rsa.c.
Definition in file crypto_rsa.h.
| #define FINGERPRINT_LEN 49 |
Length of encoded public key fingerprints, including space; but not including terminating NUL.
Definition at line 34 of file crypto_rsa.h.
| #define PK_BYTES (1024/8) |
Length of our public keys.
Definition at line 24 of file crypto_rsa.h.
| #define PK_PKCS1_OAEP_PADDING 60002 |
Constant used to indicate OAEP padding for public-key encryption
Definition at line 27 of file crypto_rsa.h.
| #define PKCS1_OAEP_PADDING_OVERHEAD 42 |
Number of bytes added for PKCS1-OAEP padding.
Definition at line 30 of file crypto_rsa.h.
| #define TOR_RSA_EXPONENT 65537 |
Value of 'e' to use in our public keys
Definition at line 37 of file crypto_rsa.h.
| void crypto_add_spaces_to_fp | ( | char * | out, |
| size_t | outlen, | ||
| const char * | in | ||
| ) |
Copy in to the outlen-byte buffer out, adding spaces every four characters.
Definition at line 270 of file crypto_rsa.c.
Referenced by crypto_pk_get_fingerprint().
| int crypto_get_rsa_padding_overhead | ( | int | padding | ) |
Return the number of bytes added by padding method padding.
Definition at line 41 of file crypto_rsa.c.
Referenced by crypto_pk_obsolete_public_hybrid_encrypt().
| crypto_pk_t* crypto_pk_asn1_decode | ( | const char * | str, |
| size_t | len | ||
| ) |
Decode an ASN.1-encoded public key from str; return the result on success and NULL on failure.
Definition at line 619 of file crypto_rsa_nss.c.
| crypto_pk_t* crypto_pk_asn1_decode_private | ( | const char * | str, |
| size_t | len, | ||
| int | max_bits | ||
| ) |
Given a buffer containing the DER representation of the private key str, decode and return the result on success, or NULL on failure.
If max_bits is nonnegative, reject any key longer than max_bits without performing any expensive validation on it.
Decode an ASN.1-encoded private key from str; return the result on success and NULL on failure.
If max_bits is nonnegative, reject any key longer than max_bits without performing any expensive validation on it.
Definition at line 687 of file crypto_rsa_nss.c.
| int crypto_pk_asn1_encode | ( | const crypto_pk_t * | pk, |
| char * | dest, | ||
| size_t | dest_len | ||
| ) |
ASN.1-encode the public portion of pk into dest. Return -1 on error, or the number of characters used on success.
Definition at line 595 of file crypto_rsa_nss.c.
| int crypto_pk_asn1_encode_private | ( | const crypto_pk_t * | pk, |
| char * | dest, | ||
| size_t | dest_len | ||
| ) |
Given a crypto_pk_t pk, allocate a new buffer containing the Base64 encoding of the DER representation of the private key into the dest_len-byte buffer in dest. Return the number of bytes written on success, -1 on failure.
ASN.1-encode the private portion of pk into dest. Return -1 on error, or the number of characters used on success.
Definition at line 656 of file crypto_rsa_nss.c.
| void crypto_pk_assign_private | ( | crypto_pk_t * | dest, |
| const crypto_pk_t * | src | ||
| ) |
For testing: replace dest with src. (Dest must have a refcount of 1)
Replace dest with src (private key only). (Dest must have a refcount of 1)
Definition at line 374 of file crypto_rsa_nss.c.
| void crypto_pk_assign_public | ( | crypto_pk_t * | dest, |
| const crypto_pk_t * | src | ||
| ) |
For testing: replace dest with src. (Dest must have a refcount of 1)
Replace dest with src (public key only). (Dest must have a refcount of 1)
Definition at line 364 of file crypto_rsa_nss.c.
| crypto_pk_t* crypto_pk_base64_decode_private | ( | const char * | str, |
| size_t | len | ||
| ) |
Given a string containing the Base64 encoded DER representation of the private key str, decode and return the result on success, or NULL on failure.
Definition at line 669 of file crypto_rsa.c.
| int crypto_pk_base64_encode_private | ( | const crypto_pk_t * | pk, |
| char ** | priv_out | ||
| ) |
Given a crypto_pk_t pk, allocate a new buffer containing the Base64 encoding of the DER representation of the private key as a NUL terminated string, and return it via priv_out. Return 0 on success, -1 on failure.
It is the caller's responsibility to sanitize and free the resulting buffer.
Definition at line 633 of file crypto_rsa.c.
| int crypto_pk_cmp_keys | ( | const crypto_pk_t * | a, |
| const crypto_pk_t * | b | ||
| ) |
Compare the public-key components of a and b. Return less than 0 if a<b, 0 if a==b, and greater than 0 if a>b. A NULL key is considered to be less than all non-NULL keys, and equal to itself.
Note that this may leak information about the keys through timing.
Definition at line 302 of file crypto_rsa_nss.c.
Referenced by crypto_pk_eq_keys().
| crypto_pk_t* crypto_pk_copy_full | ( | crypto_pk_t * | env | ) |
Make a real honest-to-goodness copy of env, and return it. Returns NULL on failure.
Definition at line 386 of file crypto_rsa_nss.c.
Referenced by dup_onion_keys().
| crypto_pk_t* crypto_pk_dup_key | ( | crypto_pk_t * | env | ) |
Make a copy of key and return it.
Increase the reference count of env, and return it.
Definition at line 351 of file crypto_rsa_nss.c.
Referenced by crypto_pk_copy_full().
| int crypto_pk_eq_keys | ( | const crypto_pk_t * | a, |
| const crypto_pk_t * | b | ||
| ) |
Compare the public-key components of a and b. Return non-zero iff a==b. A NULL key is considered to be distinct from all non-NULL keys, and equal to itself.
Note that this may leak information about the keys through timing.
Definition at line 71 of file crypto_rsa.c.
Referenced by assert_identity_keys_ok(), and router_differences_are_cosmetic().
| void crypto_pk_free_ | ( | crypto_pk_t * | env | ) |
Release a reference to an asymmetric key; when all the references are released, free the key.
Definition at line 186 of file crypto_rsa_nss.c.
| int crypto_pk_generate_key_with_bits | ( | crypto_pk_t * | env, |
| int | bits | ||
| ) |
Generate a bits-bit new public/private keypair in env. Return 0 on success, -1 on failure.
Definition at line 200 of file crypto_rsa_nss.c.
Referenced by tor_tls_context_init_certificates().
| int crypto_pk_get_common_digests | ( | crypto_pk_t * | pk, |
| common_digests_t * | digests_out | ||
| ) |
Compute all digests of the DER encoding of pk, and store them in digests_out. Return 0 on success, -1 on failure.
Definition at line 381 of file crypto_rsa.c.
| int crypto_pk_get_digest | ( | const crypto_pk_t * | pk, |
| char * | digest_out | ||
| ) |
Given a private or public key pk, put a SHA1 hash of the public key into digest_out (must have DIGEST_LEN bytes of space). Return 0 on success, -1 on failure.
Definition at line 356 of file crypto_rsa.c.
Referenced by crypto_pk_get_fingerprint(), crypto_pk_get_hashed_fingerprint(), make_tap_onion_key_crosscert(), sr_generate_our_commit(), and sr_handle_received_commits().
| int crypto_pk_get_fingerprint | ( | crypto_pk_t * | pk, |
| char * | fp_out, | ||
| int | add_space | ||
| ) |
Given a private or public key pk, put a fingerprint of the public key into fp_out (must have at least FINGERPRINT_LEN+1 bytes of space). Return 0 on success, -1 on failure.
Fingerprints are computed as the SHA1 digest of the ASN.1 encoding of the public key, converted to hexadecimal, in upper case, with a space after every four digits.
If add_space is false, omit the spaces.
Definition at line 229 of file crypto_rsa.c.
Referenced by dirserv_add_own_fingerprint().
| int crypto_pk_get_hashed_fingerprint | ( | crypto_pk_t * | pk, |
| char * | fp_out | ||
| ) |
Given a private or public key pk, put a hashed fingerprint of the public key into fp_out (must have at least FINGERPRINT_LEN+1 bytes of space). Return 0 on success, -1 on failure.
Hashed fingerprints are computed as the SHA1 digest of the SHA1 digest of the ASN.1 encoding of the public key, converted to hexadecimal, in upper case.
Definition at line 254 of file crypto_rsa.c.
Referenced by router_announce_bridge_status_page().
| int crypto_pk_is_valid_private_key | ( | const crypto_pk_t * | env | ) |
Return true iff env is a valid private key.
Return true if env has a valid key; false otherwise.
Definition at line 250 of file crypto_rsa_nss.c.
| int crypto_pk_key_is_private | ( | const crypto_pk_t * | k | ) |
Return true iff key contains the private-key portion of the RSA key.
Definition at line 45 of file crypto_rsa_nss.c.
Referenced by crypto_pk_asn1_encode_private(), and crypto_pk_private_decrypt().
| size_t crypto_pk_keysize | ( | const crypto_pk_t * | env | ) |
Return the size of the public key modulus in env, in bytes.
Definition at line 331 of file crypto_rsa_nss.c.
Referenced by crypto_pk_base64_encode_private(), crypto_pk_get_common_digests(), crypto_pk_get_digest(), crypto_pk_obsolete_private_hybrid_decrypt(), crypto_pk_obsolete_public_hybrid_encrypt(), and router_get_dirobj_signature().
| crypto_pk_t* crypto_pk_new | ( | void | ) |
Allocate and return storage for a public key. The key itself will not yet be set.
Definition at line 165 of file crypto_rsa_nss.c.
Referenced by crypto_pk_asn1_decode(), crypto_pk_asn1_decode_private(), crypto_pk_dup_key(), init_key_from_file(), and tor_tls_context_init_certificates().
| int crypto_pk_num_bits | ( | crypto_pk_t * | env | ) |
Return the size of the public key modulus of env, in bits.
Definition at line 340 of file crypto_rsa_nss.c.
| int crypto_pk_obsolete_private_hybrid_decrypt | ( | crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen, | ||
| int | padding, | ||
| int | warnOnFailure | ||
| ) |
Invert crypto_pk_obsolete_public_hybrid_encrypt. Returns the number of bytes written on success, -1 on failure.
NOTE that this format does not authenticate the symmetrically encrypted part of the data, and SHOULD NOT BE USED for new protocols.
Definition at line 163 of file crypto_rsa.c.
| int crypto_pk_obsolete_public_hybrid_encrypt | ( | crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen, | ||
| int | padding, | ||
| int | force | ||
| ) |
Perform a hybrid (public/secret) encryption on fromlen bytes of data from from, with padding type 'padding', storing the results on to.
Returns the number of bytes written on success, -1 on failure.
The encrypted data consists of:
NOTE that this format does not authenticate the symmetrically encrypted part of the data, and SHOULD NOT BE USED for new protocols.
Definition at line 94 of file crypto_rsa.c.
| int crypto_pk_private_decrypt | ( | crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen, | ||
| int | padding, | ||
| int | warnOnFailure | ||
| ) |
Decrypt fromlen bytes from from with the private key in env, using the padding method padding. On success, write the result to to, and return the number of bytes written. On failure, return -1.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of key.
Decrypt fromlen bytes from from with the private key in env, using the padding method padding. On success, write the result to to, and return the number of bytes written. On failure, return -1.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of env.
Definition at line 470 of file crypto_rsa_nss.c.
Referenced by crypto_pk_obsolete_private_hybrid_decrypt().
| int crypto_pk_private_sign | ( | const crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen | ||
| ) |
Sign fromlen bytes of data from from with the private key in env, using PKCS1 padding. On success, write the signature to to, and return the number of bytes written. On failure, return -1.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of env.
Definition at line 549 of file crypto_rsa_nss.c.
Referenced by crypto_pk_private_sign_digest().
| int crypto_pk_private_sign_digest | ( | crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen | ||
| ) |
Compute a SHA1 digest of fromlen bytes of data stored at from; sign the data with the private key in env, and store it in to. Return the number of bytes written on success, and -1 on failure.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of env.
Definition at line 339 of file crypto_rsa.c.
| int crypto_pk_public_checksig | ( | const crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen | ||
| ) |
Check the signature in from (fromlen bytes long) with the public key in key, using PKCS1 padding. On success, write the signed data to to, and return the number of bytes written. On failure, return -1.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of key.
Check the signature in from (fromlen bytes long) with the public key in env, using PKCS1 padding. On success, write the signed data to to, and return the number of bytes written. On failure, return -1.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of env.
Definition at line 513 of file crypto_rsa_nss.c.
Referenced by routerinfo_incompatible_with_extrainfo().
| int crypto_pk_public_checksig_digest | ( | crypto_pk_t * | env, |
| const char * | data, | ||
| size_t | datalen, | ||
| const char * | sig, | ||
| size_t | siglen | ||
| ) |
Check a siglen-byte long signature at sig against datalen bytes of data at data, using the public key in env. Return 0 if sig is a correct signature for SHA1(data). Else return -1.
Definition at line 295 of file crypto_rsa.c.
| int crypto_pk_public_encrypt | ( | crypto_pk_t * | env, |
| char * | to, | ||
| size_t | tolen, | ||
| const char * | from, | ||
| size_t | fromlen, | ||
| int | padding | ||
| ) |
Encrypt fromlen bytes from from with the public key in env, using the padding method padding. On success, write the result to to, and return the number of bytes written. On failure, return -1.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of env.
Definition at line 431 of file crypto_rsa_nss.c.
Referenced by crypto_pk_obsolete_public_hybrid_encrypt().
| int crypto_pk_public_exponent_ok | ( | const crypto_pk_t * | env | ) |
Return true iff env contains a public key whose public exponent equals 65537.
Return true iff env contains a public key whose public exponent equals TOR_RSA_EXPONENT.
Definition at line 261 of file crypto_rsa_nss.c.
Referenced by decode_intro_legacy_key().
| int crypto_pk_read_private_key1024_from_string | ( | crypto_pk_t * | env, |
| const char * | src, | ||
| ssize_t | len | ||
| ) |
As crypto_pk_read_private_key_from_string(), but reject any key with a modulus longer than 1024 bits before doing any expensive validation on it.
Definition at line 564 of file crypto_rsa.c.
| int crypto_pk_read_private_key_from_filename | ( | crypto_pk_t * | env, |
| const char * | keyfile | ||
| ) |
Read a PEM-encoded private key from the file named by keyfile into env. Return 0 on success, -1 on failure.
Definition at line 578 of file crypto_rsa.c.
| int crypto_pk_read_private_key_from_string | ( | crypto_pk_t * | env, |
| const char * | src, | ||
| ssize_t | len | ||
| ) |
Read a PEM-encoded private key from the len-byte string src into env. Return 0 on success, -1 on failure. If len is -1, the string is nul-terminated.
Definition at line 551 of file crypto_rsa.c.
| int crypto_pk_read_public_key_from_string | ( | crypto_pk_t * | env, |
| const char * | src, | ||
| size_t | len | ||
| ) |
Read a PEM-encoded public key from the first len characters of src, and store the result in env. Return 0 on success, -1 on failure. If len is -1, the string is nul-terminated.
Definition at line 539 of file crypto_rsa.c.
| int crypto_pk_write_private_key_to_filename | ( | crypto_pk_t * | env, |
| const char * | fname | ||
| ) |
Write the private key from env into the file named by fname, PEM-encoded. Return 0 on success, -1 on failure.
Definition at line 610 of file crypto_rsa.c.
| int crypto_pk_write_private_key_to_string | ( | crypto_pk_t * | env, |
| char ** | dest, | ||
| size_t * | len | ||
| ) |
PEM-encode the private key portion of env and write it to a newly allocated string. On success, set *dest to the new string, *len to the string's length, and return 0. On failure, return -1.
Definition at line 478 of file crypto_rsa.c.
Referenced by crypto_pk_write_private_key_to_filename().
| int crypto_pk_write_public_key_to_string | ( | crypto_pk_t * | env, |
| char ** | dest, | ||
| size_t * | len | ||
| ) |
PEM-encode the public key portion of env and write it to a newly allocated string. On success, set *dest to the new string, *len to the string's length, and return 0. On failure, return -1.
Definition at line 466 of file crypto_rsa.c.
1.9.1