diff options
| author | Roger Dingledine <arma@torproject.org> | 2004-11-02 02:28:51 +0000 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2004-11-02 02:28:51 +0000 |
| commit | 85c79ffbc7b965355c3b51cc81000d517089e74e (patch) | |
| tree | eafeb903a90d64be26fb900f567528caa1916b5b | |
| parent | 1433a0b26fcc1e48ac8001c5438e00d140dbf2a9 (diff) | |
| download | tor-85c79ffbc7b965355c3b51cc81000d517089e74e.tar tor-85c79ffbc7b965355c3b51cc81000d517089e74e.tar.gz | |
canonicalize "src" and "dest" arg order in crypto.c (and others)
svn:r2644
| -rw-r--r-- | src/common/container.h | 2 | ||||
| -rw-r--r-- | src/common/crypto.c | 124 | ||||
| -rw-r--r-- | src/common/crypto.h | 92 | ||||
| -rw-r--r-- | src/common/util.c | 6 | ||||
| -rw-r--r-- | src/common/util.h | 2 | ||||
| -rw-r--r-- | src/or/dirserv.c | 4 | ||||
| -rw-r--r-- | src/or/onion.c | 10 | ||||
| -rw-r--r-- | src/or/relay.c | 4 | ||||
| -rw-r--r-- | src/or/rendclient.c | 5 | ||||
| -rw-r--r-- | src/or/rendcommon.c | 2 | ||||
| -rw-r--r-- | src/or/rendmid.c | 2 | ||||
| -rw-r--r-- | src/or/rendservice.c | 6 | ||||
| -rw-r--r-- | src/or/router.c | 2 | ||||
| -rw-r--r-- | src/or/routerparse.c | 8 | ||||
| -rw-r--r-- | src/or/test.c | 50 |
15 files changed, 174 insertions, 145 deletions
diff --git a/src/common/container.h b/src/common/container.h index 7569cb349..8f8a89f74 100644 --- a/src/common/container.h +++ b/src/common/container.h @@ -21,7 +21,7 @@ int smartlist_string_isin(const smartlist_t *sl, const char *element); int smartlist_overlap(const smartlist_t *sl1, const smartlist_t *sl2); void smartlist_intersect(smartlist_t *sl1, const smartlist_t *sl2); void smartlist_subtract(smartlist_t *sl1, const smartlist_t *sl2); -void *smartlist_choose(const smartlist_t *sl); +/* smartlist_choose() is defined in crypto.[ch] */ void *smartlist_get(const smartlist_t *sl, int idx); void *smartlist_set(smartlist_t *sl, int idx, void *val); void *smartlist_del(smartlist_t *sl, int idx); diff --git a/src/common/crypto.c b/src/common/crypto.c index cff4242e2..2a5d62ddc 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -589,7 +589,9 @@ crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *env) { * write the result to <b>to</b>, and return the number of bytes * written. On failure, return -1. */ -int crypto_pk_public_encrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding) +int +crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *to, + const unsigned char *from, int fromlen, int padding) { int r; tor_assert(env); @@ -610,7 +612,10 @@ int crypto_pk_public_encrypt(crypto_pk_env_t *env, const unsigned char *from, in * write the result to <b>to</b>, and return the number of bytes * written. On failure, return -1. */ -int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding, int warnOnFailure) +int +crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *to, + const unsigned char *from, int fromlen, + int padding, int warnOnFailure) { int r; tor_assert(env); @@ -636,7 +641,9 @@ int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, i * signed data to <b>to</b>, and return the number of bytes written. * On failure, return -1. */ -int crypto_pk_public_checksig(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to) +int +crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *to, + const unsigned char *from, int fromlen) { int r; tor_assert(env); @@ -651,35 +658,14 @@ int crypto_pk_public_checksig(crypto_pk_env_t *env, const unsigned char *from, i return r; } -/** Sign <b>fromlen</b> bytes of data from <b>from</b> with the private key in - * <b>env</b>, using PKCS1 padding. On success, write the signature to - * <b>to</b>, and return the number of bytes written. On failure, return - * -1. - */ -int crypto_pk_private_sign(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to) -{ - int r; - tor_assert(env); - tor_assert(from); - tor_assert(to); - if (!env->key->p) - /* Not a private key */ - return -1; - - r = RSA_private_encrypt(fromlen, (unsigned char*)from, to, env->key, RSA_PKCS1_PADDING); - if (r<0) { - crypto_log_errors(LOG_WARN, "generating RSA signature"); - return -1; - } - return r; -} - /** Check a siglen-byte long signature at <b>sig</b> against * <b>datalen</b> bytes of data at <b>data</b>, using the public key * in <b>env</b>. Return 0 if <b>sig</b> is a correct signature for * SHA1(data). Else return -1. */ -int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char *data, int datalen, const unsigned char *sig, int siglen) +int +crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char *data, + int datalen, const unsigned char *sig, int siglen) { char digest[DIGEST_LEN]; char buf[PK_BYTES+1]; @@ -689,11 +675,11 @@ int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char * tor_assert(data); tor_assert(sig); - if (crypto_digest(data,datalen,digest)<0) { + if (crypto_digest(digest,data,datalen)<0) { log_fn(LOG_WARN, "couldn't compute digest"); return -1; } - r = crypto_pk_public_checksig(env,sig,siglen,buf); + r = crypto_pk_public_checksig(env,buf,sig,siglen); if (r != DIGEST_LEN) { log_fn(LOG_WARN, "Invalid signature"); return -1; @@ -706,17 +692,44 @@ int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char * return 0; } +/** Sign <b>fromlen</b> bytes of data from <b>from</b> with the private key in + * <b>env</b>, using PKCS1 padding. On success, write the signature to + * <b>to</b>, and return the number of bytes written. On failure, return + * -1. + */ +int +crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *to, + const unsigned char *from, int fromlen) +{ + int r; + tor_assert(env); + tor_assert(from); + tor_assert(to); + if (!env->key->p) + /* Not a private key */ + return -1; + + r = RSA_private_encrypt(fromlen, (unsigned char*)from, to, env->key, RSA_PKCS1_PADDING); + if (r<0) { + crypto_log_errors(LOG_WARN, "generating RSA signature"); + return -1; + } + return r; +} + /** Compute a SHA1 digest of <b>fromlen</b> bytes of data stored at * <b>from</b>; sign the data with the private key in <b>env</b>, and * store it in <b>to</b>. Return the number of bytes written on * success, and -1 on failure. */ -int crypto_pk_private_sign_digest(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to) +int +crypto_pk_private_sign_digest(crypto_pk_env_t *env, unsigned char *to, + const unsigned char *from, int fromlen) { char digest[DIGEST_LEN]; - if (crypto_digest(from,fromlen,digest)<0) + if (crypto_digest(digest,from,fromlen)<0) return -1; - return crypto_pk_private_sign(env,digest,DIGEST_LEN,to); + return crypto_pk_private_sign(env,to,digest,DIGEST_LEN); } @@ -738,8 +751,9 @@ int crypto_pk_private_sign_digest(crypto_pk_env_t *env, const unsigned char *fro * the source data encrypted in AES-CTR mode with the symmetric key. */ int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, + unsigned char *to, const unsigned char *from, - int fromlen, unsigned char *to, + int fromlen, int padding, int force) { int overhead, pkeylen, outlen, r, symlen; @@ -758,7 +772,7 @@ int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, if (!force && fromlen+overhead <= pkeylen) { /* It all fits in a single encrypt. */ - return crypto_pk_public_encrypt(env,from,fromlen,to,padding); + return crypto_pk_public_encrypt(env,to,from,fromlen,padding); } cipher = crypto_new_cipher_env(); if (!cipher) return -1; @@ -780,13 +794,12 @@ int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, /* Length of symmetrically encrypted data. */ symlen = fromlen-(pkeylen-overhead-CIPHER_KEY_LEN); - outlen = crypto_pk_public_encrypt(env,buf,pkeylen-overhead,to,padding); + outlen = crypto_pk_public_encrypt(env,to,buf,pkeylen-overhead,padding); if (outlen!=pkeylen) { goto err; } - r = crypto_cipher_encrypt(cipher, - from+pkeylen-overhead-CIPHER_KEY_LEN, symlen, - to+outlen); + r = crypto_cipher_encrypt(cipher, to+outlen, + from+pkeylen-overhead-CIPHER_KEY_LEN, symlen); if (r<0) goto err; memset(buf, 0, sizeof(buf)); @@ -800,8 +813,9 @@ int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, /** Invert crypto_pk_public_hybrid_encrypt. */ int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, + unsigned char *to, const unsigned char *from, - int fromlen, unsigned char *to, + int fromlen, int padding, int warnOnFailure) { int overhead, pkeylen, outlen, r; @@ -812,9 +826,9 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, pkeylen = crypto_pk_keysize(env); if (fromlen <= pkeylen) { - return crypto_pk_private_decrypt(env,from,fromlen,to,padding,warnOnFailure); + return crypto_pk_private_decrypt(env,to,from,fromlen,padding,warnOnFailure); } - outlen = crypto_pk_private_decrypt(env,from,pkeylen,buf,padding,warnOnFailure); + outlen = crypto_pk_private_decrypt(env,buf,from,pkeylen,padding,warnOnFailure); if (outlen<0) { log_fn(warnOnFailure?LOG_WARN:LOG_INFO, "Error decrypting public-key data"); return -1; @@ -829,8 +843,7 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, } memcpy(to,buf+CIPHER_KEY_LEN,outlen-CIPHER_KEY_LEN); outlen -= CIPHER_KEY_LEN; - r = crypto_cipher_decrypt(cipher, from+pkeylen, fromlen-pkeylen, - to+outlen); + r = crypto_cipher_decrypt(cipher, to+outlen, from+pkeylen, fromlen-pkeylen); if (r<0) goto err; memset(buf,0,sizeof(buf)); @@ -912,7 +925,7 @@ int crypto_pk_get_digest(crypto_pk_env_t *pk, char *digest_out) free(buf); return -1; } - if (crypto_digest(buf, len, digest_out) < 0) { + if (crypto_digest(digest_out, buf, len) < 0) { free(buf); return -1; } @@ -975,7 +988,7 @@ int crypto_cipher_generate_key(crypto_cipher_env_t *env) { tor_assert(env); - return crypto_rand(CIPHER_KEY_LEN, env->key); + return crypto_rand(env->key, CIPHER_KEY_LEN); } /** Set the symmetric key for the cipher in <b>env</b> to the first @@ -1028,7 +1041,9 @@ int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env) * <b>env</b>; on success, store the result to <b>to</b> and return 0. * On failure, return -1. */ -int crypto_cipher_encrypt(crypto_cipher_env_t *env, const unsigned char *from, unsigned int fromlen, unsigned char *to) +int +crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *to, + const unsigned char *from, unsigned int fromlen) { tor_assert(env); tor_assert(env->cipher); @@ -1044,7 +1059,9 @@ int crypto_cipher_encrypt(crypto_cipher_env_t *env, const unsigned char *from, u * <b>env</b>; on success, store the result to <b>to</b> and return 0. * On failure, return -1. */ -int crypto_cipher_decrypt(crypto_cipher_env_t *env, const unsigned char *from, unsigned int fromlen, unsigned char *to) +int +crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *to, + const unsigned char *from, unsigned int fromlen) { tor_assert(env); tor_assert(from); @@ -1079,7 +1096,7 @@ crypto_cipher_advance(crypto_cipher_env_t *env, long delta) * <b>m</b>. Write the DIGEST_LEN byte result into <b>digest</b>. * Return 0 on suuccess, -1 on failure. */ -int crypto_digest(const unsigned char *m, int len, unsigned char *digest) +int crypto_digest(unsigned char *digest, const unsigned char *m, int len) { tor_assert(m); tor_assert(digest); @@ -1300,7 +1317,7 @@ int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey, size_t pubkey_len) /** Given a DH key exchange object, and our peer's value of g^y (as a * <b>pubkey_len</b>-byte value in <b>pubkey</b>) generate * <b>secret_bytes_out</b> bytes of shared key material and write them - * to <b>secret_out</b>. Return the number of bytes generated on suuccess, + * to <b>secret_out</b>. Return the number of bytes generated on success, * or -1 on failure. * * (We generate key material by computing @@ -1332,7 +1349,7 @@ int crypto_dh_compute_secret(crypto_dh_env_t *dh, /* sometimes secret_len might be less than 128, e.g., 127. that's ok. */ for (i = 0; i < secret_bytes_out; i += DIGEST_LEN) { secret_tmp[secret_len] = (unsigned char) i/DIGEST_LEN; - if (crypto_digest(secret_tmp, secret_len+1, hash)) + if (crypto_digest(hash, secret_tmp, secret_len+1)) goto error; memcpy(secret_out+i, hash, MIN(DIGEST_LEN, secret_bytes_out-i)); } @@ -1428,7 +1445,7 @@ int crypto_seed_rng(void) /** Write n bytes of strong random data to <b>to</b>. Return 0 on * success, -1 on failure. */ -int crypto_rand(unsigned int n, unsigned char *to) +int crypto_rand(unsigned char *to, unsigned int n) { int r; tor_assert(to); @@ -1441,7 +1458,7 @@ int crypto_rand(unsigned int n, unsigned char *to) /** Write n bytes of pseudorandom data to <b>to</b>. Return 0 on * success, -1 on failure. */ -void crypto_pseudo_rand(unsigned int n, unsigned char *to) +void crypto_pseudo_rand(unsigned char *to, unsigned int n) { tor_assert(to); if (RAND_pseudo_bytes(to, n) == -1) { @@ -1465,7 +1482,7 @@ int crypto_pseudo_rand_int(unsigned int max) { */ cutoff = UINT_MAX - (UINT_MAX%max); while(1) { - crypto_pseudo_rand(sizeof(val), (unsigned char*) &val); + crypto_pseudo_rand((unsigned char*) &val, sizeof(val)); if (val < cutoff) return val % max; } @@ -1551,7 +1568,6 @@ base32_encode(char *dest, size_t destlen, const char *src, size_t srclen) dest[i] = '\0'; } - /* Local Variables: mode:c diff --git a/src/common/crypto.h b/src/common/crypto.h index c6df8f002..a969d744f 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -53,38 +53,46 @@ int crypto_global_cleanup(void); crypto_pk_env_t *crypto_new_pk_env(void); void crypto_free_pk_env(crypto_pk_env_t *env); +/* convenience function: wraps crypto_create_crypto_env, set_key, and init. */ +crypto_cipher_env_t *crypto_create_init_cipher(const char *key, int encrypt_mode); + crypto_cipher_env_t *crypto_new_cipher_env(void); void crypto_free_cipher_env(crypto_cipher_env_t *env); /* public key crypto */ int crypto_pk_generate_key(crypto_pk_env_t *env); +int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, const char *keyfile); int crypto_pk_write_public_key_to_string(crypto_pk_env_t *env, char **dest, size_t *len); int crypto_pk_read_public_key_from_string(crypto_pk_env_t *env, const char *src, size_t len); int crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env, const char *fname); -int crypto_pk_check_key(crypto_pk_env_t *env); -int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env, const char *keyfile); int crypto_pk_DER64_encode_public_key(crypto_pk_env_t *env, char **dest); crypto_pk_env_t *crypto_pk_DER64_decode_public_key(const char *in); - +int crypto_pk_check_key(crypto_pk_env_t *env); int crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b); -crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig); int crypto_pk_keysize(crypto_pk_env_t *env); +crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig); -int crypto_pk_public_encrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding); -int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding, int warnOnFailure); -int crypto_pk_private_sign(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to); -int crypto_pk_private_sign_digest(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to); -int crypto_pk_public_checksig(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to); -int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char *data, int datalen, const unsigned char *sig, int siglen); -int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, +int crypto_pk_public_encrypt(crypto_pk_env_t *env, unsigned char *to, + const unsigned char *from, int fromlen, int padding); +int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *to, + const unsigned char *from, int fromlen, + int padding, int warnOnFailure); +int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *to, + const unsigned char *from, int fromlen); +int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char *data, + int datalen, const unsigned char *sig, int siglen); +int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *to, + const unsigned char *from, int fromlen); +int crypto_pk_private_sign_digest(crypto_pk_env_t *env, unsigned char *to, + const unsigned char *from, int fromlen); +int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, unsigned char *to, const unsigned char *from, int fromlen, - unsigned char *to, int padding, int force); -int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, + int padding, int force); +int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, unsigned char *to, const unsigned char *from, int fromlen, - unsigned char *to,int padding, - int warnOnFailure); + int padding, int warnOnFailure); int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, int dest_len); crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, int len); @@ -92,43 +100,24 @@ int crypto_pk_get_digest(crypto_pk_env_t *pk, char *digest_out); int crypto_pk_get_fingerprint(crypto_pk_env_t *pk, char *fp_out,int add_space); int crypto_pk_check_fingerprint_syntax(const char *s); -int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen); -int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen); -#define BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567" -void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen); -void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen); -int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen); - -/* Key negotiation */ -crypto_dh_env_t *crypto_dh_new(void); -int crypto_dh_get_bytes(crypto_dh_env_t *dh); -int crypto_dh_generate_public(crypto_dh_env_t *dh); -int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out, - size_t pubkey_out_len); -int crypto_dh_compute_secret(crypto_dh_env_t *dh, - const char *pubkey, size_t pubkey_len, - char *secret_out, size_t secret_out_len); -void crypto_dh_free(crypto_dh_env_t *dh); - /* symmetric crypto */ int crypto_cipher_generate_key(crypto_cipher_env_t *env); int crypto_cipher_set_key(crypto_cipher_env_t *env, const unsigned char *key); +const unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env); int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env); int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env); -const unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env); -int crypto_cipher_encrypt(crypto_cipher_env_t *env, const unsigned char *from, unsigned int fromlen, unsigned char *to); -int crypto_cipher_decrypt(crypto_cipher_env_t *env, const unsigned char *from, unsigned int fromlen, unsigned char *to); +int crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *to, + const unsigned char *from, unsigned int fromlen); +int crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *to, + const unsigned char *from, unsigned int fromlen); /* only implemented for CRYPTO_CIPHER_AES_CTR */ int crypto_cipher_rewind(crypto_cipher_env_t *env, long delta); int crypto_cipher_advance(crypto_cipher_env_t *env, long delta); -/* convenience function: wraps crypto_create_crypto_env, set_key, and init. */ -crypto_cipher_env_t *crypto_create_init_cipher(const char *key, int encrypt_mode); - /* SHA-1 */ -int crypto_digest(const unsigned char *m, int len, unsigned char *digest); +int crypto_digest(unsigned char *digest, const unsigned char *m, int len); crypto_digest_env_t *crypto_new_digest_env(void); void crypto_free_digest_env(crypto_digest_env_t *digest); void crypto_digest_add_bytes(crypto_digest_env_t *digest, const char *data, @@ -139,12 +128,31 @@ crypto_digest_env_t *crypto_digest_dup(const crypto_digest_env_t *digest); void crypto_digest_assign(crypto_digest_env_t *into, const crypto_digest_env_t *from); +/* Key negotiation */ +crypto_dh_env_t *crypto_dh_new(void); +int crypto_dh_get_bytes(crypto_dh_env_t *dh); +int crypto_dh_generate_public(crypto_dh_env_t *dh); +int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out, + size_t pubkey_out_len); +int crypto_dh_compute_secret(crypto_dh_env_t *dh, + const char *pubkey, size_t pubkey_len, + char *secret_out, size_t secret_out_len); +void crypto_dh_free(crypto_dh_env_t *dh); + /* random numbers */ int crypto_seed_rng(void); -int crypto_rand(unsigned int n, unsigned char *to); -void crypto_pseudo_rand(unsigned int n, unsigned char *to); +int crypto_rand(unsigned char *to, unsigned int n); +void crypto_pseudo_rand(unsigned char *to, unsigned int n); int crypto_pseudo_rand_int(unsigned int max); +struct smartlist_t; +void *smartlist_choose(const struct smartlist_t *sl); + +int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen); +int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen); +#define BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567" +void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen); + #endif /* diff --git a/src/common/util.c b/src/common/util.c index 243c5393b..60496d394 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -367,6 +367,7 @@ tor_parse_long(const char *s, int base, long min, long max, return 0; } +#if 0 unsigned long tor_parse_ulong(const char *s, int base, unsigned long min, unsigned long max, int *ok, char **next) @@ -393,6 +394,7 @@ tor_parse_ulong(const char *s, int base, unsigned long min, if (next) *next = endptr; return 0; } +#endif void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen) { @@ -873,7 +875,9 @@ char *read_file_to_str(const char *filename, int bin) { * that is whitespace or comment. * Return 1 if success, 0 if no more lines, -1 if error. */ -int parse_line_from_file(char *line, size_t maxlen, FILE *f, char **key_out, char **value_out) { +int +parse_line_from_file(char *line, size_t maxlen, FILE *f, + char **key_out, char **value_out) { char *s, *key, *end, *value; try_next_line: diff --git a/src/common/util.h b/src/common/util.h index 2c47a46cc..0fa51532d 100644 --- a/src/common/util.h +++ b/src/common/util.h @@ -67,6 +67,8 @@ const char *eat_whitespace(const char *s); const char *eat_whitespace_no_nl(const char *s); const char *find_whitespace(const char *s); +void base16_encode(char *dest, size_t destlen, const char *src, size_t srclen); +int base16_decode(char *dest, size_t destlen, const char *src, size_t srclen); /* Time helpers */ long tv_udiff(struct timeval *start, struct timeval *end); diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 56b2167d0..0889612e6 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -651,7 +651,7 @@ dirserv_dump_directory_to_string(char *s, size_t maxlen, log_fn(LOG_WARN,"couldn't compute digest"); return -1; } - if (crypto_pk_private_sign(private_key, digest, 20, signature) < 0) { + if (crypto_pk_private_sign(private_key, signature, digest, 20) < 0) { log_fn(LOG_WARN,"couldn't sign digest"); return -1; } @@ -840,7 +840,7 @@ static int generate_runningrouters(crypto_pk_env_t *private_key) log_fn(LOG_WARN,"couldn't compute digest"); goto err; } - if (crypto_pk_private_sign(private_key, digest, 20, signature) < 0) { + if (crypto_pk_private_sign(private_key, signature, digest, 20) < 0) { log_fn(LOG_WARN,"couldn't sign digest"); goto err; } diff --git a/src/or/onion.c b/src/or/onion.c index ada1749bf..c5431e0fd 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -164,9 +164,9 @@ onion_skin_create(crypto_pk_env_t *dest_router_key, #endif /* set meeting point, meeting cookie, etc here. Leave zero for now. */ - if (crypto_pk_public_hybrid_encrypt(dest_router_key, challenge, - DH_KEY_LEN, - onion_skin_out, PK_PKCS1_OAEP_PADDING, 1)<0) + if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out, + challenge, DH_KEY_LEN, + PK_PKCS1_OAEP_PADDING, 1)<0) goto err; tor_free(challenge); @@ -204,9 +204,9 @@ onion_skin_server_handshake(char *onion_skin, /* ONIONSKIN_CHALLENGE_LEN bytes * k = i==0?private_key:prev_private_key; if (!k) break; - len = crypto_pk_private_hybrid_decrypt(k, + len = crypto_pk_private_hybrid_decrypt(k, challenge, onion_skin, ONIONSKIN_CHALLENGE_LEN, - challenge, PK_PKCS1_OAEP_PADDING,0); + PK_PKCS1_OAEP_PADDING,0); if (len>0) break; } diff --git a/src/or/relay.c b/src/or/relay.c index f00d76525..19fd30e8d 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -113,8 +113,8 @@ static int relay_crypt_one_payload(crypto_cipher_env_t *cipher, char *in, relay_header_unpack(&rh, in); // log_fn(LOG_DEBUG,"before crypt: %d",rh.recognized); - if(( encrypt_mode && crypto_cipher_encrypt(cipher, in, CELL_PAYLOAD_SIZE, out)) || - (!encrypt_mode && crypto_cipher_decrypt(cipher, in, CELL_PAYLOAD_SIZE, out))) { + if(( encrypt_mode && crypto_cipher_encrypt(cipher, out, in, CELL_PAYLOAD_SIZE)) || + (!encrypt_mode && crypto_cipher_decrypt(cipher, out, in, CELL_PAYLOAD_SIZE))) { log_fn(LOG_WARN,"Error during relay encryption"); return -1; } diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 553506a5a..cd4c346de 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -31,7 +31,7 @@ rend_client_send_establish_rendezvous(circuit_t *circ) tor_assert(circ->purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND); log_fn(LOG_INFO, "Sending an ESTABLISH_RENDEZVOUS cell"); - if (crypto_rand(REND_COOKIE_LEN, circ->rend_cookie)<0) { + if (crypto_rand(circ->rend_cookie, REND_COOKIE_LEN) < 0) { log_fn(LOG_WARN, "Couldn't get random cookie"); circuit_mark_for_close(circ); return -1; @@ -113,13 +113,12 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) { /*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg, * to avoid buffer overflows? */ - r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, tmp, + r = crypto_pk_public_hybrid_encrypt(entry->parsed->pk, payload+DIGEST_LEN, tmp, #if 0 1+MAX_HEX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN, #else MAX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN, #endif - payload+DIGEST_LEN, PK_PKCS1_OAEP_PADDING, 0); if (r<0) { log_fn(LOG_WARN,"hybrid pk encrypt failed."); diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index 1db2aa55f..b219ee2fa 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -71,7 +71,7 @@ rend_encode_service_descriptor(rend_service_descriptor_t *desc, strlcpy(cp, ipoint, *len_out-(cp-*str_out)); cp += strlen(ipoint)+1; } - i = crypto_pk_private_sign_digest(key, *str_out, cp-*str_out, cp); + i = crypto_pk_private_sign_digest(key, cp, *str_out, cp-*str_out); if (i<0) { tor_free(*str_out); return -1; diff --git a/src/or/rendmid.c b/src/or/rendmid.c index e5a342c08..4b885ae90 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -47,7 +47,7 @@ rend_mid_establish_intro(circuit_t *circ, const char *request, size_t request_le /* Next 20 bytes: Hash of handshake_digest | "INTRODUCE" */ memcpy(buf, circ->handshake_digest, DIGEST_LEN); memcpy(buf+DIGEST_LEN, "INTRODUCE", 9); - if (crypto_digest(buf, DIGEST_LEN+9, expected_digest)<0) { + if (crypto_digest(expected_digest, buf, DIGEST_LEN+9) < 0) { log_fn(LOG_WARN, "Error computing digest"); goto err; } diff --git a/src/or/rendservice.c b/src/or/rendservice.c index b1c4717d8..b056679d6 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -394,7 +394,7 @@ rend_service_introduce(circuit_t *circuit, const char *request, size_t request_l } /* Next N bytes is encrypted with service key */ r = crypto_pk_private_hybrid_decrypt( - service->private_key,request+DIGEST_LEN,request_len-DIGEST_LEN,buf, + service->private_key,buf,request+DIGEST_LEN,request_len-DIGEST_LEN, PK_PKCS1_OAEP_PADDING,1); if (r<0) { log_fn(LOG_WARN, "Couldn't decrypt INTRODUCE2 cell"); @@ -592,10 +592,10 @@ rend_service_intro_has_opened(circuit_t *circuit) len += 2; memcpy(auth, circuit->cpath->prev->handshake_digest, DIGEST_LEN); memcpy(auth+DIGEST_LEN, "INTRODUCE", 9); - if (crypto_digest(auth, DIGEST_LEN+9, buf+len)) + if (crypto_digest(buf+len, auth, DIGEST_LEN+9)) goto err; len += 20; - r = crypto_pk_private_sign_digest(service->private_key, buf, len, buf+len); + r = crypto_pk_private_sign_digest(service->private_key, buf+len, buf, len); if (r<0) { log_fn(LOG_WARN, "Couldn't sign introduction request"); goto err; diff --git a/src/or/router.c b/src/or/router.c index 3dc145bd9..8b1ba1763 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -747,7 +747,7 @@ int router_dump_router_to_string(char *s, size_t maxlen, routerinfo_t *router, if (router_get_router_hash(s, digest) < 0) return -1; - if (crypto_pk_private_sign(ident_key, digest, 20, signature) < 0) { + if (crypto_pk_private_sign(ident_key, signature, digest, 20) < 0) { log_fn(LOG_WARN, "Error signing digest"); return -1; } diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 9a792292f..aaed57349 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -654,7 +654,7 @@ static int check_directory_signature(const char *digest, tor_assert(_pkey); - if (crypto_pk_public_checksig(_pkey, tok->object_body, 128, signed_digest) + if (crypto_pk_public_checksig(_pkey, signed_digest, tok->object_body, 128) != 20) { log_fn(LOG_WARN, "Error reading directory: invalid signature."); return -1; @@ -903,8 +903,8 @@ routerinfo_t *router_parse_entry_from_string(const char *s, log_fn(LOG_WARN, "Bad object type or length on router signature"); goto err; } - if ((t=crypto_pk_public_checksig(router->identity_pkey, tok->object_body, - 128, signed_digest)) != 20) { + if ((t=crypto_pk_public_checksig(router->identity_pkey, signed_digest, + tok->object_body, 128)) != 20) { log_fn(LOG_WARN, "Invalid signature %d",t); goto err; } if (memcmp(digest, signed_digest, 20)) { @@ -1377,7 +1377,7 @@ static int router_get_hash_impl(const char *s, char *digest, } ++end; - if (crypto_digest(start, end-start, digest)) { + if (crypto_digest(digest, start, end-start)) { log_fn(LOG_WARN,"couldn't compute digest"); return -1; } diff --git a/src/or/test.c b/src/or/test.c index 45521b4fc..22397775e 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -274,8 +274,8 @@ test_crypto(void) /* Try out RNG. */ test_assert(! crypto_seed_rng()); - crypto_rand(100, data1); - crypto_rand(100, data2); + crypto_rand(data1, 100); + crypto_rand(data2, 100); test_memneq(data1,data2,100); #if 0 @@ -287,7 +287,7 @@ test_crypto(void) for(i = 0; i < 1024; ++i) { data1[i] = (char) i*73; } - crypto_cipher_encrypt(env1, data1, 1024, data2); + crypto_cipher_encrypt(env1, data2, data1, 1024); test_memeq(data1, data2, 1024); crypto_free_cipher_env(env1); #endif @@ -309,25 +309,25 @@ test_crypto(void) crypto_cipher_decrypt_init_cipher(env2); /* Try encrypting 512 chars. */ - crypto_cipher_encrypt(env1, data1, 512, data2); - crypto_cipher_decrypt(env2, data2, 512, data3); + crypto_cipher_encrypt(env1, data2, data1, 512); + crypto_cipher_decrypt(env2, data3, data2, 512); test_memeq(data1, data3, 512); test_memneq(data1, data2, 512); /* Now encrypt 1 at a time, and get 1 at a time. */ for (j = 512; j < 560; ++j) { - crypto_cipher_encrypt(env1, data1+j, 1, data2+j); + crypto_cipher_encrypt(env1, data2+j, data1+j, 1); } for (j = 512; j < 560; ++j) { - crypto_cipher_decrypt(env2, data2+j, 1, data3+j); + crypto_cipher_decrypt(env2, data3+j, data2+j, 1); } test_memeq(data1, data3, 560); /* Now encrypt 3 at a time, and get 5 at a time. */ for (j = 560; j < 1024-5; j += 3) { - crypto_cipher_encrypt(env1, data1+j, 3, data2+j); + crypto_cipher_encrypt(env1, data2+j, data1+j, 3); } for (j = 560; j < 1024-5; j += 5) { - crypto_cipher_decrypt(env2, data2+j, 5, data3+j); + crypto_cipher_decrypt(env2, data3+j, data2+j, 5); } test_memeq(data1, data3, 1024-5); /* Now make sure that when we encrypt with different chunk sizes, we get @@ -340,7 +340,7 @@ test_crypto(void) crypto_cipher_set_key(env2, crypto_cipher_get_key(env1)); crypto_cipher_encrypt_init_cipher(env2); for (j = 0; j < 1024-16; j += 17) { - crypto_cipher_encrypt(env2, data1+j, 17, data3+j); + crypto_cipher_encrypt(env2, data3+j, data1+j, 17); } for (j= 0; j < 1024-16; ++j) { if (data2[j] != data3[j]) { @@ -355,7 +355,7 @@ test_crypto(void) /* XXXX Look up some test vectors for the ciphers and make sure we match. */ /* Test SHA-1 with a test vector from the specification. */ - i = crypto_digest("abc", 3, data1); + i = crypto_digest(data1, "abc", 3); test_memeq(data1, "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78" "\x50\xC2\x6C\x9C\xD0\xD8\x9D", 20); @@ -386,25 +386,25 @@ test_crypto(void) test_eq(128, crypto_pk_keysize(pk1)); test_eq(128, crypto_pk_keysize(pk2)); - test_eq(128, crypto_pk_public_encrypt(pk2, "Hello whirled.", 15, data1, + test_eq(128, crypto_pk_public_encrypt(pk2, data1, "Hello whirled.", 15, PK_PKCS1_OAEP_PADDING)); - test_eq(128, crypto_pk_public_encrypt(pk1, "Hello whirled.", 15, data2, + test_eq(128, crypto_pk_public_encrypt(pk1, data2, "Hello whirled.", 15, PK_PKCS1_OAEP_PADDING)); /* oaep padding should make encryption not match */ test_memneq(data1, data2, 128); - test_eq(15, crypto_pk_private_decrypt(pk1, data1, 128, data3, + test_eq(15, crypto_pk_private_decrypt(pk1, data3, data1, 128, PK_PKCS1_OAEP_PADDING,1)); test_streq(data3, "Hello whirled."); memset(data3, 0, 1024); - test_eq(15, crypto_pk_private_decrypt(pk1, data2, 128, data3, + test_eq(15, crypto_pk_private_decrypt(pk1, data3, data2, 128, PK_PKCS1_OAEP_PADDING,1)); test_streq(data3, "Hello whirled."); /* Can't decrypt with public key. */ - test_eq(-1, crypto_pk_private_decrypt(pk2, data2, 128, data3, + test_eq(-1, crypto_pk_private_decrypt(pk2, data3, data2, 128, PK_PKCS1_OAEP_PADDING,1)); /* Try again with bad padding */ memcpy(data2+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */ - test_eq(-1, crypto_pk_private_decrypt(pk1, data2, 128, data3, + test_eq(-1, crypto_pk_private_decrypt(pk1, data3, data2, 128, PK_PKCS1_OAEP_PADDING,1)); /* File operations: save and load private key */ @@ -413,17 +413,17 @@ test_crypto(void) test_assert(! crypto_pk_read_private_key_from_filename(pk2, get_fname("pkey1"))); - test_eq(15, crypto_pk_private_decrypt(pk2, data1, 128, data3, + test_eq(15, crypto_pk_private_decrypt(pk2, data3, data1, 128, PK_PKCS1_OAEP_PADDING,1)); /* Now try signing. */ strcpy(data1, "Ossifrage"); - test_eq(128, crypto_pk_private_sign(pk1, data1, 10, data2)); - test_eq(10, crypto_pk_public_checksig(pk1, data2, 128, data3)); + test_eq(128, crypto_pk_private_sign(pk1, data2, data1, 10)); + test_eq(10, crypto_pk_public_checksig(pk1, data3, data2, 128)); test_streq(data3, "Ossifrage"); /* Try signing digests. */ - test_eq(128, crypto_pk_private_sign_digest(pk1, data1, 10, data2)); - test_eq(20, crypto_pk_public_checksig(pk1, data2, 128, data3)); + test_eq(128, crypto_pk_private_sign_digest(pk1, data2, data1, 10)); + test_eq(20, crypto_pk_public_checksig(pk1, data3, data2, 128)); test_eq(0, crypto_pk_public_checksig_digest(pk1, data1, 10, data2, 128)); test_eq(-1, crypto_pk_public_checksig_digest(pk1, data1, 11, data2, 128)); /*XXXX test failed signing*/ @@ -437,7 +437,7 @@ test_crypto(void) test_assert(crypto_pk_cmp_keys(pk1,pk2) == 0); /* Try with hybrid encryption wrappers. */ - crypto_rand(1024, data1); + crypto_rand(data1, 1024); for (i = 0; i < 3; ++i) { for (j = 85; j < 140; ++j) { memset(data2,0,1024); @@ -446,9 +446,9 @@ test_crypto(void) continue; p = (i==0)?PK_NO_PADDING: (i==1)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING; - len = crypto_pk_public_hybrid_encrypt(pk1,data1,j,data2,p,0); + len = crypto_pk_public_hybrid_encrypt(pk1,data2,data1,j,p,0); test_assert(len>=0); - len = crypto_pk_private_hybrid_decrypt(pk1,data2,len,data3,p,1); + len = crypto_pk_private_hybrid_decrypt(pk1,data3,data2,len,p,1); test_eq(len,j); test_memeq(data1,data3,j); } |