aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/common/crypto.c59
-rw-r--r--src/common/crypto.h20
-rw-r--r--src/or/connection_or.c12
-rw-r--r--src/or/test.c4
4 files changed, 55 insertions, 40 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 06e66857e..5474d4f63 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -40,6 +40,24 @@
#define RETURN_SSL_OUTCOME(exp) return !(exp)
#endif
+struct crypto_pk_env_t
+{
+ int type;
+ int refs; /* reference counting; so we don't have to copy keys */
+ unsigned char *key;
+ /* auxiliary data structure(s) used by the underlying crypto library */
+ unsigned char *aux;
+};
+
+struct crypto_cipher_env_t
+{
+ int type;
+ unsigned char *key;
+ unsigned char *iv;
+ /* auxiliary data structure(s) used by the underlying crypto library */
+ unsigned char *aux;
+};
+
/* static INLINE const EVP_CIPHER *
crypto_cipher_evp_cipher(int type, int enc);
*/
@@ -102,31 +120,37 @@ int crypto_global_cleanup()
return 0;
}
-crypto_pk_env_t *crypto_new_pk_env(int type)
+crypto_pk_env_t *_crypto_new_pk_env_rsa(RSA *rsa)
{
crypto_pk_env_t *env;
-
+ assert(rsa);
env = (crypto_pk_env_t *)tor_malloc(sizeof(crypto_pk_env_t));
-
- env->type = type;
+ env->type = CRYPTO_PK_RSA;
env->refs = 1;
- env->key = NULL;
+ env->key = (unsigned char*)rsa;
env->aux = NULL;
-
+ return env;
+}
+
+RSA *_crypto_pk_env_get_rsa(crypto_pk_env_t *env)
+{
+ if (env->type != CRYPTO_PK_RSA)
+ return NULL;
+ return (RSA*)env->key;
+}
+
+crypto_pk_env_t *crypto_new_pk_env(int type)
+{
+ RSA *rsa;
+
switch(type) {
case CRYPTO_PK_RSA:
- env->key = (unsigned char *)RSA_new();
- if (!env->key) {
- free(env);
- return NULL;
- }
- break;
+ rsa = RSA_new();
+ if (!rsa) return NULL;
+ return _crypto_new_pk_env_rsa(rsa);
default:
- free(env);
return NULL;
}
-
- return env;
}
void crypto_free_pk_env(crypto_pk_env_t *env)
@@ -617,6 +641,11 @@ int crypto_cipher_set_key(crypto_cipher_env_t *env, unsigned char *key)
return 0;
}
+unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env)
+{
+ return env->key;
+}
+
int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env)
{
assert(env);
diff --git a/src/common/crypto.h b/src/common/crypto.h
index 051251329..f723e7195 100644
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@@ -18,23 +18,8 @@
#define CRYPTO_PK_RSA 0
-typedef struct
-{
- int type;
- int refs; /* reference counting; so we don't have to copy keys */
- unsigned char *key;
- /* auxiliary data structure(s) used by the underlying crypto library */
- unsigned char *aux;
-} crypto_pk_env_t;
-
-typedef struct
-{
- int type;
- unsigned char *key;
- unsigned char *iv;
- /* auxiliary data structure(s) used by the underlying crypto library */
- unsigned char *aux;
-} crypto_cipher_env_t;
+typedef struct crypto_pk_env_t crypto_pk_env_t;
+typedef struct crypto_cipher_env_t crypto_cipher_env_t;
/* global state */
int crypto_global_init();
@@ -94,6 +79,7 @@ int crypto_cipher_set_iv(crypto_cipher_env_t *env, unsigned char *iv);
int crypto_cipher_set_key(crypto_cipher_env_t *env, unsigned char *key);
int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env);
int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env);
+unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env);
int crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
int crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index f70a78a3c..6250eba9a 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -249,9 +249,9 @@ or_handshake_op_send_keys(connection_t *conn) {
/* compose the message */
*(uint16_t *)(message) = htons(HANDSHAKE_AS_OP);
memcpy((void *)(message+FLAGS_LEN),
- (void *)conn->f_crypto->key, 16);
+ (void *)crypto_cipher_get_key(conn->f_crypto), 16);
memcpy((void *)(message+FLAGS_LEN+KEY_LEN),
- (void *)conn->b_crypto->key, 16);
+ (void *)crypto_cipher_get_key(conn->b_crypto), 16);
/* encrypt with RSA */
if(crypto_pk_public_encrypt(conn->pkey, message, sizeof(message), cipher, RSA_PKCS1_PADDING) < 0) {
@@ -322,9 +322,9 @@ or_handshake_client_send_auth(connection_t *conn) {
*(uint32_t*)(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN) = htonl(conn->addr); /* remote address */
*(uint16_t*)(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN+ADDR_LEN) = htons(conn->port); /* remote port */
memcpy(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN+ADDR_LEN+PORT_LEN,
- conn->f_crypto->key,16); /* keys */
+ crypto_cipher_get_key(conn->f_crypto),16); /* keys */
memcpy(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN+ADDR_LEN+PORT_LEN+KEY_LEN,
- conn->b_crypto->key,16);
+ crypto_cipher_get_key(conn->b_crypto),16);
log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated first authentication message.");
/* encrypt message */
@@ -406,8 +406,8 @@ or_handshake_client_process_auth(connection_t *conn) {
log(LOG_ERR,"client_process_auth: Router %s:%u: bad address info.", conn->address,conn->port);
return -1;
}
- if ( (memcmp(conn->f_crypto->key, buf+12, 16)) || /* keys */
- (memcmp(conn->b_crypto->key, buf+28, 16)) ) {
+ if ( (memcmp(crypto_cipher_get_key(conn->f_crypto), buf+12, 16)) ||/* keys */
+ (memcmp(crypto_cipher_get_key(conn->b_crypto), buf+28, 16)) ) {
log(LOG_ERR,"client_process_auth: Router %s:%u: bad key info.",conn->address,conn->port);
return -1;
}
diff --git a/src/or/test.c b/src/or/test.c
index da982cd0b..e8a9c18d1 100644
--- a/src/or/test.c
+++ b/src/or/test.c
@@ -269,7 +269,7 @@ test_crypto()
test_neq(env2, 0);
j = crypto_cipher_generate_key(env1);
if (str_ciphers[i] != CRYPTO_CIPHER_IDENTITY) {
- crypto_cipher_set_key(env2, env1->key);
+ crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
}
crypto_cipher_set_iv(env1, "12345678901234567890");
crypto_cipher_set_iv(env2, "12345678901234567890");
@@ -309,7 +309,7 @@ test_crypto()
env2 = crypto_new_cipher_env(str_ciphers[i]);
test_neq(env2, 0);
if (str_ciphers[i] != CRYPTO_CIPHER_IDENTITY) {
- crypto_cipher_set_key(env2, env1->key);
+ crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
}
crypto_cipher_set_iv(env2, "12345678901234567890");
crypto_cipher_encrypt_init_cipher(env2);