tor/src/lib/crypt_ops/crypto_ope.h

/* Copyright (c) 2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */

#ifndef CRYPTO_OPE_H
#define CRYPTO_OPE_H

#include "orconfig.h"
#include "lib/cc/torint.h"
#include "lib/crypt_ops/crypto_ope.h"
#include "lib/testsupport/testsupport.h"

/** Length of OPE key, in bytes. */
#define OPE_KEY_LEN 32

/** Largest value that can be passed to crypto_ope_encrypt().
 *
 *  Expressed as 2^18 because the OPE system prefers powers of two.
 *
 *  The current max value stands for about 70 hours. The rationale here is as
 *  follows: The rev counter is the time of seconds since the start of an SRV
 *  period. SRVs are useful for about 48 hours (that's how long they stick
 *  around on the consensus). Let's also add 12 hours of drift for clock skewed
 *  services that might be using an old consensus and we arrive to 60
 *  hours. The max value should be beyond that.
 */
#define OPE_INPUT_MAX (1<<18)

#define CRYPTO_OPE_ERROR UINT64_MAX

typedef struct crypto_ope_t crypto_ope_t;

crypto_ope_t *crypto_ope_new(const uint8_t *key);
void crypto_ope_free_(crypto_ope_t *ope);
#define crypto_ope_free(ope) \
  FREE_AND_NULL(crypto_ope_t, crypto_ope_free_, (ope))

uint64_t crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext);

#ifdef CRYPTO_OPE_PRIVATE
struct aes_cnt_cipher;
STATIC struct aes_cnt_cipher *ope_get_cipher(const crypto_ope_t *ope,
                                              uint32_t initial_idx);
STATIC uint64_t sum_values_from_cipher(struct aes_cnt_cipher *c, size_t n);
#endif

#endif
Implementation for a simple order-preserving encryption scheme. This is meant for use when encrypting the current time within the period in order to get a monotonically increasing revision counter without actually revealing our view of the time. This scheme is far from the most state-of-the-art: don't use it for anything else without careful analysis by somebody much smarter than I am. See ticket #25552 for some rationale for this logic. 2018-05-10 14:46:36 +02:00			`/* Copyright (c) 2018, The Tor Project, Inc. */`
			`/* See LICENSE for licensing information */`

			`#ifndef CRYPTO_OPE_H`
			`#define CRYPTO_OPE_H`

			`#include "orconfig.h"`
Merge branch 'bug25552_ope_squashed' 2018-07-17 22:19:32 +02:00			`#include "lib/cc/torint.h"`
			`#include "lib/crypt_ops/crypto_ope.h"`
			`#include "lib/testsupport/testsupport.h"`
Implementation for a simple order-preserving encryption scheme. This is meant for use when encrypting the current time within the period in order to get a monotonically increasing revision counter without actually revealing our view of the time. This scheme is far from the most state-of-the-art: don't use it for anything else without careful analysis by somebody much smarter than I am. See ticket #25552 for some rationale for this logic. 2018-05-10 14:46:36 +02:00
			`/** Length of OPE key, in bytes. */`
			`#define OPE_KEY_LEN 32`

Increase OPE_INPUT_MAX. 2018-06-14 14:23:09 +02:00			`/** Largest value that can be passed to crypto_ope_encrypt().`
			`*`
			`* Expressed as 2^18 because the OPE system prefers powers of two.`
			`*`
			`* The current max value stands for about 70 hours. The rationale here is as`
			`* follows: The rev counter is the time of seconds since the start of an SRV`
			`* period. SRVs are useful for about 48 hours (that's how long they stick`
			`* around on the consensus). Let's also add 12 hours of drift for clock skewed`
			`* services that might be using an old consensus and we arrive to 60`
			`* hours. The max value should be beyond that.`
			`*/`
			`#define OPE_INPUT_MAX (1<<18)`
Implementation for a simple order-preserving encryption scheme. This is meant for use when encrypting the current time within the period in order to get a monotonically increasing revision counter without actually revealing our view of the time. This scheme is far from the most state-of-the-art: don't use it for anything else without careful analysis by somebody much smarter than I am. See ticket #25552 for some rationale for this logic. 2018-05-10 14:46:36 +02:00
Make the OPE scheme return CRYPTO_OPE_ERROR on error. Instead of UINT64_MAX. 2018-07-10 19:10:22 +02:00			`#define CRYPTO_OPE_ERROR UINT64_MAX`

Merge branch 'bug25552_ope_squashed' 2018-07-17 22:19:32 +02:00			`typedef struct crypto_ope_t crypto_ope_t;`
Implementation for a simple order-preserving encryption scheme. This is meant for use when encrypting the current time within the period in order to get a monotonically increasing revision counter without actually revealing our view of the time. This scheme is far from the most state-of-the-art: don't use it for anything else without careful analysis by somebody much smarter than I am. See ticket #25552 for some rationale for this logic. 2018-05-10 14:46:36 +02:00
			`crypto_ope_t crypto_ope_new(const uint8_t key);`
			`void crypto_ope_free_(crypto_ope_t *ope);`
			`#define crypto_ope_free(ope) \`
			`FREE_AND_NULL(crypto_ope_t, crypto_ope_free_, (ope))`

			`uint64_t crypto_ope_encrypt(const crypto_ope_t *ope, int plaintext);`

			`#ifdef CRYPTO_OPE_PRIVATE`
Merge branch 'bug25552_ope_squashed' 2018-07-17 22:19:32 +02:00			`struct aes_cnt_cipher;`
			`STATIC struct aes_cnt_cipher ope_get_cipher(const crypto_ope_t ope,`
			`uint32_t initial_idx);`
			`STATIC uint64_t sum_values_from_cipher(struct aes_cnt_cipher *c, size_t n);`
Implementation for a simple order-preserving encryption scheme. This is meant for use when encrypting the current time within the period in order to get a monotonically increasing revision counter without actually revealing our view of the time. This scheme is far from the most state-of-the-art: don't use it for anything else without careful analysis by somebody much smarter than I am. See ticket #25552 for some rationale for this logic. 2018-05-10 14:46:36 +02:00			`#endif`

			`#endif`