2018-07-11 19:44:35 +02:00
|
|
|
/* Copyright (c) 2001, Matej Pfajfar.
|
|
|
|
* Copyright (c) 2001-2004, Roger Dingledine.
|
|
|
|
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
|
|
|
* Copyright (c) 2007-2018, The Tor Project, Inc. */
|
|
|
|
/* See LICENSE for licensing information */
|
|
|
|
|
|
|
|
/**
|
|
|
|
* \file crypto_init.c
|
|
|
|
*
|
|
|
|
* \brief Initialize and shut down Tor's crypto library and subsystem.
|
|
|
|
**/
|
|
|
|
|
|
|
|
#include "orconfig.h"
|
|
|
|
|
|
|
|
#include "lib/crypt_ops/crypto_init.h"
|
|
|
|
|
|
|
|
#include "lib/crypt_ops/crypto_curve25519.h"
|
|
|
|
#include "lib/crypt_ops/crypto_dh.h"
|
|
|
|
#include "lib/crypt_ops/crypto_ed25519.h"
|
|
|
|
#include "lib/crypt_ops/crypto_openssl_mgt.h"
|
2018-07-11 20:46:28 +02:00
|
|
|
#include "lib/crypt_ops/crypto_nss_mgt.h"
|
2018-07-11 19:44:35 +02:00
|
|
|
#include "lib/crypt_ops/crypto_rand.h"
|
2018-11-02 16:21:06 +01:00
|
|
|
#include "lib/crypt_ops/crypto_sys.h"
|
|
|
|
|
|
|
|
#include "lib/subsys/subsys.h"
|
2018-07-11 19:44:35 +02:00
|
|
|
|
|
|
|
#include "siphash.h"
|
|
|
|
|
2018-09-04 16:51:26 +02:00
|
|
|
/** Boolean: has our crypto library been initialized? (early phase) */
|
2018-07-11 19:44:35 +02:00
|
|
|
static int crypto_early_initialized_ = 0;
|
|
|
|
|
2018-09-04 16:51:26 +02:00
|
|
|
/** Boolean: has our crypto library been initialized? (late phase) */
|
2018-07-11 19:44:35 +02:00
|
|
|
static int crypto_global_initialized_ = 0;
|
|
|
|
|
|
|
|
static int have_seeded_siphash = 0;
|
|
|
|
|
|
|
|
/** Set up the siphash key if we haven't already done so. */
|
|
|
|
int
|
|
|
|
crypto_init_siphash_key(void)
|
|
|
|
{
|
|
|
|
struct sipkey key;
|
|
|
|
if (have_seeded_siphash)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
crypto_rand((char*) &key, sizeof(key));
|
|
|
|
siphash_set_global_key(&key);
|
|
|
|
have_seeded_siphash = 1;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Initialize the crypto library. Return 0 on success, -1 on failure.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
crypto_early_init(void)
|
|
|
|
{
|
|
|
|
if (!crypto_early_initialized_) {
|
|
|
|
|
|
|
|
crypto_early_initialized_ = 1;
|
|
|
|
|
|
|
|
#ifdef ENABLE_OPENSSL
|
|
|
|
crypto_openssl_early_init();
|
|
|
|
#endif
|
2018-07-11 20:46:28 +02:00
|
|
|
#ifdef ENABLE_NSS
|
2018-08-29 14:39:19 +02:00
|
|
|
crypto_nss_early_init(0);
|
2018-07-11 20:46:28 +02:00
|
|
|
#endif
|
2018-07-11 19:44:35 +02:00
|
|
|
|
|
|
|
if (crypto_seed_rng() < 0)
|
|
|
|
return -1;
|
|
|
|
if (crypto_init_siphash_key() < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
curve25519_init();
|
|
|
|
ed25519_init();
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Initialize the crypto library. Return 0 on success, -1 on failure.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
|
|
|
|
{
|
|
|
|
if (!crypto_global_initialized_) {
|
|
|
|
if (crypto_early_init() < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
crypto_global_initialized_ = 1;
|
|
|
|
|
2018-07-17 17:27:08 +02:00
|
|
|
crypto_dh_init();
|
|
|
|
|
2018-07-11 19:44:35 +02:00
|
|
|
#ifdef ENABLE_OPENSSL
|
2018-07-11 20:46:28 +02:00
|
|
|
if (crypto_openssl_late_init(useAccel, accelName, accelDir) < 0)
|
|
|
|
return -1;
|
2018-08-12 23:18:41 +02:00
|
|
|
#else
|
|
|
|
(void)useAccel;
|
|
|
|
(void)accelName;
|
|
|
|
(void)accelDir;
|
2018-07-11 20:46:28 +02:00
|
|
|
#endif
|
|
|
|
#ifdef ENABLE_NSS
|
|
|
|
if (crypto_nss_late_init() < 0)
|
|
|
|
return -1;
|
2018-07-11 19:44:35 +02:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Free crypto resources held by this thread. */
|
|
|
|
void
|
|
|
|
crypto_thread_cleanup(void)
|
|
|
|
{
|
2018-07-11 20:46:28 +02:00
|
|
|
#ifdef ENABLE_OPENSSL
|
|
|
|
crypto_openssl_thread_cleanup();
|
2018-07-11 19:44:35 +02:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Uninitialize the crypto library. Return 0 on success. Does not detect
|
|
|
|
* failure.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
crypto_global_cleanup(void)
|
|
|
|
{
|
|
|
|
crypto_dh_free_all();
|
|
|
|
|
|
|
|
#ifdef ENABLE_OPENSSL
|
|
|
|
crypto_openssl_global_cleanup();
|
|
|
|
#endif
|
2018-07-11 20:46:28 +02:00
|
|
|
#ifdef ENABLE_NSS
|
|
|
|
crypto_nss_global_cleanup();
|
|
|
|
#endif
|
2018-07-11 19:44:35 +02:00
|
|
|
|
|
|
|
crypto_early_initialized_ = 0;
|
|
|
|
crypto_global_initialized_ = 0;
|
|
|
|
have_seeded_siphash = 0;
|
|
|
|
siphash_unset_global_key();
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2018-07-11 21:36:54 +02:00
|
|
|
|
2018-08-29 14:39:19 +02:00
|
|
|
/** Run operations that the crypto library requires to be happy again
|
|
|
|
* after forking. */
|
|
|
|
void
|
|
|
|
crypto_prefork(void)
|
|
|
|
{
|
|
|
|
#ifdef ENABLE_NSS
|
|
|
|
crypto_nss_prefork();
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2018-07-11 21:36:54 +02:00
|
|
|
/** Run operations that the crypto library requires to be happy again
|
|
|
|
* after forking. */
|
|
|
|
void
|
|
|
|
crypto_postfork(void)
|
|
|
|
{
|
|
|
|
#ifdef ENABLE_NSS
|
|
|
|
crypto_nss_postfork();
|
|
|
|
#endif
|
|
|
|
}
|
2018-08-12 23:18:41 +02:00
|
|
|
|
|
|
|
/** Return the name of the crypto library we're using. */
|
|
|
|
const char *
|
|
|
|
crypto_get_library_name(void)
|
|
|
|
{
|
|
|
|
#ifdef ENABLE_OPENSSL
|
|
|
|
return "OpenSSL";
|
|
|
|
#endif
|
|
|
|
#ifdef ENABLE_NSS
|
|
|
|
return "NSS";
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Return the version of the crypto library we are using, as given in the
|
|
|
|
* library. */
|
|
|
|
const char *
|
|
|
|
crypto_get_library_version_string(void)
|
|
|
|
{
|
|
|
|
#ifdef ENABLE_OPENSSL
|
|
|
|
return crypto_openssl_get_version_str();
|
|
|
|
#endif
|
|
|
|
#ifdef ENABLE_NSS
|
|
|
|
return crypto_nss_get_version_str();
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
/** Return the version of the crypto library we're using, as given in the
|
|
|
|
* headers. */
|
|
|
|
const char *
|
|
|
|
crypto_get_header_version_string(void)
|
|
|
|
{
|
|
|
|
#ifdef ENABLE_OPENSSL
|
|
|
|
return crypto_openssl_get_header_version_str();
|
|
|
|
#endif
|
|
|
|
#ifdef ENABLE_NSS
|
|
|
|
return crypto_nss_get_header_version_str();
|
|
|
|
#endif
|
|
|
|
}
|
2018-08-23 17:30:18 +02:00
|
|
|
|
|
|
|
/** Return true iff Tor is using the NSS library. */
|
|
|
|
int
|
|
|
|
tor_is_using_nss(void)
|
|
|
|
{
|
|
|
|
#ifdef ENABLE_NSS
|
|
|
|
return 1;
|
|
|
|
#else
|
|
|
|
return 0;
|
|
|
|
#endif
|
|
|
|
}
|
2018-11-02 16:21:06 +01:00
|
|
|
|
|
|
|
static int
|
2018-11-09 17:12:12 +01:00
|
|
|
subsys_crypto_initialize(void)
|
2018-11-02 16:21:06 +01:00
|
|
|
{
|
|
|
|
if (crypto_early_init() < 0)
|
|
|
|
return -1;
|
|
|
|
crypto_dh_init();
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2018-11-09 17:12:12 +01:00
|
|
|
subsys_crypto_shutdown(void)
|
2018-11-02 16:21:06 +01:00
|
|
|
{
|
|
|
|
crypto_global_cleanup();
|
|
|
|
}
|
|
|
|
|
2018-11-09 17:12:12 +01:00
|
|
|
static void
|
|
|
|
subsys_crypto_prefork(void)
|
|
|
|
{
|
|
|
|
crypto_prefork();
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
subsys_crypto_postfork(void)
|
|
|
|
{
|
|
|
|
crypto_postfork();
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
subsys_crypto_thread_cleanup(void)
|
|
|
|
{
|
|
|
|
crypto_thread_cleanup();
|
|
|
|
}
|
|
|
|
|
2018-11-02 16:21:06 +01:00
|
|
|
const struct subsys_fns_t sys_crypto = {
|
|
|
|
.name = "crypto",
|
|
|
|
.supported = true,
|
|
|
|
.level = -60,
|
2018-11-09 17:12:12 +01:00
|
|
|
.initialize = subsys_crypto_initialize,
|
|
|
|
.shutdown = subsys_crypto_shutdown,
|
|
|
|
.prefork = subsys_crypto_prefork,
|
|
|
|
.postfork = subsys_crypto_postfork,
|
|
|
|
.thread_cleanup = subsys_crypto_thread_cleanup,
|
2018-11-02 16:21:06 +01:00
|
|
|
};
|