Force hybrid encryption on for key negotiation

svn:r1509
2024-09-21 13:34:59 +02:00 · 2004-04-06 20:55:46 +00:00 · 2004-04-06 20:55:46 +00:00 · 2fc106d210
commit 2fc106d210
parent 40a5d6055e
5 changed files with 8 additions and 6 deletions
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@ -534,11 +534,13 @@ int crypto_pk_private_sign_digest(crypto_pk_env_t *env, const unsigned char *fro
 *   The beginning of the source data prefixed with a 16-symmetric key,
 *   padded and encrypted with the public key; followed by the rest of
 *   the source data encrypted in AES-CTR mode with the symmetric key.
+ *
+ * DOCDOC force.
 */
 int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
                                    const unsigned char *from,
                                    int fromlen, unsigned char *to,
-                                    int padding)
+                                    int padding, int force)
 {
  int overhead, pkeylen, outlen, r, symlen;
  crypto_cipher_env_t *cipher = NULL;
@ -552,7 +554,7 @@ int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
  if (padding == PK_NO_PADDING && fromlen < pkeylen)
    return -1;

-  if (fromlen+overhead <= pkeylen) {
+  if (!force && fromlen+overhead <= pkeylen) {
    /* It all fits in a single encrypt. */
    return crypto_pk_public_encrypt(env,from,fromlen,to,padding);
  }
--- a/src/common/crypto.h
+++ b/src/common/crypto.h
@ -64,7 +64,7 @@ int crypto_pk_public_checksig(crypto_pk_env_t *env, const unsigned char *from, i
 int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char *data, int datalen, const unsigned char *sig, int siglen);
 int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
                                    const unsigned char *from, int fromlen,
-                                    unsigned char *to, int padding);
+                                    unsigned char *to, int padding, int force);
 int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
                                     const unsigned char *from, int fromlen,
                                     unsigned char *to,int padding);
--- a/src/or/onion.c
+++ b/src/or/onion.c
@ -585,7 +585,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
  /* set meeting point, meeting cookie, etc here. Leave zero for now. */
  if (crypto_pk_public_hybrid_encrypt(dest_router_key, challenge,
                                      ONIONSKIN_CHALLENGE_LEN-CIPHER_KEY_LEN,
-                                      onion_skin_out, PK_NO_PADDING)<0)
+                                      onion_skin_out, PK_NO_PADDING, 1)<0)
    goto err;

  tor_free(challenge);
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@ -100,7 +100,7 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
  r = crypto_pk_public_hybrid_encrypt(parsed->pk, tmp,
                           MAX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN,
                                      payload+DIGEST_LEN,
-                                      PK_PKCS1_OAEP_PADDING);
+                                      PK_PKCS1_OAEP_PADDING, 0);
  if (r<0) {
    log_fn(LOG_WARN,"hybrid pk encrypt failed.");
    goto err;
--- a/src/or/test.c
+++ b/src/or/test.c
@ -418,7 +418,7 @@ test_crypto()
        continue;
      p = (i==0)?PK_NO_PADDING:
        (i==1)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING;
-      len = crypto_pk_public_hybrid_encrypt(pk1,data1,j,data2,p);
+      len = crypto_pk_public_hybrid_encrypt(pk1,data1,j,data2,p,0);
      test_assert(len>=0);
      len = crypto_pk_private_hybrid_decrypt(pk1,data2,len,data3,p);
      test_eq(len,j);