Force hybrid encryption on for key negotiation

svn:r1509
This commit is contained in:
Nick Mathewson 2004-04-06 20:55:46 +00:00
parent 40a5d6055e
commit 2fc106d210
5 changed files with 8 additions and 6 deletions

View File

@ -534,11 +534,13 @@ int crypto_pk_private_sign_digest(crypto_pk_env_t *env, const unsigned char *fro
* The beginning of the source data prefixed with a 16-symmetric key,
* padded and encrypted with the public key; followed by the rest of
* the source data encrypted in AES-CTR mode with the symmetric key.
*
* DOCDOC force.
*/
int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
const unsigned char *from,
int fromlen, unsigned char *to,
int padding)
int padding, int force)
{
int overhead, pkeylen, outlen, r, symlen;
crypto_cipher_env_t *cipher = NULL;
@ -552,7 +554,7 @@ int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
if (padding == PK_NO_PADDING && fromlen < pkeylen)
return -1;
if (fromlen+overhead <= pkeylen) {
if (!force && fromlen+overhead <= pkeylen) {
/* It all fits in a single encrypt. */
return crypto_pk_public_encrypt(env,from,fromlen,to,padding);
}

View File

@ -64,7 +64,7 @@ int crypto_pk_public_checksig(crypto_pk_env_t *env, const unsigned char *from, i
int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const unsigned char *data, int datalen, const unsigned char *sig, int siglen);
int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
const unsigned char *from, int fromlen,
unsigned char *to, int padding);
unsigned char *to, int padding, int force);
int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
const unsigned char *from, int fromlen,
unsigned char *to,int padding);

View File

@ -585,7 +585,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
/* set meeting point, meeting cookie, etc here. Leave zero for now. */
if (crypto_pk_public_hybrid_encrypt(dest_router_key, challenge,
ONIONSKIN_CHALLENGE_LEN-CIPHER_KEY_LEN,
onion_skin_out, PK_NO_PADDING)<0)
onion_skin_out, PK_NO_PADDING, 1)<0)
goto err;
tor_free(challenge);

View File

@ -100,7 +100,7 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
r = crypto_pk_public_hybrid_encrypt(parsed->pk, tmp,
MAX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN,
payload+DIGEST_LEN,
PK_PKCS1_OAEP_PADDING);
PK_PKCS1_OAEP_PADDING, 0);
if (r<0) {
log_fn(LOG_WARN,"hybrid pk encrypt failed.");
goto err;

View File

@ -418,7 +418,7 @@ test_crypto()
continue;
p = (i==0)?PK_NO_PADDING:
(i==1)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING;
len = crypto_pk_public_hybrid_encrypt(pk1,data1,j,data2,p);
len = crypto_pk_public_hybrid_encrypt(pk1,data1,j,data2,p,0);
test_assert(len>=0);
len = crypto_pk_private_hybrid_decrypt(pk1,data2,len,data3,p);
test_eq(len,j);