nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'openssl101_aes_ctr_rebased'

Browse Source
This commit is contained in:
Nick Mathewson 2012-03-27 22:41:10 -04:00
commit 86f1630b36
12 changed files with 231 additions and 286 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changes/crypto_api Normal file
View File

@ -0,0 +1,3 @@
o Code refactoring:
- Change the symmetric cipher interface so that creating and
initializing a stream cipher are no longer separate functions.

6
changes/openssl101_aes Normal file
View File

@ -0,0 +1,6 @@
o Major features (performance):
- When built to use the newly OpenSSL 1.0.1, and built for an x86 or
x86_64 instruction set, take advantage of OpenSSL's AESNI, bitsliced,
or vectorized AES implementations as appropriate. These can be
much, much faster than other AES implementations.

3
changes/pad_rsa_always Normal file
View File

@ -0,0 +1,3 @@
o Code removal:
- Remove all internal support for unpadded RSA. We never used it, and
it would be a bad idea to start.

103
src/common/aes.c
View File

@ -33,15 +33,35 @@
#define DISABLE_ENGINES
#endif
/* We have 2 strategies for getting AES: Via OpenSSL's AES_encrypt function,
* via OpenSSL's EVP_EncryptUpdate function.
/* We have five strategies for implementing AES counter mode.
*
* Best with x86 and x86_64: Use EVP_aes_ctr128() and EVP_EncryptUpdate().
* This is possible with OpenSSL 1.0.1, where the counter-mode implementation
* can use bit-sliced or vectorized AES or AESNI as appropriate.
*
* Otherwise: Pick the best possible AES block implementation that OpenSSL
* gives us, and the best possible counter-mode implementation, and combine
* them.
*/
#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,0,1) && \
(defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64) || defined(__INTEL__)) \
#define USE_EVP_AES_CTR
#endif
/* We have 2 strategies for getting the AES block cipher: Via OpenSSL's
* AES_encrypt function, or via OpenSSL's EVP_EncryptUpdate function.
*
* If there's any hardware acceleration in play, we want to be using EVP_* so
* we can get it. Otherwise, we'll want AES_*, which seems to be about 5%
* faster than indirecting through the EVP layer.
*/
/* We have 2 strategies for counter mode: use our own, or use OpenSSL's.
/* We have 2 strategies for getting a plug-in counter mode: use our own, or
* use OpenSSL's.
*
* Here we have a counter mode that's faster than the one shipping with
* OpenSSL pre-1.0 (by about 10%!). But OpenSSL 1.0.0 added a counter mode
@ -51,6 +71,66 @@
* make sure that we have a fixed version.)
*/
#ifdef USE_EVP_AES_CTR
struct aes_cnt_cipher {
EVP_CIPHER_CTX evp;
};
aes_cnt_cipher_t *
aes_new_cipher(const char *key, const char *iv)
{
aes_cnt_cipher_t *cipher;
cipher = tor_malloc_zero(sizeof(aes_cnt_cipher_t));
EVP_EncryptInit(&cipher->evp, EVP_aes_128_ctr(),
(const unsigned char*)key, (const unsigned char *)iv);
return cipher;
}
void
aes_cipher_free(aes_cnt_cipher_t *cipher)
{
if (!cipher)
return;
EVP_CIPHER_CTX_cleanup(&cipher->evp);
memset(cipher, 0, sizeof(aes_cnt_cipher_t));
tor_free(cipher);
}
void
aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
char *output)
{
int outl;
tor_assert(len < INT_MAX);
EVP_EncryptUpdate(&cipher->evp, (unsigned char*)output,
&outl, (const unsigned char *)input, (int)len);
}
void
aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len)
{
int outl;
tor_assert(len < INT_MAX);
EVP_EncryptUpdate(&cipher->evp, (unsigned char*)data,
&outl, (unsigned char*)data, (int)len);
}
int
evaluate_evp_for_aes(int force_val)
{
(void) force_val;
log_notice(LD_CRYPTO, "This version of OpenSSL has a known-good EVP "
"counter-mode implementation. Using it.");
return 0;
}
int
evaluate_ctr_for_aes(void)
{
return 0;
}
#else
/*======================================================================*/
/* Interface to AES code, and counter implementation */
@ -209,14 +289,22 @@ _aes_fill_buf(aes_cnt_cipher_t *cipher)
}
}
static void aes_set_key(aes_cnt_cipher_t *cipher, const char *key,
int key_bits);
static void aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv);
/**
* Return a newly allocated counter-mode AES128 cipher implementation.
* Return a newly allocated counter-mode AES128 cipher implementation,
* using the 128-bit key <b>key</b> and the 128-bit IV <b>iv</b>.
*/
aes_cnt_cipher_t*
aes_new_cipher(void)
aes_new_cipher(const char *key, const char *iv)
{
aes_cnt_cipher_t* result = tor_malloc_zero(sizeof(aes_cnt_cipher_t));
aes_set_key(result, key, 128);
aes_set_iv(result, iv);
return result;
}
@ -224,7 +312,7 @@ aes_new_cipher(void)
* <b>key_bits</b> bits long (must be 128, 192, or 256). Also resets
* the counter to 0.
*/
void
static void
aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
{
if (should_use_EVP) {
@ -398,7 +486,7 @@ aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len)
/** Reset the 128-bit counter of <b>cipher</b> to the 16-bit big-endian value
* in <b>iv</b>. */
void
static void
aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv)
{
#ifdef USING_COUNTER_VARS
@ -416,3 +504,4 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv)
_aes_fill_buf(cipher);
}
#endif

4
src/common/aes.h
View File

@ -16,13 +16,11 @@
struct aes_cnt_cipher;
typedef struct aes_cnt_cipher aes_cnt_cipher_t;
aes_cnt_cipher_t* aes_new_cipher(void);
aes_cnt_cipher_t* aes_new_cipher(const char *key, const char *iv);
void aes_cipher_free(aes_cnt_cipher_t *cipher);
void aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits);
void aes_crypt(aes_cnt_cipher_t *cipher, const char *input, size_t len,
char *output);
void aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len);
void aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv);
int evaluate_evp_for_aes(int force_value);
int evaluate_ctr_for_aes(void);

184
src/common/crypto.c
View File

@ -119,6 +119,7 @@ struct crypto_pk_t
struct crypto_cipher_t
{
char key[CIPHER_KEY_LEN]; /**< The raw key. */
char iv[CIPHER_IV_LEN]; /**< The initial IV. */
aes_cnt_cipher_t *cipher; /**< The key in format usable for counter-mode AES
* encryption */
};
@ -139,7 +140,6 @@ crypto_get_rsa_padding_overhead(int padding)
{
switch (padding)
{
case RSA_NO_PADDING: return 0;
case RSA_PKCS1_OAEP_PADDING: return 42;
case RSA_PKCS1_PADDING: return 11;
default: tor_assert(0); return -1;
@ -153,7 +153,6 @@ crypto_get_rsa_padding(int padding)
{
switch (padding)
{
case PK_NO_PADDING: return RSA_NO_PADDING;
case PK_PKCS1_PADDING: return RSA_PKCS1_PADDING;
case PK_PKCS1_OAEP_PADDING: return RSA_PKCS1_OAEP_PADDING;
default: tor_assert(0); return -1;
@ -383,50 +382,39 @@ crypto_pk_free(crypto_pk_t *env)
tor_free(env);
}
/** Create a new symmetric cipher for a given key and encryption flag
* (1=encrypt, 0=decrypt). Return the crypto object on success; NULL
* on failure.
/** Allocate and return a new symmetric cipher using the provided key and iv.
* The key is CIPHER_KEY_LEN bytes; the IV is CIPHER_IV_LEN bytes. If you
* provide NULL in place of either one, it is generated at random.
*/
crypto_cipher_t *
crypto_create_init_cipher(const char *key, int encrypt_mode)
{
int r;
crypto_cipher_t *crypto = NULL;
if (! (crypto = crypto_cipher_new())) {
log_warn(LD_CRYPTO, "Unable to allocate crypto object");
return NULL;
}
crypto_cipher_set_key(crypto, key);
if (encrypt_mode)
r = crypto_cipher_encrypt_init_cipher(crypto);
else
r = crypto_cipher_decrypt_init_cipher(crypto);
if (r)
goto error;
return crypto;
error:
if (crypto)
crypto_cipher_free(crypto);
return NULL;
}
/** Allocate and return a new symmetric cipher.
*/
crypto_cipher_t *
crypto_cipher_new(void)
crypto_cipher_new_with_iv(const char *key, const char *iv)
{
crypto_cipher_t *env;
env = tor_malloc_zero(sizeof(crypto_cipher_t));
env->cipher = aes_new_cipher();
if (key == NULL)
crypto_rand(env->key, CIPHER_KEY_LEN);
else
memcpy(env->key, key, CIPHER_KEY_LEN);
if (iv == NULL)
crypto_rand(env->iv, CIPHER_IV_LEN);
else
memcpy(env->iv, iv, CIPHER_IV_LEN);
env->cipher = aes_new_cipher(env->key, env->iv);
return env;
}
crypto_cipher_t *
crypto_cipher_new(const char *key)
{
char zeroiv[CIPHER_IV_LEN];
memset(zeroiv, 0, sizeof(zeroiv));
return crypto_cipher_new_with_iv(key, zeroiv);
}
/** Free a symmetric cipher.
*/
void
@ -1001,9 +989,6 @@ crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
* bytes of data from <b>from</b>, with padding type 'padding',
* storing the results on <b>to</b>.
*
* If no padding is used, the public key must be at least as large as
* <b>from</b>.
*
* Returns the number of bytes written on success, -1 on failure.
*
* The encrypted data consists of:
@ -1034,9 +1019,6 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_t *env,
overhead = crypto_get_rsa_padding_overhead(crypto_get_rsa_padding(padding));
pkeylen = crypto_pk_keysize(env);
if (padding == PK_NO_PADDING && fromlen < pkeylen)
return -1;
if (!force && fromlen+overhead <= pkeylen) {
/* It all fits in a single encrypt. */
return crypto_pk_public_encrypt(env,to,
@ -1046,20 +1028,8 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_t *env,
tor_assert(tolen >= fromlen + overhead + CIPHER_KEY_LEN);
tor_assert(tolen >= pkeylen);
cipher = crypto_cipher_new();
if (!cipher) return -1;
if (crypto_cipher_generate_key(cipher)<0)
goto err;
/* You can't just run around RSA-encrypting any bitstream: if it's
* greater than the RSA key, then OpenSSL will happily encrypt, and
* later decrypt to the wrong value. So we set the first bit of
* 'cipher->key' to 0 if we aren't padding. This means that our
* symmetric key is really only 127 bits.
*/
if (padding == PK_NO_PADDING)
cipher->key[0] &= 0x7f;
if (crypto_cipher_encrypt_init_cipher(cipher)<0)
goto err;
cipher = crypto_cipher_new(NULL); /* generate a new key. */
buf = tor_malloc(pkeylen+1);
memcpy(buf, cipher->key, CIPHER_KEY_LEN);
memcpy(buf+CIPHER_KEY_LEN, from, pkeylen-overhead-CIPHER_KEY_LEN);
@ -1124,7 +1094,7 @@ crypto_pk_private_hybrid_decrypt(crypto_pk_t *env,
"No room for a symmetric key");
goto err;
}
cipher = crypto_create_init_cipher(buf, 0);
cipher = crypto_cipher_new(buf);
if (!cipher) {
goto err;
}
@ -1312,49 +1282,6 @@ crypto_pk_check_fingerprint_syntax(const char *s)
/* symmetric crypto */
/** Generate a new random key for the symmetric cipher in <b>env</b>.
* Return 0 on success, -1 on failure. Does not initialize the cipher.
*/
int
crypto_cipher_generate_key(crypto_cipher_t *env)
{
tor_assert(env);
return crypto_rand(env->key, CIPHER_KEY_LEN);
}
/** Set the symmetric key for the cipher in <b>env</b> to the first
* CIPHER_KEY_LEN bytes of <b>key</b>. Does not initialize the cipher.
*/
void
crypto_cipher_set_key(crypto_cipher_t *env, const char *key)
{
tor_assert(env);
tor_assert(key);
memcpy(env->key, key, CIPHER_KEY_LEN);
}
/** Generate an initialization vector for our AES-CTR cipher; store it
* in the first CIPHER_IV_LEN bytes of <b>iv_out</b>. */
void
crypto_cipher_generate_iv(char *iv_out)
{
crypto_rand(iv_out, CIPHER_IV_LEN);
}
/** Adjust the counter of <b>env</b> to point to the first byte of the block
* corresponding to the encryption of the CIPHER_IV_LEN bytes at
* <b>iv</b>. */
int
crypto_cipher_set_iv(crypto_cipher_t *env, const char *iv)
{
tor_assert(env);
tor_assert(iv);
aes_set_iv(env->cipher, iv);
return 0;
}
/** Return a pointer to the key set for the cipher in <b>env</b>.
*/
const char *
@ -1363,30 +1290,6 @@ crypto_cipher_get_key(crypto_cipher_t *env)
return env->key;
}
/** Initialize the cipher in <b>env</b> for encryption. Return 0 on
* success, -1 on failure.
*/
int
crypto_cipher_encrypt_init_cipher(crypto_cipher_t *env)
{
tor_assert(env);
aes_set_key(env->cipher, env->key, CIPHER_KEY_LEN*8);
return 0;
}
/** Initialize the cipher in <b>env</b> for decryption. Return 0 on
* success, -1 on failure.
*/
int
crypto_cipher_decrypt_init_cipher(crypto_cipher_t *env)
{
tor_assert(env);
aes_set_key(env->cipher, env->key, CIPHER_KEY_LEN*8);
return 0;
}
/** Encrypt <b>fromlen</b> bytes from <b>from</b> using the cipher
* <b>env</b>; on success, store the result to <b>to</b> and return 0.
* On failure, return -1.
@ -1435,20 +1338,17 @@ crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *buf, size_t len)
}
/** Encrypt <b>fromlen</b> bytes (at least 1) from <b>from</b> with the key in
* <b>cipher</b> to the buffer in <b>to</b> of length
* <b>key</b> to the buffer in <b>to</b> of length
* <b>tolen</b>. <b>tolen</b> must be at least <b>fromlen</b> plus
* CIPHER_IV_LEN bytes for the initialization vector. On success, return the
* number of bytes written, on failure, return -1.
*
* This function adjusts the current position of the counter in <b>cipher</b>
* to immediately after the encrypted data.
*/
int
crypto_cipher_encrypt_with_iv(crypto_cipher_t *cipher,
crypto_cipher_encrypt_with_iv(const char *key,
char *to, size_t tolen,
const char *from, size_t fromlen)
{
tor_assert(cipher);
crypto_cipher_t *cipher;
tor_assert(from);
tor_assert(to);
tor_assert(fromlen < INT_MAX);
@ -1458,28 +1358,27 @@ crypto_cipher_encrypt_with_iv(crypto_cipher_t *cipher,
if (tolen < fromlen + CIPHER_IV_LEN)
return -1;
crypto_cipher_generate_iv(to);
if (crypto_cipher_set_iv(cipher, to)<0)
return -1;
cipher = crypto_cipher_new_with_iv(key, NULL);
memcpy(to, cipher->iv, CIPHER_IV_LEN);
crypto_cipher_encrypt(cipher, to+CIPHER_IV_LEN, from, fromlen);
crypto_cipher_free(cipher);
return (int)(fromlen + CIPHER_IV_LEN);
}
/** Decrypt <b>fromlen</b> bytes (at least 1+CIPHER_IV_LEN) from <b>from</b>
* with the key in <b>cipher</b> to the buffer in <b>to</b> of length
* with the key in <b>key</b> to the buffer in <b>to</b> of length
* <b>tolen</b>. <b>tolen</b> must be at least <b>fromlen</b> minus
* CIPHER_IV_LEN bytes for the initialization vector. On success, return the
* number of bytes written, on failure, return -1.
*
* This function adjusts the current position of the counter in <b>cipher</b>
* to immediately after the decrypted data.
*/
int
crypto_cipher_decrypt_with_iv(crypto_cipher_t *cipher,
crypto_cipher_decrypt_with_iv(const char *key,
char *to, size_t tolen,
const char *from, size_t fromlen)
{
tor_assert(cipher);
crypto_cipher_t *cipher;
tor_assert(key);
tor_assert(from);
tor_assert(to);
tor_assert(fromlen < INT_MAX);
@ -1489,9 +1388,10 @@ crypto_cipher_decrypt_with_iv(crypto_cipher_t *cipher,
if (tolen < fromlen - CIPHER_IV_LEN)
return -1;
if (crypto_cipher_set_iv(cipher, from)<0)
return -1;
cipher = crypto_cipher_new_with_iv(key, from);
crypto_cipher_encrypt(cipher, to, from+CIPHER_IV_LEN, fromlen-CIPHER_IV_LEN);
crypto_cipher_free(cipher);
return (int)(fromlen - CIPHER_IV_LEN);
}

23
src/common/crypto.h
View File

@ -69,11 +69,9 @@
* signs removed. */
#define BASE64_DIGEST256_LEN 43
/** Constants used to indicate no padding for public-key encryption */
#define PK_NO_PADDING 60000
/** Constants used to indicate PKCS1 padding for public-key encryption */
/** Constant used to indicate PKCS1 padding for public-key encryption */
#define PK_PKCS1_PADDING 60001
/** Constants used to indicate OAEP padding for public-key encryption */
/** Constant used to indicate OAEP padding for public-key encryption */
#define PK_PKCS1_OAEP_PADDING 60002
/** Number of bytes added for PKCS1 padding. */
@ -125,11 +123,8 @@ void crypto_pk_free(crypto_pk_t *env);
void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname);
/* convenience function: wraps crypto_cipher_new, set_key, and init. */
crypto_cipher_t *crypto_create_init_cipher(const char *key,
int encrypt_mode);
crypto_cipher_t *crypto_cipher_new(void);
crypto_cipher_t *crypto_cipher_new(const char *key);
crypto_cipher_t *crypto_cipher_new_with_iv(const char *key, const char *iv);
void crypto_cipher_free(crypto_cipher_t *env);
/* public key crypto */
@ -189,13 +184,7 @@ int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
int crypto_pk_check_fingerprint_syntax(const char *s);
/* symmetric crypto */
int crypto_cipher_generate_key(crypto_cipher_t *env);
void crypto_cipher_set_key(crypto_cipher_t *env, const char *key);
void crypto_cipher_generate_iv(char *iv_out);
int crypto_cipher_set_iv(crypto_cipher_t *env, const char *iv);
const char *crypto_cipher_get_key(crypto_cipher_t *env);
int crypto_cipher_encrypt_init_cipher(crypto_cipher_t *env);
int crypto_cipher_decrypt_init_cipher(crypto_cipher_t *env);
int crypto_cipher_encrypt(crypto_cipher_t *env, char *to,
const char *from, size_t fromlen);
@ -203,10 +192,10 @@ int crypto_cipher_decrypt(crypto_cipher_t *env, char *to,
const char *from, size_t fromlen);
int crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *d, size_t len);
int crypto_cipher_encrypt_with_iv(crypto_cipher_t *env,
int crypto_cipher_encrypt_with_iv(const char *key,
char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_cipher_decrypt_with_iv(crypto_cipher_t *env,
int crypto_cipher_decrypt_with_iv(const char *key,
char *to, size_t tolen,
const char *from, size_t fromlen);

4
src/or/circuitbuild.c
View File

@ -2334,12 +2334,12 @@ circuit_init_cpath_crypto(crypt_path_t *cpath, const char *key_data,
crypto_digest_add_bytes(cpath->b_digest, key_data+DIGEST_LEN, DIGEST_LEN);
if (!(cpath->f_crypto =
crypto_create_init_cipher(key_data+(2*DIGEST_LEN),1))) {
crypto_cipher_new(key_data+(2*DIGEST_LEN)))) {
log_warn(LD_BUG,"Forward cipher initialization failed.");
return -1;
}
if (!(cpath->b_crypto =
crypto_create_init_cipher(key_data+(2*DIGEST_LEN)+CIPHER_KEY_LEN,0))) {
crypto_cipher_new(key_data+(2*DIGEST_LEN)+CIPHER_KEY_LEN))) {
log_warn(LD_BUG,"Backward cipher initialization failed.");
return -1;
}

13
src/or/rendcommon.c
View File

@ -290,11 +290,10 @@ rend_encrypt_v2_intro_points_basic(char **encrypted_out,
enc[1] = (uint8_t)client_blocks;
/* Encrypt with random session key. */
cipher = crypto_create_init_cipher(session_key, 1);
enclen = crypto_cipher_encrypt_with_iv(cipher,
enclen = crypto_cipher_encrypt_with_iv(session_key,
enc + 2 + client_entries_len,
CIPHER_IV_LEN + strlen(encoded), encoded, strlen(encoded));
crypto_cipher_free(cipher);
if (enclen < 0) {
log_warn(LD_REND, "Could not encrypt introduction point string.");
goto done;
@ -307,7 +306,7 @@ rend_encrypt_v2_intro_points_basic(char **encrypted_out,
SMARTLIST_FOREACH_BEGIN(client_cookies, const char *, cookie) {
client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN);
/* Encrypt session key. */
cipher = crypto_create_init_cipher(cookie, 1);
cipher = crypto_cipher_new(cookie);
if (crypto_cipher_encrypt(cipher, client_part +
REND_BASIC_AUTH_CLIENT_ID_LEN,
session_key, CIPHER_KEY_LEN) < 0) {
@ -374,18 +373,16 @@ rend_encrypt_v2_intro_points_stealth(char **encrypted_out,
const char *descriptor_cookie)
{
int r = -1, enclen;
crypto_cipher_t *cipher;
char *enc;
tor_assert(encoded);
tor_assert(descriptor_cookie);
enc = tor_malloc_zero(1 + CIPHER_IV_LEN + strlen(encoded));
enc[0] = 0x02; /* Auth type */
cipher = crypto_create_init_cipher(descriptor_cookie, 1);
enclen = crypto_cipher_encrypt_with_iv(cipher, enc + 1,
enclen = crypto_cipher_encrypt_with_iv(descriptor_cookie,
enc + 1,
CIPHER_IV_LEN+strlen(encoded),
encoded, strlen(encoded));
crypto_cipher_free(cipher);
if (enclen < 0) {
log_warn(LD_REND, "Could not encrypt introduction point string.");
goto done;

15
src/or/routerparse.c
View File

@ -4887,7 +4887,7 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
if (tor_memeq(ipos_encrypted + pos, client_id,
REND_BASIC_AUTH_CLIENT_ID_LEN)) {
/* Attempt to decrypt introduction points. */
cipher = crypto_create_init_cipher(descriptor_cookie, 0);
cipher = crypto_cipher_new(descriptor_cookie);
if (crypto_cipher_decrypt(cipher, session_key, ipos_encrypted
+ pos + REND_BASIC_AUTH_CLIENT_ID_LEN,
CIPHER_KEY_LEN) < 0) {
@ -4896,13 +4896,13 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
return -1;
}
crypto_cipher_free(cipher);
cipher = crypto_create_init_cipher(session_key, 0);
len = ipos_encrypted_size - 2 - client_entries_len - CIPHER_IV_LEN;
dec = tor_malloc(len);
declen = crypto_cipher_decrypt_with_iv(cipher, dec, len,
declen = crypto_cipher_decrypt_with_iv(session_key, dec, len,
ipos_encrypted + 2 + client_entries_len,
ipos_encrypted_size - 2 - client_entries_len);
crypto_cipher_free(cipher);
if (declen < 0) {
log_warn(LD_REND, "Could not decrypt introduction point string.");
tor_free(dec);
@ -4923,7 +4923,6 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
"check your authorization for this service!");
return -1;
} else if (ipos_encrypted[0] == (int)REND_STEALTH_AUTH) {
crypto_cipher_t *cipher;
char *dec;
int declen;
if (ipos_encrypted_size < CIPHER_IV_LEN + 2) {
@ -4932,13 +4931,13 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
return -1;
}
dec = tor_malloc_zero(ipos_encrypted_size - CIPHER_IV_LEN - 1);
cipher = crypto_create_init_cipher(descriptor_cookie, 0);
declen = crypto_cipher_decrypt_with_iv(cipher, dec,
declen = crypto_cipher_decrypt_with_iv(descriptor_cookie, dec,
ipos_encrypted_size -
CIPHER_IV_LEN - 1,
ipos_encrypted + 1,
ipos_encrypted_size - 1);
crypto_cipher_free(cipher);
if (declen < 0) {
log_warn(LD_REND, "Decrypting introduction points failed!");
tor_free(dec);

17
src/test/bench.c
View File

@ -77,9 +77,8 @@ bench_aes(void)
uint64_t start, end;
const int bytes_per_iter = (1<<24);
reset_perftime();
c = crypto_cipher_new();
crypto_cipher_generate_key(c);
crypto_cipher_encrypt_init_cipher(c);
c = crypto_cipher_new(NULL);
for (len = 1; len <= 8192; len *= 2) {
int iters = bytes_per_iter / len;
b1 = tor_malloc_zero(len);
@ -108,9 +107,7 @@ bench_cell_aes(void)
crypto_cipher_t *c;
int i, misalign;
c = crypto_cipher_new();
crypto_cipher_generate_key(c);
crypto_cipher_encrypt_init_cipher(c);
c = crypto_cipher_new(NULL);
reset_perftime();
for (misalign = 0; misalign <= max_misalign; ++misalign) {
@ -221,12 +218,8 @@ bench_cell_ops(void)
or_circ->_base.purpose = CIRCUIT_PURPOSE_OR;
/* Initialize crypto */
or_circ->p_crypto = crypto_cipher_new();
crypto_cipher_generate_key(or_circ->p_crypto);
crypto_cipher_encrypt_init_cipher(or_circ->p_crypto);
or_circ->n_crypto = crypto_cipher_new();
crypto_cipher_generate_key(or_circ->n_crypto);
crypto_cipher_encrypt_init_cipher(or_circ->n_crypto);
or_circ->p_crypto = crypto_cipher_new(NULL);
or_circ->n_crypto = crypto_cipher_new(NULL);
or_circ->p_digest = crypto_digest_new();
or_circ->n_digest = crypto_digest_new();

142
src/test/test_crypto.c
View File

@ -118,14 +118,10 @@ test_crypto_aes(void *arg)
memset(data2, 0, 1024);
memset(data3, 0, 1024);
env1 = crypto_cipher_new();
env1 = crypto_cipher_new(NULL);
test_neq(env1, 0);
env2 = crypto_cipher_new();
env2 = crypto_cipher_new(crypto_cipher_get_key(env1));
test_neq(env2, 0);
j = crypto_cipher_generate_key(env1);
crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
crypto_cipher_encrypt_init_cipher(env1);
crypto_cipher_decrypt_init_cipher(env2);
/* Try encrypting 512 chars. */
crypto_cipher_encrypt(env1, data2, data1, 512);
@ -155,10 +151,8 @@ test_crypto_aes(void *arg)
env2 = NULL;
memset(data3, 0, 1024);
env2 = crypto_cipher_new();
env2 = crypto_cipher_new(crypto_cipher_get_key(env1));
test_neq(env2, 0);
crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
crypto_cipher_encrypt_init_cipher(env2);
for (j = 0; j < 1024-16; j += 17) {
crypto_cipher_encrypt(env2, data3+j, data1+j, 17);
}
@ -174,10 +168,9 @@ test_crypto_aes(void *arg)
env2 = NULL;
/* NIST test vector for aes. */
env1 = crypto_cipher_new(); /* IV starts at 0 */
crypto_cipher_set_key(env1, "\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00");
crypto_cipher_encrypt_init_cipher(env1);
/* IV starts at 0 */
env1 = crypto_cipher_new("\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00");
crypto_cipher_encrypt(env1, data1,
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00", 16);
@ -185,37 +178,55 @@ test_crypto_aes(void *arg)
/* Now test rollover. All these values are originally from a python
* script. */
crypto_cipher_set_iv(env1, "\x00\x00\x00\x00\x00\x00\x00\x00"
"\xff\xff\xff\xff\xff\xff\xff\xff");
crypto_cipher_free(env1);
env1 = crypto_cipher_new_with_iv(
"\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\xff\xff\xff\xff\xff\xff\xff\xff");
memset(data2, 0, 1024);
crypto_cipher_encrypt(env1, data1, data2, 32);
test_memeq_hex(data1, "335fe6da56f843199066c14a00a40231"
"cdd0b917dbc7186908a6bfb5ffd574d3");
crypto_cipher_set_iv(env1, "\x00\x00\x00\x00\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
crypto_cipher_free(env1);
env1 = crypto_cipher_new_with_iv(
"\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\x00\x00\x00\x00\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
memset(data2, 0, 1024);
crypto_cipher_encrypt(env1, data1, data2, 32);
test_memeq_hex(data1, "e627c6423fa2d77832a02b2794094b73"
"3e63c721df790d2c6469cc1953a3ffac");
crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
crypto_cipher_free(env1);
env1 = crypto_cipher_new_with_iv(
"\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
memset(data2, 0, 1024);
crypto_cipher_encrypt(env1, data1, data2, 32);
test_memeq_hex(data1, "2aed2bff0de54f9328efd070bf48f70a"
"0EDD33D3C621E546455BD8BA1418BEC8");
/* Now check rollover on inplace cipher. */
crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
crypto_cipher_free(env1);
env1 = crypto_cipher_new_with_iv(
"\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
crypto_cipher_crypt_inplace(env1, data2, 64);
test_memeq_hex(data2, "2aed2bff0de54f9328efd070bf48f70a"
"0EDD33D3C621E546455BD8BA1418BEC8"
"93e2c5243d6839eac58503919192f7ae"
"1908e67cafa08d508816659c2e693191");
crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
crypto_cipher_free(env1);
env1 = crypto_cipher_new_with_iv(
"\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff");
crypto_cipher_crypt_inplace(env1, data2, 64);
test_assert(tor_mem_is_zero(data2, 64));
@ -485,14 +496,11 @@ test_crypto_pk(void)
/* Try with hybrid encryption wrappers. */
crypto_rand(data1, 1024);
for (i = 0; i < 3; ++i) {
for (i = 0; i < 2; ++i) {
for (j = 85; j < 140; ++j) {
memset(data2,0,1024);
memset(data3,0,1024);
if (i == 0 && j < 129)
continue;
p = (i==0)?PK_NO_PADDING:
(i==1)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING;
p = (i==0)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING;
len = crypto_pk_public_hybrid_encrypt(pk1,data2,sizeof(data2),
data1,j,p,0);
test_assert(len>=0);
@ -677,7 +685,6 @@ test_crypto_s2k(void)
static void
test_crypto_aes_iv(void *arg)
{
crypto_cipher_t *cipher;
char *plain, *encrypted1, *encrypted2, *decrypted1, *decrypted2;
char plain_1[1], plain_15[15], plain_16[16], plain_17[17];
char key1[16], key2[16];
@ -701,113 +708,76 @@ test_crypto_aes_iv(void *arg)
crypto_rand(plain_17, 17);
key1[0] = key2[0] + 128; /* Make sure that contents are different. */
/* Encrypt and decrypt with the same key. */
cipher = crypto_create_init_cipher(key1, 1);
encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 4095,
encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 4095,
plain, 4095);
crypto_cipher_free(cipher);
cipher = NULL;
test_eq(encrypted_size, 16 + 4095);
tt_assert(encrypted_size > 0); /* This is obviously true, since 4111 is
* greater than 0, but its truth is not
* obvious to all analysis tools. */
cipher = crypto_create_init_cipher(key1, 0);
decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 4095,
decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 4095,
encrypted1, encrypted_size);
crypto_cipher_free(cipher);
cipher = NULL;
test_eq(decrypted_size, 4095);
tt_assert(decrypted_size > 0);
test_memeq(plain, decrypted1, 4095);
/* Encrypt a second time (with a new random initialization vector). */
cipher = crypto_create_init_cipher(key1, 1);
encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted2, 16 + 4095,
encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted2, 16 + 4095,
plain, 4095);
crypto_cipher_free(cipher);
cipher = NULL;
test_eq(encrypted_size, 16 + 4095);
tt_assert(encrypted_size > 0);
cipher = crypto_create_init_cipher(key1, 0);
decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted2, 4095,
decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted2, 4095,
encrypted2, encrypted_size);
crypto_cipher_free(cipher);
cipher = NULL;
test_eq(decrypted_size, 4095);
tt_assert(decrypted_size > 0);
test_memeq(plain, decrypted2, 4095);
test_memneq(encrypted1, encrypted2, encrypted_size);
/* Decrypt with the wrong key. */
cipher = crypto_create_init_cipher(key2, 0);
decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted2, 4095,
decrypted_size = crypto_cipher_decrypt_with_iv(key2, decrypted2, 4095,
encrypted1, encrypted_size);
crypto_cipher_free(cipher);
cipher = NULL;
test_memneq(plain, decrypted2, encrypted_size);
/* Alter the initialization vector. */
encrypted1[0] += 42;
cipher = crypto_create_init_cipher(key1, 0);
decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 4095,
decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 4095,
encrypted1, encrypted_size);
crypto_cipher_free(cipher);
cipher = NULL;
test_memneq(plain, decrypted2, 4095);
/* Special length case: 1. */
cipher = crypto_create_init_cipher(key1, 1);
encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 1,
encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 1,
plain_1, 1);
crypto_cipher_free(cipher);
cipher = NULL;
test_eq(encrypted_size, 16 + 1);
tt_assert(encrypted_size > 0);
cipher = crypto_create_init_cipher(key1, 0);
decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 1,
decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 1,
encrypted1, encrypted_size);
crypto_cipher_free(cipher);
cipher = NULL;
test_eq(decrypted_size, 1);
tt_assert(decrypted_size > 0);
test_memeq(plain_1, decrypted1, 1);
/* Special length case: 15. */
cipher = crypto_create_init_cipher(key1, 1);
encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 15,
encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 15,
plain_15, 15);
crypto_cipher_free(cipher);
cipher = NULL;
test_eq(encrypted_size, 16 + 15);
tt_assert(encrypted_size > 0);
cipher = crypto_create_init_cipher(key1, 0);
decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 15,
decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 15,
encrypted1, encrypted_size);
crypto_cipher_free(cipher);
cipher = NULL;
test_eq(decrypted_size, 15);
tt_assert(decrypted_size > 0);
test_memeq(plain_15, decrypted1, 15);
/* Special length case: 16. */
cipher = crypto_create_init_cipher(key1, 1);
encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 16,
encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 16,
plain_16, 16);
crypto_cipher_free(cipher);
cipher = NULL;
test_eq(encrypted_size, 16 + 16);
tt_assert(encrypted_size > 0);
cipher = crypto_create_init_cipher(key1, 0);
decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 16,
decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 16,
encrypted1, encrypted_size);
crypto_cipher_free(cipher);
cipher = NULL;
test_eq(decrypted_size, 16);
tt_assert(decrypted_size > 0);
test_memeq(plain_16, decrypted1, 16);
/* Special length case: 17. */
cipher = crypto_create_init_cipher(key1, 1);
encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 17,
encrypted_size = crypto_cipher_encrypt_with_iv(key1, encrypted1, 16 + 17,
plain_17, 17);
crypto_cipher_free(cipher);
cipher = NULL;
test_eq(encrypted_size, 16 + 17);
tt_assert(encrypted_size > 0);
cipher = crypto_create_init_cipher(key1, 0);
decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 17,
decrypted_size = crypto_cipher_decrypt_with_iv(key1, decrypted1, 17,
encrypted1, encrypted_size);
test_eq(decrypted_size, 17);
tt_assert(decrypted_size > 0);
@ -820,8 +790,6 @@ test_crypto_aes_iv(void *arg)
tor_free(encrypted2);
tor_free(decrypted1);
tor_free(decrypted2);
if (cipher)
crypto_cipher_free(cipher);
}
/** Test base32 decoding. */