nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

In aes.c, support 192-bit and 256-bit keys.

Browse Source 
Also, change the input types for aes_new_cipher to be unsigned,
as they should have been all along.
This commit is contained in:
Nick Mathewson 2016-09-16 09:51:51 -04:00
parent b08ddb60c9
commit 981d0a24b8
3 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/common/aes.c
View File

@ -89,11 +89,17 @@ ENABLE_GCC_WARNING(redundant-decls)
/* We don't actually define the struct here. */ /* We don't actually define the struct here. */
aes_cnt_cipher_t * aes_cnt_cipher_t *
aes_new_cipher(const char *key, const char *iv) aes_new_cipher(const uint8_t *key, const uint8_t *iv, int key_bits)
{ {
EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX *cipher = EVP_CIPHER_CTX_new();
EVP_EncryptInit(cipher, EVP_aes_128_ctr(), const EVP_CIPHER *c;
(const unsigned char*)key, (const unsigned char *)iv); switch (key_bits) {
case 128: c = EVP_aes_128_ctr(); break;
case 192: c = EVP_aes_192_ctr(); break;
case 256: c = EVP_aes_256_ctr(); break;
default: tor_assert(0); // LCOV_EXCL_LINE
}
EVP_EncryptInit(cipher, c, key, iv);
return (aes_cnt_cipher_t *) cipher; return (aes_cnt_cipher_t *) cipher;
} }
void void
@ -262,11 +268,11 @@ static void aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv);
* using the 128-bit key <b>key</b> and the 128-bit IV <b>iv</b>. * using the 128-bit key <b>key</b> and the 128-bit IV <b>iv</b>.
*/ */
aes_cnt_cipher_t* aes_cnt_cipher_t*
aes_new_cipher(const char *key, const char *iv) aes_new_cipher(const uint8_t *key, const uint8_t *iv, int bits)
{ {
aes_cnt_cipher_t* result = tor_malloc_zero(sizeof(aes_cnt_cipher_t)); aes_cnt_cipher_t* result = tor_malloc_zero(sizeof(aes_cnt_cipher_t));
aes_set_key(result, key, 128); aes_set_key(result, key, bits);
aes_set_iv(result, iv); aes_set_iv(result, iv);
return result; return result;
@ -277,7 +283,7 @@ aes_new_cipher(const char *key, const char *iv)
* the counter to 0. * the counter to 0.
*/ */
static void static void
aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits) aes_set_key(aes_cnt_cipher_t *cipher, const uint8_t *key, int key_bits)
{ {
if (should_use_EVP) { if (should_use_EVP) {
const EVP_CIPHER *c = 0; const EVP_CIPHER *c = 0;
@ -287,10 +293,10 @@ aes_set_key(aes_cnt_cipher_t *cipher, const char *key, int key_bits)
case 256: c = EVP_aes_256_ecb(); break; case 256: c = EVP_aes_256_ecb(); break;
default: tor_assert(0); // LCOV_EXCL_LINE default: tor_assert(0); // LCOV_EXCL_LINE
} }
EVP_EncryptInit(&cipher->key.evp, c, (const unsigned char*)key, NULL); EVP_EncryptInit(&cipher->key.evp, c, key, NULL);
cipher->using_evp = 1; cipher->using_evp = 1;
} else { } else {
AES_set_encrypt_key((const unsigned char *)key, key_bits,&cipher->key.aes); AES_set_encrypt_key(key, key_bits,&cipher->key.aes);
cipher->using_evp = 0; cipher->using_evp = 0;
} }
@ -348,6 +354,8 @@ evp_block128_fn(const uint8_t in[16],
void void
aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len) aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len)
{ {
/* Note that the "128" below refers to the length of the counter,
* not the length of the AES key. */
if (cipher->using_evp) { if (cipher->using_evp) {
/* In openssl 1.0.0, there's an if'd out EVP_aes_128_ctr in evp.h. If /* In openssl 1.0.0, there's an if'd out EVP_aes_128_ctr in evp.h. If
* it weren't disabled, it might be better just to use that. * it weren't disabled, it might be better just to use that.
@ -374,7 +382,7 @@ aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len)
/** Reset the 128-bit counter of <b>cipher</b> to the 16-bit big-endian value /** Reset the 128-bit counter of <b>cipher</b> to the 16-bit big-endian value
* in <b>iv</b>. */ * in <b>iv</b>. */
static void static void
aes_set_iv(aes_cnt_cipher_t *cipher, const char *iv) aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
{ {
#ifdef USING_COUNTER_VARS #ifdef USING_COUNTER_VARS
cipher->counter3 = ntohl(get_uint32(iv)); cipher->counter3 = ntohl(get_uint32(iv));

3
src/common/aes.h
View File

@ -15,7 +15,8 @@
typedef struct aes_cnt_cipher aes_cnt_cipher_t; typedef struct aes_cnt_cipher aes_cnt_cipher_t;
aes_cnt_cipher_t* aes_new_cipher(const char *key, const char *iv); aes_cnt_cipher_t* aes_new_cipher(const uint8_t *key, const uint8_t *iv,
int key_bits);
void aes_cipher_free(aes_cnt_cipher_t *cipher); void aes_cipher_free(aes_cnt_cipher_t *cipher);
void aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len); void aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len);

13
src/common/crypto.c
View File

@ -69,6 +69,7 @@ ENABLE_GCC_WARNING(redundant-decls)
#endif #endif
#include "torlog.h" #include "torlog.h"
#include "torint.h"
#include "aes.h" #include "aes.h"
#include "util.h" #include "util.h"
#include "container.h" #include "container.h"
@ -122,8 +123,8 @@ struct crypto_pk_t
/** Key and stream information for a stream cipher. */ /** Key and stream information for a stream cipher. */
struct crypto_cipher_t struct crypto_cipher_t
{ {
char key[CIPHER_KEY_LEN]; /**< The raw key. */ uint8_t key[CIPHER_KEY_LEN]; /**< The raw key. */
char iv[CIPHER_IV_LEN]; /**< The initial IV. */ uint8_t iv[CIPHER_IV_LEN]; /**< The initial IV. */
aes_cnt_cipher_t *cipher; /**< The key in format usable for counter-mode AES aes_cnt_cipher_t *cipher; /**< The key in format usable for counter-mode AES
* encryption */ * encryption */
}; };
@ -561,15 +562,15 @@ crypto_cipher_new_with_iv(const char *key, const char *iv)
env = tor_malloc_zero(sizeof(crypto_cipher_t)); env = tor_malloc_zero(sizeof(crypto_cipher_t));
if (key == NULL) if (key == NULL)
crypto_rand(env->key, CIPHER_KEY_LEN); crypto_rand((char*)env->key, CIPHER_KEY_LEN);
else else
memcpy(env->key, key, CIPHER_KEY_LEN); memcpy(env->key, key, CIPHER_KEY_LEN);
if (iv == NULL) if (iv == NULL)
crypto_rand(env->iv, CIPHER_IV_LEN); crypto_rand((char*)env->iv, CIPHER_IV_LEN);
else else
memcpy(env->iv, iv, CIPHER_IV_LEN); memcpy(env->iv, iv, CIPHER_IV_LEN);
env->cipher = aes_new_cipher(env->key, env->iv); env->cipher = aes_new_cipher(env->key, env->iv, 128);
return env; return env;
} }
@ -1587,7 +1588,7 @@ crypto_pk_base64_decode(const char *str, size_t len)
const char * const char *
crypto_cipher_get_key(crypto_cipher_t *env) crypto_cipher_get_key(crypto_cipher_t *env)
{ {
return env->key; return (const char *)env->key;
} }
/** Encrypt <b>fromlen</b> bytes from <b>from</b> using the cipher /** Encrypt <b>fromlen</b> bytes from <b>from</b> using the cipher