Make crypto structures private to crypto.c

svn:r437

src/common/crypto.c

@@ -40,6 +40,24 @@
 #define RETURN_SSL_OUTCOME(exp) return !(exp)
 #endif
 
+struct crypto_pk_env_t
+{
+  int type;
+  int refs; /* reference counting; so we don't have to copy keys */
+  unsigned char *key;
+  /* auxiliary data structure(s) used by the underlying crypto library */
+  unsigned char *aux;
+};
+
+struct crypto_cipher_env_t
+{
+  int type;
+  unsigned char *key;
+  unsigned char *iv;
+  /* auxiliary data structure(s) used by the underlying crypto library */
+  unsigned char *aux;
+};
+
 /* static INLINE const EVP_CIPHER *
    crypto_cipher_evp_cipher(int type, int enc);
 */
@@ -102,31 +120,37 @@ int crypto_global_cleanup()
   return 0;
 }
 
-crypto_pk_env_t *crypto_new_pk_env(int type)
+crypto_pk_env_t *_crypto_new_pk_env_rsa(RSA *rsa)
 {
   crypto_pk_env_t *env;
-  
+  assert(rsa);
   env = (crypto_pk_env_t *)tor_malloc(sizeof(crypto_pk_env_t));
-  
+  env->type = CRYPTO_PK_RSA;
-  env->type = type;
   env->refs = 1;
-  env->key = NULL;
+  env->key = (unsigned char*)rsa;
   env->aux = NULL;
-  
+  return env;
+}
+
+RSA *_crypto_pk_env_get_rsa(crypto_pk_env_t *env)
+{
+  if (env->type != CRYPTO_PK_RSA)
+    return NULL;
+  return (RSA*)env->key;
+}
+
+crypto_pk_env_t *crypto_new_pk_env(int type)
+{
+  RSA *rsa;
+
   switch(type) {
     case CRYPTO_PK_RSA:
-      env->key = (unsigned char *)RSA_new();
+      rsa = RSA_new();
-      if (!env->key) {
+      if (!rsa) return NULL;
-        free(env);
+      return _crypto_new_pk_env_rsa(rsa);
-        return NULL;
-      }
-      break;
     default:
-      free(env);
       return NULL;
   }
-
-  return env;
 }
 
 void crypto_free_pk_env(crypto_pk_env_t *env)
@@ -617,6 +641,11 @@ int crypto_cipher_set_key(crypto_cipher_env_t *env, unsigned char *key)
   return 0;
 }
 
+unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env)
+{
+  return env->key;
+}
+
 int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env)
 {
   assert(env);

src/common/crypto.h

@@ -18,23 +18,8 @@
 
 #define CRYPTO_PK_RSA 0
 
-typedef struct 
+typedef struct crypto_pk_env_t crypto_pk_env_t;
-{
+typedef struct crypto_cipher_env_t crypto_cipher_env_t;
-  int type;
-  int refs; /* reference counting; so we don't have to copy keys */
-  unsigned char *key;
-  /* auxiliary data structure(s) used by the underlying crypto library */
-  unsigned char *aux;
-} crypto_pk_env_t;
-
-typedef struct
-{
-  int type;
-  unsigned char *key;
-  unsigned char *iv;
-  /* auxiliary data structure(s) used by the underlying crypto library */
-  unsigned char *aux;
-} crypto_cipher_env_t;
 
 /* global state */
 int crypto_global_init();
@@ -94,6 +79,7 @@ int crypto_cipher_set_iv(crypto_cipher_env_t *env, unsigned char *iv);
 int crypto_cipher_set_key(crypto_cipher_env_t *env, unsigned char *key);
 int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env);
 int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env);
+unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env);
 
 int crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
 int crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);

src/or/connection_or.c

@@ -249,9 +249,9 @@ or_handshake_op_send_keys(connection_t *conn) {
   /* compose the message */
   *(uint16_t *)(message) = htons(HANDSHAKE_AS_OP);
   memcpy((void *)(message+FLAGS_LEN), 
-         (void *)conn->f_crypto->key, 16);
+         (void *)crypto_cipher_get_key(conn->f_crypto), 16);
   memcpy((void *)(message+FLAGS_LEN+KEY_LEN), 
-         (void *)conn->b_crypto->key, 16);
+         (void *)crypto_cipher_get_key(conn->b_crypto), 16);
 
   /* encrypt with RSA */
   if(crypto_pk_public_encrypt(conn->pkey, message, sizeof(message), cipher, RSA_PKCS1_PADDING) < 0) {
@@ -322,9 +322,9 @@ or_handshake_client_send_auth(connection_t *conn) {
   *(uint32_t*)(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN) = htonl(conn->addr); /* remote address */
   *(uint16_t*)(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN+ADDR_LEN) = htons(conn->port); /* remote port */
   memcpy(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN+ADDR_LEN+PORT_LEN,
-         conn->f_crypto->key,16); /* keys */
+         crypto_cipher_get_key(conn->f_crypto),16); /* keys */
   memcpy(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN+ADDR_LEN+PORT_LEN+KEY_LEN,
-         conn->b_crypto->key,16);
+         crypto_cipher_get_key(conn->b_crypto),16);
   log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated first authentication message.");
 
   /* encrypt message */
@@ -406,8 +406,8 @@ or_handshake_client_process_auth(connection_t *conn) {
     log(LOG_ERR,"client_process_auth: Router %s:%u: bad address info.", conn->address,conn->port);
     return -1;
   }
-  if ( (memcmp(conn->f_crypto->key, buf+12, 16)) || /* keys */
+  if ( (memcmp(crypto_cipher_get_key(conn->f_crypto), buf+12, 16)) ||/* keys */
-       (memcmp(conn->b_crypto->key, buf+28, 16)) ) {
+       (memcmp(crypto_cipher_get_key(conn->b_crypto), buf+28, 16)) ) {
     log(LOG_ERR,"client_process_auth: Router %s:%u: bad key info.",conn->address,conn->port);
     return -1;
   }

src/or/test.c

@@ -269,7 +269,7 @@ test_crypto()
     test_neq(env2, 0);
     j = crypto_cipher_generate_key(env1);
     if (str_ciphers[i] != CRYPTO_CIPHER_IDENTITY) {
-      crypto_cipher_set_key(env2, env1->key);
+      crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
     }
     crypto_cipher_set_iv(env1, "12345678901234567890");
     crypto_cipher_set_iv(env2, "12345678901234567890");
@@ -309,7 +309,7 @@ test_crypto()
     env2 = crypto_new_cipher_env(str_ciphers[i]);
     test_neq(env2, 0);
     if (str_ciphers[i] != CRYPTO_CIPHER_IDENTITY) {
-      crypto_cipher_set_key(env2, env1->key);
+      crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
     }
     crypto_cipher_set_iv(env2, "12345678901234567890");
     crypto_cipher_encrypt_init_cipher(env2);