nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 20:33:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Randomize the global siphash key at startup

Browse Source 
This completes our conversion to using siphash for our hash functions.
This commit is contained in:
Nick Mathewson 2014-02-12 11:46:58 -05:00
parent d3fb846d8c
commit c1e98c8afe
4 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/common/crypto.c
View File

@ -260,8 +260,23 @@ crypto_force_rand_ssleay(void)
return 0; return 0;
} }
/** Initialize the parts of the crypto library that don't depend on /** Set up the siphash key if we haven't already done so. */
* settings or options. Return 0 on success, -1 on failure. int
crypto_init_siphash_key(void)
{
static int have_seeded_siphash = 0;
struct sipkey key;
if (have_seeded_siphash)
return 0;
if (crypto_rand((char*) &key, sizeof(key)) < 0)
return -1;
siphash_set_global_key(&key);
have_seeded_siphash = 1;
return 0;
}
/** Initialize the crypto library. Return 0 on success, -1 on failure.
*/ */
int int
crypto_early_init(void) crypto_early_init(void)
@ -295,6 +310,8 @@ crypto_early_init(void)
if (crypto_seed_rng(1) < 0) if (crypto_seed_rng(1) < 0)
return -1; return -1;
if (crypto_init_siphash_key() < 0)
return -1;
} }
return 0; return 0;
} }
@ -379,7 +396,6 @@ crypto_global_init(int useAccel, const char *accelName, const char *accelDir)
evaluate_evp_for_aes(-1); evaluate_evp_for_aes(-1);
evaluate_ctr_for_aes(); evaluate_ctr_for_aes();
} }
return 0; return 0;
} }

1
src/common/crypto.h
View File

@ -257,6 +257,7 @@ uint64_t crypto_rand_uint64(uint64_t max);
double crypto_rand_double(void); double crypto_rand_double(void);
struct tor_weak_rng_t; struct tor_weak_rng_t;
void crypto_seed_weak_rng(struct tor_weak_rng_t *rng); void crypto_seed_weak_rng(struct tor_weak_rng_t *rng);
int crypto_init_siphash_key(void);
char *crypto_random_hostname(int min_rand_len, int max_rand_len, char *crypto_random_hostname(int min_rand_len, int max_rand_len,
const char *prefix, const char *suffix); const char *prefix, const char *suffix);

5
src/ext/csiphash.c
View File

@ -31,6 +31,9 @@
#include "torint.h" #include "torint.h"
#include "siphash.h" #include "siphash.h"
/* for tor_assert */
#include "util.h"
/* for memcpy */
#include <string.h> #include <string.h>
#if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ #if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
@ -137,11 +140,13 @@ static int the_siphash_key_is_set = 0;
static struct sipkey the_siphash_key; static struct sipkey the_siphash_key;
uint64_t siphash24g(const void *src, unsigned long src_sz) { uint64_t siphash24g(const void *src, unsigned long src_sz) {
tor_assert(the_siphash_key_is_set);
return siphash24(src, src_sz, &the_siphash_key); return siphash24(src, src_sz, &the_siphash_key);
} }
void siphash_set_global_key(const struct sipkey *key) void siphash_set_global_key(const struct sipkey *key)
{ {
tor_assert(! the_siphash_key_is_set);
the_siphash_key.k0 = key->k0; the_siphash_key.k0 = key->k0;
the_siphash_key.k1 = key->k1; the_siphash_key.k1 = key->k1;
the_siphash_key_is_set = 1; the_siphash_key_is_set = 1;

1
src/test/bench.c
View File

@ -544,6 +544,7 @@ main(int argc, const char **argv)
reset_perftime(); reset_perftime();
crypto_seed_rng(1); crypto_seed_rng(1);
crypto_init_siphash_key();
options = options_new(); options = options_new();
init_logging(); init_logging();
options->command = CMD_RUN_UNITTESTS; options->command = CMD_RUN_UNITTESTS;