mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-14 07:03:44 +01:00
Move the pk-digest functions into crypto_rsa.[ch].
We moved the crypto_pk_* digest functions into crypto_rsa.[ch] because they fit better with the RSA module. Follows #24658. Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
This commit is contained in:
parent
60b8e088c3
commit
f9f0dd5b9a
@ -23,124 +23,6 @@ ENABLE_GCC_WARNING(redundant-decls)
|
|||||||
|
|
||||||
#include "container.h"
|
#include "container.h"
|
||||||
|
|
||||||
/* public key crypto digest functions */
|
|
||||||
|
|
||||||
/** Check a siglen-byte long signature at <b>sig</b> against
|
|
||||||
* <b>datalen</b> bytes of data at <b>data</b>, using the public key
|
|
||||||
* in <b>env</b>. Return 0 if <b>sig</b> is a correct signature for
|
|
||||||
* SHA1(data). Else return -1.
|
|
||||||
*/
|
|
||||||
MOCK_IMPL(int,
|
|
||||||
crypto_pk_public_checksig_digest,(crypto_pk_t *env, const char *data,
|
|
||||||
size_t datalen, const char *sig,
|
|
||||||
size_t siglen))
|
|
||||||
{
|
|
||||||
char digest[DIGEST_LEN];
|
|
||||||
char *buf;
|
|
||||||
size_t buflen;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
tor_assert(env);
|
|
||||||
tor_assert(data);
|
|
||||||
tor_assert(sig);
|
|
||||||
tor_assert(datalen < SIZE_T_CEILING);
|
|
||||||
tor_assert(siglen < SIZE_T_CEILING);
|
|
||||||
|
|
||||||
if (crypto_digest(digest,data,datalen)<0) {
|
|
||||||
log_warn(LD_BUG, "couldn't compute digest");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
buflen = crypto_pk_keysize(env);
|
|
||||||
buf = tor_malloc(buflen);
|
|
||||||
r = crypto_pk_public_checksig(env,buf,buflen,sig,siglen);
|
|
||||||
if (r != DIGEST_LEN) {
|
|
||||||
log_warn(LD_CRYPTO, "Invalid signature");
|
|
||||||
tor_free(buf);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (tor_memneq(buf, digest, DIGEST_LEN)) {
|
|
||||||
log_warn(LD_CRYPTO, "Signature mismatched with digest.");
|
|
||||||
tor_free(buf);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
tor_free(buf);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Compute a SHA1 digest of <b>fromlen</b> bytes of data stored at
|
|
||||||
* <b>from</b>; sign the data with the private key in <b>env</b>, and
|
|
||||||
* store it in <b>to</b>. Return the number of bytes written on
|
|
||||||
* success, and -1 on failure.
|
|
||||||
*
|
|
||||||
* <b>tolen</b> is the number of writable bytes in <b>to</b>, and must be
|
|
||||||
* at least the length of the modulus of <b>env</b>.
|
|
||||||
*/
|
|
||||||
int
|
|
||||||
crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
|
|
||||||
const char *from, size_t fromlen)
|
|
||||||
{
|
|
||||||
int r;
|
|
||||||
char digest[DIGEST_LEN];
|
|
||||||
if (crypto_digest(digest,from,fromlen)<0)
|
|
||||||
return -1;
|
|
||||||
r = crypto_pk_private_sign(env,to,tolen,digest,DIGEST_LEN);
|
|
||||||
memwipe(digest, 0, sizeof(digest));
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Given a private or public key <b>pk</b>, put a SHA1 hash of the
|
|
||||||
* public key into <b>digest_out</b> (must have DIGEST_LEN bytes of space).
|
|
||||||
* Return 0 on success, -1 on failure.
|
|
||||||
*/
|
|
||||||
int
|
|
||||||
crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
|
|
||||||
{
|
|
||||||
char *buf;
|
|
||||||
size_t buflen;
|
|
||||||
int len;
|
|
||||||
int rv = -1;
|
|
||||||
|
|
||||||
buflen = crypto_pk_keysize(pk)*2;
|
|
||||||
buf = tor_malloc(buflen);
|
|
||||||
len = crypto_pk_asn1_encode(pk, buf, buflen);
|
|
||||||
if (len < 0)
|
|
||||||
goto done;
|
|
||||||
|
|
||||||
if (crypto_digest(digest_out, buf, len) < 0)
|
|
||||||
goto done;
|
|
||||||
|
|
||||||
rv = 0;
|
|
||||||
done:
|
|
||||||
tor_free(buf);
|
|
||||||
return rv;
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Compute all digests of the DER encoding of <b>pk</b>, and store them
|
|
||||||
* in <b>digests_out</b>. Return 0 on success, -1 on failure. */
|
|
||||||
int
|
|
||||||
crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out)
|
|
||||||
{
|
|
||||||
char *buf;
|
|
||||||
size_t buflen;
|
|
||||||
int len;
|
|
||||||
int rv = -1;
|
|
||||||
|
|
||||||
buflen = crypto_pk_keysize(pk)*2;
|
|
||||||
buf = tor_malloc(buflen);
|
|
||||||
len = crypto_pk_asn1_encode(pk, buf, buflen);
|
|
||||||
if (len < 0)
|
|
||||||
goto done;
|
|
||||||
|
|
||||||
if (crypto_common_digests(digests_out, (char*)buf, len) < 0)
|
|
||||||
goto done;
|
|
||||||
|
|
||||||
rv = 0;
|
|
||||||
done:
|
|
||||||
tor_free(buf);
|
|
||||||
return rv;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Crypto digest functions */
|
/* Crypto digest functions */
|
||||||
|
|
||||||
/** Compute the SHA1 digest of the <b>len</b> bytes on data stored in
|
/** Compute the SHA1 digest of the <b>len</b> bytes on data stored in
|
||||||
|
@ -14,7 +14,8 @@
|
|||||||
#define TOR_CRYPTO_DIGEST_H
|
#define TOR_CRYPTO_DIGEST_H
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include "crypto_rsa.h"
|
|
||||||
|
#include "crypto_curve25519.h"
|
||||||
|
|
||||||
/** Length of the output of our message digest. */
|
/** Length of the output of our message digest. */
|
||||||
#define DIGEST_LEN 20
|
#define DIGEST_LEN 20
|
||||||
@ -69,16 +70,6 @@ typedef struct {
|
|||||||
typedef struct crypto_digest_t crypto_digest_t;
|
typedef struct crypto_digest_t crypto_digest_t;
|
||||||
typedef struct crypto_xof_t crypto_xof_t;
|
typedef struct crypto_xof_t crypto_xof_t;
|
||||||
|
|
||||||
/* public key crypto digest */
|
|
||||||
MOCK_DECL(int, crypto_pk_public_checksig_digest,(crypto_pk_t *env,
|
|
||||||
const char *data, size_t datalen,
|
|
||||||
const char *sig, size_t siglen));
|
|
||||||
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
|
|
||||||
const char *from, size_t fromlen);
|
|
||||||
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
|
|
||||||
int crypto_pk_get_common_digests(crypto_pk_t *pk,
|
|
||||||
common_digests_t *digests_out);
|
|
||||||
|
|
||||||
/* SHA-1 and other digests */
|
/* SHA-1 and other digests */
|
||||||
int crypto_digest(char *digest, const char *m, size_t len);
|
int crypto_digest(char *digest, const char *m, size_t len);
|
||||||
int crypto_digest256(char *digest, const char *m, size_t len,
|
int crypto_digest256(char *digest, const char *m, size_t len,
|
||||||
|
@ -850,6 +850,122 @@ crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Check a siglen-byte long signature at <b>sig</b> against
|
||||||
|
* <b>datalen</b> bytes of data at <b>data</b>, using the public key
|
||||||
|
* in <b>env</b>. Return 0 if <b>sig</b> is a correct signature for
|
||||||
|
* SHA1(data). Else return -1.
|
||||||
|
*/
|
||||||
|
MOCK_IMPL(int,
|
||||||
|
crypto_pk_public_checksig_digest,(crypto_pk_t *env, const char *data,
|
||||||
|
size_t datalen, const char *sig,
|
||||||
|
size_t siglen))
|
||||||
|
{
|
||||||
|
char digest[DIGEST_LEN];
|
||||||
|
char *buf;
|
||||||
|
size_t buflen;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
tor_assert(env);
|
||||||
|
tor_assert(data);
|
||||||
|
tor_assert(sig);
|
||||||
|
tor_assert(datalen < SIZE_T_CEILING);
|
||||||
|
tor_assert(siglen < SIZE_T_CEILING);
|
||||||
|
|
||||||
|
if (crypto_digest(digest,data,datalen)<0) {
|
||||||
|
log_warn(LD_BUG, "couldn't compute digest");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
buflen = crypto_pk_keysize(env);
|
||||||
|
buf = tor_malloc(buflen);
|
||||||
|
r = crypto_pk_public_checksig(env,buf,buflen,sig,siglen);
|
||||||
|
if (r != DIGEST_LEN) {
|
||||||
|
log_warn(LD_CRYPTO, "Invalid signature");
|
||||||
|
tor_free(buf);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (tor_memneq(buf, digest, DIGEST_LEN)) {
|
||||||
|
log_warn(LD_CRYPTO, "Signature mismatched with digest.");
|
||||||
|
tor_free(buf);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
tor_free(buf);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Compute a SHA1 digest of <b>fromlen</b> bytes of data stored at
|
||||||
|
* <b>from</b>; sign the data with the private key in <b>env</b>, and
|
||||||
|
* store it in <b>to</b>. Return the number of bytes written on
|
||||||
|
* success, and -1 on failure.
|
||||||
|
*
|
||||||
|
* <b>tolen</b> is the number of writable bytes in <b>to</b>, and must be
|
||||||
|
* at least the length of the modulus of <b>env</b>.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
|
||||||
|
const char *from, size_t fromlen)
|
||||||
|
{
|
||||||
|
int r;
|
||||||
|
char digest[DIGEST_LEN];
|
||||||
|
if (crypto_digest(digest,from,fromlen)<0)
|
||||||
|
return -1;
|
||||||
|
r = crypto_pk_private_sign(env,to,tolen,digest,DIGEST_LEN);
|
||||||
|
memwipe(digest, 0, sizeof(digest));
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Given a private or public key <b>pk</b>, put a SHA1 hash of the
|
||||||
|
* public key into <b>digest_out</b> (must have DIGEST_LEN bytes of space).
|
||||||
|
* Return 0 on success, -1 on failure.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
|
||||||
|
{
|
||||||
|
char *buf;
|
||||||
|
size_t buflen;
|
||||||
|
int len;
|
||||||
|
int rv = -1;
|
||||||
|
|
||||||
|
buflen = crypto_pk_keysize(pk)*2;
|
||||||
|
buf = tor_malloc(buflen);
|
||||||
|
len = crypto_pk_asn1_encode(pk, buf, buflen);
|
||||||
|
if (len < 0)
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
if (crypto_digest(digest_out, buf, len) < 0)
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
rv = 0;
|
||||||
|
done:
|
||||||
|
tor_free(buf);
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Compute all digests of the DER encoding of <b>pk</b>, and store them
|
||||||
|
* in <b>digests_out</b>. Return 0 on success, -1 on failure. */
|
||||||
|
int
|
||||||
|
crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out)
|
||||||
|
{
|
||||||
|
char *buf;
|
||||||
|
size_t buflen;
|
||||||
|
int len;
|
||||||
|
int rv = -1;
|
||||||
|
|
||||||
|
buflen = crypto_pk_keysize(pk)*2;
|
||||||
|
buf = tor_malloc(buflen);
|
||||||
|
len = crypto_pk_asn1_encode(pk, buf, buflen);
|
||||||
|
if (len < 0)
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
if (crypto_common_digests(digests_out, (char*)buf, len) < 0)
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
rv = 0;
|
||||||
|
done:
|
||||||
|
tor_free(buf);
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
|
||||||
/** Given a crypto_pk_t <b>pk</b>, allocate a new buffer containing the
|
/** Given a crypto_pk_t <b>pk</b>, allocate a new buffer containing the
|
||||||
* Base64 encoding of the DER representation of the private key as a NUL
|
* Base64 encoding of the DER representation of the private key as a NUL
|
||||||
* terminated string, and return it via <b>priv_out</b>. Return 0 on
|
* terminated string, and return it via <b>priv_out</b>. Return 0 on
|
||||||
|
@ -15,6 +15,7 @@
|
|||||||
|
|
||||||
#include "orconfig.h"
|
#include "orconfig.h"
|
||||||
|
|
||||||
|
#include "crypto_digest.h"
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include "torint.h"
|
#include "torint.h"
|
||||||
#include "testsupport.h"
|
#include "testsupport.h"
|
||||||
@ -84,6 +85,13 @@ crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len);
|
|||||||
int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
|
int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
|
||||||
int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);
|
int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);
|
||||||
|
|
||||||
|
MOCK_DECL(int, crypto_pk_public_checksig_digest,(crypto_pk_t *env,
|
||||||
|
const char *data, size_t datalen, const char *sig, size_t siglen));
|
||||||
|
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
|
||||||
|
const char *from, size_t fromlen);
|
||||||
|
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
|
||||||
|
int crypto_pk_get_common_digests(crypto_pk_t *pk,
|
||||||
|
common_digests_t *digests_out);
|
||||||
int crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out);
|
int crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out);
|
||||||
crypto_pk_t *crypto_pk_base64_decode(const char *str, size_t len);
|
crypto_pk_t *crypto_pk_base64_decode(const char *str, size_t len);
|
||||||
|
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
* \brief Headers for tortls.c
|
* \brief Headers for tortls.c
|
||||||
**/
|
**/
|
||||||
|
|
||||||
#include "crypto_digest.h"
|
#include "crypto_rsa.h"
|
||||||
#include "compat_openssl.h"
|
#include "compat_openssl.h"
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "testsupport.h"
|
#include "testsupport.h"
|
||||||
|
Loading…
Reference in New Issue
Block a user