nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-13 06:33:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move the pk-digest functions into crypto_rsa.[ch].

Browse Source 
We moved the crypto_pk_* digest functions into crypto_rsa.[ch] because they fit
better with the RSA module.

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
This commit is contained in:
Fernando Fernandez Mancera 2018-02-16 11:32:55 +01:00
parent 60b8e088c3
commit f9f0dd5b9a
5 changed files with 127 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
src/common/crypto_digest.c
View File

@ -23,124 +23,6 @@ ENABLE_GCC_WARNING(redundant-decls)
#include "container.h" #include "container.h"
/* public key crypto digest functions */
/** Check a siglen-byte long signature at <b>sig</b> against
* <b>datalen</b> bytes of data at <b>data</b>, using the public key
* in <b>env</b>. Return 0 if <b>sig</b> is a correct signature for
* SHA1(data). Else return -1.
*/
MOCK_IMPL(int,
crypto_pk_public_checksig_digest,(crypto_pk_t *env, const char *data,
size_t datalen, const char *sig,
size_t siglen))
{
char digest[DIGEST_LEN];
char *buf;
size_t buflen;
int r;
tor_assert(env);
tor_assert(data);
tor_assert(sig);
tor_assert(datalen < SIZE_T_CEILING);
tor_assert(siglen < SIZE_T_CEILING);
if (crypto_digest(digest,data,datalen)<0) {
log_warn(LD_BUG, "couldn't compute digest");
return -1;
}
buflen = crypto_pk_keysize(env);
buf = tor_malloc(buflen);
r = crypto_pk_public_checksig(env,buf,buflen,sig,siglen);
if (r != DIGEST_LEN) {
log_warn(LD_CRYPTO, "Invalid signature");
tor_free(buf);
return -1;
}
if (tor_memneq(buf, digest, DIGEST_LEN)) {
log_warn(LD_CRYPTO, "Signature mismatched with digest.");
tor_free(buf);
return -1;
}
tor_free(buf);
return 0;
}
/** Compute a SHA1 digest of <b>fromlen</b> bytes of data stored at
* <b>from</b>; sign the data with the private key in <b>env</b>, and
* store it in <b>to</b>. Return the number of bytes written on
* success, and -1 on failure.
*
* <b>tolen</b> is the number of writable bytes in <b>to</b>, and must be
* at least the length of the modulus of <b>env</b>.
*/
int
crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen)
{
int r;
char digest[DIGEST_LEN];
if (crypto_digest(digest,from,fromlen)<0)
return -1;
r = crypto_pk_private_sign(env,to,tolen,digest,DIGEST_LEN);
memwipe(digest, 0, sizeof(digest));
return r;
}
/** Given a private or public key <b>pk</b>, put a SHA1 hash of the
* public key into <b>digest_out</b> (must have DIGEST_LEN bytes of space).
* Return 0 on success, -1 on failure.
*/
int
crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
{
char *buf;
size_t buflen;
int len;
int rv = -1;
buflen = crypto_pk_keysize(pk)*2;
buf = tor_malloc(buflen);
len = crypto_pk_asn1_encode(pk, buf, buflen);
if (len < 0)
goto done;
if (crypto_digest(digest_out, buf, len) < 0)
goto done;
rv = 0;
done:
tor_free(buf);
return rv;
}
/** Compute all digests of the DER encoding of <b>pk</b>, and store them
* in <b>digests_out</b>. Return 0 on success, -1 on failure. */
int
crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out)
{
char *buf;
size_t buflen;
int len;
int rv = -1;
buflen = crypto_pk_keysize(pk)*2;
buf = tor_malloc(buflen);
len = crypto_pk_asn1_encode(pk, buf, buflen);
if (len < 0)
goto done;
if (crypto_common_digests(digests_out, (char*)buf, len) < 0)
goto done;
rv = 0;
done:
tor_free(buf);
return rv;
}
/* Crypto digest functions */ /* Crypto digest functions */
/** Compute the SHA1 digest of the <b>len</b> bytes on data stored in /** Compute the SHA1 digest of the <b>len</b> bytes on data stored in

13
src/common/crypto_digest.h
View File

@ -14,7 +14,8 @@
#define TOR_CRYPTO_DIGEST_H #define TOR_CRYPTO_DIGEST_H
#include <stdio.h> #include <stdio.h>
#include "crypto_rsa.h"
#include "crypto_curve25519.h"
/** Length of the output of our message digest. */ /** Length of the output of our message digest. */
#define DIGEST_LEN 20 #define DIGEST_LEN 20
@ -69,16 +70,6 @@ typedef struct {
typedef struct crypto_digest_t crypto_digest_t; typedef struct crypto_digest_t crypto_digest_t;
typedef struct crypto_xof_t crypto_xof_t; typedef struct crypto_xof_t crypto_xof_t;
/* public key crypto digest */
MOCK_DECL(int, crypto_pk_public_checksig_digest,(crypto_pk_t *env,
const char *data, size_t datalen,
const char *sig, size_t siglen));
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
int crypto_pk_get_common_digests(crypto_pk_t *pk,
common_digests_t *digests_out);
/* SHA-1 and other digests */ /* SHA-1 and other digests */
int crypto_digest(char *digest, const char *m, size_t len); int crypto_digest(char *digest, const char *m, size_t len);
int crypto_digest256(char *digest, const char *m, size_t len, int crypto_digest256(char *digest, const char *m, size_t len,

116
src/common/crypto_rsa.c
View File

@ -850,6 +850,122 @@ crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out)
return 0; return 0;
} }
/** Check a siglen-byte long signature at <b>sig</b> against
* <b>datalen</b> bytes of data at <b>data</b>, using the public key
* in <b>env</b>. Return 0 if <b>sig</b> is a correct signature for
* SHA1(data). Else return -1.
*/
MOCK_IMPL(int,
crypto_pk_public_checksig_digest,(crypto_pk_t *env, const char *data,
size_t datalen, const char *sig,
size_t siglen))
{
char digest[DIGEST_LEN];
char *buf;
size_t buflen;
int r;
tor_assert(env);
tor_assert(data);
tor_assert(sig);
tor_assert(datalen < SIZE_T_CEILING);
tor_assert(siglen < SIZE_T_CEILING);
if (crypto_digest(digest,data,datalen)<0) {
log_warn(LD_BUG, "couldn't compute digest");
return -1;
}
buflen = crypto_pk_keysize(env);
buf = tor_malloc(buflen);
r = crypto_pk_public_checksig(env,buf,buflen,sig,siglen);
if (r != DIGEST_LEN) {
log_warn(LD_CRYPTO, "Invalid signature");
tor_free(buf);
return -1;
}
if (tor_memneq(buf, digest, DIGEST_LEN)) {
log_warn(LD_CRYPTO, "Signature mismatched with digest.");
tor_free(buf);
return -1;
}
tor_free(buf);
return 0;
}
/** Compute a SHA1 digest of <b>fromlen</b> bytes of data stored at
* <b>from</b>; sign the data with the private key in <b>env</b>, and
* store it in <b>to</b>. Return the number of bytes written on
* success, and -1 on failure.
*
* <b>tolen</b> is the number of writable bytes in <b>to</b>, and must be
* at least the length of the modulus of <b>env</b>.
*/
int
crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen)
{
int r;
char digest[DIGEST_LEN];
if (crypto_digest(digest,from,fromlen)<0)
return -1;
r = crypto_pk_private_sign(env,to,tolen,digest,DIGEST_LEN);
memwipe(digest, 0, sizeof(digest));
return r;
}
/** Given a private or public key <b>pk</b>, put a SHA1 hash of the
* public key into <b>digest_out</b> (must have DIGEST_LEN bytes of space).
* Return 0 on success, -1 on failure.
*/
int
crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
{
char *buf;
size_t buflen;
int len;
int rv = -1;
buflen = crypto_pk_keysize(pk)*2;
buf = tor_malloc(buflen);
len = crypto_pk_asn1_encode(pk, buf, buflen);
if (len < 0)
goto done;
if (crypto_digest(digest_out, buf, len) < 0)
goto done;
rv = 0;
done:
tor_free(buf);
return rv;
}
/** Compute all digests of the DER encoding of <b>pk</b>, and store them
* in <b>digests_out</b>. Return 0 on success, -1 on failure. */
int
crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out)
{
char *buf;
size_t buflen;
int len;
int rv = -1;
buflen = crypto_pk_keysize(pk)*2;
buf = tor_malloc(buflen);
len = crypto_pk_asn1_encode(pk, buf, buflen);
if (len < 0)
goto done;
if (crypto_common_digests(digests_out, (char*)buf, len) < 0)
goto done;
rv = 0;
done:
tor_free(buf);
return rv;
}
/** Given a crypto_pk_t <b>pk</b>, allocate a new buffer containing the /** Given a crypto_pk_t <b>pk</b>, allocate a new buffer containing the
* Base64 encoding of the DER representation of the private key as a NUL * Base64 encoding of the DER representation of the private key as a NUL
* terminated string, and return it via <b>priv_out</b>. Return 0 on * terminated string, and return it via <b>priv_out</b>. Return 0 on

8
src/common/crypto_rsa.h
View File

@ -15,6 +15,7 @@
#include "orconfig.h" #include "orconfig.h"
#include "crypto_digest.h"
#include <stdio.h> #include <stdio.h>
#include "torint.h" #include "torint.h"
#include "testsupport.h" #include "testsupport.h"
@ -84,6 +85,13 @@ crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len);
int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space); int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out); int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);
MOCK_DECL(int, crypto_pk_public_checksig_digest,(crypto_pk_t *env,
const char *data, size_t datalen, const char *sig, size_t siglen));
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
int crypto_pk_get_common_digests(crypto_pk_t *pk,
common_digests_t *digests_out);
int crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out); int crypto_pk_base64_encode(const crypto_pk_t *pk, char **priv_out);
crypto_pk_t *crypto_pk_base64_decode(const char *str, size_t len); crypto_pk_t *crypto_pk_base64_decode(const char *str, size_t len);

2
src/common/tortls.h
View File

@ -11,7 +11,7 @@
* \brief Headers for tortls.c * \brief Headers for tortls.c
**/ **/
#include "crypto_digest.h" #include "crypto_rsa.h"
#include "compat_openssl.h" #include "compat_openssl.h"
#include "compat.h" #include "compat.h"
#include "testsupport.h" #include "testsupport.h"