#include <stdio.h>
#include "torint.h"
Go to the source code of this file.
Data Structures | |
| struct | digests_t |
Defines | |
| #define | DIGEST_LEN 20 |
| #define | DIGEST256_LEN 32 |
| #define | CIPHER_KEY_LEN 16 |
| #define | CIPHER_IV_LEN 16 |
| #define | PK_BYTES (1024/8) |
| #define | DH_BYTES (1024/8) |
| #define | BASE64_DIGEST_LEN 27 |
| #define | BASE64_DIGEST256_LEN 43 |
| #define | PK_NO_PADDING 60000 |
| #define | PK_PKCS1_PADDING 60001 |
| #define | PK_PKCS1_OAEP_PADDING 60002 |
| #define | PKCS1_PADDING_OVERHEAD 11 |
| #define | PKCS1_OAEP_PADDING_OVERHEAD 42 |
| #define | FINGERPRINT_LEN 49 |
| #define | HEX_DIGEST_LEN 40 |
| #define | HEX_DIGEST256_LEN 64 |
| #define | N_DIGEST_ALGORITHMS (DIGEST_SHA256+1) |
| #define | crypto_pk_generate_key(env) crypto_pk_generate_key_with_bits((env), (PK_BYTES*8)) |
| #define | BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567" |
| #define | S2K_SPECIFIER_LEN 9 |
Typedefs | |
| typedef struct crypto_pk_env_t | crypto_pk_env_t |
| typedef struct crypto_cipher_env_t | crypto_cipher_env_t |
| typedef struct crypto_digest_env_t | crypto_digest_env_t |
| typedef struct crypto_dh_env_t | crypto_dh_env_t |
Enumerations | |
| enum | digest_algorithm_t { DIGEST_SHA1 = 0, DIGEST_SHA256 = 1 } |
Functions | |
| int | crypto_global_init (int hardwareAccel, const char *accelName, const char *accelPath) |
| void | crypto_thread_cleanup (void) |
| int | crypto_global_cleanup (void) |
| crypto_pk_env_t * | crypto_new_pk_env (void) |
| void | crypto_free_pk_env (crypto_pk_env_t *env) |
| crypto_cipher_env_t * | crypto_create_init_cipher (const char *key, int encrypt_mode) |
| crypto_cipher_env_t * | crypto_new_cipher_env (void) |
| void | crypto_free_cipher_env (crypto_cipher_env_t *env) |
| int | crypto_pk_generate_key_with_bits (crypto_pk_env_t *env, int bits) |
| int | crypto_pk_read_private_key_from_filename (crypto_pk_env_t *env, const char *keyfile) |
| int | crypto_pk_write_public_key_to_string (crypto_pk_env_t *env, char **dest, size_t *len) |
| int | crypto_pk_write_private_key_to_string (crypto_pk_env_t *env, char **dest, size_t *len) |
| int | crypto_pk_read_public_key_from_string (crypto_pk_env_t *env, const char *src, size_t len) |
| int | crypto_pk_read_private_key_from_string (crypto_pk_env_t *env, const char *s) |
| int | crypto_pk_write_private_key_to_filename (crypto_pk_env_t *env, const char *fname) |
| int | crypto_pk_check_key (crypto_pk_env_t *env) |
| int | crypto_pk_cmp_keys (crypto_pk_env_t *a, crypto_pk_env_t *b) |
| size_t | crypto_pk_keysize (crypto_pk_env_t *env) |
| crypto_pk_env_t * | crypto_pk_dup_key (crypto_pk_env_t *orig) |
| crypto_pk_env_t * | crypto_pk_copy_full (crypto_pk_env_t *orig) |
| int | crypto_pk_key_is_private (const crypto_pk_env_t *key) |
| int | crypto_pk_public_encrypt (crypto_pk_env_t *env, char *to, const char *from, size_t fromlen, int padding) |
| int | crypto_pk_private_decrypt (crypto_pk_env_t *env, char *to, const char *from, size_t fromlen, int padding, int warnOnFailure) |
| int | crypto_pk_public_checksig (crypto_pk_env_t *env, char *to, const char *from, size_t fromlen) |
| int | crypto_pk_public_checksig_digest (crypto_pk_env_t *env, const char *data, size_t datalen, const char *sig, size_t siglen) |
| int | crypto_pk_private_sign (crypto_pk_env_t *env, char *to, const char *from, size_t fromlen) |
| int | crypto_pk_private_sign_digest (crypto_pk_env_t *env, char *to, const char *from, size_t fromlen) |
| int | crypto_pk_public_hybrid_encrypt (crypto_pk_env_t *env, char *to, const char *from, size_t fromlen, int padding, int force) |
| int | crypto_pk_private_hybrid_decrypt (crypto_pk_env_t *env, char *to, const char *from, size_t fromlen, int padding, int warnOnFailure) |
| int | crypto_pk_asn1_encode (crypto_pk_env_t *pk, char *dest, size_t dest_len) |
| crypto_pk_env_t * | crypto_pk_asn1_decode (const char *str, size_t len) |
| int | crypto_pk_get_digest (crypto_pk_env_t *pk, char *digest_out) |
| int | crypto_pk_get_fingerprint (crypto_pk_env_t *pk, char *fp_out, int add_space) |
| int | crypto_pk_check_fingerprint_syntax (const char *s) |
| int | crypto_cipher_generate_key (crypto_cipher_env_t *env) |
| void | crypto_cipher_set_key (crypto_cipher_env_t *env, const char *key) |
| void | crypto_cipher_generate_iv (char *iv_out) |
| int | crypto_cipher_set_iv (crypto_cipher_env_t *env, const char *iv) |
| const char * | crypto_cipher_get_key (crypto_cipher_env_t *env) |
| int | crypto_cipher_encrypt_init_cipher (crypto_cipher_env_t *env) |
| int | crypto_cipher_decrypt_init_cipher (crypto_cipher_env_t *env) |
| int | crypto_cipher_encrypt (crypto_cipher_env_t *env, char *to, const char *from, size_t fromlen) |
| int | crypto_cipher_decrypt (crypto_cipher_env_t *env, char *to, const char *from, size_t fromlen) |
| int | crypto_cipher_crypt_inplace (crypto_cipher_env_t *env, char *d, size_t len) |
| int | crypto_cipher_encrypt_with_iv (crypto_cipher_env_t *env, char *to, size_t tolen, const char *from, size_t fromlen) |
| int | crypto_cipher_decrypt_with_iv (crypto_cipher_env_t *env, char *to, size_t tolen, const char *from, size_t fromlen) |
| int | crypto_digest (char *digest, const char *m, size_t len) |
| int | crypto_digest256 (char *digest, const char *m, size_t len, digest_algorithm_t algorithm) |
| int | crypto_digest_all (digests_t *ds_out, const char *m, size_t len) |
| const char * | crypto_digest_algorithm_get_name (digest_algorithm_t alg) |
| int | crypto_digest_algorithm_parse_name (const char *name) |
| crypto_digest_env_t * | crypto_new_digest_env (void) |
| crypto_digest_env_t * | crypto_new_digest256_env (digest_algorithm_t algorithm) |
| void | crypto_free_digest_env (crypto_digest_env_t *digest) |
| void | crypto_digest_add_bytes (crypto_digest_env_t *digest, const char *data, size_t len) |
| void | crypto_digest_get_digest (crypto_digest_env_t *digest, char *out, size_t out_len) |
| crypto_digest_env_t * | crypto_digest_dup (const crypto_digest_env_t *digest) |
| void | crypto_digest_assign (crypto_digest_env_t *into, const crypto_digest_env_t *from) |
| void | crypto_hmac_sha1 (char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len) |
| crypto_dh_env_t * | crypto_dh_new (void) |
| int | crypto_dh_get_bytes (crypto_dh_env_t *dh) |
| int | crypto_dh_generate_public (crypto_dh_env_t *dh) |
| int | crypto_dh_get_public (crypto_dh_env_t *dh, char *pubkey_out, size_t pubkey_out_len) |
| ssize_t | crypto_dh_compute_secret (int severity, crypto_dh_env_t *dh, const char *pubkey, size_t pubkey_len, char *secret_out, size_t secret_out_len) |
| void | crypto_dh_free (crypto_dh_env_t *dh) |
| int | crypto_expand_key_material (const char *key_in, size_t in_len, char *key_out, size_t key_out_len) |
| int | crypto_seed_rng (int startup) |
| int | crypto_rand (char *to, size_t n) |
| int | crypto_rand_int (unsigned int max) |
| uint64_t | crypto_rand_uint64 (uint64_t max) |
| char * | crypto_random_hostname (int min_rand_len, int max_rand_len, const char *prefix, const char *suffix) |
| void * | smartlist_choose (const struct smartlist_t *sl) |
| void | smartlist_shuffle (struct smartlist_t *sl) |
| int | base64_encode (char *dest, size_t destlen, const char *src, size_t srclen) |
| int | base64_decode (char *dest, size_t destlen, const char *src, size_t srclen) |
| void | base32_encode (char *dest, size_t destlen, const char *src, size_t srclen) |
| int | base32_decode (char *dest, size_t destlen, const char *src, size_t srclen) |
| int | digest_to_base64 (char *d64, const char *digest) |
| int | digest_from_base64 (char *digest, const char *d64) |
| int | digest256_to_base64 (char *d64, const char *digest) |
| int | digest256_from_base64 (char *digest, const char *d64) |
| void | secret_to_key (char *key_out, size_t key_out_len, const char *secret, size_t secret_len, const char *s2k_specifier) |
| #define BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567" |
Characters that can appear (case-insensitively) in a base-32 encoding.
Referenced by base32_encode(), rend_parse_v2_service_descriptor(), and rend_valid_service_id().
| #define BASE64_DIGEST256_LEN 43 |
Length of a sha256 message digest when encoded in base64 with trailing = signs removed.
Referenced by digest256_from_base64(), digest256_to_base64(), dir_split_resource_into_fingerprints(), dirvote_format_microdesc_vote_line(), and vote_routerstatus_find_microdesc_hash().
| #define BASE64_DIGEST_LEN 27 |
Length of a sha1 message digest when encoded in base64 with trailing = signs removed.
Referenced by digest_from_base64(), digest_to_base64(), dir_split_resource_into_fingerprints(), rep_hist_get_router_stability_doc(), and routerstatus_format_entry().
| #define CIPHER_IV_LEN 16 |
Length of our symmetric cipher's IV.
Referenced by crypto_cipher_decrypt_with_iv(), crypto_cipher_encrypt_with_iv(), crypto_cipher_generate_iv(), rend_decrypt_introduction_points(), rend_encrypt_v2_intro_points_basic(), and rend_encrypt_v2_intro_points_stealth().
| #define CIPHER_KEY_LEN 16 |
Length of our symmetric cipher's keys.
Referenced by circuit_finish_handshake(), circuit_init_cpath_crypto(), crypto_cipher_decrypt_init_cipher(), crypto_cipher_encrypt_init_cipher(), crypto_cipher_generate_key(), crypto_cipher_set_key(), crypto_pk_private_hybrid_decrypt(), crypto_pk_public_hybrid_encrypt(), rend_decrypt_introduction_points(), rend_encrypt_v2_intro_points_basic(), and rend_mid_introduce().
| #define DH_BYTES (1024/8) |
Length of our DH keys.
| #define DIGEST256_LEN 32 |
Length of the output of our second (improved) message digests. (For now this is just sha256, but any it can be any other 256-byte digest).
Referenced by _compare_digests256(), crypto_digest_get_digest(), digest256_from_base64(), digest256_to_base64(), dir_split_resource_into_fingerprints(), microdesc_cache_lookup_by_digest256(), networkstatus_add_detached_signatures(), networkstatus_check_document_signature(), networkstatus_get_detached_signatures(), networkstatus_parse_detached_signatures(), and tor_digest256_is_zero().
| #define DIGEST_LEN 20 |
Length of the output of our message digest.
Referenced by _compare_digests(), _compare_dir_src_ents_by_authority_id(), _compare_old_routers_by_identity(), _compare_pairs(), _compare_routerinfo_by_id_digest(), _compare_routerinfo_by_ip_and_bw(), _compare_votes_by_authority_id(), accounting_set_wakeup_time(), add_an_entry_guard(), add_fingerprint_to_dir(), add_trusted_dir_server(), already_have_cert(), authority_cert_get_by_digests(), authority_cert_get_by_sk_digest(), authority_cert_parse_from_string(), authority_certs_fetch_missing(), bridge_add_from_config(), circuit_dump_by_conn(), circuit_extend(), circuit_find_to_cannibalize(), circuit_finish_handshake(), circuit_get_all_pending_on_or_conn(), circuit_get_intro_point(), circuit_get_next_by_pk_and_purpose(), circuit_get_open_circ_or_launch(), circuit_init_cpath_crypto(), circuit_is_acceptable(), circuit_list_path_impl(), circuit_n_conn_done(), circuit_send_next_onion_skin(), client_likes_consensus(), command_process_create_cell(), compare_digest_to_routerstatus_entry(), compare_routerstatus_entries(), compare_vote_rs(), connection_ap_can_use_exit(), connection_ap_fail_onehop(), connection_ap_make_link(), connection_dir_client_reached_eof(), connection_or_check_valid_tls_handshake(), connection_or_clear_identity_map(), connection_or_get_for_extend(), connection_or_init_conn_from_address(), connection_or_remove_from_identity_map(), connection_or_set_identity_digest(), connection_tls_finish_handshake(), control_event_guard(), crypto_dh_compute_secret(), crypto_digest_get_digest(), crypto_expand_key_material(), crypto_pk_get_fingerprint(), crypto_pk_private_sign_digest(), crypto_pk_public_checksig_digest(), decode_hashed_passwords(), digest_from_base64(), digest_to_base64(), digestmap_entries_eq(), digestmap_get(), digestmap_remove(), digestmap_set(), dir_networkstatus_download_failed(), dir_routerdesc_download_failed(), dir_signing_key_is_trusted(), dir_split_resource_into_fingerprint_pairs(), dir_split_resource_into_fingerprints(), directory_get_from_hs_dir(), directory_handle_command_get(), directory_initiate_command_rend(), directory_post_to_hs_dir(), dirserv_dump_directory_to_string(), dirserv_generate_networkstatus_vote_obj(), dirserv_get_name_status(), dirserv_get_networkstatus_v2(), dirserv_get_networkstatus_v2_fingerprints(), dirserv_get_routerdesc_fingerprints(), dirserv_load_fingerprint_file(), dirserv_orconn_tls_done(), dirserv_router_get_status(), dirvote_act(), dirvote_add_vote(), dirvote_compute_consensuses(), dirvote_fetch_missing_votes(), dirvote_get_vote(), do_hash_password(), entry_guard_register_connect_status(), entry_guard_set_status(), entry_guards_parse_state(), entry_guards_update_state(), extend_info_alloc(), extrainfo_dump_to_string(), extrainfo_parse_entry_from_string(), fast_client_handshake(), fast_server_handshake(), fetch_bridge_descriptors(), find_bridge_by_digest(), find_intro_circuit(), format_networkstatus_vote(), generate_runningrouters(), generate_v2_networkstatus_opinion(), get_link_history(), get_or_history(), get_secret_id_part_bytes(), getinfo_helper_entry_guards(), getinfo_helper_misc(), handle_control_attachstream(), handle_control_authenticate(), hex_digest_matches(), hexdigest_to_digest(), init_keys(), initiate_descriptor_downloads(), is_an_entry_guard(), list_single_server_status(), list_v3_auth_ids(), lookup_cached_dir_by_fp(), lookup_last_hid_serv_request(), measured_bw_line_parse(), networkstatus_add_detached_signatures(), networkstatus_check_consensus_signature(), networkstatus_check_document_signature(), networkstatus_compute_consensus(), networkstatus_copy_old_consensus_info(), networkstatus_format_signatures(), networkstatus_get_cache_filename(), networkstatus_get_detached_signatures(), networkstatus_get_voter_by_id(), networkstatus_parse_detached_signatures(), networkstatus_parse_vote_from_string(), networkstatus_v2_get_by_digest(), networkstatus_v2_parse_from_string(), notify_control_networkstatus_changed(), onion_skin_client_handshake(), onion_skin_server_handshake(), onionskin_answer(), orconn_target_get_name(), parse_bridge_line(), parse_dir_server_line(), remove_dead_entry_guards(), remove_obsolete_entry_guards(), rend_cache_clean_v2_descs_as_dir(), rend_cache_lookup_v2_desc_as_dir(), rend_cache_store_v2_desc_as_client(), rend_cache_store_v2_desc_as_dir(), rend_client_receive_rendezvous(), rend_client_refetch_v2_renddesc(), rend_client_remove_intro_point(), rend_client_send_introduction(), rend_compute_v2_desc_id(), rend_config_services(), rend_desc_v2_is_parsable(), rend_encode_v2_descriptors(), rend_encode_v2_intro_points(), rend_get_descriptor_id_bytes(), rend_get_service_id(), rend_id_is_in_interval(), rend_mid_establish_intro(), rend_mid_introduce(), rend_mid_rendezvous(), rend_parse_introduction_points(), rend_parse_v2_service_descriptor(), rend_service_get_by_pk_digest(), rend_service_intro_has_opened(), rend_service_introduce(), rend_service_launch_establish_intro(), rend_service_rendezvous_has_opened(), rend_services_introduce(), rep_hist_dump_stats(), rep_hist_load_mtbf_data(), rep_hist_note_router_reachable(), rep_hist_note_router_unreachable(), rep_hist_record_mtbf_data(), router_add_to_routerlist(), router_digest_is_me(), router_digest_is_trusted_dir_type(), router_dump_router_to_string(), router_extrainfo_digest_is_me(), router_fingerprint_is_me(), router_get_by_hexdigest(), router_get_by_nickname(), router_get_consensus_status_by_nickname(), router_get_trusteddirserver_by_digest(), router_get_verbose_nickname(), router_load_extrainfo_from_string(), router_load_routers_from_string(), router_parse_directory(), router_parse_entry_from_string(), router_parse_runningrouters(), router_rebuild_descriptor(), router_reload_v2_networkstatus(), router_set_networkstatus_v2(), router_set_status(), routerinfo_get_configured_bridge(), routerinfo_incompatible_with_extrainfo(), routerlist_remove_old_cached_routers_with_id(), routerlist_remove_old_routers(), routerlist_replace(), routers_update_status_from_consensus_networkstatus(), routerset_parse(), routerstatus_format_entry(), routerstatus_get_verbose_nickname(), routerstatus_has_changed(), routerstatus_list_update_named_server_map(), secret_to_key(), set_routerstatus_from_routerinfo(), signed_desc_digest_is_recognized(), signed_descs_update_status_from_consensus_networkstatus(), smartlist_digest_isin(), tor_digest_is_zero(), tor_version_parse(), trusted_dirs_load_certs_from_string(), trusteddirserver_get_by_v3_auth_digest(), update_consensus_router_descriptor_downloads(), and update_v2_networkstatus_cache_downloads().
| #define FINGERPRINT_LEN 49 |
Length of encoded public key fingerprints, including space; but not including terminating NUL.
Referenced by crypto_pk_check_fingerprint_syntax(), crypto_pk_get_fingerprint(), dirserv_add_own_fingerprint(), do_list_fingerprint(), format_networkstatus_vote(), generate_v2_networkstatus_opinion(), init_keys(), and router_dump_router_to_string().
| #define HEX_DIGEST256_LEN 64 |
Length of hex encoding of SHA256 digest, not including final NUL.
Referenced by dir_split_resource_into_fingerprints(), networkstatus_get_detached_signatures(), and networkstatus_parse_detached_signatures().
| #define HEX_DIGEST_LEN 40 |
Length of hex encoding of SHA1 digest, not including final NUL.
Referenced by circuit_get_open_circ_or_launch(), circuit_list_path_impl(), connection_ap_make_link(), connection_dir_client_reached_eof(), connection_or_check_valid_tls_handshake(), connection_or_init_conn_from_address(), consider_recording_trackhost(), control_event_guard(), crypto_pk_get_fingerprint(), dir_split_resource_into_fingerprint_pairs(), dir_split_resource_into_fingerprints(), dirserv_get_name_status(), dirserv_get_networkstatus_v2(), dirserv_load_fingerprint_file(), dirvote_fetch_missing_votes(), entry_guard_register_connect_status(), entry_guard_set_status(), entry_guards_parse_state(), entry_guards_update_state(), extrainfo_dump_to_string(), extrainfo_parse_entry_from_string(), fetch_bridge_descriptors(), format_networkstatus_vote(), getinfo_helper_misc(), hex_digest_matches(), hexdigest_to_digest(), initiate_descriptor_downloads(), is_legal_hexdigest(), list_single_server_status(), measured_bw_line_parse(), networkstatus_add_detached_signatures(), networkstatus_compute_consensus(), networkstatus_format_signatures(), networkstatus_get_cache_filename(), networkstatus_get_detached_signatures(), networkstatus_parse_detached_signatures(), networkstatus_parse_vote_from_string(), parse_bridge_line(), parse_dir_server_line(), remove_dead_entry_guards(), remove_obsolete_entry_guards(), rend_service_launch_establish_intro(), rep_hist_dump_stats(), rep_hist_load_mtbf_data(), rep_hist_record_mtbf_data(), router_dump_router_to_string(), router_fingerprint_is_me(), router_get_by_hexdigest(), router_get_by_nickname(), router_get_consensus_status_by_nickname(), router_get_verbose_nickname(), router_load_extrainfo_from_string(), router_load_routers_from_string(), router_parse_entry_from_string(), router_rebuild_descriptor(), router_reload_v2_networkstatus(), router_set_networkstatus_v2(), routerset_parse(), routerstatus_format_entry(), routerstatus_get_verbose_nickname(), tor_version_parse(), and update_v2_networkstatus_cache_downloads().
| #define PK_BYTES (1024/8) |
Length of our public keys.
Referenced by token_check_object().
| #define PK_NO_PADDING 60000 |
Constants used to indicate no padding for public-key encryption
Referenced by crypto_get_rsa_padding(), and crypto_pk_public_hybrid_encrypt().
| #define PK_PKCS1_OAEP_PADDING 60002 |
Constants used to indicate OAEP padding for public-key encryption
Referenced by crypto_get_rsa_padding(), onion_skin_create(), onion_skin_server_handshake(), and rend_service_introduce().
| #define PK_PKCS1_PADDING 60001 |
Constants used to indicate PKCS1 padding for public-key encryption
Referenced by crypto_get_rsa_padding().
| #define PKCS1_OAEP_PADDING_OVERHEAD 42 |
Number of bytes added for PKCS1-OAEP padding.
Referenced by rend_mid_introduce().
| #define PKCS1_PADDING_OVERHEAD 11 |
Number of bytes added for PKCS1 padding.
| #define S2K_SPECIFIER_LEN 9 |
Length of RFC2440-style S2K specifier: the first 8 bytes are a salt, the 9th describes how much iteration to do.
Referenced by decode_hashed_passwords(), do_hash_password(), and handle_control_authenticate().
| int base32_decode | ( | char * | dest, | |
| size_t | destlen, | |||
| const char * | src, | |||
| size_t | srclen | |||
| ) |
Implements base32 decoding as in rfc3548. Limitation: Requires that srclen*5 is a multiple of 8. Returns 0 if successful, -1 otherwise.
References LD_BUG, tor_assert, and tor_free.
Referenced by rend_cache_lookup_v2_desc_as_dir(), rend_compute_v2_desc_id(), rend_parse_introduction_points(), and rend_parse_v2_service_descriptor().
| void base32_encode | ( | char * | dest, | |
| size_t | destlen, | |||
| const char * | src, | |||
| size_t | srclen | |||
| ) |
Implements base32 encoding as in rfc3548. Limitation: Requires that srclen*8 is a multiple of 5.
References BASE32_CHARS, and tor_assert.
Referenced by addressmap_get_virtual_address(), crypto_random_hostname(), directory_get_from_hs_dir(), directory_post_to_hs_dir(), lookup_last_hid_serv_request(), rend_cache_clean_v2_descs_as_dir(), rend_cache_store_v2_desc_as_dir(), rend_encode_v2_descriptors(), rend_encode_v2_intro_points(), rend_get_service_id(), rend_mid_establish_intro(), rend_mid_introduce(), rend_service_intro_established(), rend_service_intro_has_opened(), rend_service_introduce(), rend_service_rendezvous_has_opened(), and rend_service_set_connection_addr_port().
| int base64_decode | ( | char * | dest, | |
| size_t | destlen, | |||
| const char * | src, | |||
| size_t | srclen | |||
| ) |
Base-64 decode srclen bytes of data from src. Write the result into dest, if it will fit within destlen bytes. Return the number of bytes written on success; -1 if destlen is too short, or other failure.
NOTE 1: destlen is checked conservatively, as though srclen contained no spaces or padding.
NOTE 2: This implementation does not check for the correct number of padding "=" characters at the end of the string, and does not check for internal padding characters.
References tor_assert.
Referenced by decode_hashed_passwords(), digest256_from_base64(), digest_from_base64(), dir_split_resource_into_fingerprints(), get_next_token(), rend_parse_client_keys(), and rend_parse_service_authorization().
| int base64_encode | ( | char * | dest, | |
| size_t | destlen, | |||
| const char * | src, | |||
| size_t | srclen | |||
| ) |
Base-64 encode srclen bytes of data from src. Write the result into dest, if it will fit within destlen bytes. Return the number of bytes written on success; -1 if destlen is too short, or other failure.
References tor_assert.
Referenced by alloc_http_authenticator(), digest256_to_base64(), digest_to_base64(), directory_get_from_hs_dir(), networkstatus_format_signatures(), rend_encode_v2_descriptors(), rend_service_load_keys(), and router_append_dirobj_signature().
| int crypto_cipher_crypt_inplace | ( | crypto_cipher_env_t * | env, | |
| char * | buf, | |||
| size_t | len | |||
| ) |
Encrypt len bytes on from using the cipher in env; on success, return 0. On failure, return -1.
References aes_crypt_inplace(), and crypto_cipher_env_t::cipher.
Referenced by relay_crypt_one_payload().
| int crypto_cipher_decrypt | ( | crypto_cipher_env_t * | env, | |
| char * | to, | |||
| const char * | from, | |||
| size_t | fromlen | |||
| ) |
Decrypt fromlen bytes from from using the cipher env; on success, store the result to to and return 0. On failure, return -1.
References aes_crypt(), crypto_cipher_env_t::cipher, and tor_assert.
Referenced by crypto_pk_private_hybrid_decrypt(), and rend_decrypt_introduction_points().
| int crypto_cipher_decrypt_init_cipher | ( | crypto_cipher_env_t * | env | ) |
Initialize the cipher in env for decryption. Return 0 on success, -1 on failure.
References aes_set_key(), crypto_cipher_env_t::cipher, CIPHER_KEY_LEN, crypto_cipher_env_t::key, and tor_assert.
Referenced by crypto_create_init_cipher().
| int crypto_cipher_decrypt_with_iv | ( | crypto_cipher_env_t * | cipher, | |
| char * | to, | |||
| size_t | tolen, | |||
| const char * | from, | |||
| size_t | fromlen | |||
| ) |
Decrypt fromlen bytes (at least 1+CIPHER_IV_LEN) from from with the key in cipher to the buffer in to of length tolen. tolen must be at least fromlen minus CIPHER_IV_LEN bytes for the initialization vector. On success, return the number of bytes written, on failure, return -1.
This function adjusts the current position of the counter in cipher to immediately after the decrypted data.
References CIPHER_IV_LEN, crypto_cipher_encrypt(), crypto_cipher_set_iv(), and tor_assert.
Referenced by rend_decrypt_introduction_points().
| int crypto_cipher_encrypt | ( | crypto_cipher_env_t * | env, | |
| char * | to, | |||
| const char * | from, | |||
| size_t | fromlen | |||
| ) |
Encrypt fromlen bytes from from using the cipher env; on success, store the result to to and return 0. On failure, return -1.
References aes_crypt(), crypto_cipher_env_t::cipher, and tor_assert.
Referenced by crypto_cipher_decrypt_with_iv(), crypto_cipher_encrypt_with_iv(), crypto_pk_public_hybrid_encrypt(), and rend_encrypt_v2_intro_points_basic().
| int crypto_cipher_encrypt_init_cipher | ( | crypto_cipher_env_t * | env | ) |
Initialize the cipher in env for encryption. Return 0 on success, -1 on failure.
References aes_set_key(), crypto_cipher_env_t::cipher, CIPHER_KEY_LEN, crypto_cipher_env_t::key, and tor_assert.
Referenced by crypto_create_init_cipher(), and crypto_pk_public_hybrid_encrypt().
| int crypto_cipher_encrypt_with_iv | ( | crypto_cipher_env_t * | cipher, | |
| char * | to, | |||
| size_t | tolen, | |||
| const char * | from, | |||
| size_t | fromlen | |||
| ) |
Encrypt fromlen bytes (at least 1) from from with the key in cipher to the buffer in to of length tolen. tolen must be at least fromlen plus CIPHER_IV_LEN bytes for the initialization vector. On success, return the number of bytes written, on failure, return -1.
This function adjusts the current position of the counter in cipher to immediately after the encrypted data.
References CIPHER_IV_LEN, crypto_cipher_encrypt(), crypto_cipher_generate_iv(), crypto_cipher_set_iv(), and tor_assert.
Referenced by rend_encrypt_v2_intro_points_basic(), and rend_encrypt_v2_intro_points_stealth().
| void crypto_cipher_generate_iv | ( | char * | iv_out | ) |
Generate an initialization vector for our AES-CTR cipher; store it in the first CIPHER_IV_LEN bytes of iv_out.
References CIPHER_IV_LEN, and crypto_rand().
Referenced by crypto_cipher_encrypt_with_iv().
| int crypto_cipher_generate_key | ( | crypto_cipher_env_t * | env | ) |
Generate a new random key for the symmetric cipher in env. Return 0 on success, -1 on failure. Does not initialize the cipher.
References CIPHER_KEY_LEN, crypto_rand(), crypto_cipher_env_t::key, and tor_assert.
Referenced by crypto_pk_public_hybrid_encrypt().
| const char* crypto_cipher_get_key | ( | crypto_cipher_env_t * | env | ) |
Return a pointer to the key set for the cipher in env.
References crypto_cipher_env_t::key.
| int crypto_cipher_set_iv | ( | crypto_cipher_env_t * | env, | |
| const char * | iv | |||
| ) |
Adjust the counter of env to point to the first byte of the block corresponding to the encryption of the CIPHER_IV_LEN bytes at iv.
References aes_set_iv(), crypto_cipher_env_t::cipher, and tor_assert.
Referenced by crypto_cipher_decrypt_with_iv(), and crypto_cipher_encrypt_with_iv().
| void crypto_cipher_set_key | ( | crypto_cipher_env_t * | env, | |
| const char * | key | |||
| ) |
Set the symmetric key for the cipher in env to the first CIPHER_KEY_LEN bytes of key. Does not initialize the cipher.
References CIPHER_KEY_LEN, crypto_cipher_env_t::key, and tor_assert.
Referenced by crypto_create_init_cipher().
| crypto_cipher_env_t* crypto_create_init_cipher | ( | const char * | key, | |
| int | encrypt_mode | |||
| ) |
Create a new symmetric cipher for a given key and encryption flag (1=encrypt, 0=decrypt). Return the crypto object on success; NULL on failure.
References crypto_cipher_decrypt_init_cipher(), crypto_cipher_encrypt_init_cipher(), crypto_cipher_set_key(), crypto_free_cipher_env(), crypto_new_cipher_env(), and LD_CRYPTO.
Referenced by circuit_init_cpath_crypto(), crypto_pk_private_hybrid_decrypt(), rend_decrypt_introduction_points(), rend_encrypt_v2_intro_points_basic(), and rend_encrypt_v2_intro_points_stealth().
| ssize_t crypto_dh_compute_secret | ( | int | severity, | |
| crypto_dh_env_t * | dh, | |||
| const char * | pubkey, | |||
| size_t | pubkey_len, | |||
| char * | secret_out, | |||
| size_t | secret_bytes_out | |||
| ) |
Given a DH key exchange object, and our peer's value of g^y (as a pubkey_len-byte value in pubkey) generate secret_bytes_out bytes of shared key material and write them to secret_out. Return the number of bytes generated on success, or -1 on failure.
(We generate key material by computing SHA1( g^xy || "\x00" ) || SHA1( g^xy || "\x01" ) || ... where || is concatenation.)
References crypto_dh_get_bytes(), crypto_expand_key_material(), crypto_log_errors(), crypto_dh_env_t::dh, DIGEST_LEN, LD_CRYPTO, tor_assert, tor_check_dh_key(), and tor_free.
Referenced by onion_skin_client_handshake(), onion_skin_server_handshake(), rend_client_receive_rendezvous(), and rend_service_introduce().
| void crypto_dh_free | ( | crypto_dh_env_t * | dh | ) |
Free a DH key exchange object.
References crypto_dh_env_t::dh, tor_assert, and tor_free.
Referenced by circuit_finish_handshake(), circuit_free_cpath_node(), onion_skin_create(), onion_skin_server_handshake(), rend_client_receive_rendezvous(), rend_service_introduce(), rend_service_rendezvous_has_opened(), and tor_tls_context_new().
| int crypto_dh_generate_public | ( | crypto_dh_env_t * | dh | ) |
Generate <x,g^x> for our part of the key exchange. Return 0 on success, -1 on failure.
References crypto_log_errors(), crypto_dh_env_t::dh, LD_CRYPTO, and tor_check_dh_key().
Referenced by crypto_dh_get_public(), and rend_service_introduce().
| int crypto_dh_get_bytes | ( | crypto_dh_env_t * | dh | ) |
Return the length of the DH key in dh, in bytes.
References crypto_dh_env_t::dh, and tor_assert.
Referenced by crypto_dh_compute_secret(), onion_skin_client_handshake(), and onion_skin_create().
| int crypto_dh_get_public | ( | crypto_dh_env_t * | dh, | |
| char * | pubkey, | |||
| size_t | pubkey_len | |||
| ) |
Generate g^x as necessary, and write the g^x for the key exchange as a pubkey_len-byte value into pubkey. Return 0 on success, -1 on failure. pubkey_len must be >= DH_BYTES.
References crypto_dh_generate_public(), crypto_dh_env_t::dh, LD_CRYPTO, and tor_assert.
Referenced by onion_skin_create(), onion_skin_server_handshake(), and rend_service_rendezvous_has_opened().
| crypto_dh_env_t* crypto_dh_new | ( | void | ) |
Allocate and return a new DH object for a key exchange.
References crypto_log_errors(), crypto_dh_env_t::dh, init_dh_param(), and tor_free.
Referenced by onion_skin_create(), onion_skin_server_handshake(), rend_service_introduce(), and tor_tls_context_new().
| int crypto_digest | ( | char * | digest, | |
| const char * | m, | |||
| size_t | len | |||
| ) |
Compute the SHA1 digest of len bytes in data stored in m. Write the DIGEST_LEN byte result into digest. Return 0 on success, -1 on failure.
References tor_assert.
Referenced by crypto_digest_all(), crypto_expand_key_material(), crypto_pk_get_digest(), crypto_pk_private_sign_digest(), crypto_pk_public_checksig_digest(), rend_encode_v2_descriptors(), rend_mid_establish_intro(), rend_service_intro_has_opened(), and router_get_hash_impl().
| void crypto_digest_add_bytes | ( | crypto_digest_env_t * | digest, | |
| const char * | data, | |||
| size_t | len | |||
| ) |
Add len bytes from data to the digest object.
References crypto_digest_env_t::algorithm, crypto_digest_env_t::d, crypto_digest_env_t::sha1, crypto_digest_env_t::sha2, tor_assert, and tor_fragile_assert.
Referenced by accounting_set_wakeup_time(), circuit_init_cpath_crypto(), get_secret_id_part_bytes(), hash_list_members(), relay_digest_matches(), relay_set_digest(), rend_decrypt_introduction_points(), rend_encrypt_v2_intro_points_basic(), rend_get_descriptor_id_bytes(), rend_service_introduce(), and secret_to_key().
| const char* crypto_digest_algorithm_get_name | ( | digest_algorithm_t | alg | ) |
Return the name of an algorithm, as used in directory documents.
References tor_fragile_assert.
Referenced by networkstatus_add_detached_signatures(), networkstatus_format_signatures(), networkstatus_get_detached_signatures(), and vote_routerstatus_find_microdesc_hash().
| int crypto_digest_algorithm_parse_name | ( | const char * | name | ) |
Given the name of a digest algorithm, return its integer value, or -1 if the name is not recognized.
Referenced by networkstatus_parse_detached_signatures(), and networkstatus_parse_vote_from_string().
| int crypto_digest_all | ( | digests_t * | ds_out, | |
| const char * | m, | |||
| size_t | len | |||
| ) |
Set the digests_t in ds_out to contain every digest on the len bytes in m that we know how to compute. Return 0 on success, -1 on failure.
References crypto_digest(), digests_t::d, and tor_assert.
Referenced by router_get_hashes_impl().
| void crypto_digest_assign | ( | crypto_digest_env_t * | into, | |
| const crypto_digest_env_t * | from | |||
| ) |
Replace the state of the digest object into with the state of the digest object from.
References tor_assert.
Referenced by relay_digest_matches().
| crypto_digest_env_t* crypto_digest_dup | ( | const crypto_digest_env_t * | digest | ) |
Allocate and return a new digest object with the same state as digest
References tor_assert.
Referenced by relay_digest_matches().
| void crypto_digest_get_digest | ( | crypto_digest_env_t * | digest, | |
| char * | out, | |||
| size_t | out_len | |||
| ) |
Compute the hash of the data that has been passed to the digest object; write the first out_len bytes of the result to out. out_len must be <= DIGEST256_LEN.
References crypto_digest_env_t::algorithm, crypto_digest_env_t::d, DIGEST256_LEN, DIGEST_LEN, crypto_digest_env_t::sha1, crypto_digest_env_t::sha2, tor_assert, and tor_fragile_assert.
Referenced by accounting_set_wakeup_time(), get_secret_id_part_bytes(), hash_list_members(), relay_digest_matches(), relay_set_digest(), rend_decrypt_introduction_points(), rend_encrypt_v2_intro_points_basic(), rend_get_descriptor_id_bytes(), rend_service_introduce(), and secret_to_key().
| int crypto_expand_key_material | ( | const char * | key_in, | |
| size_t | key_in_len, | |||
| char * | key_out, | |||
| size_t | key_out_len | |||
| ) |
Given key_in_len bytes of negotiated randomness in key_in ("K"), expand it into key_out_len bytes of negotiated key material in key_out by taking the first key_out_len bytes of H(K | [00]) | H(K | [01]) | ....
Return 0 on success, -1 on failure.
References crypto_digest(), DIGEST_LEN, tor_assert, and tor_free.
Referenced by crypto_dh_compute_secret(), fast_client_handshake(), and fast_server_handshake().
| void crypto_free_cipher_env | ( | crypto_cipher_env_t * | env | ) |
Free a symmetric cipher.
References aes_free_cipher(), crypto_cipher_env_t::cipher, tor_assert, and tor_free.
Referenced by circuit_free(), circuit_free_cpath_node(), crypto_create_init_cipher(), crypto_pk_private_hybrid_decrypt(), crypto_pk_public_hybrid_encrypt(), rend_decrypt_introduction_points(), rend_encrypt_v2_intro_points_basic(), and rend_encrypt_v2_intro_points_stealth().
| void crypto_free_digest_env | ( | crypto_digest_env_t * | digest | ) |
Deallocate a digest object.
References tor_free.
Referenced by accounting_set_wakeup_time(), circuit_free(), circuit_free_cpath_node(), get_secret_id_part_bytes(), hash_list_members(), relay_digest_matches(), rend_decrypt_introduction_points(), rend_encrypt_v2_intro_points_basic(), rend_get_descriptor_id_bytes(), rend_service_introduce(), and secret_to_key().
| void crypto_free_pk_env | ( | crypto_pk_env_t * | env | ) |
Release a reference to an asymmetric key; when all the references are released, free the key.
References crypto_pk_env_t::key, crypto_pk_env_t::refs, and tor_free.
Referenced by authority_cert_free(), circuit_free(), connection_or_check_valid_tls_handshake(), cpuworker_main(), extend_info_free(), init_key_from_file(), init_keys(), load_authority_keyset(), microdesc_free(), networkstatus_v2_free(), rend_authorized_client_free(), rend_intro_point_free(), rend_mid_establish_intro(), rend_service_descriptor_free(), rend_service_free(), rend_service_load_keys(), rotate_onion_key(), router_free_all(), router_parse_directory(), router_parse_runningrouters(), routerinfo_free(), set_identity_key(), set_onion_key(), token_clear(), tor_tls_context_decref(), and tor_tls_context_new().
| int crypto_global_cleanup | ( | void | ) |
Uninitialize the crypto library. Return 0 on success, -1 on failure.
References _n_openssl_mutexes, tor_free, and tor_mutex_free().
Referenced by tor_cleanup().
| int crypto_global_init | ( | int | useAccel, | |
| const char * | accelName, | |||
| const char * | accelDir | |||
| ) |
Initialize the crypto library. Return 0 on success, -1 on failure.
References _crypto_global_initialized, crypto_seed_rng(), LD_CRYPTO, log_engine(), setup_openssl_threading(), and try_load_engine().
Referenced by init_keys(), and tor_init().
| void crypto_hmac_sha1 | ( | char * | hmac_out, | |
| const char * | key, | |||
| size_t | key_len, | |||
| const char * | msg, | |||
| size_t | msg_len | |||
| ) |
Compute the HMAC-SHA-1 of the msg_len bytes in msg, using the key of length key_len. Store the DIGEST_LEN-byte result in hmac_out.
References tor_assert.
| crypto_cipher_env_t* crypto_new_cipher_env | ( | void | ) |
Allocate and return a new symmetric cipher.
References aes_new_cipher(), and crypto_cipher_env_t::cipher.
Referenced by crypto_create_init_cipher(), and crypto_pk_public_hybrid_encrypt().
| crypto_digest_env_t* crypto_new_digest_env | ( | void | ) |
Allocate and return a new digest object.
References crypto_digest_env_t::algorithm, crypto_digest_env_t::d, and crypto_digest_env_t::sha1.
Referenced by accounting_set_wakeup_time(), circuit_init_cpath_crypto(), get_secret_id_part_bytes(), hash_list_members(), rend_decrypt_introduction_points(), rend_encrypt_v2_intro_points_basic(), rend_get_descriptor_id_bytes(), rend_service_introduce(), and secret_to_key().
| crypto_pk_env_t* crypto_new_pk_env | ( | void | ) |
Allocate and return storage for a public key. The key itself will not yet be set.
References _crypto_new_pk_env_rsa().
Referenced by get_next_token(), init_key_from_file(), init_keys(), rend_service_load_keys(), rotate_onion_key(), and tor_tls_context_new().
| crypto_pk_env_t* crypto_pk_asn1_decode | ( | const char * | str, | |
| size_t | len | |||
| ) |
Decode an ASN.1-encoded public key from str; return the result on success and NULL on failure.
References _crypto_new_pk_env_rsa(), crypto_log_errors(), and tor_free.
Referenced by rend_mid_establish_intro(), rend_parse_service_descriptor(), and rend_service_introduce().
| int crypto_pk_asn1_encode | ( | crypto_pk_env_t * | pk, | |
| char * | dest, | |||
| size_t | dest_len | |||
| ) |
ASN.1-encode the public portion of pk into dest. Return -1 on error, or the number of characters used on success.
References crypto_log_errors(), crypto_pk_env_t::key, and tor_free.
Referenced by rend_service_intro_has_opened().
| int crypto_pk_check_fingerprint_syntax | ( | const char * | s | ) |
Return true iff s is in the correct format for a fingerprint.
References FINGERPRINT_LEN.
| int crypto_pk_check_key | ( | crypto_pk_env_t * | env | ) |
Return true iff env has a valid key.
References crypto_log_errors(), crypto_pk_env_t::key, and tor_assert.
Referenced by crypto_pk_read_private_key_from_filename(), init_key_from_file(), and rend_service_load_keys().
| int crypto_pk_cmp_keys | ( | crypto_pk_env_t * | a, | |
| crypto_pk_env_t * | b | |||
| ) |
Compare the public-key components of a and b. Return -1 if a<b, 0 if a==b, and 1 if a>b.
References crypto_pk_env_t::key, PUBLIC_KEY_OK, and tor_assert.
Referenced by connection_or_check_valid_tls_handshake(), load_authority_keyset(), router_differences_are_cosmetic(), and router_dump_router_to_string().
| crypto_pk_env_t* crypto_pk_copy_full | ( | crypto_pk_env_t * | env | ) |
Make a real honest-to-goodness copy of env, and return it.
References _crypto_new_pk_env_rsa(), crypto_pk_env_t::key, PRIVATE_KEY_OK, and tor_assert.
Referenced by dup_onion_keys().
| crypto_pk_env_t* crypto_pk_dup_key | ( | crypto_pk_env_t * | env | ) |
Increase the reference count of env, and return it.
References crypto_pk_env_t::key, crypto_pk_env_t::refs, and tor_assert.
Referenced by authority_cert_dup(), extend_info_alloc(), extend_info_dup(), rend_service_launch_establish_intro(), rend_service_load_keys(), rend_service_update_descriptor(), router_rebuild_descriptor(), and tor_tls_context_new().
| int crypto_pk_generate_key_with_bits | ( | crypto_pk_env_t * | env, | |
| int | bits | |||
| ) |
Generate a bits-bit new public/private keypair in env. Return 0 on success, -1 on failure.
References crypto_log_errors(), crypto_pk_env_t::key, and tor_assert.
| int crypto_pk_get_digest | ( | crypto_pk_env_t * | pk, | |
| char * | digest_out | |||
| ) |
Given a private or public key pk, put a SHA1 hash of the public key into digest_out (must have DIGEST_LEN bytes of space). Return 0 on success, -1 on failure.
References crypto_digest(), crypto_log_errors(), crypto_pk_env_t::key, and tor_free.
Referenced by accounting_set_wakeup_time(), authority_cert_parse_from_string(), connection_or_check_valid_tls_handshake(), crypto_pk_get_fingerprint(), dir_signing_key_is_trusted(), dirserv_generate_networkstatus_vote_obj(), dirserv_router_get_status(), dirvote_compute_consensuses(), init_keys(), networkstatus_check_document_signature(), networkstatus_v2_parse_from_string(), rend_encode_v2_descriptors(), rend_get_service_id(), rend_mid_establish_intro(), rend_parse_v2_service_descriptor(), rend_service_introduce(), rend_service_load_keys(), router_parse_entry_from_string(), router_rebuild_descriptor(), and set_identity_key().
| int crypto_pk_get_fingerprint | ( | crypto_pk_env_t * | pk, | |
| char * | fp_out, | |||
| int | add_space | |||
| ) |
Given a private or public key pk, put a fingerprint of the public key into fp_out (must have at least FINGERPRINT_LEN+1 bytes of space). Return 0 on success, -1 on failure.
Fingerprints are computed as the SHA1 digest of the ASN.1 encoding of the public key, converted to hexadecimal, in upper case, with a space after every four digits.
If add_space is false, omit the spaces.
References add_spaces_to_fp(), base16_encode(), crypto_pk_get_digest(), DIGEST_LEN, FINGERPRINT_LEN, and HEX_DIGEST_LEN.
Referenced by dirserv_add_own_fingerprint(), do_list_fingerprint(), format_networkstatus_vote(), generate_v2_networkstatus_opinion(), init_keys(), and router_dump_router_to_string().
| int crypto_pk_key_is_private | ( | const crypto_pk_env_t * | key | ) |
Return true iff key contains the private-key portion of the RSA key.
References PRIVATE_KEY_OK, and tor_assert.
Referenced by token_check_object().
| size_t crypto_pk_keysize | ( | crypto_pk_env_t * | env | ) |
Return the size of the public key modulus in env, in bytes.
References crypto_pk_env_t::key, and tor_assert.
Referenced by crypto_pk_private_hybrid_decrypt(), crypto_pk_public_checksig_digest(), crypto_pk_public_hybrid_encrypt(), networkstatus_check_document_signature(), onion_skin_create(), rend_parse_service_descriptor(), rend_service_introduce(), router_append_dirobj_signature(), and token_check_object().
| int crypto_pk_private_decrypt | ( | crypto_pk_env_t * | env, | |
| char * | to, | |||
| const char * | from, | |||
| size_t | fromlen, | |||
| int | padding, | |||
| int | warnOnFailure | |||
| ) |
Decrypt fromlen bytes from from with the private key in env, using the padding method padding. On success, write the result to to, and return the number of bytes written. On failure, return -1.
References crypto_get_rsa_padding(), crypto_log_errors(), crypto_pk_env_t::key, and tor_assert.
Referenced by crypto_pk_private_hybrid_decrypt().
| int crypto_pk_private_hybrid_decrypt | ( | crypto_pk_env_t * | env, | |
| char * | to, | |||
| const char * | from, | |||
| size_t | fromlen, | |||
| int | padding, | |||
| int | warnOnFailure | |||
| ) |
Invert crypto_pk_public_hybrid_encrypt.
References CIPHER_KEY_LEN, crypto_cipher_decrypt(), crypto_create_init_cipher(), crypto_free_cipher_env(), crypto_pk_keysize(), crypto_pk_private_decrypt(), LD_CRYPTO, tor_assert, and tor_free.
Referenced by onion_skin_server_handshake(), and rend_service_introduce().
| int crypto_pk_private_sign | ( | crypto_pk_env_t * | env, | |
| char * | to, | |||
| const char * | from, | |||
| size_t | fromlen | |||
| ) |
Sign fromlen bytes of data from from with the private key in env, using PKCS1 padding. On success, write the signature to to, and return the number of bytes written. On failure, return -1.
References crypto_log_errors(), crypto_pk_env_t::key, and tor_assert.
Referenced by crypto_pk_private_sign_digest(), and router_append_dirobj_signature().
| int crypto_pk_private_sign_digest | ( | crypto_pk_env_t * | env, | |
| char * | to, | |||
| const char * | from, | |||
| size_t | fromlen | |||
| ) |
Compute a SHA1 digest of fromlen bytes of data stored at from; sign the data with the private key in env, and store it in to. Return the number of bytes written on success, and -1 on failure.
References crypto_digest(), crypto_pk_private_sign(), and DIGEST_LEN.
Referenced by rend_service_intro_has_opened().
| int crypto_pk_public_checksig | ( | crypto_pk_env_t * | env, | |
| char * | to, | |||
| const char * | from, | |||
| size_t | fromlen | |||
| ) |
Check the signature in from (fromlen bytes long) with the public key in env, using PKCS1 padding. On success, write the signed data to to, and return the number of bytes written. On failure, return -1.
References crypto_log_errors(), crypto_pk_env_t::key, and tor_assert.
Referenced by check_signature_token(), crypto_pk_public_checksig_digest(), networkstatus_check_document_signature(), and routerinfo_incompatible_with_extrainfo().
| int crypto_pk_public_checksig_digest | ( | crypto_pk_env_t * | env, | |
| const char * | data, | |||
| size_t | datalen, | |||
| const char * | sig, | |||
| size_t | siglen | |||
| ) |
Check a siglen-byte long signature at sig against datalen bytes of data at data, using the public key in env. Return 0 if sig is a correct signature for SHA1(data). Else return -1.
References crypto_digest(), crypto_pk_keysize(), crypto_pk_public_checksig(), DIGEST_LEN, LD_BUG, LD_CRYPTO, tor_assert, and tor_free.
Referenced by rend_mid_establish_intro(), and rend_parse_service_descriptor().
| int crypto_pk_public_encrypt | ( | crypto_pk_env_t * | env, | |
| char * | to, | |||
| const char * | from, | |||
| size_t | fromlen, | |||
| int | padding | |||
| ) |
Encrypt fromlen bytes from from with the public key in env, using the padding method padding. On success, write the result to to, and return the number of bytes written. On failure, return -1.
References crypto_get_rsa_padding(), crypto_log_errors(), crypto_pk_env_t::key, and tor_assert.
Referenced by crypto_pk_public_hybrid_encrypt().
| int crypto_pk_public_hybrid_encrypt | ( | crypto_pk_env_t * | env, | |
| char * | to, | |||
| const char * | from, | |||
| size_t | fromlen, | |||
| int | padding, | |||
| int | force | |||
| ) |
Perform a hybrid (public/secret) encryption on fromlen bytes of data from from, with padding type 'padding', storing the results on to.
If no padding is used, the public key must be at least as large as from.
Returns the number of bytes written on success, -1 on failure.
The encrypted data consists of:
References CIPHER_KEY_LEN, crypto_cipher_encrypt(), crypto_cipher_encrypt_init_cipher(), crypto_cipher_generate_key(), crypto_free_cipher_env(), crypto_get_rsa_padding(), crypto_get_rsa_padding_overhead(), crypto_new_cipher_env(), crypto_pk_keysize(), crypto_pk_public_encrypt(), crypto_cipher_env_t::key, PK_NO_PADDING, tor_assert, and tor_free.
Referenced by onion_skin_create().
| int crypto_pk_read_private_key_from_filename | ( | crypto_pk_env_t * | env, | |
| const char * | keyfile | |||
| ) |
Read a PEM-encoded private key from the file named by keyfile into env. Return 0 on success, -1 on failure.
References crypto_pk_check_key(), crypto_pk_read_private_key_from_string(), LD_CRYPTO, read_file_to_str(), and tor_free.
Referenced by init_key_from_file().
| int crypto_pk_read_private_key_from_string | ( | crypto_pk_env_t * | env, | |
| const char * | s | |||
| ) |
Read a PEM-encoded private key from the string s into env. Return 0 on success, -1 on failure.
References crypto_log_errors(), crypto_pk_env_t::key, and tor_assert.
Referenced by crypto_pk_read_private_key_from_filename(), and get_next_token().
| int crypto_pk_read_public_key_from_string | ( | crypto_pk_env_t * | env, | |
| const char * | src, | |||
| size_t | len | |||
| ) |
Read a PEM-encoded public key from the first len characters of src, and store the result in env. Return 0 on success, -1 on failure.
References crypto_log_errors(), crypto_pk_env_t::key, and tor_assert.
Referenced by get_next_token().
| int crypto_pk_write_private_key_to_filename | ( | crypto_pk_env_t * | env, | |
| const char * | fname | |||
| ) |
Write the private key from env into the file named by fname, PEM-encoded. Return 0 on success, -1 on failure.
References crypto_log_errors(), crypto_pk_env_t::key, PRIVATE_KEY_OK, tor_assert, tor_free, and write_str_to_file().
Referenced by init_key_from_file(), and rotate_onion_key().
| int crypto_pk_write_private_key_to_string | ( | crypto_pk_env_t * | env, | |
| char ** | dest, | |||
| size_t * | len | |||
| ) |
PEM-encode the private key portion of env and write it to a newly allocated string. On success, set *dest to the new string, *len to the string's length, and return 0. On failure, return -1.
References crypto_pk_write_key_to_string_impl().
Referenced by rend_service_load_keys().
| int crypto_pk_write_public_key_to_string | ( | crypto_pk_env_t * | env, | |
| char ** | dest, | |||
| size_t * | len | |||
| ) |
PEM-encode the public key portion of env and write it to a newly allocated string. On success, set *dest to the new string, *len to the string's length, and return 0. On failure, return -1.
References crypto_pk_write_key_to_string_impl().
Referenced by dirserv_dump_directory_to_string(), dirvote_create_microdescriptor(), generate_runningrouters(), generate_v2_networkstatus_opinion(), rend_encode_v2_descriptors(), rend_encode_v2_intro_points(), and router_dump_router_to_string().
| int crypto_rand | ( | char * | to, | |
| size_t | n | |||
| ) |
Write n bytes of strong random data to to. Return 0 on success, -1 on failure.
References crypto_log_errors(), and tor_assert.
Referenced by _dns_randfn(), addressmap_get_virtual_address(), circuit_send_next_onion_skin(), crypto_cipher_generate_iv(), crypto_cipher_generate_key(), crypto_rand_int(), crypto_rand_uint64(), crypto_random_hostname(), do_hash_password(), fast_server_handshake(), init_cookie_authentication(), rend_client_send_establish_rendezvous(), rend_encrypt_v2_intro_points_basic(), and rend_service_load_keys().
| int crypto_rand_int | ( | unsigned int | max | ) |
Return a pseudorandom integer, chosen uniformly from the values between 0 and max-1.
References crypto_rand(), and tor_assert.
Referenced by add_an_entry_guard(), circuit_build_times_shuffle_and_store_array(), crypto_random_hostname(), entry_guards_parse_state(), or_connection_new(), origin_circuit_new(), rend_client_get_random_intro(), rend_client_refetch_v2_renddesc(), rend_consider_services_upload(), run_scheduled_events(), smartlist_choose(), smartlist_shuffle(), and update_consensus_networkstatus_fetch_time().
| uint64_t crypto_rand_uint64 | ( | uint64_t | max | ) |
Return a pseudorandom 64-bit integer, chosen uniformly from the values between 0 and max-1.
References crypto_rand(), and tor_assert.
Referenced by circuit_build_times_generate_sample(), smartlist_choose_by_bandwidth(), and smartlist_choose_by_bandwidth_weights().
| char* crypto_random_hostname | ( | int | min_rand_len, | |
| int | max_rand_len, | |||
| const char * | prefix, | |||
| const char * | suffix | |||
| ) |
Generate and return a new random hostname starting with prefix, ending with suffix, and containing no less than min_rand_len and no more than max_rand_len random base32 characters between.
References base32_encode(), crypto_rand(), crypto_rand_int(), tor_assert, and tor_free.
Referenced by launch_wildcard_check(), tor_tls_context_new(), and tor_tls_new().
| int crypto_seed_rng | ( | int | startup | ) |
Seed OpenSSL's random number generator with bytes from the operating system. startup should be true iff we have just started Tor and have not yet allocated a bunch of fds. Return 0 on success, -1 on failure.
References LD_CRYPTO, and read_all().
Referenced by crypto_global_init(), and run_scheduled_events().
| void crypto_thread_cleanup | ( | void | ) |
Free crypto resources held by this thread.
Referenced by cpuworker_main().
| int digest256_from_base64 | ( | char * | digest, | |
| const char * | d64 | |||
| ) |
Given a base-64 encoded, nul-terminated digest in d64 (without trailing newline or = characters), decode it and store the result in the first DIGEST256_LEN bytes at digest.
References base64_decode(), BASE64_DIGEST256_LEN, and DIGEST256_LEN.
Referenced by vote_routerstatus_find_microdesc_hash().
| int digest256_to_base64 | ( | char * | d64, | |
| const char * | digest | |||
| ) |
Base-64 encode DIGEST256_LINE bytes from digest, remove the trailing = and newline characters, and store the nul-terminated result in the first BASE64_DIGEST256_LEN+1 bytes of d64.
References BASE64_DIGEST256_LEN, base64_encode(), and DIGEST256_LEN.
Referenced by dirvote_format_microdesc_vote_line().
| int digest_from_base64 | ( | char * | digest, | |
| const char * | d64 | |||
| ) |
Given a base-64 encoded, nul-terminated digest in d64 (without trailing newline or = characters), decode it and store the result in the first DIGEST_LEN bytes at digest.
References base64_decode(), BASE64_DIGEST_LEN, and DIGEST_LEN.
Referenced by routerstatus_parse_entry_from_string().
| int digest_to_base64 | ( | char * | d64, | |
| const char * | digest | |||
| ) |
Base-64 encode DIGEST_LINE bytes from digest, remove the trailing = and newline characters, and store the nul-terminated result in the first BASE64_DIGEST_LEN+1 bytes of d64.
References BASE64_DIGEST_LEN, base64_encode(), and DIGEST_LEN.
Referenced by rep_hist_get_router_stability_doc(), and routerstatus_format_entry().
| void secret_to_key | ( | char * | key_out, | |
| size_t | key_out_len, | |||
| const char * | secret, | |||
| size_t | secret_len, | |||
| const char * | s2k_specifier | |||
| ) |
Implement RFC2440-style iterated-salted S2K conversion: convert the secret_len-byte secret into a key_out_len byte key_out. As in RFC2440, the first 8 bytes of s2k_specifier are a salt; the 9th byte describes how much iteration to do. Does not support key_out_len > DIGEST_LEN.
References crypto_digest_add_bytes(), crypto_digest_get_digest(), crypto_free_digest_env(), crypto_new_digest_env(), DIGEST_LEN, tor_assert, and tor_free.
Referenced by do_hash_password(), and handle_control_authenticate().
| void smartlist_shuffle | ( | smartlist_t * | sl | ) |
Scramble the elements of sl into a random order.
References crypto_rand_int().
Referenced by update_extrainfo_downloads().
1.5.6