Commit 9955b265 authored by Nick Mathewson's avatar Nick Mathewson 🐻
Browse files

Make crypto structures private to crypto.c


svn:r437
parent 67697d5a
......@@ -40,6 +40,24 @@
#define RETURN_SSL_OUTCOME(exp) return !(exp)
#endif
struct crypto_pk_env_t
{
int type;
int refs; /* reference counting; so we don't have to copy keys */
unsigned char *key;
/* auxiliary data structure(s) used by the underlying crypto library */
unsigned char *aux;
};
struct crypto_cipher_env_t
{
int type;
unsigned char *key;
unsigned char *iv;
/* auxiliary data structure(s) used by the underlying crypto library */
unsigned char *aux;
};
/* static INLINE const EVP_CIPHER *
crypto_cipher_evp_cipher(int type, int enc);
*/
......@@ -102,31 +120,37 @@ int crypto_global_cleanup()
return 0;
}
crypto_pk_env_t *crypto_new_pk_env(int type)
crypto_pk_env_t *_crypto_new_pk_env_rsa(RSA *rsa)
{
crypto_pk_env_t *env;
assert(rsa);
env = (crypto_pk_env_t *)tor_malloc(sizeof(crypto_pk_env_t));
env->type = type;
env->type = CRYPTO_PK_RSA;
env->refs = 1;
env->key = NULL;
env->key = (unsigned char*)rsa;
env->aux = NULL;
return env;
}
RSA *_crypto_pk_env_get_rsa(crypto_pk_env_t *env)
{
if (env->type != CRYPTO_PK_RSA)
return NULL;
return (RSA*)env->key;
}
crypto_pk_env_t *crypto_new_pk_env(int type)
{
RSA *rsa;
switch(type) {
case CRYPTO_PK_RSA:
env->key = (unsigned char *)RSA_new();
if (!env->key) {
free(env);
return NULL;
}
break;
rsa = RSA_new();
if (!rsa) return NULL;
return _crypto_new_pk_env_rsa(rsa);
default:
free(env);
return NULL;
}
return env;
}
void crypto_free_pk_env(crypto_pk_env_t *env)
......@@ -617,6 +641,11 @@ int crypto_cipher_set_key(crypto_cipher_env_t *env, unsigned char *key)
return 0;
}
unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env)
{
return env->key;
}
int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env)
{
assert(env);
......
......@@ -18,23 +18,8 @@
#define CRYPTO_PK_RSA 0
typedef struct
{
int type;
int refs; /* reference counting; so we don't have to copy keys */
unsigned char *key;
/* auxiliary data structure(s) used by the underlying crypto library */
unsigned char *aux;
} crypto_pk_env_t;
typedef struct
{
int type;
unsigned char *key;
unsigned char *iv;
/* auxiliary data structure(s) used by the underlying crypto library */
unsigned char *aux;
} crypto_cipher_env_t;
typedef struct crypto_pk_env_t crypto_pk_env_t;
typedef struct crypto_cipher_env_t crypto_cipher_env_t;
/* global state */
int crypto_global_init();
......@@ -94,6 +79,7 @@ int crypto_cipher_set_iv(crypto_cipher_env_t *env, unsigned char *iv);
int crypto_cipher_set_key(crypto_cipher_env_t *env, unsigned char *key);
int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env);
int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env);
unsigned char *crypto_cipher_get_key(crypto_cipher_env_t *env);
int crypto_cipher_encrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
int crypto_cipher_decrypt(crypto_cipher_env_t *env, unsigned char *from, unsigned int fromlen, unsigned char *to);
......
......@@ -249,9 +249,9 @@ or_handshake_op_send_keys(connection_t *conn) {
/* compose the message */
*(uint16_t *)(message) = htons(HANDSHAKE_AS_OP);
memcpy((void *)(message+FLAGS_LEN),
(void *)conn->f_crypto->key, 16);
(void *)crypto_cipher_get_key(conn->f_crypto), 16);
memcpy((void *)(message+FLAGS_LEN+KEY_LEN),
(void *)conn->b_crypto->key, 16);
(void *)crypto_cipher_get_key(conn->b_crypto), 16);
/* encrypt with RSA */
if(crypto_pk_public_encrypt(conn->pkey, message, sizeof(message), cipher, RSA_PKCS1_PADDING) < 0) {
......@@ -322,9 +322,9 @@ or_handshake_client_send_auth(connection_t *conn) {
*(uint32_t*)(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN) = htonl(conn->addr); /* remote address */
*(uint16_t*)(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN+ADDR_LEN) = htons(conn->port); /* remote port */
memcpy(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN+ADDR_LEN+PORT_LEN,
conn->f_crypto->key,16); /* keys */
crypto_cipher_get_key(conn->f_crypto),16); /* keys */
memcpy(buf+FLAGS_LEN+ADDR_LEN+PORT_LEN+ADDR_LEN+PORT_LEN+KEY_LEN,
conn->b_crypto->key,16);
crypto_cipher_get_key(conn->b_crypto),16);
log(LOG_DEBUG,"or_handshake_client_send_auth() : Generated first authentication message.");
/* encrypt message */
......@@ -406,8 +406,8 @@ or_handshake_client_process_auth(connection_t *conn) {
log(LOG_ERR,"client_process_auth: Router %s:%u: bad address info.", conn->address,conn->port);
return -1;
}
if ( (memcmp(conn->f_crypto->key, buf+12, 16)) || /* keys */
(memcmp(conn->b_crypto->key, buf+28, 16)) ) {
if ( (memcmp(crypto_cipher_get_key(conn->f_crypto), buf+12, 16)) ||/* keys */
(memcmp(crypto_cipher_get_key(conn->b_crypto), buf+28, 16)) ) {
log(LOG_ERR,"client_process_auth: Router %s:%u: bad key info.",conn->address,conn->port);
return -1;
}
......
......@@ -269,7 +269,7 @@ test_crypto()
test_neq(env2, 0);
j = crypto_cipher_generate_key(env1);
if (str_ciphers[i] != CRYPTO_CIPHER_IDENTITY) {
crypto_cipher_set_key(env2, env1->key);
crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
}
crypto_cipher_set_iv(env1, "12345678901234567890");
crypto_cipher_set_iv(env2, "12345678901234567890");
......@@ -309,7 +309,7 @@ test_crypto()
env2 = crypto_new_cipher_env(str_ciphers[i]);
test_neq(env2, 0);
if (str_ciphers[i] != CRYPTO_CIPHER_IDENTITY) {
crypto_cipher_set_key(env2, env1->key);
crypto_cipher_set_key(env2, crypto_cipher_get_key(env1));
}
crypto_cipher_set_iv(env2, "12345678901234567890");
crypto_cipher_encrypt_init_cipher(env2);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment