mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-24 22:58:50 +01:00
Code Issues Projects Releases Wiki Activity

Rename the hybrid_encrypt/decrypt functions; label them as dangerous

Browse source 
We need to keep these around for TAP and old-style hidden services,
but they're obsolete, and we shouldn't encourage anyone to use them.
So I've added "obsolete" to their names, and a comment explaining
what the problem is.

Closes ticket 23026.
This commit is contained in:
Nick Mathewson 2017-07-24 14:32:59 -04:00
parent db1664e593
commit 6c8c973191
9 changed files with 28 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
changes/bug23026 Normal file
View file

@ -0,0 +1,4 @@
o Code simplification and refactoring:
- Rename the obsolete malleable hybrid_encrypt functions used in
TAP and old hidden services to indicate that they aren't suitable
for new protocols or formats. Closes ticket 23026.

15
src/common/crypto.c
View file

@ -1238,9 +1238,12 @@ crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
* - The beginning of the source data prefixed with a 16-byte symmetric key, * - The beginning of the source data prefixed with a 16-byte symmetric key,
* padded and encrypted with the public key; followed by the rest of * padded and encrypted with the public key; followed by the rest of
* the source data encrypted in AES-CTR mode with the symmetric key. * the source data encrypted in AES-CTR mode with the symmetric key.
*
* NOTE that this format does not authenticate the symmetrically encrypted
* part of the data, and SHOULD NOT BE USED for new protocols.
*/ */
int int
crypto_pk_public_hybrid_encrypt(crypto_pk_t *env, crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env,
char *to, size_t tolen, char *to, size_t tolen,
const char *from, const char *from,
size_t fromlen, size_t fromlen,
@ -1302,10 +1305,14 @@ crypto_pk_public_hybrid_encrypt(crypto_pk_t *env,
return -1; return -1;
} }
/** Invert crypto_pk_public_hybrid_encrypt. Returns the number of bytes /** Invert crypto_pk_obsolete_public_hybrid_encrypt. Returns the number of
* written on success, -1 on failure. */ * bytes written on success, -1 on failure.
*
* NOTE that this format does not authenticate the symmetrically encrypted
* part of the data, and SHOULD NOT BE USED for new protocols.
*/
int int
crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env,
char *to, char *to,
size_t tolen, size_t tolen,
const char *from, const char *from,

4
src/common/crypto.h
View file

@ -197,11 +197,11 @@ int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen); const char *from, size_t fromlen);
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen, int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen); const char *from, size_t fromlen);
int crypto_pk_public_hybrid_encrypt(crypto_pk_t *env, char *to, int crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env, char *to,
size_t tolen, size_t tolen,
const char *from, size_t fromlen, const char *from, size_t fromlen,
int padding, int force); int padding, int force);
int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to, int crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env, char *to,
size_t tolen, size_t tolen,
const char *from, size_t fromlen, const char *from, size_t fromlen,
int padding, int warnOnFailure); int padding, int warnOnFailure);

4
src/or/onion_tap.c
View file

@ -73,7 +73,7 @@ onion_skin_TAP_create(crypto_pk_t *dest_router_key,
goto err; goto err;
/* set meeting point, meeting cookie, etc here. Leave zero for now. */ /* set meeting point, meeting cookie, etc here. Leave zero for now. */
if (crypto_pk_public_hybrid_encrypt(dest_router_key, onion_skin_out, if (crypto_pk_obsolete_public_hybrid_encrypt(dest_router_key, onion_skin_out,
TAP_ONIONSKIN_CHALLENGE_LEN, TAP_ONIONSKIN_CHALLENGE_LEN,
challenge, DH_KEY_LEN, challenge, DH_KEY_LEN,
PK_PKCS1_OAEP_PADDING, 1)<0) PK_PKCS1_OAEP_PADDING, 1)<0)
@ -122,7 +122,7 @@ onion_skin_TAP_server_handshake(
k = i==0?private_key:prev_private_key; k = i==0?private_key:prev_private_key;
if (!k) if (!k)
break; break;
len = crypto_pk_private_hybrid_decrypt(k, challenge, len = crypto_pk_obsolete_private_hybrid_decrypt(k, challenge,
TAP_ONIONSKIN_CHALLENGE_LEN, TAP_ONIONSKIN_CHALLENGE_LEN,
onion_skin, onion_skin,
TAP_ONIONSKIN_CHALLENGE_LEN, TAP_ONIONSKIN_CHALLENGE_LEN,

4
src/or/rendclient.c
View file

@ -286,9 +286,9 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
goto perm_err; goto perm_err;
} }
/*XXX maybe give crypto_pk_public_hybrid_encrypt a max_len arg, /*XXX maybe give crypto_pk_obsolete_public_hybrid_encrypt a max_len arg,
* to avoid buffer overflows? */ * to avoid buffer overflows? */
r = crypto_pk_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN, r = crypto_pk_obsolete_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN,
sizeof(payload)-DIGEST_LEN, sizeof(payload)-DIGEST_LEN,
tmp, tmp,
(int)(dh_offset+DH_KEY_LEN), (int)(dh_offset+DH_KEY_LEN),

2
src/or/rendservice.c
View file

@ -2732,7 +2732,7 @@ rend_service_decrypt_intro(
/* Decrypt the encrypted part */ /* Decrypt the encrypted part */
result = result =
crypto_pk_private_hybrid_decrypt( crypto_pk_obsolete_private_hybrid_decrypt(
key, (char *)buf, sizeof(buf), key, (char *)buf, sizeof(buf),
(const char *)(intro->ciphertext), intro->ciphertext_len, (const char *)(intro->ciphertext), intro->ciphertext_len,
PK_PKCS1_OAEP_PADDING, 1); PK_PKCS1_OAEP_PADDING, 1);

3
src/test/test.c
View file

@ -142,7 +142,8 @@ test_bad_onion_handshake(void *arg)
/* Server: Case 1: the encrypted data is degenerate. */ /* Server: Case 1: the encrypted data is degenerate. */
memset(junk_buf, 0, sizeof(junk_buf)); memset(junk_buf, 0, sizeof(junk_buf));
crypto_pk_public_hybrid_encrypt(pk, junk_buf2, TAP_ONIONSKIN_CHALLENGE_LEN, crypto_pk_obsolete_public_hybrid_encrypt(pk,
junk_buf2, TAP_ONIONSKIN_CHALLENGE_LEN,
junk_buf, DH_KEY_LEN, PK_PKCS1_OAEP_PADDING, 1); junk_buf, DH_KEY_LEN, PK_PKCS1_OAEP_PADDING, 1);
tt_int_op(-1, OP_EQ, tt_int_op(-1, OP_EQ,
onion_skin_TAP_server_handshake(junk_buf2, pk, NULL, onion_skin_TAP_server_handshake(junk_buf2, pk, NULL,

4
src/test/test_crypto.c
View file

@ -1252,10 +1252,10 @@ test_crypto_pk(void *arg)
for (i = 85; i < 140; ++i) { for (i = 85; i < 140; ++i) {
memset(data2,0,1024); memset(data2,0,1024);
memset(data3,0,1024); memset(data3,0,1024);
len = crypto_pk_public_hybrid_encrypt(pk1,data2,sizeof(data2), len = crypto_pk_obsolete_public_hybrid_encrypt(pk1,data2,sizeof(data2),
data1,i,PK_PKCS1_OAEP_PADDING,0); data1,i,PK_PKCS1_OAEP_PADDING,0);
tt_int_op(len, OP_GE, 0); tt_int_op(len, OP_GE, 0);
len = crypto_pk_private_hybrid_decrypt(pk1,data3,sizeof(data3), len = crypto_pk_obsolete_private_hybrid_decrypt(pk1,data3,sizeof(data3),
data2,len,PK_PKCS1_OAEP_PADDING,1); data2,len,PK_PKCS1_OAEP_PADDING,1);
tt_int_op(len,OP_EQ, i); tt_int_op(len,OP_EQ, i);
tt_mem_op(data1,OP_EQ, data3,i); tt_mem_op(data1,OP_EQ, data3,i);

4
src/test/test_introduce.c
View file

@ -355,7 +355,7 @@ make_intro_from_plaintext(
/* /*
* Figure out an upper bound on how big the ciphertext will be * Figure out an upper bound on how big the ciphertext will be
* (see crypto_pk_public_hybrid_encrypt()) * (see crypto_pk_obsolete_public_hybrid_encrypt())
*/ */
ciphertext_size = PKCS1_OAEP_PADDING_OVERHEAD; ciphertext_size = PKCS1_OAEP_PADDING_OVERHEAD;
ciphertext_size += crypto_pk_keysize(key); ciphertext_size += crypto_pk_keysize(key);
@ -372,7 +372,7 @@ make_intro_from_plaintext(
tt_assert(r >= 0); tt_assert(r >= 0);
/* Do encryption */ /* Do encryption */
r = crypto_pk_public_hybrid_encrypt( r = crypto_pk_obsolete_public_hybrid_encrypt(
key, cell + DIGEST_LEN, ciphertext_size, key, cell + DIGEST_LEN, ciphertext_size,
buf, len, buf, len,
PK_PKCS1_OAEP_PADDING, 0); PK_PKCS1_OAEP_PADDING, 0);