mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-26 15:42:34 +01:00
Code Issues Projects Releases Wiki Activity

Refactor crypto.[ch] into smaller xof+digest module.

Browse source 
Add two new files (crypto_digest.c, crypto_digest.h) as new module of
crypto.[ch].  This new module includes all functions and dependencies related
to digest and xof operations. Those have been removed from crypto.[ch].

Follows #24658.

Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
This commit is contained in:
Fernando Fernandez Mancera 2018-02-03 15:27:55 +01:00
parent eafa252b26
commit f8b1493681
4 changed files with 734 additions and 683 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

584
src/common/crypto.c
View file

@ -399,70 +399,6 @@ crypto_cipher_free_(crypto_cipher_t *env)
/* public key crypto */ /* public key crypto */
/** Check a siglen-byte long signature at <b>sig</b> against
* <b>datalen</b> bytes of data at <b>data</b>, using the public key
* in <b>env</b>. Return 0 if <b>sig</b> is a correct signature for
* SHA1(data). Else return -1.
*/
MOCK_IMPL(int,
crypto_pk_public_checksig_digest,(crypto_pk_t *env, const char *data,
size_t datalen, const char *sig,
size_t siglen))
{
char digest[DIGEST_LEN];
char *buf;
size_t buflen;
int r;
tor_assert(env);
tor_assert(data);
tor_assert(sig);
tor_assert(datalen < SIZE_T_CEILING);
tor_assert(siglen < SIZE_T_CEILING);
if (crypto_digest(digest,data,datalen)<0) {
log_warn(LD_BUG, "couldn't compute digest");
return -1;
}
buflen = crypto_pk_keysize(env);
buf = tor_malloc(buflen);
r = crypto_pk_public_checksig(env,buf,buflen,sig,siglen);
if (r != DIGEST_LEN) {
log_warn(LD_CRYPTO, "Invalid signature");
tor_free(buf);
return -1;
}
if (tor_memneq(buf, digest, DIGEST_LEN)) {
log_warn(LD_CRYPTO, "Signature mismatched with digest.");
tor_free(buf);
return -1;
}
tor_free(buf);
return 0;
}
/** Compute a SHA1 digest of <b>fromlen</b> bytes of data stored at
* <b>from</b>; sign the data with the private key in <b>env</b>, and
* store it in <b>to</b>. Return the number of bytes written on
* success, and -1 on failure.
*
* <b>tolen</b> is the number of writable bytes in <b>to</b>, and must be
* at least the length of the modulus of <b>env</b>.
*/
int
crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen)
{
int r;
char digest[DIGEST_LEN];
if (crypto_digest(digest,from,fromlen)<0)
return -1;
r = crypto_pk_private_sign(env,to,tolen,digest,DIGEST_LEN);
memwipe(digest, 0, sizeof(digest));
return r;
}
/** Perform a hybrid (public/secret) encryption on <b>fromlen</b> /** Perform a hybrid (public/secret) encryption on <b>fromlen</b>
* bytes of data from <b>from</b>, with padding type 'padding', * bytes of data from <b>from</b>, with padding type 'padding',
* storing the results on <b>to</b>. * storing the results on <b>to</b>.
@ -605,58 +541,6 @@ crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env,
return -1; return -1;
} }
/** Given a private or public key <b>pk</b>, put a SHA1 hash of the
* public key into <b>digest_out</b> (must have DIGEST_LEN bytes of space).
* Return 0 on success, -1 on failure.
*/
int
crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
{
char *buf;
size_t buflen;
int len;
int rv = -1;
buflen = crypto_pk_keysize(pk)*2;
buf = tor_malloc(buflen);
len = crypto_pk_asn1_encode(pk, buf, buflen);
if (len < 0)
goto done;
if (crypto_digest(digest_out, buf, len) < 0)
goto done;
rv = 0;
done:
tor_free(buf);
return rv;
}
/** Compute all digests of the DER encoding of <b>pk</b>, and store them
* in <b>digests_out</b>. Return 0 on success, -1 on failure. */
int
crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out)
{
char *buf;
size_t buflen;
int len;
int rv = -1;
buflen = crypto_pk_keysize(pk)*2;
buf = tor_malloc(buflen);
len = crypto_pk_asn1_encode(pk, buf, buflen);
if (len < 0)
goto done;
if (crypto_common_digests(digests_out, (char*)buf, len) < 0)
goto done;
rv = 0;
done:
tor_free(buf);
return rv;
}
/** Copy <b>in</b> to the <b>outlen</b>-byte buffer <b>out</b>, adding spaces /** Copy <b>in</b> to the <b>outlen</b>-byte buffer <b>out</b>, adding spaces
* every four characters. */ * every four characters. */
void void
@ -788,474 +672,6 @@ crypto_cipher_decrypt_with_iv(const char *key,
return (int)(fromlen - CIPHER_IV_LEN); return (int)(fromlen - CIPHER_IV_LEN);
} }
/* SHA-1 */
/** Compute the SHA1 digest of the <b>len</b> bytes on data stored in
* <b>m</b>. Write the DIGEST_LEN byte result into <b>digest</b>.
* Return 0 on success, -1 on failure.
*/
int
crypto_digest(char *digest, const char *m, size_t len)
{
tor_assert(m);
tor_assert(digest);
if (SHA1((const unsigned char*)m,len,(unsigned char*)digest) == NULL)
return -1;
return 0;
}
/** Compute a 256-bit digest of <b>len</b> bytes in data stored in <b>m</b>,
* using the algorithm <b>algorithm</b>. Write the DIGEST_LEN256-byte result
* into <b>digest</b>. Return 0 on success, -1 on failure. */
int
crypto_digest256(char *digest, const char *m, size_t len,
digest_algorithm_t algorithm)
{
tor_assert(m);
tor_assert(digest);
tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
int ret = 0;
if (algorithm == DIGEST_SHA256)
ret = (SHA256((const uint8_t*)m,len,(uint8_t*)digest) != NULL);
else
ret = (sha3_256((uint8_t *)digest, DIGEST256_LEN,(const uint8_t *)m, len)
> -1);
if (!ret)
return -1;
return 0;
}
/** Compute a 512-bit digest of <b>len</b> bytes in data stored in <b>m</b>,
* using the algorithm <b>algorithm</b>. Write the DIGEST_LEN512-byte result
* into <b>digest</b>. Return 0 on success, -1 on failure. */
int
crypto_digest512(char *digest, const char *m, size_t len,
digest_algorithm_t algorithm)
{
tor_assert(m);
tor_assert(digest);
tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
int ret = 0;
if (algorithm == DIGEST_SHA512)
ret = (SHA512((const unsigned char*)m,len,(unsigned char*)digest)
!= NULL);
else
ret = (sha3_512((uint8_t*)digest, DIGEST512_LEN, (const uint8_t*)m, len)
> -1);
if (!ret)
return -1;
return 0;
}
/** Set the common_digests_t in <b>ds_out</b> to contain every digest on the
* <b>len</b> bytes in <b>m</b> that we know how to compute. Return 0 on
* success, -1 on failure. */
int
crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len)
{
tor_assert(ds_out);
memset(ds_out, 0, sizeof(*ds_out));
if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0)
return -1;
if (crypto_digest256(ds_out->d[DIGEST_SHA256], m, len, DIGEST_SHA256) < 0)
return -1;
return 0;
}
/** Return the name of an algorithm, as used in directory documents. */
const char *
crypto_digest_algorithm_get_name(digest_algorithm_t alg)
{
switch (alg) {
case DIGEST_SHA1:
return "sha1";
case DIGEST_SHA256:
return "sha256";
case DIGEST_SHA512:
return "sha512";
case DIGEST_SHA3_256:
return "sha3-256";
case DIGEST_SHA3_512:
return "sha3-512";
// LCOV_EXCL_START
default:
tor_fragile_assert();
return "??unknown_digest??";
// LCOV_EXCL_STOP
}
}
/** Given the name of a digest algorithm, return its integer value, or -1 if
* the name is not recognized. */
int
crypto_digest_algorithm_parse_name(const char *name)
{
if (!strcmp(name, "sha1"))
return DIGEST_SHA1;
else if (!strcmp(name, "sha256"))
return DIGEST_SHA256;
else if (!strcmp(name, "sha512"))
return DIGEST_SHA512;
else if (!strcmp(name, "sha3-256"))
return DIGEST_SHA3_256;
else if (!strcmp(name, "sha3-512"))
return DIGEST_SHA3_512;
else
return -1;
}
/** Given an algorithm, return the digest length in bytes. */
size_t
crypto_digest_algorithm_get_length(digest_algorithm_t alg)
{
switch (alg) {
case DIGEST_SHA1:
return DIGEST_LEN;
case DIGEST_SHA256:
return DIGEST256_LEN;
case DIGEST_SHA512:
return DIGEST512_LEN;
case DIGEST_SHA3_256:
return DIGEST256_LEN;
case DIGEST_SHA3_512:
return DIGEST512_LEN;
default:
tor_assert(0); // LCOV_EXCL_LINE
return 0; /* Unreachable */ // LCOV_EXCL_LINE
}
}
/** Intermediate information about the digest of a stream of data. */
struct crypto_digest_t {
digest_algorithm_t algorithm; /**< Which algorithm is in use? */
/** State for the digest we're using. Only one member of the
* union is usable, depending on the value of <b>algorithm</b>. Note also
* that space for other members might not even be allocated!
*/
union {
SHA_CTX sha1; /**< state for SHA1 */
SHA256_CTX sha2; /**< state for SHA256 */
SHA512_CTX sha512; /**< state for SHA512 */
keccak_state sha3; /**< state for SHA3-[256,512] */
} d;
};
#ifdef TOR_UNIT_TESTS
digest_algorithm_t
crypto_digest_get_algorithm(crypto_digest_t *digest)
{
tor_assert(digest);
return digest->algorithm;
}
#endif /* defined(TOR_UNIT_TESTS) */
/**
* Return the number of bytes we need to malloc in order to get a
* crypto_digest_t for <b>alg</b>, or the number of bytes we need to wipe
* when we free one.
*/
static size_t
crypto_digest_alloc_bytes(digest_algorithm_t alg)
{
/* Helper: returns the number of bytes in the 'f' field of 'st' */
#define STRUCT_FIELD_SIZE(st, f) (sizeof( ((st*)0)->f ))
/* Gives the length of crypto_digest_t through the end of the field 'd' */
#define END_OF_FIELD(f) (offsetof(crypto_digest_t, f) + \
STRUCT_FIELD_SIZE(crypto_digest_t, f))
switch (alg) {
case DIGEST_SHA1:
return END_OF_FIELD(d.sha1);
case DIGEST_SHA256:
return END_OF_FIELD(d.sha2);
case DIGEST_SHA512:
return END_OF_FIELD(d.sha512);
case DIGEST_SHA3_256:
case DIGEST_SHA3_512:
return END_OF_FIELD(d.sha3);
default:
tor_assert(0); // LCOV_EXCL_LINE
return 0; // LCOV_EXCL_LINE
}
#undef END_OF_FIELD
#undef STRUCT_FIELD_SIZE
}
/**
* Internal function: create and return a new digest object for 'algorithm'.
* Does not typecheck the algorithm.
*/
static crypto_digest_t *
crypto_digest_new_internal(digest_algorithm_t algorithm)
{
crypto_digest_t *r = tor_malloc(crypto_digest_alloc_bytes(algorithm));
r->algorithm = algorithm;
switch (algorithm)
{
case DIGEST_SHA1:
SHA1_Init(&r->d.sha1);
break;
case DIGEST_SHA256:
SHA256_Init(&r->d.sha2);
break;
case DIGEST_SHA512:
SHA512_Init(&r->d.sha512);
break;
case DIGEST_SHA3_256:
keccak_digest_init(&r->d.sha3, 256);
break;
case DIGEST_SHA3_512:
keccak_digest_init(&r->d.sha3, 512);
break;
default:
tor_assert_unreached();
}
return r;
}
/** Allocate and return a new digest object to compute SHA1 digests.
*/
crypto_digest_t *
crypto_digest_new(void)
{
return crypto_digest_new_internal(DIGEST_SHA1);
}
/** Allocate and return a new digest object to compute 256-bit digests
* using <b>algorithm</b>. */
crypto_digest_t *
crypto_digest256_new(digest_algorithm_t algorithm)
{
tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
return crypto_digest_new_internal(algorithm);
}
/** Allocate and return a new digest object to compute 512-bit digests
* using <b>algorithm</b>. */
crypto_digest_t *
crypto_digest512_new(digest_algorithm_t algorithm)
{
tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
return crypto_digest_new_internal(algorithm);
}
/** Deallocate a digest object.
*/
void
crypto_digest_free_(crypto_digest_t *digest)
{
if (!digest)
return;
size_t bytes = crypto_digest_alloc_bytes(digest->algorithm);
memwipe(digest, 0, bytes);
tor_free(digest);
}
/** Add <b>len</b> bytes from <b>data</b> to the digest object.
*/
void
crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
size_t len)
{
tor_assert(digest);
tor_assert(data);
/* Using the SHA*_*() calls directly means we don't support doing
* SHA in hardware. But so far the delay of getting the question
* to the hardware, and hearing the answer, is likely higher than
* just doing it ourselves. Hashes are fast.
*/
switch (digest->algorithm) {
case DIGEST_SHA1:
SHA1_Update(&digest->d.sha1, (void*)data, len);
break;
case DIGEST_SHA256:
SHA256_Update(&digest->d.sha2, (void*)data, len);
break;
case DIGEST_SHA512:
SHA512_Update(&digest->d.sha512, (void*)data, len);
break;
case DIGEST_SHA3_256: /* FALLSTHROUGH */
case DIGEST_SHA3_512:
keccak_digest_update(&digest->d.sha3, (const uint8_t *)data, len);
break;
default:
/* LCOV_EXCL_START */
tor_fragile_assert();
break;
/* LCOV_EXCL_STOP */
}
}
/** Compute the hash of the data that has been passed to the digest
* object; write the first out_len bytes of the result to <b>out</b>.
* <b>out_len</b> must be \<= DIGEST512_LEN.
*/
void
crypto_digest_get_digest(crypto_digest_t *digest,
char *out, size_t out_len)
{
unsigned char r[DIGEST512_LEN];
crypto_digest_t tmpenv;
tor_assert(digest);
tor_assert(out);
tor_assert(out_len <= crypto_digest_algorithm_get_length(digest->algorithm));
/* The SHA-3 code handles copying into a temporary ctx, and also can handle
* short output buffers by truncating appropriately. */
if (digest->algorithm == DIGEST_SHA3_256 ||
digest->algorithm == DIGEST_SHA3_512) {
keccak_digest_sum(&digest->d.sha3, (uint8_t *)out, out_len);
return;
}
const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm);
/* memcpy into a temporary ctx, since SHA*_Final clears the context */
memcpy(&tmpenv, digest, alloc_bytes);
switch (digest->algorithm) {
case DIGEST_SHA1:
SHA1_Final(r, &tmpenv.d.sha1);
break;
case DIGEST_SHA256:
SHA256_Final(r, &tmpenv.d.sha2);
break;
case DIGEST_SHA512:
SHA512_Final(r, &tmpenv.d.sha512);
break;
//LCOV_EXCL_START
case DIGEST_SHA3_256: /* FALLSTHROUGH */
case DIGEST_SHA3_512:
default:
log_warn(LD_BUG, "Handling unexpected algorithm %d", digest->algorithm);
/* This is fatal, because it should never happen. */
tor_assert_unreached();
break;
//LCOV_EXCL_STOP
}
memcpy(out, r, out_len);
memwipe(r, 0, sizeof(r));
}
/** Allocate and return a new digest object with the same state as
* <b>digest</b>
*/
crypto_digest_t *
crypto_digest_dup(const crypto_digest_t *digest)
{
tor_assert(digest);
const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm);
return tor_memdup(digest, alloc_bytes);
}
/** Replace the state of the digest object <b>into</b> with the state
* of the digest object <b>from</b>. Requires that 'into' and 'from'
* have the same digest type.
*/
void
crypto_digest_assign(crypto_digest_t *into,
const crypto_digest_t *from)
{
tor_assert(into);
tor_assert(from);
tor_assert(into->algorithm == from->algorithm);
const size_t alloc_bytes = crypto_digest_alloc_bytes(from->algorithm);
memcpy(into,from,alloc_bytes);
}
/** Given a list of strings in <b>lst</b>, set the <b>len_out</b>-byte digest
* at <b>digest_out</b> to the hash of the concatenation of those strings,
* plus the optional string <b>append</b>, computed with the algorithm
* <b>alg</b>.
* <b>out_len</b> must be \<= DIGEST512_LEN. */
void
crypto_digest_smartlist(char *digest_out, size_t len_out,
const smartlist_t *lst,
const char *append,
digest_algorithm_t alg)
{
crypto_digest_smartlist_prefix(digest_out, len_out, NULL, lst, append, alg);
}
/** Given a list of strings in <b>lst</b>, set the <b>len_out</b>-byte digest
* at <b>digest_out</b> to the hash of the concatenation of: the
* optional string <b>prepend</b>, those strings,
* and the optional string <b>append</b>, computed with the algorithm
* <b>alg</b>.
* <b>len_out</b> must be \<= DIGEST512_LEN. */
void
crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
const char *prepend,
const smartlist_t *lst,
const char *append,
digest_algorithm_t alg)
{
crypto_digest_t *d = crypto_digest_new_internal(alg);
if (prepend)
crypto_digest_add_bytes(d, prepend, strlen(prepend));
SMARTLIST_FOREACH(lst, const char *, cp,
crypto_digest_add_bytes(d, cp, strlen(cp)));
if (append)
crypto_digest_add_bytes(d, append, strlen(append));
crypto_digest_get_digest(d, digest_out, len_out);
crypto_digest_free(d);
}
/** Compute the HMAC-SHA-256 of the <b>msg_len</b> bytes in <b>msg</b>, using
* the <b>key</b> of length <b>key_len</b>. Store the DIGEST256_LEN-byte
* result in <b>hmac_out</b>. Asserts on failure.
*/
void
crypto_hmac_sha256(char *hmac_out,
const char *key, size_t key_len,
const char *msg, size_t msg_len)
{
unsigned char *rv = NULL;
/* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */
tor_assert(key_len < INT_MAX);
tor_assert(msg_len < INT_MAX);
tor_assert(hmac_out);
rv = HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len,
(unsigned char*)hmac_out, NULL);
tor_assert(rv);
}
/** Compute a MAC using SHA3-256 of <b>msg_len</b> bytes in <b>msg</b> using a
* <b>key</b> of length <b>key_len</b> and a <b>salt</b> of length
* <b>salt_len</b>. Store the result of <b>len_out</b> bytes in in
* <b>mac_out</b>. This function can't fail. */
void
crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out,
const uint8_t *key, size_t key_len,
const uint8_t *msg, size_t msg_len)
{
crypto_digest_t *digest;
const uint64_t key_len_netorder = tor_htonll(key_len);
tor_assert(mac_out);
tor_assert(key);
tor_assert(msg);
digest = crypto_digest256_new(DIGEST_SHA3_256);
/* Order matters here that is any subsystem using this function should
* expect this very precise ordering in the MAC construction. */
crypto_digest_add_bytes(digest, (const char *) &key_len_netorder,
sizeof(key_len_netorder));
crypto_digest_add_bytes(digest, (const char *) key, key_len);
crypto_digest_add_bytes(digest, (const char *) msg, msg_len);
crypto_digest_get_digest(digest, (char *) mac_out, len_out);
crypto_digest_free(digest);
}
/** Internal state for a eXtendable-Output Function (XOF). */ /** Internal state for a eXtendable-Output Function (XOF). */
struct crypto_xof_t { struct crypto_xof_t {
keccak_state s; keccak_state s;

99
src/common/crypto.h
View file

@ -24,13 +24,6 @@
#include "keccak-tiny/keccak-tiny.h" #include "keccak-tiny/keccak-tiny.h"
/** Length of the output of our message digest. */
#define DIGEST_LEN 20
/** Length of the output of our second (improved) message digests. (For now
* this is just sha256, but it could be any other 256-bit digest.) */
#define DIGEST256_LEN 32
/** Length of the output of our 64-bit optimized message digests (SHA512). */
#define DIGEST512_LEN 64
/** Length of our symmetric cipher's keys of 128-bit. */ /** Length of our symmetric cipher's keys of 128-bit. */
#define CIPHER_KEY_LEN 16 #define CIPHER_KEY_LEN 16
/** Length of our symmetric cipher's IV of 128-bit. */ /** Length of our symmetric cipher's IV of 128-bit. */
@ -40,50 +33,9 @@
/** Length of our DH keys. */ /** Length of our DH keys. */
#define DH_BYTES (1024/8) #define DH_BYTES (1024/8)
/** Length of a sha1 message digest when encoded in base32 with trailing =
* signs removed. */
#define BASE32_DIGEST_LEN 32
/** Length of a sha1 message digest when encoded in base64 with trailing =
* signs removed. */
#define BASE64_DIGEST_LEN 27
/** Length of a sha256 message digest when encoded in base64 with trailing =
* signs removed. */
#define BASE64_DIGEST256_LEN 43
/** Length of a sha512 message digest when encoded in base64 with trailing =
* signs removed. */
#define BASE64_DIGEST512_LEN 86
/** Length of encoded public key fingerprints, including space; but not /** Length of encoded public key fingerprints, including space; but not
* including terminating NUL. */ * including terminating NUL. */
#define FINGERPRINT_LEN 49 #define FINGERPRINT_LEN 49
/** Length of hex encoding of SHA1 digest, not including final NUL. */
#define HEX_DIGEST_LEN 40
/** Length of hex encoding of SHA256 digest, not including final NUL. */
#define HEX_DIGEST256_LEN 64
/** Length of hex encoding of SHA512 digest, not including final NUL. */
#define HEX_DIGEST512_LEN 128
typedef enum {
DIGEST_SHA1 = 0,
DIGEST_SHA256 = 1,
DIGEST_SHA512 = 2,
DIGEST_SHA3_256 = 3,
DIGEST_SHA3_512 = 4,
} digest_algorithm_t;
#define N_DIGEST_ALGORITHMS (DIGEST_SHA3_512+1)
#define N_COMMON_DIGEST_ALGORITHMS (DIGEST_SHA256+1)
/** A set of all the digests we commonly compute, taken on a single
* string. Any digests that are shorter than 512 bits are right-padded
* with 0 bits.
*
* Note that this representation wastes 44 bytes for the SHA1 case, so
* don't use it for anything where we need to allocate a whole bunch at
* once.
**/
typedef struct {
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN];
} common_digests_t;
typedef struct aes_cnt_cipher crypto_cipher_t; typedef struct aes_cnt_cipher crypto_cipher_t;
typedef struct crypto_digest_t crypto_digest_t; typedef struct crypto_digest_t crypto_digest_t;
@ -115,11 +67,6 @@ void crypto_cipher_free_(crypto_cipher_t *env);
FREE_AND_NULL(crypto_cipher_t, crypto_cipher_free_, (c)) FREE_AND_NULL(crypto_cipher_t, crypto_cipher_free_, (c))
/* public key crypto */ /* public key crypto */
MOCK_DECL(int, crypto_pk_public_checksig_digest,(crypto_pk_t *env,
const char *data, size_t datalen,
const char *sig, size_t siglen));
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env, char *to, int crypto_pk_obsolete_public_hybrid_encrypt(crypto_pk_t *env, char *to,
size_t tolen, size_t tolen,
const char *from, size_t fromlen, const char *from, size_t fromlen,
@ -128,9 +75,6 @@ int crypto_pk_obsolete_private_hybrid_decrypt(crypto_pk_t *env, char *to,
size_t tolen, size_t tolen,
const char *from, size_t fromlen, const char *from, size_t fromlen,
int padding, int warnOnFailure); int padding, int warnOnFailure);
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
int crypto_pk_get_common_digests(crypto_pk_t *pk,
common_digests_t *digests_out);
/* symmetric crypto */ /* symmetric crypto */
const char *crypto_cipher_get_key(crypto_cipher_t *env); const char *crypto_cipher_get_key(crypto_cipher_t *env);
@ -148,45 +92,6 @@ int crypto_cipher_decrypt_with_iv(const char *key,
char *to, size_t tolen, char *to, size_t tolen,
const char *from, size_t fromlen); const char *from, size_t fromlen);
/* SHA-1 and other digests. */
int crypto_digest(char *digest, const char *m, size_t len);
int crypto_digest256(char *digest, const char *m, size_t len,
digest_algorithm_t algorithm);
int crypto_digest512(char *digest, const char *m, size_t len,
digest_algorithm_t algorithm);
int crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len);
struct smartlist_t;
void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
const char *prepend,
const struct smartlist_t *lst,
const char *append,
digest_algorithm_t alg);
void crypto_digest_smartlist(char *digest_out, size_t len_out,
const struct smartlist_t *lst, const char *append,
digest_algorithm_t alg);
const char *crypto_digest_algorithm_get_name(digest_algorithm_t alg);
size_t crypto_digest_algorithm_get_length(digest_algorithm_t alg);
int crypto_digest_algorithm_parse_name(const char *name);
crypto_digest_t *crypto_digest_new(void);
crypto_digest_t *crypto_digest256_new(digest_algorithm_t algorithm);
crypto_digest_t *crypto_digest512_new(digest_algorithm_t algorithm);
void crypto_digest_free_(crypto_digest_t *digest);
#define crypto_digest_free(d) \
FREE_AND_NULL(crypto_digest_t, crypto_digest_free_, (d))
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
size_t len);
void crypto_digest_get_digest(crypto_digest_t *digest,
char *out, size_t out_len);
crypto_digest_t *crypto_digest_dup(const crypto_digest_t *digest);
void crypto_digest_assign(crypto_digest_t *into,
const crypto_digest_t *from);
void crypto_hmac_sha256(char *hmac_out,
const char *key, size_t key_len,
const char *msg, size_t msg_len);
void crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out,
const uint8_t *key, size_t key_len,
const uint8_t *msg, size_t msg_len);
crypto_xof_t *crypto_xof_new(void); crypto_xof_t *crypto_xof_new(void);
void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len); void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len);
void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len); void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len);
@ -262,9 +167,5 @@ extern int break_strongest_rng_fallback;
#endif #endif
#endif /* defined(CRYPTO_PRIVATE) */ #endif /* defined(CRYPTO_PRIVATE) */
#ifdef TOR_UNIT_TESTS
digest_algorithm_t crypto_digest_get_algorithm(crypto_digest_t *digest);
#endif
#endif /* !defined(TOR_CRYPTO_H) */ #endif /* !defined(TOR_CRYPTO_H) */

610
src/common/crypto_digest.c Normal file
View file

@ -0,0 +1,610 @@
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2017, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* \file crypto_digest.c
* \brief Block of functions related with digest and xof utilities and
* operations.
**/
#include "crypto_digest.h"
#include "crypto.h" /* common functions */
#include "crypto_rsa.h"
DISABLE_GCC_WARNING(redundant-decls)
#include <openssl/hmac.h>
ENABLE_GCC_WARNING(redundant-decls)
#include "container.h"
/* public key crypto digest functions */
/** Check a siglen-byte long signature at <b>sig</b> against
* <b>datalen</b> bytes of data at <b>data</b>, using the public key
* in <b>env</b>. Return 0 if <b>sig</b> is a correct signature for
* SHA1(data). Else return -1.
*/
MOCK_IMPL(int,
crypto_pk_public_checksig_digest,(crypto_pk_t *env, const char *data,
size_t datalen, const char *sig,
size_t siglen))
{
char digest[DIGEST_LEN];
char *buf;
size_t buflen;
int r;
tor_assert(env);
tor_assert(data);
tor_assert(sig);
tor_assert(datalen < SIZE_T_CEILING);
tor_assert(siglen < SIZE_T_CEILING);
if (crypto_digest(digest,data,datalen)<0) {
log_warn(LD_BUG, "couldn't compute digest");
return -1;
}
buflen = crypto_pk_keysize(env);
buf = tor_malloc(buflen);
r = crypto_pk_public_checksig(env,buf,buflen,sig,siglen);
if (r != DIGEST_LEN) {
log_warn(LD_CRYPTO, "Invalid signature");
tor_free(buf);
return -1;
}
if (tor_memneq(buf, digest, DIGEST_LEN)) {
log_warn(LD_CRYPTO, "Signature mismatched with digest.");
tor_free(buf);
return -1;
}
tor_free(buf);
return 0;
}
/** Compute a SHA1 digest of <b>fromlen</b> bytes of data stored at
* <b>from</b>; sign the data with the private key in <b>env</b>, and
* store it in <b>to</b>. Return the number of bytes written on
* success, and -1 on failure.
*
* <b>tolen</b> is the number of writable bytes in <b>to</b>, and must be
* at least the length of the modulus of <b>env</b>.
*/
int
crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen)
{
int r;
char digest[DIGEST_LEN];
if (crypto_digest(digest,from,fromlen)<0)
return -1;
r = crypto_pk_private_sign(env,to,tolen,digest,DIGEST_LEN);
memwipe(digest, 0, sizeof(digest));
return r;
}
/** Given a private or public key <b>pk</b>, put a SHA1 hash of the
* public key into <b>digest_out</b> (must have DIGEST_LEN bytes of space).
* Return 0 on success, -1 on failure.
*/
int
crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out)
{
char *buf;
size_t buflen;
int len;
int rv = -1;
buflen = crypto_pk_keysize(pk)*2;
buf = tor_malloc(buflen);
len = crypto_pk_asn1_encode(pk, buf, buflen);
if (len < 0)
goto done;
if (crypto_digest(digest_out, buf, len) < 0)
goto done;
rv = 0;
done:
tor_free(buf);
return rv;
}
/** Compute all digests of the DER encoding of <b>pk</b>, and store them
* in <b>digests_out</b>. Return 0 on success, -1 on failure. */
int
crypto_pk_get_common_digests(crypto_pk_t *pk, common_digests_t *digests_out)
{
char *buf;
size_t buflen;
int len;
int rv = -1;
buflen = crypto_pk_keysize(pk)*2;
buf = tor_malloc(buflen);
len = crypto_pk_asn1_encode(pk, buf, buflen);
if (len < 0)
goto done;
if (crypto_common_digests(digests_out, (char*)buf, len) < 0)
goto done;
rv = 0;
done:
tor_free(buf);
return rv;
}
/* Crypto digest functions */
/** Compute the SHA1 digest of the <b>len</b> bytes on data stored in
* <b>m</b>. Write the DIGEST_LEN byte result into <b>digest</b>.
* Return 0 on success, -1 on failure.
*/
int
crypto_digest(char *digest, const char *m, size_t len)
{
tor_assert(m);
tor_assert(digest);
if (SHA1((const unsigned char*)m,len,(unsigned char*)digest) == NULL)
return -1;
return 0;
}
/** Compute a 256-bit digest of <b>len</b> bytes in data stored in <b>m</b>,
* using the algorithm <b>algorithm</b>. Write the DIGEST_LEN256-byte result
* into <b>digest</b>. Return 0 on success, -1 on failure. */
int
crypto_digest256(char *digest, const char *m, size_t len,
digest_algorithm_t algorithm)
{
tor_assert(m);
tor_assert(digest);
tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
int ret = 0;
if (algorithm == DIGEST_SHA256)
ret = (SHA256((const uint8_t*)m,len,(uint8_t*)digest) != NULL);
else
ret = (sha3_256((uint8_t *)digest, DIGEST256_LEN,(const uint8_t *)m, len)
> -1);
if (!ret)
return -1;
return 0;
}
/** Compute a 512-bit digest of <b>len</b> bytes in data stored in <b>m</b>,
* using the algorithm <b>algorithm</b>. Write the DIGEST_LEN512-byte result
* into <b>digest</b>. Return 0 on success, -1 on failure. */
int
crypto_digest512(char *digest, const char *m, size_t len,
digest_algorithm_t algorithm)
{
tor_assert(m);
tor_assert(digest);
tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
int ret = 0;
if (algorithm == DIGEST_SHA512)
ret = (SHA512((const unsigned char*)m,len,(unsigned char*)digest)
!= NULL);
else
ret = (sha3_512((uint8_t*)digest, DIGEST512_LEN, (const uint8_t*)m, len)
> -1);
if (!ret)
return -1;
return 0;
}
/** Set the common_digests_t in <b>ds_out</b> to contain every digest on the
* <b>len</b> bytes in <b>m</b> that we know how to compute. Return 0 on
* success, -1 on failure. */
int
crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len)
{
tor_assert(ds_out);
memset(ds_out, 0, sizeof(*ds_out));
if (crypto_digest(ds_out->d[DIGEST_SHA1], m, len) < 0)
return -1;
if (crypto_digest256(ds_out->d[DIGEST_SHA256], m, len, DIGEST_SHA256) < 0)
return -1;
return 0;
}
/** Return the name of an algorithm, as used in directory documents. */
const char *
crypto_digest_algorithm_get_name(digest_algorithm_t alg)
{
switch (alg) {
case DIGEST_SHA1:
return "sha1";
case DIGEST_SHA256:
return "sha256";
case DIGEST_SHA512:
return "sha512";
case DIGEST_SHA3_256:
return "sha3-256";
case DIGEST_SHA3_512:
return "sha3-512";
// LCOV_EXCL_START
default:
tor_fragile_assert();
return "??unknown_digest??";
// LCOV_EXCL_STOP
}
}
/** Given the name of a digest algorithm, return its integer value, or -1 if
* the name is not recognized. */
int
crypto_digest_algorithm_parse_name(const char *name)
{
if (!strcmp(name, "sha1"))
return DIGEST_SHA1;
else if (!strcmp(name, "sha256"))
return DIGEST_SHA256;
else if (!strcmp(name, "sha512"))
return DIGEST_SHA512;
else if (!strcmp(name, "sha3-256"))
return DIGEST_SHA3_256;
else if (!strcmp(name, "sha3-512"))
return DIGEST_SHA3_512;
else
return -1;
}
/** Given an algorithm, return the digest length in bytes. */
size_t
crypto_digest_algorithm_get_length(digest_algorithm_t alg)
{
switch (alg) {
case DIGEST_SHA1:
return DIGEST_LEN;
case DIGEST_SHA256:
return DIGEST256_LEN;
case DIGEST_SHA512:
return DIGEST512_LEN;
case DIGEST_SHA3_256:
return DIGEST256_LEN;
case DIGEST_SHA3_512:
return DIGEST512_LEN;
default:
tor_assert(0); // LCOV_EXCL_LINE
return 0; /* Unreachable */ // LCOV_EXCL_LINE
}
}
/** Intermediate information about the digest of a stream of data. */
struct crypto_digest_t {
digest_algorithm_t algorithm; /**< Which algorithm is in use? */
/** State for the digest we're using. Only one member of the
* union is usable, depending on the value of <b>algorithm</b>. Note also
* that space for other members might not even be allocated!
*/
union {
SHA_CTX sha1; /**< state for SHA1 */
SHA256_CTX sha2; /**< state for SHA256 */
SHA512_CTX sha512; /**< state for SHA512 */
keccak_state sha3; /**< state for SHA3-[256,512] */
} d;
};
#ifdef TOR_UNIT_TESTS
digest_algorithm_t
crypto_digest_get_algorithm(crypto_digest_t *digest)
{
tor_assert(digest);
return digest->algorithm;
}
#endif /* defined(TOR_UNIT_TESTS) */
/**
* Return the number of bytes we need to malloc in order to get a
* crypto_digest_t for <b>alg</b>, or the number of bytes we need to wipe
* when we free one.
*/
static size_t
crypto_digest_alloc_bytes(digest_algorithm_t alg)
{
/* Helper: returns the number of bytes in the 'f' field of 'st' */
#define STRUCT_FIELD_SIZE(st, f) (sizeof( ((st*)0)->f ))
/* Gives the length of crypto_digest_t through the end of the field 'd' */
#define END_OF_FIELD(f) (offsetof(crypto_digest_t, f) + \
STRUCT_FIELD_SIZE(crypto_digest_t, f))
switch (alg) {
case DIGEST_SHA1:
return END_OF_FIELD(d.sha1);
case DIGEST_SHA256:
return END_OF_FIELD(d.sha2);
case DIGEST_SHA512:
return END_OF_FIELD(d.sha512);
case DIGEST_SHA3_256:
case DIGEST_SHA3_512:
return END_OF_FIELD(d.sha3);
default:
tor_assert(0); // LCOV_EXCL_LINE
return 0; // LCOV_EXCL_LINE
}
#undef END_OF_FIELD
#undef STRUCT_FIELD_SIZE
}
/**
* Internal function: create and return a new digest object for 'algorithm'.
* Does not typecheck the algorithm.
*/
static crypto_digest_t *
crypto_digest_new_internal(digest_algorithm_t algorithm)
{
crypto_digest_t *r = tor_malloc(crypto_digest_alloc_bytes(algorithm));
r->algorithm = algorithm;
switch (algorithm)
{
case DIGEST_SHA1:
SHA1_Init(&r->d.sha1);
break;
case DIGEST_SHA256:
SHA256_Init(&r->d.sha2);
break;
case DIGEST_SHA512:
SHA512_Init(&r->d.sha512);
break;
case DIGEST_SHA3_256:
keccak_digest_init(&r->d.sha3, 256);
break;
case DIGEST_SHA3_512:
keccak_digest_init(&r->d.sha3, 512);
break;
default:
tor_assert_unreached();
}
return r;
}
/** Allocate and return a new digest object to compute SHA1 digests.
*/
crypto_digest_t *
crypto_digest_new(void)
{
return crypto_digest_new_internal(DIGEST_SHA1);
}
/** Allocate and return a new digest object to compute 256-bit digests
* using <b>algorithm</b>. */
crypto_digest_t *
crypto_digest256_new(digest_algorithm_t algorithm)
{
tor_assert(algorithm == DIGEST_SHA256 || algorithm == DIGEST_SHA3_256);
return crypto_digest_new_internal(algorithm);
}
/** Allocate and return a new digest object to compute 512-bit digests
* using <b>algorithm</b>. */
crypto_digest_t *
crypto_digest512_new(digest_algorithm_t algorithm)
{
tor_assert(algorithm == DIGEST_SHA512 || algorithm == DIGEST_SHA3_512);
return crypto_digest_new_internal(algorithm);
}
/** Deallocate a digest object.
*/
void
crypto_digest_free_(crypto_digest_t *digest)
{
if (!digest)
return;
size_t bytes = crypto_digest_alloc_bytes(digest->algorithm);
memwipe(digest, 0, bytes);
tor_free(digest);
}
/** Add <b>len</b> bytes from <b>data</b> to the digest object.
*/
void
crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
size_t len)
{
tor_assert(digest);
tor_assert(data);
/* Using the SHA*_*() calls directly means we don't support doing
* SHA in hardware. But so far the delay of getting the question
* to the hardware, and hearing the answer, is likely higher than
* just doing it ourselves. Hashes are fast.
*/
switch (digest->algorithm) {
case DIGEST_SHA1:
SHA1_Update(&digest->d.sha1, (void*)data, len);
break;
case DIGEST_SHA256:
SHA256_Update(&digest->d.sha2, (void*)data, len);
break;
case DIGEST_SHA512:
SHA512_Update(&digest->d.sha512, (void*)data, len);
break;
case DIGEST_SHA3_256: /* FALLSTHROUGH */
case DIGEST_SHA3_512:
keccak_digest_update(&digest->d.sha3, (const uint8_t *)data, len);
break;
default:
/* LCOV_EXCL_START */
tor_fragile_assert();
break;
/* LCOV_EXCL_STOP */
}
}
/** Compute the hash of the data that has been passed to the digest
* object; write the first out_len bytes of the result to <b>out</b>.
* <b>out_len</b> must be \<= DIGEST512_LEN.
*/
void
crypto_digest_get_digest(crypto_digest_t *digest,
char *out, size_t out_len)
{
unsigned char r[DIGEST512_LEN];
crypto_digest_t tmpenv;
tor_assert(digest);
tor_assert(out);
tor_assert(out_len <= crypto_digest_algorithm_get_length(digest->algorithm));
/* The SHA-3 code handles copying into a temporary ctx, and also can handle
* short output buffers by truncating appropriately. */
if (digest->algorithm == DIGEST_SHA3_256 ||
digest->algorithm == DIGEST_SHA3_512) {
keccak_digest_sum(&digest->d.sha3, (uint8_t *)out, out_len);
return;
}
const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm);
/* memcpy into a temporary ctx, since SHA*_Final clears the context */
memcpy(&tmpenv, digest, alloc_bytes);
switch (digest->algorithm) {
case DIGEST_SHA1:
SHA1_Final(r, &tmpenv.d.sha1);
break;
case DIGEST_SHA256:
SHA256_Final(r, &tmpenv.d.sha2);
break;
case DIGEST_SHA512:
SHA512_Final(r, &tmpenv.d.sha512);
break;
//LCOV_EXCL_START
case DIGEST_SHA3_256: /* FALLSTHROUGH */
case DIGEST_SHA3_512:
default:
log_warn(LD_BUG, "Handling unexpected algorithm %d", digest->algorithm);
/* This is fatal, because it should never happen. */
tor_assert_unreached();
break;
//LCOV_EXCL_STOP
}
memcpy(out, r, out_len);
memwipe(r, 0, sizeof(r));
}
/** Allocate and return a new digest object with the same state as
* <b>digest</b>
*/
crypto_digest_t *
crypto_digest_dup(const crypto_digest_t *digest)
{
tor_assert(digest);
const size_t alloc_bytes = crypto_digest_alloc_bytes(digest->algorithm);
return tor_memdup(digest, alloc_bytes);
}
/** Replace the state of the digest object <b>into</b> with the state
* of the digest object <b>from</b>. Requires that 'into' and 'from'
* have the same digest type.
*/
void
crypto_digest_assign(crypto_digest_t *into,
const crypto_digest_t *from)
{
tor_assert(into);
tor_assert(from);
tor_assert(into->algorithm == from->algorithm);
const size_t alloc_bytes = crypto_digest_alloc_bytes(from->algorithm);
memcpy(into,from,alloc_bytes);
}
/** Given a list of strings in <b>lst</b>, set the <b>len_out</b>-byte digest
* at <b>digest_out</b> to the hash of the concatenation of those strings,
* plus the optional string <b>append</b>, computed with the algorithm
* <b>alg</b>.
* <b>out_len</b> must be \<= DIGEST512_LEN. */
void
crypto_digest_smartlist(char *digest_out, size_t len_out,
const smartlist_t *lst,
const char *append,
digest_algorithm_t alg)
{
crypto_digest_smartlist_prefix(digest_out, len_out, NULL, lst, append, alg);
}
/** Given a list of strings in <b>lst</b>, set the <b>len_out</b>-byte digest
* at <b>digest_out</b> to the hash of the concatenation of: the
* optional string <b>prepend</b>, those strings,
* and the optional string <b>append</b>, computed with the algorithm
* <b>alg</b>.
* <b>len_out</b> must be \<= DIGEST512_LEN. */
void
crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
const char *prepend,
const smartlist_t *lst,
const char *append,
digest_algorithm_t alg)
{
crypto_digest_t *d = crypto_digest_new_internal(alg);
if (prepend)
crypto_digest_add_bytes(d, prepend, strlen(prepend));
SMARTLIST_FOREACH(lst, const char *, cp,
crypto_digest_add_bytes(d, cp, strlen(cp)));
if (append)
crypto_digest_add_bytes(d, append, strlen(append));
crypto_digest_get_digest(d, digest_out, len_out);
crypto_digest_free(d);
}
/** Compute the HMAC-SHA-256 of the <b>msg_len</b> bytes in <b>msg</b>, using
* the <b>key</b> of length <b>key_len</b>. Store the DIGEST256_LEN-byte
* result in <b>hmac_out</b>. Asserts on failure.
*/
void
crypto_hmac_sha256(char *hmac_out,
const char *key, size_t key_len,
const char *msg, size_t msg_len)
{
unsigned char *rv = NULL;
/* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */
tor_assert(key_len < INT_MAX);
tor_assert(msg_len < INT_MAX);
tor_assert(hmac_out);
rv = HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len,
(unsigned char*)hmac_out, NULL);
tor_assert(rv);
}
/** Compute a MAC using SHA3-256 of <b>msg_len</b> bytes in <b>msg</b> using a
* <b>key</b> of length <b>key_len</b> and a <b>salt</b> of length
* <b>salt_len</b>. Store the result of <b>len_out</b> bytes in in
* <b>mac_out</b>. This function can't fail. */
void
crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out,
const uint8_t *key, size_t key_len,
const uint8_t *msg, size_t msg_len)
{
crypto_digest_t *digest;
const uint64_t key_len_netorder = tor_htonll(key_len);
tor_assert(mac_out);
tor_assert(key);
tor_assert(msg);
digest = crypto_digest256_new(DIGEST_SHA3_256);
/* Order matters here that is any subsystem using this function should
* expect this very precise ordering in the MAC construction. */
crypto_digest_add_bytes(digest, (const char *) &key_len_netorder,
sizeof(key_len_netorder));
crypto_digest_add_bytes(digest, (const char *) key, key_len);
crypto_digest_add_bytes(digest, (const char *) msg, msg_len);
crypto_digest_get_digest(digest, (char *) mac_out, len_out);
crypto_digest_free(digest);
}

124
src/common/crypto_digest.h Normal file
View file

@ -0,0 +1,124 @@
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2017, The Tor Project, Inc. */
/* See LICENSE for licensing information */
/**
* \file crypto_digest.h
*
* \brief Headers for crypto_digest.c
**/
#ifndef TOR_CRYPTO_DIGEST_H
#define TOR_CRYPTO_DIGEST_H
#include <stdio.h>
#include "crypto_rsa.h"
/** Length of the output of our message digest. */
#define DIGEST_LEN 20
/** Length of the output of our second (improved) message digests. (For now
* this is just sha256, but it could be any other 256-bit digest.) */
#define DIGEST256_LEN 32
/** Length of the output of our 64-bit optimized message digests (SHA512). */
#define DIGEST512_LEN 64
/** Length of a sha1 message digest when encoded in base32 with trailing =
* signs removed. */
#define BASE32_DIGEST_LEN 32
/** Length of a sha1 message digest when encoded in base64 with trailing =
* signs removed. */
#define BASE64_DIGEST_LEN 27
/** Length of a sha256 message digest when encoded in base64 with trailing =
* signs removed. */
#define BASE64_DIGEST256_LEN 43
/** Length of a sha512 message digest when encoded in base64 with trailing =
* signs removed. */
#define BASE64_DIGEST512_LEN 86
/** Length of hex encoding of SHA1 digest, not including final NUL. */
#define HEX_DIGEST_LEN 40
/** Length of hex encoding of SHA256 digest, not including final NUL. */
#define HEX_DIGEST256_LEN 64
/** Length of hex encoding of SHA512 digest, not including final NUL. */
#define HEX_DIGEST512_LEN 128
typedef enum {
DIGEST_SHA1 = 0,
DIGEST_SHA256 = 1,
DIGEST_SHA512 = 2,
DIGEST_SHA3_256 = 3,
DIGEST_SHA3_512 = 4,
} digest_algorithm_t;
#define N_DIGEST_ALGORITHMS (DIGEST_SHA3_512+1)
#define N_COMMON_DIGEST_ALGORITHMS (DIGEST_SHA256+1)
/** A set of all the digests we commonly compute, taken on a single
* string. Any digests that are shorter than 512 bits are right-padded
* with 0 bits.
*
* Note that this representation wastes 44 bytes for the SHA1 case, so
* don't use it for anything where we need to allocate a whole bunch at
* once.
**/
typedef struct {
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN];
} common_digests_t;
typedef struct crypto_digest_t crypto_digest_t;
/* public key crypto digest */
MOCK_DECL(int, crypto_pk_public_checksig_digest,(crypto_pk_t *env,
const char *data, size_t datalen,
const char *sig, size_t siglen));
int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
const char *from, size_t fromlen);
int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
int crypto_pk_get_common_digests(crypto_pk_t *pk,
common_digests_t *digests_out);
/* SHA-1 and other digests */
int crypto_digest(char *digest, const char *m, size_t len);
int crypto_digest256(char *digest, const char *m, size_t len,
digest_algorithm_t algorithm);
int crypto_digest512(char *digest, const char *m, size_t len,
digest_algorithm_t algorithm);
int crypto_common_digests(common_digests_t *ds_out, const char *m, size_t len);
void crypto_digest_smartlist_prefix(char *digest_out, size_t len_out,
const char *prepend,
const struct smartlist_t *lst,
const char *append,
digest_algorithm_t alg);
void crypto_digest_smartlist(char *digest_out, size_t len_out,
const struct smartlist_t *lst, const char *append,
digest_algorithm_t alg);
const char *crypto_digest_algorithm_get_name(digest_algorithm_t alg);
size_t crypto_digest_algorithm_get_length(digest_algorithm_t alg);
int crypto_digest_algorithm_parse_name(const char *name);
crypto_digest_t *crypto_digest_new(void);
crypto_digest_t *crypto_digest256_new(digest_algorithm_t algorithm);
crypto_digest_t *crypto_digest512_new(digest_algorithm_t algorithm);
void crypto_digest_free_(crypto_digest_t *digest);
#define crypto_digest_free(d) \
FREE_AND_NULL(crypto_digest_t, crypto_digest_free_, (d))
void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
size_t len);
void crypto_digest_get_digest(crypto_digest_t *digest,
char *out, size_t out_len);
crypto_digest_t *crypto_digest_dup(const crypto_digest_t *digest);
void crypto_digest_assign(crypto_digest_t *into,
const crypto_digest_t *from);
void crypto_hmac_sha256(char *hmac_out,
const char *key, size_t key_len,
const char *msg, size_t msg_len);
void crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out,
const uint8_t *key, size_t key_len,
const uint8_t *msg, size_t msg_len);
#ifdef TOR_UNIT_TESTS
digest_algorithm_t crypto_digest_get_algorithm(crypto_digest_t *digest);
#endif
#endif /* !defined(TOR_CRYPTO_DIGEST_H) */