Tor 0.4.9.0-alpha-dev
|
Block of functions related with RSA utilities and operations. More...
#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/crypt_ops/crypto_curve25519.h"
#include "lib/crypt_ops/crypto_digest.h"
#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/compat_openssl.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_rsa.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/ctime/di_ops.h"
#include "lib/log/util_bug.h"
#include "lib/fs/files.h"
#include "lib/log/escape.h"
#include "lib/log/log.h"
#include "lib/encoding/binascii.h"
#include "lib/encoding/pem.h"
#include <string.h>
Go to the source code of this file.
Macros | |
#define | PRIVATE_ASN_MAX_OVERHEAD_FACTOR 16 |
#define | PUBLIC_ASN_MAX_OVERHEAD_FACTOR 3 |
#define | MAX_PRIVKEY_FILE_LEN (16*1024*1024) |
Functions | |
int | crypto_get_rsa_padding_overhead (int padding) |
int | crypto_pk_eq_keys (const crypto_pk_t *a, const crypto_pk_t *b) |
int | crypto_pk_obsolete_public_hybrid_encrypt (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int force) |
int | crypto_pk_obsolete_private_hybrid_decrypt (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen, int padding, int warnOnFailure) |
int | crypto_pk_get_fingerprint (crypto_pk_t *pk, char *fp_out, int add_space) |
int | crypto_pk_get_hashed_fingerprint (crypto_pk_t *pk, char *fp_out) |
void | crypto_add_spaces_to_fp (char *out, size_t outlen, const char *in) |
int | crypto_pk_public_checksig_digest (crypto_pk_t *env, const char *data, size_t datalen, const char *sig, size_t siglen) |
int | crypto_pk_private_sign_digest (crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen) |
int | crypto_pk_get_digest (const crypto_pk_t *pk, char *digest_out) |
int | crypto_pk_get_common_digests (crypto_pk_t *pk, common_digests_t *digests_out) |
static int | crypto_pk_write_to_string_generic (crypto_pk_t *env, char **dest, size_t *len, bool private_key) |
int | crypto_pk_write_public_key_to_string (crypto_pk_t *env, char **dest, size_t *len) |
int | crypto_pk_write_private_key_to_string (crypto_pk_t *env, char **dest, size_t *len) |
static int | crypto_pk_read_from_string_generic (crypto_pk_t *env, const char *src, size_t len, int severity, bool private_key, int max_bits) |
int | crypto_pk_read_public_key_from_string (crypto_pk_t *env, const char *src, size_t len) |
int | crypto_pk_read_private_key_from_string (crypto_pk_t *env, const char *src, ssize_t len) |
int | crypto_pk_read_private_key1024_from_string (crypto_pk_t *env, const char *src, ssize_t len) |
int | crypto_pk_read_private_key_from_filename (crypto_pk_t *env, const char *keyfile) |
int | crypto_pk_write_private_key_to_filename (crypto_pk_t *env, const char *fname) |
int | crypto_pk_base64_encode_private (const crypto_pk_t *pk, char **priv_out) |
crypto_pk_t * | crypto_pk_base64_decode_private (const char *str, size_t len) |
Variables | |
static const char | RSA_PUBLIC_TAG [] = "RSA PUBLIC KEY" |
static const char | RSA_PRIVATE_TAG [] = "RSA PRIVATE KEY" |
Block of functions related with RSA utilities and operations.
OpenSSL implementations of our RSA code.
NSS implementations of our RSA code.
Definition in file crypto_rsa.c.
#define MAX_PRIVKEY_FILE_LEN (16*1024*1024) |
If a file is longer than this, we won't try to decode its private key
Definition at line 572 of file crypto_rsa.c.
#define PRIVATE_ASN_MAX_OVERHEAD_FACTOR 16 |
Definition at line 408 of file crypto_rsa.c.
#define PUBLIC_ASN_MAX_OVERHEAD_FACTOR 3 |
Definition at line 409 of file crypto_rsa.c.
void crypto_add_spaces_to_fp | ( | char * | out, |
size_t | outlen, | ||
const char * | in | ||
) |
Copy in to the outlen-byte buffer out, adding spaces every four characters.
Definition at line 270 of file crypto_rsa.c.
Referenced by crypto_pk_get_fingerprint().
int crypto_get_rsa_padding_overhead | ( | int | padding | ) |
Return the number of bytes added by padding method padding.
Definition at line 41 of file crypto_rsa.c.
Referenced by crypto_pk_obsolete_public_hybrid_encrypt().
crypto_pk_t * crypto_pk_base64_decode_private | ( | const char * | str, |
size_t | len | ||
) |
Given a string containing the Base64 encoded DER representation of the private key str, decode and return the result on success, or NULL on failure.
Definition at line 669 of file crypto_rsa.c.
int crypto_pk_base64_encode_private | ( | const crypto_pk_t * | pk, |
char ** | priv_out | ||
) |
Given a crypto_pk_t pk, allocate a new buffer containing the Base64 encoding of the DER representation of the private key as a NUL terminated string, and return it via priv_out. Return 0 on success, -1 on failure.
It is the caller's responsibility to sanitize and free the resulting buffer.
Definition at line 633 of file crypto_rsa.c.
int crypto_pk_eq_keys | ( | const crypto_pk_t * | a, |
const crypto_pk_t * | b | ||
) |
Compare the public-key components of a and b. Return non-zero iff a==b. A NULL key is considered to be distinct from all non-NULL keys, and equal to itself.
Note that this may leak information about the keys through timing.
Definition at line 71 of file crypto_rsa.c.
Referenced by assert_identity_keys_ok(), and router_differences_are_cosmetic().
int crypto_pk_get_common_digests | ( | crypto_pk_t * | pk, |
common_digests_t * | digests_out | ||
) |
Compute all digests of the DER encoding of pk, and store them in digests_out. Return 0 on success, -1 on failure.
Definition at line 381 of file crypto_rsa.c.
int crypto_pk_get_digest | ( | const crypto_pk_t * | pk, |
char * | digest_out | ||
) |
Given a private or public key pk, put a SHA1 hash of the public key into digest_out (must have DIGEST_LEN bytes of space). Return 0 on success, -1 on failure.
Definition at line 356 of file crypto_rsa.c.
Referenced by crypto_pk_get_fingerprint(), crypto_pk_get_hashed_fingerprint(), make_tap_onion_key_crosscert(), sr_generate_our_commit(), and sr_handle_received_commits().
int crypto_pk_get_fingerprint | ( | crypto_pk_t * | pk, |
char * | fp_out, | ||
int | add_space | ||
) |
Given a private or public key pk, put a fingerprint of the public key into fp_out (must have at least FINGERPRINT_LEN+1 bytes of space). Return 0 on success, -1 on failure.
Fingerprints are computed as the SHA1 digest of the ASN.1 encoding of the public key, converted to hexadecimal, in upper case, with a space after every four digits.
If add_space is false, omit the spaces.
Definition at line 229 of file crypto_rsa.c.
Referenced by dirserv_add_own_fingerprint().
int crypto_pk_get_hashed_fingerprint | ( | crypto_pk_t * | pk, |
char * | fp_out | ||
) |
Given a private or public key pk, put a hashed fingerprint of the public key into fp_out (must have at least FINGERPRINT_LEN+1 bytes of space). Return 0 on success, -1 on failure.
Hashed fingerprints are computed as the SHA1 digest of the SHA1 digest of the ASN.1 encoding of the public key, converted to hexadecimal, in upper case.
Definition at line 254 of file crypto_rsa.c.
Referenced by router_announce_bridge_status_page().
int crypto_pk_obsolete_private_hybrid_decrypt | ( | crypto_pk_t * | env, |
char * | to, | ||
size_t | tolen, | ||
const char * | from, | ||
size_t | fromlen, | ||
int | padding, | ||
int | warnOnFailure | ||
) |
Invert crypto_pk_obsolete_public_hybrid_encrypt. Returns the number of bytes written on success, -1 on failure.
NOTE that this format does not authenticate the symmetrically encrypted part of the data, and SHOULD NOT BE USED for new protocols.
Definition at line 163 of file crypto_rsa.c.
int crypto_pk_obsolete_public_hybrid_encrypt | ( | crypto_pk_t * | env, |
char * | to, | ||
size_t | tolen, | ||
const char * | from, | ||
size_t | fromlen, | ||
int | padding, | ||
int | force | ||
) |
Perform a hybrid (public/secret) encryption on fromlen bytes of data from from, with padding type 'padding', storing the results on to.
Returns the number of bytes written on success, -1 on failure.
The encrypted data consists of:
NOTE that this format does not authenticate the symmetrically encrypted part of the data, and SHOULD NOT BE USED for new protocols.
Definition at line 94 of file crypto_rsa.c.
int crypto_pk_private_sign_digest | ( | crypto_pk_t * | env, |
char * | to, | ||
size_t | tolen, | ||
const char * | from, | ||
size_t | fromlen | ||
) |
Compute a SHA1 digest of fromlen bytes of data stored at from; sign the data with the private key in env, and store it in to. Return the number of bytes written on success, and -1 on failure.
tolen is the number of writable bytes in to, and must be at least the length of the modulus of env.
Definition at line 339 of file crypto_rsa.c.
int crypto_pk_public_checksig_digest | ( | crypto_pk_t * | env, |
const char * | data, | ||
size_t | datalen, | ||
const char * | sig, | ||
size_t | siglen | ||
) |
Check a siglen-byte long signature at sig against datalen bytes of data at data, using the public key in env. Return 0 if sig is a correct signature for SHA1(data). Else return -1.
Definition at line 295 of file crypto_rsa.c.
|
static |
Helper. Read a PEM-encoded RSA from the first len characters of src, and store the result in env. If private_key, expect a private key; otherwise expect a public key. Return 0 on success, -1 on failure. If len is -1, the string is nul-terminated.
Definition at line 491 of file crypto_rsa.c.
Referenced by crypto_pk_read_private_key1024_from_string(), crypto_pk_read_private_key_from_string(), and crypto_pk_read_public_key_from_string().
int crypto_pk_read_private_key1024_from_string | ( | crypto_pk_t * | env, |
const char * | src, | ||
ssize_t | len | ||
) |
As crypto_pk_read_private_key_from_string(), but reject any key with a modulus longer than 1024 bits before doing any expensive validation on it.
Definition at line 564 of file crypto_rsa.c.
int crypto_pk_read_private_key_from_filename | ( | crypto_pk_t * | env, |
const char * | keyfile | ||
) |
Read a PEM-encoded private key from the file named by keyfile into env. Return 0 on success, -1 on failure.
Definition at line 578 of file crypto_rsa.c.
int crypto_pk_read_private_key_from_string | ( | crypto_pk_t * | env, |
const char * | src, | ||
ssize_t | len | ||
) |
Read a PEM-encoded private key from the len-byte string src into env. Return 0 on success, -1 on failure. If len is -1, the string is nul-terminated.
Definition at line 551 of file crypto_rsa.c.
int crypto_pk_read_public_key_from_string | ( | crypto_pk_t * | env, |
const char * | src, | ||
size_t | len | ||
) |
Read a PEM-encoded public key from the first len characters of src, and store the result in env. Return 0 on success, -1 on failure. If len is -1, the string is nul-terminated.
Definition at line 539 of file crypto_rsa.c.
int crypto_pk_write_private_key_to_filename | ( | crypto_pk_t * | env, |
const char * | fname | ||
) |
Write the private key from env into the file named by fname, PEM-encoded. Return 0 on success, -1 on failure.
Definition at line 610 of file crypto_rsa.c.
int crypto_pk_write_private_key_to_string | ( | crypto_pk_t * | env, |
char ** | dest, | ||
size_t * | len | ||
) |
PEM-encode the private key portion of env and write it to a newly allocated string. On success, set *dest to the new string, *len to the string's length, and return 0. On failure, return -1.
Definition at line 478 of file crypto_rsa.c.
Referenced by crypto_pk_write_private_key_to_filename().
int crypto_pk_write_public_key_to_string | ( | crypto_pk_t * | env, |
char ** | dest, | ||
size_t * | len | ||
) |
PEM-encode the public key portion of env and write it to a newly allocated string. On success, set *dest to the new string, *len to the string's length, and return 0. On failure, return -1.
Definition at line 466 of file crypto_rsa.c.
|
static |
Helper: PEM-encode env and write it to a newly allocated string. If private_key, write the private part of env; otherwise write only the public portion. On success, set *dest to the new string, *len to the string's length, and return 0. On failure, return -1.
Definition at line 418 of file crypto_rsa.c.
Referenced by crypto_pk_write_private_key_to_string(), and crypto_pk_write_public_key_to_string().
|
static |
Definition at line 404 of file crypto_rsa.c.
|
static |
Definition at line 403 of file crypto_rsa.c.