|
Tor 0.4.9.2-alpha-dev
|
•All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
|
Tor 0.4.9.2-alpha-dev
|
Implementation for counter galois onion encryption. More...
#include "orconfig.h"#include "core/or/or.h"#include "lib/crypt_ops/aes.h"#include "ext/polyval/polyval.h"#include "lib/crypt_ops/crypto_util.h"#include "lib/log/util_bug.h"#include "lib/arch/bytes.h"#include "core/crypto/relay_crypto_cgo.h"#include "core/or/cell_st.h"#include <string.h>Go to the source code of this file.
Macros | |
| #define | RELAY_CRYPTO_CGO_PRIVATE |
| #define | USE_AES_RAW |
| #define | T1_OFFSET 31 |
Functions | |
| static int | cgo_et_keylen (int aesbits) |
| STATIC int | cgo_et_init (cgo_et_t *et, int aesbits, bool encrypt, const uint8_t *key) |
| STATIC void | cgo_et_set_key (cgo_et_t *et, int aesbits, bool encrypt, const uint8_t *key) |
| static void | compute_et_mask (polyvalx_t *pvk, const et_tweak_t tweak, uint8_t *t_out) |
| static void | xor_block (uint8_t *out, const uint8_t *inp) |
| STATIC void | cgo_et_encrypt (cgo_et_t *et, const et_tweak_t tweak, uint8_t *block) |
| STATIC void | cgo_et_decrypt (cgo_et_t *et, const et_tweak_t tweak, uint8_t *block) |
| STATIC void | cgo_et_clear (cgo_et_t *et) |
| static int | cgo_prf_keylen (int aesbits) |
| STATIC int | cgo_prf_init (cgo_prf_t *prf, int aesbits, const uint8_t *key) |
| STATIC void | cgo_prf_set_key (cgo_prf_t *prf, int aesbits, const uint8_t *key) |
| STATIC void | cgo_prf_xor_t0 (cgo_prf_t *prf, const uint8_t *input, uint8_t *data) |
| STATIC void | cgo_prf_gen_t1 (cgo_prf_t *prf, const uint8_t *input, uint8_t *buf, size_t n) |
| STATIC void | cgo_prf_clear (cgo_prf_t *prf) |
| static int | cgo_uiv_keylen (int aesbits) |
| STATIC int | cgo_uiv_init (cgo_uiv_t *uiv, int aesbits, bool encrypt, const uint8_t *key) |
| STATIC void | cgo_uiv_encrypt (cgo_uiv_t *uiv, const uiv_tweak_t tweak, uint8_t *cell_body) |
| STATIC void | cgo_uiv_decrypt (cgo_uiv_t *uiv, const uiv_tweak_t tweak, uint8_t *cell_body) |
| STATIC void | cgo_uiv_update (cgo_uiv_t *uiv, int aesbits, bool encrypt, uint8_t *nonce) |
| STATIC void | cgo_uiv_clear (cgo_uiv_t *uiv) |
| size_t | cgo_key_material_len (int aesbits) |
| cgo_crypt_t * | cgo_crypt_new (cgo_mode_t mode, int aesbits, const uint8_t *keys, size_t keylen) |
| void | cgo_crypt_free_ (cgo_crypt_t *cgo) |
| static void | cgo_crypt_update (cgo_crypt_t *cgo, cgo_mode_t mode) |
| void | cgo_crypt_relay_forward (cgo_crypt_t *cgo, cell_t *cell, const uint8_t **recognized_tag_out) |
| void | cgo_crypt_relay_backward (cgo_crypt_t *cgo, cell_t *cell) |
| void | cgo_crypt_relay_originate (cgo_crypt_t *cgo, cell_t *cell, const uint8_t **tag_out) |
| void | cgo_crypt_client_forward (cgo_crypt_t *cgo, cell_t *cell) |
| void | cgo_crypt_client_originate (cgo_crypt_t *cgo, cell_t *cell, const uint8_t **tag_out) |
| void | cgo_crypt_client_backward (cgo_crypt_t *cgo, cell_t *cell, const uint8_t **recognized_tag_out) |
Implementation for counter galois onion encryption.
Definition in file relay_crypto_cgo.c.
| #define RELAY_CRYPTO_CGO_PRIVATE |
Definition at line 12 of file relay_crypto_cgo.c.
| #define USE_AES_RAW |
Definition at line 13 of file relay_crypto_cgo.c.
| void cgo_crypt_client_backward | ( | cgo_crypt_t * | cgo, |
| cell_t * | cell, | ||
| const uint8_t ** | recognized_tag_out | ||
| ) |
Backward CGO encryption operation at a rclient. process an inbound cell from a relay.
If the cell originated from this this relay, set *'recognized_tag_out' to point to a CGO_TAG_LEN value that should be used if we want to acknowledge this cell with an authenticated SENDME.
The value of 'recognized_tag_out' will become invalid as soon as any change is made to this 'cgo' object, or to the cell; if you need it, you should copy it immediately.
If the cell is not from this relay, set *'recognized_tag_out' to NULL.
Definition at line 560 of file relay_crypto_cgo.c.
| void cgo_crypt_client_forward | ( | cgo_crypt_t * | cgo, |
| cell_t * | cell | ||
| ) |
Forward CGO encryption at a client: process a cell for a non-destination hop.
Definition at line 509 of file relay_crypto_cgo.c.
Referenced by cgo_crypt_client_originate().
| void cgo_crypt_client_originate | ( | cgo_crypt_t * | cgo, |
| cell_t * | cell, | ||
| const uint8_t ** | tag_out | ||
| ) |
Forward CGO encryption at a client: originate a cell for a given target hop.
The provided cell must have its command value set, and should have the first CGO_TAG_LEN bytes of its payload unused.
Set '*tag_out' to a value that we should expect if we want an authenticated SENDME for this cell.
The value of 'recognized_tag_out' will become invalid as soon as any change is made to this 'cgo' object, or to the cell; if you need it, you should copy it immediately.
Definition at line 536 of file relay_crypto_cgo.c.
| void cgo_crypt_free_ | ( | cgo_crypt_t * | cgo | ) |
Clean up 'cgo' and free it.
Definition at line 403 of file relay_crypto_cgo.c.
| cgo_crypt_t * cgo_crypt_new | ( | cgo_mode_t | mode, |
| int | aesbits, | ||
| const uint8_t * | keys, | ||
| size_t | keylen | ||
| ) |
Instantiate a CGO authenticated encryption object from the provided 'keylen' bytes in 'keys'.
'keylen' must equal 'cgo_key_material_len(aesbits)'.
The client and relay must have two cgo_crypt_t objects each: one for the forward direction, and one for the reverse direction.
Definition at line 377 of file relay_crypto_cgo.c.
| void cgo_crypt_relay_backward | ( | cgo_crypt_t * | cgo, |
| cell_t * | cell | ||
| ) |
Backward CGO encryption operation at a relay: process an inbound cell from another relay, for the client.
Definition at line 461 of file relay_crypto_cgo.c.
| void cgo_crypt_relay_forward | ( | cgo_crypt_t * | cgo, |
| cell_t * | cell, | ||
| const uint8_t ** | recognized_tag_out | ||
| ) |
Forward CGO encryption operation at a relay: process an outbound cell from the client.
If the cell is for this relay, set *'recognized_tag_out' to point to a CGO_TAG_LEN value that should be used if we want to acknowledge this cell with an authenticated SENDME.
The value of 'recognized_tag_out' will become invalid as soon as any change is made to this 'cgo' object, or to the cell; if you need it, you should copy it immediately.
If the cell is not for this relay, set *'recognized_tag_out' to NULL.
Definition at line 438 of file relay_crypto_cgo.c.
| void cgo_crypt_relay_originate | ( | cgo_crypt_t * | cgo, |
| cell_t * | cell, | ||
| const uint8_t ** | tag_out | ||
| ) |
Backward CGO encryption operation at a relay: encrypt an inbound message that we are originating, for the client.
The provided cell must have its command value set, and should have the first CGO_TAG_LEN bytes of its payload unused.
Set '*tag_out' to a value that we should expect if we want an authenticated SENDME for this cell.
The value of 'recognized_tag_out' will become invalid as soon as any change is made to this 'cgo' object, or to the cell; if you need it, you should copy it immediately.
Definition at line 486 of file relay_crypto_cgo.c.
|
static |
Internal: Run the UIV Update operation on our UIV+ instance.
Definition at line 416 of file relay_crypto_cgo.c.
Referenced by cgo_crypt_client_backward(), cgo_crypt_client_originate(), cgo_crypt_relay_forward(), and cgo_crypt_relay_originate().
| STATIC void cgo_et_clear | ( | cgo_et_t * | et | ) |
Release any storage held in 'et'.
This doesn't wipe 'et'; that's done from a higher-level function.
Definition at line 128 of file relay_crypto_cgo.c.
Referenced by cgo_uiv_clear().
| STATIC void cgo_et_decrypt | ( | cgo_et_t * | et, |
| const et_tweak_t | tweak, | ||
| uint8_t * | block | ||
| ) |
Decrypt the 16-byte b lock in 'block'
Definition at line 113 of file relay_crypto_cgo.c.
Referenced by cgo_uiv_decrypt().
| STATIC void cgo_et_encrypt | ( | cgo_et_t * | et, |
| const et_tweak_t | tweak, | ||
| uint8_t * | block | ||
| ) |
Encrypt the 16-byte block in 'block'.
Definition at line 100 of file relay_crypto_cgo.c.
Referenced by cgo_uiv_encrypt().
| STATIC int cgo_et_init | ( | cgo_et_t * | et, |
| int | aesbits, | ||
| bool | encrypt, | ||
| const uint8_t * | key | ||
| ) |
Initialize an instance of the tweakable block cipher, using an 'aesbits'-bit AES key.
The total key material used from 'key' will be (aesbits / 8) + 16.
This will be initialized for encryption or decryption depending on the value of 'encrypt'
Definition at line 50 of file relay_crypto_cgo.c.
Referenced by cgo_uiv_init().
|
static |
Definition at line 35 of file relay_crypto_cgo.c.
| STATIC void cgo_et_set_key | ( | cgo_et_t * | et, |
| int | aesbits, | ||
| bool | encrypt, | ||
| const uint8_t * | key | ||
| ) |
Replace the key on an existing, already initialized cgo_et_t.
Does fewer allocations than a clear+init.
Definition at line 64 of file relay_crypto_cgo.c.
| size_t cgo_key_material_len | ( | int | aesbits | ) |
Return the total number of bytes needed to initialize a cgo_crypt_t.
Definition at line 361 of file relay_crypto_cgo.c.
Referenced by cgo_crypt_new().
| STATIC void cgo_prf_clear | ( | cgo_prf_t * | prf | ) |
Release any storage held in 'prf'.
This doesn't wipe 'prf'; that's done from a higher-level function.
Definition at line 233 of file relay_crypto_cgo.c.
Referenced by cgo_uiv_clear().
| STATIC void cgo_prf_gen_t1 | ( | cgo_prf_t * | prf, |
| const uint8_t * | input, | ||
| uint8_t * | buf, | ||
| size_t | n | ||
| ) |
Generate 'n' bytes of the PRF's results on 'input', for position t=1, and store them into 'buf'.
'input' must be PRF_INPUT_LEN bytes long.
Definition at line 204 of file relay_crypto_cgo.c.
| STATIC int cgo_prf_init | ( | cgo_prf_t * | prf, |
| int | aesbits, | ||
| const uint8_t * | key | ||
| ) |
Initialize a psedorandom function from a given key. Uses an internal 'aesbits'-bit AES key.
The total key material used from 'key' will be (aesbits / 8) + 16.
Definition at line 147 of file relay_crypto_cgo.c.
Referenced by cgo_uiv_init().
|
static |
Definition at line 134 of file relay_crypto_cgo.c.
| STATIC void cgo_prf_set_key | ( | cgo_prf_t * | prf, |
| int | aesbits, | ||
| const uint8_t * | key | ||
| ) |
Replace the key on an existing cgo_prf_t.
Does fewer allocations than a clear+init.
Definition at line 161 of file relay_crypto_cgo.c.
| STATIC void cgo_prf_xor_t0 | ( | cgo_prf_t * | prf, |
| const uint8_t * | input, | ||
| uint8_t * | data | ||
| ) |
Compute the PRF's results on 'input', for position t=0, XOR it into 'data'.
'input' must be PRF_INPUT_LEN bytes long.
'data' must be PRF_T0_DATA_LEN bytes long.
Definition at line 177 of file relay_crypto_cgo.c.
Referenced by cgo_uiv_decrypt(), and cgo_uiv_encrypt().
| STATIC void cgo_uiv_clear | ( | cgo_uiv_t * | uiv | ) |
Release any storage held in 'prf'.
This doesn't wipe 'prf'; that's done from a higher-level function.
Definition at line 347 of file relay_crypto_cgo.c.
Referenced by cgo_crypt_free_().
| STATIC void cgo_uiv_decrypt | ( | cgo_uiv_t * | uiv, |
| const uiv_tweak_t | tweak, | ||
| uint8_t * | cell_body | ||
| ) |
Decrypt 'cell_body', with the provided tweak.
The cell body must be UIV_BLOCK_LEN bytes long.
Definition at line 296 of file relay_crypto_cgo.c.
Referenced by cgo_crypt_client_backward(), and cgo_crypt_client_forward().
| STATIC void cgo_uiv_encrypt | ( | cgo_uiv_t * | uiv, |
| const uiv_tweak_t | tweak, | ||
| uint8_t * | cell_body | ||
| ) |
Encrypt 'cell_body', with the provided tweak.
The cell body must be UIV_BLOCK_LEN bytes long.
Definition at line 278 of file relay_crypto_cgo.c.
Referenced by cgo_crypt_relay_backward(), cgo_crypt_relay_forward(), and cgo_crypt_relay_originate().
| STATIC int cgo_uiv_init | ( | cgo_uiv_t * | uiv, |
| int | aesbits, | ||
| bool | encrypt, | ||
| const uint8_t * | key | ||
| ) |
Initialize the 'uiv' wide-block cipher, using 'aesbits'-bit AES keys internally.
Initializes for encryption or decryption depending on the value of 'encrypt'.
The total key material used from 'key' will be (aesbits / 8) * 2 + 32.
Definition at line 255 of file relay_crypto_cgo.c.
|
static |
Definition at line 239 of file relay_crypto_cgo.c.
| STATIC void cgo_uiv_update | ( | cgo_uiv_t * | uiv, |
| int | aesbits, | ||
| bool | encrypt, | ||
| uint8_t * | nonce | ||
| ) |
Irreversibly ransform the keys of this UIV+, and the provided nonce, using the nonce as input.
The nonce must be 16 bytes long.
Definition at line 315 of file relay_crypto_cgo.c.
|
inlinestatic |
Helper: Compute polyval(KU, H | CMD | X_R).
Definition at line 74 of file relay_crypto_cgo.c.
Referenced by cgo_et_decrypt(), and cgo_et_encrypt().
|
static |
XOR the 16 byte block from inp into out.
Definition at line 90 of file relay_crypto_cgo.c.
Referenced by cgo_et_decrypt(), and cgo_et_encrypt().
1.9.4