1 /* Copyright (c) 2001, Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2013, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
10 * \brief Headers for crypto.c
18 #include "testsupport.h"
21 Macro to create an arbitrary OpenSSL version number as used by
22 OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard
25 Don't use this directly, instead use one of the other OPENSSL_V macros
28 The format is: 4 bits major, 8 bits minor, 8 bits fix, 8 bits patch, 4 bit
31 #define OPENSSL_VER(a,b,c,d,e) \
37 /** An openssl release number. For example, OPENSSL_V(0,9,8,'j') is the
38 * version for the released version of 0.9.8j */
39 #define OPENSSL_V(a,b,c,d) \
40 OPENSSL_VER((a),(b),(c),(d)-'a'+1,0xf)
41 /** An openssl release number for the first release in the series. For
42 * example, OPENSSL_V_NOPATCH(1,0,0) is the first released version of OpenSSL
44 #define OPENSSL_V_NOPATCH(a,b,c) \
45 OPENSSL_VER((a),(b),(c),0,0xf)
46 /** The first version that would occur for any alpha or beta in an openssl
47 * series. For example, OPENSSL_V_SERIES(0,9,8) is greater than any released
48 * 0.9.7, and less than any released 0.9.8. */
49 #define OPENSSL_V_SERIES(a,b,c) \
50 OPENSSL_VER((a),(b),(c),0,0)
52 /** Length of the output of our message digest. */
54 /** Length of the output of our second (improved) message digests. (For now
55 * this is just sha256, but it could be any other 256-bit digest.) */
56 #define DIGEST256_LEN 32
57 /** Length of our symmetric cipher's keys. */
58 #define CIPHER_KEY_LEN 16
59 /** Length of our symmetric cipher's IV. */
60 #define CIPHER_IV_LEN 16
61 /** Length of our public keys. */
62 #define PK_BYTES (1024/8)
63 /** Length of our DH keys. */
64 #define DH_BYTES (1024/8)
66 /** Length of a sha1 message digest when encoded in base64 with trailing =
68 #define BASE64_DIGEST_LEN 27
69 /** Length of a sha256 message digest when encoded in base64 with trailing =
71 #define BASE64_DIGEST256_LEN 43
73 /** Constant used to indicate OAEP padding for public-key encryption */
74 #define PK_PKCS1_OAEP_PADDING 60002
76 /** Number of bytes added for PKCS1-OAEP padding. */
77 #define PKCS1_OAEP_PADDING_OVERHEAD 42
79 /** Length of encoded public key fingerprints, including space; but not
80 * including terminating NUL. */
81 #define FINGERPRINT_LEN 49
82 /** Length of hex encoding of SHA1 digest, not including final NUL. */
83 #define HEX_DIGEST_LEN 40
84 /** Length of hex encoding of SHA256 digest, not including final NUL. */
85 #define HEX_DIGEST256_LEN 64
91 #define N_DIGEST_ALGORITHMS (DIGEST_SHA256+1)
92 #define digest_algorithm_bitfield_t ENUM_BF(digest_algorithm_t)
94 /** A set of all the digests we know how to compute, taken on a single
95 * string. Any digests that are shorter than 256 bits are right-padded
98 * Note that this representation wastes 12 bytes for the SHA1 case, so
99 * don't use it for anything where we need to allocate a whole bunch at
103 char d
[N_DIGEST_ALGORITHMS
][DIGEST256_LEN
];
106 typedef struct crypto_pk_t crypto_pk_t
;
107 typedef struct crypto_cipher_t crypto_cipher_t
;
108 typedef struct crypto_digest_t crypto_digest_t
;
109 typedef struct crypto_dh_t crypto_dh_t
;
112 const char * crypto_openssl_get_version_str(void);
113 const char * crypto_openssl_get_header_version_str(void);
114 int crypto_early_init(void);
115 int crypto_global_init(int hardwareAccel
,
116 const char *accelName
,
117 const char *accelPath
);
118 void crypto_thread_cleanup(void);
119 int crypto_global_cleanup(void);
121 /* environment setup */
122 crypto_pk_t
*crypto_pk_new(void);
123 void crypto_pk_free(crypto_pk_t
*env
);
125 void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname
);
127 crypto_cipher_t
*crypto_cipher_new(const char *key
);
128 crypto_cipher_t
*crypto_cipher_new_with_iv(const char *key
, const char *iv
);
129 void crypto_cipher_free(crypto_cipher_t
*env
);
131 /* public key crypto */
132 int crypto_pk_generate_key_with_bits(crypto_pk_t
*env
, int bits
);
133 #define crypto_pk_generate_key(env) \
134 crypto_pk_generate_key_with_bits((env), (PK_BYTES*8))
136 int crypto_pk_read_private_key_from_filename(crypto_pk_t
*env
,
137 const char *keyfile
);
138 int crypto_pk_write_public_key_to_string(crypto_pk_t
*env
,
139 char **dest
, size_t *len
);
140 int crypto_pk_write_private_key_to_string(crypto_pk_t
*env
,
141 char **dest
, size_t *len
);
142 int crypto_pk_read_public_key_from_string(crypto_pk_t
*env
,
143 const char *src
, size_t len
);
144 int crypto_pk_read_private_key_from_string(crypto_pk_t
*env
,
145 const char *s
, ssize_t len
);
146 int crypto_pk_write_private_key_to_filename(crypto_pk_t
*env
,
149 int crypto_pk_check_key(crypto_pk_t
*env
);
150 int crypto_pk_cmp_keys(crypto_pk_t
*a
, crypto_pk_t
*b
);
151 int crypto_pk_eq_keys(crypto_pk_t
*a
, crypto_pk_t
*b
);
152 size_t crypto_pk_keysize(crypto_pk_t
*env
);
153 int crypto_pk_num_bits(crypto_pk_t
*env
);
154 crypto_pk_t
*crypto_pk_dup_key(crypto_pk_t
*orig
);
155 crypto_pk_t
*crypto_pk_copy_full(crypto_pk_t
*orig
);
156 int crypto_pk_key_is_private(const crypto_pk_t
*key
);
157 int crypto_pk_public_exponent_ok(crypto_pk_t
*env
);
159 int crypto_pk_public_encrypt(crypto_pk_t
*env
, char *to
, size_t tolen
,
160 const char *from
, size_t fromlen
, int padding
);
161 int crypto_pk_private_decrypt(crypto_pk_t
*env
, char *to
, size_t tolen
,
162 const char *from
, size_t fromlen
,
163 int padding
, int warnOnFailure
);
164 int crypto_pk_public_checksig(crypto_pk_t
*env
, char *to
, size_t tolen
,
165 const char *from
, size_t fromlen
);
166 int crypto_pk_public_checksig_digest(crypto_pk_t
*env
, const char *data
,
167 size_t datalen
, const char *sig
, size_t siglen
);
168 int crypto_pk_private_sign(crypto_pk_t
*env
, char *to
, size_t tolen
,
169 const char *from
, size_t fromlen
);
170 int crypto_pk_private_sign_digest(crypto_pk_t
*env
, char *to
, size_t tolen
,
171 const char *from
, size_t fromlen
);
172 int crypto_pk_public_hybrid_encrypt(crypto_pk_t
*env
, char *to
,
174 const char *from
, size_t fromlen
,
175 int padding
, int force
);
176 int crypto_pk_private_hybrid_decrypt(crypto_pk_t
*env
, char *to
,
178 const char *from
, size_t fromlen
,
179 int padding
, int warnOnFailure
);
181 int crypto_pk_asn1_encode(crypto_pk_t
*pk
, char *dest
, size_t dest_len
);
182 crypto_pk_t
*crypto_pk_asn1_decode(const char *str
, size_t len
);
183 int crypto_pk_get_digest(crypto_pk_t
*pk
, char *digest_out
);
184 int crypto_pk_get_all_digests(crypto_pk_t
*pk
, digests_t
*digests_out
);
185 int crypto_pk_get_fingerprint(crypto_pk_t
*pk
, char *fp_out
,int add_space
);
186 int crypto_pk_get_hashed_fingerprint(crypto_pk_t
*pk
, char *fp_out
);
188 /* symmetric crypto */
189 const char *crypto_cipher_get_key(crypto_cipher_t
*env
);
191 int crypto_cipher_encrypt(crypto_cipher_t
*env
, char *to
,
192 const char *from
, size_t fromlen
);
193 int crypto_cipher_decrypt(crypto_cipher_t
*env
, char *to
,
194 const char *from
, size_t fromlen
);
195 int crypto_cipher_crypt_inplace(crypto_cipher_t
*env
, char *d
, size_t len
);
197 int crypto_cipher_encrypt_with_iv(const char *key
,
198 char *to
, size_t tolen
,
199 const char *from
, size_t fromlen
);
200 int crypto_cipher_decrypt_with_iv(const char *key
,
201 char *to
, size_t tolen
,
202 const char *from
, size_t fromlen
);
204 /* SHA-1 and other digests. */
205 int crypto_digest(char *digest
, const char *m
, size_t len
);
206 int crypto_digest256(char *digest
, const char *m
, size_t len
,
207 digest_algorithm_t algorithm
);
208 int crypto_digest_all(digests_t
*ds_out
, const char *m
, size_t len
);
210 void crypto_digest_smartlist(char *digest_out
, size_t len_out
,
211 const struct smartlist_t
*lst
, const char *append
,
212 digest_algorithm_t alg
);
213 const char *crypto_digest_algorithm_get_name(digest_algorithm_t alg
);
214 int crypto_digest_algorithm_parse_name(const char *name
);
215 crypto_digest_t
*crypto_digest_new(void);
216 crypto_digest_t
*crypto_digest256_new(digest_algorithm_t algorithm
);
217 void crypto_digest_free(crypto_digest_t
*digest
);
218 void crypto_digest_add_bytes(crypto_digest_t
*digest
, const char *data
,
220 void crypto_digest_get_digest(crypto_digest_t
*digest
,
221 char *out
, size_t out_len
);
222 crypto_digest_t
*crypto_digest_dup(const crypto_digest_t
*digest
);
223 void crypto_digest_assign(crypto_digest_t
*into
,
224 const crypto_digest_t
*from
);
225 void crypto_hmac_sha256(char *hmac_out
,
226 const char *key
, size_t key_len
,
227 const char *msg
, size_t msg_len
);
229 /* Key negotiation */
230 #define DH_TYPE_CIRCUIT 1
231 #define DH_TYPE_REND 2
232 #define DH_TYPE_TLS 3
233 crypto_dh_t
*crypto_dh_new(int dh_type
);
234 crypto_dh_t
*crypto_dh_dup(const crypto_dh_t
*dh
);
235 int crypto_dh_get_bytes(crypto_dh_t
*dh
);
236 int crypto_dh_generate_public(crypto_dh_t
*dh
);
237 int crypto_dh_get_public(crypto_dh_t
*dh
, char *pubkey_out
,
238 size_t pubkey_out_len
);
239 ssize_t
crypto_dh_compute_secret(int severity
, crypto_dh_t
*dh
,
240 const char *pubkey
, size_t pubkey_len
,
241 char *secret_out
, size_t secret_out_len
);
242 void crypto_dh_free(crypto_dh_t
*dh
);
244 int crypto_expand_key_material_TAP(const uint8_t *key_in
,
246 uint8_t *key_out
, size_t key_out_len
);
247 int crypto_expand_key_material_rfc5869_sha256(
248 const uint8_t *key_in
, size_t key_in_len
,
249 const uint8_t *salt_in
, size_t salt_in_len
,
250 const uint8_t *info_in
, size_t info_in_len
,
251 uint8_t *key_out
, size_t key_out_len
);
254 int crypto_seed_rng(int startup
);
255 MOCK_DECL(int,crypto_rand
,(char *to
, size_t n
));
256 int crypto_strongest_rand(uint8_t *out
, size_t out_len
);
257 int crypto_rand_int(unsigned int max
);
258 uint64_t crypto_rand_uint64(uint64_t max
);
259 double crypto_rand_double(void);
260 struct tor_weak_rng_t
;
261 void crypto_seed_weak_rng(struct tor_weak_rng_t
*rng
);
262 int crypto_init_siphash_key(void);
264 char *crypto_random_hostname(int min_rand_len
, int max_rand_len
,
265 const char *prefix
, const char *suffix
);
268 void *smartlist_choose(const struct smartlist_t
*sl
);
269 void smartlist_shuffle(struct smartlist_t
*sl
);
271 int base64_encode(char *dest
, size_t destlen
, const char *src
, size_t srclen
);
272 int base64_decode(char *dest
, size_t destlen
, const char *src
, size_t srclen
);
273 /** Characters that can appear (case-insensitively) in a base32 encoding. */
274 #define BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567"
275 void base32_encode(char *dest
, size_t destlen
, const char *src
, size_t srclen
);
276 int base32_decode(char *dest
, size_t destlen
, const char *src
, size_t srclen
);
278 int digest_to_base64(char *d64
, const char *digest
);
279 int digest_from_base64(char *digest
, const char *d64
);
280 int digest256_to_base64(char *d64
, const char *digest
);
281 int digest256_from_base64(char *digest
, const char *d64
);
283 /** Length of RFC2440-style S2K specifier: the first 8 bytes are a salt, the
284 * 9th describes how much iteration to do. */
285 #define S2K_SPECIFIER_LEN 9
286 void secret_to_key(char *key_out
, size_t key_out_len
, const char *secret
,
287 size_t secret_len
, const char *s2k_specifier
);
289 /** OpenSSL-based utility functions. */
290 void memwipe(void *mem
, uint8_t byte
, size_t sz
);
292 /* Prototypes for private functions only used by tortls.c, crypto.c, and the
297 struct rsa_st
*crypto_pk_get_rsa_(crypto_pk_t
*env
);
298 crypto_pk_t
*crypto_new_pk_from_rsa_(struct rsa_st
*rsa
);
299 struct evp_pkey_st
*crypto_pk_get_evp_pkey_(crypto_pk_t
*env
,
301 struct dh_st
*crypto_dh_get_dh_(crypto_dh_t
*dh
);
303 void crypto_add_spaces_to_fp(char *out
, size_t outlen
, const char *in
);
