search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Disallow disabling DisableDebuggerAttachment on runnning Tor
[tor.git] / src / common / crypto.h
blob771c49c2d1d79b1387458128b9ba155d8313aa2f
1 /* Copyright (c) 2001, Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2011, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6
7 /**
8 * \file crypto.h
9 *
10 * \brief Headers for crypto.c
11 **/
12
13 #ifndef _TOR_CRYPTO_H
14 #define _TOR_CRYPTO_H
15
16 #include <stdio.h>
17 #include "torint.h"
18
19 /** Length of the output of our message digest. */
20 #define DIGEST_LEN 20
21 /** Length of the output of our second (improved) message digests. (For now
22 * this is just sha256, but any it can be any other 256-byte digest). */
23 #define DIGEST256_LEN 32
24 /** Length of our symmetric cipher's keys. */
25 #define CIPHER_KEY_LEN 16
26 /** Length of our symmetric cipher's IV. */
27 #define CIPHER_IV_LEN 16
28 /** Length of our public keys. */
29 #define PK_BYTES (1024/8)
30 /** Length of our DH keys. */
31 #define DH_BYTES (1024/8)
32
33 /** Length of a sha1 message digest when encoded in base64 with trailing =
34 * signs removed. */
35 #define BASE64_DIGEST_LEN 27
36 /** Length of a sha256 message digest when encoded in base64 with trailing =
37 * signs removed. */
38 #define BASE64_DIGEST256_LEN 43
39
40 /** Constants used to indicate no padding for public-key encryption */
41 #define PK_NO_PADDING 60000
42 /** Constants used to indicate PKCS1 padding for public-key encryption */
43 #define PK_PKCS1_PADDING 60001
44 /** Constants used to indicate OAEP padding for public-key encryption */
45 #define PK_PKCS1_OAEP_PADDING 60002
46
47 /** Number of bytes added for PKCS1 padding. */
48 #define PKCS1_PADDING_OVERHEAD 11
49 /** Number of bytes added for PKCS1-OAEP padding. */
50 #define PKCS1_OAEP_PADDING_OVERHEAD 42
51
52 /** Length of encoded public key fingerprints, including space; but not
53 * including terminating NUL. */
54 #define FINGERPRINT_LEN 49
55 /** Length of hex encoding of SHA1 digest, not including final NUL. */
56 #define HEX_DIGEST_LEN 40
57 /** Length of hex encoding of SHA256 digest, not including final NUL. */
58 #define HEX_DIGEST256_LEN 64
59
60 typedef enum {
61 DIGEST_SHA1 = 0,
62 DIGEST_SHA256 = 1,
63 } digest_algorithm_t;
64 #define N_DIGEST_ALGORITHMS (DIGEST_SHA256+1)
65
66 /** A set of all the digests we know how to compute, taken on a single
67 * string. Any digests that are shorter than 256 bits are right-padded
68 * with 0 bits.
69 *
70 * Note that this representation wastes 12 bytes for the SHA1 case, so
71 * don't use it for anything where we need to allocate a whole bunch at
72 * once.
73 **/
74 typedef struct {
75 char d[N_DIGEST_ALGORITHMS][DIGEST256_LEN];
76 } digests_t;
77
78 typedef struct crypto_pk_env_t crypto_pk_env_t;
79 typedef struct crypto_cipher_env_t crypto_cipher_env_t;
80 typedef struct crypto_digest_env_t crypto_digest_env_t;
81 typedef struct crypto_dh_env_t crypto_dh_env_t;
82
83 /* global state */
84 int crypto_global_init(int hardwareAccel,
85 const char *accelName,
86 const char *accelPath);
87 void crypto_thread_cleanup(void);
88 int crypto_global_cleanup(void);
89
90 /* environment setup */
91 crypto_pk_env_t *crypto_new_pk_env(void);
92 void crypto_free_pk_env(crypto_pk_env_t *env);
93
94 void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname);
95
96 /* convenience function: wraps crypto_create_crypto_env, set_key, and init. */
97 crypto_cipher_env_t *crypto_create_init_cipher(const char *key,
98 int encrypt_mode);
99
100 crypto_cipher_env_t *crypto_new_cipher_env(void);
101 void crypto_free_cipher_env(crypto_cipher_env_t *env);
102
103 /* public key crypto */
104 int crypto_pk_generate_key_with_bits(crypto_pk_env_t *env, int bits);
105 #define crypto_pk_generate_key(env) \
106 crypto_pk_generate_key_with_bits((env), (PK_BYTES*8))
107
108 int crypto_pk_read_private_key_from_filename(crypto_pk_env_t *env,
109 const char *keyfile);
110 int crypto_pk_write_public_key_to_string(crypto_pk_env_t *env,
111 char **dest, size_t *len);
112 int crypto_pk_write_private_key_to_string(crypto_pk_env_t *env,
113 char **dest, size_t *len);
114 int crypto_pk_read_public_key_from_string(crypto_pk_env_t *env,
115 const char *src, size_t len);
116 int crypto_pk_read_private_key_from_string(crypto_pk_env_t *env,
117 const char *s, ssize_t len);
118 int crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
119 const char *fname);
120
121 int crypto_pk_check_key(crypto_pk_env_t *env);
122 int crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b);
123 size_t crypto_pk_keysize(crypto_pk_env_t *env);
124 int crypto_pk_num_bits(crypto_pk_env_t *env);
125 crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig);
126 crypto_pk_env_t *crypto_pk_copy_full(crypto_pk_env_t *orig);
127 int crypto_pk_key_is_private(const crypto_pk_env_t *key);
128 int crypto_pk_public_exponent_ok(crypto_pk_env_t *env);
129
130 int crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to, size_t tolen,
131 const char *from, size_t fromlen, int padding);
132 int crypto_pk_private_decrypt(crypto_pk_env_t *env, char *to, size_t tolen,
133 const char *from, size_t fromlen,
134 int padding, int warnOnFailure);
135 int crypto_pk_public_checksig(crypto_pk_env_t *env, char *to, size_t tolen,
136 const char *from, size_t fromlen);
137 int crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
138 size_t datalen, const char *sig, size_t siglen);
139 int crypto_pk_private_sign(crypto_pk_env_t *env, char *to, size_t tolen,
140 const char *from, size_t fromlen);
141 int crypto_pk_private_sign_digest(crypto_pk_env_t *env, char *to, size_t tolen,
142 const char *from, size_t fromlen);
143 int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, char *to,
144 size_t tolen,
145 const char *from, size_t fromlen,
146 int padding, int force);
147 int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, char *to,
148 size_t tolen,
149 const char *from, size_t fromlen,
150 int padding, int warnOnFailure);
151
152 int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, size_t dest_len);
153 crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, size_t len);
154 int crypto_pk_get_digest(crypto_pk_env_t *pk, char *digest_out);
155 int crypto_pk_get_all_digests(crypto_pk_env_t *pk, digests_t *digests_out);
156 int crypto_pk_get_fingerprint(crypto_pk_env_t *pk, char *fp_out,int add_space);
157 int crypto_pk_check_fingerprint_syntax(const char *s);
158
159 /* symmetric crypto */
160 int crypto_cipher_generate_key(crypto_cipher_env_t *env);
161 void crypto_cipher_set_key(crypto_cipher_env_t *env, const char *key);
162 void crypto_cipher_generate_iv(char *iv_out);
163 int crypto_cipher_set_iv(crypto_cipher_env_t *env, const char *iv);
164 const char *crypto_cipher_get_key(crypto_cipher_env_t *env);
165 int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t *env);
166 int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t *env);
167
168 int crypto_cipher_encrypt(crypto_cipher_env_t *env, char *to,
169 const char *from, size_t fromlen);
170 int crypto_cipher_decrypt(crypto_cipher_env_t *env, char *to,
171 const char *from, size_t fromlen);
172 int crypto_cipher_crypt_inplace(crypto_cipher_env_t *env, char *d, size_t len);
173
174 int crypto_cipher_encrypt_with_iv(crypto_cipher_env_t *env,
175 char *to, size_t tolen,
176 const char *from, size_t fromlen);
177 int crypto_cipher_decrypt_with_iv(crypto_cipher_env_t *env,
178 char *to, size_t tolen,
179 const char *from, size_t fromlen);
180
181 /* SHA-1 and other digests. */
182 int crypto_digest(char *digest, const char *m, size_t len);
183 int crypto_digest256(char *digest, const char *m, size_t len,
184 digest_algorithm_t algorithm);
185 int crypto_digest_all(digests_t *ds_out, const char *m, size_t len);
186 const char *crypto_digest_algorithm_get_name(digest_algorithm_t alg);
187 int crypto_digest_algorithm_parse_name(const char *name);
188 crypto_digest_env_t *crypto_new_digest_env(void);
189 crypto_digest_env_t *crypto_new_digest256_env(digest_algorithm_t algorithm);
190 void crypto_free_digest_env(crypto_digest_env_t *digest);
191 void crypto_digest_add_bytes(crypto_digest_env_t *digest, const char *data,
192 size_t len);
193 void crypto_digest_get_digest(crypto_digest_env_t *digest,
194 char *out, size_t out_len);
195 crypto_digest_env_t *crypto_digest_dup(const crypto_digest_env_t *digest);
196 void crypto_digest_assign(crypto_digest_env_t *into,
197 const crypto_digest_env_t *from);
198 void crypto_hmac_sha1(char *hmac_out,
199 const char *key, size_t key_len,
200 const char *msg, size_t msg_len);
201 void crypto_hmac_sha256(char *hmac_out,
202 const char *key, size_t key_len,
203 const char *msg, size_t msg_len);
204
205 /* Key negotiation */
206 #define DH_TYPE_CIRCUIT 1
207 #define DH_TYPE_REND 2
208 #define DH_TYPE_TLS 3
209 crypto_dh_env_t *crypto_dh_new(int dh_type);
210 int crypto_dh_get_bytes(crypto_dh_env_t *dh);
211 int crypto_dh_generate_public(crypto_dh_env_t *dh);
212 int crypto_dh_get_public(crypto_dh_env_t *dh, char *pubkey_out,
213 size_t pubkey_out_len);
214 ssize_t crypto_dh_compute_secret(int severity, crypto_dh_env_t *dh,
215 const char *pubkey, size_t pubkey_len,
216 char *secret_out, size_t secret_out_len);
217 void crypto_dh_free(crypto_dh_env_t *dh);
218 int crypto_expand_key_material(const char *key_in, size_t in_len,
219 char *key_out, size_t key_out_len);
220
221 /* random numbers */
222 int crypto_seed_rng(int startup);
223 int crypto_rand(char *to, size_t n);
224 int crypto_rand_int(unsigned int max);
225 uint64_t crypto_rand_uint64(uint64_t max);
226 double crypto_rand_double(void);
227
228 char *crypto_random_hostname(int min_rand_len, int max_rand_len,
229 const char *prefix, const char *suffix);
230
231 struct smartlist_t;
232 void *smartlist_choose(const struct smartlist_t *sl);
233 void smartlist_shuffle(struct smartlist_t *sl);
234
235 int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen);
236 int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen);
237 /** Characters that can appear (case-insensitively) in a base-32 encoding. */
238 #define BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567"
239 void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen);
240 int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen);
241
242 int digest_to_base64(char *d64, const char *digest);
243 int digest_from_base64(char *digest, const char *d64);
244 int digest256_to_base64(char *d64, const char *digest);
245 int digest256_from_base64(char *digest, const char *d64);
246
247 /** Length of RFC2440-style S2K specifier: the first 8 bytes are a salt, the
248 * 9th describes how much iteration to do. */
249 #define S2K_SPECIFIER_LEN 9
250 void secret_to_key(char *key_out, size_t key_out_len, const char *secret,
251 size_t secret_len, const char *s2k_specifier);
252
253 #ifdef CRYPTO_PRIVATE
254 /* Prototypes for private functions only used by tortls.c, crypto.c, and the
255 * unit tests. */
256 struct rsa_st;
257 struct evp_pkey_st;
258 struct dh_st;
259 struct rsa_st *_crypto_pk_env_get_rsa(crypto_pk_env_t *env);
260 crypto_pk_env_t *_crypto_new_pk_env_rsa(struct rsa_st *rsa);
261 struct evp_pkey_st *_crypto_pk_env_get_evp_pkey(crypto_pk_env_t *env,
262 int private);
263 struct dh_st *_crypto_dh_env_get_dh(crypto_dh_env_t *dh);
264 /* Prototypes for private functions only used by crypto.c and test.c*/
265 void add_spaces_to_fp(char *out, size_t outlen, const char *in);
266 #endif
267
268 #endif
269
The Onion Router