1 /* Copyright 2001,2002,2003 Roger Dingledine, Matej Pfajfar. */
2 /* See LICENSE for licensing information */
9 #include <openssl/err.h>
10 #include <openssl/rsa.h>
11 #include <openssl/pem.h>
12 #include <openssl/evp.h>
13 #include <openssl/rand.h>
14 #include <openssl/opensslv.h>
15 #include <openssl/bn.h>
16 #include <openssl/dh.h>
31 #if OPENSSL_VERSION_NUMBER < 0x00905000l
32 #error "We require openssl >= 0.9.5"
33 #elif OPENSSL_VERSION_NUMBER < 0x00906000l
38 * Certain functions that return a success code in OpenSSL 0.9.6 return void
39 * (and don't indicate errors) in OpenSSL version 0.9.5.
41 * [OpenSSL 0.9.5 matters, because it ships with Redhat 6.2.]
44 #define RETURN_SSL_OUTCOME(exp) (exp); return 0
46 #define RETURN_SSL_OUTCOME(exp) return !(exp)
49 struct crypto_pk_env_t
52 int refs
; /* reference counting; so we don't have to copy keys */
54 /* auxiliary data structure(s) used by the underlying crypto library */
58 struct crypto_cipher_env_t
63 /* auxiliary data structure(s) used by the underlying crypto library */
67 /* static INLINE const EVP_CIPHER *
68 crypto_cipher_evp_cipher(int type, int enc);
72 crypto_cipher_iv_length(int type
) {
74 printf("%d -> %d IV\n",type,
75 EVP_CIPHER_iv_length(crypto_cipher_evp_cipher(type,0)));
79 case CRYPTO_CIPHER_IDENTITY
: return 0;
80 case CRYPTO_CIPHER_DES
: return 8;
81 case CRYPTO_CIPHER_RC4
: return 16;
82 case CRYPTO_CIPHER_3DES
: return 8;
83 case CRYPTO_CIPHER_AES_CTR
: return 0;
84 default: assert(0); return -1;
89 crypto_cipher_key_length(int type
) {
91 printf("%d -> %d\n",type,
92 EVP_CIPHER_key_length(crypto_cipher_evp_cipher(type,0)));
96 case CRYPTO_CIPHER_IDENTITY
: return 0;
97 case CRYPTO_CIPHER_DES
: return 8;
98 case CRYPTO_CIPHER_RC4
: return 16;
99 case CRYPTO_CIPHER_3DES
: return 16;
100 case CRYPTO_CIPHER_AES_CTR
: return 16;
101 default: assert(0); return -1;
105 static INLINE
const EVP_CIPHER
*
106 crypto_cipher_evp_cipher(int type
, int enc
) {
109 case CRYPTO_CIPHER_IDENTITY
: return EVP_enc_null();
110 case CRYPTO_CIPHER_DES
: return EVP_des_ofb();
111 case CRYPTO_CIPHER_RC4
: return EVP_rc4();
112 case CRYPTO_CIPHER_3DES
: return EVP_des_ede_ofb();
113 default: return NULL
;
117 static int _crypto_global_initialized
= 0;
119 int crypto_global_init()
121 if (!_crypto_global_initialized
) {
122 ERR_load_crypto_strings();
123 _crypto_global_initialized
= 1;
128 int crypto_global_cleanup()
134 crypto_pk_env_t
*_crypto_new_pk_env_rsa(RSA
*rsa
)
136 crypto_pk_env_t
*env
;
138 env
= (crypto_pk_env_t
*)tor_malloc(sizeof(crypto_pk_env_t
));
139 env
->type
= CRYPTO_PK_RSA
;
141 env
->key
= (unsigned char*)rsa
;
146 RSA
*_crypto_pk_env_get_rsa(crypto_pk_env_t
*env
)
148 if (env
->type
!= CRYPTO_PK_RSA
)
150 return (RSA
*)env
->key
;
153 EVP_PKEY
*_crypto_pk_env_get_evp_pkey(crypto_pk_env_t
*env
)
156 EVP_PKEY
*pkey
= NULL
;
157 if (env
->type
!= CRYPTO_PK_RSA
)
160 if (!(key
= RSAPrivateKey_dup((RSA
*)env
->key
)))
162 if (!(pkey
= EVP_PKEY_new()))
164 if (!(EVP_PKEY_assign_RSA(pkey
, key
)))
175 crypto_pk_env_t
*crypto_new_pk_env(int type
)
182 if (!rsa
) return NULL
;
183 return _crypto_new_pk_env_rsa(rsa
);
189 void crypto_free_pk_env(crypto_pk_env_t
*env
)
199 RSA_free((RSA
*)env
->key
);
209 /* Create a new crypto_cipher_env_t for a given onion cipher type, key,
210 * iv, and encryption flag (1=encrypt, 0=decrypt). Return the crypto object
211 * on success; NULL on failure.
213 crypto_cipher_env_t
*
214 crypto_create_init_cipher(int cipher_type
, char *key
, char *iv
, int encrypt_mode
)
217 crypto_cipher_env_t
*crypto
= NULL
;
219 if (! (crypto
= crypto_new_cipher_env(cipher_type
))) {
220 log_fn(LOG_WARN
, "Unable to allocate crypto object");
224 if (crypto_cipher_set_key(crypto
, key
)) {
225 log_fn(LOG_WARN
, "Unable to set key: %s", crypto_perror());
229 if (crypto_cipher_set_iv(crypto
, iv
)) {
230 log_fn(LOG_WARN
, "Unable to set iv: %s", crypto_perror());
235 r
= crypto_cipher_encrypt_init_cipher(crypto
);
237 r
= crypto_cipher_decrypt_init_cipher(crypto
);
240 log_fn(LOG_WARN
, "Unable to initialize cipher: %s", crypto_perror());
247 crypto_free_cipher_env(crypto
);
251 crypto_cipher_env_t
*crypto_new_cipher_env(int type
)
253 crypto_cipher_env_t
*env
;
256 env
= (crypto_cipher_env_t
*)tor_malloc(sizeof(crypto_cipher_env_t
));
263 iv_len
= crypto_cipher_iv_length(type
);
264 key_len
= crypto_cipher_key_length(type
);
266 if (type
== CRYPTO_CIPHER_AES_CTR
) {
267 env
->aux
= (unsigned char *)aes_new_cipher();
268 } else if (! crypto_cipher_evp_cipher(type
,0))
269 /* This is not an openssl cipher */
272 env
->aux
= (unsigned char *)tor_malloc(sizeof(EVP_CIPHER_CTX
));
273 EVP_CIPHER_CTX_init((EVP_CIPHER_CTX
*)env
->aux
);
277 env
->iv
= (unsigned char *)tor_malloc(iv_len
);
280 env
->key
= (unsigned char *)tor_malloc(key_len
);
295 void crypto_free_cipher_env(crypto_cipher_env_t
*env
)
299 if (env
->type
== CRYPTO_CIPHER_AES_CTR
) {
301 aes_free_cipher((aes_cnt_cipher_t
*)env
->aux
);
303 } else if (crypto_cipher_evp_cipher(env
->type
,0)) {
304 /* This is an openssl cipher */
306 EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX
*)env
->aux
);
310 free((void *)env
->aux
);
312 free((void *)env
->iv
);
314 free((void *)env
->key
);
319 /* public key crypto */
320 int crypto_pk_generate_key(crypto_pk_env_t
*env
)
327 RSA_free((RSA
*)env
->key
);
328 env
->key
= (unsigned char *)RSA_generate_key(1024,65537, NULL
, NULL
);
339 int crypto_pk_read_private_key_from_file(crypto_pk_env_t
*env
, FILE *src
)
346 RSA_free((RSA
*)env
->key
);
347 env
->key
= (unsigned char *)PEM_read_RSAPrivateKey(src
, NULL
, NULL
, NULL
);
358 int crypto_pk_read_private_key_from_filename(crypto_pk_env_t
*env
, const char *keyfile
)
362 assert(env
&& keyfile
);
364 if(strspn(keyfile
,CONFIG_LEGAL_FILENAME_CHARACTERS
) != strlen(keyfile
)) {
365 /* filename contains nonlegal characters */
369 /* open the keyfile */
370 f_pr
=fopen(keyfile
,"rb");
374 /* read the private key */
375 if(crypto_pk_read_private_key_from_file(env
, f_pr
) < 0) {
376 log_fn(LOG_WARN
,"Error reading private key : %s",crypto_perror());
382 /* check the private key */
383 switch(crypto_pk_check_key(env
)) {
385 log_fn(LOG_WARN
,"Private key read but is invalid : %s.", crypto_perror());
388 log_fn(LOG_WARN
,"Private key read but validity checking failed : %s",crypto_perror());
390 /* case 1: fall through */
395 int crypto_pk_read_public_key_from_file(crypto_pk_env_t
*env
, FILE *src
)
402 RSA_free((RSA
*)env
->key
);
403 env
->key
= (unsigned char *)PEM_read_RSAPublicKey(src
, NULL
, NULL
, NULL
);
414 int crypto_pk_write_public_key_to_string(crypto_pk_env_t
*env
, char **dest
, int *len
) {
418 assert(env
&& env
->key
&& dest
);
423 b
= BIO_new(BIO_s_mem()); /* Create a memory BIO */
425 /* Now you can treat b as if it were a file. Just use the
426 * PEM_*_bio_* functions instead of the non-bio variants.
428 if(!PEM_write_bio_RSAPublicKey(b
, (RSA
*)env
->key
))
431 BIO_get_mem_ptr(b
, &buf
);
432 BIO_set_close(b
, BIO_NOCLOSE
); /* so BIO_free doesn't free buf */
435 *dest
= tor_malloc(buf
->length
+1);
436 memcpy(*dest
, buf
->data
, buf
->length
);
437 (*dest
)[buf
->length
] = 0; /* null terminate it */
449 int crypto_pk_read_public_key_from_string(crypto_pk_env_t
*env
, const char *src
, int len
) {
456 b
= BIO_new(BIO_s_mem()); /* Create a memory BIO */
458 BIO_write(b
, src
, len
);
460 RSA_free((RSA
*)env
->key
);
461 env
->key
= (unsigned char *)PEM_read_bio_RSAPublicKey(b
, NULL
, NULL
, NULL
);
475 crypto_pk_write_private_key_to_filename(crypto_pk_env_t
*env
,
483 assert(env
->type
== CRYPTO_PK_RSA
);
484 if (!(bio
= BIO_new(BIO_s_mem())))
486 if (PEM_write_bio_RSAPrivateKey(bio
, (RSA
*)env
->key
, NULL
,NULL
,0,NULL
,NULL
)
491 len
= BIO_get_mem_data(bio
, &cp
);
492 s
= tor_malloc(len
+1);
495 r
= write_str_to_file(fname
, s
);
501 int crypto_pk_write_private_key_to_file(crypto_pk_env_t
*env
, FILE *dest
)
509 if (PEM_write_RSAPrivateKey(dest
, (RSA
*)env
->key
, NULL
, NULL
, 0,0, NULL
) == 0)
518 int crypto_pk_write_public_key_to_file(crypto_pk_env_t
*env
, FILE *dest
)
526 if (PEM_write_RSAPublicKey(dest
, (RSA
*)env
->key
) == 0)
536 int crypto_pk_check_key(crypto_pk_env_t
*env
)
542 return RSA_check_key((RSA
*)env
->key
);
548 int crypto_pk_cmp_keys(crypto_pk_env_t
*a
, crypto_pk_env_t
*b
) {
554 if (!a
->key
|| !b
->key
)
557 if (a
->type
!= b
->type
)
562 assert(((RSA
*)a
->key
)->n
&& ((RSA
*)a
->key
)->e
&& ((RSA
*)b
->key
)->n
&& ((RSA
*)b
->key
)->e
);
563 result
= BN_cmp(((RSA
*)a
->key
)->n
, ((RSA
*)b
->key
)->n
);
566 return BN_cmp(((RSA
*)a
->key
)->e
, ((RSA
*)b
->key
)->e
);
572 int crypto_pk_keysize(crypto_pk_env_t
*env
)
574 assert(env
&& env
->key
);
576 return RSA_size((RSA
*)env
->key
);
579 crypto_pk_env_t
*crypto_pk_dup_key(crypto_pk_env_t
*env
) {
580 assert(env
&& env
->key
);
593 int crypto_pk_public_encrypt(crypto_pk_env_t
*env
, unsigned char *from
, int fromlen
, unsigned char *to
, int padding
)
595 assert(env
&& from
&& to
);
599 return RSA_public_encrypt(fromlen
, from
, to
, (RSA
*)env
->key
, padding
);
605 int crypto_pk_private_decrypt(crypto_pk_env_t
*env
, unsigned char *from
, int fromlen
, unsigned char *to
, int padding
)
607 assert(env
&& from
&& to
);
611 if (!(((RSA
*)env
->key
)->p
))
613 return RSA_private_decrypt(fromlen
, from
, to
, (RSA
*)env
->key
, padding
);
619 int crypto_pk_public_checksig(crypto_pk_env_t
*env
, unsigned char *from
, int fromlen
, unsigned char *to
)
621 assert(env
&& from
&& to
);
625 return RSA_public_decrypt(fromlen
, from
, to
, (RSA
*)env
->key
,
632 int crypto_pk_private_sign(crypto_pk_env_t
*env
, unsigned char *from
, int fromlen
, unsigned char *to
)
634 assert(env
&& from
&& to
);
638 if (!(((RSA
*)env
->key
)->p
))
640 return RSA_private_encrypt(fromlen
, from
, to
, (RSA
*)env
->key
,
647 /* Given a private or public key pk, put a fingerprint of the
648 * public key into fp_out.
651 crypto_pk_get_fingerprint(crypto_pk_env_t
*pk
, char *fp_out
)
653 unsigned char *buf
, *bufp
;
654 unsigned char digest
[20];
657 assert(pk
->type
== CRYPTO_PK_RSA
);
658 len
= i2d_RSAPublicKey((RSA
*)pk
->key
, NULL
);
661 if (len
<FINGERPRINT_LEN
+1) len
= FINGERPRINT_LEN
+1;
662 buf
= bufp
= tor_malloc(len
+1);
663 len
= i2d_RSAPublicKey((RSA
*)pk
->key
, &bufp
);
668 if (crypto_SHA_digest(buf
, len
, digest
) < 0) {
673 for (i
= 0; i
< 20; ++i
) {
674 sprintf(bufp
,"%02X",digest
[i
]);
676 if (i
%2 && i
!= 19) {
681 assert(strlen(buf
) == FINGERPRINT_LEN
);
682 assert(crypto_pk_check_fingerprint_syntax(buf
));
689 crypto_pk_check_fingerprint_syntax(const char *s
)
692 for (i
= 0; i
< FINGERPRINT_LEN
; ++i
) {
694 if (!isspace(s
[i
])) return 0;
696 if (!isxdigit(s
[i
])) return 0;
699 if (s
[FINGERPRINT_LEN
]) return 0;
703 /* symmetric crypto */
704 int crypto_cipher_generate_key(crypto_cipher_env_t
*env
)
709 key_len
= crypto_cipher_key_length(env
->type
);
712 return crypto_rand(key_len
, env
->key
);
713 else if (key_len
== 0)
719 int crypto_cipher_set_iv(crypto_cipher_env_t
*env
, unsigned char *iv
)
724 iv_len
= crypto_cipher_iv_length(env
->type
);
731 memcpy((void*)env
->iv
, (void*)iv
, iv_len
);
736 int crypto_cipher_set_key(crypto_cipher_env_t
*env
, unsigned char *key
)
741 key_len
= crypto_cipher_key_length(env
->type
);
748 memcpy((void*)env
->key
, (void*)key
, key_len
);
753 unsigned char *crypto_cipher_get_key(crypto_cipher_env_t
*env
)
758 int crypto_cipher_encrypt_init_cipher(crypto_cipher_env_t
*env
)
762 if (crypto_cipher_evp_cipher(env
->type
, 1)) {
763 RETURN_SSL_OUTCOME(EVP_EncryptInit((EVP_CIPHER_CTX
*)env
->aux
,
764 crypto_cipher_evp_cipher(env
->type
, 1),
766 } else if (env
->type
== CRYPTO_CIPHER_AES_CTR
) {
767 aes_set_key((aes_cnt_cipher_t
*)env
->aux
, env
->key
, 128);
774 int crypto_cipher_decrypt_init_cipher(crypto_cipher_env_t
*env
)
778 if (crypto_cipher_evp_cipher(env
->type
, 0)) {
779 RETURN_SSL_OUTCOME(EVP_EncryptInit((EVP_CIPHER_CTX
*)env
->aux
,
780 crypto_cipher_evp_cipher(env
->type
, 0),
782 } else if (env
->type
== CRYPTO_CIPHER_AES_CTR
) {
783 aes_set_key((aes_cnt_cipher_t
*)env
->aux
, env
->key
, 128);
790 int crypto_cipher_encrypt(crypto_cipher_env_t
*env
, unsigned char *from
, unsigned int fromlen
, unsigned char *to
)
794 assert(env
&& from
&& to
);
796 if (env
->type
== CRYPTO_CIPHER_AES_CTR
) {
797 aes_crypt((aes_cnt_cipher_t
*)env
->aux
, from
, fromlen
, to
);
800 RETURN_SSL_OUTCOME(EVP_EncryptUpdate((EVP_CIPHER_CTX
*)env
->aux
, to
, &tolen
, from
, fromlen
));
804 int crypto_cipher_decrypt(crypto_cipher_env_t
*env
, unsigned char *from
, unsigned int fromlen
, unsigned char *to
)
808 assert(env
&& from
&& to
);
810 if (env
->type
== CRYPTO_CIPHER_AES_CTR
) {
811 aes_crypt((aes_cnt_cipher_t
*)env
->aux
, from
, fromlen
, to
);
814 RETURN_SSL_OUTCOME(EVP_DecryptUpdate((EVP_CIPHER_CTX
*)env
->aux
, to
, &tolen
, from
, fromlen
));
819 crypto_cipher_rewind(crypto_cipher_env_t
*env
, long delta
)
821 return crypto_cipher_advance(env
, -delta
);
825 crypto_cipher_advance(crypto_cipher_env_t
*env
, long delta
)
827 if (env
->type
== CRYPTO_CIPHER_AES_CTR
) {
828 aes_adjust_counter((aes_cnt_cipher_t
*)env
->aux
, delta
);
836 int crypto_SHA_digest(const unsigned char *m
, int len
, unsigned char *digest
)
839 return (SHA1(m
,len
,digest
) == NULL
);
842 struct crypto_digest_env_t
{
846 crypto_digest_env_t
*
847 crypto_new_digest_env(int type
)
849 crypto_digest_env_t
*r
;
850 assert(type
== CRYPTO_SHA1_DIGEST
);
851 r
= tor_malloc(sizeof(crypto_digest_env_t
));
857 crypto_free_digest_env(crypto_digest_env_t
*digest
) {
863 crypto_digest_add_bytes(crypto_digest_env_t
*digest
, const char *data
,
868 SHA1_Update(&digest
->d
, (void*)data
, len
);
871 void crypto_digest_get_digest(crypto_digest_env_t
*digest
,
872 char *out
, size_t out_len
)
874 static char r
[SHA_DIGEST_LENGTH
];
875 assert(digest
&& out
);
876 assert(out_len
<= SHA_DIGEST_LENGTH
);
877 SHA1_Final(r
, &digest
->d
);
878 memcpy(out
, r
, out_len
);
881 crypto_digest_env_t
*
882 crypto_digest_dup(const crypto_digest_env_t
*digest
)
884 crypto_digest_env_t
*r
;
886 r
= tor_malloc(sizeof(crypto_digest_env_t
));
887 memcpy(r
,digest
,sizeof(crypto_digest_env_t
));
892 crypto_digest_assign(crypto_digest_env_t
*into
,
893 const crypto_digest_env_t
*from
)
895 assert(into
&& from
);
896 memcpy(into
,from
,sizeof(crypto_digest_env_t
));
900 static BIGNUM
*dh_param_p
= NULL
;
901 static BIGNUM
*dh_param_g
= NULL
;
903 static void init_dh_param() {
906 if (dh_param_p
&& dh_param_g
)
914 /* This is from draft-ietf-ipsec-ike-modp-groups-05.txt. It's a safe
915 prime, and supposedly it equals:
916 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
919 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
920 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
921 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
922 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
923 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
924 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
925 "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
926 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF");
929 /* This is from rfc2409, section 6.2. It's a safe prime, and
930 supposedly it equals:
931 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
933 /* See also rfc 3536 */
935 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
936 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
937 "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
938 "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
939 "49286651ECE65381FFFFFFFFFFFFFFFF");
942 r
= BN_set_word(g
, 2);
948 crypto_dh_env_t
*crypto_dh_new()
950 crypto_dh_env_t
*res
= NULL
;
955 res
= tor_malloc(sizeof(crypto_dh_env_t
));
958 if (!(res
->dh
= DH_new()))
961 if (!(res
->dh
->p
= BN_dup(dh_param_p
)))
964 if (!(res
->dh
->g
= BN_dup(dh_param_g
)))
969 if (res
&& res
->dh
) DH_free(res
->dh
); /* frees p and g too */
973 int crypto_dh_get_bytes(crypto_dh_env_t
*dh
)
976 return DH_size(dh
->dh
);
978 int crypto_dh_get_public(crypto_dh_env_t
*dh
, char *pubkey
, int pubkey_len
)
982 if (!DH_generate_key(dh
->dh
))
985 assert(dh
->dh
->pub_key
);
986 bytes
= BN_num_bytes(dh
->dh
->pub_key
);
987 if (pubkey_len
< bytes
)
990 memset(pubkey
, 0, pubkey_len
);
991 BN_bn2bin(dh
->dh
->pub_key
, pubkey
+(pubkey_len
-bytes
));
997 #define MIN(a,b) ((a)<(b)?(a):(b))
998 int crypto_dh_compute_secret(crypto_dh_env_t
*dh
,
999 char *pubkey
, int pubkey_len
,
1000 char *secret_out
, int secret_bytes_out
)
1002 unsigned char hash
[20];
1003 unsigned char *secret_tmp
= NULL
;
1004 BIGNUM
*pubkey_bn
= NULL
;
1008 assert(secret_bytes_out
/20 <= 255);
1010 if (!(pubkey_bn
= BN_bin2bn(pubkey
, pubkey_len
, NULL
)))
1012 secret_tmp
= tor_malloc(crypto_dh_get_bytes(dh
)+1);
1013 secret_len
= DH_compute_key(secret_tmp
, pubkey_bn
, dh
->dh
);
1014 /* sometimes secret_len might be less than 128, e.g., 127. that's ok. */
1015 for (i
= 0; i
< secret_bytes_out
; i
+= 20) {
1016 secret_tmp
[secret_len
] = (unsigned char) i
/20;
1017 if (crypto_SHA_digest(secret_tmp
, secret_len
+1, hash
))
1019 memcpy(secret_out
+i
, hash
, MIN(20, secret_bytes_out
-i
));
1021 secret_len
= secret_bytes_out
;
1029 tor_free(secret_tmp
);
1032 void crypto_dh_free(crypto_dh_env_t
*dh
)
1034 assert(dh
&& dh
->dh
);
1039 /* random numbers */
1041 int crypto_seed_rng()
1043 static int provider_set
= 0;
1044 static HCRYPTPROV provider
;
1047 if (!provider_set
) {
1048 if (!CryptAcquireContext(&provider
, NULL
, NULL
, PROV_RSA_FULL
, 0)) {
1049 if (GetLastError() != NTE_BAD_KEYSET
) {
1050 log_fn(LOG_ERR
,"Can't get CryptoAPI provider [1]");
1053 /* Yes, we need to try it twice. */
1054 if (!CryptAcquireContext(&provider
, NULL
, NULL
, PROV_RSA_FULL
,
1056 log_fn(LOG_ERR
,"Can't get CryptoAPI provider [2]");
1062 if (!CryptGenRandom(provider
, 20, buf
)) {
1063 log_fn(LOG_ERR
,"Can't get entropy from CryptoAPI.");
1067 /* And add the current screen state to the entopy pool for
1073 int crypto_seed_rng()
1075 static char *filenames
[] = {
1076 "/dev/srandom", "/dev/urandom", "/dev/random", NULL
1082 for (i
= 0; filenames
[i
]; ++i
) {
1083 f
= fopen(filenames
[i
], "rb");
1085 log_fn(LOG_INFO
, "Seeding RNG from %s", filenames
[i
]);
1086 n
= fread(buf
, 1, 20, f
);
1089 log_fn(LOG_WARN
, "Error reading from entropy source");
1096 log_fn(LOG_WARN
, "Cannot seed RNG -- no entropy source found.");
1101 int crypto_rand(unsigned int n
, unsigned char *to
)
1104 return (RAND_bytes(to
, n
) != 1);
1107 void crypto_pseudo_rand(unsigned int n
, unsigned char *to
)
1110 if (RAND_pseudo_bytes(to
, n
) == -1) {
1111 log_fn(LOG_ERR
, "RAND_pseudo_bytes failed unexpectedly.");
1116 /* return a pseudo random number between 0 and max-1 */
1117 int crypto_pseudo_rand_int(unsigned int max
) {
1119 unsigned int cutoff
;
1120 assert(max
< UINT_MAX
);
1121 assert(max
> 0); /* don't div by 0 */
1123 /* We ignore any values that are >= 'cutoff,' to avoid biasing the
1124 * distribution with clipping at the upper end of unsigned int's
1127 cutoff
= UINT_MAX
- (UINT_MAX
%max
);
1129 crypto_pseudo_rand(sizeof(val
), (unsigned char*) &val
);
1136 char *crypto_perror()
1138 return (char *)ERR_reason_error_string(ERR_get_error());
1142 base64_encode(char *dest
, int destlen
, const char *src
, int srclen
)
1147 /* 48 bytes of input -> 64 bytes of output plus newline.
1148 Plus one more byte, in case I'm wrong.
1150 if (destlen
< ((srclen
/48)+1)*66)
1153 EVP_EncodeInit(&ctx
);
1154 EVP_EncodeUpdate(&ctx
, dest
, &len
, (char*) src
, srclen
);
1155 EVP_EncodeFinal(&ctx
, dest
+len
, &ret
);
1160 base64_decode(char *dest
, int destlen
, const char *src
, int srclen
)
1164 /* 64 bytes of input -> *up to* 48 bytes of output.
1165 Plus one more byte, in caes I'm wrong.
1167 if (destlen
< ((srclen
/64)+1)*49)
1170 EVP_DecodeInit(&ctx
);
1171 EVP_DecodeUpdate(&ctx
, dest
, &len
, (char*) src
, srclen
);
1172 EVP_DecodeFinal(&ctx
, dest
, &ret
);