📄 crypto.c
字号:
return -1;
}
/* Try to parse it. */
r = crypto_pk_read_private_key_from_string(env, contents);
tor_free(contents);
if (r)
return -1; /* read_private_key_from_string already warned, so we don't.*/
/* Make sure it's valid. */
if (crypto_pk_check_key(env) <= 0)
return -1;
return 0;
}
/** PEM-encode the public key portion of <b>env</b> and write it to a
* newly allocated string. On success, set *<b>dest</b> to the new
* string, *<b>len</b> to the string's length, and return 0. On
* failure, return -1.
*/
int
crypto_pk_write_public_key_to_string(crypto_pk_env_t *env, char **dest,
size_t *len)
{
BUF_MEM *buf;
BIO *b;
tor_assert(env);
tor_assert(env->key);
tor_assert(dest);
b = BIO_new(BIO_s_mem()); /* Create a memory BIO */
/* Now you can treat b as if it were a file. Just use the
* PEM_*_bio_* functions instead of the non-bio variants.
*/
if (!PEM_write_bio_RSAPublicKey(b, env->key)) {
crypto_log_errors(LOG_WARN, "writing public key to string");
BIO_free(b);
return -1;
}
BIO_get_mem_ptr(b, &buf);
(void)BIO_set_close(b, BIO_NOCLOSE); /* so BIO_free doesn't free buf */
BIO_free(b);
tor_assert(buf->length >= 0);
*dest = tor_malloc(buf->length+1);
memcpy(*dest, buf->data, buf->length);
(*dest)[buf->length] = 0; /* nul terminate it */
*len = buf->length;
BUF_MEM_free(buf);
return 0;
}
/** Read a PEM-encoded public key from the first <b>len</b> characters of
* <b>src</b>, and store the result in <b>env</b>. Return 0 on success, -1 on
* failure.
*/
int
crypto_pk_read_public_key_from_string(crypto_pk_env_t *env, const char *src,
size_t len)
{
BIO *b;
tor_assert(env);
tor_assert(src);
tor_assert(len<INT_MAX);
b = BIO_new(BIO_s_mem()); /* Create a memory BIO */
BIO_write(b, src, (int)len);
if (env->key)
RSA_free(env->key);
env->key = PEM_read_bio_RSAPublicKey(b, NULL, NULL, NULL);
BIO_free(b);
if (!env->key) {
crypto_log_errors(LOG_WARN, "reading public key from string");
return -1;
}
return 0;
}
/** Write the private key from <b>env</b> into the file named by <b>fname</b>,
* PEM-encoded. Return 0 on success, -1 on failure.
*/
int
crypto_pk_write_private_key_to_filename(crypto_pk_env_t *env,
const char *fname)
{
BIO *bio;
char *cp;
long len;
char *s;
int r;
tor_assert(PRIVATE_KEY_OK(env));
if (!(bio = BIO_new(BIO_s_mem())))
return -1;
if (PEM_write_bio_RSAPrivateKey(bio, env->key, NULL,NULL,0,NULL,NULL)
== 0) {
crypto_log_errors(LOG_WARN, "writing private key");
BIO_free(bio);
return -1;
}
len = BIO_get_mem_data(bio, &cp);
tor_assert(len >= 0);
s = tor_malloc(len+1);
memcpy(s, cp, len);
s[len]='\0';
r = write_str_to_file(fname, s, 0);
BIO_free(bio);
tor_free(s);
return r;
}
/** Return true iff <b>env</b> has a valid key.
*/
int
crypto_pk_check_key(crypto_pk_env_t *env)
{
int r;
tor_assert(env);
r = RSA_check_key(env->key);
if (r <= 0)
crypto_log_errors(LOG_WARN,"checking RSA key");
return r;
}
/** Compare the public-key components of a and b. Return -1 if a\<b, 0
* if a==b, and 1 if a\>b.
*/
int
crypto_pk_cmp_keys(crypto_pk_env_t *a, crypto_pk_env_t *b)
{
int result;
if (!a || !b)
return -1;
if (!a->key || !b->key)
return -1;
tor_assert(PUBLIC_KEY_OK(a));
tor_assert(PUBLIC_KEY_OK(b));
result = BN_cmp((a->key)->n, (b->key)->n);
if (result)
return result;
return BN_cmp((a->key)->e, (b->key)->e);
}
/** Return the size of the public key modulus in <b>env</b>, in bytes. */
size_t
crypto_pk_keysize(crypto_pk_env_t *env)
{
tor_assert(env);
tor_assert(env->key);
return (size_t) RSA_size(env->key);
}
/** Increase the reference count of <b>env</b>, and return it.
*/
crypto_pk_env_t *
crypto_pk_dup_key(crypto_pk_env_t *env)
{
tor_assert(env);
tor_assert(env->key);
env->refs++;
return env;
}
/** Encrypt <b>fromlen</b> bytes from <b>from</b> with the public key
* in <b>env</b>, using the padding method <b>padding</b>. On success,
* write the result to <b>to</b>, and return the number of bytes
* written. On failure, return -1.
*/
int
crypto_pk_public_encrypt(crypto_pk_env_t *env, char *to,
const char *from, size_t fromlen, int padding)
{
int r;
tor_assert(env);
tor_assert(from);
tor_assert(to);
tor_assert(fromlen<INT_MAX);
r = RSA_public_encrypt((int)fromlen,
(unsigned char*)from, (unsigned char*)to,
env->key, crypto_get_rsa_padding(padding));
if (r<0) {
crypto_log_errors(LOG_WARN, "performing RSA encryption");
return -1;
}
return r;
}
/** Decrypt <b>fromlen</b> bytes from <b>from</b> with the private key
* in <b>env</b>, using the padding method <b>padding</b>. On success,
* write the result to <b>to</b>, and return the number of bytes
* written. On failure, return -1.
*/
int
crypto_pk_private_decrypt(crypto_pk_env_t *env, char *to,
const char *from, size_t fromlen,
int padding, int warnOnFailure)
{
int r;
tor_assert(env);
tor_assert(from);
tor_assert(to);
tor_assert(env->key);
tor_assert(fromlen<INT_MAX);
if (!env->key->p)
/* Not a private key */
return -1;
r = RSA_private_decrypt((int)fromlen,
(unsigned char*)from, (unsigned char*)to,
env->key, crypto_get_rsa_padding(padding));
if (r<0) {
crypto_log_errors(warnOnFailure?LOG_WARN:LOG_DEBUG,
"performing RSA decryption");
return -1;
}
return r;
}
/** Check the signature in <b>from</b> (<b>fromlen</b> bytes long) with the
* public key in <b>env</b>, using PKCS1 padding. On success, write the
* signed data to <b>to</b>, and return the number of bytes written.
* On failure, return -1.
*/
int
crypto_pk_public_checksig(crypto_pk_env_t *env, char *to,
const char *from, size_t fromlen)
{
int r;
tor_assert(env);
tor_assert(from);
tor_assert(to);
tor_assert(fromlen < INT_MAX);
r = RSA_public_decrypt((int)fromlen,
(unsigned char*)from, (unsigned char*)to,
env->key, RSA_PKCS1_PADDING);
if (r<0) {
crypto_log_errors(LOG_WARN, "checking RSA signature");
return -1;
}
return r;
}
/** Check a siglen-byte long signature at <b>sig</b> against
* <b>datalen</b> bytes of data at <b>data</b>, using the public key
* in <b>env</b>. Return 0 if <b>sig</b> is a correct signature for
* SHA1(data). Else return -1.
*/
int
crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
size_t datalen, const char *sig, size_t siglen)
{
char digest[DIGEST_LEN];
char *buf;
int r;
tor_assert(env);
tor_assert(data);
tor_assert(sig);
if (crypto_digest(digest,data,datalen)<0) {
log_warn(LD_BUG, "couldn't compute digest");
return -1;
}
buf = tor_malloc(crypto_pk_keysize(env)+1);
r = crypto_pk_public_checksig(env,buf,sig,siglen);
if (r != DIGEST_LEN) {
log_warn(LD_CRYPTO, "Invalid signature");
tor_free(buf);
return -1;
}
if (memcmp(buf, digest, DIGEST_LEN)) {
log_warn(LD_CRYPTO, "Signature mismatched with digest.");
tor_free(buf);
return -1;
}
tor_free(buf);
return 0;
}
/** Sign <b>fromlen</b> bytes of data from <b>from</b> with the private key in
* <b>env</b>, using PKCS1 padding. On success, write the signature to
* <b>to</b>, and return the number of bytes written. On failure, return
* -1.
*/
int
crypto_pk_private_sign(crypto_pk_env_t *env, char *to,
const char *from, size_t fromlen)
{
int r;
tor_assert(env);
tor_assert(from);
tor_assert(to);
tor_assert(fromlen < INT_MAX);
if (!env->key->p)
/* Not a private key */
return -1;
r = RSA_private_encrypt((int)fromlen,
(unsigned char*)from, (unsigned char*)to,
env->key, RSA_PKCS1_PADDING);
if (r<0) {
crypto_log_errors(LOG_WARN, "generating RSA signature");
return -1;
}
return r;
}
/** Compute a SHA1 digest of <b>fromlen</b> bytes of data stored at
* <b>from</b>; sign the data with the private key in <b>env</b>, and
* store it in <b>to</b>. Return the number of bytes written on
* success, and -1 on failure.
*/
int
crypto_pk_private_sign_digest(crypto_pk_env_t *env, char *to,
const char *from, size_t fromlen)
{
int r;
char digest[DIGEST_LEN];
if (crypto_digest(digest,from,fromlen)<0)
return -1;
r = crypto_pk_private_sign(env,to,digest,DIGEST_LEN);
memset(digest, 0, sizeof(digest));
return r;
}
/** Perform a hybrid (public/secret) encryption on <b>fromlen</b>
* bytes of data from <b>from</b>, with padding type 'padding',
* storing the results on <b>to</b>.
*
* If no padding is used, the public key must be at least as large as
* <b>from</b>.
*
* Returns the number of bytes written on success, -1 on failure.
*
* The encrypted data consists of:
* - The source data, padded and encrypted with the public key, if the
* padded source data is no longer than the public key, and <b>force</b>
* is false, OR
* - The beginning of the source data prefixed with a 16-byte symmetric key,
* padded and encrypted with the public key; followed by the rest of
* the source data encrypted in AES-CTR mode with the symmetric key.
*/
int
crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env,
char *to,
const char *from,
size_t fromlen,
int padding, int force)
{
int overhead, outlen, r;
size_t pkeylen, symlen;
crypto_cipher_env_t *cipher = NULL;
char *buf = NULL;
tor_assert(env);
tor_assert(from);
tor_assert(to);
overhead = crypto_get_rsa_padding_overhead(crypto_get_rsa_padding(padding));
pkeylen = crypto_pk_keysize(env);
if (padding == PK_NO_PADDING && fromlen < pkeylen)
return -1;
if (!force && fromlen+overhead <= pkeylen) {
/* It all fits in a single encrypt. */
return crypto_pk_public_encrypt(env,to,from,fromlen,padding);
}
cipher = crypto_new_cipher_env();
if (!cipher) return -1;
if (crypto_cipher_generate_key(cipher)<0)
goto err;
/* You can't just run around RSA-encrypting any bitstream: if it's
* greater than the RSA key, then OpenSSL will happily encrypt, and
* later decrypt to the wrong value. So we set the first bit of
* 'cipher->key' to 0 if we aren't padding. This means that our
* symmetric key is really only 127 bits.
*/
if (padding == PK_NO_PADDING)
cipher->key[0] &= 0x7f;
if (crypto_cipher_encrypt_init_cipher(cipher)<0)
goto err;
buf = tor_malloc(pkeylen+1);
memcpy(buf, cipher->key, CIPHER_KEY_LEN);
memcpy(buf+CIPHER_KEY_LEN, from, pkeylen-overhead-CIPHER_KEY_LEN);
/* Length of symmetrically encrypted data. */
symlen = fromlen-(pkeylen-overhead-CIPHER_KEY_LEN);
outlen = crypto_pk_public_encrypt(env,to,buf,pkeylen-overhead,padding);
if (outlen!=(int)pkeylen) {
goto err;
}
r = crypto_cipher_encrypt(cipher, to+outlen,
from+pkeylen-overhead-CIPHER_KEY_LEN, symlen);
if (r<0) goto err;
memset(buf, 0, pkeylen);
tor_free(buf);
crypto_free_cipher_env(cipher);
tor_assert(outlen+symlen < INT_MAX);
return (int)(outlen + symlen);
err:
if (buf) {
memset(buf, 0, pkeylen);
tor_free(buf);
}
if (cipher) crypto_free_cipher_env(cipher);
return -1;
}
/** Invert crypto_pk_public_hybrid_encrypt. */
int
crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
char *to,
const char *from,
size_t fromlen,
int padding, int warnOnFailure)
{
int outlen, r;
size_t pkeylen;
crypto_cipher_env_t *cipher = NULL;
char *buf = NULL;
pkeylen = crypto_pk_keysize(env);
if (fromlen <= pkeylen) {
return crypto_pk_private_decrypt(env,to,from,fromlen,padding,
warnOnFailure);
}
buf = tor_malloc(pkeylen+1);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -