diff options
| author | Nick Mathewson <nickm@torproject.org> | 2004-05-12 19:30:28 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2004-05-12 19:30:28 +0000 |
| commit | 9c3fba5c3bd654d42f8f539e7e8d3caa17861ea0 (patch) | |
| tree | 8be34d36a5953a36925b92b9326ccb281873dfee | |
| parent | f1bc7af9f54bb4b563ffa024b1e32a6acacef26f (diff) | |
| download | tor-9c3fba5c3bd654d42f8f539e7e8d3caa17861ea0.tar.gz tor-9c3fba5c3bd654d42f8f539e7e8d3caa17861ea0.zip | |
Not every RSA decrypt should warn on failure.
svn:r1853
| -rw-r--r-- | src/common/crypto.c | 17 | ||||
| -rw-r--r-- | src/common/crypto.h | 5 | ||||
| -rw-r--r-- | src/or/onion.c | 4 | ||||
| -rw-r--r-- | src/or/rendservice.c | 2 | ||||
| -rw-r--r-- | src/or/test.c | 12 |
5 files changed, 20 insertions, 20 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 8129c9649e..ba6e99f024 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -534,7 +534,7 @@ int crypto_pk_public_encrypt(crypto_pk_env_t *env, const unsigned char *from, in * write the result to <b>to</b>, and return the number of bytes * written. On failure, return -1. */ -int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding) +int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding, int warnOnFailure) { int r; tor_assert(env && from && to && env->key); @@ -545,7 +545,8 @@ int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, i r = RSA_private_decrypt(fromlen, (unsigned char*)from, to, env->key, crypto_get_rsa_padding(padding)); if (r<0) { - crypto_log_errors(LOG_WARN, "performing RSA decryption"); + crypto_log_errors(warnOnFailure?LOG_WARN:LOG_INFO, + "performing RSA decryption"); return -1; } return r; @@ -714,7 +715,7 @@ int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, - int padding) + int padding, int warnOnFailure) { int overhead, pkeylen, outlen, r; crypto_cipher_env_t *cipher = NULL; @@ -724,17 +725,15 @@ int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, pkeylen = crypto_pk_keysize(env); if (fromlen <= pkeylen) { - return crypto_pk_private_decrypt(env,from,fromlen,to,padding); + return crypto_pk_private_decrypt(env,from,fromlen,to,padding,warnOnFailure); } - outlen = crypto_pk_private_decrypt(env,from,pkeylen,buf,padding); + outlen = crypto_pk_private_decrypt(env,from,pkeylen,buf,padding,warnOnFailure); if (outlen<0) { - /* this is only log-levelinfo, because when we're decrypting - * onions, we try several keys to see which will work */ - log_fn(LOG_INFO, "Error decrypting public-key data"); + log_fn(warnOnFailure?LOG_WARN:LOG_INFO, "Error decrypting public-key data"); return -1; } if (outlen < CIPHER_KEY_LEN) { - log_fn(LOG_WARN, "No room for a symmetric key"); + log_fn(warnOnFailure?LOG_WARN:LOG_INFO, "No room for a symmetric key"); return -1; } cipher = crypto_create_init_cipher(buf, 0); diff --git a/src/common/crypto.h b/src/common/crypto.h index 2b752af372..fa8380075e 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -68,7 +68,7 @@ crypto_pk_env_t *crypto_pk_dup_key(crypto_pk_env_t *orig); int crypto_pk_keysize(crypto_pk_env_t *env); int crypto_pk_public_encrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding); -int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding); +int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding, int warnOnFailure); int crypto_pk_private_sign(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to); int crypto_pk_private_sign_digest(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to); int crypto_pk_public_checksig(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to); @@ -78,7 +78,8 @@ int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, unsigned char *to, int padding, int force); int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, - unsigned char *to,int padding); + unsigned char *to,int padding, + int warnOnFailure); int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, int dest_len); crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, int len); diff --git a/src/or/onion.c b/src/or/onion.c index fa496421c0..adaab58c48 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -728,12 +728,12 @@ onion_skin_server_handshake(char *onion_skin, /* ONIONSKIN_CHALLENGE_LEN bytes * break; len = crypto_pk_private_hybrid_decrypt(k, onion_skin, ONIONSKIN_CHALLENGE_LEN, - challenge, PK_PKCS1_OAEP_PADDING); + challenge, PK_PKCS1_OAEP_PADDING,0); if (len>0) break; } if (len<0) { - log_fn(LOG_WARN, "Couldn't decrypt onionskin"); + log_fn(LOG_WARN, "Couldn't decrypt onionskin: client may be using old onion key"); goto err; } else if (len != DH_KEY_LEN) { log_fn(LOG_WARN, "Unexpected onionskin length after decryption: %d", diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 2106853974..db114ad283 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -388,7 +388,7 @@ rend_service_introduce(circuit_t *circuit, const char *request, int request_len) /* Next N bytes is encrypted with service key */ len = crypto_pk_private_hybrid_decrypt( service->private_key,request+DIGEST_LEN,request_len-DIGEST_LEN,buf, - PK_PKCS1_OAEP_PADDING); + PK_PKCS1_OAEP_PADDING,1); if (len<0) { log_fn(LOG_WARN, "Couldn't decrypt INTRODUCE2 cell"); return -1; diff --git a/src/or/test.c b/src/or/test.c index d0b5fcdcce..864645b5d0 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -333,19 +333,19 @@ test_crypto() /* oaep padding should make encryption not match */ test_memneq(data1, data2, 128); test_eq(15, crypto_pk_private_decrypt(pk1, data1, 128, data3, - PK_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING,1)); test_streq(data3, "Hello whirled."); memset(data3, 0, 1024); test_eq(15, crypto_pk_private_decrypt(pk1, data2, 128, data3, - PK_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING,1)); test_streq(data3, "Hello whirled."); /* Can't decrypt with public key. */ test_eq(-1, crypto_pk_private_decrypt(pk2, data2, 128, data3, - PK_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING,1)); /* Try again with bad padding */ memcpy(data2+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */ test_eq(-1, crypto_pk_private_decrypt(pk1, data2, 128, data3, - PK_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING,1)); /* File operations: save and load private key */ test_assert(! crypto_pk_write_private_key_to_filename(pk1, @@ -354,7 +354,7 @@ test_crypto() test_assert(! crypto_pk_read_private_key_from_filename(pk2, "/tmp/tor_test/pke1y")); test_eq(15, crypto_pk_private_decrypt(pk2, data1, 128, data3, - PK_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING,1)); /* Now try signing. */ strcpy(data1, "Ossifrage"); @@ -388,7 +388,7 @@ test_crypto() (i==1)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING; len = crypto_pk_public_hybrid_encrypt(pk1,data1,j,data2,p,0); test_assert(len>=0); - len = crypto_pk_private_hybrid_decrypt(pk1,data2,len,data3,p); + len = crypto_pk_private_hybrid_decrypt(pk1,data2,len,data3,p,1); test_eq(len,j); test_memeq(data1,data3,j); } |