diff options
| author | Nick Mathewson <nickm@torproject.org> | 2004-04-03 02:40:30 +0000 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2004-04-03 02:40:30 +0000 |
| commit | 137b577bbd52a2da8f35a6b38514457868460e36 (patch) | |
| tree | 24397d6dedb7c48bd46b4f0f0f69a4ad61d1cba3 /src/or | |
| parent | 3dc3d0c4ccc95b2a30f9c13386c56b4e4b1edf06 (diff) | |
| download | tor-137b577bbd52a2da8f35a6b38514457868460e36.tar.gz tor-137b577bbd52a2da8f35a6b38514457868460e36.zip | |
Refactor the heck out of crypto interface: admit that we will stick with one ciphersuite at a time, make const things const, and stop putting openssl in the headers.
svn:r1458
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/circuit.c | 24 | ||||
| -rw-r--r-- | src/or/onion.c | 28 | ||||
| -rw-r--r-- | src/or/or.h | 15 | ||||
| -rw-r--r-- | src/or/rendcommon.c | 2 | ||||
| -rw-r--r-- | src/or/rendmid.c | 2 | ||||
| -rw-r--r-- | src/or/rendservice.c | 16 | ||||
| -rw-r--r-- | src/or/router.c | 2 | ||||
| -rw-r--r-- | src/or/routerlist.c | 4 | ||||
| -rw-r--r-- | src/or/test.c | 165 |
9 files changed, 117 insertions, 141 deletions
diff --git a/src/or/circuit.c b/src/or/circuit.c index d573464a99..1d5103bbb3 100644 --- a/src/or/circuit.c +++ b/src/or/circuit.c @@ -354,7 +354,7 @@ circuit_t *circuit_get_next_by_pk_and_purpose(circuit_t *start, continue; if (circ->purpose != purpose) continue; - if (!memcmp(circ->rend_pk_digest, digest, CRYPTO_SHA1_DIGEST_LEN)) + if (!memcmp(circ->rend_pk_digest, digest, DIGEST_LEN)) return circ; } return NULL; @@ -1373,29 +1373,27 @@ int circuit_extend(cell_t *cell, circuit_t *circ) { */ int circuit_init_cpath_crypto(crypt_path_t *cpath, char *key_data) { - unsigned char iv[16]; + unsigned char iv[CIPHER_IV_LEN]; assert(cpath && key_data); assert(!(cpath->f_crypto || cpath->b_crypto || cpath->f_digest || cpath->b_digest)); - memset(iv, 0, 16); + memset(iv, 0, CIPHER_IV_LEN); log_fn(LOG_DEBUG,"hop init digest forward 0x%.8x, backward 0x%.8x.", (unsigned int)*(uint32_t*)key_data, (unsigned int)*(uint32_t*)(key_data+20)); - cpath->f_digest = crypto_new_digest_env(CRYPTO_SHA1_DIGEST); - crypto_digest_add_bytes(cpath->f_digest, key_data, 20); - cpath->b_digest = crypto_new_digest_env(CRYPTO_SHA1_DIGEST); - crypto_digest_add_bytes(cpath->b_digest, key_data+20, 20); + cpath->f_digest = crypto_new_digest_env(); + crypto_digest_add_bytes(cpath->f_digest, key_data, DIGEST_LEN); + cpath->b_digest = crypto_new_digest_env(); + crypto_digest_add_bytes(cpath->b_digest, key_data+DIGEST_LEN, DIGEST_LEN); log_fn(LOG_DEBUG,"hop init cipher forward 0x%.8x, backward 0x%.8x.", - (unsigned int)*(uint32_t*)(key_data+40), (unsigned int)*(uint32_t*)(key_data+40+16)); - if (!(cpath->f_crypto = - crypto_create_init_cipher(CIRCUIT_CIPHER,key_data+40,iv,1))) { + (unsigned int)*(uint32_t*)(key_data+40), (unsigned int)*(uint32_t*)(key_data+40+16)); + if (!(cpath->f_crypto = crypto_create_init_cipher(key_data+40,iv,1))) { log(LOG_WARN,"forward cipher initialization failed."); return -1; } - if (!(cpath->b_crypto = - crypto_create_init_cipher(CIRCUIT_CIPHER,key_data+40+16,iv,0))) { + if (!(cpath->b_crypto = crypto_create_init_cipher(key_data+40+16,iv,0))) { log(LOG_WARN,"backward cipher initialization failed."); return -1; } @@ -1429,7 +1427,7 @@ int circuit_finish_handshake(circuit_t *circ, char *reply) { crypto_dh_free(hop->handshake_state); /* don't need it anymore */ hop->handshake_state = NULL; /* Remember hash of g^xy */ - memcpy(hop->handshake_digest, reply+DH_KEY_LEN, CRYPTO_SHA1_DIGEST_LEN); + memcpy(hop->handshake_digest, reply+DH_KEY_LEN, DIGEST_LEN); if (circuit_init_cpath_crypto(hop, keys)<0) { return -1; diff --git a/src/or/onion.c b/src/or/onion.c index 1fdd65ac9c..f004f03671 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -122,10 +122,10 @@ void onion_pending_remove(circuit_t *circ) { /* given a response payload and keys, initialize, then send a created cell back */ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *keys) { - unsigned char iv[16]; + unsigned char iv[CIPHER_IV_LEN]; cell_t cell; - memset(iv, 0, 16); + memset(iv, 0, CIPHER_IV_LEN); memset(&cell, 0, sizeof(cell_t)); cell.command = CELL_CREATED; @@ -139,25 +139,23 @@ int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *key log_fn(LOG_INFO,"init digest forward 0x%.8x, backward 0x%.8x.", (unsigned int)*(uint32_t*)(keys), (unsigned int)*(uint32_t*)(keys+20)); - circ->n_digest = crypto_new_digest_env(CRYPTO_SHA1_DIGEST); - crypto_digest_add_bytes(circ->n_digest, keys, 20); - circ->p_digest = crypto_new_digest_env(CRYPTO_SHA1_DIGEST); - crypto_digest_add_bytes(circ->p_digest, keys+20, 20); + circ->n_digest = crypto_new_digest_env(); + crypto_digest_add_bytes(circ->n_digest, keys, DIGEST_LEN); + circ->p_digest = crypto_new_digest_env(); + crypto_digest_add_bytes(circ->p_digest, keys+DIGEST_LEN, DIGEST_LEN); log_fn(LOG_DEBUG,"init cipher forward 0x%.8x, backward 0x%.8x.", (unsigned int)*(uint32_t*)(keys+40), (unsigned int)*(uint32_t*)(keys+40+16)); - if (!(circ->n_crypto = - crypto_create_init_cipher(CIRCUIT_CIPHER,keys+40,iv,0))) { + if (!(circ->n_crypto = crypto_create_init_cipher(keys+40,iv,0))) { log_fn(LOG_WARN,"Cipher initialization failed (n)."); return -1; } - if (!(circ->p_crypto = - crypto_create_init_cipher(CIRCUIT_CIPHER,keys+40+16,iv,1))) { + if (!(circ->p_crypto = crypto_create_init_cipher(keys+40+16,iv,1))) { log_fn(LOG_WARN,"Cipher initialization failed (p)."); return -1; } - memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, CRYPTO_SHA1_DIGEST_LEN); + memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN); connection_or_write_cell_to_buf(&cell, circ->p_conn); log_fn(LOG_DEBUG,"Finished sending 'created' cell."); @@ -605,13 +603,13 @@ onion_skin_create(crypto_pk_env_t *dest_router_key, /* set meeting point, meeting cookie, etc here. Leave zero for now. */ - cipher = crypto_create_init_cipher(ONION_CIPHER, challenge, iv, 1); + cipher = crypto_create_init_cipher(challenge, iv, 1); if (!cipher) goto err; if (crypto_pk_public_encrypt(dest_router_key, challenge, pkbytes, - onion_skin_out, RSA_NO_PADDING)==-1) + onion_skin_out, PK_NO_PADDING)==-1) goto err; if (crypto_cipher_encrypt(cipher, challenge+pkbytes, ONIONSKIN_CHALLENGE_LEN-pkbytes, @@ -655,7 +653,7 @@ onion_skin_server_handshake(char *onion_skin, /* ONIONSKIN_CHALLENGE_LEN bytes * if (crypto_pk_private_decrypt(private_key, onion_skin, pkbytes, - challenge, RSA_NO_PADDING) == -1) + challenge, PK_NO_PADDING) == -1) goto err; #ifdef DEBUG_ONION_SKINS @@ -664,7 +662,7 @@ onion_skin_server_handshake(char *onion_skin, /* ONIONSKIN_CHALLENGE_LEN bytes * puts(""); #endif - cipher = crypto_create_init_cipher(ONION_CIPHER, challenge, iv, 0); + cipher = crypto_create_init_cipher(challenge, iv, 0); if (crypto_cipher_decrypt(cipher, onion_skin+pkbytes, ONIONSKIN_CHALLENGE_LEN-pkbytes, challenge+pkbytes)) diff --git a/src/or/or.h b/src/or/or.h index c43d9869ad..d144964583 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -251,13 +251,6 @@ /* Reasons used by connection_mark_for_close */ #define CLOSE_REASON_UNUSED_OR_CONN 100 -/* default cipher function */ -#define DEFAULT_CIPHER CRYPTO_CIPHER_AES_CTR -/* Used to en/decrypt onion skins */ -#define ONION_CIPHER DEFAULT_CIPHER -/* Used to en/decrypt RELAY cells */ -#define CIRCUIT_CIPHER DEFAULT_CIPHER - #define CELL_DIRECTION_IN 1 #define CELL_DIRECTION_OUT 2 #define EDGE_EXIT CONN_TYPE_EXIT @@ -482,7 +475,7 @@ struct crypt_path_t { crypto_digest_env_t *b_digest; crypto_dh_env_t *handshake_state; - char handshake_digest[CRYPTO_SHA1_DIGEST_LEN];/* KH in tor-spec.txt */ + char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */ uint32_t addr; uint16_t port; @@ -501,7 +494,7 @@ struct crypt_path_t { #define DH_KEY_LEN CRYPTO_DH_SIZE #define ONIONSKIN_CHALLENGE_LEN (16+DH_KEY_LEN) #define ONIONSKIN_REPLY_LEN (DH_KEY_LEN+20) -#define REND_COOKIE_LEN CRYPTO_SHA1_DIGEST_LEN +#define REND_COOKIE_LEN DIGEST_LEN typedef struct crypt_path_t crypt_path_t; @@ -545,7 +538,7 @@ struct circuit_t { crypt_path_t *cpath; char onionskin[ONIONSKIN_CHALLENGE_LEN]; /* for storage while onionskin pending */ - char handshake_digest[CRYPTO_SHA1_DIGEST_LEN]; /* Stores KH for intermediate hops */ + char handshake_digest[DIGEST_LEN]; /* Stores KH for intermediate hops */ time_t timestamp_created; time_t timestamp_dirty; /* when the circuit was first used, or 0 if clean */ @@ -563,7 +556,7 @@ struct circuit_t { /* rend_pk_digest holds a hash of location-hidden service's PK if * purpose is INTRO_POINT or S_ESTABLISH_INTRO or S_RENDEZVOUSING */ - char rend_pk_digest[CRYPTO_SHA1_DIGEST_LEN]; + char rend_pk_digest[DIGEST_LEN]; /* Holds rendezvous cookie if purpose is REND_POINT_WAITING or * C_ESTABLISH_REND. Filled with zeroes otherwise. diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index c3ad05cc48..f57e177272 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -112,7 +112,7 @@ rend_service_descriptor_t *rend_parse_service_descriptor( int rend_get_service_id(crypto_pk_env_t *pk, char *out) { - char buf[CRYPTO_SHA1_DIGEST_LEN]; + char buf[DIGEST_LEN]; assert(pk); if (crypto_pk_get_digest(pk, buf) < 0) return -1; diff --git a/src/or/rendmid.c b/src/or/rendmid.c index 6c9a61090e..0fd6c75902 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -42,7 +42,7 @@ rend_mid_establish_intro(circuit_t *circ, char *request, int request_len) /* Next 20 bytes: Hash of handshake_digest | "INTRODUCE" */ memcpy(buf, circ->handshake_digest, 20); memcpy(buf+20, "INTRODUCE", 9); - if (crypto_SHA_digest(buf, 29, expected_digest)<0) { + if (crypto_digest(buf, 29, expected_digest)<0) { log_fn(LOG_WARN, "Error computing digest"); goto err; } diff --git a/src/or/rendservice.c b/src/or/rendservice.c index ae6488dc11..57e4ce17f4 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -352,7 +352,7 @@ rend_service_introduce(circuit_t *circuit, char *request, int request_len) } /* Next N bytes is encrypted with service key */ len = crypto_pk_private_hybrid_decrypt( - service->private_key,request,request_len-20,buf, RSA_PKCS1_PADDING); + service->private_key,request,request_len-20,buf, PK_PKCS1_PADDING); if (len<0) { log_fn(LOG_WARN, "Couldn't decrypt INTRODUCE2 cell"); return -1; @@ -404,7 +404,7 @@ rend_service_introduce(circuit_t *circuit, char *request, int request_len) assert(launched->build_state); /* Fill in the circuit's state. */ memcpy(launched->rend_pk_digest, circuit->rend_pk_digest, - CRYPTO_SHA1_DIGEST_LEN); + DIGEST_LEN); memcpy(launched->rend_cookie, r_cookie, REND_COOKIE_LEN); launched->build_state->pending_final_cpath = cpath = tor_malloc_zero(sizeof(crypt_path_t)); @@ -442,7 +442,7 @@ rend_service_launch_establish_intro(rend_service_t *service, char *nickname) nickname); return -1; } - memcpy(launched->rend_pk_digest, service->pk_digest, CRYPTO_SHA1_DIGEST_LEN); + memcpy(launched->rend_pk_digest, service->pk_digest, DIGEST_LEN); return 0; } @@ -456,7 +456,7 @@ rend_service_intro_is_ready(circuit_t *circuit) rend_service_t *service; int len, r; char buf[RELAY_PAYLOAD_SIZE]; - char auth[CRYPTO_SHA1_DIGEST_LEN + 10]; + char auth[DIGEST_LEN + 10]; char hexid[9]; assert(circuit->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO); @@ -479,9 +479,9 @@ rend_service_intro_is_ready(circuit_t *circuit) RELAY_PAYLOAD_SIZE-2); set_uint16(buf, len); len += 2; - memcpy(auth, circuit->cpath->prev->handshake_digest, CRYPTO_SHA1_DIGEST_LEN); - memcpy(auth+CRYPTO_SHA1_DIGEST_LEN, "INTRODUCE", 9); - if (crypto_SHA_digest(auth, CRYPTO_SHA1_DIGEST_LEN+9, buf+len)) + memcpy(auth, circuit->cpath->prev->handshake_digest, DIGEST_LEN); + memcpy(auth+DIGEST_LEN, "INTRODUCE", 9); + if (crypto_digest(auth, DIGEST_LEN+9, buf+len)) goto err; len += 20; r = crypto_pk_private_sign_digest(service->private_key, buf, len, buf+len); @@ -543,7 +543,7 @@ rend_service_rendezvous_is_ready(circuit_t *circuit) goto err; } memcpy(buf+REND_COOKIE_LEN+DH_KEY_LEN, hop->handshake_digest, - CRYPTO_SHA1_DIGEST_LEN); + DIGEST_LEN); /* Send the cell */ if (connection_edge_send_command(NULL, circuit, RELAY_COMMAND_RENDEZVOUS1, diff --git a/src/or/router.c b/src/or/router.c index 59b257c97a..4bface204b 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -54,7 +54,7 @@ crypto_pk_env_t *init_key_from_file(const char *fname) int fd = -1; FILE *file = NULL; - if (!(prkey = crypto_new_pk_env(CRYPTO_PK_RSA))) { + if (!(prkey = crypto_new_pk_env())) { log(LOG_ERR, "Error creating crypto environment."); goto error; } diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 5c54c6db04..2f41fa1a17 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -1356,7 +1356,7 @@ get_next_token(const char **s, where_syntax where) { if (strncmp(next, "-----END RSA PUBLIC KEY-----\n", 29)) RET_ERR("Malformed object: mismatched end line"); next = strchr(next,'\n')+1; - tok->key = crypto_new_pk_env(CRYPTO_PK_RSA); + tok->key = crypto_new_pk_env(); if (crypto_pk_read_public_key_from_string(tok->key, obstart, next-obstart)) RET_ERR("Couldn't parse public key."); *s = next; @@ -1490,7 +1490,7 @@ static int router_get_hash_impl(const char *s, char *digest, } ++end; - if (crypto_SHA_digest(start, end-start, digest)) { + if (crypto_digest(start, end-start, digest)) { log_fn(LOG_WARN,"couldn't compute digest"); return -1; } diff --git a/src/or/test.c b/src/or/test.c index 055fc332d6..eb04532774 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -243,12 +243,6 @@ test_crypto() char *data1, *data2, *data3, *cp; FILE *f; int i, j, p, len; - int str_ciphers[] = { CRYPTO_CIPHER_IDENTITY, - CRYPTO_CIPHER_DES, - CRYPTO_CIPHER_RC4, - CRYPTO_CIPHER_3DES, - CRYPTO_CIPHER_AES_CTR, - -1 }; data1 = tor_malloc(1024); data2 = tor_malloc(1024); @@ -261,6 +255,7 @@ test_crypto() crypto_rand(100, data2); test_memneq(data1,data2,100); +#if 0 /* Try out identity ciphers. */ env1 = crypto_new_cipher_env(CRYPTO_CIPHER_IDENTITY); test_neq(env1, 0); @@ -273,90 +268,82 @@ test_crypto() crypto_cipher_encrypt(env1, data1, 1024, data2); test_memeq(data1, data2, 1024); crypto_free_cipher_env(env1); +#endif - /* Now, test encryption and decryption with stream ciphers. */ + /* Now, test encryption and decryption with stream cipher. */ data1[0]='\0'; for(i = 1023; i>0; i -= 35) strncat(data1, "Now is the time for all good onions", i); - for(i=0; str_ciphers[i] >= 0; ++i) { - /* For each cipher... */ - memset(data2, 0, 1024); - memset(data3, 0, 1024); - env1 = crypto_new_cipher_env(str_ciphers[i]); - test_neq(env1, 0); - env2 = crypto_new_cipher_env(str_ciphers[i]); - test_neq(env2, 0); - j = crypto_cipher_generate_key(env1); - if (str_ciphers[i] != CRYPTO_CIPHER_IDENTITY) { - crypto_cipher_set_key(env2, crypto_cipher_get_key(env1)); - } - crypto_cipher_set_iv(env1, "12345678901234567890"); - crypto_cipher_set_iv(env2, "12345678901234567890"); - crypto_cipher_encrypt_init_cipher(env1); - crypto_cipher_decrypt_init_cipher(env2); - - /* Try encrypting 512 chars. */ - crypto_cipher_encrypt(env1, data1, 512, data2); - crypto_cipher_decrypt(env2, data2, 512, data3); - test_memeq(data1, data3, 512); - if (str_ciphers[i] == CRYPTO_CIPHER_IDENTITY) { - test_memeq(data1, data2, 512); - } else { - test_memneq(data1, data2, 512); - } - /* Now encrypt 1 at a time, and get 1 at a time. */ - for (j = 512; j < 560; ++j) { - crypto_cipher_encrypt(env1, data1+j, 1, data2+j); - } - for (j = 512; j < 560; ++j) { - crypto_cipher_decrypt(env2, data2+j, 1, data3+j); - } - test_memeq(data1, data3, 560); - /* Now encrypt 3 at a time, and get 5 at a time. */ - for (j = 560; j < 1024-5; j += 3) { - crypto_cipher_encrypt(env1, data1+j, 3, data2+j); - } - for (j = 560; j < 1024-5; j += 5) { - crypto_cipher_decrypt(env2, data2+j, 5, data3+j); - } - test_memeq(data1, data3, 1024-5); - /* Now make sure that when we encrypt with different chunk sizes, we get - the same results. */ - crypto_free_cipher_env(env2); - - memset(data3, 0, 1024); - env2 = crypto_new_cipher_env(str_ciphers[i]); - test_neq(env2, 0); - if (str_ciphers[i] != CRYPTO_CIPHER_IDENTITY) { - crypto_cipher_set_key(env2, crypto_cipher_get_key(env1)); - } - crypto_cipher_set_iv(env2, "12345678901234567890"); - crypto_cipher_encrypt_init_cipher(env2); - for (j = 0; j < 1024-16; j += 17) { - crypto_cipher_encrypt(env2, data1+j, 17, data3+j); - } - for (j= 0; j < 1024-16; ++j) { - if (data2[j] != data3[j]) { - printf("%d: %d\t%d\n", j, (int) data2[j], (int) data3[j]); - } + + memset(data2, 0, 1024); + memset(data3, 0, 1024); + env1 = crypto_new_cipher_env(); + test_neq(env1, 0); + env2 = crypto_new_cipher_env(); + test_neq(env2, 0); + j = crypto_cipher_generate_key(env1); + crypto_cipher_set_key(env2, crypto_cipher_get_key(env1)); + crypto_cipher_set_iv(env1, "12345678901234567890"); + crypto_cipher_set_iv(env2, "12345678901234567890"); + crypto_cipher_encrypt_init_cipher(env1); + crypto_cipher_decrypt_init_cipher(env2); + + /* Try encrypting 512 chars. */ + crypto_cipher_encrypt(env1, data1, 512, data2); + crypto_cipher_decrypt(env2, data2, 512, data3); + test_memeq(data1, data3, 512); + test_memneq(data1, data2, 512); + + /* Now encrypt 1 at a time, and get 1 at a time. */ + for (j = 512; j < 560; ++j) { + crypto_cipher_encrypt(env1, data1+j, 1, data2+j); + } + for (j = 512; j < 560; ++j) { + crypto_cipher_decrypt(env2, data2+j, 1, data3+j); + } + test_memeq(data1, data3, 560); + /* Now encrypt 3 at a time, and get 5 at a time. */ + for (j = 560; j < 1024-5; j += 3) { + crypto_cipher_encrypt(env1, data1+j, 3, data2+j); + } + for (j = 560; j < 1024-5; j += 5) { + crypto_cipher_decrypt(env2, data2+j, 5, data3+j); + } + test_memeq(data1, data3, 1024-5); + /* Now make sure that when we encrypt with different chunk sizes, we get + the same results. */ + crypto_free_cipher_env(env2); + + memset(data3, 0, 1024); + env2 = crypto_new_cipher_env(); + test_neq(env2, 0); + crypto_cipher_set_key(env2, crypto_cipher_get_key(env1)); + crypto_cipher_set_iv(env2, "12345678901234567890"); + crypto_cipher_encrypt_init_cipher(env2); + for (j = 0; j < 1024-16; j += 17) { + crypto_cipher_encrypt(env2, data1+j, 17, data3+j); + } + for (j= 0; j < 1024-16; ++j) { + if (data2[j] != data3[j]) { + printf("%d: %d\t%d\n", j, (int) data2[j], (int) data3[j]); } - test_memeq(data2, data3, 1024-16); - crypto_free_cipher_env(env1); - crypto_free_cipher_env(env2); } + test_memeq(data2, data3, 1024-16); + crypto_free_cipher_env(env1); + crypto_free_cipher_env(env2); /* Test vectors for stream ciphers. */ /* XXXX Look up some test vectors for the ciphers and make sure we match. */ /* Test SHA-1 with a test vector from the specification. */ - i = crypto_SHA_digest("abc", 3, data1); + i = crypto_digest("abc", 3, data1); test_memeq(data1, "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78" "\x50\xC2\x6C\x9C\xD0\xD8\x9D", 20); /* Public-key ciphers */ - pk1 = crypto_new_pk_env(CRYPTO_PK_RSA); - pk2 = crypto_new_pk_env(CRYPTO_PK_RSA); + pk1 = crypto_new_pk_env(); + pk2 = crypto_new_pk_env(); test_assert(pk1 && pk2); test_assert(! crypto_pk_generate_key(pk1)); test_assert(! crypto_pk_write_public_key_to_string(pk1, &cp, &i)); @@ -367,25 +354,25 @@ test_crypto() test_eq(128, crypto_pk_keysize(pk2)); test_eq(128, crypto_pk_public_encrypt(pk2, "Hello whirled.", 15, data1, - RSA_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING)); test_eq(128, crypto_pk_public_encrypt(pk1, "Hello whirled.", 15, data2, - RSA_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING)); /* oaep padding should make encryption not match */ test_memneq(data1, data2, 128); test_eq(15, crypto_pk_private_decrypt(pk1, data1, 128, data3, - RSA_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING)); test_streq(data3, "Hello whirled."); memset(data3, 0, 1024); test_eq(15, crypto_pk_private_decrypt(pk1, data2, 128, data3, - RSA_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING)); test_streq(data3, "Hello whirled."); /* Can't decrypt with public key. */ test_eq(-1, crypto_pk_private_decrypt(pk2, data2, 128, data3, - RSA_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING)); /* Try again with bad padding */ memcpy(data2+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */ test_eq(-1, crypto_pk_private_decrypt(pk1, data2, 128, data3, - RSA_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING)); /* File operations: save and load private key */ f = fopen("/tmp/tor_test/pkey1", "wb"); @@ -395,11 +382,11 @@ test_crypto() test_assert(! crypto_pk_read_private_key_from_file(pk2, f)); fclose(f); test_eq(15, crypto_pk_private_decrypt(pk2, data1, 128, data3, - RSA_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING)); test_assert(! crypto_pk_read_private_key_from_filename(pk2, "/tmp/tor_test/pkey1")); test_eq(15, crypto_pk_private_decrypt(pk2, data1, 128, data3, - RSA_PKCS1_OAEP_PADDING)); + PK_PKCS1_OAEP_PADDING)); /* Now try signing. */ strcpy(data1, "Ossifrage"); @@ -429,8 +416,8 @@ test_crypto() memset(data3,0,1024); if (i == 0 && j < 129) continue; - p = (i==0)?RSA_NO_PADDING: - (i==1)?RSA_PKCS1_PADDING:RSA_PKCS1_OAEP_PADDING; + p = (i==0)?PK_NO_PADDING: + (i==1)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING; len = crypto_pk_public_hybrid_encrypt(pk1,data1,j,data2,p); test_assert(len>=0); len = crypto_pk_private_hybrid_decrypt(pk1,data2,len,data3,p); @@ -626,7 +613,7 @@ test_onion_handshake() { /* shared */ crypto_pk_env_t *pk = NULL; - pk = crypto_new_pk_env(CRYPTO_PK_RSA); + pk = crypto_new_pk_env(); test_assert(! crypto_pk_generate_key(pk)); /* client handshake 1. */ @@ -669,9 +656,9 @@ test_dir_format() struct exit_policy_t ex1, ex2; routerlist_t *dir1 = NULL, *dir2 = NULL; - test_assert( (pk1 = crypto_new_pk_env(CRYPTO_PK_RSA)) ); - test_assert( (pk2 = crypto_new_pk_env(CRYPTO_PK_RSA)) ); - test_assert( (pk3 = crypto_new_pk_env(CRYPTO_PK_RSA)) ); + test_assert( (pk1 = crypto_new_pk_env()) ); + test_assert( (pk2 = crypto_new_pk_env()) ); + test_assert( (pk3 = crypto_new_pk_env()) ); test_assert(! crypto_pk_generate_key(pk1)); test_assert(! crypto_pk_generate_key(pk2)); test_assert(! crypto_pk_generate_key(pk3)); @@ -835,7 +822,7 @@ void test_rend_fns() int len; crypto_pk_env_t *pk1; time_t now; - pk1 = crypto_new_pk_env(CRYPTO_PK_RSA); + pk1 = crypto_new_pk_env(); test_assert(!crypto_pk_generate_key(pk1)); d1 = tor_malloc_zero(sizeof(rend_service_descriptor_t)); |