diff options
author | Nick Mathewson <nickm@torproject.org> | 2012-12-04 15:57:16 -0500 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2013-01-02 14:11:13 -0500 |
commit | 6c883bc6384b3260d791e407b42ffcabb8276beb (patch) | |
tree | 17c9476e652e464019c08a21b5f919e719203f9a /src | |
parent | 25c05cb747eece7d720a3f79c172e83a0e79a3a1 (diff) | |
download | tor-6c883bc6384b3260d791e407b42ffcabb8276beb.tar.gz tor-6c883bc6384b3260d791e407b42ffcabb8276beb.zip |
Move curve25519 keypair type to src/common; give it functions
This patch moves curve25519_keypair_t from src/or/onion_ntor.h to
src/common/crypto_curve25519.h, and adds new functions to generate,
load, and store keypairs.
Diffstat (limited to 'src')
-rw-r--r-- | src/common/crypto_curve25519.c | 82 | ||||
-rw-r--r-- | src/common/crypto_curve25519.h | 18 | ||||
-rw-r--r-- | src/or/onion_ntor.h | 8 |
3 files changed, 100 insertions, 8 deletions
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c index ce0cd0d60c..60347065d1 100644 --- a/src/common/crypto_curve25519.c +++ b/src/common/crypto_curve25519.c @@ -5,9 +5,13 @@ #define CRYPTO_CURVE25519_PRIVATE #include "orconfig.h" +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif #include "crypto.h" #include "crypto_curve25519.h" #include "util.h" +#include "torlog.h" /* ============================== Part 1: wrap a suitable curve25519 implementation as curve25519_impl @@ -85,6 +89,84 @@ curve25519_public_key_generate(curve25519_public_key_t *key_out, curve25519_impl(key_out->public_key, seckey->secret_key, basepoint); } +void +curve25519_keypair_generate(curve25519_keypair_t *keypair_out, + int extra_strong) +{ + curve25519_secret_key_generate(&keypair_out->seckey, extra_strong); + curve25519_public_key_generate(&keypair_out->pubkey, &keypair_out->seckey); +} + +int +curve25519_keypair_write_to_file(const curve25519_keypair_t *keypair, + const char *fname, + const char *tag) +{ + char contents[32 + CURVE25519_SECKEY_LEN + CURVE25519_PUBKEY_LEN]; + int r; + + memset(contents, 0, sizeof(contents)); + tor_snprintf(contents, sizeof(contents), "== c25519v1: %s ==", tag); + tor_assert(strlen(contents) <= 32); + memcpy(contents+32, keypair->seckey.secret_key, CURVE25519_SECKEY_LEN); + memcpy(contents+32+CURVE25519_SECKEY_LEN, + keypair->pubkey.public_key, CURVE25519_PUBKEY_LEN); + + r = write_bytes_to_file(fname, contents, sizeof(contents), 1); + + memwipe(contents, 0, sizeof(contents)); + return r; +} + +int +curve25519_keypair_read_from_file(curve25519_keypair_t *keypair_out, + char **tag_out, + const char *fname) +{ + char prefix[33]; + char *content; + struct stat st; + int r = -1; + + *tag_out = NULL; + + st.st_size = 0; + content = read_file_to_str(fname, RFTS_BIN|RFTS_IGNORE_MISSING, &st); + if (! content) + goto end; + if (st.st_size != 32 + CURVE25519_SECKEY_LEN + CURVE25519_PUBKEY_LEN) + goto end; + + memcpy(prefix, content, 32); + prefix[32] = '\0'; + if (strcmpstart(prefix, "== c25519v1: ") || + strcmpend(prefix, " ==")) + goto end; + + *tag_out = tor_strndup(prefix+strlen("== c25519v1: "), + strlen(prefix) - strlen("== c25519v1: ==")); + + memcpy(keypair_out->seckey.secret_key, content+32, CURVE25519_SECKEY_LEN); + curve25519_public_key_generate(&keypair_out->pubkey, &keypair_out->seckey); + if (tor_memneq(keypair_out->pubkey.public_key, + content + 32 + CURVE25519_SECKEY_LEN, + CURVE25519_PUBKEY_LEN)) + goto end; + + r = 0; + + end: + if (content) { + memwipe(content, 0, st.st_size); + tor_free(content); + } + if (r != 0) { + memset(keypair_out, 0, sizeof(*keypair_out)); + tor_free(*tag_out); + } + return r; +} + /** Perform the curve25519 ECDH handshake with <b>skey</b> and <b>pkey</b>, * writing CURVE25519_OUTPUT_LEN bytes of output into <b>output</b>. */ void diff --git a/src/common/crypto_curve25519.h b/src/common/crypto_curve25519.h index 3e093be7bf..c43017e355 100644 --- a/src/common/crypto_curve25519.h +++ b/src/common/crypto_curve25519.h @@ -23,21 +23,39 @@ typedef struct curve25519_secret_key_t { uint8_t secret_key[CURVE25519_SECKEY_LEN]; } curve25519_secret_key_t; +/** A paired public and private key for curve25519. **/ +typedef struct curve25519_keypair_t { + curve25519_public_key_t pubkey; + curve25519_secret_key_t seckey; +} curve25519_keypair_t; + +#ifdef CURVE25519_ENABLED int curve25519_public_key_is_ok(const curve25519_public_key_t *); void curve25519_secret_key_generate(curve25519_secret_key_t *key_out, int extra_strong); void curve25519_public_key_generate(curve25519_public_key_t *key_out, const curve25519_secret_key_t *seckey); +void curve25519_keypair_generate(curve25519_keypair_t *keypair_out, + int extra_strong); void curve25519_handshake(uint8_t *output, const curve25519_secret_key_t *, const curve25519_public_key_t *); +int curve25519_keypair_write_to_file(const curve25519_keypair_t *keypair, + const char *fname, + const char *tag); + +int curve25519_keypair_read_from_file(curve25519_keypair_t *keypair_out, + char **tag_out, + const char *fname); + #ifdef CRYPTO_CURVE25519_PRIVATE int curve25519_impl(uint8_t *output, const uint8_t *secret, const uint8_t *basepoint); #endif +#endif #endif diff --git a/src/or/onion_ntor.h b/src/or/onion_ntor.h index 03b83da5f2..4f305a49e3 100644 --- a/src/or/onion_ntor.h +++ b/src/or/onion_ntor.h @@ -17,14 +17,6 @@ typedef struct ntor_handshake_state_t ntor_handshake_state_t; /** Length of an ntor reply, as sent from server to client. */ #define NTOR_REPLY_LEN 64 -/** A paired public and private key for curve25519. - * XXXX024 move this structure somewhere smarter. - **/ -typedef struct curve25519_keypair_t { - curve25519_public_key_t pubkey; - curve25519_secret_key_t seckey; -} curve25519_keypair_t; - void ntor_handshake_state_free(ntor_handshake_state_t *state); int onion_skin_ntor_create(const uint8_t *router_id, |