diff options
Diffstat (limited to 'src/ext')
35 files changed, 364 insertions, 116 deletions
diff --git a/src/ext/OpenBSD_malloc_Linux.c b/src/ext/OpenBSD_malloc_Linux.c index 855c912310..9c30570c41 100644 --- a/src/ext/OpenBSD_malloc_Linux.c +++ b/src/ext/OpenBSD_malloc_Linux.c @@ -59,7 +59,7 @@ #include <errno.h> #include <err.h> /* For SIZE_MAX */ -#include "torint.h" +#include "lib/cc/torint.h" //#include "thread_private.h" diff --git a/src/ext/byteorder.h b/src/ext/byteorder.h new file mode 100644 index 0000000000..95e080b14d --- /dev/null +++ b/src/ext/byteorder.h @@ -0,0 +1,71 @@ +/* <MIT License> + Copyright (c) 2013-2014 Marek Majkowski <marek@popcount.org> + + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + </MIT License> + + Original location: + https://github.com/majek/csiphash/ + + Solution inspired by code from: + Samuel Neves (supercop/crypto_auth/siphash24/little) + djb (supercop/crypto_auth/siphash24/little2) + Jean-Philippe Aumasson (https://131002.net/siphash/siphash24.c) +*/ + +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif + +/* This code is extracted from csiphash.h */ + +#if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ + __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +# define _le64toh(x) ((uint64_t)(x)) +#elif defined(_WIN32) +/* Windows is always little endian, unless you're on xbox360 + http://msdn.microsoft.com/en-us/library/b0084kay(v=vs.80).aspx */ +# define _le64toh(x) ((uint64_t)(x)) +#elif defined(__APPLE__) +# include <libkern/OSByteOrder.h> +# define _le64toh(x) OSSwapLittleToHostInt64(x) +#elif defined(sun) || defined(__sun) +# include <sys/byteorder.h> +# define _le64toh(x) LE_64(x) + +#else + +/* See: http://sourceforge.net/p/predef/wiki/Endianness/ */ +# if defined(__FreeBSD__) || defined(__NetBSD__) || defined(OpenBSD) +# include <sys/endian.h> +# else +# include <endian.h> +# endif +# if defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \ + __BYTE_ORDER == __LITTLE_ENDIAN +# define _le64toh(x) ((uint64_t)(x)) +# else +# if defined(OpenBSD) +# define _le64toh(x) letoh64(x) +# else +# define _le64toh(x) le64toh(x) +# endif +# endif + +#endif diff --git a/src/ext/csiphash.c b/src/ext/csiphash.c index 49a6dc4778..a6a9846db4 100644 --- a/src/ext/csiphash.c +++ b/src/ext/csiphash.c @@ -29,47 +29,13 @@ Jean-Philippe Aumasson (https://131002.net/siphash/siphash24.c) */ -#include "torint.h" +#include "lib/cc/torint.h" +#include "lib/log/util_bug.h" + #include "siphash.h" -/* for tor_assert */ -#include "util.h" -/* for memcpy */ #include <string.h> - -#if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ - __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -# define _le64toh(x) ((uint64_t)(x)) -#elif defined(_WIN32) -/* Windows is always little endian, unless you're on xbox360 - http://msdn.microsoft.com/en-us/library/b0084kay(v=vs.80).aspx */ -# define _le64toh(x) ((uint64_t)(x)) -#elif defined(__APPLE__) -# include <libkern/OSByteOrder.h> -# define _le64toh(x) OSSwapLittleToHostInt64(x) -#elif defined(sun) || defined(__sun) -# include <sys/byteorder.h> -# define _le64toh(x) LE_64(x) - -#else - -/* See: http://sourceforge.net/p/predef/wiki/Endianness/ */ -# if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) -# include <sys/endian.h> -# else -# include <endian.h> -# endif -# if defined(__BYTE_ORDER) && defined(__LITTLE_ENDIAN) && \ - __BYTE_ORDER == __LITTLE_ENDIAN -# define _le64toh(x) ((uint64_t)(x)) -# else -# if defined(__OpenBSD__) -# define _le64toh(x) letoh64(x) -# else -# define _le64toh(x) le64toh(x) -# endif -# endif - -#endif +#include <stdlib.h> +#include "byteorder.h" #define ROTATE(x, b) (uint64_t)( ((x) << (b)) | ( (x) >> (64 - (b))) ) @@ -157,3 +123,9 @@ void siphash_set_global_key(const struct sipkey *key) the_siphash_key.k1 = key->k1; the_siphash_key_is_set = 1; } + +void siphash_unset_global_key(void) +{ + the_siphash_key_is_set = 0; + memset(&the_siphash_key, 0, sizeof(the_siphash_key)); +} diff --git a/src/ext/curve25519_donna/curve25519-donna-c64.c b/src/ext/curve25519_donna/curve25519-donna-c64.c index b68ff3695a..45da7bf1e6 100644 --- a/src/ext/curve25519_donna/curve25519-donna-c64.c +++ b/src/ext/curve25519_donna/curve25519-donna-c64.c @@ -25,7 +25,7 @@ #include "orconfig.h" #include <string.h> -#include "torint.h" +#include "lib/cc/torint.h" typedef uint8_t u8; typedef uint64_t limb; diff --git a/src/ext/curve25519_donna/curve25519-donna.c b/src/ext/curve25519_donna/curve25519-donna.c index 1c5a27ab8a..d64b95c113 100644 --- a/src/ext/curve25519_donna/curve25519-donna.c +++ b/src/ext/curve25519_donna/curve25519-donna.c @@ -48,7 +48,7 @@ #include "orconfig.h" #include <string.h> -#include "torint.h" +#include "lib/cc/torint.h" typedef uint8_t u8; typedef int32_t s32; diff --git a/src/ext/ed25519/donna/ed25519-donna-impl-base.h b/src/ext/ed25519/donna/ed25519-donna-impl-base.h index 48913edcb4..67b3b49b96 100644 --- a/src/ext/ed25519/donna/ed25519-donna-impl-base.h +++ b/src/ext/ed25519/donna/ed25519-donna-impl-base.h @@ -6,15 +6,15 @@ DONNA_INLINE static void ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) { curve25519_mul(r->x, p->x, p->t); curve25519_mul(r->y, p->y, p->z); - curve25519_mul(r->z, p->z, p->t); + curve25519_mul(r->z, p->z, p->t); } DONNA_INLINE static void ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) { curve25519_mul(r->x, p->x, p->t); curve25519_mul(r->y, p->y, p->z); - curve25519_mul(r->z, p->z, p->t); - curve25519_mul(r->t, p->x, p->y); + curve25519_mul(r->z, p->z, p->t); + curve25519_mul(r->t, p->x, p->y); } static void @@ -249,7 +249,7 @@ ge25519_unpack_negative_vartime(ge25519 *r, const unsigned char p[32]) { #define S2_TABLE_SIZE (1<<(S2_SWINDOWSIZE-2)) /* computes [s1]p1 + [s2]basepoint */ -static void +static void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) { signed char slide1[256], slide2[256]; ge25519_pniels pre1[S1_TABLE_SIZE]; @@ -336,6 +336,7 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96] signed char b[64]; uint32_t i; ge25519_niels t; + memset(&t, 0, sizeof(t)); contract256_window4_modm(b, s); @@ -344,7 +345,7 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96] curve25519_add_reduce(r->y, t.xaddy, t.ysubx); memset(r->z, 0, sizeof(bignum25519)); curve25519_copy(r->t, t.t2d); - r->z[0] = 2; + r->z[0] = 2; for (i = 3; i < 64; i += 2) { ge25519_scalarmult_base_choose_niels(&t, basepoint_table, i / 2, b[i]); ge25519_nielsadd2(r, &t); @@ -361,4 +362,3 @@ ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96] ge25519_nielsadd2(r, &t); } } - diff --git a/src/ext/ed25519/donna/ed25519-donna-portable-identify.h b/src/ext/ed25519/donna/ed25519-donna-portable-identify.h index 26a264cf9e..3e0f9cfc50 100644 --- a/src/ext/ed25519/donna/ed25519-donna-portable-identify.h +++ b/src/ext/ed25519/donna/ed25519-donna-portable-identify.h @@ -14,7 +14,7 @@ #define OS_OSX #elif defined(macintosh) || defined(Macintosh) #define OS_MAC - #elif defined(__OpenBSD__) + #elif defined(OpenBSD) #define OS_OPENBSD #endif #endif diff --git a/src/ext/ed25519/donna/ed25519-hash-custom.h b/src/ext/ed25519/donna/ed25519-hash-custom.h index 7dc249129d..ff8bbde3da 100644 --- a/src/ext/ed25519/donna/ed25519-hash-custom.h +++ b/src/ext/ed25519/donna/ed25519-hash-custom.h @@ -9,3 +9,34 @@ void ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen); */ +#include "lib/crypt_ops/crypto_digest.h" + +typedef struct ed25519_hash_context { + crypto_digest_t *ctx; +} ed25519_hash_context; + + +static void +ed25519_hash_init(ed25519_hash_context *ctx) +{ + ctx->ctx = crypto_digest512_new(DIGEST_SHA512); +} +static void +ed25519_hash_update(ed25519_hash_context *ctx, const uint8_t *in, size_t inlen) +{ + crypto_digest_add_bytes(ctx->ctx, (const char *)in, inlen); +} +static void +ed25519_hash_final(ed25519_hash_context *ctx, uint8_t *hash) +{ + crypto_digest_get_digest(ctx->ctx, (char *)hash, DIGEST512_LEN); + crypto_digest_free(ctx->ctx); + ctx->ctx = NULL; +} +static void +ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen) +{ + crypto_digest512((char *)hash, (const char *)in, inlen, + DIGEST_SHA512); +} + diff --git a/src/ext/ed25519/donna/ed25519-randombytes-custom.h b/src/ext/ed25519/donna/ed25519-randombytes-custom.h index 3fb0959fc4..d92a51d1d3 100644 --- a/src/ext/ed25519/donna/ed25519-randombytes-custom.h +++ b/src/ext/ed25519/donna/ed25519-randombytes-custom.h @@ -8,7 +8,7 @@ */ /* Tor: Instead of calling OpenSSL's CSPRNG directly, call the wrapper. */ -#include "crypto.h" +#include "lib/crypt_ops/crypto_rand.h" static void ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len) diff --git a/src/ext/ed25519/donna/ed25519_donna_tor.h b/src/ext/ed25519/donna/ed25519_donna_tor.h index d225407b1c..20e9b5e99c 100644 --- a/src/ext/ed25519/donna/ed25519_donna_tor.h +++ b/src/ext/ed25519/donna/ed25519_donna_tor.h @@ -1,7 +1,7 @@ /* Added for Tor. */ #ifndef SRC_EXT_ED25519_DONNA_H_INCLUDED_ #define SRC_EXT_ED25519_DONNA_H_INCLUDED_ -#include <torint.h> +#include "lib/cc/torint.h" typedef unsigned char curved25519_key[32]; @@ -30,4 +30,9 @@ int ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp, int ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out, const unsigned char *inp, int signbit); + +int +ed25519_donna_scalarmult_with_group_order(unsigned char *out, + const unsigned char *pubkey); + #endif diff --git a/src/ext/ed25519/donna/ed25519_tor.c b/src/ext/ed25519/donna/ed25519_tor.c index 9537ae66a1..7f5ab398d8 100644 --- a/src/ext/ed25519/donna/ed25519_tor.c +++ b/src/ext/ed25519/donna/ed25519_tor.c @@ -40,6 +40,8 @@ #include "ed25519-randombytes.h" #include "ed25519-hash.h" +#include "lib/crypt_ops/crypto_util.h" + typedef unsigned char ed25519_signature[64]; typedef unsigned char ed25519_public_key[32]; typedef unsigned char ed25519_secret_key[32]; @@ -132,7 +134,7 @@ ED25519_FN(curved25519_scalarmult_basepoint) (curved25519_key pk, const curved25 } /* - Tor has a specific idea of how an Ed25519 implementaion should behave. + Tor has a specific idea of how an Ed25519 implementation should behave. Implement such a beast using the ed25519-donna primitives/internals. * Private key generation using Tor's CSPRNG. @@ -245,13 +247,7 @@ ed25519_donna_sign(unsigned char *sig, const unsigned char *m, size_t mlen, static void ed25519_donna_gettweak(unsigned char *out, const unsigned char *param) { - static const char str[] = "Derive temporary signing key"; - ed25519_hash_context ctx; - - ed25519_hash_init(&ctx); - ed25519_hash_update(&ctx, (const unsigned char*)str, strlen(str)); - ed25519_hash_update(&ctx, param, 32); - ed25519_hash_final(&ctx, out); + memcpy(out, param, 32); out[0] &= 248; /* Is this necessary ? */ out[31] &= 63; @@ -304,7 +300,9 @@ ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp, /* No "ge25519_unpack", negate the public key. */ memcpy(pkcopy, inp, 32); pkcopy[31] ^= (1<<7); - ge25519_unpack_negative_vartime(&A, pkcopy); + if (!ge25519_unpack_negative_vartime(&A, pkcopy)) { + return -1; + } /* A' = [tweak] * A + [0] * basepoint. */ ge25519_double_scalarmult_vartime(&Aprime, &A, t, zero); @@ -340,5 +338,32 @@ ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out, return 0; } +/* Do the scalar multiplication of <b>pubkey</b> with the group order + * <b>modm_m</b>. Place the result in <b>out</b> which must be at least 32 + * bytes long. */ +int +ed25519_donna_scalarmult_with_group_order(unsigned char *out, + const unsigned char *pubkey) +{ + static const bignum256modm ALIGN(16) zero = { 0 }; + unsigned char pkcopy[32]; + ge25519 ALIGN(16) Point, Result; + + /* No "ge25519_unpack", negate the public key and unpack it back. + * See ed25519_donna_blind_public_key() */ + memcpy(pkcopy, pubkey, 32); + pkcopy[31] ^= (1<<7); + if (!ge25519_unpack_negative_vartime(&Point, pkcopy)) { + return -1; /* error: bail out */ + } + + /* There is no regular scalarmult function so we have to do: + * Result = l*P + 0*B */ + ge25519_double_scalarmult_vartime(&Result, &Point, modm_m, zero); + ge25519_pack(out, &Result); + + return 0; +} + #include "test-internals.c" diff --git a/src/ext/ed25519/ref10/blinding.c b/src/ext/ed25519/ref10/blinding.c index ee3e8666fa..8485524e5d 100644 --- a/src/ext/ed25519/ref10/blinding.c +++ b/src/ext/ed25519/ref10/blinding.c @@ -7,13 +7,13 @@ #include "ed25519_ref10.h" #include <string.h> -#include "crypto.h" +#include "lib/crypt_ops/crypto_util.h" static void ed25519_ref10_gettweak(unsigned char *out, const unsigned char *param) { - const char str[] = "Derive temporary signing key"; - crypto_hash_sha512_2(out, (const unsigned char*)str, strlen(str), param, 32); + memcpy(out, param, 32); + out[0] &= 248; /* Is this necessary necessary ? */ out[31] &= 63; out[31] |= 64; @@ -49,6 +49,7 @@ int ed25519_ref10_blind_public_key(unsigned char *out, unsigned char pkcopy[32]; ge_p3 A; ge_p2 Aprime; + int retval = -1; ed25519_ref10_gettweak(tweak, param); @@ -62,15 +63,57 @@ int ed25519_ref10_blind_public_key(unsigned char *out, * "ge_frombytes", we'd use that, but there isn't. */ memcpy(pkcopy, inp, 32); pkcopy[31] ^= (1<<7); - ge_frombytes_negate_vartime(&A, pkcopy); + if (ge_frombytes_negate_vartime(&A, pkcopy) != 0) { + goto done; + } /* There isn't a regular ge_scalarmult -- we have to do tweak*A + zero*B. */ ge_double_scalarmult_vartime(&Aprime, tweak, &A, zero); ge_tobytes(out, &Aprime); + retval = 0; + + done: memwipe(tweak, 0, sizeof(tweak)); memwipe(&A, 0, sizeof(A)); memwipe(&Aprime, 0, sizeof(Aprime)); memwipe(pkcopy, 0, sizeof(pkcopy)); + return retval; +} + +/* This is the group order encoded in a format that + * ge_double_scalarmult_vartime() understands. The group order m is: + * m = 2^252 + 27742317777372353535851937790883648493 = + * 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed + */ +static const uint8_t modm_m[32] = {0xed,0xd3,0xf5,0x5c,0x1a,0x63,0x12,0x58, + 0xd6,0x9c,0xf7,0xa2,0xde,0xf9,0xde,0x14, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10}; + +/* Do the scalar multiplication of <b>pubkey</b> with the group order + * <b>modm_m</b>. Place the result in <b>out</b> which must be at least 32 + * bytes long. */ +int +ed25519_ref10_scalarmult_with_group_order(unsigned char *out, + const unsigned char *pubkey) +{ + unsigned char pkcopy[32]; + unsigned char zero[32] = {0}; + ge_p3 Point; + ge_p2 Result; + + /* All this is done to fit 'pubkey' in 'Point' so that it can be used by + * ed25519 ref code. Same thing as in blinding function */ + memcpy(pkcopy, pubkey, 32); + pkcopy[31] ^= (1<<7); + if (ge_frombytes_negate_vartime(&Point, pkcopy) != 0) { + return -1; /* error: bail out */ + } + + /* There isn't a regular scalarmult -- we have to do r = l*P + 0*B */ + ge_double_scalarmult_vartime(&Result, modm_m, &Point, zero); + ge_tobytes(out, &Result); + return 0; } diff --git a/src/ext/ed25519/ref10/crypto_hash_sha512.h b/src/ext/ed25519/ref10/crypto_hash_sha512.h index 0278571522..25e6a90cec 100644 --- a/src/ext/ed25519/ref10/crypto_hash_sha512.h +++ b/src/ext/ed25519/ref10/crypto_hash_sha512.h @@ -1,30 +1,32 @@ /* Added for Tor. */ -#include <openssl/sha.h> +#include "lib/crypt_ops/crypto_digest.h" /* Set 'out' to the 512-bit SHA512 hash of the 'len'-byte string in 'inp' */ #define crypto_hash_sha512(out, inp, len) \ - SHA512((inp), (len), (out)) + crypto_digest512((char *)(out), (const char *)(inp), (len), DIGEST_SHA512) /* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1', * concatenated with the 'len2'-byte string in 'inp2'. */ #define crypto_hash_sha512_2(out, inp1, len1, inp2, len2) \ do { \ - SHA512_CTX sha_ctx_; \ - SHA512_Init(&sha_ctx_); \ - SHA512_Update(&sha_ctx_, (inp1), (len1)); \ - SHA512_Update(&sha_ctx_, (inp2), (len2)); \ - SHA512_Final((out), &sha_ctx_); \ - } while(0) + crypto_digest_t *sha_ctx_; \ + sha_ctx_ = crypto_digest512_new(DIGEST_SHA512); \ + crypto_digest_add_bytes(sha_ctx_, (const char *)(inp1), (len1)); \ + crypto_digest_add_bytes(sha_ctx_, (const char *)(inp2), (len2)); \ + crypto_digest_get_digest(sha_ctx_, (char *)out, DIGEST512_LEN); \ + crypto_digest_free(sha_ctx_); \ + } while (0) /* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1', * concatenated with the 'len2'-byte string in 'inp2', concatenated with * the 'len3'-byte string in 'len3'. */ #define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3) \ do { \ - SHA512_CTX sha_ctx_; \ - SHA512_Init(&sha_ctx_); \ - SHA512_Update(&sha_ctx_, (inp1), (len1)); \ - SHA512_Update(&sha_ctx_, (inp2), (len2)); \ - SHA512_Update(&sha_ctx_, (inp3), (len3)); \ - SHA512_Final((out), &sha_ctx_); \ + crypto_digest_t *sha_ctx_; \ + sha_ctx_ = crypto_digest512_new(DIGEST_SHA512); \ + crypto_digest_add_bytes(sha_ctx_, (const char *)(inp1), (len1)); \ + crypto_digest_add_bytes(sha_ctx_, (const char *)(inp2), (len2)); \ + crypto_digest_add_bytes(sha_ctx_, (const char *)(inp3), (len3)); \ + crypto_digest_get_digest(sha_ctx_, (char *)out, DIGEST512_LEN); \ + crypto_digest_free(sha_ctx_); \ } while(0) diff --git a/src/ext/ed25519/ref10/crypto_int32.h b/src/ext/ed25519/ref10/crypto_int32.h index dd13c91bd0..26271e917b 100644 --- a/src/ext/ed25519/ref10/crypto_int32.h +++ b/src/ext/ed25519/ref10/crypto_int32.h @@ -3,7 +3,7 @@ #ifndef CRYPTO_INT32_H #define CRYPTO_INT32_H -#include "torint.h" +#include "lib/cc/torint.h" #define crypto_int32 int32_t #define crypto_uint32 uint32_t diff --git a/src/ext/ed25519/ref10/crypto_int64.h b/src/ext/ed25519/ref10/crypto_int64.h index 46e8852ed0..3b066a9c0c 100644 --- a/src/ext/ed25519/ref10/crypto_int64.h +++ b/src/ext/ed25519/ref10/crypto_int64.h @@ -3,7 +3,7 @@ #ifndef CRYPTO_INT64_H #define CRYPTO_INT64_H -#include "torint.h" +#include "lib/cc/torint.h" #define crypto_int64 int64_t #define crypto_uint64 uint64_t diff --git a/src/ext/ed25519/ref10/crypto_uint32.h b/src/ext/ed25519/ref10/crypto_uint32.h index 62655a5b66..a7a77723bd 100644 --- a/src/ext/ed25519/ref10/crypto_uint32.h +++ b/src/ext/ed25519/ref10/crypto_uint32.h @@ -1,3 +1,3 @@ /* Added for Tor. */ -#include "torint.h" +#include "lib/cc/torint.h" #define crypto_uint32 uint32_t diff --git a/src/ext/ed25519/ref10/crypto_uint64.h b/src/ext/ed25519/ref10/crypto_uint64.h index cbda882a6a..adaaa08042 100644 --- a/src/ext/ed25519/ref10/crypto_uint64.h +++ b/src/ext/ed25519/ref10/crypto_uint64.h @@ -1,3 +1,3 @@ /* Added for Tor. */ -#include "torint.h" +#include "lib/cc/torint.h" #define crypto_uint64 uint64_t diff --git a/src/ext/ed25519/ref10/crypto_verify_32.h b/src/ext/ed25519/ref10/crypto_verify_32.h index 0f63efc7a3..5299928754 100644 --- a/src/ext/ed25519/ref10/crypto_verify_32.h +++ b/src/ext/ed25519/ref10/crypto_verify_32.h @@ -1,5 +1,4 @@ /* Added for Tor. */ -#include "di_ops.h" +#include "lib/ctime/di_ops.h" #define crypto_verify_32(a,b) \ (! tor_memeq((a), (b), 32)) - diff --git a/src/ext/ed25519/ref10/ed25519_ref10.h b/src/ext/ed25519/ref10/ed25519_ref10.h index af7e21a2ad..bb72af6c0b 100644 --- a/src/ext/ed25519/ref10/ed25519_ref10.h +++ b/src/ext/ed25519/ref10/ed25519_ref10.h @@ -1,7 +1,7 @@ /* Added for Tor */ #ifndef SRC_EXT_ED25519_REF10_H_INCLUDED_ #define SRC_EXT_ED25519_REF10_H_INCLUDED_ -#include <torint.h> +#include "lib/cc/torint.h" int ed25519_ref10_seckey(unsigned char *sk); int ed25519_ref10_seckey_expand(unsigned char *sk, const unsigned char *sk_seed); @@ -27,4 +27,8 @@ int ed25519_ref10_blind_public_key(unsigned char *out, const unsigned char *inp, const unsigned char *param); +int +ed25519_ref10_scalarmult_with_group_order(unsigned char *out, + const unsigned char *pubkey); + #endif diff --git a/src/ext/ed25519/ref10/keypair.c b/src/ext/ed25519/ref10/keypair.c index 68a88f9adc..a6e2d4c781 100644 --- a/src/ext/ed25519/ref10/keypair.c +++ b/src/ext/ed25519/ref10/keypair.c @@ -6,6 +6,9 @@ #include "crypto_hash_sha512.h" #include "ge.h" +#include "lib/crypt_ops/crypto_rand.h" +#include "lib/crypt_ops/crypto_util.h" + int crypto_sign_seckey(unsigned char *sk) { @@ -49,4 +52,3 @@ int crypto_sign_keypair(unsigned char *pk,unsigned char *sk) return 0; } - diff --git a/src/ext/ed25519/ref10/randombytes.h b/src/ext/ed25519/ref10/randombytes.h index 8bf31631f0..c2cef10ceb 100644 --- a/src/ext/ed25519/ref10/randombytes.h +++ b/src/ext/ed25519/ref10/randombytes.h @@ -1,4 +1,4 @@ /* Added for Tor. */ -#include "crypto.h" +#include "lib/crypt_ops/crypto_rand.h" #define randombytes(b, n) \ (crypto_strongest_rand((b), (n)), 0) diff --git a/src/ext/getdelim.c b/src/ext/getdelim.c new file mode 100644 index 0000000000..1c29baffd9 --- /dev/null +++ b/src/ext/getdelim.c @@ -0,0 +1,79 @@ +/* $NetBSD: getdelim.c,v 1.2 2015/12/25 20:12:46 joerg Exp $ */ +/* NetBSD-src: getline.c,v 1.2 2014/09/16 17:23:50 christos Exp */ + +/*- + * Copyright (c) 2011 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Christos Zoulas. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef BUFSIZ +#define BUFSIZ 512 +#endif + +ssize_t +compat_getdelim_(char **buf, size_t *bufsiz, int delimiter, FILE *fp) +{ + char *ptr, *eptr; + + + if (*buf == NULL || *bufsiz == 0) { + *bufsiz = BUFSIZ; + if ((*buf = raw_malloc(*bufsiz)) == NULL) + return -1; + } + + for (ptr = *buf, eptr = *buf + *bufsiz;;) { + int c = fgetc(fp); + if (c == -1) { + if (feof(fp)) { + ssize_t diff = (ssize_t)(ptr - *buf); + if (diff != 0) { + *ptr = '\0'; + return diff; + } + } + return -1; + } + *ptr++ = c; + if (c == delimiter) { + *ptr = '\0'; + return ptr - *buf; + } + if (ptr + 2 >= eptr) { + char *nbuf; + size_t nbufsiz = *bufsiz * 2; + ssize_t d = ptr - *buf; + if (nbufsiz < *bufsiz || + (nbuf = raw_realloc(*buf, nbufsiz)) == NULL) + return -1; + *buf = nbuf; + *bufsiz = nbufsiz; + eptr = nbuf + nbufsiz; + ptr = nbuf + d; + } + } +} diff --git a/src/ext/ht.h b/src/ext/ht.h index a441d0b685..54e5eb7cba 100644 --- a/src/ext/ht.h +++ b/src/ext/ht.h @@ -1,6 +1,6 @@ /* Copyright (c) 2002, Christopher Clark. * Copyright (c) 2005-2006, Nick Mathewson. - * Copyright (c) 2007-2015, The Tor Project, Inc. */ + * Copyright (c) 2007-2019, The Tor Project, Inc. */ /* See license at end. */ /* Based on ideas by Christopher Clark and interfaces from Niels Provos. */ @@ -150,6 +150,8 @@ #define HT_CLEAR(name, head) name##_HT_CLEAR(head) #define HT_INIT(name, head) name##_HT_INIT(head) #define HT_REP_IS_BAD_(name, head) name##_HT_REP_IS_BAD_(head) +#define HT_FOREACH_FN(name, head, fn, data) \ + name##_HT_FOREACH_FN((head), (fn), (data)) /* Helper: */ static inline unsigned ht_improve_hash(unsigned h) diff --git a/src/ext/include.am b/src/ext/include.am index f00f3e031e..6bdce2d79e 100644 --- a/src/ext/include.am +++ b/src/ext/include.am @@ -5,10 +5,12 @@ EXTRA_DIST += src/ext/README EXTHEADERS = \ src/ext/ht.h \ + src/ext/byteorder.h \ src/ext/tinytest.h \ src/ext/tor_readpassphrase.h \ src/ext/strlcat.c \ src/ext/strlcpy.c \ + src/ext/getdelim.c \ src/ext/tinytest_macros.h \ src/ext/tor_queue.h \ src/ext/siphash.h \ @@ -100,6 +102,7 @@ noinst_LIBRARIES += $(LIBED25519_REF10) src_ext_ed25519_donna_libed25519_donna_a_CFLAGS=\ @CFLAGS_CONSTTIME@ \ -DED25519_CUSTOMRANDOM \ + -DED25519_CUSTOMHASH \ -DED25519_SUFFIX=_donna src_ext_ed25519_donna_libed25519_donna_a_SOURCES= \ @@ -171,4 +174,3 @@ EXTRA_DIST += \ src/ext/timeouts/Makefile \ src/ext/timeouts/Rules.shrc \ src/ext/timeouts/test-timeout.c - diff --git a/src/ext/keccak-tiny/keccak-tiny-unrolled.c b/src/ext/keccak-tiny/keccak-tiny-unrolled.c index d1342c3601..05cf0ec3f0 100644 --- a/src/ext/keccak-tiny/keccak-tiny-unrolled.c +++ b/src/ext/keccak-tiny/keccak-tiny-unrolled.c @@ -9,29 +9,22 @@ #include "keccak-tiny.h" #include <string.h> -#include "crypto.h" +#include "lib/crypt_ops/crypto_util.h" +#include "byteorder.h" /******** Endianness conversion helpers ********/ static inline uint64_t loadu64le(const unsigned char *x) { - uint64_t r = 0; - size_t i; - - for (i = 0; i < 8; ++i) { - r |= (uint64_t)x[i] << 8 * i; - } - return r; + uint64_t r; + memcpy(&r, x, sizeof(r)); + return _le64toh(r); } static inline void storeu64le(uint8_t *x, uint64_t u) { - size_t i; - - for(i=0; i<8; ++i) { - x[i] = u; - u >>= 8; - } + uint64_t val = _le64toh(u); + memcpy(x, &val, sizeof(u)); } /******** The Keccak-f[1600] permutation ********/ diff --git a/src/ext/keccak-tiny/keccak-tiny.h b/src/ext/keccak-tiny/keccak-tiny.h index 7efea2319e..a9c8ed6420 100644 --- a/src/ext/keccak-tiny/keccak-tiny.h +++ b/src/ext/keccak-tiny/keccak-tiny.h @@ -2,7 +2,7 @@ #define KECCAK_FIPS202_H #include <stddef.h> -#include "torint.h" +#include "lib/cc/torint.h" #define KECCAK_MAX_RATE 200 diff --git a/src/ext/mulodi/mulodi4.c b/src/ext/mulodi/mulodi4.c index 9891bbf1af..accce1ce01 100644 --- a/src/ext/mulodi/mulodi4.c +++ b/src/ext/mulodi/mulodi4.c @@ -18,7 +18,7 @@ #define COMPILER_RT_ABI #define di_int int64_t #define di_uint uint64_t -#include "torint.h" +#include "lib/cc/torint.h" di_int __mulodi4(di_int a, di_int b, int* overflow); #endif diff --git a/src/ext/rust b/src/ext/rust new file mode 160000 +Subproject aa37fb84fb829902e83ca11a7244bbc6b86b809 diff --git a/src/ext/siphash.h b/src/ext/siphash.h index d9b34b8980..730e49937d 100644 --- a/src/ext/siphash.h +++ b/src/ext/siphash.h @@ -9,5 +9,6 @@ uint64_t siphash24(const void *src, unsigned long src_sz, const struct sipkey *k void siphash_set_global_key(const struct sipkey *key); uint64_t siphash24g(const void *src, unsigned long src_sz); +void siphash_unset_global_key(void); #endif diff --git a/src/ext/timeouts/timeout-bitops.c b/src/ext/timeouts/timeout-bitops.c index 45466f6cb3..68db817933 100644 --- a/src/ext/timeouts/timeout-bitops.c +++ b/src/ext/timeouts/timeout-bitops.c @@ -231,7 +231,8 @@ main(int c, char **v) int result = 0; for (i = 0; i <= 63; ++i) { - uint64_t x = 1 << i; + uint64_t x = 1; + x <<= i; if (!check(x)) result = 1; --x; diff --git a/src/ext/timeouts/timeout.c b/src/ext/timeouts/timeout.c index 713ec219ce..d4b514d2c5 100644 --- a/src/ext/timeouts/timeout.c +++ b/src/ext/timeouts/timeout.c @@ -150,7 +150,7 @@ #else #define ctz(n) ctz32(n) #define clz(n) clz32(n) -#define fls(n) ((int)(32 - clz32(n))) +#define fls(n) ((int)(32 - clz32((uint32_t)n))) #endif #if WHEEL_BIT == 6 @@ -432,7 +432,7 @@ TIMEOUT_PUBLIC void timeouts_update(struct timeouts *T, abstime_t curtime) { * or can be replaced with a simpler operation. */ oslot = WHEEL_MASK & (T->curtime >> (wheel * WHEEL_BIT)); - pending = rotl(((UINT64_C(1) << _elapsed) - 1), oslot); + pending = rotl(((WHEEL_C(1) << _elapsed) - 1), oslot); nslot = WHEEL_MASK & (curtime >> (wheel * WHEEL_BIT)); pending |= rotr(rotl(((WHEEL_C(1) << _elapsed) - 1), nslot), (int)_elapsed); diff --git a/src/ext/tinytest.c b/src/ext/tinytest.c index a51cd6011a..16f11e4639 100644 --- a/src/ext/tinytest.c +++ b/src/ext/tinytest.c @@ -25,6 +25,7 @@ #ifdef TINYTEST_LOCAL #include "tinytest_local.h" #endif +#define TINYTEST_POSTFORK #include <stdio.h> #include <stdlib.h> @@ -118,6 +119,14 @@ testcase_run_bare_(const struct testcase_t *testcase) #ifndef NO_FORKING +#ifdef TINYTEST_POSTFORK +void tinytest_prefork(void); +void tinytest_postfork(void); +#else +static void tinytest_prefork(void) { } +static void tinytest_postfork(void) { } +#endif + static enum outcome testcase_run_forked_(const struct testgroup_t *group, const struct testcase_t *testcase) @@ -145,7 +154,7 @@ testcase_run_forked_(const struct testgroup_t *group, if (opt_verbosity>0) printf("[forking] "); - snprintf(buffer, sizeof(buffer), "%s --RUNNING-FORKED %s %s%s", + snprintf(buffer, sizeof(buffer), "\"%s\" --RUNNING-FORKED %s %s%s", commandname, verbosity_flag, group->prefix, testcase->name); memset(&si, 0, sizeof(si)); @@ -178,10 +187,12 @@ testcase_run_forked_(const struct testgroup_t *group, if (opt_verbosity>0) printf("[forking] "); + tinytest_prefork(); pid = fork(); #ifdef FORK_BREAKS_GCOV vproc_transaction_begin(0); #endif + tinytest_postfork(); if (!pid) { /* child. */ int test_r, write_r; diff --git a/src/ext/trunnel/trunnel-impl.h b/src/ext/trunnel/trunnel-impl.h index 3ffde6e09b..15d1c8633e 100644 --- a/src/ext/trunnel/trunnel-impl.h +++ b/src/ext/trunnel/trunnel-impl.h @@ -1,11 +1,11 @@ -/* trunnel-impl.h -- copied from Trunnel v1.4.6 +/* trunnel-impl.h -- copied from Trunnel v1.5.2 * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ /* trunnel-impl.h -- Implementation helpers for trunnel, included by * generated trunnel files * - * Copyright 2014-2015, The Tor Project, Inc. + * Copyright 2014-2019, The Tor Project, Inc. * See license at the end of this file for copying information. */ @@ -17,6 +17,7 @@ #include "trunnel.h" #include <assert.h> #include <string.h> +#include <stdlib.h> #if defined(_MSC_VER) && (_MSC_VER < 1600) #define uint8_t unsigned char diff --git a/src/ext/trunnel/trunnel.c b/src/ext/trunnel/trunnel.c index 3994422643..3ae3fe02c8 100644 --- a/src/ext/trunnel/trunnel.c +++ b/src/ext/trunnel/trunnel.c @@ -1,10 +1,10 @@ -/* trunnel.c -- copied from Trunnel v1.4.6 +/* trunnel.c -- copied from Trunnel v1.5.2 * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ /* trunnel.c -- Helper functions to implement trunnel. * - * Copyright 2014-2015, The Tor Project, Inc. + * Copyright 2014-2019, The Tor Project, Inc. * See license at the end of this file for copying information. * * See trunnel-impl.h for documentation of these functions. @@ -14,6 +14,10 @@ #include <stdlib.h> #include <string.h> +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif + #if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ # define IS_LITTLE_ENDIAN 1 @@ -31,7 +35,7 @@ # define IS_LITTLE_ENDIAN # endif #else -# if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +# if defined(__FreeBSD__) || defined(__NetBSD__) || defined(OpenBSD) # include <sys/endian.h> # else # include <endian.h> diff --git a/src/ext/trunnel/trunnel.h b/src/ext/trunnel/trunnel.h index 41068b8fb3..9b708437b8 100644 --- a/src/ext/trunnel/trunnel.h +++ b/src/ext/trunnel/trunnel.h @@ -1,11 +1,11 @@ -/* trunnel.h -- copied from Trunnel v1.4.6 +/* trunnel.h -- copied from Trunnel v1.5.2 * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ /* trunnel.h -- Public declarations for trunnel, to be included * in trunnel header files. - * Copyright 2014-2015, The Tor Project, Inc. + * Copyright 2014-2019, The Tor Project, Inc. * See license at the end of this file for copying information. */ |