crypto.h 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300
  1. /* Copyright (c) 2001, Matej Pfajfar.
  2. * Copyright (c) 2001-2004, Roger Dingledine.
  3. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  4. * Copyright (c) 2007-2015, The Tor Project, Inc. */
  5. /* See LICENSE for licensing information */
  6. /**
  7. * \file crypto.h
  8. *
  9. * \brief Headers for crypto.c
  10. **/
  11. #ifndef TOR_CRYPTO_H
  12. #define TOR_CRYPTO_H
  13. #include <stdio.h>
  14. #include "torint.h"
  15. #include "testsupport.h"
  16. /*
  17. Macro to create an arbitrary OpenSSL version number as used by
  18. OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard
  19. to read.
  20. Don't use this directly, instead use one of the other OPENSSL_V macros
  21. below.
  22. The format is: 4 bits major, 8 bits minor, 8 bits fix, 8 bits patch, 4 bit
  23. status.
  24. */
  25. #define OPENSSL_VER(a,b,c,d,e) \
  26. (((a)<<28) | \
  27. ((b)<<20) | \
  28. ((c)<<12) | \
  29. ((d)<< 4) | \
  30. (e))
  31. /** An openssl release number. For example, OPENSSL_V(0,9,8,'j') is the
  32. * version for the released version of 0.9.8j */
  33. #define OPENSSL_V(a,b,c,d) \
  34. OPENSSL_VER((a),(b),(c),(d)-'a'+1,0xf)
  35. /** An openssl release number for the first release in the series. For
  36. * example, OPENSSL_V_NOPATCH(1,0,0) is the first released version of OpenSSL
  37. * 1.0.0. */
  38. #define OPENSSL_V_NOPATCH(a,b,c) \
  39. OPENSSL_VER((a),(b),(c),0,0xf)
  40. /** The first version that would occur for any alpha or beta in an openssl
  41. * series. For example, OPENSSL_V_SERIES(0,9,8) is greater than any released
  42. * 0.9.7, and less than any released 0.9.8. */
  43. #define OPENSSL_V_SERIES(a,b,c) \
  44. OPENSSL_VER((a),(b),(c),0,0)
  45. /** Length of the output of our message digest. */
  46. #define DIGEST_LEN 20
  47. /** Length of the output of our second (improved) message digests. (For now
  48. * this is just sha256, but it could be any other 256-bit digest.) */
  49. #define DIGEST256_LEN 32
  50. /** Length of our symmetric cipher's keys. */
  51. #define CIPHER_KEY_LEN 16
  52. /** Length of our symmetric cipher's IV. */
  53. #define CIPHER_IV_LEN 16
  54. /** Length of our public keys. */
  55. #define PK_BYTES (1024/8)
  56. /** Length of our DH keys. */
  57. #define DH_BYTES (1024/8)
  58. /** Length of a sha1 message digest when encoded in base64 with trailing =
  59. * signs removed. */
  60. #define BASE64_DIGEST_LEN 27
  61. /** Length of a sha256 message digest when encoded in base64 with trailing =
  62. * signs removed. */
  63. #define BASE64_DIGEST256_LEN 43
  64. /** Constant used to indicate OAEP padding for public-key encryption */
  65. #define PK_PKCS1_OAEP_PADDING 60002
  66. /** Number of bytes added for PKCS1-OAEP padding. */
  67. #define PKCS1_OAEP_PADDING_OVERHEAD 42
  68. /** Length of encoded public key fingerprints, including space; but not
  69. * including terminating NUL. */
  70. #define FINGERPRINT_LEN 49
  71. /** Length of hex encoding of SHA1 digest, not including final NUL. */
  72. #define HEX_DIGEST_LEN 40
  73. /** Length of hex encoding of SHA256 digest, not including final NUL. */
  74. #define HEX_DIGEST256_LEN 64
  75. typedef enum {
  76. DIGEST_SHA1 = 0,
  77. DIGEST_SHA256 = 1,
  78. } digest_algorithm_t;
  79. #define N_DIGEST_ALGORITHMS (DIGEST_SHA256+1)
  80. #define digest_algorithm_bitfield_t ENUM_BF(digest_algorithm_t)
  81. /** A set of all the digests we know how to compute, taken on a single
  82. * string. Any digests that are shorter than 256 bits are right-padded
  83. * with 0 bits.
  84. *
  85. * Note that this representation wastes 12 bytes for the SHA1 case, so
  86. * don't use it for anything where we need to allocate a whole bunch at
  87. * once.
  88. **/
  89. typedef struct {
  90. char d[N_DIGEST_ALGORITHMS][DIGEST256_LEN];
  91. } digests_t;
  92. typedef struct crypto_pk_t crypto_pk_t;
  93. typedef struct crypto_cipher_t crypto_cipher_t;
  94. typedef struct crypto_digest_t crypto_digest_t;
  95. typedef struct crypto_dh_t crypto_dh_t;
  96. /* global state */
  97. const char * crypto_openssl_get_version_str(void);
  98. const char * crypto_openssl_get_header_version_str(void);
  99. int crypto_early_init(void);
  100. int crypto_global_init(int hardwareAccel,
  101. const char *accelName,
  102. const char *accelPath);
  103. void crypto_thread_cleanup(void);
  104. int crypto_global_cleanup(void);
  105. /* environment setup */
  106. crypto_pk_t *crypto_pk_new(void);
  107. void crypto_pk_free(crypto_pk_t *env);
  108. void crypto_set_tls_dh_prime(const char *dynamic_dh_modulus_fname);
  109. crypto_cipher_t *crypto_cipher_new(const char *key);
  110. crypto_cipher_t *crypto_cipher_new_with_iv(const char *key, const char *iv);
  111. void crypto_cipher_free(crypto_cipher_t *env);
  112. /* public key crypto */
  113. int crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits);
  114. #define crypto_pk_generate_key(env) \
  115. crypto_pk_generate_key_with_bits((env), (PK_BYTES*8))
  116. int crypto_pk_read_private_key_from_filename(crypto_pk_t *env,
  117. const char *keyfile);
  118. int crypto_pk_write_public_key_to_string(crypto_pk_t *env,
  119. char **dest, size_t *len);
  120. int crypto_pk_write_private_key_to_string(crypto_pk_t *env,
  121. char **dest, size_t *len);
  122. int crypto_pk_read_public_key_from_string(crypto_pk_t *env,
  123. const char *src, size_t len);
  124. int crypto_pk_read_private_key_from_string(crypto_pk_t *env,
  125. const char *s, ssize_t len);
  126. int crypto_pk_write_private_key_to_filename(crypto_pk_t *env,
  127. const char *fname);
  128. int crypto_pk_check_key(crypto_pk_t *env);
  129. int crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b);
  130. int crypto_pk_eq_keys(crypto_pk_t *a, crypto_pk_t *b);
  131. size_t crypto_pk_keysize(crypto_pk_t *env);
  132. int crypto_pk_num_bits(crypto_pk_t *env);
  133. crypto_pk_t *crypto_pk_dup_key(crypto_pk_t *orig);
  134. crypto_pk_t *crypto_pk_copy_full(crypto_pk_t *orig);
  135. int crypto_pk_key_is_private(const crypto_pk_t *key);
  136. int crypto_pk_public_exponent_ok(crypto_pk_t *env);
  137. int crypto_pk_public_encrypt(crypto_pk_t *env, char *to, size_t tolen,
  138. const char *from, size_t fromlen, int padding);
  139. int crypto_pk_private_decrypt(crypto_pk_t *env, char *to, size_t tolen,
  140. const char *from, size_t fromlen,
  141. int padding, int warnOnFailure);
  142. int crypto_pk_public_checksig(crypto_pk_t *env, char *to, size_t tolen,
  143. const char *from, size_t fromlen);
  144. int crypto_pk_public_checksig_digest(crypto_pk_t *env, const char *data,
  145. size_t datalen, const char *sig, size_t siglen);
  146. int crypto_pk_private_sign(crypto_pk_t *env, char *to, size_t tolen,
  147. const char *from, size_t fromlen);
  148. int crypto_pk_private_sign_digest(crypto_pk_t *env, char *to, size_t tolen,
  149. const char *from, size_t fromlen);
  150. int crypto_pk_public_hybrid_encrypt(crypto_pk_t *env, char *to,
  151. size_t tolen,
  152. const char *from, size_t fromlen,
  153. int padding, int force);
  154. int crypto_pk_private_hybrid_decrypt(crypto_pk_t *env, char *to,
  155. size_t tolen,
  156. const char *from, size_t fromlen,
  157. int padding, int warnOnFailure);
  158. int crypto_pk_asn1_encode(crypto_pk_t *pk, char *dest, size_t dest_len);
  159. crypto_pk_t *crypto_pk_asn1_decode(const char *str, size_t len);
  160. int crypto_pk_get_digest(const crypto_pk_t *pk, char *digest_out);
  161. int crypto_pk_get_all_digests(crypto_pk_t *pk, digests_t *digests_out);
  162. int crypto_pk_get_fingerprint(crypto_pk_t *pk, char *fp_out,int add_space);
  163. int crypto_pk_get_hashed_fingerprint(crypto_pk_t *pk, char *fp_out);
  164. /* symmetric crypto */
  165. const char *crypto_cipher_get_key(crypto_cipher_t *env);
  166. int crypto_cipher_encrypt(crypto_cipher_t *env, char *to,
  167. const char *from, size_t fromlen);
  168. int crypto_cipher_decrypt(crypto_cipher_t *env, char *to,
  169. const char *from, size_t fromlen);
  170. int crypto_cipher_crypt_inplace(crypto_cipher_t *env, char *d, size_t len);
  171. int crypto_cipher_encrypt_with_iv(const char *key,
  172. char *to, size_t tolen,
  173. const char *from, size_t fromlen);
  174. int crypto_cipher_decrypt_with_iv(const char *key,
  175. char *to, size_t tolen,
  176. const char *from, size_t fromlen);
  177. /* SHA-1 and other digests. */
  178. int crypto_digest(char *digest, const char *m, size_t len);
  179. int crypto_digest256(char *digest, const char *m, size_t len,
  180. digest_algorithm_t algorithm);
  181. int crypto_digest_all(digests_t *ds_out, const char *m, size_t len);
  182. struct smartlist_t;
  183. void crypto_digest_smartlist(char *digest_out, size_t len_out,
  184. const struct smartlist_t *lst, const char *append,
  185. digest_algorithm_t alg);
  186. const char *crypto_digest_algorithm_get_name(digest_algorithm_t alg);
  187. int crypto_digest_algorithm_parse_name(const char *name);
  188. crypto_digest_t *crypto_digest_new(void);
  189. crypto_digest_t *crypto_digest256_new(digest_algorithm_t algorithm);
  190. void crypto_digest_free(crypto_digest_t *digest);
  191. void crypto_digest_add_bytes(crypto_digest_t *digest, const char *data,
  192. size_t len);
  193. void crypto_digest_get_digest(crypto_digest_t *digest,
  194. char *out, size_t out_len);
  195. crypto_digest_t *crypto_digest_dup(const crypto_digest_t *digest);
  196. void crypto_digest_assign(crypto_digest_t *into,
  197. const crypto_digest_t *from);
  198. void crypto_hmac_sha256(char *hmac_out,
  199. const char *key, size_t key_len,
  200. const char *msg, size_t msg_len);
  201. /* Key negotiation */
  202. #define DH_TYPE_CIRCUIT 1
  203. #define DH_TYPE_REND 2
  204. #define DH_TYPE_TLS 3
  205. crypto_dh_t *crypto_dh_new(int dh_type);
  206. crypto_dh_t *crypto_dh_dup(const crypto_dh_t *dh);
  207. int crypto_dh_get_bytes(crypto_dh_t *dh);
  208. int crypto_dh_generate_public(crypto_dh_t *dh);
  209. int crypto_dh_get_public(crypto_dh_t *dh, char *pubkey_out,
  210. size_t pubkey_out_len);
  211. ssize_t crypto_dh_compute_secret(int severity, crypto_dh_t *dh,
  212. const char *pubkey, size_t pubkey_len,
  213. char *secret_out, size_t secret_out_len);
  214. void crypto_dh_free(crypto_dh_t *dh);
  215. int crypto_expand_key_material_TAP(const uint8_t *key_in,
  216. size_t key_in_len,
  217. uint8_t *key_out, size_t key_out_len);
  218. int crypto_expand_key_material_rfc5869_sha256(
  219. const uint8_t *key_in, size_t key_in_len,
  220. const uint8_t *salt_in, size_t salt_in_len,
  221. const uint8_t *info_in, size_t info_in_len,
  222. uint8_t *key_out, size_t key_out_len);
  223. /* random numbers */
  224. int crypto_seed_rng(int startup);
  225. MOCK_DECL(int,crypto_rand,(char *to, size_t n));
  226. int crypto_strongest_rand(uint8_t *out, size_t out_len);
  227. int crypto_rand_int(unsigned int max);
  228. uint64_t crypto_rand_uint64(uint64_t max);
  229. double crypto_rand_double(void);
  230. struct tor_weak_rng_t;
  231. void crypto_seed_weak_rng(struct tor_weak_rng_t *rng);
  232. int crypto_init_siphash_key(void);
  233. char *crypto_random_hostname(int min_rand_len, int max_rand_len,
  234. const char *prefix, const char *suffix);
  235. struct smartlist_t;
  236. void *smartlist_choose(const struct smartlist_t *sl);
  237. void smartlist_shuffle(struct smartlist_t *sl);
  238. int base64_encode(char *dest, size_t destlen, const char *src, size_t srclen);
  239. int base64_decode(char *dest, size_t destlen, const char *src, size_t srclen);
  240. /** Characters that can appear (case-insensitively) in a base32 encoding. */
  241. #define BASE32_CHARS "abcdefghijklmnopqrstuvwxyz234567"
  242. void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen);
  243. int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen);
  244. int digest_to_base64(char *d64, const char *digest);
  245. int digest_from_base64(char *digest, const char *d64);
  246. int digest256_to_base64(char *d64, const char *digest);
  247. int digest256_from_base64(char *digest, const char *d64);
  248. /** OpenSSL-based utility functions. */
  249. void memwipe(void *mem, uint8_t byte, size_t sz);
  250. /* Prototypes for private functions only used by tortls.c, crypto.c, and the
  251. * unit tests. */
  252. struct rsa_st;
  253. struct evp_pkey_st;
  254. struct dh_st;
  255. struct rsa_st *crypto_pk_get_rsa_(crypto_pk_t *env);
  256. crypto_pk_t *crypto_new_pk_from_rsa_(struct rsa_st *rsa);
  257. struct evp_pkey_st *crypto_pk_get_evp_pkey_(crypto_pk_t *env,
  258. int private);
  259. struct dh_st *crypto_dh_get_dh_(crypto_dh_t *dh);
  260. void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in);
  261. #endif