[or-cvs] Add helpful hybrid encryption functions
Nick Mathewson
nickm at seul.org
Thu Apr 1 03:08:37 UTC 2004
Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/tmp/cvs-serv11980/src/common
Modified Files:
crypto.c crypto.h
Log Message:
Add helpful hybrid encryption functions
Index: crypto.c
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -d -r1.62 -r1.63
--- crypto.c 31 Mar 2004 22:41:25 -0000 1.62
+++ crypto.c 1 Apr 2004 03:08:34 -0000 1.63
@@ -114,6 +114,17 @@
}
}
+static INLINE int
+crypto_get_rsa_padding_overhead(int padding) {
+ switch(padding)
+ {
+ case RSA_NO_PADDING: return 0;
+ case RSA_PKCS1_OAEP_PADDING: return 42;
+ case RSA_PKCS1_PADDING: return 11;
+ default: assert(0); return -1;
+ }
+}
+
static int _crypto_global_initialized = 0;
int crypto_global_init()
@@ -645,6 +656,118 @@
}
}
+/* Perform a hybrid (public/secret) encryption on 'fromlen' bytes of data
+ * from 'from', with padding type 'padding', storing the results on 'to'.
+ *
+ * If no padding is used, the public key must be at least as large as
+ * 'from'.
+ *
+ * Returns the number of bytes written on success, -1 on failure.
+ *
+ * The encrypted data consists of:
+ *
+ * The source data, padded and encrypted with the public key, if the
+ * padded source data is no longer than the public key.
+ * OR
+ * The beginning of the source data prefixed with a 16-symmetric key,
+ * padded and encrypted with the public key; followed by the rest of
+ * the source data encrypted in AES-CTR mode with the symmetric key.
+ */
+int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, unsigned char *from,
+ int fromlen, unsigned char *to,
+ int padding)
+{
+ int overhead, pkeylen, outlen, r, symlen;
+ crypto_cipher_env_t *cipher = NULL;
+ char buf[1024];
+
+ assert(env && from && to);
+
+ overhead = crypto_get_rsa_padding_overhead(padding);
+ pkeylen = crypto_pk_keysize(env);
+
+ if (padding == RSA_NO_PADDING && fromlen < pkeylen)
+ return -1;
+
+ if (fromlen+overhead <= pkeylen) {
+ /* It all fits in a single encrypt. */
+ return crypto_pk_public_encrypt(env,from,fromlen,to,padding);
+ }
+ cipher = crypto_new_cipher_env(CRYPTO_CIPHER_AES_CTR);
+ if (!cipher) return -1;
+ if (crypto_cipher_generate_key(cipher)<0)
+ goto err;
+ if (padding == RSA_NO_PADDING)
+ cipher->key[0] &= 0x7f;
+ if (crypto_cipher_encrypt_init_cipher(cipher)<0)
+ goto err;
+ memcpy(buf, cipher->key, 16);
+ memcpy(buf+16, from, pkeylen-overhead-16);
+
+ /* Length of symmetrically encrypted data. */
+ symlen = fromlen-(pkeylen-overhead-16);
+
+ outlen = crypto_pk_public_encrypt(env,buf,pkeylen-overhead,to,padding);
+ if (outlen!=pkeylen) {
+ goto err;
+ }
+ r = crypto_cipher_encrypt(cipher,
+ from+pkeylen-overhead-16, symlen,
+ to+outlen);
+
+ if (r<0) goto err;
+ memset(buf, 0, 1024);
+ crypto_free_cipher_env(cipher);
+ return outlen + symlen;
+ err:
+ memset(buf, 0, 1024);
+ if (cipher) crypto_free_cipher_env(cipher);
+ return -1;
+}
+
+/* Invert crypto_pk_public_hybrid_encrypt. */
+int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, unsigned char *from,
+ int fromlen, unsigned char *to,
+ int padding)
+{
+ int overhead, pkeylen, outlen, r;
+ crypto_cipher_env_t *cipher = NULL;
+ char buf[1024];
+
+ overhead = crypto_get_rsa_padding_overhead(padding);
+ pkeylen = crypto_pk_keysize(env);
+
+ if (fromlen <= pkeylen) {
+ return crypto_pk_private_decrypt(env,from,fromlen,to,padding);
+ }
+ outlen = crypto_pk_private_decrypt(env,from,pkeylen,buf,padding);
+ if (outlen<0) {
+ log_fn(LOG_WARN, "Error decrypting public-key data");
+ return -1;
+ }
+ if (outlen < 16) {
+ log_fn(LOG_WARN, "No room for a symmetric key");
+ return -1;
+ }
+ cipher = crypto_create_init_cipher(CRYPTO_CIPHER_AES_CTR, buf, "", 0);
+ if (!cipher) {
+ return -1;
+ }
+ memcpy(to,buf+16,outlen-16);
+ outlen -= 16;
+ r = crypto_cipher_decrypt(cipher, from+pkeylen, fromlen-pkeylen,
+ to+outlen);
+ if (r<0)
+ goto err;
+ memset(buf,0,1024);
+ crypto_free_cipher_env(cipher);
+ return outlen + (fromlen-pkeylen);
+ err:
+ memset(buf, 0, 1024);
+ if (cipher) crypto_free_cipher_env(cipher);
+ return -1;
+}
+
/* Encode the public portion of 'pk' into 'dest'. Return -1 on error,
* or the number of characters used on success.
*/
Index: crypto.h
===================================================================
RCS file: /home/or/cvsroot/src/common/crypto.h,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -d -r1.30 -r1.31
--- crypto.h 30 Mar 2004 19:47:32 -0000 1.30
+++ crypto.h 1 Apr 2004 03:08:35 -0000 1.31
@@ -59,6 +59,13 @@
int crypto_pk_private_decrypt(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to, int padding);
int crypto_pk_private_sign(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
int crypto_pk_public_checksig(crypto_pk_env_t *env, unsigned char *from, int fromlen, unsigned char *to);
+int crypto_pk_public_hybrid_encrypt(crypto_pk_env_t *env, unsigned char *from,
+ int fromlen, unsigned char *to,
+ int padding);
+int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env, unsigned char *from,
+ int fromlen, unsigned char *to,
+ int padding);
+
#define FINGERPRINT_LEN 49
int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, int dest_len);
crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, int len);
More information about the tor-commits
mailing list