vincenzopalazzo
/
rgb-cln
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Switched from openssl to sodium for test_onion

This commit is contained in:
Christian Decker 2016-07-29 15:48:40 +02:00 committed by Rusty Russell
parent 1f4a056009
commit e37bd38fdd
1 changed files with 25 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
test/test_onion.c
View File

@ -1,12 +1,10 @@
#define _GNU_SOURCE 1
#include "onion_key.h"
#include "version.h"
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <openssl/aes.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <err.h>
#include <stdbool.h>
#include <assert.h>
@ -20,6 +18,9 @@
#include <ccan/str/hex/hex.h>
#include <secp256k1.h>
#include <secp256k1_ecdh.h>
#include <sodium/crypto_stream_aes128ctr.h>
#include <sodium/crypto_auth_hmacsha256.h>
#include <sodium/utils.h>
/*
* The client knows the server's public key S (which has corresponding
@ -43,7 +44,7 @@ struct hmackey {
};
struct iv {
unsigned char iv[AES_BLOCK_SIZE];
unsigned char iv[crypto_stream_aes128ctr_NONCEBYTES];
};
static void sha_with_seed(const unsigned char secret[32],
@ -234,51 +235,13 @@ static struct hop *myhop(const struct onion *onion)
static bool aes_encrypt(void *dst, const void *src, size_t len,
const struct enckey *enckey, const struct iv *iv)
{
EVP_CIPHER_CTX evpctx;
int outlen;
/* Counter mode allows parallelism in future. */
if (EVP_EncryptInit(&evpctx, EVP_aes_128_ctr(),
memcheck(enckey->k.u.u8, sizeof(enckey->k)),
memcheck(iv->iv, sizeof(iv->iv))) != 1)
return false;
/* No padding, we're a multiple of 128 bits. */
if (EVP_CIPHER_CTX_set_padding(&evpctx, 0) != 1)
return false;
EVP_EncryptUpdate(&evpctx, dst, &outlen, memcheck(src, len), len);
assert(outlen == len);
/* Shouldn't happen (no padding) */
if (EVP_EncryptFinal(&evpctx, dst, &outlen) != 1)
return false;
assert(outlen == 0);
return true;
return crypto_stream_aes128ctr_xor(dst, src, len, iv->iv, enckey->k.u.u8) == 0;
}
static bool aes_decrypt(void *dst, const void *src, size_t len,
const struct enckey *enckey, const struct iv *iv)
{
EVP_CIPHER_CTX evpctx;
int outlen;
/* Counter mode allows parallelism in future. */
if (EVP_DecryptInit(&evpctx, EVP_aes_128_ctr(),
memcheck(enckey->k.u.u8, sizeof(enckey->k)),
memcheck(iv->iv, sizeof(iv->iv))) != 1)
return false;
/* No padding, we're a multiple of 128 bits. */
if (EVP_CIPHER_CTX_set_padding(&evpctx, 0) != 1)
return false;
EVP_DecryptUpdate(&evpctx, dst, &outlen, memcheck(src, len), len);
assert(outlen == len);
/* Shouldn't happen (no padding) */
if (EVP_DecryptFinal(&evpctx, dst, &outlen) != 1)
return false;
assert(outlen == 0);
return true;
return crypto_stream_aes128ctr_xor(dst, src, len, iv->iv, enckey->k.u.u8) == 0;
}
#if 0
@ -333,18 +296,14 @@ static void make_hmac(const struct hop *hops, size_t num_hops,
const struct hmackey *hmackey,
struct sha256 *hmac)
{
HMAC_CTX ctx;
size_t len, padlen;
/* Calculate HMAC of padding then onion up to and including pubkey. */
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx, memcheck(hmackey->k.u.u8, sizeof(hmackey->k)),
sizeof(hmackey->k), EVP_sha256(), NULL);
padlen = (MAX_HOPS - num_hops) * sizeof(struct hop);
HMAC_Update(&ctx, memcheck((unsigned char *)padding, padlen), padlen);
crypto_auth_hmacsha256_state state;
size_t len, padlen = (MAX_HOPS - num_hops) * sizeof(struct hop);
len = num_hops*sizeof(struct hop) - sizeof(hops->hmac);
HMAC_Update(&ctx, memcheck((unsigned char *)hops, len), len);
HMAC_Final(&ctx, hmac->u.u8, NULL);
crypto_auth_hmacsha256_init(&state, hmackey->k.u.u8, sizeof(hmackey->k));
crypto_auth_hmacsha256_update(&state, memcheck((unsigned char *)padding, padlen), padlen);
crypto_auth_hmacsha256_update(&state, memcheck((unsigned char *)hops, len), len);
crypto_auth_hmacsha256_update(&state, memcheck((unsigned char *)padding, padlen), padlen);
crypto_auth_hmacsha256_final(&state, hmac->u.u8);
}
#if 0
@ -370,7 +329,7 @@ static bool check_hmac(struct onion *onion, const struct hmackey *hmackey)
struct sha256 hmac;
make_hmac(onion->hop, MAX_HOPS, NULL, hmackey, &hmac);
return CRYPTO_memcmp(&hmac, &myhop(onion)->hmac, sizeof(hmac)) == 0;
return sodium_memcmp(&hmac, &myhop(onion)->hmac, sizeof(hmac)) == 0;
}
static bool create_onion(const secp256k1_pubkey pubkey[],
@ -385,7 +344,7 @@ static bool create_onion(const secp256k1_pubkey pubkey[],
struct hmackey hmackeys[MAX_HOPS];
struct iv ivs[MAX_HOPS];
struct iv pad_ivs[MAX_HOPS];
HMAC_CTX padding_hmac[MAX_HOPS];
crypto_auth_hmacsha256_state padding_hmac[MAX_HOPS];
struct hop padding[MAX_HOPS];
size_t junk_hops;
secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN);
@ -429,14 +388,13 @@ static bool create_onion(const secp256k1_pubkey pubkey[],
}
/* And generates more padding for next node. */
add_padding(&padding[0], &enckeys[i-1], &pad_ivs[i-1]);
HMAC_CTX_init(&padding_hmac[i]);
HMAC_Init_ex(&padding_hmac[i],
hmackeys[i].k.u.u8, sizeof(hmackeys[i].k),
EVP_sha256(), NULL);
HMAC_Update(&padding_hmac[i],
memcheck((unsigned char *)padding,
i * sizeof(struct hop)),
i * sizeof(struct hop));
crypto_auth_hmacsha256_init(&padding_hmac[i],
hmackeys[i].k.u.u8,
sizeof(hmackeys[i].k));
crypto_auth_hmacsha256_update(&padding_hmac[i],
memcheck((unsigned char *)padding,
i * sizeof(struct hop)),
i * sizeof(struct hop));
}
/*
@ -475,9 +433,9 @@ static bool create_onion(const secp256k1_pubkey pubkey[],
/* HMAC covers entire thing except hmac itself. */
len = (other_hops + 1)*sizeof(struct hop) - sizeof(myhop->hmac);
HMAC_Update(&padding_hmac[i],
crypto_auth_hmacsha256_update(&padding_hmac[i],
memcheck((unsigned char *)onion, len), len);
HMAC_Final(&padding_hmac[i], myhop->hmac.u.u8, NULL);
crypto_auth_hmacsha256_final(&padding_hmac[i], myhop->hmac.u.u8);
}
ok = true;
@ -612,8 +570,6 @@ int main(int argc, char *argv[])
struct onion onion;
bool generate = false, decode = false;
assert(EVP_CIPHER_iv_length(EVP_aes_128_ctr()) == sizeof(struct iv));
opt_register_noarg("--help|-h", opt_usage_and_exit,
"--generate <pubkey>... OR\n"
"--decode <privkey>\n"