From e37bd38fdd05a8cec188ce9db39a5ff8ace94c22 Mon Sep 17 00:00:00 2001 From: Christian Decker Date: Fri, 29 Jul 2016 15:48:40 +0200 Subject: [PATCH] Switched from openssl to sodium for test_onion --- test/test_onion.c | 94 +++++++++++++---------------------------------- 1 file changed, 25 insertions(+), 69 deletions(-) diff --git a/test/test_onion.c b/test/test_onion.c index 78f13a1a1..33c4a4162 100644 --- a/test/test_onion.c +++ b/test/test_onion.c @@ -1,12 +1,10 @@ #define _GNU_SOURCE 1 #include "onion_key.h" #include "version.h" -#include -#include -#include #include #include #include +#include #include #include #include @@ -20,6 +18,9 @@ #include #include #include +#include +#include +#include /* * The client knows the server's public key S (which has corresponding @@ -43,7 +44,7 @@ struct hmackey { }; struct iv { - unsigned char iv[AES_BLOCK_SIZE]; + unsigned char iv[crypto_stream_aes128ctr_NONCEBYTES]; }; static void sha_with_seed(const unsigned char secret[32], @@ -234,51 +235,13 @@ static struct hop *myhop(const struct onion *onion) static bool aes_encrypt(void *dst, const void *src, size_t len, const struct enckey *enckey, const struct iv *iv) { - EVP_CIPHER_CTX evpctx; - int outlen; - - /* Counter mode allows parallelism in future. */ - if (EVP_EncryptInit(&evpctx, EVP_aes_128_ctr(), - memcheck(enckey->k.u.u8, sizeof(enckey->k)), - memcheck(iv->iv, sizeof(iv->iv))) != 1) - return false; - - /* No padding, we're a multiple of 128 bits. */ - if (EVP_CIPHER_CTX_set_padding(&evpctx, 0) != 1) - return false; - - EVP_EncryptUpdate(&evpctx, dst, &outlen, memcheck(src, len), len); - assert(outlen == len); - /* Shouldn't happen (no padding) */ - if (EVP_EncryptFinal(&evpctx, dst, &outlen) != 1) - return false; - assert(outlen == 0); - return true; + return crypto_stream_aes128ctr_xor(dst, src, len, iv->iv, enckey->k.u.u8) == 0; } static bool aes_decrypt(void *dst, const void *src, size_t len, const struct enckey *enckey, const struct iv *iv) { - EVP_CIPHER_CTX evpctx; - int outlen; - - /* Counter mode allows parallelism in future. */ - if (EVP_DecryptInit(&evpctx, EVP_aes_128_ctr(), - memcheck(enckey->k.u.u8, sizeof(enckey->k)), - memcheck(iv->iv, sizeof(iv->iv))) != 1) - return false; - - /* No padding, we're a multiple of 128 bits. */ - if (EVP_CIPHER_CTX_set_padding(&evpctx, 0) != 1) - return false; - - EVP_DecryptUpdate(&evpctx, dst, &outlen, memcheck(src, len), len); - assert(outlen == len); - /* Shouldn't happen (no padding) */ - if (EVP_DecryptFinal(&evpctx, dst, &outlen) != 1) - return false; - assert(outlen == 0); - return true; + return crypto_stream_aes128ctr_xor(dst, src, len, iv->iv, enckey->k.u.u8) == 0; } #if 0 @@ -333,18 +296,14 @@ static void make_hmac(const struct hop *hops, size_t num_hops, const struct hmackey *hmackey, struct sha256 *hmac) { - HMAC_CTX ctx; - size_t len, padlen; - - /* Calculate HMAC of padding then onion up to and including pubkey. */ - HMAC_CTX_init(&ctx); - HMAC_Init_ex(&ctx, memcheck(hmackey->k.u.u8, sizeof(hmackey->k)), - sizeof(hmackey->k), EVP_sha256(), NULL); - padlen = (MAX_HOPS - num_hops) * sizeof(struct hop); - HMAC_Update(&ctx, memcheck((unsigned char *)padding, padlen), padlen); + crypto_auth_hmacsha256_state state; + size_t len, padlen = (MAX_HOPS - num_hops) * sizeof(struct hop); len = num_hops*sizeof(struct hop) - sizeof(hops->hmac); - HMAC_Update(&ctx, memcheck((unsigned char *)hops, len), len); - HMAC_Final(&ctx, hmac->u.u8, NULL); + crypto_auth_hmacsha256_init(&state, hmackey->k.u.u8, sizeof(hmackey->k)); + crypto_auth_hmacsha256_update(&state, memcheck((unsigned char *)padding, padlen), padlen); + crypto_auth_hmacsha256_update(&state, memcheck((unsigned char *)hops, len), len); + crypto_auth_hmacsha256_update(&state, memcheck((unsigned char *)padding, padlen), padlen); + crypto_auth_hmacsha256_final(&state, hmac->u.u8); } #if 0 @@ -370,7 +329,7 @@ static bool check_hmac(struct onion *onion, const struct hmackey *hmackey) struct sha256 hmac; make_hmac(onion->hop, MAX_HOPS, NULL, hmackey, &hmac); - return CRYPTO_memcmp(&hmac, &myhop(onion)->hmac, sizeof(hmac)) == 0; + return sodium_memcmp(&hmac, &myhop(onion)->hmac, sizeof(hmac)) == 0; } static bool create_onion(const secp256k1_pubkey pubkey[], @@ -385,7 +344,7 @@ static bool create_onion(const secp256k1_pubkey pubkey[], struct hmackey hmackeys[MAX_HOPS]; struct iv ivs[MAX_HOPS]; struct iv pad_ivs[MAX_HOPS]; - HMAC_CTX padding_hmac[MAX_HOPS]; + crypto_auth_hmacsha256_state padding_hmac[MAX_HOPS]; struct hop padding[MAX_HOPS]; size_t junk_hops; secp256k1_context *ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN); @@ -429,14 +388,13 @@ static bool create_onion(const secp256k1_pubkey pubkey[], } /* And generates more padding for next node. */ add_padding(&padding[0], &enckeys[i-1], &pad_ivs[i-1]); - HMAC_CTX_init(&padding_hmac[i]); - HMAC_Init_ex(&padding_hmac[i], - hmackeys[i].k.u.u8, sizeof(hmackeys[i].k), - EVP_sha256(), NULL); - HMAC_Update(&padding_hmac[i], - memcheck((unsigned char *)padding, - i * sizeof(struct hop)), - i * sizeof(struct hop)); + crypto_auth_hmacsha256_init(&padding_hmac[i], + hmackeys[i].k.u.u8, + sizeof(hmackeys[i].k)); + crypto_auth_hmacsha256_update(&padding_hmac[i], + memcheck((unsigned char *)padding, + i * sizeof(struct hop)), + i * sizeof(struct hop)); } /* @@ -475,9 +433,9 @@ static bool create_onion(const secp256k1_pubkey pubkey[], /* HMAC covers entire thing except hmac itself. */ len = (other_hops + 1)*sizeof(struct hop) - sizeof(myhop->hmac); - HMAC_Update(&padding_hmac[i], + crypto_auth_hmacsha256_update(&padding_hmac[i], memcheck((unsigned char *)onion, len), len); - HMAC_Final(&padding_hmac[i], myhop->hmac.u.u8, NULL); + crypto_auth_hmacsha256_final(&padding_hmac[i], myhop->hmac.u.u8); } ok = true; @@ -612,8 +570,6 @@ int main(int argc, char *argv[]) struct onion onion; bool generate = false, decode = false; - assert(EVP_CIPHER_iv_length(EVP_aes_128_ctr()) == sizeof(struct iv)); - opt_register_noarg("--help|-h", opt_usage_and_exit, "--generate ... OR\n" "--decode \n"