* write the result to <b>to</b>, and return the number of bytes
* written. On failure, return -1.
*/
-int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding)
+int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding, int warnOnFailure)
{
int r;
tor_assert(env && from && to && env->key);
r = RSA_private_decrypt(fromlen, (unsigned char*)from, to, env->key,
crypto_get_rsa_padding(padding));
if (r<0) {
- crypto_log_errors(LOG_WARN, "performing RSA decryption");
+ crypto_log_errors(warnOnFailure?LOG_WARN:LOG_INFO,
+ "performing RSA decryption");
return -1;
}
return r;
int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
const unsigned char *from,
int fromlen, unsigned char *to,
- int padding)
+ int padding, int warnOnFailure)
{
int overhead, pkeylen, outlen, r;
crypto_cipher_env_t *cipher = NULL;
pkeylen = crypto_pk_keysize(env);
if (fromlen <= pkeylen) {
- return crypto_pk_private_decrypt(env,from,fromlen,to,padding);
+ return crypto_pk_private_decrypt(env,from,fromlen,to,padding,warnOnFailure);
}
- outlen = crypto_pk_private_decrypt(env,from,pkeylen,buf,padding);
+ outlen = crypto_pk_private_decrypt(env,from,pkeylen,buf,padding,warnOnFailure);
if (outlen<0) {
- /* this is only log-levelinfo, because when we're decrypting
- * onions, we try several keys to see which will work */
- log_fn(LOG_INFO, "Error decrypting public-key data");
+ log_fn(warnOnFailure?LOG_WARN:LOG_INFO, "Error decrypting public-key data");
return -1;
}
if (outlen < CIPHER_KEY_LEN) {
- log_fn(LOG_WARN, "No room for a symmetric key");
+ log_fn(warnOnFailure?LOG_WARN:LOG_INFO, "No room for a symmetric key");
return -1;
}
cipher = crypto_create_init_cipher(buf, 0);
int crypto_pk_keysize(crypto_pk_env_t *env);
int crypto_pk_public_encrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding);
-int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding);
+int crypto_pk_private_decrypt(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to, int padding, int warnOnFailure);
int crypto_pk_private_sign(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to);
int crypto_pk_private_sign_digest(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to);
int crypto_pk_public_checksig(crypto_pk_env_t *env, const unsigned char *from, int fromlen, unsigned char *to);
unsigned char *to, int padding, int force);
int crypto_pk_private_hybrid_decrypt(crypto_pk_env_t *env,
const unsigned char *from, int fromlen,
- unsigned char *to,int padding);
+ unsigned char *to,int padding,
+ int warnOnFailure);
int crypto_pk_asn1_encode(crypto_pk_env_t *pk, char *dest, int dest_len);
crypto_pk_env_t *crypto_pk_asn1_decode(const char *str, int len);
break;
len = crypto_pk_private_hybrid_decrypt(k,
onion_skin, ONIONSKIN_CHALLENGE_LEN,
- challenge, PK_PKCS1_OAEP_PADDING);
+ challenge, PK_PKCS1_OAEP_PADDING,0);
if (len>0)
break;
}
if (len<0) {
- log_fn(LOG_WARN, "Couldn't decrypt onionskin");
+ log_fn(LOG_WARN, "Couldn't decrypt onionskin: client may be using old onion key");
goto err;
} else if (len != DH_KEY_LEN) {
log_fn(LOG_WARN, "Unexpected onionskin length after decryption: %d",
/* Next N bytes is encrypted with service key */
len = crypto_pk_private_hybrid_decrypt(
service->private_key,request+DIGEST_LEN,request_len-DIGEST_LEN,buf,
- PK_PKCS1_OAEP_PADDING);
+ PK_PKCS1_OAEP_PADDING,1);
if (len<0) {
log_fn(LOG_WARN, "Couldn't decrypt INTRODUCE2 cell");
return -1;
/* oaep padding should make encryption not match */
test_memneq(data1, data2, 128);
test_eq(15, crypto_pk_private_decrypt(pk1, data1, 128, data3,
- PK_PKCS1_OAEP_PADDING));
+ PK_PKCS1_OAEP_PADDING,1));
test_streq(data3, "Hello whirled.");
memset(data3, 0, 1024);
test_eq(15, crypto_pk_private_decrypt(pk1, data2, 128, data3,
- PK_PKCS1_OAEP_PADDING));
+ PK_PKCS1_OAEP_PADDING,1));
test_streq(data3, "Hello whirled.");
/* Can't decrypt with public key. */
test_eq(-1, crypto_pk_private_decrypt(pk2, data2, 128, data3,
- PK_PKCS1_OAEP_PADDING));
+ PK_PKCS1_OAEP_PADDING,1));
/* Try again with bad padding */
memcpy(data2+1, "XYZZY", 5); /* This has fails ~ once-in-2^40 */
test_eq(-1, crypto_pk_private_decrypt(pk1, data2, 128, data3,
- PK_PKCS1_OAEP_PADDING));
+ PK_PKCS1_OAEP_PADDING,1));
/* File operations: save and load private key */
test_assert(! crypto_pk_write_private_key_to_filename(pk1,
test_assert(! crypto_pk_read_private_key_from_filename(pk2,
"/tmp/tor_test/pke1y"));
test_eq(15, crypto_pk_private_decrypt(pk2, data1, 128, data3,
- PK_PKCS1_OAEP_PADDING));
+ PK_PKCS1_OAEP_PADDING,1));
/* Now try signing. */
strcpy(data1, "Ossifrage");
(i==1)?PK_PKCS1_PADDING:PK_PKCS1_OAEP_PADDING;
len = crypto_pk_public_hybrid_encrypt(pk1,data1,j,data2,p,0);
test_assert(len>=0);
- len = crypto_pk_private_hybrid_decrypt(pk1,data2,len,data3,p);
+ len = crypto_pk_private_hybrid_decrypt(pk1,data2,len,data3,p,1);
test_eq(len,j);
test_memeq(data1,data3,j);
}
projects / thirdparty / tor.git / commitdiff
