Merge remote-tracking branch 'public/split_relay_crypto'
This commit is contained in:
commit
c6d7e0becf
|
@ -56,6 +56,7 @@
|
|||
#include "onion_fast.h"
|
||||
#include "policies.h"
|
||||
#include "relay.h"
|
||||
#include "relay_crypto.h"
|
||||
#include "rendcommon.h"
|
||||
#include "rephist.h"
|
||||
#include "router.h"
|
||||
|
@ -1336,69 +1337,10 @@ circuit_init_cpath_crypto(crypt_path_t *cpath,
|
|||
const char *key_data, size_t key_data_len,
|
||||
int reverse, int is_hs_v3)
|
||||
{
|
||||
crypto_digest_t *tmp_digest;
|
||||
crypto_cipher_t *tmp_crypto;
|
||||
size_t digest_len = 0;
|
||||
size_t cipher_key_len = 0;
|
||||
|
||||
tor_assert(cpath);
|
||||
tor_assert(key_data);
|
||||
tor_assert(!(cpath->f_crypto || cpath->b_crypto ||
|
||||
cpath->f_digest || cpath->b_digest));
|
||||
|
||||
/* Basic key size validation */
|
||||
if (is_hs_v3 && BUG(key_data_len != HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN)) {
|
||||
return -1;
|
||||
} else if (!is_hs_v3 && BUG(key_data_len != CPATH_KEY_MATERIAL_LEN)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* If we are using this cpath for next gen onion services use SHA3-256,
|
||||
otherwise use good ol' SHA1 */
|
||||
if (is_hs_v3) {
|
||||
digest_len = DIGEST256_LEN;
|
||||
cipher_key_len = CIPHER256_KEY_LEN;
|
||||
cpath->f_digest = crypto_digest256_new(DIGEST_SHA3_256);
|
||||
cpath->b_digest = crypto_digest256_new(DIGEST_SHA3_256);
|
||||
} else {
|
||||
digest_len = DIGEST_LEN;
|
||||
cipher_key_len = CIPHER_KEY_LEN;
|
||||
cpath->f_digest = crypto_digest_new();
|
||||
cpath->b_digest = crypto_digest_new();
|
||||
}
|
||||
|
||||
tor_assert(digest_len != 0);
|
||||
tor_assert(cipher_key_len != 0);
|
||||
const int cipher_key_bits = (int) cipher_key_len * 8;
|
||||
|
||||
crypto_digest_add_bytes(cpath->f_digest, key_data, digest_len);
|
||||
crypto_digest_add_bytes(cpath->b_digest, key_data+digest_len, digest_len);
|
||||
|
||||
cpath->f_crypto = crypto_cipher_new_with_bits(key_data+(2*digest_len),
|
||||
cipher_key_bits);
|
||||
if (!cpath->f_crypto) {
|
||||
log_warn(LD_BUG,"Forward cipher initialization failed.");
|
||||
return -1;
|
||||
}
|
||||
|
||||
cpath->b_crypto = crypto_cipher_new_with_bits(
|
||||
key_data+(2*digest_len)+cipher_key_len,
|
||||
cipher_key_bits);
|
||||
if (!cpath->b_crypto) {
|
||||
log_warn(LD_BUG,"Backward cipher initialization failed.");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (reverse) {
|
||||
tmp_digest = cpath->f_digest;
|
||||
cpath->f_digest = cpath->b_digest;
|
||||
cpath->b_digest = tmp_digest;
|
||||
tmp_crypto = cpath->f_crypto;
|
||||
cpath->f_crypto = cpath->b_crypto;
|
||||
cpath->b_crypto = tmp_crypto;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return relay_crypto_init(&cpath->crypto, key_data, key_data_len, reverse,
|
||||
is_hs_v3);
|
||||
}
|
||||
|
||||
/** A "created" cell <b>reply</b> came back to us on circuit <b>circ</b>.
|
||||
|
@ -1521,7 +1463,6 @@ onionskin_answer(or_circuit_t *circ,
|
|||
const uint8_t *rend_circ_nonce)
|
||||
{
|
||||
cell_t cell;
|
||||
crypt_path_t *tmp_cpath;
|
||||
|
||||
tor_assert(keys_len == CPATH_KEY_MATERIAL_LEN);
|
||||
|
||||
|
@ -1532,25 +1473,15 @@ onionskin_answer(or_circuit_t *circ,
|
|||
}
|
||||
cell.circ_id = circ->p_circ_id;
|
||||
|
||||
tmp_cpath = tor_malloc_zero(sizeof(crypt_path_t));
|
||||
tmp_cpath->magic = CRYPT_PATH_MAGIC;
|
||||
|
||||
circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_OPEN);
|
||||
|
||||
log_debug(LD_CIRC,"init digest forward 0x%.8x, backward 0x%.8x.",
|
||||
(unsigned int)get_uint32(keys),
|
||||
(unsigned int)get_uint32(keys+20));
|
||||
if (circuit_init_cpath_crypto(tmp_cpath, keys, keys_len, 0, 0)<0) {
|
||||
if (relay_crypto_init(&circ->crypto, keys, keys_len, 0, 0)<0) {
|
||||
log_warn(LD_BUG,"Circuit initialization failed");
|
||||
tor_free(tmp_cpath);
|
||||
return -1;
|
||||
}
|
||||
circ->n_digest = tmp_cpath->f_digest;
|
||||
circ->n_crypto = tmp_cpath->f_crypto;
|
||||
circ->p_digest = tmp_cpath->b_digest;
|
||||
circ->p_crypto = tmp_cpath->b_crypto;
|
||||
tmp_cpath->magic = 0;
|
||||
tor_free(tmp_cpath);
|
||||
|
||||
memcpy(circ->rend_circ_nonce, rend_circ_nonce, DIGEST_LEN);
|
||||
|
||||
|
|
|
@ -76,6 +76,7 @@
|
|||
#include "onion_fast.h"
|
||||
#include "policies.h"
|
||||
#include "relay.h"
|
||||
#include "relay_crypto.h"
|
||||
#include "rendclient.h"
|
||||
#include "rendcommon.h"
|
||||
#include "rephist.h"
|
||||
|
@ -1082,10 +1083,7 @@ circuit_free_(circuit_t *circ)
|
|||
|
||||
should_free = (ocirc->workqueue_entry == NULL);
|
||||
|
||||
crypto_cipher_free(ocirc->p_crypto);
|
||||
crypto_digest_free(ocirc->p_digest);
|
||||
crypto_cipher_free(ocirc->n_crypto);
|
||||
crypto_digest_free(ocirc->n_digest);
|
||||
relay_crypto_clear(ô->crypto);
|
||||
|
||||
if (ocirc->rend_splice) {
|
||||
or_circuit_t *other = ocirc->rend_splice;
|
||||
|
@ -1225,10 +1223,7 @@ circuit_free_cpath_node(crypt_path_t *victim)
|
|||
if (!victim)
|
||||
return;
|
||||
|
||||
crypto_cipher_free(victim->f_crypto);
|
||||
crypto_cipher_free(victim->b_crypto);
|
||||
crypto_digest_free(victim->f_digest);
|
||||
crypto_digest_free(victim->b_digest);
|
||||
relay_crypto_clear(&victim->crypto);
|
||||
onion_handshake_state_release(&victim->handshake_state);
|
||||
crypto_dh_free(victim->rend_dh_handshake_state);
|
||||
extend_info_free(victim->extend_info);
|
||||
|
@ -2591,8 +2586,7 @@ assert_cpath_layer_ok(const crypt_path_t *cp)
|
|||
switch (cp->state)
|
||||
{
|
||||
case CPATH_STATE_OPEN:
|
||||
tor_assert(cp->f_crypto);
|
||||
tor_assert(cp->b_crypto);
|
||||
relay_crypto_assert_ok(&cp->crypto);
|
||||
/* fall through */
|
||||
case CPATH_STATE_CLOSED:
|
||||
/*XXXX Assert that there's no handshake_state either. */
|
||||
|
@ -2682,10 +2676,7 @@ assert_circuit_ok,(const circuit_t *c))
|
|||
c->state == CIRCUIT_STATE_GUARD_WAIT) {
|
||||
tor_assert(!c->n_chan_create_cell);
|
||||
if (or_circ) {
|
||||
tor_assert(or_circ->n_crypto);
|
||||
tor_assert(or_circ->p_crypto);
|
||||
tor_assert(or_circ->n_digest);
|
||||
tor_assert(or_circ->p_digest);
|
||||
relay_crypto_assert_ok(&or_circ->crypto);
|
||||
}
|
||||
}
|
||||
if (c->state == CIRCUIT_STATE_CHAN_WAIT && !c->marked_for_close) {
|
||||
|
|
|
@ -91,6 +91,7 @@ LIBTOR_A_SOURCES = \
|
|||
src/or/policies.c \
|
||||
src/or/reasons.c \
|
||||
src/or/relay.c \
|
||||
src/or/relay_crypto.c \
|
||||
src/or/rendcache.c \
|
||||
src/or/rendclient.c \
|
||||
src/or/rendcommon.c \
|
||||
|
@ -237,6 +238,7 @@ ORHEADERS = \
|
|||
src/or/proto_socks.h \
|
||||
src/or/reasons.h \
|
||||
src/or/relay.h \
|
||||
src/or/relay_crypto.h \
|
||||
src/or/rendcache.h \
|
||||
src/or/rendclient.h \
|
||||
src/or/rendcommon.h \
|
||||
|
|
34
src/or/or.h
34
src/or/or.h
|
@ -2899,11 +2899,7 @@ typedef struct {
|
|||
} u;
|
||||
} onion_handshake_state_t;
|
||||
|
||||
/** Holds accounting information for a single step in the layered encryption
|
||||
* performed by a circuit. Used only at the client edge of a circuit. */
|
||||
typedef struct crypt_path_t {
|
||||
uint32_t magic;
|
||||
|
||||
typedef struct relay_crypto_t {
|
||||
/* crypto environments */
|
||||
/** Encryption key and counter for cells heading towards the OR at this
|
||||
* step. */
|
||||
|
@ -2917,6 +2913,17 @@ typedef struct crypt_path_t {
|
|||
/** Digest state for cells heading away from the OR at this step. */
|
||||
crypto_digest_t *b_digest;
|
||||
|
||||
} relay_crypto_t;
|
||||
|
||||
/** Holds accounting information for a single step in the layered encryption
|
||||
* performed by a circuit. Used only at the client edge of a circuit. */
|
||||
typedef struct crypt_path_t {
|
||||
uint32_t magic;
|
||||
|
||||
/** Cryptographic state used for encrypting and authenticating relay
|
||||
* cells to and from this hop. */
|
||||
relay_crypto_t crypto;
|
||||
|
||||
/** Current state of the handshake as performed with the OR at this
|
||||
* step. */
|
||||
onion_handshake_state_t handshake_state;
|
||||
|
@ -3465,21 +3472,10 @@ typedef struct or_circuit_t {
|
|||
/** Linked list of Exit streams associated with this circuit that are
|
||||
* still being resolved. */
|
||||
edge_connection_t *resolving_streams;
|
||||
/** The cipher used by intermediate hops for cells heading toward the
|
||||
* OP. */
|
||||
crypto_cipher_t *p_crypto;
|
||||
/** The cipher used by intermediate hops for cells heading away from
|
||||
* the OP. */
|
||||
crypto_cipher_t *n_crypto;
|
||||
|
||||
/** The integrity-checking digest used by intermediate hops, for
|
||||
* cells packaged here and heading towards the OP.
|
||||
*/
|
||||
crypto_digest_t *p_digest;
|
||||
/** The integrity-checking digest used by intermediate hops, for
|
||||
* cells packaged at the OP and arriving here.
|
||||
*/
|
||||
crypto_digest_t *n_digest;
|
||||
/** Cryptographic state used for encrypting and authenticating relay
|
||||
* cells to and from this hop. */
|
||||
relay_crypto_t crypto;
|
||||
|
||||
/** Points to spliced circuit if purpose is REND_ESTABLISHED, and circuit
|
||||
* is not marked for close. */
|
||||
|
|
179
src/or/relay.c
179
src/or/relay.c
|
@ -70,6 +70,7 @@
|
|||
#include "policies.h"
|
||||
#include "reasons.h"
|
||||
#include "relay.h"
|
||||
#include "relay_crypto.h"
|
||||
#include "rendcache.h"
|
||||
#include "rendcommon.h"
|
||||
#include "router.h"
|
||||
|
@ -122,79 +123,6 @@ uint64_t stats_n_relay_cells_delivered = 0;
|
|||
/** Used to tell which stream to read from first on a circuit. */
|
||||
static tor_weak_rng_t stream_choice_rng = TOR_WEAK_RNG_INIT;
|
||||
|
||||
/** Update digest from the payload of cell. Assign integrity part to
|
||||
* cell.
|
||||
*/
|
||||
static void
|
||||
relay_set_digest(crypto_digest_t *digest, cell_t *cell)
|
||||
{
|
||||
char integrity[4];
|
||||
relay_header_t rh;
|
||||
|
||||
crypto_digest_add_bytes(digest, (char*)cell->payload, CELL_PAYLOAD_SIZE);
|
||||
crypto_digest_get_digest(digest, integrity, 4);
|
||||
// log_fn(LOG_DEBUG,"Putting digest of %u %u %u %u into relay cell.",
|
||||
// integrity[0], integrity[1], integrity[2], integrity[3]);
|
||||
relay_header_unpack(&rh, cell->payload);
|
||||
memcpy(rh.integrity, integrity, 4);
|
||||
relay_header_pack(cell->payload, &rh);
|
||||
}
|
||||
|
||||
/** Does the digest for this circuit indicate that this cell is for us?
|
||||
*
|
||||
* Update digest from the payload of cell (with the integrity part set
|
||||
* to 0). If the integrity part is valid, return 1, else restore digest
|
||||
* and cell to their original state and return 0.
|
||||
*/
|
||||
static int
|
||||
relay_digest_matches(crypto_digest_t *digest, cell_t *cell)
|
||||
{
|
||||
uint32_t received_integrity, calculated_integrity;
|
||||
relay_header_t rh;
|
||||
crypto_digest_checkpoint_t backup_digest;
|
||||
|
||||
crypto_digest_checkpoint(&backup_digest, digest);
|
||||
|
||||
relay_header_unpack(&rh, cell->payload);
|
||||
memcpy(&received_integrity, rh.integrity, 4);
|
||||
memset(rh.integrity, 0, 4);
|
||||
relay_header_pack(cell->payload, &rh);
|
||||
|
||||
// log_fn(LOG_DEBUG,"Reading digest of %u %u %u %u from relay cell.",
|
||||
// received_integrity[0], received_integrity[1],
|
||||
// received_integrity[2], received_integrity[3]);
|
||||
|
||||
crypto_digest_add_bytes(digest, (char*) cell->payload, CELL_PAYLOAD_SIZE);
|
||||
crypto_digest_get_digest(digest, (char*) &calculated_integrity, 4);
|
||||
|
||||
int rv = 1;
|
||||
|
||||
if (calculated_integrity != received_integrity) {
|
||||
// log_fn(LOG_INFO,"Recognized=0 but bad digest. Not recognizing.");
|
||||
// (%d vs %d).", received_integrity, calculated_integrity);
|
||||
/* restore digest to its old form */
|
||||
crypto_digest_restore(digest, &backup_digest);
|
||||
/* restore the relay header */
|
||||
memcpy(rh.integrity, &received_integrity, 4);
|
||||
relay_header_pack(cell->payload, &rh);
|
||||
rv = 0;
|
||||
}
|
||||
|
||||
memwipe(&backup_digest, 0, sizeof(backup_digest));
|
||||
return rv;
|
||||
}
|
||||
|
||||
/** Apply <b>cipher</b> to CELL_PAYLOAD_SIZE bytes of <b>in</b>
|
||||
* (in place).
|
||||
*
|
||||
* Note that we use the same operation for encrypting and for decrypting.
|
||||
*/
|
||||
static void
|
||||
relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in)
|
||||
{
|
||||
crypto_cipher_crypt_inplace(cipher, (char*) in, CELL_PAYLOAD_SIZE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Update channel usage state based on the type of relay cell and
|
||||
* circuit properties.
|
||||
|
@ -299,7 +227,8 @@ circuit_receive_relay_cell(cell_t *cell, circuit_t *circ,
|
|||
if (circ->marked_for_close)
|
||||
return 0;
|
||||
|
||||
if (relay_crypt(circ, cell, cell_direction, &layer_hint, &recognized) < 0) {
|
||||
if (relay_decrypt_cell(circ, cell, cell_direction, &layer_hint, &recognized)
|
||||
< 0) {
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
||||
"relay crypt failed. Dropping connection.");
|
||||
return -END_CIRC_REASON_INTERNAL;
|
||||
|
@ -404,87 +333,6 @@ circuit_receive_relay_cell(cell_t *cell, circuit_t *circ,
|
|||
return 0;
|
||||
}
|
||||
|
||||
/** Do the appropriate en/decryptions for <b>cell</b> arriving on
|
||||
* <b>circ</b> in direction <b>cell_direction</b>.
|
||||
*
|
||||
* If cell_direction == CELL_DIRECTION_IN:
|
||||
* - If we're at the origin (we're the OP), for hops 1..N,
|
||||
* decrypt cell. If recognized, stop.
|
||||
* - Else (we're not the OP), encrypt one hop. Cell is not recognized.
|
||||
*
|
||||
* If cell_direction == CELL_DIRECTION_OUT:
|
||||
* - decrypt one hop. Check if recognized.
|
||||
*
|
||||
* If cell is recognized, set *recognized to 1, and set
|
||||
* *layer_hint to the hop that recognized it.
|
||||
*
|
||||
* Return -1 to indicate that we should mark the circuit for close,
|
||||
* else return 0.
|
||||
*/
|
||||
int
|
||||
relay_crypt(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction,
|
||||
crypt_path_t **layer_hint, char *recognized)
|
||||
{
|
||||
relay_header_t rh;
|
||||
|
||||
tor_assert(circ);
|
||||
tor_assert(cell);
|
||||
tor_assert(recognized);
|
||||
tor_assert(cell_direction == CELL_DIRECTION_IN ||
|
||||
cell_direction == CELL_DIRECTION_OUT);
|
||||
|
||||
if (cell_direction == CELL_DIRECTION_IN) {
|
||||
if (CIRCUIT_IS_ORIGIN(circ)) { /* We're at the beginning of the circuit.
|
||||
* We'll want to do layered decrypts. */
|
||||
crypt_path_t *thishop, *cpath = TO_ORIGIN_CIRCUIT(circ)->cpath;
|
||||
thishop = cpath;
|
||||
if (thishop->state != CPATH_STATE_OPEN) {
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
||||
"Relay cell before first created cell? Closing.");
|
||||
return -1;
|
||||
}
|
||||
do { /* Remember: cpath is in forward order, that is, first hop first. */
|
||||
tor_assert(thishop);
|
||||
|
||||
/* decrypt one layer */
|
||||
relay_crypt_one_payload(thishop->b_crypto, cell->payload);
|
||||
|
||||
relay_header_unpack(&rh, cell->payload);
|
||||
if (rh.recognized == 0) {
|
||||
/* it's possibly recognized. have to check digest to be sure. */
|
||||
if (relay_digest_matches(thishop->b_digest, cell)) {
|
||||
*recognized = 1;
|
||||
*layer_hint = thishop;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
thishop = thishop->next;
|
||||
} while (thishop != cpath && thishop->state == CPATH_STATE_OPEN);
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
||||
"Incoming cell at client not recognized. Closing.");
|
||||
return -1;
|
||||
} else {
|
||||
/* We're in the middle. Encrypt one layer. */
|
||||
relay_crypt_one_payload(TO_OR_CIRCUIT(circ)->p_crypto, cell->payload);
|
||||
}
|
||||
} else /* cell_direction == CELL_DIRECTION_OUT */ {
|
||||
/* We're in the middle. Decrypt one layer. */
|
||||
|
||||
relay_crypt_one_payload(TO_OR_CIRCUIT(circ)->n_crypto, cell->payload);
|
||||
|
||||
relay_header_unpack(&rh, cell->payload);
|
||||
if (rh.recognized == 0) {
|
||||
/* it's possibly recognized. have to check digest to be sure. */
|
||||
if (relay_digest_matches(TO_OR_CIRCUIT(circ)->n_digest, cell)) {
|
||||
*recognized = 1;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/** Package a relay cell from an edge:
|
||||
* - Encrypt it to the right layer
|
||||
* - Append it to the appropriate cell_queue on <b>circ</b>.
|
||||
|
@ -503,7 +351,6 @@ circuit_package_relay_cell(cell_t *cell, circuit_t *circ,
|
|||
}
|
||||
|
||||
if (cell_direction == CELL_DIRECTION_OUT) {
|
||||
crypt_path_t *thishop; /* counter for repeated crypts */
|
||||
chan = circ->n_chan;
|
||||
if (!chan) {
|
||||
log_warn(LD_BUG,"outgoing relay cell sent from %s:%d has n_chan==NULL."
|
||||
|
@ -526,20 +373,8 @@ circuit_package_relay_cell(cell_t *cell, circuit_t *circ,
|
|||
return 0; /* just drop it */
|
||||
}
|
||||
|
||||
relay_set_digest(layer_hint->f_digest, cell);
|
||||
|
||||
thishop = layer_hint;
|
||||
/* moving from farthest to nearest hop */
|
||||
do {
|
||||
tor_assert(thishop);
|
||||
log_debug(LD_OR,"encrypting a layer of the relay cell.");
|
||||
relay_crypt_one_payload(thishop->f_crypto, cell->payload);
|
||||
|
||||
thishop = thishop->prev;
|
||||
} while (thishop != TO_ORIGIN_CIRCUIT(circ)->cpath->prev);
|
||||
|
||||
relay_encrypt_cell_outbound(cell, TO_ORIGIN_CIRCUIT(circ), layer_hint);
|
||||
} else { /* incoming cell */
|
||||
or_circuit_t *or_circ;
|
||||
if (CIRCUIT_IS_ORIGIN(circ)) {
|
||||
/* We should never package an _incoming_ cell from the circuit
|
||||
* origin; that means we messed up somewhere. */
|
||||
|
@ -547,11 +382,9 @@ circuit_package_relay_cell(cell_t *cell, circuit_t *circ,
|
|||
assert_circuit_ok(circ);
|
||||
return 0; /* just drop it */
|
||||
}
|
||||
or_circ = TO_OR_CIRCUIT(circ);
|
||||
or_circuit_t *or_circ = TO_OR_CIRCUIT(circ);
|
||||
relay_encrypt_cell_inbound(cell, or_circ);
|
||||
chan = or_circ->p_chan;
|
||||
relay_set_digest(or_circ->p_digest, cell);
|
||||
/* encrypt one layer */
|
||||
relay_crypt_one_payload(or_circ->p_crypto, cell->payload);
|
||||
}
|
||||
++stats_n_relay_cells_relayed;
|
||||
|
||||
|
|
|
@ -89,9 +89,6 @@ void circuit_clear_cell_queue(circuit_t *circ, channel_t *chan);
|
|||
|
||||
void stream_choice_seed_weak_rng(void);
|
||||
|
||||
int relay_crypt(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction,
|
||||
crypt_path_t **layer_hint, char *recognized);
|
||||
|
||||
circid_t packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids);
|
||||
|
||||
#ifdef RELAY_PRIVATE
|
||||
|
|
|
@ -0,0 +1,326 @@
|
|||
/* Copyright (c) 2001 Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2018, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#include "or.h"
|
||||
#include "config.h"
|
||||
#include "hs_ntor.h" // for HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN
|
||||
#include "relay_crypto.h"
|
||||
#include "relay.h"
|
||||
|
||||
/** Update digest from the payload of cell. Assign integrity part to
|
||||
* cell.
|
||||
*/
|
||||
static void
|
||||
relay_set_digest(crypto_digest_t *digest, cell_t *cell)
|
||||
{
|
||||
char integrity[4];
|
||||
relay_header_t rh;
|
||||
|
||||
crypto_digest_add_bytes(digest, (char*)cell->payload, CELL_PAYLOAD_SIZE);
|
||||
crypto_digest_get_digest(digest, integrity, 4);
|
||||
// log_fn(LOG_DEBUG,"Putting digest of %u %u %u %u into relay cell.",
|
||||
// integrity[0], integrity[1], integrity[2], integrity[3]);
|
||||
relay_header_unpack(&rh, cell->payload);
|
||||
memcpy(rh.integrity, integrity, 4);
|
||||
relay_header_pack(cell->payload, &rh);
|
||||
}
|
||||
|
||||
/** Does the digest for this circuit indicate that this cell is for us?
|
||||
*
|
||||
* Update digest from the payload of cell (with the integrity part set
|
||||
* to 0). If the integrity part is valid, return 1, else restore digest
|
||||
* and cell to their original state and return 0.
|
||||
*/
|
||||
static int
|
||||
relay_digest_matches(crypto_digest_t *digest, cell_t *cell)
|
||||
{
|
||||
uint32_t received_integrity, calculated_integrity;
|
||||
relay_header_t rh;
|
||||
crypto_digest_checkpoint_t backup_digest;
|
||||
|
||||
crypto_digest_checkpoint(&backup_digest, digest);
|
||||
|
||||
relay_header_unpack(&rh, cell->payload);
|
||||
memcpy(&received_integrity, rh.integrity, 4);
|
||||
memset(rh.integrity, 0, 4);
|
||||
relay_header_pack(cell->payload, &rh);
|
||||
|
||||
// log_fn(LOG_DEBUG,"Reading digest of %u %u %u %u from relay cell.",
|
||||
// received_integrity[0], received_integrity[1],
|
||||
// received_integrity[2], received_integrity[3]);
|
||||
|
||||
crypto_digest_add_bytes(digest, (char*) cell->payload, CELL_PAYLOAD_SIZE);
|
||||
crypto_digest_get_digest(digest, (char*) &calculated_integrity, 4);
|
||||
|
||||
int rv = 1;
|
||||
|
||||
if (calculated_integrity != received_integrity) {
|
||||
// log_fn(LOG_INFO,"Recognized=0 but bad digest. Not recognizing.");
|
||||
// (%d vs %d).", received_integrity, calculated_integrity);
|
||||
/* restore digest to its old form */
|
||||
crypto_digest_restore(digest, &backup_digest);
|
||||
/* restore the relay header */
|
||||
memcpy(rh.integrity, &received_integrity, 4);
|
||||
relay_header_pack(cell->payload, &rh);
|
||||
rv = 0;
|
||||
}
|
||||
|
||||
memwipe(&backup_digest, 0, sizeof(backup_digest));
|
||||
return rv;
|
||||
}
|
||||
|
||||
/** Apply <b>cipher</b> to CELL_PAYLOAD_SIZE bytes of <b>in</b>
|
||||
* (in place).
|
||||
*
|
||||
* Note that we use the same operation for encrypting and for decrypting.
|
||||
*/
|
||||
static void
|
||||
relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in)
|
||||
{
|
||||
crypto_cipher_crypt_inplace(cipher, (char*) in, CELL_PAYLOAD_SIZE);
|
||||
}
|
||||
|
||||
/** Do the appropriate en/decryptions for <b>cell</b> arriving on
|
||||
* <b>circ</b> in direction <b>cell_direction</b>.
|
||||
*
|
||||
* If cell_direction == CELL_DIRECTION_IN:
|
||||
* - If we're at the origin (we're the OP), for hops 1..N,
|
||||
* decrypt cell. If recognized, stop.
|
||||
* - Else (we're not the OP), encrypt one hop. Cell is not recognized.
|
||||
*
|
||||
* If cell_direction == CELL_DIRECTION_OUT:
|
||||
* - decrypt one hop. Check if recognized.
|
||||
*
|
||||
* If cell is recognized, set *recognized to 1, and set
|
||||
* *layer_hint to the hop that recognized it.
|
||||
*
|
||||
* Return -1 to indicate that we should mark the circuit for close,
|
||||
* else return 0.
|
||||
*/
|
||||
int
|
||||
relay_decrypt_cell(circuit_t *circ, cell_t *cell,
|
||||
cell_direction_t cell_direction,
|
||||
crypt_path_t **layer_hint, char *recognized)
|
||||
{
|
||||
relay_header_t rh;
|
||||
|
||||
tor_assert(circ);
|
||||
tor_assert(cell);
|
||||
tor_assert(recognized);
|
||||
tor_assert(cell_direction == CELL_DIRECTION_IN ||
|
||||
cell_direction == CELL_DIRECTION_OUT);
|
||||
|
||||
if (cell_direction == CELL_DIRECTION_IN) {
|
||||
if (CIRCUIT_IS_ORIGIN(circ)) { /* We're at the beginning of the circuit.
|
||||
* We'll want to do layered decrypts. */
|
||||
crypt_path_t *thishop, *cpath = TO_ORIGIN_CIRCUIT(circ)->cpath;
|
||||
thishop = cpath;
|
||||
if (thishop->state != CPATH_STATE_OPEN) {
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
|
||||
"Relay cell before first created cell? Closing.");
|
||||
return -1;
|
||||
}
|
||||
do { /* Remember: cpath is in forward order, that is, first hop first. */
|
||||
tor_assert(thishop);
|
||||
|
||||
/* decrypt one layer */
|
||||
relay_crypt_one_payload(thishop->crypto.b_crypto, cell->payload);
|
||||
|
||||
relay_header_unpack(&rh, cell->payload);
|
||||
if (rh.recognized == 0) {
|
||||
/* it's possibly recognized. have to check digest to be sure. */
|
||||
if (relay_digest_matches(thishop->crypto.b_digest, cell)) {
|
||||
*recognized = 1;
|
||||
*layer_hint = thishop;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
thishop = thishop->next;
|
||||
} while (thishop != cpath && thishop->state == CPATH_STATE_OPEN);
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
||||
"Incoming cell at client not recognized. Closing.");
|
||||
return -1;
|
||||
} else {
|
||||
relay_crypto_t *crypto = &TO_OR_CIRCUIT(circ)->crypto;
|
||||
/* We're in the middle. Encrypt one layer. */
|
||||
relay_crypt_one_payload(crypto->b_crypto, cell->payload);
|
||||
}
|
||||
} else /* cell_direction == CELL_DIRECTION_OUT */ {
|
||||
/* We're in the middle. Decrypt one layer. */
|
||||
relay_crypto_t *crypto = &TO_OR_CIRCUIT(circ)->crypto;
|
||||
|
||||
relay_crypt_one_payload(crypto->f_crypto, cell->payload);
|
||||
|
||||
relay_header_unpack(&rh, cell->payload);
|
||||
if (rh.recognized == 0) {
|
||||
/* it's possibly recognized. have to check digest to be sure. */
|
||||
if (relay_digest_matches(crypto->f_digest, cell)) {
|
||||
*recognized = 1;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypt a cell <b>cell</b> that we are creating, and sending outbound on
|
||||
* <b>circ</b> until the hop corresponding to <b>layer_hint</b>.
|
||||
*
|
||||
* The integrity field and recognized field of <b>cell</b>'s relay headers
|
||||
* must be set to zero.
|
||||
*/
|
||||
void
|
||||
relay_encrypt_cell_outbound(cell_t *cell,
|
||||
origin_circuit_t *circ,
|
||||
crypt_path_t *layer_hint)
|
||||
{
|
||||
crypt_path_t *thishop; /* counter for repeated crypts */
|
||||
relay_set_digest(layer_hint->crypto.f_digest, cell);
|
||||
|
||||
thishop = layer_hint;
|
||||
/* moving from farthest to nearest hop */
|
||||
do {
|
||||
tor_assert(thishop);
|
||||
log_debug(LD_OR,"encrypting a layer of the relay cell.");
|
||||
relay_crypt_one_payload(thishop->crypto.f_crypto, cell->payload);
|
||||
|
||||
thishop = thishop->prev;
|
||||
} while (thishop != circ->cpath->prev);
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypt a cell <b>cell</b> that we are creating, and sending on
|
||||
* <b>circuit</b> to the origin.
|
||||
*
|
||||
* The integrity field and recognized field of <b>cell</b>'s relay headers
|
||||
* must be set to zero.
|
||||
*/
|
||||
void
|
||||
relay_encrypt_cell_inbound(cell_t *cell,
|
||||
or_circuit_t *or_circ)
|
||||
{
|
||||
relay_set_digest(or_circ->crypto.b_digest, cell);
|
||||
/* encrypt one layer */
|
||||
relay_crypt_one_payload(or_circ->crypto.b_crypto, cell->payload);
|
||||
}
|
||||
|
||||
/**
|
||||
* Release all storage held inside <b>crypto</b>, but do not free
|
||||
* <b>crypto</b> itself: it lives inside another object.
|
||||
*/
|
||||
void
|
||||
relay_crypto_clear(relay_crypto_t *crypto)
|
||||
{
|
||||
if (BUG(!crypto))
|
||||
return;
|
||||
crypto_cipher_free(crypto->f_crypto);
|
||||
crypto_cipher_free(crypto->b_crypto);
|
||||
crypto_digest_free(crypto->f_digest);
|
||||
crypto_digest_free(crypto->b_digest);
|
||||
}
|
||||
|
||||
/** Initialize <b>crypto</b> from the key material in key_data.
|
||||
*
|
||||
* If <b>is_hs_v3</b> is set, this cpath will be used for next gen hidden
|
||||
* service circuits and <b>key_data</b> must be at least
|
||||
* HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN bytes in length.
|
||||
*
|
||||
* If <b>is_hs_v3</b> is not set, key_data must contain CPATH_KEY_MATERIAL_LEN
|
||||
* bytes, which are used as follows:
|
||||
* - 20 to initialize f_digest
|
||||
* - 20 to initialize b_digest
|
||||
* - 16 to key f_crypto
|
||||
* - 16 to key b_crypto
|
||||
*
|
||||
* (If 'reverse' is true, then f_XX and b_XX are swapped.)
|
||||
*
|
||||
* Return 0 if init was successful, else -1 if it failed.
|
||||
*/
|
||||
int
|
||||
relay_crypto_init(relay_crypto_t *crypto,
|
||||
const char *key_data, size_t key_data_len,
|
||||
int reverse, int is_hs_v3)
|
||||
{
|
||||
crypto_digest_t *tmp_digest;
|
||||
crypto_cipher_t *tmp_crypto;
|
||||
size_t digest_len = 0;
|
||||
size_t cipher_key_len = 0;
|
||||
|
||||
tor_assert(crypto);
|
||||
tor_assert(key_data);
|
||||
tor_assert(!(crypto->f_crypto || crypto->b_crypto ||
|
||||
crypto->f_digest || crypto->b_digest));
|
||||
|
||||
/* Basic key size validation */
|
||||
if (is_hs_v3 && BUG(key_data_len != HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN)) {
|
||||
goto err;
|
||||
} else if (!is_hs_v3 && BUG(key_data_len != CPATH_KEY_MATERIAL_LEN)) {
|
||||
goto err;
|
||||
}
|
||||
|
||||
/* If we are using this crypto for next gen onion services use SHA3-256,
|
||||
otherwise use good ol' SHA1 */
|
||||
if (is_hs_v3) {
|
||||
digest_len = DIGEST256_LEN;
|
||||
cipher_key_len = CIPHER256_KEY_LEN;
|
||||
crypto->f_digest = crypto_digest256_new(DIGEST_SHA3_256);
|
||||
crypto->b_digest = crypto_digest256_new(DIGEST_SHA3_256);
|
||||
} else {
|
||||
digest_len = DIGEST_LEN;
|
||||
cipher_key_len = CIPHER_KEY_LEN;
|
||||
crypto->f_digest = crypto_digest_new();
|
||||
crypto->b_digest = crypto_digest_new();
|
||||
}
|
||||
|
||||
tor_assert(digest_len != 0);
|
||||
tor_assert(cipher_key_len != 0);
|
||||
const int cipher_key_bits = (int) cipher_key_len * 8;
|
||||
|
||||
crypto_digest_add_bytes(crypto->f_digest, key_data, digest_len);
|
||||
crypto_digest_add_bytes(crypto->b_digest, key_data+digest_len, digest_len);
|
||||
|
||||
crypto->f_crypto = crypto_cipher_new_with_bits(key_data+(2*digest_len),
|
||||
cipher_key_bits);
|
||||
if (!crypto->f_crypto) {
|
||||
log_warn(LD_BUG,"Forward cipher initialization failed.");
|
||||
goto err;
|
||||
}
|
||||
|
||||
crypto->b_crypto = crypto_cipher_new_with_bits(
|
||||
key_data+(2*digest_len)+cipher_key_len,
|
||||
cipher_key_bits);
|
||||
if (!crypto->b_crypto) {
|
||||
log_warn(LD_BUG,"Backward cipher initialization failed.");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (reverse) {
|
||||
tmp_digest = crypto->f_digest;
|
||||
crypto->f_digest = crypto->b_digest;
|
||||
crypto->b_digest = tmp_digest;
|
||||
tmp_crypto = crypto->f_crypto;
|
||||
crypto->f_crypto = crypto->b_crypto;
|
||||
crypto->b_crypto = tmp_crypto;
|
||||
}
|
||||
|
||||
return 0;
|
||||
err:
|
||||
relay_crypto_clear(crypto);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/** Assert that <b>crypto</b> is valid and set. */
|
||||
void
|
||||
relay_crypto_assert_ok(const relay_crypto_t *crypto)
|
||||
{
|
||||
tor_assert(crypto->f_crypto);
|
||||
tor_assert(crypto->b_crypto);
|
||||
tor_assert(crypto->f_digest);
|
||||
tor_assert(crypto->b_digest);
|
||||
}
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
/* Copyright (c) 2001 Matej Pfajfar.
|
||||
* Copyright (c) 2001-2004, Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2017, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
/**
|
||||
* \file relay.h
|
||||
* \brief Header file for relay.c.
|
||||
**/
|
||||
|
||||
#ifndef TOR_RELAY_CRYPTO_H
|
||||
#define TOR_RELAY_CRYPTO_H
|
||||
|
||||
int relay_crypto_init(relay_crypto_t *crypto,
|
||||
const char *key_data, size_t key_data_len,
|
||||
int reverse, int is_hs_v3);
|
||||
|
||||
int relay_decrypt_cell(circuit_t *circ, cell_t *cell,
|
||||
cell_direction_t cell_direction,
|
||||
crypt_path_t **layer_hint, char *recognized);
|
||||
void relay_encrypt_cell_outbound(cell_t *cell, origin_circuit_t *or_circ,
|
||||
crypt_path_t *layer_hint);
|
||||
void relay_encrypt_cell_inbound(cell_t *cell, or_circuit_t *or_circ);
|
||||
|
||||
void relay_crypto_clear(relay_crypto_t *crypto);
|
||||
|
||||
void relay_crypto_assert_ok(const relay_crypto_t *crypto);
|
||||
|
||||
#endif /* !defined(TOR_RELAY_CRYPTO_H) */
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
#include "or.h"
|
||||
#include "onion_tap.h"
|
||||
#include "relay.h"
|
||||
#include "relay_crypto.h"
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/ec.h>
|
||||
|
@ -505,10 +505,10 @@ bench_cell_ops(void)
|
|||
char key1[CIPHER_KEY_LEN], key2[CIPHER_KEY_LEN];
|
||||
crypto_rand(key1, sizeof(key1));
|
||||
crypto_rand(key2, sizeof(key2));
|
||||
or_circ->p_crypto = crypto_cipher_new(key1);
|
||||
or_circ->n_crypto = crypto_cipher_new(key2);
|
||||
or_circ->p_digest = crypto_digest_new();
|
||||
or_circ->n_digest = crypto_digest_new();
|
||||
or_circ->crypto.f_crypto = crypto_cipher_new(key1);
|
||||
or_circ->crypto.b_crypto = crypto_cipher_new(key2);
|
||||
or_circ->crypto.f_digest = crypto_digest_new();
|
||||
or_circ->crypto.b_digest = crypto_digest_new();
|
||||
|
||||
reset_perftime();
|
||||
|
||||
|
@ -518,7 +518,8 @@ bench_cell_ops(void)
|
|||
for (i = 0; i < iters; ++i) {
|
||||
char recognized = 0;
|
||||
crypt_path_t *layer_hint = NULL;
|
||||
relay_crypt(TO_CIRCUIT(or_circ), cell, d, &layer_hint, &recognized);
|
||||
relay_decrypt_cell(TO_CIRCUIT(or_circ), cell, d,
|
||||
&layer_hint, &recognized);
|
||||
}
|
||||
end = perftime();
|
||||
printf("%sbound cells: %.2f ns per cell. (%.2f ns per byte of payload)\n",
|
||||
|
@ -527,10 +528,7 @@ bench_cell_ops(void)
|
|||
NANOCOUNT(start,end,iters*CELL_PAYLOAD_SIZE));
|
||||
}
|
||||
|
||||
crypto_digest_free(or_circ->p_digest);
|
||||
crypto_digest_free(or_circ->n_digest);
|
||||
crypto_cipher_free(or_circ->p_crypto);
|
||||
crypto_cipher_free(or_circ->n_crypto);
|
||||
relay_crypto_clear(&or_circ->crypto);
|
||||
tor_free(or_circ);
|
||||
tor_free(cell);
|
||||
}
|
||||
|
|
|
@ -151,6 +151,7 @@ src_test_test_SOURCES = \
|
|||
src/test/test_pubsub.c \
|
||||
src/test/test_relay.c \
|
||||
src/test/test_relaycell.c \
|
||||
src/test/test_relaycrypt.c \
|
||||
src/test/test_rendcache.c \
|
||||
src/test/test_replay.c \
|
||||
src/test/test_router.c \
|
||||
|
|
|
@ -869,6 +869,7 @@ struct testgroup_t testgroups[] = {
|
|||
{ "pt/", pt_tests },
|
||||
{ "relay/" , relay_tests },
|
||||
{ "relaycell/", relaycell_tests },
|
||||
{ "relaycrypt/", relaycrypt_tests },
|
||||
{ "rend_cache/", rend_cache_tests },
|
||||
{ "replaycache/", replaycache_tests },
|
||||
{ "router/", router_tests },
|
||||
|
|
|
@ -238,6 +238,7 @@ extern struct testcase_t pubsub_tests[];
|
|||
extern struct testcase_t pt_tests[];
|
||||
extern struct testcase_t relay_tests[];
|
||||
extern struct testcase_t relaycell_tests[];
|
||||
extern struct testcase_t relaycrypt_tests[];
|
||||
extern struct testcase_t rend_cache_tests[];
|
||||
extern struct testcase_t replaycache_tests[];
|
||||
extern struct testcase_t router_tests[];
|
||||
|
|
|
@ -213,12 +213,12 @@ test_e2e_rend_circuit_setup_legacy(void *arg)
|
|||
tt_int_op(retval, OP_EQ, 1);
|
||||
|
||||
/* Check the digest algo */
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->f_digest),
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.f_digest),
|
||||
OP_EQ, DIGEST_SHA1);
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->b_digest),
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.b_digest),
|
||||
OP_EQ, DIGEST_SHA1);
|
||||
tt_assert(or_circ->cpath->f_crypto);
|
||||
tt_assert(or_circ->cpath->b_crypto);
|
||||
tt_assert(or_circ->cpath->crypto.f_crypto);
|
||||
tt_assert(or_circ->cpath->crypto.b_crypto);
|
||||
|
||||
/* Ensure that circ purpose was changed */
|
||||
tt_int_op(or_circ->base_.purpose, OP_EQ, CIRCUIT_PURPOSE_C_REND_JOINED);
|
||||
|
@ -283,12 +283,12 @@ test_e2e_rend_circuit_setup(void *arg)
|
|||
tt_int_op(retval, OP_EQ, 1);
|
||||
|
||||
/* Check that the crypt path has prop224 algorithm parameters */
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->f_digest),
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.f_digest),
|
||||
OP_EQ, DIGEST_SHA3_256);
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->b_digest),
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.b_digest),
|
||||
OP_EQ, DIGEST_SHA3_256);
|
||||
tt_assert(or_circ->cpath->f_crypto);
|
||||
tt_assert(or_circ->cpath->b_crypto);
|
||||
tt_assert(or_circ->cpath->crypto.f_crypto);
|
||||
tt_assert(or_circ->cpath->crypto.b_crypto);
|
||||
|
||||
/* Ensure that circ purpose was changed */
|
||||
tt_int_op(or_circ->base_.purpose, OP_EQ, CIRCUIT_PURPOSE_C_REND_JOINED);
|
||||
|
|
|
@ -173,12 +173,12 @@ test_e2e_rend_circuit_setup(void *arg)
|
|||
tt_int_op(retval, OP_EQ, 1);
|
||||
|
||||
/* Check the digest algo */
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->f_digest),
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.f_digest),
|
||||
OP_EQ, DIGEST_SHA3_256);
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->b_digest),
|
||||
tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.b_digest),
|
||||
OP_EQ, DIGEST_SHA3_256);
|
||||
tt_assert(or_circ->cpath->f_crypto);
|
||||
tt_assert(or_circ->cpath->b_crypto);
|
||||
tt_assert(or_circ->cpath->crypto.f_crypto);
|
||||
tt_assert(or_circ->cpath->crypto.b_crypto);
|
||||
|
||||
/* Ensure that circ purpose was changed */
|
||||
tt_int_op(or_circ->base_.purpose, OP_EQ, CIRCUIT_PURPOSE_S_REND_JOINED);
|
||||
|
|
|
@ -0,0 +1,184 @@
|
|||
/* Copyright 2001-2004 Roger Dingledine.
|
||||
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
|
||||
* Copyright (c) 2007-2018, The Tor Project, Inc. */
|
||||
/* See LICENSE for licensing information */
|
||||
|
||||
#include "or.h"
|
||||
#include "circuitbuild.h"
|
||||
#define CIRCUITLIST_PRIVATE
|
||||
#include "circuitlist.h"
|
||||
#include "relay.h"
|
||||
#include "relay_crypto.h"
|
||||
#include "test.h"
|
||||
|
||||
static const char KEY_MATERIAL[3][CPATH_KEY_MATERIAL_LEN] = {
|
||||
" 'My public key is in this signed x509 object', said Tom assertively.",
|
||||
"'Let's chart the pedal phlanges in the tomb', said Tom cryptographically",
|
||||
" 'Segmentation fault bugs don't _just happen_', said Tom seethingly.",
|
||||
};
|
||||
|
||||
typedef struct testing_circuitset_t {
|
||||
or_circuit_t *or_circ[3];
|
||||
origin_circuit_t *origin_circ;
|
||||
} testing_circuitset_t;
|
||||
|
||||
static int testing_circuitset_teardown(const struct testcase_t *testcase,
|
||||
void *ptr);
|
||||
|
||||
static void *
|
||||
testing_circuitset_setup(const struct testcase_t *testcase)
|
||||
{
|
||||
testing_circuitset_t *cs = tor_malloc_zero(sizeof(testing_circuitset_t));
|
||||
int i;
|
||||
|
||||
for (i=0; i<3; ++i) {
|
||||
cs->or_circ[i] = or_circuit_new(0, NULL);
|
||||
tt_int_op(0, OP_EQ,
|
||||
relay_crypto_init(&cs->or_circ[i]->crypto,
|
||||
KEY_MATERIAL[i], sizeof(KEY_MATERIAL[i]),
|
||||
0, 0));
|
||||
}
|
||||
|
||||
cs->origin_circ = origin_circuit_new();
|
||||
cs->origin_circ->base_.purpose = CIRCUIT_PURPOSE_C_GENERAL;
|
||||
for (i=0; i<3; ++i) {
|
||||
crypt_path_t *hop = tor_malloc_zero(sizeof(*hop));
|
||||
relay_crypto_init(&hop->crypto, KEY_MATERIAL[i], sizeof(KEY_MATERIAL[i]),
|
||||
0, 0);
|
||||
hop->state = CPATH_STATE_OPEN;
|
||||
onion_append_to_cpath(&cs->origin_circ->cpath, hop);
|
||||
tt_ptr_op(hop, OP_EQ, cs->origin_circ->cpath->prev);
|
||||
}
|
||||
|
||||
return cs;
|
||||
done:
|
||||
testing_circuitset_teardown(testcase, cs);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int
|
||||
testing_circuitset_teardown(const struct testcase_t *testcase, void *ptr)
|
||||
{
|
||||
(void)testcase;
|
||||
testing_circuitset_t *cs = ptr;
|
||||
int i;
|
||||
for (i=0; i<3; ++i) {
|
||||
circuit_free_(TO_CIRCUIT(cs->or_circ[i]));
|
||||
}
|
||||
circuit_free_(TO_CIRCUIT(cs->origin_circ));
|
||||
tor_free(cs);
|
||||
return 1;
|
||||
}
|
||||
|
||||
static const struct testcase_setup_t relaycrypt_setup = {
|
||||
testing_circuitset_setup, testing_circuitset_teardown
|
||||
};
|
||||
|
||||
/* Test encrypting a cell to the final hop on a circuit, decrypting it
|
||||
* at each hop, and recognizing it at the other end. Then do it again
|
||||
* and again as the state evolves. */
|
||||
static void
|
||||
test_relaycrypt_outbound(void *arg)
|
||||
{
|
||||
testing_circuitset_t *cs = arg;
|
||||
tt_assert(cs);
|
||||
|
||||
relay_header_t rh;
|
||||
cell_t orig;
|
||||
cell_t encrypted;
|
||||
int i, j;
|
||||
|
||||
for (i = 0; i < 50; ++i) {
|
||||
crypto_rand((char *)&orig, sizeof(orig));
|
||||
|
||||
relay_header_unpack(&rh, orig.payload);
|
||||
rh.recognized = 0;
|
||||
memset(rh.integrity, 0, sizeof(rh.integrity));
|
||||
relay_header_pack(orig.payload, &rh);
|
||||
|
||||
memcpy(&encrypted, &orig, sizeof(orig));
|
||||
|
||||
/* Encrypt the cell to the last hop */
|
||||
relay_encrypt_cell_outbound(&encrypted, cs->origin_circ,
|
||||
cs->origin_circ->cpath->prev);
|
||||
|
||||
for (j = 0; j < 3; ++j) {
|
||||
crypt_path_t *layer_hint = NULL;
|
||||
char recognized = 0;
|
||||
int r = relay_decrypt_cell(TO_CIRCUIT(cs->or_circ[j]),
|
||||
&encrypted,
|
||||
CELL_DIRECTION_OUT,
|
||||
&layer_hint, &recognized);
|
||||
tt_int_op(r, OP_EQ, 0);
|
||||
tt_ptr_op(layer_hint, OP_EQ, NULL);
|
||||
tt_int_op(recognized != 0, OP_EQ, j == 2);
|
||||
}
|
||||
|
||||
tt_mem_op(orig.payload, OP_EQ, encrypted.payload, CELL_PAYLOAD_SIZE);
|
||||
}
|
||||
|
||||
done:
|
||||
;
|
||||
}
|
||||
|
||||
/* As above, but simulate inbound cells from the last hop. */
|
||||
static void
|
||||
test_relaycrypt_inbound(void *arg)
|
||||
{
|
||||
testing_circuitset_t *cs = arg;
|
||||
tt_assert(cs);
|
||||
|
||||
relay_header_t rh;
|
||||
cell_t orig;
|
||||
cell_t encrypted;
|
||||
int i, j;
|
||||
|
||||
for (i = 0; i < 50; ++i) {
|
||||
crypto_rand((char *)&orig, sizeof(orig));
|
||||
|
||||
relay_header_unpack(&rh, orig.payload);
|
||||
rh.recognized = 0;
|
||||
memset(rh.integrity, 0, sizeof(rh.integrity));
|
||||
relay_header_pack(orig.payload, &rh);
|
||||
|
||||
memcpy(&encrypted, &orig, sizeof(orig));
|
||||
|
||||
/* Encrypt the cell to the last hop */
|
||||
relay_encrypt_cell_inbound(&encrypted, cs->or_circ[2]);
|
||||
|
||||
crypt_path_t *layer_hint = NULL;
|
||||
char recognized = 0;
|
||||
int r;
|
||||
for (j = 1; j >= 0; --j) {
|
||||
r = relay_decrypt_cell(TO_CIRCUIT(cs->or_circ[j]),
|
||||
&encrypted,
|
||||
CELL_DIRECTION_IN,
|
||||
&layer_hint, &recognized);
|
||||
tt_int_op(r, OP_EQ, 0);
|
||||
tt_ptr_op(layer_hint, OP_EQ, NULL);
|
||||
tt_int_op(recognized, OP_EQ, 0);
|
||||
}
|
||||
|
||||
relay_decrypt_cell(TO_CIRCUIT(cs->origin_circ),
|
||||
&encrypted,
|
||||
CELL_DIRECTION_IN,
|
||||
&layer_hint, &recognized);
|
||||
tt_int_op(r, OP_EQ, 0);
|
||||
tt_int_op(recognized, OP_EQ, 1);
|
||||
tt_ptr_op(layer_hint, OP_EQ, cs->origin_circ->cpath->prev);
|
||||
|
||||
tt_mem_op(orig.payload, OP_EQ, encrypted.payload, CELL_PAYLOAD_SIZE);
|
||||
}
|
||||
done:
|
||||
;
|
||||
}
|
||||
|
||||
#define TEST(name) \
|
||||
{ # name, test_relaycrypt_ ## name, 0, &relaycrypt_setup, NULL }
|
||||
|
||||
struct testcase_t relaycrypt_tests[] = {
|
||||
TEST(outbound),
|
||||
TEST(inbound),
|
||||
END_OF_TESTCASES
|
||||
};
|
||||
|
Loading…
Reference in New Issue