diff --git a/src/or/circuit.c b/src/or/circuit.c index 46b0227a41..d786a24626 100644 --- a/src/or/circuit.c +++ b/src/or/circuit.c @@ -777,7 +777,7 @@ int circuit_send_next_onion_skin(circuit_t *circ) { memset(&cell, 0, sizeof(cell_t)); cell.command = CELL_CREATE; cell.aci = circ->n_aci; - cell.length = 208; + cell.length = DH_ONIONSKIN_LEN; if(onion_skin_create(circ->n_conn->pkey, &(circ->cpath->handshake_state), cell.payload) < 0) { log(LOG_INFO,"circuit_send_next_onion_skin(): onion_skin_create (first hop) failed."); @@ -816,7 +816,7 @@ int circuit_send_next_onion_skin(circuit_t *circ) { SET_CELL_RELAY_COMMAND(cell, RELAY_COMMAND_EXTEND); SET_CELL_STREAM_ID(cell, ZERO_STREAM); - cell.length = RELAY_HEADER_SIZE + 6 + 208; + cell.length = RELAY_HEADER_SIZE + 6 + DH_ONIONSKIN_LEN; *(uint32_t*)(cell.payload+RELAY_HEADER_SIZE) = htonl(hop->addr); *(uint32_t*)(cell.payload+RELAY_HEADER_SIZE+4) = htons(hop->port); if(onion_skin_create(router->pkey, &(hop->handshake_state), cell.payload+RELAY_HEADER_SIZE+6) < 0) { @@ -883,9 +883,9 @@ int circuit_extend(cell_t *cell, circuit_t *circ) { memset(&newcell, 0, sizeof(cell_t)); newcell.command = CELL_CREATE; newcell.aci = circ->n_aci; - newcell.length = 208; + newcell.length = DH_ONIONSKIN_LEN; - memcpy(newcell.payload, cell->payload+RELAY_HEADER_SIZE+6, 208); + memcpy(newcell.payload, cell->payload+RELAY_HEADER_SIZE+6, DH_ONIONSKIN_LEN); if(connection_write_cell_to_buf(&newcell, circ->n_conn) < 0) { return -1; diff --git a/src/or/command.c b/src/or/command.c index 0f7830e986..fc1396ca92 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -95,7 +95,7 @@ void command_process_create_cell(cell_t *cell, connection_t *conn) { circ = circuit_new(cell->aci, conn); circ->state = CIRCUIT_STATE_ONIONSKIN_PENDING; - if(cell->length != 208) { + if(cell->length != DH_ONIONSKIN_LEN) { log(LOG_DEBUG,"command_process_create_cell(): Bad cell length %d. Dropping.", cell->length); circuit_close(circ); return; @@ -127,7 +127,7 @@ void command_process_created_cell(cell_t *cell, connection_t *conn) { log(LOG_DEBUG,"command_process_created_cell(): got created cell from OPward? Dropping."); return; } - assert(cell->length == 192); + assert(cell->length == DH_KEY_LEN); if(circ->cpath) { /* we're the OP. Handshake this. */ log(LOG_DEBUG,"command_process_created_cell(): at OP. Finishing handshake."); @@ -150,7 +150,7 @@ void command_process_created_cell(cell_t *cell, connection_t *conn) { SET_CELL_STREAM_ID(newcell, ZERO_STREAM); newcell.length = RELAY_HEADER_SIZE + cell->length; - memcpy(newcell.payload+RELAY_HEADER_SIZE, cell->payload, 192); + memcpy(newcell.payload+RELAY_HEADER_SIZE, cell->payload, DH_KEY_LEN); log(LOG_DEBUG,"command_process_created_cell(): Sending extended relay cell."); if(circuit_deliver_relay_cell_from_edge(&newcell, circ, EDGE_EXIT, NULL) < 0) { diff --git a/src/or/onion.c b/src/or/onion.c index 9a788284ea..915532468d 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -184,7 +184,7 @@ static int onionskin_process(circuit_t *circ) { memset(&cell, 0, sizeof(cell_t)); cell.command = CELL_CREATED; cell.aci = circ->p_aci; - cell.length = 192; + cell.length = DH_KEY_LEN; circ->state = CIRCUIT_STATE_OPEN; @@ -436,7 +436,7 @@ crypt_path_t *onion_generate_cpath(routerinfo_t **firsthop) { int onion_skin_create(crypto_pk_env_t *dest_router_key, crypto_dh_env_t **handshake_state_out, - char *onion_skin_out) /* Must be 208 bytes long */ + char *onion_skin_out) /* Must be DH_ONIONSKIN_LEN bytes long */ { char iv[16]; char *pubkey = NULL; @@ -445,7 +445,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key, int dhbytes, pkbytes; *handshake_state_out = NULL; - memset(onion_skin_out, 0, 208); + memset(onion_skin_out, 0, DH_ONIONSKIN_LEN); memset(iv, 0, 16); if (!(dh = crypto_dh_new())) @@ -453,7 +453,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key, dhbytes = crypto_dh_get_bytes(dh); pkbytes = crypto_pk_keysize(dest_router_key); - assert(dhbytes+16 == 208); + assert(dhbytes+16 == DH_ONIONSKIN_LEN); if (!(pubkey = malloc(dhbytes+16))) goto err; @@ -512,13 +512,13 @@ onion_skin_create(crypto_pk_env_t *dest_router_key, * reply, and key_out_len bytes of key material, stored in key_out. */ int -onion_skin_server_handshake(char *onion_skin, /* 208 bytes long */ +onion_skin_server_handshake(char *onion_skin, /* DH_ONIONSKIN_LEN bytes long */ crypto_pk_env_t *private_key, - char *handshake_reply_out, /* 192 bytes long */ + char *handshake_reply_out, /* DH_KEY_LEN bytes long */ char *key_out, int key_out_len) { - char buf[208]; + char buf[DH_ONIONSKIN_LEN]; char iv[16]; crypto_dh_env_t *dh = NULL; crypto_cipher_env_t *cipher = NULL; @@ -539,7 +539,7 @@ onion_skin_server_handshake(char *onion_skin, /* 208 bytes long */ cipher = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, buf, iv, 0); - if (crypto_cipher_decrypt(cipher, onion_skin+pkbytes, 208-pkbytes, + if (crypto_cipher_decrypt(cipher, onion_skin+pkbytes, DH_ONIONSKIN_LEN-pkbytes, buf+pkbytes)) goto err; @@ -550,13 +550,13 @@ onion_skin_server_handshake(char *onion_skin, /* 208 bytes long */ #endif dh = crypto_dh_new(); - if (crypto_dh_get_public(dh, handshake_reply_out, 192)) + if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN)) goto err; - if (crypto_dh_compute_secret(dh, buf+16, 192, buf)) + if (crypto_dh_compute_secret(dh, buf+16, DH_KEY_LEN, buf)) goto err; - memcpy(key_out, buf+192-key_out_len, key_out_len); + memcpy(key_out, buf+DH_KEY_LEN-key_out_len, key_out_len); crypto_free_cipher_env(cipher); crypto_dh_free(dh); @@ -577,20 +577,20 @@ onion_skin_server_handshake(char *onion_skin, /* 208 bytes long */ */ int onion_skin_client_handshake(crypto_dh_env_t *handshake_state, - char *handshake_reply,/* Must be 192 bytes long*/ + char *handshake_reply,/* Must be DH_KEY_LEN bytes long*/ char *key_out, int key_out_len) { - char key_material[192]; - assert(crypto_dh_get_bytes(handshake_state) == 192); + char key_material[DH_KEY_LEN]; + assert(crypto_dh_get_bytes(handshake_state) == DH_KEY_LEN); - memset(key_material, 0, 192); + memset(key_material, 0, DH_KEY_LEN); - if (crypto_dh_compute_secret(handshake_state, handshake_reply, 192, + if (crypto_dh_compute_secret(handshake_state, handshake_reply, DH_KEY_LEN, key_material)) return -1; - memcpy(key_out, key_material+192-key_out_len, key_out_len); + memcpy(key_out, key_material+DH_KEY_LEN-key_out_len, key_out_len); return 0; } diff --git a/src/or/or.h b/src/or/or.h index 7a91f831ad..c48edd87f9 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -348,6 +348,9 @@ struct crypt_path_t { }; +#define DH_KEY_LEN 192 +#define DH_ONIONSKIN_LEN 208 + typedef struct crypt_path_t crypt_path_t; struct relay_queue_t { @@ -375,7 +378,7 @@ typedef struct { crypt_path_t *cpath; - char onionskin[208]; /* for storage while onionskin pending */ + char onionskin[DH_ONIONSKIN_LEN]; /* for storage while onionskin pending */ long timestamp_created; char dirty; /* whether this circuit has been used yet */ @@ -394,21 +397,6 @@ struct onion_queue_t { struct onion_queue_t *next; }; -#define ONION_KEYSEED_LEN 16 - -typedef struct { - uint8_t version; - uint16_t port; - uint32_t addr; - uint32_t expire; - unsigned char keyseed[ONION_KEYSEED_LEN]; -} onion_layer_t; -/* ugly hack XXXX */ -#define ONION_KEYSEED_OFFSET 11 - -#define ONION_LAYER_SIZE 27 -#define ONION_PADDING_SIZE (128-ONION_LAYER_SIZE) - typedef struct { char *LogLevel; char *RouterFile; @@ -517,7 +505,6 @@ void circuit_resume_edge_reading(circuit_t *circ, int edge_type); int circuit_consider_stop_edge_reading(circuit_t *circ, int edge_type); int circuit_consider_sending_sendme(circuit_t *circ, int edge_type); -int circuit_init(circuit_t *circ, int aci_type, onion_layer_t *layer); void circuit_free(circuit_t *circ); void circuit_free_cpath(crypt_path_t *cpath); void circuit_free_cpath_node(crypt_path_t *victim); @@ -773,16 +760,16 @@ crypt_path_t *onion_generate_cpath(routerinfo_t **firsthop); int onion_skin_create(crypto_pk_env_t *router_key, crypto_dh_env_t **handshake_state_out, - char *onion_skin_out); /* Must be 208 bytes long */ + char *onion_skin_out); /* Must be DH_ONIONSKIN_LEN bytes long */ -int onion_skin_server_handshake(char *onion_skin, /* 208 bytes long */ +int onion_skin_server_handshake(char *onion_skin, /* DH_ONIONSKIN_LEN bytes long */ crypto_pk_env_t *private_key, - char *handshake_reply_out, /* 192 bytes long */ + char *handshake_reply_out, /* DH_KEY_LEN bytes long */ char *key_out, int key_out_len); int onion_skin_client_handshake(crypto_dh_env_t *handshake_state, - char *handshake_reply,/* Must be 192 bytes long*/ + char *handshake_reply,/* Must be DH_KEY_LEN bytes long*/ char *key_out, int key_out_len); diff --git a/src/or/test.c b/src/or/test.c index 0d77b601af..99dd9c9f43 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -466,11 +466,11 @@ test_onion_handshake() { /* client-side */ crypto_dh_env_t *c_dh = NULL; - char c_buf[208]; + char c_buf[DH_ONIONSKIN_LEN]; char c_keys[40]; /* server-side */ - char s_buf[192]; + char s_buf[DH_KEY_LEN]; char s_keys[40]; /* shared */ @@ -480,11 +480,11 @@ test_onion_handshake() { test_assert(! crypto_pk_generate_key(pk)); /* client handshake 1. */ - memset(c_buf, 0, 208); + memset(c_buf, 0, DH_ONIONSKIN_LEN); test_assert(! onion_skin_create(pk, &c_dh, c_buf)); /* server handshake */ - memset(s_buf, 0, 192); + memset(s_buf, 0, DH_KEY_LEN); memset(s_keys, 0, 40); test_assert(! onion_skin_server_handshake(c_buf, pk, s_buf, s_keys, 40));