nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 12:23:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

hs-v3: Refactor secret data building logic

Browse Source 
Because this secret data building logic is not only used by the descriptor
encoding process but also by the descriptor decoding, refactor the function to
take both steps into account.

Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
Suphanat Chunhapanya 2018-04-19 22:36:59 +07:00 committed by David Goulet
parent 9c36219236
commit 462d4097ce
1 changed files with 50 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
src/feature/hs/hs_descriptor.c
View File

@ -944,6 +944,53 @@ encrypt_desc_data_and_base64(const hs_descriptor_t *desc,
return enc_b64; return enc_b64;
} }
/* Generate the secret data which is used to encrypt/decrypt the descriptor.
*
* SECRET_DATA = blinded-public-key
* SECRET_DATA = blinded-public-key | descriptor_cookie
*
* The descriptor_cookie is optional but if it exists, it must be at least
* HS_DESC_DESCRIPTOR_COOKIE_LEN bytes long.
*
* A newly allocated secret data is put in secret_data_out. Return the
* length of the secret data. This function cannot fail. */
static size_t
build_secret_data(const ed25519_public_key_t *blinded_pubkey,
const uint8_t *descriptor_cookie,
uint8_t **secret_data_out)
{
size_t secret_data_len;
uint8_t *secret_data;
tor_assert(blinded_pubkey);
tor_assert(secret_data_out);
if (descriptor_cookie) {
/* If the descriptor cookie is present, we need both the blinded
* pubkey and the descriptor cookie as a secret data. */
secret_data_len = ED25519_PUBKEY_LEN + HS_DESC_DESCRIPTOR_COOKIE_LEN;
secret_data = tor_malloc(secret_data_len);
memcpy(secret_data,
blinded_pubkey->pubkey,
ED25519_PUBKEY_LEN);
memcpy(secret_data + ED25519_PUBKEY_LEN,
descriptor_cookie,
HS_DESC_DESCRIPTOR_COOKIE_LEN);
} else {
/* If the descriptor cookie is not present, we need only the blinded
* pubkey as a secret data. */
secret_data_len = ED25519_PUBKEY_LEN;
secret_data = tor_malloc(secret_data_len);
memcpy(secret_data,
blinded_pubkey->pubkey,
ED25519_PUBKEY_LEN);
}
*secret_data_out = secret_data;
return secret_data_len;
}
/* Generate and encode the superencrypted portion of <b>desc</b>. This also /* Generate and encode the superencrypted portion of <b>desc</b>. This also
* involves generating the encrypted portion of the descriptor, and performing * involves generating the encrypted portion of the descriptor, and performing
* the superencryption. A newly allocated NUL-terminated string pointer * the superencryption. A newly allocated NUL-terminated string pointer
@ -976,27 +1023,9 @@ encode_superencrypted_data(const hs_descriptor_t *desc,
goto err; goto err;
} }
if (descriptor_cookie) { secret_data_len = build_secret_data(&desc->plaintext_data.blinded_pubkey,
/* If the descriptor cookie is present, we need both the blinded descriptor_cookie,
* pubkey and the descriptor cookie as a secret data. */ &secret_data);
secret_data_len = ED25519_PUBKEY_LEN + HS_DESC_DESCRIPTOR_COOKIE_LEN;
secret_data = tor_malloc(secret_data_len);
memcpy(secret_data,
desc->plaintext_data.blinded_pubkey.pubkey,
ED25519_PUBKEY_LEN);
memcpy(secret_data + ED25519_PUBKEY_LEN,
descriptor_cookie,
HS_DESC_DESCRIPTOR_COOKIE_LEN);
} else {
/* If the descriptor cookie is not present, we need only the blinded
* pubkey as a secret data. */
secret_data_len = ED25519_PUBKEY_LEN;
secret_data = tor_malloc(secret_data_len);
memcpy(secret_data,
desc->plaintext_data.blinded_pubkey.pubkey,
ED25519_PUBKEY_LEN);
}
/* Encrypt and b64 the inner layer */ /* Encrypt and b64 the inner layer */
layer2_b64_ciphertext = layer2_b64_ciphertext =