mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 12:23:32 +01:00
Refactor the CREATE_FAST handshake code to match the others.
This commit is contained in:
parent
f7e590df05
commit
5fa1c7484c
@ -645,11 +645,14 @@ circuit_send_next_onion_skin(origin_circuit_t *circ)
|
|||||||
* new OR: we can be speedy and use CREATE_FAST to save an RSA operation
|
* new OR: we can be speedy and use CREATE_FAST to save an RSA operation
|
||||||
* and a DH operation. */
|
* and a DH operation. */
|
||||||
cell_type = CELL_CREATE_FAST;
|
cell_type = CELL_CREATE_FAST;
|
||||||
|
|
||||||
memset(payload, 0, sizeof(payload));
|
memset(payload, 0, sizeof(payload));
|
||||||
crypto_rand((char*) circ->cpath->fast_handshake_state,
|
if (fast_onionskin_create(&circ->cpath->fast_handshake_state,
|
||||||
sizeof(circ->cpath->fast_handshake_state));
|
(uint8_t *)payload) < 0) {
|
||||||
memcpy(payload, circ->cpath->fast_handshake_state,
|
log_warn(LD_CIRC,"onion_skin_create FAST (first hop) failed.");
|
||||||
sizeof(circ->cpath->fast_handshake_state));
|
return - END_CIRC_REASON_INTERNAL;
|
||||||
|
}
|
||||||
|
|
||||||
note_request("cell: create fast", 1);
|
note_request("cell: create fast", 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -23,6 +23,7 @@
|
|||||||
#include "networkstatus.h"
|
#include "networkstatus.h"
|
||||||
#include "nodelist.h"
|
#include "nodelist.h"
|
||||||
#include "onion.h"
|
#include "onion.h"
|
||||||
|
#include "onion_fast.h"
|
||||||
#include "relay.h"
|
#include "relay.h"
|
||||||
#include "rendclient.h"
|
#include "rendclient.h"
|
||||||
#include "rendcommon.h"
|
#include "rendcommon.h"
|
||||||
@ -744,6 +745,7 @@ circuit_free_cpath_node(crypt_path_t *victim)
|
|||||||
crypto_digest_free(victim->f_digest);
|
crypto_digest_free(victim->f_digest);
|
||||||
crypto_digest_free(victim->b_digest);
|
crypto_digest_free(victim->b_digest);
|
||||||
crypto_dh_free(victim->dh_handshake_state);
|
crypto_dh_free(victim->dh_handshake_state);
|
||||||
|
fast_handshake_state_free(victim->fast_handshake_state);
|
||||||
extend_info_free(victim->extend_info);
|
extend_info_free(victim->extend_info);
|
||||||
|
|
||||||
memwipe(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */
|
memwipe(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */
|
||||||
|
@ -12,6 +12,28 @@
|
|||||||
#include "or.h"
|
#include "or.h"
|
||||||
#include "onion_fast.h"
|
#include "onion_fast.h"
|
||||||
|
|
||||||
|
/**DOCDOC*/
|
||||||
|
void
|
||||||
|
fast_handshake_state_free(fast_handshake_state_t *victim)
|
||||||
|
{
|
||||||
|
if (! victim)
|
||||||
|
return;
|
||||||
|
memwipe(victim, 0, sizeof(fast_handshake_state_t));
|
||||||
|
tor_free(victim);
|
||||||
|
}
|
||||||
|
|
||||||
|
/** DOCDOC */
|
||||||
|
int
|
||||||
|
fast_onionskin_create(fast_handshake_state_t **handshake_state_out,
|
||||||
|
uint8_t *handshake_out)
|
||||||
|
{
|
||||||
|
fast_handshake_state_t *s;
|
||||||
|
*handshake_state_out = s =tor_malloc(sizeof(fast_handshake_state_t));
|
||||||
|
crypto_rand((char*)s->state, sizeof(s->state));
|
||||||
|
memcpy(handshake_out, s->state, DIGEST_LEN);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/** Implement the server side of the CREATE_FAST abbreviated handshake. The
|
/** Implement the server side of the CREATE_FAST abbreviated handshake. The
|
||||||
* client has provided DIGEST_LEN key bytes in <b>key_in</b> ("x"). We
|
* client has provided DIGEST_LEN key bytes in <b>key_in</b> ("x"). We
|
||||||
* generate a reply of DIGEST_LEN*2 bytes in <b>key_out</b>, consisting of a
|
* generate a reply of DIGEST_LEN*2 bytes in <b>key_out</b>, consisting of a
|
||||||
@ -63,7 +85,7 @@ fast_server_handshake(const uint8_t *key_in, /* DIGEST_LEN bytes */
|
|||||||
* and protected by TLS).
|
* and protected by TLS).
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
fast_client_handshake(const uint8_t *handshake_state,/*DIGEST_LEN bytes*/
|
fast_client_handshake(const fast_handshake_state_t *handshake_state,
|
||||||
const uint8_t *handshake_reply_out,/*DIGEST_LEN*2 bytes*/
|
const uint8_t *handshake_reply_out,/*DIGEST_LEN*2 bytes*/
|
||||||
uint8_t *key_out,
|
uint8_t *key_out,
|
||||||
size_t key_out_len)
|
size_t key_out_len)
|
||||||
@ -73,7 +95,7 @@ fast_client_handshake(const uint8_t *handshake_state,/*DIGEST_LEN bytes*/
|
|||||||
size_t out_len;
|
size_t out_len;
|
||||||
int r = -1;
|
int r = -1;
|
||||||
|
|
||||||
memcpy(tmp, handshake_state, DIGEST_LEN);
|
memcpy(tmp, handshake_state->state, DIGEST_LEN);
|
||||||
memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN);
|
memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN);
|
||||||
out_len = key_out_len+DIGEST_LEN;
|
out_len = key_out_len+DIGEST_LEN;
|
||||||
out = tor_malloc(out_len);
|
out = tor_malloc(out_len);
|
||||||
|
@ -12,12 +12,24 @@
|
|||||||
#ifndef TOR_ONION_FAST_H
|
#ifndef TOR_ONION_FAST_H
|
||||||
#define TOR_ONION_FAST_H
|
#define TOR_ONION_FAST_H
|
||||||
|
|
||||||
int fast_server_handshake(const uint8_t *key_in,
|
#define CREATE_FAST_LEN DIGEST_LEN
|
||||||
|
#define CREATED_FAST_LEN DIGEST_LEN*2
|
||||||
|
|
||||||
|
typedef struct fast_handshake_state_t {
|
||||||
|
uint8_t state[DIGEST_LEN];
|
||||||
|
} fast_handshake_state_t;
|
||||||
|
|
||||||
|
void fast_handshake_state_free(fast_handshake_state_t *victim);
|
||||||
|
|
||||||
|
int fast_onionskin_create(fast_handshake_state_t **handshake_state_out,
|
||||||
|
uint8_t *handshake_out);
|
||||||
|
|
||||||
|
int fast_server_handshake(const uint8_t *message_in,
|
||||||
uint8_t *handshake_reply_out,
|
uint8_t *handshake_reply_out,
|
||||||
uint8_t *key_out,
|
uint8_t *key_out,
|
||||||
size_t key_out_len);
|
size_t key_out_len);
|
||||||
|
|
||||||
int fast_client_handshake(const uint8_t *handshake_state,
|
int fast_client_handshake(const fast_handshake_state_t *handshake_state,
|
||||||
const uint8_t *handshake_reply_out,
|
const uint8_t *handshake_reply_out,
|
||||||
uint8_t *key_out,
|
uint8_t *key_out,
|
||||||
size_t key_out_len);
|
size_t key_out_len);
|
||||||
|
@ -2524,6 +2524,7 @@ typedef enum {
|
|||||||
|
|
||||||
#define CRYPT_PATH_MAGIC 0x70127012u
|
#define CRYPT_PATH_MAGIC 0x70127012u
|
||||||
|
|
||||||
|
struct fast_handshake_state_t;
|
||||||
/** Holds accounting information for a single step in the layered encryption
|
/** Holds accounting information for a single step in the layered encryption
|
||||||
* performed by a circuit. Used only at the client edge of a circuit. */
|
* performed by a circuit. Used only at the client edge of a circuit. */
|
||||||
typedef struct crypt_path_t {
|
typedef struct crypt_path_t {
|
||||||
@ -2550,7 +2551,7 @@ typedef struct crypt_path_t {
|
|||||||
* authentication, secrecy, and integrity we need, and we're already
|
* authentication, secrecy, and integrity we need, and we're already
|
||||||
* distinguishable from an OR.
|
* distinguishable from an OR.
|
||||||
*/
|
*/
|
||||||
uint8_t fast_handshake_state[DIGEST_LEN];
|
struct fast_handshake_state_t *fast_handshake_state;
|
||||||
/** Negotiated key material shared with the OR at this step. */
|
/** Negotiated key material shared with the OR at this step. */
|
||||||
char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */
|
char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user