aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-12-07 13:40:21 -0500
committerNick Mathewson <nickm@torproject.org>2013-01-03 11:29:48 -0500
commit839016ac791de98c02ad7eab50092deedde0ad55 (patch)
treea13d23119dc498e51f19cbb93e4492318c4ccf26
parent463e9378df7eaa07a895da34dc10d3c336760f09 (diff)
downloadtor-839016ac791de98c02ad7eab50092deedde0ad55.tar.gz
tor-839016ac791de98c02ad7eab50092deedde0ad55.zip
ntor: Don't fail fast server-side on an unrecognized KEYID(B)
-rw-r--r--src/or/onion.c4
-rw-r--r--src/or/onion.h1
-rw-r--r--src/or/onion_ntor.c17
-rw-r--r--src/or/onion_ntor.h1
-rw-r--r--src/test/bench.c2
-rw-r--r--src/test/test.c3
6 files changed, 21 insertions, 7 deletions
diff --git a/src/or/onion.c b/src/or/onion.c
index 3f0b0b1e46..56bc9a3b8a 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -192,6 +192,8 @@ setup_server_onion_keys(server_onion_keys_t *keys)
dup_onion_keys(&keys->onion_key, &keys->last_onion_key);
#ifdef CURVE25519_ENABLED
keys->curve25519_key_map = construct_ntor_key_map();
+ keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t));
+ curve25519_keypair_generate(keys->junk_keypair, 0);
#endif
}
@@ -207,6 +209,7 @@ release_server_onion_keys(server_onion_keys_t *keys)
crypto_pk_free(keys->last_onion_key);
#ifdef CURVE25519_ENABLED
ntor_key_map_free(keys->curve25519_key_map);
+ tor_free(keys->junk_keypair);
#endif
memset(keys, 0, sizeof(server_onion_keys_t));
}
@@ -345,6 +348,7 @@ onion_skin_server_handshake(int type,
if (onion_skin_ntor_server_handshake(
onion_skin, keys->curve25519_key_map,
+ keys->junk_keypair,
keys->my_identity,
reply_out, keys_tmp, keys_tmp_len)<0) {
tor_free(keys_tmp);
diff --git a/src/or/onion.h b/src/or/onion.h
index e4081392e9..33bf341bbc 100644
--- a/src/or/onion.h
+++ b/src/or/onion.h
@@ -24,6 +24,7 @@ typedef struct server_onion_keys_t {
crypto_pk_t *last_onion_key;
#ifdef CURVE25519_ENABLED
di_digest256_map_t *curve25519_key_map;
+ curve25519_keypair_t *junk_keypair;
#endif
} server_onion_keys_t;
diff --git a/src/or/onion_ntor.c b/src/or/onion_ntor.c
index 30d18cc473..3f4faf3fa7 100644
--- a/src/or/onion_ntor.c
+++ b/src/or/onion_ntor.c
@@ -121,14 +121,16 @@ onion_skin_ntor_create(const uint8_t *router_id,
* NTOR_ONIONSKIN_LEN-byte message in <b>onion_skin</b>, our own identity
* fingerprint as <b>my_node_id</b>, and an associative array mapping public
* onion keys to curve25519_keypair_t in <b>private_keys</b>, attempt to
- * perform the handshake. Write an NTOR_REPLY_LEN-byte message to send back
- * to the client into <b>handshake_reply_out</b>, and generate
- * <b>key_out_len</b> bytes of key material in <b>key_out</b>. Return 0 on
- * success, -1 on failure.
+ * perform the handshake. Use <b>junk_keys</b> if present if the handshake
+ * indicates an unrecognized public key. Write an NTOR_REPLY_LEN-byte
+ * message to send back to the client into <b>handshake_reply_out</b>, and
+ * generate <b>key_out_len</b> bytes of key material in <b>key_out</b>. Return
+ * 0 on success, -1 on failure.
*/
int
onion_skin_ntor_server_handshake(const uint8_t *onion_skin,
const di_digest256_map_t *private_keys,
+ const curve25519_keypair_t *junk_keys,
const uint8_t *my_node_id,
uint8_t *handshake_reply_out,
uint8_t *key_out,
@@ -153,9 +155,14 @@ onion_skin_ntor_server_handshake(const uint8_t *onion_skin,
/* XXXX Does this possible early-return business threaten our security? */
if (tor_memneq(onion_skin, my_node_id, DIGEST_LEN))
return -1;
- keypair_bB = dimap_search(private_keys, onion_skin + DIGEST_LEN, NULL);
+ /* Note that on key-not-found, we go through with this operation anyway,
+ * using "junk_keys". This will result in failed authentication, but won't
+ * leak whether we recognized the key. */
+ keypair_bB = dimap_search(private_keys, onion_skin + DIGEST_LEN,
+ (void*)junk_keys);
if (!keypair_bB)
return -1;
+
memcpy(s.pubkey_X.public_key, onion_skin+DIGEST_LEN+DIGEST256_LEN,
CURVE25519_PUBKEY_LEN);
diff --git a/src/or/onion_ntor.h b/src/or/onion_ntor.h
index 80015fd3fa..a5cceb94db 100644
--- a/src/or/onion_ntor.h
+++ b/src/or/onion_ntor.h
@@ -27,6 +27,7 @@ int onion_skin_ntor_create(const uint8_t *router_id,
int onion_skin_ntor_server_handshake(const uint8_t *onion_skin,
const di_digest256_map_t *private_keys,
+ const curve25519_keypair_t *junk_keypair,
const uint8_t *my_node_id,
uint8_t *handshake_reply_out,
uint8_t *key_out,
diff --git a/src/test/bench.c b/src/test/bench.c
index 23560cd437..2c40cdf4dc 100644
--- a/src/test/bench.c
+++ b/src/test/bench.c
@@ -199,7 +199,7 @@ bench_onion_ntor(void)
start = perftime();
for (i = 0; i < iters; ++i) {
uint8_t key_out[CPATH_KEY_MATERIAL_LEN];
- onion_skin_ntor_server_handshake(os, keymap, nodeid, or,
+ onion_skin_ntor_server_handshake(os, keymap, NULL, nodeid, or,
key_out, sizeof(key_out));
}
end = perftime();
diff --git a/src/test/test.c b/src/test/test.c
index daac67ee47..32e060080b 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -895,7 +895,8 @@ test_ntor_handshake(void *arg)
/* server handshake */
memset(s_buf, 0, NTOR_REPLY_LEN);
memset(s_keys, 0, 40);
- tt_int_op(0, ==, onion_skin_ntor_server_handshake(c_buf, s_keymap, node_id,
+ tt_int_op(0, ==, onion_skin_ntor_server_handshake(c_buf, s_keymap, NULL,
+ node_id,
s_buf, s_keys, 400));
/* client handshake 2 */