diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-12-04 21:39:54 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2013-01-03 11:29:46 -0500 |
| commit | 18c7d3f157957a5c8034e165d0fc09490c25b0ba (patch) | |
| tree | cf67236953ce8d6d10ca0d287b0df9d2e4dab880 | |
| parent | f58d4dfcd61aec7ea1900873ca08ecc31d7a7ef7 (diff) | |
| download | tor-18c7d3f157957a5c8034e165d0fc09490c25b0ba.tar.gz tor-18c7d3f157957a5c8034e165d0fc09490c25b0ba.zip | |
Rename handshake_digest to rend_circ_nonce
The handshake_digest field was never meaningfully a digest *of* the
handshake, but rather is a digest *from* the handshake that we exapted
to prevent replays of ESTABLISH_INTRO cells. The ntor handshake will
generate it as more key material rather than taking it from any part
of the circuit handshake reply..
| -rw-r--r-- | src/or/circuitbuild.c | 6 | ||||
| -rw-r--r-- | src/or/or.h | 7 | ||||
| -rw-r--r-- | src/or/rendmid.c | 4 | ||||
| -rw-r--r-- | src/or/rendservice.c | 6 |
4 files changed, 11 insertions, 12 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 8393ba1717..40aad6d992 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1409,7 +1409,7 @@ circuit_finish_handshake(origin_circuit_t *circ, uint8_t reply_type, &hop->handshake_state, reply, (uint8_t*)keys, sizeof(keys), - (uint8_t*)hop->handshake_digest) < 0) { + (uint8_t*)hop->rend_circ_nonce) < 0) { log_warn(LD_CIRC,"onion_skin_client_handshake failed."); return -END_CIRC_REASON_TORPROTOCOL; } @@ -1517,9 +1517,9 @@ onionskin_answer(or_circuit_t *circ, uint8_t cell_type, const char *payload, /* XXXX Move responsibility for extracting this. */ if (cell_type == CELL_CREATED) - memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN); + memcpy(circ->rend_circ_nonce, cell.payload+DH_KEY_LEN, DIGEST_LEN); else - memcpy(circ->handshake_digest, cell.payload+DIGEST_LEN, DIGEST_LEN); + memcpy(circ->rend_circ_nonce, cell.payload+DIGEST_LEN, DIGEST_LEN); circ->is_first_hop = (cell_type == CELL_CREATED_FAST); diff --git a/src/or/or.h b/src/or/or.h index f7407a8e95..d349d1134e 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2568,8 +2568,7 @@ typedef struct crypt_path_t { crypto_dh_t *rend_dh_handshake_state; /** Negotiated key material shared with the OR at this step. */ - /* XXXX RENAME */ - char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */ + char rend_circ_nonce[DIGEST_LEN];/* KH in tor-spec.txt */ /** Information to extend to the OR at this step. */ extend_info_t *extend_info; @@ -2978,8 +2977,8 @@ typedef struct or_circuit_t { char rend_token[REND_TOKEN_LEN]; /* ???? move to a subtype or adjunct structure? Wastes 20 bytes -NM */ - /* XXXX rename this. */ - char handshake_digest[DIGEST_LEN]; /**< Stores KH for the handshake. */ + /** Stores KH for the handshake. */ + char rend_circ_nonce[DIGEST_LEN];/* KH in tor-spec.txt */ /** How many more relay_early cells can we send on this circuit, according * to the specification? */ diff --git a/src/or/rendmid.c b/src/or/rendmid.c index dc2dc1d9e7..8234265ca5 100644 --- a/src/or/rendmid.c +++ b/src/or/rendmid.c @@ -56,8 +56,8 @@ rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request, goto err; } - /* Next 20 bytes: Hash of handshake_digest | "INTRODUCE" */ - memcpy(buf, circ->handshake_digest, DIGEST_LEN); + /* Next 20 bytes: Hash of rend_circ_nonce | "INTRODUCE" */ + memcpy(buf, circ->rend_circ_nonce, DIGEST_LEN); memcpy(buf+DIGEST_LEN, "INTRODUCE", 9); if (crypto_digest(expected_digest, buf, DIGEST_LEN+9) < 0) { log_warn(LD_BUG, "Internal error computing digest."); diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 08a7feb3ec..4f3fdf45ed 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1382,7 +1382,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request, dh = NULL; if (circuit_init_cpath_crypto(cpath,keys+DIGEST_LEN,1)<0) goto err; - memcpy(cpath->handshake_digest, keys, DIGEST_LEN); + memcpy(cpath->rend_circ_nonce, keys, DIGEST_LEN); goto done; @@ -2483,7 +2483,7 @@ rend_service_intro_has_opened(origin_circuit_t *circuit) len = r; set_uint16(buf, htons((uint16_t)len)); len += 2; - memcpy(auth, circuit->cpath->prev->handshake_digest, DIGEST_LEN); + memcpy(auth, circuit->cpath->prev->rend_circ_nonce, DIGEST_LEN); memcpy(auth+DIGEST_LEN, "INTRODUCE", 9); if (crypto_digest(buf+len, auth, DIGEST_LEN+9)) goto err; @@ -2630,7 +2630,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit) reason = END_CIRC_REASON_INTERNAL; goto err; } - memcpy(buf+REND_COOKIE_LEN+DH_KEY_LEN, hop->handshake_digest, + memcpy(buf+REND_COOKIE_LEN+DH_KEY_LEN, hop->rend_circ_nonce, DIGEST_LEN); /* Send the cell */ |