diff options
| author | David Goulet <dgoulet@torproject.org> | 2019-05-15 10:16:05 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2019-05-22 11:47:20 -0400 |
| commit | 3835a3acf57426f692a787e7729de929b40dc62e (patch) | |
| tree | 0da7f393f3c78d7b1985d5575b047bdeb59ccb3c /src/core/crypto | |
| parent | 44265dd6716887b997bb03d2db1641efd7ae9c19 (diff) | |
| download | tor-3835a3acf57426f692a787e7729de929b40dc62e.tar.gz tor-3835a3acf57426f692a787e7729de929b40dc62e.zip | |
sendme: Properly record SENDMEs on both edges
Turns out that we were only recording the "b_digest" but to have
bidirectionnal authenticated SENDMEs, we need to use the "f_digest" in the
forward cell situation.
Because of the cpath refactoring, this commit plays with the crypt_path_ and
relay_crypto_t API a little bit in order to respect the abstractions.
Previously, we would record the cell digest as the SENDME digest in the
decrypt cell function but to avoid code duplication (both directions needs to
record), we now do that right after iff the cell is recognized (at the edge).
It is now done in circuit_receive_relay_cell() instead.
We now also record the cell digest as the SENDME digest in both relay cell
encryption functions since they are split depending on the direction.
relay_encrypt_cell_outbound() and relay_encrypt_cell_inbound() need to
consider recording the cell digest depending on their direction (f vs b
digest).
Fixes #30428
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/core/crypto')
| -rw-r--r-- | src/core/crypto/relay_crypto.c | 31 | ||||
| -rw-r--r-- | src/core/crypto/relay_crypto.h | 5 |
2 files changed, 22 insertions, 14 deletions
diff --git a/src/core/crypto/relay_crypto.c b/src/core/crypto/relay_crypto.c index 74cccd2223..8a285131a8 100644 --- a/src/core/crypto/relay_crypto.c +++ b/src/core/crypto/relay_crypto.c @@ -100,12 +100,22 @@ relay_crypto_get_sendme_digest(relay_crypto_t *crypto) return crypto->sendme_digest; } -/** Record the b_digest from <b>crypto</b> and put it in the sendme_digest. */ +/** Record the cell digest, indicated by is_foward_digest or not, as the + * SENDME cell digest. */ void -relay_crypto_record_sendme_digest(relay_crypto_t *crypto) +relay_crypto_record_sendme_digest(relay_crypto_t *crypto, + bool is_foward_digest) { + struct crypto_digest_t *digest; + tor_assert(crypto); - crypto_digest_get_digest(crypto->b_digest, (char *) crypto->sendme_digest, + + digest = crypto->b_digest; + if (is_foward_digest) { + digest = crypto->f_digest; + } + + crypto_digest_get_digest(digest, (char *) crypto->sendme_digest, sizeof(crypto->sendme_digest)); } @@ -161,11 +171,6 @@ relay_decrypt_cell(circuit_t *circ, cell_t *cell, if (relay_digest_matches(cpath_get_incoming_digest(thishop), cell)) { *recognized = 1; *layer_hint = thishop; - /* This cell is for us. Keep a record of this cell because we will - * use it in the next SENDME cell. */ - if (sendme_circuit_cell_is_next(thishop->deliver_window)) { - cpath_sendme_circuit_record_inbound_cell(thishop); - } return 0; } } @@ -213,6 +218,9 @@ relay_encrypt_cell_outbound(cell_t *cell, crypt_path_t *thishop; /* counter for repeated crypts */ cpath_set_cell_forward_digest(layer_hint, cell); + /* Record cell digest as the SENDME digest if need be. */ + sendme_record_sending_cell_digest(TO_CIRCUIT(circ), layer_hint); + thishop = layer_hint; /* moving from farthest to nearest hop */ do { @@ -237,11 +245,8 @@ relay_encrypt_cell_inbound(cell_t *cell, { relay_set_digest(or_circ->crypto.b_digest, cell); - /* We are about to send this cell outbound on the circuit. Keep a record of - * this cell if we are expecting that the next cell is a SENDME. */ - if (sendme_circuit_cell_is_next(TO_CIRCUIT(or_circ)->package_window)) { - sendme_circuit_record_outbound_cell(or_circ); - } + /* Record cell digest as the SENDME digest if need be. */ + sendme_record_sending_cell_digest(TO_CIRCUIT(or_circ), NULL); /* encrypt one layer */ relay_crypt_one_payload(or_circ->crypto.b_crypto, cell->payload); diff --git a/src/core/crypto/relay_crypto.h b/src/core/crypto/relay_crypto.h index 7f09219c7f..9478f8d359 100644 --- a/src/core/crypto/relay_crypto.h +++ b/src/core/crypto/relay_crypto.h @@ -28,7 +28,10 @@ void relay_crypto_clear(relay_crypto_t *crypto); void relay_crypto_assert_ok(const relay_crypto_t *crypto); uint8_t *relay_crypto_get_sendme_digest(relay_crypto_t *crypto); -void relay_crypto_record_sendme_digest(relay_crypto_t *crypto); + +void relay_crypto_record_sendme_digest(relay_crypto_t *crypto, + bool is_foward_digest); + void relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in); |