diff options
author | Nick Mathewson <nickm@torproject.org> | 2017-04-13 09:38:59 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-04-13 09:38:59 -0400 |
commit | 28ec2d9c2cbb300af8ba467898626020add977c4 (patch) | |
tree | fe4a55646b06e255bddc2f31fb6533485513bc86 /src/or | |
parent | 755c88a4746b8b58d1b36486a611abc2d4f44144 (diff) | |
parent | bf68c78e942b196e65e2d8ae6f172a5a6a363561 (diff) | |
download | tor-28ec2d9c2cbb300af8ba467898626020add977c4.tar.gz tor-28ec2d9c2cbb300af8ba467898626020add977c4.zip |
Merge remote-tracking branch 'dgoulet/ticket21919_031_01'
Diffstat (limited to 'src/or')
-rw-r--r-- | src/or/hs_intropoint.c | 91 | ||||
-rw-r--r-- | src/or/hs_intropoint.h | 4 | ||||
-rw-r--r-- | src/or/hs_service.c | 42 | ||||
-rw-r--r-- | src/or/hs_service.h | 4 |
4 files changed, 71 insertions, 70 deletions
diff --git a/src/or/hs_intropoint.c b/src/or/hs_intropoint.c index a7282aba8f..c32d24480a 100644 --- a/src/or/hs_intropoint.c +++ b/src/or/hs_intropoint.c @@ -43,16 +43,16 @@ get_auth_key_from_cell(ed25519_public_key_t *auth_key_out, switch (cell_type) { case RELAY_COMMAND_ESTABLISH_INTRO: { - const hs_cell_establish_intro_t *c_cell = cell; - key_array = hs_cell_establish_intro_getconstarray_auth_key(c_cell); - auth_key_len = hs_cell_establish_intro_getlen_auth_key(c_cell); + const trn_cell_establish_intro_t *c_cell = cell; + key_array = trn_cell_establish_intro_getconstarray_auth_key(c_cell); + auth_key_len = trn_cell_establish_intro_getlen_auth_key(c_cell); break; } case RELAY_COMMAND_INTRODUCE1: { - const hs_cell_introduce1_t *c_cell = cell; - key_array = hs_cell_introduce1_getconstarray_auth_key(cell); - auth_key_len = hs_cell_introduce1_getlen_auth_key(c_cell); + const trn_cell_introduce1_t *c_cell = cell; + key_array = trn_cell_introduce1_getconstarray_auth_key(cell); + auth_key_len = trn_cell_introduce1_getlen_auth_key(c_cell); break; } default: @@ -68,7 +68,7 @@ get_auth_key_from_cell(ed25519_public_key_t *auth_key_out, /** We received an ESTABLISH_INTRO <b>cell</b>. Verify its signature and MAC, * given <b>circuit_key_material</b>. Return 0 on success else -1 on error. */ STATIC int -verify_establish_intro_cell(const hs_cell_establish_intro_t *cell, +verify_establish_intro_cell(const trn_cell_establish_intro_t *cell, const uint8_t *circuit_key_material, size_t circuit_key_material_len) { @@ -82,8 +82,8 @@ verify_establish_intro_cell(const hs_cell_establish_intro_t *cell, /* Make sure the auth key length is of the right size for this type. For * EXTRA safety, we check both the size of the array and the length which * must be the same. Safety first!*/ - if (hs_cell_establish_intro_getlen_auth_key(cell) != ED25519_PUBKEY_LEN || - hs_cell_establish_intro_get_auth_key_len(cell) != ED25519_PUBKEY_LEN) { + if (trn_cell_establish_intro_getlen_auth_key(cell) != ED25519_PUBKEY_LEN || + trn_cell_establish_intro_get_auth_key_len(cell) != ED25519_PUBKEY_LEN) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "ESTABLISH_INTRO auth key length is invalid"); return -1; @@ -94,13 +94,14 @@ verify_establish_intro_cell(const hs_cell_establish_intro_t *cell, /* Verify the sig */ { ed25519_signature_t sig_struct; - const uint8_t *sig_array = hs_cell_establish_intro_getconstarray_sig(cell); + const uint8_t *sig_array = + trn_cell_establish_intro_getconstarray_sig(cell); /* Make sure the signature length is of the right size. For EXTRA safety, * we check both the size of the array and the length which must be the * same. Safety first!*/ - if (hs_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) || - hs_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) { + if (trn_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) || + trn_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "ESTABLISH_INTRO sig len is invalid"); return -1; @@ -147,21 +148,21 @@ hs_intro_send_intro_established_cell,(or_circuit_t *circ)) int ret; uint8_t *encoded_cell = NULL; ssize_t encoded_len, result_len; - hs_cell_intro_established_t *cell; - cell_extension_t *ext; + trn_cell_intro_established_t *cell; + trn_cell_extension_t *ext; tor_assert(circ); /* Build the cell payload. */ - cell = hs_cell_intro_established_new(); - ext = cell_extension_new(); - cell_extension_set_num(ext, 0); - hs_cell_intro_established_set_extensions(cell, ext); + cell = trn_cell_intro_established_new(); + ext = trn_cell_extension_new(); + trn_cell_extension_set_num(ext, 0); + trn_cell_intro_established_set_extensions(cell, ext); /* Encode the cell to binary format. */ - encoded_len = hs_cell_intro_established_encoded_len(cell); + encoded_len = trn_cell_intro_established_encoded_len(cell); tor_assert(encoded_len > 0); encoded_cell = tor_malloc_zero(encoded_len); - result_len = hs_cell_intro_established_encode(encoded_cell, encoded_len, + result_len = trn_cell_intro_established_encode(encoded_cell, encoded_len, cell); tor_assert(encoded_len == result_len); @@ -170,7 +171,7 @@ hs_intro_send_intro_established_cell,(or_circuit_t *circ)) (char *) encoded_cell, encoded_len, NULL); /* On failure, the above function will close the circuit. */ - hs_cell_intro_established_free(cell); + trn_cell_intro_established_free(cell); tor_free(encoded_cell); return ret; } @@ -180,7 +181,7 @@ hs_intro_send_intro_established_cell,(or_circuit_t *circ)) * establish an intro point. */ static int handle_verified_establish_intro_cell(or_circuit_t *circ, - const hs_cell_establish_intro_t *parsed_cell) + const trn_cell_establish_intro_t *parsed_cell) { /* Get the auth key of this intro point */ ed25519_public_key_t auth_key; @@ -210,7 +211,7 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request, size_t request_len) { int cell_ok, retval = -1; - hs_cell_establish_intro_t *parsed_cell = NULL; + trn_cell_establish_intro_t *parsed_cell = NULL; tor_assert(circ); tor_assert(request); @@ -224,7 +225,7 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request, } /* Parse the cell */ - ssize_t parsing_result = hs_cell_establish_intro_parse(&parsed_cell, + ssize_t parsing_result = trn_cell_establish_intro_parse(&parsed_cell, request, request_len); if (parsing_result < 0) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, @@ -259,7 +260,7 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request, circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL); done: - hs_cell_establish_intro_free(parsed_cell); + trn_cell_establish_intro_free(parsed_cell); return retval; } @@ -339,28 +340,28 @@ send_introduce_ack_cell(or_circuit_t *circ, hs_intro_ack_status_t status) int ret = -1; uint8_t *encoded_cell = NULL; ssize_t encoded_len, result_len; - hs_cell_introduce_ack_t *cell; - cell_extension_t *ext; + trn_cell_introduce_ack_t *cell; + trn_cell_extension_t *ext; tor_assert(circ); /* Setup the INTRODUCE_ACK cell. We have no extensions so the N_EXTENSIONS * field is set to 0 by default with a new object. */ - cell = hs_cell_introduce_ack_new(); - ret = hs_cell_introduce_ack_set_status(cell, status); + cell = trn_cell_introduce_ack_new(); + ret = trn_cell_introduce_ack_set_status(cell, status); /* We have no cell extensions in an INTRODUCE_ACK cell. */ - ext = cell_extension_new(); - cell_extension_set_num(ext, 0); - hs_cell_introduce_ack_set_extensions(cell, ext); + ext = trn_cell_extension_new(); + trn_cell_extension_set_num(ext, 0); + trn_cell_introduce_ack_set_extensions(cell, ext); /* A wrong status is a very bad code flow error as this value is controlled * by the code in this file and not an external input. This means we use a * code that is not known by the trunnel ABI. */ tor_assert(ret == 0); /* Encode the payload. We should never fail to get the encoded length. */ - encoded_len = hs_cell_introduce_ack_encoded_len(cell); + encoded_len = trn_cell_introduce_ack_encoded_len(cell); tor_assert(encoded_len > 0); encoded_cell = tor_malloc_zero(encoded_len); - result_len = hs_cell_introduce_ack_encode(encoded_cell, encoded_len, cell); + result_len = trn_cell_introduce_ack_encode(encoded_cell, encoded_len, cell); tor_assert(encoded_len == result_len); ret = relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ), @@ -368,7 +369,7 @@ send_introduce_ack_cell(or_circuit_t *circ, hs_intro_ack_status_t status) (char *) encoded_cell, encoded_len, NULL); /* On failure, the above function will close the circuit. */ - hs_cell_introduce_ack_free(cell); + trn_cell_introduce_ack_free(cell); tor_free(encoded_cell); return ret; } @@ -376,7 +377,7 @@ send_introduce_ack_cell(or_circuit_t *circ, hs_intro_ack_status_t status) /* Validate a parsed INTRODUCE1 <b>cell</b>. Return 0 if valid or else a * negative value for an invalid cell that should be NACKed. */ STATIC int -validate_introduce1_parsed_cell(const hs_cell_introduce1_t *cell) +validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell) { size_t legacy_key_id_len; const uint8_t *legacy_key_id; @@ -385,29 +386,29 @@ validate_introduce1_parsed_cell(const hs_cell_introduce1_t *cell) /* This code path SHOULD NEVER be reached if the cell is a legacy type so * safety net here. The legacy ID must be zeroes in this case. */ - legacy_key_id_len = hs_cell_introduce1_getlen_legacy_key_id(cell); - legacy_key_id = hs_cell_introduce1_getconstarray_legacy_key_id(cell); + legacy_key_id_len = trn_cell_introduce1_getlen_legacy_key_id(cell); + legacy_key_id = trn_cell_introduce1_getconstarray_legacy_key_id(cell); if (BUG(!tor_mem_is_zero((char *) legacy_key_id, legacy_key_id_len))) { goto invalid; } /* The auth key of an INTRODUCE1 should be of type ed25519 thus leading to a * known fixed length as well. */ - if (hs_cell_introduce1_get_auth_key_type(cell) != + if (trn_cell_introduce1_get_auth_key_type(cell) != HS_INTRO_AUTH_KEY_TYPE_ED25519) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Rejecting invalid INTRODUCE1 cell auth key type. " "Responding with NACK."); goto invalid; } - if (hs_cell_introduce1_get_auth_key_len(cell) != ED25519_PUBKEY_LEN || - hs_cell_introduce1_getlen_auth_key(cell) != ED25519_PUBKEY_LEN) { + if (trn_cell_introduce1_get_auth_key_len(cell) != ED25519_PUBKEY_LEN || + trn_cell_introduce1_getlen_auth_key(cell) != ED25519_PUBKEY_LEN) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Rejecting invalid INTRODUCE1 cell auth key length. " "Responding with NACK."); goto invalid; } - if (hs_cell_introduce1_getlen_encrypted(cell) == 0) { + if (trn_cell_introduce1_getlen_encrypted(cell) == 0) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Rejecting invalid INTRODUCE1 cell encrypted length. " "Responding with NACK."); @@ -430,7 +431,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, { int ret = -1; or_circuit_t *service_circ; - hs_cell_introduce1_t *parsed_cell; + trn_cell_introduce1_t *parsed_cell; hs_intro_ack_status_t status = HS_INTRO_ACK_STATUS_SUCCESS; tor_assert(client_circ); @@ -439,7 +440,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, /* Parse cell. Note that we can only parse the non encrypted section for * which we'll use the authentication key to find the service introduction * circuit and relay the cell on it. */ - ssize_t cell_size = hs_cell_introduce1_parse(&parsed_cell, request, + ssize_t cell_size = trn_cell_introduce1_parse(&parsed_cell, request, request_len); if (cell_size < 0) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, @@ -505,7 +506,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, circuit_mark_for_close(TO_CIRCUIT(client_circ), END_CIRC_REASON_INTERNAL); } done: - hs_cell_introduce1_free(parsed_cell); + trn_cell_introduce1_free(parsed_cell); return ret; } diff --git a/src/or/hs_intropoint.h b/src/or/hs_intropoint.h index 3a84a48dd8..163ed810e7 100644 --- a/src/or/hs_intropoint.h +++ b/src/or/hs_intropoint.h @@ -41,7 +41,7 @@ int hs_intro_circuit_is_suitable_for_establish_intro(const or_circuit_t *circ); #include "hs/cell_introduce1.h" STATIC int -verify_establish_intro_cell(const hs_cell_establish_intro_t *out, +verify_establish_intro_cell(const trn_cell_establish_intro_t *out, const uint8_t *circuit_key_material, size_t circuit_key_material_len); @@ -52,7 +52,7 @@ get_auth_key_from_cell(ed25519_public_key_t *auth_key_out, STATIC int introduce1_cell_is_legacy(const uint8_t *request); STATIC int handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, size_t request_len); -STATIC int validate_introduce1_parsed_cell(const hs_cell_introduce1_t *cell); +STATIC int validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell); STATIC int circuit_is_suitable_for_introduce1(const or_circuit_t *circ); #endif /* HS_INTROPOINT_PRIVATE */ diff --git a/src/or/hs_service.c b/src/or/hs_service.c index 52de2bfa9d..71939e236b 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -27,7 +27,7 @@ * bytes written, or a negative integer if there was an error. */ ssize_t get_establish_intro_payload(uint8_t *buf_out, size_t buf_out_len, - const hs_cell_establish_intro_t *cell) + const trn_cell_establish_intro_t *cell) { ssize_t bytes_used = 0; @@ -35,31 +35,31 @@ get_establish_intro_payload(uint8_t *buf_out, size_t buf_out_len, return -1; } - bytes_used = hs_cell_establish_intro_encode(buf_out, buf_out_len, + bytes_used = trn_cell_establish_intro_encode(buf_out, buf_out_len, cell); return bytes_used; } /* Set the cell extensions of <b>cell</b>. */ static void -set_cell_extensions(hs_cell_establish_intro_t *cell) +set_trn_cell_extensions(trn_cell_establish_intro_t *cell) { - cell_extension_t *cell_extensions = cell_extension_new(); + trn_cell_extension_t *trn_cell_extensions = trn_cell_extension_new(); /* For now, we don't use extensions at all. */ - cell_extensions->num = 0; /* It's already zeroed, but be explicit. */ - hs_cell_establish_intro_set_extensions(cell, cell_extensions); + trn_cell_extensions->num = 0; /* It's already zeroed, but be explicit. */ + trn_cell_establish_intro_set_extensions(cell, trn_cell_extensions); } /** Given the circuit handshake info in <b>circuit_key_material</b>, create and * return an ESTABLISH_INTRO cell. Return NULL if something went wrong. The * returned cell is allocated on the heap and it's the responsibility of the * caller to free it. */ -hs_cell_establish_intro_t * +trn_cell_establish_intro_t * generate_establish_intro_cell(const uint8_t *circuit_key_material, size_t circuit_key_material_len) { - hs_cell_establish_intro_t *cell = NULL; + trn_cell_establish_intro_t *cell = NULL; ssize_t encoded_len; log_warn(LD_GENERAL, @@ -72,31 +72,31 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material, goto err; } - cell = hs_cell_establish_intro_new(); + cell = trn_cell_establish_intro_new(); /* Set AUTH_KEY_TYPE: 2 means ed25519 */ - hs_cell_establish_intro_set_auth_key_type(cell, AUTH_KEY_ED25519); + trn_cell_establish_intro_set_auth_key_type(cell, AUTH_KEY_ED25519); /* Set AUTH_KEY_LEN field */ /* Must also set byte-length of AUTH_KEY to match */ int auth_key_len = ED25519_PUBKEY_LEN; - hs_cell_establish_intro_set_auth_key_len(cell, auth_key_len); - hs_cell_establish_intro_setlen_auth_key(cell, auth_key_len); + trn_cell_establish_intro_set_auth_key_len(cell, auth_key_len); + trn_cell_establish_intro_setlen_auth_key(cell, auth_key_len); /* Set AUTH_KEY field */ - uint8_t *auth_key_ptr = hs_cell_establish_intro_getarray_auth_key(cell); + uint8_t *auth_key_ptr = trn_cell_establish_intro_getarray_auth_key(cell); memcpy(auth_key_ptr, key_struct.pubkey.pubkey, auth_key_len); /* No cell extensions needed */ - set_cell_extensions(cell); + set_trn_cell_extensions(cell); /* Set signature size. We need to do this up here, because _encode() needs it and we need to call _encode() to calculate the MAC and signature. */ int sig_len = ED25519_SIG_LEN; - hs_cell_establish_intro_set_sig_len(cell, sig_len); - hs_cell_establish_intro_setlen_sig(cell, sig_len); + trn_cell_establish_intro_set_sig_len(cell, sig_len); + trn_cell_establish_intro_setlen_sig(cell, sig_len); /* XXX How to make this process easier and nicer? */ @@ -107,7 +107,7 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material, uint8_t cell_bytes_tmp[RELAY_PAYLOAD_SIZE] = {0}; uint8_t mac[TRUNNEL_SHA3_256_LEN]; - encoded_len = hs_cell_establish_intro_encode(cell_bytes_tmp, + encoded_len = trn_cell_establish_intro_encode(cell_bytes_tmp, sizeof(cell_bytes_tmp), cell); if (encoded_len < 0) { @@ -126,7 +126,7 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material, (ED25519_SIG_LEN + 2 + TRUNNEL_SHA3_256_LEN)); /* Write the MAC to the cell */ uint8_t *handshake_ptr = - hs_cell_establish_intro_getarray_handshake_mac(cell); + trn_cell_establish_intro_getarray_handshake_mac(cell); memcpy(handshake_ptr, mac, sizeof(mac)); } @@ -137,7 +137,7 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material, uint8_t cell_bytes_tmp[RELAY_PAYLOAD_SIZE] = {0}; ed25519_signature_t sig; - encoded_len = hs_cell_establish_intro_encode(cell_bytes_tmp, + encoded_len = trn_cell_establish_intro_encode(cell_bytes_tmp, sizeof(cell_bytes_tmp), cell); if (encoded_len < 0) { @@ -158,7 +158,7 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material, } /* And write the signature to the cell */ - uint8_t *sig_ptr = hs_cell_establish_intro_getarray_sig(cell); + uint8_t *sig_ptr = trn_cell_establish_intro_getarray_sig(cell); memcpy(sig_ptr, sig.sig, sig_len); } @@ -166,7 +166,7 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material, return cell; err: - hs_cell_establish_intro_free(cell); + trn_cell_establish_intro_free(cell); return NULL; } diff --git a/src/or/hs_service.h b/src/or/hs_service.h index 1405b26cc8..3302592762 100644 --- a/src/or/hs_service.h +++ b/src/or/hs_service.h @@ -16,12 +16,12 @@ * hs_service.o ends up with no symbols in libor.a which makes clang throw a * warning at compile time. See #21825. */ -hs_cell_establish_intro_t * +trn_cell_establish_intro_t * generate_establish_intro_cell(const uint8_t *circuit_key_material, size_t circuit_key_material_len); ssize_t get_establish_intro_payload(uint8_t *buf, size_t buf_len, - const hs_cell_establish_intro_t *cell); + const trn_cell_establish_intro_t *cell); #endif /* TOR_HS_SERVICE_H */ |