Merge remote-tracking branch 'public/split_relay_crypto'

7 files changed, 207 insertions, 22 deletions

diff --git a/src/test/bench.c b/src/test/bench.c
index 92d7a244f7..be04c5209a 100644
--- a/src/test/bench.c
+++ b/src/test/bench.c
@@ -12,7 +12,7 @@
 
 #include "or.h"
 #include "onion_tap.h"
-#include "relay.h"
+#include "relay_crypto.h"
 #include <openssl/opensslv.h>
 #include <openssl/evp.h>
 #include <openssl/ec.h>
@@ -505,10 +505,10 @@ bench_cell_ops(void)
   char key1[CIPHER_KEY_LEN], key2[CIPHER_KEY_LEN];
   crypto_rand(key1, sizeof(key1));
   crypto_rand(key2, sizeof(key2));
-  or_circ->p_crypto = crypto_cipher_new(key1);
-  or_circ->n_crypto = crypto_cipher_new(key2);
-  or_circ->p_digest = crypto_digest_new();
-  or_circ->n_digest = crypto_digest_new();
+  or_circ->crypto.f_crypto = crypto_cipher_new(key1);
+  or_circ->crypto.b_crypto = crypto_cipher_new(key2);
+  or_circ->crypto.f_digest = crypto_digest_new();
+  or_circ->crypto.b_digest = crypto_digest_new();
 
   reset_perftime();
 
@@ -518,7 +518,8 @@ bench_cell_ops(void)
     for (i = 0; i < iters; ++i) {
       char recognized = 0;
       crypt_path_t *layer_hint = NULL;
-      relay_crypt(TO_CIRCUIT(or_circ), cell, d, &layer_hint, &recognized);
+      relay_decrypt_cell(TO_CIRCUIT(or_circ), cell, d,
+                         &layer_hint, &recognized);
     }
     end = perftime();
     printf("%sbound cells: %.2f ns per cell. (%.2f ns per byte of payload)\n",
@@ -527,10 +528,7 @@ bench_cell_ops(void)
            NANOCOUNT(start,end,iters*CELL_PAYLOAD_SIZE));
   }
 
-  crypto_digest_free(or_circ->p_digest);
-  crypto_digest_free(or_circ->n_digest);
-  crypto_cipher_free(or_circ->p_crypto);
-  crypto_cipher_free(or_circ->n_crypto);
+  relay_crypto_clear(&or_circ->crypto);
   tor_free(or_circ);
   tor_free(cell);
 }
diff --git a/src/test/include.am b/src/test/include.am
index 5c168c52f9..e98b056a44 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -151,6 +151,7 @@ src_test_test_SOURCES = \
 	src/test/test_pubsub.c \
 	src/test/test_relay.c \
 	src/test/test_relaycell.c \
+	src/test/test_relaycrypt.c \
 	src/test/test_rendcache.c \
 	src/test/test_replay.c \
 	src/test/test_router.c \
diff --git a/src/test/test.c b/src/test/test.c
index db70a24fc2..4f2fbc693a 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -869,6 +869,7 @@ struct testgroup_t testgroups[] = {
   { "pt/", pt_tests },
   { "relay/" , relay_tests },
   { "relaycell/", relaycell_tests },
+  { "relaycrypt/", relaycrypt_tests },
   { "rend_cache/", rend_cache_tests },
   { "replaycache/", replaycache_tests },
   { "router/", router_tests },
diff --git a/src/test/test.h b/src/test/test.h
index c9d43c15ad..02ec9bda89 100644
--- a/src/test/test.h
+++ b/src/test/test.h
@@ -238,6 +238,7 @@ extern struct testcase_t pubsub_tests[];
 extern struct testcase_t pt_tests[];
 extern struct testcase_t relay_tests[];
 extern struct testcase_t relaycell_tests[];
+extern struct testcase_t relaycrypt_tests[];
 extern struct testcase_t rend_cache_tests[];
 extern struct testcase_t replaycache_tests[];
 extern struct testcase_t router_tests[];
diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c
index 7ee7210bc9..58e12abca0 100644
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@@ -213,12 +213,12 @@ test_e2e_rend_circuit_setup_legacy(void *arg)
   tt_int_op(retval, OP_EQ, 1);
 
   /* Check the digest algo */
-  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->f_digest),
+  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.f_digest),
             OP_EQ, DIGEST_SHA1);
-  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->b_digest),
+  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.b_digest),
             OP_EQ, DIGEST_SHA1);
-  tt_assert(or_circ->cpath->f_crypto);
-  tt_assert(or_circ->cpath->b_crypto);
+  tt_assert(or_circ->cpath->crypto.f_crypto);
+  tt_assert(or_circ->cpath->crypto.b_crypto);
 
   /* Ensure that circ purpose was changed */
   tt_int_op(or_circ->base_.purpose, OP_EQ, CIRCUIT_PURPOSE_C_REND_JOINED);
@@ -283,12 +283,12 @@ test_e2e_rend_circuit_setup(void *arg)
   tt_int_op(retval, OP_EQ, 1);
 
   /* Check that the crypt path has prop224 algorithm parameters */
-  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->f_digest),
+  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.f_digest),
             OP_EQ, DIGEST_SHA3_256);
-  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->b_digest),
+  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.b_digest),
             OP_EQ, DIGEST_SHA3_256);
-  tt_assert(or_circ->cpath->f_crypto);
-  tt_assert(or_circ->cpath->b_crypto);
+  tt_assert(or_circ->cpath->crypto.f_crypto);
+  tt_assert(or_circ->cpath->crypto.b_crypto);
 
   /* Ensure that circ purpose was changed */
   tt_int_op(or_circ->base_.purpose, OP_EQ, CIRCUIT_PURPOSE_C_REND_JOINED);
diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c
index de74fdb30d..481521520c 100644
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@@ -173,12 +173,12 @@ test_e2e_rend_circuit_setup(void *arg)
   tt_int_op(retval, OP_EQ, 1);
 
   /* Check the digest algo */
-  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->f_digest),
+  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.f_digest),
             OP_EQ, DIGEST_SHA3_256);
-  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->b_digest),
+  tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->crypto.b_digest),
             OP_EQ, DIGEST_SHA3_256);
-  tt_assert(or_circ->cpath->f_crypto);
-  tt_assert(or_circ->cpath->b_crypto);
+  tt_assert(or_circ->cpath->crypto.f_crypto);
+  tt_assert(or_circ->cpath->crypto.b_crypto);
 
   /* Ensure that circ purpose was changed */
   tt_int_op(or_circ->base_.purpose, OP_EQ, CIRCUIT_PURPOSE_S_REND_JOINED);
diff --git a/src/test/test_relaycrypt.c b/src/test/test_relaycrypt.c
new file mode 100644
index 0000000000..eba9897184
--- /dev/null
+++ b/src/test/test_relaycrypt.c
@@ -0,0 +1,184 @@
+/* Copyright 2001-2004 Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "or.h"
+#include "circuitbuild.h"
+#define CIRCUITLIST_PRIVATE
+#include "circuitlist.h"
+#include "relay.h"
+#include "relay_crypto.h"
+#include "test.h"
+
+static const char KEY_MATERIAL[3][CPATH_KEY_MATERIAL_LEN] = {
+  "    'My public key is in this signed x509 object', said Tom assertively.",
+  "'Let's chart the pedal phlanges in the tomb', said Tom cryptographically",
+  "     'Segmentation fault bugs don't _just happen_', said Tom seethingly.",
+};
+
+typedef struct testing_circuitset_t {
+  or_circuit_t *or_circ[3];
+  origin_circuit_t *origin_circ;
+} testing_circuitset_t;
+
+static int testing_circuitset_teardown(const struct testcase_t *testcase,
+                                       void *ptr);
+
+static void *
+testing_circuitset_setup(const struct testcase_t *testcase)
+{
+  testing_circuitset_t *cs = tor_malloc_zero(sizeof(testing_circuitset_t));
+  int i;
+
+  for (i=0; i<3; ++i) {
+    cs->or_circ[i] = or_circuit_new(0, NULL);
+    tt_int_op(0, OP_EQ,
+              relay_crypto_init(&cs->or_circ[i]->crypto,
+                                KEY_MATERIAL[i], sizeof(KEY_MATERIAL[i]),
+                                0, 0));
+  }
+
+  cs->origin_circ = origin_circuit_new();
+  cs->origin_circ->base_.purpose = CIRCUIT_PURPOSE_C_GENERAL;
+  for (i=0; i<3; ++i) {
+    crypt_path_t *hop = tor_malloc_zero(sizeof(*hop));
+    relay_crypto_init(&hop->crypto, KEY_MATERIAL[i], sizeof(KEY_MATERIAL[i]),
+                      0, 0);
+    hop->state = CPATH_STATE_OPEN;
+    onion_append_to_cpath(&cs->origin_circ->cpath, hop);
+    tt_ptr_op(hop, OP_EQ, cs->origin_circ->cpath->prev);
+  }
+
+  return cs;
+ done:
+  testing_circuitset_teardown(testcase, cs);
+  return NULL;
+}
+
+static int
+testing_circuitset_teardown(const struct testcase_t *testcase, void *ptr)
+{
+  (void)testcase;
+  testing_circuitset_t *cs = ptr;
+  int i;
+  for (i=0; i<3; ++i) {
+    circuit_free_(TO_CIRCUIT(cs->or_circ[i]));
+  }
+  circuit_free_(TO_CIRCUIT(cs->origin_circ));
+  tor_free(cs);
+  return 1;
+}
+
+static const struct testcase_setup_t relaycrypt_setup = {
+  testing_circuitset_setup, testing_circuitset_teardown
+};
+
+/* Test encrypting a cell to the final hop on a circuit, decrypting it
+ * at each hop, and recognizing it at the other end.  Then do it again
+ * and again as the state evolves. */
+static void
+test_relaycrypt_outbound(void *arg)
+{
+  testing_circuitset_t *cs = arg;
+  tt_assert(cs);
+
+  relay_header_t rh;
+  cell_t orig;
+  cell_t encrypted;
+  int i, j;
+
+  for (i = 0; i < 50; ++i) {
+    crypto_rand((char *)&orig, sizeof(orig));
+
+    relay_header_unpack(&rh, orig.payload);
+    rh.recognized = 0;
+    memset(rh.integrity, 0, sizeof(rh.integrity));
+    relay_header_pack(orig.payload, &rh);
+
+    memcpy(&encrypted, &orig, sizeof(orig));
+
+    /* Encrypt the cell to the last hop */
+    relay_encrypt_cell_outbound(&encrypted, cs->origin_circ,
+                                cs->origin_circ->cpath->prev);
+
+    for (j = 0; j < 3; ++j) {
+      crypt_path_t *layer_hint = NULL;
+      char recognized = 0;
+      int r = relay_decrypt_cell(TO_CIRCUIT(cs->or_circ[j]),
+                                 &encrypted,
+                                 CELL_DIRECTION_OUT,
+                                 &layer_hint, &recognized);
+      tt_int_op(r, OP_EQ, 0);
+      tt_ptr_op(layer_hint, OP_EQ, NULL);
+      tt_int_op(recognized != 0, OP_EQ, j == 2);
+    }
+
+    tt_mem_op(orig.payload, OP_EQ, encrypted.payload, CELL_PAYLOAD_SIZE);
+  }
+
+ done:
+  ;
+}
+
+/* As above, but simulate inbound cells from the last hop. */
+static void
+test_relaycrypt_inbound(void *arg)
+{
+  testing_circuitset_t *cs = arg;
+  tt_assert(cs);
+
+  relay_header_t rh;
+  cell_t orig;
+  cell_t encrypted;
+  int i, j;
+
+  for (i = 0; i < 50; ++i) {
+    crypto_rand((char *)&orig, sizeof(orig));
+
+    relay_header_unpack(&rh, orig.payload);
+    rh.recognized = 0;
+    memset(rh.integrity, 0, sizeof(rh.integrity));
+    relay_header_pack(orig.payload, &rh);
+
+    memcpy(&encrypted, &orig, sizeof(orig));
+
+    /* Encrypt the cell to the last hop */
+    relay_encrypt_cell_inbound(&encrypted, cs->or_circ[2]);
+
+    crypt_path_t *layer_hint = NULL;
+    char recognized = 0;
+    int r;
+    for (j = 1; j >= 0; --j) {
+      r = relay_decrypt_cell(TO_CIRCUIT(cs->or_circ[j]),
+                             &encrypted,
+                             CELL_DIRECTION_IN,
+                             &layer_hint, &recognized);
+      tt_int_op(r, OP_EQ, 0);
+      tt_ptr_op(layer_hint, OP_EQ, NULL);
+      tt_int_op(recognized, OP_EQ, 0);
+    }
+
+    relay_decrypt_cell(TO_CIRCUIT(cs->origin_circ),
+                       &encrypted,
+                       CELL_DIRECTION_IN,
+                       &layer_hint, &recognized);
+    tt_int_op(r, OP_EQ, 0);
+    tt_int_op(recognized, OP_EQ, 1);
+    tt_ptr_op(layer_hint, OP_EQ, cs->origin_circ->cpath->prev);
+
+    tt_mem_op(orig.payload, OP_EQ, encrypted.payload, CELL_PAYLOAD_SIZE);
+  }
+ done:
+  ;
+}
+
+#define TEST(name) \
+  { # name, test_relaycrypt_ ## name, 0, &relaycrypt_setup, NULL }
+
+struct testcase_t relaycrypt_tests[] = {
+  TEST(outbound),
+  TEST(inbound),
+  END_OF_TESTCASES
+};
+