diff options
author | David Goulet <dgoulet@torproject.org> | 2018-08-23 14:05:42 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2018-08-29 15:01:38 -0400 |
commit | 2f6bc74914d60b62b8e61904aae16c84c2b1181d (patch) | |
tree | 0bd9202dfefab689c9a3b7657ba197ae5a35ccdf /src/test | |
parent | ac44e70ffc047941d196596dd651019c054b7faf (diff) | |
download | tor-2f6bc74914d60b62b8e61904aae16c84c2b1181d.tar.gz tor-2f6bc74914d60b62b8e61904aae16c84c2b1181d.zip |
router: Keep RSA onion public key in ASN.1 format
The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding
which is 140 for a 1024 RSA key.
We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor
(microdesc_t). Scaling this to 6000 relays, and considering client usually
only have microdescriptors, we save 1.608 MB of RAM which is considerable for
mobile client.
This commit makes it that we keep the RSA onion public key (used for TAP
handshake) in ASN.1 format instead of an OpenSSL RSA object.
Changes is done in both routerinfo_t and microdesc_t.
Closes #27246
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/test')
-rw-r--r-- | src/test/test_dir.c | 14 | ||||
-rw-r--r-- | src/test/test_hs_service.c | 4 | ||||
-rw-r--r-- | src/test/test_router.c | 8 |
3 files changed, 18 insertions, 8 deletions
diff --git a/src/test/test_dir.c b/src/test/test_dir.c index c2f3f5297d..723799ee8a 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -166,7 +166,7 @@ test_dir_formats(void *arg) r1->supports_tunnelled_dir_requests = 1; tor_addr_parse(&r1->ipv6_addr, "1:2:3:4::"); r1->ipv6_orport = 9999; - r1->onion_pkey = crypto_pk_dup_key(pk1); + router_set_rsa_onion_pkey(pk1, &r1->onion_pkey, &r1->onion_pkey_len); /* Fake just enough of an ntor key to get by */ curve25519_keypair_t r1_onion_keypair; curve25519_keypair_generate(&r1_onion_keypair, 0); @@ -209,7 +209,7 @@ test_dir_formats(void *arg) r2->or_port = 9005; r2->dir_port = 0; r2->supports_tunnelled_dir_requests = 1; - r2->onion_pkey = crypto_pk_dup_key(pk2); + router_set_rsa_onion_pkey(pk2, &r2->onion_pkey, &r2->onion_pkey_len); curve25519_keypair_t r2_onion_keypair; curve25519_keypair_generate(&r2_onion_keypair, 0); r2->onion_curve25519_pkey = tor_memdup(&r2_onion_keypair.pubkey, @@ -302,7 +302,10 @@ test_dir_formats(void *arg) tt_int_op(rp1->bandwidthrate,OP_EQ, r1->bandwidthrate); tt_int_op(rp1->bandwidthburst,OP_EQ, r1->bandwidthburst); tt_int_op(rp1->bandwidthcapacity,OP_EQ, r1->bandwidthcapacity); - tt_int_op(crypto_pk_cmp_keys(rp1->onion_pkey, pk1), OP_EQ, 0); + crypto_pk_t *onion_pkey = router_get_rsa_onion_pkey(rp1->onion_pkey, + rp1->onion_pkey_len); + tt_int_op(crypto_pk_cmp_keys(onion_pkey, pk1), OP_EQ, 0); + crypto_pk_free(onion_pkey); tt_int_op(crypto_pk_cmp_keys(rp1->identity_pkey, pk2), OP_EQ, 0); tt_assert(rp1->supports_tunnelled_dir_requests); //tt_assert(rp1->exit_policy == NULL); @@ -419,7 +422,10 @@ test_dir_formats(void *arg) tt_mem_op(rp2->onion_curve25519_pkey->public_key,OP_EQ, r2->onion_curve25519_pkey->public_key, CURVE25519_PUBKEY_LEN); - tt_int_op(crypto_pk_cmp_keys(rp2->onion_pkey, pk2), OP_EQ, 0); + onion_pkey = router_get_rsa_onion_pkey(rp2->onion_pkey, + rp2->onion_pkey_len); + tt_int_op(crypto_pk_cmp_keys(onion_pkey, pk2), OP_EQ, 0); + crypto_pk_free(onion_pkey); tt_int_op(crypto_pk_cmp_keys(rp2->identity_pkey, pk1), OP_EQ, 0); tt_assert(rp2->supports_tunnelled_dir_requests); diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index ad0b3ab342..f8a465629a 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -1238,7 +1238,7 @@ test_build_update_descriptors(void *arg) tt_int_op(ret, OP_EQ, 0); ri.onion_curve25519_pkey = tor_malloc_zero(sizeof(curve25519_public_key_t)); - ri.onion_pkey = crypto_pk_new(); + ri.onion_pkey = tor_malloc_zero(140); curve25519_public_key_generate(ri.onion_curve25519_pkey, &curve25519_secret_key); memset(ri.cache_info.identity_digest, 'A', DIGEST_LEN); @@ -1264,7 +1264,7 @@ test_build_update_descriptors(void *arg) update_all_descriptors(now); tor_free(node->ri->onion_curve25519_pkey); /* Avoid memleak. */ tor_free(node->ri->cache_info.signing_key_cert); - crypto_pk_free(node->ri->onion_pkey); + tor_free(node->ri->onion_pkey); expect_log_msg_containing("just picked 1 intro points and wanted 3 for next " "descriptor. It currently has 0 intro points. " "Launching ESTABLISH_INTRO circuit shortly."); diff --git a/src/test/test_router.c b/src/test/test_router.c index c6a2452c8c..613ec04021 100644 --- a/src/test/test_router.c +++ b/src/test/test_router.c @@ -49,7 +49,8 @@ NS(router_get_my_routerinfo)(void) mock_routerinfo->platform = tor_strdup("unittest"); mock_routerinfo->cache_info.published_on = now; mock_routerinfo->identity_pkey = crypto_pk_dup_key(ident_key); - mock_routerinfo->onion_pkey = crypto_pk_dup_key(tap_key); + router_set_rsa_onion_pkey(tap_key, &mock_routerinfo->onion_pkey, + &mock_routerinfo->onion_pkey_len); mock_routerinfo->bandwidthrate = 9001; mock_routerinfo->bandwidthburst = 9002; } @@ -89,11 +90,14 @@ test_router_dump_router_to_string_no_bridge_distribution_method(void *arg) /* Generate our server descriptor and ensure that the substring * "bridge-distribution-request any" occurs somewhere within it. */ + crypto_pk_t *onion_pkey = router_get_rsa_onion_pkey(router->onion_pkey, + router->onion_pkey_len); desc = router_dump_router_to_string(router, router->identity_pkey, - router->onion_pkey, + onion_pkey, &ntor_keypair, &signing_keypair); + crypto_pk_free(onion_pkey); tt_ptr_op(desc, !=, NULL); found = strstr(desc, needle); tt_ptr_op(found, !=, NULL); |