Use symbolic constants; make padding types match.

svn:r1491
author: Nick Mathewson <nickm@torproject.org> 2004-04-05 21:15:14 +0000
committer: Nick Mathewson <nickm@torproject.org> 2004-04-05 21:15:14 +0000
commit: 5033c366e1474c09e6df4e46448c7cd951e5e5ee (patch)
tree: 02d34c86f1548dda24c1771f9aadf9bc5f3c7cd1 /src
parent: 04e8dc90262d9ccc5ef6932cfe86feac24fde997 (diff)
download: tor-5033c366e1474c09e6df4e46448c7cd951e5e5ee.tar.gz
tor-5033c366e1474c09e6df4e46448c7cd951e5e5ee.zip
3 files changed, 29 insertions, 35 deletions
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index f7b89ca138..9632f54f3b 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -41,13 +41,11 @@ rend_client_send_establish_rendezvous(circuit_t *circ)
   return 0;
 }
 
-#define LEN_REND_INTRODUCE1 (20+20+20+16+128+42)
-
 int
 rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
   const char *descp;
-  int desc_len;
-  char payload[LEN_REND_INTRODUCE1];
+  int desc_len, payload_len, r;
+  char payload[RELAY_PAYLOAD_SIZE];
   char tmp[20+20+128];
   rend_service_descriptor_t *parsed=NULL;
   crypt_path_t *cpath;
@@ -94,18 +92,21 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
     goto err;
   }
 
-  if(crypto_pk_public_hybrid_encrypt(parsed->pk, tmp,
-                                     20+20+128, payload+20,
-                                     PK_PKCS1_OAEP_PADDING) < 0) {
+  r = crypto_pk_public_hybrid_encrypt(parsed->pk, tmp,
+                                      20+20+128, payload+20,
+                                      PK_PKCS1_OAEP_PADDING);
+  if (r<0) {
     log_fn(LOG_WARN,"hybrid pk encrypt failed.");
     goto err;
   }
 
+  payload_len = 20 + r;
+
   rend_service_descriptor_free(parsed);
 
   if (connection_edge_send_command(NULL, introcirc,
                                    RELAY_COMMAND_INTRODUCE1,
-                                   payload, LEN_REND_INTRODUCE1,
+                                   payload, payload_len,
                                    introcirc->cpath->prev)<0) {
     /* introcirc is already marked for close. leave rendcirc alone. */
     log_fn(LOG_WARN, "Couldn't send INTRODUCE1 cell");
diff --git a/src/or/rendmid.c b/src/or/rendmid.c
index 49a3ffc816..80ebbbb38e 100644
--- a/src/or/rendmid.c
+++ b/src/or/rendmid.c
@@ -11,13 +11,12 @@ int
 rend_mid_establish_intro(circuit_t *circ, const char *request, int request_len)
 {
   crypto_pk_env_t *pk = NULL;
-  char buf[20+9];
-  char expected_digest[20];
-  char pk_digest[20];
+  char buf[DIGEST_LEN+9];
+  char expected_digest[DIGEST_LEN];
+  char pk_digest[DIGEST_LEN];
   int asn1len;
   circuit_t *c;
   char hexid[9];
-  char hexdigest[20*2+1];
 
   log_fn(LOG_INFO,
          "Received an ESTABLISH_INTRO request on circuit %d", circ->p_circ_id);
@@ -26,13 +25,13 @@ rend_mid_establish_intro(circuit_t *circ, const char *request, int request_len)
     log_fn(LOG_WARN, "Rejecting ESTABLISH_INTRO on non-OR or non-edge circuit");
     goto err;
   }
-  if (request_len < 22)
+  if (request_len < 2+DIGEST_LEN)
     goto truncated;
   /* First 2 bytes: length of asn1-encoded key. */
   asn1len = get_uint16(request);
 
   /* Next asn1len bytes: asn1-encoded key. */
-  if (request_len < 22+asn1len)
+  if (request_len < 2+DIGEST_LEN+asn1len)
     goto truncated;
   pk = crypto_pk_asn1_decode(request+2, asn1len);
   if (!pk) {
@@ -40,28 +39,21 @@ rend_mid_establish_intro(circuit_t *circ, const char *request, int request_len)
     goto err;
   }
 
-  /* XXX remove after debuggin */
-  hex_encode(circ->handshake_digest, 20, hexdigest);
-  log_fn(LOG_INFO, "Handshake information is: %s", hexdigest);
-
   /* Next 20 bytes: Hash of handshake_digest | "INTRODUCE" */
-  memcpy(buf, circ->handshake_digest, 20);
-  memcpy(buf+20, "INTRODUCE", 9);
-  if (crypto_digest(buf, 29, expected_digest)<0) {
+  memcpy(buf, circ->handshake_digest, DIGEST_LEN);
+  memcpy(buf+DIGEST_LEN, "INTRODUCE", 9);
+  if (crypto_digest(buf, DIGEST_LEN+9, expected_digest)<0) {
     log_fn(LOG_WARN, "Error computing digest");
     goto err;
   }
-  hex_encode(expected_digest, 20, hexdigest);
-  log_fn(LOG_INFO, "Expected digest is: %s", hexdigest);
-  hex_encode(request+2+asn1len, 20, hexdigest);
-  log_fn(LOG_INFO, "Received digest is: %s", hexdigest);
-  if (memcmp(expected_digest, request+2+asn1len, 20)) {
+  if (memcmp(expected_digest, request+2+asn1len, DIGEST_LEN)) {
     log_fn(LOG_WARN, "Hash of session info was not as expected");
     goto err;
   }
   /* Rest of body: signature of previous data */
-  if (crypto_pk_public_checksig_digest(pk, request, 22+asn1len,
-                           request+22+asn1len, request_len-(22+asn1len))<0) {
+  if (crypto_pk_public_checksig_digest(pk, request, 2+asn1len+DIGEST_LEN,
+                                       request+2+DIGEST_LEN+asn1len,
+                                       request_len-(2+DIGEST_LEN+asn1len))<0) {
     log_fn(LOG_WARN, "Incorrect signature on ESTABLISH_INTRO cell; rejecting");
     goto err;
   }
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index b865d01e9e..dbb77a6146 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -306,7 +306,7 @@ rend_service_introduce(circuit_t *circuit, const char *request, int request_len)
 {
   char *ptr, *rp_nickname, *r_cookie;
   char buf[RELAY_PAYLOAD_SIZE];
-  char keys[20+CPATH_KEY_MATERIAL_LEN]; /* Holds KH, Df, Db, Kf, Kb */
+  char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN]; /* Holds KH, Df, Db, Kf, Kb */
   rend_service_t *service;
   int len, keylen;
   crypto_dh_env_t *dh = NULL;
@@ -334,14 +334,14 @@ rend_service_introduce(circuit_t *circuit, const char *request, int request_len)
     return -1;
   }
 
-  /* first 20 bytes of request is service pk digest */
+  /* first DIGEST_LEN bytes of request is service pk digest */
   service = rend_service_get_by_pk_digest(request);
   if (!service) {
     log_fn(LOG_WARN, "Got an INTRODUCE2 cell for an unrecognized service %s",
            hexid);
     return -1;
   }
-  if (memcmp(circuit->rend_pk_digest, request, 20)) {
+  if (memcmp(circuit->rend_pk_digest, request, DIGEST_LEN)) {
     hex_encode(request, 4, hexid);
     log_fn(LOG_WARN, "Got an INTRODUCE2 cell for the wrong service (%s)",
            hexid);
@@ -349,13 +349,14 @@ rend_service_introduce(circuit_t *circuit, const char *request, int request_len)
   }
 
   keylen = crypto_pk_keysize(service->private_key);
-  if (request_len < keylen+20) {
+  if (request_len < keylen+DIGEST_LEN) {
     log_fn(LOG_WARN, "PK-encrypted portion of INTRODUCE2 cell was truncated");
     return -1;
   }
   /* Next N bytes is encrypted with service key */
   len = crypto_pk_private_hybrid_decrypt(
-       service->private_key,request,request_len-20,buf, PK_PKCS1_PADDING);
+       service->private_key,request,request_len-DIGEST_LEN,buf,
+       PK_PKCS1_OAEP_PADDING);
   if (len<0) {
     log_fn(LOG_WARN, "Couldn't decrypt INTRODUCE2 cell");
     return -1;
@@ -386,8 +387,8 @@ rend_service_introduce(circuit_t *circuit, const char *request, int request_len)
     log_fn(LOG_WARN, "Couldn't build DH state or generate public key");
     goto err;
   }
-  if (crypto_dh_compute_secret(dh, ptr+20, DH_KEY_LEN, keys,
-                               20+CPATH_KEY_MATERIAL_LEN)<0) {
+  if (crypto_dh_compute_secret(dh, ptr+REND_COOKIE_LEN, DH_KEY_LEN, keys,
+                               DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
     log_fn(LOG_WARN, "Couldn't complete DH handshake");
     goto err;
   }
author	Nick Mathewson <nickm@torproject.org>	2004-04-05 21:15:14 +0000
committer	Nick Mathewson <nickm@torproject.org>	2004-04-05 21:15:14 +0000
commit	5033c366e1474c09e6df4e46448c7cd951e5e5ee (patch)
tree	02d34c86f1548dda24c1771f9aadf9bc5f3c7cd1 /src
parent	04e8dc90262d9ccc5ef6932cfe86feac24fde997 (diff)
download	tor-5033c366e1474c09e6df4e46448c7cd951e5e5ee.tar.gz tor-5033c366e1474c09e6df4e46448c7cd951e5e5ee.zip