diff options
-rw-r--r-- | src/core/crypto/relay_crypto.c | 13 | ||||
-rw-r--r-- | src/core/crypto/relay_crypto.h | 5 | ||||
-rw-r--r-- | src/core/or/crypt_path.c | 31 | ||||
-rw-r--r-- | src/core/or/crypt_path.h | 11 | ||||
-rw-r--r-- | src/core/or/crypt_path_st.h | 7 |
5 files changed, 56 insertions, 11 deletions
diff --git a/src/core/crypto/relay_crypto.c b/src/core/crypto/relay_crypto.c index 8931163161..96b1002cab 100644 --- a/src/core/crypto/relay_crypto.c +++ b/src/core/crypto/relay_crypto.c @@ -6,6 +6,7 @@ #include "core/or/or.h" #include "core/or/circuitlist.h" +#include "core/or/crypt_path.h" #include "app/config/config.h" #include "lib/crypt_ops/crypto_cipher.h" #include "lib/crypt_ops/crypto_util.h" @@ -21,7 +22,7 @@ /** Update digest from the payload of cell. Assign integrity part to * cell. */ -static void +void relay_set_digest(crypto_digest_t *digest, cell_t *cell) { char integrity[4]; @@ -85,7 +86,7 @@ relay_digest_matches(crypto_digest_t *digest, cell_t *cell) * * Note that we use the same operation for encrypting and for decrypting. */ -static void +void relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in) { crypto_cipher_crypt_inplace(cipher, (char*) in, CELL_PAYLOAD_SIZE); @@ -152,12 +153,12 @@ relay_decrypt_cell(circuit_t *circ, cell_t *cell, tor_assert(thishop); /* decrypt one layer */ - relay_crypt_one_payload(thishop->crypto.b_crypto, cell->payload); + cpath_crypt_cell(thishop, cell->payload, true); relay_header_unpack(&rh, cell->payload); if (rh.recognized == 0) { /* it's possibly recognized. have to check digest to be sure. */ - if (relay_digest_matches(thishop->crypto.b_digest, cell)) { + if (relay_digest_matches(cpath_get_incoming_digest(thishop), cell)) { *recognized = 1; *layer_hint = thishop; /* This cell is for us. Keep a record of this cell because we will @@ -210,14 +211,14 @@ relay_encrypt_cell_outbound(cell_t *cell, crypt_path_t *layer_hint) { crypt_path_t *thishop; /* counter for repeated crypts */ - relay_set_digest(layer_hint->crypto.f_digest, cell); + cpath_set_cell_forward_digest(layer_hint, cell); thishop = layer_hint; /* moving from farthest to nearest hop */ do { tor_assert(thishop); log_debug(LD_OR,"encrypting a layer of the relay cell."); - relay_crypt_one_payload(thishop->crypto.f_crypto, cell->payload); + cpath_crypt_cell(thishop, cell->payload, false); thishop = thishop->prev; } while (thishop != circ->cpath->prev); diff --git a/src/core/crypto/relay_crypto.h b/src/core/crypto/relay_crypto.h index bcc1531838..7f09219c7f 100644 --- a/src/core/crypto/relay_crypto.h +++ b/src/core/crypto/relay_crypto.h @@ -29,6 +29,11 @@ void relay_crypto_assert_ok(const relay_crypto_t *crypto); uint8_t *relay_crypto_get_sendme_digest(relay_crypto_t *crypto); void relay_crypto_record_sendme_digest(relay_crypto_t *crypto); +void +relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in); + +void +relay_set_digest(crypto_digest_t *digest, cell_t *cell); #endif /* !defined(TOR_RELAY_CRYPTO_H) */ diff --git a/src/core/or/crypt_path.c b/src/core/or/crypt_path.c index ad1255c865..9fc3e013b2 100644 --- a/src/core/or/crypt_path.c +++ b/src/core/or/crypt_path.c @@ -20,6 +20,7 @@ #include "core/or/circuitlist.h" #include "core/or/crypt_path_st.h" +#include "core/or/cell_st.h" /** Add <b>new_hop</b> to the end of the doubly-linked-list <b>head_ptr</b>. * This function is used to extend cpath by another hop. @@ -96,7 +97,7 @@ assert_cpath_layer_ok(const crypt_path_t *cp) switch (cp->state) { case CPATH_STATE_OPEN: - relay_crypto_assert_ok(&cp->crypto); + relay_crypto_assert_ok(&cp->private->crypto); /* fall through */ case CPATH_STATE_CLOSED: /*XXXX Assert that there's no handshake_state either. */ @@ -113,3 +114,31 @@ assert_cpath_layer_ok(const crypt_path_t *cp) tor_assert(cp->deliver_window >= 0); } +/********************** cpath crypto API *******************************/ + +/** Encrypt or decrypt <b>payload</b> using the crypto of <b>cpath</b>. Actual + * operation decided by <b>is_decrypt</b>. */ +void +cpath_crypt_cell(const crypt_path_t *cpath, uint8_t *payload, bool is_decrypt) +{ + if (is_decrypt) { + relay_crypt_one_payload(cpath->private->crypto.b_crypto, payload); + } else { + relay_crypt_one_payload(cpath->private->crypto.f_crypto, payload); + } +} + +/** Getter for the incoming digest of <b>cpath</b>. */ +struct crypto_digest_t * +cpath_get_incoming_digest(const crypt_path_t *cpath) +{ + return cpath->private->crypto.b_digest; +} + +/** Set the right integrity digest on the outgoing <b>cell</b> based on the + * cell payload and update the forward digest of <b>cpath</b>. */ +void +cpath_set_cell_forward_digest(crypt_path_t *cpath, cell_t *cell) +{ + relay_set_digest(cpath->private->crypto.f_digest, cell); +} diff --git a/src/core/or/crypt_path.h b/src/core/or/crypt_path.h index 7614aaff28..fe25d85cfe 100644 --- a/src/core/or/crypt_path.h +++ b/src/core/or/crypt_path.h @@ -15,3 +15,14 @@ int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice); /* rename */ void onion_append_to_cpath(crypt_path_t **head_ptr, crypt_path_t *new_hop); + +void +cpath_crypt_cell(const crypt_path_t *cpath, uint8_t *payload, bool is_decrypt); + +struct crypto_digest_t * +cpath_get_incoming_digest(const crypt_path_t *cpath); + +void +cpath_set_cell_forward_digest(crypt_path_t *cpath, cell_t *cell); + + diff --git a/src/core/or/crypt_path_st.h b/src/core/or/crypt_path_st.h index 90f6a37881..833cfefad1 100644 --- a/src/core/or/crypt_path_st.h +++ b/src/core/or/crypt_path_st.h @@ -29,6 +29,9 @@ struct onion_handshake_state_t { /* The private parts of crypt path that don't need to be exposed to all the * modules. */ struct crypt_path_private_t { + /** Cryptographic state used for encrypting and authenticating relay + * cells to and from this hop. */ + relay_crypto_t crypto; }; #endif @@ -38,10 +41,6 @@ struct crypt_path_private_t { struct crypt_path_t { uint32_t magic; - /** Cryptographic state used for encrypting and authenticating relay - * cells to and from this hop. */ - relay_crypto_t crypto; - /** Current state of the handshake as performed with the OR at this * step. */ onion_handshake_state_t handshake_state; |