diff options
-rw-r--r-- | src/or/circuitbuild.c | 11 | ||||
-rw-r--r-- | src/or/circuitlist.c | 2 | ||||
-rw-r--r-- | src/or/onion_fast.c | 26 | ||||
-rw-r--r-- | src/or/onion_fast.h | 16 | ||||
-rw-r--r-- | src/or/or.h | 3 |
5 files changed, 49 insertions, 9 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 33a13515e1..b6cf1252f6 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -645,11 +645,14 @@ circuit_send_next_onion_skin(origin_circuit_t *circ) * new OR: we can be speedy and use CREATE_FAST to save an RSA operation * and a DH operation. */ cell_type = CELL_CREATE_FAST; + memset(payload, 0, sizeof(payload)); - crypto_rand((char*) circ->cpath->fast_handshake_state, - sizeof(circ->cpath->fast_handshake_state)); - memcpy(payload, circ->cpath->fast_handshake_state, - sizeof(circ->cpath->fast_handshake_state)); + if (fast_onionskin_create(&circ->cpath->fast_handshake_state, + (uint8_t *)payload) < 0) { + log_warn(LD_CIRC,"onion_skin_create FAST (first hop) failed."); + return - END_CIRC_REASON_INTERNAL; + } + note_request("cell: create fast", 1); } diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index abb83954a4..2c17fd2bbd 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -23,6 +23,7 @@ #include "networkstatus.h" #include "nodelist.h" #include "onion.h" +#include "onion_fast.h" #include "relay.h" #include "rendclient.h" #include "rendcommon.h" @@ -744,6 +745,7 @@ circuit_free_cpath_node(crypt_path_t *victim) crypto_digest_free(victim->f_digest); crypto_digest_free(victim->b_digest); crypto_dh_free(victim->dh_handshake_state); + fast_handshake_state_free(victim->fast_handshake_state); extend_info_free(victim->extend_info); memwipe(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */ diff --git a/src/or/onion_fast.c b/src/or/onion_fast.c index 8d09de7b7c..f33b048c28 100644 --- a/src/or/onion_fast.c +++ b/src/or/onion_fast.c @@ -12,6 +12,28 @@ #include "or.h" #include "onion_fast.h" +/**DOCDOC*/ +void +fast_handshake_state_free(fast_handshake_state_t *victim) +{ + if (! victim) + return; + memwipe(victim, 0, sizeof(fast_handshake_state_t)); + tor_free(victim); +} + +/** DOCDOC */ +int +fast_onionskin_create(fast_handshake_state_t **handshake_state_out, + uint8_t *handshake_out) +{ + fast_handshake_state_t *s; + *handshake_state_out = s =tor_malloc(sizeof(fast_handshake_state_t)); + crypto_rand((char*)s->state, sizeof(s->state)); + memcpy(handshake_out, s->state, DIGEST_LEN); + return 0; +} + /** Implement the server side of the CREATE_FAST abbreviated handshake. The * client has provided DIGEST_LEN key bytes in <b>key_in</b> ("x"). We * generate a reply of DIGEST_LEN*2 bytes in <b>key_out</b>, consisting of a @@ -63,7 +85,7 @@ fast_server_handshake(const uint8_t *key_in, /* DIGEST_LEN bytes */ * and protected by TLS). */ int -fast_client_handshake(const uint8_t *handshake_state,/*DIGEST_LEN bytes*/ +fast_client_handshake(const fast_handshake_state_t *handshake_state, const uint8_t *handshake_reply_out,/*DIGEST_LEN*2 bytes*/ uint8_t *key_out, size_t key_out_len) @@ -73,7 +95,7 @@ fast_client_handshake(const uint8_t *handshake_state,/*DIGEST_LEN bytes*/ size_t out_len; int r = -1; - memcpy(tmp, handshake_state, DIGEST_LEN); + memcpy(tmp, handshake_state->state, DIGEST_LEN); memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN); out_len = key_out_len+DIGEST_LEN; out = tor_malloc(out_len); diff --git a/src/or/onion_fast.h b/src/or/onion_fast.h index 5c9d59ec60..2d652cc530 100644 --- a/src/or/onion_fast.h +++ b/src/or/onion_fast.h @@ -12,12 +12,24 @@ #ifndef TOR_ONION_FAST_H #define TOR_ONION_FAST_H -int fast_server_handshake(const uint8_t *key_in, +#define CREATE_FAST_LEN DIGEST_LEN +#define CREATED_FAST_LEN DIGEST_LEN*2 + +typedef struct fast_handshake_state_t { + uint8_t state[DIGEST_LEN]; +} fast_handshake_state_t; + +void fast_handshake_state_free(fast_handshake_state_t *victim); + +int fast_onionskin_create(fast_handshake_state_t **handshake_state_out, + uint8_t *handshake_out); + +int fast_server_handshake(const uint8_t *message_in, uint8_t *handshake_reply_out, uint8_t *key_out, size_t key_out_len); -int fast_client_handshake(const uint8_t *handshake_state, +int fast_client_handshake(const fast_handshake_state_t *handshake_state, const uint8_t *handshake_reply_out, uint8_t *key_out, size_t key_out_len); diff --git a/src/or/or.h b/src/or/or.h index 219336bf72..6fada77005 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2524,6 +2524,7 @@ typedef enum { #define CRYPT_PATH_MAGIC 0x70127012u +struct fast_handshake_state_t; /** Holds accounting information for a single step in the layered encryption * performed by a circuit. Used only at the client edge of a circuit. */ typedef struct crypt_path_t { @@ -2550,7 +2551,7 @@ typedef struct crypt_path_t { * authentication, secrecy, and integrity we need, and we're already * distinguishable from an OR. */ - uint8_t fast_handshake_state[DIGEST_LEN]; + struct fast_handshake_state_t *fast_handshake_state; /** Negotiated key material shared with the OR at this step. */ char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */ |