April 2011 - tor-commits - lists.torproject.org

[obfsproxy/master] Added dummy plugin. A plugin that just leaves data pass by.
by nickm＠torproject.org 27 Apr '11

27 Apr '11

commit f3f7d7d00e92835fc0db3e7731147898c46480e2 Author: George Kadianakis <desnacked(a)gmail.com> Date: Wed Mar 23 19:31:09 2011 +0100 Added dummy plugin. A plugin that just leaves data pass by. --- Makefile.am | 6 +++- src/main.c | 24 +++++++++++----- src/network.c | 15 +++++----- src/plugins/dummy.c | 61 ++++++++++++++++++++++++++++++++++++++++++ src/plugins/dummy.h | 21 ++++++++++++++ src/plugins/obfs2.c | 4 +-- src/protocol.c | 18 +++++++----- src/protocol.h | 4 ++- src/socks.c | 9 ++++-- src/test/unittest_protocol.c | 24 ++++++++-------- 10 files changed, 143 insertions(+), 43 deletions(-) diff --git a/Makefile.am b/Makefile.am index 67cd34d..32d5c05 100644 --- a/Makefile.am +++ b/Makefile.am @@ -13,7 +13,8 @@ libobfsproxy_a_SOURCES = \ src/socks.c \ src/util.c \ src/plugins/obfs2.c \ - src/plugins/obfs2_crypt.c + src/plugins/obfs2_crypt.c \ + src/plugins/dummy.c obfsproxy_SOURCES = \ src/main.c @@ -35,7 +36,8 @@ noinst_HEADERS = \ src/test/tinytest.h \ src/test/tinytest_macros.h \ src/plugins/obfs2.h \ - src/plugins/obfs2_crypt.h + src/plugins/obfs2_crypt.h \ + src/plugins/dummy.h EXTRA_DIST = doc/protocol-spec.txt src/sha256.c diff --git a/src/main.c b/src/main.c index 93d5820..4f29005 100644 --- a/src/main.c +++ b/src/main.c @@ -25,7 +25,7 @@ static void usage(void) { fprintf(stderr, - "Usage: obfsproxy {client/server/socks} listenaddr[:port] targetaddr:port\n" + "Usage: obfsproxy {client/server/socks} {obfs2/dummy} listenaddr[:port] targetaddr:port\n" " (Default listen port is 48988 for client; 23548 for socks; 11253 for server)\n" ); exit(1); @@ -43,6 +43,7 @@ handle_signal_cb(evutil_socket_t fd, short what, void *arg) int main(int argc, const char **argv) { + int protocol; int is_client, is_socks = 0, mode; struct sockaddr_storage ss_listen, ss_target; struct sockaddr *sa_target=NULL; @@ -54,7 +55,7 @@ main(int argc, const char **argv) listener_t *listener; /* XXXXX the interface is crap. Fix that. XXXXX */ - if (argc < 3) + if (argc < 4) usage(); if (!strcmp(argv[1], "client")) { is_client = 1; @@ -73,21 +74,28 @@ main(int argc, const char **argv) usage(); } + if (!strcmp(argv[2], "obfs2")) + protocol = OBFS2_PROTOCOL; + else if (!strcmp(argv[2], "dummy")) + protocol = DUMMY_PROTOCOL; + else + usage(); + /* figure out what port(s) to listen on as client/server */ - if (resolve_address_port(argv[2], 1, 1, &ss_listen, &sl_listen, defport) < 0) + if (resolve_address_port(argv[3], 1, 1, &ss_listen, &sl_listen, defport) < 0) usage(); if (is_socks) { - if (argc != 3) + if (argc != 4) usage(); } else { - if (argc != 4) + if (argc != 5) usage(); /* figure out what place to connect to as a client/server. */ /* XXXX when we add socks support, clients will not have a fixed "target" * XXXX address but will instead connect to a client-selected address. */ - if (resolve_address_port(argv[3], 1, 0, &ss_target, &sl_target, NULL) < 0) + if (resolve_address_port(argv[4], 1, 0, &ss_target, &sl_target, NULL) < 0) usage(); sa_target = (struct sockaddr *)&ss_target; } @@ -109,9 +117,9 @@ main(int argc, const char **argv) sigevent = evsignal_new(base, SIGINT, handle_signal_cb, (void*) base); /* start an evconnlistener on the appropriate port(s) */ - /* ASN We hardcode BRL_PROTOCOL for now. */ + /* ASN We hardcode OBFS2_PROTOCOL for now. */ listener = listener_new(base, - mode, BRL_PROTOCOL, + mode, protocol, (struct sockaddr *)&ss_listen, sl_listen, sa_target, sl_target, NULL, 0); diff --git a/src/network.c b/src/network.c index 833b939..3e23cdc 100644 --- a/src/network.c +++ b/src/network.c @@ -45,7 +45,7 @@ static void plaintext_read_cb(struct bufferevent *bev, void *arg); static void socks_read_cb(struct bufferevent *bev, void *arg); /* ASN Changed encrypted_read_cb() to obfuscated_read_cb(), it sounds a bit more obfsproxy generic. I still don't like it though. */ -static void obfsucated_read_cb(struct bufferevent *bev, void *arg); +static void obfuscated_read_cb(struct bufferevent *bev, void *arg); static void input_event_cb(struct bufferevent *bev, short what, void *arg); static void output_event_cb(struct bufferevent *bev, short what, void *arg); @@ -129,6 +129,7 @@ simple_listener_cb(struct evconnlistener *evcl, int is_initiator = (conn->mode != LSN_SIMPLE_SERVER) ? 1 : 0; conn->proto->state = proto_init(conn->proto, &is_initiator); + /* ASN Which means that all plugins need a state... */ if (!conn->proto->state) goto err; @@ -150,7 +151,7 @@ simple_listener_cb(struct evconnlistener *evcl, if (conn->mode == LSN_SIMPLE_SERVER) { bufferevent_setcb(conn->input, - obfsucated_read_cb, NULL, input_event_cb, conn); + obfuscated_read_cb, NULL, input_event_cb, conn); } else if (conn->mode == LSN_SIMPLE_CLIENT) { bufferevent_setcb(conn->input, plaintext_read_cb, NULL, input_event_cb, conn); @@ -174,7 +175,7 @@ simple_listener_cb(struct evconnlistener *evcl, plaintext_read_cb, NULL, output_event_cb, conn); else bufferevent_setcb(conn->output, - obfsucated_read_cb, NULL, output_event_cb, conn); + obfuscated_read_cb, NULL, output_event_cb, conn); /* Queue output right now. */ struct bufferevent *encrypted = @@ -206,8 +207,8 @@ simple_listener_cb(struct evconnlistener *evcl, static void conn_free(conn_t *conn) { - if (conn->proto->state) - proto_destroy(conn->proto->state); + if (conn->proto) + proto_destroy(conn->proto); if (conn->socks_state) socks_state_free(conn->socks_state); if (conn->input) @@ -289,7 +290,7 @@ plaintext_read_cb(struct bufferevent *bev, void *arg) } static void -obfsucated_read_cb(struct bufferevent *bev, void *arg) +obfuscated_read_cb(struct bufferevent *bev, void *arg) { conn_t *conn = arg; struct bufferevent *other; @@ -375,7 +376,7 @@ output_event_cb(struct bufferevent *bev, short what, void *arg) bufferevent_setcb(conn->input, plaintext_read_cb, NULL, input_event_cb, conn); if (evbuffer_get_length(bufferevent_get_input(conn->input)) != 0) - obfsucated_read_cb(bev, conn->input); + obfuscated_read_cb(bev, conn->input); } } /* XXX we don't expect any other events */ diff --git a/src/plugins/dummy.c b/src/plugins/dummy.c new file mode 100644 index 0000000..957c30b --- /dev/null +++ b/src/plugins/dummy.c @@ -0,0 +1,61 @@ +/* Copyright 2011 Princess Peach Toadstool + + You may do anything with this work that copyright law would normally + restrict, so long as you retain the above notice(s) and this license + in all redistributed copies and derived works. There is no warranty. +*/ + +#include <assert.h> +#include <string.h> +#include <stdlib.h> +#include <stdio.h> + +#include <unistd.h> + +#include <openssl/rand.h> +#include <event2/buffer.h> + +#include "dummy.h" +#include "../util.h" +#include "../protocol.h" + +int +dummy_new(struct protocol_t *proto_struct) { + proto_struct->destroy = (void *)NULL; + proto_struct->init = (void *)dummy_init; + proto_struct->handshake = (void *)NULL; + proto_struct->send = (void *)dummy_send; + proto_struct->recv = (void *)dummy_recv; + + return 0; +} + +int * +dummy_init(int *initiator) { + /* Dodging state check. */ + return initiator; +} + +int +dummy_send(void *nothing, + struct evbuffer *source, struct evbuffer *dest) { + (void)nothing; + + /* ASN evbuffer_add_buffer() doesn't work for some reason. */ + while (1) { + int n = evbuffer_remove_buffer(source, dest, 1024); + if (n <= 0) + return 0; + } +} + +int +dummy_recv(void *nothing, + struct evbuffer *source, struct evbuffer *dest) { + (void)nothing; + while (1) { + int n = evbuffer_remove_buffer(source, dest, 1024); + if (n <= 0) + return 0; + } +} diff --git a/src/plugins/dummy.h b/src/plugins/dummy.h new file mode 100644 index 0000000..cf9342a --- /dev/null +++ b/src/plugins/dummy.h @@ -0,0 +1,21 @@ +/* Copyright 2011 Princess Peach Toadstool + + You may do anything with this work that copyright law would normally + restrict, so long as you retain the above notice(s) and this license + in all redistributed copies and derived works. There is no warranty. +*/ + +#ifndef DUMMY_H +#define DUMMY_H + +struct protocol_t; +struct evbuffer; + +int *dummy_init(int *initiator); +int dummy_send(void *nothing, + struct evbuffer *source, struct evbuffer *dest); +int dummy_recv(void *nothing, struct evbuffer *source, + struct evbuffer *dest); +int dummy_new(struct protocol_t *proto_struct); + +#endif diff --git a/src/plugins/obfs2.c b/src/plugins/obfs2.c index 01c74f3..ef8be8e 100644 --- a/src/plugins/obfs2.c +++ b/src/plugins/obfs2.c @@ -37,7 +37,7 @@ obfs2_new(struct protocol_t *proto_struct) { return -1; } - return 0; + return 1; } /** Return true iff the OBFUSCATE_SEED_LENGTH-byte seed in 'seed' is nonzero */ @@ -167,8 +167,6 @@ obfs2_send_initial_message(obfs2_state_t *state, struct evbuffer *buf) plength %= OBFUSCATE_MAX_PADDING; send_plength = htonl(plength); - printf("death and dest\n"); - if (state->we_are_initiator) seed = state->initiator_seed; else diff --git a/src/protocol.c b/src/protocol.c index 6df93ca..339feae 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -6,6 +6,7 @@ #include "network.h" #include "plugins/obfs2.h" +#include "plugins/dummy.h" /** This function returns a protocol_t structure based on the mode @@ -15,13 +16,15 @@ struct protocol_t * set_up_protocol(int protocol) { struct protocol_t *proto = calloc(1, sizeof(struct protocol_t)); - if (protocol == BRL_PROTOCOL) { + if (protocol == OBFS2_PROTOCOL) proto->new = &obfs2_new; - if (proto->new(proto)) - printf("Protocol constructed\n"); - } + else if (protocol == DUMMY_PROTOCOL) + proto->new = &dummy_new; /* elif { other protocols } */ + if (proto->new(proto)>0) + printf("Protocol constructed\n"); + return proto; } @@ -39,8 +42,8 @@ proto_handshake(struct protocol_t *proto, void *buf) { assert(proto); if (proto->handshake) return proto->handshake(proto->state, buf); - else - return -1; + else /* It's okay with me, protocol didn't have a handshake */ + return 0; } int @@ -48,7 +51,7 @@ proto_send(struct protocol_t *proto, void *source, void *dest) { assert(proto); if (proto->send) return proto->send(proto->state, source, dest); - else + else return -1; } @@ -63,6 +66,7 @@ proto_recv(struct protocol_t *proto, void *source, void *dest) { void proto_destroy(struct protocol_t *proto) { assert(proto); + assert(proto->state); if (proto->destroy) proto->destroy(proto->state); diff --git a/src/protocol.h b/src/protocol.h index 9e58ea8..781bde0 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -2,7 +2,9 @@ #define PROTOCOL_H /* ASN I'm gonna be calling crypt_protocol.c BRL_RPOTOCOL for now. Yes. */ -#define BRL_PROTOCOL 1 +#define DUMMY_PROTOCOL 0 +#define OBFS2_PROTOCOL 1 + struct protocol_t *set_up_protocol(int protocol); void *proto_init(struct protocol_t *proto, void *arg); diff --git a/src/socks.c b/src/socks.c index 8f432e1..a3fb729 100644 --- a/src/socks.c +++ b/src/socks.c @@ -17,7 +17,7 @@ /** - General idea: + General SOCKS5 idea: Client ------------------------> Server Method Negotiation Packet @@ -32,8 +32,9 @@ Server reply "Method Negotiation Packet" is handled by: socks5_handle_negotiation() - "Method Negotiation Reply" is done by: socks5_reply_negotiation() - "Client request" is handled by: socks5_validate_request() + "Method Negotiation Reply" is done by: socks5_do_negotiation() + "Client request" is handled by: socks5_handle_request() + "Server reply" is done by: socks5_send_reply */ static int socks5_do_negotiation(struct evbuffer *dest, @@ -191,6 +192,8 @@ socks5_send_reply(struct evbuffer *reply_dest, socks_state_t *state, /* We either failed or succeded. Either way, we should send something back to the client */ p[0] = SOCKS5_VERSION; /* Version field */ + if (status == SOCKS5_REP_FAIL) + printf("Sending negative shit\n"); p[1] = (unsigned char) status; /* Reply field */ p[2] = 0; /* Reserved */ if (state->parsereq.af == AF_UNSPEC) { diff --git a/src/test/unittest_protocol.c b/src/test/unittest_protocol.c index ceb666d..1864a3a 100644 --- a/src/test/unittest_protocol.c +++ b/src/test/unittest_protocol.c @@ -26,8 +26,8 @@ static void test_proto_setup(void *data) { - struct protocol_t *client_proto = set_up_protocol(BRL_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(BRL_PROTOCOL); + struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); + struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); int initiator = 1; int no_initiator = 0; @@ -55,8 +55,8 @@ test_proto_handshake(void *data) output_buffer = evbuffer_new(); dummy_buffer = evbuffer_new(); - struct protocol_t *client_proto = set_up_protocol(BRL_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(BRL_PROTOCOL); + struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); + struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); int initiator = 1; int no_initiator = 0; @@ -114,8 +114,8 @@ test_proto_transfer(void *data) output_buffer = evbuffer_new(); dummy_buffer = evbuffer_new(); - struct protocol_t *client_proto = set_up_protocol(BRL_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(BRL_PROTOCOL); + struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); + struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); int initiator = 1; int no_initiator = 0; @@ -197,8 +197,8 @@ test_proto_splitted_handshake(void *data) output_buffer = evbuffer_new(); dummy_buffer = evbuffer_new(); - struct protocol_t *client_proto = set_up_protocol(BRL_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(BRL_PROTOCOL); + struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); + struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); int initiator = 1; int no_initiator = 0; @@ -337,8 +337,8 @@ test_proto_wrong_handshake_magic(void *data) output_buffer = evbuffer_new(); dummy_buffer = evbuffer_new(); - struct protocol_t *client_proto = set_up_protocol(BRL_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(BRL_PROTOCOL); + struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); + struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); int initiator = 1; int no_initiator = 0; @@ -402,8 +402,8 @@ test_proto_wrong_handshake_plength(void *data) output_buffer = evbuffer_new(); dummy_buffer = evbuffer_new(); - struct protocol_t *client_proto = set_up_protocol(BRL_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(BRL_PROTOCOL); + struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); + struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); int initiator = 1; int no_initiator = 0; client_proto->state = proto_init(client_proto, &initiator);

1 0

[obfsproxy/master] Adding BUG. It contains a bug I found, which I shouldn't forget to seek and destroy.
by nickm＠torproject.org 27 Apr '11

27 Apr '11

commit b24115a947c7e64efff9b242dee415ebb882db4d Author: George Kadianakis <desnacked(a)gmail.com> Date: Fri Mar 25 02:23:35 2011 +0100 Adding BUG. It contains a bug I found, which I shouldn't forget to seek and destroy. --- BUG | 21 +++++++++++++++++++++ 1 files changed, 21 insertions(+), 0 deletions(-) diff --git a/BUG b/BUG new file mode 100644 index 0000000..248b855 --- /dev/null +++ b/BUG @@ -0,0 +1,21 @@ +- +Program received signal SIGSEGV, Segmentation fault. +crypt_free (key=0xa0a0a0a0a0a0a0a) at src/plugins/obfs2_crypt.c:194 +194 memset(key, 0, sizeof(key)); +(gdb) backtrace +#0 crypt_free (key=0xa0a0a0a0a0a0a0a) at src/plugins/obfs2_crypt.c:194 +#1 0x0000000000403852 in obfs2_state_free (s=0x618230) at src/plugins/obfs2.c:357 +#2 0x0000000000401df2 in conn_free (conn=0x615bc0) at src/network.c:210 +#3 0x00007ffff7bb4ad8 in bufferevent_readcb (fd=<value optimized out>, event=<value optimized out>, arg=0x615f30) at bufferevent_sock.c:191 +#4 0x00007ffff7baa88c in event_process_active_single_queue (base=0x606220, flags=<value optimized out>) at event.c:1287 +#5 event_process_active (base=0x606220, flags=<value optimized out>) at event.c:1354 +#6 event_base_loop (base=0x606220, flags=<value optimized out>) at event.c:1551 +#7 0x0000000000401cc9 in main (argc=<value optimized out>, argv=<value optimized out>) at src/main.c:124 +(gdb) up +#1 0x0000000000403852 in obfs2_state_free (s=0x618230) at src/plugins/obfs2.c:357 +357 crypt_free(s->send_crypto); +(gdb) p s +$1 = (obfs2_state_t *) 0x618230 +(gdb) p s->send_crypto +$2 = (crypt_t *) 0xa0a0a0a0a0a0a0a +-

1 0

[obfsproxy/master] * Revived obfs2 unit tests.
by nickm＠torproject.org 27 Apr '11

27 Apr '11

commit aa399c851ad5e4741edde13d05d2f92c59d20335 Author: George Kadianakis <desnacked(a)gmail.com> Date: Mon Apr 11 02:34:15 2011 +0200 * Revived obfs2 unit tests. * Renamed unittest_protocol.c to unittest_obfs2.c * Renamed src/plugins/ to src/protocols/ --- Makefile.am | 14 +- src/plugins/dummy.c | 63 ------ src/plugins/dummy.h | 10 - src/plugins/obfs2.c | 405 ----------------------------------- src/plugins/obfs2.h | 81 ------- src/plugins/obfs2_crypt.c | 206 ------------------ src/plugins/obfs2_crypt.h | 62 ------ src/protocols/dummy.c | 63 ++++++ src/protocols/dummy.h | 10 + src/protocols/obfs2.c | 405 +++++++++++++++++++++++++++++++++++ src/protocols/obfs2.h | 81 +++++++ src/protocols/obfs2_crypt.c | 206 ++++++++++++++++++ src/protocols/obfs2_crypt.h | 62 ++++++ src/test/unittest_obfs2.c | 476 ++++++++++++++++++++++++++++++++++++++++++ src/test/unittest_protocol.c | 469 ----------------------------------------- 15 files changed, 1310 insertions(+), 1303 deletions(-) diff --git a/Makefile.am b/Makefile.am index 32d5c05..bd3a2b2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -12,9 +12,9 @@ libobfsproxy_a_SOURCES = \ src/protocol.c \ src/socks.c \ src/util.c \ - src/plugins/obfs2.c \ - src/plugins/obfs2_crypt.c \ - src/plugins/dummy.c + src/protocols/obfs2.c \ + src/protocols/obfs2_crypt.c \ + src/protocols/dummy.c obfsproxy_SOURCES = \ src/main.c @@ -23,7 +23,7 @@ obfsproxy_LDADD = @libevent_LIBS@ @openssl_LIBS@ libobfsproxy.a unittests_SOURCES = \ src/test/tinytest.c \ src/test/unittest.c \ - src/test/unittest_protocol.c \ + src/test/unittest_obfs2.c \ src/test/unittest_crypt.c \ src/test/unittest_socks.c unittests_LDADD = @libevent_LIBS@ @openssl_LIBS@ libobfsproxy.a @@ -35,9 +35,9 @@ noinst_HEADERS = \ src/util.h \ src/test/tinytest.h \ src/test/tinytest_macros.h \ - src/plugins/obfs2.h \ - src/plugins/obfs2_crypt.h \ - src/plugins/dummy.h + src/protocols/obfs2.h \ + src/protocols/obfs2_crypt.h \ + src/protocols/dummy.h EXTRA_DIST = doc/protocol-spec.txt src/sha256.c diff --git a/src/plugins/dummy.c b/src/plugins/dummy.c deleted file mode 100644 index 8fe722e..0000000 --- a/src/plugins/dummy.c +++ /dev/null @@ -1,63 +0,0 @@ -#include <assert.h> -#include <string.h> -#include <stdlib.h> -#include <stdio.h> - -#include <unistd.h> - -#include <openssl/rand.h> -#include <event2/buffer.h> - -#include "dummy.h" -#include "../util.h" -#include "../protocol.h" - - -static int dummy_send(void *nothing, - struct evbuffer *source, struct evbuffer *dest); -static int dummy_recv(void *nothing, struct evbuffer *source, - struct evbuffer *dest); - -static protocol_vtable *vtable=NULL; - -int -dummy_init(void) { - vtable = calloc(1, sizeof(protocol_vtable)); - if (!vtable) - return -1; - - vtable->destroy = NULL; - vtable->create = dummy_new; - vtable->handshake = NULL; - vtable->send = dummy_send; - vtable->recv = dummy_recv; - - return 1; -} - -void * -dummy_new(struct protocol_t *proto_struct, int whatever) { - (void)whatever; - - proto_struct->vtable = vtable; - - /* Dodging state check. - This is terrible I know.*/ - return (void *)666U; -} - -static int -dummy_send(void *nothing, - struct evbuffer *source, struct evbuffer *dest) { - (void)nothing; - - return evbuffer_add_buffer(dest,source); -} - -static int -dummy_recv(void *nothing, - struct evbuffer *source, struct evbuffer *dest) { - (void)nothing; - - return evbuffer_add_buffer(dest,source); -} diff --git a/src/plugins/dummy.h b/src/plugins/dummy.h deleted file mode 100644 index 241366d..0000000 --- a/src/plugins/dummy.h +++ /dev/null @@ -1,10 +0,0 @@ -#ifndef DUMMY_H -#define DUMMY_H - -struct protocol_t; -struct evbuffer; - -int dummy_init(void); -void *dummy_new(struct protocol_t *proto_struct, int whatever); - -#endif diff --git a/src/plugins/obfs2.c b/src/plugins/obfs2.c deleted file mode 100644 index cac7bb2..0000000 --- a/src/plugins/obfs2.c +++ /dev/null @@ -1,405 +0,0 @@ -/* Copyright 2011 Nick Mathewson - - You may do anything with this work that copyright law would normally - restrict, so long as you retain the above notice(s) and this license - in all redistributed copies and derived works. There is no warranty. -*/ - -#include <assert.h> -#include <string.h> -#include <stdlib.h> -#include <stdio.h> - -#include <openssl/rand.h> -#include <event2/buffer.h> - -#define CRYPT_PROTOCOL_PRIVATE - -#include "obfs2_crypt.h" -#include "obfs2.h" -#include "../util.h" -#include "../protocol.h" - -static void obfs2_state_free(void *state); -static int obfs2_send_initial_message(void *state, struct evbuffer *buf); -static int obfs2_send(void *state, - struct evbuffer *source, struct evbuffer *dest); -static int obfs2_recv(void *state, struct evbuffer *source, - struct evbuffer *dest); -static void *obfs2_state_new(int initiator); - -static protocol_vtable *vtable=NULL; - -/* Sets the function table for the obfs2 protocol and - calls initialize_crypto(). - Returns 0 on success, -1 on fail. -*/ -int -obfs2_init(void) { - vtable = calloc(1, sizeof(protocol_vtable)); - if (!vtable) - return -1; - - vtable->destroy = obfs2_state_free; - vtable->create = obfs2_new; - vtable->handshake = obfs2_send_initial_message; - vtable->send = obfs2_send; - vtable->recv = obfs2_recv; - - if (initialize_crypto() < 0) { - fprintf(stderr, "Can't initialize crypto; failing\n"); - return -1; - } - - return 1; -} - -/** Return true iff the OBFUSCATE_SEED_LENGTH-byte seed in 'seed' is nonzero */ -static int -seed_nonzero(const uchar *seed) -{ - return memcmp(seed, OBFUSCATE_ZERO_SEED, OBFUSCATE_SEED_LENGTH) != 0; -} - -/** - Derive and return key of type 'keytype' from the seeds currently set in - 'state'. Returns NULL on failure. - */ -static crypt_t * -derive_key(void *s, const char *keytype) -{ - obfs2_state_t *state = s; - - crypt_t *cryptstate; - uchar buf[32]; - digest_t *c = digest_new(); - digest_update(c, (uchar*)keytype, strlen(keytype)); - if (seed_nonzero(state->initiator_seed)) - digest_update(c, state->initiator_seed, OBFUSCATE_SEED_LENGTH); - if (seed_nonzero(state->responder_seed)) - digest_update(c, state->responder_seed, OBFUSCATE_SEED_LENGTH); - if (seed_nonzero(state->secret_seed)) - digest_update(c, state->secret_seed, SHARED_SECRET_LENGTH); - digest_update(c, (uchar*)keytype, strlen(keytype)); - digest_getdigest(c, buf, sizeof(buf)); - cryptstate = crypt_new(buf, 16); - crypt_set_iv(cryptstate, buf+16, 16); - memset(buf, 0, sizeof(buf)); - digest_free(c); - return cryptstate; -} - -static crypt_t * -derive_padding_key(void *s, const uchar *seed, - const char *keytype) -{ - obfs2_state_t *state = s; - - crypt_t *cryptstate; - uchar buf[32]; - digest_t *c = digest_new(); - digest_update(c, (uchar*)keytype, strlen(keytype)); - if (seed_nonzero(seed)) - digest_update(c, seed, OBFUSCATE_SEED_LENGTH); - if (seed_nonzero(state->secret_seed)) - digest_update(c, state->secret_seed, OBFUSCATE_SEED_LENGTH); - digest_update(c, (uchar*)keytype, strlen(keytype)); - digest_getdigest(c, buf, sizeof(buf)); - cryptstate = crypt_new(buf, 16); - crypt_set_iv(cryptstate, buf+16, 16); - memset(buf, 0, 16); - digest_free(c); - return cryptstate; -} - -void * -obfs2_new(struct protocol_t *proto_struct, int initiator) { - assert(vtable); - proto_struct->vtable = vtable; - - return obfs2_state_new(initiator); -} - -/** - Return a new object to handle protocol state. If 'initiator' is true, - we're the handshake initiator. Otherwise, we're the responder. Return - NULL on failure. - */ -static void * -obfs2_state_new(int initiator) -{ - obfs2_state_t *state = calloc(1, sizeof(obfs2_state_t)); - uchar *seed; - const char *send_pad_type; - - if (!state) - return NULL; - state->state = ST_WAIT_FOR_KEY; - state->we_are_initiator = initiator; - if (initiator) { - send_pad_type = INITIATOR_PAD_TYPE; - seed = state->initiator_seed; - } else { - send_pad_type = RESPONDER_PAD_TYPE; - seed = state->responder_seed; - } - - /* Generate our seed */ - if (random_bytes(seed, OBFUSCATE_SEED_LENGTH) < 0) { - free(state); - return NULL; - } - - /* Derive the key for what we're sending */ - state->send_padding_crypto = derive_padding_key(state, seed, send_pad_type); - if (state->send_padding_crypto == NULL) { - free(state); - return NULL; - } - - return state; -} - -/** Set the shared secret to be used with this protocol state. */ -void -obfs2_state_set_shared_secret(void *s, - const char *secret, size_t secretlen) -{ - obfs2_state_t *state = s; - - if (secretlen > SHARED_SECRET_LENGTH) - secretlen = SHARED_SECRET_LENGTH; - memcpy(state->secret_seed, secret, secretlen); -} - -/** - Write the initial protocol setup and padding message for 'state' to - the evbuffer 'buf'. Return 0 on success, -1 on failure. - */ -static int -obfs2_send_initial_message(void *s, struct evbuffer *buf) -{ - obfs2_state_t *state = s; - - uint32_t magic = htonl(OBFUSCATE_MAGIC_VALUE), plength, send_plength; - uchar msg[OBFUSCATE_MAX_PADDING + OBFUSCATE_SEED_LENGTH + 8]; - const uchar *seed; - - /* We're going to send: - SEED | E_PAD_KEY( UINT32(MAGIC_VALUE) | UINT32(PADLEN) | WR(PADLEN) ) - */ - - assert(sizeof(magic) == 4); - - /* generate padlen */ - if (random_bytes((uchar*)&plength, 4) < 0) - return -1; - plength %= OBFUSCATE_MAX_PADDING; - send_plength = htonl(plength); - - if (state->we_are_initiator) - seed = state->initiator_seed; - else - seed = state->responder_seed; - - /* Marshal the message, but with no parts encrypted */ - memcpy(msg, seed, OBFUSCATE_SEED_LENGTH); - memcpy(msg+OBFUSCATE_SEED_LENGTH, &magic, 4); - memcpy(msg+OBFUSCATE_SEED_LENGTH+4, &send_plength, 4); - if (random_bytes(msg+OBFUSCATE_SEED_LENGTH+8, plength) < 0) - return -1; - - /* Encrypt it */ - stream_crypt(state->send_padding_crypto, - msg+OBFUSCATE_SEED_LENGTH, 8+plength); - - /* Put it on the buffer */ - evbuffer_add(buf, msg, OBFUSCATE_SEED_LENGTH+8+plength); - return 0; -} - -/** - Helper: encrypt every byte from 'source' using the key in 'crypto', - and write those bytes onto 'dest'. Return 0 on success, -1 on failure. - */ -static int -crypt_and_transmit(crypt_t *crypto, - struct evbuffer *source, struct evbuffer *dest) -{ - uchar data[1024]; - while (1) { - int n = evbuffer_remove(source, data, 1024); - if (n <= 0) - return 0; - stream_crypt(crypto, data, n); - // printf("Message is: %s", data); - evbuffer_add(dest, data, n); - dbg(("Processed %d bytes.", n)); - } -} - -/** - Called when data arrives from the user side and we want to send the - obfuscated version. Copies and obfuscates data from 'source' into 'dest' - using the state in 'state'. Returns 0 on success, -1 on failure. - */ -static int -obfs2_send(void *s, - struct evbuffer *source, struct evbuffer *dest) -{ - obfs2_state_t *state = s; - - if (state->send_crypto) { - /* Our crypto is set up; just relay the bytes */ - return crypt_and_transmit(state->send_crypto, source, dest); - } else { - /* Our crypto isn't set up yet, we'll have to queue the data */ - if (evbuffer_get_length(source)) { - if (! state->pending_data_to_send) { - state->pending_data_to_send = evbuffer_new(); - } - evbuffer_add_buffer(state->pending_data_to_send, source); - } - return 0; - } -} - -/** - Helper: called after reciving our partner's setup message. Initializes all - keys. Returns 0 on success, -1 on failure. - */ -static int -init_crypto(void *s) -{ - obfs2_state_t *state = s; - - const char *send_keytype; - const char *recv_keytype; - const char *recv_pad_keytype; - const uchar *recv_seed; - - if (state->we_are_initiator) { - send_keytype = INITIATOR_SEND_TYPE; - recv_keytype = RESPONDER_SEND_TYPE; - recv_pad_keytype = RESPONDER_PAD_TYPE; - recv_seed = state->responder_seed; - } else { - send_keytype = RESPONDER_SEND_TYPE; - recv_keytype = INITIATOR_SEND_TYPE; - recv_pad_keytype = INITIATOR_PAD_TYPE; - recv_seed = state->initiator_seed; - } - - /* Derive all of the keys that depend on our partner's seed */ - state->send_crypto = derive_key(state, send_keytype); - state->recv_crypto = derive_key(state, recv_keytype); - state->recv_padding_crypto = - derive_padding_key(state, recv_seed, recv_pad_keytype); - - if (state->send_crypto && state->recv_crypto && state->recv_padding_crypto) - return 0; - else - return -1; -} - -/* Called when we receive data in an evbuffer 'source': deobfuscates that data - * and writes it to 'dest'. - * - * Returns x for "don't call again till you have x bytes". 0 for "all ok". -1 - * for "fail, close" */ -static int -obfs2_recv(void *s, struct evbuffer *source, - struct evbuffer *dest) -{ - obfs2_state_t *state = s; - - if (state->state == ST_WAIT_FOR_KEY) { - /* We're waiting for the first OBFUSCATE_SEED_LENGTH+8 bytes to show up - * so we can learn the partner's seed and padding length */ - uchar buf[OBFUSCATE_SEED_LENGTH+8], *other_seed; - uint32_t magic, plength; - if (evbuffer_get_length(source) < OBFUSCATE_SEED_LENGTH+8) { - /* data not here yet */ - return OBFUSCATE_SEED_LENGTH+8; - } - evbuffer_remove(source, buf, OBFUSCATE_SEED_LENGTH+8); - - if (state->we_are_initiator) - other_seed = state->responder_seed; - else - other_seed = state->initiator_seed; - - memcpy(other_seed, buf, OBFUSCATE_SEED_LENGTH); - - /* Now we can set up all the keys from the seed */ - if (init_crypto(state) < 0) - return -1; - - /* Decrypt the next 8 bytes */ - stream_crypt(state->recv_padding_crypto, buf+OBFUSCATE_SEED_LENGTH, 8); - /* Check the magic number and extract the padding length */ - memcpy(&magic, buf+OBFUSCATE_SEED_LENGTH, 4); - memcpy(&plength, buf+OBFUSCATE_SEED_LENGTH+4, 4); - magic = ntohl(magic); - plength = ntohl(plength); - if (magic != OBFUSCATE_MAGIC_VALUE) - return -1; - if (plength > OBFUSCATE_MAX_PADDING) - return -1; - - /* Send any data that we've been waiting to send */ - if (state->pending_data_to_send) { - crypt_and_transmit(state->send_crypto, state->pending_data_to_send, dest); - evbuffer_free(state->pending_data_to_send); - state->pending_data_to_send = NULL; - } - - /* Now we're waiting for plength bytes of padding */ - state->padding_left_to_read = plength; - state->state = ST_WAIT_FOR_PADDING; - - /* Fall through here: if there is padding data waiting on the buffer, pull - it off immediately. */ - dbg(("Received key, expecting %d bytes of padding\n", plength)); - } - - /* If we're still looking for padding, start pulling off bytes and - discarding them. */ - while (state->padding_left_to_read) { - int n = state->padding_left_to_read; - size_t sourcelen = evbuffer_get_length(source); - if (!sourcelen) - return n; - if ((size_t) n > evbuffer_get_length(source)) - n = evbuffer_get_length(source); - evbuffer_drain(source, n); - state->padding_left_to_read -= n; - dbg(("Received %d bytes of padding; %d left to read\n", n, - state->padding_left_to_read)); - } - - /* Okay; now we're definitely open. Process whatever data we have. */ - state->state = ST_OPEN; - - dbg(("Processing %d bytes data onto destination buffer\n", - (int) evbuffer_get_length(source))); - return crypt_and_transmit(state->recv_crypto, source, dest); -} - -static void -obfs2_state_free(void *s) -{ - obfs2_state_t *state = s; - if (state->send_crypto) - crypt_free(state->send_crypto); - if (state->send_padding_crypto) - crypt_free(state->send_padding_crypto); - if (state->recv_crypto) - crypt_free(state->recv_crypto); - if (state->recv_padding_crypto) - crypt_free(state->recv_padding_crypto); - if (state->pending_data_to_send) - evbuffer_free(state->pending_data_to_send); - memset(state, 0x0a, sizeof(obfs2_state_t)); - free(state); -} diff --git a/src/plugins/obfs2.h b/src/plugins/obfs2.h deleted file mode 100644 index 3124bbc..0000000 --- a/src/plugins/obfs2.h +++ /dev/null @@ -1,81 +0,0 @@ -/* Copyright 2011 Nick Mathewson - - You may do anything with this work that copyright law would normally - restrict, so long as you retain the above notice(s) and this license - in all redistributed copies and derived works. There is no warranty. -*/ - -#ifndef OBFS2_H -#define OBFS2_H - -#include <sys/types.h> - -typedef struct obfs2_state_t obfs2_state_t; -struct evbuffer; -struct protocol_t; - -#define SHARED_SECRET_LENGTH 16 - -void obfs2_state_set_shared_secret(void *state, - const char *secret, size_t secretlen); -int obfs2_init(void); -void *obfs2_new(struct protocol_t *proto_struct, int initiator); - - -#ifdef CRYPT_PROTOCOL_PRIVATE -/* ========== - These definitions are not part of the crypt_protocol interface. - They're exposed here so that the unit tests can use them. - ========== -*/ -/* from brl's obfuscated-ssh standard. */ -//#define OBFUSCATE_MAGIC_VALUE 0x0BF5CA7E - -/* our own, since we break brl's spec */ -#define OBFUSCATE_MAGIC_VALUE 0x2BF5CA7E -#define OBFUSCATE_SEED_LENGTH 16 -#define OBFUSCATE_MAX_PADDING 8192 -#define OBFUSCATE_ZERO_SEED "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" - -#define INITIATOR_PAD_TYPE "Initiator obfuscation padding" -#define RESPONDER_PAD_TYPE "Responder obfuscation padding" -#define INITIATOR_SEND_TYPE "Initiator obfuscated data" -#define RESPONDER_SEND_TYPE "Responder obfuscated data" - -struct obfs2_state_t { - /** Current protocol state. We start out waiting for key information. Then - we have a key and wait for padding to arrive. Finally, we are sending - and receiving bytes on the connection. - */ - enum { - ST_WAIT_FOR_KEY, - ST_WAIT_FOR_PADDING, - ST_OPEN, - } state; - /** Random seed we generated for this stream */ - uchar initiator_seed[OBFUSCATE_SEED_LENGTH]; - /** Random seed the other side generated for this stream */ - uchar responder_seed[OBFUSCATE_SEED_LENGTH]; - /** Shared secret seed value. */ - uchar secret_seed[SHARED_SECRET_LENGTH]; - /** True iff we opened this connection */ - int we_are_initiator; - - /** key used to encrypt outgoing data */ - crypt_t *send_crypto; - /** key used to encrypt outgoing padding */ - crypt_t *send_padding_crypto; - /** key used to decrypt incoming data */ - crypt_t *recv_crypto; - /** key used to decrypt incoming padding */ - crypt_t *recv_padding_crypto; - - /** Buffer full of data we'll send once the handshake is done. */ - struct evbuffer *pending_data_to_send; - - /** Number of padding bytes to read before we get to real data */ - int padding_left_to_read; -}; -#endif - -#endif diff --git a/src/plugins/obfs2_crypt.c b/src/plugins/obfs2_crypt.c deleted file mode 100644 index 0121c93..0000000 --- a/src/plugins/obfs2_crypt.c +++ /dev/null @@ -1,206 +0,0 @@ -/* Copyright 2011 Nick Mathewson - - You may do anything with this work that copyright law would normally - restrict, so long as you retain the above notice(s) and this license - in all redistributed copies and derived works. There is no warranty. -*/ - -#include "config.h" - -#include <assert.h> -#include <string.h> -#include <stdlib.h> -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif -#ifdef HAVE_STDINT_H -#include <stdint.h> -#endif - -#include <openssl/opensslv.h> -#include <openssl/aes.h> -#include <openssl/rand.h> -#include <openssl/err.h> - -#define CRYPT_PRIVATE -#include "obfs2_crypt.h" - -#if OPENSSL_VERSION_NUMBER >= 0x0090800f -#define USE_OPENSSL_RANDPOLL 1 -#define USE_OPENSSL_SHA256 1 -#include <openssl/sha.h> -#else -#define STMT_BEGIN do { -#define STMT_END } while (0) -static void -set_uint32(void *ptr, uint32_t val) -{ - memcpy(ptr, &val, 4); -} -static uint32_t -get_uint32(const void *ptr) -{ - uint32_t val; - memcpy(&val, ptr, 4); - return val; -} -#define LTC_ARGCHK(x) assert((x)) -#include "sha256.c" -#endif - -int -initialize_crypto(void) -{ - ERR_load_crypto_strings(); - -#ifdef USE_OPENSSL_RANDPOLL - return RAND_poll() == 1 ? 0 : -1; -#else - /* XXX Or maybe fall back to the arc4random implementation in libevent2? */ - { - char buf[32]; - int fd, n; - fd = open("/dev/urandom", O_RDONLY); - if (fd == -1) { - perror("open"); - return -1; - } - n = read(fd, buf, sizeof(buf)); - if (n != sizeof(buf)) { - close(fd); - return -1; - } - RAND_seed(buf, sizeof(buf)); - close(fd); - return 0; - } -#endif -} - -void -cleanup_crypto(void) -{ - ERR_free_strings(); -} - -/* ===== - Digests - ===== */ - -#ifdef USE_OPENSSL_SHA256 -struct digest_t { - SHA256_CTX ctx; -}; -digest_t * -digest_new(void) -{ - digest_t *d = malloc(sizeof(digest_t)); - SHA256_Init(&d->ctx); - return d; -} -void -digest_update(digest_t *d, const uchar *buf, size_t len) -{ - SHA256_Update(&d->ctx, buf, len); -} -size_t -digest_getdigest(digest_t *d, uchar *buf, size_t len) -{ - uchar tmp[32]; - int n = 32; - SHA256_Final(tmp, &d->ctx); - if (len < 32) - n = len; - memcpy(buf, tmp, n); - memset(tmp, 0, sizeof(tmp)); - return n; -} -#else -struct digest_t { - sha256_state ctx; -}; -digest_t * -digest_new(void) -{ - digest_t *d = malloc(sizeof(digest_t)); - sha256_init(&d->ctx); - return d; -} -void -digest_update(digest_t *d, const uchar *buf, size_t len) -{ - sha256_process(&d->ctx, buf, len); -} -size_t -digest_getdigest(digest_t *d, uchar *buf, size_t len) -{ - uchar tmp[32]; - int n = 32; - sha256_done(&d->ctx, tmp); - if (len < 32) - n = len; - memcpy(buf, tmp, n); - memset(tmp, 0, sizeof(tmp)); - return n; -} -#endif - -void -digest_free(digest_t *d) -{ - memset(d, 0, sizeof(digest_t)); - free(d); -} - -/* ===== - Stream crypto - ===== */ - -crypt_t * -crypt_new(const uchar *key, size_t keylen) -{ - crypt_t *k; - if (keylen < AES_BLOCK_SIZE) - return NULL; - - k = calloc(1, sizeof(crypt_t)); - if (k == NULL) - return NULL; - - AES_set_encrypt_key(key, 128, &k->key); - - return k; -} -void -crypt_set_iv(crypt_t *key, const uchar *iv, size_t ivlen) -{ - assert(ivlen == sizeof(key->ivec)); - memcpy(key->ivec, iv, ivlen); -} -void -stream_crypt(crypt_t *key, uchar *buf, size_t len) -{ - AES_ctr128_encrypt(buf, buf, /* XXX make sure this is okay to do. */ - len, - &key->key, key->ivec, key->ecount_buf, - &key->pos); -} -void -crypt_free(crypt_t *key) -{ - memset(key, 0, sizeof(key)); - free(key); -} - -/* ===== - PRNG - ===== */ - -int -random_bytes(uchar *buf, size_t buflen) -{ - return RAND_bytes(buf, buflen) == 1 ? 0 : -1; -} diff --git a/src/plugins/obfs2_crypt.h b/src/plugins/obfs2_crypt.h deleted file mode 100644 index c9841d8..0000000 --- a/src/plugins/obfs2_crypt.h +++ /dev/null @@ -1,62 +0,0 @@ -/* Copyright 2011 Nick Mathewson - - You may do anything with this work that copyright law would normally - restrict, so long as you retain the above notice(s) and this license - in all redistributed copies and derived works. There is no warranty. -*/ - -#ifndef OBFS2_CRYPT_H -#define OBFS2_CRYPT_H - -#include <sys/types.h> - -/* Stream cipher state */ -typedef struct crypt_t crypt_t; -/* Digest state */ -typedef struct digest_t digest_t; - -typedef unsigned char uchar; - -/** Initialize global crypto state. Returrn 0 on success, -1 on failure */ -int initialize_crypto(void); -/** Clean up global crypto state */ -void cleanup_crypto(void); - -/** Return a newly allocated digest state, or NULL on failure. */ -digest_t *digest_new(void); -/** Add n bytes from b to the digest state. */ -void digest_update(digest_t *, const uchar *b, size_t n); -/** Get a digest from the digest state. Put it in up the first n bytes of the -buffer b. Return the number of bytes actually written.*/ -size_t digest_getdigest(digest_t *, uchar *b, size_t n); -/** Clear and free a digest state */ -void digest_free(digest_t *); - -/** Return a new stream cipher state taking key and IV from the data provided. - * The data length must be exactly 32 */ -crypt_t *crypt_new(const uchar *, size_t); -void crypt_set_iv(crypt_t *key, const uchar *iv, size_t ivlen); - -/** Encrypt n bytes of data in the buffer b, in place. */ -void stream_crypt(crypt_t *, uchar *b, size_t n); -/** Clear and free a stream cipher state. */ -void crypt_free(crypt_t *); - -/** Set b to contain n random bytes. */ -int random_bytes(uchar *b, size_t n); - -#ifdef CRYPT_PRIVATE -/* ========== - These definitions are not part of the crypt interface. - They're exposed here so that the unit tests can use them. - ========== -*/ -struct crypt_t { - AES_KEY key; - uchar ivec[AES_BLOCK_SIZE]; - uchar ecount_buf[AES_BLOCK_SIZE]; - unsigned int pos; -}; -#endif - -#endif diff --git a/src/protocols/dummy.c b/src/protocols/dummy.c new file mode 100644 index 0000000..8fe722e --- /dev/null +++ b/src/protocols/dummy.c @@ -0,0 +1,63 @@ +#include <assert.h> +#include <string.h> +#include <stdlib.h> +#include <stdio.h> + +#include <unistd.h> + +#include <openssl/rand.h> +#include <event2/buffer.h> + +#include "dummy.h" +#include "../util.h" +#include "../protocol.h" + + +static int dummy_send(void *nothing, + struct evbuffer *source, struct evbuffer *dest); +static int dummy_recv(void *nothing, struct evbuffer *source, + struct evbuffer *dest); + +static protocol_vtable *vtable=NULL; + +int +dummy_init(void) { + vtable = calloc(1, sizeof(protocol_vtable)); + if (!vtable) + return -1; + + vtable->destroy = NULL; + vtable->create = dummy_new; + vtable->handshake = NULL; + vtable->send = dummy_send; + vtable->recv = dummy_recv; + + return 1; +} + +void * +dummy_new(struct protocol_t *proto_struct, int whatever) { + (void)whatever; + + proto_struct->vtable = vtable; + + /* Dodging state check. + This is terrible I know.*/ + return (void *)666U; +} + +static int +dummy_send(void *nothing, + struct evbuffer *source, struct evbuffer *dest) { + (void)nothing; + + return evbuffer_add_buffer(dest,source); +} + +static int +dummy_recv(void *nothing, + struct evbuffer *source, struct evbuffer *dest) { + (void)nothing; + + return evbuffer_add_buffer(dest,source); +} diff --git a/src/protocols/dummy.h b/src/protocols/dummy.h new file mode 100644 index 0000000..241366d --- /dev/null +++ b/src/protocols/dummy.h @@ -0,0 +1,10 @@ +#ifndef DUMMY_H +#define DUMMY_H + +struct protocol_t; +struct evbuffer; + +int dummy_init(void); +void *dummy_new(struct protocol_t *proto_struct, int whatever); + +#endif diff --git a/src/protocols/obfs2.c b/src/protocols/obfs2.c new file mode 100644 index 0000000..cac7bb2 --- /dev/null +++ b/src/protocols/obfs2.c @@ -0,0 +1,405 @@ +/* Copyright 2011 Nick Mathewson + + You may do anything with this work that copyright law would normally + restrict, so long as you retain the above notice(s) and this license + in all redistributed copies and derived works. There is no warranty. +*/ + +#include <assert.h> +#include <string.h> +#include <stdlib.h> +#include <stdio.h> + +#include <openssl/rand.h> +#include <event2/buffer.h> + +#define CRYPT_PROTOCOL_PRIVATE + +#include "obfs2_crypt.h" +#include "obfs2.h" +#include "../util.h" +#include "../protocol.h" + +static void obfs2_state_free(void *state); +static int obfs2_send_initial_message(void *state, struct evbuffer *buf); +static int obfs2_send(void *state, + struct evbuffer *source, struct evbuffer *dest); +static int obfs2_recv(void *state, struct evbuffer *source, + struct evbuffer *dest); +static void *obfs2_state_new(int initiator); + +static protocol_vtable *vtable=NULL; + +/* Sets the function table for the obfs2 protocol and + calls initialize_crypto(). + Returns 0 on success, -1 on fail. +*/ +int +obfs2_init(void) { + vtable = calloc(1, sizeof(protocol_vtable)); + if (!vtable) + return -1; + + vtable->destroy = obfs2_state_free; + vtable->create = obfs2_new; + vtable->handshake = obfs2_send_initial_message; + vtable->send = obfs2_send; + vtable->recv = obfs2_recv; + + if (initialize_crypto() < 0) { + fprintf(stderr, "Can't initialize crypto; failing\n"); + return -1; + } + + return 1; +} + +/** Return true iff the OBFUSCATE_SEED_LENGTH-byte seed in 'seed' is nonzero */ +static int +seed_nonzero(const uchar *seed) +{ + return memcmp(seed, OBFUSCATE_ZERO_SEED, OBFUSCATE_SEED_LENGTH) != 0; +} + +/** + Derive and return key of type 'keytype' from the seeds currently set in + 'state'. Returns NULL on failure. + */ +static crypt_t * +derive_key(void *s, const char *keytype) +{ + obfs2_state_t *state = s; + + crypt_t *cryptstate; + uchar buf[32]; + digest_t *c = digest_new(); + digest_update(c, (uchar*)keytype, strlen(keytype)); + if (seed_nonzero(state->initiator_seed)) + digest_update(c, state->initiator_seed, OBFUSCATE_SEED_LENGTH); + if (seed_nonzero(state->responder_seed)) + digest_update(c, state->responder_seed, OBFUSCATE_SEED_LENGTH); + if (seed_nonzero(state->secret_seed)) + digest_update(c, state->secret_seed, SHARED_SECRET_LENGTH); + digest_update(c, (uchar*)keytype, strlen(keytype)); + digest_getdigest(c, buf, sizeof(buf)); + cryptstate = crypt_new(buf, 16); + crypt_set_iv(cryptstate, buf+16, 16); + memset(buf, 0, sizeof(buf)); + digest_free(c); + return cryptstate; +} + +static crypt_t * +derive_padding_key(void *s, const uchar *seed, + const char *keytype) +{ + obfs2_state_t *state = s; + + crypt_t *cryptstate; + uchar buf[32]; + digest_t *c = digest_new(); + digest_update(c, (uchar*)keytype, strlen(keytype)); + if (seed_nonzero(seed)) + digest_update(c, seed, OBFUSCATE_SEED_LENGTH); + if (seed_nonzero(state->secret_seed)) + digest_update(c, state->secret_seed, OBFUSCATE_SEED_LENGTH); + digest_update(c, (uchar*)keytype, strlen(keytype)); + digest_getdigest(c, buf, sizeof(buf)); + cryptstate = crypt_new(buf, 16); + crypt_set_iv(cryptstate, buf+16, 16); + memset(buf, 0, 16); + digest_free(c); + return cryptstate; +} + +void * +obfs2_new(struct protocol_t *proto_struct, int initiator) { + assert(vtable); + proto_struct->vtable = vtable; + + return obfs2_state_new(initiator); +} + +/** + Return a new object to handle protocol state. If 'initiator' is true, + we're the handshake initiator. Otherwise, we're the responder. Return + NULL on failure. + */ +static void * +obfs2_state_new(int initiator) +{ + obfs2_state_t *state = calloc(1, sizeof(obfs2_state_t)); + uchar *seed; + const char *send_pad_type; + + if (!state) + return NULL; + state->state = ST_WAIT_FOR_KEY; + state->we_are_initiator = initiator; + if (initiator) { + send_pad_type = INITIATOR_PAD_TYPE; + seed = state->initiator_seed; + } else { + send_pad_type = RESPONDER_PAD_TYPE; + seed = state->responder_seed; + } + + /* Generate our seed */ + if (random_bytes(seed, OBFUSCATE_SEED_LENGTH) < 0) { + free(state); + return NULL; + } + + /* Derive the key for what we're sending */ + state->send_padding_crypto = derive_padding_key(state, seed, send_pad_type); + if (state->send_padding_crypto == NULL) { + free(state); + return NULL; + } + + return state; +} + +/** Set the shared secret to be used with this protocol state. */ +void +obfs2_state_set_shared_secret(void *s, + const char *secret, size_t secretlen) +{ + obfs2_state_t *state = s; + + if (secretlen > SHARED_SECRET_LENGTH) + secretlen = SHARED_SECRET_LENGTH; + memcpy(state->secret_seed, secret, secretlen); +} + +/** + Write the initial protocol setup and padding message for 'state' to + the evbuffer 'buf'. Return 0 on success, -1 on failure. + */ +static int +obfs2_send_initial_message(void *s, struct evbuffer *buf) +{ + obfs2_state_t *state = s; + + uint32_t magic = htonl(OBFUSCATE_MAGIC_VALUE), plength, send_plength; + uchar msg[OBFUSCATE_MAX_PADDING + OBFUSCATE_SEED_LENGTH + 8]; + const uchar *seed; + + /* We're going to send: + SEED | E_PAD_KEY( UINT32(MAGIC_VALUE) | UINT32(PADLEN) | WR(PADLEN) ) + */ + + assert(sizeof(magic) == 4); + + /* generate padlen */ + if (random_bytes((uchar*)&plength, 4) < 0) + return -1; + plength %= OBFUSCATE_MAX_PADDING; + send_plength = htonl(plength); + + if (state->we_are_initiator) + seed = state->initiator_seed; + else + seed = state->responder_seed; + + /* Marshal the message, but with no parts encrypted */ + memcpy(msg, seed, OBFUSCATE_SEED_LENGTH); + memcpy(msg+OBFUSCATE_SEED_LENGTH, &magic, 4); + memcpy(msg+OBFUSCATE_SEED_LENGTH+4, &send_plength, 4); + if (random_bytes(msg+OBFUSCATE_SEED_LENGTH+8, plength) < 0) + return -1; + + /* Encrypt it */ + stream_crypt(state->send_padding_crypto, + msg+OBFUSCATE_SEED_LENGTH, 8+plength); + + /* Put it on the buffer */ + evbuffer_add(buf, msg, OBFUSCATE_SEED_LENGTH+8+plength); + return 0; +} + +/** + Helper: encrypt every byte from 'source' using the key in 'crypto', + and write those bytes onto 'dest'. Return 0 on success, -1 on failure. + */ +static int +crypt_and_transmit(crypt_t *crypto, + struct evbuffer *source, struct evbuffer *dest) +{ + uchar data[1024]; + while (1) { + int n = evbuffer_remove(source, data, 1024); + if (n <= 0) + return 0; + stream_crypt(crypto, data, n); + // printf("Message is: %s", data); + evbuffer_add(dest, data, n); + dbg(("Processed %d bytes.", n)); + } +} + +/** + Called when data arrives from the user side and we want to send the + obfuscated version. Copies and obfuscates data from 'source' into 'dest' + using the state in 'state'. Returns 0 on success, -1 on failure. + */ +static int +obfs2_send(void *s, + struct evbuffer *source, struct evbuffer *dest) +{ + obfs2_state_t *state = s; + + if (state->send_crypto) { + /* Our crypto is set up; just relay the bytes */ + return crypt_and_transmit(state->send_crypto, source, dest); + } else { + /* Our crypto isn't set up yet, we'll have to queue the data */ + if (evbuffer_get_length(source)) { + if (! state->pending_data_to_send) { + state->pending_data_to_send = evbuffer_new(); + } + evbuffer_add_buffer(state->pending_data_to_send, source); + } + return 0; + } +} + +/** + Helper: called after reciving our partner's setup message. Initializes all + keys. Returns 0 on success, -1 on failure. + */ +static int +init_crypto(void *s) +{ + obfs2_state_t *state = s; + + const char *send_keytype; + const char *recv_keytype; + const char *recv_pad_keytype; + const uchar *recv_seed; + + if (state->we_are_initiator) { + send_keytype = INITIATOR_SEND_TYPE; + recv_keytype = RESPONDER_SEND_TYPE; + recv_pad_keytype = RESPONDER_PAD_TYPE; + recv_seed = state->responder_seed; + } else { + send_keytype = RESPONDER_SEND_TYPE; + recv_keytype = INITIATOR_SEND_TYPE; + recv_pad_keytype = INITIATOR_PAD_TYPE; + recv_seed = state->initiator_seed; + } + + /* Derive all of the keys that depend on our partner's seed */ + state->send_crypto = derive_key(state, send_keytype); + state->recv_crypto = derive_key(state, recv_keytype); + state->recv_padding_crypto = + derive_padding_key(state, recv_seed, recv_pad_keytype); + + if (state->send_crypto && state->recv_crypto && state->recv_padding_crypto) + return 0; + else + return -1; +} + +/* Called when we receive data in an evbuffer 'source': deobfuscates that data + * and writes it to 'dest'. + * + * Returns x for "don't call again till you have x bytes". 0 for "all ok". -1 + * for "fail, close" */ +static int +obfs2_recv(void *s, struct evbuffer *source, + struct evbuffer *dest) +{ + obfs2_state_t *state = s; + + if (state->state == ST_WAIT_FOR_KEY) { + /* We're waiting for the first OBFUSCATE_SEED_LENGTH+8 bytes to show up + * so we can learn the partner's seed and padding length */ + uchar buf[OBFUSCATE_SEED_LENGTH+8], *other_seed; + uint32_t magic, plength; + if (evbuffer_get_length(source) < OBFUSCATE_SEED_LENGTH+8) { + /* data not here yet */ + return OBFUSCATE_SEED_LENGTH+8; + } + evbuffer_remove(source, buf, OBFUSCATE_SEED_LENGTH+8); + + if (state->we_are_initiator) + other_seed = state->responder_seed; + else + other_seed = state->initiator_seed; + + memcpy(other_seed, buf, OBFUSCATE_SEED_LENGTH); + + /* Now we can set up all the keys from the seed */ + if (init_crypto(state) < 0) + return -1; + + /* Decrypt the next 8 bytes */ + stream_crypt(state->recv_padding_crypto, buf+OBFUSCATE_SEED_LENGTH, 8); + /* Check the magic number and extract the padding length */ + memcpy(&magic, buf+OBFUSCATE_SEED_LENGTH, 4); + memcpy(&plength, buf+OBFUSCATE_SEED_LENGTH+4, 4); + magic = ntohl(magic); + plength = ntohl(plength); + if (magic != OBFUSCATE_MAGIC_VALUE) + return -1; + if (plength > OBFUSCATE_MAX_PADDING) + return -1; + + /* Send any data that we've been waiting to send */ + if (state->pending_data_to_send) { + crypt_and_transmit(state->send_crypto, state->pending_data_to_send, dest); + evbuffer_free(state->pending_data_to_send); + state->pending_data_to_send = NULL; + } + + /* Now we're waiting for plength bytes of padding */ + state->padding_left_to_read = plength; + state->state = ST_WAIT_FOR_PADDING; + + /* Fall through here: if there is padding data waiting on the buffer, pull + it off immediately. */ + dbg(("Received key, expecting %d bytes of padding\n", plength)); + } + + /* If we're still looking for padding, start pulling off bytes and + discarding them. */ + while (state->padding_left_to_read) { + int n = state->padding_left_to_read; + size_t sourcelen = evbuffer_get_length(source); + if (!sourcelen) + return n; + if ((size_t) n > evbuffer_get_length(source)) + n = evbuffer_get_length(source); + evbuffer_drain(source, n); + state->padding_left_to_read -= n; + dbg(("Received %d bytes of padding; %d left to read\n", n, + state->padding_left_to_read)); + } + + /* Okay; now we're definitely open. Process whatever data we have. */ + state->state = ST_OPEN; + + dbg(("Processing %d bytes data onto destination buffer\n", + (int) evbuffer_get_length(source))); + return crypt_and_transmit(state->recv_crypto, source, dest); +} + +static void +obfs2_state_free(void *s) +{ + obfs2_state_t *state = s; + if (state->send_crypto) + crypt_free(state->send_crypto); + if (state->send_padding_crypto) + crypt_free(state->send_padding_crypto); + if (state->recv_crypto) + crypt_free(state->recv_crypto); + if (state->recv_padding_crypto) + crypt_free(state->recv_padding_crypto); + if (state->pending_data_to_send) + evbuffer_free(state->pending_data_to_send); + memset(state, 0x0a, sizeof(obfs2_state_t)); + free(state); +} diff --git a/src/protocols/obfs2.h b/src/protocols/obfs2.h new file mode 100644 index 0000000..3124bbc --- /dev/null +++ b/src/protocols/obfs2.h @@ -0,0 +1,81 @@ +/* Copyright 2011 Nick Mathewson + + You may do anything with this work that copyright law would normally + restrict, so long as you retain the above notice(s) and this license + in all redistributed copies and derived works. There is no warranty. +*/ + +#ifndef OBFS2_H +#define OBFS2_H + +#include <sys/types.h> + +typedef struct obfs2_state_t obfs2_state_t; +struct evbuffer; +struct protocol_t; + +#define SHARED_SECRET_LENGTH 16 + +void obfs2_state_set_shared_secret(void *state, + const char *secret, size_t secretlen); +int obfs2_init(void); +void *obfs2_new(struct protocol_t *proto_struct, int initiator); + + +#ifdef CRYPT_PROTOCOL_PRIVATE +/* ========== + These definitions are not part of the crypt_protocol interface. + They're exposed here so that the unit tests can use them. + ========== +*/ +/* from brl's obfuscated-ssh standard. */ +//#define OBFUSCATE_MAGIC_VALUE 0x0BF5CA7E + +/* our own, since we break brl's spec */ +#define OBFUSCATE_MAGIC_VALUE 0x2BF5CA7E +#define OBFUSCATE_SEED_LENGTH 16 +#define OBFUSCATE_MAX_PADDING 8192 +#define OBFUSCATE_ZERO_SEED "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" + +#define INITIATOR_PAD_TYPE "Initiator obfuscation padding" +#define RESPONDER_PAD_TYPE "Responder obfuscation padding" +#define INITIATOR_SEND_TYPE "Initiator obfuscated data" +#define RESPONDER_SEND_TYPE "Responder obfuscated data" + +struct obfs2_state_t { + /** Current protocol state. We start out waiting for key information. Then + we have a key and wait for padding to arrive. Finally, we are sending + and receiving bytes on the connection. + */ + enum { + ST_WAIT_FOR_KEY, + ST_WAIT_FOR_PADDING, + ST_OPEN, + } state; + /** Random seed we generated for this stream */ + uchar initiator_seed[OBFUSCATE_SEED_LENGTH]; + /** Random seed the other side generated for this stream */ + uchar responder_seed[OBFUSCATE_SEED_LENGTH]; + /** Shared secret seed value. */ + uchar secret_seed[SHARED_SECRET_LENGTH]; + /** True iff we opened this connection */ + int we_are_initiator; + + /** key used to encrypt outgoing data */ + crypt_t *send_crypto; + /** key used to encrypt outgoing padding */ + crypt_t *send_padding_crypto; + /** key used to decrypt incoming data */ + crypt_t *recv_crypto; + /** key used to decrypt incoming padding */ + crypt_t *recv_padding_crypto; + + /** Buffer full of data we'll send once the handshake is done. */ + struct evbuffer *pending_data_to_send; + + /** Number of padding bytes to read before we get to real data */ + int padding_left_to_read; +}; +#endif + +#endif diff --git a/src/protocols/obfs2_crypt.c b/src/protocols/obfs2_crypt.c new file mode 100644 index 0000000..0121c93 --- /dev/null +++ b/src/protocols/obfs2_crypt.c @@ -0,0 +1,206 @@ +/* Copyright 2011 Nick Mathewson + + You may do anything with this work that copyright law would normally + restrict, so long as you retain the above notice(s) and this license + in all redistributed copies and derived works. There is no warranty. +*/ + +#include "config.h" + +#include <assert.h> +#include <string.h> +#include <stdlib.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif + +#include <openssl/opensslv.h> +#include <openssl/aes.h> +#include <openssl/rand.h> +#include <openssl/err.h> + +#define CRYPT_PRIVATE +#include "obfs2_crypt.h" + +#if OPENSSL_VERSION_NUMBER >= 0x0090800f +#define USE_OPENSSL_RANDPOLL 1 +#define USE_OPENSSL_SHA256 1 +#include <openssl/sha.h> +#else +#define STMT_BEGIN do { +#define STMT_END } while (0) +static void +set_uint32(void *ptr, uint32_t val) +{ + memcpy(ptr, &val, 4); +} +static uint32_t +get_uint32(const void *ptr) +{ + uint32_t val; + memcpy(&val, ptr, 4); + return val; +} +#define LTC_ARGCHK(x) assert((x)) +#include "sha256.c" +#endif + +int +initialize_crypto(void) +{ + ERR_load_crypto_strings(); + +#ifdef USE_OPENSSL_RANDPOLL + return RAND_poll() == 1 ? 0 : -1; +#else + /* XXX Or maybe fall back to the arc4random implementation in libevent2? */ + { + char buf[32]; + int fd, n; + fd = open("/dev/urandom", O_RDONLY); + if (fd == -1) { + perror("open"); + return -1; + } + n = read(fd, buf, sizeof(buf)); + if (n != sizeof(buf)) { + close(fd); + return -1; + } + RAND_seed(buf, sizeof(buf)); + close(fd); + return 0; + } +#endif +} + +void +cleanup_crypto(void) +{ + ERR_free_strings(); +} + +/* ===== + Digests + ===== */ + +#ifdef USE_OPENSSL_SHA256 +struct digest_t { + SHA256_CTX ctx; +}; +digest_t * +digest_new(void) +{ + digest_t *d = malloc(sizeof(digest_t)); + SHA256_Init(&d->ctx); + return d; +} +void +digest_update(digest_t *d, const uchar *buf, size_t len) +{ + SHA256_Update(&d->ctx, buf, len); +} +size_t +digest_getdigest(digest_t *d, uchar *buf, size_t len) +{ + uchar tmp[32]; + int n = 32; + SHA256_Final(tmp, &d->ctx); + if (len < 32) + n = len; + memcpy(buf, tmp, n); + memset(tmp, 0, sizeof(tmp)); + return n; +} +#else +struct digest_t { + sha256_state ctx; +}; +digest_t * +digest_new(void) +{ + digest_t *d = malloc(sizeof(digest_t)); + sha256_init(&d->ctx); + return d; +} +void +digest_update(digest_t *d, const uchar *buf, size_t len) +{ + sha256_process(&d->ctx, buf, len); +} +size_t +digest_getdigest(digest_t *d, uchar *buf, size_t len) +{ + uchar tmp[32]; + int n = 32; + sha256_done(&d->ctx, tmp); + if (len < 32) + n = len; + memcpy(buf, tmp, n); + memset(tmp, 0, sizeof(tmp)); + return n; +} +#endif + +void +digest_free(digest_t *d) +{ + memset(d, 0, sizeof(digest_t)); + free(d); +} + +/* ===== + Stream crypto + ===== */ + +crypt_t * +crypt_new(const uchar *key, size_t keylen) +{ + crypt_t *k; + if (keylen < AES_BLOCK_SIZE) + return NULL; + + k = calloc(1, sizeof(crypt_t)); + if (k == NULL) + return NULL; + + AES_set_encrypt_key(key, 128, &k->key); + + return k; +} +void +crypt_set_iv(crypt_t *key, const uchar *iv, size_t ivlen) +{ + assert(ivlen == sizeof(key->ivec)); + memcpy(key->ivec, iv, ivlen); +} +void +stream_crypt(crypt_t *key, uchar *buf, size_t len) +{ + AES_ctr128_encrypt(buf, buf, /* XXX make sure this is okay to do. */ + len, + &key->key, key->ivec, key->ecount_buf, + &key->pos); +} +void +crypt_free(crypt_t *key) +{ + memset(key, 0, sizeof(key)); + free(key); +} + +/* ===== + PRNG + ===== */ + +int +random_bytes(uchar *buf, size_t buflen) +{ + return RAND_bytes(buf, buflen) == 1 ? 0 : -1; +} diff --git a/src/protocols/obfs2_crypt.h b/src/protocols/obfs2_crypt.h new file mode 100644 index 0000000..c9841d8 --- /dev/null +++ b/src/protocols/obfs2_crypt.h @@ -0,0 +1,62 @@ +/* Copyright 2011 Nick Mathewson + + You may do anything with this work that copyright law would normally + restrict, so long as you retain the above notice(s) and this license + in all redistributed copies and derived works. There is no warranty. +*/ + +#ifndef OBFS2_CRYPT_H +#define OBFS2_CRYPT_H + +#include <sys/types.h> + +/* Stream cipher state */ +typedef struct crypt_t crypt_t; +/* Digest state */ +typedef struct digest_t digest_t; + +typedef unsigned char uchar; + +/** Initialize global crypto state. Returrn 0 on success, -1 on failure */ +int initialize_crypto(void); +/** Clean up global crypto state */ +void cleanup_crypto(void); + +/** Return a newly allocated digest state, or NULL on failure. */ +digest_t *digest_new(void); +/** Add n bytes from b to the digest state. */ +void digest_update(digest_t *, const uchar *b, size_t n); +/** Get a digest from the digest state. Put it in up the first n bytes of the +buffer b. Return the number of bytes actually written.*/ +size_t digest_getdigest(digest_t *, uchar *b, size_t n); +/** Clear and free a digest state */ +void digest_free(digest_t *); + +/** Return a new stream cipher state taking key and IV from the data provided. + * The data length must be exactly 32 */ +crypt_t *crypt_new(const uchar *, size_t); +void crypt_set_iv(crypt_t *key, const uchar *iv, size_t ivlen); + +/** Encrypt n bytes of data in the buffer b, in place. */ +void stream_crypt(crypt_t *, uchar *b, size_t n); +/** Clear and free a stream cipher state. */ +void crypt_free(crypt_t *); + +/** Set b to contain n random bytes. */ +int random_bytes(uchar *b, size_t n); + +#ifdef CRYPT_PRIVATE +/* ========== + These definitions are not part of the crypt interface. + They're exposed here so that the unit tests can use them. + ========== +*/ +struct crypt_t { + AES_KEY key; + uchar ivec[AES_BLOCK_SIZE]; + uchar ecount_buf[AES_BLOCK_SIZE]; + unsigned int pos; +}; +#endif + +#endif diff --git a/src/test/unittest_obfs2.c b/src/test/unittest_obfs2.c new file mode 100644 index 0000000..cdac4c9 --- /dev/null +++ b/src/test/unittest_obfs2.c @@ -0,0 +1,476 @@ +/* Copyright 2011 Nick Mathewson + + You may do anything with this work that copyright law would normally + restrict, so long as you retain the above notice(s) and this license + in all redistributed copies and derived works. There is no warranty. +*/ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "tinytest.h" +#include "tinytest_macros.h" + +#include <event2/buffer.h> +#include <openssl/aes.h> + + +#define CRYPT_PROTOCOL_PRIVATE +#define CRYPT_PRIVATE +#include "../plugins/obfs2_crypt.h" +#include "../util.h" +#include "../protocol.h" +#include "../plugins/obfs2.h" + +/* Make sure we can successfully set up a protocol state */ +static void +test_proto_setup(void *data) +{ + struct protocol_t *client_proto = NULL; + struct protocol_t *server_proto = NULL; + + tt_assert(set_up_protocol(OBFS2_PROTOCOL) >= 0); + + client_proto = proto_new(OBFS2_PROTOCOL,1); + server_proto = proto_new(OBFS2_PROTOCOL,1); + + tt_assert(client_proto); + tt_assert(server_proto); + tt_assert(client_proto->state); + tt_assert(server_proto->state); + + end: + if (client_proto->state) + proto_destroy(client_proto); + if (server_proto->state) + proto_destroy(server_proto); + +} + +static void +test_proto_handshake(void *data) +{ + struct evbuffer *output_buffer = NULL; + struct evbuffer *dummy_buffer = NULL; + output_buffer = evbuffer_new(); + dummy_buffer = evbuffer_new(); + + struct protocol_t *client_proto = NULL; + struct protocol_t *server_proto = NULL; + + tt_assert(set_up_protocol(OBFS2_PROTOCOL) >= 0); + + client_proto = proto_new(OBFS2_PROTOCOL,1); + server_proto = proto_new(OBFS2_PROTOCOL,0); + + tt_assert(client_proto); + tt_assert(server_proto); + tt_assert(client_proto->state); + tt_assert(server_proto->state); + + obfs2_state_t *client_state = client_proto->state; + obfs2_state_t *server_state = server_proto->state; + + /* We create a client handshake message and pass it to output_buffer */ + tt_int_op(0, <=, proto_handshake(client_proto, output_buffer)<0); + + /* We simulate the server receiving and processing the client's handshake message, + by using proto_recv() on the output_buffer */ + tt_int_op(0, <=, proto_recv(server_proto, output_buffer, dummy_buffer) <0); + + /* Now, we create the server's handshake and pass it to output_buffer */ + tt_int_op(0, <=, proto_handshake(server_proto, output_buffer)<0); + + /* We simulate the client receiving and processing the server's handshake */ + tt_int_op(0, <=, proto_recv(client_proto, output_buffer, dummy_buffer) <0); + + /* The handshake is now complete. We should have: + client's send_crypto == server's recv_crypto + server's send_crypto == client's recv_crypto . */ + tt_int_op(0, ==, memcmp(client_state->send_crypto, + server_state->recv_crypto, + sizeof(crypt_t))); + + tt_int_op(0, ==, memcmp(client_state->recv_crypto, + server_state->send_crypto, + sizeof(crypt_t))); + + end: + if (client_proto->state) + proto_destroy(client_proto); + if (server_proto->state) + proto_destroy(server_proto); + + if (output_buffer) + evbuffer_free(output_buffer); + if (dummy_buffer) + evbuffer_free(dummy_buffer); +} + +static void +test_proto_transfer(void *data) +{ + struct evbuffer *output_buffer = NULL; + struct evbuffer *dummy_buffer = NULL; + output_buffer = evbuffer_new(); + dummy_buffer = evbuffer_new(); + + struct protocol_t *client_proto = NULL; + struct protocol_t *server_proto = NULL; + + tt_assert(set_up_protocol(OBFS2_PROTOCOL) >= 0); + + client_proto = proto_new(OBFS2_PROTOCOL,1); + server_proto = proto_new(OBFS2_PROTOCOL,0); + + tt_assert(client_proto); + tt_assert(server_proto); + tt_assert(client_proto->state); + tt_assert(server_proto->state); + + int n; + struct evbuffer_iovec v[2]; + + /* Handshake */ + tt_int_op(0, <=, proto_handshake(client_proto, output_buffer)<0); + tt_int_op(0, <=, proto_recv(server_proto, output_buffer, dummy_buffer) <0); + tt_int_op(0, <=, proto_handshake(server_proto, output_buffer)<0); + tt_int_op(0, <=, proto_recv(client_proto, output_buffer, dummy_buffer) <0); + /* End of Handshake */ + + /* Now let's pass some data around. */ + char *msg1 = "this is a 54-byte message passed from client to server"; + char *msg2 = "this is a 55-byte message passed from server to client!"; + + /* client -> server */ + evbuffer_add(dummy_buffer, msg1, 54); + proto_send(client_proto, dummy_buffer, output_buffer); + + tt_int_op(0, <=, proto_recv(server_proto, output_buffer, dummy_buffer)); + + n = evbuffer_peek(dummy_buffer, -1, NULL, &v[0], 2); + + /* Let's check if it matches. */ + tt_int_op(0, ==, strncmp(msg1, v[0].iov_base, 54)); + + /* emptying dummy_buffer before next test */ + size_t buffer_len = evbuffer_get_length(dummy_buffer); + tt_int_op(0, ==, evbuffer_drain(dummy_buffer, buffer_len)); + + /* client <- server */ + evbuffer_add(dummy_buffer, msg2, 55); + tt_int_op(0, <=, proto_send(server_proto, dummy_buffer, output_buffer)); + + tt_int_op(0, <=, proto_recv(client_proto, output_buffer, dummy_buffer)); + + n = evbuffer_peek(dummy_buffer, -1, NULL, &v[1], 2); + tt_int_op(0, ==, strncmp(msg2, v[1].iov_base, 55)); + + end: + if (client_proto->state) + proto_destroy(client_proto); + if (server_proto->state) + proto_destroy(server_proto); + + if (output_buffer) + evbuffer_free(output_buffer); + if (dummy_buffer) + evbuffer_free(dummy_buffer); +} + +/* We are going to split client's handshake into: + msgclient_1 = [OBFUSCATE_SEED_LENGTH + 8 + <one fourth of padding>] + and msgclient_2 = [<rest of padding>]. + + We are then going to split server's handshake into: + msgserver_1 = [OBFUSCATE_SEED_LENGTH + 8] + and msgserver_2 = [<all padding>]. + + Afterwards we will verify that they both got the correct keys. + That's right, this unit test is loco . */ +static void +test_proto_splitted_handshake(void *data) +{ + obfs2_state_t *client_state = NULL; + obfs2_state_t *server_state = NULL; + + struct evbuffer *output_buffer = NULL; + struct evbuffer *dummy_buffer = NULL; + output_buffer = evbuffer_new(); + dummy_buffer = evbuffer_new(); + + struct protocol_t *client_proto = NULL; + struct protocol_t *server_proto = NULL; + + tt_assert(set_up_protocol(OBFS2_PROTOCOL) >= 0); + + client_proto = proto_new(OBFS2_PROTOCOL,1); + server_proto = proto_new(OBFS2_PROTOCOL,0); + + tt_assert(client_proto); + tt_assert(server_proto); + tt_assert(client_proto->state); + tt_assert(server_proto->state); + + client_state = client_proto->state; + server_state = server_proto->state; + + uint32_t magic = htonl(OBFUSCATE_MAGIC_VALUE); + uint32_t plength1, plength1_msg1, plength1_msg2, send_plength1; + const uchar *seed1; + + /* generate padlen */ + tt_int_op(0, <=, random_bytes((uchar*)&plength1, 4)); + + plength1 %= OBFUSCATE_MAX_PADDING; + + plength1_msg1 = plength1 / 4; + plength1_msg2 = plength1 - plength1_msg1; + + send_plength1 = htonl(plength1); + + uchar msgclient_1[OBFUSCATE_MAX_PADDING + OBFUSCATE_SEED_LENGTH + 8]; + uchar msgclient_2[OBFUSCATE_MAX_PADDING]; + + seed1 = client_state->initiator_seed; + + memcpy(msgclient_1, seed1, OBFUSCATE_SEED_LENGTH); + memcpy(msgclient_1+OBFUSCATE_SEED_LENGTH, &magic, 4); + memcpy(msgclient_1+OBFUSCATE_SEED_LENGTH+4, &send_plength1, 4); + tt_int_op(0, <=, random_bytes(msgclient_1+OBFUSCATE_SEED_LENGTH+8, plength1_msg1)); + + stream_crypt(client_state->send_padding_crypto, msgclient_1+OBFUSCATE_SEED_LENGTH, 8+plength1_msg1); + + /* Client sends handshake part 1 */ + evbuffer_add(output_buffer, msgclient_1, OBFUSCATE_SEED_LENGTH+8+plength1_msg1); + + /* Server receives handshake part 1 */ + tt_int_op(0, <=, proto_recv(server_proto, output_buffer, dummy_buffer)); + + tt_assert(server_state->state == ST_WAIT_FOR_PADDING); + + /* Preparing client's handshake part 2 */ + tt_int_op(0, <=, random_bytes(msgclient_2, plength1_msg2)); + stream_crypt(client_state->send_padding_crypto, msgclient_2, plength1_msg2); + + /* Client sends handshake part 2 */ + evbuffer_add(output_buffer, msgclient_2, plength1_msg2); + + /* Server receives handshake part 2 */ + tt_int_op(0, <=, proto_recv(server_proto, output_buffer, dummy_buffer)); + + tt_assert(server_state->state == ST_OPEN); + + /* Since everything went right, let's do a server to client handshake now! */ + uint32_t plength2, send_plength2; + const uchar *seed2; + + /* generate padlen */ + tt_int_op(0, <=, random_bytes((uchar*)&plength2, 4)); + + plength2 %= OBFUSCATE_MAX_PADDING; + send_plength2 = htonl(plength2); + + uchar msgserver_1[OBFUSCATE_SEED_LENGTH + 8]; + uchar msgserver_2[OBFUSCATE_MAX_PADDING]; + + seed2 = server_state->responder_seed; + + memcpy(msgserver_1, seed2, OBFUSCATE_SEED_LENGTH); + memcpy(msgserver_1+OBFUSCATE_SEED_LENGTH, &magic, 4); + memcpy(msgserver_1+OBFUSCATE_SEED_LENGTH+4, &send_plength2, 4); + + stream_crypt(server_state->send_padding_crypto, msgserver_1+OBFUSCATE_SEED_LENGTH, 8); + + /* Server sends handshake part 1 */ + evbuffer_add(output_buffer, msgserver_1, OBFUSCATE_SEED_LENGTH+8); + + /* Client receives handshake part 1 */ + tt_int_op(0, <=, proto_recv(client_proto, output_buffer, dummy_buffer)); + + tt_assert(client_state->state == ST_WAIT_FOR_PADDING); + + /* Preparing client's handshake part 2 */ + tt_int_op(0, <=, random_bytes(msgserver_2, plength2)); + stream_crypt(server_state->send_padding_crypto, msgserver_2, plength2); + + /* Server sends handshake part 2 */ + evbuffer_add(output_buffer, msgserver_2, plength2); + + /* Client receives handshake part 2 */ + tt_int_op(0, <=, proto_recv(client_proto, output_buffer, dummy_buffer)); + + tt_assert(client_state->state == ST_OPEN); + + /* The handshake is finally complete. We should have: */ + /* client's send_crypto == server's recv_crypto */ + /* server's send_crypto == client's recv_crypto . */ + tt_int_op(0, ==, memcmp(client_state->send_crypto, + server_state->recv_crypto, + sizeof(crypt_t))); + + tt_int_op(0, ==, memcmp(client_state->recv_crypto, + server_state->send_crypto, + sizeof(crypt_t))); + + end: + if (client_state) + proto_destroy(client_proto); + if (server_state) + proto_destroy(server_proto); + + if (output_buffer) + evbuffer_free(output_buffer); + if (dummy_buffer) + evbuffer_free(dummy_buffer); +} + +/* + Erroneous handshake test: + Wrong magic value. +*/ +static void +test_proto_wrong_handshake_magic(void *data) +{ + obfs2_state_t *client_state = NULL; + obfs2_state_t *server_state = NULL; + + struct evbuffer *output_buffer = NULL; + struct evbuffer *dummy_buffer = NULL; + output_buffer = evbuffer_new(); + dummy_buffer = evbuffer_new(); + + struct protocol_t *client_proto = NULL; + struct protocol_t *server_proto = NULL; + + tt_assert(set_up_protocol(OBFS2_PROTOCOL) >= 0); + + client_proto = proto_new(OBFS2_PROTOCOL,1); + server_proto = proto_new(OBFS2_PROTOCOL,0); + + tt_assert(client_proto); + tt_assert(server_proto); + tt_assert(client_proto->state); + tt_assert(server_proto->state); + + client_state = client_proto->state; + server_state = server_proto->state; + + uint32_t wrong_magic = 0xD15EA5E; + + uint32_t plength, send_plength; + const uchar *seed; + uchar msg[OBFUSCATE_MAX_PADDING + OBFUSCATE_SEED_LENGTH + 8]; + + tt_int_op(0, >=, random_bytes((uchar*)&plength, 4)); + plength %= OBFUSCATE_MAX_PADDING; + send_plength = htonl(plength); + + seed = client_state->initiator_seed; + memcpy(msg, seed, OBFUSCATE_SEED_LENGTH); + memcpy(msg+OBFUSCATE_SEED_LENGTH, &wrong_magic, 4); + memcpy(msg+OBFUSCATE_SEED_LENGTH+4, &send_plength, 4); + tt_int_op(0, >=, random_bytes(msg+OBFUSCATE_SEED_LENGTH+8, plength)); + + stream_crypt(client_state->send_padding_crypto, + msg+OBFUSCATE_SEED_LENGTH, 8+plength); + + evbuffer_add(output_buffer, msg, OBFUSCATE_SEED_LENGTH+8+plength); + + tt_int_op(-1, ==, proto_recv(server_proto, output_buffer, dummy_buffer)); + + tt_assert(server_state->state == ST_WAIT_FOR_KEY); + + end: + if (client_state) + proto_destroy(client_proto); + if (server_state) + proto_destroy(server_proto); + + if (output_buffer) + evbuffer_free(output_buffer); + if (dummy_buffer) + evbuffer_free(dummy_buffer); +} + +/* Erroneous handshake test: + plength field larger than OBFUSCATE_MAX_PADDING +*/ +static void +test_proto_wrong_handshake_plength(void *data) +{ + obfs2_state_t *client_state = NULL; + obfs2_state_t *server_state = NULL; + + struct evbuffer *output_buffer = NULL; + struct evbuffer *dummy_buffer = NULL; + output_buffer = evbuffer_new(); + dummy_buffer = evbuffer_new(); + + struct protocol_t *client_proto = NULL; + struct protocol_t *server_proto = NULL; + + tt_assert(set_up_protocol(OBFS2_PROTOCOL) >= 0); + + client_proto = proto_new(OBFS2_PROTOCOL,1); + server_proto = proto_new(OBFS2_PROTOCOL,0); + + tt_assert(client_proto); + tt_assert(server_proto); + tt_assert(client_proto->state); + tt_assert(server_proto->state); + + client_state = client_proto->state; + server_state = server_proto->state; + + uchar msg[OBFUSCATE_MAX_PADDING + OBFUSCATE_SEED_LENGTH + 8 + 1]; + uint32_t magic = htonl(OBFUSCATE_MAGIC_VALUE); + uint32_t plength, send_plength; + const uchar *seed; + seed = client_state->initiator_seed; + + plength = OBFUSCATE_MAX_PADDING + 1U; + send_plength = htonl(plength); + + memcpy(msg, seed, OBFUSCATE_SEED_LENGTH); + memcpy(msg+OBFUSCATE_SEED_LENGTH, &magic, 4); + memcpy(msg+OBFUSCATE_SEED_LENGTH+4, &send_plength, 4); + tt_int_op(0, >=, random_bytes(msg+OBFUSCATE_SEED_LENGTH+8, plength)); + + stream_crypt(client_state->send_padding_crypto, + msg+OBFUSCATE_SEED_LENGTH, 8+plength); + + evbuffer_add(output_buffer, msg, OBFUSCATE_SEED_LENGTH+8+plength); + + tt_int_op(-1, ==, proto_recv(server_proto, output_buffer, dummy_buffer)); + + tt_assert(server_state->state == ST_WAIT_FOR_KEY); + + end: + if (client_state) + proto_destroy(client_proto); + if (server_state) + proto_destroy(server_proto); + + if (output_buffer) + evbuffer_free(output_buffer); + if (dummy_buffer) + evbuffer_free(dummy_buffer); +} + + +#define T(name, flags) \ + { #name, test_proto_##name, (flags), NULL, NULL } + +struct testcase_t protocol_tests[] = { + T(setup, 0), + T(handshake, 0), + T(transfer, 0), + T(splitted_handshake, 0), + T(wrong_handshake_magic, 0), +#if 0 + T(wrong_handshake_padding, 0), +#endif + T(wrong_handshake_plength, 0), + END_OF_TESTCASES +}; diff --git a/src/test/unittest_protocol.c b/src/test/unittest_protocol.c deleted file mode 100644 index 1864a3a..0000000 --- a/src/test/unittest_protocol.c +++ /dev/null @@ -1,469 +0,0 @@ -/* Copyright 2011 Nick Mathewson - - You may do anything with this work that copyright law would normally - restrict, so long as you retain the above notice(s) and this license - in all redistributed copies and derived works. There is no warranty. -*/ -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "tinytest.h" -#include "tinytest_macros.h" - -#include <event2/buffer.h> -#include <openssl/aes.h> - - -#define CRYPT_PROTOCOL_PRIVATE -#define CRYPT_PRIVATE -#include "../plugins/obfs2_crypt.h" -#include "../util.h" -#include "../protocol.h" -#include "../plugins/obfs2.h" - -/* Make sure we can successfully set up a protocol state */ -static void -test_proto_setup(void *data) -{ - struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); - - int initiator = 1; - int no_initiator = 0; - client_proto->state = proto_init(client_proto, &initiator); - server_proto->state = proto_init(server_proto, &no_initiator); - - tt_assert(client_proto); - tt_assert(server_proto); - tt_assert(client_proto->state); - tt_assert(server_proto->state); - - end: - if (client_proto->state) - proto_destroy(client_proto); - if (server_proto->state) - proto_destroy(server_proto); - -} - -static void -test_proto_handshake(void *data) -{ - struct evbuffer *output_buffer = NULL; - struct evbuffer *dummy_buffer = NULL; - output_buffer = evbuffer_new(); - dummy_buffer = evbuffer_new(); - - struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); - - int initiator = 1; - int no_initiator = 0; - client_proto->state = proto_init(client_proto, &initiator); - server_proto->state = proto_init(server_proto, &no_initiator); - tt_assert(client_proto); - tt_assert(server_proto); - tt_assert(client_proto->state); - tt_assert(server_proto->state); - - obfs2_state_t *client_state = client_proto->state; - obfs2_state_t *server_state = server_proto->state; - - /* We create a client handshake message and pass it to output_buffer */ - tt_int_op(0, <=, proto_handshake(client_proto, output_buffer)<0); - - /* We simulate the server receiving and processing the client's handshake message, - by using proto_recv() on the output_buffer */ - tt_int_op(0, <=, proto_recv(server_proto, output_buffer, dummy_buffer) <0); - - /* Now, we create the server's handshake and pass it to output_buffer */ - tt_int_op(0, <=, proto_handshake(server_proto, output_buffer)<0); - - /* We simulate the client receiving and processing the server's handshake */ - tt_int_op(0, <=, proto_recv(client_proto, output_buffer, dummy_buffer) <0); - - /* The handshake is now complete. We should have: - client's send_crypto == server's recv_crypto - server's send_crypto == client's recv_crypto . */ - tt_int_op(0, ==, memcmp(client_state->send_crypto, - server_state->recv_crypto, - sizeof(crypt_t))); - - tt_int_op(0, ==, memcmp(client_state->recv_crypto, - server_state->send_crypto, - sizeof(crypt_t))); - - end: - if (client_proto->state) - proto_destroy(client_proto); - if (server_proto->state) - proto_destroy(server_proto); - - if (output_buffer) - evbuffer_free(output_buffer); - if (dummy_buffer) - evbuffer_free(dummy_buffer); -} - -static void -test_proto_transfer(void *data) -{ - struct evbuffer *output_buffer = NULL; - struct evbuffer *dummy_buffer = NULL; - output_buffer = evbuffer_new(); - dummy_buffer = evbuffer_new(); - - struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); - - int initiator = 1; - int no_initiator = 0; - client_proto->state = proto_init(client_proto, &initiator); - server_proto->state = proto_init(server_proto, &no_initiator); - tt_assert(client_proto); - tt_assert(server_proto); - tt_assert(client_proto->state); - tt_assert(server_proto->state); - - int n; - struct evbuffer_iovec v[2]; - - /* Handshake */ - tt_int_op(0, <=, proto_handshake(client_proto, output_buffer)<0); - tt_int_op(0, <=, proto_recv(server_proto, output_buffer, dummy_buffer) <0); - tt_int_op(0, <=, proto_handshake(server_proto, output_buffer)<0); - tt_int_op(0, <=, proto_recv(client_proto, output_buffer, dummy_buffer) <0); - /* End of Handshake */ - - /* Now let's pass some data around. */ - char *msg1 = "this is a 54-byte message passed from client to server"; - char *msg2 = "this is a 55-byte message passed from server to client!"; - - /* client -> server */ - evbuffer_add(dummy_buffer, msg1, 54); - proto_send(client_proto, dummy_buffer, output_buffer); - - tt_int_op(0, <=, proto_recv(server_proto, output_buffer, dummy_buffer)); - - n = evbuffer_peek(dummy_buffer, -1, NULL, &v[0], 2); - - /* Let's check if it matches. */ - tt_int_op(0, ==, strncmp(msg1, v[0].iov_base, 54)); - - /* emptying dummy_buffer before next test */ - size_t buffer_len = evbuffer_get_length(dummy_buffer); - tt_int_op(0, ==, evbuffer_drain(dummy_buffer, buffer_len)); - - /* client <- server */ - evbuffer_add(dummy_buffer, msg2, 55); - tt_int_op(0, <=, proto_send(server_proto, dummy_buffer, output_buffer)); - - tt_int_op(0, <=, proto_recv(client_proto, output_buffer, dummy_buffer)); - - n = evbuffer_peek(dummy_buffer, -1, NULL, &v[1], 2); - tt_int_op(0, ==, strncmp(msg2, v[1].iov_base, 55)); - - end: - if (client_proto->state) - proto_destroy(client_proto); - if (server_proto->state) - proto_destroy(server_proto); - - if (output_buffer) - evbuffer_free(output_buffer); - if (dummy_buffer) - evbuffer_free(dummy_buffer); -} - -/* We are going to split client's handshake into: - msgclient_1 = [OBFUSCATE_SEED_LENGTH + 8 + <one fourth of padding>] - and msgclient_2 = [<rest of padding>]. - - We are then going to split server's handshake into: - msgserver_1 = [OBFUSCATE_SEED_LENGTH + 8] - and msgserver_2 = [<all padding>]. - - Afterwards we will verify that they both got the correct keys. - That's right, this unit test is loco . */ -static void -test_proto_splitted_handshake(void *data) -{ - obfs2_state_t *client_state = NULL; - obfs2_state_t *server_state = NULL; - - struct evbuffer *output_buffer = NULL; - struct evbuffer *dummy_buffer = NULL; - output_buffer = evbuffer_new(); - dummy_buffer = evbuffer_new(); - - struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); - - int initiator = 1; - int no_initiator = 0; - client_proto->state = proto_init(client_proto, &initiator); - server_proto->state = proto_init(server_proto, &no_initiator); - tt_assert(client_proto); - tt_assert(server_proto); - tt_assert(client_proto->state); - tt_assert(server_proto->state); - - client_state = client_proto->state; - server_state = server_proto->state; - - uint32_t magic = htonl(OBFUSCATE_MAGIC_VALUE); - uint32_t plength1, plength1_msg1, plength1_msg2, send_plength1; - const uchar *seed1; - - /* generate padlen */ - tt_int_op(0, <=, random_bytes((uchar*)&plength1, 4)); - - plength1 %= OBFUSCATE_MAX_PADDING; - - plength1_msg1 = plength1 / 4; - plength1_msg2 = plength1 - plength1_msg1; - - send_plength1 = htonl(plength1); - - uchar msgclient_1[OBFUSCATE_MAX_PADDING + OBFUSCATE_SEED_LENGTH + 8]; - uchar msgclient_2[OBFUSCATE_MAX_PADDING]; - - seed1 = client_state->initiator_seed; - - memcpy(msgclient_1, seed1, OBFUSCATE_SEED_LENGTH); - memcpy(msgclient_1+OBFUSCATE_SEED_LENGTH, &magic, 4); - memcpy(msgclient_1+OBFUSCATE_SEED_LENGTH+4, &send_plength1, 4); - tt_int_op(0, <=, random_bytes(msgclient_1+OBFUSCATE_SEED_LENGTH+8, plength1_msg1)); - - stream_crypt(client_state->send_padding_crypto, msgclient_1+OBFUSCATE_SEED_LENGTH, 8+plength1_msg1); - - /* Client sends handshake part 1 */ - evbuffer_add(output_buffer, msgclient_1, OBFUSCATE_SEED_LENGTH+8+plength1_msg1); - - /* Server receives handshake part 1 */ - tt_int_op(0, <=, proto_recv(server_proto, output_buffer, dummy_buffer)); - - tt_assert(server_state->state == ST_WAIT_FOR_PADDING); - - /* Preparing client's handshake part 2 */ - tt_int_op(0, <=, random_bytes(msgclient_2, plength1_msg2)); - stream_crypt(client_state->send_padding_crypto, msgclient_2, plength1_msg2); - - /* Client sends handshake part 2 */ - evbuffer_add(output_buffer, msgclient_2, plength1_msg2); - - /* Server receives handshake part 2 */ - tt_int_op(0, <=, proto_recv(server_proto, output_buffer, dummy_buffer)); - - tt_assert(server_state->state == ST_OPEN); - - /* Since everything went right, let's do a server to client handshake now! */ - uint32_t plength2, send_plength2; - const uchar *seed2; - - /* generate padlen */ - tt_int_op(0, <=, random_bytes((uchar*)&plength2, 4)); - - plength2 %= OBFUSCATE_MAX_PADDING; - send_plength2 = htonl(plength2); - - uchar msgserver_1[OBFUSCATE_SEED_LENGTH + 8]; - uchar msgserver_2[OBFUSCATE_MAX_PADDING]; - - seed2 = server_state->responder_seed; - - memcpy(msgserver_1, seed2, OBFUSCATE_SEED_LENGTH); - memcpy(msgserver_1+OBFUSCATE_SEED_LENGTH, &magic, 4); - memcpy(msgserver_1+OBFUSCATE_SEED_LENGTH+4, &send_plength2, 4); - - stream_crypt(server_state->send_padding_crypto, msgserver_1+OBFUSCATE_SEED_LENGTH, 8); - - /* Server sends handshake part 1 */ - evbuffer_add(output_buffer, msgserver_1, OBFUSCATE_SEED_LENGTH+8); - - /* Client receives handshake part 1 */ - tt_int_op(0, <=, proto_recv(client_proto, output_buffer, dummy_buffer)); - - tt_assert(client_state->state == ST_WAIT_FOR_PADDING); - - /* Preparing client's handshake part 2 */ - tt_int_op(0, <=, random_bytes(msgserver_2, plength2)); - stream_crypt(server_state->send_padding_crypto, msgserver_2, plength2); - - /* Server sends handshake part 2 */ - evbuffer_add(output_buffer, msgserver_2, plength2); - - /* Client receives handshake part 2 */ - tt_int_op(0, <=, proto_recv(client_proto, output_buffer, dummy_buffer)); - - tt_assert(client_state->state == ST_OPEN); - - /* The handshake is finally complete. We should have: */ - /* client's send_crypto == server's recv_crypto */ - /* server's send_crypto == client's recv_crypto . */ - tt_int_op(0, ==, memcmp(client_state->send_crypto, - server_state->recv_crypto, - sizeof(crypt_t))); - - tt_int_op(0, ==, memcmp(client_state->recv_crypto, - server_state->send_crypto, - sizeof(crypt_t))); - - end: - if (client_state) - proto_destroy(client_proto); - if (server_state) - proto_destroy(server_proto); - - if (output_buffer) - evbuffer_free(output_buffer); - if (dummy_buffer) - evbuffer_free(dummy_buffer); -} - -/* - Erroneous handshake test: - Wrong magic value. -*/ -static void -test_proto_wrong_handshake_magic(void *data) -{ - obfs2_state_t *client_state = NULL; - obfs2_state_t *server_state = NULL; - - struct evbuffer *output_buffer = NULL; - struct evbuffer *dummy_buffer = NULL; - output_buffer = evbuffer_new(); - dummy_buffer = evbuffer_new(); - - struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); - - int initiator = 1; - int no_initiator = 0; - client_proto->state = proto_init(client_proto, &initiator); - server_proto->state = proto_init(server_proto, &no_initiator); - tt_assert(client_proto); - tt_assert(server_proto); - tt_assert(client_proto->state); - tt_assert(server_proto->state); - - client_state = client_proto->state; - server_state = server_proto->state; - - uint32_t wrong_magic = 0xD15EA5E; - - uint32_t plength, send_plength; - const uchar *seed; - uchar msg[OBFUSCATE_MAX_PADDING + OBFUSCATE_SEED_LENGTH + 8]; - - tt_int_op(0, >=, random_bytes((uchar*)&plength, 4)); - plength %= OBFUSCATE_MAX_PADDING; - send_plength = htonl(plength); - - seed = client_state->initiator_seed; - memcpy(msg, seed, OBFUSCATE_SEED_LENGTH); - memcpy(msg+OBFUSCATE_SEED_LENGTH, &wrong_magic, 4); - memcpy(msg+OBFUSCATE_SEED_LENGTH+4, &send_plength, 4); - tt_int_op(0, >=, random_bytes(msg+OBFUSCATE_SEED_LENGTH+8, plength)); - - stream_crypt(client_state->send_padding_crypto, - msg+OBFUSCATE_SEED_LENGTH, 8+plength); - - evbuffer_add(output_buffer, msg, OBFUSCATE_SEED_LENGTH+8+plength); - - tt_int_op(-1, ==, proto_recv(server_proto, output_buffer, dummy_buffer)); - - tt_assert(server_state->state == ST_WAIT_FOR_KEY); - - end: - if (client_state) - proto_destroy(client_proto); - if (server_state) - proto_destroy(server_proto); - - if (output_buffer) - evbuffer_free(output_buffer); - if (dummy_buffer) - evbuffer_free(dummy_buffer); -} - -/* Erroneous handshake test: - plength field larger than OBFUSCATE_MAX_PADDING -*/ -static void -test_proto_wrong_handshake_plength(void *data) -{ - obfs2_state_t *client_state = NULL; - obfs2_state_t *server_state = NULL; - struct evbuffer *output_buffer = NULL; - struct evbuffer *dummy_buffer = NULL; - output_buffer = evbuffer_new(); - dummy_buffer = evbuffer_new(); - - struct protocol_t *client_proto = set_up_protocol(OBFS2_PROTOCOL); - struct protocol_t *server_proto = set_up_protocol(OBFS2_PROTOCOL); - int initiator = 1; - int no_initiator = 0; - client_proto->state = proto_init(client_proto, &initiator); - server_proto->state = proto_init(server_proto, &no_initiator); - tt_assert(client_proto); - tt_assert(server_proto); - tt_assert(client_proto->state); - tt_assert(server_proto->state); - - client_state = client_proto->state; - server_state = server_proto->state; - - uchar msg[OBFUSCATE_MAX_PADDING + OBFUSCATE_SEED_LENGTH + 8 + 1]; - uint32_t magic = htonl(OBFUSCATE_MAGIC_VALUE); - uint32_t plength, send_plength; - const uchar *seed; - seed = client_state->initiator_seed; - - plength = OBFUSCATE_MAX_PADDING + 1U; - send_plength = htonl(plength); - - memcpy(msg, seed, OBFUSCATE_SEED_LENGTH); - memcpy(msg+OBFUSCATE_SEED_LENGTH, &magic, 4); - memcpy(msg+OBFUSCATE_SEED_LENGTH+4, &send_plength, 4); - tt_int_op(0, >=, random_bytes(msg+OBFUSCATE_SEED_LENGTH+8, plength)); - - stream_crypt(client_state->send_padding_crypto, - msg+OBFUSCATE_SEED_LENGTH, 8+plength); - - evbuffer_add(output_buffer, msg, OBFUSCATE_SEED_LENGTH+8+plength); - - tt_int_op(-1, ==, proto_recv(server_proto, output_buffer, dummy_buffer)); - - tt_assert(server_state->state == ST_WAIT_FOR_KEY); - - end: - if (client_state) - proto_destroy(client_proto); - if (server_state) - proto_destroy(server_proto); - - if (output_buffer) - evbuffer_free(output_buffer); - if (dummy_buffer) - evbuffer_free(dummy_buffer); -} - - -#define T(name, flags) \ - { #name, test_proto_##name, (flags), NULL, NULL } - -struct testcase_t protocol_tests[] = { - T(setup, 0), - T(handshake, 0), - T(transfer, 0), - T(splitted_handshake, 0), - T(wrong_handshake_magic, 0), -#if 0 - T(wrong_handshake_padding, 0), -#endif - T(wrong_handshake_plength, 0), - END_OF_TESTCASES -};

1 0

[tor/master] Merge remote-tracking branch 'sebastian/bug2917' into maint-0.2.2
by nickm＠torproject.org 26 Apr '11

26 Apr '11

commit a7a906603e0c7e3c8519a948b5adf43bfecf6f66 Merge: b75d1da 5114e3e Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Apr 26 15:17:03 2011 -0400 Merge remote-tracking branch 'sebastian/bug2917' into maint-0.2.2 changes/bug2917 | 4 ++++ src/or/control.c | 3 ++- src/or/main.c | 43 +------------------------------------------ src/or/main.h | 2 +- src/or/or.h | 2 +- 5 files changed, 9 insertions(+), 45 deletions(-)

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.2'
by nickm＠torproject.org 26 Apr '11

26 Apr '11

commit 3256627a4548c4977b834cc724689e0e9a960f06 Merge: 33f058a f810a1a Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Apr 26 15:30:51 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.2' Conflicts: src/or/main.h changes/bug2917 | 4 ++++ src/or/control.c | 4 +++- src/or/main.c | 49 ++++++++----------------------------------------- src/or/main.h | 2 +- src/or/or.h | 2 +- 5 files changed, 17 insertions(+), 44 deletions(-) diff --cc src/or/main.h index 67c3bb3,0551f7a..db97cf1 --- a/src/or/main.h +++ b/src/or/main.h @@@ -51,10 -46,8 +51,10 @@@ void directory_info_has_arrived(time_t void ip_address_changed(int at_interface); void dns_servers_relaunch_checks(void); +long get_uptime(void); + - void control_signal_act(int the_signal); void handle_signals(int is_parent); + void process_signal(uintptr_t sig); int try_locking(or_options_t *options, int err_if_locked); int have_lockfile(void);

1 0

[tor/master] Expose a new process_signal(uintptr_t), not signal_callback()
by nickm＠torproject.org 26 Apr '11

26 Apr '11

commit f810a1afe990788cd8f944a515a493902df84ed1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Apr 26 15:20:08 2011 -0400 Expose a new process_signal(uintptr_t), not signal_callback() This is a tweak to the bug2917 fix. Basically, if we want to simulate a signal arriving in the controller, we shouldn't have to pretend that we're Libevent, or depend on how Tor sets up its Libevent callbacks. --- src/or/control.c | 3 ++- src/or/main.c | 10 +++++++++- src/or/main.h | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index bb1c330..9f7739a 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -1222,7 +1222,8 @@ handle_control_signal(control_connection_t *conn, uint32_t len, /* Flush the "done" first if the signal might make us shut down. */ if (sig == SIGTERM || sig == SIGINT) connection_handle_write(TO_CONN(conn), 1); - signal_callback(0,0,(void*)(uintptr_t)sig); + + process_signal(sig); return 0; } diff --git a/src/or/main.c b/src/or/main.c index 5e4d88c..1699568 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1578,12 +1578,20 @@ do_main_loop(void) /** Libevent callback: invoked when we get a signal. */ -void +static void signal_callback(int fd, short events, void *arg) { uintptr_t sig = (uintptr_t)arg; (void)fd; (void)events; + + process_signal(sig); +} + +/** Do the work of acting on a signal received in sig */ +void +process_signal(uintptr_t sig) +{ switch (sig) { case SIGTERM: diff --git a/src/or/main.h b/src/or/main.h index 626bf1c..0551f7a 100644 --- a/src/or/main.h +++ b/src/or/main.h @@ -47,7 +47,7 @@ void ip_address_changed(int at_interface); void dns_servers_relaunch_checks(void); void handle_signals(int is_parent); -void signal_callback(int fd, short events, void *arg); +void process_signal(uintptr_t sig); int try_locking(or_options_t *options, int err_if_locked); int have_lockfile(void);

1 0

[tor/master] Make SIGNAL DUMP work on FreeBSD
by nickm＠torproject.org 26 Apr '11

26 Apr '11

commit 5114e3e44235ea39447eea37213c65413cdb1a2c Author: Sebastian Hahn <sebastian(a)torproject.org> Date: Thu Apr 14 20:04:39 2011 -0700 Make SIGNAL DUMP work on FreeBSD While doing so, get rid of the now unnecessary function control_signal_act(). Fixes bug 2917, reported by Robert Ransom. Bugfix on commit 9b4aa8d2abbce71398e58188209a1b1d04885b96. This patch is loosely based on a patch by Robert (Changelog entry). --- changes/bug2917 | 4 ++++ src/or/control.c | 3 ++- src/or/main.c | 43 +------------------------------------------ src/or/main.h | 2 +- src/or/or.h | 2 +- 5 files changed, 9 insertions(+), 45 deletions(-) diff --git a/changes/bug2917 b/changes/bug2917 new file mode 100644 index 0000000..6b1e643 --- /dev/null +++ b/changes/bug2917 @@ -0,0 +1,4 @@ + o Minor bugfixes + - Make the SIGNAL DUMP control-port command work on FreeBSD. Fixes + bug 2917. Bugfix on 0.1.1.1-alpha. + diff --git a/src/or/control.c b/src/or/control.c index 8f3af0b..bb1c330 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -1222,7 +1222,8 @@ handle_control_signal(control_connection_t *conn, uint32_t len, /* Flush the "done" first if the signal might make us shut down. */ if (sig == SIGTERM || sig == SIGINT) connection_handle_write(TO_CONN(conn), 1); - control_signal_act(sig); + signal_callback(0,0,(void*)(uintptr_t)sig); + return 0; } diff --git a/src/or/main.c b/src/or/main.c index 83d1e1e..5e4d88c 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -64,7 +64,6 @@ static void dumpmemusage(int severity); static void dumpstats(int severity); /* log stats */ static void conn_read_callback(int fd, short event, void *_conn); static void conn_write_callback(int fd, short event, void *_conn); -static void signal_callback(int fd, short events, void *arg); static void second_elapsed_callback(periodic_timer_t *timer, void *args); static int conn_close_if_marked(int i); static void connection_start_reading_from_linked_conn(connection_t *conn); @@ -1577,49 +1576,9 @@ do_main_loop(void) } } -/** Used to implement the SIGNAL control command: if we accept - * the_signal as a remote pseudo-signal, act on it. */ -/* We don't re-use catch() here because: - * 1. We handle a different set of signals than those allowed in catch. - * 2. Platforms without signal() are unlikely to define SIGfoo. - * 3. The control spec is defined to use fixed numeric signal values - * which just happen to match the Unix values. - */ -void -control_signal_act(int the_signal) -{ - switch (the_signal) - { - case 1: - signal_callback(0,0,(void*)(uintptr_t)SIGHUP); - break; - case 2: - signal_callback(0,0,(void*)(uintptr_t)SIGINT); - break; - case 10: - signal_callback(0,0,(void*)(uintptr_t)SIGUSR1); - break; - case 12: - signal_callback(0,0,(void*)(uintptr_t)SIGUSR2); - break; - case 15: - signal_callback(0,0,(void*)(uintptr_t)SIGTERM); - break; - case SIGNEWNYM: - signal_callback(0,0,(void*)(uintptr_t)SIGNEWNYM); - break; - case SIGCLEARDNSCACHE: - signal_callback(0,0,(void*)(uintptr_t)SIGCLEARDNSCACHE); - break; - default: - log_warn(LD_BUG, "Unrecognized signal number %d.", the_signal); - break; - } -} - /** Libevent callback: invoked when we get a signal. */ -static void +void signal_callback(int fd, short events, void *arg) { uintptr_t sig = (uintptr_t)arg; diff --git a/src/or/main.h b/src/or/main.h index ed0fb97..626bf1c 100644 --- a/src/or/main.h +++ b/src/or/main.h @@ -46,8 +46,8 @@ void directory_info_has_arrived(time_t now, int from_cache); void ip_address_changed(int at_interface); void dns_servers_relaunch_checks(void); -void control_signal_act(int the_signal); void handle_signals(int is_parent); +void signal_callback(int fd, short events, void *arg); int try_locking(or_options_t *options, int err_if_locked); int have_lockfile(void); diff --git a/src/or/or.h b/src/or/or.h index 1688a08..06e6d7f 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -91,7 +91,7 @@ #include "compat_libevent.h" #include "ht.h" -/* These signals are defined to help control_signal_act work. +/* These signals are defined to help handle_control_signal work. */ #ifndef SIGHUP #define SIGHUP 1

1 0

[tor/maint-0.2.2] Make SIGNAL DUMP work on FreeBSD
by nickm＠torproject.org 26 Apr '11

26 Apr '11

commit 5114e3e44235ea39447eea37213c65413cdb1a2c Author: Sebastian Hahn <sebastian(a)torproject.org> Date: Thu Apr 14 20:04:39 2011 -0700 Make SIGNAL DUMP work on FreeBSD While doing so, get rid of the now unnecessary function control_signal_act(). Fixes bug 2917, reported by Robert Ransom. Bugfix on commit 9b4aa8d2abbce71398e58188209a1b1d04885b96. This patch is loosely based on a patch by Robert (Changelog entry). --- changes/bug2917 | 4 ++++ src/or/control.c | 3 ++- src/or/main.c | 43 +------------------------------------------ src/or/main.h | 2 +- src/or/or.h | 2 +- 5 files changed, 9 insertions(+), 45 deletions(-) diff --git a/changes/bug2917 b/changes/bug2917 new file mode 100644 index 0000000..6b1e643 --- /dev/null +++ b/changes/bug2917 @@ -0,0 +1,4 @@ + o Minor bugfixes + - Make the SIGNAL DUMP control-port command work on FreeBSD. Fixes + bug 2917. Bugfix on 0.1.1.1-alpha. + diff --git a/src/or/control.c b/src/or/control.c index 8f3af0b..bb1c330 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -1222,7 +1222,8 @@ handle_control_signal(control_connection_t *conn, uint32_t len, /* Flush the "done" first if the signal might make us shut down. */ if (sig == SIGTERM || sig == SIGINT) connection_handle_write(TO_CONN(conn), 1); - control_signal_act(sig); + signal_callback(0,0,(void*)(uintptr_t)sig); + return 0; } diff --git a/src/or/main.c b/src/or/main.c index 83d1e1e..5e4d88c 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -64,7 +64,6 @@ static void dumpmemusage(int severity); static void dumpstats(int severity); /* log stats */ static void conn_read_callback(int fd, short event, void *_conn); static void conn_write_callback(int fd, short event, void *_conn); -static void signal_callback(int fd, short events, void *arg); static void second_elapsed_callback(periodic_timer_t *timer, void *args); static int conn_close_if_marked(int i); static void connection_start_reading_from_linked_conn(connection_t *conn); @@ -1577,49 +1576,9 @@ do_main_loop(void) } } -/** Used to implement the SIGNAL control command: if we accept - * the_signal as a remote pseudo-signal, act on it. */ -/* We don't re-use catch() here because: - * 1. We handle a different set of signals than those allowed in catch. - * 2. Platforms without signal() are unlikely to define SIGfoo. - * 3. The control spec is defined to use fixed numeric signal values - * which just happen to match the Unix values. - */ -void -control_signal_act(int the_signal) -{ - switch (the_signal) - { - case 1: - signal_callback(0,0,(void*)(uintptr_t)SIGHUP); - break; - case 2: - signal_callback(0,0,(void*)(uintptr_t)SIGINT); - break; - case 10: - signal_callback(0,0,(void*)(uintptr_t)SIGUSR1); - break; - case 12: - signal_callback(0,0,(void*)(uintptr_t)SIGUSR2); - break; - case 15: - signal_callback(0,0,(void*)(uintptr_t)SIGTERM); - break; - case SIGNEWNYM: - signal_callback(0,0,(void*)(uintptr_t)SIGNEWNYM); - break; - case SIGCLEARDNSCACHE: - signal_callback(0,0,(void*)(uintptr_t)SIGCLEARDNSCACHE); - break; - default: - log_warn(LD_BUG, "Unrecognized signal number %d.", the_signal); - break; - } -} - /** Libevent callback: invoked when we get a signal. */ -static void +void signal_callback(int fd, short events, void *arg) { uintptr_t sig = (uintptr_t)arg; diff --git a/src/or/main.h b/src/or/main.h index ed0fb97..626bf1c 100644 --- a/src/or/main.h +++ b/src/or/main.h @@ -46,8 +46,8 @@ void directory_info_has_arrived(time_t now, int from_cache); void ip_address_changed(int at_interface); void dns_servers_relaunch_checks(void); -void control_signal_act(int the_signal); void handle_signals(int is_parent); +void signal_callback(int fd, short events, void *arg); int try_locking(or_options_t *options, int err_if_locked); int have_lockfile(void); diff --git a/src/or/or.h b/src/or/or.h index 1688a08..06e6d7f 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -91,7 +91,7 @@ #include "compat_libevent.h" #include "ht.h" -/* These signals are defined to help control_signal_act work. +/* These signals are defined to help handle_control_signal work. */ #ifndef SIGHUP #define SIGHUP 1

1 0

[tor/maint-0.2.2] Merge remote-tracking branch 'sebastian/bug2917' into maint-0.2.2
by nickm＠torproject.org 26 Apr '11

26 Apr '11

commit a7a906603e0c7e3c8519a948b5adf43bfecf6f66 Merge: b75d1da 5114e3e Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Apr 26 15:17:03 2011 -0400 Merge remote-tracking branch 'sebastian/bug2917' into maint-0.2.2 changes/bug2917 | 4 ++++ src/or/control.c | 3 ++- src/or/main.c | 43 +------------------------------------------ src/or/main.h | 2 +- src/or/or.h | 2 +- 5 files changed, 9 insertions(+), 45 deletions(-)

1 0

[tor/maint-0.2.2] Expose a new process_signal(uintptr_t), not signal_callback()
by nickm＠torproject.org 26 Apr '11

26 Apr '11

commit f810a1afe990788cd8f944a515a493902df84ed1 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Apr 26 15:20:08 2011 -0400 Expose a new process_signal(uintptr_t), not signal_callback() This is a tweak to the bug2917 fix. Basically, if we want to simulate a signal arriving in the controller, we shouldn't have to pretend that we're Libevent, or depend on how Tor sets up its Libevent callbacks. --- src/or/control.c | 3 ++- src/or/main.c | 10 +++++++++- src/or/main.h | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index bb1c330..9f7739a 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -1222,7 +1222,8 @@ handle_control_signal(control_connection_t *conn, uint32_t len, /* Flush the "done" first if the signal might make us shut down. */ if (sig == SIGTERM || sig == SIGINT) connection_handle_write(TO_CONN(conn), 1); - signal_callback(0,0,(void*)(uintptr_t)sig); + + process_signal(sig); return 0; } diff --git a/src/or/main.c b/src/or/main.c index 5e4d88c..1699568 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1578,12 +1578,20 @@ do_main_loop(void) /** Libevent callback: invoked when we get a signal. */ -void +static void signal_callback(int fd, short events, void *arg) { uintptr_t sig = (uintptr_t)arg; (void)fd; (void)events; + + process_signal(sig); +} + +/** Do the work of acting on a signal received in sig */ +void +process_signal(uintptr_t sig) +{ switch (sig) { case SIGTERM: diff --git a/src/or/main.h b/src/or/main.h index 626bf1c..0551f7a 100644 --- a/src/or/main.h +++ b/src/or/main.h @@ -47,7 +47,7 @@ void ip_address_changed(int at_interface); void dns_servers_relaunch_checks(void); void handle_signals(int is_parent); -void signal_callback(int fd, short events, void *arg); +void process_signal(uintptr_t sig); int try_locking(or_options_t *options, int err_if_locked); int have_lockfile(void);

1 0