tor-commits
Threads by month
- ----- 2025 -----
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
May 2015
- 22 participants
- 990 discussions
[tor/master] Start testing cell encoders/processers for the v3 handshake.
by nickm@torproject.org 28 May '15
by nickm@torproject.org 28 May '15
28 May '15
commit b75361c5ed717cde787c1b4f36e8fb51ccfddc2b
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Wed Oct 8 15:39:34 2014 -0400
Start testing cell encoders/processers for the v3 handshake.
An earlier version of these tests was broken; now they're a nicer,
more robust, more black-box set of tests. The key is to have each
test check a handshake message that is wrong in _one_ way.
---
src/common/tortls.c | 4 +-
src/common/tortls.h | 4 +-
src/or/channeltls.c | 15 +-
src/or/channeltls.h | 8 +
src/or/connection_or.c | 18 +-
src/or/connection_or.h | 12 +-
src/test/include.am | 3 +
src/test/test.c | 2 +
src/test/test_link_handshake.c | 637 ++++++++++++++++++++++++++++++++++++++++
9 files changed, 675 insertions(+), 28 deletions(-)
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 97dca4d..62e32c5 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1023,8 +1023,8 @@ tor_tls_cert_get_key(tor_x509_cert_t *cert)
/** Return true iff the other side of <b>tls</b> has authenticated to us, and
* the key certified in <b>cert</b> is the same as the key they used to do it.
*/
-int
-tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
+MOCK_IMPL(int,
+tor_tls_cert_matches_key,(const tor_tls_t *tls, const tor_x509_cert_t *cert))
{
X509 *peercert = SSL_get_peer_certificate(tls->ssl);
EVP_PKEY *link_key = NULL, *cert_key = NULL;
diff --git a/src/common/tortls.h b/src/common/tortls.h
index 28a73e9..11ef09f 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -132,8 +132,8 @@ int tor_tls_get_my_certs(int server,
const tor_x509_cert_t **id_cert_out);
crypto_pk_t *tor_tls_get_my_client_auth_key(void);
crypto_pk_t *tor_tls_cert_get_key(tor_x509_cert_t *cert);
-int tor_tls_cert_matches_key(const tor_tls_t *tls,
- const tor_x509_cert_t *cert);
+MOCK_DECL(int,tor_tls_cert_matches_key,(const tor_tls_t *tls,
+ const tor_x509_cert_t *cert));
int tor_tls_cert_is_valid(int severity,
const tor_x509_cert_t *cert,
const tor_x509_cert_t *signing_cert,
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 10fcb28..af7f474 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -13,6 +13,8 @@
#define TOR_CHANNEL_INTERNAL_
+#define CHANNELTLS_PRIVATE
+
#include "or.h"
#include "channel.h"
#include "channeltls.h"
@@ -47,9 +49,6 @@ uint64_t stats_n_authorize_cells_processed = 0;
/** Active listener, if any */
channel_listener_t *channel_tls_listener = NULL;
-/* Utility function declarations */
-static void channel_tls_common_init(channel_tls_t *tlschan);
-
/* channel_tls_t method declarations */
static void channel_tls_close_method(channel_t *chan);
@@ -91,10 +90,6 @@ static void channel_tls_process_versions_cell(var_cell_t *cell,
channel_tls_t *tlschan);
static void channel_tls_process_netinfo_cell(cell_t *cell,
channel_tls_t *tlschan);
-static void channel_tls_process_certs_cell(var_cell_t *cell,
- channel_tls_t *tlschan);
-static void channel_tls_process_auth_challenge_cell(var_cell_t *cell,
- channel_tls_t *tlschan);
static void channel_tls_process_authenticate_cell(var_cell_t *cell,
channel_tls_t *tlschan);
static int command_allowed_before_handshake(uint8_t command);
@@ -106,7 +101,7 @@ static int enter_v3_handshake_with_cell(var_cell_t *cell,
* and channel_tls_handle_incoming().
*/
-static void
+STATIC void
channel_tls_common_init(channel_tls_t *tlschan)
{
channel_t *chan;
@@ -1744,7 +1739,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
* If it's the server side, wait for an AUTHENTICATE cell.
*/
-static void
+STATIC void
channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
{
tor_x509_cert_t *link_cert = NULL;
@@ -1946,7 +1941,7 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
* want to authenticate, send an AUTHENTICATE cell and then a NETINFO cell.
*/
-static void
+STATIC void
channel_tls_process_auth_challenge_cell(var_cell_t *cell, channel_tls_t *chan)
{
int n_types, i, use_type = -1;
diff --git a/src/or/channeltls.h b/src/or/channeltls.h
index 5074294..69f6e62 100644
--- a/src/or/channeltls.h
+++ b/src/or/channeltls.h
@@ -52,5 +52,13 @@ void channel_tls_update_marks(or_connection_t *conn);
/* Cleanup at shutdown */
void channel_tls_free_all(void);
+#ifdef CHANNELTLS_PRIVATE
+STATIC void channel_tls_process_certs_cell(var_cell_t *cell,
+ channel_tls_t *tlschan);
+STATIC void channel_tls_process_auth_challenge_cell(var_cell_t *cell,
+ channel_tls_t *tlschan);
+STATIC void channel_tls_common_init(channel_tls_t *tlschan);
+#endif
+
#endif
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 4ab47f0..8602bcb 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1318,8 +1318,8 @@ connection_or_close_normally(or_connection_t *orconn, int flush)
* the error state.
*/
-void
-connection_or_close_for_error(or_connection_t *orconn, int flush)
+MOCK_IMPL(void,
+connection_or_close_for_error,(or_connection_t *orconn, int flush))
{
channel_t *chan = NULL;
@@ -2012,9 +2012,9 @@ connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn)
* <b>conn</b>'s outbuf. Right now, this <em>DOES NOT</em> support cells that
* affect a circuit.
*/
-void
-connection_or_write_var_cell_to_buf(const var_cell_t *cell,
- or_connection_t *conn)
+MOCK_IMPL(void,
+connection_or_write_var_cell_to_buf,(const var_cell_t *cell,
+ or_connection_t *conn))
{
int n;
char hdr[VAR_CELL_MAX_HEADER_SIZE];
@@ -2157,8 +2157,8 @@ connection_or_send_versions(or_connection_t *conn, int v3_plus)
/** Send a NETINFO cell on <b>conn</b>, telling the other server what we know
* about their address, our address, and the current time. */
-int
-connection_or_send_netinfo(or_connection_t *conn)
+MOCK_IMPL(int,
+connection_or_send_netinfo,(or_connection_t *conn))
{
cell_t cell;
time_t now = time(NULL);
@@ -2443,8 +2443,8 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
/** Send an AUTHENTICATE cell on the connection <b>conn</b>. Return 0 on
* success, -1 on failure */
-int
-connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
+MOCK_IMPL(int,
+connection_or_send_authenticate_cell,(or_connection_t *conn, int authtype))
{
var_cell_t *cell;
crypto_pk_t *pk = tor_tls_get_my_client_auth_key();
diff --git a/src/or/connection_or.h b/src/or/connection_or.h
index fc261c6..3877fd5 100644
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@@ -43,7 +43,8 @@ MOCK_DECL(or_connection_t *,
const char *id_digest, channel_tls_t *chan));
void connection_or_close_normally(or_connection_t *orconn, int flush);
-void connection_or_close_for_error(or_connection_t *orconn, int flush);
+MOCK_DECL(void,connection_or_close_for_error,
+ (or_connection_t *orconn, int flush));
void connection_or_report_broken_states(int severity, int domain);
@@ -77,17 +78,18 @@ void or_handshake_state_record_var_cell(or_connection_t *conn,
int connection_or_set_state_open(or_connection_t *conn);
void connection_or_write_cell_to_buf(const cell_t *cell,
or_connection_t *conn);
-void connection_or_write_var_cell_to_buf(const var_cell_t *cell,
- or_connection_t *conn);
+MOCK_DECL(void,connection_or_write_var_cell_to_buf,(const var_cell_t *cell,
+ or_connection_t *conn));
int connection_or_send_versions(or_connection_t *conn, int v3_plus);
-int connection_or_send_netinfo(or_connection_t *conn);
+MOCK_DECL(int,connection_or_send_netinfo,(or_connection_t *conn));
int connection_or_send_certs_cell(or_connection_t *conn);
int connection_or_send_auth_challenge_cell(or_connection_t *conn);
int connection_or_compute_authenticate_cell_body(or_connection_t *conn,
uint8_t *out, size_t outlen,
crypto_pk_t *signing_key,
int server);
-int connection_or_send_authenticate_cell(or_connection_t *conn, int type);
+MOCK_DECL(int,connection_or_send_authenticate_cell,
+ (or_connection_t *conn, int type));
int is_or_protocol_version_known(uint16_t version);
diff --git a/src/test/include.am b/src/test/include.am
index b433fc5..2a0c543 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -13,6 +13,8 @@ src_test_AM_CPPFLAGS = -DSHARE_DATADIR="\"$(datadir)\"" \
-DLOCALSTATEDIR="\"$(localstatedir)\"" \
-DBINDIR="\"$(bindir)\"" \
-I"$(top_srcdir)/src/or" -I"$(top_srcdir)/src/ext" \
+ -I"$(top_srcdir)/src/trunnel" \
+ -I"$(top_srcdir)/src/ext/trunnel" \
-DTOR_UNIT_TESTS
# -L flags need to go in LDFLAGS. -l flags need to go in LDADD.
@@ -45,6 +47,7 @@ src_test_test_SOURCES = \
src/test/test_hs.c \
src/test/test_introduce.c \
src/test/test_keypin.c \
+ src/test/test_link_handshake.c \
src/test/test_logging.c \
src/test/test_microdesc.c \
src/test/test_nodelist.c \
diff --git a/src/test/test.c b/src/test/test.c
index cd8aa3f..dee5c00 100644
--- a/src/test/test.c
+++ b/src/test/test.c
@@ -1137,6 +1137,7 @@ extern struct testcase_t extorport_tests[];
extern struct testcase_t hs_tests[];
extern struct testcase_t introduce_tests[];
extern struct testcase_t keypin_tests[];
+extern struct testcase_t link_handshake_tests[];
extern struct testcase_t logging_tests[];
extern struct testcase_t microdesc_tests[];
extern struct testcase_t nodelist_tests[];
@@ -1183,6 +1184,7 @@ struct testgroup_t testgroups[] = {
{ "hs/", hs_tests },
{ "introduce/", introduce_tests },
{ "keypin/", keypin_tests },
+ { "link-handshake/", link_handshake_tests },
{ "nodelist/", nodelist_tests },
{ "oom/", oom_tests },
{ "options/", options_tests },
diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c
new file mode 100644
index 0000000..eb72a0c
--- /dev/null
+++ b/src/test/test_link_handshake.c
@@ -0,0 +1,637 @@
+/* Copyright (c) 2014, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include "orconfig.h"
+
+#define CHANNELTLS_PRIVATE
+#define CONNECTION_PRIVATE
+#define TOR_CHANNEL_INTERNAL_
+#include "or.h"
+#include "config.h"
+#include "connection.h"
+#include "connection_or.h"
+#include "channeltls.h"
+#include "link_handshake.h"
+
+#include "test.h"
+
+var_cell_t *mock_got_var_cell = NULL;
+
+static void
+mock_write_var_cell(const var_cell_t *vc, or_connection_t *conn)
+{
+ (void)conn;
+
+ var_cell_t *newcell = var_cell_new(vc->payload_len);
+ memcpy(newcell, vc, sizeof(var_cell_t));
+ memcpy(newcell->payload, vc->payload, vc->payload_len);
+
+ mock_got_var_cell = newcell;
+}
+static int
+mock_tls_cert_matches_key(const tor_tls_t *tls, const tor_x509_cert_t *cert)
+{
+ (void) tls;
+ (void) cert; // XXXX look at this.
+ return 1;
+}
+
+static int mock_send_netinfo_called = 0;
+static int
+mock_send_netinfo(or_connection_t *conn)
+{
+ (void) conn;
+ ++mock_send_netinfo_called;// XXX check_this
+ return 0;
+}
+
+static int mock_close_called = 0;
+static void
+mock_close_for_err(or_connection_t *orconn, int flush)
+{
+ (void)orconn;
+ (void)flush;
+ ++mock_close_called;
+}
+
+static int mock_send_authenticate_called = 0;
+static int
+mock_send_authenticate(or_connection_t *conn, int type)
+{
+ (void) conn;
+ (void) type;
+ ++mock_send_authenticate_called;// XXX check_this
+ return 0;
+}
+
+/* Test good certs cells */
+static void
+test_link_handshake_certs_ok(void *arg)
+{
+ (void) arg;
+
+ or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
+ or_connection_t *c2 = or_connection_new(CONN_TYPE_OR, AF_INET);
+ var_cell_t *cell1 = NULL, *cell2 = NULL;
+ certs_cell_t *cc1 = NULL, *cc2 = NULL;
+ channel_tls_t *chan1 = NULL, *chan2 = NULL;
+ crypto_pk_t *key1 = NULL, *key2 = NULL;
+
+ scheduler_init();
+
+ MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
+ MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
+ MOCK(connection_or_send_netinfo, mock_send_netinfo);
+
+ key1 = pk_generate(2);
+ key2 = pk_generate(3);
+
+ /* We need to make sure that our TLS certificates are set up before we can
+ * actually generate a CERTS cell.
+ */
+ tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+ key1, key2, 86400), ==, 0);
+
+ c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+ c1->link_proto = 3;
+ tt_int_op(connection_init_or_handshake_state(c1, 1), ==, 0);
+
+ c2->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+ c2->link_proto = 3;
+ tt_int_op(connection_init_or_handshake_state(c2, 0), ==, 0);
+
+ tt_int_op(0, ==, connection_or_send_certs_cell(c1));
+ tt_assert(mock_got_var_cell);
+ cell1 = mock_got_var_cell;
+
+ tt_int_op(0, ==, connection_or_send_certs_cell(c2));
+ tt_assert(mock_got_var_cell);
+ cell2 = mock_got_var_cell;
+
+ tt_int_op(cell1->command, ==, CELL_CERTS);
+ tt_int_op(cell1->payload_len, >, 1);
+
+ tt_int_op(cell2->command, ==, CELL_CERTS);
+ tt_int_op(cell2->payload_len, >, 1);
+
+ tt_int_op(cell1->payload_len, ==,
+ certs_cell_parse(&cc1, cell1->payload, cell1->payload_len));
+ tt_int_op(cell2->payload_len, ==,
+ certs_cell_parse(&cc2, cell2->payload, cell2->payload_len));
+
+ tt_int_op(2, ==, cc1->n_certs);
+ tt_int_op(2, ==, cc2->n_certs);
+
+ tt_int_op(certs_cell_get_certs(cc1, 0)->cert_type, ==,
+ CERTTYPE_RSA1024_ID_AUTH);
+ tt_int_op(certs_cell_get_certs(cc1, 1)->cert_type, ==,
+ CERTTYPE_RSA1024_ID_ID);
+
+ tt_int_op(certs_cell_get_certs(cc2, 0)->cert_type, ==,
+ CERTTYPE_RSA1024_ID_LINK);
+ tt_int_op(certs_cell_get_certs(cc2, 1)->cert_type, ==,
+ CERTTYPE_RSA1024_ID_ID);
+
+ chan1 = tor_malloc_zero(sizeof(*chan1));
+ channel_tls_common_init(chan1);
+ c1->chan = chan1;
+ chan1->conn = c1;
+ c1->base_.address = tor_strdup("C1");
+ c1->tls = tor_tls_new(-1, 0);
+ c1->link_proto = 4;
+ c1->base_.conn_array_index = -1;
+ crypto_pk_get_digest(key2, c1->identity_digest);
+
+ channel_tls_process_certs_cell(cell2, chan1);
+
+ tt_assert(c1->handshake_state->received_certs_cell);
+ tt_assert(c1->handshake_state->auth_cert == NULL);
+ tt_assert(c1->handshake_state->id_cert);
+ tt_assert(! tor_mem_is_zero(
+ (char*)c1->handshake_state->authenticated_peer_id, 20));
+
+ chan2 = tor_malloc_zero(sizeof(*chan2));
+ channel_tls_common_init(chan2);
+ c2->chan = chan2;
+ chan2->conn = c2;
+ c2->base_.address = tor_strdup("C2");
+ c2->tls = tor_tls_new(-1, 1);
+ c2->link_proto = 4;
+ c2->base_.conn_array_index = -1;
+ crypto_pk_get_digest(key1, c2->identity_digest);
+
+ channel_tls_process_certs_cell(cell1, chan2);
+
+ tt_assert(c2->handshake_state->received_certs_cell);
+ tt_assert(c2->handshake_state->auth_cert);
+ tt_assert(c2->handshake_state->id_cert);
+ tt_assert(tor_mem_is_zero(
+ (char*)c2->handshake_state->authenticated_peer_id, 20));
+
+ done:
+ UNMOCK(tor_tls_cert_matches_key);
+ UNMOCK(connection_or_write_var_cell_to_buf);
+ UNMOCK(connection_or_send_netinfo);
+ connection_free_(TO_CONN(c1));
+ connection_free_(TO_CONN(c2));
+ tor_free(cell1);
+ tor_free(cell2);
+ certs_cell_free(cc1);
+ certs_cell_free(cc2);
+ tor_free(chan1);
+ tor_free(chan2);
+}
+
+typedef struct certs_data_s {
+ or_connection_t *c;
+ channel_tls_t *chan;
+ certs_cell_t *ccell;
+ var_cell_t *cell;
+} certs_data_t;
+
+
+static int
+recv_certs_cleanup(const struct testcase_t *test, void *obj)
+{
+ (void)test;
+ certs_data_t *d = obj;
+ UNMOCK(tor_tls_cert_matches_key);
+ UNMOCK(connection_or_send_netinfo);
+ UNMOCK(connection_or_close_for_error);
+
+ if (d) {
+ tor_free(d->cell);
+ certs_cell_free(d->ccell);
+ connection_free_(TO_CONN(d->c));
+ tor_free(d->chan);
+ tor_free(d);
+ }
+ return 1;
+}
+
+static void *
+recv_certs_setup(const struct testcase_t *test)
+{
+ (void)test;
+ certs_data_t *d = tor_malloc_zero(sizeof(*d));
+ certs_cell_cert_t *ccc1 = NULL;
+ certs_cell_cert_t *ccc2 = NULL;
+ ssize_t n;
+
+ d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
+ d->chan = tor_malloc_zero(sizeof(*d->chan));
+ d->c->chan = d->chan;
+ d->c->base_.address = tor_strdup("HaveAnAddress");
+ d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+ d->chan->conn = d->c;
+ tt_int_op(connection_init_or_handshake_state(d->c, 1), ==, 0);
+ d->c->link_proto = 4;
+
+ crypto_pk_t *key1 = NULL, *key2 = NULL;
+ key1 = pk_generate(2);
+ key2 = pk_generate(3);
+
+ tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+ key1, key2, 86400), ==, 0);
+ d->ccell = certs_cell_new();
+ ccc1 = certs_cell_cert_new();
+ certs_cell_add_certs(d->ccell, ccc1);
+ ccc2 = certs_cell_cert_new();
+ certs_cell_add_certs(d->ccell, ccc2);
+ d->ccell->n_certs = 2;
+ ccc1->cert_type = 1;
+ ccc2->cert_type = 2;
+
+ const tor_x509_cert_t *a,*b;
+ const uint8_t *enca, *encb;
+ size_t lena, lenb;
+ tor_tls_get_my_certs(1, &a, &b);
+ tor_x509_cert_get_der(a, &enca, &lena);
+ tor_x509_cert_get_der(b, &encb, &lenb);
+ certs_cell_cert_setlen_body(ccc1, lena);
+ ccc1->cert_len = lena;
+ certs_cell_cert_setlen_body(ccc2, lenb);
+ ccc2->cert_len = lenb;
+
+ memcpy(certs_cell_cert_getarray_body(ccc1), enca, lena);
+ memcpy(certs_cell_cert_getarray_body(ccc2), encb, lenb);
+
+ d->cell = var_cell_new(4096);
+ d->cell->command = CELL_CERTS;
+
+ n = certs_cell_encode(d->cell->payload, 4096, d->ccell);
+ tt_int_op(n, >, 0);
+ d->cell->payload_len = n;
+
+ MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
+ MOCK(connection_or_send_netinfo, mock_send_netinfo);
+ MOCK(connection_or_close_for_error, mock_close_for_err);
+
+ tt_int_op(0, ==, d->c->handshake_state->received_certs_cell);
+ tt_int_op(0, ==, mock_send_authenticate_called);
+ tt_int_op(0, ==, mock_send_netinfo_called);
+
+ return d;
+ done:
+ recv_certs_cleanup(test, d);
+ return NULL;
+}
+
+static struct testcase_setup_t setup_recv_certs = {
+ .setup_fn = recv_certs_setup,
+ .cleanup_fn = recv_certs_cleanup
+};
+
+static void
+test_link_handshake_recv_certs_ok(void *arg)
+{
+ certs_data_t *d = arg;
+ channel_tls_process_certs_cell(d->cell, d->chan);
+ tt_int_op(0, ==, mock_close_called);
+ tt_int_op(d->c->handshake_state->authenticated, ==, 1);
+ tt_int_op(d->c->handshake_state->received_certs_cell, ==, 1);
+ tt_assert(d->c->handshake_state->id_cert != NULL);
+ tt_assert(d->c->handshake_state->auth_cert == NULL);
+
+ done:
+ ;
+}
+
+static void
+test_link_handshake_recv_certs_ok_server(void *arg)
+{
+ certs_data_t *d = arg;
+ d->c->handshake_state->started_here = 0;
+ certs_cell_get_certs(d->ccell, 0)->cert_type = 3;
+ certs_cell_get_certs(d->ccell, 1)->cert_type = 2;
+ ssize_t n = certs_cell_encode(d->cell->payload, 2048, d->ccell);
+ tt_int_op(n, >, 0);
+ d->cell->payload_len = n;
+ channel_tls_process_certs_cell(d->cell, d->chan);
+ tt_int_op(0, ==, mock_close_called);
+ tt_int_op(d->c->handshake_state->authenticated, ==, 0);
+ tt_int_op(d->c->handshake_state->received_certs_cell, ==, 1);
+ tt_assert(d->c->handshake_state->id_cert != NULL);
+ tt_assert(d->c->handshake_state->auth_cert != NULL);
+
+ done:
+ ;
+}
+
+#define CERTS_FAIL(name, code) \
+ static void \
+ test_link_handshake_recv_certs_ ## name (void *arg) \
+ { \
+ certs_data_t *d = arg; \
+ { code ; } \
+ channel_tls_process_certs_cell(d->cell, d->chan); \
+ tt_int_op(1, ==, mock_close_called); \
+ tt_int_op(0, ==, mock_send_authenticate_called); \
+ tt_int_op(0, ==, mock_send_netinfo_called); \
+ done: \
+ ; \
+ }
+
+CERTS_FAIL(badstate, d->c->base_.state = OR_CONN_STATE_CONNECTING)
+CERTS_FAIL(badproto, d->c->link_proto = 2)
+CERTS_FAIL(duplicate, d->c->handshake_state->received_certs_cell = 1)
+CERTS_FAIL(already_authenticated,
+ d->c->handshake_state->authenticated = 1)
+CERTS_FAIL(empty, d->cell->payload_len = 0)
+CERTS_FAIL(bad_circid, d->cell->circ_id = 1)
+CERTS_FAIL(truncated_1, d->cell->payload[0] = 5)
+CERTS_FAIL(truncated_2, {
+ d->cell->payload_len = 4;
+ memcpy(d->cell->payload, "\x01\x01\x00\x05", 4);})
+CERTS_FAIL(truncated_3, {
+ d->cell->payload_len = 7;
+ memcpy(d->cell->payload, "\x01\x01\x00\x05""abc", 7);})
+#define REENCODE() do { \
+ ssize_t n = certs_cell_encode(d->cell->payload, 4096, d->ccell); \
+ tt_int_op(n, >, 0); \
+ d->cell->payload_len = n; \
+ } while (0)
+
+CERTS_FAIL(not_x509, {
+ certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 0), 3);
+ certs_cell_get_certs(d->ccell, 0)->cert_len = 3;
+ REENCODE();
+ })
+CERTS_FAIL(both_link, {
+ certs_cell_get_certs(d->ccell, 0)->cert_type = 1;
+ certs_cell_get_certs(d->ccell, 1)->cert_type = 1;
+ REENCODE();
+ })
+CERTS_FAIL(both_id_rsa, {
+ certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
+ certs_cell_get_certs(d->ccell, 1)->cert_type = 2;
+ REENCODE();
+ })
+CERTS_FAIL(both_auth, {
+ certs_cell_get_certs(d->ccell, 0)->cert_type = 3;
+ certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
+ REENCODE();
+ })
+CERTS_FAIL(wrong_labels_1, {
+ certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
+ certs_cell_get_certs(d->ccell, 1)->cert_type = 1;
+ REENCODE();
+ })
+CERTS_FAIL(wrong_labels_2, {
+ const tor_x509_cert_t *a;
+ const tor_x509_cert_t *b;
+ const uint8_t *enca;
+ size_t lena;
+ tor_tls_get_my_certs(1, &a, &b);
+ tor_x509_cert_get_der(a, &enca, &lena);
+ certs_cell_cert_setlen_body(certs_cell_get_certs(d->ccell, 1), lena);
+ memcpy(certs_cell_cert_getarray_body(certs_cell_get_certs(d->ccell, 1)),
+ enca, lena);
+ certs_cell_get_certs(d->ccell, 1)->cert_len = lena;
+ REENCODE();
+ })
+CERTS_FAIL(wrong_labels_3, {
+ certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
+ certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
+ REENCODE();
+ })
+CERTS_FAIL(server_missing_certs, {
+ d->c->handshake_state->started_here = 0;
+ })
+CERTS_FAIL(server_wrong_labels_1, {
+ d->c->handshake_state->started_here = 0;
+ certs_cell_get_certs(d->ccell, 0)->cert_type = 2;
+ certs_cell_get_certs(d->ccell, 1)->cert_type = 3;
+ REENCODE();
+ })
+
+static void
+test_link_handshake_send_authchallenge(void *arg)
+{
+ (void)arg;
+
+ or_connection_t *c1 = or_connection_new(CONN_TYPE_OR, AF_INET);
+ var_cell_t *cell1=NULL, *cell2=NULL;
+
+ MOCK(connection_or_write_var_cell_to_buf, mock_write_var_cell);
+
+ tt_int_op(connection_init_or_handshake_state(c1, 0), ==, 0);
+ c1->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+ tt_assert(! mock_got_var_cell);
+ tt_int_op(0, ==, connection_or_send_auth_challenge_cell(c1));
+ cell1 = mock_got_var_cell;
+ tt_int_op(0, ==, connection_or_send_auth_challenge_cell(c1));
+ cell2 = mock_got_var_cell;
+ tt_int_op(36, ==, cell1->payload_len);
+ tt_int_op(36, ==, cell2->payload_len);
+ tt_int_op(0, ==, cell1->circ_id);
+ tt_int_op(0, ==, cell2->circ_id);
+ tt_int_op(CELL_AUTH_CHALLENGE, ==, cell1->command);
+ tt_int_op(CELL_AUTH_CHALLENGE, ==, cell2->command);
+
+ tt_mem_op("\x00\x01\x00\x01", ==, cell1->payload + 32, 4);
+ tt_mem_op("\x00\x01\x00\x01", ==, cell2->payload + 32, 4);
+ tt_mem_op(cell1->payload, !=, cell2->payload, 32);
+
+ done:
+ UNMOCK(connection_or_write_var_cell_to_buf);
+ connection_free_(TO_CONN(c1));
+ tor_free(cell1);
+ tor_free(cell2);
+}
+
+typedef struct authchallenge_data_s {
+ or_connection_t *c;
+ channel_tls_t *chan;
+ var_cell_t *cell;
+} authchallenge_data_t;
+
+static int
+recv_authchallenge_cleanup(const struct testcase_t *test, void *obj)
+{
+ (void)test;
+ authchallenge_data_t *d = obj;
+
+ UNMOCK(connection_or_send_netinfo);
+ UNMOCK(connection_or_close_for_error);
+ UNMOCK(connection_or_send_authenticate_cell);
+
+ if (d) {
+ tor_free(d->cell);
+ connection_free_(TO_CONN(d->c));
+ tor_free(d->chan);
+ tor_free(d);
+ }
+ return 1;
+}
+
+static void *
+recv_authchallenge_setup(const struct testcase_t *test)
+{
+ (void)test;
+ authchallenge_data_t *d = tor_malloc_zero(sizeof(*d));
+ d->c = or_connection_new(CONN_TYPE_OR, AF_INET);
+ d->chan = tor_malloc_zero(sizeof(*d->chan));
+ d->c->chan = d->chan;
+ d->c->base_.address = tor_strdup("HaveAnAddress");
+ d->c->base_.state = OR_CONN_STATE_OR_HANDSHAKING_V3;
+ d->chan->conn = d->c;
+ tt_int_op(connection_init_or_handshake_state(d->c, 1), ==, 0);
+ d->c->link_proto = 4;
+ d->c->handshake_state->received_certs_cell = 1;
+ d->cell = var_cell_new(128);
+ d->cell->payload_len = 38;
+ d->cell->payload[33] = 2;
+ d->cell->payload[35] = 7;
+ d->cell->payload[37] = 1;
+ d->cell->command = CELL_AUTH_CHALLENGE;
+
+ get_options_mutable()->ORPort_set = 1;
+
+ MOCK(connection_or_close_for_error, mock_close_for_err);
+ MOCK(connection_or_send_netinfo, mock_send_netinfo);
+ MOCK(connection_or_send_authenticate_cell, mock_send_authenticate);
+
+ tt_int_op(0, ==, d->c->handshake_state->received_auth_challenge);
+ tt_int_op(0, ==, mock_send_authenticate_called);
+ tt_int_op(0, ==, mock_send_netinfo_called);
+
+ return d;
+ done:
+ recv_authchallenge_cleanup(test, d);
+ return NULL;
+}
+
+static struct testcase_setup_t setup_recv_authchallenge = {
+ .setup_fn = recv_authchallenge_setup,
+ .cleanup_fn = recv_authchallenge_cleanup
+};
+
+static void
+test_link_handshake_recv_authchallenge_ok(void *arg)
+{
+ authchallenge_data_t *d = arg;
+
+ channel_tls_process_auth_challenge_cell(d->cell, d->chan);
+ tt_int_op(0, ==, mock_close_called);
+ tt_int_op(1, ==, d->c->handshake_state->received_auth_challenge);
+ tt_int_op(1, ==, mock_send_authenticate_called);
+ tt_int_op(1, ==, mock_send_netinfo_called);
+ done:
+ ;
+}
+
+static void
+test_link_handshake_recv_authchallenge_ok_noserver(void *arg)
+{
+ authchallenge_data_t *d = arg;
+ get_options_mutable()->ORPort_set = 0;
+
+ channel_tls_process_auth_challenge_cell(d->cell, d->chan);
+ tt_int_op(0, ==, mock_close_called);
+ tt_int_op(1, ==, d->c->handshake_state->received_auth_challenge);
+ tt_int_op(0, ==, mock_send_authenticate_called);
+ tt_int_op(0, ==, mock_send_netinfo_called);
+ done:
+ ;
+}
+
+static void
+test_link_handshake_recv_authchallenge_ok_unrecognized(void *arg)
+{
+ authchallenge_data_t *d = arg;
+ d->cell->payload[37] = 99;
+
+ channel_tls_process_auth_challenge_cell(d->cell, d->chan);
+ tt_int_op(0, ==, mock_close_called);
+ tt_int_op(1, ==, d->c->handshake_state->received_auth_challenge);
+ tt_int_op(0, ==, mock_send_authenticate_called);
+ tt_int_op(1, ==, mock_send_netinfo_called);
+ done:
+ ;
+}
+
+#define AUTHCHALLENGE_FAIL(name, code) \
+ static void \
+ test_link_handshake_recv_authchallenge_ ## name (void *arg) \
+ { \
+ authchallenge_data_t *d = arg; \
+ { code ; } \
+ channel_tls_process_auth_challenge_cell(d->cell, d->chan); \
+ tt_int_op(1, ==, mock_close_called); \
+ tt_int_op(0, ==, mock_send_authenticate_called); \
+ tt_int_op(0, ==, mock_send_netinfo_called); \
+ done: \
+ ; \
+ }
+
+AUTHCHALLENGE_FAIL(badstate,
+ d->c->base_.state = OR_CONN_STATE_CONNECTING)
+AUTHCHALLENGE_FAIL(badproto,
+ d->c->link_proto = 2)
+AUTHCHALLENGE_FAIL(as_server,
+ d->c->handshake_state->started_here = 0;)
+AUTHCHALLENGE_FAIL(duplicate,
+ d->c->handshake_state->received_auth_challenge = 1)
+AUTHCHALLENGE_FAIL(nocerts,
+ d->c->handshake_state->received_certs_cell = 0)
+AUTHCHALLENGE_FAIL(tooshort,
+ d->cell->payload_len = 33)
+AUTHCHALLENGE_FAIL(truncated,
+ d->cell->payload_len = 34)
+AUTHCHALLENGE_FAIL(nonzero_circid,
+ d->cell->circ_id = 1337)
+
+#define TEST(name, flags) \
+ { #name , test_link_handshake_ ## name, (flags), NULL, NULL }
+
+#define TEST_RCV_AUTHCHALLENGE(name) \
+ { "recv_authchallenge/" #name , \
+ test_link_handshake_recv_authchallenge_ ## name, TT_FORK, \
+ &setup_recv_authchallenge, NULL }
+
+#define TEST_RCV_CERTS(name) \
+ { "recv_certs/" #name , \
+ test_link_handshake_recv_certs_ ## name, TT_FORK, \
+ &setup_recv_certs, NULL }
+
+struct testcase_t link_handshake_tests[] = {
+ TEST(certs_ok, TT_FORK),
+ //TEST(certs_bad, TT_FORK),
+ TEST_RCV_CERTS(ok),
+ TEST_RCV_CERTS(ok_server),
+ TEST_RCV_CERTS(badstate),
+ TEST_RCV_CERTS(badproto),
+ TEST_RCV_CERTS(duplicate),
+ TEST_RCV_CERTS(already_authenticated),
+ TEST_RCV_CERTS(empty),
+ TEST_RCV_CERTS(bad_circid),
+ TEST_RCV_CERTS(truncated_1),
+ TEST_RCV_CERTS(truncated_2),
+ TEST_RCV_CERTS(truncated_3),
+ TEST_RCV_CERTS(not_x509),
+ TEST_RCV_CERTS(both_link),
+ TEST_RCV_CERTS(both_id_rsa),
+ TEST_RCV_CERTS(both_auth),
+ TEST_RCV_CERTS(wrong_labels_1),
+ TEST_RCV_CERTS(wrong_labels_2),
+ TEST_RCV_CERTS(wrong_labels_3),
+ TEST_RCV_CERTS(server_missing_certs),
+ TEST_RCV_CERTS(server_wrong_labels_1),
+
+ TEST(send_authchallenge, TT_FORK),
+ TEST_RCV_AUTHCHALLENGE(ok),
+ TEST_RCV_AUTHCHALLENGE(ok_noserver),
+ TEST_RCV_AUTHCHALLENGE(ok_unrecognized),
+ TEST_RCV_AUTHCHALLENGE(badstate),
+ TEST_RCV_AUTHCHALLENGE(badproto),
+ TEST_RCV_AUTHCHALLENGE(as_server),
+ TEST_RCV_AUTHCHALLENGE(duplicate),
+ TEST_RCV_AUTHCHALLENGE(nocerts),
+ TEST_RCV_AUTHCHALLENGE(tooshort),
+ TEST_RCV_AUTHCHALLENGE(truncated),
+ TEST_RCV_AUTHCHALLENGE(nonzero_circid),
+
+ END_OF_TESTCASES
+};
+
1
0
[tor/master] Add trunnel-generated items for link handshake code.
by nickm@torproject.org 28 May '15
by nickm@torproject.org 28 May '15
28 May '15
commit df05e195ee64d7ed1b5a1b5d74c5868683788ba2
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Wed Oct 8 14:43:33 2014 -0400
Add trunnel-generated items for link handshake code.
This includes the link handshake variations for proposal220.
We'll use this for testing first, and then use it to extend our
current code to support prop220.
---
scripts/codegen/run_trunnel.sh | 4 +-
src/trunnel/include.am | 3 +
src/trunnel/link_handshake.c | 1885 ++++++++++++++++++++++++++++++++++++
src/trunnel/link_handshake.h | 654 +++++++++++++
src/trunnel/link_handshake.trunnel | 57 ++
5 files changed, 2601 insertions(+), 2 deletions(-)
diff --git a/scripts/codegen/run_trunnel.sh b/scripts/codegen/run_trunnel.sh
index 5f694ce..d266993 100755
--- a/scripts/codegen/run_trunnel.sh
+++ b/scripts/codegen/run_trunnel.sh
@@ -5,7 +5,7 @@ if test "x$TRUNNEL_PATH" != "x"; then
export PYTHONPATH
fi
-python -m trunnel --require-version=1.2 ./src/trunnel/*.trunnel
+python -m trunnel --require-version=1.4 ./src/trunnel/*.trunnel
-python -m trunnel --require-version=1.2 --write-c-files --target-dir=./src/ext/trunnel/
+python -m trunnel --require-version=1.4 --write-c-files --target-dir=./src/ext/trunnel/
diff --git a/src/trunnel/include.am b/src/trunnel/include.am
index 6e7851a..2d8c051 100644
--- a/src/trunnel/include.am
+++ b/src/trunnel/include.am
@@ -11,11 +11,13 @@ AM_CPPFLAGS += -I$(srcdir)/src/ext/trunnel -I$(srcdir)/src/trunnel
TRUNNELINPUTS = \
src/trunnel/ed25519_cert.trunnel \
+ src/trunnel/link_handshake.trunnel \
src/trunnel/pwbox.trunnel
TRUNNELSOURCES = \
src/ext/trunnel/trunnel.c \
src/trunnel/ed25519_cert.c \
+ src/trunnel/link_handshake.c \
src/trunnel/pwbox.c
TRUNNELHEADERS = \
@@ -23,6 +25,7 @@ TRUNNELHEADERS = \
src/ext/trunnel/trunnel-impl.h \
src/trunnel/trunnel-local.h \
src/trunnel/ed25519_cert.h \
+ src/trunnel/link_handshake.h \
src/trunnel/pwbox.h
src_trunnel_libor_trunnel_a_SOURCES = $(TRUNNELSOURCES)
diff --git a/src/trunnel/link_handshake.c b/src/trunnel/link_handshake.c
new file mode 100644
index 0000000..9630d13
--- /dev/null
+++ b/src/trunnel/link_handshake.c
@@ -0,0 +1,1885 @@
+/* link_handshake.c -- generated by Trunnel v1.4-pre.
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+#include <stdlib.h>
+#include "trunnel-impl.h"
+
+#include "link_handshake.h"
+
+#define TRUNNEL_SET_ERROR_CODE(obj) \
+ do { \
+ (obj)->trunnel_error_code_ = 1; \
+ } while (0)
+
+#if defined(__COVERITY__) || defined(__clang_analyzer__)
+/* If we're runnning a static analysis tool, we don't want it to complain
+ * that some of our remaining-bytes checks are dead-code. */
+int linkhandshake_deadcode_dummy__ = 0;
+#define OR_DEADCODE_DUMMY || linkhandshake_deadcode_dummy__
+#else
+#define OR_DEADCODE_DUMMY
+#endif
+
+#define CHECK_REMAINING(nbytes, label) \
+ do { \
+ if (remaining < (nbytes) OR_DEADCODE_DUMMY) { \
+ goto label; \
+ } \
+ } while (0)
+
+auth_challenge_cell_t *
+auth_challenge_cell_new(void)
+{
+ auth_challenge_cell_t *val = trunnel_calloc(1, sizeof(auth_challenge_cell_t));
+ if (NULL == val)
+ return NULL;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+auth_challenge_cell_clear(auth_challenge_cell_t *obj)
+{
+ (void) obj;
+ TRUNNEL_DYNARRAY_WIPE(&obj->methods);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->methods);
+}
+
+void
+auth_challenge_cell_free(auth_challenge_cell_t *obj)
+{
+ if (obj == NULL)
+ return;
+ auth_challenge_cell_clear(obj);
+ trunnel_memwipe(obj, sizeof(auth_challenge_cell_t));
+ trunnel_free_(obj);
+}
+
+size_t
+auth_challenge_cell_getlen_challenge(const auth_challenge_cell_t *inp)
+{
+ (void)inp; return 32;
+}
+
+uint8_t
+auth_challenge_cell_get_challenge(const auth_challenge_cell_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 32);
+ return inp->challenge[idx];
+}
+
+int
+auth_challenge_cell_set_challenge(auth_challenge_cell_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 32);
+ inp->challenge[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+auth_challenge_cell_getarray_challenge(auth_challenge_cell_t *inp)
+{
+ return inp->challenge;
+}
+uint16_t
+auth_challenge_cell_get_n_methods(auth_challenge_cell_t *inp)
+{
+ return inp->n_methods;
+}
+int
+auth_challenge_cell_set_n_methods(auth_challenge_cell_t *inp, uint16_t val)
+{
+ inp->n_methods = val;
+ return 0;
+}
+size_t
+auth_challenge_cell_getlen_methods(const auth_challenge_cell_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->methods);
+}
+
+uint16_t
+auth_challenge_cell_get_methods(auth_challenge_cell_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->methods, idx);
+}
+
+int
+auth_challenge_cell_set_methods(auth_challenge_cell_t *inp, size_t idx, uint16_t elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->methods, idx, elt);
+ return 0;
+}
+int
+auth_challenge_cell_add_methods(auth_challenge_cell_t *inp, uint16_t elt)
+{
+#if SIZE_MAX >= UINT16_MAX
+ if (inp->methods.n_ == UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(uint16_t, &inp->methods, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+uint16_t *
+auth_challenge_cell_getarray_methods(auth_challenge_cell_t *inp)
+{
+ return inp->methods.elts_;
+}
+int
+auth_challenge_cell_setlen_methods(auth_challenge_cell_t *inp, size_t newlen)
+{
+ uint16_t *newptr;
+#if UINT16_MAX < SIZE_MAX
+ if (newlen > UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ newptr = trunnel_dynarray_setlen(&inp->methods.allocated_,
+ &inp->methods.n_, inp->methods.elts_, newlen,
+ sizeof(inp->methods.elts_[0]), (trunnel_free_fn_t) NULL,
+ &inp->trunnel_error_code_);
+ if (newptr == NULL)
+ goto trunnel_alloc_failed;
+ inp->methods.elts_ = newptr;
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+auth_challenge_cell_check(const auth_challenge_cell_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (TRUNNEL_DYNARRAY_LEN(&obj->methods) != obj->n_methods)
+ return "Length mismatch for methods";
+ return NULL;
+}
+
+ssize_t
+auth_challenge_cell_encoded_len(const auth_challenge_cell_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != auth_challenge_cell_check(obj))
+ return -1;
+
+
+ /* Length of u8 challenge[32] */
+ result += 32;
+
+ /* Length of u16 n_methods */
+ result += 2;
+
+ /* Length of u16 methods[n_methods] */
+ result += 2 * TRUNNEL_DYNARRAY_LEN(&obj->methods);
+ return result;
+}
+int
+auth_challenge_cell_clear_errors(auth_challenge_cell_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+auth_challenge_cell_encode(uint8_t *output, const size_t avail, const auth_challenge_cell_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = auth_challenge_cell_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = auth_challenge_cell_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 challenge[32] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 32)
+ goto truncated;
+ memcpy(ptr, obj->challenge, 32);
+ written += 32; ptr += 32;
+
+ /* Encode u16 n_methods */
+ trunnel_assert(written <= avail);
+ if (avail - written < 2)
+ goto truncated;
+ trunnel_set_uint16(ptr, trunnel_htons(obj->n_methods));
+ written += 2; ptr += 2;
+
+ /* Encode u16 methods[n_methods] */
+ {
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->methods); ++idx) {
+ trunnel_assert(written <= avail);
+ if (avail - written < 2)
+ goto truncated;
+ trunnel_set_uint16(ptr, trunnel_htons(TRUNNEL_DYNARRAY_GET(&obj->methods, idx)));
+ written += 2; ptr += 2;
+ }
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As auth_challenge_cell_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+auth_challenge_cell_parse_into(auth_challenge_cell_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 challenge[32] */
+ CHECK_REMAINING(32, truncated);
+ memcpy(obj->challenge, ptr, 32);
+ remaining -= 32; ptr += 32;
+
+ /* Parse u16 n_methods */
+ CHECK_REMAINING(2, truncated);
+ obj->n_methods = trunnel_ntohs(trunnel_get_uint16(ptr));
+ remaining -= 2; ptr += 2;
+
+ /* Parse u16 methods[n_methods] */
+ TRUNNEL_DYNARRAY_EXPAND(uint16_t, &obj->methods, obj->n_methods, {});
+ {
+ uint16_t elt;
+ unsigned idx;
+ for (idx = 0; idx < obj->n_methods; ++idx) {
+ CHECK_REMAINING(2, truncated);
+ elt = trunnel_ntohs(trunnel_get_uint16(ptr));
+ remaining -= 2; ptr += 2;
+ TRUNNEL_DYNARRAY_ADD(uint16_t, &obj->methods, elt, {});
+ }
+ }
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ trunnel_alloc_failed:
+ return -1;
+}
+
+ssize_t
+auth_challenge_cell_parse(auth_challenge_cell_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = auth_challenge_cell_new();
+ if (NULL == *output)
+ return -1;
+ result = auth_challenge_cell_parse_into(*output, input, len_in);
+ if (result < 0) {
+ auth_challenge_cell_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+auth_ctx_t *
+auth_ctx_new(void)
+{
+ auth_ctx_t *val = trunnel_calloc(1, sizeof(auth_ctx_t));
+ if (NULL == val)
+ return NULL;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+auth_ctx_clear(auth_ctx_t *obj)
+{
+ (void) obj;
+}
+
+void
+auth_ctx_free(auth_ctx_t *obj)
+{
+ if (obj == NULL)
+ return;
+ auth_ctx_clear(obj);
+ trunnel_memwipe(obj, sizeof(auth_ctx_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+auth_ctx_get_is_ed(auth_ctx_t *inp)
+{
+ return inp->is_ed;
+}
+int
+auth_ctx_set_is_ed(auth_ctx_t *inp, uint8_t val)
+{
+ inp->is_ed = val;
+ return 0;
+}
+certs_cell_cert_t *
+certs_cell_cert_new(void)
+{
+ certs_cell_cert_t *val = trunnel_calloc(1, sizeof(certs_cell_cert_t));
+ if (NULL == val)
+ return NULL;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+certs_cell_cert_clear(certs_cell_cert_t *obj)
+{
+ (void) obj;
+ TRUNNEL_DYNARRAY_WIPE(&obj->body);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->body);
+}
+
+void
+certs_cell_cert_free(certs_cell_cert_t *obj)
+{
+ if (obj == NULL)
+ return;
+ certs_cell_cert_clear(obj);
+ trunnel_memwipe(obj, sizeof(certs_cell_cert_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+certs_cell_cert_get_cert_type(certs_cell_cert_t *inp)
+{
+ return inp->cert_type;
+}
+int
+certs_cell_cert_set_cert_type(certs_cell_cert_t *inp, uint8_t val)
+{
+ inp->cert_type = val;
+ return 0;
+}
+uint16_t
+certs_cell_cert_get_cert_len(certs_cell_cert_t *inp)
+{
+ return inp->cert_len;
+}
+int
+certs_cell_cert_set_cert_len(certs_cell_cert_t *inp, uint16_t val)
+{
+ inp->cert_len = val;
+ return 0;
+}
+size_t
+certs_cell_cert_getlen_body(const certs_cell_cert_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->body);
+}
+
+uint8_t
+certs_cell_cert_get_body(certs_cell_cert_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->body, idx);
+}
+
+int
+certs_cell_cert_set_body(certs_cell_cert_t *inp, size_t idx, uint8_t elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->body, idx, elt);
+ return 0;
+}
+int
+certs_cell_cert_add_body(certs_cell_cert_t *inp, uint8_t elt)
+{
+#if SIZE_MAX >= UINT16_MAX
+ if (inp->body.n_ == UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->body, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+uint8_t *
+certs_cell_cert_getarray_body(certs_cell_cert_t *inp)
+{
+ return inp->body.elts_;
+}
+int
+certs_cell_cert_setlen_body(certs_cell_cert_t *inp, size_t newlen)
+{
+ uint8_t *newptr;
+#if UINT16_MAX < SIZE_MAX
+ if (newlen > UINT16_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ newptr = trunnel_dynarray_setlen(&inp->body.allocated_,
+ &inp->body.n_, inp->body.elts_, newlen,
+ sizeof(inp->body.elts_[0]), (trunnel_free_fn_t) NULL,
+ &inp->trunnel_error_code_);
+ if (newptr == NULL)
+ goto trunnel_alloc_failed;
+ inp->body.elts_ = newptr;
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+certs_cell_cert_check(const certs_cell_cert_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (TRUNNEL_DYNARRAY_LEN(&obj->body) != obj->cert_len)
+ return "Length mismatch for body";
+ return NULL;
+}
+
+ssize_t
+certs_cell_cert_encoded_len(const certs_cell_cert_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != certs_cell_cert_check(obj))
+ return -1;
+
+
+ /* Length of u8 cert_type */
+ result += 1;
+
+ /* Length of u16 cert_len */
+ result += 2;
+
+ /* Length of u8 body[cert_len] */
+ result += TRUNNEL_DYNARRAY_LEN(&obj->body);
+ return result;
+}
+int
+certs_cell_cert_clear_errors(certs_cell_cert_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+certs_cell_cert_encode(uint8_t *output, const size_t avail, const certs_cell_cert_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = certs_cell_cert_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = certs_cell_cert_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 cert_type */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->cert_type));
+ written += 1; ptr += 1;
+
+ /* Encode u16 cert_len */
+ trunnel_assert(written <= avail);
+ if (avail - written < 2)
+ goto truncated;
+ trunnel_set_uint16(ptr, trunnel_htons(obj->cert_len));
+ written += 2; ptr += 2;
+
+ /* Encode u8 body[cert_len] */
+ {
+ size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->body);
+ trunnel_assert(obj->cert_len == elt_len);
+ trunnel_assert(written <= avail);
+ if (avail - written < elt_len)
+ goto truncated;
+ memcpy(ptr, obj->body.elts_, elt_len);
+ written += elt_len; ptr += elt_len;
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As certs_cell_cert_parse(), but do not allocate the output object.
+ */
+static ssize_t
+certs_cell_cert_parse_into(certs_cell_cert_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 cert_type */
+ CHECK_REMAINING(1, truncated);
+ obj->cert_type = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse u16 cert_len */
+ CHECK_REMAINING(2, truncated);
+ obj->cert_len = trunnel_ntohs(trunnel_get_uint16(ptr));
+ remaining -= 2; ptr += 2;
+
+ /* Parse u8 body[cert_len] */
+ CHECK_REMAINING(obj->cert_len, truncated);
+ TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->body, obj->cert_len, {});
+ obj->body.n_ = obj->cert_len;
+ memcpy(obj->body.elts_, ptr, obj->cert_len);
+ ptr += obj->cert_len; remaining -= obj->cert_len;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ trunnel_alloc_failed:
+ return -1;
+}
+
+ssize_t
+certs_cell_cert_parse(certs_cell_cert_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = certs_cell_cert_new();
+ if (NULL == *output)
+ return -1;
+ result = certs_cell_cert_parse_into(*output, input, len_in);
+ if (result < 0) {
+ certs_cell_cert_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+rsa_ed_crosscert_t *
+rsa_ed_crosscert_new(void)
+{
+ rsa_ed_crosscert_t *val = trunnel_calloc(1, sizeof(rsa_ed_crosscert_t));
+ if (NULL == val)
+ return NULL;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+rsa_ed_crosscert_clear(rsa_ed_crosscert_t *obj)
+{
+ (void) obj;
+ TRUNNEL_DYNARRAY_WIPE(&obj->sig);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->sig);
+}
+
+void
+rsa_ed_crosscert_free(rsa_ed_crosscert_t *obj)
+{
+ if (obj == NULL)
+ return;
+ rsa_ed_crosscert_clear(obj);
+ trunnel_memwipe(obj, sizeof(rsa_ed_crosscert_t));
+ trunnel_free_(obj);
+}
+
+size_t
+rsa_ed_crosscert_getlen_ed_key(const rsa_ed_crosscert_t *inp)
+{
+ (void)inp; return 32;
+}
+
+uint8_t
+rsa_ed_crosscert_get_ed_key(const rsa_ed_crosscert_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 32);
+ return inp->ed_key[idx];
+}
+
+int
+rsa_ed_crosscert_set_ed_key(rsa_ed_crosscert_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 32);
+ inp->ed_key[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+rsa_ed_crosscert_getarray_ed_key(rsa_ed_crosscert_t *inp)
+{
+ return inp->ed_key;
+}
+uint32_t
+rsa_ed_crosscert_get_expiration(rsa_ed_crosscert_t *inp)
+{
+ return inp->expiration;
+}
+int
+rsa_ed_crosscert_set_expiration(rsa_ed_crosscert_t *inp, uint32_t val)
+{
+ inp->expiration = val;
+ return 0;
+}
+const uint8_t *
+rsa_ed_crosscert_get_end_of_signed(const rsa_ed_crosscert_t *inp)
+{
+ return inp->end_of_signed;
+}
+uint8_t
+rsa_ed_crosscert_get_sig_len(rsa_ed_crosscert_t *inp)
+{
+ return inp->sig_len;
+}
+int
+rsa_ed_crosscert_set_sig_len(rsa_ed_crosscert_t *inp, uint8_t val)
+{
+ inp->sig_len = val;
+ return 0;
+}
+size_t
+rsa_ed_crosscert_getlen_sig(const rsa_ed_crosscert_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->sig);
+}
+
+uint8_t
+rsa_ed_crosscert_get_sig(rsa_ed_crosscert_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->sig, idx);
+}
+
+int
+rsa_ed_crosscert_set_sig(rsa_ed_crosscert_t *inp, size_t idx, uint8_t elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->sig, idx, elt);
+ return 0;
+}
+int
+rsa_ed_crosscert_add_sig(rsa_ed_crosscert_t *inp, uint8_t elt)
+{
+#if SIZE_MAX >= UINT8_MAX
+ if (inp->sig.n_ == UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->sig, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+uint8_t *
+rsa_ed_crosscert_getarray_sig(rsa_ed_crosscert_t *inp)
+{
+ return inp->sig.elts_;
+}
+int
+rsa_ed_crosscert_setlen_sig(rsa_ed_crosscert_t *inp, size_t newlen)
+{
+ uint8_t *newptr;
+#if UINT8_MAX < SIZE_MAX
+ if (newlen > UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ newptr = trunnel_dynarray_setlen(&inp->sig.allocated_,
+ &inp->sig.n_, inp->sig.elts_, newlen,
+ sizeof(inp->sig.elts_[0]), (trunnel_free_fn_t) NULL,
+ &inp->trunnel_error_code_);
+ if (newptr == NULL)
+ goto trunnel_alloc_failed;
+ inp->sig.elts_ = newptr;
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+rsa_ed_crosscert_check(const rsa_ed_crosscert_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (TRUNNEL_DYNARRAY_LEN(&obj->sig) != obj->sig_len)
+ return "Length mismatch for sig";
+ return NULL;
+}
+
+ssize_t
+rsa_ed_crosscert_encoded_len(const rsa_ed_crosscert_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != rsa_ed_crosscert_check(obj))
+ return -1;
+
+
+ /* Length of u8 ed_key[32] */
+ result += 32;
+
+ /* Length of u32 expiration */
+ result += 4;
+
+ /* Length of u8 sig_len */
+ result += 1;
+
+ /* Length of u8 sig[sig_len] */
+ result += TRUNNEL_DYNARRAY_LEN(&obj->sig);
+ return result;
+}
+int
+rsa_ed_crosscert_clear_errors(rsa_ed_crosscert_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+rsa_ed_crosscert_encode(uint8_t *output, const size_t avail, const rsa_ed_crosscert_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = rsa_ed_crosscert_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = rsa_ed_crosscert_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 ed_key[32] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 32)
+ goto truncated;
+ memcpy(ptr, obj->ed_key, 32);
+ written += 32; ptr += 32;
+
+ /* Encode u32 expiration */
+ trunnel_assert(written <= avail);
+ if (avail - written < 4)
+ goto truncated;
+ trunnel_set_uint32(ptr, trunnel_htonl(obj->expiration));
+ written += 4; ptr += 4;
+
+ /* Encode u8 sig_len */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->sig_len));
+ written += 1; ptr += 1;
+
+ /* Encode u8 sig[sig_len] */
+ {
+ size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->sig);
+ trunnel_assert(obj->sig_len == elt_len);
+ trunnel_assert(written <= avail);
+ if (avail - written < elt_len)
+ goto truncated;
+ memcpy(ptr, obj->sig.elts_, elt_len);
+ written += elt_len; ptr += elt_len;
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As rsa_ed_crosscert_parse(), but do not allocate the output
+ * object.
+ */
+static ssize_t
+rsa_ed_crosscert_parse_into(rsa_ed_crosscert_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 ed_key[32] */
+ CHECK_REMAINING(32, truncated);
+ memcpy(obj->ed_key, ptr, 32);
+ remaining -= 32; ptr += 32;
+
+ /* Parse u32 expiration */
+ CHECK_REMAINING(4, truncated);
+ obj->expiration = trunnel_ntohl(trunnel_get_uint32(ptr));
+ remaining -= 4; ptr += 4;
+ obj->end_of_signed = ptr;
+
+ /* Parse u8 sig_len */
+ CHECK_REMAINING(1, truncated);
+ obj->sig_len = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse u8 sig[sig_len] */
+ CHECK_REMAINING(obj->sig_len, truncated);
+ TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->sig, obj->sig_len, {});
+ obj->sig.n_ = obj->sig_len;
+ memcpy(obj->sig.elts_, ptr, obj->sig_len);
+ ptr += obj->sig_len; remaining -= obj->sig_len;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ trunnel_alloc_failed:
+ return -1;
+}
+
+ssize_t
+rsa_ed_crosscert_parse(rsa_ed_crosscert_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = rsa_ed_crosscert_new();
+ if (NULL == *output)
+ return -1;
+ result = rsa_ed_crosscert_parse_into(*output, input, len_in);
+ if (result < 0) {
+ rsa_ed_crosscert_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+auth1_t *
+auth1_new(void)
+{
+ auth1_t *val = trunnel_calloc(1, sizeof(auth1_t));
+ if (NULL == val)
+ return NULL;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+auth1_clear(auth1_t *obj)
+{
+ (void) obj;
+ TRUNNEL_DYNARRAY_WIPE(&obj->sig);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->sig);
+}
+
+void
+auth1_free(auth1_t *obj)
+{
+ if (obj == NULL)
+ return;
+ auth1_clear(obj);
+ trunnel_memwipe(obj, sizeof(auth1_t));
+ trunnel_free_(obj);
+}
+
+size_t
+auth1_getlen_type(const auth1_t *inp)
+{
+ (void)inp; return 8;
+}
+
+uint8_t
+auth1_get_type(const auth1_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 8);
+ return inp->type[idx];
+}
+
+int
+auth1_set_type(auth1_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 8);
+ inp->type[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+auth1_getarray_type(auth1_t *inp)
+{
+ return inp->type;
+}
+size_t
+auth1_getlen_cid(const auth1_t *inp)
+{
+ (void)inp; return 32;
+}
+
+uint8_t
+auth1_get_cid(const auth1_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 32);
+ return inp->cid[idx];
+}
+
+int
+auth1_set_cid(auth1_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 32);
+ inp->cid[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+auth1_getarray_cid(auth1_t *inp)
+{
+ return inp->cid;
+}
+size_t
+auth1_getlen_sid(const auth1_t *inp)
+{
+ (void)inp; return 32;
+}
+
+uint8_t
+auth1_get_sid(const auth1_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 32);
+ return inp->sid[idx];
+}
+
+int
+auth1_set_sid(auth1_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 32);
+ inp->sid[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+auth1_getarray_sid(auth1_t *inp)
+{
+ return inp->sid;
+}
+size_t
+auth1_getlen_u1_cid_ed(const auth1_t *inp)
+{
+ (void)inp; return 32;
+}
+
+uint8_t
+auth1_get_u1_cid_ed(const auth1_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 32);
+ return inp->u1_cid_ed[idx];
+}
+
+int
+auth1_set_u1_cid_ed(auth1_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 32);
+ inp->u1_cid_ed[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+auth1_getarray_u1_cid_ed(auth1_t *inp)
+{
+ return inp->u1_cid_ed;
+}
+size_t
+auth1_getlen_u1_sid_ed(const auth1_t *inp)
+{
+ (void)inp; return 32;
+}
+
+uint8_t
+auth1_get_u1_sid_ed(const auth1_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 32);
+ return inp->u1_sid_ed[idx];
+}
+
+int
+auth1_set_u1_sid_ed(auth1_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 32);
+ inp->u1_sid_ed[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+auth1_getarray_u1_sid_ed(auth1_t *inp)
+{
+ return inp->u1_sid_ed;
+}
+size_t
+auth1_getlen_slog(const auth1_t *inp)
+{
+ (void)inp; return 32;
+}
+
+uint8_t
+auth1_get_slog(const auth1_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 32);
+ return inp->slog[idx];
+}
+
+int
+auth1_set_slog(auth1_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 32);
+ inp->slog[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+auth1_getarray_slog(auth1_t *inp)
+{
+ return inp->slog;
+}
+size_t
+auth1_getlen_clog(const auth1_t *inp)
+{
+ (void)inp; return 32;
+}
+
+uint8_t
+auth1_get_clog(const auth1_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 32);
+ return inp->clog[idx];
+}
+
+int
+auth1_set_clog(auth1_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 32);
+ inp->clog[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+auth1_getarray_clog(auth1_t *inp)
+{
+ return inp->clog;
+}
+size_t
+auth1_getlen_scert(const auth1_t *inp)
+{
+ (void)inp; return 32;
+}
+
+uint8_t
+auth1_get_scert(const auth1_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 32);
+ return inp->scert[idx];
+}
+
+int
+auth1_set_scert(auth1_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 32);
+ inp->scert[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+auth1_getarray_scert(auth1_t *inp)
+{
+ return inp->scert;
+}
+size_t
+auth1_getlen_tlssecrets(const auth1_t *inp)
+{
+ (void)inp; return 32;
+}
+
+uint8_t
+auth1_get_tlssecrets(const auth1_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 32);
+ return inp->tlssecrets[idx];
+}
+
+int
+auth1_set_tlssecrets(auth1_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 32);
+ inp->tlssecrets[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+auth1_getarray_tlssecrets(auth1_t *inp)
+{
+ return inp->tlssecrets;
+}
+const uint8_t *
+auth1_get_end_of_fixed_part(const auth1_t *inp)
+{
+ return inp->end_of_fixed_part;
+}
+size_t
+auth1_getlen_rand(const auth1_t *inp)
+{
+ (void)inp; return 24;
+}
+
+uint8_t
+auth1_get_rand(const auth1_t *inp, size_t idx)
+{
+ trunnel_assert(idx < 24);
+ return inp->rand[idx];
+}
+
+int
+auth1_set_rand(auth1_t *inp, size_t idx, uint8_t elt)
+{
+ trunnel_assert(idx < 24);
+ inp->rand[idx] = elt;
+ return 0;
+}
+
+uint8_t *
+auth1_getarray_rand(auth1_t *inp)
+{
+ return inp->rand;
+}
+const uint8_t *
+auth1_get_end_of_signed(const auth1_t *inp)
+{
+ return inp->end_of_signed;
+}
+size_t
+auth1_getlen_sig(const auth1_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->sig);
+}
+
+uint8_t
+auth1_get_sig(auth1_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->sig, idx);
+}
+
+int
+auth1_set_sig(auth1_t *inp, size_t idx, uint8_t elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->sig, idx, elt);
+ return 0;
+}
+int
+auth1_add_sig(auth1_t *inp, uint8_t elt)
+{
+ TRUNNEL_DYNARRAY_ADD(uint8_t, &inp->sig, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+uint8_t *
+auth1_getarray_sig(auth1_t *inp)
+{
+ return inp->sig.elts_;
+}
+int
+auth1_setlen_sig(auth1_t *inp, size_t newlen)
+{
+ uint8_t *newptr;
+ newptr = trunnel_dynarray_setlen(&inp->sig.allocated_,
+ &inp->sig.n_, inp->sig.elts_, newlen,
+ sizeof(inp->sig.elts_[0]), (trunnel_free_fn_t) NULL,
+ &inp->trunnel_error_code_);
+ if (newptr == NULL)
+ goto trunnel_alloc_failed;
+ inp->sig.elts_ = newptr;
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+auth1_check(const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ if (auth_ctx_ctx == NULL)
+ return "Context was NULL";
+ switch (auth_ctx_ctx->is_ed) {
+
+ case 0:
+ break;
+
+ case 1:
+ break;
+
+ default:
+ return "Bad tag for union";
+ break;
+ }
+ return NULL;
+}
+
+ssize_t
+auth1_encoded_len(const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx)
+{
+ ssize_t result = 0;
+
+ if (NULL != auth1_check(obj, auth_ctx_ctx))
+ return -1;
+
+
+ /* Length of u8 type[8] */
+ result += 8;
+
+ /* Length of u8 cid[32] */
+ result += 32;
+
+ /* Length of u8 sid[32] */
+ result += 32;
+ switch (auth_ctx_ctx->is_ed) {
+
+ case 0:
+ break;
+
+ case 1:
+
+ /* Length of u8 u1_cid_ed[32] */
+ result += 32;
+
+ /* Length of u8 u1_sid_ed[32] */
+ result += 32;
+ break;
+
+ default:
+ trunnel_assert(0);
+ break;
+ }
+
+ /* Length of u8 slog[32] */
+ result += 32;
+
+ /* Length of u8 clog[32] */
+ result += 32;
+
+ /* Length of u8 scert[32] */
+ result += 32;
+
+ /* Length of u8 tlssecrets[32] */
+ result += 32;
+
+ /* Length of u8 rand[24] */
+ result += 24;
+
+ /* Length of u8 sig[] */
+ result += TRUNNEL_DYNARRAY_LEN(&obj->sig);
+ return result;
+}
+int
+auth1_clear_errors(auth1_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+auth1_encode(uint8_t *output, const size_t avail, const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = auth1_encoded_len(obj, auth_ctx_ctx);
+#endif
+
+ if (NULL != (msg = auth1_check(obj, auth_ctx_ctx)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 type[8] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 8)
+ goto truncated;
+ memcpy(ptr, obj->type, 8);
+ written += 8; ptr += 8;
+
+ /* Encode u8 cid[32] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 32)
+ goto truncated;
+ memcpy(ptr, obj->cid, 32);
+ written += 32; ptr += 32;
+
+ /* Encode u8 sid[32] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 32)
+ goto truncated;
+ memcpy(ptr, obj->sid, 32);
+ written += 32; ptr += 32;
+
+ /* Encode union u1[auth_ctx.is_ed] */
+ trunnel_assert(written <= avail);
+ switch (auth_ctx_ctx->is_ed) {
+
+ case 0:
+ break;
+
+ case 1:
+
+ /* Encode u8 u1_cid_ed[32] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 32)
+ goto truncated;
+ memcpy(ptr, obj->u1_cid_ed, 32);
+ written += 32; ptr += 32;
+
+ /* Encode u8 u1_sid_ed[32] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 32)
+ goto truncated;
+ memcpy(ptr, obj->u1_sid_ed, 32);
+ written += 32; ptr += 32;
+ break;
+
+ default:
+ trunnel_assert(0);
+ break;
+ }
+
+ /* Encode u8 slog[32] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 32)
+ goto truncated;
+ memcpy(ptr, obj->slog, 32);
+ written += 32; ptr += 32;
+
+ /* Encode u8 clog[32] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 32)
+ goto truncated;
+ memcpy(ptr, obj->clog, 32);
+ written += 32; ptr += 32;
+
+ /* Encode u8 scert[32] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 32)
+ goto truncated;
+ memcpy(ptr, obj->scert, 32);
+ written += 32; ptr += 32;
+
+ /* Encode u8 tlssecrets[32] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 32)
+ goto truncated;
+ memcpy(ptr, obj->tlssecrets, 32);
+ written += 32; ptr += 32;
+
+ /* Encode u8 rand[24] */
+ trunnel_assert(written <= avail);
+ if (avail - written < 24)
+ goto truncated;
+ memcpy(ptr, obj->rand, 24);
+ written += 24; ptr += 24;
+
+ /* Encode u8 sig[] */
+ {
+ size_t elt_len = TRUNNEL_DYNARRAY_LEN(&obj->sig);
+ trunnel_assert(written <= avail);
+ if (avail - written < elt_len)
+ goto truncated;
+ memcpy(ptr, obj->sig.elts_, elt_len);
+ written += elt_len; ptr += elt_len;
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As auth1_parse(), but do not allocate the output object.
+ */
+static ssize_t
+auth1_parse_into(auth1_t *obj, const uint8_t *input, const size_t len_in, const auth_ctx_t *auth_ctx_ctx)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+ if (auth_ctx_ctx == NULL)
+ return -1;
+
+ /* Parse u8 type[8] */
+ CHECK_REMAINING(8, truncated);
+ memcpy(obj->type, ptr, 8);
+ remaining -= 8; ptr += 8;
+
+ /* Parse u8 cid[32] */
+ CHECK_REMAINING(32, truncated);
+ memcpy(obj->cid, ptr, 32);
+ remaining -= 32; ptr += 32;
+
+ /* Parse u8 sid[32] */
+ CHECK_REMAINING(32, truncated);
+ memcpy(obj->sid, ptr, 32);
+ remaining -= 32; ptr += 32;
+
+ /* Parse union u1[auth_ctx.is_ed] */
+ switch (auth_ctx_ctx->is_ed) {
+
+ case 0:
+ break;
+
+ case 1:
+
+ /* Parse u8 u1_cid_ed[32] */
+ CHECK_REMAINING(32, truncated);
+ memcpy(obj->u1_cid_ed, ptr, 32);
+ remaining -= 32; ptr += 32;
+
+ /* Parse u8 u1_sid_ed[32] */
+ CHECK_REMAINING(32, truncated);
+ memcpy(obj->u1_sid_ed, ptr, 32);
+ remaining -= 32; ptr += 32;
+ break;
+
+ default:
+ goto fail;
+ break;
+ }
+
+ /* Parse u8 slog[32] */
+ CHECK_REMAINING(32, truncated);
+ memcpy(obj->slog, ptr, 32);
+ remaining -= 32; ptr += 32;
+
+ /* Parse u8 clog[32] */
+ CHECK_REMAINING(32, truncated);
+ memcpy(obj->clog, ptr, 32);
+ remaining -= 32; ptr += 32;
+
+ /* Parse u8 scert[32] */
+ CHECK_REMAINING(32, truncated);
+ memcpy(obj->scert, ptr, 32);
+ remaining -= 32; ptr += 32;
+
+ /* Parse u8 tlssecrets[32] */
+ CHECK_REMAINING(32, truncated);
+ memcpy(obj->tlssecrets, ptr, 32);
+ remaining -= 32; ptr += 32;
+ obj->end_of_fixed_part = ptr;
+
+ /* Parse u8 rand[24] */
+ CHECK_REMAINING(24, truncated);
+ memcpy(obj->rand, ptr, 24);
+ remaining -= 24; ptr += 24;
+ obj->end_of_signed = ptr;
+
+ /* Parse u8 sig[] */
+ TRUNNEL_DYNARRAY_EXPAND(uint8_t, &obj->sig, remaining, {});
+ obj->sig.n_ = remaining;
+ memcpy(obj->sig.elts_, ptr, remaining);
+ ptr += remaining; remaining -= remaining;
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ trunnel_alloc_failed:
+ return -1;
+ fail:
+ result = -1;
+ return result;
+}
+
+ssize_t
+auth1_parse(auth1_t **output, const uint8_t *input, const size_t len_in, const auth_ctx_t *auth_ctx_ctx)
+{
+ ssize_t result;
+ *output = auth1_new();
+ if (NULL == *output)
+ return -1;
+ result = auth1_parse_into(*output, input, len_in, auth_ctx_ctx);
+ if (result < 0) {
+ auth1_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
+certs_cell_t *
+certs_cell_new(void)
+{
+ certs_cell_t *val = trunnel_calloc(1, sizeof(certs_cell_t));
+ if (NULL == val)
+ return NULL;
+ return val;
+}
+
+/** Release all storage held inside 'obj', but do not free 'obj'.
+ */
+static void
+certs_cell_clear(certs_cell_t *obj)
+{
+ (void) obj;
+ {
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->certs); ++idx) {
+ certs_cell_cert_free(TRUNNEL_DYNARRAY_GET(&obj->certs, idx));
+ }
+ }
+ TRUNNEL_DYNARRAY_WIPE(&obj->certs);
+ TRUNNEL_DYNARRAY_CLEAR(&obj->certs);
+}
+
+void
+certs_cell_free(certs_cell_t *obj)
+{
+ if (obj == NULL)
+ return;
+ certs_cell_clear(obj);
+ trunnel_memwipe(obj, sizeof(certs_cell_t));
+ trunnel_free_(obj);
+}
+
+uint8_t
+certs_cell_get_n_certs(certs_cell_t *inp)
+{
+ return inp->n_certs;
+}
+int
+certs_cell_set_n_certs(certs_cell_t *inp, uint8_t val)
+{
+ inp->n_certs = val;
+ return 0;
+}
+size_t
+certs_cell_getlen_certs(const certs_cell_t *inp)
+{
+ return TRUNNEL_DYNARRAY_LEN(&inp->certs);
+}
+
+struct certs_cell_cert_st *
+certs_cell_get_certs(certs_cell_t *inp, size_t idx)
+{
+ return TRUNNEL_DYNARRAY_GET(&inp->certs, idx);
+}
+
+int
+certs_cell_set_certs(certs_cell_t *inp, size_t idx, struct certs_cell_cert_st * elt)
+{
+ certs_cell_cert_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->certs, idx);
+ if (oldval && oldval != elt)
+ certs_cell_cert_free(oldval);
+ return certs_cell_set0_certs(inp, idx, elt);
+}
+int
+certs_cell_set0_certs(certs_cell_t *inp, size_t idx, struct certs_cell_cert_st * elt)
+{
+ TRUNNEL_DYNARRAY_SET(&inp->certs, idx, elt);
+ return 0;
+}
+int
+certs_cell_add_certs(certs_cell_t *inp, struct certs_cell_cert_st * elt)
+{
+#if SIZE_MAX >= UINT8_MAX
+ if (inp->certs.n_ == UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ TRUNNEL_DYNARRAY_ADD(struct certs_cell_cert_st *, &inp->certs, elt, {});
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+
+struct certs_cell_cert_st * *
+certs_cell_getarray_certs(certs_cell_t *inp)
+{
+ return inp->certs.elts_;
+}
+int
+certs_cell_setlen_certs(certs_cell_t *inp, size_t newlen)
+{
+ struct certs_cell_cert_st * *newptr;
+#if UINT8_MAX < SIZE_MAX
+ if (newlen > UINT8_MAX)
+ goto trunnel_alloc_failed;
+#endif
+ newptr = trunnel_dynarray_setlen(&inp->certs.allocated_,
+ &inp->certs.n_, inp->certs.elts_, newlen,
+ sizeof(inp->certs.elts_[0]), (trunnel_free_fn_t) certs_cell_cert_free,
+ &inp->trunnel_error_code_);
+ if (newptr == NULL)
+ goto trunnel_alloc_failed;
+ inp->certs.elts_ = newptr;
+ return 0;
+ trunnel_alloc_failed:
+ TRUNNEL_SET_ERROR_CODE(inp);
+ return -1;
+}
+const char *
+certs_cell_check(const certs_cell_t *obj)
+{
+ if (obj == NULL)
+ return "Object was NULL";
+ if (obj->trunnel_error_code_)
+ return "A set function failed on this object";
+ {
+ const char *msg;
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->certs); ++idx) {
+ if (NULL != (msg = certs_cell_cert_check(TRUNNEL_DYNARRAY_GET(&obj->certs, idx))))
+ return msg;
+ }
+ }
+ if (TRUNNEL_DYNARRAY_LEN(&obj->certs) != obj->n_certs)
+ return "Length mismatch for certs";
+ return NULL;
+}
+
+ssize_t
+certs_cell_encoded_len(const certs_cell_t *obj)
+{
+ ssize_t result = 0;
+
+ if (NULL != certs_cell_check(obj))
+ return -1;
+
+
+ /* Length of u8 n_certs */
+ result += 1;
+
+ /* Length of struct certs_cell_cert certs[n_certs] */
+ {
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->certs); ++idx) {
+ result += certs_cell_cert_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->certs, idx));
+ }
+ }
+ return result;
+}
+int
+certs_cell_clear_errors(certs_cell_t *obj)
+{
+ int r = obj->trunnel_error_code_;
+ obj->trunnel_error_code_ = 0;
+ return r;
+}
+ssize_t
+certs_cell_encode(uint8_t *output, const size_t avail, const certs_cell_t *obj)
+{
+ ssize_t result = 0;
+ size_t written = 0;
+ uint8_t *ptr = output;
+ const char *msg;
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ const ssize_t encoded_len = certs_cell_encoded_len(obj);
+#endif
+
+ if (NULL != (msg = certs_cell_check(obj)))
+ goto check_failed;
+
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ trunnel_assert(encoded_len >= 0);
+#endif
+
+ /* Encode u8 n_certs */
+ trunnel_assert(written <= avail);
+ if (avail - written < 1)
+ goto truncated;
+ trunnel_set_uint8(ptr, (obj->n_certs));
+ written += 1; ptr += 1;
+
+ /* Encode struct certs_cell_cert certs[n_certs] */
+ {
+
+ unsigned idx;
+ for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->certs); ++idx) {
+ trunnel_assert(written <= avail);
+ result = certs_cell_cert_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->certs, idx));
+ if (result < 0)
+ goto fail; /* XXXXXXX !*/
+ written += result; ptr += result;
+ }
+ }
+
+
+ trunnel_assert(ptr == output + written);
+#ifdef TRUNNEL_CHECK_ENCODED_LEN
+ {
+ trunnel_assert(encoded_len >= 0);
+ trunnel_assert((size_t)encoded_len == written);
+ }
+
+#endif
+
+ return written;
+
+ truncated:
+ result = -2;
+ goto fail;
+ check_failed:
+ (void)msg;
+ result = -1;
+ goto fail;
+ fail:
+ trunnel_assert(result < 0);
+ return result;
+}
+
+/** As certs_cell_parse(), but do not allocate the output object.
+ */
+static ssize_t
+certs_cell_parse_into(certs_cell_t *obj, const uint8_t *input, const size_t len_in)
+{
+ const uint8_t *ptr = input;
+ size_t remaining = len_in;
+ ssize_t result = 0;
+ (void)result;
+
+ /* Parse u8 n_certs */
+ CHECK_REMAINING(1, truncated);
+ obj->n_certs = (trunnel_get_uint8(ptr));
+ remaining -= 1; ptr += 1;
+
+ /* Parse struct certs_cell_cert certs[n_certs] */
+ TRUNNEL_DYNARRAY_EXPAND(certs_cell_cert_t *, &obj->certs, obj->n_certs, {});
+ {
+ certs_cell_cert_t * elt;
+ unsigned idx;
+ for (idx = 0; idx < obj->n_certs; ++idx) {
+ result = certs_cell_cert_parse(&elt, ptr, remaining);
+ if (result < 0)
+ goto relay_fail;
+ trunnel_assert((size_t)result <= remaining);
+ remaining -= result; ptr += result;
+ TRUNNEL_DYNARRAY_ADD(certs_cell_cert_t *, &obj->certs, elt, {certs_cell_cert_free(elt);});
+ }
+ }
+ trunnel_assert(ptr + remaining == input + len_in);
+ return len_in - remaining;
+
+ truncated:
+ return -2;
+ relay_fail:
+ if (result >= 0) result = -1;
+ return result;
+ trunnel_alloc_failed:
+ return -1;
+}
+
+ssize_t
+certs_cell_parse(certs_cell_t **output, const uint8_t *input, const size_t len_in)
+{
+ ssize_t result;
+ *output = certs_cell_new();
+ if (NULL == *output)
+ return -1;
+ result = certs_cell_parse_into(*output, input, len_in);
+ if (result < 0) {
+ certs_cell_free(*output);
+ *output = NULL;
+ }
+ return result;
+}
diff --git a/src/trunnel/link_handshake.h b/src/trunnel/link_handshake.h
new file mode 100644
index 0000000..109fe8d
--- /dev/null
+++ b/src/trunnel/link_handshake.h
@@ -0,0 +1,654 @@
+/* link_handshake.h -- generated by by Trunnel v1.4-pre.
+ * https://gitweb.torproject.org/trunnel.git
+ * You probably shouldn't edit this file.
+ */
+#ifndef TRUNNEL_LINK_HANDSHAKE_H
+#define TRUNNEL_LINK_HANDSHAKE_H
+
+#include <stdint.h>
+#include "trunnel.h"
+
+#define CERTTYPE_RSA1024_ID_LINK 1
+#define CERTTYPE_RSA1024_ID_ID 2
+#define CERTTYPE_RSA1024_ID_AUTH 3
+#define CERTTYPE_ED_ID_SIGN 4
+#define CERTTYPE_ED_SIGN_LINK 5
+#define CERTTYPE_ED_SIGN_AUTH 6
+#define CERTTYPE_RSA1024_ID_EDID 7
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_AUTH_CHALLENGE_CELL)
+struct auth_challenge_cell_st {
+ uint8_t challenge[32];
+ uint16_t n_methods;
+ TRUNNEL_DYNARRAY_HEAD(, uint16_t) methods;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct auth_challenge_cell_st auth_challenge_cell_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_AUTH_CTX)
+struct auth_ctx_st {
+ uint8_t is_ed;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct auth_ctx_st auth_ctx_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_CERTS_CELL_CERT)
+struct certs_cell_cert_st {
+ uint8_t cert_type;
+ uint16_t cert_len;
+ TRUNNEL_DYNARRAY_HEAD(, uint8_t) body;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct certs_cell_cert_st certs_cell_cert_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_RSA_ED_CROSSCERT)
+struct rsa_ed_crosscert_st {
+ uint8_t ed_key[32];
+ uint32_t expiration;
+ const uint8_t *end_of_signed;
+ uint8_t sig_len;
+ TRUNNEL_DYNARRAY_HEAD(, uint8_t) sig;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct rsa_ed_crosscert_st rsa_ed_crosscert_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_AUTH1)
+struct auth1_st {
+ uint8_t type[8];
+ uint8_t cid[32];
+ uint8_t sid[32];
+ uint8_t u1_cid_ed[32];
+ uint8_t u1_sid_ed[32];
+ uint8_t slog[32];
+ uint8_t clog[32];
+ uint8_t scert[32];
+ uint8_t tlssecrets[32];
+ const uint8_t *end_of_fixed_part;
+ uint8_t rand[24];
+ const uint8_t *end_of_signed;
+ TRUNNEL_DYNARRAY_HEAD(, uint8_t) sig;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct auth1_st auth1_t;
+#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_CERTS_CELL)
+struct certs_cell_st {
+ uint8_t n_certs;
+ TRUNNEL_DYNARRAY_HEAD(, struct certs_cell_cert_st *) certs;
+ uint8_t trunnel_error_code_;
+};
+#endif
+typedef struct certs_cell_st certs_cell_t;
+/** Return a newly allocated auth_challenge_cell with all elements set
+ * to zero.
+ */
+auth_challenge_cell_t *auth_challenge_cell_new(void);
+/** Release all storage held by the auth_challenge_cell in 'victim'.
+ * (Do nothing if 'victim' is NULL.)
+ */
+void auth_challenge_cell_free(auth_challenge_cell_t *victim);
+/** Try to parse a auth_challenge_cell from the buffer in 'input',
+ * using up to 'len_in' bytes from the input buffer. On success,
+ * return the number of bytes consumed and set *output to the newly
+ * allocated auth_challenge_cell_t. On failure, return -2 if the input
+ * appears truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t auth_challenge_cell_parse(auth_challenge_cell_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * auth_challenge_cell in 'obj'. On failure, return a negative value.
+ * Note that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t auth_challenge_cell_encoded_len(const auth_challenge_cell_t *obj);
+/** Try to encode the auth_challenge_cell from 'input' into the buffer
+ * at 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t auth_challenge_cell_encode(uint8_t *output, const size_t avail, const auth_challenge_cell_t *input);
+/** Check whether the internal state of the auth_challenge_cell in
+ * 'obj' is consistent. Return NULL if it is, and a short message if
+ * it is not.
+ */
+const char *auth_challenge_cell_check(const auth_challenge_cell_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int auth_challenge_cell_clear_errors(auth_challenge_cell_t *obj);
+/** Return the (constant) length of the array holding the challenge
+ * field of the auth_challenge_cell_t in 'inp'.
+ */
+size_t auth_challenge_cell_getlen_challenge(const auth_challenge_cell_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * challenge of the auth_challenge_cell_t in 'inp'.
+ */
+uint8_t auth_challenge_cell_get_challenge(const auth_challenge_cell_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * challenge of the auth_challenge_cell_t in 'inp', so that it will
+ * hold the value 'elt'.
+ */
+int auth_challenge_cell_set_challenge(auth_challenge_cell_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field challenge of 'inp'.
+ */
+uint8_t * auth_challenge_cell_getarray_challenge(auth_challenge_cell_t *inp);
+/** Return the value of the n_methods field of the
+ * auth_challenge_cell_t in 'inp'
+ */
+uint16_t auth_challenge_cell_get_n_methods(auth_challenge_cell_t *inp);
+/** Set the value of the n_methods field of the auth_challenge_cell_t
+ * in 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int auth_challenge_cell_set_n_methods(auth_challenge_cell_t *inp, uint16_t val);
+/** Return the length of the dynamic array holding the methods field
+ * of the auth_challenge_cell_t in 'inp'.
+ */
+size_t auth_challenge_cell_getlen_methods(const auth_challenge_cell_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * methods of the auth_challenge_cell_t in 'inp'.
+ */
+uint16_t auth_challenge_cell_get_methods(auth_challenge_cell_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * methods of the auth_challenge_cell_t in 'inp', so that it will hold
+ * the value 'elt'.
+ */
+int auth_challenge_cell_set_methods(auth_challenge_cell_t *inp, size_t idx, uint16_t elt);
+/** Append a new element 'elt' to the dynamic array field methods of
+ * the auth_challenge_cell_t in 'inp'.
+ */
+int auth_challenge_cell_add_methods(auth_challenge_cell_t *inp, uint16_t elt);
+/** Return a pointer to the variable-length array field methods of
+ * 'inp'.
+ */
+uint16_t * auth_challenge_cell_getarray_methods(auth_challenge_cell_t *inp);
+/** Change the length of the variable-length array field methods of
+ * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success;
+ * return -1 and set the error code on 'inp' on failure.
+ */
+int auth_challenge_cell_setlen_methods(auth_challenge_cell_t *inp, size_t newlen);
+/** Return a newly allocated auth_ctx with all elements set to zero.
+ */
+auth_ctx_t *auth_ctx_new(void);
+/** Release all storage held by the auth_ctx in 'victim'. (Do nothing
+ * if 'victim' is NULL.)
+ */
+void auth_ctx_free(auth_ctx_t *victim);
+/** Return the value of the is_ed field of the auth_ctx_t in 'inp'
+ */
+uint8_t auth_ctx_get_is_ed(auth_ctx_t *inp);
+/** Set the value of the is_ed field of the auth_ctx_t in 'inp' to
+ * 'val'. Return 0 on success; return -1 and set the error code on
+ * 'inp' on failure.
+ */
+int auth_ctx_set_is_ed(auth_ctx_t *inp, uint8_t val);
+/** Return a newly allocated certs_cell_cert with all elements set to
+ * zero.
+ */
+certs_cell_cert_t *certs_cell_cert_new(void);
+/** Release all storage held by the certs_cell_cert in 'victim'. (Do
+ * nothing if 'victim' is NULL.)
+ */
+void certs_cell_cert_free(certs_cell_cert_t *victim);
+/** Try to parse a certs_cell_cert from the buffer in 'input', using
+ * up to 'len_in' bytes from the input buffer. On success, return the
+ * number of bytes consumed and set *output to the newly allocated
+ * certs_cell_cert_t. On failure, return -2 if the input appears
+ * truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t certs_cell_cert_parse(certs_cell_cert_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * certs_cell_cert in 'obj'. On failure, return a negative value. Note
+ * that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t certs_cell_cert_encoded_len(const certs_cell_cert_t *obj);
+/** Try to encode the certs_cell_cert from 'input' into the buffer at
+ * 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t certs_cell_cert_encode(uint8_t *output, const size_t avail, const certs_cell_cert_t *input);
+/** Check whether the internal state of the certs_cell_cert in 'obj'
+ * is consistent. Return NULL if it is, and a short message if it is
+ * not.
+ */
+const char *certs_cell_cert_check(const certs_cell_cert_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int certs_cell_cert_clear_errors(certs_cell_cert_t *obj);
+/** Return the value of the cert_type field of the certs_cell_cert_t
+ * in 'inp'
+ */
+uint8_t certs_cell_cert_get_cert_type(certs_cell_cert_t *inp);
+/** Set the value of the cert_type field of the certs_cell_cert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int certs_cell_cert_set_cert_type(certs_cell_cert_t *inp, uint8_t val);
+/** Return the value of the cert_len field of the certs_cell_cert_t in
+ * 'inp'
+ */
+uint16_t certs_cell_cert_get_cert_len(certs_cell_cert_t *inp);
+/** Set the value of the cert_len field of the certs_cell_cert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int certs_cell_cert_set_cert_len(certs_cell_cert_t *inp, uint16_t val);
+/** Return the length of the dynamic array holding the body field of
+ * the certs_cell_cert_t in 'inp'.
+ */
+size_t certs_cell_cert_getlen_body(const certs_cell_cert_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * body of the certs_cell_cert_t in 'inp'.
+ */
+uint8_t certs_cell_cert_get_body(certs_cell_cert_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * body of the certs_cell_cert_t in 'inp', so that it will hold the
+ * value 'elt'.
+ */
+int certs_cell_cert_set_body(certs_cell_cert_t *inp, size_t idx, uint8_t elt);
+/** Append a new element 'elt' to the dynamic array field body of the
+ * certs_cell_cert_t in 'inp'.
+ */
+int certs_cell_cert_add_body(certs_cell_cert_t *inp, uint8_t elt);
+/** Return a pointer to the variable-length array field body of 'inp'.
+ */
+uint8_t * certs_cell_cert_getarray_body(certs_cell_cert_t *inp);
+/** Change the length of the variable-length array field body of 'inp'
+ * to 'newlen'.Fill extra elements with 0. Return 0 on success; return
+ * -1 and set the error code on 'inp' on failure.
+ */
+int certs_cell_cert_setlen_body(certs_cell_cert_t *inp, size_t newlen);
+/** Return a newly allocated rsa_ed_crosscert with all elements set to
+ * zero.
+ */
+rsa_ed_crosscert_t *rsa_ed_crosscert_new(void);
+/** Release all storage held by the rsa_ed_crosscert in 'victim'. (Do
+ * nothing if 'victim' is NULL.)
+ */
+void rsa_ed_crosscert_free(rsa_ed_crosscert_t *victim);
+/** Try to parse a rsa_ed_crosscert from the buffer in 'input', using
+ * up to 'len_in' bytes from the input buffer. On success, return the
+ * number of bytes consumed and set *output to the newly allocated
+ * rsa_ed_crosscert_t. On failure, return -2 if the input appears
+ * truncated, and -1 if the input is otherwise invalid.
+ */
+ssize_t rsa_ed_crosscert_parse(rsa_ed_crosscert_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * rsa_ed_crosscert in 'obj'. On failure, return a negative value.
+ * Note that this value may be an overestimate, and can even be an
+ * underestimate for certain unencodeable objects.
+ */
+ssize_t rsa_ed_crosscert_encoded_len(const rsa_ed_crosscert_t *obj);
+/** Try to encode the rsa_ed_crosscert from 'input' into the buffer at
+ * 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t rsa_ed_crosscert_encode(uint8_t *output, const size_t avail, const rsa_ed_crosscert_t *input);
+/** Check whether the internal state of the rsa_ed_crosscert in 'obj'
+ * is consistent. Return NULL if it is, and a short message if it is
+ * not.
+ */
+const char *rsa_ed_crosscert_check(const rsa_ed_crosscert_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int rsa_ed_crosscert_clear_errors(rsa_ed_crosscert_t *obj);
+/** Return the (constant) length of the array holding the ed_key field
+ * of the rsa_ed_crosscert_t in 'inp'.
+ */
+size_t rsa_ed_crosscert_getlen_ed_key(const rsa_ed_crosscert_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * ed_key of the rsa_ed_crosscert_t in 'inp'.
+ */
+uint8_t rsa_ed_crosscert_get_ed_key(const rsa_ed_crosscert_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * ed_key of the rsa_ed_crosscert_t in 'inp', so that it will hold the
+ * value 'elt'.
+ */
+int rsa_ed_crosscert_set_ed_key(rsa_ed_crosscert_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field ed_key of 'inp'.
+ */
+uint8_t * rsa_ed_crosscert_getarray_ed_key(rsa_ed_crosscert_t *inp);
+/** Return the value of the expiration field of the rsa_ed_crosscert_t
+ * in 'inp'
+ */
+uint32_t rsa_ed_crosscert_get_expiration(rsa_ed_crosscert_t *inp);
+/** Set the value of the expiration field of the rsa_ed_crosscert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int rsa_ed_crosscert_set_expiration(rsa_ed_crosscert_t *inp, uint32_t val);
+/** Return the position for end_of_signed when we parsed this object
+ */
+const uint8_t * rsa_ed_crosscert_get_end_of_signed(const rsa_ed_crosscert_t *inp);
+/** Return the value of the sig_len field of the rsa_ed_crosscert_t in
+ * 'inp'
+ */
+uint8_t rsa_ed_crosscert_get_sig_len(rsa_ed_crosscert_t *inp);
+/** Set the value of the sig_len field of the rsa_ed_crosscert_t in
+ * 'inp' to 'val'. Return 0 on success; return -1 and set the error
+ * code on 'inp' on failure.
+ */
+int rsa_ed_crosscert_set_sig_len(rsa_ed_crosscert_t *inp, uint8_t val);
+/** Return the length of the dynamic array holding the sig field of
+ * the rsa_ed_crosscert_t in 'inp'.
+ */
+size_t rsa_ed_crosscert_getlen_sig(const rsa_ed_crosscert_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * sig of the rsa_ed_crosscert_t in 'inp'.
+ */
+uint8_t rsa_ed_crosscert_get_sig(rsa_ed_crosscert_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * sig of the rsa_ed_crosscert_t in 'inp', so that it will hold the
+ * value 'elt'.
+ */
+int rsa_ed_crosscert_set_sig(rsa_ed_crosscert_t *inp, size_t idx, uint8_t elt);
+/** Append a new element 'elt' to the dynamic array field sig of the
+ * rsa_ed_crosscert_t in 'inp'.
+ */
+int rsa_ed_crosscert_add_sig(rsa_ed_crosscert_t *inp, uint8_t elt);
+/** Return a pointer to the variable-length array field sig of 'inp'.
+ */
+uint8_t * rsa_ed_crosscert_getarray_sig(rsa_ed_crosscert_t *inp);
+/** Change the length of the variable-length array field sig of 'inp'
+ * to 'newlen'.Fill extra elements with 0. Return 0 on success; return
+ * -1 and set the error code on 'inp' on failure.
+ */
+int rsa_ed_crosscert_setlen_sig(rsa_ed_crosscert_t *inp, size_t newlen);
+/** Return a newly allocated auth1 with all elements set to zero.
+ */
+auth1_t *auth1_new(void);
+/** Release all storage held by the auth1 in 'victim'. (Do nothing if
+ * 'victim' is NULL.)
+ */
+void auth1_free(auth1_t *victim);
+/** Try to parse a auth1 from the buffer in 'input', using up to
+ * 'len_in' bytes from the input buffer. On success, return the number
+ * of bytes consumed and set *output to the newly allocated auth1_t.
+ * On failure, return -2 if the input appears truncated, and -1 if the
+ * input is otherwise invalid.
+ */
+ssize_t auth1_parse(auth1_t **output, const uint8_t *input, const size_t len_in, const auth_ctx_t *auth_ctx_ctx);
+/** Return the number of bytes we expect to need to encode the auth1
+ * in 'obj'. On failure, return a negative value. Note that this value
+ * may be an overestimate, and can even be an underestimate for
+ * certain unencodeable objects.
+ */
+ssize_t auth1_encoded_len(const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx);
+/** Try to encode the auth1 from 'input' into the buffer at 'output',
+ * using up to 'avail' bytes of the output buffer. On success, return
+ * the number of bytes used. On failure, return -2 if the buffer was
+ * not long enough, and -1 if the input was invalid.
+ */
+ssize_t auth1_encode(uint8_t *output, const size_t avail, const auth1_t *input, const auth_ctx_t *auth_ctx_ctx);
+/** Check whether the internal state of the auth1 in 'obj' is
+ * consistent. Return NULL if it is, and a short message if it is not.
+ */
+const char *auth1_check(const auth1_t *obj, const auth_ctx_t *auth_ctx_ctx);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int auth1_clear_errors(auth1_t *obj);
+/** Return the (constant) length of the array holding the type field
+ * of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_type(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field type
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_type(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field type
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_type(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 8-element array field type of 'inp'.
+ */
+uint8_t * auth1_getarray_type(auth1_t *inp);
+/** Return the (constant) length of the array holding the cid field of
+ * the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_cid(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field cid
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_cid(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field cid
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_cid(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field cid of 'inp'.
+ */
+uint8_t * auth1_getarray_cid(auth1_t *inp);
+/** Return the (constant) length of the array holding the sid field of
+ * the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_sid(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field sid
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_sid(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field sid
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_sid(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field sid of 'inp'.
+ */
+uint8_t * auth1_getarray_sid(auth1_t *inp);
+/** Return the (constant) length of the array holding the u1_cid_ed
+ * field of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_u1_cid_ed(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * u1_cid_ed of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_u1_cid_ed(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * u1_cid_ed of the auth1_t in 'inp', so that it will hold the value
+ * 'elt'.
+ */
+int auth1_set_u1_cid_ed(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field u1_cid_ed of 'inp'.
+ */
+uint8_t * auth1_getarray_u1_cid_ed(auth1_t *inp);
+/** Return the (constant) length of the array holding the u1_sid_ed
+ * field of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_u1_sid_ed(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * u1_sid_ed of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_u1_sid_ed(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * u1_sid_ed of the auth1_t in 'inp', so that it will hold the value
+ * 'elt'.
+ */
+int auth1_set_u1_sid_ed(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field u1_sid_ed of 'inp'.
+ */
+uint8_t * auth1_getarray_u1_sid_ed(auth1_t *inp);
+/** Return the (constant) length of the array holding the slog field
+ * of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_slog(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field slog
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_slog(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field slog
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_slog(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field slog of 'inp'.
+ */
+uint8_t * auth1_getarray_slog(auth1_t *inp);
+/** Return the (constant) length of the array holding the clog field
+ * of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_clog(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field clog
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_clog(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field clog
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_clog(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field clog of 'inp'.
+ */
+uint8_t * auth1_getarray_clog(auth1_t *inp);
+/** Return the (constant) length of the array holding the scert field
+ * of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_scert(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * scert of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_scert(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * scert of the auth1_t in 'inp', so that it will hold the value
+ * 'elt'.
+ */
+int auth1_set_scert(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field scert of 'inp'.
+ */
+uint8_t * auth1_getarray_scert(auth1_t *inp);
+/** Return the (constant) length of the array holding the tlssecrets
+ * field of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_tlssecrets(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field
+ * tlssecrets of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_tlssecrets(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field
+ * tlssecrets of the auth1_t in 'inp', so that it will hold the value
+ * 'elt'.
+ */
+int auth1_set_tlssecrets(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 32-element array field tlssecrets of
+ * 'inp'.
+ */
+uint8_t * auth1_getarray_tlssecrets(auth1_t *inp);
+/** Return the position for end_of_fixed_part when we parsed this
+ * object
+ */
+const uint8_t * auth1_get_end_of_fixed_part(const auth1_t *inp);
+/** Return the (constant) length of the array holding the rand field
+ * of the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_rand(const auth1_t *inp);
+/** Return the element at position 'idx' of the fixed array field rand
+ * of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_rand(const auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the fixed array field rand
+ * of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_rand(auth1_t *inp, size_t idx, uint8_t elt);
+/** Return a pointer to the 24-element array field rand of 'inp'.
+ */
+uint8_t * auth1_getarray_rand(auth1_t *inp);
+/** Return the position for end_of_signed when we parsed this object
+ */
+const uint8_t * auth1_get_end_of_signed(const auth1_t *inp);
+/** Return the length of the dynamic array holding the sig field of
+ * the auth1_t in 'inp'.
+ */
+size_t auth1_getlen_sig(const auth1_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * sig of the auth1_t in 'inp'.
+ */
+uint8_t auth1_get_sig(auth1_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * sig of the auth1_t in 'inp', so that it will hold the value 'elt'.
+ */
+int auth1_set_sig(auth1_t *inp, size_t idx, uint8_t elt);
+/** Append a new element 'elt' to the dynamic array field sig of the
+ * auth1_t in 'inp'.
+ */
+int auth1_add_sig(auth1_t *inp, uint8_t elt);
+/** Return a pointer to the variable-length array field sig of 'inp'.
+ */
+uint8_t * auth1_getarray_sig(auth1_t *inp);
+/** Change the length of the variable-length array field sig of 'inp'
+ * to 'newlen'.Fill extra elements with 0. Return 0 on success; return
+ * -1 and set the error code on 'inp' on failure.
+ */
+int auth1_setlen_sig(auth1_t *inp, size_t newlen);
+/** Return a newly allocated certs_cell with all elements set to zero.
+ */
+certs_cell_t *certs_cell_new(void);
+/** Release all storage held by the certs_cell in 'victim'. (Do
+ * nothing if 'victim' is NULL.)
+ */
+void certs_cell_free(certs_cell_t *victim);
+/** Try to parse a certs_cell from the buffer in 'input', using up to
+ * 'len_in' bytes from the input buffer. On success, return the number
+ * of bytes consumed and set *output to the newly allocated
+ * certs_cell_t. On failure, return -2 if the input appears truncated,
+ * and -1 if the input is otherwise invalid.
+ */
+ssize_t certs_cell_parse(certs_cell_t **output, const uint8_t *input, const size_t len_in);
+/** Return the number of bytes we expect to need to encode the
+ * certs_cell in 'obj'. On failure, return a negative value. Note that
+ * this value may be an overestimate, and can even be an underestimate
+ * for certain unencodeable objects.
+ */
+ssize_t certs_cell_encoded_len(const certs_cell_t *obj);
+/** Try to encode the certs_cell from 'input' into the buffer at
+ * 'output', using up to 'avail' bytes of the output buffer. On
+ * success, return the number of bytes used. On failure, return -2 if
+ * the buffer was not long enough, and -1 if the input was invalid.
+ */
+ssize_t certs_cell_encode(uint8_t *output, const size_t avail, const certs_cell_t *input);
+/** Check whether the internal state of the certs_cell in 'obj' is
+ * consistent. Return NULL if it is, and a short message if it is not.
+ */
+const char *certs_cell_check(const certs_cell_t *obj);
+/** Clear any errors that were set on the object 'obj' by its setter
+ * functions. Return true iff errors were cleared.
+ */
+int certs_cell_clear_errors(certs_cell_t *obj);
+/** Return the value of the n_certs field of the certs_cell_t in 'inp'
+ */
+uint8_t certs_cell_get_n_certs(certs_cell_t *inp);
+/** Set the value of the n_certs field of the certs_cell_t in 'inp' to
+ * 'val'. Return 0 on success; return -1 and set the error code on
+ * 'inp' on failure.
+ */
+int certs_cell_set_n_certs(certs_cell_t *inp, uint8_t val);
+/** Return the length of the dynamic array holding the certs field of
+ * the certs_cell_t in 'inp'.
+ */
+size_t certs_cell_getlen_certs(const certs_cell_t *inp);
+/** Return the element at position 'idx' of the dynamic array field
+ * certs of the certs_cell_t in 'inp'.
+ */
+struct certs_cell_cert_st * certs_cell_get_certs(certs_cell_t *inp, size_t idx);
+/** Change the element at position 'idx' of the dynamic array field
+ * certs of the certs_cell_t in 'inp', so that it will hold the value
+ * 'elt'. Free the previous value, if any.
+ */
+int certs_cell_set_certs(certs_cell_t *inp, size_t idx, struct certs_cell_cert_st * elt);
+/** As certs_cell_set_certs, but does not free the previous value.
+ */
+int certs_cell_set0_certs(certs_cell_t *inp, size_t idx, struct certs_cell_cert_st * elt);
+/** Append a new element 'elt' to the dynamic array field certs of the
+ * certs_cell_t in 'inp'.
+ */
+int certs_cell_add_certs(certs_cell_t *inp, struct certs_cell_cert_st * elt);
+/** Return a pointer to the variable-length array field certs of
+ * 'inp'.
+ */
+struct certs_cell_cert_st * * certs_cell_getarray_certs(certs_cell_t *inp);
+/** Change the length of the variable-length array field certs of
+ * 'inp' to 'newlen'.Fill extra elements with NULL; free removed
+ * elements. Return 0 on success; return -1 and set the error code on
+ * 'inp' on failure.
+ */
+int certs_cell_setlen_certs(certs_cell_t *inp, size_t newlen);
+
+
+#endif
diff --git a/src/trunnel/link_handshake.trunnel b/src/trunnel/link_handshake.trunnel
new file mode 100644
index 0000000..b858e17
--- /dev/null
+++ b/src/trunnel/link_handshake.trunnel
@@ -0,0 +1,57 @@
+
+struct certs_cell {
+ u8 n_certs;
+ struct certs_cell_cert certs[n_certs];
+}
+
+const CERTTYPE_RSA1024_ID_LINK = 1;
+const CERTTYPE_RSA1024_ID_ID = 2;
+const CERTTYPE_RSA1024_ID_AUTH = 3;
+const CERTTYPE_ED_ID_SIGN = 4;
+const CERTTYPE_ED_SIGN_LINK = 5;
+const CERTTYPE_ED_SIGN_AUTH = 6;
+const CERTTYPE_RSA1024_ID_EDID = 7;
+
+struct certs_cell_cert {
+ u8 cert_type;
+ u16 cert_len;
+ u8 body[cert_len];
+}
+
+struct rsa_ed_crosscert {
+ u8 ed_key[32];
+ u32 expiration;
+ @ptr end_of_signed;
+ u8 sig_len;
+ u8 sig[sig_len]; // mismatches spec.
+}
+
+struct auth_challenge_cell {
+ u8 challenge[32];
+ u16 n_methods;
+ u16 methods[n_methods];
+}
+
+context auth_ctx {
+ u8 is_ed;
+}
+
+struct auth1 with context auth_ctx {
+ u8 type[8];
+ u8 cid[32];
+ u8 sid[32];
+ union u1[auth_ctx.is_ed] {
+ 0 : ;
+ 1 : u8 cid_ed[32];
+ u8 sid_ed[32];
+ default: fail;
+ };
+ u8 slog[32];
+ u8 clog[32];
+ u8 scert[32];
+ u8 tlssecrets[32];
+ @ptr end_of_fixed_part;
+ u8 rand[24];
+ @ptr end_of_signed;
+ u8 sig[];
+}
1
0
[translation/torbutton-torbuttondtd] Update translations for torbutton-torbuttondtd
by translation@torproject.org 28 May '15
by translation@torproject.org 28 May '15
28 May '15
commit 3f3caab1b5c6b2230ed3afe153decd9283ca5f17
Author: Translation commit bot <translation(a)torproject.org>
Date: Thu May 28 10:46:00 2015 +0000
Update translations for torbutton-torbuttondtd
---
id/torbutton.dtd | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/id/torbutton.dtd b/id/torbutton.dtd
index c6eee08..e14108c 100644
--- a/id/torbutton.dtd
+++ b/id/torbutton.dtd
@@ -71,10 +71,10 @@
<!ENTITY torbutton.prefs.shutdown "Matikan">
<!ENTITY torbutton.prefs.tor_shutdown "Bersihkan cookie Tor saat mematikan peramban Tor">
<!ENTITY torbutton.prefs.all_shutdown "Bersihkan cookie saat mematikan peramban apapun">
-<!ENTITY torbutton.prefs.no_shutdown "Jangan bersihkan cookie saya ketika mematikan browser">
+<!ENTITY torbutton.prefs.no_shutdown "Jangan bersihkan cookie saya saat mematikan peramban">
<!ENTITY torbutton.prefs.disable_sessionstore "Nonaktifkan Penyimpanan Sesi (disarankan)">
<!ENTITY torbutton.prefs.headers "Header">
-<!ENTITY torbutton.prefs.spoof_english "Aktifkan penyamar untuk browser US-English">
+<!ENTITY torbutton.prefs.spoof_english "Aktifkan penyamar untuk peramban US-English">
<!ENTITY torbutton.prefs.refererspoofing "Referer spoofing">
<!ENTITY torbutton.prefs.spoofblank "Spoof blank referer during Tor usage (may break some sites)">
<!ENTITY torbutton.prefs.smartspoof "Smart referer spoof during Tor usage (spoofs cross domain referers)">
1
0
[translation/torbutton-torbuttondtd] Update translations for torbutton-torbuttondtd
by translation@torproject.org 28 May '15
by translation@torproject.org 28 May '15
28 May '15
commit d6fa6b37ab91ff87e1224e681ba2a63fb11177d5
Author: Translation commit bot <translation(a)torproject.org>
Date: Thu May 28 10:16:01 2015 +0000
Update translations for torbutton-torbuttondtd
---
id/torbutton.dtd | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/id/torbutton.dtd b/id/torbutton.dtd
index 959aec0..c6eee08 100644
--- a/id/torbutton.dtd
+++ b/id/torbutton.dtd
@@ -69,8 +69,8 @@
<!ENTITY torbutton.prefs.history "Riwayat">
<!ENTITY torbutton.prefs.no_search "Nonaktifkan saran pencarian selama sesi Tor (disarankan)">
<!ENTITY torbutton.prefs.shutdown "Matikan">
-<!ENTITY torbutton.prefs.tor_shutdown "Bersihkan cookie Tor saat mematikan browser dengan Tor aktif">
-<!ENTITY torbutton.prefs.all_shutdown "Bersihkan cookie saat mematikan browser dengan kondisi apapun">
+<!ENTITY torbutton.prefs.tor_shutdown "Bersihkan cookie Tor saat mematikan peramban Tor">
+<!ENTITY torbutton.prefs.all_shutdown "Bersihkan cookie saat mematikan peramban apapun">
<!ENTITY torbutton.prefs.no_shutdown "Jangan bersihkan cookie saya ketika mematikan browser">
<!ENTITY torbutton.prefs.disable_sessionstore "Nonaktifkan Penyimpanan Sesi (disarankan)">
<!ENTITY torbutton.prefs.headers "Header">
1
0
[metrics-lib/master] Add descriptor source to fetch descriptors from CollecTor.
by karsten@torproject.org 28 May '15
by karsten@torproject.org 28 May '15
28 May '15
commit e3d381f4c12eb61cc1d6491f31f1ac250602b3d9
Author: Karsten Loesing <karsten.loesing(a)gmx.net>
Date: Thu May 21 17:13:17 2015 +0200
Add descriptor source to fetch descriptors from CollecTor.
Includes some really good suggestions from iwakeh.
Implements #16151.
---
.../torproject/descriptor/DescriptorCollector.java | 34 +++
.../descriptor/DescriptorSourceFactory.java | 12 +
.../descriptor/impl/DescriptorCollectorImpl.java | 240 ++++++++++++++++++++
.../torproject/descriptor/impl/ParseHelper.java | 2 +-
.../impl/DescriptorCollectorImplTest.java | 120 ++++++++++
5 files changed, 407 insertions(+), 1 deletion(-)
diff --git a/src/org/torproject/descriptor/DescriptorCollector.java b/src/org/torproject/descriptor/DescriptorCollector.java
new file mode 100644
index 0000000..bd29fb0
--- /dev/null
+++ b/src/org/torproject/descriptor/DescriptorCollector.java
@@ -0,0 +1,34 @@
+/* Copyright 2015 The Tor Project
+ * See LICENSE for licensing information */
+package org.torproject.descriptor;
+
+import java.io.File;
+
+/** Fetch descriptors from the CollecTor service available at
+ * https://collector.torproject.org/ and store them to a local
+ * directory. */
+public interface DescriptorCollector {
+
+ /**
+ * Fetch remote files from a CollecTor instance that do not yet exist
+ * locally and possibly delete local files that do not exist remotely
+ * anymore.
+ *
+ * @param collecTorBaseUrl CollecTor base URL without trailing slash,
+ * e.g., "https://collector.torproject.org".
+ * @param remoteDirectories Remote directories to collect descriptors
+ * from, e.g., "/recent/relay-descriptors/server-descriptors/". Only
+ * files in this directory will be collected, no files in its sub
+ * directories.
+ * @param minLastModified Minimum last-modified time in milliseconds of
+ * files to be collected. Set to 0 for collecting all files.
+ * @param localDirectory Directory where collected files will be
+ * written.
+ * @param deleteExtraneousLocalFiles Whether to delete all local files
+ * that do not exist remotely anymore.
+ */
+ public void collectRemoteFiles(String collecTorBaseUrl,
+ String[] remoteDirectories, long minLastModified,
+ File localDirectory, boolean deleteExtraneousLocalFiles);
+}
+
diff --git a/src/org/torproject/descriptor/DescriptorSourceFactory.java b/src/org/torproject/descriptor/DescriptorSourceFactory.java
index 9bfd81f..49fcdc6 100644
--- a/src/org/torproject/descriptor/DescriptorSourceFactory.java
+++ b/src/org/torproject/descriptor/DescriptorSourceFactory.java
@@ -12,11 +12,14 @@ public final class DescriptorSourceFactory {
"org.torproject.descriptor.impl.DescriptorParserImpl";
public final static String READER_DEFAULT =
"org.torproject.descriptor.impl.DescriptorReaderImpl";
+ public final static String COLLECTOR_DEFAULT =
+ "org.torproject.descriptor.impl.DescriptorCollectorImpl";
/* property names */
public final static String PARSER_PROPERTY = "onionoo.parser";
public final static String READER_PROPERTY = "onionoo.property";
public final static String LOADER_PROPERTY = "onionoo.downloader";
+ public final static String COLLECTOR_PROPERTY = "onionoo.collector";
/**
* Create a descriptor parser.
@@ -39,6 +42,13 @@ public final class DescriptorSourceFactory {
return (DescriptorDownloader) retrieve(LOADER_PROPERTY);
}
+ /**
+ * Create a descriptor collector.
+ */
+ public final static DescriptorCollector createDescriptorCollector() {
+ return (DescriptorCollector) retrieve(COLLECTOR_PROPERTY);
+ }
+
private final static <T> Object retrieve(String type) {
Object object;
String clazzName = null;
@@ -49,6 +59,8 @@ public final class DescriptorSourceFactory {
clazzName = System.getProperty(type, LOADER_DEFAULT);
} else if (READER_PROPERTY.equals(type)) {
clazzName = System.getProperty(type, READER_DEFAULT);
+ } else if (COLLECTOR_PROPERTY.equals(type)) {
+ clazzName = System.getProperty(type, COLLECTOR_DEFAULT);
}
object = ClassLoader.getSystemClassLoader().loadClass(clazzName).
newInstance();
diff --git a/src/org/torproject/descriptor/impl/DescriptorCollectorImpl.java b/src/org/torproject/descriptor/impl/DescriptorCollectorImpl.java
new file mode 100644
index 0000000..ed88906
--- /dev/null
+++ b/src/org/torproject/descriptor/impl/DescriptorCollectorImpl.java
@@ -0,0 +1,240 @@
+/* Copyright 2015 The Tor Project
+ * See LICENSE for licensing information */
+package org.torproject.descriptor.impl;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.util.Arrays;
+import java.util.Map;
+import java.util.Scanner;
+import java.util.SortedMap;
+import java.util.SortedSet;
+import java.util.Stack;
+import java.util.TreeMap;
+import java.util.TreeSet;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import java.util.zip.GZIPInputStream;
+
+import org.torproject.descriptor.DescriptorCollector;
+
+public class DescriptorCollectorImpl implements DescriptorCollector {
+
+ @Override
+ public void collectRemoteFiles(String collecTorBaseUrl,
+ String[] remoteDirectories, long minLastModified,
+ File localDirectory, boolean deleteExtraneousLocalFiles) {
+ collecTorBaseUrl = collecTorBaseUrl.endsWith("/")
+ ? collecTorBaseUrl.substring(0, collecTorBaseUrl.length() - 1)
+ : collecTorBaseUrl;
+ if (minLastModified < 0) {
+ throw new IllegalArgumentException("A negative minimum "
+ + "last-modified time is not permitted.");
+ }
+ if (localDirectory.exists() && !localDirectory.isDirectory()) {
+ throw new IllegalArgumentException("Local directory already exists "
+ + "and is not a directory.");
+ }
+ SortedMap<String, Long> localFiles =
+ this.statLocalDirectory(localDirectory);
+ SortedMap<String, String> fetchedDirectoryListings =
+ this.fetchRemoteDirectories(collecTorBaseUrl, remoteDirectories);
+ SortedSet<String> parsedDirectories = new TreeSet<String>();
+ SortedMap<String, Long> remoteFiles = new TreeMap<String, Long>();
+ for (Map.Entry<String, String> e :
+ fetchedDirectoryListings.entrySet()) {
+ String remoteDirectory = e.getKey();
+ String directoryListing = e.getValue();
+ SortedMap<String, Long> parsedRemoteFiles =
+ this.parseDirectoryListing(remoteDirectory, directoryListing);
+ if (parsedRemoteFiles == null) {
+ continue;
+ }
+ parsedDirectories.add(remoteDirectory);
+ remoteFiles.putAll(parsedRemoteFiles);
+ }
+ this.fetchRemoteFiles(collecTorBaseUrl, remoteFiles, minLastModified,
+ localDirectory, localFiles);
+ if (deleteExtraneousLocalFiles) {
+ this.deleteExtraneousLocalFiles(parsedDirectories, remoteFiles,
+ localDirectory, localFiles);
+ }
+ }
+
+ SortedMap<String, Long> statLocalDirectory(
+ File localDirectory) {
+ SortedMap<String, Long> localFiles = new TreeMap<String, Long>();
+ if (!localDirectory.exists()) {
+ return localFiles;
+ }
+ Stack<File> files = new Stack<File>();
+ files.add(localDirectory);
+ while (!files.isEmpty()) {
+ File file = files.pop();
+ if (file.isDirectory()) {
+ files.addAll(Arrays.asList(file.listFiles()));
+ } else {
+ String localPath = file.getPath().substring(
+ localDirectory.getPath().length());
+ localFiles.put(localPath, file.lastModified());
+ }
+ }
+ return localFiles;
+ }
+
+ SortedMap<String, String> fetchRemoteDirectories(
+ String collecTorBaseUrl, String[] remoteDirectories) {
+ SortedMap<String, String> fetchedDirectoryListings =
+ new TreeMap<String, String>();
+ for (String remoteDirectory : remoteDirectories) {
+ String remoteDirectoryWithSlashAtBeginAndEnd =
+ (remoteDirectory.startsWith("/") ? "" : "/") + remoteDirectory
+ + (remoteDirectory.endsWith("/") ? "" : "/");
+ String directoryUrl = collecTorBaseUrl
+ + remoteDirectoryWithSlashAtBeginAndEnd;
+ String directoryListing = this.fetchRemoteDirectory(directoryUrl);
+ if (directoryListing.length() > 0) {
+ fetchedDirectoryListings.put(
+ remoteDirectoryWithSlashAtBeginAndEnd, directoryListing);
+ }
+ }
+ return fetchedDirectoryListings;
+ }
+
+ String fetchRemoteDirectory(String url) {
+ StringBuilder sb = new StringBuilder();
+ try {
+ URL u = new URL(url);
+ HttpURLConnection huc = (HttpURLConnection) u.openConnection();
+ huc.setRequestMethod("GET");
+ huc.connect();
+ int responseCode = huc.getResponseCode();
+ if (responseCode == 200) {
+ BufferedReader br = new BufferedReader(new InputStreamReader(
+ huc.getInputStream()));
+ String line;
+ while ((line = br.readLine()) != null) {
+ sb.append(line + "\n");
+ }
+ br.close();
+ }
+ } catch (IOException e) {
+ e.printStackTrace();
+ return "";
+ }
+ return sb.toString();
+ }
+
+ final Pattern DIRECTORY_LISTING_LINE_PATTERN =
+ Pattern.compile(".* href=\"([^\"/]+)\"" /* filename */
+ + ".*>(\\d{2}-\\w{3}-\\d{4} \\d{2}:\\d{2})\\s*<.*"); /* dateTime */
+
+ SortedMap<String, Long> parseDirectoryListing(
+ String remoteDirectory, String directoryListing) {
+ SortedMap<String, Long> remoteFiles = new TreeMap<String, Long>();
+ DateFormat dateTimeFormat = ParseHelper.getDateFormat(
+ "dd-MMM-yyyy HH:mm");
+ try {
+ Scanner s = new Scanner(directoryListing);
+ s.useDelimiter("\n");
+ while (s.hasNext()) {
+ String line = s.next();
+ Matcher matcher = DIRECTORY_LISTING_LINE_PATTERN.matcher(line);
+ if (matcher.matches()) {
+ String filename = matcher.group(1);
+ long lastModifiedMillis = dateTimeFormat.parse(
+ matcher.group(2)).getTime();
+ remoteFiles.put(remoteDirectory + filename, lastModifiedMillis);
+ }
+ }
+ s.close();
+ } catch (ParseException e) {
+ e.printStackTrace();
+ return null;
+ }
+ return remoteFiles;
+ }
+
+ void fetchRemoteFiles(String collecTorBaseUrl,
+ SortedMap<String, Long> remoteFiles, long minLastModified,
+ File localDirectory, SortedMap<String, Long> localFiles) {
+ for (Map.Entry<String, Long> e : remoteFiles.entrySet()) {
+ String filename = e.getKey();
+ long lastModifiedMillis = e.getValue();
+ if (lastModifiedMillis < minLastModified ||
+ (localFiles.containsKey(filename) &&
+ localFiles.get(filename) >= lastModifiedMillis)) {
+ continue;
+ }
+ String url = collecTorBaseUrl + filename;
+ File destinationFile = new File(localDirectory.getPath()
+ + filename);
+ this.fetchRemoteFile(url, destinationFile, lastModifiedMillis);
+ }
+ }
+
+ void fetchRemoteFile(String url, File destinationFile,
+ long lastModifiedMillis) {
+ try {
+ File destinationDirectory = destinationFile.getParentFile();
+ destinationDirectory.mkdirs();
+ File tempDestinationFile = new File(destinationDirectory, "."
+ + destinationFile.getName());
+ FileOutputStream fos = new FileOutputStream(tempDestinationFile);
+ URL u = new URL(url);
+ HttpURLConnection huc = (HttpURLConnection) u.openConnection();
+ huc.setRequestMethod("GET");
+ if (!url.endsWith(".xz")) {
+ huc.addRequestProperty("Accept-Encoding", "gzip");
+ }
+ huc.connect();
+ int responseCode = huc.getResponseCode();
+ if (responseCode == 200) {
+ InputStream is;
+ if (huc.getContentEncoding() != null &&
+ huc.getContentEncoding().equalsIgnoreCase("gzip")) {
+ is = new GZIPInputStream(huc.getInputStream());
+ } else {
+ is = huc.getInputStream();
+ }
+ BufferedInputStream bis = new BufferedInputStream(is);
+ int len;
+ byte[] data = new byte[1024];
+ while ((len = bis.read(data, 0, 1024)) >= 0) {
+ fos.write(data, 0, len);
+ }
+ bis.close();
+ fos.close();
+ tempDestinationFile.renameTo(destinationFile);
+ destinationFile.setLastModified(lastModifiedMillis);
+ }
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+
+ void deleteExtraneousLocalFiles(
+ SortedSet<String> parsedDirectories,
+ SortedMap<String, Long> remoteFiles, File localDirectory,
+ SortedMap<String, Long> localFiles) {
+ for (String localPath : localFiles.keySet()) {
+ for (String remoteDirectory : parsedDirectories) {
+ if (localPath.startsWith(remoteDirectory)) {
+ if (!remoteFiles.containsKey(localPath)) {
+ new File(localDirectory.getPath() + localPath).delete();
+ }
+ }
+ }
+ }
+ }
+}
+
diff --git a/src/org/torproject/descriptor/impl/ParseHelper.java b/src/org/torproject/descriptor/impl/ParseHelper.java
index 226bf80..09534c7 100644
--- a/src/org/torproject/descriptor/impl/ParseHelper.java
+++ b/src/org/torproject/descriptor/impl/ParseHelper.java
@@ -153,7 +153,7 @@ public class ParseHelper {
super.set(value);
}
};
- private static DateFormat getDateFormat(String format) {
+ static DateFormat getDateFormat(String format) {
Map<String, DateFormat> threadDateFormats = dateFormats.get();
if (!threadDateFormats.containsKey(format)) {
DateFormat dateFormat = new SimpleDateFormat(format);
diff --git a/test/org/torproject/descriptor/impl/DescriptorCollectorImplTest.java b/test/org/torproject/descriptor/impl/DescriptorCollectorImplTest.java
new file mode 100644
index 0000000..2715f12
--- /dev/null
+++ b/test/org/torproject/descriptor/impl/DescriptorCollectorImplTest.java
@@ -0,0 +1,120 @@
+/* Copyright 2015 The Tor Project
+ * See LICENSE for licensing information */
+package org.torproject.descriptor.impl;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+
+import java.util.SortedMap;
+
+import org.junit.Test;
+
+public class DescriptorCollectorImplTest {
+
+ private static final String REMOTE_DIRECTORY_CONSENSUSES =
+ "/recent/relay-descriptors/consensuses/";
+
+ @Test()
+ public void testOneFile() {
+ String remoteFilename = "2015-05-24-12-00-00-consensus";
+ String directoryListing = "<tr><td valign=\"top\">"
+ + "<img src=\"/icons/unknown.gif\" alt=\"[ ]\"></td><td>"
+ + "<a href=\"" + remoteFilename + "\">"
+ + "2015-05-24-12-00-00-consensus</a></td>"
+ + "<td align=\"right\">24-May-2015 12:08 </td>"
+ + "<td align=\"right\">1.5M</td><td> </td></tr>";
+ SortedMap<String, Long> remoteFiles =
+ new DescriptorCollectorImpl().parseDirectoryListing(
+ REMOTE_DIRECTORY_CONSENSUSES, directoryListing);
+ assertNotNull(remoteFiles);
+ assertSame(1, remoteFiles.size());
+ assertEquals(REMOTE_DIRECTORY_CONSENSUSES + remoteFilename,
+ remoteFiles.firstKey());
+ assertEquals((Long) 1432469280000L,
+ remoteFiles.get(remoteFiles.firstKey()));
+ }
+
+ @Test()
+ public void testSameFileTwoTimestampsLastWins() {
+ String remoteFilename = "2015-05-24-12-00-00-consensus";
+ String firstTimestamp = "24-May-2015 12:04";
+ String secondTimestamp = "24-May-2015 12:08";
+ String lineFormat = "<tr><td valign=\"top\">"
+ + "<img src=\"/icons/unknown.gif\" alt=\"[ ]\"></td><td>"
+ + "<a href=\"%s\">2015-05-24-12-00-00-consensus</a></td>"
+ + "<td align=\"right\">%s </td>"
+ + "<td align=\"right\">1.5M</td><td> </td></tr>\n";
+ String directoryListing = String.format(lineFormat + lineFormat,
+ remoteFilename, firstTimestamp, remoteFilename, secondTimestamp);
+ SortedMap<String, Long> remoteFiles =
+ new DescriptorCollectorImpl().parseDirectoryListing(
+ REMOTE_DIRECTORY_CONSENSUSES, directoryListing);
+ assertNotNull(remoteFiles);
+ assertSame(1, remoteFiles.size());
+ assertEquals(REMOTE_DIRECTORY_CONSENSUSES + remoteFilename,
+ remoteFiles.firstKey());
+ assertEquals((Long) 1432469280000L,
+ remoteFiles.get(remoteFiles.firstKey()));
+ }
+
+ @Test()
+ public void testSubDirectoryOnly() {
+ String directoryListing = "<tr><td valign=\"top\">"
+ + "<img src=\"/icons/folder.gif\" alt=\"[DIR]\"></td><td>"
+ + "<a href=\"subdir/\">subdir/</a></td>"
+ + "<td align=\"right\">27-May-2015 14:07 </td>"
+ + "<td align=\"right\"> - </td><td> </td></tr>";
+ DescriptorCollectorImpl collector = new DescriptorCollectorImpl();
+ SortedMap<String, Long> remoteFiles = collector.parseDirectoryListing(
+ REMOTE_DIRECTORY_CONSENSUSES, directoryListing);
+ assertNotNull(remoteFiles);
+ assertTrue(remoteFiles.isEmpty());
+ }
+
+ @Test()
+ public void testParentDirectoryOnly() {
+ String directoryListing = "<tr><td valign=\"top\">"
+ + "<img src=\"/icons/back.gif\" alt=\"[DIR]\"></td><td>"
+ + "<a href=\"/recent/relay-descriptors/\">Parent Directory</a>"
+ + "</td><td> </td><td align=\"right\"> - </td>"
+ + "<td> </td></tr>";
+ DescriptorCollectorImpl collector = new DescriptorCollectorImpl();
+ SortedMap<String, Long> remoteFiles = collector.parseDirectoryListing(
+ REMOTE_DIRECTORY_CONSENSUSES, directoryListing);
+ assertNotNull(remoteFiles);
+ assertTrue(remoteFiles.isEmpty());
+ }
+
+ @Test()
+ public void testUnexpectedDateFormat() {
+ String directoryListing = "<tr><td valign=\"top\">"
+ + "<img src=\"/icons/unknown.gif\" alt=\"[ ]\"></td><td>"
+ + "<a href=\"2015-05-24-12-00-00-consensus\">"
+ + "2015-05-24-12-00-00-consensus</a></td>"
+ + "<td align=\"right\">2015-05-24 12:08 </td>"
+ + "<td align=\"right\">1.5M</td><td> </td></tr>";
+ SortedMap<String, Long> remoteFiles =
+ new DescriptorCollectorImpl().parseDirectoryListing(
+ REMOTE_DIRECTORY_CONSENSUSES, directoryListing);
+ assertNotNull(remoteFiles);
+ assertTrue(remoteFiles.isEmpty());
+ }
+
+ @Test()
+ public void testInvalidDate() {
+ String directoryListing = "<tr><td valign=\"top\">"
+ + "<img src=\"/icons/unknown.gif\" alt=\"[ ]\"></td><td>"
+ + "<a href=\"2015-05-24-12-00-00-consensus\">"
+ + "2015-05-24-12-00-00-consensus</a></td>"
+ + "<td align=\"right\">34-May-2015 12:08 </td>"
+ + "<td align=\"right\">1.5M</td><td> </td></tr>";
+ SortedMap<String, Long> remoteFiles =
+ new DescriptorCollectorImpl().parseDirectoryListing(
+ REMOTE_DIRECTORY_CONSENSUSES, directoryListing);
+ assertNull(remoteFiles);
+ }
+}
+
1
0
commit 372e2c78d3a81e4da12f5de63bc2889a2d6ad5f1
Author: Ondrej Mikle <ondrej.mikle(a)gmail.com>
Date: Wed May 27 21:34:32 2015 +0200
Update RPM page with Fedora 22 info
---
docs/en/rpms.wml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/docs/en/rpms.wml b/docs/en/rpms.wml
index 3ee18c2..e4a6823 100644
--- a/docs/en/rpms.wml
+++ b/docs/en/rpms.wml
@@ -27,10 +27,10 @@
torproject.repo. Edit this file with the following information:
</p>
- <h3>Fedora 20/21 and EL6/7 packages</h3>
+ <h3>Fedora 21/22 and EL6/7 packages</h3>
- <p>For Fedora 20, Fedora 21, RHEL 6, RHEL 7 (and clones), use following
- repo file - substitute DISTRIBUTION with one of the following: fc/20, fc/21,
+ <p>For Fedora 21, Fedora 22, RHEL 6, RHEL 7 (and clones), use following
+ repo file - substitute DISTRIBUTION with one of the following: fc/21, fc/22,
el/6, el/7 according to your distribution.
</p>
1
0
27 May '15
commit 8038eb98da33522deff1bb1caa791dae56393f92
Author: Nicolas Vigier <boklm(a)torproject.org>
Date: Wed May 27 21:23:15 2015 +0200
Rename libotr-5.dll to otr.dll
---
projects/ctypes-otr/build | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/projects/ctypes-otr/build b/projects/ctypes-otr/build
index f86c75a..8b0d232 100644
--- a/projects/ctypes-otr/build
+++ b/projects/ctypes-otr/build
@@ -3,6 +3,10 @@ set -e
tar xf [% project %]-[% c('version') %].tar.gz
tar xf [% c('input_files_by_name/libotr') %]
mv libotr/[% c('var/lib_glob') %] [% project %]-[% c('version') %]/chrome/content/
+[% IF c('var/windows') -%]
+mv -f [% project %]-[% c('version') %]/chrome/content/libotr-*.dll \
+ [% project %]-[% c('version') %]/chrome/content/otr.dll
+[% END -%]
tar xf [% c('input_files_by_name/libgcrypt') %]
mv libgcrypt/[% c('var/lib_glob') %] [% project %]-[% c('version') %]/chrome/content/
tar xf [% c('input_files_by_name/libgpg-error') %]
1
0
commit a43a3656a5bb4391fb1654d5ff44a5257e1f165f
Author: David Goulet <dgoulet(a)ev0ke.net>
Date: Wed May 27 14:54:22 2015 -0400
Update version to v2.1.0
Signed-off-by: David Goulet <dgoulet(a)ev0ke.net>
---
ChangeLog | 36 ++++++++++++++++++++++++++++++++++++
configure.ac | 2 +-
2 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 0b5d0d3..f19e9a9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,39 @@
+2015-05-27 torsocks 2.1.0
+ * Fix: socks5 resolve wasn't sending data correctly
+ * Fix: wrong label when auth_socks5 fail
+ * Move SOCKS5 auth in a seperate function
+ * Send the SOCKS5 authentication for RESOLVE/RESOLVE_PTR requests.
+ * Change IsolatePID password from 42 to 0
+ * Add automatic per process isolation (IsolatePID)
+ * Ensure that torsocks initializes itself in the presence of C++.
+ * Merge remote-tracking branch 'yawning/getaddrinfo' into getaddrinfo
+ * Fix: indentation in getpeername test
+ * Merge remote-tracking branch 'yawning/getpeername'
+ * Add support for the various inotify routines when invoked via syscall().
+ * Support the eventfd2(2) syscall.
+ * Support the various epoll routines when invoked via syscall().
+ * Handle accept4(2) when invoked via syscall().
+ * Fix getaddrinfo() to respect AI_NUMERICHOST.
+ * Fix the broken getpeername() implementation.
+ * Support certain Linux specific syscalls.
+ * Allow TCP Fast Open clients go through tor
+ * Test: support out of tree make check
+ * configure.ac: avoid tests which have both -pie and -static
+ * Fix error messages about setuid/setgid executables
+ * Fix: switch back to a syscall whitelist scheme
+ * Add AllowOutboundLocalhost.
+ * Fix: syscall mmap for NetBSD
+ * Fix: use getsockname instead of getsockopt to get socket family
+ * Stop denying syscall() and add dangerous ones
+ * Fix: typo in the listen macro declaration
+ * Fix: improve getpeername to actually works
+ * Fix: improve Unix socket passing detection
+ * Test: add missing connection destroy
+ * Test: possible double free in onion test
+ * Test: fix memory leak in DNS test
+ * Add accept as an accepted value through syscall()
+ * Add cscope files to gitignore
+
2014-08-11 torsocks 2.0.0
* Fix: compilation issue on Debian kfreebsd-i386
* Fix: add LICENSE file to repository
diff --git a/configure.ac b/configure.ac
index f4aadfb..7e442f7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@
##############################################################################
# Process this file with autoconf to produce a configure script.
-AC_INIT([torsocks], [2.0.0],[dgoulet@ev0ke.net],[],[https://torproject.org])
+AC_INIT([torsocks], [2.1.0],[dgoulet@ev0ke.net],[],[https://torproject.org])
AC_CONFIG_AUX_DIR([config])
AC_CANONICAL_TARGET
# Get hostname and other information.
1
0
[translation/bridgedb_completed] Update translations for bridgedb_completed
by translation@torproject.org 27 May '15
by translation@torproject.org 27 May '15
27 May '15
commit 88973efd3c7f23324af7e5467d931ef429e1f4ad
Author: Translation commit bot <translation(a)torproject.org>
Date: Wed May 27 18:15:12 2015 +0000
Update translations for bridgedb_completed
---
fr/LC_MESSAGES/bridgedb.po | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/fr/LC_MESSAGES/bridgedb.po b/fr/LC_MESSAGES/bridgedb.po
index 885ddb9..ab55a39 100644
--- a/fr/LC_MESSAGES/bridgedb.po
+++ b/fr/LC_MESSAGES/bridgedb.po
@@ -21,8 +21,8 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'POT-Creation-Date: 2015-03-19 22:13+0000\n"
-"PO-Revision-Date: 2015-05-04 09:14+0000\n"
-"Last-Translator: Towinet\n"
+"PO-Revision-Date: 2015-05-27 15:16+0000\n"
+"Last-Translator: Aguilar Lucas <destroyeralpha(a)hotmail.fr>\n"
"Language-Team: French (http://www.transifex.com/projects/p/torproject/language/fr/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
@@ -52,7 +52,7 @@ msgstr "[Ceci est un message automatique, merci de ne pas répondre.]"
#: lib/bridgedb/strings.py:20
msgid "Here are your bridges:"
-msgstr "Voici vos bridges :"
+msgstr "Voici vos ponts :"
#: lib/bridgedb/strings.py:22
#, python-format
@@ -154,7 +154,7 @@ msgid ""
"Another way to get bridges is to send an email to %s. Please note that you must\n"
"send the email using an address from one of the following email providers:\n"
"%s, %s or %s."
-msgstr "Une autre alternative pour obtenir bridges est d'envoyer un email à %s. Veuillez noter que vous devez envoyer un email en utilisant une adresse email d'un des fournisseurs d'accès suivant: %s, %s ou %s."
+msgstr "Une autre alternative pour obtenir ponts est d'envoyer un email à %s. Veuillez noter que vous devez envoyer un email en utilisant une adresse email d'un des fournisseurs d'accès suivant: %s, %s ou %s."
#: lib/bridgedb/strings.py:90
msgid "My bridges don't work! I need help!"
@@ -178,15 +178,15 @@ msgstr "Essayez d'inclure autant d'infos que possible concernant votre cas, y co
#: lib/bridgedb/strings.py:103
msgid "Here are your bridge lines:"
-msgstr "Voici vos lignes des bridges:"
+msgstr "Voici vos lignes des ponts:"
#: lib/bridgedb/strings.py:104
msgid "Get Bridges!"
-msgstr "Obtenez des bridges!"
+msgstr "Obtenez des ponts!"
#: lib/bridgedb/strings.py:108
msgid "Please select options for bridge type:"
-msgstr "Sélectionnez vos choix pour le type de bridge, s'il vous plaît:"
+msgstr "Sélectionnez vos choix pour le type de pont, s'il vous plaît:"
#: lib/bridgedb/strings.py:109
msgid "Do you need IPv6 addresses?"
@@ -239,7 +239,7 @@ msgid ""
"paste the bridge lines into the text input box. Finally, click 'Connect', and\n"
"you should be good to go! If you experience trouble, try clicking the 'Help'\n"
"button in the 'Tor Network Settings' wizard for further assistance."
-msgstr "Sélectionnez 'Oui' et ensuite cliquez 'Suivant'. Pour configurer vos nouvelles bridges, copiez et collez les lignes bridge dans la prochaine case de saisie de texte. Enfin, cliquez 'Connexion', et tout devrait marcher ! Si vous avez des difficultés, essayez le bouton 'Aide' dans 'Paramètres Réseaux Tor' pour plus d’assistance."
+msgstr "Sélectionnez 'Oui' et ensuite cliquez 'Suivant'. Pour configurer vos nouvelles ponts, copiez et collez les lignes pont dans la prochaine case de saisie de texte. Enfin, cliquez 'Connexion', et tout devrait marcher ! Si vous avez des difficultés, essayez le bouton 'Aide' dans 'Paramètres Réseaux Tor' pour plus d’assistance."
#: lib/bridgedb/strings.py:142
msgid "Displays this message."
@@ -250,11 +250,11 @@ msgstr "Afficher ce message."
#. "plain-ol'-vanilla" bridges.
#: lib/bridgedb/strings.py:146
msgid "Request vanilla bridges."
-msgstr "Demander les bridges vanilles."
+msgstr "Demander les ponts vanilles."
#: lib/bridgedb/strings.py:147
msgid "Request IPv6 bridges."
-msgstr "Demander IPv6 bridges."
+msgstr "Demander IPv6 ponts."
#. TRANSLATORS: Please DO NOT translate the word the word "TYPE".
#: lib/bridgedb/strings.py:149
@@ -293,7 +293,7 @@ msgstr "Montrer QRCode"
#: lib/bridgedb/templates/bridges.html:100
msgid "QRCode for your bridge lines"
-msgstr "QRCode pour vos bridge lines"
+msgstr "QRCode pour vos pont lines"
#. TRANSLATORS: Please translate this into some silly way to say
#. "There was a problem!" in your language. For example,
@@ -312,18 +312,18 @@ msgstr "Il semblerait qu'il y ai eu une erreur en chargeant votre QRCode."
msgid ""
"This QRCode contains your bridge lines. Scan it with a QRCode reader to copy"
" your bridge lines onto mobile and other devices."
-msgstr "Ce QRCode contient vos bridge lines. Scannez le avec un lecteur de QRCode pour copier vos bridge lines dans votre mobile ou d'autres appareils."
+msgstr "Ce QRCode contient vos pont lines. Scannez le avec un lecteur de QRCode pour copier vos pont lines dans votre mobile ou d'autres appareils."
#: lib/bridgedb/templates/bridges.html:181
msgid "There currently aren't any bridges available..."
-msgstr "Il n'y a pas de bridges disponibles en ce moment…"
+msgstr "Il n'y a pas de ponts disponibles en ce moment…"
#: lib/bridgedb/templates/bridges.html:182
#, python-format
msgid ""
" Perhaps you should try %s going back %s and choosing a different bridge "
"type!"
-msgstr "Peut-être vous devriez revenir %s en arrière %s et choisir un type différent de bridge !"
+msgstr "Peut-être vous devriez revenir %s en arrière %s et choisir un type différent de pont !"
#: lib/bridgedb/templates/index.html:11
#, python-format
@@ -353,7 +353,7 @@ msgstr "Etape %s3%s"
#: lib/bridgedb/templates/index.html:38
#, python-format
msgid "Now %s add the bridges to Tor Browser %s"
-msgstr "Maintenant %s ajoutez les bridges au navigateur Tor %s"
+msgstr "Maintenant %s ajoutez les ponts au navigateur Tor %s"
#. TRANSLATORS: Please make sure the '%s' surrounding single letters at the
#. beginning of words are present in your final translation. Thanks!
1
0
27 May '15
commit 399707bc52cf7e4fb344f8fd62a05954c85d6812
Author: Translation commit bot <translation(a)torproject.org>
Date: Wed May 27 18:15:03 2015 +0000
Update translations for bridgedb
---
fr/LC_MESSAGES/bridgedb.po | 30 +++++++++++++++---------------
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/fr/LC_MESSAGES/bridgedb.po b/fr/LC_MESSAGES/bridgedb.po
index 885ddb9..ab55a39 100644
--- a/fr/LC_MESSAGES/bridgedb.po
+++ b/fr/LC_MESSAGES/bridgedb.po
@@ -21,8 +21,8 @@ msgid ""
msgstr ""
"Project-Id-Version: The Tor Project\n"
"Report-Msgid-Bugs-To: 'https://trac.torproject.org/projects/tor/newticket?component=BridgeDB&keywo…'POT-Creation-Date: 2015-03-19 22:13+0000\n"
-"PO-Revision-Date: 2015-05-04 09:14+0000\n"
-"Last-Translator: Towinet\n"
+"PO-Revision-Date: 2015-05-27 15:16+0000\n"
+"Last-Translator: Aguilar Lucas <destroyeralpha(a)hotmail.fr>\n"
"Language-Team: French (http://www.transifex.com/projects/p/torproject/language/fr/)\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
@@ -52,7 +52,7 @@ msgstr "[Ceci est un message automatique, merci de ne pas répondre.]"
#: lib/bridgedb/strings.py:20
msgid "Here are your bridges:"
-msgstr "Voici vos bridges :"
+msgstr "Voici vos ponts :"
#: lib/bridgedb/strings.py:22
#, python-format
@@ -154,7 +154,7 @@ msgid ""
"Another way to get bridges is to send an email to %s. Please note that you must\n"
"send the email using an address from one of the following email providers:\n"
"%s, %s or %s."
-msgstr "Une autre alternative pour obtenir bridges est d'envoyer un email à %s. Veuillez noter que vous devez envoyer un email en utilisant une adresse email d'un des fournisseurs d'accès suivant: %s, %s ou %s."
+msgstr "Une autre alternative pour obtenir ponts est d'envoyer un email à %s. Veuillez noter que vous devez envoyer un email en utilisant une adresse email d'un des fournisseurs d'accès suivant: %s, %s ou %s."
#: lib/bridgedb/strings.py:90
msgid "My bridges don't work! I need help!"
@@ -178,15 +178,15 @@ msgstr "Essayez d'inclure autant d'infos que possible concernant votre cas, y co
#: lib/bridgedb/strings.py:103
msgid "Here are your bridge lines:"
-msgstr "Voici vos lignes des bridges:"
+msgstr "Voici vos lignes des ponts:"
#: lib/bridgedb/strings.py:104
msgid "Get Bridges!"
-msgstr "Obtenez des bridges!"
+msgstr "Obtenez des ponts!"
#: lib/bridgedb/strings.py:108
msgid "Please select options for bridge type:"
-msgstr "Sélectionnez vos choix pour le type de bridge, s'il vous plaît:"
+msgstr "Sélectionnez vos choix pour le type de pont, s'il vous plaît:"
#: lib/bridgedb/strings.py:109
msgid "Do you need IPv6 addresses?"
@@ -239,7 +239,7 @@ msgid ""
"paste the bridge lines into the text input box. Finally, click 'Connect', and\n"
"you should be good to go! If you experience trouble, try clicking the 'Help'\n"
"button in the 'Tor Network Settings' wizard for further assistance."
-msgstr "Sélectionnez 'Oui' et ensuite cliquez 'Suivant'. Pour configurer vos nouvelles bridges, copiez et collez les lignes bridge dans la prochaine case de saisie de texte. Enfin, cliquez 'Connexion', et tout devrait marcher ! Si vous avez des difficultés, essayez le bouton 'Aide' dans 'Paramètres Réseaux Tor' pour plus d’assistance."
+msgstr "Sélectionnez 'Oui' et ensuite cliquez 'Suivant'. Pour configurer vos nouvelles ponts, copiez et collez les lignes pont dans la prochaine case de saisie de texte. Enfin, cliquez 'Connexion', et tout devrait marcher ! Si vous avez des difficultés, essayez le bouton 'Aide' dans 'Paramètres Réseaux Tor' pour plus d’assistance."
#: lib/bridgedb/strings.py:142
msgid "Displays this message."
@@ -250,11 +250,11 @@ msgstr "Afficher ce message."
#. "plain-ol'-vanilla" bridges.
#: lib/bridgedb/strings.py:146
msgid "Request vanilla bridges."
-msgstr "Demander les bridges vanilles."
+msgstr "Demander les ponts vanilles."
#: lib/bridgedb/strings.py:147
msgid "Request IPv6 bridges."
-msgstr "Demander IPv6 bridges."
+msgstr "Demander IPv6 ponts."
#. TRANSLATORS: Please DO NOT translate the word the word "TYPE".
#: lib/bridgedb/strings.py:149
@@ -293,7 +293,7 @@ msgstr "Montrer QRCode"
#: lib/bridgedb/templates/bridges.html:100
msgid "QRCode for your bridge lines"
-msgstr "QRCode pour vos bridge lines"
+msgstr "QRCode pour vos pont lines"
#. TRANSLATORS: Please translate this into some silly way to say
#. "There was a problem!" in your language. For example,
@@ -312,18 +312,18 @@ msgstr "Il semblerait qu'il y ai eu une erreur en chargeant votre QRCode."
msgid ""
"This QRCode contains your bridge lines. Scan it with a QRCode reader to copy"
" your bridge lines onto mobile and other devices."
-msgstr "Ce QRCode contient vos bridge lines. Scannez le avec un lecteur de QRCode pour copier vos bridge lines dans votre mobile ou d'autres appareils."
+msgstr "Ce QRCode contient vos pont lines. Scannez le avec un lecteur de QRCode pour copier vos pont lines dans votre mobile ou d'autres appareils."
#: lib/bridgedb/templates/bridges.html:181
msgid "There currently aren't any bridges available..."
-msgstr "Il n'y a pas de bridges disponibles en ce moment…"
+msgstr "Il n'y a pas de ponts disponibles en ce moment…"
#: lib/bridgedb/templates/bridges.html:182
#, python-format
msgid ""
" Perhaps you should try %s going back %s and choosing a different bridge "
"type!"
-msgstr "Peut-être vous devriez revenir %s en arrière %s et choisir un type différent de bridge !"
+msgstr "Peut-être vous devriez revenir %s en arrière %s et choisir un type différent de pont !"
#: lib/bridgedb/templates/index.html:11
#, python-format
@@ -353,7 +353,7 @@ msgstr "Etape %s3%s"
#: lib/bridgedb/templates/index.html:38
#, python-format
msgid "Now %s add the bridges to Tor Browser %s"
-msgstr "Maintenant %s ajoutez les bridges au navigateur Tor %s"
+msgstr "Maintenant %s ajoutez les ponts au navigateur Tor %s"
#. TRANSLATORS: Please make sure the '%s' surrounding single letters at the
#. beginning of words are present in your final translation. Thanks!
1
0