- tor-commits - lists.torproject.org

[obfsproxy/master] Reduce repetition in unittest_obfs2.c
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit 88be04fb580a7e870f5d7f48286bcbdcd9b1317c Author: Zack Weinberg <zackw(a)panix.com> Date: Wed Jul 13 16:05:51 2011 -0700 Reduce repetition in unittest_obfs2.c --- src/test/unittest_obfs2.c | 525 ++++++++++++++++----------------------------- 1 files changed, 186 insertions(+), 339 deletions(-) diff --git a/src/test/unittest_obfs2.c b/src/test/unittest_obfs2.c index 11dcb16..01ce501 100644 --- a/src/test/unittest_obfs2.c +++ b/src/test/unittest_obfs2.c @@ -18,7 +18,6 @@ #include <event2/buffer.h> #define ALEN(x) (sizeof x/sizeof x[0]) -#define OPTV(name) static const char *const name[] static inline obfs2_protocol_t * downcast(struct protocol_t *proto) @@ -28,136 +27,159 @@ downcast(struct protocol_t *proto) } static void -test_obfs2_option_parsing(void *data) +test_obfs2_option_parsing(void *unused) { + struct option_parsing_case { + struct protocol_params_t *result; + short should_succeed; + short n_opts; + const char *const opts[6]; + }; + static struct option_parsing_case cases[] = { + /** good option list */ + { 0, 1, 4, {"obfs2", "--shared-secret=a", "socks", "127.0.0.1:0"} }, + /** two --dest. */ + { 0, 0, 5, {"obfs2", "--dest=127.0.0.1:5555", "--dest=a", + "server", "127.0.0.1:5552"} }, + /** unknown arg */ + { 0, 0, 4, {"obfs2", "--gabura=a", "server", "127.0.0.1:5552"} }, + /** too many args */ + { 0, 0, 6, {"obfs2", "1", "2", "3", "4", "5" } }, + /** wrong mode */ + { 0, 0, 4, {"obfs2", "--dest=1:1", "gladiator", "127.0.0.1:5552"} }, + /** bad listen addr */ + { 0, 0, 4, {"obfs2", "--dest=1:1", "server", "127.0.0.1:a"} }, + /** bad dest addr */ + { 0, 0, 4, {"obfs2", "--dest=1:b", "server", "127.0.0.1:1"} }, + /** socks with dest */ + { 0, 0, 4, {"obfs2", "--dest=1:2", "socks", "127.0.0.1:1"} }, + /** server without dest */ + { 0, 0, 4, {"obfs2", "--shared-secret=a", "server", "127.0.0.1:1"} }, + + { 0, 0, 0, {0} } + }; + /* Suppress logs for the duration of this function. */ log_set_method(LOG_METHOD_NULL, NULL); - /** good option list */ - OPTV(options1) = {"obfs2", "--shared-secret=a", "socks", "127.0.0.1:0"}; - tt_assert(proto_params_init(ALEN(options1), options1) != NULL); - - /** two --dest. */ - OPTV(options2) = {"obfs2", "--dest=127.0.0.1:5555", "--dest=a", - "server", "127.0.0.1:5552"}; - tt_assert(proto_params_init(ALEN(options2), options2) == NULL); + struct option_parsing_case *c; + for (c = cases; c->n_opts; c++) { + c->result = proto_params_init(c->n_opts, c->opts); + if (c->should_succeed) + tt_ptr_op(c->result, !=, NULL); + else + tt_ptr_op(c->result, ==, NULL); + } - /** unknown arg */ - OPTV(options3) = {"obfs2", "--gabura=a", "server", "127.0.0.1:5552"}; - tt_assert(proto_params_init(ALEN(options3), options3) == NULL); + end: + for (c = cases; c->n_opts; c++) + if (c->result) + proto_params_free(c->result); - /** too many args */ - OPTV(options4) = {"obfs2", "1", "2", "3", "4", "5" }; - tt_assert(proto_params_init(ALEN(options4), options4) == NULL); + /* Unsuspend logging */ + log_set_method(LOG_METHOD_STDOUT, NULL); +} - /** wrong mode */ - OPTV(options5) = {"obfs2", "--dest=1:1", "gladiator", "127.0.0.1:5552"}; - tt_assert(proto_params_init(ALEN(options5), options5) == NULL); +/* All the tests below use this test environment: */ +struct test_obfs2_state +{ + struct protocol_params_t *proto_params_client; + struct protocol_params_t *proto_params_server; + struct protocol_t *client_proto; + struct protocol_t *server_proto; + struct evbuffer *output_buffer; + struct evbuffer *dummy_buffer; +}; - /** bad listen addr. */ - OPTV(options6) = {"obfs2", "--dest=1:1", "server", "127.0.0.1:a"}; - tt_assert(proto_params_init(ALEN(options6), options6) == NULL); +static int +cleanup_obfs2_state(const struct testcase_t *unused, void *state) +{ + struct test_obfs2_state *s = (struct test_obfs2_state *)state; - /** bad dest addr. */ - OPTV(options7) = {"obfs2", "--dest=1:b", "server", "127.0.0.1:1"}; - tt_assert(proto_params_init(ALEN(options7), options7) == NULL); + if (s->client_proto) + proto_destroy(s->client_proto); + if (s->server_proto) + proto_destroy(s->server_proto); - /** socks with dest. */ - OPTV(options8) = {"obfs2", "--dest=1:2", "socks", "127.0.0.1:1"}; - tt_assert(proto_params_init(ALEN(options8), options8) == NULL); + if (s->proto_params_client) + proto_params_free(s->proto_params_client); + if (s->proto_params_server) + proto_params_free(s->proto_params_server); - /** socks with dest. */ - OPTV(options9) = {"obfs2", "--shared-secret=a", "server", "127.0.0.1:1"}; - tt_assert(proto_params_init(ALEN(options9), options9) == NULL); + if (s->output_buffer) + evbuffer_free(s->output_buffer); + if (s->dummy_buffer) + evbuffer_free(s->dummy_buffer); - end: - /* Unsuspend logging */ - log_set_method(LOG_METHOD_STDOUT, NULL); + free(state); + return 1; } -/* Make sure we can successfully set up a protocol state */ -static void -test_obfs2_setup(void *data) -{ - struct protocol_t *client_proto = NULL; - struct protocol_t *server_proto = NULL; - struct protocol_params_t *proto_params_client = NULL; - struct protocol_params_t *proto_params_server = NULL; +static const char *const options_client[] = + {"obfs2", "--shared-secret=hahaha", "socks", "127.0.0.1:1800"}; - OPTV(options_client) = {"obfs2", "--shared-secret=hahaha", - "socks", "127.0.0.1:1800"}; - proto_params_client = proto_params_init(ALEN(options_client), options_client); - tt_assert(proto_params_client); +static const char *const options_server[] = + {"obfs2", "--shared-secret=hahaha", + "--dest=127.0.0.1:1500", "server", "127.0.0.1:1800"}; - OPTV(options_server) = {"obfs2", "--shared-secret=hahaha", - "--dest=127.0.0.1:1500", - "server", "127.0.0.1:1800"}; - proto_params_server = proto_params_init(ALEN(options_server), options_server); - tt_assert(proto_params_server); +static void * +setup_obfs2_state(const struct testcase_t *unused) +{ + struct test_obfs2_state *s = calloc(1, sizeof(struct test_obfs2_state)); + tt_assert(s); - client_proto = proto_create(proto_params_client); - tt_assert(client_proto); + s->proto_params_client = + proto_params_init(ALEN(options_client), options_client); + tt_assert(s->proto_params_client); - server_proto = proto_create(proto_params_server); - tt_assert(server_proto); + s->proto_params_server = + proto_params_init(ALEN(options_server), options_server); + tt_assert(s->proto_params_server); - end:; - if (client_proto) - proto_destroy(client_proto); - if (server_proto) - proto_destroy(server_proto); - - if (proto_params_client) - proto_params_free(proto_params_client); - if (proto_params_server) - proto_params_free(proto_params_server); -} + s->client_proto = proto_create(s->proto_params_client); + tt_assert(s->client_proto); -static void -test_obfs2_handshake(void *data) -{ - struct evbuffer *output_buffer = NULL; - struct evbuffer *dummy_buffer = NULL; - output_buffer = evbuffer_new(); - dummy_buffer = evbuffer_new(); + s->server_proto = proto_create(s->proto_params_server); + tt_assert(s->server_proto); - struct protocol_t *client_proto = NULL; - struct protocol_t *server_proto = NULL; - struct protocol_params_t *proto_params_client = NULL; - struct protocol_params_t *proto_params_server = NULL; + s->output_buffer = evbuffer_new(); + tt_assert(s->output_buffer); - OPTV(options_client) = {"obfs2", "--shared-secret=hahaha", - "socks", "127.0.0.1:1800"}; - proto_params_client = proto_params_init(ALEN(options_client), options_client); - tt_assert(proto_params_client); + s->dummy_buffer = evbuffer_new(); + tt_assert(s->dummy_buffer); - OPTV(options_server) = {"obfs2", "--shared-secret=hahaha", - "--dest=127.0.0.1:1500", - "server", "127.0.0.1:1800"}; - proto_params_server = proto_params_init(ALEN(options_server), options_server); - tt_assert(proto_params_server); + return s; - client_proto = proto_create(proto_params_client); - tt_assert(client_proto); + end: + if (s) + cleanup_obfs2_state(NULL, s); + return 0; +} - server_proto = proto_create(proto_params_server); - tt_assert(server_proto); +static const struct testcase_setup_t obfs2_fixture = + { setup_obfs2_state, cleanup_obfs2_state }; - obfs2_protocol_t *client_state = downcast(client_proto); - obfs2_protocol_t *server_state = downcast(server_proto); +static void +test_obfs2_handshake(void *state) +{ + struct test_obfs2_state *s = (struct test_obfs2_state *)state; + obfs2_protocol_t *client_state = downcast(s->client_proto); + obfs2_protocol_t *server_state = downcast(s->server_proto); /* We create a client handshake message and pass it to output_buffer */ - tt_int_op(0, <=, proto_handshake(client_proto, output_buffer)); + tt_int_op(0, <=, proto_handshake(s->client_proto, s->output_buffer)); /* We simulate the server receiving and processing the client's handshake message, by using proto_recv() on the output_buffer */ - tt_assert(RECV_GOOD == proto_recv(server_proto, output_buffer, dummy_buffer)); + tt_assert(RECV_GOOD == proto_recv(s->server_proto, s->output_buffer, + s->dummy_buffer)); /* Now, we create the server's handshake and pass it to output_buffer */ - tt_int_op(0, <=, proto_handshake(server_proto, output_buffer)); + tt_int_op(0, <=, proto_handshake(s->server_proto, s->output_buffer)); /* We simulate the client receiving and processing the server's handshake */ - tt_assert(RECV_GOOD == proto_recv(client_proto, output_buffer, dummy_buffer)); + tt_assert(RECV_GOOD == proto_recv(s->client_proto, s->output_buffer, + s->dummy_buffer)); /* The handshake is now complete. We should have: client's send_crypto == server's recv_crypto @@ -170,109 +192,57 @@ test_obfs2_handshake(void *data) server_state->send_crypto, sizeof(crypt_t))); - end: - if (client_proto) - proto_destroy(client_proto); - if (server_proto) - proto_destroy(server_proto); - - if (proto_params_client) - proto_params_free(proto_params_client); - if (proto_params_server) - proto_params_free(proto_params_server); - - if (output_buffer) - evbuffer_free(output_buffer); - if (dummy_buffer) - evbuffer_free(dummy_buffer); + end:; } static void -test_obfs2_transfer(void *data) +test_obfs2_transfer(void *state) { - struct evbuffer *output_buffer = NULL; - struct evbuffer *dummy_buffer = NULL; - output_buffer = evbuffer_new(); - dummy_buffer = evbuffer_new(); - - struct protocol_t *client_proto = NULL; - struct protocol_t *server_proto = NULL; - struct protocol_params_t *proto_params_client = NULL; - struct protocol_params_t *proto_params_server = NULL; - - OPTV(options_client) = {"obfs2", "--shared-secret=hahaha", - "socks", "127.0.0.1:1800"}; - proto_params_client = proto_params_init(ALEN(options_client), options_client); - tt_assert(proto_params_client); - - OPTV(options_server) = {"obfs2", "--shared-secret=hahaha", - "--dest=127.0.0.1:1500", - "server", "127.0.0.1:1800"}; - proto_params_server = proto_params_init(ALEN(options_server), options_server); - tt_assert(proto_params_server); - - client_proto = proto_create(proto_params_client); - tt_assert(client_proto); - - server_proto = proto_create(proto_params_server); - tt_assert(server_proto); - + struct test_obfs2_state *s = (struct test_obfs2_state *)state; int n; struct evbuffer_iovec v[2]; /* Handshake */ - tt_int_op(0, <=, proto_handshake(client_proto, output_buffer)); - tt_assert(RECV_GOOD == proto_recv(server_proto, output_buffer, dummy_buffer)); - tt_int_op(0, <=, proto_handshake(server_proto, output_buffer)); - tt_assert(RECV_GOOD == proto_recv(client_proto, output_buffer, dummy_buffer)); + tt_int_op(0, <=, proto_handshake(s->client_proto, s->output_buffer)); + tt_assert(RECV_GOOD == proto_recv(s->server_proto, s->output_buffer, + s->dummy_buffer)); + tt_int_op(0, <=, proto_handshake(s->server_proto, s->output_buffer)); + tt_assert(RECV_GOOD == proto_recv(s->client_proto, s->output_buffer, + s->dummy_buffer)); /* End of Handshake */ /* Now let's pass some data around. */ - char *msg1 = "this is a 54-byte message passed from client to server"; - char *msg2 = "this is a 55-byte message passed from server to client!"; + const char *msg1 = "this is a 54-byte message passed from client to server"; + const char *msg2 = "this is a 55-byte message passed from server to client!"; /* client -> server */ - evbuffer_add(dummy_buffer, msg1, 54); - proto_send(client_proto, dummy_buffer, output_buffer); - - tt_assert(RECV_GOOD == proto_recv(server_proto, output_buffer, dummy_buffer)); + evbuffer_add(s->dummy_buffer, msg1, 54); + proto_send(s->client_proto, s->dummy_buffer, s->output_buffer); - n = evbuffer_peek(dummy_buffer, -1, NULL, &v[0], 2); - tt_int_op(n, !=, -1); + tt_assert(RECV_GOOD == proto_recv(s->server_proto, s->output_buffer, + s->dummy_buffer)); - /* Let's check if it matches. */ + n = evbuffer_peek(s->dummy_buffer, -1, NULL, &v[0], 2); + tt_int_op(n, ==, 1); /* expect contiguous data */ tt_int_op(0, ==, strncmp(msg1, v[0].iov_base, 54)); /* emptying dummy_buffer before next test */ - size_t buffer_len = evbuffer_get_length(dummy_buffer); - tt_int_op(0, ==, evbuffer_drain(dummy_buffer, buffer_len)); + size_t buffer_len = evbuffer_get_length(s->dummy_buffer); + tt_int_op(0, ==, evbuffer_drain(s->dummy_buffer, buffer_len)); /* client <- server */ - evbuffer_add(dummy_buffer, msg2, 55); - tt_int_op(0, <=, proto_send(server_proto, dummy_buffer, output_buffer)); + evbuffer_add(s->dummy_buffer, msg2, 55); + tt_int_op(0, <=, proto_send(s->server_proto, s->dummy_buffer, + s->output_buffer)); - tt_assert(RECV_GOOD == proto_recv(client_proto, output_buffer, dummy_buffer)); + tt_assert(RECV_GOOD == proto_recv(s->client_proto, s->output_buffer, + s->dummy_buffer)); - n = evbuffer_peek(dummy_buffer, -1, NULL, &v[1], 2); + n = evbuffer_peek(s->dummy_buffer, -1, NULL, &v[1], 2); + tt_int_op(n, ==, 1); /* expect contiguous data */ tt_int_op(0, ==, strncmp(msg2, v[1].iov_base, 55)); - (void) n; /* XXXX: use n for something, or remove it. */ - - end: - if (client_proto) - proto_destroy(client_proto); - if (server_proto) - proto_destroy(server_proto); - - if (proto_params_client) - proto_params_free(proto_params_client); - if (proto_params_server) - proto_params_free(proto_params_server); - - if (output_buffer) - evbuffer_free(output_buffer); - if (dummy_buffer) - evbuffer_free(dummy_buffer); + end:; } /* We are going to split client's handshake into: @@ -286,40 +256,11 @@ test_obfs2_transfer(void *data) Afterwards we will verify that they both got the correct keys. That's right, this unit test is loco . */ static void -test_obfs2_split_handshake(void *data) +test_obfs2_split_handshake(void *state) { - obfs2_protocol_t *client_state = NULL; - obfs2_protocol_t *server_state = NULL; - - struct evbuffer *output_buffer = NULL; - struct evbuffer *dummy_buffer = NULL; - output_buffer = evbuffer_new(); - dummy_buffer = evbuffer_new(); - - struct protocol_t *client_proto = NULL; - struct protocol_t *server_proto = NULL; - struct protocol_params_t *proto_params_client = NULL; - struct protocol_params_t *proto_params_server = NULL; - - OPTV(options_client) = {"obfs2", "--shared-secret=hahaha", - "socks", "127.0.0.1:1800"}; - proto_params_client = proto_params_init(ALEN(options_client), options_client); - tt_assert(proto_params_client); - - OPTV(options_server) = {"obfs2", "--shared-secret=hahaha", - "--dest=127.0.0.1:1500", - "server", "127.0.0.1:1800"}; - proto_params_server = proto_params_init(ALEN(options_server), options_server); - tt_assert(proto_params_server); - - client_proto = proto_create(proto_params_client); - tt_assert(client_proto); - - server_proto = proto_create(proto_params_server); - tt_assert(server_proto); - - client_state = downcast(client_proto); - server_state = downcast(server_proto); + struct test_obfs2_state *s = (struct test_obfs2_state *)state; + obfs2_protocol_t *client_state = downcast(s->client_proto); + obfs2_protocol_t *server_state = downcast(s->server_proto); uint32_t magic = htonl(OBFUSCATE_MAGIC_VALUE); uint32_t plength1, plength1_msg1, plength1_msg2, send_plength1; @@ -350,12 +291,12 @@ test_obfs2_split_handshake(void *data) msgclient_1+OBFUSCATE_SEED_LENGTH, 8+plength1_msg1); /* Client sends handshake part 1 */ - evbuffer_add(output_buffer, msgclient_1, + evbuffer_add(s->output_buffer, msgclient_1, OBFUSCATE_SEED_LENGTH+8+plength1_msg1); /* Server receives handshake part 1 */ - tt_assert(RECV_INCOMPLETE == proto_recv(server_proto, - output_buffer, dummy_buffer)); + tt_assert(RECV_INCOMPLETE == proto_recv(s->server_proto, s->output_buffer, + s->dummy_buffer)); tt_assert(server_state->state == ST_WAIT_FOR_PADDING); @@ -364,10 +305,11 @@ test_obfs2_split_handshake(void *data) stream_crypt(client_state->send_padding_crypto, msgclient_2, plength1_msg2); /* Client sends handshake part 2 */ - evbuffer_add(output_buffer, msgclient_2, plength1_msg2); + evbuffer_add(s->output_buffer, msgclient_2, plength1_msg2); /* Server receives handshake part 2 */ - tt_assert(RECV_GOOD == proto_recv(server_proto, output_buffer, dummy_buffer)); + tt_assert(RECV_GOOD == proto_recv(s->server_proto, s->output_buffer, + s->dummy_buffer)); tt_assert(server_state->state == ST_OPEN); @@ -394,11 +336,11 @@ test_obfs2_split_handshake(void *data) msgserver_1+OBFUSCATE_SEED_LENGTH, 8); /* Server sends handshake part 1 */ - evbuffer_add(output_buffer, msgserver_1, OBFUSCATE_SEED_LENGTH+8); + evbuffer_add(s->output_buffer, msgserver_1, OBFUSCATE_SEED_LENGTH+8); /* Client receives handshake part 1 */ - tt_assert(RECV_INCOMPLETE == proto_recv(client_proto, - output_buffer, dummy_buffer)); + tt_assert(RECV_INCOMPLETE == proto_recv(s->client_proto, s->output_buffer, + s->dummy_buffer)); tt_assert(client_state->state == ST_WAIT_FOR_PADDING); @@ -407,10 +349,11 @@ test_obfs2_split_handshake(void *data) stream_crypt(server_state->send_padding_crypto, msgserver_2, plength2); /* Server sends handshake part 2 */ - evbuffer_add(output_buffer, msgserver_2, plength2); + evbuffer_add(s->output_buffer, msgserver_2, plength2); /* Client receives handshake part 2 */ - tt_assert(RECV_GOOD == proto_recv(client_proto, output_buffer, dummy_buffer)); + tt_assert(RECV_GOOD == proto_recv(s->client_proto, s->output_buffer, + s->dummy_buffer)); tt_assert(client_state->state == ST_OPEN); @@ -425,21 +368,7 @@ test_obfs2_split_handshake(void *data) server_state->send_crypto, sizeof(crypt_t))); - end: - if (client_state) - proto_destroy(client_proto); - if (server_state) - proto_destroy(server_proto); - - if (proto_params_client) - proto_params_free(proto_params_client); - if (proto_params_server) - proto_params_free(proto_params_server); - - if (output_buffer) - evbuffer_free(output_buffer); - if (dummy_buffer) - evbuffer_free(dummy_buffer); + end:; } /* @@ -447,40 +376,11 @@ test_obfs2_split_handshake(void *data) Wrong magic value. */ static void -test_obfs2_wrong_handshake_magic(void *data) +test_obfs2_wrong_handshake_magic(void *state) { - obfs2_protocol_t *client_state = NULL; - obfs2_protocol_t *server_state = NULL; - - struct evbuffer *output_buffer = NULL; - struct evbuffer *dummy_buffer = NULL; - output_buffer = evbuffer_new(); - dummy_buffer = evbuffer_new(); - - struct protocol_t *client_proto = NULL; - struct protocol_t *server_proto = NULL; - struct protocol_params_t *proto_params_client = NULL; - struct protocol_params_t *proto_params_server = NULL; - - OPTV(options_client) = {"obfs2", "--shared-secret=hahaha", - "socks", "127.0.0.1:1800"}; - proto_params_client = proto_params_init(ALEN(options_client), options_client); - tt_assert(proto_params_client); - - OPTV(options_server) = {"obfs2", "--shared-secret=hahaha", - "--dest=127.0.0.1:1500", - "server", "127.0.0.1:1800"}; - proto_params_server = proto_params_init(ALEN(options_server), options_server); - tt_assert(proto_params_server); - - client_proto = proto_create(proto_params_client); - tt_assert(client_proto); - - server_proto = proto_create(proto_params_server); - tt_assert(server_proto); - - client_state = downcast(client_proto); - server_state = downcast(server_proto); + struct test_obfs2_state *s = (struct test_obfs2_state *)state; + obfs2_protocol_t *client_state = downcast(s->client_proto); + obfs2_protocol_t *server_state = downcast(s->server_proto); uint32_t wrong_magic = 0xD15EA5E; @@ -501,67 +401,25 @@ test_obfs2_wrong_handshake_magic(void *data) stream_crypt(client_state->send_padding_crypto, msg+OBFUSCATE_SEED_LENGTH, 8+plength); - evbuffer_add(output_buffer, msg, OBFUSCATE_SEED_LENGTH+8+plength); + evbuffer_add(s->output_buffer, msg, OBFUSCATE_SEED_LENGTH+8+plength); - tt_assert(RECV_BAD == proto_recv(server_proto, output_buffer, dummy_buffer)); + tt_assert(RECV_BAD == proto_recv(s->server_proto, s->output_buffer, + s->dummy_buffer)); tt_assert(server_state->state == ST_WAIT_FOR_KEY); - end: - if (client_state) - proto_destroy(client_proto); - if (server_state) - proto_destroy(server_proto); - - if (proto_params_client) - proto_params_free(proto_params_client); - if (proto_params_server) - proto_params_free(proto_params_server); - - if (output_buffer) - evbuffer_free(output_buffer); - if (dummy_buffer) - evbuffer_free(dummy_buffer); + end:; } /* Erroneous handshake test: plength field larger than OBFUSCATE_MAX_PADDING */ static void -test_obfs2_wrong_handshake_plength(void *data) +test_obfs2_wrong_handshake_plength(void *state) { - obfs2_protocol_t *client_state = NULL; - obfs2_protocol_t *server_state = NULL; - - struct evbuffer *output_buffer = NULL; - struct evbuffer *dummy_buffer = NULL; - output_buffer = evbuffer_new(); - dummy_buffer = evbuffer_new(); - - struct protocol_t *client_proto = NULL; - struct protocol_t *server_proto = NULL; - struct protocol_params_t *proto_params_client = NULL; - struct protocol_params_t *proto_params_server = NULL; - - OPTV(options_client) = {"obfs2", "--shared-secret=hahaha", - "socks", "127.0.0.1:1800"}; - proto_params_client = proto_params_init(ALEN(options_client), options_client); - tt_assert(proto_params_client); - - OPTV(options_server) = {"obfs2", "--shared-secret=hahaha", - "--dest=127.0.0.1:1500", - "server", "127.0.0.1:1800"}; - proto_params_server = proto_params_init(ALEN(options_server), options_server); - tt_assert(proto_params_server); - - client_proto = proto_create(proto_params_client); - tt_assert(client_proto); - - server_proto = proto_create(proto_params_server); - tt_assert(server_proto); - - client_state = downcast(client_proto); - server_state = downcast(server_proto); + struct test_obfs2_state *s = (struct test_obfs2_state *)state; + obfs2_protocol_t *client_state = downcast(s->client_proto); + obfs2_protocol_t *server_state = downcast(s->server_proto); uchar msg[OBFUSCATE_MAX_PADDING + OBFUSCATE_SEED_LENGTH + 8 + 1]; uint32_t magic = htonl(OBFUSCATE_MAGIC_VALUE); @@ -580,40 +438,29 @@ test_obfs2_wrong_handshake_plength(void *data) stream_crypt(client_state->send_padding_crypto, msg+OBFUSCATE_SEED_LENGTH, 8+plength); - evbuffer_add(output_buffer, msg, OBFUSCATE_SEED_LENGTH+8+plength); + evbuffer_add(s->output_buffer, msg, OBFUSCATE_SEED_LENGTH+8+plength); - tt_assert(RECV_BAD == proto_recv(server_proto, output_buffer, dummy_buffer)); + tt_assert(RECV_BAD == proto_recv(s->server_proto, s->output_buffer, + s->dummy_buffer)); tt_assert(server_state->state == ST_WAIT_FOR_KEY); - end: - if (client_proto) - proto_destroy(client_proto); - if (server_proto) - proto_destroy(server_proto); - - if (proto_params_client) - proto_params_free(proto_params_client); - if (proto_params_server) - proto_params_free(proto_params_server); - - if (output_buffer) - evbuffer_free(output_buffer); - if (dummy_buffer) - evbuffer_free(dummy_buffer); + end:; } #define T(name) \ { #name, test_obfs2_##name, 0, NULL, NULL } +#define TF(name) \ + { #name, test_obfs2_##name, 0, &obfs2_fixture, NULL } + struct testcase_t obfs2_tests[] = { T(option_parsing), - T(setup), - T(handshake), - T(transfer), - T(split_handshake), - T(wrong_handshake_magic), - T(wrong_handshake_plength), + TF(handshake), + TF(transfer), + TF(split_handshake), + TF(wrong_handshake_magic), + TF(wrong_handshake_plength), END_OF_TESTCASES };

1 0

[obfsproxy/master] Add -Wwrite-strings to warning set
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit 9f11da4a801cb725e3831ee24a5cb4e6a5e8ad8f Author: Zack Weinberg <zackw(a)panix.com> Date: Wed Jul 13 17:17:04 2011 -0700 Add -Wwrite-strings to warning set --- Makefile.am | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/Makefile.am b/Makefile.am index 1c2d89b..521ba24 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,7 @@ ACLOCAL_AMFLAGS = -I m4 -AM_CFLAGS = -DDEBUG -Wall -Werror @libevent_CFLAGS@ @libcrypto_CFLAGS@ +WARNINGS = -Wall -Wwrite-strings -Werror +AM_CFLAGS = $(WARNINGS) @libevent_CFLAGS@ @libcrypto_CFLAGS@ LDADD = libobfsproxy.a @libevent_LIBS@ @libcrypto_LIBS@ @ws32_LIBS@ bin_PROGRAMS = obfsproxy

1 0

[obfsproxy/master] Introduce allocate-memory-or-crash helpers and use them throughout the code base.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit 6ba1db07b516763ef62df933fb46d88470d6a805 Author: Zack Weinberg <zackw(a)panix.com> Date: Mon Jul 18 12:23:20 2011 -0700 Introduce allocate-memory-or-crash helpers and use them throughout the code base. --- src/crypt.c | 26 ++++++--------- src/crypt.h | 11 +++--- src/main.c | 34 ++++---------------- src/network.c | 25 ++++++--------- src/protocols/dummy.c | 6 +-- src/protocols/obfs2.c | 34 +++++--------------- src/socks.c | 28 ++++++---------- src/socks.h | 2 +- src/test/unittest_obfs2.c | 3 +- src/test/unittest_socks.c | 5 --- src/util.c | 76 +++++++++++++++++++++++++++++++++++++++++--- src/util.h | 13 ++++++++ 12 files changed, 138 insertions(+), 125 deletions(-) diff --git a/src/crypt.c b/src/crypt.c index 6be9726..8d1d607 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -4,9 +4,11 @@ #define CRYPT_PRIVATE #include "crypt.h" +#include "util.h" #include <assert.h> #include <fcntl.h> +#include <limits.h> #include <stdlib.h> #include <string.h> #include <unistd.h> @@ -74,14 +76,12 @@ struct digest_t { }; /** - Returns a new SHA256 digest container, or NULL on failure. + Returns a new SHA256 digest container. */ digest_t * digest_new(void) { - digest_t *d = malloc(sizeof(digest_t)); - if (!d) - return NULL; + digest_t *d = xmalloc(sizeof(digest_t)); SHA256_Init(&d->ctx); return d; } @@ -89,7 +89,7 @@ digest_new(void) /** Updates the contents of the SHA256 container 'd' with the first 'len' bytes of 'buf'. -*/ +*/ void digest_update(digest_t *d, const uchar *buf, size_t len) { @@ -118,9 +118,7 @@ struct digest_t { digest_t * digest_new(void) { - digest_t *d = malloc(sizeof(digest_t)); - if (!d) - return NULL; + digest_t *d = xmalloc(sizeof(digest_t)); sha256_init(&d->ctx); return d; } @@ -156,19 +154,15 @@ digest_free(digest_t *d) /** Initializes the AES cipher with 'key'. -*/ +*/ crypt_t * crypt_new(const uchar *key, size_t keylen) { crypt_t *k; - if (keylen < AES_BLOCK_SIZE) - return NULL; - - k = calloc(1, sizeof(crypt_t)); - if (k == NULL) - return NULL; - AES_set_encrypt_key(key, 128, &k->key); + assert(keylen == AES_BLOCK_SIZE); + k = xzalloc(sizeof(crypt_t)); + AES_set_encrypt_key(key, AES_BLOCK_SIZE * CHAR_BIT, &k->key); return k; } diff --git a/src/crypt.h b/src/crypt.h index d87b1de..3f1e4df 100644 --- a/src/crypt.h +++ b/src/crypt.h @@ -21,7 +21,7 @@ int initialize_crypto(void); /** Clean up global crypto state */ void cleanup_crypto(void); -/** Return a newly allocated digest state, or NULL on failure. */ +/** Return a newly allocated digest state; cannot fail. */ digest_t *digest_new(void); /** Add n bytes from b to the digest state. */ void digest_update(digest_t *, const uchar *b, size_t n); @@ -31,10 +31,11 @@ size_t digest_getdigest(digest_t *, uchar *b, size_t n); /** Clear and free a digest state */ void digest_free(digest_t *); -/** Return a new stream cipher state taking key and IV from the data provided. - * The data length must be exactly 32 */ -crypt_t *crypt_new(const uchar *, size_t); -void crypt_set_iv(crypt_t *key, const uchar *iv, size_t ivlen); +/** Return a new stream cipher state using 'key' as the symmetric key. + * The data length must be exactly 16 bytes. Cannot fail. */ +crypt_t *crypt_new(const uchar *key, size_t); +/* Set the IV of a stream-cipher state. Cannot fail. */ +void crypt_set_iv(crypt_t *, const uchar *iv, size_t ivlen); /** Encrypt n bytes of data in the buffer b, in place. */ void stream_crypt(crypt_t *, uchar *b, size_t n); diff --git a/src/main.c b/src/main.c index f41d502..21c4feb 100644 --- a/src/main.c +++ b/src/main.c @@ -181,13 +181,6 @@ handle_obfsproxy_args(const char **argv) return i; } -static void -die_oom(void) -{ - log_warn("Memory allocation failed: %s",strerror(errno)); - exit(1); -} - int main(int argc, const char **argv) { @@ -214,7 +207,6 @@ main(int argc, const char **argv) int start; int end; int n_options; - void *realloc_temp; int i; /* The number of protocols. */ @@ -222,7 +214,7 @@ main(int argc, const char **argv) /* An array which holds the position in argv of the command line options for each protocol. */ unsigned int *protocols=NULL; - /* keeps track of allocated space for the protocols array */ + /* keeps track of allocated space for the protocols array */ unsigned int n_alloc; if (argc < 2) { @@ -235,9 +227,7 @@ main(int argc, const char **argv) /** Handle optional obfsproxy arguments. */ start_of_protocols = handle_obfsproxy_args(&argv[1]); - protocols = calloc(sizeof(int), (n_protocols+1)); - if (!protocols) - die_oom(); + protocols = xzalloc((n_protocols + 1) * sizeof(int)); n_alloc = n_protocols+1; /* Populate protocols and calculate n_protocols. */ @@ -249,10 +239,7 @@ main(int argc, const char **argv) /* Do we need to expand the protocols array? */ if (n_alloc <= n_protocols) { n_alloc *= 2; - realloc_temp = realloc(protocols, sizeof(int)*(n_alloc)); - if (!realloc_temp) - die_oom(); - protocols = realloc_temp; + protocols = xrealloc(protocols, sizeof(int)*(n_alloc)); } } } @@ -271,13 +258,9 @@ main(int argc, const char **argv) that point to arrays carrying the options of the protocols. Finally, we allocate enough space on the n_options_array so that we can put the number of options there. - */ - protocol_options = calloc(sizeof(char**), n_protocols); - if (!protocol_options) - die_oom(); - n_options_array = calloc(sizeof(int), n_protocols); - if (!n_options_array) - die_oom(); + */ + protocol_options = xzalloc(n_protocols * sizeof(char**)); + n_options_array = xzalloc(n_protocols * sizeof(int)); /* Iterate through protocols. */ for (i=0;i<n_protocols;i++) { @@ -304,10 +287,7 @@ main(int argc, const char **argv) /* Allocate space for the array carrying the options of this protocol. */ - protocol_options[actual_protocols-1] = - calloc(sizeof(char*), (n_options)); - if (!protocol_options[actual_protocols-1]) - die_oom(); + protocol_options[actual_protocols-1] = xzalloc(n_options * sizeof(char*)); /* Write the number of options to the correct place in n_options_array[]. */ n_options_array[actual_protocols-1] = n_options; diff --git a/src/network.c b/src/network.c index 365c61a..fb770c9 100644 --- a/src/network.c +++ b/src/network.c @@ -99,10 +99,15 @@ close_all_connections(void) assert(!n_connections); } /** - This function spawns a listener according to the 'proto_params'. + This function spawns a listener configured according to the + provided 'protocol_params_t' object'. Returns the listener on + success, NULL on fail. - Returns the listener on success, NULL on fail. + If it succeeds, the new listener object takes ownership of the + protocol_params_t object provided; if it fails, the protocol_params_t + object is deallocated. */ + listener_t * listener_new(struct event_base *base, protocol_params_t *proto_params) @@ -110,14 +115,8 @@ listener_new(struct event_base *base, const unsigned flags = LEV_OPT_CLOSE_ON_FREE|LEV_OPT_CLOSE_ON_EXEC|LEV_OPT_REUSEABLE; - listener_t *lsn = calloc(1, sizeof(listener_t)); - if (!lsn) { - if (proto_params) - free(proto_params); - return NULL; - } + listener_t *lsn = xzalloc(sizeof(listener_t)); - /** If we don't have a connection dll, create one now. */ lsn->proto_params = proto_params; lsn->listener = evconnlistener_new_bind(base, simple_listener_cb, lsn, @@ -132,6 +131,7 @@ listener_new(struct event_base *base, return NULL; } + /** If we don't have a connection dll, create one now. */ dll_append(&listener_list, &lsn->dll_node); return lsn; @@ -189,15 +189,12 @@ simple_listener_cb(struct evconnlistener *evcl, { listener_t *lsn = arg; struct event_base *base; - conn_t *conn = calloc(1, sizeof(conn_t)); + conn_t *conn = xzalloc(sizeof(conn_t)); n_connections++; /* If we call conn_free() later on error, it will decrement * n_connections. Therefore, we had better increment it at * the start. */ - if (!conn) - goto err; - log_debug("Got a connection attempt."); conn->mode = lsn->proto_params->mode; @@ -211,8 +208,6 @@ simple_listener_cb(struct evconnlistener *evcl, if (conn->mode == LSN_SOCKS_CLIENT) { /* Construct SOCKS state. */ conn->socks_state = socks_state_new(); - if (!conn->socks_state) - goto err; } /* New bufferevent to wrap socket we received. */ diff --git a/src/protocols/dummy.c b/src/protocols/dummy.c index f121725..d82818d 100644 --- a/src/protocols/dummy.c +++ b/src/protocols/dummy.c @@ -28,9 +28,7 @@ static struct protocol_params_t * dummy_init(int n_options, const char *const *options) { struct protocol_params_t *params - = calloc(1, sizeof(struct protocol_params_t)); - if (!params) - return NULL; + = xzalloc(sizeof(struct protocol_params_t)); if (parse_and_set_options(n_options, options, params) < 0) { free(params); @@ -101,7 +99,7 @@ static struct protocol_t * dummy_create(struct protocol_params_t *params) { /* Dummy needs no per-connection protocol-specific state. */ - struct protocol_t *proto = calloc(1, sizeof(struct protocol_t)); + struct protocol_t *proto = xzalloc(sizeof(struct protocol_t)); proto->vtable = &dummy_vtable; return proto; } diff --git a/src/protocols/obfs2.c b/src/protocols/obfs2.c index 41a2614..c42d1c4 100644 --- a/src/protocols/obfs2.c +++ b/src/protocols/obfs2.c @@ -36,9 +36,7 @@ static struct protocol_params_t * obfs2_init(int n_options, const char *const *options) { struct protocol_params_t *params - = calloc(1, sizeof(struct protocol_params_t)); - if (!params) - return NULL; + = xzalloc(sizeof(struct protocol_params_t)); if (parse_and_set_options(n_options, options, params) < 0) { usage(); @@ -85,8 +83,9 @@ parse_and_set_options(int n_options, const char *const *options, if (got_ss) return -1; /* this is freed in proto_params_free() */ - params->shared_secret = strdup(*options+16); params->shared_secret_len = strlen(*options+16); + params->shared_secret = xmemdup(*options+16, + params->shared_secret_len + 1); got_ss=1; } else { log_warn("obfs2: Unknown argument."); @@ -163,7 +162,7 @@ seed_nonzero(const uchar *seed) /** Derive and return key of type 'keytype' from the seeds currently set in - 'state'. Returns NULL on failure. + 'state'. */ static crypt_t * derive_key(void *s, const char *keytype) @@ -202,7 +201,7 @@ derive_key(void *s, const char *keytype) /** Derive and return padding key of type 'keytype' from the seeds - currently set in state 's'. Returns NULL on failure. + currently set in state 's'. */ static crypt_t * derive_padding_key(void *s, const uchar *seed, @@ -250,12 +249,10 @@ derive_padding_key(void *s, const uchar *seed, static struct protocol_t * obfs2_create(protocol_params_t *params) { - obfs2_protocol_t *proto = calloc(1, sizeof(obfs2_protocol_t)); + obfs2_protocol_t *proto = xzalloc(sizeof(obfs2_protocol_t)); uchar *seed; const char *send_pad_type; - if (!proto) - return NULL; proto->state = ST_WAIT_FOR_KEY; proto->we_are_initiator = params->is_initiator; if (proto->we_are_initiator) { @@ -275,10 +272,6 @@ obfs2_create(protocol_params_t *params) if (params->shared_secret) { /* ASN we must say in spec that we hash command line shared secret. */ digest_t *c = digest_new(); - if (!c) { - free(proto); - return NULL; - } digest_update(c, (uchar*)params->shared_secret, params->shared_secret_len); digest_getdigest(c, proto->secret_seed, SHARED_SECRET_LENGTH); digest_free(c); @@ -286,11 +279,6 @@ obfs2_create(protocol_params_t *params) /* Derive the key for what we're sending */ proto->send_padding_crypto = derive_padding_key(proto, seed, send_pad_type); - if (proto->send_padding_crypto == NULL) { - free(proto); - return NULL; - } - proto->super.vtable = &obfs2_vtable; return &proto->super; } @@ -420,7 +408,7 @@ obfs2_send(struct protocol_t *s, Helper: called after reciving our partner's setup message. Initializes all keys. Returns 0 on success, -1 on failure. */ -static int +static void init_crypto(void *s) { obfs2_protocol_t *state = s; @@ -447,11 +435,6 @@ init_crypto(void *s) state->recv_crypto = derive_key(state, recv_keytype); state->recv_padding_crypto = derive_padding_key(state, recv_seed, recv_pad_keytype); - - if (state->send_crypto && state->recv_crypto && state->recv_padding_crypto) - return 0; - else - return -1; } /* Called when we receive data in an evbuffer 'source': deobfuscates that data @@ -491,8 +474,7 @@ obfs2_recv(struct protocol_t *s, struct evbuffer *source, memcpy(other_seed, buf, OBFUSCATE_SEED_LENGTH); /* Now we can set up all the keys from the seed */ - if (init_crypto(state) < 0) - return RECV_BAD; + init_crypto(state); /* Decrypt the next 8 bytes */ stream_crypt(state->recv_padding_crypto, buf+OBFUSCATE_SEED_LENGTH, 8); diff --git a/src/socks.c b/src/socks.c index e89812f..b67455f 100644 --- a/src/socks.c +++ b/src/socks.c @@ -43,24 +43,19 @@ typedef unsigned char uchar; /** - Creates a new SOCKS state. - - Returns a 'socks_state_t' on success, NULL on fail. + Creates a new 'socks_state_t' object. */ socks_state_t * socks_state_new(void) { - socks_state_t *state = calloc(1, sizeof(socks_state_t)); - if (!state) - return NULL; + socks_state_t *state = xzalloc(sizeof(socks_state_t)); state->state = ST_WAITING; - return state; } /** Deallocates memory of socks_state_t 's'. -*/ +*/ void socks_state_free(socks_state_t *s) { @@ -318,8 +313,8 @@ socks5_handle_negotiation(struct evbuffer *source, struct evbuffer *dest, socks_state_t *state) { unsigned int found_noauth, i; - uchar nmethods; + uchar methods[0xFF]; evbuffer_copyout(source, &nmethods, 1); @@ -329,25 +324,22 @@ socks5_handle_negotiation(struct evbuffer *source, evbuffer_drain(source, 1); - uchar *p; - /* XXX user controlled malloc(). range should be: 0x00-0xff */ - p = malloc(nmethods); - if (!p) { - log_warn("malloc failed!"); + /* this should be impossible, but we check it anyway for great defensiveness */ + if (nmethods > 0xFF) { + log_warn("too many methods!"); return SOCKS_BROKEN; } - if (evbuffer_remove(source, p, nmethods) < 0) + + if (evbuffer_remove(source, methods, nmethods) < 0) assert(0); for (found_noauth=0, i=0; i<nmethods ; i++) { - if (p[i] == SOCKS5_METHOD_NOAUTH) { + if (methods[i] == SOCKS5_METHOD_NOAUTH) { found_noauth = 1; break; } } - free(p); - return socks5_do_negotiation(dest,found_noauth); } diff --git a/src/socks.h b/src/socks.h index e2c20b5..db10cb5 100644 --- a/src/socks.h +++ b/src/socks.h @@ -30,7 +30,7 @@ enum socks_ret { enum socks_ret handle_socks(struct evbuffer *source, struct evbuffer *dest, socks_state_t *socks_state); -socks_state_t *socks_state_new(void); +socks_state_t *socks_state_new(void); /* cannot fail */ void socks_state_free(socks_state_t *s); enum socks_status_t socks_state_get_status(const socks_state_t *state); diff --git a/src/test/unittest_obfs2.c b/src/test/unittest_obfs2.c index 01ce501..961bfd2 100644 --- a/src/test/unittest_obfs2.c +++ b/src/test/unittest_obfs2.c @@ -125,8 +125,7 @@ static const char *const options_server[] = static void * setup_obfs2_state(const struct testcase_t *unused) { - struct test_obfs2_state *s = calloc(1, sizeof(struct test_obfs2_state)); - tt_assert(s); + struct test_obfs2_state *s = xzalloc(sizeof(struct test_obfs2_state)); s->proto_params_client = proto_params_init(ALEN(options_client), options_client); diff --git a/src/test/unittest_socks.c b/src/test/unittest_socks.c index 001c266..4d95666 100644 --- a/src/test/unittest_socks.c +++ b/src/test/unittest_socks.c @@ -31,7 +31,6 @@ test_socks_socks5_send_negotiation(void *data) socks_state_t *state; state = socks_state_new(); - tt_assert(state); /* First test: Only one method: NOAUTH. @@ -143,7 +142,6 @@ test_socks_socks5_request(void *data) socks_state_t *state; state = socks_state_new(); - tt_assert(state); const uint32_t addr_ipv4 = htonl(0x7f000001); /* 127.0.0.1 */ const uint8_t addr_ipv6[16] = {0,13,0,1,0,5,0,14,0,10,0,5,0,14,0,0}; /* d:1:5:e:a:5:e:0 */ @@ -308,7 +306,6 @@ test_socks_socks5_request_reply(void *data) socks_state_t *state; state = socks_state_new(); - tt_assert(state); state->parsereq.af = AF_INET; strcpy(state->parsereq.addr, "127.0.0.1"); @@ -415,7 +412,6 @@ test_socks_socks4_request(void *data) socks_state_t *state; state = socks_state_new(); - tt_assert(state); /* First test: Correct SOCKS4 req packet with nothing in the optional field. */ @@ -552,7 +548,6 @@ test_socks_socks4_request_reply(void *data) socks_state_t *state; state = socks_state_new(); - tt_assert(state); state->parsereq.af = AF_INET; strcpy(state->parsereq.addr, "127.0.0.1"); diff --git a/src/util.c b/src/util.c index cab4bf1..6a0e4a0 100644 --- a/src/util.c +++ b/src/util.c @@ -5,6 +5,7 @@ #include "util.h" #include <assert.h> +#include <errno.h> #include <fcntl.h> #include <limits.h> #include <stdio.h> @@ -22,6 +23,73 @@ /** Any size_t larger than this amount is likely to be an underflow. */ #define SIZE_T_CEILING (SIZE_MAX/2 - 16) +/**************************** Memory Allocation ******************************/ + +static void __attribute__((noreturn)) +die_oom(void) +{ + log_warn("Memory allocation failed: %s",strerror(errno)); + exit(1); +} + +void * +xmalloc(size_t size) +{ + void *result; + + assert(size < SIZE_T_CEILING); + + /* Some malloc() implementations return NULL when the input argument + is zero. We don't bother detecting whether the implementation we're + being compiled for does that, because it should hardly ever come up, + and avoiding it unconditionally does no harm. */ + if (size == 0) + size = 1; + + result = malloc(size); + if (result == NULL) + die_oom(); + + return result; +} + +void * +xrealloc(void *ptr, size_t size) +{ + void *result; + assert (size < SIZE_T_CEILING); + if (size == 0) + size = 1; + + result = realloc(ptr, size); + if (result == NULL) + die_oom(); + + return result; +} + +void * +xzalloc(size_t size) +{ + void *result = xmalloc(size); + memset(result, 0, size); + return result; +} + +void * +xmemdup(const void *ptr, size_t size) +{ + void *copy = xmalloc(size); + memcpy(copy, ptr, size); + return copy; +} + +char * +xstrdup(const char *s) +{ + return xmemdup(s, strlen(s) + 1); +} + /************************ Obfsproxy Network Routines *************************/ /** @@ -45,10 +113,8 @@ resolve_address_port(const char *address, struct evutil_addrinfo *ai = NULL; struct evutil_addrinfo ai_hints; int result = -1, ai_res; - char *a = strdup(address), *cp; + char *a = xstrdup(address), *cp; const char *portstr; - if (!a) - return -1; if ((cp = strchr(a, ':'))) { portstr = cp+1; @@ -78,10 +144,8 @@ resolve_address_port(const char *address, log_warn("No result for address %s", address); goto done; } - struct sockaddr *addr = malloc(ai->ai_addrlen); - memcpy(addr, ai->ai_addr, ai->ai_addrlen); - *addr_out = addr; *addrlen_out = ai->ai_addrlen; + *addr_out = xmemdup(ai->ai_addr, ai->ai_addrlen); result = 0; done: diff --git a/src/util.h b/src/util.h index b526dbf..d909b53 100644 --- a/src/util.h +++ b/src/util.h @@ -16,6 +16,19 @@ struct sockaddr; struct event_base; struct evdns_base; +/***** Memory allocation. *****/ + +/* Because this isn't Tor and functions named "tor_whatever" would be + confusing, I am instead following the GNU convention of naming + allocate-memory-or-crash functions "xwhatever". Also, at this time + I do not see a need for a free() wrapper. */ + +void *xmalloc(size_t size) __attribute__((malloc)); /* does not clear memory */ +void *xzalloc(size_t size) __attribute__((malloc)); /* clears memory */ +void *xrealloc(void *ptr, size_t size); +void *xmemdup(const void *ptr, size_t size) __attribute__((malloc)); +char *xstrdup(const char *s) __attribute__((malloc)); + /***** Network functions stuff. *****/ int resolve_address_port(const char *address,

1 0

[obfsproxy/master] Use the official NIST four-block test vector for AES128-CTR. We are testing in-place encryption, so no need for an XXX comment.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit 3ffd6ba4529fe5cfa89925f12fe4eef239b893e1 Author: Zack Weinberg <zackw(a)panix.com> Date: Mon Jul 18 12:55:21 2011 -0700 Use the official NIST four-block test vector for AES128-CTR. We are testing in-place encryption, so no need for an XXX comment. --- src/crypt.c | 3 +- src/test/unittest_crypt.c | 75 ++++++++++++++++++++++++++++++-------------- 2 files changed, 52 insertions(+), 26 deletions(-) diff --git a/src/crypt.c b/src/crypt.c index 8d1d607..722fc00 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -183,8 +183,7 @@ crypt_set_iv(crypt_t *key, const uchar *iv, size_t ivlen) void stream_crypt(crypt_t *key, uchar *buf, size_t len) { - AES_ctr128_encrypt(buf, buf, /* XXX make sure this is okay to do. */ - len, + AES_ctr128_encrypt(buf, buf, len, &key->key, key->ivec, key->ecount_buf, &key->pos); } diff --git a/src/test/unittest_crypt.c b/src/test/unittest_crypt.c index 14c2c41..0e48a90 100644 --- a/src/test/unittest_crypt.c +++ b/src/test/unittest_crypt.c @@ -77,27 +77,54 @@ test_crypt_hashvec(void *data) static void test_crypt_aes1(void *data) { - /* Trying AES_ctr128_encrypt(x,x,...) to see if in-place encryption works. - Seems like it's working alright. - Test vector taken from: - http://www.inconteam.com/software-development/41-encryption/55-aes-test-vec… - maybe we should find something a bit more NIST-ish */ - uchar key[16] = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c"; - uchar iv[16] = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"; - uchar vec[16] = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"; - - crypt_t *crypt; - - crypt = crypt_new(key, sizeof(key)); + /* In-place encryption of the test vectors from + http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf + for AES128 in counter mode (section F.5.1) */ + const uchar key[16] = + "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c"; + const uchar iv[16] = + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"; + struct testblock { + const uchar counter[16]; + const uchar keystream[16]; + const uchar plaintext[16]; + const uchar ciphertext[16]; + }; + const struct testblock testvec[4] = { + { "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + "\xec\x8c\xdf\x73\x98\x60\x7c\xb0\xf2\xd2\x16\x75\xea\x9e\xa1\xe4", + "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d\xb6\xce" }, + { "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xff\x00", + "\x36\x2b\x7c\x3c\x67\x73\x51\x63\x18\xa0\x77\xd7\xfc\x50\x73\xae", + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51", + "\x98\x06\xf6\x6b\x79\x70\xfd\xff\x86\x17\x18\x7b\xb9\xff\xfd\xff" }, + { "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xff\x01", + "\x6a\x2c\xc3\x78\x78\x89\x37\x4f\xbe\xb4\xc8\x1b\x17\xba\x6c\x44", + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef", + "\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e\x5b\x4f\x09\x02\x0d\xb0\x3e\xab", }, + { "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xff\x02", + "\xe8\x9c\x39\x9f\xf0\xf1\x98\xc6\xd4\x0a\x31\xdb\x15\x6c\xab\xfe", + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", + "\x1e\x03\x1d\xda\x2f\xbe\x03\xd1\x79\x21\x70\xa0\xf3\x00\x9c\xee" } + }; + + uchar vec[16]; + unsigned int i; + + crypt_t *crypt = crypt_new(key, sizeof(key)); crypt_set_iv(crypt, iv, sizeof(iv)); - stream_crypt(crypt, vec, sizeof(vec)); - tt_int_op(0, ==, memcmp(vec, - "\x87\x4d\x61\x91\xb6\x20\xe3\x26\x1b\xef\x68\x64\x99\x0d" - "\xb6\xce", 16)); + for (i = 0; i < 4; i++) { + tt_int_op(0, ==, crypt->pos); + tt_int_op(0, ==, memcmp(crypt->ivec, testvec[i].counter, 16)); - /* XXX test longer streams too; the failure modes for stream crypto are not - * visible in a single block. */ + memcpy(vec, testvec[i].plaintext, 16); + stream_crypt(crypt, vec, 16); + + tt_int_op(0, ==, memcmp(crypt->ecount_buf, testvec[i].keystream, 16)); + tt_int_op(0, ==, memcmp(vec, testvec[i].ciphertext, 16)); + } end: if (crypt) @@ -152,13 +179,13 @@ test_crypt_rng(void *data) } -#define T(name, flags) \ - { #name, test_crypt_##name, (flags), NULL, NULL } +#define T(name) \ + { #name, test_crypt_##name, 0, NULL, NULL } struct testcase_t crypt_tests[] = { - T(hashvec, 0), - T(aes1,0), - T(aes2,0), - T(rng,0), + T(hashvec), + T(aes1), + T(aes2), + T(rng), END_OF_TESTCASES };

1 0

[obfsproxy/master] Don't pass the protocol name as part of the option list provided to the protocol-specific params initialization method. Improve diagnostics in obfs2.c.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit 798a292f4a4b3fd38c6ac9d3d6b238e75f35eee8 Author: Zack Weinberg <zackw(a)panix.com> Date: Thu Jul 14 12:53:00 2011 -0700 Don't pass the protocol name as part of the option list provided to the protocol-specific params initialization method. Improve diagnostics in obfs2.c. --- src/protocol.c | 4 +++- src/protocols/dummy.c | 12 +++++------- src/protocols/obfs2.c | 28 +++++++++++++--------------- 3 files changed, 21 insertions(+), 23 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 85b975f..9aa1f8b 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -36,7 +36,9 @@ proto_params_init(int n_options, const char *const *options) size_t i; for (i = 0; i < n_supported_protocols; i++) if (!strcmp(*options, supported_protocols[i]->name)) - return supported_protocols[i]->init(n_options, options); + /* Remove the first element of 'options' (which is always the + protocol name) from the list passed to the init method. */ + return supported_protocols[i]->init(n_options - 1, options + 1); return NULL; } diff --git a/src/protocols/dummy.c b/src/protocols/dummy.c index 7db48d7..f121725 100644 --- a/src/protocols/dummy.c +++ b/src/protocols/dummy.c @@ -50,24 +50,22 @@ parse_and_set_options(int n_options, const char *const *options, { const char* defport; - if (n_options != 3) + if (n_options != 2) return -1; - assert(!strcmp(options[0],"dummy")); - - if (!strcmp(options[1], "client")) { + if (!strcmp(options[0], "client")) { defport = "48988"; /* bf5c */ params->mode = LSN_SIMPLE_CLIENT; - } else if (!strcmp(options[1], "socks")) { + } else if (!strcmp(options[0], "socks")) { defport = "23548"; /* 5bf5 */ params->mode = LSN_SOCKS_CLIENT; - } else if (!strcmp(options[1], "server")) { + } else if (!strcmp(options[0], "server")) { defport = "11253"; /* 2bf5 */ params->mode = LSN_SIMPLE_SERVER; } else return -1; - if (resolve_address_port(options[2], 1, 1, + if (resolve_address_port(options[1], 1, 1, &params->listen_address, &params->listen_address_len, defport) < 0) { log_warn("addr"); diff --git a/src/protocols/obfs2.c b/src/protocols/obfs2.c index cc208ed..41a2614 100644 --- a/src/protocols/obfs2.c +++ b/src/protocols/obfs2.c @@ -66,14 +66,11 @@ parse_and_set_options(int n_options, const char *const *options, int got_ss=0; const char* defport; - if ((n_options < 3) || (n_options > 5)) { - log_warn("%s(): wrong options number: %d", __func__, n_options); + if ((n_options < 2) || (n_options > 4)) { + log_warn("obfs2: wrong number of options: %d", n_options); return -1; } - assert(!strcmp(*options,"obfs2")); - options++; - /* Now parse the optional arguments */ while (!strncmp(*options,"--",2)) { if (!strncmp(*options,"--dest=",7)) { @@ -92,7 +89,7 @@ parse_and_set_options(int n_options, const char *const *options, params->shared_secret_len = strlen(*options+16); got_ss=1; } else { - log_warn("%s(): Unknown argument.", __func__); + log_warn("obfs2: Unknown argument."); return -1; } options++; @@ -108,7 +105,7 @@ parse_and_set_options(int n_options, const char *const *options, defport = "11253"; /* 2bf5 */ params->mode = LSN_SIMPLE_SERVER; } else { - log_warn("%s(): only client/socks/server modes supported.", __func__); + log_warn("obfs2: only client/socks/server modes supported."); return -1; } options++; @@ -122,16 +119,16 @@ parse_and_set_options(int n_options, const char *const *options, /* Validate option selection. */ if (got_dest && (params->mode == LSN_SOCKS_CLIENT)) { - log_warn("%s(): You can't be on socks mode and have --dest.", __func__); + log_warn("obfs2: You can't be on socks mode and have --dest."); return -1; } if (!got_dest && (params->mode != LSN_SOCKS_CLIENT)) { - log_warn("%s(): client/server mode needs --dest.", __func__); + log_warn("obfs2: client/server mode needs --dest."); return -1; } - log_debug("%s(): Parsed obfs2 options nicely!", __func__); + log_debug("obfs2: Parsed options nicely!"); params->vtable = &obfs2_vtable; return 0; @@ -371,8 +368,8 @@ obfs2_handshake(struct protocol_t *s, struct evbuffer *buf) and write those bytes onto 'dest'. Return 0 on success, -1 on failure. */ static int -crypt_and_transmit(crypt_t *crypto, - struct evbuffer *source, struct evbuffer *dest) +obfs2_crypt_and_transmit(crypt_t *crypto, + struct evbuffer *source, struct evbuffer *dest) { uchar data[1024]; while (1) { @@ -399,12 +396,13 @@ obfs2_send(struct protocol_t *s, if (state->send_crypto) { /* First of all, send any data that we've been waiting to send. */ if (state->pending_data_to_send) { - crypt_and_transmit(state->send_crypto, state->pending_data_to_send, dest); + obfs2_crypt_and_transmit(state->send_crypto, state->pending_data_to_send, + dest); evbuffer_free(state->pending_data_to_send); state->pending_data_to_send = NULL; } /* Our crypto is set up; just relay the bytes */ - return crypt_and_transmit(state->send_crypto, source, dest); + return obfs2_crypt_and_transmit(state->send_crypto, source, dest); } else { /* Our crypto isn't set up yet, we'll have to queue the data */ if (evbuffer_get_length(source)) { @@ -544,7 +542,7 @@ obfs2_recv(struct protocol_t *s, struct evbuffer *source, log_debug("%s(): Processing %d bytes data onto destination buffer", __func__, (int) evbuffer_get_length(source)); - crypt_and_transmit(state->recv_crypto, source, dest); + obfs2_crypt_and_transmit(state->recv_crypto, source, dest); if (r != RECV_SEND_PENDING) r = RECV_GOOD;

1 0

[obfsproxy/master] Factor out duplicated unittest_socks code with a test fixture. Fix some small things in unittest_crypt and unittest_obfs2 left over from previous patches.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit afa421e1b6755545f9174c02c48b0f9961530ffd Author: Zack Weinberg <zackw(a)panix.com> Date: Mon Jul 18 13:59:29 2011 -0700 Factor out duplicated unittest_socks code with a test fixture. Fix some small things in unittest_crypt and unittest_obfs2 left over from previous patches. --- src/test/unittest_crypt.c | 6 +- src/test/unittest_obfs2.c | 5 +- src/test/unittest_socks.c | 370 ++++++++++++++++++++++----------------------- 3 files changed, 184 insertions(+), 197 deletions(-) diff --git a/src/test/unittest_crypt.c b/src/test/unittest_crypt.c index 0e48a90..5a3e2aa 100644 --- a/src/test/unittest_crypt.c +++ b/src/test/unittest_crypt.c @@ -80,9 +80,9 @@ test_crypt_aes1(void *data) /* In-place encryption of the test vectors from http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf for AES128 in counter mode (section F.5.1) */ - const uchar key[16] = + static const uchar key[16] = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c"; - const uchar iv[16] = + static const uchar iv[16] = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"; struct testblock { const uchar counter[16]; @@ -90,7 +90,7 @@ test_crypt_aes1(void *data) const uchar plaintext[16]; const uchar ciphertext[16]; }; - const struct testblock testvec[4] = { + static const struct testblock testvec[4] = { { "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", "\xec\x8c\xdf\x73\x98\x60\x7c\xb0\xf2\xd2\x16\x75\xea\x9e\xa1\xe4", "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", diff --git a/src/test/unittest_obfs2.c b/src/test/unittest_obfs2.c index 961bfd2..3ac4c42 100644 --- a/src/test/unittest_obfs2.c +++ b/src/test/unittest_obfs2.c @@ -150,9 +150,8 @@ setup_obfs2_state(const struct testcase_t *unused) return s; end: - if (s) - cleanup_obfs2_state(NULL, s); - return 0; + cleanup_obfs2_state(NULL, s); + return NULL; } static const struct testcase_setup_t obfs2_fixture = diff --git a/src/test/unittest_socks.c b/src/test/unittest_socks.c index 4d95666..db4f120 100644 --- a/src/test/unittest_socks.c +++ b/src/test/unittest_socks.c @@ -8,12 +8,58 @@ #define SOCKS_PRIVATE #include "../socks.h" #include "../crypt.h" +#include "../util.h" #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <event2/buffer.h> +/* All the tests below use this test environment. Some of them + do not need both evbuffers, but we give them two anyway. */ +struct test_socks_state +{ + struct evbuffer *dest; + struct evbuffer *source; + socks_state_t *state; +}; + +static int +cleanup_socks_state(const struct testcase_t *unused, void *data) +{ + struct test_socks_state *s = (struct test_socks_state *)data; + + if (s->dest) + evbuffer_free(s->dest); + if (s->source) + evbuffer_free(s->source); + if (s->state) + socks_state_free(s->state); + free(data); + return 1; +} + +static void * +setup_socks_state(const struct testcase_t *unused) +{ + struct test_socks_state *s = xzalloc(sizeof(struct test_socks_state)); + + s->dest = evbuffer_new(); + tt_assert(s->dest); + s->source = evbuffer_new(); + tt_assert(s->source); + s->state = socks_state_new(); + tt_assert(s->state); + return s; + + end: + cleanup_socks_state(NULL, s); + return NULL; +} + +static const struct testcase_setup_t socks_fixture = + { setup_socks_state, cleanup_socks_state }; /** This function tests the negotiation phase of the SOCKS5 protocol. @@ -24,13 +70,7 @@ static void test_socks_socks5_send_negotiation(void *data) { - struct evbuffer *dest = NULL; - struct evbuffer *source = NULL; - dest = evbuffer_new(); - source = evbuffer_new(); - - socks_state_t *state; - state = socks_state_new(); + struct test_socks_state *s = (struct test_socks_state *)data; /* First test: Only one method: NOAUTH. @@ -39,13 +79,13 @@ test_socks_socks5_send_negotiation(void *data) req1[0] = 1; req1[1] = 0; - evbuffer_add(source, req1, 2); + evbuffer_add(s->source, req1, 2); - tt_int_op(SOCKS_GOOD, ==, socks5_handle_negotiation(source,dest,state)); - tt_int_op(0, ==, evbuffer_get_length(source)); + tt_int_op(SOCKS_GOOD, ==, socks5_handle_negotiation(s->source,s->dest,s->state)); + tt_int_op(0, ==, evbuffer_get_length(s->source)); uchar rep1[2]; - tt_int_op(2, ==, evbuffer_remove(dest,rep1,2)); + tt_int_op(2, ==, evbuffer_remove(s->dest,rep1,2)); tt_assert(rep1[0] == 5); tt_assert(rep1[1] == 0); @@ -56,13 +96,13 @@ test_socks_socks5_send_negotiation(void *data) memset(req2+1,0x42,8); req2[9] = 0; - evbuffer_add(source, req2, 10); + evbuffer_add(s->source, req2, 10); - tt_int_op(SOCKS_GOOD, ==, socks5_handle_negotiation(source,dest,state)); - tt_int_op(0, ==, evbuffer_get_length(source)); + tt_int_op(SOCKS_GOOD, ==, socks5_handle_negotiation(s->source,s->dest,s->state)); + tt_int_op(0, ==, evbuffer_get_length(s->source)); uchar rep2[2]; - tt_int_op(2, ==, evbuffer_remove(dest,rep2,2)); + tt_int_op(2, ==, evbuffer_remove(s->dest,rep2,2)); tt_assert(rep2[0] == 5); tt_assert(rep2[1] == 0); @@ -72,13 +112,13 @@ test_socks_socks5_send_negotiation(void *data) req3[0] = 99; memset(req3+1,0x42,99); - evbuffer_add(source, req3, 100); + evbuffer_add(s->source, req3, 100); - tt_int_op(SOCKS_BROKEN, ==, socks5_handle_negotiation(source,dest,state)); - tt_int_op(0, ==, evbuffer_get_length(source)); /* all data removed */ + tt_int_op(SOCKS_BROKEN, ==, socks5_handle_negotiation(s->source,s->dest,s->state)); + tt_int_op(0, ==, evbuffer_get_length(s->source)); /* all data removed */ uchar rep3[2]; - tt_int_op(2, ==, evbuffer_remove(dest,rep3,2)); + tt_int_op(2, ==, evbuffer_remove(s->dest,rep3,2)); tt_assert(rep3[0] == 5); tt_assert(rep3[1] == 0xff); @@ -91,11 +131,11 @@ test_socks_socks5_send_negotiation(void *data) req4[0] = 4; memset(req4+1,0x0,3); - evbuffer_add(source, req4, 4); + evbuffer_add(s->source, req4, 4); - tt_int_op(SOCKS_INCOMPLETE, ==, socks5_handle_negotiation(source,dest,state)); - tt_int_op(4, ==, evbuffer_get_length(source)); /* no bytes removed */ - evbuffer_drain(source, 4); + tt_int_op(SOCKS_INCOMPLETE, ==, socks5_handle_negotiation(s->source,s->dest,s->state)); + tt_int_op(4, ==, evbuffer_get_length(s->source)); /* no bytes removed */ + evbuffer_drain(s->source, 4); /* Fifth test: nmethods field = 3 but 4 actual methods. @@ -104,25 +144,18 @@ test_socks_socks5_send_negotiation(void *data) req5[0] = 3; memset(req5+1,0x0,4); - evbuffer_add(source, req5, 5); + evbuffer_add(s->source, req5, 5); - tt_int_op(SOCKS_GOOD, ==, socks5_handle_negotiation(source,dest,state)); - tt_int_op(1, ==, evbuffer_get_length(source)); /* 4 bytes removed */ - evbuffer_drain(source, 1); + tt_int_op(SOCKS_GOOD, ==, socks5_handle_negotiation(s->source,s->dest,s->state)); + tt_int_op(1, ==, evbuffer_get_length(s->source)); /* 4 bytes removed */ + evbuffer_drain(s->source, 1); uchar rep4[2]; - tt_int_op(2, ==, evbuffer_remove(dest,rep4,2)); + tt_int_op(2, ==, evbuffer_remove(s->dest,rep4,2)); tt_assert(rep4[0] == 5); tt_assert(rep4[1] == 0); - end: - if (state) - socks_state_free(state); - - if (source) - evbuffer_free(source); - if (dest) - evbuffer_free(dest); + end:; } /** @@ -135,13 +168,7 @@ test_socks_socks5_send_negotiation(void *data) static void test_socks_socks5_request(void *data) { - struct evbuffer *dest = NULL; - struct evbuffer *source = NULL; - dest = evbuffer_new(); - source = evbuffer_new(); - - socks_state_t *state; - state = socks_state_new(); + struct test_socks_state *s = (struct test_socks_state *)data; const uint32_t addr_ipv4 = htonl(0x7f000001); /* 127.0.0.1 */ const uint8_t addr_ipv6[16] = {0,13,0,1,0,5,0,14,0,10,0,5,0,14,0,0}; /* d:1:5:e:a:5:e:0 */ @@ -156,13 +183,13 @@ test_socks_socks5_request(void *data) req1[2] = 1; memcpy(req1+3,&addr_ipv4,4); - evbuffer_add(source, "\x05", 1); - evbuffer_add(source, req1, 7); - tt_int_op(SOCKS_INCOMPLETE, ==, socks5_handle_request(source,&pr1)); /* 0: want more data*/ + evbuffer_add(s->source, "\x05", 1); + evbuffer_add(s->source, req1, 7); + tt_int_op(SOCKS_INCOMPLETE, ==, socks5_handle_request(s->source,&pr1)); /* 0: want more data*/ /* emptying source buffer before next test */ - size_t buffer_len = evbuffer_get_length(source); - tt_int_op(0, ==, evbuffer_drain(source, buffer_len)); + size_t buffer_len = evbuffer_get_length(s->source); + tt_int_op(0, ==, evbuffer_drain(s->source, buffer_len)); /* Second test: Broken FQDN req packet with no destport */ @@ -173,13 +200,13 @@ test_socks_socks5_request(void *data) req2[3] = 15; memcpy(req1+4,&addr_ipv4,3); - evbuffer_add(source, "\x05", 1); - evbuffer_add(source, req2, 7); - tt_int_op(SOCKS_INCOMPLETE, ==, socks5_handle_request(source,&pr1)); /* 0: want more data*/ + evbuffer_add(s->source, "\x05", 1); + evbuffer_add(s->source, req2, 7); + tt_int_op(SOCKS_INCOMPLETE, ==, socks5_handle_request(s->source,&pr1)); /* 0: want more data*/ /* emptying source buffer before next test */ - buffer_len = evbuffer_get_length(source); - tt_int_op(0, ==, evbuffer_drain(source, buffer_len)); + buffer_len = evbuffer_get_length(s->source); + tt_int_op(0, ==, evbuffer_drain(s->source, buffer_len)); /* Third test: Correct IPv4 req packet. */ @@ -190,15 +217,15 @@ test_socks_socks5_request(void *data) memcpy(req3+3,&addr_ipv4,4); memcpy(req3+7,&port,2); - evbuffer_add(source, "\x05", 1); - evbuffer_add(source, req3, 9); - tt_int_op(SOCKS_GOOD, ==, socks5_handle_request(source,&pr1)); + evbuffer_add(s->source, "\x05", 1); + evbuffer_add(s->source, req3, 9); + tt_int_op(SOCKS_GOOD, ==, socks5_handle_request(s->source,&pr1)); tt_str_op(pr1.addr, ==, "127.0.0.1"); tt_int_op(pr1.port, ==, 80); /* emptying source buffer before next test */ - buffer_len = evbuffer_get_length(source); - tt_int_op(0, ==, evbuffer_drain(source, buffer_len)); + buffer_len = evbuffer_get_length(s->source); + tt_int_op(0, ==, evbuffer_drain(s->source, buffer_len)); /* Fourth test: Correct IPv6 req packet. */ @@ -210,14 +237,14 @@ test_socks_socks5_request(void *data) memcpy(req4+4,&addr_ipv6,16); memcpy(req4+20,&port,2); - evbuffer_add(source,req4,22); - tt_int_op(SOCKS_GOOD, ==, socks5_handle_request(source,&pr1)); + evbuffer_add(s->source,req4,22); + tt_int_op(SOCKS_GOOD, ==, socks5_handle_request(s->source,&pr1)); tt_str_op(pr1.addr, ==, "d:1:5:e:a:5:e:0"); tt_int_op(pr1.port, ==, 80); /* emptying source buffer before next test */ - buffer_len = evbuffer_get_length(source); - tt_int_op(0, ==, evbuffer_drain(source, buffer_len)); + buffer_len = evbuffer_get_length(s->source); + tt_int_op(0, ==, evbuffer_drain(s->source, buffer_len)); /* Fifth test: Correct FQDN req packet. */ @@ -231,8 +258,8 @@ test_socks_socks5_request(void *data) strcpy((char *)req5+5,fqdn); memcpy(req5+5+strlen(fqdn),&port,2); - evbuffer_add(source, req5, 24); - tt_int_op(SOCKS_GOOD, ==, socks5_handle_request(source,&pr1)); + evbuffer_add(s->source, req5, 24); + tt_int_op(SOCKS_GOOD, ==, socks5_handle_request(s->source,&pr1)); tt_str_op(pr1.addr, ==, "www.test.example"); tt_int_op(pr1.port, ==, 80); @@ -243,12 +270,12 @@ test_socks_socks5_request(void *data) req6[1] = 1; req6[2] = 0; - evbuffer_add(source,req6,3); - tt_int_op(SOCKS_INCOMPLETE, ==, socks5_handle_request(source,&pr1)); + evbuffer_add(s->source,req6,3); + tt_int_op(SOCKS_INCOMPLETE, ==, socks5_handle_request(s->source,&pr1)); /* emptying source buffer before next test */ - buffer_len = evbuffer_get_length(source); - tt_int_op(0, ==, evbuffer_drain(source, buffer_len)); + buffer_len = evbuffer_get_length(s->source); + tt_int_op(0, ==, evbuffer_drain(s->source, buffer_len)); /* Seventh test: Wrong Reserved field */ @@ -259,12 +286,12 @@ test_socks_socks5_request(void *data) req7[3] = 42; req7[4] = 42; - evbuffer_add(source,req7,5); - tt_int_op(SOCKS_BROKEN, ==, socks5_handle_request(source,&pr1)); + evbuffer_add(s->source,req7,5); + tt_int_op(SOCKS_BROKEN, ==, socks5_handle_request(s->source,&pr1)); /* emptying source buffer before next test */ - buffer_len = evbuffer_get_length(source); - tt_int_op(0, ==, evbuffer_drain(source, buffer_len)); + buffer_len = evbuffer_get_length(s->source); + tt_int_op(0, ==, evbuffer_drain(s->source, buffer_len)); /* Eigth test: Everything is dreamy... if only the requested command was CONNECT... */ @@ -275,20 +302,12 @@ test_socks_socks5_request(void *data) memcpy(req8+3,&addr_ipv4,4); memcpy(req8+7,&port,2); - evbuffer_add(source, "\x05", 1); - evbuffer_add(source, req8, 9); + evbuffer_add(s->source, "\x05", 1); + evbuffer_add(s->source, req8, 9); /* '-2' means that we don't support the requested command. */ - tt_int_op(SOCKS_CMD_NOT_CONNECT, ==, socks5_handle_request(source,&pr1)); - - - end: - if (state) - socks_state_free(state); + tt_int_op(SOCKS_CMD_NOT_CONNECT, ==, socks5_handle_request(s->source,&pr1)); - if (source) - evbuffer_free(source); - if (dest) - evbuffer_free(dest); + end:; } /** @@ -301,23 +320,19 @@ test_socks_socks5_request(void *data) static void test_socks_socks5_request_reply(void *data) { - struct evbuffer *reply_dest = NULL; - reply_dest = evbuffer_new(); + struct test_socks_state *s = (struct test_socks_state *)data; - socks_state_t *state; - state = socks_state_new(); - - state->parsereq.af = AF_INET; - strcpy(state->parsereq.addr, "127.0.0.1"); - state->parsereq.port = 7357; + s->state->parsereq.af = AF_INET; + strcpy(s->state->parsereq.addr, "127.0.0.1"); + s->state->parsereq.port = 7357; /* First test: We ask the server to send us a reply on an IPv4 request with succesful status. */ - socks5_send_reply(reply_dest,state, SOCKS5_SUCCESS); + socks5_send_reply(s->dest,s->state, SOCKS5_SUCCESS); uchar rep1[255]; - evbuffer_remove(reply_dest,rep1,255); /* yes, this is dirty */ + evbuffer_remove(s->dest,rep1,255); /* yes, this is dirty */ tt_assert(rep1[3] == SOCKS5_ATYP_IPV4); /* check address */ @@ -325,20 +340,20 @@ test_socks_socks5_request_reply(void *data) /* check port */ tt_int_op(0, ==, memcmp(rep1+4+4,"\x1c\xbd",2)); - /* emptying reply_dest buffer before next test */ - size_t buffer_len = evbuffer_get_length(reply_dest); - tt_int_op(0, ==, evbuffer_drain(reply_dest, buffer_len)); + /* emptying s->dest buffer before next test */ + size_t buffer_len = evbuffer_get_length(s->dest); + tt_int_op(0, ==, evbuffer_drain(s->dest, buffer_len)); /* Second test: We ask the server to send us a reply on an IPv6 request with succesful status. */ - state->parsereq.af = AF_INET6; - strcpy(state->parsereq.addr, "d:1:5:e:a:5:e:0"); + s->state->parsereq.af = AF_INET6; + strcpy(s->state->parsereq.addr, "d:1:5:e:a:5:e:0"); - socks5_send_reply(reply_dest,state, SOCKS5_SUCCESS); + socks5_send_reply(s->dest,s->state, SOCKS5_SUCCESS); uchar rep2[255]; - evbuffer_remove(reply_dest,rep2,255); + evbuffer_remove(s->dest,rep2,255); tt_assert(rep2[3] = SOCKS5_ATYP_IPV6); /* Test returned address against inet_pton(d:1:5:e:a:5:e:0) */ @@ -348,21 +363,21 @@ test_socks_socks5_request_reply(void *data) 16)); tt_int_op(0, ==, memcmp(rep2+4+16, "\x1c\xbd", 2)); - /* emptying reply_dest buffer before next test */ - buffer_len = evbuffer_get_length(reply_dest); - tt_int_op(0, ==, evbuffer_drain(reply_dest, buffer_len)); + /* emptying dest buffer before next test */ + buffer_len = evbuffer_get_length(s->dest); + tt_int_op(0, ==, evbuffer_drain(s->dest, buffer_len)); /* Third test : We ask the server to send us a reply on an FQDN request with failure status. */ const char *fqdn = "www.test.example"; - state->parsereq.af = AF_UNSPEC; - strcpy(state->parsereq.addr, fqdn); + s->state->parsereq.af = AF_UNSPEC; + strcpy(s->state->parsereq.addr, fqdn); - socks5_send_reply(reply_dest,state, SOCKS5_FAILED_GENERAL); + socks5_send_reply(s->dest, s->state, SOCKS5_FAILED_GENERAL); uchar rep3[255]; - evbuffer_remove(reply_dest,rep3,255); + evbuffer_remove(s->dest,rep3,255); tt_assert(rep3[3] == SOCKS5_ATYP_FQDN); tt_assert(rep3[4] == strlen(fqdn)); @@ -374,22 +389,17 @@ test_socks_socks5_request_reply(void *data) /* Fourth test: We ask the server while having an empty parsereq and with a SOCKS5_FAILED_UNSUPPORTED status. */ - memset(&state->parsereq,'\x00',sizeof(struct parsereq)); + memset(&s->state->parsereq,'\x00',sizeof(struct parsereq)); - socks5_send_reply(reply_dest,state, SOCKS5_FAILED_UNSUPPORTED); + socks5_send_reply(s->dest,s->state, SOCKS5_FAILED_UNSUPPORTED); uchar rep4[255]; - evbuffer_remove(reply_dest,rep4,255); + evbuffer_remove(s->dest,rep4,255); tt_assert(rep4[3] == SOCKS5_ATYP_IPV4); tt_int_op(0, ==, memcmp(rep4+4,"\x00\x00\x00\x00",4)); tt_int_op(0, ==, memcmp(rep4+4+4, "\x00\x00", 2)); - end: - if (state) - socks_state_free(state); - - if (reply_dest) - evbuffer_free(reply_dest); + end:; } /** @@ -402,37 +412,31 @@ test_socks_socks5_request_reply(void *data) static void test_socks_socks4_request(void *data) { - struct evbuffer *dest = NULL; - struct evbuffer *source = NULL; - dest = evbuffer_new(); - source = evbuffer_new(); + struct test_socks_state *s = (struct test_socks_state *)data; const uint32_t addr = htonl(0x7f000001); /* 127.0.0.1 */ const uint16_t port = htons(80); /* 80 */ - socks_state_t *state; - state = socks_state_new(); - /* First test: Correct SOCKS4 req packet with nothing in the optional field. */ struct parsereq pr1; memset(&pr1, 0, sizeof(struct parsereq)); - state->parsereq = pr1; + s->state->parsereq = pr1; uchar req1[8]; req1[0] = 1; memcpy(req1+1,&port,2); memcpy(req1+3,&addr,4); req1[7] = '\x00'; - evbuffer_add(source,req1,8); + evbuffer_add(s->source,req1,8); - tt_int_op(SOCKS_GOOD, ==, socks4_read_request(source,state)); - tt_str_op(state->parsereq.addr, ==, "127.0.0.1"); - tt_int_op(state->parsereq.port, ==, 80); + tt_int_op(SOCKS_GOOD, ==, socks4_read_request(s->source,s->state)); + tt_str_op(s->state->parsereq.addr, ==, "127.0.0.1"); + tt_int_op(s->state->parsereq.port, ==, 80); /* emptying source buffer before next test */ - size_t buffer_len = evbuffer_get_length(source); - tt_int_op(0, ==, evbuffer_drain(source, buffer_len)); + size_t buffer_len = evbuffer_get_length(s->source); + tt_int_op(0, ==, evbuffer_drain(s->source, buffer_len)); /* Second test: Broken SOCKS4 req packet with incomplete optional field */ @@ -442,13 +446,13 @@ test_socks_socks4_request(void *data) memcpy(req2+3,&addr,4); strcpy(req2+7,"KO"); - evbuffer_add(source,req2,9); + evbuffer_add(s->source,req2,9); - tt_int_op(SOCKS_INCOMPLETE, ==, socks4_read_request(source,state)); + tt_int_op(SOCKS_INCOMPLETE, ==, socks4_read_request(s->source,s->state)); /* emptying source buffer before next test */ - buffer_len = evbuffer_get_length(source); - tt_int_op(0, ==, evbuffer_drain(source, buffer_len)); + buffer_len = evbuffer_get_length(s->source); + tt_int_op(0, ==, evbuffer_drain(s->source, buffer_len)); /* Third test: Correct SOCKS4 req packet with optional field. */ @@ -458,15 +462,15 @@ test_socks_socks4_request(void *data) memcpy(req3+3,&addr,4); strcpy(req3+7,"iamalive"); - evbuffer_add(source,req3,16); + evbuffer_add(s->source,req3,16); - tt_int_op(SOCKS_GOOD, ==, socks4_read_request(source,state)); - tt_str_op(state->parsereq.addr, ==, "127.0.0.1"); - tt_int_op(state->parsereq.port, ==, 80); + tt_int_op(SOCKS_GOOD, ==, socks4_read_request(s->source,s->state)); + tt_str_op(s->state->parsereq.addr, ==, "127.0.0.1"); + tt_int_op(s->state->parsereq.port, ==, 80); /* emptying source buffer before next test */ - buffer_len = evbuffer_get_length(source); - tt_int_op(0, ==, evbuffer_drain(source, buffer_len)); + buffer_len = evbuffer_get_length(s->source); + tt_int_op(0, ==, evbuffer_drain(s->source, buffer_len)); /* Fourth test: Correct SOCKS4a req packet with optional field. */ @@ -478,15 +482,15 @@ test_socks_socks4_request(void *data) strcpy(req4+7,"iamalive"); strcpy(req4+16, "www.test.example"); - evbuffer_add(source,req4,33); + evbuffer_add(s->source,req4,33); - tt_int_op(SOCKS_GOOD, ==, socks4_read_request(source,state)); - tt_str_op(state->parsereq.addr, ==, "www.test.example"); - tt_int_op(state->parsereq.port, ==, 80); + tt_int_op(SOCKS_GOOD, ==, socks4_read_request(s->source,s->state)); + tt_str_op(s->state->parsereq.addr, ==, "www.test.example"); + tt_int_op(s->state->parsereq.port, ==, 80); /* emptying source buffer before next test */ - buffer_len = evbuffer_get_length(source); - tt_int_op(0, ==, evbuffer_drain(source, buffer_len)); + buffer_len = evbuffer_get_length(s->source); + tt_int_op(0, ==, evbuffer_drain(s->source, buffer_len)); /* Fifth test: Broken SOCKS4a req packet with incomplete optional field. */ @@ -498,13 +502,13 @@ test_socks_socks4_request(void *data) strcpy(req5+16, "www.test.example"); /* Don't send it all. */ - evbuffer_add(source,req5,28); + evbuffer_add(s->source,req5,28); - tt_int_op(SOCKS_INCOMPLETE, ==, socks4_read_request(source,state)); + tt_int_op(SOCKS_INCOMPLETE, ==, socks4_read_request(s->source,s->state)); /* emptying source buffer before next test */ - buffer_len = evbuffer_get_length(source); - tt_int_op(0, ==, evbuffer_drain(source, buffer_len)); + buffer_len = evbuffer_get_length(s->source); + tt_int_op(0, ==, evbuffer_drain(s->source, buffer_len)); /* Sixth test: Broken SOCKS4a req packet with a HUGE domain name. */ @@ -518,19 +522,12 @@ test_socks_socks4_request(void *data) memset(req6+16,'2', HUGE); req6[16+HUGE] = '\x00'; - evbuffer_add(source,req6,16+HUGE+1); + evbuffer_add(s->source,req6,16+HUGE+1); - tt_int_op(SOCKS_BROKEN, ==, socks4_read_request(source,state)); + tt_int_op(SOCKS_BROKEN, ==, socks4_read_request(s->source,s->state)); #undef HUGE - end: - if (state) - socks_state_free(state); - - if (source) - evbuffer_free(source); - if (dest) - evbuffer_free(dest); + end:; } /** @@ -543,23 +540,19 @@ test_socks_socks4_request(void *data) static void test_socks_socks4_request_reply(void *data) { - struct evbuffer *reply_dest = NULL; - reply_dest = evbuffer_new(); + struct test_socks_state *s = (struct test_socks_state *)data; - socks_state_t *state; - state = socks_state_new(); - - state->parsereq.af = AF_INET; - strcpy(state->parsereq.addr, "127.0.0.1"); - state->parsereq.port = 7357; + s->state->parsereq.af = AF_INET; + strcpy(s->state->parsereq.addr, "127.0.0.1"); + s->state->parsereq.port = 7357; /* First test: We ask the server to send us a reply on an IPv4 request with succesful status. */ - socks4_send_reply(reply_dest,state, SOCKS4_SUCCESS); + socks4_send_reply(s->dest,s->state, SOCKS4_SUCCESS); uchar rep1[255]; - evbuffer_remove(reply_dest,rep1,255); /* yes, this is dirty */ + evbuffer_remove(s->dest,rep1,255); /* yes, this is dirty */ tt_assert(rep1[0] == '\x00'); tt_assert(rep1[1] == SOCKS4_SUCCESS); @@ -568,21 +561,21 @@ test_socks_socks4_request_reply(void *data) /* check address */ tt_int_op(0, ==, memcmp(rep1+2+2,"\x7f\x00\x00\x01", 4)); - /* emptying reply_dest buffer before next test */ - size_t buffer_len = evbuffer_get_length(reply_dest); - tt_int_op(0, ==, evbuffer_drain(reply_dest, buffer_len)); + /* emptying dest buffer before next test */ + size_t buffer_len = evbuffer_get_length(s->dest); + tt_int_op(0, ==, evbuffer_drain(s->dest, buffer_len)); /* Second test : We ask the server to send us a reply on an FQDN request with failure status. */ const char *fqdn = "www.test.example"; - state->parsereq.af = AF_UNSPEC; - strcpy(state->parsereq.addr, fqdn); + s->state->parsereq.af = AF_UNSPEC; + strcpy(s->state->parsereq.addr, fqdn); - socks4_send_reply(reply_dest,state, SOCKS4_FAILED); + socks4_send_reply(s->dest,s->state, SOCKS4_FAILED); uchar rep2[255]; - evbuffer_remove(reply_dest,rep2,255); + evbuffer_remove(s->dest,rep2,255); tt_assert(rep2[1] == SOCKS4_FAILED); /* check port */ @@ -590,22 +583,17 @@ test_socks_socks4_request_reply(void *data) /* check address */ /* tt_str_op(rep1+2+2, ==, "www.test.example"); */ - end: - if (state) - socks_state_free(state); - - if (reply_dest) - evbuffer_free(reply_dest); + end:; } -#define T(name, flags) \ - { #name, test_socks_##name, (flags), NULL, NULL } +#define T(name) \ + { #name, test_socks_##name, 0, &socks_fixture, NULL } struct testcase_t socks_tests[] = { - T(socks5_send_negotiation, 0), - T(socks5_request, 0), - T(socks5_request_reply, 0), - T(socks4_request, 0), - T(socks4_request_reply, 0), + T(socks5_send_negotiation), + T(socks5_request), + T(socks5_request_reply), + T(socks4_request), + T(socks4_request_reply), END_OF_TESTCASES };

1 0

r25044: {} rescue the huge key list from the verifying-signatures page (website/trunk/docs/en)
by Roger Dingledine 09 Sep '11

09 Sep '11

Author: arma Date: 2011-09-09 17:07:51 +0000 (Fri, 09 Sep 2011) New Revision: 25044 Added: website/trunk/docs/en/signing-keys.wml Log: rescue the huge key list from the verifying-signatures page Added: website/trunk/docs/en/signing-keys.wml =================================================================== --- website/trunk/docs/en/signing-keys.wml (rev 0) +++ website/trunk/docs/en/signing-keys.wml 2011-09-09 17:07:51 UTC (rev 25044) @@ -0,0 +1,133 @@ +## translation metadata +# Revision: $Revision$ +# Translation-Priority: 4-optional + +#include "head.wmi" TITLE="Tor Project: Signing keys" CHARSET="UTF-8" +<div id="content" class="clearfix"> + <div id="breadcrumbs"> + <a href="<page index>">Home » </a> + <a href="<page docs/verifying-signatures>">Verifying Signatures</a> + </div> + <div id="maincol"> + <h1>Which PGP keys sign which packages</h1> + <hr> + + <p>The signing keys we use are:</p> + <ul> + <li>Roger's (0x28988BF5) typically signs the source code file.</li> + <li>Nick's (0x165733EA, or its subkey 0x8D29319A).</li> + <li>Andrew's (0x31B0974B) typically signed older packages for windows and mac.</li> + <li>Peter's (0xC82E0039, or its subkey 0xE1DEC577).</li> + <li>Tomás's (0x9A753A6B) signs current Vidalia release tarballs and tags.</li> + <li>Matt's (0x5FA14861) signed older Vidalia release tarballs.</li> + <li>Damian's (0x9ABBEEC6) signs Arm releases</li> + <li>Jacob's (0xE012B42D).</li> + <li>Erinn's (0x63FEE659) and (0xF1F5C9B5) typically signs all windows, mac, and most linux packages.</li> + <li>Mike's (0xDDC6C0AD) signs the Torbutton xpi.</li> + <li>Karsten's (0xF7C11265) signs the metrics archives and tools.</li> + <li>Robert Hogan's (0x22F6856F) signs torsocks release tarballs and tags.</li> + <li>Nathan's (0xB374CBD2) signs the Android APK file for Orbot.</li> + <li>Tor Project Archive (0x886DDD89) signs the deb.torproject.org repositories and archives</li> + </ul> + + The fingerprints for the keys should be: + + <pre> + pub 1024D/28988BF5 2000-02-27 + Key fingerprint = B117 2656 DFF9 83C3 042B C699 EB5A 896A 2898 8BF5 + uid Roger Dingledine <arma(a)mit.edu> + + pub 3072R/165733EA 2004-07-03 + Key fingerprint = B35B F85B F194 89D0 4E28 C33C 2119 4EBB 1657 33EA + uid Nick Mathewson <nickm(a)alum.mit.edu> + uid Nick Mathewson <nickm(a)wangafu.net> + uid Nick Mathewson <nickm(a)freehaven.net> + + pub 1024D/31B0974B 2003-07-17 + Key fingerprint = 0295 9AA7 190A B9E9 027E 0736 3B9D 093F 31B0 974B + uid Andrew Lewman (phobos) <phobos(a)rootme.org> + uid Andrew Lewman <andrew(a)lewman.com> + uid Andrew Lewman <andrew(a)torproject.org> + sub 4096g/B77F95F7 2003-07-17 + + pub 4096R/C82E0039 2003-03-24 + Key fingerprint = 25FC 1614 B8F8 7B52 FF2F 99B9 62AF 4031 C82E 0039 + uid Peter Palfrader + uid Peter Palfrader <peter(a)palfrader.org> + uid Peter Palfrader <weasel(a)debian.org> + + pub 1024D/9A753A6B 2009-09-11 + Key fingerprint = 553D 7C2C 626E F16F 27F3 30BC 95E3 881D 9A75 3A6B + uid Tomás Touceda <chiiph(a)gmail.com> + sub 1024g/33BE0E5B 2009-09-11 + + pub 1024D/5FA14861 2005-08-17 + Key fingerprint = 9467 294A 9985 3C9C 65CB 141D AF7E 0E43 5FA1 4861 + uid Matt Edman <edmanm(a)rpi.edu> + uid Matt Edman <Matt_Edman(a)baylor.edu> + uid Matt Edman <edmanm2(a)cs.rpi.edu> + sub 4096g/EA654E59 2005-08-17 + + pub 1024D/9ABBEEC6 2009-06-17 + Key fingerprint = 6827 8CC5 DD2D 1E85 C4E4 5AD9 0445 B7AB 9ABB EEC6 + uid Damian Johnson (www.atagar.com) <atagar1(a)gmail.com> + uid Damian Johnson <atagar(a)torproject.org> + sub 2048g/146276B2 2009-06-17 + sub 2048R/87F30690 2010-08-07 + + pub 4096R/E012B42D 2010-05-07 + Key fingerprint = D8C9 AF51 CAA9 CAEA D3D8 9C9E A34F A745 E012 B42D + uid Jacob Appelbaum <jacob(a)appelbaum.net> + uid Jacob Appelbaum <jacob(a)torproject.org> + sub 4096R/7CA91A52 2010-05-07 [expires: 2011-05-07] + + pub 2048R/63FEE659 2003-10-16 + Key fingerprint = 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659 + uid Erinn Clark <erinn(a)torproject.org> + uid Erinn Clark <erinn(a)debian.org> + uid Erinn Clark <erinn(a)double-helix.org> + sub 2048R/EB399FD7 2003-10-16 + + pub 1024D/F1F5C9B5 2010-02-03 + Key fingerprint = C2E3 4CFC 13C6 2BD9 2C75 79B5 6B8A AEB1 F1F5 C9B5 + uid Erinn Clark <erinn(a)torproject.org> + sub 1024g/7828F26A 2010-02-03 + + pub 1024D/DDC6C0AD 2006-07-26 + Key fingerprint = BECD 90ED D1EE 8736 7980 ECF8 1B0C A30C DDC6 C0AD + uid Mike Perry <mikeperry(a)fscked.org> + uid Mike Perry <mikepery(a)fscked.org> + sub 4096g/AF0A91D7 2006-07-26 + + pub 1024D/F7C11265 2007-03-09 [expires: 2012-03-01] + Key fingerprint = FC8A EEF1 792E EE71 D721 7D47 D0CF 963D F7C1 1265 + uid Karsten Loesing <karsten.loesing(a)gmx.net> + sub 2048g/75D85E4B 2007-03-09 [expires: 2012-03-01] + + pub 1024D/22F6856F 2006-08-19 + Key fingerprint = DDB4 6B5B 7950 CD47 E59B 5189 4C09 25CF 22F6 856F + uid Robert Hogan <robert(a)roberthogan.net> + sub 1024g/FC4A9460 2006-08-19 + + pub 3072D/B374CBD2 2010-06-09 [expires: 2011-06-09] + Key fingerprint = B92B CA64 72F7 C6F0 8D47 8503 D2AC D203 B374 CBD2 + uid Nathan of Guardian <nathan(a)guardianproject.info> + sub 4096g/B5878C3B 2010-06-09 [expires: 2011-06-09] + + pub 2048R/886DDD89 2009-09-04 [expires: 2014-09-03] + Key fingerprint = A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89 + uid deb.torproject.org archive signing key + sub 2048R/219EC810 2009-09-04 [expires: 2012-09-03] + </pre> + + </div> +  + <div id = "sidecol"> +#include "side.wmi" +#include "info.wmi" + </div> +  +</div> + +#include <foot.wmi> + Property changes on: website/trunk/docs/en/signing-keys.wml ___________________________________________________________________ Added: svn:keywords + Author Date Id Revision Added: svn:eol-style + native

1 0

[tor/master] Check for lround with autoconf; fall back to rint.
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit 0ac4b0f99d12a76f07f24d747a77f2bc07e481e3 Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Aug 30 22:22:15 2011 -0400 Check for lround with autoconf; fall back to rint. --- configure.in | 2 +- src/common/util.c | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/configure.in b/configure.in index 4e84298..df1b709 100644 --- a/configure.in +++ b/configure.in @@ -223,7 +223,7 @@ dnl ------------------------------------------------------------------- dnl Check for functions before libevent, since libevent-1.2 apparently dnl exports strlcpy without defining it in a header. -AC_CHECK_FUNCS(gettimeofday ftime socketpair uname inet_aton strptime getrlimit strlcat strlcpy strtoull getaddrinfo localtime_r gmtime_r memmem strtok_r writev readv flock prctl vasprintf) +AC_CHECK_FUNCS(gettimeofday ftime socketpair uname inet_aton strptime getrlimit strlcat strlcpy strtoull getaddrinfo localtime_r gmtime_r memmem strtok_r writev readv flock prctl vasprintf lround rint) using_custom_malloc=no if test x$enable_openbsd_malloc = xyes ; then diff --git a/src/common/util.c b/src/common/util.c index ee0acbb..de1ca36 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -334,10 +334,12 @@ tor_mathlog(double d) long tor_lround(double d) { -#ifdef _MSC_VER - return (long)(d > 0 ? d + 0.5 : ceil(d - 0.5)); -#else +#if defined(HAVE_LROUND) return lround(d); +#elif defined(HAVE_RINT) + return (long)rint(d); +#else + return (long)(d > 0 ? d + 0.5 : ceil(d - 0.5)); #endif }

1 0

[tor/master] Add changes file for bsd4 fixes
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit 45ca0d2bfacc2ab54a5eb580ba8993a6919906a3 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Sep 9 10:40:54 2011 -0400 Add changes file for bsd4 fixes --- changes/bug3894 | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/changes/bug3894 b/changes/bug3894 new file mode 100644 index 0000000..4c2220a --- /dev/null +++ b/changes/bug3894 @@ -0,0 +1,4 @@ + o Build fixes: + - Clean up some code issues that prevented Tor from building on older + BSDs. Fixes bug 3894; reported by grarpamp. +

1 0

[tor/master] Merge remote-tracking branch 'public/enhance_replay_detection' into maint-0.2.2
by nickm＠torproject.org 09 Sep '11

09 Sep '11

commit 4467799f45346a59c37de9337b24ace361cb8b6a Merge: dfa6cde cb9226b Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Sep 9 12:53:45 2011 -0400 Merge remote-tracking branch 'public/enhance_replay_detection' into maint-0.2.2 changes/replay-firstpart | 13 +++++++++++++ src/or/rendservice.c | 26 +++++++++++++++++++++++--- 2 files changed, 36 insertions(+), 3 deletions(-)

1 0