commit 83249015c2741be55cf3d084660e6209323b5a1a Author: George Kadianakis desnacked@riseup.net Date: Tue May 2 16:19:12 2017 +0300
Refactor circuit_init_cpath_crypto() to do prop224 rend circuits.
circuit_init_cpath_crypto() is responsible for creating the cpath of legacy SHA1/AES128 circuits currently. We want to use it for prop224 circuits, so we refactor it to create circuits with SHA3-256 and AES256 as well.
Signed-off-by: David Goulet dgoulet@torproject.org --- src/or/circuitbuild.c | 54 ++++++++++++++++++++++++++++++++++++++------------- src/or/circuitbuild.h | 2 +- src/or/rendclient.c | 2 +- src/or/rendservice.c | 2 +- 4 files changed, 43 insertions(+), 17 deletions(-)
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 240c64b..ec7ca2c 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1325,9 +1325,14 @@ circuit_extend(cell_t *cell, circuit_t *circ) return 0; }
-/** Initialize cpath->{f|b}_{crypto|digest} from the key material in - * key_data. key_data must contain CPATH_KEY_MATERIAL bytes, which are - * used as follows: +/** Initialize cpath->{f|b}_{crypto|digest} from the key material in key_data. + * + * If <b>is_hs_v3</b> is set, this cpath will be used for next gen hidden + * service circuits and <b>key_data</b> must be at least + * HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN bytes in length. + * + * If <b>is_hs_v3</b> is not set, key_data must contain CPATH_KEY_MATERIAL + * bytes, which are used as follows: * - 20 to initialize f_digest * - 20 to initialize b_digest * - 16 to key f_crypto @@ -1337,28 +1342,49 @@ circuit_extend(cell_t *cell, circuit_t *circ) */ int circuit_init_cpath_crypto(crypt_path_t *cpath, const char *key_data, - int reverse) + int reverse, int is_hs_v3) { crypto_digest_t *tmp_digest; crypto_cipher_t *tmp_crypto; + size_t digest_len = 0; + size_t cipher_key_len = 0;
tor_assert(cpath); tor_assert(key_data); tor_assert(!(cpath->f_crypto || cpath->b_crypto || cpath->f_digest || cpath->b_digest));
- cpath->f_digest = crypto_digest_new(); - crypto_digest_add_bytes(cpath->f_digest, key_data, DIGEST_LEN); - cpath->b_digest = crypto_digest_new(); - crypto_digest_add_bytes(cpath->b_digest, key_data+DIGEST_LEN, DIGEST_LEN); + /* If we are using this cpath for next gen onion services use SHA3-256, + otherwise use good ol' SHA1 */ + if (is_hs_v3) { + digest_len = DIGEST256_LEN; + cipher_key_len = CIPHER256_KEY_LEN; + cpath->f_digest = crypto_digest256_new(DIGEST_SHA3_256); + cpath->b_digest = crypto_digest256_new(DIGEST_SHA3_256); + } else { + digest_len = DIGEST_LEN; + cipher_key_len = CIPHER_KEY_LEN; + cpath->f_digest = crypto_digest_new(); + cpath->b_digest = crypto_digest_new(); + }
- if (!(cpath->f_crypto = - crypto_cipher_new(key_data+(2*DIGEST_LEN)))) { + tor_assert(digest_len != 0); + tor_assert(cipher_key_len != 0); + + crypto_digest_add_bytes(cpath->f_digest, key_data, digest_len); + crypto_digest_add_bytes(cpath->b_digest, key_data+digest_len, digest_len); + + cpath->f_crypto = crypto_cipher_new_with_bits(key_data+(2*digest_len), + cipher_key_len*8); + if (!cpath->f_crypto) { log_warn(LD_BUG,"Forward cipher initialization failed."); return -1; } - if (!(cpath->b_crypto = - crypto_cipher_new(key_data+(2*DIGEST_LEN)+CIPHER_KEY_LEN))) { + + cpath->b_crypto = crypto_cipher_new_with_bits( + key_data+(2*digest_len)+cipher_key_len, + cipher_key_len*8); + if (!cpath->b_crypto) { log_warn(LD_BUG,"Backward cipher initialization failed."); return -1; } @@ -1424,7 +1450,7 @@ circuit_finish_handshake(origin_circuit_t *circ,
onion_handshake_state_release(&hop->handshake_state);
- if (circuit_init_cpath_crypto(hop, keys, 0)<0) { + if (circuit_init_cpath_crypto(hop, keys, 0, 0)<0) { return -END_CIRC_REASON_TORPROTOCOL; }
@@ -1512,7 +1538,7 @@ onionskin_answer(or_circuit_t *circ, log_debug(LD_CIRC,"init digest forward 0x%.8x, backward 0x%.8x.", (unsigned int)get_uint32(keys), (unsigned int)get_uint32(keys+20)); - if (circuit_init_cpath_crypto(tmp_cpath, keys, 0)<0) { + if (circuit_init_cpath_crypto(tmp_cpath, keys, 0, 0)<0) { log_warn(LD_BUG,"Circuit initialization failed"); tor_free(tmp_cpath); return -1; diff --git a/src/or/circuitbuild.h b/src/or/circuitbuild.h index 45d9b2f..ae6864e 100644 --- a/src/or/circuitbuild.h +++ b/src/or/circuitbuild.h @@ -32,7 +32,7 @@ int circuit_send_next_onion_skin(origin_circuit_t *circ); void circuit_note_clock_jumped(int seconds_elapsed); int circuit_extend(cell_t *cell, circuit_t *circ); int circuit_init_cpath_crypto(crypt_path_t *cpath, const char *key_data, - int reverse); + int reverse, int is_hs_v3); struct created_cell_t; int circuit_finish_handshake(origin_circuit_t *circ, const struct created_cell_t *created_cell); diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 9bc2d62..3cf67b5 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -1184,7 +1184,7 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request, goto err; } /* ... and set up cpath. */ - if (circuit_init_cpath_crypto(hop, keys+DIGEST_LEN, 0)<0) + if (circuit_init_cpath_crypto(hop, keys+DIGEST_LEN, 0, 0)<0) goto err;
/* Check whether the digest is right... */ diff --git a/src/or/rendservice.c b/src/or/rendservice.c index f3b78c4..d389a87 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -2195,7 +2195,7 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
cpath->rend_dh_handshake_state = dh; dh = NULL; - if (circuit_init_cpath_crypto(cpath,keys+DIGEST_LEN,1)<0) + if (circuit_init_cpath_crypto(cpath,keys+DIGEST_LEN,1, 0)<0) goto err; memcpy(cpath->rend_circ_nonce, keys, DIGEST_LEN);