[or-cvs] Document stuff, reduce magic numbers, add emacs magic
Nick Mathewson
nickm at seul.org
Tue Apr 6 03:44:38 UTC 2004
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv9571/src/or
Modified Files:
rendclient.c rendcommon.c rendmid.c rendservice.c
Log Message:
Document stuff, reduce magic numbers, add emacs magic
Index: rendclient.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendclient.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- rendclient.c 5 Apr 2004 23:40:59 -0000 1.19
+++ rendclient.c 6 Apr 2004 03:44:36 -0000 1.20
@@ -41,12 +41,15 @@
return 0;
}
+/* Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
+ * down introcirc if possible.
+ */
int
rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
const char *descp;
int desc_len, payload_len, r;
char payload[RELAY_PAYLOAD_SIZE];
- char tmp[20+20+128];
+ char tmp[(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+DH_KEY_LEN];
rend_service_descriptor_t *parsed=NULL;
crypt_path_t *cpath;
@@ -85,22 +88,25 @@
}
/* write the remaining items into tmp */
- strncpy(tmp, rendcirc->build_state->chosen_exit, 20); /* nul pads */
- memcpy(tmp+20, rendcirc->rend_cookie, 20);
- if (crypto_dh_get_public(cpath->handshake_state, tmp+40, 128)<0) {
+ strncpy(tmp, rendcirc->build_state->chosen_exit, (MAX_NICKNAME_LEN+1)); /* nul pads */
+ memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_cookie, REND_COOKIE_LEN);
+ if (crypto_dh_get_public(cpath->handshake_state,
+ tmp+MAX_NICKNAME_LEN+1+REND_COOKIE_LEN,
+ DH_KEY_LEN)<0) {
log_fn(LOG_WARN, "Couldn't extract g^x");
goto err;
}
r = crypto_pk_public_hybrid_encrypt(parsed->pk, tmp,
- 20+20+128, payload+20,
+ MAX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN,
+ payload+DIGEST_LEN,
PK_PKCS1_OAEP_PADDING);
if (r<0) {
log_fn(LOG_WARN,"hybrid pk encrypt failed.");
goto err;
}
- payload_len = 20 + r;
+ payload_len = DIGEST_LEN + r;
rend_service_descriptor_free(parsed);
@@ -142,6 +148,9 @@
connection_ap_attach_pending();
}
+/* Called when we recieve a RENDEZVOUS_ESTABLISHED cell; changes the state of
+ * the circuit to C_REND_READY.
+ */
int
rend_client_rendezvous_acked(circuit_t *circ, const char *request, int request_len)
{
Index: rendcommon.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendcommon.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- rendcommon.c 5 Apr 2004 07:41:31 -0000 1.18
+++ rendcommon.c 6 Apr 2004 03:44:36 -0000 1.19
@@ -4,6 +4,8 @@
#include "or.h"
+/* Free the storage held by held by 'desc'.
+ */
void rend_service_descriptor_free(rend_service_descriptor_t *desc)
{
int i;
@@ -18,6 +20,9 @@
tor_free(desc);
}
+/* Encode a service descriptor for 'desc', and sign it with 'key'. Stores
+ * the descriptor in *str_out, and sets *len_out to its length.
+ */
int
rend_encode_service_descriptor(rend_service_descriptor_t *desc,
crypto_pk_env_t *key,
@@ -120,6 +125,9 @@
return NULL;
}
+/* Sets out to the first 10 bytes of the digest of 'pk', base32 encoded.
+ * NUL-terminates out.
+ */
int rend_get_service_id(crypto_pk_env_t *pk, char *out)
{
char buf[DIGEST_LEN];
@@ -136,18 +144,22 @@
#define REND_CACHE_MAX_SKEW 60*60
typedef struct rend_cache_entry_t {
- int len;
- char *desc;
- rend_service_descriptor_t *parsed;
+ int len; /* Length of desc */
+ char *desc; /* Service descriptor */
+ rend_service_descriptor_t *parsed; /* Parsed vvalue of 'desc' */
} rend_cache_entry_t;
static strmap_t *rend_cache = NULL;
+/* Initializes the service descriptor cache.
+ */
void rend_cache_init(void)
{
rend_cache = strmap_new();
}
+/* Removes all old entries from the service descriptor cache.
+ */
void rend_cache_clean(void)
{
strmap_iter_t *iter;
Index: rendmid.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendmid.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- rendmid.c 5 Apr 2004 21:40:22 -0000 1.14
+++ rendmid.c 6 Apr 2004 03:44:36 -0000 1.15
@@ -5,7 +5,7 @@
#include "or.h"
/* Respond to an ESTABLISH_INTRO cell by setting the circuit's purpose and
- * rendevous service.
+ * service pk digest..
*/
int
rend_mid_establish_intro(circuit_t *circ, const char *request, int request_len)
@@ -85,7 +85,7 @@
/* Now, set up this circuit. */
circ->purpose = CIRCUIT_PURPOSE_INTRO_POINT;
- memcpy(circ->rend_pk_digest, pk_digest, 20);
+ memcpy(circ->rend_pk_digest, pk_digest, DIGEST_LEN);
log_fn(LOG_INFO,
"Established introduction point on circuit %d for service %s",
@@ -116,7 +116,8 @@
goto err;
}
- if (request_len < 246) {
+ if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+
+ DH_KEY_LEN+CIPHER_KEY_LEN+PKCS1_OAEP_PADDING_OVERHEAD)) {
log_fn(LOG_WARN,
"Impossibly short INTRODUCE1 cell on circuit %d; dropping.",
circ->p_circ_id);
@@ -237,7 +238,8 @@
/* Send the RENDEZVOUS2 cell to Alice. */
if (connection_edge_send_command(NULL, rend_circ,
RELAY_COMMAND_RENDEZVOUS2,
- request+20, request_len-20, NULL)) {
+ request+REND_COOKIE_LEN,
+ request_len-REND_COOKIE_LEN, NULL)) {
log_fn(LOG_WARN, "Unable to send RENDEZVOUS2 cell to OP on circuit %d",
rend_circ->p_circ_id);
goto err;
@@ -250,7 +252,7 @@
circ->purpose = CIRCUIT_PURPOSE_REND_ESTABLISHED;
rend_circ->purpose = CIRCUIT_PURPOSE_REND_ESTABLISHED;
- memset(circ->rend_cookie, 0, 20);
+ memset(circ->rend_cookie, 0, REND_COOKIE_LEN);
rend_circ->rend_splice = circ;
circ->rend_splice = rend_circ;
Index: rendservice.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendservice.c,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -d -r1.30 -r1.31
--- rendservice.c 5 Apr 2004 23:40:59 -0000 1.30
+++ rendservice.c 6 Apr 2004 03:44:36 -0000 1.31
@@ -16,6 +16,8 @@
uint32_t real_address;
} rend_service_port_config_t;
+/* Try to maintain this many intro points per service if possible.
+ */
#define NUM_INTRO_POINTS 3
/* Represents a single hidden service running at this OP.
@@ -34,27 +36,32 @@
rend_service_descriptor_t *desc;
} rend_service_t;
-/* A list of rend_service_t.
+/* A list of rend_service_t's for services run on this OP.
*/
static smartlist_t *rend_service_list = NULL;
-static void rend_service_free(rend_service_t *config)
+/* Release the storage held by 'service'.
+ */
+static void rend_service_free(rend_service_t *service)
{
- if (!config) return;
- tor_free(config->directory);
- SMARTLIST_FOREACH(config->ports, void*, p, tor_free(p));
- smartlist_free(config->ports);
- if (config->private_key)
- crypto_free_pk_env(config->private_key);
- tor_free(config->intro_prefer_nodes);
- tor_free(config->intro_exclude_nodes);
- SMARTLIST_FOREACH(config->intro_nodes, void*, p, tor_free(p));
- smartlist_free(config->intro_nodes);
- if (config->desc)
- rend_service_descriptor_free(config->desc);
- tor_free(config);
+ if (!service) return;
+ tor_free(service->directory);
+ SMARTLIST_FOREACH(service->ports, void*, p, tor_free(p));
+ smartlist_free(service->ports);
+ if (service->private_key)
+ crypto_free_pk_env(service->private_key);
+ tor_free(service->intro_prefer_nodes);
+ tor_free(service->intro_exclude_nodes);
+ SMARTLIST_FOREACH(service->intro_nodes, void*, p, tor_free(p));
+ smartlist_free(service->intro_nodes);
+ if (service->desc)
+ rend_service_descriptor_free(service->desc);
+ tor_free(service);
}
+/* Release all the storage held in rend_service_list, and allocate a new,
+ * empty rend_service_list.
+ */
static void rend_service_free_all(void)
{
if (!rend_service_list) {
@@ -67,6 +74,8 @@
rend_service_list = smartlist_create();
}
+/* Validate 'service' and add it to rend_service_list if possible.
+ */
static void add_service(rend_service_t *service)
{
int i;
@@ -94,7 +103,10 @@
}
}
-/* Format: VirtualPort (IP|RealPort|IP:RealPort)?
+/* Parses a real-port to virtual-port mapping and returns a new
+ * rend_service_port_config_t.
+ *
+ * The format is: VirtualPort (IP|RealPort|IP:RealPort)?
* IP defaults to 127.0.0.1; RealPort defaults to VirtualPort.
*/
static rend_service_port_config_t *parse_port_config(const char *string)
@@ -117,7 +129,7 @@
if (!*string) {
/* No addr:port part; use default. */
realport = virtport;
- addr.s_addr = htonl(0x7F000001u);
+ addr.s_addr = htonl(0x7F000001u); /* 127.0.0.1 */
} else {
colon = strchr(string, ':');
if (colon) {
@@ -256,8 +268,8 @@
return -1;
/* Load key */
- if (strlcpy(fname,s->directory,512) >= 512 ||
- strlcat(fname,"/private_key",512) >= 512) {
+ if (strlcpy(fname,s->directory,sizeof(fname)) >= sizeof(fname) ||
+ strlcat(fname,"/private_key",sizeof(fname)) >= sizeof(fname)) {
log_fn(LOG_WARN, "Directory name too long: '%s'", s->directory);
return -1;
}
@@ -274,8 +286,8 @@
log_fn(LOG_WARN, "Couldn't compute hash of public key");
return -1;
}
- if (strlcpy(fname,s->directory,512) >= 512 ||
- strlcat(fname,"/hostname",512) >= 512) {
+ if (strlcpy(fname,s->directory,sizeof(fname)) >= sizeof(fname) ||
+ strlcat(fname,"/hostname",sizeof(fname)) >= sizeof(fname)) {
log_fn(LOG_WARN, "Directory name too long: '%s'", s->directory);
return -1;
}
@@ -286,11 +298,14 @@
return 0;
}
+/* Return the service whose public key has a digest of 'digest'. Return
+ * NULL if no such service exists.
+ */
static rend_service_t *
rend_service_get_by_pk_digest(const char* digest)
{
SMARTLIST_FOREACH(rend_service_list, rend_service_t*, s,
- if (!memcmp(s->pk_digest,digest,20)) return s);
+ if (!memcmp(s->pk_digest,digest,DIGEST_LEN)) return s);
return NULL;
}
@@ -326,9 +341,9 @@
return -1;
}
- /* XXX NM this is wrong, right? */
/* min key length plus digest length plus nickname length */
- if (request_len < 148) {
+ if (request_len < DIGEST_LEN+REND_COOKIE_LEN+(MAX_NICKNAME_LEN+1)+
+ DH_KEY_LEN+42){
log_fn(LOG_WARN, "Got a truncated INTRODUCE2 cell on circ %d",
circuit->n_circ_id);
return -1;
@@ -374,7 +389,7 @@
rp_nickname = buf;
ptr = buf+(MAX_NICKNAME_LEN+1);
len -= (MAX_NICKNAME_LEN+1);
- if (len != 20+128) {
+ if (len != REND_COOKIE_LEN+DH_KEY_LEN) {
log_fn(LOG_WARN, "Bad length for INTRODUCE2 cell.");
return -1;
}
@@ -415,9 +430,9 @@
cpath->handshake_state = dh;
dh = NULL;
- if (circuit_init_cpath_crypto(cpath,keys+20,1)<0)
+ if (circuit_init_cpath_crypto(cpath,keys+DIGEST_LEN,1)<0)
goto err;
- memcpy(cpath->handshake_digest, keys, 20);
+ memcpy(cpath->handshake_digest, keys, DIGEST_LEN);
return 0;
err:
@@ -460,9 +475,8 @@
rend_service_t *service;
int len, r;
char buf[RELAY_PAYLOAD_SIZE];
- char auth[DIGEST_LEN + 10];
+ char auth[DIGEST_LEN + 9];
char hexid[9];
- char hexdigest[DIGEST_LEN*2+1];
assert(circuit->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
assert(circuit->cpath);
@@ -485,15 +499,9 @@
set_uint16(buf, len);
len += 2;
memcpy(auth, circuit->cpath->prev->handshake_digest, DIGEST_LEN);
- /* XXXX remove me once we've debugged this; this info should not be logged.
- */
- hex_encode(circuit->cpath->prev->handshake_digest, DIGEST_LEN, hexdigest);
- log_fn(LOG_INFO,"Handshake information is: %s", hexdigest);
memcpy(auth+DIGEST_LEN, "INTRODUCE", 9);
if (crypto_digest(auth, DIGEST_LEN+9, buf+len))
goto err;
- hex_encode(buf+len, DIGEST_LEN, hexdigest);
- log_fn(LOG_INFO,"Authentication is: %s", hexdigest);
len += 20;
r = crypto_pk_private_sign_digest(service->private_key, buf, len, buf+len);
if (r<0) {
@@ -597,6 +605,10 @@
* Manage introduction points
******/
+/* Return the introduction circuit ending at 'router' for the service
+ * whose public key is 'pk_digest'. Return NULL if no such service is
+ * found.
+ */
static circuit_t *
find_intro_circuit(routerinfo_t *router, const char *pk_digest)
{
More information about the tor-commits
mailing list