[tor-commits] [tor/master] Split the cryptographic part of handle_client_auth_nonce into new fn

Thu Aug 15 16:16:46 UTC 2013

commit b64351ed17f3d30425e1e007de50ef66c2b6c789
Author: Nick Mathewson <nickm at torproject.org>
Date:   Wed Jul 31 12:31:26 2013 -0400

    Split the cryptographic part of handle_client_auth_nonce into new fn
---
 src/or/ext_orport.c |   91 +++++++++++++++++++++++++++++++++------------------
 1 file changed, 60 insertions(+), 31 deletions(-)

diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 9b4db73..f4df1b7 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -197,40 +197,19 @@ connection_ext_or_auth_neg_auth_type(connection_t *conn)
   return 1;
 }
 
-/** Read the client's nonce out of <b>conn</b>, setup the safe-cookie
- *  crypto, and then send our own hash and nonce to the client
- *
- *  Return -1 if there was an error; return 0 if we need more data in
- *  <b>conn</b>, and return 1 if we successfully retrieved the
- *  client's nonce and sent our own. */
+/** DOCDOC */
 static int
-connection_ext_or_auth_handle_client_nonce(connection_t *conn)
+handle_client_auth_nonce(const char *client_nonce, size_t client_nonce_len,
+                         char **client_hash_out,
+                         char**reply_out, size_t *reply_len_out)
 {
   char server_hash[EXT_OR_PORT_AUTH_HASH_LEN] = {0};
-  char client_nonce[EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
   char server_nonce[EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
-  char reply[EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
+  char *reply;
+  size_t reply_len;
 
-  if (!ext_or_auth_cookie_is_set) { /* this should not happen */
-    log_warn(LD_BUG, "Extended ORPort authentication cookie was not set. "
-             "That's weird since we should have done that on startup. "
-             "This might be a Tor bug, please file a bug report. ");
+  if (client_nonce_len != EXT_OR_PORT_AUTH_NONCE_LEN)
     return -1;
-  }
-
-  if (connection_get_inbuf_len(conn) < EXT_OR_PORT_AUTH_NONCE_LEN)
-    return 0;
-
-  if (connection_fetch_from_buf(client_nonce,
-                                EXT_OR_PORT_AUTH_NONCE_LEN, conn) < 0)
-    return -1;
-
-  /* We extract the ClientNonce from the received data, and use it to
-     calculate ServerHash and ServerNonce according to proposal 217.
-
-     We also calculate our own ClientHash value and save it in the
-     connection state. We validate it later against the ClientHash
-     sent by the client.  */
 
   /* Get our nonce */
   if (crypto_rand(server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN) < 0)
@@ -278,7 +257,7 @@ connection_ext_or_auth_handle_client_nonce(connection_t *conn)
 
     /* Store the client hash we generated. We will need to compare it
        with the hash sent by the client. */
-    TO_OR_CONN(conn)->ext_or_auth_correct_client_hash = correct_client_hash;
+    *client_hash_out = correct_client_hash;
 
     memwipe(hmac_s_msg, 0, hmac_s_msg_len);
     memwipe(hmac_c_msg, 0, hmac_c_msg_len);
@@ -309,13 +288,63 @@ connection_ext_or_auth_handle_client_nonce(connection_t *conn)
   }
 
   { /* write reply: (server_hash, server_nonce) */
+
+    reply_len = EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_NONCE_LEN;
+    reply = tor_malloc_zero(reply_len);
     memcpy(reply, server_hash, EXT_OR_PORT_AUTH_HASH_LEN);
     memcpy(reply + EXT_OR_PORT_AUTH_HASH_LEN, server_nonce,
            EXT_OR_PORT_AUTH_NONCE_LEN);
-    connection_write_to_buf(reply, sizeof(reply), conn);
-    memwipe(reply, 0, sizeof(reply));
   }
 
+  *reply_out = reply;
+  *reply_len_out = reply_len;
+
+  return 0;
+}
+
+/** Read the client's nonce out of <b>conn</b>, setup the safe-cookie
+ *  crypto, and then send our own hash and nonce to the client
+ *
+ *  Return -1 if there was an error; return 0 if we need more data in
+ *  <b>conn</b>, and return 1 if we successfully retrieved the
+ *  client's nonce and sent our own. */
+static int
+connection_ext_or_auth_handle_client_nonce(connection_t *conn)
+{
+  char client_nonce[EXT_OR_PORT_AUTH_NONCE_LEN];
+  char *reply=NULL;
+  size_t reply_len=0;
+
+  if (!ext_or_auth_cookie_is_set) { /* this should not happen */
+    log_warn(LD_BUG, "Extended ORPort authentication cookie was not set. "
+             "That's weird since we should have done that on startup. "
+             "This might be a Tor bug, please file a bug report. ");
+    return -1;
+  }
+
+  if (connection_get_inbuf_len(conn) < EXT_OR_PORT_AUTH_NONCE_LEN)
+    return 0;
+
+  if (connection_fetch_from_buf(client_nonce,
+                                EXT_OR_PORT_AUTH_NONCE_LEN, conn) < 0)
+    return -1;
+
+  /* We extract the ClientNonce from the received data, and use it to
+     calculate ServerHash and ServerNonce according to proposal 217.
+
+     We also calculate our own ClientHash value and save it in the
+     connection state. We validate it later against the ClientHash
+     sent by the client.  */
+  if (handle_client_auth_nonce(client_nonce, sizeof(client_nonce),
+                            &TO_OR_CONN(conn)->ext_or_auth_correct_client_hash,
+                            &reply, &reply_len) < 0)
+    return -1;
+
+  connection_write_to_buf(reply, reply_len, conn);
+
+  memwipe(reply, 0, reply_len);
+  tor_free(reply);
+
   log_debug(LD_GENERAL, "Got client nonce, and sent our own nonce and hash.");
 
   conn->state = EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH;



