[tor-commits] [tor/master] Refactor the CREATE_FAST handshake code to match the others.
nickm at torproject.org
nickm at torproject.org
Thu Jan 3 16:52:58 UTC 2013
commit 5fa1c7484cba293e6467acbca06a4143ce9da68d
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue Dec 4 16:51:31 2012 -0500
Refactor the CREATE_FAST handshake code to match the others.
---
src/or/circuitbuild.c | 11 +++++++----
src/or/circuitlist.c | 2 ++
src/or/onion_fast.c | 26 ++++++++++++++++++++++++--
src/or/onion_fast.h | 16 ++++++++++++++--
src/or/or.h | 3 ++-
5 files changed, 49 insertions(+), 9 deletions(-)
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 33a1351..b6cf125 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -645,11 +645,14 @@ circuit_send_next_onion_skin(origin_circuit_t *circ)
* new OR: we can be speedy and use CREATE_FAST to save an RSA operation
* and a DH operation. */
cell_type = CELL_CREATE_FAST;
+
memset(payload, 0, sizeof(payload));
- crypto_rand((char*) circ->cpath->fast_handshake_state,
- sizeof(circ->cpath->fast_handshake_state));
- memcpy(payload, circ->cpath->fast_handshake_state,
- sizeof(circ->cpath->fast_handshake_state));
+ if (fast_onionskin_create(&circ->cpath->fast_handshake_state,
+ (uint8_t *)payload) < 0) {
+ log_warn(LD_CIRC,"onion_skin_create FAST (first hop) failed.");
+ return - END_CIRC_REASON_INTERNAL;
+ }
+
note_request("cell: create fast", 1);
}
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index abb8395..2c17fd2 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -23,6 +23,7 @@
#include "networkstatus.h"
#include "nodelist.h"
#include "onion.h"
+#include "onion_fast.h"
#include "relay.h"
#include "rendclient.h"
#include "rendcommon.h"
@@ -744,6 +745,7 @@ circuit_free_cpath_node(crypt_path_t *victim)
crypto_digest_free(victim->f_digest);
crypto_digest_free(victim->b_digest);
crypto_dh_free(victim->dh_handshake_state);
+ fast_handshake_state_free(victim->fast_handshake_state);
extend_info_free(victim->extend_info);
memwipe(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */
diff --git a/src/or/onion_fast.c b/src/or/onion_fast.c
index 8d09de7..f33b048 100644
--- a/src/or/onion_fast.c
+++ b/src/or/onion_fast.c
@@ -12,6 +12,28 @@
#include "or.h"
#include "onion_fast.h"
+/**DOCDOC*/
+void
+fast_handshake_state_free(fast_handshake_state_t *victim)
+{
+ if (! victim)
+ return;
+ memwipe(victim, 0, sizeof(fast_handshake_state_t));
+ tor_free(victim);
+}
+
+/** DOCDOC */
+int
+fast_onionskin_create(fast_handshake_state_t **handshake_state_out,
+ uint8_t *handshake_out)
+{
+ fast_handshake_state_t *s;
+ *handshake_state_out = s =tor_malloc(sizeof(fast_handshake_state_t));
+ crypto_rand((char*)s->state, sizeof(s->state));
+ memcpy(handshake_out, s->state, DIGEST_LEN);
+ return 0;
+}
+
/** Implement the server side of the CREATE_FAST abbreviated handshake. The
* client has provided DIGEST_LEN key bytes in <b>key_in</b> ("x"). We
* generate a reply of DIGEST_LEN*2 bytes in <b>key_out</b>, consisting of a
@@ -63,7 +85,7 @@ fast_server_handshake(const uint8_t *key_in, /* DIGEST_LEN bytes */
* and protected by TLS).
*/
int
-fast_client_handshake(const uint8_t *handshake_state,/*DIGEST_LEN bytes*/
+fast_client_handshake(const fast_handshake_state_t *handshake_state,
const uint8_t *handshake_reply_out,/*DIGEST_LEN*2 bytes*/
uint8_t *key_out,
size_t key_out_len)
@@ -73,7 +95,7 @@ fast_client_handshake(const uint8_t *handshake_state,/*DIGEST_LEN bytes*/
size_t out_len;
int r = -1;
- memcpy(tmp, handshake_state, DIGEST_LEN);
+ memcpy(tmp, handshake_state->state, DIGEST_LEN);
memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN);
out_len = key_out_len+DIGEST_LEN;
out = tor_malloc(out_len);
diff --git a/src/or/onion_fast.h b/src/or/onion_fast.h
index 5c9d59e..2d652cc 100644
--- a/src/or/onion_fast.h
+++ b/src/or/onion_fast.h
@@ -12,12 +12,24 @@
#ifndef TOR_ONION_FAST_H
#define TOR_ONION_FAST_H
-int fast_server_handshake(const uint8_t *key_in,
+#define CREATE_FAST_LEN DIGEST_LEN
+#define CREATED_FAST_LEN DIGEST_LEN*2
+
+typedef struct fast_handshake_state_t {
+ uint8_t state[DIGEST_LEN];
+} fast_handshake_state_t;
+
+void fast_handshake_state_free(fast_handshake_state_t *victim);
+
+int fast_onionskin_create(fast_handshake_state_t **handshake_state_out,
+ uint8_t *handshake_out);
+
+int fast_server_handshake(const uint8_t *message_in,
uint8_t *handshake_reply_out,
uint8_t *key_out,
size_t key_out_len);
-int fast_client_handshake(const uint8_t *handshake_state,
+int fast_client_handshake(const fast_handshake_state_t *handshake_state,
const uint8_t *handshake_reply_out,
uint8_t *key_out,
size_t key_out_len);
diff --git a/src/or/or.h b/src/or/or.h
index 219336b..6fada77 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2524,6 +2524,7 @@ typedef enum {
#define CRYPT_PATH_MAGIC 0x70127012u
+struct fast_handshake_state_t;
/** Holds accounting information for a single step in the layered encryption
* performed by a circuit. Used only at the client edge of a circuit. */
typedef struct crypt_path_t {
@@ -2550,7 +2551,7 @@ typedef struct crypt_path_t {
* authentication, secrecy, and integrity we need, and we're already
* distinguishable from an OR.
*/
- uint8_t fast_handshake_state[DIGEST_LEN];
+ struct fast_handshake_state_t *fast_handshake_state;
/** Negotiated key material shared with the OR at this step. */
char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */
More information about the tor-commits
mailing list