[tor-commits] [tor/master] Hiding crypt_path_t: Start with crypt_path.crypto .

dgoulet at torproject.org dgoulet at torproject.org
Wed May 8 12:21:47 UTC 2019


commit 0c5176d00cfe44e645175c23ed48eccbc74b4842
Author: George Kadianakis <desnacked at riseup.net>
Date:   Mon Apr 8 15:16:37 2019 +0300

    Hiding crypt_path_t: Start with crypt_path.crypto .
    
    Create some functions to eventually be able to hide crypt_path_t.crypto.
---
 src/core/crypto/relay_crypto.c | 13 +++++++------
 src/core/crypto/relay_crypto.h |  5 +++++
 src/core/or/crypt_path.c       | 31 ++++++++++++++++++++++++++++++-
 src/core/or/crypt_path.h       | 11 +++++++++++
 src/core/or/crypt_path_st.h    |  7 +++----
 5 files changed, 56 insertions(+), 11 deletions(-)

diff --git a/src/core/crypto/relay_crypto.c b/src/core/crypto/relay_crypto.c
index 893116316..96b1002ca 100644
--- a/src/core/crypto/relay_crypto.c
+++ b/src/core/crypto/relay_crypto.c
@@ -6,6 +6,7 @@
 
 #include "core/or/or.h"
 #include "core/or/circuitlist.h"
+#include "core/or/crypt_path.h"
 #include "app/config/config.h"
 #include "lib/crypt_ops/crypto_cipher.h"
 #include "lib/crypt_ops/crypto_util.h"
@@ -21,7 +22,7 @@
 /** Update digest from the payload of cell. Assign integrity part to
  * cell.
  */
-static void
+void
 relay_set_digest(crypto_digest_t *digest, cell_t *cell)
 {
   char integrity[4];
@@ -85,7 +86,7 @@ relay_digest_matches(crypto_digest_t *digest, cell_t *cell)
  *
  * Note that we use the same operation for encrypting and for decrypting.
  */
-static void
+void
 relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in)
 {
   crypto_cipher_crypt_inplace(cipher, (char*) in, CELL_PAYLOAD_SIZE);
@@ -152,12 +153,12 @@ relay_decrypt_cell(circuit_t *circ, cell_t *cell,
         tor_assert(thishop);
 
         /* decrypt one layer */
-        relay_crypt_one_payload(thishop->crypto.b_crypto, cell->payload);
+        cpath_crypt_cell(thishop, cell->payload, true);
 
         relay_header_unpack(&rh, cell->payload);
         if (rh.recognized == 0) {
           /* it's possibly recognized. have to check digest to be sure. */
-          if (relay_digest_matches(thishop->crypto.b_digest, cell)) {
+          if (relay_digest_matches(cpath_get_incoming_digest(thishop), cell)) {
             *recognized = 1;
             *layer_hint = thishop;
             /* This cell is for us. Keep a record of this cell because we will
@@ -210,14 +211,14 @@ relay_encrypt_cell_outbound(cell_t *cell,
                             crypt_path_t *layer_hint)
 {
   crypt_path_t *thishop; /* counter for repeated crypts */
-  relay_set_digest(layer_hint->crypto.f_digest, cell);
+  cpath_set_cell_forward_digest(layer_hint, cell);
 
   thishop = layer_hint;
   /* moving from farthest to nearest hop */
   do {
     tor_assert(thishop);
     log_debug(LD_OR,"encrypting a layer of the relay cell.");
-    relay_crypt_one_payload(thishop->crypto.f_crypto, cell->payload);
+    cpath_crypt_cell(thishop, cell->payload, false);
 
     thishop = thishop->prev;
   } while (thishop != circ->cpath->prev);
diff --git a/src/core/crypto/relay_crypto.h b/src/core/crypto/relay_crypto.h
index bcc153183..7f09219c7 100644
--- a/src/core/crypto/relay_crypto.h
+++ b/src/core/crypto/relay_crypto.h
@@ -29,6 +29,11 @@ void relay_crypto_assert_ok(const relay_crypto_t *crypto);
 
 uint8_t *relay_crypto_get_sendme_digest(relay_crypto_t *crypto);
 void relay_crypto_record_sendme_digest(relay_crypto_t *crypto);
+void
+relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in);
+
+void
+relay_set_digest(crypto_digest_t *digest, cell_t *cell);
 
 #endif /* !defined(TOR_RELAY_CRYPTO_H) */
 
diff --git a/src/core/or/crypt_path.c b/src/core/or/crypt_path.c
index ad1255c86..9fc3e013b 100644
--- a/src/core/or/crypt_path.c
+++ b/src/core/or/crypt_path.c
@@ -20,6 +20,7 @@
 #include "core/or/circuitlist.h"
 
 #include "core/or/crypt_path_st.h"
+#include "core/or/cell_st.h"
 
 /** Add <b>new_hop</b> to the end of the doubly-linked-list <b>head_ptr</b>.
  * This function is used to extend cpath by another hop.
@@ -96,7 +97,7 @@ assert_cpath_layer_ok(const crypt_path_t *cp)
   switch (cp->state)
     {
     case CPATH_STATE_OPEN:
-      relay_crypto_assert_ok(&cp->crypto);
+      relay_crypto_assert_ok(&cp->private->crypto);
       /* fall through */
     case CPATH_STATE_CLOSED:
       /*XXXX Assert that there's no handshake_state either. */
@@ -113,3 +114,31 @@ assert_cpath_layer_ok(const crypt_path_t *cp)
   tor_assert(cp->deliver_window >= 0);
 }
 
+/********************** cpath crypto API *******************************/
+
+/** Encrypt or decrypt <b>payload</b> using the crypto of <b>cpath</b>. Actual
+ *  operation decided by <b>is_decrypt</b>.  */
+void
+cpath_crypt_cell(const crypt_path_t *cpath, uint8_t *payload, bool is_decrypt)
+{
+  if (is_decrypt) {
+    relay_crypt_one_payload(cpath->private->crypto.b_crypto, payload);
+  } else {
+    relay_crypt_one_payload(cpath->private->crypto.f_crypto, payload);
+  }
+}
+
+/** Getter for the incoming digest of <b>cpath</b>. */
+struct crypto_digest_t *
+cpath_get_incoming_digest(const crypt_path_t *cpath)
+{
+  return cpath->private->crypto.b_digest;
+}
+
+/** Set the right integrity digest on the outgoing <b>cell</b> based on the
+ *  cell payload and update the forward digest of <b>cpath</b>. */
+void
+cpath_set_cell_forward_digest(crypt_path_t *cpath, cell_t *cell)
+{
+  relay_set_digest(cpath->private->crypto.f_digest, cell);
+}
diff --git a/src/core/or/crypt_path.h b/src/core/or/crypt_path.h
index 7614aaff2..fe25d85cf 100644
--- a/src/core/or/crypt_path.h
+++ b/src/core/or/crypt_path.h
@@ -15,3 +15,14 @@ int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice);
 /* rename */
 void onion_append_to_cpath(crypt_path_t **head_ptr, crypt_path_t *new_hop);
 
+
+void
+cpath_crypt_cell(const crypt_path_t *cpath, uint8_t *payload, bool is_decrypt);
+
+struct crypto_digest_t *
+cpath_get_incoming_digest(const crypt_path_t *cpath);
+
+void
+cpath_set_cell_forward_digest(crypt_path_t *cpath, cell_t *cell);
+
+
diff --git a/src/core/or/crypt_path_st.h b/src/core/or/crypt_path_st.h
index 90f6a3788..833cfefad 100644
--- a/src/core/or/crypt_path_st.h
+++ b/src/core/or/crypt_path_st.h
@@ -29,6 +29,9 @@ struct onion_handshake_state_t {
 /* The private parts of crypt path that don't need to be exposed to all the
  * modules. */
 struct crypt_path_private_t {
+  /** Cryptographic state used for encrypting and authenticating relay
+   * cells to and from this hop. */
+  relay_crypto_t crypto;
 };
 
 #endif
@@ -38,10 +41,6 @@ struct crypt_path_private_t {
 struct crypt_path_t {
   uint32_t magic;
 
-  /** Cryptographic state used for encrypting and authenticating relay
-   * cells to and from this hop. */
-  relay_crypto_t crypto;
-
   /** Current state of the handshake as performed with the OR at this
    * step. */
   onion_handshake_state_t handshake_state;





More information about the tor-commits mailing list