const uint8_t *end_of_keys = keys + keylen;
// Relays encrypt; clients decrypt.
// Don't reverse this: UIV+ is only non-malleable for _encryption_.
- bool encrypt = (mode == CGO_MODE_RELAY);
+ bool encrypt = (mode == CGO_MODE_RELAY_BACKWARD ||
+ mode == CGO_MODE_RELAY_FORWARD);
int r;
cgo_crypt_t *cgo = tor_malloc_zero(sizeof(cgo_crypt_t));
static void
cgo_crypt_update(cgo_crypt_t *cgo, cgo_mode_t mode)
{
- bool encrypt = (mode == CGO_MODE_RELAY);
+ bool encrypt = (mode == CGO_MODE_RELAY_BACKWARD ||
+ mode == CGO_MODE_RELAY_FORWARD);
cgo_uiv_update(&cgo->uiv, cgo->aes_bytes * 8, encrypt, cgo->nonce);
}
cgo_uiv_encrypt(&cgo->uiv, h, cell->payload);
memcpy(cgo->tprime, cell->payload, CGO_TAG_LEN);
if (tor_memeq(cell->payload, cgo->nonce, CGO_TAG_LEN)) {
- cgo_crypt_update(cgo, CGO_MODE_RELAY);
+ cgo_crypt_update(cgo, CGO_MODE_RELAY_FORWARD);
// XXXX: Here and in Arti, we've used tprime as the value
// of our tag, but the proposal says to use T. We should
// fix that, unless the CGO implementors say it's better!
// fix that, unless the CGO implementors say it's better!
*tag_out = cgo->tprime;
}
- cgo_crypt_update(cgo, CGO_MODE_RELAY);
+ cgo_crypt_update(cgo, CGO_MODE_RELAY_BACKWARD);
}
/**
{
memcpy(cell->payload, cgo->nonce, CGO_TAG_LEN);
cgo_crypt_client_forward(cgo, cell);
- cgo_crypt_update(cgo, CGO_MODE_CLIENT);
+ cgo_crypt_update(cgo, CGO_MODE_CLIENT_FORWARD);
// XXXX: Here and elsewhere, we've used tprime as the value
// of our tag, but the proposal says to use T. We should
// fix that, unless the CGO implementors say it's better!
memcpy(cgo->tprime, t_orig, CGO_TAG_LEN);
if (tor_memeq(cell->payload, cgo->nonce, CGO_TAG_LEN)) {
memcpy(cgo->nonce, t_orig, CGO_TAG_LEN);
- cgo_crypt_update(cgo, CGO_MODE_CLIENT);
+ cgo_crypt_update(cgo, CGO_MODE_CLIENT_BACKWARD);
// XXXX: Here and elsewhere, we've used tprime as the value
// of our tag, but the proposal says to use T. We should
// fix that, unless the CGO implementors say it's better!
tt_uint_op(klen, OP_LE, sizeof(key_material[0]));
crypto_rand((char*)&key_material, sizeof(key_material));
for (int i = 0; i < N_HOPS; ++i) {
- client[i] = cgo_crypt_new(CGO_MODE_CLIENT,
+ client[i] = cgo_crypt_new(CGO_MODE_CLIENT_FORWARD,
aesbits, key_material[i], klen);
- relays[i] = cgo_crypt_new(CGO_MODE_RELAY,
+ relays[i] = cgo_crypt_new(CGO_MODE_RELAY_FORWARD,
aesbits, key_material[i], klen);
}
for (int trial = 0; trial < 64; ++trial) {
tt_uint_op(klen, OP_LE, sizeof(key_material[0]));
crypto_rand((char*)&key_material, sizeof(key_material));
for (int i = 0; i < N_HOPS; ++i) {
- client[i] = cgo_crypt_new(CGO_MODE_CLIENT,
+ client[i] = cgo_crypt_new(CGO_MODE_CLIENT_BACKWARD,
aesbits, key_material[i], klen);
- relays[i] = cgo_crypt_new(CGO_MODE_RELAY,
+ relays[i] = cgo_crypt_new(CGO_MODE_RELAY_BACKWARD,
aesbits, key_material[i], klen);
}
for (int trial = 0; trial < 64; ++trial) {
cell_t expect_cell;
tt_int_op(sizeof(keys), OP_EQ, cgo_key_material_len(aesbits));
UNHEX2(keys, tv->state_in.keys, tv->state_in.nonce);
- cgo = cgo_crypt_new(CGO_MODE_RELAY, aesbits, keys, sizeof(keys));
+ cgo_mode_t mode =
+ tv->inbound ? CGO_MODE_RELAY_BACKWARD : CGO_MODE_RELAY_FORWARD;
+ cgo = cgo_crypt_new(mode, aesbits, keys, sizeof(keys));
tt_assert(cgo);
UNHEX(cgo->tprime, tv->state_in.tprime);
memset(&cell, 0, sizeof(cell));
cell_t expect_cell;
tt_int_op(sizeof(keys), OP_EQ, cgo_key_material_len(aesbits));
UNHEX2(keys, tv->state_in.keys, tv->state_in.nonce);
- cgo = cgo_crypt_new(CGO_MODE_RELAY, aesbits, keys, sizeof(keys));
+ cgo = cgo_crypt_new(CGO_MODE_RELAY_BACKWARD, aesbits, keys, sizeof(keys));
tt_assert(cgo);
UNHEX(cgo->tprime, tv->state_in.tprime);
memset(&cell, 0, sizeof(cell));
for (int i = 0; i < 3; ++i) {
tt_int_op(sizeof(keys), OP_EQ, cgo_key_material_len(aesbits));
UNHEX2(keys, tv->state_in[i].keys, tv->state_in[i].nonce);
- cgo[i] = cgo_crypt_new(CGO_MODE_CLIENT, aesbits, keys, sizeof(keys));
+ cgo[i] = cgo_crypt_new(CGO_MODE_CLIENT_FORWARD,
+ aesbits, keys, sizeof(keys));
tt_assert(cgo[i]);
UNHEX(cgo[i]->tprime, tv->state_in[i].tprime);
}
projects / thirdparty / tor.git / commitdiff
