From: Nick Mathewson Date: Wed, 28 May 2025 18:50:09 +0000 (-0400) Subject: Turn tor1_crypt_t into a distinct type. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=144c7c4613cb5cbeb9d3befb9d6d8b1c3375e6ef;p=thirdparty%2Ftor.git Turn tor1_crypt_t into a distinct type. --- diff --git a/src/core/crypto/include.am b/src/core/crypto/include.am index 59b6fd74f8..22a7c655ef 100644 --- a/src/core/crypto/include.am +++ b/src/core/crypto/include.am @@ -20,4 +20,5 @@ noinst_HEADERS += \ src/core/crypto/relay_crypto.h \ src/core/crypto/relay_crypto_st.h \ src/core/crypto/relay_crypto_cgo.h \ - src/core/crypto/relay_crypto_tor1.h + src/core/crypto/relay_crypto_tor1.h \ + src/core/crypto/tor1_crypt_st.h diff --git a/src/core/crypto/relay_crypto.c b/src/core/crypto/relay_crypto.c index bc69f4ef25..6887e7a737 100644 --- a/src/core/crypto/relay_crypto.c +++ b/src/core/crypto/relay_crypto.c @@ -42,7 +42,7 @@ relay_crypto_get_sendme_tag(relay_crypto_t *crypto, { tor_assert(crypto); *len_out = DIGEST_LEN; - return crypto->sendme_digest; + return crypto->tor1.sendme_digest; } /** Do the appropriate en/decryptions for cell arriving on @@ -86,8 +86,8 @@ relay_decrypt_cell(circuit_t *circ, cell_t *cell, do { /* Remember: cpath is in forward order, that is, first hop first. */ tor_assert(thishop); - bool rec = tor1_crypt_client_backward(&thishop->pvt_crypto, cell); - + bool rec = tor1_crypt_client_backward( + &thishop->pvt_crypto.tor1, cell); if (rec) { *recognized = 1; *layer_hint = thishop; @@ -101,13 +101,13 @@ relay_decrypt_cell(circuit_t *circ, cell_t *cell, } else { /* We're in the middle. Encrypt one layer. */ relay_crypto_t *crypto = &TO_OR_CIRCUIT(circ)->crypto; - tor1_crypt_relay_backward(crypto, cell); + tor1_crypt_relay_backward(&crypto->tor1, cell); } } else /* cell_direction == CELL_DIRECTION_OUT */ { /* We're in the middle. Decrypt one layer. */ relay_crypto_t *crypto = &TO_OR_CIRCUIT(circ)->crypto; - bool rec = tor1_crypt_relay_forward(crypto, cell); + bool rec = tor1_crypt_relay_forward(&crypto->tor1, cell); if (rec) { *recognized = 1; return 0; @@ -130,11 +130,11 @@ relay_encrypt_cell_outbound(cell_t *cell, { crypt_path_t *thishop = layer_hint; - tor1_crypt_client_originate(&thishop->pvt_crypto, cell); + tor1_crypt_client_originate(&thishop->pvt_crypto.tor1, cell); thishop = thishop->prev; while (thishop != circ->cpath->prev) { - tor1_crypt_client_forward(&thishop->pvt_crypto, cell); + tor1_crypt_client_forward(&thishop->pvt_crypto.tor1, cell); thishop = thishop->prev; } } @@ -150,7 +150,7 @@ void relay_encrypt_cell_inbound(cell_t *cell, or_circuit_t *or_circ) { - tor1_crypt_relay_originate(&or_circ->crypto, cell); + tor1_crypt_relay_originate(&or_circ->crypto.tor1, cell); } /** @@ -160,7 +160,7 @@ relay_encrypt_cell_inbound(cell_t *cell, void relay_crypto_clear(relay_crypto_t *crypto) { - tor1_crypt_clear(crypto); + tor1_crypt_clear(&crypto->tor1); } /** Initialize crypto from the key material in key_data. @@ -185,7 +185,8 @@ relay_crypto_init(relay_crypto_t *crypto, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3) { - return tor1_crypt_init(crypto, key_data, key_data_len, reverse, is_hs_v3); + return tor1_crypt_init(&crypto->tor1, + key_data, key_data_len, reverse, is_hs_v3); } /** Return the amount of key material we need to initialize @@ -209,5 +210,5 @@ relay_crypto_key_material_len(relay_crypto_alg_t alg) void relay_crypto_assert_ok(const relay_crypto_t *crypto) { - tor1_crypt_assert_ok(crypto); + tor1_crypt_assert_ok(&crypto->tor1); } diff --git a/src/core/crypto/relay_crypto_st.h b/src/core/crypto/relay_crypto_st.h index 11d1e7e699..1df08b486d 100644 --- a/src/core/crypto/relay_crypto_st.h +++ b/src/core/crypto/relay_crypto_st.h @@ -12,31 +12,10 @@ #ifndef RELAY_CRYPTO_ST_H #define RELAY_CRYPTO_ST_H -#define crypto_cipher_t aes_cnt_cipher_t -struct crypto_cipher_t; -struct crypto_digest_t; +#include "core/crypto/tor1_crypt_st.h" struct relay_crypto_t { - /* crypto environments */ - /** Encryption key and counter for cells heading towards the OR at this - * step. */ - struct crypto_cipher_t *f_crypto; - /** Encryption key and counter for cells heading back from the OR at this - * step. */ - struct crypto_cipher_t *b_crypto; - - /** Digest state for cells heading towards the OR at this step. */ - struct crypto_digest_t *f_digest; /* for integrity checking */ - /** Digest state for cells heading away from the OR at this step. */ - struct crypto_digest_t *b_digest; - - /** Digest used for the next SENDME cell if any. - * - * This digest is updated every time a cell is _originated_ or _recognized_ - * in either direction. Any operation with this object may - * invalidate this digest. */ - uint8_t sendme_digest[DIGEST_LEN]; + struct tor1_crypt_t tor1; }; -#undef crypto_cipher_t #endif /* !defined(RELAY_CRYPTO_ST_H) */ diff --git a/src/core/crypto/relay_crypto_tor1.h b/src/core/crypto/relay_crypto_tor1.h index 8a07a8bdd4..f56b0ab5ee 100644 --- a/src/core/crypto/relay_crypto_tor1.h +++ b/src/core/crypto/relay_crypto_tor1.h @@ -12,6 +12,8 @@ #ifndef TOR_RELAY_CRYPTO_TOR1_H #define TOR_RELAY_CRYPTO_TOR1_H +typedef struct tor1_crypt_t tor1_crypt_t; + void tor1_crypt_client_originate(tor1_crypt_t *tor1, cell_t *cell); void tor1_crypt_relay_originate(tor1_crypt_t *tor1, @@ -22,10 +24,10 @@ bool tor1_crypt_client_backward(tor1_crypt_t *tor1, cell_t *cell); void tor1_crypt_client_forward(tor1_crypt_t *tor1, cell_t *cell); size_t tor1_key_material_len(bool is_hs); -int tor1_crypt_init(relay_crypto_t *crypto, +int tor1_crypt_init(tor1_crypt_t *crypto, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3); void tor1_crypt_assert_ok(const tor1_crypt_t *tor1); -void tor1_crypt_clear(relay_crypto_t *crypto); +void tor1_crypt_clear(tor1_crypt_t *crypto); #endif /* !defined(TOR_RELAY_CRYPTO_TOR1_H) */ diff --git a/src/core/crypto/tor1_crypt_st.h b/src/core/crypto/tor1_crypt_st.h new file mode 100644 index 0000000000..dfc01f5b33 --- /dev/null +++ b/src/core/crypto/tor1_crypt_st.h @@ -0,0 +1,39 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file tor1_crypt_st.h + * @brief Structures for tor1 relay cell encryption. + **/ + +#ifndef TOR1_CRYPT_ST_H +#define TOR1_CRYPT_ST_H + +struct aes_cnt_cipher_t; +struct crypto_digest_t; + +struct tor1_crypt_t { + /** Encryption key and counter for cells heading towards the OR at this + * step. */ + struct aes_cnt_cipher_t *f_crypto; + /** Encryption key and counter for cells heading back from the OR at this + * step. */ + struct aes_cnt_cipher_t *b_crypto; + + /** Digest state for cells heading towards the OR at this step. */ + struct crypto_digest_t *f_digest; /* for integrity checking */ + /** Digest state for cells heading away from the OR at this step. */ + struct crypto_digest_t *b_digest; + + /** Digest used for the next SENDME cell if any. + * + * This digest is updated every time a cell is _originated_ or _recognized_ + * in either direction. Any operation with this object may + * invalidate this digest. */ + uint8_t sendme_digest[DIGEST_LEN]; +}; + +#endif /* !defined(TOR1_CRYPT_ST_H) */ diff --git a/src/core/or/or.h b/src/core/or/or.h index d23aa8a2d2..44ec332838 100644 --- a/src/core/or/or.h +++ b/src/core/or/or.h @@ -894,8 +894,6 @@ typedef enum { typedef struct onion_handshake_state_t onion_handshake_state_t; typedef struct relay_crypto_t relay_crypto_t; -// XXXX Temporary alias. -typedef struct relay_crypto_t tor1_crypt_t; typedef struct crypt_path_t crypt_path_t; typedef struct crypt_path_reference_t crypt_path_reference_t; diff --git a/src/test/bench.c b/src/test/bench.c index 27e71c9eb8..e87c4f955f 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -545,13 +545,11 @@ bench_cell_ops_tor1(void) or_circ->base_.purpose = CIRCUIT_PURPOSE_OR; /* Initialize crypto */ - char key1[CIPHER_KEY_LEN], key2[CIPHER_KEY_LEN]; - crypto_rand(key1, sizeof(key1)); - crypto_rand(key2, sizeof(key2)); - or_circ->crypto.f_crypto = crypto_cipher_new(key1); - or_circ->crypto.b_crypto = crypto_cipher_new(key2); - or_circ->crypto.f_digest = crypto_digest_new(); - or_circ->crypto.b_digest = crypto_digest_new(); + char keys[CPATH_KEY_MATERIAL_LEN]; + crypto_rand(keys, sizeof(keys)); + size_t keylen = sizeof(keys); + relay_crypto_init(&or_circ->crypto, + keys, keylen, false, false); reset_perftime(); diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c index ac6f940cc7..c8d15ae2f7 100644 --- a/src/test/test_hs_client.c +++ b/src/test/test_hs_client.c @@ -246,12 +246,14 @@ test_e2e_rend_circuit_setup(void *arg) tt_int_op(retval, OP_EQ, 1); /* Check that the crypt path has prop224 algorithm parameters */ - tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->pvt_crypto.f_digest), + tt_int_op(crypto_digest_get_algorithm( + or_circ->cpath->pvt_crypto.tor1.f_digest), OP_EQ, DIGEST_SHA3_256); - tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->pvt_crypto.b_digest), + tt_int_op(crypto_digest_get_algorithm( + or_circ->cpath->pvt_crypto.tor1.b_digest), OP_EQ, DIGEST_SHA3_256); - tt_assert(or_circ->cpath->pvt_crypto.f_crypto); - tt_assert(or_circ->cpath->pvt_crypto.b_crypto); + tt_assert(or_circ->cpath->pvt_crypto.tor1.f_crypto); + tt_assert(or_circ->cpath->pvt_crypto.tor1.b_crypto); /* Ensure that circ purpose was changed */ tt_int_op(or_circ->base_.purpose, OP_EQ, CIRCUIT_PURPOSE_C_REND_JOINED); diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index 6f254f16e8..d278fd475b 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -224,12 +224,14 @@ test_e2e_rend_circuit_setup(void *arg) tt_int_op(retval, OP_EQ, 1); /* Check the digest algo */ - tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->pvt_crypto.f_digest), + tt_int_op(crypto_digest_get_algorithm( + or_circ->cpath->pvt_crypto.tor1.f_digest), OP_EQ, DIGEST_SHA3_256); - tt_int_op(crypto_digest_get_algorithm(or_circ->cpath->pvt_crypto.b_digest), + tt_int_op(crypto_digest_get_algorithm( + or_circ->cpath->pvt_crypto.tor1.b_digest), OP_EQ, DIGEST_SHA3_256); - tt_assert(or_circ->cpath->pvt_crypto.f_crypto); - tt_assert(or_circ->cpath->pvt_crypto.b_crypto); + tt_assert(or_circ->cpath->pvt_crypto.tor1.f_crypto); + tt_assert(or_circ->cpath->pvt_crypto.tor1.b_crypto); /* Ensure that circ purpose was changed */ tt_int_op(or_circ->base_.purpose, OP_EQ, CIRCUIT_PURPOSE_S_REND_JOINED); diff --git a/src/test/test_sendme.c b/src/test/test_sendme.c index ff24ec96c6..97fb1d950d 100644 --- a/src/test/test_sendme.c +++ b/src/test/test_sendme.c @@ -189,7 +189,7 @@ test_v1_build_cell(void *arg) teardown_capture_of_logs(); /* Record the cell digest into the circuit, cell should validate. */ - memcpy(or_circ->crypto.sendme_digest, digest, sizeof(digest)); + memcpy(or_circ->crypto.tor1.sendme_digest, digest, sizeof(digest)); circ->package_window = CIRCWINDOW_INCREMENT + 1; sendme_record_cell_digest_on_circ(circ, NULL); tt_int_op(smartlist_len(circ->sendme_last_digests), OP_EQ, 1);