From df90c781653b81763345b2bfae76e09d1e4c5586 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 28 May 2025 15:04:48 -0400 Subject: [PATCH] Refactor relay_crypto_init API to take an algorithm. --- src/core/crypto/relay_crypto.c | 24 ++++++++++++++++++------ src/core/crypto/relay_crypto.h | 17 +++++++++++++---- src/core/or/circuitbuild.c | 3 ++- src/core/or/crypt_path.c | 9 ++++----- src/core/or/crypt_path.h | 8 +++++--- src/feature/hs/hs_circuit.c | 5 +++-- src/feature/relay/circuitbuild_relay.c | 4 +++- src/test/bench.c | 4 ++-- src/test/fakecircs.c | 5 +++-- src/test/test_circuitpadding.c | 3 ++- src/test/test_conflux_pool.c | 3 ++- src/test/test_relaycrypt.c | 11 ++++++----- 12 files changed, 63 insertions(+), 33 deletions(-) diff --git a/src/core/crypto/relay_crypto.c b/src/core/crypto/relay_crypto.c index 6887e7a737..659785e39f 100644 --- a/src/core/crypto/relay_crypto.c +++ b/src/core/crypto/relay_crypto.c @@ -181,12 +181,23 @@ relay_crypto_clear(relay_crypto_t *crypto) * Return 0 if init was successful, else -1 if it failed. */ int -relay_crypto_init(relay_crypto_t *crypto, - const char *key_data, size_t key_data_len, - int reverse, int is_hs_v3) +relay_crypto_init(relay_crypto_alg_t alg, + relay_crypto_t *crypto, + const char *key_data, size_t key_data_len) { - return tor1_crypt_init(&crypto->tor1, - key_data, key_data_len, reverse, is_hs_v3); + switch (alg) { + /* Tor1 cases: the booleans are "reverse" and "is_hs_v3". */ + case RELAY_CRYPTO_ALG_TOR1: + return tor1_crypt_init(&crypto->tor1, key_data, key_data_len, + false, false); + case RELAY_CRYPTO_ALG_TOR1_HSC: + return tor1_crypt_init(&crypto->tor1, key_data, key_data_len, + false, true); + case RELAY_CRYPTO_ALG_TOR1_HSS: + return tor1_crypt_init(&crypto->tor1, key_data, key_data_len, + true, true); + } + tor_assert_unreached(); } /** Return the amount of key material we need to initialize @@ -200,7 +211,8 @@ relay_crypto_key_material_len(relay_crypto_alg_t alg) switch (alg) { case RELAY_CRYPTO_ALG_TOR1: return tor1_key_material_len(false); - case RELAY_CRYPTO_ALG_TOR1_HS: + case RELAY_CRYPTO_ALG_TOR1_HSC: + case RELAY_CRYPTO_ALG_TOR1_HSS: return tor1_key_material_len(true); } return -1; diff --git a/src/core/crypto/relay_crypto.h b/src/core/crypto/relay_crypto.h index 5e04dd1cd1..25c2318fb6 100644 --- a/src/core/crypto/relay_crypto.h +++ b/src/core/crypto/relay_crypto.h @@ -12,9 +12,18 @@ #ifndef TOR_RELAY_CRYPTO_H #define TOR_RELAY_CRYPTO_H +/** Enumeration to identify which relay crypto algorithm is in use. */ typedef enum relay_crypto_alg_t { + /** Tor1 relay crypto, as used for ordinary circuit hops. */ RELAY_CRYPTO_ALG_TOR1, - RELAY_CRYPTO_ALG_TOR1_HS, + /** Tor1 relay crypto, as used as an onion service client for + * the shared virtual HS hop created with an INTRODUCE/RENVEZVOUS + * handshake. */ + RELAY_CRYPTO_ALG_TOR1_HSC, + /** Tor1 relay crypto, as used as an onion service for + * the shared virtual HS hop created with an INTRODUCE/RENVEZVOUS + * handshake. */ + RELAY_CRYPTO_ALG_TOR1_HSS, } relay_crypto_alg_t; #define relay_crypto_alg_bitfield_t ENUM_BF(relay_crypto_alg_t) @@ -26,9 +35,9 @@ typedef enum relay_crypto_alg_t { ssize_t relay_crypto_key_material_len(relay_crypto_alg_t alg); -int relay_crypto_init(relay_crypto_t *crypto, - const char *key_data, size_t key_data_len, - int reverse, int is_hs_v3); +int relay_crypto_init(relay_crypto_alg_t alg, + relay_crypto_t *crypto, + const char *key_data, size_t key_data_len); int relay_decrypt_cell(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index adeb96d507..1cab888779 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -1299,7 +1299,8 @@ circuit_finish_handshake(origin_circuit_t *circ, onion_handshake_state_release(&hop->handshake_state); - if (cpath_init_circuit_crypto(hop, keys, sizeof(keys), 0, 0)<0) { + if (cpath_init_circuit_crypto(RELAY_CRYPTO_ALG_TOR1, + hop, keys, sizeof(keys))<0) { return -END_CIRC_REASON_TORPROTOCOL; } diff --git a/src/core/or/crypt_path.c b/src/core/or/crypt_path.c index bf2e4df74e..b734d34578 100644 --- a/src/core/or/crypt_path.c +++ b/src/core/or/crypt_path.c @@ -148,14 +148,13 @@ cpath_assert_layer_ok(const crypt_path_t *cp) * Return 0 if init was successful, else -1 if it failed. */ int -cpath_init_circuit_crypto(crypt_path_t *cpath, - const char *key_data, size_t key_data_len, - int reverse, int is_hs_v3) +cpath_init_circuit_crypto(relay_crypto_alg_t alg, + crypt_path_t *cpath, + const char *key_data, size_t key_data_len) { tor_assert(cpath); - return relay_crypto_init(&cpath->pvt_crypto, key_data, key_data_len, - reverse, is_hs_v3); + return relay_crypto_init(alg, &cpath->pvt_crypto, key_data, key_data_len); } /** Deallocate space associated with the cpath node victim. */ diff --git a/src/core/or/crypt_path.h b/src/core/or/crypt_path.h index 36bd2bd81d..11b29ae29e 100644 --- a/src/core/or/crypt_path.h +++ b/src/core/or/crypt_path.h @@ -6,15 +6,17 @@ #ifndef CRYPT_PATH_H #define CRYPT_PATH_H +#include "core/crypto/relay_crypto.h" + void cpath_assert_layer_ok(const crypt_path_t *cp); void cpath_assert_ok(const crypt_path_t *cp); int cpath_append_hop(crypt_path_t **head_ptr, extend_info_t *choice); -int cpath_init_circuit_crypto(crypt_path_t *cpath, - const char *key_data, size_t key_data_len, - int reverse, int is_hs_v3); +int cpath_init_circuit_crypto(relay_crypto_alg_t alg, + crypt_path_t *cpath, + const char *key_data, size_t key_data_len); void cpath_free(crypt_path_t *victim); diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c index e11fc8915a..093df81efc 100644 --- a/src/feature/hs/hs_circuit.c +++ b/src/feature/hs/hs_circuit.c @@ -112,9 +112,10 @@ create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len, // TODO CGO: Pick relay cell format based on capabilities. cpath->relay_cell_format = RELAY_CELL_FORMAT_V0; + relay_crypto_alg_t alg = is_service_side ? RELAY_CRYPTO_ALG_TOR1_HSS : + RELAY_CRYPTO_ALG_TOR1_HSC; - if (cpath_init_circuit_crypto(cpath, (char*)keys, sizeof(keys), - is_service_side, 1) < 0) { + if (cpath_init_circuit_crypto(alg, cpath, (char*)keys, sizeof(keys)) < 0) { tor_free(cpath); goto err; } diff --git a/src/feature/relay/circuitbuild_relay.c b/src/feature/relay/circuitbuild_relay.c index 4a2b3814be..921235bc88 100644 --- a/src/feature/relay/circuitbuild_relay.c +++ b/src/feature/relay/circuitbuild_relay.c @@ -556,6 +556,7 @@ onionskin_answer(struct or_circuit_t *circ, return -1; } + // XXXX: This will be wrong for cgo. tor_assert(keys_len == CPATH_KEY_MATERIAL_LEN); if (created_cell_format(&cell, created_cell) < 0) { @@ -570,7 +571,8 @@ onionskin_answer(struct or_circuit_t *circ, log_debug(LD_CIRC,"init digest forward 0x%.8x, backward 0x%.8x.", (unsigned int)get_uint32(keys), (unsigned int)get_uint32(keys+20)); - if (relay_crypto_init(&circ->crypto, keys, keys_len, 0, 0)<0) { + if (relay_crypto_init(RELAY_CRYPTO_ALG_TOR1, + &circ->crypto, keys, keys_len)<0) { log_warn(LD_BUG,"Circuit initialization failed."); return -1; } diff --git a/src/test/bench.c b/src/test/bench.c index e87c4f955f..6b3d289a6f 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -548,8 +548,8 @@ bench_cell_ops_tor1(void) char keys[CPATH_KEY_MATERIAL_LEN]; crypto_rand(keys, sizeof(keys)); size_t keylen = sizeof(keys); - relay_crypto_init(&or_circ->crypto, - keys, keylen, false, false); + relay_crypto_init(RELAY_CRYPTO_ALG_TOR1, + &or_circ->crypto, keys, keylen); reset_perftime(); diff --git a/src/test/fakecircs.c b/src/test/fakecircs.c index 47b3ae1aca..be8086e6d4 100644 --- a/src/test/fakecircs.c +++ b/src/test/fakecircs.c @@ -59,8 +59,9 @@ new_fake_orcirc(channel_t *nchan, channel_t *pchan) cell_queue_init(&(orcirc->p_chan_cells)); memset(&tmp_cpath, 0, sizeof(tmp_cpath)); - if (cpath_init_circuit_crypto(&tmp_cpath, whatevs_key, - sizeof(whatevs_key), 0, 0)<0) { + if (cpath_init_circuit_crypto(RELAY_CRYPTO_ALG_TOR1, + &tmp_cpath, whatevs_key, + sizeof(whatevs_key))<0) { log_warn(LD_BUG,"Circuit initialization failed"); return NULL; } diff --git a/src/test/test_circuitpadding.c b/src/test/test_circuitpadding.c index ddc11f7408..0bc2f28945 100644 --- a/src/test/test_circuitpadding.c +++ b/src/test/test_circuitpadding.c @@ -1623,7 +1623,8 @@ simulate_single_hop_extend(circuit_t *client, circuit_t *mid_relay, digest, NULL, NULL, &addr, padding, NULL, false); - cpath_init_circuit_crypto(hop, whatevs_key, sizeof(whatevs_key), 0, 0); + cpath_init_circuit_crypto(RELAY_CRYPTO_ALG_TOR1, hop, + whatevs_key, sizeof(whatevs_key)); hop->package_window = circuit_initial_package_window(); hop->deliver_window = CIRCWINDOW_START; diff --git a/src/test/test_conflux_pool.c b/src/test/test_conflux_pool.c index 1294a8256b..0efd12ea06 100644 --- a/src/test/test_conflux_pool.c +++ b/src/test/test_conflux_pool.c @@ -359,7 +359,8 @@ simulate_single_hop_extend(origin_circuit_t *client, int exit) digest, NULL, NULL, &addr, exit, NULL, exit); - cpath_init_circuit_crypto(hop, whatevs_key, sizeof(whatevs_key), 0, 0); + cpath_init_circuit_crypto(RELAY_CRYPTO_ALG_TOR1, hop, + whatevs_key, sizeof(whatevs_key)); hop->package_window = circuit_initial_package_window(); hop->deliver_window = CIRCWINDOW_START; diff --git a/src/test/test_relaycrypt.c b/src/test/test_relaycrypt.c index b93c1d470a..be642550e9 100644 --- a/src/test/test_relaycrypt.c +++ b/src/test/test_relaycrypt.c @@ -49,17 +49,18 @@ testing_circuitset_setup(const struct testcase_t *testcase) for (i=0; i<3; ++i) { cs->or_circ[i] = or_circuit_new(0, NULL); tt_int_op(0, OP_EQ, - relay_crypto_init(&cs->or_circ[i]->crypto, - KEY_MATERIAL[i], sizeof(KEY_MATERIAL[i]), - 0, 0)); + relay_crypto_init(RELAY_CRYPTO_ALG_TOR1, + &cs->or_circ[i]->crypto, + KEY_MATERIAL[i], sizeof(KEY_MATERIAL[i]))); } cs->origin_circ = origin_circuit_new(); cs->origin_circ->base_.purpose = CIRCUIT_PURPOSE_C_GENERAL; for (i=0; i<3; ++i) { crypt_path_t *hop = tor_malloc_zero(sizeof(*hop)); - relay_crypto_init(&hop->pvt_crypto, KEY_MATERIAL[i], - sizeof(KEY_MATERIAL[i]), 0, 0); + relay_crypto_init(RELAY_CRYPTO_ALG_TOR1, + &hop->pvt_crypto, KEY_MATERIAL[i], + sizeof(KEY_MATERIAL[i])); hop->state = CPATH_STATE_OPEN; cpath_extend_linked_list(&cs->origin_circ->cpath, hop); tt_ptr_op(hop, OP_EQ, cs->origin_circ->cpath->prev); -- 2.47.2