V(UpdateBridgesFromAuthority, BOOL, "0"),
V(UseBridges, BOOL, "0"),
V(UseEntryGuards, BOOL, "1"),
+ V(UseEntryGuardsAsDirGuards, BOOL, "1"),
V(UseMicrodescriptors, AUTOBOOL, "auto"),
+ V(UseNTorHandshake, AUTOBOOL, "auto"),
V(User, STRING, NULL),
V(UserspaceIOCPBuffers, BOOL, "0"),
VAR("V1AuthoritativeDirectory",BOOL, V1AuthoritativeDir, "0"),
MICRODESC_DIRINFO=1 << 6,
} dirinfo_type_t;
+#define ALL_DIRINFO ((dirinfo_type_t)((1<<7)-1))
+
#define CRYPT_PATH_MAGIC 0x70127012u
+ struct fast_handshake_state_t;
+ struct ntor_handshake_state_t;
+ #define ONION_HANDSHAKE_TYPE_TAP 0x0000
+ #define ONION_HANDSHAKE_TYPE_FAST 0x0001
+ #define ONION_HANDSHAKE_TYPE_NTOR 0x0002
+ typedef struct {
+ uint16_t tag;
+ union {
+ struct fast_handshake_state_t *fast;
+ crypto_dh_t *tap;
+ struct ntor_handshake_state_t *ntor;
+ } u;
+ } onion_handshake_state_t;
+
/** Holds accounting information for a single step in the layered encryption
* performed by a circuit. Used only at the client edge of a circuit. */
typedef struct crypt_path_t {
* more. */
int deliver_window;
- /** For storage while n_chan is pending
- * (state CIRCUIT_STATE_CHAN_WAIT). When defined, it is always
- * length ONIONSKIN_CHALLENGE_LEN. */
- char *n_chan_onionskin;
+ /** For storage while n_chan is pending (state CIRCUIT_STATE_CHAN_WAIT). */
+ struct create_cell_t *n_chan_create_cell;
- /** When was this circuit created? We keep this timestamp with a higher
- * resolution than most so that the circuit-build-time tracking code can
- * get millisecond resolution. */
+ /** When did circuit construction actually begin (ie send the
+ * CREATE cell or begin cannibalization).
+ *
+ * Note: This timer will get reset if we decide to cannibalize
+ * a circuit. It may also get reset during certain phases of hidden
+ * service circuit use.
+ *
+ * We keep this timestamp with a higher resolution than most so that the
+ * circuit-build-time tracking code can get millisecond resolution.
+ */
+ struct timeval timestamp_began;
+
+ /** This timestamp marks when the init_circuit_base constructor ran. */
struct timeval timestamp_created;
+
/** When the circuit was first used, or 0 if the circuit is clean.
*
* XXXX023 Note that some code will artifically adjust this value backward
int IPv6Exit; /**< Do we support exiting to IPv6 addresses? */
+ char *TLSECGroup; /**< One of "P256", "P224", or nil for auto */
+
+ /** Autobool: should we use the ntor handshake if we can? */
+ int UseNTorHandshake;
} or_options_t;
/** Persistent state for an onion router, as saved to disk. */
#include "orconfig.h"
#define RELAY_PRIVATE
+ #define CONFIG_PRIVATE
#include "or.h"
+ #include "onion_tap.h"
#include "relay.h"
- #if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,0)
+#include <openssl/opensslv.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#include <openssl/obj_mac.h>
+#endif
++
+ #include "config.h"
+ #ifdef CURVE25519_ENABLED
+ #include "crypto_curve25519.h"
+ #include "onion_ntor.h"
#endif
#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
static struct benchmark_t benchmarks[] = {
ENT(dmap),
ENT(aes),
+ ENT(onion_TAP),
+ #ifdef CURVE25519_ENABLED
+ ENT(onion_ntor),
+ #endif
ENT(cell_aes),
ENT(cell_ops),
+ ENT(dh),
+#ifdef HAVE_EC_BENCHMARKS
+ ENT(ecdh_p256),
+ ENT(ecdh_p224),
+#endif
{NULL,NULL,0}
};
projects / thirdparty / tor.git / commitdiff
