src/core/crypto/onion_fast.c \
src/core/crypto/onion_ntor.c \
src/core/crypto/onion_ntor_v3.c \
- src/core/crypto/onion_tap.c \
src/core/crypto/relay_crypto.c
# ADD_C_FILE: INSERT HEADERS HERE.
src/core/crypto/onion_fast.h \
src/core/crypto/onion_ntor.h \
src/core/crypto/onion_ntor_v3.h \
- src/core/crypto/onion_tap.h \
src/core/crypto/relay_crypto.h
* \brief Functions to handle different kinds of circuit extension crypto.
*
* In this module, we provide a set of abstractions to create a uniform
- * interface over the three circuit extension handshakes that Tor has used
- * over the years (TAP, CREATE_FAST, and ntor). These handshakes are
- * implemented in onion_tap.c, onion_fast.c, and onion_ntor.c respectively.
+ * interface over the circuit extension handshakes that Tor has used
+ * over the years (CREATE_FAST, ntor, hs_ntor, and ntorv3).
+ * These handshakes are implemented in the onion_*.c modules.
*
* All[*] of these handshakes follow a similar pattern: a client, knowing
* some key from the relay it wants to extend through, generates the
#include "core/crypto/onion_fast.h"
#include "core/crypto/onion_ntor.h"
#include "core/crypto/onion_ntor_v3.h"
-#include "core/crypto/onion_tap.h"
#include "feature/relay/router.h"
#include "lib/crypt_ops/crypto_dh.h"
#include "lib/crypt_ops/crypto_util.h"
{
switch (state->tag) {
case ONION_HANDSHAKE_TYPE_TAP:
- crypto_dh_free(state->u.tap);
- state->u.tap = NULL;
break;
case ONION_HANDSHAKE_TYPE_FAST:
fast_handshake_state_free(state->u.fast);
switch (type) {
case ONION_HANDSHAKE_TYPE_TAP:
- if (onion_skin_out_maxlen < TAP_ONIONSKIN_CHALLENGE_LEN)
- return -1;
- if (!node->onion_key)
- return -1;
-
- if (onion_skin_TAP_create(node->onion_key,
- &state_out->u.tap,
- (char*)onion_skin_out) < 0)
- return -1;
-
- r = TAP_ONIONSKIN_CHALLENGE_LEN;
- break;
+ return -1;
case ONION_HANDSHAKE_TYPE_FAST:
if (fast_onionskin_create(&state_out->u.fast, onion_skin_out) < 0)
return -1;
switch (type) {
case ONION_HANDSHAKE_TYPE_TAP:
- if (reply_out_maxlen < TAP_ONIONSKIN_REPLY_LEN)
- return -1;
- if (onionskin_len != TAP_ONIONSKIN_CHALLENGE_LEN)
- return -1;
- if (onion_skin_TAP_server_handshake((const char*)onion_skin,
- keys->onion_key, keys->last_onion_key,
- (char*)reply_out,
- (char*)keys_out, keys_out_len)<0)
- return -1;
- r = TAP_ONIONSKIN_REPLY_LEN;
- memcpy(rend_nonce_out, reply_out+DH1024_KEY_LEN, DIGEST_LEN);
- break;
+ return -1;
case ONION_HANDSHAKE_TYPE_FAST:
if (reply_out_maxlen < CREATED_FAST_LEN)
return -1;
switch (type) {
case ONION_HANDSHAKE_TYPE_TAP:
- if (reply_len != TAP_ONIONSKIN_REPLY_LEN) {
- if (msg_out)
- *msg_out = "TAP reply was not of the correct length.";
- return -1;
- }
- if (onion_skin_TAP_client_handshake(handshake_state->u.tap,
- (const char*)reply,
- (char *)keys_out, keys_out_len,
- msg_out) < 0)
- return -1;
-
- memcpy(rend_authenticator_out, reply+DH1024_KEY_LEN, DIGEST_LEN);
-
- return 0;
+ return -1;
case ONION_HANDSHAKE_TYPE_FAST:
if (reply_len != CREATED_FAST_LEN) {
if (msg_out)
+++ /dev/null
-/* Copyright (c) 2001 Matej Pfajfar.
- * Copyright (c) 2001-2004, Roger Dingledine.
- * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2021, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file onion_tap.c
- * \brief Functions to implement the original Tor circuit extension handshake
- * (a.k.a TAP).
- *
- * The "TAP" handshake is the first one that was widely used in Tor: It
- * combines RSA1024-OAEP and AES128-CTR to perform a hybrid encryption over
- * the first message DH1024 key exchange. (The RSA-encrypted part of the
- * encryption is authenticated; the AES-encrypted part isn't. This was
- * not a smart choice.)
- *
- * We didn't call it "TAP" ourselves -- Ian Goldberg named it in "On the
- * Security of the Tor Authentication Protocol". (Spoiler: it's secure, but
- * its security is kind of fragile and implementation dependent. Never modify
- * this implementation without reading and understanding that paper at least.)
- *
- * We have deprecated TAP since the ntor handshake came into general use. It
- * is still used for hidden service IP and RP connections, however.
- *
- * This handshake, like the other circuit-extension handshakes, is
- * invoked from onion.c.
- **/
-
-#include "core/or/or.h"
-#include "app/config/config.h"
-#include "lib/crypt_ops/crypto_dh.h"
-#include "lib/crypt_ops/crypto_rand.h"
-#include "lib/crypt_ops/crypto_util.h"
-#include "core/crypto/onion_tap.h"
-#include "feature/stats/rephist.h"
-
-/*----------------------------------------------------------------------*/
-
-/** Given a router's 128 byte public key,
- * stores the following in onion_skin_out:
- * - [42 bytes] OAEP padding
- * - [16 bytes] Symmetric key for encrypting blob past RSA
- * - [70 bytes] g^x part 1 (inside the RSA)
- * - [58 bytes] g^x part 2 (symmetrically encrypted)
- *
- * Stores the DH private key into handshake_state_out for later completion
- * of the handshake.
- *
- * The meeting point/cookies and auth are zeroed out for now.
- */
-int
-onion_skin_TAP_create(crypto_pk_t *dest_router_key,
- crypto_dh_t **handshake_state_out,
- char *onion_skin_out) /* TAP_ONIONSKIN_CHALLENGE_LEN bytes */
-{
- char challenge[DH1024_KEY_LEN];
- crypto_dh_t *dh = NULL;
- int dhbytes, pkbytes;
-
- tor_assert(dest_router_key);
- tor_assert(handshake_state_out);
- tor_assert(onion_skin_out);
- *handshake_state_out = NULL;
- memset(onion_skin_out, 0, TAP_ONIONSKIN_CHALLENGE_LEN);
-
- if (!(dh = crypto_dh_new(DH_TYPE_CIRCUIT)))
- goto err;
-
- dhbytes = crypto_dh_get_bytes(dh);
- pkbytes = (int) crypto_pk_keysize(dest_router_key);
- tor_assert(dhbytes == 128);
- tor_assert(pkbytes == 128);
-
- if (crypto_dh_get_public(dh, challenge, dhbytes))
- goto err;
-
- /* set meeting point, meeting cookie, etc here. Leave zero for now. */
- if (crypto_pk_obsolete_public_hybrid_encrypt(dest_router_key, onion_skin_out,
- TAP_ONIONSKIN_CHALLENGE_LEN,
- challenge, DH1024_KEY_LEN,
- PK_PKCS1_OAEP_PADDING, 1)<0)
- goto err;
-
- memwipe(challenge, 0, sizeof(challenge));
- *handshake_state_out = dh;
-
- return 0;
- err:
- /* LCOV_EXCL_START
- * We only get here if RSA encryption fails or DH keygen fails. Those
- * shouldn't be possible. */
- memwipe(challenge, 0, sizeof(challenge));
- if (dh) crypto_dh_free(dh);
- return -1;
- /* LCOV_EXCL_STOP */
-}
-
-/** Given an encrypted DH public key as generated by onion_skin_create,
- * and the private key for this onion router, generate the reply (128-byte
- * DH plus the first 20 bytes of shared key material), and store the
- * next key_out_len bytes of key material in key_out.
- */
-int
-onion_skin_TAP_server_handshake(
- /*TAP_ONIONSKIN_CHALLENGE_LEN*/
- const char *onion_skin,
- crypto_pk_t *private_key,
- crypto_pk_t *prev_private_key,
- /*TAP_ONIONSKIN_REPLY_LEN*/
- char *handshake_reply_out,
- char *key_out,
- size_t key_out_len)
-{
- char challenge[TAP_ONIONSKIN_CHALLENGE_LEN];
- crypto_dh_t *dh = NULL;
- ssize_t len;
- char *key_material=NULL;
- size_t key_material_len=0;
- int i;
- crypto_pk_t *k;
-
- len = -1;
- for (i=0;i<2;++i) {
- k = i==0?private_key:prev_private_key;
- if (!k)
- break;
- len = crypto_pk_obsolete_private_hybrid_decrypt(k, challenge,
- TAP_ONIONSKIN_CHALLENGE_LEN,
- onion_skin,
- TAP_ONIONSKIN_CHALLENGE_LEN,
- PK_PKCS1_OAEP_PADDING,0);
- if (len>0)
- break;
- }
- if (len<0) {
- log_info(LD_PROTOCOL,
- "Couldn't decrypt onionskin: client may be using old onion key");
- goto err;
- } else if (len != DH1024_KEY_LEN) {
- log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
- "Unexpected onionskin length after decryption: %ld",
- (long)len);
- goto err;
- }
-
- dh = crypto_dh_new(DH_TYPE_CIRCUIT);
- if (!dh) {
- /* LCOV_EXCL_START
- * Failure to allocate a DH key should be impossible.
- */
- log_warn(LD_BUG, "Couldn't allocate DH key");
- goto err;
- /* LCOV_EXCL_STOP */
- }
- if (crypto_dh_get_public(dh, handshake_reply_out, DH1024_KEY_LEN)) {
- /* LCOV_EXCL_START
- * This can only fail if the length of the key we just allocated is too
- * big. That should be impossible. */
- log_info(LD_GENERAL, "crypto_dh_get_public failed.");
- goto err;
- /* LCOV_EXCL_STOP */
- }
-
- key_material_len = DIGEST_LEN+key_out_len;
- key_material = tor_malloc(key_material_len);
- len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh, challenge,
- DH1024_KEY_LEN, key_material,
- key_material_len);
- if (len < 0) {
- log_info(LD_GENERAL, "crypto_dh_compute_secret failed.");
- goto err;
- }
-
- /* send back H(K|0) as proof that we learned K. */
- memcpy(handshake_reply_out+DH1024_KEY_LEN, key_material, DIGEST_LEN);
-
- /* use the rest of the key material for our shared keys, digests, etc */
- memcpy(key_out, key_material+DIGEST_LEN, key_out_len);
-
- memwipe(challenge, 0, sizeof(challenge));
- memwipe(key_material, 0, key_material_len);
- tor_free(key_material);
- crypto_dh_free(dh);
- return 0;
- err:
- memwipe(challenge, 0, sizeof(challenge));
- if (key_material) {
- memwipe(key_material, 0, key_material_len);
- tor_free(key_material);
- }
- if (dh) crypto_dh_free(dh);
-
- return -1;
-}
-
-/** Finish the client side of the DH handshake.
- * Given the 128 byte DH reply + 20 byte hash as generated by
- * onion_skin_server_handshake and the handshake state generated by
- * onion_skin_create, verify H(K) with the first 20 bytes of shared
- * key material, then generate key_out_len more bytes of shared key
- * material and store them in key_out.
- *
- * After the invocation, call crypto_dh_free on handshake_state.
- */
-int
-onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state,
- const char *handshake_reply, /* TAP_ONIONSKIN_REPLY_LEN bytes */
- char *key_out,
- size_t key_out_len,
- const char **msg_out)
-{
- ssize_t len;
- char *key_material=NULL;
- size_t key_material_len;
- tor_assert(crypto_dh_get_bytes(handshake_state) == DH1024_KEY_LEN);
-
- key_material_len = DIGEST_LEN + key_out_len;
- key_material = tor_malloc(key_material_len);
- len = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, handshake_state,
- handshake_reply, DH1024_KEY_LEN, key_material,
- key_material_len);
- if (len < 0) {
- if (msg_out)
- *msg_out = "DH computation failed.";
- goto err;
- }
-
- if (tor_memneq(key_material, handshake_reply+DH1024_KEY_LEN, DIGEST_LEN)) {
- /* H(K) does *not* match. Something fishy. */
- if (msg_out)
- *msg_out = "Digest DOES NOT MATCH on onion handshake. Bug or attack.";
- goto err;
- }
-
- /* use the rest of the key material for our shared keys, digests, etc */
- memcpy(key_out, key_material+DIGEST_LEN, key_out_len);
-
- memwipe(key_material, 0, key_material_len);
- tor_free(key_material);
- return 0;
- err:
- memwipe(key_material, 0, key_material_len);
- tor_free(key_material);
- return -1;
-}
+++ /dev/null
-/* Copyright (c) 2001 Matej Pfajfar.
- * Copyright (c) 2001-2004, Roger Dingledine.
- * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2021, The Tor Project, Inc. */
-/* See LICENSE for licensing information */
-
-/**
- * \file onion_tap.h
- * \brief Header file for onion_tap.c.
- **/
-
-#ifndef TOR_ONION_TAP_H
-#define TOR_ONION_TAP_H
-
-#define TAP_ONIONSKIN_CHALLENGE_LEN (PKCS1_OAEP_PADDING_OVERHEAD+\
- CIPHER_KEY_LEN+\
- DH1024_KEY_LEN)
-#define TAP_ONIONSKIN_REPLY_LEN (DH1024_KEY_LEN+DIGEST_LEN)
-
-struct crypto_dh_t;
-struct crypto_pk_t;
-
-int onion_skin_TAP_create(struct crypto_pk_t *router_key,
- struct crypto_dh_t **handshake_state_out,
- char *onion_skin_out);
-
-int onion_skin_TAP_server_handshake(const char *onion_skin,
- struct crypto_pk_t *private_key,
- struct crypto_pk_t *prev_private_key,
- char *handshake_reply_out,
- char *key_out,
- size_t key_out_len);
-
-int onion_skin_TAP_client_handshake(struct crypto_dh_t *handshake_state,
- const char *handshake_reply,
- char *key_out,
- size_t key_out_len,
- const char **msg_out);
-
-#endif /* !defined(TOR_ONION_TAP_H) */
#include "core/crypto/hs_ntor.h"
#include "core/crypto/onion_crypto.h"
#include "core/crypto/onion_fast.h"
-#include "core/crypto/onion_tap.h"
#include "core/mainloop/connection.h"
#include "core/mainloop/mainloop.h"
#include "core/or/channel.h"
uint16_t tag;
union {
struct fast_handshake_state_t *fast;
- struct crypto_dh_t *tap;
struct ntor_handshake_state_t *ntor;
struct ntor3_handshake_state_t *ntor3;
} u;
#include "core/crypto/onion_crypto.h"
#include "core/crypto/onion_fast.h"
#include "core/crypto/onion_ntor.h"
-#include "core/crypto/onion_tap.h"
#include "core/or/onion.h"
#include "feature/nodelist/networkstatus.h"
{
switch (cell->cell_type) {
case CELL_CREATE:
- if (cell->handshake_type != ONION_HANDSHAKE_TYPE_TAP &&
- cell->handshake_type != ONION_HANDSHAKE_TYPE_NTOR)
- return -1;
- break;
+ return -1;
case CELL_CREATE_FAST:
if (cell->handshake_type != ONION_HANDSHAKE_TYPE_FAST)
return -1;
switch (cell->handshake_type) {
case ONION_HANDSHAKE_TYPE_TAP:
- if (cell->handshake_len != TAP_ONIONSKIN_CHALLENGE_LEN)
- return -1;
- break;
+ return -1;
case ONION_HANDSHAKE_TYPE_FAST:
if (cell->handshake_len != CREATE_FAST_LEN)
return -1;
{
switch (cell_in->command) {
case CELL_CREATE:
- if (tor_memeq(cell_in->payload, NTOR_CREATE_MAGIC, 16)) {
- create_cell_init(cell_out, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR,
- NTOR_ONIONSKIN_LEN, cell_in->payload+16);
- } else {
- create_cell_init(cell_out, CELL_CREATE, ONION_HANDSHAKE_TYPE_TAP,
- TAP_ONIONSKIN_CHALLENGE_LEN, cell_in->payload);
- }
- break;
+ return -1;
case CELL_CREATE_FAST:
create_cell_init(cell_out, CELL_CREATE_FAST, ONION_HANDSHAKE_TYPE_FAST,
CREATE_FAST_LEN, cell_in->payload);
{
switch (cell->cell_type) {
case CELL_CREATED:
- if (cell->handshake_len != TAP_ONIONSKIN_REPLY_LEN &&
- cell->handshake_len != NTOR_REPLY_LEN)
- return -1;
- break;
+ return -1;
case CELL_CREATED_FAST:
if (cell->handshake_len != CREATED_FAST_LEN)
return -1;
switch (cell_in->command) {
case CELL_CREATED:
- cell_out->cell_type = CELL_CREATED;
- cell_out->handshake_len = TAP_ONIONSKIN_REPLY_LEN;
- memcpy(cell_out->reply, cell_in->payload, TAP_ONIONSKIN_REPLY_LEN);
- break;
+ return -1;
case CELL_CREATED_FAST:
cell_out->cell_type = CELL_CREATED_FAST;
cell_out->handshake_len = CREATED_FAST_LEN;
}
}
if (cell->create_cell.cell_type == CELL_CREATE) {
- if (cell->cell_type != RELAY_COMMAND_EXTEND)
- return -1;
+ return -1;
} else if (cell->create_cell.cell_type == CELL_CREATE2) {
- if (cell->cell_type != RELAY_COMMAND_EXTEND2 &&
- cell->cell_type != RELAY_COMMAND_EXTEND)
+ if (cell->cell_type != RELAY_COMMAND_EXTEND2)
return -1;
} else {
/* In particular, no CREATE_FAST cells are allowed */
return -1;
}
- if (cell->create_cell.handshake_type == ONION_HANDSHAKE_TYPE_FAST)
+ if (cell->create_cell.handshake_type == ONION_HANDSHAKE_TYPE_FAST ||
+ cell->create_cell.handshake_type == ONION_HANDSHAKE_TYPE_TAP)
return -1;
return check_create_cell(&cell->create_cell, 1);
}
-static int
-extend_cell_from_extend1_cell_body(extend_cell_t *cell_out,
- const extend1_cell_body_t *cell)
-{
- tor_assert(cell_out);
- tor_assert(cell);
- memset(cell_out, 0, sizeof(*cell_out));
- tor_addr_make_unspec(&cell_out->orport_ipv4.addr);
- tor_addr_make_unspec(&cell_out->orport_ipv6.addr);
-
- cell_out->cell_type = RELAY_COMMAND_EXTEND;
- tor_addr_from_ipv4h(&cell_out->orport_ipv4.addr, cell->ipv4addr);
- cell_out->orport_ipv4.port = cell->port;
- if (tor_memeq(cell->onionskin, NTOR_CREATE_MAGIC, 16)) {
- cell_out->create_cell.cell_type = CELL_CREATE2;
- cell_out->create_cell.handshake_type = ONION_HANDSHAKE_TYPE_NTOR;
- cell_out->create_cell.handshake_len = NTOR_ONIONSKIN_LEN;
- memcpy(cell_out->create_cell.onionskin, cell->onionskin + 16,
- NTOR_ONIONSKIN_LEN);
- } else {
- cell_out->create_cell.cell_type = CELL_CREATE;
- cell_out->create_cell.handshake_type = ONION_HANDSHAKE_TYPE_TAP;
- cell_out->create_cell.handshake_len = TAP_ONIONSKIN_CHALLENGE_LEN;
- memcpy(cell_out->create_cell.onionskin, cell->onionskin,
- TAP_ONIONSKIN_CHALLENGE_LEN);
- }
- memcpy(cell_out->node_id, cell->identity, DIGEST_LEN);
- return 0;
-}
-
static int
create_cell_from_create2_cell_body(create_cell_t *cell_out,
const create2_cell_body_t *cell)
switch (command) {
case RELAY_COMMAND_EXTEND:
- {
- extend1_cell_body_t *cell = NULL;
- if (extend1_cell_body_parse(&cell, payload, payload_length)<0 ||
- cell == NULL) {
- if (cell)
- extend1_cell_body_free(cell);
- return -1;
- }
- int r = extend_cell_from_extend1_cell_body(cell_out, cell);
- extend1_cell_body_free(cell);
- if (r < 0)
- return r;
- }
+ return -1;
break;
case RELAY_COMMAND_EXTEND2:
{
switch (command) {
case RELAY_COMMAND_EXTENDED:
- if (payload_len != TAP_ONIONSKIN_REPLY_LEN)
- return -1;
- cell_out->cell_type = RELAY_COMMAND_EXTENDED;
- cell_out->created_cell.cell_type = CELL_CREATED;
- cell_out->created_cell.handshake_len = TAP_ONIONSKIN_REPLY_LEN;
- memcpy(cell_out->created_cell.reply, payload, TAP_ONIONSKIN_REPLY_LEN);
- break;
+ return -1;
case RELAY_COMMAND_EXTENDED2:
{
cell_out->cell_type = RELAY_COMMAND_EXTENDED2;
switch (cell_in->cell_type) {
case RELAY_COMMAND_EXTEND:
- {
- if (BUG(cell_in->create_cell.handshake_type ==
- ONION_HANDSHAKE_TYPE_NTOR_V3)) {
- log_warn(LD_BUG, "Extend cells cannot contain ntorv3!");
- return -1;
- }
- *command_out = RELAY_COMMAND_EXTEND;
- *len_out = 6 + TAP_ONIONSKIN_CHALLENGE_LEN + DIGEST_LEN;
- set_uint32(p, tor_addr_to_ipv4n(&cell_in->orport_ipv4.addr));
- set_uint16(p+4, htons(cell_in->orport_ipv4.port));
- if (cell_in->create_cell.handshake_type == ONION_HANDSHAKE_TYPE_NTOR) {
- memcpy(p+6, NTOR_CREATE_MAGIC, 16);
- memcpy(p+22, cell_in->create_cell.onionskin, NTOR_ONIONSKIN_LEN);
- } else {
- memcpy(p+6, cell_in->create_cell.onionskin,
- TAP_ONIONSKIN_CHALLENGE_LEN);
- }
- memcpy(p+6+TAP_ONIONSKIN_CHALLENGE_LEN, cell_in->node_id, DIGEST_LEN);
- }
- break;
+ return -1;
case RELAY_COMMAND_EXTEND2:
{
uint8_t n_specifiers = 1;
switch (cell_in->cell_type) {
case RELAY_COMMAND_EXTENDED:
- {
- *command_out = RELAY_COMMAND_EXTENDED;
- *len_out = TAP_ONIONSKIN_REPLY_LEN;
- memcpy(payload_out, cell_in->created_cell.reply,
- TAP_ONIONSKIN_REPLY_LEN);
- }
- break;
+ return -1;
case RELAY_COMMAND_EXTENDED2:
{
*command_out = RELAY_COMMAND_EXTENDED2;
#define ONION_QUEUE_MAX_DELAY_MIN 1
#define ONION_QUEUE_MAX_DELAY_MAX INT32_MAX
-#define NUM_NTORS_PER_TAP_DEFAULT 10
-#define NUM_NTORS_PER_TAP_MIN 1
-#define NUM_NTORS_PER_TAP_MAX 100000
-
/** Type for a linked list of circuits that are waiting for a free CPU worker
* to process a waiting onion handshake. */
typedef struct onion_queue_t {
static void onion_queue_entry_remove(onion_queue_t *victim);
/** Consensus parameters. */
-static int32_t ns_num_ntors_per_tap = NUM_NTORS_PER_TAP_DEFAULT;
static time_t ns_onion_queue_wait_cutoff = ONION_QUEUE_WAIT_CUTOFF_DEFAULT;
static uint32_t ns_onion_queue_max_delay = ONION_QUEUE_MAX_DELAY_DEFAULT;
-/** Return the number of ntors per tap from the cached parameter. */
-static inline int32_t
-get_num_ntors_per_tap(void)
-{
- return ns_num_ntors_per_tap;
-}
-
/** Return the onion queue wait cutoff value from the cached parameter. */
static inline time_t
get_onion_queue_wait_cutoff(void)
const or_options_t *options = get_options();
int num_cpus;
uint64_t max_onion_queue_delay;
- uint64_t tap_usec, ntor_usec;
- uint64_t ntor_during_tap_usec, tap_during_ntor_usec;
+ uint64_t ntor_usec;
+
+ /* We never allow TAP. */
+ if (type == ONION_HANDSHAKE_TYPE_TAP) {
+ return 0;
+ }
/* If we've got fewer than 50 entries, we always have room for one more. */
if (ol_entries[type] < 50)
/* Compute how many microseconds we'd expect to need to clear all
* onionskins in various combinations of the queues. */
- /* How long would it take to process all the TAP cells in the queue? */
- tap_usec = estimated_usec_for_onionskins(
- ol_entries[ONION_HANDSHAKE_TYPE_TAP],
- ONION_HANDSHAKE_TYPE_TAP) / num_cpus;
-
/* How long would it take to process all the NTor cells in the queue? */
ntor_usec = estimated_usec_for_onionskins(
ol_entries[ONION_HANDSHAKE_TYPE_NTOR],
ONION_HANDSHAKE_TYPE_NTOR) / num_cpus;
- /* How long would it take to process the tap cells that we expect to
- * process while draining the ntor queue? */
- tap_during_ntor_usec = estimated_usec_for_onionskins(
- MIN(ol_entries[ONION_HANDSHAKE_TYPE_TAP],
- ol_entries[ONION_HANDSHAKE_TYPE_NTOR] / get_num_ntors_per_tap()),
- ONION_HANDSHAKE_TYPE_TAP) / num_cpus;
-
- /* How long would it take to process the ntor cells that we expect to
- * process while draining the tap queue? */
- ntor_during_tap_usec = estimated_usec_for_onionskins(
- MIN(ol_entries[ONION_HANDSHAKE_TYPE_NTOR],
- ol_entries[ONION_HANDSHAKE_TYPE_TAP] * get_num_ntors_per_tap()),
- ONION_HANDSHAKE_TYPE_NTOR) / num_cpus;
-
/* See whether that exceeds MaxOnionQueueDelay. If so, we can't queue
* this. */
if (type == ONION_HANDSHAKE_TYPE_NTOR &&
- (ntor_usec + tap_during_ntor_usec) / 1000 > max_onion_queue_delay)
- return 0;
-
- if (type == ONION_HANDSHAKE_TYPE_TAP &&
- (tap_usec + ntor_during_tap_usec) / 1000 > max_onion_queue_delay)
- return 0;
-
- /* If we support the ntor handshake, then don't let TAP handshakes use
- * more than 2/3 of the space on the queue. */
- if (type == ONION_HANDSHAKE_TYPE_TAP &&
- tap_usec / 1000 > max_onion_queue_delay * 2 / 3)
+ (ntor_usec / 1000) > max_onion_queue_delay)
return 0;
return 1;
static uint16_t
decide_next_handshake_type(void)
{
- /* The number of times we've chosen ntor lately when both were available. */
- static int recently_chosen_ntors = 0;
-
- if (!ol_entries[ONION_HANDSHAKE_TYPE_NTOR])
- return ONION_HANDSHAKE_TYPE_TAP; /* no ntors? try tap */
-
- if (!ol_entries[ONION_HANDSHAKE_TYPE_TAP]) {
-
- /* Nick wants us to prioritize new tap requests when there aren't
- * any in the queue and we've processed k ntor cells since the last
- * tap cell. This strategy is maybe a good idea, since it starves tap
- * less in the case where tap is rare, or maybe a poor idea, since it
- * makes the new tap cell unfairly jump in front of ntor cells that
- * got here first. In any case this edge case will only become relevant
- * once tap is rare. We should reevaluate whether we like this decision
- * once tap gets more rare. */
- if (ol_entries[ONION_HANDSHAKE_TYPE_NTOR] &&
- recently_chosen_ntors <= get_num_ntors_per_tap())
- ++recently_chosen_ntors;
-
- return ONION_HANDSHAKE_TYPE_NTOR; /* no taps? try ntor */
- }
-
- /* They both have something queued. Pick ntor if we haven't done that
- * too much lately. */
- if (++recently_chosen_ntors <= get_num_ntors_per_tap()) {
- return ONION_HANDSHAKE_TYPE_NTOR;
- }
-
- /* Else, it's time to let tap have its turn. */
- recently_chosen_ntors = 0;
- return ONION_HANDSHAKE_TYPE_TAP;
+ return ONION_HANDSHAKE_TYPE_NTOR;
}
/** Remove the highest priority item from ol_list[] and return it, or
ONION_QUEUE_WAIT_CUTOFF_DEFAULT,
ONION_QUEUE_WAIT_CUTOFF_MIN,
ONION_QUEUE_WAIT_CUTOFF_MAX);
-
- ns_num_ntors_per_tap =
- networkstatus_get_param(ns, "NumNTorsPerTAP",
- NUM_NTORS_PER_TAP_DEFAULT,
- NUM_NTORS_PER_TAP_MIN,
- NUM_NTORS_PER_TAP_MAX);
}
#include "orconfig.h"
#include "core/or/or.h"
-#include "core/crypto/onion_tap.h"
#include "core/crypto/relay_crypto.h"
#include "lib/intmath/weakrng.h"
crypto_cipher_free(c);
}
-static void
-bench_onion_TAP(void)
-{
- const int iters = 1<<9;
- int i;
- crypto_pk_t *key, *key2;
- uint64_t start, end;
- char os[TAP_ONIONSKIN_CHALLENGE_LEN];
- char or[TAP_ONIONSKIN_REPLY_LEN];
- crypto_dh_t *dh_out = NULL;
-
- key = crypto_pk_new();
- key2 = crypto_pk_new();
- if (crypto_pk_generate_key_with_bits(key, 1024) < 0)
- goto done;
- if (crypto_pk_generate_key_with_bits(key2, 1024) < 0)
- goto done;
-
- reset_perftime();
- start = perftime();
- for (i = 0; i < iters; ++i) {
- onion_skin_TAP_create(key, &dh_out, os);
- crypto_dh_free(dh_out);
- }
- end = perftime();
- printf("Client-side, part 1: %f usec.\n", NANOCOUNT(start, end, iters)/1e3);
-
- onion_skin_TAP_create(key, &dh_out, os);
- start = perftime();
- for (i = 0; i < iters; ++i) {
- char key_out[CPATH_KEY_MATERIAL_LEN];
- onion_skin_TAP_server_handshake(os, key, NULL, or,
- key_out, sizeof(key_out));
- }
- end = perftime();
- printf("Server-side, key guessed right: %f usec\n",
- NANOCOUNT(start, end, iters)/1e3);
-
- start = perftime();
- for (i = 0; i < iters; ++i) {
- char key_out[CPATH_KEY_MATERIAL_LEN];
- onion_skin_TAP_server_handshake(os, key2, key, or,
- key_out, sizeof(key_out));
- }
- end = perftime();
- printf("Server-side, key guessed wrong: %f usec.\n",
- NANOCOUNT(start, end, iters)/1e3);
-
- start = perftime();
- for (i = 0; i < iters; ++i) {
- crypto_dh_t *dh;
- char key_out[CPATH_KEY_MATERIAL_LEN];
- int s;
- dh = crypto_dh_dup(dh_out);
- s = onion_skin_TAP_client_handshake(dh, or, key_out, sizeof(key_out),
- NULL);
- crypto_dh_free(dh);
- tor_assert(s == 0);
- }
- end = perftime();
- printf("Client-side, part 2: %f usec.\n",
- NANOCOUNT(start, end, iters)/1e3);
-
- done:
- crypto_dh_free(dh_out);
- crypto_pk_free(key);
- crypto_pk_free(key2);
-}
-
static void
bench_onion_ntor_impl(void)
{
ENT(siphash),
ENT(digest),
ENT(aes),
- ENT(onion_TAP),
ENT(onion_ntor),
ENT(ed25519),
ENT(rand),
#include "core/or/onion.h"
#include "core/crypto/onion_ntor.h"
#include "core/crypto/onion_fast.h"
-#include "core/crypto/onion_tap.h"
#include "core/or/policies.h"
#include "lib/sandbox/sandbox.h"
#include "app/config/statefile.h"
#include "core/or/or_circuit_st.h"
#include "feature/relay/onion_queue.h"
-/** Run unit tests for the onion handshake code. */
-static void
-test_onion_handshake(void *arg)
-{
- /* client-side */
- crypto_dh_t *c_dh = NULL;
- char c_buf[TAP_ONIONSKIN_CHALLENGE_LEN];
- char c_keys[40];
- /* server-side */
- char s_buf[TAP_ONIONSKIN_REPLY_LEN];
- char s_keys[40];
- int i;
- /* shared */
- crypto_pk_t *pk = NULL, *pk2 = NULL;
-
- (void)arg;
- pk = pk_generate(0);
- pk2 = pk_generate(1);
-
- /* client handshake 1. */
- memset(c_buf, 0, TAP_ONIONSKIN_CHALLENGE_LEN);
- tt_assert(! onion_skin_TAP_create(pk, &c_dh, c_buf));
-
- for (i = 1; i <= 3; ++i) {
- crypto_pk_t *k1, *k2;
- if (i==1) {
- /* server handshake: only one key known. */
- k1 = pk; k2 = NULL;
- } else if (i==2) {
- /* server handshake: try the right key first. */
- k1 = pk; k2 = pk2;
- } else {
- /* server handshake: try the right key second. */
- k1 = pk2; k2 = pk;
- }
-
- memset(s_buf, 0, TAP_ONIONSKIN_REPLY_LEN);
- memset(s_keys, 0, 40);
- tt_assert(! onion_skin_TAP_server_handshake(c_buf, k1, k2,
- s_buf, s_keys, 40));
-
- /* client handshake 2 */
- memset(c_keys, 0, 40);
- tt_assert(! onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys,
- 40, NULL));
-
- tt_mem_op(c_keys,OP_EQ, s_keys, 40);
- memset(s_buf, 0, 40);
- tt_mem_op(c_keys,OP_NE, s_buf, 40);
- }
- done:
- crypto_dh_free(c_dh);
- crypto_pk_free(pk);
- crypto_pk_free(pk2);
-}
-
-static void
-test_bad_onion_handshake(void *arg)
-{
- char junk_buf[TAP_ONIONSKIN_CHALLENGE_LEN];
- char junk_buf2[TAP_ONIONSKIN_CHALLENGE_LEN];
- /* client-side */
- crypto_dh_t *c_dh = NULL;
- char c_buf[TAP_ONIONSKIN_CHALLENGE_LEN];
- char c_keys[40];
- /* server-side */
- char s_buf[TAP_ONIONSKIN_REPLY_LEN];
- char s_keys[40];
- /* shared */
- crypto_pk_t *pk = NULL, *pk2 = NULL;
-
- (void)arg;
-
- pk = pk_generate(0);
- pk2 = pk_generate(1);
-
- /* Server: Case 1: the encrypted data is degenerate. */
- memset(junk_buf, 0, sizeof(junk_buf));
- crypto_pk_obsolete_public_hybrid_encrypt(pk,
- junk_buf2, TAP_ONIONSKIN_CHALLENGE_LEN,
- junk_buf, DH1024_KEY_LEN,
- PK_PKCS1_OAEP_PADDING, 1);
- tt_int_op(-1, OP_EQ,
- onion_skin_TAP_server_handshake(junk_buf2, pk, NULL,
- s_buf, s_keys, 40));
-
- /* Server: Case 2: the encrypted data is not long enough. */
- memset(junk_buf, 0, sizeof(junk_buf));
- memset(junk_buf2, 0, sizeof(junk_buf2));
- crypto_pk_public_encrypt(pk, junk_buf2, sizeof(junk_buf2),
- junk_buf, 48, PK_PKCS1_OAEP_PADDING);
- tt_int_op(-1, OP_EQ,
- onion_skin_TAP_server_handshake(junk_buf2, pk, NULL,
- s_buf, s_keys, 40));
-
- /* client handshake 1: do it straight. */
- memset(c_buf, 0, TAP_ONIONSKIN_CHALLENGE_LEN);
- tt_assert(! onion_skin_TAP_create(pk, &c_dh, c_buf));
-
- /* Server: Case 3: we just don't have the right key. */
- tt_int_op(-1, OP_EQ,
- onion_skin_TAP_server_handshake(c_buf, pk2, NULL,
- s_buf, s_keys, 40));
-
- /* Server: Case 4: The RSA-encrypted portion is corrupt. */
- c_buf[64] ^= 33;
- tt_int_op(-1, OP_EQ,
- onion_skin_TAP_server_handshake(c_buf, pk, NULL,
- s_buf, s_keys, 40));
- c_buf[64] ^= 33;
-
- /* (Let the server proceed) */
- tt_int_op(0, OP_EQ,
- onion_skin_TAP_server_handshake(c_buf, pk, NULL,
- s_buf, s_keys, 40));
-
- /* Client: Case 1: The server sent back junk. */
- const char *msg = NULL;
- s_buf[64] ^= 33;
- tt_int_op(-1, OP_EQ,
- onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40, &msg));
- s_buf[64] ^= 33;
- tt_str_op(msg, OP_EQ, "Digest DOES NOT MATCH on onion handshake. "
- "Bug or attack.");
-
- /* Let the client finish; make sure it can. */
- msg = NULL;
- tt_int_op(0, OP_EQ,
- onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40, &msg));
- tt_mem_op(s_keys,OP_EQ, c_keys, 40);
- tt_ptr_op(msg, OP_EQ, NULL);
-
- /* Client: Case 2: The server sent back a degenerate DH. */
- memset(s_buf, 0, sizeof(s_buf));
- tt_int_op(-1, OP_EQ,
- onion_skin_TAP_client_handshake(c_dh, s_buf, c_keys, 40, &msg));
- tt_str_op(msg, OP_EQ, "DH computation failed.");
-
- done:
- crypto_dh_free(c_dh);
- crypto_pk_free(pk);
- crypto_pk_free(pk2);
-}
-
static void
test_ntor_handshake(void *arg)
{
static void
test_onion_queues(void *arg)
{
- uint8_t buf1[TAP_ONIONSKIN_CHALLENGE_LEN] = {0};
+ uint8_t buf1[NTOR_ONIONSKIN_LEN] = {0};
uint8_t buf2[NTOR_ONIONSKIN_LEN] = {0};
or_circuit_t *circ1 = or_circuit_new(0, NULL);
or_circuit_t *circ2 = or_circuit_new(0, NULL);
- create_cell_t *onionskin = NULL, *create2_ptr;
+ create_cell_t *onionskin = NULL, *create1_ptr;
create_cell_t *create1 = tor_malloc_zero(sizeof(create_cell_t));
create_cell_t *create2 = tor_malloc_zero(sizeof(create_cell_t));
(void)arg;
- create2_ptr = create2; /* remember, but do not free */
+ create1_ptr = create1; /* remember, but do not free */
- create_cell_init(create1, CELL_CREATE, ONION_HANDSHAKE_TYPE_TAP,
- TAP_ONIONSKIN_CHALLENGE_LEN, buf1);
+ create_cell_init(create1, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR,
+ NTOR_ONIONSKIN_LEN, buf1);
create_cell_init(create2, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR,
NTOR_ONIONSKIN_LEN, buf2);
- tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
tt_int_op(0,OP_EQ, onion_pending_add(circ1, create1));
create1 = NULL;
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
- tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
tt_int_op(0,OP_EQ, onion_pending_add(circ2, create2));
create2 = NULL;
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+ tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
- tt_ptr_op(circ2,OP_EQ, onion_next_task(&onionskin));
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
- tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
- tt_ptr_op(onionskin, OP_EQ, create2_ptr);
+ tt_ptr_op(circ1,OP_EQ, onion_next_task(&onionskin));
+ tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
+ tt_ptr_op(onionskin, OP_EQ, create1_ptr);
clear_pending_onions();
tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
static void
test_onion_queue_order(void *arg)
{
- uint8_t buf_tap[TAP_ONIONSKIN_CHALLENGE_LEN] = {0};
uint8_t buf_ntor[NTOR_ONIONSKIN_LEN] = {0};
uint8_t buf_ntor3[CELL_PAYLOAD_SIZE] = {0};
- or_circuit_t *circ_tap = or_circuit_new(0, NULL);
or_circuit_t *circ_ntor = or_circuit_new(0, NULL);
or_circuit_t *circ_ntor3 = or_circuit_new(0, NULL);
create_cell_t *onionskin = NULL;
- create_cell_t *create_tap1 = tor_malloc_zero(sizeof(create_cell_t));
create_cell_t *create_ntor1 = tor_malloc_zero(sizeof(create_cell_t));
create_cell_t *create_ntor2 = tor_malloc_zero(sizeof(create_cell_t));
create_cell_t *create_v3ntor1 = tor_malloc_zero(sizeof(create_cell_t));
create_cell_t *create_v3ntor2 = tor_malloc_zero(sizeof(create_cell_t));
(void)arg;
- create_cell_init(create_tap1, CELL_CREATE, ONION_HANDSHAKE_TYPE_TAP,
- TAP_ONIONSKIN_CHALLENGE_LEN, buf_tap);
create_cell_init(create_ntor1, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR,
NTOR_ONIONSKIN_LEN, buf_ntor);
create_cell_init(create_ntor2, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR,
NTOR_ONIONSKIN_LEN, buf_ntor3);
/* sanity check queue init */
- tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
- tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
- tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
-
- /* Add tap first so we can ensure it comes out last */
- tt_int_op(0,OP_EQ, onion_pending_add(circ_tap, create_tap1));
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
/* Now add interleaving ntor2 and ntor3, to ensure they share
* the same queue and come out in this order */
tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor, create_ntor1));
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor3, create_v3ntor1));
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor, create_ntor2));
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor3, create_v3ntor2));
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
tt_int_op(4,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
tt_int_op(4,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
/* Now remove 5 tasks, ensuring order and queue sizes */
tt_ptr_op(circ_ntor, OP_EQ, onion_next_task(&onionskin));
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
tt_ptr_op(onionskin, OP_EQ, create_ntor1);
tt_ptr_op(circ_ntor3, OP_EQ, onion_next_task(&onionskin));
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
tt_ptr_op(onionskin, OP_EQ, create_v3ntor1);
tt_ptr_op(circ_ntor, OP_EQ, onion_next_task(&onionskin));
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
+ tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
tt_ptr_op(onionskin, OP_EQ, create_ntor2);
tt_ptr_op(circ_ntor3, OP_EQ, onion_next_task(&onionskin));
- tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
- tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
- tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
- tt_ptr_op(onionskin, OP_EQ, create_v3ntor2);
-
- tt_ptr_op(circ_tap, OP_EQ, onion_next_task(&onionskin));
tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3));
- tt_ptr_op(onionskin, OP_EQ, create_tap1);
+ tt_ptr_op(onionskin, OP_EQ, create_v3ntor2);
clear_pending_onions();
tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP));
tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR));
done:
- circuit_free_(TO_CIRCUIT(circ_tap));
circuit_free_(TO_CIRCUIT(circ_ntor));
circuit_free_(TO_CIRCUIT(circ_ntor3));
- tor_free(create_tap1);
tor_free(create_ntor1);
tor_free(create_ntor2);
tor_free(create_v3ntor1);
{ #name, test_ ## name , TT_FORK, NULL, NULL }
static struct testcase_t test_array[] = {
- ENT(onion_handshake),
- { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL },
ENT(onion_queues),
ENT(onion_queue_order),
{ "ntor_handshake", test_ntor_handshake, 0, NULL, NULL },
#include "app/config/config.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "core/or/onion.h"
-#include "core/crypto/onion_tap.h"
#include "core/crypto/onion_fast.h"
#include "core/crypto/onion_ntor.h"
#include "core/or/relay.h"
/* === Let's try parsing some good cells! */
- /* A valid create cell. */
- memset(&cell, 0, sizeof(cell));
- memset(b, 0, sizeof(b));
- crypto_rand((char*)b, TAP_ONIONSKIN_CHALLENGE_LEN);
- cell.command = CELL_CREATE;
- memcpy(cell.payload, b, TAP_ONIONSKIN_CHALLENGE_LEN);
- tt_int_op(0, OP_EQ, create_cell_parse(&cc, &cell));
- tt_int_op(CELL_CREATE, OP_EQ, cc.cell_type);
- tt_int_op(ONION_HANDSHAKE_TYPE_TAP, OP_EQ, cc.handshake_type);
- tt_int_op(TAP_ONIONSKIN_CHALLENGE_LEN, OP_EQ, cc.handshake_len);
- tt_mem_op(cc.onionskin,OP_EQ, b, TAP_ONIONSKIN_CHALLENGE_LEN + 10);
- tt_int_op(0, OP_EQ, create_cell_format(&cell2, &cc));
- tt_int_op(cell.command, OP_EQ, cell2.command);
- tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
-
/* A valid create_fast cell. */
memset(&cell, 0, sizeof(cell));
memset(b, 0, sizeof(b));
tt_int_op(cell.command, OP_EQ, cell2.command);
tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
- /* A valid create2 cell with a TAP payload */
- memset(&cell, 0, sizeof(cell));
- memset(b, 0, sizeof(b));
- crypto_rand((char*)b, TAP_ONIONSKIN_CHALLENGE_LEN);
- cell.command = CELL_CREATE2;
- memcpy(cell.payload, "\x00\x00\x00\xBA", 4); /* TAP, 186 bytes long */
- memcpy(cell.payload+4, b, TAP_ONIONSKIN_CHALLENGE_LEN);
- tt_int_op(0, OP_EQ, create_cell_parse(&cc, &cell));
- tt_int_op(CELL_CREATE2, OP_EQ, cc.cell_type);
- tt_int_op(ONION_HANDSHAKE_TYPE_TAP, OP_EQ, cc.handshake_type);
- tt_int_op(TAP_ONIONSKIN_CHALLENGE_LEN, OP_EQ, cc.handshake_len);
- tt_mem_op(cc.onionskin,OP_EQ, b, TAP_ONIONSKIN_CHALLENGE_LEN + 10);
- tt_int_op(0, OP_EQ, create_cell_format(&cell2, &cc));
- tt_int_op(cell.command, OP_EQ, cell2.command);
- tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
-
/* A valid create2 cell with an ntor payload */
memset(&cell, 0, sizeof(cell));
memset(b, 0, sizeof(b));
tt_int_op(cell.command, OP_EQ, cell2.command);
tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
- /* A valid create cell with an ntor payload, in legacy format. */
- memset(&cell, 0, sizeof(cell));
- memset(b, 0, sizeof(b));
- crypto_rand((char*)b, NTOR_ONIONSKIN_LEN);
- cell.command = CELL_CREATE;
- memcpy(cell.payload, "ntorNTORntorNTOR", 16);
- memcpy(cell.payload+16, b, NTOR_ONIONSKIN_LEN);
- tt_int_op(0, OP_EQ, create_cell_parse(&cc, &cell));
- tt_int_op(CELL_CREATE, OP_EQ, cc.cell_type);
- tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, OP_EQ, cc.handshake_type);
- tt_int_op(NTOR_ONIONSKIN_LEN, OP_EQ, cc.handshake_len);
- tt_mem_op(cc.onionskin,OP_EQ, b, NTOR_ONIONSKIN_LEN + 10);
- tt_int_op(0, OP_EQ, create_cell_format(&cell2, &cc));
- tt_int_op(cell.command, OP_EQ, cell2.command);
- tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
-
/* == Okay, now let's try to parse some impossible stuff. */
/* It has to be some kind of a create cell! */
(void)arg;
- /* A good CREATED cell */
- memset(&cell, 0, sizeof(cell));
- memset(b, 0, sizeof(b));
- crypto_rand((char*)b, TAP_ONIONSKIN_REPLY_LEN);
- cell.command = CELL_CREATED;
- memcpy(cell.payload, b, TAP_ONIONSKIN_REPLY_LEN);
- tt_int_op(0, OP_EQ, created_cell_parse(&cc, &cell));
- tt_int_op(CELL_CREATED, OP_EQ, cc.cell_type);
- tt_int_op(TAP_ONIONSKIN_REPLY_LEN, OP_EQ, cc.handshake_len);
- tt_mem_op(cc.reply,OP_EQ, b, TAP_ONIONSKIN_REPLY_LEN + 10);
- tt_int_op(0, OP_EQ, created_cell_format(&cell2, &cc));
- tt_int_op(cell.command, OP_EQ, cell2.command);
- tt_mem_op(cell.payload,OP_EQ, cell2.payload, CELL_PAYLOAD_SIZE);
-
/* A good CREATED_FAST cell */
memset(&cell, 0, sizeof(cell));
memset(b, 0, sizeof(b));
(void) arg;
- /* Let's start with a simple EXTEND cell. */
- memset(p, 0, sizeof(p));
- memset(b, 0, sizeof(b));
- crypto_rand((char*)b, TAP_ONIONSKIN_CHALLENGE_LEN);
- memcpy(p, "\x12\xf4\x00\x01\x01\x02", 6); /* 18 244 0 1 : 258 */
- memcpy(p+6,b,TAP_ONIONSKIN_CHALLENGE_LEN);
- memcpy(p+6+TAP_ONIONSKIN_CHALLENGE_LEN, "electroencephalogram", 20);
- tt_int_op(0, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND,
- p, 26+TAP_ONIONSKIN_CHALLENGE_LEN));
- tt_int_op(RELAY_COMMAND_EXTEND, OP_EQ, ec.cell_type);
- tt_str_op("18.244.0.1", OP_EQ, fmt_addr(&ec.orport_ipv4.addr));
- tt_int_op(258, OP_EQ, ec.orport_ipv4.port);
- tt_int_op(AF_UNSPEC, OP_EQ, tor_addr_family(&ec.orport_ipv6.addr));
- tt_mem_op(ec.node_id,OP_EQ, "electroencephalogram", 20);
- tt_int_op(cc->cell_type, OP_EQ, CELL_CREATE);
- tt_int_op(cc->handshake_type, OP_EQ, ONION_HANDSHAKE_TYPE_TAP);
- tt_int_op(cc->handshake_len, OP_EQ, TAP_ONIONSKIN_CHALLENGE_LEN);
- tt_mem_op(cc->onionskin,OP_EQ, b, TAP_ONIONSKIN_CHALLENGE_LEN+20);
- tt_int_op(0, OP_EQ, extend_cell_format(&p2_cmd, &p2_len, p2, &ec));
- tt_int_op(p2_cmd, OP_EQ, RELAY_COMMAND_EXTEND);
- tt_int_op(p2_len, OP_EQ, 26+TAP_ONIONSKIN_CHALLENGE_LEN);
- tt_mem_op(p2,OP_EQ, p, RELAY_PAYLOAD_SIZE);
-
- /* Let's do an ntor stuffed in a legacy EXTEND cell */
- memset(p, 0, sizeof(p));
- memset(b, 0, sizeof(b));
- crypto_rand((char*)b, NTOR_ONIONSKIN_LEN);
- memcpy(p, "\x12\xf4\x00\x01\x01\x02", 6); /* 18 244 0 1 : 258 */
- memcpy(p+6,"ntorNTORntorNTOR", 16);
- memcpy(p+22, b, NTOR_ONIONSKIN_LEN);
- memcpy(p+6+TAP_ONIONSKIN_CHALLENGE_LEN, "electroencephalogram", 20);
- tt_int_op(0, OP_EQ, extend_cell_parse(&ec, RELAY_COMMAND_EXTEND,
- p, 26+TAP_ONIONSKIN_CHALLENGE_LEN));
- tt_int_op(RELAY_COMMAND_EXTEND, OP_EQ, ec.cell_type);
- tt_str_op("18.244.0.1", OP_EQ, fmt_addr(&ec.orport_ipv4.addr));
- tt_int_op(258, OP_EQ, ec.orport_ipv4.port);
- tt_int_op(AF_UNSPEC, OP_EQ, tor_addr_family(&ec.orport_ipv6.addr));
- tt_mem_op(ec.node_id,OP_EQ, "electroencephalogram", 20);
- tt_int_op(cc->cell_type, OP_EQ, CELL_CREATE2);
- tt_int_op(cc->handshake_type, OP_EQ, ONION_HANDSHAKE_TYPE_NTOR);
- tt_int_op(cc->handshake_len, OP_EQ, NTOR_ONIONSKIN_LEN);
- tt_mem_op(cc->onionskin,OP_EQ, b, NTOR_ONIONSKIN_LEN+20);
- tt_int_op(0, OP_EQ, extend_cell_format(&p2_cmd, &p2_len, p2, &ec));
- tt_int_op(p2_cmd, OP_EQ, RELAY_COMMAND_EXTEND);
- tt_int_op(p2_len, OP_EQ, 26+TAP_ONIONSKIN_CHALLENGE_LEN);
- tt_mem_op(p2,OP_EQ, p, RELAY_PAYLOAD_SIZE);
- tt_int_op(0, OP_EQ, create_cell_format_relayed(&cell, cc));
-
/* Now let's do a minimal ntor EXTEND2 cell. */
memset(&ec, 0xff, sizeof(ec));
memset(p, 0, sizeof(p));
(void) arg;
- /* Try a regular EXTENDED cell. */
- memset(&ec, 0xff, sizeof(ec));
- memset(p, 0, sizeof(p));
- memset(b, 0, sizeof(b));
- crypto_rand((char*)b, TAP_ONIONSKIN_REPLY_LEN);
- memcpy(p,b,TAP_ONIONSKIN_REPLY_LEN);
- tt_int_op(0, OP_EQ, extended_cell_parse(&ec, RELAY_COMMAND_EXTENDED, p,
- TAP_ONIONSKIN_REPLY_LEN));
- tt_int_op(RELAY_COMMAND_EXTENDED, OP_EQ, ec.cell_type);
- tt_int_op(cc->cell_type, OP_EQ, CELL_CREATED);
- tt_int_op(cc->handshake_len, OP_EQ, TAP_ONIONSKIN_REPLY_LEN);
- tt_mem_op(cc->reply,OP_EQ, b, TAP_ONIONSKIN_REPLY_LEN);
- tt_int_op(0, OP_EQ, extended_cell_format(&p2_cmd, &p2_len, p2, &ec));
- tt_int_op(RELAY_COMMAND_EXTENDED, OP_EQ, p2_cmd);
- tt_int_op(TAP_ONIONSKIN_REPLY_LEN, OP_EQ, p2_len);
- tt_mem_op(p2,OP_EQ, p, sizeof(p2));
-
/* Try an EXTENDED2 cell */
memset(&ec, 0xff, sizeof(ec));
memset(p, 0, sizeof(p));
projects / thirdparty / tor.git / commitdiff
