Commit 03ed54e9 authored by Roger Dingledine's avatar Roger Dingledine
Browse files

put some symbolic constants to the onion skin lengths


svn:r265
parent d7f50337
......@@ -777,7 +777,7 @@ int circuit_send_next_onion_skin(circuit_t *circ) {
memset(&cell, 0, sizeof(cell_t));
cell.command = CELL_CREATE;
cell.aci = circ->n_aci;
cell.length = 208;
cell.length = DH_ONIONSKIN_LEN;
if(onion_skin_create(circ->n_conn->pkey, &(circ->cpath->handshake_state), cell.payload) < 0) {
log(LOG_INFO,"circuit_send_next_onion_skin(): onion_skin_create (first hop) failed.");
......@@ -816,7 +816,7 @@ int circuit_send_next_onion_skin(circuit_t *circ) {
SET_CELL_RELAY_COMMAND(cell, RELAY_COMMAND_EXTEND);
SET_CELL_STREAM_ID(cell, ZERO_STREAM);
cell.length = RELAY_HEADER_SIZE + 6 + 208;
cell.length = RELAY_HEADER_SIZE + 6 + DH_ONIONSKIN_LEN;
*(uint32_t*)(cell.payload+RELAY_HEADER_SIZE) = htonl(hop->addr);
*(uint32_t*)(cell.payload+RELAY_HEADER_SIZE+4) = htons(hop->port);
if(onion_skin_create(router->pkey, &(hop->handshake_state), cell.payload+RELAY_HEADER_SIZE+6) < 0) {
......@@ -883,9 +883,9 @@ int circuit_extend(cell_t *cell, circuit_t *circ) {
memset(&newcell, 0, sizeof(cell_t));
newcell.command = CELL_CREATE;
newcell.aci = circ->n_aci;
newcell.length = 208;
newcell.length = DH_ONIONSKIN_LEN;
memcpy(newcell.payload, cell->payload+RELAY_HEADER_SIZE+6, 208);
memcpy(newcell.payload, cell->payload+RELAY_HEADER_SIZE+6, DH_ONIONSKIN_LEN);
if(connection_write_cell_to_buf(&newcell, circ->n_conn) < 0) {
return -1;
......
......@@ -95,7 +95,7 @@ void command_process_create_cell(cell_t *cell, connection_t *conn) {
circ = circuit_new(cell->aci, conn);
circ->state = CIRCUIT_STATE_ONIONSKIN_PENDING;
if(cell->length != 208) {
if(cell->length != DH_ONIONSKIN_LEN) {
log(LOG_DEBUG,"command_process_create_cell(): Bad cell length %d. Dropping.", cell->length);
circuit_close(circ);
return;
......@@ -127,7 +127,7 @@ void command_process_created_cell(cell_t *cell, connection_t *conn) {
log(LOG_DEBUG,"command_process_created_cell(): got created cell from OPward? Dropping.");
return;
}
assert(cell->length == 192);
assert(cell->length == DH_KEY_LEN);
if(circ->cpath) { /* we're the OP. Handshake this. */
log(LOG_DEBUG,"command_process_created_cell(): at OP. Finishing handshake.");
......@@ -150,7 +150,7 @@ void command_process_created_cell(cell_t *cell, connection_t *conn) {
SET_CELL_STREAM_ID(newcell, ZERO_STREAM);
newcell.length = RELAY_HEADER_SIZE + cell->length;
memcpy(newcell.payload+RELAY_HEADER_SIZE, cell->payload, 192);
memcpy(newcell.payload+RELAY_HEADER_SIZE, cell->payload, DH_KEY_LEN);
log(LOG_DEBUG,"command_process_created_cell(): Sending extended relay cell.");
if(circuit_deliver_relay_cell_from_edge(&newcell, circ, EDGE_EXIT, NULL) < 0) {
......
......@@ -184,7 +184,7 @@ static int onionskin_process(circuit_t *circ) {
memset(&cell, 0, sizeof(cell_t));
cell.command = CELL_CREATED;
cell.aci = circ->p_aci;
cell.length = 192;
cell.length = DH_KEY_LEN;
circ->state = CIRCUIT_STATE_OPEN;
......@@ -436,7 +436,7 @@ crypt_path_t *onion_generate_cpath(routerinfo_t **firsthop) {
int
onion_skin_create(crypto_pk_env_t *dest_router_key,
crypto_dh_env_t **handshake_state_out,
char *onion_skin_out) /* Must be 208 bytes long */
char *onion_skin_out) /* Must be DH_ONIONSKIN_LEN bytes long */
{
char iv[16];
char *pubkey = NULL;
......@@ -445,7 +445,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
int dhbytes, pkbytes;
*handshake_state_out = NULL;
memset(onion_skin_out, 0, 208);
memset(onion_skin_out, 0, DH_ONIONSKIN_LEN);
memset(iv, 0, 16);
if (!(dh = crypto_dh_new()))
......@@ -453,7 +453,7 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
dhbytes = crypto_dh_get_bytes(dh);
pkbytes = crypto_pk_keysize(dest_router_key);
assert(dhbytes+16 == 208);
assert(dhbytes+16 == DH_ONIONSKIN_LEN);
if (!(pubkey = malloc(dhbytes+16)))
goto err;
......@@ -512,13 +512,13 @@ onion_skin_create(crypto_pk_env_t *dest_router_key,
* reply, and key_out_len bytes of key material, stored in key_out.
*/
int
onion_skin_server_handshake(char *onion_skin, /* 208 bytes long */
onion_skin_server_handshake(char *onion_skin, /* DH_ONIONSKIN_LEN bytes long */
crypto_pk_env_t *private_key,
char *handshake_reply_out, /* 192 bytes long */
char *handshake_reply_out, /* DH_KEY_LEN bytes long */
char *key_out,
int key_out_len)
{
char buf[208];
char buf[DH_ONIONSKIN_LEN];
char iv[16];
crypto_dh_env_t *dh = NULL;
crypto_cipher_env_t *cipher = NULL;
......@@ -539,7 +539,7 @@ onion_skin_server_handshake(char *onion_skin, /* 208 bytes long */
cipher = crypto_create_init_cipher(CRYPTO_CIPHER_3DES, buf, iv, 0);
if (crypto_cipher_decrypt(cipher, onion_skin+pkbytes, 208-pkbytes,
if (crypto_cipher_decrypt(cipher, onion_skin+pkbytes, DH_ONIONSKIN_LEN-pkbytes,
buf+pkbytes))
goto err;
......@@ -550,13 +550,13 @@ onion_skin_server_handshake(char *onion_skin, /* 208 bytes long */
#endif
dh = crypto_dh_new();
if (crypto_dh_get_public(dh, handshake_reply_out, 192))
if (crypto_dh_get_public(dh, handshake_reply_out, DH_KEY_LEN))
goto err;
if (crypto_dh_compute_secret(dh, buf+16, 192, buf))
if (crypto_dh_compute_secret(dh, buf+16, DH_KEY_LEN, buf))
goto err;
memcpy(key_out, buf+192-key_out_len, key_out_len);
memcpy(key_out, buf+DH_KEY_LEN-key_out_len, key_out_len);
crypto_free_cipher_env(cipher);
crypto_dh_free(dh);
......@@ -577,20 +577,20 @@ onion_skin_server_handshake(char *onion_skin, /* 208 bytes long */
*/
int
onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
char *handshake_reply,/* Must be 192 bytes long*/
char *handshake_reply,/* Must be DH_KEY_LEN bytes long*/
char *key_out,
int key_out_len)
{
char key_material[192];
assert(crypto_dh_get_bytes(handshake_state) == 192);
char key_material[DH_KEY_LEN];
assert(crypto_dh_get_bytes(handshake_state) == DH_KEY_LEN);
memset(key_material, 0, 192);
memset(key_material, 0, DH_KEY_LEN);
if (crypto_dh_compute_secret(handshake_state, handshake_reply, 192,
if (crypto_dh_compute_secret(handshake_state, handshake_reply, DH_KEY_LEN,
key_material))
return -1;
memcpy(key_out, key_material+192-key_out_len, key_out_len);
memcpy(key_out, key_material+DH_KEY_LEN-key_out_len, key_out_len);
return 0;
}
......
......@@ -348,6 +348,9 @@ struct crypt_path_t {
};
#define DH_KEY_LEN 192
#define DH_ONIONSKIN_LEN 208
typedef struct crypt_path_t crypt_path_t;
struct relay_queue_t {
......@@ -375,7 +378,7 @@ typedef struct {
crypt_path_t *cpath;
char onionskin[208]; /* for storage while onionskin pending */
char onionskin[DH_ONIONSKIN_LEN]; /* for storage while onionskin pending */
long timestamp_created;
char dirty; /* whether this circuit has been used yet */
......@@ -394,21 +397,6 @@ struct onion_queue_t {
struct onion_queue_t *next;
};
#define ONION_KEYSEED_LEN 16
typedef struct {
uint8_t version;
uint16_t port;
uint32_t addr;
uint32_t expire;
unsigned char keyseed[ONION_KEYSEED_LEN];
} onion_layer_t;
/* ugly hack XXXX */
#define ONION_KEYSEED_OFFSET 11
#define ONION_LAYER_SIZE 27
#define ONION_PADDING_SIZE (128-ONION_LAYER_SIZE)
typedef struct {
char *LogLevel;
char *RouterFile;
......@@ -517,7 +505,6 @@ void circuit_resume_edge_reading(circuit_t *circ, int edge_type);
int circuit_consider_stop_edge_reading(circuit_t *circ, int edge_type);
int circuit_consider_sending_sendme(circuit_t *circ, int edge_type);
int circuit_init(circuit_t *circ, int aci_type, onion_layer_t *layer);
void circuit_free(circuit_t *circ);
void circuit_free_cpath(crypt_path_t *cpath);
void circuit_free_cpath_node(crypt_path_t *victim);
......@@ -773,16 +760,16 @@ crypt_path_t *onion_generate_cpath(routerinfo_t **firsthop);
int onion_skin_create(crypto_pk_env_t *router_key,
crypto_dh_env_t **handshake_state_out,
char *onion_skin_out); /* Must be 208 bytes long */
char *onion_skin_out); /* Must be DH_ONIONSKIN_LEN bytes long */
int onion_skin_server_handshake(char *onion_skin, /* 208 bytes long */
int onion_skin_server_handshake(char *onion_skin, /* DH_ONIONSKIN_LEN bytes long */
crypto_pk_env_t *private_key,
char *handshake_reply_out, /* 192 bytes long */
char *handshake_reply_out, /* DH_KEY_LEN bytes long */
char *key_out,
int key_out_len);
int onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
char *handshake_reply,/* Must be 192 bytes long*/
char *handshake_reply,/* Must be DH_KEY_LEN bytes long*/
char *key_out,
int key_out_len);
......
......@@ -466,11 +466,11 @@ test_onion_handshake() {
/* client-side */
crypto_dh_env_t *c_dh = NULL;
char c_buf[208];
char c_buf[DH_ONIONSKIN_LEN];
char c_keys[40];
/* server-side */
char s_buf[192];
char s_buf[DH_KEY_LEN];
char s_keys[40];
/* shared */
......@@ -480,11 +480,11 @@ test_onion_handshake() {
test_assert(! crypto_pk_generate_key(pk));
/* client handshake 1. */
memset(c_buf, 0, 208);
memset(c_buf, 0, DH_ONIONSKIN_LEN);
test_assert(! onion_skin_create(pk, &c_dh, c_buf));
/* server handshake */
memset(s_buf, 0, 192);
memset(s_buf, 0, DH_KEY_LEN);
memset(s_keys, 0, 40);
test_assert(! onion_skin_server_handshake(c_buf, pk, s_buf, s_keys, 40));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment