Commit 77e678c2 authored by Nick Mathewson's avatar Nick Mathewson 🎨
Browse files

Merge remote-tracking branch 'github/shrink_or_h_more'

parents a01b4d7f 518ebe14
......@@ -18,7 +18,7 @@
* GZIP_METHOD is guaranteed to be supported by the compress/uncompress
* functions here. Call tor_compress_supports_method() to check if a given
* compression schema is supported by Tor. */
typedef enum {
typedef enum compress_method_t {
NO_METHOD=0, // This method must be first.
GZIP_METHOD=1,
ZLIB_METHOD=2,
......@@ -32,7 +32,7 @@ typedef enum {
* BEST_COMPRESSION saves the most bandwidth; LOW_COMPRESSION saves the most
* memory.
**/
typedef enum {
typedef enum compression_level_t {
BEST_COMPRESSION, HIGH_COMPRESSION, MEDIUM_COMPRESSION, LOW_COMPRESSION
} compression_level_t;
......
......@@ -8,13 +8,7 @@
#include "lib/cc/torint.h"
#include "lib/crypt_ops/crypto_digest.h"
#include "lib/crypt_ops/crypto_openssl_mgt.h"
/** Length of a curve25519 public key when encoded. */
#define CURVE25519_PUBKEY_LEN 32
/** Length of a curve25519 secret key when encoded. */
#define CURVE25519_SECKEY_LEN 32
/** Length of the result of a curve25519 handshake. */
#define CURVE25519_OUTPUT_LEN 32
#include "lib/defs/x25519_sizes.h"
/** Wrapper type for a curve25519 public key.
*
......@@ -75,8 +69,6 @@ STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
STATIC int curve25519_basepoint_impl(uint8_t *output, const uint8_t *secret);
#endif /* defined(CRYPTO_CURVE25519_PRIVATE) */
#define CURVE25519_BASE64_PADDED_LEN 44
int curve25519_public_from_base64(curve25519_public_key_t *pkey,
const char *input);
int curve25519_public_to_base64(char *output,
......@@ -86,4 +78,3 @@ void curve25519_set_impl_params(int use_ed);
void curve25519_init(void);
#endif /* !defined(TOR_CRYPTO_CURVE25519_H) */
......@@ -344,7 +344,7 @@ crypto_dh_generate_public(crypto_dh_t *dh)
/** Generate g^x as necessary, and write the g^x for the key exchange
* as a <b>pubkey_len</b>-byte value into <b>pubkey</b>. Return 0 on
* success, -1 on failure. <b>pubkey_len</b> must be \>= DH_BYTES.
* success, -1 on failure. <b>pubkey_len</b> must be \>= DH1024_KEY_LEN.
*/
int
crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
......@@ -378,7 +378,7 @@ crypto_dh_get_public(crypto_dh_t *dh, char *pubkey, size_t pubkey_len)
tor_assert(bytes >= 0);
if (pubkey_len < (size_t)bytes) {
log_warn(LD_CRYPTO,
"Weird! pubkey_len (%d) was smaller than DH_BYTES (%d)",
"Weird! pubkey_len (%d) was smaller than DH1024_KEY_LEN (%d)",
(int) pubkey_len, bytes);
return -1;
}
......
......@@ -14,9 +14,8 @@
#define TOR_CRYPTO_DH_H
#include "orconfig.h"
/** Length of our DH keys. */
#define DH_BYTES (1024/8)
#include "lib/cc/torint.h"
#include "lib/defs/dh_sizes.h"
typedef struct crypto_dh_t crypto_dh_t;
......
......@@ -7,24 +7,20 @@
#include "lib/testsupport/testsupport.h"
#include "lib/cc/torint.h"
#include "lib/crypt_ops/crypto_curve25519.h"
#define ED25519_PUBKEY_LEN 32
#define ED25519_SECKEY_LEN 64
#define ED25519_SECKEY_SEED_LEN 32
#define ED25519_SIG_LEN 64
#include "lib/defs/x25519_sizes.h"
/** An Ed25519 signature. */
typedef struct {
typedef struct ed25519_signature_t {
uint8_t sig[ED25519_SIG_LEN];
} ed25519_signature_t;
/** An Ed25519 public key */
typedef struct {
typedef struct ed25519_public_key_t {
uint8_t pubkey[ED25519_PUBKEY_LEN];
} ed25519_public_key_t;
/** An Ed25519 secret key */
typedef struct {
typedef struct ed25519_secret_key_t {
/** Note that we store secret keys in an expanded format that doesn't match
* the format from standard ed25519. Ed25519 stores a 32-byte value k and
* expands it into a 64-byte H(k), using the first 32 bytes for a multiplier
......@@ -35,7 +31,7 @@ typedef struct {
} ed25519_secret_key_t;
/** An Ed25519 keypair. */
typedef struct {
typedef struct ed25519_keypair_t {
ed25519_public_key_t pubkey;
ed25519_secret_key_t seckey;
} ed25519_keypair_t;
......
......@@ -9,7 +9,10 @@
#include "lib/testsupport/testsupport.h"
#include "lib/cc/torint.h"
#include "lib/crypt_ops/crypto_ed25519.h"
#include "lib/defs/x25519_sizes.h"
struct ed25519_public_key_t;
struct ed25519_signature_t;
int crypto_write_tagged_contents_to_file(const char *fname,
const char *typestring,
......@@ -23,20 +26,16 @@ ssize_t crypto_read_tagged_contents_from_file(const char *fname,
uint8_t *data_out,
ssize_t data_out_len);
#define ED25519_BASE64_LEN 43
int ed25519_public_from_base64(ed25519_public_key_t *pkey,
int ed25519_public_from_base64(struct ed25519_public_key_t *pkey,
const char *input);
int ed25519_public_to_base64(char *output,
const ed25519_public_key_t *pkey);
const char *ed25519_fmt(const ed25519_public_key_t *pkey);
/* XXXX move these to crypto_format.h */
#define ED25519_SIG_BASE64_LEN 86
const struct ed25519_public_key_t *pkey);
const char *ed25519_fmt(const struct ed25519_public_key_t *pkey);
int ed25519_signature_from_base64(ed25519_signature_t *sig,
int ed25519_signature_from_base64(struct ed25519_signature_t *sig,
const char *input);
int ed25519_signature_to_base64(char *output,
const ed25519_signature_t *sig);
const struct ed25519_signature_t *sig);
int digest_to_base64(char *d64, const char *digest);
int digest_from_base64(char *digest, const char *d64);
......@@ -44,4 +43,3 @@ int digest256_to_base64(char *d64, const char *digest);
int digest256_from_base64(char *digest, const char *d64);
#endif /* !defined(TOR_CRYPTO_FORMAT_H) */
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_DH_SIZES_H
#define TOR_DH_SIZES_H
/** Length of our legacy DH keys. */
#define DH1024_KEY_LEN (1024/8)
#endif
noinst_HEADERS += \
src/lib/defs/digest_sizes.h
noinst_HEADERS += \
src/lib/defs/dh_sizes.h \
src/lib/defs/digest_sizes.h \
src/lib/defs/x25519_sizes.h
/* Copyright (c) 2001, Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_X25519_SIZES_H
#define TOR_X25519_SIZES_H
/** Length of a curve25519 public key when encoded. */
#define CURVE25519_PUBKEY_LEN 32
/** Length of a curve25519 secret key when encoded. */
#define CURVE25519_SECKEY_LEN 32
/** Length of the result of a curve25519 handshake. */
#define CURVE25519_OUTPUT_LEN 32
#define ED25519_PUBKEY_LEN 32
#define ED25519_SECKEY_LEN 64
#define ED25519_SECKEY_SEED_LEN 32
#define ED25519_SIG_LEN 64
#define CURVE25519_BASE64_PADDED_LEN 44
#define ED25519_BASE64_LEN 43
#define ED25519_SIG_BASE64_LEN 86
#endif
/* Copyright (c) 2001 Matej Pfajfar.
* Copyright (c) 2001-2004, Roger Dingledine.
* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
* Copyright (c) 2007-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */
#ifndef TOR_ADDR_POLICY_ST_H
#define TOR_ADDR_POLICY_ST_H
#include "lib/cc/torint.h"
#include "lib/net/address.h"
/** What action type does an address policy indicate: accept or reject? */
typedef enum {
ADDR_POLICY_ACCEPT=1,
ADDR_POLICY_REJECT=2,
} addr_policy_action_t;
#define addr_policy_action_bitfield_t ENUM_BF(addr_policy_action_t)
/** A reference-counted address policy rule. */
typedef struct addr_policy_t {
int refcnt; /**< Reference count */
/** What to do when the policy matches.*/
addr_policy_action_bitfield_t policy_type:2;
unsigned int is_private:1; /**< True iff this is the pseudo-address,
* "private". */
unsigned int is_canonical:1; /**< True iff this policy is the canonical
* copy (stored in a hash table to avoid
* duplication of common policies) */
maskbits_t maskbits; /**< Accept/reject all addresses <b>a</b> such that the
* first <b>maskbits</b> bits of <b>a</b> match
* <b>addr</b>. */
/** Base address to accept or reject.
*
* Note that wildcards are treated
* differntly depending on address family. An AF_UNSPEC address means
* "All addresses, IPv4 or IPv6." An AF_INET address with maskbits==0 means
* "All IPv4 addresses" and an AF_INET6 address with maskbits == 0 means
* "All IPv6 addresses".
**/
tor_addr_t addr;
uint16_t prt_min; /**< Lowest port number to accept/reject. */
uint16_t prt_max; /**< Highest port number to accept/reject. */
} addr_policy_t;
#endif
......@@ -15,13 +15,14 @@
#define ADDRESSMAP_PRIVATE
#include "lib/crypt_ops/crypto_rand.h"
#include "or/or.h"
#include "or/addressmap.h"
#include "or/circuituse.h"
#include "or/config.h"
#include "or/connection_edge.h"
#include "or/control.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "or/dns.h"
#include "or/nodelist.h"
#include "or/routerset.h"
......@@ -1153,4 +1154,3 @@ addressmap_get_mappings(smartlist_t *sl, time_t min_expires,
iter = strmap_iter_next(addressmap,iter);
}
}
......@@ -13,6 +13,7 @@
#define TOR_BRIDGES_H
struct bridge_line_t;
struct ed25519_public_key_t;
/* Opaque handle to a configured bridge */
typedef struct bridge_info_t bridge_info_t;
......@@ -38,7 +39,7 @@ int routerinfo_is_a_configured_bridge(const routerinfo_t *ri);
int node_is_a_configured_bridge(const node_t *node);
void learned_router_identity(const tor_addr_t *addr, uint16_t port,
const char *digest,
const ed25519_public_key_t *ed_id);
const struct ed25519_public_key_t *ed_id);
void bridge_add_from_config(struct bridge_line_t *bridge_line);
void retry_bridge_descriptor_fetch_directly(const char *digest);
......@@ -77,4 +78,3 @@ STATIC void bridge_resolve_conflicts(const tor_addr_t *addr,
#endif /* defined(TOR_BRIDGES_PRIVATE) */
#endif /* !defined(TOR_BRIDGES_H) */
......@@ -7,6 +7,8 @@
#ifndef PACKED_CELL_ST_H
#define PACKED_CELL_ST_H
#include "tor_queue.h"
/** A cell as packed for writing to the network. */
struct packed_cell_t {
/** Next cell queued on this circuit. */
......@@ -25,4 +27,3 @@ struct cell_queue_t {
};
#endif
......@@ -79,6 +79,7 @@
#include "lib/time/compat_time.h"
#include "or/networkstatus.h"
#include "or/rendservice.h"
#include "common/timers.h"
#include "or/cell_queue_st.h"
......@@ -3477,4 +3478,3 @@ channel_update_bad_for_new_circs(const char *digest, int force)
channel_rsa_id_group_set_badness(&(*iter)->channel_list, force);
}
}
......@@ -11,8 +11,13 @@
#include "or/or.h"
#include "or/circuitmux.h"
#include "common/timers.h"
#include "common/handles.h"
#include "lib/crypt_ops/crypto_ed25519.h"
#include "tor_queue.h"
#define tor_timer_t timeout
struct tor_timer_t;
/* Channel handler function pointer typedefs */
typedef void (*channel_listener_fn_ptr)(channel_listener_t *, channel_t *);
......@@ -30,6 +35,141 @@ typedef enum {
CHANNEL_USED_FOR_USER_TRAFFIC,
} channel_usage_info_t;
/** Possible rules for generating circuit IDs on an OR connection. */
typedef enum {
CIRC_ID_TYPE_LOWER=0, /**< Pick from 0..1<<15-1. */
CIRC_ID_TYPE_HIGHER=1, /**< Pick from 1<<15..1<<16-1. */
/** The other side of a connection is an OP: never create circuits to it,
* and let it use any circuit ID it wants. */
CIRC_ID_TYPE_NEITHER=2
} circ_id_type_t;
#define circ_id_type_bitfield_t ENUM_BF(circ_id_type_t)
/* channel states for channel_t */
typedef enum {
/*
* Closed state - channel is inactive
*
* Permitted transitions from:
* - CHANNEL_STATE_CLOSING
* Permitted transitions to:
* - CHANNEL_STATE_OPENING
*/
CHANNEL_STATE_CLOSED = 0,
/*
* Opening state - channel is trying to connect
*
* Permitted transitions from:
* - CHANNEL_STATE_CLOSED
* Permitted transitions to:
* - CHANNEL_STATE_CLOSING
* - CHANNEL_STATE_ERROR
* - CHANNEL_STATE_OPEN
*/
CHANNEL_STATE_OPENING,
/*
* Open state - channel is active and ready for use
*
* Permitted transitions from:
* - CHANNEL_STATE_MAINT
* - CHANNEL_STATE_OPENING
* Permitted transitions to:
* - CHANNEL_STATE_CLOSING
* - CHANNEL_STATE_ERROR
* - CHANNEL_STATE_MAINT
*/
CHANNEL_STATE_OPEN,
/*
* Maintenance state - channel is temporarily offline for subclass specific
* maintenance activities such as TLS renegotiation.
*
* Permitted transitions from:
* - CHANNEL_STATE_OPEN
* Permitted transitions to:
* - CHANNEL_STATE_CLOSING
* - CHANNEL_STATE_ERROR
* - CHANNEL_STATE_OPEN
*/
CHANNEL_STATE_MAINT,
/*
* Closing state - channel is shutting down
*
* Permitted transitions from:
* - CHANNEL_STATE_MAINT
* - CHANNEL_STATE_OPEN
* Permitted transitions to:
* - CHANNEL_STATE_CLOSED,
* - CHANNEL_STATE_ERROR
*/
CHANNEL_STATE_CLOSING,
/*
* Error state - channel has experienced a permanent error
*
* Permitted transitions from:
* - CHANNEL_STATE_CLOSING
* - CHANNEL_STATE_MAINT
* - CHANNEL_STATE_OPENING
* - CHANNEL_STATE_OPEN
* Permitted transitions to:
* - None
*/
CHANNEL_STATE_ERROR,
/*
* Placeholder for maximum state value
*/
CHANNEL_STATE_LAST
} channel_state_t;
/* channel listener states for channel_listener_t */
typedef enum {
/*
* Closed state - channel listener is inactive
*
* Permitted transitions from:
* - CHANNEL_LISTENER_STATE_CLOSING
* Permitted transitions to:
* - CHANNEL_LISTENER_STATE_LISTENING
*/
CHANNEL_LISTENER_STATE_CLOSED = 0,
/*
* Listening state - channel listener is listening for incoming
* connections
*
* Permitted transitions from:
* - CHANNEL_LISTENER_STATE_CLOSED
* Permitted transitions to:
* - CHANNEL_LISTENER_STATE_CLOSING
* - CHANNEL_LISTENER_STATE_ERROR
*/
CHANNEL_LISTENER_STATE_LISTENING,
/*
* Closing state - channel listener is shutting down
*
* Permitted transitions from:
* - CHANNEL_LISTENER_STATE_LISTENING
* Permitted transitions to:
* - CHANNEL_LISTENER_STATE_CLOSED,
* - CHANNEL_LISTENER_STATE_ERROR
*/
CHANNEL_LISTENER_STATE_CLOSING,
/*
* Error state - channel listener has experienced a permanent error
*
* Permitted transitions from:
* - CHANNEL_STATE_CLOSING
* - CHANNEL_STATE_LISTENING
* Permitted transitions to:
* - None
*/
CHANNEL_LISTENER_STATE_ERROR,
/*
* Placeholder for maximum state value
*/
CHANNEL_LISTENER_STATE_LAST
} channel_listener_state_t;
/**
* Channel struct; see the channel_t typedef in or.h. A channel is an
* abstract interface for the OR-to-OR connection, similar to connection_or_t,
......@@ -92,7 +232,7 @@ struct channel_s {
monotime_coarse_t next_padding_time;
/** The callback pointer for the padding callbacks */
tor_timer_t *padding_timer;
struct tor_timer_t *padding_timer;
/** The handle to this channel (to free on canceled timers) */
struct channel_handle_t *timer_handle;
......@@ -251,7 +391,7 @@ struct channel_s {
* necessarily its true identity. Don't believe this identity unless
* authentication has happened.
*/
ed25519_public_key_t ed25519_identity;
struct ed25519_public_key_t ed25519_identity;
/**
* Linked list of channels with the same RSA identity digest, for use with
......@@ -470,8 +610,8 @@ void channel_mark_incoming(channel_t *chan);
void channel_mark_outgoing(channel_t *chan);
void channel_mark_remote(channel_t *chan);
void channel_set_identity_digest(channel_t *chan,
const char *identity_digest,
const ed25519_public_key_t *ed_identity);
const char *identity_digest,
const struct ed25519_public_key_t *ed_identity);
void channel_listener_change_state(channel_listener_t *chan_l,
channel_listener_state_t to_state);
......@@ -521,10 +661,10 @@ int channel_send_destroy(circid_t circ_id, channel_t *chan,
channel_t * channel_connect(const tor_addr_t *addr, uint16_t port,
const char *rsa_id_digest,
const ed25519_public_key_t *ed_id);
const struct ed25519_public_key_t *ed_id);
channel_t * channel_get_for_extend(const char *rsa_id_digest,
const ed25519_public_key_t *ed_id,
const struct ed25519_public_key_t *ed_id,
const tor_addr_t *target_addr,
const char **msg_out,
int *launch_out);
......@@ -537,7 +677,7 @@ int channel_is_better(channel_t *a, channel_t *b);
channel_t * channel_find_by_global_id(uint64_t global_identifier);
channel_t * channel_find_by_remote_identity(const char *rsa_id_digest,
const ed25519_public_key_t *ed_id);
const struct ed25519_public_key_t *ed_id);
/** For things returned by channel_find_by_remote_digest(), walk the list.
* The RSA key will match for all returned elements; the Ed25519 key might not.
......@@ -635,6 +775,6 @@ int packed_cell_is_destroy(channel_t *chan,
HANDLE_DECL(channel, channel_s,)
#define channel_handle_free(h) \
FREE_AND_NULL(channel_handle_t, channel_handle_free_, (h))
#undef tor_timer_t
#endif /* !defined(TOR_CHANNEL_H) */
......@@ -22,6 +22,7 @@
#include "or/router.h"
#include "lib/time/compat_time.h"
#include "or/rendservice.h"
#include "common/timers.h"
#include "or/cell_st.h"
#include "or/or_connection_st.h"
......@@ -797,4 +798,3 @@ channelpadding_decide_to_pad_channel(channel_t *chan)
return CHANNELPADDING_PADLATER;
}
}
......@@ -69,6 +69,8 @@
#include "or/routerinfo_st.h"
#include "or/var_cell_st.h"
#include "lib/tls/tortls.h"
/** How many CELL_PADDING cells have we received, ever? */
uint64_t stats_n_padding_cells_processed = 0;
/** How many CELL_VERSIONS cells have we received, ever? */
......@@ -2454,4 +2456,3 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
#undef ERR
}
......@@ -12,6 +12,9 @@
#include "or/or.h"
#include "or/channel.h"
struct ed25519_public_key_t;
struct curve25519_public_key_t;
#define BASE_CHAN_TO_TLS(c) (channel_tls_from_base((c)))
#define TLS_CHAN_TO_BASE(c) (channel_tls_to_base((c)))
......@@ -30,7 +33,7 @@ struct channel_tls_s {
channel_t * channel_tls_connect(const tor_addr_t *addr, uint16_t port,
const char *id_digest,
const ed25519_public_key_t *ed_id);
const struct ed25519_public_key_t *ed_id);
channel_listener_t * channel_tls_get_listener(void);
channel_listener_t * channel_tls_start_listener(void);
channel_t * channel_tls_handle_incoming(or_connection_t *orconn);
......@@ -72,4 +75,3 @@ STATIC void channel_tls_process_authenticate_cell(var_cell_t *cell,
#endif /* defined(CHANNELTLS_PRIVATE) */
#endif /* !defined(TOR_CHANNELTLS_H) */
......@@ -23,7 +23,6 @@ int pathbias_check_probe_response(circuit_t *circ, const cell_t *cell);
void pathbias_count_use_attempt(origin_circuit_t *circ);
void pathbias_mark_use_success(origin_circuit_t *circ);
void pathbias_mark_use_rollback(origin_circuit_t *circ);
const char *pathbias_state_to_string(path_state_t state);
const char *pathbias_state_to_string(enum path_state_t state);
#endif /* !defined(TOR_CIRCPATHBIAS_H) */
......@@ -11,6 +11,17 @@
#include "or/cell_queue_st.h"
struct hs_token_t;
/** "magic" value for an origin_circuit_t */
#define ORIGIN_CIRCUIT_MAGIC 0x35315243u
/** "magic" value for an or_circuit_t */
#define OR_CIRCUIT_MAGIC 0x98ABC04Fu
/** "magic" value for a circuit that would have been freed by circuit_free,
* but which we're keeping around until a cpuworker reply arrives. See
* circuit_free() for more documentation. */
#define DEAD_CIRCUIT_MAGIC 0xdeadc14c
/**
* A circuit is a path over the onion routing
* network. Applications can connect to one end of the circuit, and can
......@@ -162,11 +173,10 @@ struct circuit_t {
/** If set, points to an HS token that this circuit might be carrying.
* Used by the HS circuitmap. */
hs_token_t *hs_token;
struct hs_token_t *hs_token;
/** Hashtable node: used to look up the circuit by its HS token using the HS
circuitmap. */
HT_ENTRY(circuit_t) hs_circuitmap_node;
};
#endif
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment