Massive refactoring of the various handshake types

#include "main.h"

#include "networkstatus.h"

#include "nodelist.h"

#include "onion.h"

#include "onion_tap.h"

#include "onion_fast.h"

#include "policies.h"

                                               uint16_t port,

                                               const char *id_digest);

static int circuit_deliver_create_cell(circuit_t *circ,

                                       uint8_t cell_type, const char *payload);

                                       uint8_t cell_type,

                                       const uint8_t *payload,

                                       size_t payload_len);

static int onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit);

static crypt_path_t *onion_next_hop_in_cpath(crypt_path_t *cpath);

static int onion_extend_cpath(origin_circuit_t *circ);

        /* pull the create cell out of circ->onionskin, and send it */

        tor_assert(circ->n_chan_onionskin);

        if (circuit_deliver_create_cell(circ,CELL_CREATE,

                                        circ->n_chan_onionskin)<0) {

                                        (const uint8_t*)circ->n_chan_onionskin,

                                        circ->n_chan_onionskin_len)<0) {

          circuit_mark_for_close(circ, END_CIRC_REASON_RESOURCELIMIT);

          continue;

        }

 * for the outgoing

 * circuit <b>circ</b>, and deliver a cell of type <b>cell_type</b>

 * (either CELL_CREATE or CELL_CREATE_FAST) with payload <b>payload</b>

 * to this circuit.

 * to this circuit. DOCDOC payload_len

 * Return -1 if we failed to find a suitable circid, else return 0.

 */

static int

circuit_deliver_create_cell(circuit_t *circ, uint8_t cell_type,

                            const char *payload)

                            const uint8_t *payload, size_t payload_len)

{

  cell_t cell;

  circid_t id;

  cell.command = cell_type;

  cell.circ_id = circ->n_circ_id;

  memcpy(cell.payload, payload, ONIONSKIN_CHALLENGE_LEN);

  memcpy(cell.payload, payload, payload_len);

  append_cell_to_circuit_queue(circ, circ->n_chan, &cell,

                               CELL_DIRECTION_OUT, 0);

{

  crypt_path_t *hop;

  const node_t *node;

  char payload[2+4+DIGEST_LEN+ONIONSKIN_CHALLENGE_LEN];

  char *onionskin;

  uint8_t payload[2+4+DIGEST_LEN+MAX_ONIONSKIN_CHALLENGE_LEN];

  uint8_t *onionskin;

  uint16_t handshake_type;

  int onionskin_len;

  size_t payload_len;

  tor_assert(circ);

       * send an old slow create cell.

       */

      cell_type = CELL_CREATE;

      if (onion_skin_create(circ->cpath->extend_info->onion_key,

                            &(circ->cpath->dh_handshake_state),

                            payload) < 0) {

        log_warn(LD_CIRC,"onion_skin_create (first hop) failed.");

        return - END_CIRC_REASON_INTERNAL;

      }

      handshake_type = ONION_HANDSHAKE_TYPE_TAP;

      note_request("cell: create", 1);

    } else {

      /* We are not an OR, and we're building the first hop of a circuit to a

       * new OR: we can be speedy and use CREATE_FAST to save an RSA operation

       * and a DH operation. */

      cell_type = CELL_CREATE_FAST;

      handshake_type = ONION_HANDSHAKE_TYPE_FAST;

      note_request("cell: create fast", 1);

    }

    memset(payload, 0, sizeof(payload));

      if (fast_onionskin_create(&circ->cpath->fast_handshake_state,

                                (uint8_t *)payload) < 0) {

        log_warn(LD_CIRC,"onion_skin_create FAST (first hop) failed.");

    onionskin_len = onion_skin_create(handshake_type,

                                      circ->cpath->extend_info,

                                      &circ->cpath->handshake_state,

                                      payload);

    if (onionskin_len < 0) {

      log_warn(LD_CIRC,"onion_skin_create (first hop) failed.");

      return - END_CIRC_REASON_INTERNAL;

    }

      note_request("cell: create fast", 1);

    }

    if (circuit_deliver_create_cell(TO_CIRCUIT(circ), cell_type, payload) < 0)

    if (circuit_deliver_create_cell(TO_CIRCUIT(circ), cell_type, payload,

                                    onionskin_len) < 0)

      return - END_CIRC_REASON_RESOURCELIMIT;

    circ->cpath->state = CPATH_STATE_AWAITING_KEYS;

    set_uint16(payload+4, htons(hop->extend_info->port));

    onionskin = payload+2+4;

    memcpy(payload+2+4+ONIONSKIN_CHALLENGE_LEN,

    memcpy(payload+2+4+TAP_ONIONSKIN_CHALLENGE_LEN,

           hop->extend_info->identity_digest, DIGEST_LEN);

    payload_len = 2+4+ONIONSKIN_CHALLENGE_LEN+DIGEST_LEN;

    payload_len = 2+4+TAP_ONIONSKIN_CHALLENGE_LEN+DIGEST_LEN;

    if (onion_skin_create(hop->extend_info->onion_key,

                          &(hop->dh_handshake_state), onionskin) < 0) {

    handshake_type = ONION_HANDSHAKE_TYPE_TAP;

    if (onion_skin_create(handshake_type,

                          hop->extend_info,

                          &hop->handshake_state,

                          onionskin) < 0) {

      log_warn(LD_CIRC,"onion_skin_create failed.");

      return - END_CIRC_REASON_INTERNAL;

    }

     * it to a create cell and then send to hop */

    if (relay_send_command_from_edge(0, TO_CIRCUIT(circ),

                                     RELAY_COMMAND_EXTEND,

                                     payload, payload_len, hop->prev) < 0)

                                     (char*)payload, payload_len,

                                     hop->prev) < 0)

      return 0; /* circuit is closed */

    hop->state = CPATH_STATE_AWAITING_KEYS;

  relay_header_unpack(&rh, cell->payload);

  if (rh.length < 4+2+ONIONSKIN_CHALLENGE_LEN+DIGEST_LEN) {

  if (rh.length < 4+2+TAP_ONIONSKIN_CHALLENGE_LEN+DIGEST_LEN) {

    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,

           "Wrong length %d on extend cell. Closing circuit.",

           rh.length);

  n_port = ntohs(get_uint16(cell->payload+RELAY_HEADER_SIZE+4));

  onionskin = (char*) cell->payload+RELAY_HEADER_SIZE+4+2;

  id_digest = (char*) cell->payload+RELAY_HEADER_SIZE+4+2+

    ONIONSKIN_CHALLENGE_LEN;

    TAP_ONIONSKIN_CHALLENGE_LEN;

  tor_addr_from_ipv4h(&n_addr, n_addr32);

  if (!n_port || !n_addr32) {

                                    NULL /*onion_key*/,

                                    &n_addr, n_port);

    circ->n_chan_onionskin = tor_malloc(ONIONSKIN_CHALLENGE_LEN);

    memcpy(circ->n_chan_onionskin, onionskin, ONIONSKIN_CHALLENGE_LEN);

    circ->n_chan_onionskin = tor_malloc(TAP_ONIONSKIN_CHALLENGE_LEN);

    memcpy(circ->n_chan_onionskin, onionskin, TAP_ONIONSKIN_CHALLENGE_LEN);

    circ->n_chan_onionskin_len = TAP_ONIONSKIN_CHALLENGE_LEN;

    circuit_set_state(circ, CIRCUIT_STATE_CHAN_WAIT);

    if (should_launch) {

            "n_chan is %s",

            channel_get_canonical_remote_descr(n_chan));

  if (circuit_deliver_create_cell(circ, CELL_CREATE, onionskin) < 0)

  if (circuit_deliver_create_cell(circ, CELL_CREATE, (uint8_t*)onionskin,

                                  TAP_ONIONSKIN_CHALLENGE_LEN) < 0)

    return -1;

  return 0;

}

  }

  tor_assert(hop->state == CPATH_STATE_AWAITING_KEYS);

  if (reply_type == CELL_CREATED && hop->dh_handshake_state) {

    if (onion_skin_client_handshake(hop->dh_handshake_state, (char*)reply,keys,

                                    DIGEST_LEN*2+CIPHER_KEY_LEN*2) < 0) {

      log_warn(LD_CIRC,"onion_skin_client_handshake failed.");

  {

    uint16_t handshake_type = 0xffff;

    if (reply_type == CELL_CREATED)

      handshake_type = ONION_HANDSHAKE_TYPE_TAP;

    else if (reply_type == CELL_CREATED_FAST)

      handshake_type = ONION_HANDSHAKE_TYPE_FAST;

    if (handshake_type != hop->handshake_state.tag) {

      log_warn(LD_PROTOCOL,"CREATED cell onionskin type (%u) did not "

               "match CREATE cell onionskin type (%u).",

               (unsigned)handshake_type,

               (unsigned) hop->handshake_state.tag);

      return -END_CIRC_REASON_TORPROTOCOL;

    }

    /* Remember hash of g^xy */

    memcpy(hop->handshake_digest, reply+DH_KEY_LEN, DIGEST_LEN);

  } else if (reply_type == CELL_CREATED_FAST && !hop->dh_handshake_state) {

    if (fast_client_handshake(hop->fast_handshake_state, reply,

                              (uint8_t*)keys,

                              DIGEST_LEN*2+CIPHER_KEY_LEN*2) < 0) {

      log_warn(LD_CIRC,"fast_client_handshake failed.");

    if (onion_skin_client_handshake(handshake_type,

                                    &hop->handshake_state,

                                    reply,

                                    (uint8_t*)keys, sizeof(keys),

                                    (uint8_t*)hop->handshake_digest) < 0) {

      log_warn(LD_CIRC,"onion_skin_client_handshake failed.");

      return -END_CIRC_REASON_TORPROTOCOL;

    }

    memcpy(hop->handshake_digest, reply+DIGEST_LEN, DIGEST_LEN);

  } else {

    log_warn(LD_PROTOCOL,"CREATED cell type did not match CREATE cell type.");

    return -END_CIRC_REASON_TORPROTOCOL;

  }

  crypto_dh_free(hop->dh_handshake_state); /* don't need it anymore */

  hop->dh_handshake_state = NULL;

  memset(hop->fast_handshake_state, 0, sizeof(hop->fast_handshake_state));

  onion_handshake_state_release(&hop->handshake_state);

  if (circuit_init_cpath_crypto(hop, keys, 0)<0) {

    return -END_CIRC_REASON_TORPROTOCOL;

 */

int

onionskin_answer(or_circuit_t *circ, uint8_t cell_type, const char *payload,

                 const char *keys)

                 size_t payload_len, const char *keys)

{

  cell_t cell;

  crypt_path_t *tmp_cpath;

  circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_OPEN);

  memcpy(cell.payload, payload,

         cell_type == CELL_CREATED ? ONIONSKIN_REPLY_LEN : DIGEST_LEN*2);

  memcpy(cell.payload, payload, payload_len);

  log_debug(LD_CIRC,"init digest forward 0x%.8x, backward 0x%.8x.",

            (unsigned int)get_uint32(keys),

  tmp_cpath->magic = 0;

  tor_free(tmp_cpath);

  /* XXXX Move responsibility for extracting this. */

  if (cell_type == CELL_CREATED)

    memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN);

  else

int circuit_truncated(origin_circuit_t *circ, crypt_path_t *layer,

                      int reason);

int onionskin_answer(or_circuit_t *circ, uint8_t cell_type,

                     const char *payload, const char *keys);

                     const char *payload, size_t payload_len,

                     const char *keys);

int circuit_all_predicted_ports_handled(time_t now, int *need_uptime,

                                        int *need_capacity);

  crypto_cipher_free(victim->b_crypto);

  crypto_digest_free(victim->f_digest);

  crypto_digest_free(victim->b_digest);

  crypto_dh_free(victim->dh_handshake_state);

  fast_handshake_state_free(victim->fast_handshake_state);

  onion_handshake_state_release(&victim->handshake_state);

  crypto_dh_free(victim->rend_dh_handshake_state);

  extend_info_free(victim->extend_info);

  memwipe(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */

      tor_assert(cp->b_crypto);

      /* fall through */

    case CPATH_STATE_CLOSED:

      tor_assert(!cp->dh_handshake_state);

      /*XXXX Assert that there's no handshake_state either. */

      tor_assert(!cp->rend_dh_handshake_state);

      break;

    case CPATH_STATE_AWAITING_KEYS:

      /* tor_assert(cp->dh_handshake_state); */

#include "hibernate.h"

#include "nodelist.h"

//#include "onion.h"

#include "onion_tap.h"

#include "onion_fast.h"

#include "relay.h"

#include "router.h"

  circ->base_.purpose = CIRCUIT_PURPOSE_OR;

  circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_ONIONSKIN_PENDING);

  if (cell->command == CELL_CREATE) {

    char *onionskin = tor_malloc(ONIONSKIN_CHALLENGE_LEN);

    memcpy(onionskin, cell->payload, ONIONSKIN_CHALLENGE_LEN);

    char *onionskin = tor_malloc(TAP_ONIONSKIN_CHALLENGE_LEN);

    memcpy(onionskin, cell->payload, TAP_ONIONSKIN_CHALLENGE_LEN);

    /* hand it off to the cpuworkers, and then return. */

    if (assign_onionskin_to_cpuworker(NULL, circ, onionskin) < 0) {

      circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);

      return;

    }

    if (onionskin_answer(circ, CELL_CREATED_FAST, reply, keys)<0) {

    if (onionskin_answer(circ, CELL_CREATED_FAST, reply, sizeof(reply),

                         keys)<0) {

      log_warn(LD_OR,"Failed to reply to CREATE_FAST cell. Closing.");

      circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);

      return;

    log_debug(LD_OR,

              "Converting created cell to extended relay cell, sending.");

    relay_send_command_from_edge(0, circ, RELAY_COMMAND_EXTENDED,

                                 (char*)cell->payload, ONIONSKIN_REPLY_LEN,

                                 (char*)cell->payload, TAP_ONIONSKIN_REPLY_LEN,

                                 NULL);

  }

}

#define TAG_LEN 10

/** How many bytes are sent from the cpuworker back to tor? */

#define LEN_ONION_RESPONSE \

  (1+TAG_LEN+ONIONSKIN_REPLY_LEN+CPATH_KEY_MATERIAL_LEN)

  (1+TAG_LEN+TAP_ONIONSKIN_REPLY_LEN+CPATH_KEY_MATERIAL_LEN)

/** How many cpuworkers we have running right now. */

static int num_cpuworkers=0;

    }

    tor_assert(! CIRCUIT_IS_ORIGIN(circ));

    if (onionskin_answer(TO_OR_CIRCUIT(circ), CELL_CREATED, buf+TAG_LEN,

                         buf+TAG_LEN+ONIONSKIN_REPLY_LEN) < 0) {

                         TAP_ONIONSKIN_REPLY_LEN,

                         buf+TAG_LEN+TAP_ONIONSKIN_REPLY_LEN) < 0) {

      log_warn(LD_OR,"onionskin_answer failed. Closing.");

      circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL);

      goto done_processing;

 *   Request format:

 *          Task type           [1 byte, always CPUWORKER_TASK_ONION]

 *          Opaque tag          TAG_LEN

 *          Onionskin challenge ONIONSKIN_CHALLENGE_LEN

 *          Onionskin challenge TAP_ONIONSKIN_CHALLENGE_LEN

 *   Response format:

 *          Success/failure     [1 byte, boolean.]

 *          Opaque tag          TAG_LEN

 *          Onionskin challenge ONIONSKIN_REPLY_LEN

 *          Onionskin challenge TAP_ONIONSKIN_REPLY_LEN

 *          Negotiated keys     KEY_LEN*2+DIGEST_LEN*2

 *

 *  (Note: this _should_ be by addr/port, since we're concerned with specific

static void

cpuworker_main(void *data)

{

  char question[ONIONSKIN_CHALLENGE_LEN];

  char question[TAP_ONIONSKIN_CHALLENGE_LEN];

  uint8_t question_type;

  tor_socket_t *fdarray = data;

  tor_socket_t fd;

  /* variables for onion processing */

  char keys[CPATH_KEY_MATERIAL_LEN];

  char reply_to_proxy[ONIONSKIN_REPLY_LEN];

  char reply_to_proxy[MAX_ONIONSKIN_REPLY_LEN];

  char buf[LEN_ONION_RESPONSE];

  char tag[TAG_LEN];

  crypto_pk_t *onion_key = NULL, *last_onion_key = NULL;

  server_onion_keys_t onion_keys;

  fd = fdarray[1]; /* this side is ours */

#ifndef TOR_IS_MULTITHREADED

#endif

  tor_free(data);

  dup_onion_keys(&onion_key, &last_onion_key);

  setup_server_onion_keys(&onion_keys);

  for (;;) {

    ssize_t r;

      goto end;

    }

    if (read_all(fd, question, ONIONSKIN_CHALLENGE_LEN, 1) !=

        ONIONSKIN_CHALLENGE_LEN) {

    if (read_all(fd, question, TAP_ONIONSKIN_CHALLENGE_LEN, 1) !=

        TAP_ONIONSKIN_CHALLENGE_LEN) {

      log_err(LD_BUG,"read question failed. Exiting.");

      goto end;

    }

    if (question_type == CPUWORKER_TASK_ONION) {

      if (onion_skin_server_handshake(question, onion_key, last_onion_key,

          reply_to_proxy, keys, CPATH_KEY_MATERIAL_LEN) < 0) {

      if (onion_skin_server_handshake(ONION_HANDSHAKE_TYPE_TAP,

                         (const uint8_t*)question,

                         &onion_keys,

                         (uint8_t*)reply_to_proxy,

                         (uint8_t*)keys, CPATH_KEY_MATERIAL_LEN) < 0) {

        /* failure */

        log_debug(LD_OR,"onion_skin_server_handshake failed.");

        *buf = 0; /* indicate failure in first byte */

        log_debug(LD_OR,"onion_skin_server_handshake succeeded.");

        buf[0] = 1; /* 1 means success */

        memcpy(buf+1,tag,TAG_LEN);

        memcpy(buf+1+TAG_LEN,reply_to_proxy,ONIONSKIN_REPLY_LEN);

        memcpy(buf+1+TAG_LEN+ONIONSKIN_REPLY_LEN,keys,CPATH_KEY_MATERIAL_LEN);

        memcpy(buf+1+TAG_LEN,reply_to_proxy,TAP_ONIONSKIN_REPLY_LEN);

        memcpy(buf+1+TAG_LEN+TAP_ONIONSKIN_REPLY_LEN,keys,

               CPATH_KEY_MATERIAL_LEN);

      }

      if (write_all(fd, buf, LEN_ONION_RESPONSE, 1) != LEN_ONION_RESPONSE) {

        log_err(LD_BUG,"writing response buf failed. Exiting.");

    }

  }

 end:

  if (onion_key)

    crypto_pk_free(onion_key);

  if (last_onion_key)

    crypto_pk_free(last_onion_key);

  release_server_onion_keys(&onion_keys);

  tor_close_socket(fd);

  crypto_thread_cleanup();

  spawn_exit();

    qbuf[0] = CPUWORKER_TASK_ONION;

    connection_write_to_buf(qbuf, 1, cpuworker);

    connection_write_to_buf(tag, sizeof(tag), cpuworker);

    connection_write_to_buf(onionskin, ONIONSKIN_CHALLENGE_LEN, cpuworker);

    connection_write_to_buf(onionskin, TAP_ONIONSKIN_CHALLENGE_LEN, cpuworker);

    tor_free(onionskin);

  }

  return 0;