Loading src/or/onion_fast.c +5 −3 Original line number Diff line number Diff line Loading @@ -59,8 +59,8 @@ fast_server_handshake(const uint8_t *key_in, /* DIGEST_LEN bytes */ memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN); out_len = key_out_len+DIGEST_LEN; out = tor_malloc(out_len); if (crypto_expand_key_material_TAP(tmp, sizeof(tmp), out, out_len)) { goto done; if (BUG(crypto_expand_key_material_TAP(tmp, sizeof(tmp), out, out_len))) { goto done; // LCOV_EXCL_LINE } memcpy(handshake_reply_out+DIGEST_LEN, out, DIGEST_LEN); memcpy(key_out, out+DIGEST_LEN, key_out_len); Loading Loading @@ -100,10 +100,12 @@ fast_client_handshake(const fast_handshake_state_t *handshake_state, memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN); out_len = key_out_len+DIGEST_LEN; out = tor_malloc(out_len); if (crypto_expand_key_material_TAP(tmp, sizeof(tmp), out, out_len)) { if (BUG(crypto_expand_key_material_TAP(tmp, sizeof(tmp), out, out_len))) { /* LCOV_EXCL_START */ if (msg_out) *msg_out = "Failed to expand key material"; goto done; /* LCOV_EXCL_STOP */ } if (tor_memneq(out, handshake_reply_out+DIGEST_LEN, DIGEST_LEN)) { /* H(K) does *not* match. Something fishy. */ Loading src/test/test.c +38 −0 Original line number Diff line number Diff line Loading @@ -55,6 +55,7 @@ double fabs(double x); #include "memarea.h" #include "onion.h" #include "onion_ntor.h" #include "onion_fast.h" #include "onion_tap.h" #include "policies.h" #include "rephist.h" Loading Loading @@ -266,6 +267,42 @@ test_ntor_handshake(void *arg) dimap_free(s_keymap, NULL); } static void test_fast_handshake(void *arg) { /* tests for the obsolete "CREATE_FAST" handshake. */ (void) arg; fast_handshake_state_t *state = NULL; uint8_t client_handshake[CREATE_FAST_LEN]; uint8_t server_handshake[CREATED_FAST_LEN]; uint8_t s_keys[100], c_keys[100]; /* First, test an entire handshake. */ memset(client_handshake, 0, sizeof(client_handshake)); tt_int_op(0, OP_EQ, fast_onionskin_create(&state, client_handshake)); tt_assert(! tor_mem_is_zero((char*)client_handshake, sizeof(client_handshake))); tt_int_op(0, OP_EQ, fast_server_handshake(client_handshake, server_handshake, s_keys, 100)); const char *msg = NULL; tt_int_op(0, OP_EQ, fast_client_handshake(state, server_handshake, c_keys, 100, &msg)); tt_ptr_op(msg, OP_EQ, NULL); tt_mem_op(s_keys, OP_EQ, c_keys, 100); /* Now test a failing handshake. */ server_handshake[0] ^= 3; tt_int_op(-1, OP_EQ, fast_client_handshake(state, server_handshake, c_keys, 100, &msg)); tt_str_op(msg, OP_EQ, "Digest DOES NOT MATCH on fast handshake. " "Bug or attack."); done: fast_handshake_state_free(state); } /** Run unit tests for the onion queues. */ static void test_onion_queues(void *arg) Loading Loading @@ -1130,6 +1167,7 @@ static struct testcase_t test_array[] = { { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL }, ENT(onion_queues), { "ntor_handshake", test_ntor_handshake, 0, NULL, NULL }, { "fast_handshake", test_fast_handshake, 0, NULL, NULL }, FORK(circuit_timeout), FORK(rend_fns), ENT(geoip), Loading Loading
src/or/onion_fast.c +5 −3 Original line number Diff line number Diff line Loading @@ -59,8 +59,8 @@ fast_server_handshake(const uint8_t *key_in, /* DIGEST_LEN bytes */ memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN); out_len = key_out_len+DIGEST_LEN; out = tor_malloc(out_len); if (crypto_expand_key_material_TAP(tmp, sizeof(tmp), out, out_len)) { goto done; if (BUG(crypto_expand_key_material_TAP(tmp, sizeof(tmp), out, out_len))) { goto done; // LCOV_EXCL_LINE } memcpy(handshake_reply_out+DIGEST_LEN, out, DIGEST_LEN); memcpy(key_out, out+DIGEST_LEN, key_out_len); Loading Loading @@ -100,10 +100,12 @@ fast_client_handshake(const fast_handshake_state_t *handshake_state, memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN); out_len = key_out_len+DIGEST_LEN; out = tor_malloc(out_len); if (crypto_expand_key_material_TAP(tmp, sizeof(tmp), out, out_len)) { if (BUG(crypto_expand_key_material_TAP(tmp, sizeof(tmp), out, out_len))) { /* LCOV_EXCL_START */ if (msg_out) *msg_out = "Failed to expand key material"; goto done; /* LCOV_EXCL_STOP */ } if (tor_memneq(out, handshake_reply_out+DIGEST_LEN, DIGEST_LEN)) { /* H(K) does *not* match. Something fishy. */ Loading
src/test/test.c +38 −0 Original line number Diff line number Diff line Loading @@ -55,6 +55,7 @@ double fabs(double x); #include "memarea.h" #include "onion.h" #include "onion_ntor.h" #include "onion_fast.h" #include "onion_tap.h" #include "policies.h" #include "rephist.h" Loading Loading @@ -266,6 +267,42 @@ test_ntor_handshake(void *arg) dimap_free(s_keymap, NULL); } static void test_fast_handshake(void *arg) { /* tests for the obsolete "CREATE_FAST" handshake. */ (void) arg; fast_handshake_state_t *state = NULL; uint8_t client_handshake[CREATE_FAST_LEN]; uint8_t server_handshake[CREATED_FAST_LEN]; uint8_t s_keys[100], c_keys[100]; /* First, test an entire handshake. */ memset(client_handshake, 0, sizeof(client_handshake)); tt_int_op(0, OP_EQ, fast_onionskin_create(&state, client_handshake)); tt_assert(! tor_mem_is_zero((char*)client_handshake, sizeof(client_handshake))); tt_int_op(0, OP_EQ, fast_server_handshake(client_handshake, server_handshake, s_keys, 100)); const char *msg = NULL; tt_int_op(0, OP_EQ, fast_client_handshake(state, server_handshake, c_keys, 100, &msg)); tt_ptr_op(msg, OP_EQ, NULL); tt_mem_op(s_keys, OP_EQ, c_keys, 100); /* Now test a failing handshake. */ server_handshake[0] ^= 3; tt_int_op(-1, OP_EQ, fast_client_handshake(state, server_handshake, c_keys, 100, &msg)); tt_str_op(msg, OP_EQ, "Digest DOES NOT MATCH on fast handshake. " "Bug or attack."); done: fast_handshake_state_free(state); } /** Run unit tests for the onion queues. */ static void test_onion_queues(void *arg) Loading Loading @@ -1130,6 +1167,7 @@ static struct testcase_t test_array[] = { { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL }, ENT(onion_queues), { "ntor_handshake", test_ntor_handshake, 0, NULL, NULL }, { "fast_handshake", test_fast_handshake, 0, NULL, NULL }, FORK(circuit_timeout), FORK(rend_fns), ENT(geoip), Loading
