[or-cvs] Use symbolic constants; make padding types match.
Nick Mathewson
nickm at seul.org
Mon Apr 5 21:15:16 UTC 2004
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv23114/src/or
Modified Files:
rendclient.c rendmid.c rendservice.c
Log Message:
Use symbolic constants; make padding types match.
Index: rendclient.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendclient.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- rendclient.c 5 Apr 2004 20:53:50 -0000 1.15
+++ rendclient.c 5 Apr 2004 21:15:14 -0000 1.16
@@ -41,13 +41,11 @@
return 0;
}
-#define LEN_REND_INTRODUCE1 (20+20+20+16+128+42)
-
int
rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
const char *descp;
- int desc_len;
- char payload[LEN_REND_INTRODUCE1];
+ int desc_len, payload_len, r;
+ char payload[RELAY_PAYLOAD_SIZE];
char tmp[20+20+128];
rend_service_descriptor_t *parsed=NULL;
crypt_path_t *cpath;
@@ -94,18 +92,21 @@
goto err;
}
- if(crypto_pk_public_hybrid_encrypt(parsed->pk, tmp,
- 20+20+128, payload+20,
- PK_PKCS1_OAEP_PADDING) < 0) {
+ r = crypto_pk_public_hybrid_encrypt(parsed->pk, tmp,
+ 20+20+128, payload+20,
+ PK_PKCS1_OAEP_PADDING);
+ if (r<0) {
log_fn(LOG_WARN,"hybrid pk encrypt failed.");
goto err;
}
+ payload_len = 20 + r;
+
rend_service_descriptor_free(parsed);
if (connection_edge_send_command(NULL, introcirc,
RELAY_COMMAND_INTRODUCE1,
- payload, LEN_REND_INTRODUCE1,
+ payload, payload_len,
introcirc->cpath->prev)<0) {
/* introcirc is already marked for close. leave rendcirc alone. */
log_fn(LOG_WARN, "Couldn't send INTRODUCE1 cell");
Index: rendmid.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendmid.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- rendmid.c 5 Apr 2004 18:22:00 -0000 1.12
+++ rendmid.c 5 Apr 2004 21:15:14 -0000 1.13
@@ -11,13 +11,12 @@
rend_mid_establish_intro(circuit_t *circ, const char *request, int request_len)
{
crypto_pk_env_t *pk = NULL;
- char buf[20+9];
- char expected_digest[20];
- char pk_digest[20];
+ char buf[DIGEST_LEN+9];
+ char expected_digest[DIGEST_LEN];
+ char pk_digest[DIGEST_LEN];
int asn1len;
circuit_t *c;
char hexid[9];
- char hexdigest[20*2+1];
log_fn(LOG_INFO,
"Received an ESTABLISH_INTRO request on circuit %d", circ->p_circ_id);
@@ -26,13 +25,13 @@
log_fn(LOG_WARN, "Rejecting ESTABLISH_INTRO on non-OR or non-edge circuit");
goto err;
}
- if (request_len < 22)
+ if (request_len < 2+DIGEST_LEN)
goto truncated;
/* First 2 bytes: length of asn1-encoded key. */
asn1len = get_uint16(request);
/* Next asn1len bytes: asn1-encoded key. */
- if (request_len < 22+asn1len)
+ if (request_len < 2+DIGEST_LEN+asn1len)
goto truncated;
pk = crypto_pk_asn1_decode(request+2, asn1len);
if (!pk) {
@@ -40,28 +39,21 @@
goto err;
}
- /* XXX remove after debuggin */
- hex_encode(circ->handshake_digest, 20, hexdigest);
- log_fn(LOG_INFO, "Handshake information is: %s", hexdigest);
-
/* Next 20 bytes: Hash of handshake_digest | "INTRODUCE" */
- memcpy(buf, circ->handshake_digest, 20);
- memcpy(buf+20, "INTRODUCE", 9);
- if (crypto_digest(buf, 29, expected_digest)<0) {
+ memcpy(buf, circ->handshake_digest, DIGEST_LEN);
+ memcpy(buf+DIGEST_LEN, "INTRODUCE", 9);
+ if (crypto_digest(buf, DIGEST_LEN+9, expected_digest)<0) {
log_fn(LOG_WARN, "Error computing digest");
goto err;
}
- hex_encode(expected_digest, 20, hexdigest);
- log_fn(LOG_INFO, "Expected digest is: %s", hexdigest);
- hex_encode(request+2+asn1len, 20, hexdigest);
- log_fn(LOG_INFO, "Received digest is: %s", hexdigest);
- if (memcmp(expected_digest, request+2+asn1len, 20)) {
+ if (memcmp(expected_digest, request+2+asn1len, DIGEST_LEN)) {
log_fn(LOG_WARN, "Hash of session info was not as expected");
goto err;
}
/* Rest of body: signature of previous data */
- if (crypto_pk_public_checksig_digest(pk, request, 22+asn1len,
- request+22+asn1len, request_len-(22+asn1len))<0) {
+ if (crypto_pk_public_checksig_digest(pk, request, 2+asn1len+DIGEST_LEN,
+ request+2+DIGEST_LEN+asn1len,
+ request_len-(2+DIGEST_LEN+asn1len))<0) {
log_fn(LOG_WARN, "Incorrect signature on ESTABLISH_INTRO cell; rejecting");
goto err;
}
Index: rendservice.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendservice.c,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -d -r1.26 -r1.27
--- rendservice.c 5 Apr 2004 20:53:50 -0000 1.26
+++ rendservice.c 5 Apr 2004 21:15:14 -0000 1.27
@@ -306,7 +306,7 @@
{
char *ptr, *rp_nickname, *r_cookie;
char buf[RELAY_PAYLOAD_SIZE];
- char keys[20+CPATH_KEY_MATERIAL_LEN]; /* Holds KH, Df, Db, Kf, Kb */
+ char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN]; /* Holds KH, Df, Db, Kf, Kb */
rend_service_t *service;
int len, keylen;
crypto_dh_env_t *dh = NULL;
@@ -334,14 +334,14 @@
return -1;
}
- /* first 20 bytes of request is service pk digest */
+ /* first DIGEST_LEN bytes of request is service pk digest */
service = rend_service_get_by_pk_digest(request);
if (!service) {
log_fn(LOG_WARN, "Got an INTRODUCE2 cell for an unrecognized service %s",
hexid);
return -1;
}
- if (memcmp(circuit->rend_pk_digest, request, 20)) {
+ if (memcmp(circuit->rend_pk_digest, request, DIGEST_LEN)) {
hex_encode(request, 4, hexid);
log_fn(LOG_WARN, "Got an INTRODUCE2 cell for the wrong service (%s)",
hexid);
@@ -349,13 +349,14 @@
}
keylen = crypto_pk_keysize(service->private_key);
- if (request_len < keylen+20) {
+ if (request_len < keylen+DIGEST_LEN) {
log_fn(LOG_WARN, "PK-encrypted portion of INTRODUCE2 cell was truncated");
return -1;
}
/* Next N bytes is encrypted with service key */
len = crypto_pk_private_hybrid_decrypt(
- service->private_key,request,request_len-20,buf, PK_PKCS1_PADDING);
+ service->private_key,request,request_len-DIGEST_LEN,buf,
+ PK_PKCS1_OAEP_PADDING);
if (len<0) {
log_fn(LOG_WARN, "Couldn't decrypt INTRODUCE2 cell");
return -1;
@@ -386,8 +387,8 @@
log_fn(LOG_WARN, "Couldn't build DH state or generate public key");
goto err;
}
- if (crypto_dh_compute_secret(dh, ptr+20, DH_KEY_LEN, keys,
- 20+CPATH_KEY_MATERIAL_LEN)<0) {
+ if (crypto_dh_compute_secret(dh, ptr+REND_COOKIE_LEN, DH_KEY_LEN, keys,
+ DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
log_fn(LOG_WARN, "Couldn't complete DH handshake");
goto err;
}
More information about the tor-commits
mailing list