[or-cvs] New and frightening code to implement fast-path first-hop C...
Nick Mathewson
nickm at seul.org
Mon May 2 22:35:21 UTC 2005
Update of /home/or/cvsroot/tor/src/or
In directory moria.mit.edu:/tmp/cvs-serv20397/src/or
Modified Files:
circuitbuild.c circuitlist.c command.c cpuworker.c onion.c
or.h relay.c rendclient.c rendservice.c
Log Message:
New and frightening code to implement fast-path first-hop CREATE_FAST cells. Watch out when we bump the version to 0.1.0.6-rc!
Index: circuitbuild.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/circuitbuild.c,v
retrieving revision 1.109
retrieving revision 1.110
diff -u -d -r1.109 -r1.110
--- circuitbuild.c 26 Apr 2005 18:52:15 -0000 1.109
+++ circuitbuild.c 2 May 2005 22:35:18 -0000 1.110
@@ -19,7 +19,8 @@
/********* END VARIABLES ************/
-static int circuit_deliver_create_cell(circuit_t *circ, char *payload);
+static int circuit_deliver_create_cell(circuit_t *circ,
+ uint8_t cell_type, char *payload);
static int onion_pick_cpath_exit(circuit_t *circ, routerinfo_t *exit);
static crypt_path_t *onion_next_hop_in_cpath(crypt_path_t *cpath);
static int onion_next_router_in_cpath(circuit_t *circ, routerinfo_t **router);
@@ -374,7 +375,7 @@
}
} else {
/* pull the create cell out of circ->onionskin, and send it */
- if (circuit_deliver_create_cell(circ, circ->onionskin) < 0) {
+ if (circuit_deliver_create_cell(circ,CELL_CREATE,circ->onionskin) < 0) {
circuit_mark_for_close(circ);
continue;
}
@@ -384,7 +385,7 @@
}
static int
-circuit_deliver_create_cell(circuit_t *circ, char *payload) {
+circuit_deliver_create_cell(circuit_t *circ, uint8_t cell_type, char *payload) {
cell_t cell;
uint16_t id;
@@ -392,6 +393,7 @@
tor_assert(circ->n_conn);
tor_assert(circ->n_conn->type == CONN_TYPE_OR);
tor_assert(payload);
+ tor_assert(cell_type == CELL_CREATE || cell_type == CELL_CREATE_FAST);
id = get_unique_circ_id_by_conn(circ->n_conn);
if (!id) {
@@ -402,7 +404,7 @@
circuit_set_circid_orconn(circ, id, circ->n_conn, N_CONN_CHANGED);
memset(&cell, 0, sizeof(cell_t));
- cell.command = CELL_CREATE;
+ cell.command = cell_type;
cell.circ_id = circ->n_circ_id;
memcpy(cell.payload, payload, ONIONSKIN_CHALLENGE_LEN);
@@ -434,6 +436,7 @@
tor_assert(CIRCUIT_IS_ORIGIN(circ));
if (circ->cpath->state == CPATH_STATE_CLOSED) {
+ uint8_t cell_type;
log_fn(LOG_DEBUG,"First skin; sending create cell.");
router = router_get_by_digest(circ->n_conn->identity_digest);
@@ -443,14 +446,30 @@
return -1;
}
- if (onion_skin_create(router->onion_pkey,
- &(circ->cpath->handshake_state),
- payload) < 0) {
- log_fn(LOG_WARN,"onion_skin_create (first hop) failed.");
- return -1;
+ if (get_options()->ORPort || !router->platform ||
+ !tor_version_as_new_as(router->platform, "0.1.0.6-rc")) {
+ /* We are an OR, or we are connecting to an old Tor: we should
+ * send an old slow create cell.
+ */
+ cell_type = CELL_CREATE;
+ if (onion_skin_create(router->onion_pkey,
+ &(circ->cpath->dh_handshake_state),
+ payload) < 0) {
+ log_fn(LOG_WARN,"onion_skin_create (first hop) failed.");
+ return -1;
+ }
+ } else {
+ /* We are not an OR, and we building the first hop of a circuit to
+ * a new OR: we can be speedy. */
+ cell_type = CELL_CREATE_FAST;
+ memset(payload, 0, sizeof(payload));
+ crypto_rand(circ->cpath->fast_handshake_state,
+ sizeof(circ->cpath->fast_handshake_state));
+ memcpy(payload, circ->cpath->fast_handshake_state,
+ sizeof(circ->cpath->fast_handshake_state));
}
- if (circuit_deliver_create_cell(circ, payload) < 0)
+ if (circuit_deliver_create_cell(circ, cell_type, payload) < 0)
return -1;
circ->cpath->state = CPATH_STATE_AWAITING_KEYS;
@@ -491,7 +510,7 @@
memcpy(payload+2+4+ONIONSKIN_CHALLENGE_LEN, hop->identity_digest, DIGEST_LEN);
payload_len = 2+4+ONIONSKIN_CHALLENGE_LEN+DIGEST_LEN;
- if (onion_skin_create(router->onion_pkey, &(hop->handshake_state), onionskin) < 0) {
+ if (onion_skin_create(router->onion_pkey, &(hop->dh_handshake_state), onionskin) < 0) {
log_fn(LOG_WARN,"onion_skin_create failed.");
return -1;
}
@@ -589,7 +608,7 @@
memcpy(circ->n_conn_id_digest, n_conn->identity_digest, DIGEST_LEN);
log_fn(LOG_DEBUG,"n_conn is %s:%u",n_conn->address,n_conn->port);
- if (circuit_deliver_create_cell(circ, onionskin) < 0)
+ if (circuit_deliver_create_cell(circ, CELL_CREATE, onionskin) < 0)
return -1;
return 0;
}
@@ -648,13 +667,14 @@
/** A created or extended cell came back to us on the circuit,
* and it included <b>reply</b> (the second DH key, plus KH).
+ * DOCDOC reply_type.
*
* Calculate the appropriate keys and digests, make sure KH is
* correct, and initialize this hop of the cpath.
*
* Return -1 if we want to mark circ for close, else return 0.
*/
-int circuit_finish_handshake(circuit_t *circ, char *reply) {
+int circuit_finish_handshake(circuit_t *circ, uint8_t reply_type, char *reply) {
unsigned char keys[CPATH_KEY_MATERIAL_LEN];
crypt_path_t *hop;
@@ -670,16 +690,31 @@
}
tor_assert(hop->state == CPATH_STATE_AWAITING_KEYS);
- if (onion_skin_client_handshake(hop->handshake_state, reply, keys,
- DIGEST_LEN*2+CIPHER_KEY_LEN*2) < 0) {
- log_fn(LOG_WARN,"onion_skin_client_handshake failed.");
+ if (reply_type == CELL_CREATED && hop->dh_handshake_state) {
+ if (onion_skin_client_handshake(hop->dh_handshake_state, reply, keys,
+ DIGEST_LEN*2+CIPHER_KEY_LEN*2) < 0) {
+ log_fn(LOG_WARN,"onion_skin_client_handshake failed.");
+ return -1;
+ }
+ /* Remember hash of g^xy */
+ memcpy(hop->handshake_digest, reply+DH_KEY_LEN, DIGEST_LEN);
+ } else if (reply_type == CELL_CREATED_FAST && !hop->dh_handshake_state) {
+ if (fast_client_handshake(hop->fast_handshake_state, reply, keys,
+ DIGEST_LEN*2+CIPHER_KEY_LEN*2) < 0) {
+ log_fn(LOG_WARN,"fast_client_handshake failed.");
+ return -1;
+ }
+ memcpy(hop->handshake_digest, reply+DIGEST_LEN, DIGEST_LEN);
+ } else {
+ log_fn(LOG_WARN,"CREATED cell type did not match CREATE cell type.");
return -1;
}
- crypto_dh_free(hop->handshake_state); /* don't need it anymore */
- hop->handshake_state = NULL;
- /* Remember hash of g^xy */
- memcpy(hop->handshake_digest, reply+DH_KEY_LEN, DIGEST_LEN);
+ if (hop->dh_handshake_state) {
+ crypto_dh_free(hop->dh_handshake_state); /* don't need it anymore */
+ hop->dh_handshake_state = NULL;
+ }
+ memset(hop->fast_handshake_state, 0, sizeof(hop->fast_handshake_state));
if (circuit_init_cpath_crypto(hop, keys, 0)<0) {
return -1;
@@ -742,7 +777,7 @@
/** Given a response payload and keys, initialize, then send a created
* cell back.
*/
-int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *keys) {
+int onionskin_answer(circuit_t *circ, uint8_t cell_type, unsigned char *payload, unsigned char *keys) {
cell_t cell;
crypt_path_t *tmp_cpath;
@@ -750,14 +785,15 @@
tmp_cpath->magic = CRYPT_PATH_MAGIC;
memset(&cell, 0, sizeof(cell_t));
- cell.command = CELL_CREATED;
+ cell.command = cell_type;
cell.circ_id = circ->p_circ_id;
circ->state = CIRCUIT_STATE_OPEN;
log_fn(LOG_DEBUG,"Entering.");
- memcpy(cell.payload, payload, ONIONSKIN_REPLY_LEN);
+ memcpy(cell.payload, payload,
+ cell_type == CELL_CREATED ? ONIONSKIN_REPLY_LEN : DIGEST_LEN*2);
log_fn(LOG_INFO,"init digest forward 0x%.8x, backward 0x%.8x.",
(unsigned int)*(uint32_t*)(keys), (unsigned int)*(uint32_t*)(keys+20));
@@ -773,7 +809,10 @@
tmp_cpath->magic = 0;
tor_free(tmp_cpath);
- memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN);
+ if (cell_type == CELL_CREATED)
+ memcpy(circ->handshake_digest, cell.payload+DH_KEY_LEN, DIGEST_LEN);
+ else
+ memcpy(circ->handshake_digest, cell.payload+DIGEST_LEN, DIGEST_LEN);
connection_or_write_cell_to_buf(&cell, circ->p_conn);
log_fn(LOG_DEBUG,"Finished sending 'created' cell.");
@@ -1457,4 +1496,3 @@
return 0;
}
-
Index: circuitlist.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/circuitlist.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -d -r1.45 -r1.46
--- circuitlist.c 8 Apr 2005 03:26:23 -0000 1.45
+++ circuitlist.c 2 May 2005 22:35:18 -0000 1.46
@@ -274,8 +274,8 @@
crypto_free_digest_env(victim->f_digest);
if (victim->b_digest)
crypto_free_digest_env(victim->b_digest);
- if (victim->handshake_state)
- crypto_dh_free(victim->handshake_state);
+ if (victim->dh_handshake_state)
+ crypto_dh_free(victim->dh_handshake_state);
victim->magic = 0xDEADBEEFu;
tor_free(victim);
}
@@ -613,10 +613,10 @@
tor_assert(cp->b_crypto);
/* fall through */
case CPATH_STATE_CLOSED:
- tor_assert(!cp->handshake_state);
+ tor_assert(!cp->dh_handshake_state);
break;
case CPATH_STATE_AWAITING_KEYS:
- tor_assert(cp->handshake_state);
+ /* tor_assert(cp->dh_handshake_state); */
break;
default:
log_fn(LOG_ERR,"Unexpected state %d",cp->state);
Index: command.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/command.c,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -d -r1.84 -r1.85
--- command.c 6 Apr 2005 05:33:32 -0000 1.84
+++ command.c 2 May 2005 22:35:18 -0000 1.85
@@ -98,6 +98,7 @@
/* do nothing */
break;
case CELL_CREATE:
+ case CELL_CREATE_FAST:
++stats_n_create_cells_processed;
#ifdef KEEP_TIMING_STATS
++num_create;
@@ -108,6 +109,7 @@
#endif
break;
case CELL_CREATED:
+ case CELL_CREATED_FAST:
++stats_n_created_cells_processed;
#ifdef KEEP_TIMING_STATS
++num_created;
@@ -181,18 +183,33 @@
}
circ = circuit_new(cell->circ_id, conn);
- circ->state = CIRCUIT_STATE_ONIONSKIN_PENDING;
circ->purpose = CIRCUIT_PURPOSE_OR;
+ circ->state = CIRCUIT_STATE_ONIONSKIN_PENDING;
+ if (cell->command == CELL_CREATE) {
+ memcpy(circ->onionskin, cell->payload, ONIONSKIN_CHALLENGE_LEN);
- memcpy(circ->onionskin, cell->payload, ONIONSKIN_CHALLENGE_LEN);
-
- /* hand it off to the cpuworkers, and then return */
- if (assign_to_cpuworker(NULL, CPUWORKER_TASK_ONION, circ) < 0) {
- log_fn(LOG_WARN,"Failed to hand off onionskin. Closing.");
- circuit_mark_for_close(circ);
- return;
+ /* hand it off to the cpuworkers, and then return */
+ if (assign_to_cpuworker(NULL, CPUWORKER_TASK_ONION, circ) < 0) {
+ log_fn(LOG_WARN,"Failed to hand off onionskin. Closing.");
+ circuit_mark_for_close(circ);
+ return;
+ }
+ log_fn(LOG_DEBUG,"success: handed off onionskin.");
+ } else {
+ unsigned char keys[CPATH_KEY_MATERIAL_LEN];
+ unsigned char reply[DIGEST_LEN*2];
+ tor_assert(cell->command == CELL_CREATE_FAST);
+ if (fast_server_handshake(cell->payload, reply, keys, sizeof(keys))<0) {
+ log_fn(LOG_WARN,"Failed to generate key material. Closing.");
+ circuit_mark_for_close(circ);
+ return;
+ }
+ if (onionskin_answer(circ, CELL_CREATED_FAST, reply, keys)<0) {
+ log_fn(LOG_WARN,"Failed to reply to CREATE_FAST cell. Closing.");
+ circuit_mark_for_close(circ);
+ return;
+ }
}
- log_fn(LOG_DEBUG,"success: handed off onionskin.");
}
/** Process a 'created' <b>cell</b> that just arrived from <b>conn</b>. Find the circuit
@@ -220,7 +237,7 @@
if (CIRCUIT_IS_ORIGIN(circ)) { /* we're the OP. Handshake this. */
log_fn(LOG_DEBUG,"at OP. Finishing handshake.");
- if (circuit_finish_handshake(circ, cell->payload) < 0) {
+ if (circuit_finish_handshake(circ, cell->command, cell->payload) < 0) {
log_fn(LOG_WARN,"circuit_finish_handshake failed.");
circuit_mark_for_close(circ);
return;
@@ -318,4 +335,3 @@
}
}
}
-
Index: cpuworker.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/cpuworker.c,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -d -r1.76 -r1.77
--- cpuworker.c 23 Apr 2005 20:58:39 -0000 1.76
+++ cpuworker.c 2 May 2005 22:35:18 -0000 1.77
@@ -24,7 +24,7 @@
/** How many bytes are sent from tor to the cpuworker? */
#define LEN_ONION_QUESTION (1+TAG_LEN+ONIONSKIN_CHALLENGE_LEN)
/** How many bytes are sent from the cpuworker back to tor? */
-#define LEN_ONION_RESPONSE (1+TAG_LEN+ONIONSKIN_REPLY_LEN+40+32)
+#define LEN_ONION_RESPONSE (1+TAG_LEN+ONIONSKIN_REPLY_LEN+CPATH_KEY_MATERIAL_LEN)
/** How many cpuworkers we have running right now. */
static int num_cpuworkers=0;
@@ -159,7 +159,7 @@
goto done_processing;
}
tor_assert(circ->p_conn);
- if (onionskin_answer(circ, buf+TAG_LEN, buf+TAG_LEN+ONIONSKIN_REPLY_LEN) < 0) {
+ if (onionskin_answer(circ, CELL_CREATED, buf+TAG_LEN, buf+TAG_LEN+ONIONSKIN_REPLY_LEN) < 0) {
log_fn(LOG_WARN,"onionskin_answer failed. Closing.");
circuit_mark_for_close(circ);
goto done_processing;
@@ -205,7 +205,7 @@
int fd;
/* variables for onion processing */
- unsigned char keys[40+32];
+ unsigned char keys[CPATH_KEY_MATERIAL_LEN];
unsigned char reply_to_proxy[ONIONSKIN_REPLY_LEN];
unsigned char buf[LEN_ONION_RESPONSE];
char tag[TAG_LEN];
@@ -248,7 +248,7 @@
if (question_type == CPUWORKER_TASK_ONION) {
if (onion_skin_server_handshake(question, onion_key, last_onion_key,
- reply_to_proxy, keys, 40+32) < 0) {
+ reply_to_proxy, keys, CPATH_KEY_MATERIAL_LEN) < 0) {
/* failure */
log_fn(LOG_INFO,"onion_skin_server_handshake failed.");
memset(buf,0,LEN_ONION_RESPONSE); /* send all zeros for failure */
@@ -258,7 +258,7 @@
buf[0] = 1; /* 1 means success */
memcpy(buf+1,tag,TAG_LEN);
memcpy(buf+1+TAG_LEN,reply_to_proxy,ONIONSKIN_REPLY_LEN);
- memcpy(buf+1+TAG_LEN+ONIONSKIN_REPLY_LEN,keys,40+32);
+ memcpy(buf+1+TAG_LEN+ONIONSKIN_REPLY_LEN,keys,CPATH_KEY_MATERIAL_LEN);
}
if (write_all(fd, buf, LEN_ONION_RESPONSE, 1) != LEN_ONION_RESPONSE) {
log_fn(LOG_ERR,"writing response buf failed. Exiting.");
Index: onion.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/onion.c,v
retrieving revision 1.177
retrieving revision 1.178
diff -u -d -r1.177 -r1.178
--- onion.c 1 Apr 2005 20:15:55 -0000 1.177
+++ onion.c 2 May 2005 22:35:18 -0000 1.178
@@ -199,7 +199,7 @@
* next key_out_len bytes of key material in key_out.
*/
int
-onion_skin_server_handshake(char *onion_skin, /* ONIONSKIN_CHALLENGE_LEN bytes */
+onion_skin_server_handshake(const char *onion_skin, /* ONIONSKIN_CHALLENGE_LEN bytes */
crypto_pk_env_t *private_key,
crypto_pk_env_t *prev_private_key,
char *handshake_reply_out, /* ONIONSKIN_REPLY_LEN bytes */
@@ -287,9 +287,9 @@
*/
int
onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
- char *handshake_reply, /* Must be ONIONSKIN_REPLY_LEN bytes */
- char *key_out,
- size_t key_out_len)
+ const char *handshake_reply, /* Must be ONIONSKIN_REPLY_LEN bytes */
+ char *key_out,
+ size_t key_out_len)
{
int len;
char *key_material=NULL;
@@ -329,6 +329,69 @@
return 0;
}
+int
+fast_server_handshake(const char *key_in, /* DIGEST_LEN bytes */
+ char *handshake_reply_out, /* DIGEST_LEN*2 bytes */
+ char *key_out,
+ size_t key_out_len)
+{
+ char tmp[DIGEST_LEN+DIGEST_LEN+1];
+ char digest[DIGEST_LEN];
+ int i;
+
+ if (crypto_rand(handshake_reply_out, DIGEST_LEN)<0)
+ return -1;
+
+ memcpy(tmp, key_in, DIGEST_LEN);
+ memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN);
+ tmp[DIGEST_LEN+DIGEST_LEN] = 0;
+ crypto_digest(handshake_reply_out+DIGEST_LEN, tmp, sizeof(tmp));
+
+ for (i = 0; i*DIGEST_LEN < key_out_len; ++i) {
+ size_t len;
+ tmp[DIGEST_LEN+DIGEST_LEN] = i+1;
+ crypto_digest(digest, tmp, sizeof(tmp));
+ len = key_out_len - i*DIGEST_LEN;
+ if (len > DIGEST_LEN) len = DIGEST_LEN;
+ memcpy(key_out+i*DIGEST_LEN, digest, len);
+ }
+
+ return 0;
+}
+
+int
+fast_client_handshake(const char *handshake_state, /* DIGEST_LEN bytes */
+ const char *handshake_reply_out, /* DIGEST_LEN*2 bytes */
+ char *key_out,
+ size_t key_out_len)
+{
+ char tmp[DIGEST_LEN+DIGEST_LEN+1];
+ char digest[DIGEST_LEN];
+ int i;
+
+ memcpy(tmp, handshake_state, DIGEST_LEN);
+ memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN);
+ tmp[DIGEST_LEN+DIGEST_LEN] = 0;
+ crypto_digest(digest, tmp, sizeof(tmp));
+
+ if (memcmp(digest, handshake_reply_out+DIGEST_LEN, DIGEST_LEN)) {
+ /* H(K) does *not* match. Something fishy. */
+ log_fn(LOG_WARN,"Digest DOES NOT MATCH on fast handshake. Bug or attack.");
+ return -1;
+ }
+
+ for (i = 0; i*DIGEST_LEN < key_out_len; ++i) {
+ size_t len;
+ tmp[DIGEST_LEN+DIGEST_LEN] = i+1;
+ crypto_digest(digest, tmp, sizeof(tmp));
+ len = key_out_len - i*DIGEST_LEN;
+ if (len > DIGEST_LEN) len = DIGEST_LEN;
+ memcpy(key_out+i*DIGEST_LEN, digest, len);
+ }
+
+ return 0;
+}
+
/** Remove all circuits from the pending list. Called from tor_free_all. */
void
clear_pending_onions(void)
Index: or.h
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/or.h,v
retrieving revision 1.598
retrieving revision 1.599
diff -u -d -r1.598 -r1.599
--- or.h 2 May 2005 21:22:31 -0000 1.598
+++ or.h 2 May 2005 22:35:18 -0000 1.599
@@ -474,6 +474,8 @@
#define CELL_CREATED 2
#define CELL_RELAY 3
#define CELL_DESTROY 4
+#define CELL_CREATE_FAST 5
+#define CELL_CREATED_FAST 6
/* people behind fascist firewalls use only these ports */
#define REQUIRED_FIREWALL_DIRPORT 80
@@ -749,7 +751,8 @@
/** Current state of Diffie-Hellman key negotiation with the OR at this
* step. */
- crypto_dh_env_t *handshake_state;
+ crypto_dh_env_t *dh_handshake_state;
+ char fast_handshake_state[DIGEST_LEN];
/** Negotiated key material shared with the OR at this step. */
char handshake_digest[DIGEST_LEN];/* KH in tor-spec.txt */
@@ -1158,9 +1161,9 @@
void circuit_note_clock_jumped(int seconds_elapsed);
int circuit_extend(cell_t *cell, circuit_t *circ);
int circuit_init_cpath_crypto(crypt_path_t *cpath, char *key_data, int reverse);
-int circuit_finish_handshake(circuit_t *circ, char *reply);
+int circuit_finish_handshake(circuit_t *circ, uint8_t cell_type, char *reply);
int circuit_truncated(circuit_t *circ, crypt_path_t *layer);
-int onionskin_answer(circuit_t *circ, unsigned char *payload, unsigned char *keys);
+int onionskin_answer(circuit_t *circ, uint8_t cell_type, unsigned char *payload, unsigned char *keys);
int circuit_all_predicted_ports_handled(time_t now, int *need_uptime,
int *need_capacity);
@@ -1552,7 +1555,7 @@
crypto_dh_env_t **handshake_state_out,
char *onion_skin_out);
-int onion_skin_server_handshake(char *onion_skin,
+int onion_skin_server_handshake(const char *onion_skin,
crypto_pk_env_t *private_key,
crypto_pk_env_t *prev_private_key,
char *handshake_reply_out,
@@ -1560,9 +1563,19 @@
size_t key_out_len);
int onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
- char *handshake_reply,
- char *key_out,
- size_t key_out_len);
+ const char *handshake_reply,
+ char *key_out,
+ size_t key_out_len);
+
+int fast_server_handshake(const char *key_in,
+ char *handshake_reply_out,
+ char *key_out,
+ size_t key_out_len);
+
+int fast_client_handshake(const char *handshake_state,
+ const char *handshake_reply_out,
+ char *key_out,
+ size_t key_out_len);
void clear_pending_onions(void);
Index: relay.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/relay.c,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -d -r1.65 -r1.66
--- relay.c 7 Apr 2005 21:01:00 -0000 1.65
+++ relay.c 2 May 2005 22:35:18 -0000 1.66
@@ -882,7 +882,8 @@
return 0;
}
log_fn(LOG_DEBUG,"Got an extended cell! Yay.");
- if (circuit_finish_handshake(circ, cell->payload+RELAY_HEADER_SIZE) < 0) {
+ if (circuit_finish_handshake(circ, CELL_CREATED,
+ cell->payload+RELAY_HEADER_SIZE) < 0) {
log_fn(LOG_WARN,"circuit_finish_handshake failed.");
return -1;
}
Index: rendclient.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/rendclient.c,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -d -r1.84 -r1.85
--- rendclient.c 26 Apr 2005 22:36:00 -0000 1.84
+++ rendclient.c 2 May 2005 22:35:18 -0000 1.85
@@ -83,11 +83,11 @@
cpath = rendcirc->build_state->pending_final_cpath =
tor_malloc_zero(sizeof(crypt_path_t));
cpath->magic = CRYPT_PATH_MAGIC;
- if (!(cpath->handshake_state = crypto_dh_new())) {
+ if (!(cpath->dh_handshake_state = crypto_dh_new())) {
log_fn(LOG_WARN, "Couldn't allocate DH");
goto err;
}
- if (crypto_dh_generate_public(cpath->handshake_state)<0) {
+ if (crypto_dh_generate_public(cpath->dh_handshake_state)<0) {
log_fn(LOG_WARN, "Couldn't generate g^x");
goto err;
}
@@ -103,7 +103,7 @@
strncpy(tmp, rendcirc->build_state->chosen_exit_name, (MAX_NICKNAME_LEN+1)); /* nul pads */
memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_cookie, REND_COOKIE_LEN);
#endif
- if (crypto_dh_get_public(cpath->handshake_state,
+ if (crypto_dh_get_public(cpath->dh_handshake_state,
#if 0
tmp+1+MAX_HEX_NICKNAME_LEN+1+REND_COOKIE_LEN,
#else
@@ -338,8 +338,8 @@
tor_assert(circ->build_state);
tor_assert(circ->build_state->pending_final_cpath);
hop = circ->build_state->pending_final_cpath;
- tor_assert(hop->handshake_state);
- if (crypto_dh_compute_secret(hop->handshake_state, request, DH_KEY_LEN,
+ tor_assert(hop->dh_handshake_state);
+ if (crypto_dh_compute_secret(hop->dh_handshake_state, request, DH_KEY_LEN,
keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
log_fn(LOG_WARN, "Couldn't complete DH handshake");
goto err;
@@ -354,8 +354,8 @@
goto err;
}
- crypto_dh_free(hop->handshake_state);
- hop->handshake_state = NULL;
+ crypto_dh_free(hop->dh_handshake_state);
+ hop->dh_handshake_state = NULL;
/* All is well. Extend the circuit. */
circ->purpose = CIRCUIT_PURPOSE_C_REND_JOINED;
Index: rendservice.c
===================================================================
RCS file: /home/or/cvsroot/tor/src/or/rendservice.c,v
retrieving revision 1.122
retrieving revision 1.123
diff -u -d -r1.122 -r1.123
--- rendservice.c 7 Apr 2005 21:07:19 -0000 1.122
+++ rendservice.c 2 May 2005 22:35:18 -0000 1.123
@@ -511,7 +511,7 @@
cpath->magic = CRYPT_PATH_MAGIC;
launched->build_state->expiry_time = time(NULL) + MAX_REND_TIMEOUT;
- cpath->handshake_state = dh;
+ cpath->dh_handshake_state = dh;
dh = NULL;
if (circuit_init_cpath_crypto(cpath,keys+DIGEST_LEN,1)<0)
goto err;
@@ -722,7 +722,7 @@
/* All we need to do is send a RELAY_RENDEZVOUS1 cell... */
memcpy(buf, circuit->rend_cookie, REND_COOKIE_LEN);
- if (crypto_dh_get_public(hop->handshake_state,
+ if (crypto_dh_get_public(hop->dh_handshake_state,
buf+REND_COOKIE_LEN, DH_KEY_LEN)<0) {
log_fn(LOG_WARN,"Couldn't get DH public key");
goto err;
@@ -738,8 +738,8 @@
goto err;
}
- crypto_dh_free(hop->handshake_state);
- hop->handshake_state = NULL;
+ crypto_dh_free(hop->dh_handshake_state);
+ hop->dh_handshake_state = NULL;
/* Append the cpath entry. */
hop->state = CPATH_STATE_OPEN;
More information about the tor-commits
mailing list