Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Use symbolic constants; make padding types match.

svn:r1491
Nick Mathewson 21 years ago
parent
04e8dc9026
commit
5033c366e1
3 changed files with 29 additions and 35 deletions
Split View Show Diff Stats
  1. 9 8
      src/or/rendclient.c
  2. 12 20
      src/or/rendmid.c
  3. 8 7
      src/or/rendservice.c

+ 9 - 8
src/or/rendclient.c
View File 

@@ -41,13 +41,11 @@ rend_client_send_establish_rendezvous(circuit_t *circ)
 
   return 0;
 
 }
 
 
-#define LEN_REND_INTRODUCE1 (20+20+20+16+128+42)
 
-
 
 int
 
 rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
 
   const char *descp;
 
-  int desc_len;
 
-  char payload[LEN_REND_INTRODUCE1];
 
+  int desc_len, payload_len, r;
 
+  char payload[RELAY_PAYLOAD_SIZE];
 
   char tmp[20+20+128];
 
   rend_service_descriptor_t *parsed=NULL;
 
   crypt_path_t *cpath;
 
@@ -94,18 +92,21 @@ rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
 
     goto err;
 
   }
 
 
-  if(crypto_pk_public_hybrid_encrypt(parsed->pk, tmp,
 
-                                     20+20+128, payload+20,
 
-                                     PK_PKCS1_OAEP_PADDING) < 0) {
 
+  r = crypto_pk_public_hybrid_encrypt(parsed->pk, tmp,
 
+                                      20+20+128, payload+20,
 
+                                      PK_PKCS1_OAEP_PADDING);
 
+  if (r<0) {
 
     log_fn(LOG_WARN,"hybrid pk encrypt failed.");
 
     goto err;
 
   }
 
 
+  payload_len = 20 + r;
 
+
 
   rend_service_descriptor_free(parsed);
 
 
   if (connection_edge_send_command(NULL, introcirc,
 
                                    RELAY_COMMAND_INTRODUCE1,
 
-                                   payload, LEN_REND_INTRODUCE1,
 
+                                   payload, payload_len,
 
                                    introcirc->cpath->prev)<0) {
 
     /* introcirc is already marked for close. leave rendcirc alone. */
 
     log_fn(LOG_WARN, "Couldn't send INTRODUCE1 cell");

+ 12 - 20
src/or/rendmid.c
View File 

@@ -11,13 +11,12 @@ int
 
 rend_mid_establish_intro(circuit_t *circ, const char *request, int request_len)
 
 {
 
   crypto_pk_env_t *pk = NULL;
 
-  char buf[20+9];
 
-  char expected_digest[20];
 
-  char pk_digest[20];
 
+  char buf[DIGEST_LEN+9];
 
+  char expected_digest[DIGEST_LEN];
 
+  char pk_digest[DIGEST_LEN];
 
   int asn1len;
 
   circuit_t *c;
 
   char hexid[9];
 
-  char hexdigest[20*2+1];
 
 
   log_fn(LOG_INFO,
 
          "Received an ESTABLISH_INTRO request on circuit %d", circ->p_circ_id);
 
@@ -26,13 +25,13 @@ rend_mid_establish_intro(circuit_t *circ, const char *request, int request_len)
 
     log_fn(LOG_WARN, "Rejecting ESTABLISH_INTRO on non-OR or non-edge circuit");
 
     goto err;
 
   }
 
-  if (request_len < 22)
 
+  if (request_len < 2+DIGEST_LEN)
 
     goto truncated;
 
   /* First 2 bytes: length of asn1-encoded key. */
 
   asn1len = get_uint16(request);
 
 
   /* Next asn1len bytes: asn1-encoded key. */
 
-  if (request_len < 22+asn1len)
 
+  if (request_len < 2+DIGEST_LEN+asn1len)
 
     goto truncated;
 
   pk = crypto_pk_asn1_decode(request+2, asn1len);
 
   if (!pk) {
 
@@ -40,28 +39,21 @@ rend_mid_establish_intro(circuit_t *circ, const char *request, int request_len)
 
     goto err;
 
   }
 
 
-  /* XXX remove after debuggin */
 
-  hex_encode(circ->handshake_digest, 20, hexdigest);
 
-  log_fn(LOG_INFO, "Handshake information is: %s", hexdigest);
 
-
 
   /* Next 20 bytes: Hash of handshake_digest | "INTRODUCE" */
 
-  memcpy(buf, circ->handshake_digest, 20);
 
-  memcpy(buf+20, "INTRODUCE", 9);
 
-  if (crypto_digest(buf, 29, expected_digest)<0) {
 
+  memcpy(buf, circ->handshake_digest, DIGEST_LEN);
 
+  memcpy(buf+DIGEST_LEN, "INTRODUCE", 9);
 
+  if (crypto_digest(buf, DIGEST_LEN+9, expected_digest)<0) {
 
     log_fn(LOG_WARN, "Error computing digest");
 
     goto err;
 
   }
 
-  hex_encode(expected_digest, 20, hexdigest);
 
-  log_fn(LOG_INFO, "Expected digest is: %s", hexdigest);
 
-  hex_encode(request+2+asn1len, 20, hexdigest);
 
-  log_fn(LOG_INFO, "Received digest is: %s", hexdigest);
 
-  if (memcmp(expected_digest, request+2+asn1len, 20)) {
 
+  if (memcmp(expected_digest, request+2+asn1len, DIGEST_LEN)) {
 
     log_fn(LOG_WARN, "Hash of session info was not as expected");
 
     goto err;
 
   }
 
   /* Rest of body: signature of previous data */
 
-  if (crypto_pk_public_checksig_digest(pk, request, 22+asn1len,
 
-                           request+22+asn1len, request_len-(22+asn1len))<0) {
 
+  if (crypto_pk_public_checksig_digest(pk, request, 2+asn1len+DIGEST_LEN,
 
+                                       request+2+DIGEST_LEN+asn1len,
 
+                                       request_len-(2+DIGEST_LEN+asn1len))<0) {
 
     log_fn(LOG_WARN, "Incorrect signature on ESTABLISH_INTRO cell; rejecting");
 
     goto err;
 
   }

+ 8 - 7
src/or/rendservice.c
View File 

@@ -306,7 +306,7 @@ rend_service_introduce(circuit_t *circuit, const char *request, int request_len)
 
 {
 
   char *ptr, *rp_nickname, *r_cookie;
 
   char buf[RELAY_PAYLOAD_SIZE];
 
-  char keys[20+CPATH_KEY_MATERIAL_LEN]; /* Holds KH, Df, Db, Kf, Kb */
 
+  char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN]; /* Holds KH, Df, Db, Kf, Kb */
 
   rend_service_t *service;
 
   int len, keylen;
 
   crypto_dh_env_t *dh = NULL;
 
@@ -334,14 +334,14 @@ rend_service_introduce(circuit_t *circuit, const char *request, int request_len)
 
     return -1;
 
   }
 
 
-  /* first 20 bytes of request is service pk digest */
 
+  /* first DIGEST_LEN bytes of request is service pk digest */
 
   service = rend_service_get_by_pk_digest(request);
 
   if (!service) {
 
     log_fn(LOG_WARN, "Got an INTRODUCE2 cell for an unrecognized service %s",
 
            hexid);
 
     return -1;
 
   }
 
-  if (memcmp(circuit->rend_pk_digest, request, 20)) {
 
+  if (memcmp(circuit->rend_pk_digest, request, DIGEST_LEN)) {
 
     hex_encode(request, 4, hexid);
 
     log_fn(LOG_WARN, "Got an INTRODUCE2 cell for the wrong service (%s)",
 
            hexid);
 
@@ -349,13 +349,14 @@ rend_service_introduce(circuit_t *circuit, const char *request, int request_len)
 
   }
 
 
   keylen = crypto_pk_keysize(service->private_key);
 
-  if (request_len < keylen+20) {
 
+  if (request_len < keylen+DIGEST_LEN) {
 
     log_fn(LOG_WARN, "PK-encrypted portion of INTRODUCE2 cell was truncated");
 
     return -1;
 
   }
 
   /* Next N bytes is encrypted with service key */
 
   len = crypto_pk_private_hybrid_decrypt(
 
-       service->private_key,request,request_len-20,buf, PK_PKCS1_PADDING);
 
+       service->private_key,request,request_len-DIGEST_LEN,buf,
 
+       PK_PKCS1_OAEP_PADDING);
 
   if (len<0) {
 
     log_fn(LOG_WARN, "Couldn't decrypt INTRODUCE2 cell");
 
     return -1;
 
@@ -386,8 +387,8 @@ rend_service_introduce(circuit_t *circuit, const char *request, int request_len)
 
     log_fn(LOG_WARN, "Couldn't build DH state or generate public key");
 
     goto err;
 
   }
 
-  if (crypto_dh_compute_secret(dh, ptr+20, DH_KEY_LEN, keys,
 
-                               20+CPATH_KEY_MATERIAL_LEN)<0) {
 
+  if (crypto_dh_compute_secret(dh, ptr+REND_COOKIE_LEN, DH_KEY_LEN, keys,
 
+                               DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
 
     log_fn(LOG_WARN, "Couldn't complete DH handshake");
 
     goto err;
 
   }