Tor 0.4.9.0-alpha-dev
crypt_path.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2019-2021, The Tor Project, Inc. */
3/* See LICENSE for licensing information */
4
5/**
6 * \file crypt_path.c
7 *
8 * \brief Functions dealing with layered circuit encryption. This file aims to
9 * provide an API around the crypt_path_t structure which holds crypto
10 * information about a specific hop of a circuit.
11 *
12 * TODO: We should eventually move all functions dealing and manipulating
13 * crypt_path_t to this file, so that eventually we encapsulate more and more
14 * of crypt_path_t. Here are some more functions that can be moved here with
15 * some more effort:
16 *
17 * - circuit_list_path_impl()
18 **/
19
20#define CRYPT_PATH_PRIVATE
21
22#include "core/or/or.h"
23#include "core/or/crypt_path.h"
24
28#include "core/or/circuitlist.h"
29#include "core/or/extendinfo.h"
31
34
36#include "core/or/cell_st.h"
37
38/** Add <b>new_hop</b> to the end of the doubly-linked-list <b>head_ptr</b>.
39 * This function is used to extend cpath by another hop.
40 */
41void
43{
44 if (*head_ptr) {
45 new_hop->next = (*head_ptr);
46 new_hop->prev = (*head_ptr)->prev;
47 (*head_ptr)->prev->next = new_hop;
48 (*head_ptr)->prev = new_hop;
49 } else {
50 *head_ptr = new_hop;
51 new_hop->prev = new_hop->next = new_hop;
52 }
53}
54
55/** Create a new hop, annotate it with information about its
56 * corresponding router <b>choice</b>, and append it to the
57 * end of the cpath <b>head_ptr</b>. */
58int
60{
61 crypt_path_t *hop = tor_malloc_zero(sizeof(crypt_path_t));
62
63 /* link hop into the cpath, at the end. */
64 cpath_extend_linked_list(head_ptr, hop);
65
66 hop->magic = CRYPT_PATH_MAGIC;
67 hop->state = CPATH_STATE_CLOSED;
68
69 hop->extend_info = extend_info_dup(choice);
70
73
74 return 0;
75}
76
77/** Verify that cpath <b>cp</b> has all of its invariants
78 * correct. Trigger an assert if anything is invalid.
79 */
80void
82{
83 const crypt_path_t *start = cp;
84
85 do {
87 /* layers must be in sequence of: "open* awaiting? closed*" */
88 if (cp != start) {
89 if (cp->state == CPATH_STATE_AWAITING_KEYS) {
90 tor_assert(cp->prev->state == CPATH_STATE_OPEN);
91 } else if (cp->state == CPATH_STATE_OPEN) {
92 tor_assert(cp->prev->state == CPATH_STATE_OPEN);
93 }
94 }
95 cp = cp->next;
96 tor_assert(cp);
97 } while (cp != start);
98}
99
100/** Verify that cpath layer <b>cp</b> has all of its invariants
101 * correct. Trigger an assert if anything is invalid.
102 */
103void
105{
106// tor_assert(cp->addr); /* these are zero for rendezvous extra-hops */
107// tor_assert(cp->port);
108 tor_assert(cp);
109 tor_assert(cp->magic == CRYPT_PATH_MAGIC);
110 switch (cp->state)
111 {
112 case CPATH_STATE_OPEN:
113 relay_crypto_assert_ok(&cp->pvt_crypto);
114 FALLTHROUGH;
115 case CPATH_STATE_CLOSED:
116 /*XXXX Assert that there's no handshake_state either. */
118 break;
119 case CPATH_STATE_AWAITING_KEYS:
120 /* tor_assert(cp->dh_handshake_state); */
121 break;
122 default:
123 log_fn(LOG_ERR, LD_BUG, "Unexpected state %d", cp->state);
124 tor_assert(0);
125 }
126 tor_assert(cp->package_window >= 0);
127 tor_assert(cp->deliver_window >= 0);
128}
129
130/** Initialize cpath->{f|b}_{crypto|digest} from the key material in key_data.
131 *
132 * If <b>is_hs_v3</b> is set, this cpath will be used for next gen hidden
133 * service circuits and <b>key_data</b> must be at least
134 * HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN bytes in length.
135 *
136 * If <b>is_hs_v3</b> is not set, key_data must contain CPATH_KEY_MATERIAL_LEN
137 * bytes, which are used as follows:
138 * - 20 to initialize f_digest
139 * - 20 to initialize b_digest
140 * - 16 to key f_crypto
141 * - 16 to key b_crypto
142 *
143 * (If 'reverse' is true, then f_XX and b_XX are swapped.)
144 *
145 * Return 0 if init was successful, else -1 if it failed.
146 */
147int
149 const char *key_data, size_t key_data_len,
150 int reverse, int is_hs_v3)
151{
152
153 tor_assert(cpath);
154 return relay_crypto_init(&cpath->pvt_crypto, key_data, key_data_len,
155 reverse, is_hs_v3);
156}
157
158/** Deallocate space associated with the cpath node <b>victim</b>. */
159void
161{
162 if (!victim)
163 return;
164
165 relay_crypto_clear(&victim->pvt_crypto);
167 crypto_dh_free(victim->rend_dh_handshake_state);
168 extend_info_free(victim->extend_info);
170
171 memwipe(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */
172 tor_free(victim);
173}
174
175/********************** cpath crypto API *******************************/
176
177/** Encrypt or decrypt <b>payload</b> using the crypto of <b>cpath</b>. Actual
178 * operation decided by <b>is_decrypt</b>. */
179void
180cpath_crypt_cell(const crypt_path_t *cpath, uint8_t *payload, bool is_decrypt)
181{
182 if (is_decrypt) {
183 relay_crypt_one_payload(cpath->pvt_crypto.b_crypto, payload);
184 } else {
185 relay_crypt_one_payload(cpath->pvt_crypto.f_crypto, payload);
186 }
187}
188
189/** Getter for the incoming digest of <b>cpath</b>. */
190struct crypto_digest_t *
192{
193 return cpath->pvt_crypto.b_digest;
194}
195
196/** Set the right integrity digest on the outgoing <b>cell</b> based on the
197 * cell payload and update the forward digest of <b>cpath</b>. */
198void
200{
201 relay_set_digest(cpath->pvt_crypto.f_digest, cell);
202}
203
204/************ cpath sendme API ***************************/
205
206/** Return the sendme_digest of this <b>cpath</b>. */
207uint8_t *
209{
210 return relay_crypto_get_sendme_digest(&cpath->pvt_crypto);
211}
212
213/** Record the cell digest, indicated by is_foward_digest or not, as the
214 * SENDME cell digest. */
215void
216cpath_sendme_record_cell_digest(crypt_path_t *cpath, bool is_foward_digest)
217{
218 tor_assert(cpath);
219 relay_crypto_record_sendme_digest(&cpath->pvt_crypto, is_foward_digest);
220}
221
222/************ other cpath functions ***************************/
223
224/** Return the first non-open hop in cpath, or return NULL if all
225 * hops are open. */
228{
229 crypt_path_t *hop = cpath;
230 do {
231 if (hop->state != CPATH_STATE_OPEN)
232 return hop;
233 hop = hop->next;
234 } while (hop != cpath);
235 return NULL;
236}
237
238#ifdef TOR_UNIT_TESTS
239
240/** Unittest helper function: Count number of hops in cpath linked list. */
241unsigned int
242cpath_get_n_hops(crypt_path_t **head_ptr)
243{
244 unsigned int n_hops = 0;
245 crypt_path_t *tmp;
246
247 if (!*head_ptr) {
248 return 0;
249 }
250
251 tmp = *head_ptr;
252 do {
253 n_hops++;
254 tmp = tmp->next;
255 } while (tmp != *head_ptr);
256
257 return n_hops;
258}
259
260#endif /* defined(TOR_UNIT_TESTS) */
Fixed-size cell structure.
Header file for circuitbuild.c.
int32_t circuit_initial_package_window(void)
Definition: circuitlist.c:1007
Header file for circuitlist.c.
Public APIs for congestion control.
#define congestion_control_free(cc)
crypt_path_t * cpath_get_next_non_open_hop(crypt_path_t *cpath)
Definition: crypt_path.c:227
int cpath_append_hop(crypt_path_t **head_ptr, extend_info_t *choice)
Definition: crypt_path.c:59
struct crypto_digest_t * cpath_get_incoming_digest(const crypt_path_t *cpath)
Definition: crypt_path.c:191
void cpath_assert_layer_ok(const crypt_path_t *cp)
Definition: crypt_path.c:104
int cpath_init_circuit_crypto(crypt_path_t *cpath, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3)
Definition: crypt_path.c:148
void cpath_crypt_cell(const crypt_path_t *cpath, uint8_t *payload, bool is_decrypt)
Definition: crypt_path.c:180
void cpath_assert_ok(const crypt_path_t *cp)
Definition: crypt_path.c:81
void cpath_sendme_record_cell_digest(crypt_path_t *cpath, bool is_foward_digest)
Definition: crypt_path.c:216
void cpath_extend_linked_list(crypt_path_t **head_ptr, crypt_path_t *new_hop)
Definition: crypt_path.c:42
uint8_t * cpath_get_sendme_digest(crypt_path_t *cpath)
Definition: crypt_path.c:208
void cpath_set_cell_forward_digest(crypt_path_t *cpath, cell_t *cell)
Definition: crypt_path.c:199
void cpath_free(crypt_path_t *victim)
Definition: crypt_path.c:160
Header file for crypt_path.c.
Path structures for origin circuits.
Headers for crypto_dh.c.
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Common functions for cryptographic routines.
extend_info_t * extend_info_dup(extend_info_t *info)
Definition: extendinfo.c:184
Header for core/or/extendinfo.c.
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LOG_ERR
Definition: log.h:56
#define LD_BUG
Definition: log.h:86
#define tor_free(p)
Definition: malloc.h:56
void onion_handshake_state_release(onion_handshake_state_t *state)
Definition: onion_crypto.c:96
Header file for onion_crypto.c.
Master header file for Tor-specific functionality.
#define CIRCWINDOW_START
Definition: or.h:394
Header for relay_crypto.c.
uint8_t * relay_crypto_get_sendme_digest(relay_crypto_t *crypto)
Definition: relay_crypto.c:102
void relay_crypto_assert_ok(const relay_crypto_t *crypto)
Definition: relay_crypto.c:367
int relay_crypto_init(relay_crypto_t *crypto, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3)
Definition: relay_crypto.c:293
void relay_crypto_record_sendme_digest(relay_crypto_t *crypto, bool is_foward_digest)
Definition: relay_crypto.c:111
void relay_set_digest(crypto_digest_t *digest, cell_t *cell)
Definition: relay_crypto.c:31
void relay_crypto_clear(relay_crypto_t *crypto)
Definition: relay_crypto.c:265
void relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in)
Definition: relay_crypto.c:95
Definition: cell_st.h:17
struct crypt_path_t * prev
Definition: crypt_path_st.h:79
uint8_t state
Definition: crypt_path_st.h:72
struct crypt_path_t * next
Definition: crypt_path_st.h:76
struct crypto_dh_t * rend_dh_handshake_state
Definition: crypt_path_st.h:59
extend_info_t * extend_info
Definition: crypt_path_st.h:65
onion_handshake_state_t handshake_state
Definition: crypt_path_st.h:56
struct congestion_control_t * ccontrol
Definition: crypt_path_st.h:88
#define tor_assert(expr)
Definition: util_bug.h:103