static smartlist_t * descbr_get_digests_mock(void) { char digest[DIGEST_LEN], *tmp; int len; smartlist_t *list = NULL; if (!disable_descbr) { /* Just pretend we have only the two hard-coded digests listed above */ list = smartlist_new(); len = base16_decode(digest, DIGEST_LEN, descbr_digest_1_str, strlen(descbr_digest_1_str)); tt_int_op(len, OP_EQ, DIGEST_LEN); tmp = tor_malloc(DIGEST_LEN); memcpy(tmp, digest, DIGEST_LEN); smartlist_add(list, tmp); len = base16_decode(digest, DIGEST_LEN, descbr_digest_2_str, strlen(descbr_digest_2_str)); tt_int_op(len, OP_EQ, DIGEST_LEN); tmp = tor_malloc(DIGEST_LEN); memcpy(tmp, digest, DIGEST_LEN); smartlist_add(list, tmp); } done: return list; }
static smartlist_t * cert_dl_status_auth_ids_mock(void) { char digest[DIGEST_LEN], *tmp; int len; smartlist_t *list = NULL; /* Just pretend we have only the two hard-coded digests listed above */ list = smartlist_new(); len = base16_decode(digest, DIGEST_LEN, auth_id_digest_1_str, strlen(auth_id_digest_1_str)); tt_int_op(len, OP_EQ, DIGEST_LEN); tmp = tor_malloc(DIGEST_LEN); memcpy(tmp, digest, DIGEST_LEN); smartlist_add(list, tmp); len = base16_decode(digest, DIGEST_LEN, auth_id_digest_2_str, strlen(auth_id_digest_2_str)); tt_int_op(len, OP_EQ, DIGEST_LEN); tmp = tor_malloc(DIGEST_LEN); memcpy(tmp, digest, DIGEST_LEN); smartlist_add(list, tmp); done: return list; }
static int client2(int argc, char **argv) { struct ntor_ntru_handshake_state_t state; uint8_t msg[NTOR_NTRU_REPLY_LEN]; int keybytes; uint8_t *keys; char *hexkeys; int result = 0; N_ARGS(5); BASE16(2, (&state), sizeof(state)); BASE16(3, msg, sizeof(msg)); INT(4, keybytes); keys = tor_malloc(keybytes); hexkeys = tor_malloc(keybytes*2+1); if (onion_skin_ntor_ntru_client_handshake(&state, msg, keys, keybytes)<0) { fprintf(stderr, "handshake failed"); result = 2; goto done; } base16_encode(hexkeys, keybytes*2+1, (const char*)keys, keybytes); printf("%s\n", hexkeys); done: tor_free(keys); tor_free(hexkeys); return result; }
static chunk_t * chunk_new(size_t len) { chunk_t *ch = tor_malloc(sizeof(chunk_t)); ch->buf = tor_malloc(len); ch->len = len; return ch; }
/** Validate every signature among those in <b>checkable</b>, which contains * exactly <b>n_checkable</b> elements. If <b>okay_out</b> is non-NULL, set * the i'th element of <b>okay_out</b> to 1 if the i'th element of * <b>checkable</b> is valid, and to 0 otherwise. Return 0 if every signature * was valid. Otherwise return -N, where N is the number of invalid * signatures. */ int ed25519_checksig_batch(int *okay_out, const ed25519_checkable_t *checkable, int n_checkable) { int res, i; res = 0; for (i = 0; i < n_checkable; ++i) { const ed25519_checkable_t *ch = &checkable[i]; int r = ed25519_checksig(&ch->signature, ch->msg, ch->len, ch->pubkey); if (r < 0) --res; if (okay_out) okay_out[i] = (r == 0); } #if 0 /* This is how we'd do it if we were using ed25519_donna. I'll keep this * code around here in case we ever do that. */ const uint8_t **ms; size_t *lens; const uint8_t **pks; const uint8_t **sigs; int *oks; ms = tor_malloc(sizeof(uint8_t*)*n_checkable); lens = tor_malloc(sizeof(size_t)*n_checkable); pks = tor_malloc(sizeof(uint8_t*)*n_checkable); sigs = tor_malloc(sizeof(uint8_t*)*n_checkable); oks = okay_out ? okay_out : tor_malloc(sizeof(int)*n_checkable); for (i = 0; i < n_checkable; ++i) { ms[i] = checkable[i].msg; lens[i] = checkable[i].len; pks[i] = checkable[i].pubkey->pubkey; sigs[i] = checkable[i].signature.sig; oks[i] = 0; } ed25519_sign_open_batch_donna_fb(ms, lens, pks, sigs, n_checkable, oks); res = 0; for (i = 0; i < n_checkable; ++i) { /* XXX/yawning: Propagate to okay_out? */ if (!oks[i]) --res; } tor_free(ms); tor_free(lens); tor_free(pks); if (! okay_out) tor_free(oks); #endif return res; }
/** Allocate and return an empty smartlist. */ smartlist_t * smartlist_create(void) { smartlist_t *sl = tor_malloc(sizeof(smartlist_t)); sl->num_used = 0; sl->capacity = SMARTLIST_DEFAULT_CAPACITY; sl->list = tor_malloc(sizeof(void *) * sl->capacity); return sl; }
/** Set *<b>out</b> to a newly allocated SOCKS4a resolve request with * <b>username</b> and <b>hostname</b> as provided. Return the number * of bytes in the request. */ static ssize_t build_socks_resolve_request(char **out, const char *username, const char *hostname, int reverse, int version) { size_t len = 0; tor_assert(out); tor_assert(username); tor_assert(hostname); if (version == 4) { len = 8 + strlen(username) + 1 + strlen(hostname) + 1; *out = tor_malloc(len); (*out)[0] = 4; /* SOCKS version 4 */ (*out)[1] = '\xF0'; /* Command: resolve. */ set_uint16((*out)+2, htons(0)); /* port: 0. */ set_uint32((*out)+4, htonl(0x00000001u)); /* addr: 0.0.0.1 */ memcpy((*out)+8, username, strlen(username)+1); memcpy((*out)+8+strlen(username)+1, hostname, strlen(hostname)+1); } else if (version == 5) { int is_ip_address; tor_addr_t addr; size_t addrlen; int ipv6; is_ip_address = tor_addr_parse(&addr, hostname) != -1; if (!is_ip_address && reverse) { log_err(LD_GENERAL, "Tried to do a reverse lookup on a non-IP!"); return -1; } ipv6 = reverse && tor_addr_family(&addr) == AF_INET6; addrlen = reverse ? (ipv6 ? 16 : 4) : 1 + strlen(hostname); len = 6 + addrlen; *out = tor_malloc(len); (*out)[0] = 5; /* SOCKS version 5 */ (*out)[1] = reverse ? '\xF1' : '\xF0'; /* RESOLVE_PTR or RESOLVE */ (*out)[2] = 0; /* reserved. */ if (reverse) { (*out)[3] = ipv6 ? 4 : 1; if (ipv6) memcpy((*out)+4, tor_addr_to_in6_addr8(&addr), 16); else set_uint32((*out)+4, tor_addr_to_ipv4n(&addr)); } else { (*out)[3] = 3; (*out)[4] = (char)(uint8_t)(addrlen - 1); memcpy((*out)+5, hostname, addrlen - 1); } set_uint16((*out)+4+addrlen, 0); /* port */ } else { tor_assert(0); } return len; }
void add_router_to_favorites(HWND hDlg,char *router,char favtype) { if(hDlgRouterRestrictions) { char *favtmp2,*favtmp3; int favtmpsize; int i; favtmpsize=SendDlgItemMessage(hDlgRouterRestrictions,15101,WM_GETTEXTLENGTH,0,0); favtmp2=tor_malloc(favtmpsize+256+5);favtmp3=favtmp2; GetDlgItemText(hDlgRouterRestrictions,15101,favtmp2,favtmpsize+1);favtmp2+=favtmpsize; if((favtmpsize>2)&&((*(favtmp2-1)!=0x0d)&&(*(favtmp2-1)!=0x0a))) { *favtmp2++=0x0d;*favtmp2++=0x0a;} *favtmp2++='[';*favtmp2++=favtype;*favtmp2++=']';*favtmp2++=32; for(i=0;router[i];i++) *favtmp2++=router[i]; *favtmp2++=13;*favtmp2++=10;*favtmp2++=0; tor_snprintf(favtmp2,100,get_lang_str(LANG_MB_FAV_ADDED),favtmp3+favtmpsize); LangMessageBox(hDlg,favtmp2,LANG_MB_FAVORITES,MB_OK); log(LOG_NOTICE,LD_APP,favtmp2); SetDlgItemText(hDlgRouterRestrictions,15101,favtmp3); refreshFavoriteNodes(); tor_free(favtmp3); } else if(favtype=='X') { char *tmp1=routerset_to_string(tmpOptions->ExitNodes); int i=strlen(tmp1)+256+5; char *tmp2=tor_malloc(i),*tmp3=tor_malloc(256); tor_snprintf(tmp2,i,"%s,%s",tmp1,router); r1=tmpOptions->ExitNodes; r2=routerset_new(); routerset_parse(r2,tmp2,"ExitNodes"); tmpOptions->ExitNodes=r2; if(r1) routerset_free(r1); tor_snprintf(tmp3,256,"[X] %s",router); tor_snprintf(tmp2,100,get_lang_str(LANG_MB_FAV_ADDED),tmp3); LangMessageBox(hDlg,tmp2,LANG_MB_FAVORITES,MB_OK); log(LOG_NOTICE,LD_APP,tmp2); tor_free(tmp1);tor_free(tmp2);tor_free(tmp3); } else if(favtype=='E') { char *tmp1=routerset_to_string(tmpOptions->EntryNodes); int i=strlen(tmp1)+256+5; char *tmp2=tor_malloc(i),*tmp3=tor_malloc(256); tor_snprintf(tmp2,i,"%s,%s",tmp1,router); r1=tmpOptions->EntryNodes; r2=routerset_new(); routerset_parse(r2,tmp2,"EntryNodes"); tmpOptions->EntryNodes=r2; if(r1) routerset_free(r1); tor_snprintf(tmp3,256,"[E] %s",router); tor_snprintf(tmp2,100,get_lang_str(LANG_MB_FAV_ADDED),tmp3); LangMessageBox(hDlg,tmp2,LANG_MB_FAVORITES,MB_OK); log(LOG_NOTICE,LD_APP,tmp2); tor_free(tmp1);tor_free(tmp2);tor_free(tmp3); } }
static smartlist_t * cert_dl_status_sks_for_auth_id_mock(const char *digest) { smartlist_t *list = NULL; char sk[DIGEST_LEN]; char digest_str[HEX_DIGEST_LEN+1]; char *tmp; int len; tt_assert(digest != NULL); base16_encode(digest_str, HEX_DIGEST_LEN + 1, digest, DIGEST_LEN); digest_str[HEX_DIGEST_LEN] = '\0'; /* * Build a list of two hard-coded digests, depending on what we * were just passed. */ if (strcmp(digest_str, auth_id_digest_1_str) == 0) { list = smartlist_new(); len = base16_decode(sk, DIGEST_LEN, auth_1_sk_1_str, strlen(auth_1_sk_1_str)); tt_int_op(len, OP_EQ, DIGEST_LEN); tmp = tor_malloc(DIGEST_LEN); memcpy(tmp, sk, DIGEST_LEN); smartlist_add(list, tmp); len = base16_decode(sk, DIGEST_LEN, auth_1_sk_2_str, strlen(auth_1_sk_2_str)); tt_int_op(len, OP_EQ, DIGEST_LEN); tmp = tor_malloc(DIGEST_LEN); memcpy(tmp, sk, DIGEST_LEN); smartlist_add(list, tmp); } else if (strcmp(digest_str, auth_id_digest_2_str) == 0) { list = smartlist_new(); len = base16_decode(sk, DIGEST_LEN, auth_2_sk_1_str, strlen(auth_2_sk_1_str)); tt_int_op(len, OP_EQ, DIGEST_LEN); tmp = tor_malloc(DIGEST_LEN); memcpy(tmp, sk, DIGEST_LEN); smartlist_add(list, tmp); len = base16_decode(sk, DIGEST_LEN, auth_2_sk_2_str, strlen(auth_2_sk_2_str)); tt_int_op(len, OP_EQ, DIGEST_LEN); tmp = tor_malloc(DIGEST_LEN); memcpy(tmp, sk, DIGEST_LEN); smartlist_add(list, tmp); } done: return list; }
/** Set *<b>out</b> to a newly allocated SOCKS4a resolve request with * <b>username</b> and <b>hostname</b> as provided. Return the number * of bytes in the request. */ static int build_socks_resolve_request(char **out, const char *username, const char *hostname, int reverse, int version) { size_t len = 0; tor_assert(out); tor_assert(username); tor_assert(hostname); if (version == 4) { len = 8 + strlen(username) + 1 + strlen(hostname) + 1; *out = tor_malloc(len); (*out)[0] = 4; /* SOCKS version 4 */ (*out)[1] = '\xF0'; /* Command: resolve. */ set_uint16((*out)+2, htons(0)); /* port: 0. */ set_uint32((*out)+4, htonl(0x00000001u)); /* addr: 0.0.0.1 */ memcpy((*out)+8, username, strlen(username)+1); memcpy((*out)+8+strlen(username)+1, hostname, strlen(hostname)+1); } else if (version == 5) { int is_ip_address; struct in_addr in; size_t addrlen; is_ip_address = tor_inet_aton(hostname, &in); if (!is_ip_address && reverse) { log_err(LD_GENERAL, "Tried to do a reverse lookup on a non-IP!"); return -1; } addrlen = reverse ? 4 : 1 + strlen(hostname); len = 6 + addrlen; *out = tor_malloc(len); (*out)[0] = 5; /* SOCKS version 5 */ (*out)[1] = reverse ? '\xF1' : '\xF0'; /* RESOLVE_PTR or RESOLVE */ (*out)[2] = 0; /* reserved. */ (*out)[3] = reverse ? 1 : 3; if (reverse) { set_uint32((*out)+4, in.s_addr); } else { (*out)[4] = (char)(uint8_t)(addrlen - 1); memcpy((*out)+5, hostname, addrlen - 1); } set_uint16((*out)+4+addrlen, 0); /* port */ } else { tor_assert(0); } return len; }
static void test_buffers_zlib_impl(int finalize_with_nil) { char *msg = NULL; char *contents = NULL; char *expanded = NULL; buf_t *buf = NULL; tor_zlib_state_t *zlib_state = NULL; size_t out_len, in_len; int done; buf = buf_new_with_capacity(128); /* will round up */ zlib_state = tor_zlib_new(1, ZLIB_METHOD, HIGH_COMPRESSION); msg = tor_malloc(512); crypto_rand(msg, 512); tt_int_op(write_to_buf_zlib(buf, zlib_state, msg, 128, 0), OP_EQ, 0); tt_int_op(write_to_buf_zlib(buf, zlib_state, msg+128, 128, 0), OP_EQ, 0); tt_int_op(write_to_buf_zlib(buf, zlib_state, msg+256, 256, 0), OP_EQ, 0); done = !finalize_with_nil; tt_int_op(write_to_buf_zlib(buf, zlib_state, "all done", 9, done), OP_EQ, 0); if (finalize_with_nil) { tt_int_op(write_to_buf_zlib(buf, zlib_state, "", 0, 1), OP_EQ, 0); } in_len = buf_datalen(buf); contents = tor_malloc(in_len); tt_int_op(fetch_from_buf(contents, in_len, buf), OP_EQ, 0); tt_int_op(0, OP_EQ, tor_gzip_uncompress(&expanded, &out_len, contents, in_len, ZLIB_METHOD, 1, LOG_WARN)); tt_int_op(out_len, OP_GE, 128); tt_mem_op(msg, OP_EQ, expanded, 128); tt_int_op(out_len, OP_GE, 512); tt_mem_op(msg, OP_EQ, expanded, 512); tt_int_op(out_len, OP_EQ, 512+9); tt_mem_op("all done", OP_EQ, expanded+512, 9); done: buf_free(buf); tor_zlib_free(zlib_state); tor_free(contents); tor_free(expanded); tor_free(msg); }
static void test_routerlist_launch_descriptor_downloads(void *arg) { smartlist_t *downloadable = smartlist_new(); time_t now = time(NULL); char *cp; (void)arg; for (int i = 0; i < 100; i++) { cp = tor_malloc(DIGEST256_LEN); tt_assert(cp); crypto_rand(cp, DIGEST256_LEN); smartlist_add(downloadable, cp); } MOCK(initiate_descriptor_downloads, mock_initiate_descriptor_downloads); launch_descriptor_downloads(DIR_PURPOSE_FETCH_MICRODESC, downloadable, NULL, now); tt_int_op(3, ==, count); UNMOCK(initiate_descriptor_downloads); done: SMARTLIST_FOREACH(downloadable, char *, cp1, tor_free(cp1)); smartlist_free(downloadable); }
/** Helper: allocate a new memarea chunk of around <b>chunk_size</b> bytes. */ static memarea_chunk_t * alloc_chunk(size_t sz, int freelist_ok) { tor_assert(sz < SIZE_T_CEILING); if (freelist && freelist_ok) { memarea_chunk_t *res = freelist; freelist = res->next_chunk; res->next_chunk = NULL; --freelist_len; CHECK_SENTINEL(res); return res; } else { size_t chunk_size = freelist_ok ? CHUNK_SIZE : sz; memarea_chunk_t *res; chunk_size += SENTINEL_LEN; res = tor_malloc(chunk_size); res->next_chunk = NULL; res->mem_size = chunk_size - CHUNK_HEADER_SIZE - SENTINEL_LEN; res->next_mem = res->U_MEM; tor_assert(res->next_mem+res->mem_size+SENTINEL_LEN == ((char*)res)+chunk_size); tor_assert(realign_pointer(res->next_mem) == res->next_mem); SET_SENTINEL(res); return res; } }
static const routerinfo_t * NS(router_get_my_routerinfo)(void) { mock_routerinfo = tor_malloc(sizeof(routerinfo_t)); return mock_routerinfo; }
/** Run unit tests for our secret-to-key passphrase hashing functionality. */ static void test_crypto_s2k(void) { char buf[29]; char buf2[29]; char *buf3 = NULL; int i; memset(buf, 0, sizeof(buf)); memset(buf2, 0, sizeof(buf2)); buf3 = tor_malloc(65536); memset(buf3, 0, 65536); secret_to_key(buf+9, 20, "", 0, buf); crypto_digest(buf2+9, buf3, 1024); test_memeq(buf, buf2, 29); memcpy(buf,"vrbacrda",8); memcpy(buf2,"vrbacrda",8); buf[8] = 96; buf2[8] = 96; secret_to_key(buf+9, 20, "12345678", 8, buf); for (i = 0; i < 65536; i += 16) { memcpy(buf3+i, "vrbacrda12345678", 16); } crypto_digest(buf2+9, buf3, 65536); test_memeq(buf, buf2, 29); done: tor_free(buf3); }
int replaycache_add_and_test_internal( time_t present, replaycache_t *r, const void *data, int len, time_t *elapsed) { int rv = 0; char digest[DIGEST_LEN]; time_t *access_time; /* sanity check */ if (present <= 0 || !r || !data || len <= 0) { log_info(LD_BUG, "replaycache_add_and_test_internal() called with stupid" " parameters; please fix this."); goto done; } /* compute digest */ crypto_digest(digest, (const char *)data, len); /* check map */ access_time = digestmap_get(r->digests_seen, digest); /* seen before? */ if (access_time != NULL) { /* * If it's far enough in the past, no hit. If the horizon is zero, we * never expire. */ if (*access_time >= present - r->horizon || r->horizon == 0) { /* replay cache hit, return 1 */ rv = 1; /* If we want to output an elapsed time, do so */ if (elapsed) { if (present >= *access_time) { *elapsed = present - *access_time; } else { /* We shouldn't really be seeing hits from the future, but... */ *elapsed = 0; } } } /* * If it's ahead of the cached time, update */ if (*access_time < present) { *access_time = present; } } else { /* No, so no hit and update the digest map with the current time */ access_time = tor_malloc(sizeof(*access_time)); *access_time = present; digestmap_set(r->digests_seen, digest, access_time); } /* now scrub the cache if it's time */ replaycache_scrub_if_needed_internal(present, r); done: return rv; }
/** Encode <b>key</b> in the format used in directory documents; return * a newly allocated string holding the result or NULL on failure. */ static char * key_to_string(EVP_PKEY *key) { BUF_MEM *buf; BIO *b; RSA *rsa = EVP_PKEY_get1_RSA(key); char *result; if (!rsa) return NULL; b = BIO_new(BIO_s_mem()); if (!PEM_write_bio_RSAPublicKey(b, rsa)) { crypto_log_errors(LOG_WARN, "writing public key to string"); return NULL; } BIO_get_mem_ptr(b, &buf); (void) BIO_set_close(b, BIO_NOCLOSE); BIO_free(b); result = tor_malloc(buf->length + 1); memcpy(result, buf->data, buf->length); result[buf->length] = 0; BUF_MEM_free(buf); return result; }
void show_favorites(void) { char *tmp1,*tmp2,*tmp3,*tmp4; if((tmpOptions->EntryNodes)||(tmpOptions->ExitNodes)) { tmp3=tor_malloc(65536);tmp4=tmp3; if(tmpOptions->EntryNodes) { tmp1=routerset_to_string(tmpOptions->EntryNodes); tmp2=tmp1; while(*tmp2) { if((*tmp2!=0)&&(*tmp2!=',')) { *tmp3++='[';*tmp3++='E';*tmp3++=']';*tmp3++=32; while((*tmp2!=0)&&(*tmp2!=',')) *tmp3++=*tmp2++; } else if(*tmp2==',') { *tmp3++=13;*tmp3++=10;tmp2++;} } tor_free(tmp1); if(tmp3!=tmp4){*tmp3++=13;*tmp3++=10;} } if(tmpOptions->ExitNodes) { tmp1=routerset_to_string(tmpOptions->ExitNodes); tmp2=tmp1; while(*tmp2) { if((*tmp2!=0)&&(*tmp2!=',')) { *tmp3++='[';*tmp3++='X';*tmp3++=']';*tmp3++=32; while((*tmp2!=0)&&(*tmp2!=',')) *tmp3++=*tmp2++; } else if(*tmp2==',') { *tmp3++=13;*tmp3++=10;tmp2++;} } tor_free(tmp1); } *tmp3=0; SetDlgItemText(hDlgRouterRestrictions,15101,tmp4);tor_free(tmp4); } }
/** Perform the second (server-side) step of a circuit-creation handshake of * type <b>type</b>, responding to the client request in <b>onion_skin</b> * using the keys in <b>keys</b>. On success, write our response into * <b>reply_out</b>, generate <b>keys_out_len</b> bytes worth of key material * in <b>keys_out_len</b>, a hidden service nonce to <b>rend_nonce_out</b>, * and return the length of the reply. On failure, return -1. */ int onion_skin_server_handshake(int type, const uint8_t *onion_skin, size_t onionskin_len, const server_onion_keys_t *keys, uint8_t *reply_out, uint8_t *keys_out, size_t keys_out_len, uint8_t *rend_nonce_out) { int r = -1; switch (type) { case ONION_HANDSHAKE_TYPE_TAP: if (onionskin_len != TAP_ONIONSKIN_CHALLENGE_LEN) return -1; if (onion_skin_TAP_server_handshake((const char*)onion_skin, keys->onion_key, keys->last_onion_key, (char*)reply_out, (char*)keys_out, keys_out_len)<0) return -1; r = TAP_ONIONSKIN_REPLY_LEN; memcpy(rend_nonce_out, reply_out+DH_KEY_LEN, DIGEST_LEN); break; case ONION_HANDSHAKE_TYPE_FAST: if (onionskin_len != CREATE_FAST_LEN) return -1; if (fast_server_handshake(onion_skin, reply_out, keys_out, keys_out_len)<0) return -1; r = CREATED_FAST_LEN; memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN); break; case ONION_HANDSHAKE_TYPE_NTOR: if (onionskin_len < NTOR_ONIONSKIN_LEN) return -1; { size_t keys_tmp_len = keys_out_len + DIGEST_LEN; uint8_t *keys_tmp = tor_malloc(keys_out_len + DIGEST_LEN); if (onion_skin_ntor_server_handshake( onion_skin, keys->curve25519_key_map, keys->junk_keypair, keys->my_identity, reply_out, keys_tmp, keys_tmp_len)<0) { tor_free(keys_tmp); return -1; } memcpy(keys_out, keys_tmp, keys_out_len); memcpy(rend_nonce_out, keys_tmp+keys_out_len, DIGEST_LEN); memwipe(keys_tmp, 0, keys_tmp_len); tor_free(keys_tmp); r = NTOR_REPLY_LEN; } break; default: log_warn(LD_BUG, "called with unknown handshake state type %d", type); tor_fragile_assert(); return -1; } return r; }
/** * Auxiliary function used in order to allocate a sandbox_cfg_t element and set * it's values according the the parameter list. All elements are initialised * with the 'prot' field set to false, as the pointer is not protected at this * point. */ static sandbox_cfg_t* new_element(int syscall, int index, intptr_t value) { smp_param_t *param = NULL; sandbox_cfg_t *elem = tor_malloc(sizeof(sandbox_cfg_t)); elem->param = tor_malloc(sizeof(smp_param_t)); param = elem->param; param->syscall = syscall; param->pindex = index; param->value = value; param->prot = 0; return elem; }
replaycache_t * replaycache_new(time_t horizon, time_t interval) { replaycache_t *r = NULL; if (horizon < 0) { log_info(LD_BUG, "replaycache_new() called with negative" " horizon parameter"); goto err; } if (interval < 0) { log_info(LD_BUG, "replaycache_new() called with negative interval" " parameter"); interval = 0; } r = tor_malloc(sizeof(*r)); r->scrub_interval = interval; r->scrubbed = 0; r->horizon = horizon; r->digests_seen = digestmap_new(); err: return r; }
static void test_buffers_tls_read_mocked(void *arg) { uint8_t *mem; buf_t *buf; (void)arg; mem = tor_malloc(64*1024); crypto_rand((char*)mem, 64*1024); tls_read_ptr = mem; n_remaining = 64*1024; MOCK(tor_tls_read, mock_tls_read); buf = buf_new(); next_reply_val[0] = 1024; tt_int_op(128, ==, read_to_buf_tls(NULL, 128, buf)); next_reply_val[0] = 5000; next_reply_val[1] = 5000; tt_int_op(6000, ==, read_to_buf_tls(NULL, 6000, buf)); done: UNMOCK(tor_tls_read); tor_free(mem); buf_free(buf); }
/** Check whether an RSA-TAP cross-certification is correct. Return 0 if it * is, -1 if it isn't. */ int check_tap_onion_key_crosscert(const uint8_t *crosscert, int crosscert_len, const crypto_pk_t *onion_pkey, const ed25519_public_key_t *master_id_pkey, const uint8_t *rsa_id_digest) { uint8_t *cc = tor_malloc(crypto_pk_keysize(onion_pkey)); int cc_len = crypto_pk_public_checksig(onion_pkey, (char*)cc, crypto_pk_keysize(onion_pkey), (const char*)crosscert, crosscert_len); if (cc_len < 0) { goto err; } if (cc_len < DIGEST_LEN + ED25519_PUBKEY_LEN) { log_warn(LD_DIR, "Short signature on cross-certification with TAP key"); goto err; } if (tor_memneq(cc, rsa_id_digest, DIGEST_LEN) || tor_memneq(cc + DIGEST_LEN, master_id_pkey->pubkey, ED25519_PUBKEY_LEN)) { log_warn(LD_DIR, "Incorrect cross-certification with TAP key"); goto err; } tor_free(cc); return 0; err: tor_free(cc); return -1; }
/** Allocate a rend cache failure object and return it. This function can * not fail. */ STATIC rend_cache_failure_t * rend_cache_failure_entry_new(void) { rend_cache_failure_t *entry = tor_malloc(sizeof(*entry)); entry->intro_failures = digestmap_new(); return entry; }
/** Implement the second half of the client side of the CREATE_FAST handshake. * We sent the server <b>handshake_state</b> ("x") already, and the server * told us <b>handshake_reply_out</b> (y|H(x|y)). Make sure that the hash is * correct, and generate key material in <b>key_out</b>. Return 0 on success, * true on failure. * * NOTE: The "CREATE_FAST" handshake path is distinguishable from regular * "onionskin" handshakes, and is not secure if an adversary can see or modify * the messages. Therefore, it should only be used by clients, and only as * the first hop of a circuit (since the first hop is already authenticated * and protected by TLS). */ int fast_client_handshake(const char *handshake_state, /* DIGEST_LEN bytes */ const char *handshake_reply_out, /* DIGEST_LEN*2 bytes */ char *key_out, size_t key_out_len) { char tmp[DIGEST_LEN+DIGEST_LEN]; char *out; size_t out_len; int r = -1; memcpy(tmp, handshake_state, DIGEST_LEN); memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN); out_len = key_out_len+DIGEST_LEN; out = tor_malloc(out_len); if (crypto_expand_key_material(tmp, sizeof(tmp), out, out_len)) { goto done; } if (memcmp(out, handshake_reply_out+DIGEST_LEN, DIGEST_LEN)) { /* H(K) does *not* match. Something fishy. */ log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on fast handshake. " "Bug or attack."); goto done; } memcpy(key_out, out+DIGEST_LEN, key_out_len); r = 0; done: memset(tmp, 0, sizeof(tmp)); memset(out, 0, out_len); tor_free(out); return r; }
/** Implement the server side of the CREATE_FAST abbreviated handshake. The * client has provided DIGEST_LEN key bytes in <b>key_in</b> ("x"). We * generate a reply of DIGEST_LEN*2 bytes in <b>key_out</b>, consisting of a * new random "y", followed by H(x|y) to check for correctness. We set * <b>key_out_len</b> bytes of key material in <b>key_out</b>. * Return 0 on success, <0 on failure. **/ int fast_server_handshake(const char *key_in, /* DIGEST_LEN bytes */ char *handshake_reply_out, /* DIGEST_LEN*2 bytes */ char *key_out, size_t key_out_len) { char tmp[DIGEST_LEN+DIGEST_LEN]; char *out = NULL; size_t out_len; int r = -1; if (crypto_rand(handshake_reply_out, DIGEST_LEN)<0) return -1; memcpy(tmp, key_in, DIGEST_LEN); memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN); out_len = key_out_len+DIGEST_LEN; out = tor_malloc(out_len); if (crypto_expand_key_material(tmp, sizeof(tmp), out, out_len)) { goto done; } memcpy(handshake_reply_out+DIGEST_LEN, out, DIGEST_LEN); memcpy(key_out, out+DIGEST_LEN, key_out_len); r = 0; done: memset(tmp, 0, sizeof(tmp)); memset(out, 0, out_len); tor_free(out); return r; }
int sandbox_add_addrinfo(const char* name) { int ret; struct addrinfo hints; sb_addr_info_t *el = NULL; el = tor_malloc(sizeof(sb_addr_info_t)); memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_INET; hints.ai_socktype = SOCK_STREAM; ret = getaddrinfo(name, NULL, &hints, &(el->info)); if (ret) { log_err(LD_BUG,"(Sandbox) failed to getaddrinfo"); ret = -2; tor_free(el); goto out; } el->name = tor_strdup(name); el->next = sb_addr_info; sb_addr_info = el; out: return ret; }
/** Allocate and return new memarea. */ memarea_t * memarea_new(void) { memarea_t *head = tor_malloc(sizeof(memarea_t)); head->first = alloc_chunk(CHUNK_SIZE, 1); return head; }
static void bench_cell_aes(void) { uint64_t start, end; const int len = 509; const int iters = (1<<16); const int max_misalign = 15; char *b = tor_malloc(len+max_misalign); crypto_cipher_t *c; int i, misalign; c = crypto_cipher_new(NULL); reset_perftime(); for (misalign = 0; misalign <= max_misalign; ++misalign) { start = perftime(); for (i = 0; i < iters; ++i) { crypto_cipher_crypt_inplace(c, b+misalign, len); } end = perftime(); printf("%d bytes, misaligned by %d: %.2f nsec per byte\n", len, misalign, NANOCOUNT(start, end, iters*len)); } crypto_cipher_free(c); tor_free(b); }
static void test_rend_cache_store_v2_desc_as_dir_with_different_content(void *data) { (void)data; rend_cache_store_status_t ret; rend_service_descriptor_t *generated = NULL; smartlist_t *descs = smartlist_new(); time_t t; char *service_id = NULL; rend_encoded_v2_service_descriptor_t *desc_holder_one = NULL; rend_encoded_v2_service_descriptor_t *desc_holder_two = NULL; NS_MOCK(router_get_my_routerinfo); NS_MOCK(hid_serv_responsible_for_desc_id); rend_cache_init(); t = time(NULL); create_descriptor(&generated, &service_id, 3); generated->timestamp = t + RECENT_TIME; rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0, REND_NO_AUTH, NULL, NULL); desc_holder_one = ((rend_encoded_v2_service_descriptor_t *) smartlist_get(descs, 0)); smartlist_set(descs, 0, NULL); SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d, rend_encoded_v2_service_descriptor_free(d)); smartlist_free(descs); descs = smartlist_new(); generated->timestamp = t + RECENT_TIME; generated->protocols = 41; rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0, REND_NO_AUTH, NULL, NULL); desc_holder_two = ((rend_encoded_v2_service_descriptor_t *) smartlist_get(descs, 0)); smartlist_set(descs, 0, NULL); // Test when we have another descriptor stored, with a different descriptor mock_routerinfo = tor_malloc(sizeof(routerinfo_t)); hid_serv_responsible_for_desc_id_response = 1; rend_cache_store_v2_desc_as_dir(desc_holder_one->desc_str); ret = rend_cache_store_v2_desc_as_dir(desc_holder_two->desc_str); tt_int_op(ret, OP_EQ, RCS_OKAY); done: NS_UNMOCK(router_get_my_routerinfo); NS_UNMOCK(hid_serv_responsible_for_desc_id); rend_cache_free_all(); rend_service_descriptor_free(generated); tor_free(service_id); SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d, rend_encoded_v2_service_descriptor_free(d)); smartlist_free(descs); rend_encoded_v2_service_descriptor_free(desc_holder_one); rend_encoded_v2_service_descriptor_free(desc_holder_two); }