static smartlist_t *
descbr_get_digests_mock(void)
{
char digest[DIGEST_LEN], *tmp;
int len;
smartlist_t *list = NULL;
if (!disable_descbr) {
/* Just pretend we have only the two hard-coded digests listed above */
list = smartlist_new();
len = base16_decode(digest, DIGEST_LEN,
descbr_digest_1_str, strlen(descbr_digest_1_str));
tt_int_op(len, OP_EQ, DIGEST_LEN);
tmp = tor_malloc(DIGEST_LEN);
memcpy(tmp, digest, DIGEST_LEN);
smartlist_add(list, tmp);
len = base16_decode(digest, DIGEST_LEN,
descbr_digest_2_str, strlen(descbr_digest_2_str));
tt_int_op(len, OP_EQ, DIGEST_LEN);
tmp = tor_malloc(DIGEST_LEN);
memcpy(tmp, digest, DIGEST_LEN);
smartlist_add(list, tmp);
}
done:
return list;
}
static smartlist_t *
cert_dl_status_auth_ids_mock(void)
{
char digest[DIGEST_LEN], *tmp;
int len;
smartlist_t *list = NULL;
/* Just pretend we have only the two hard-coded digests listed above */
list = smartlist_new();
len = base16_decode(digest, DIGEST_LEN,
auth_id_digest_1_str, strlen(auth_id_digest_1_str));
tt_int_op(len, OP_EQ, DIGEST_LEN);
tmp = tor_malloc(DIGEST_LEN);
memcpy(tmp, digest, DIGEST_LEN);
smartlist_add(list, tmp);
len = base16_decode(digest, DIGEST_LEN,
auth_id_digest_2_str, strlen(auth_id_digest_2_str));
tt_int_op(len, OP_EQ, DIGEST_LEN);
tmp = tor_malloc(DIGEST_LEN);
memcpy(tmp, digest, DIGEST_LEN);
smartlist_add(list, tmp);
done:
return list;
}
static int
client2(int argc, char **argv)
{
struct ntor_ntru_handshake_state_t state;
uint8_t msg[NTOR_NTRU_REPLY_LEN];
int keybytes;
uint8_t *keys;
char *hexkeys;
int result = 0;
N_ARGS(5);
BASE16(2, (&state), sizeof(state));
BASE16(3, msg, sizeof(msg));
INT(4, keybytes);
keys = tor_malloc(keybytes);
hexkeys = tor_malloc(keybytes*2+1);
if (onion_skin_ntor_ntru_client_handshake(&state, msg, keys, keybytes)<0) {
fprintf(stderr, "handshake failed");
result = 2;
goto done;
}
base16_encode(hexkeys, keybytes*2+1, (const char*)keys, keybytes);
printf("%s\n", hexkeys);
done:
tor_free(keys);
tor_free(hexkeys);
return result;
}
static chunk_t *
chunk_new(size_t len)
{
chunk_t *ch = tor_malloc(sizeof(chunk_t));
ch->buf = tor_malloc(len);
ch->len = len;
return ch;
}
/** Validate every signature among those in <b>checkable</b>, which contains
* exactly <b>n_checkable</b> elements. If <b>okay_out</b> is non-NULL, set
* the i'th element of <b>okay_out</b> to 1 if the i'th element of
* <b>checkable</b> is valid, and to 0 otherwise. Return 0 if every signature
* was valid. Otherwise return -N, where N is the number of invalid
* signatures.
*/
int
ed25519_checksig_batch(int *okay_out,
const ed25519_checkable_t *checkable,
int n_checkable)
{
int res, i;
res = 0;
for (i = 0; i < n_checkable; ++i) {
const ed25519_checkable_t *ch = &checkable[i];
int r = ed25519_checksig(&ch->signature, ch->msg, ch->len, ch->pubkey);
if (r < 0)
--res;
if (okay_out)
okay_out[i] = (r == 0);
}
#if 0
/* This is how we'd do it if we were using ed25519_donna. I'll keep this
* code around here in case we ever do that. */
const uint8_t **ms;
size_t *lens;
const uint8_t **pks;
const uint8_t **sigs;
int *oks;
ms = tor_malloc(sizeof(uint8_t*)*n_checkable);
lens = tor_malloc(sizeof(size_t)*n_checkable);
pks = tor_malloc(sizeof(uint8_t*)*n_checkable);
sigs = tor_malloc(sizeof(uint8_t*)*n_checkable);
oks = okay_out ? okay_out : tor_malloc(sizeof(int)*n_checkable);
for (i = 0; i < n_checkable; ++i) {
ms[i] = checkable[i].msg;
lens[i] = checkable[i].len;
pks[i] = checkable[i].pubkey->pubkey;
sigs[i] = checkable[i].signature.sig;
oks[i] = 0;
}
ed25519_sign_open_batch_donna_fb(ms, lens, pks, sigs, n_checkable, oks);
res = 0;
for (i = 0; i < n_checkable; ++i) {
/* XXX/yawning: Propagate to okay_out? */
if (!oks[i])
--res;
}
tor_free(ms);
tor_free(lens);
tor_free(pks);
if (! okay_out)
tor_free(oks);
#endif
return res;
}
/** Allocate and return an empty smartlist.
*/
smartlist_t *
smartlist_create(void)
{
smartlist_t *sl = tor_malloc(sizeof(smartlist_t));
sl->num_used = 0;
sl->capacity = SMARTLIST_DEFAULT_CAPACITY;
sl->list = tor_malloc(sizeof(void *) * sl->capacity);
return sl;
}
/** Set *<b>out</b> to a newly allocated SOCKS4a resolve request with
* <b>username</b> and <b>hostname</b> as provided. Return the number
* of bytes in the request. */
static ssize_t
build_socks_resolve_request(char **out,
const char *username,
const char *hostname,
int reverse,
int version)
{
size_t len = 0;
tor_assert(out);
tor_assert(username);
tor_assert(hostname);
if (version == 4) {
len = 8 + strlen(username) + 1 + strlen(hostname) + 1;
*out = tor_malloc(len);
(*out)[0] = 4; /* SOCKS version 4 */
(*out)[1] = '\xF0'; /* Command: resolve. */
set_uint16((*out)+2, htons(0)); /* port: 0. */
set_uint32((*out)+4, htonl(0x00000001u)); /* addr: 0.0.0.1 */
memcpy((*out)+8, username, strlen(username)+1);
memcpy((*out)+8+strlen(username)+1, hostname, strlen(hostname)+1);
} else if (version == 5) {
int is_ip_address;
tor_addr_t addr;
size_t addrlen;
int ipv6;
is_ip_address = tor_addr_parse(&addr, hostname) != -1;
if (!is_ip_address && reverse) {
log_err(LD_GENERAL, "Tried to do a reverse lookup on a non-IP!");
return -1;
}
ipv6 = reverse && tor_addr_family(&addr) == AF_INET6;
addrlen = reverse ? (ipv6 ? 16 : 4) : 1 + strlen(hostname);
len = 6 + addrlen;
*out = tor_malloc(len);
(*out)[0] = 5; /* SOCKS version 5 */
(*out)[1] = reverse ? '\xF1' : '\xF0'; /* RESOLVE_PTR or RESOLVE */
(*out)[2] = 0; /* reserved. */
if (reverse) {
(*out)[3] = ipv6 ? 4 : 1;
if (ipv6)
memcpy((*out)+4, tor_addr_to_in6_addr8(&addr), 16);
else
set_uint32((*out)+4, tor_addr_to_ipv4n(&addr));
} else {
(*out)[3] = 3;
(*out)[4] = (char)(uint8_t)(addrlen - 1);
memcpy((*out)+5, hostname, addrlen - 1);
}
set_uint16((*out)+4+addrlen, 0); /* port */
} else {
tor_assert(0);
}
return len;
}
void add_router_to_favorites(HWND hDlg,char *router,char favtype)
{ if(hDlgRouterRestrictions)
{ char *favtmp2,*favtmp3;
int favtmpsize;
int i;
favtmpsize=SendDlgItemMessage(hDlgRouterRestrictions,15101,WM_GETTEXTLENGTH,0,0);
favtmp2=tor_malloc(favtmpsize+256+5);favtmp3=favtmp2;
GetDlgItemText(hDlgRouterRestrictions,15101,favtmp2,favtmpsize+1);favtmp2+=favtmpsize;
if((favtmpsize>2)&&((*(favtmp2-1)!=0x0d)&&(*(favtmp2-1)!=0x0a)))
{ *favtmp2++=0x0d;*favtmp2++=0x0a;}
*favtmp2++='[';*favtmp2++=favtype;*favtmp2++=']';*favtmp2++=32;
for(i=0;router[i];i++) *favtmp2++=router[i];
*favtmp2++=13;*favtmp2++=10;*favtmp2++=0;
tor_snprintf(favtmp2,100,get_lang_str(LANG_MB_FAV_ADDED),favtmp3+favtmpsize);
LangMessageBox(hDlg,favtmp2,LANG_MB_FAVORITES,MB_OK);
log(LOG_NOTICE,LD_APP,favtmp2);
SetDlgItemText(hDlgRouterRestrictions,15101,favtmp3);
refreshFavoriteNodes();
tor_free(favtmp3);
}
else if(favtype=='X')
{ char *tmp1=routerset_to_string(tmpOptions->ExitNodes);
int i=strlen(tmp1)+256+5;
char *tmp2=tor_malloc(i),*tmp3=tor_malloc(256);
tor_snprintf(tmp2,i,"%s,%s",tmp1,router);
r1=tmpOptions->ExitNodes;
r2=routerset_new();
routerset_parse(r2,tmp2,"ExitNodes");
tmpOptions->ExitNodes=r2;
if(r1) routerset_free(r1);
tor_snprintf(tmp3,256,"[X] %s",router);
tor_snprintf(tmp2,100,get_lang_str(LANG_MB_FAV_ADDED),tmp3);
LangMessageBox(hDlg,tmp2,LANG_MB_FAVORITES,MB_OK);
log(LOG_NOTICE,LD_APP,tmp2);
tor_free(tmp1);tor_free(tmp2);tor_free(tmp3);
}
else if(favtype=='E')
{ char *tmp1=routerset_to_string(tmpOptions->EntryNodes);
int i=strlen(tmp1)+256+5;
char *tmp2=tor_malloc(i),*tmp3=tor_malloc(256);
tor_snprintf(tmp2,i,"%s,%s",tmp1,router);
r1=tmpOptions->EntryNodes;
r2=routerset_new();
routerset_parse(r2,tmp2,"EntryNodes");
tmpOptions->EntryNodes=r2;
if(r1) routerset_free(r1);
tor_snprintf(tmp3,256,"[E] %s",router);
tor_snprintf(tmp2,100,get_lang_str(LANG_MB_FAV_ADDED),tmp3);
LangMessageBox(hDlg,tmp2,LANG_MB_FAVORITES,MB_OK);
log(LOG_NOTICE,LD_APP,tmp2);
tor_free(tmp1);tor_free(tmp2);tor_free(tmp3);
}
}
static smartlist_t *
cert_dl_status_sks_for_auth_id_mock(const char *digest)
{
smartlist_t *list = NULL;
char sk[DIGEST_LEN];
char digest_str[HEX_DIGEST_LEN+1];
char *tmp;
int len;
tt_assert(digest != NULL);
base16_encode(digest_str, HEX_DIGEST_LEN + 1,
digest, DIGEST_LEN);
digest_str[HEX_DIGEST_LEN] = '\0';
/*
* Build a list of two hard-coded digests, depending on what we
* were just passed.
*/
if (strcmp(digest_str, auth_id_digest_1_str) == 0) {
list = smartlist_new();
len = base16_decode(sk, DIGEST_LEN,
auth_1_sk_1_str, strlen(auth_1_sk_1_str));
tt_int_op(len, OP_EQ, DIGEST_LEN);
tmp = tor_malloc(DIGEST_LEN);
memcpy(tmp, sk, DIGEST_LEN);
smartlist_add(list, tmp);
len = base16_decode(sk, DIGEST_LEN,
auth_1_sk_2_str, strlen(auth_1_sk_2_str));
tt_int_op(len, OP_EQ, DIGEST_LEN);
tmp = tor_malloc(DIGEST_LEN);
memcpy(tmp, sk, DIGEST_LEN);
smartlist_add(list, tmp);
} else if (strcmp(digest_str, auth_id_digest_2_str) == 0) {
list = smartlist_new();
len = base16_decode(sk, DIGEST_LEN,
auth_2_sk_1_str, strlen(auth_2_sk_1_str));
tt_int_op(len, OP_EQ, DIGEST_LEN);
tmp = tor_malloc(DIGEST_LEN);
memcpy(tmp, sk, DIGEST_LEN);
smartlist_add(list, tmp);
len = base16_decode(sk, DIGEST_LEN,
auth_2_sk_2_str, strlen(auth_2_sk_2_str));
tt_int_op(len, OP_EQ, DIGEST_LEN);
tmp = tor_malloc(DIGEST_LEN);
memcpy(tmp, sk, DIGEST_LEN);
smartlist_add(list, tmp);
}
done:
return list;
}
/** Set *<b>out</b> to a newly allocated SOCKS4a resolve request with
* <b>username</b> and <b>hostname</b> as provided. Return the number
* of bytes in the request. */
static int
build_socks_resolve_request(char **out,
const char *username,
const char *hostname,
int reverse,
int version)
{
size_t len = 0;
tor_assert(out);
tor_assert(username);
tor_assert(hostname);
if (version == 4) {
len = 8 + strlen(username) + 1 + strlen(hostname) + 1;
*out = tor_malloc(len);
(*out)[0] = 4; /* SOCKS version 4 */
(*out)[1] = '\xF0'; /* Command: resolve. */
set_uint16((*out)+2, htons(0)); /* port: 0. */
set_uint32((*out)+4, htonl(0x00000001u)); /* addr: 0.0.0.1 */
memcpy((*out)+8, username, strlen(username)+1);
memcpy((*out)+8+strlen(username)+1, hostname, strlen(hostname)+1);
} else if (version == 5) {
int is_ip_address;
struct in_addr in;
size_t addrlen;
is_ip_address = tor_inet_aton(hostname, &in);
if (!is_ip_address && reverse) {
log_err(LD_GENERAL, "Tried to do a reverse lookup on a non-IP!");
return -1;
}
addrlen = reverse ? 4 : 1 + strlen(hostname);
len = 6 + addrlen;
*out = tor_malloc(len);
(*out)[0] = 5; /* SOCKS version 5 */
(*out)[1] = reverse ? '\xF1' : '\xF0'; /* RESOLVE_PTR or RESOLVE */
(*out)[2] = 0; /* reserved. */
(*out)[3] = reverse ? 1 : 3;
if (reverse) {
set_uint32((*out)+4, in.s_addr);
} else {
(*out)[4] = (char)(uint8_t)(addrlen - 1);
memcpy((*out)+5, hostname, addrlen - 1);
}
set_uint16((*out)+4+addrlen, 0); /* port */
} else {
tor_assert(0);
}
return len;
}
static void
test_buffers_zlib_impl(int finalize_with_nil)
{
char *msg = NULL;
char *contents = NULL;
char *expanded = NULL;
buf_t *buf = NULL;
tor_zlib_state_t *zlib_state = NULL;
size_t out_len, in_len;
int done;
buf = buf_new_with_capacity(128); /* will round up */
zlib_state = tor_zlib_new(1, ZLIB_METHOD, HIGH_COMPRESSION);
msg = tor_malloc(512);
crypto_rand(msg, 512);
tt_int_op(write_to_buf_zlib(buf, zlib_state, msg, 128, 0), OP_EQ, 0);
tt_int_op(write_to_buf_zlib(buf, zlib_state, msg+128, 128, 0), OP_EQ, 0);
tt_int_op(write_to_buf_zlib(buf, zlib_state, msg+256, 256, 0), OP_EQ, 0);
done = !finalize_with_nil;
tt_int_op(write_to_buf_zlib(buf, zlib_state, "all done", 9, done), OP_EQ, 0);
if (finalize_with_nil) {
tt_int_op(write_to_buf_zlib(buf, zlib_state, "", 0, 1), OP_EQ, 0);
}
in_len = buf_datalen(buf);
contents = tor_malloc(in_len);
tt_int_op(fetch_from_buf(contents, in_len, buf), OP_EQ, 0);
tt_int_op(0, OP_EQ, tor_gzip_uncompress(&expanded, &out_len,
contents, in_len,
ZLIB_METHOD, 1,
LOG_WARN));
tt_int_op(out_len, OP_GE, 128);
tt_mem_op(msg, OP_EQ, expanded, 128);
tt_int_op(out_len, OP_GE, 512);
tt_mem_op(msg, OP_EQ, expanded, 512);
tt_int_op(out_len, OP_EQ, 512+9);
tt_mem_op("all done", OP_EQ, expanded+512, 9);
done:
buf_free(buf);
tor_zlib_free(zlib_state);
tor_free(contents);
tor_free(expanded);
tor_free(msg);
}
static void
test_routerlist_launch_descriptor_downloads(void *arg)
{
smartlist_t *downloadable = smartlist_new();
time_t now = time(NULL);
char *cp;
(void)arg;
for (int i = 0; i < 100; i++) {
cp = tor_malloc(DIGEST256_LEN);
tt_assert(cp);
crypto_rand(cp, DIGEST256_LEN);
smartlist_add(downloadable, cp);
}
MOCK(initiate_descriptor_downloads, mock_initiate_descriptor_downloads);
launch_descriptor_downloads(DIR_PURPOSE_FETCH_MICRODESC, downloadable,
NULL, now);
tt_int_op(3, ==, count);
UNMOCK(initiate_descriptor_downloads);
done:
SMARTLIST_FOREACH(downloadable, char *, cp1, tor_free(cp1));
smartlist_free(downloadable);
}
/** Helper: allocate a new memarea chunk of around <b>chunk_size</b> bytes. */
static memarea_chunk_t *
alloc_chunk(size_t sz, int freelist_ok)
{
tor_assert(sz < SIZE_T_CEILING);
if (freelist && freelist_ok) {
memarea_chunk_t *res = freelist;
freelist = res->next_chunk;
res->next_chunk = NULL;
--freelist_len;
CHECK_SENTINEL(res);
return res;
} else {
size_t chunk_size = freelist_ok ? CHUNK_SIZE : sz;
memarea_chunk_t *res;
chunk_size += SENTINEL_LEN;
res = tor_malloc(chunk_size);
res->next_chunk = NULL;
res->mem_size = chunk_size - CHUNK_HEADER_SIZE - SENTINEL_LEN;
res->next_mem = res->U_MEM;
tor_assert(res->next_mem+res->mem_size+SENTINEL_LEN ==
((char*)res)+chunk_size);
tor_assert(realign_pointer(res->next_mem) == res->next_mem);
SET_SENTINEL(res);
return res;
}
}
static const routerinfo_t *
NS(router_get_my_routerinfo)(void)
{
mock_routerinfo = tor_malloc(sizeof(routerinfo_t));
return mock_routerinfo;
}
/** Run unit tests for our secret-to-key passphrase hashing functionality. */
static void
test_crypto_s2k(void)
{
char buf[29];
char buf2[29];
char *buf3 = NULL;
int i;
memset(buf, 0, sizeof(buf));
memset(buf2, 0, sizeof(buf2));
buf3 = tor_malloc(65536);
memset(buf3, 0, 65536);
secret_to_key(buf+9, 20, "", 0, buf);
crypto_digest(buf2+9, buf3, 1024);
test_memeq(buf, buf2, 29);
memcpy(buf,"vrbacrda",8);
memcpy(buf2,"vrbacrda",8);
buf[8] = 96;
buf2[8] = 96;
secret_to_key(buf+9, 20, "12345678", 8, buf);
for (i = 0; i < 65536; i += 16) {
memcpy(buf3+i, "vrbacrda12345678", 16);
}
crypto_digest(buf2+9, buf3, 65536);
test_memeq(buf, buf2, 29);
done:
tor_free(buf3);
}
int
replaycache_add_and_test_internal(
time_t present, replaycache_t *r, const void *data, int len,
time_t *elapsed)
{
int rv = 0;
char digest[DIGEST_LEN];
time_t *access_time;
/* sanity check */
if (present <= 0 || !r || !data || len <= 0) {
log_info(LD_BUG, "replaycache_add_and_test_internal() called with stupid"
" parameters; please fix this.");
goto done;
}
/* compute digest */
crypto_digest(digest, (const char *)data, len);
/* check map */
access_time = digestmap_get(r->digests_seen, digest);
/* seen before? */
if (access_time != NULL) {
/*
* If it's far enough in the past, no hit. If the horizon is zero, we
* never expire.
*/
if (*access_time >= present - r->horizon || r->horizon == 0) {
/* replay cache hit, return 1 */
rv = 1;
/* If we want to output an elapsed time, do so */
if (elapsed) {
if (present >= *access_time) {
*elapsed = present - *access_time;
} else {
/* We shouldn't really be seeing hits from the future, but... */
*elapsed = 0;
}
}
}
/*
* If it's ahead of the cached time, update
*/
if (*access_time < present) {
*access_time = present;
}
} else {
/* No, so no hit and update the digest map with the current time */
access_time = tor_malloc(sizeof(*access_time));
*access_time = present;
digestmap_set(r->digests_seen, digest, access_time);
}
/* now scrub the cache if it's time */
replaycache_scrub_if_needed_internal(present, r);
done:
return rv;
}
/** Encode <b>key</b> in the format used in directory documents; return
* a newly allocated string holding the result or NULL on failure. */
static char *
key_to_string(EVP_PKEY *key)
{
BUF_MEM *buf;
BIO *b;
RSA *rsa = EVP_PKEY_get1_RSA(key);
char *result;
if (!rsa)
return NULL;
b = BIO_new(BIO_s_mem());
if (!PEM_write_bio_RSAPublicKey(b, rsa)) {
crypto_log_errors(LOG_WARN, "writing public key to string");
return NULL;
}
BIO_get_mem_ptr(b, &buf);
(void) BIO_set_close(b, BIO_NOCLOSE);
BIO_free(b);
result = tor_malloc(buf->length + 1);
memcpy(result, buf->data, buf->length);
result[buf->length] = 0;
BUF_MEM_free(buf);
return result;
}
void show_favorites(void)
{ char *tmp1,*tmp2,*tmp3,*tmp4;
if((tmpOptions->EntryNodes)||(tmpOptions->ExitNodes))
{ tmp3=tor_malloc(65536);tmp4=tmp3;
if(tmpOptions->EntryNodes)
{ tmp1=routerset_to_string(tmpOptions->EntryNodes);
tmp2=tmp1;
while(*tmp2)
{ if((*tmp2!=0)&&(*tmp2!=','))
{ *tmp3++='[';*tmp3++='E';*tmp3++=']';*tmp3++=32;
while((*tmp2!=0)&&(*tmp2!=',')) *tmp3++=*tmp2++;
}
else if(*tmp2==',')
{ *tmp3++=13;*tmp3++=10;tmp2++;}
}
tor_free(tmp1);
if(tmp3!=tmp4){*tmp3++=13;*tmp3++=10;}
}
if(tmpOptions->ExitNodes)
{ tmp1=routerset_to_string(tmpOptions->ExitNodes);
tmp2=tmp1;
while(*tmp2)
{ if((*tmp2!=0)&&(*tmp2!=','))
{ *tmp3++='[';*tmp3++='X';*tmp3++=']';*tmp3++=32;
while((*tmp2!=0)&&(*tmp2!=',')) *tmp3++=*tmp2++;
}
else if(*tmp2==',')
{ *tmp3++=13;*tmp3++=10;tmp2++;}
}
tor_free(tmp1);
}
*tmp3=0;
SetDlgItemText(hDlgRouterRestrictions,15101,tmp4);tor_free(tmp4);
}
}
/** Perform the second (server-side) step of a circuit-creation handshake of
* type <b>type</b>, responding to the client request in <b>onion_skin</b>
* using the keys in <b>keys</b>. On success, write our response into
* <b>reply_out</b>, generate <b>keys_out_len</b> bytes worth of key material
* in <b>keys_out_len</b>, a hidden service nonce to <b>rend_nonce_out</b>,
* and return the length of the reply. On failure, return -1.
*/
int
onion_skin_server_handshake(int type,
const uint8_t *onion_skin, size_t onionskin_len,
const server_onion_keys_t *keys,
uint8_t *reply_out,
uint8_t *keys_out, size_t keys_out_len,
uint8_t *rend_nonce_out)
{
int r = -1;
switch (type) {
case ONION_HANDSHAKE_TYPE_TAP:
if (onionskin_len != TAP_ONIONSKIN_CHALLENGE_LEN)
return -1;
if (onion_skin_TAP_server_handshake((const char*)onion_skin,
keys->onion_key, keys->last_onion_key,
(char*)reply_out,
(char*)keys_out, keys_out_len)<0)
return -1;
r = TAP_ONIONSKIN_REPLY_LEN;
memcpy(rend_nonce_out, reply_out+DH_KEY_LEN, DIGEST_LEN);
break;
case ONION_HANDSHAKE_TYPE_FAST:
if (onionskin_len != CREATE_FAST_LEN)
return -1;
if (fast_server_handshake(onion_skin, reply_out, keys_out, keys_out_len)<0)
return -1;
r = CREATED_FAST_LEN;
memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN);
break;
case ONION_HANDSHAKE_TYPE_NTOR:
if (onionskin_len < NTOR_ONIONSKIN_LEN)
return -1;
{
size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
uint8_t *keys_tmp = tor_malloc(keys_out_len + DIGEST_LEN);
if (onion_skin_ntor_server_handshake(
onion_skin, keys->curve25519_key_map,
keys->junk_keypair,
keys->my_identity,
reply_out, keys_tmp, keys_tmp_len)<0) {
tor_free(keys_tmp);
return -1;
}
memcpy(keys_out, keys_tmp, keys_out_len);
memcpy(rend_nonce_out, keys_tmp+keys_out_len, DIGEST_LEN);
memwipe(keys_tmp, 0, keys_tmp_len);
tor_free(keys_tmp);
r = NTOR_REPLY_LEN;
}
break;
default:
log_warn(LD_BUG, "called with unknown handshake state type %d", type);
tor_fragile_assert();
return -1;
}
return r;
}
/**
* Auxiliary function used in order to allocate a sandbox_cfg_t element and set
* it's values according the the parameter list. All elements are initialised
* with the 'prot' field set to false, as the pointer is not protected at this
* point.
*/
static sandbox_cfg_t*
new_element(int syscall, int index, intptr_t value)
{
smp_param_t *param = NULL;
sandbox_cfg_t *elem = tor_malloc(sizeof(sandbox_cfg_t));
elem->param = tor_malloc(sizeof(smp_param_t));
param = elem->param;
param->syscall = syscall;
param->pindex = index;
param->value = value;
param->prot = 0;
return elem;
}
replaycache_t *
replaycache_new(time_t horizon, time_t interval)
{
replaycache_t *r = NULL;
if (horizon < 0) {
log_info(LD_BUG, "replaycache_new() called with negative"
" horizon parameter");
goto err;
}
if (interval < 0) {
log_info(LD_BUG, "replaycache_new() called with negative interval"
" parameter");
interval = 0;
}
r = tor_malloc(sizeof(*r));
r->scrub_interval = interval;
r->scrubbed = 0;
r->horizon = horizon;
r->digests_seen = digestmap_new();
err:
return r;
}
static void
test_buffers_tls_read_mocked(void *arg)
{
uint8_t *mem;
buf_t *buf;
(void)arg;
mem = tor_malloc(64*1024);
crypto_rand((char*)mem, 64*1024);
tls_read_ptr = mem;
n_remaining = 64*1024;
MOCK(tor_tls_read, mock_tls_read);
buf = buf_new();
next_reply_val[0] = 1024;
tt_int_op(128, ==, read_to_buf_tls(NULL, 128, buf));
next_reply_val[0] = 5000;
next_reply_val[1] = 5000;
tt_int_op(6000, ==, read_to_buf_tls(NULL, 6000, buf));
done:
UNMOCK(tor_tls_read);
tor_free(mem);
buf_free(buf);
}
/** Check whether an RSA-TAP cross-certification is correct. Return 0 if it
* is, -1 if it isn't. */
int
check_tap_onion_key_crosscert(const uint8_t *crosscert,
int crosscert_len,
const crypto_pk_t *onion_pkey,
const ed25519_public_key_t *master_id_pkey,
const uint8_t *rsa_id_digest)
{
uint8_t *cc = tor_malloc(crypto_pk_keysize(onion_pkey));
int cc_len =
crypto_pk_public_checksig(onion_pkey,
(char*)cc,
crypto_pk_keysize(onion_pkey),
(const char*)crosscert,
crosscert_len);
if (cc_len < 0) {
goto err;
}
if (cc_len < DIGEST_LEN + ED25519_PUBKEY_LEN) {
log_warn(LD_DIR, "Short signature on cross-certification with TAP key");
goto err;
}
if (tor_memneq(cc, rsa_id_digest, DIGEST_LEN) ||
tor_memneq(cc + DIGEST_LEN, master_id_pkey->pubkey,
ED25519_PUBKEY_LEN)) {
log_warn(LD_DIR, "Incorrect cross-certification with TAP key");
goto err;
}
tor_free(cc);
return 0;
err:
tor_free(cc);
return -1;
}
/** Allocate a rend cache failure object and return it. This function can
* not fail. */
STATIC rend_cache_failure_t *
rend_cache_failure_entry_new(void)
{
rend_cache_failure_t *entry = tor_malloc(sizeof(*entry));
entry->intro_failures = digestmap_new();
return entry;
}
/** Implement the second half of the client side of the CREATE_FAST handshake.
* We sent the server <b>handshake_state</b> ("x") already, and the server
* told us <b>handshake_reply_out</b> (y|H(x|y)). Make sure that the hash is
* correct, and generate key material in <b>key_out</b>. Return 0 on success,
* true on failure.
*
* NOTE: The "CREATE_FAST" handshake path is distinguishable from regular
* "onionskin" handshakes, and is not secure if an adversary can see or modify
* the messages. Therefore, it should only be used by clients, and only as
* the first hop of a circuit (since the first hop is already authenticated
* and protected by TLS).
*/
int
fast_client_handshake(const char *handshake_state, /* DIGEST_LEN bytes */
const char *handshake_reply_out, /* DIGEST_LEN*2 bytes */
char *key_out,
size_t key_out_len)
{
char tmp[DIGEST_LEN+DIGEST_LEN];
char *out;
size_t out_len;
int r = -1;
memcpy(tmp, handshake_state, DIGEST_LEN);
memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN);
out_len = key_out_len+DIGEST_LEN;
out = tor_malloc(out_len);
if (crypto_expand_key_material(tmp, sizeof(tmp), out, out_len)) {
goto done;
}
if (memcmp(out, handshake_reply_out+DIGEST_LEN, DIGEST_LEN)) {
/* H(K) does *not* match. Something fishy. */
log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on fast handshake. "
"Bug or attack.");
goto done;
}
memcpy(key_out, out+DIGEST_LEN, key_out_len);
r = 0;
done:
memset(tmp, 0, sizeof(tmp));
memset(out, 0, out_len);
tor_free(out);
return r;
}
/** Implement the server side of the CREATE_FAST abbreviated handshake. The
* client has provided DIGEST_LEN key bytes in <b>key_in</b> ("x"). We
* generate a reply of DIGEST_LEN*2 bytes in <b>key_out</b>, consisting of a
* new random "y", followed by H(x|y) to check for correctness. We set
* <b>key_out_len</b> bytes of key material in <b>key_out</b>.
* Return 0 on success, <0 on failure.
**/
int
fast_server_handshake(const char *key_in, /* DIGEST_LEN bytes */
char *handshake_reply_out, /* DIGEST_LEN*2 bytes */
char *key_out,
size_t key_out_len)
{
char tmp[DIGEST_LEN+DIGEST_LEN];
char *out = NULL;
size_t out_len;
int r = -1;
if (crypto_rand(handshake_reply_out, DIGEST_LEN)<0)
return -1;
memcpy(tmp, key_in, DIGEST_LEN);
memcpy(tmp+DIGEST_LEN, handshake_reply_out, DIGEST_LEN);
out_len = key_out_len+DIGEST_LEN;
out = tor_malloc(out_len);
if (crypto_expand_key_material(tmp, sizeof(tmp), out, out_len)) {
goto done;
}
memcpy(handshake_reply_out+DIGEST_LEN, out, DIGEST_LEN);
memcpy(key_out, out+DIGEST_LEN, key_out_len);
r = 0;
done:
memset(tmp, 0, sizeof(tmp));
memset(out, 0, out_len);
tor_free(out);
return r;
}
int
sandbox_add_addrinfo(const char* name)
{
int ret;
struct addrinfo hints;
sb_addr_info_t *el = NULL;
el = tor_malloc(sizeof(sb_addr_info_t));
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
ret = getaddrinfo(name, NULL, &hints, &(el->info));
if (ret) {
log_err(LD_BUG,"(Sandbox) failed to getaddrinfo");
ret = -2;
tor_free(el);
goto out;
}
el->name = tor_strdup(name);
el->next = sb_addr_info;
sb_addr_info = el;
out:
return ret;
}
/** Allocate and return new memarea. */
memarea_t *
memarea_new(void)
{
memarea_t *head = tor_malloc(sizeof(memarea_t));
head->first = alloc_chunk(CHUNK_SIZE, 1);
return head;
}
static void
bench_cell_aes(void)
{
uint64_t start, end;
const int len = 509;
const int iters = (1<<16);
const int max_misalign = 15;
char *b = tor_malloc(len+max_misalign);
crypto_cipher_t *c;
int i, misalign;
c = crypto_cipher_new(NULL);
reset_perftime();
for (misalign = 0; misalign <= max_misalign; ++misalign) {
start = perftime();
for (i = 0; i < iters; ++i) {
crypto_cipher_crypt_inplace(c, b+misalign, len);
}
end = perftime();
printf("%d bytes, misaligned by %d: %.2f nsec per byte\n", len, misalign,
NANOCOUNT(start, end, iters*len));
}
crypto_cipher_free(c);
tor_free(b);
}
static void
test_rend_cache_store_v2_desc_as_dir_with_different_content(void *data)
{
(void)data;
rend_cache_store_status_t ret;
rend_service_descriptor_t *generated = NULL;
smartlist_t *descs = smartlist_new();
time_t t;
char *service_id = NULL;
rend_encoded_v2_service_descriptor_t *desc_holder_one = NULL;
rend_encoded_v2_service_descriptor_t *desc_holder_two = NULL;
NS_MOCK(router_get_my_routerinfo);
NS_MOCK(hid_serv_responsible_for_desc_id);
rend_cache_init();
t = time(NULL);
create_descriptor(&generated, &service_id, 3);
generated->timestamp = t + RECENT_TIME;
rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
REND_NO_AUTH, NULL, NULL);
desc_holder_one = ((rend_encoded_v2_service_descriptor_t *)
smartlist_get(descs, 0));
smartlist_set(descs, 0, NULL);
SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
rend_encoded_v2_service_descriptor_free(d));
smartlist_free(descs);
descs = smartlist_new();
generated->timestamp = t + RECENT_TIME;
generated->protocols = 41;
rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0,
REND_NO_AUTH, NULL, NULL);
desc_holder_two = ((rend_encoded_v2_service_descriptor_t *)
smartlist_get(descs, 0));
smartlist_set(descs, 0, NULL);
// Test when we have another descriptor stored, with a different descriptor
mock_routerinfo = tor_malloc(sizeof(routerinfo_t));
hid_serv_responsible_for_desc_id_response = 1;
rend_cache_store_v2_desc_as_dir(desc_holder_one->desc_str);
ret = rend_cache_store_v2_desc_as_dir(desc_holder_two->desc_str);
tt_int_op(ret, OP_EQ, RCS_OKAY);
done:
NS_UNMOCK(router_get_my_routerinfo);
NS_UNMOCK(hid_serv_responsible_for_desc_id);
rend_cache_free_all();
rend_service_descriptor_free(generated);
tor_free(service_id);
SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d,
rend_encoded_v2_service_descriptor_free(d));
smartlist_free(descs);
rend_encoded_v2_service_descriptor_free(desc_holder_one);
rend_encoded_v2_service_descriptor_free(desc_holder_two);
}
