/* Process the remaining bytes in the internal buffer and the usual prolog according to the standard and write the result to RESBUF. */ static void sha512_conclude_ctx (struct sha512_ctx *ctx) { /* Take yet unprocessed bytes into account. */ size_t bytes = ctx->buflen; size_t size = (bytes < 112) ? 128 / 8 : 128 * 2 / 8; /* Now count remaining bytes. */ ctx->total[0] = u64plus (ctx->total[0], u64lo (bytes)); if (u64lt (ctx->total[0], u64lo (bytes))) ctx->total[1] = u64plus (ctx->total[1], u64lo (1)); /* Put the 128-bit file length in *bits* at the end of the buffer. Use set_uint64 rather than a simple assignment, to avoid risk of unaligned access. */ set_uint64 ((char *) &ctx->buffer[size - 2], SWAP (u64or (u64shl (ctx->total[1], 3), u64shr (ctx->total[0], 61)))); set_uint64 ((char *) &ctx->buffer[size - 1], SWAP (u64shl (ctx->total[0], 3))); memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 8 - bytes); /* Process last bytes. */ sha512_process_block (ctx->buffer, size * 8, ctx); }
/** Pack global_id and circ_id; set *tag to the result. (See note on * cpuworker_main for wire format.) */ static void tag_pack(char *tag, uint64_t conn_id, circid_t circ_id) { /*XXXX RETHINK THIS WHOLE MESS !!!! !NM NM NM NM*/ set_uint64(tag, conn_id); set_uint16(tag+8, circ_id); }
static void test_util_format_unaligned_accessors(void *ignored) { (void)ignored; char buf[9] = "onionsoup"; // 6f6e696f6e736f7570 tt_u64_op(get_uint64(buf+1), OP_EQ, htonll(U64_LITERAL(0x6e696f6e736f7570))); tt_uint_op(get_uint32(buf+1), OP_EQ, htonl(0x6e696f6e)); tt_uint_op(get_uint16(buf+1), OP_EQ, htons(0x6e69)); tt_uint_op(get_uint8(buf+1), OP_EQ, 0x6e); set_uint8(buf+7, 0x61); tt_mem_op(buf, OP_EQ, "onionsoap", 9); set_uint16(buf+6, htons(0x746f)); tt_mem_op(buf, OP_EQ, "onionstop", 9); set_uint32(buf+1, htonl(0x78696465)); tt_mem_op(buf, OP_EQ, "oxidestop", 9); set_uint64(buf+1, htonll(U64_LITERAL(0x6266757363617465))); tt_mem_op(buf, OP_EQ, "obfuscate", 9); done: ; }
/** Pack global_id and circ_id; set *tag to the result. (See note on * cpuworker_main for wire format.) */ static void tag_pack(uint8_t *tag, uint64_t chan_id, circid_t circ_id) { /*XXXX RETHINK THIS WHOLE MESS !!!! !NM NM NM NM*/ /*XXXX DOUBLEPLUSTHIS!!!! AS AS AS AS*/ set_uint64(tag, chan_id); set_uint32(tag+8, circ_id); }
void * sha384_read_ctx (const struct sha512_ctx *ctx, void *resbuf) { int i; char *r = (char *)resbuf; for (i = 0; i < 6; i++) set_uint64 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i])); return resbuf; }
/* Encode the given commit object to dst which is a buffer large enough to * put the base64-encoded commit. The format is as follow: * COMMIT = base64-encode( TIMESTAMP || H(H(RN)) ) * Return base64 encoded length on success else a negative value. */ STATIC int commit_encode(const sr_commit_t *commit, char *dst, size_t len) { size_t offset = 0; char buf[SR_COMMIT_LEN] = {0}; tor_assert(commit); tor_assert(dst); /* First is the timestamp (8 bytes). */ set_uint64(buf, tor_htonll(commit->commit_ts)); offset += sizeof(uint64_t); /* and then the hashed reveal. */ memcpy(buf + offset, commit->hashed_reveal, sizeof(commit->hashed_reveal)); /* Clean the buffer and then b64 encode it. */ memset(dst, 0, len); return base64_encode(dst, len, buf, sizeof(buf), 0); }
/* Encode a reveal element using a given commit object to dst which is a * buffer large enough to put the base64-encoded reveal construction. The * format is as follow: * REVEAL = base64-encode( TIMESTAMP || H(RN) ) * Return base64 encoded length on success else a negative value. */ STATIC int reveal_encode(const sr_commit_t *commit, char *dst, size_t len) { int ret; size_t offset = 0; char buf[SR_REVEAL_LEN] = {0}; tor_assert(commit); tor_assert(dst); set_uint64(buf, tor_htonll(commit->reveal_ts)); offset += sizeof(uint64_t); memcpy(buf + offset, commit->random_number, sizeof(commit->random_number)); /* Let's clean the buffer and then b64 encode it. */ memset(dst, 0, len); ret = base64_encode(dst, len, buf, sizeof(buf), 0); /* Wipe this buffer because it contains our random value. */ memwipe(buf, 0, sizeof(buf)); return ret; }
vector<uint64> burns::set(const uint64* X, int length) const { if(length == 0) { return set_uint64(0); } vector<uint64> x; x.reserve(size()); for(int j = 0; j < size(); j++) { const monty& m = mb.field(j); uint64 R2 = m.monty_R() * m.monty_R(); uint64 xj = m.set(X[length - 1]); for(int i = length - 2; i >= 0; --i) { xj = m.mul(xj, R2); xj = m.add(xj, m.set(X[i])); } x.push_back(xj); } return x; }
/* Return a srv object that is built with the construction: * SRV = SHA3-256("shared-random" | INT_8(reveal_num) | * INT_4(version) | HASHED_REVEALS | previous_SRV) * This function cannot fail. */ static sr_srv_t * generate_srv(const char *hashed_reveals, uint64_t reveal_num, const sr_srv_t *previous_srv) { char msg[DIGEST256_LEN + SR_SRV_MSG_LEN] = {0}; size_t offset = 0; sr_srv_t *srv; tor_assert(hashed_reveals); /* Add the invariant token. */ memcpy(msg, SR_SRV_TOKEN, SR_SRV_TOKEN_LEN); offset += SR_SRV_TOKEN_LEN; set_uint64(msg + offset, tor_htonll(reveal_num)); offset += sizeof(uint64_t); set_uint32(msg + offset, htonl(SR_PROTO_VERSION)); offset += sizeof(uint32_t); memcpy(msg + offset, hashed_reveals, DIGEST256_LEN); offset += DIGEST256_LEN; if (previous_srv != NULL) { memcpy(msg + offset, previous_srv->value, sizeof(previous_srv->value)); } /* Ok we have our message and key for the HMAC computation, allocate our * srv object and do the last step. */ srv = tor_malloc_zero(sizeof(*srv)); crypto_digest256((char *) srv->value, msg, sizeof(msg), SR_DIGEST_ALG); srv->num_reveals = reveal_num; { /* Debugging. */ char srv_hash_encoded[SR_SRV_VALUE_BASE64_LEN + 1]; sr_srv_encode(srv_hash_encoded, sizeof(srv_hash_encoded), srv); log_info(LD_DIR, "SR: Generated SRV: %s", srv_hash_encoded); } return srv; }