static void bench_cell_ops(void) { const int iters = 1<<16; int i; /* benchmarks for cell ops at relay. */ or_circuit_t *or_circ = tor_malloc_zero(sizeof(or_circuit_t)); cell_t *cell = tor_malloc(sizeof(cell_t)); int outbound; uint64_t start, end; crypto_rand((char*)cell->payload, sizeof(cell->payload)); /* Mock-up or_circuit_t */ or_circ->_base.magic = OR_CIRCUIT_MAGIC; or_circ->_base.purpose = CIRCUIT_PURPOSE_OR; /* Initialize crypto */ or_circ->p_crypto = crypto_new_cipher_env(); crypto_cipher_generate_key(or_circ->p_crypto); crypto_cipher_encrypt_init_cipher(or_circ->p_crypto); or_circ->n_crypto = crypto_new_cipher_env(); crypto_cipher_generate_key(or_circ->n_crypto); crypto_cipher_encrypt_init_cipher(or_circ->n_crypto); or_circ->p_digest = crypto_new_digest_env(); or_circ->n_digest = crypto_new_digest_env(); reset_perftime(); for (outbound = 0; outbound <= 1; ++outbound) { cell_direction_t d = outbound ? CELL_DIRECTION_OUT : CELL_DIRECTION_IN; start = perftime(); for (i = 0; i < iters; ++i) { char recognized = 0; crypt_path_t *layer_hint = NULL; relay_crypt(TO_CIRCUIT(or_circ), cell, d, &layer_hint, &recognized); } end = perftime(); printf("%sbound cells: %.2f ns per cell. (%.2f ns per byte of payload)\n", outbound?"Out":" In", NANOCOUNT(start,end,iters), NANOCOUNT(start,end,iters*CELL_PAYLOAD_SIZE)); } crypto_free_digest_env(or_circ->p_digest); crypto_free_digest_env(or_circ->n_digest); crypto_free_cipher_env(or_circ->p_crypto); crypto_free_cipher_env(or_circ->n_crypto); tor_free(or_circ); tor_free(cell); }
static void bench_cell_aes(void) { uint64_t start, end; const int len = 509; const int iters = (1<<16); const int max_misalign = 15; char *b = tor_malloc(len+max_misalign); crypto_cipher_env_t *c; int i, misalign; c = crypto_new_cipher_env(); crypto_cipher_generate_key(c); crypto_cipher_encrypt_init_cipher(c); reset_perftime(); for (misalign = 0; misalign <= max_misalign; ++misalign) { start = perftime(); for (i = 0; i < iters; ++i) { crypto_cipher_crypt_inplace(c, b+misalign, len); } end = perftime(); printf("%d bytes, misaligned by %d: %.2f nsec per byte\n", len, misalign, NANOCOUNT(start, end, iters*len)); } crypto_free_cipher_env(c); tor_free(b); }
/** Run AES performance benchmarks. */ static void bench_aes(void) { int len, i; char *b1, *b2; crypto_cipher_env_t *c; uint64_t start, end; const int bytes_per_iter = (1<<24); reset_perftime(); c = crypto_new_cipher_env(); crypto_cipher_generate_key(c); crypto_cipher_encrypt_init_cipher(c); for (len = 1; len <= 8192; len *= 2) { int iters = bytes_per_iter / len; b1 = tor_malloc_zero(len); b2 = tor_malloc_zero(len); start = perftime(); for (i = 0; i < iters; ++i) { crypto_cipher_encrypt(c, b1, b2, len); } end = perftime(); tor_free(b1); tor_free(b2); printf("%d bytes: %.2f nsec per byte\n", len, NANOCOUNT(start, end, iters*len)); } crypto_free_cipher_env(c); }
/** Deallocate space associated with the cpath node <b>victim</b>. */ static void circuit_free_cpath_node(crypt_path_t *victim) { if (!victim) return; crypto_free_cipher_env(victim->f_crypto); crypto_free_cipher_env(victim->b_crypto); crypto_free_digest_env(victim->f_digest); crypto_free_digest_env(victim->b_digest); crypto_dh_free(victim->dh_handshake_state); extend_info_free(victim->extend_info); memset(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */ tor_free(victim); }
/** Deallocate space associated with circ. */ static void circuit_free(circuit_t *circ) { void *mem; size_t memlen; tor_assert(circ); if (CIRCUIT_IS_ORIGIN(circ)) { origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); mem = ocirc; memlen = sizeof(origin_circuit_t); tor_assert(circ->magic == ORIGIN_CIRCUIT_MAGIC); if (ocirc->build_state) { if (ocirc->build_state->chosen_exit) extend_info_free(ocirc->build_state->chosen_exit); if (ocirc->build_state->pending_final_cpath) circuit_free_cpath_node(ocirc->build_state->pending_final_cpath); } tor_free(ocirc->build_state); circuit_free_cpath(ocirc->cpath); if (ocirc->intro_key) crypto_free_pk_env(ocirc->intro_key); if (ocirc->rend_data) rend_data_free(ocirc->rend_data); } else { or_circuit_t *ocirc = TO_OR_CIRCUIT(circ); mem = ocirc; memlen = sizeof(or_circuit_t); tor_assert(circ->magic == OR_CIRCUIT_MAGIC); if (ocirc->p_crypto) crypto_free_cipher_env(ocirc->p_crypto); if (ocirc->p_digest) crypto_free_digest_env(ocirc->p_digest); if (ocirc->n_crypto) crypto_free_cipher_env(ocirc->n_crypto); if (ocirc->n_digest) crypto_free_digest_env(ocirc->n_digest); if (ocirc->rend_splice) { or_circuit_t *other = ocirc->rend_splice; tor_assert(other->_base.magic == OR_CIRCUIT_MAGIC); other->rend_splice = NULL; } /* remove from map. */ circuit_set_p_circid_orconn(ocirc, 0, NULL); /* Clear cell queue _after_ removing it from the map. Otherwise our * "active" checks will be violated. */ cell_queue_clear(ô->p_conn_cells); } if (circ->n_hop) extend_info_free(circ->n_hop); tor_free(circ->n_conn_onionskin); /* Remove from map. */ circuit_set_n_circid_orconn(circ, 0, NULL); /* Clear cell queue _after_ removing it from the map. Otherwise our * "active" checks will be violated. */ cell_queue_clear(&circ->n_conn_cells); memset(circ, 0xAA, memlen); /* poison memory */ tor_free(mem); }
/** Run unit tests for our AES functionality */ static void test_crypto_aes(void) { char *data1 = NULL, *data2 = NULL, *data3 = NULL; crypto_cipher_env_t *env1 = NULL, *env2 = NULL; int i, j; char *mem_op_hex_tmp=NULL; data1 = tor_malloc(1024); data2 = tor_malloc(1024); data3 = tor_malloc(1024); /* Now, test encryption and decryption with stream cipher. */ data1[0]='\0'; for (i = 1023; i>0; i -= 35) strncat(data1, "Now is the time for all good onions", i); memset(data2, 0, 1024); memset(data3, 0, 1024); env1 = crypto_new_cipher_env(); test_neq(env1, 0); env2 = crypto_new_cipher_env(); test_neq(env2, 0); j = crypto_cipher_generate_key(env1); crypto_cipher_set_key(env2, crypto_cipher_get_key(env1)); crypto_cipher_encrypt_init_cipher(env1); crypto_cipher_decrypt_init_cipher(env2); /* Try encrypting 512 chars. */ crypto_cipher_encrypt(env1, data2, data1, 512); crypto_cipher_decrypt(env2, data3, data2, 512); test_memeq(data1, data3, 512); test_memneq(data1, data2, 512); /* Now encrypt 1 at a time, and get 1 at a time. */ for (j = 512; j < 560; ++j) { crypto_cipher_encrypt(env1, data2+j, data1+j, 1); } for (j = 512; j < 560; ++j) { crypto_cipher_decrypt(env2, data3+j, data2+j, 1); } test_memeq(data1, data3, 560); /* Now encrypt 3 at a time, and get 5 at a time. */ for (j = 560; j < 1024-5; j += 3) { crypto_cipher_encrypt(env1, data2+j, data1+j, 3); } for (j = 560; j < 1024-5; j += 5) { crypto_cipher_decrypt(env2, data3+j, data2+j, 5); } test_memeq(data1, data3, 1024-5); /* Now make sure that when we encrypt with different chunk sizes, we get the same results. */ crypto_free_cipher_env(env2); env2 = NULL; memset(data3, 0, 1024); env2 = crypto_new_cipher_env(); test_neq(env2, 0); crypto_cipher_set_key(env2, crypto_cipher_get_key(env1)); crypto_cipher_encrypt_init_cipher(env2); for (j = 0; j < 1024-16; j += 17) { crypto_cipher_encrypt(env2, data3+j, data1+j, 17); } for (j= 0; j < 1024-16; ++j) { if (data2[j] != data3[j]) { printf("%d: %d\t%d\n", j, (int) data2[j], (int) data3[j]); } } test_memeq(data2, data3, 1024-16); crypto_free_cipher_env(env1); env1 = NULL; crypto_free_cipher_env(env2); env2 = NULL; /* NIST test vector for aes. */ env1 = crypto_new_cipher_env(); /* IV starts at 0 */ crypto_cipher_set_key(env1, "\x80\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00"); crypto_cipher_encrypt_init_cipher(env1); crypto_cipher_encrypt(env1, data1, "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", 16); test_memeq_hex(data1, "0EDD33D3C621E546455BD8BA1418BEC8"); /* Now test rollover. All these values are originally from a python * script. */ crypto_cipher_set_iv(env1, "\x00\x00\x00\x00\x00\x00\x00\x00" "\xff\xff\xff\xff\xff\xff\xff\xff"); memset(data2, 0, 1024); crypto_cipher_encrypt(env1, data1, data2, 32); test_memeq_hex(data1, "335fe6da56f843199066c14a00a40231" "cdd0b917dbc7186908a6bfb5ffd574d3"); crypto_cipher_set_iv(env1, "\x00\x00\x00\x00\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff"); memset(data2, 0, 1024); crypto_cipher_encrypt(env1, data1, data2, 32); test_memeq_hex(data1, "e627c6423fa2d77832a02b2794094b73" "3e63c721df790d2c6469cc1953a3ffac"); crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff"); memset(data2, 0, 1024); crypto_cipher_encrypt(env1, data1, data2, 32); test_memeq_hex(data1, "2aed2bff0de54f9328efd070bf48f70a" "0EDD33D3C621E546455BD8BA1418BEC8"); /* Now check rollover on inplace cipher. */ crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff"); crypto_cipher_crypt_inplace(env1, data2, 64); test_memeq_hex(data2, "2aed2bff0de54f9328efd070bf48f70a" "0EDD33D3C621E546455BD8BA1418BEC8" "93e2c5243d6839eac58503919192f7ae" "1908e67cafa08d508816659c2e693191"); crypto_cipher_set_iv(env1, "\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff"); crypto_cipher_crypt_inplace(env1, data2, 64); test_assert(tor_mem_is_zero(data2, 64)); done: tor_free(mem_op_hex_tmp); if (env1) crypto_free_cipher_env(env1); if (env2) crypto_free_cipher_env(env2); tor_free(data1); tor_free(data2); tor_free(data3); }
/** Test AES-CTR encryption and decryption with IV. */ static void test_crypto_aes_iv(void) { crypto_cipher_env_t *cipher; char *plain, *encrypted1, *encrypted2, *decrypted1, *decrypted2; char plain_1[1], plain_15[15], plain_16[16], plain_17[17]; char key1[16], key2[16]; ssize_t encrypted_size, decrypted_size; plain = tor_malloc(4095); encrypted1 = tor_malloc(4095 + 1 + 16); encrypted2 = tor_malloc(4095 + 1 + 16); decrypted1 = tor_malloc(4095 + 1); decrypted2 = tor_malloc(4095 + 1); crypto_rand(plain, 4095); crypto_rand(key1, 16); crypto_rand(key2, 16); crypto_rand(plain_1, 1); crypto_rand(plain_15, 15); crypto_rand(plain_16, 16); crypto_rand(plain_17, 17); key1[0] = key2[0] + 128; /* Make sure that contents are different. */ /* Encrypt and decrypt with the same key. */ cipher = crypto_create_init_cipher(key1, 1); encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 4095, plain, 4095); crypto_free_cipher_env(cipher); cipher = NULL; test_eq(encrypted_size, 16 + 4095); tor_assert(encrypted_size > 0); /* This is obviously true, since 4111 is * greater than 0, but its truth is not * obvious to all analysis tools. */ cipher = crypto_create_init_cipher(key1, 0); decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 4095, encrypted1, encrypted_size); crypto_free_cipher_env(cipher); cipher = NULL; test_eq(decrypted_size, 4095); tor_assert(decrypted_size > 0); test_memeq(plain, decrypted1, 4095); /* Encrypt a second time (with a new random initialization vector). */ cipher = crypto_create_init_cipher(key1, 1); encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted2, 16 + 4095, plain, 4095); crypto_free_cipher_env(cipher); cipher = NULL; test_eq(encrypted_size, 16 + 4095); tor_assert(encrypted_size > 0); cipher = crypto_create_init_cipher(key1, 0); decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted2, 4095, encrypted2, encrypted_size); crypto_free_cipher_env(cipher); cipher = NULL; test_eq(decrypted_size, 4095); tor_assert(decrypted_size > 0); test_memeq(plain, decrypted2, 4095); test_memneq(encrypted1, encrypted2, encrypted_size); /* Decrypt with the wrong key. */ cipher = crypto_create_init_cipher(key2, 0); decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted2, 4095, encrypted1, encrypted_size); crypto_free_cipher_env(cipher); cipher = NULL; test_memneq(plain, decrypted2, encrypted_size); /* Alter the initialization vector. */ encrypted1[0] += 42; cipher = crypto_create_init_cipher(key1, 0); decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 4095, encrypted1, encrypted_size); crypto_free_cipher_env(cipher); cipher = NULL; test_memneq(plain, decrypted2, 4095); /* Special length case: 1. */ cipher = crypto_create_init_cipher(key1, 1); encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 1, plain_1, 1); crypto_free_cipher_env(cipher); cipher = NULL; test_eq(encrypted_size, 16 + 1); tor_assert(encrypted_size > 0); cipher = crypto_create_init_cipher(key1, 0); decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 1, encrypted1, encrypted_size); crypto_free_cipher_env(cipher); cipher = NULL; test_eq(decrypted_size, 1); tor_assert(decrypted_size > 0); test_memeq(plain_1, decrypted1, 1); /* Special length case: 15. */ cipher = crypto_create_init_cipher(key1, 1); encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 15, plain_15, 15); crypto_free_cipher_env(cipher); cipher = NULL; test_eq(encrypted_size, 16 + 15); tor_assert(encrypted_size > 0); cipher = crypto_create_init_cipher(key1, 0); decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 15, encrypted1, encrypted_size); crypto_free_cipher_env(cipher); cipher = NULL; test_eq(decrypted_size, 15); tor_assert(decrypted_size > 0); test_memeq(plain_15, decrypted1, 15); /* Special length case: 16. */ cipher = crypto_create_init_cipher(key1, 1); encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 16, plain_16, 16); crypto_free_cipher_env(cipher); cipher = NULL; test_eq(encrypted_size, 16 + 16); tor_assert(encrypted_size > 0); cipher = crypto_create_init_cipher(key1, 0); decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 16, encrypted1, encrypted_size); crypto_free_cipher_env(cipher); cipher = NULL; test_eq(decrypted_size, 16); tor_assert(decrypted_size > 0); test_memeq(plain_16, decrypted1, 16); /* Special length case: 17. */ cipher = crypto_create_init_cipher(key1, 1); encrypted_size = crypto_cipher_encrypt_with_iv(cipher, encrypted1, 16 + 17, plain_17, 17); crypto_free_cipher_env(cipher); cipher = NULL; test_eq(encrypted_size, 16 + 17); tor_assert(encrypted_size > 0); cipher = crypto_create_init_cipher(key1, 0); decrypted_size = crypto_cipher_decrypt_with_iv(cipher, decrypted1, 17, encrypted1, encrypted_size); test_eq(decrypted_size, 17); tor_assert(decrypted_size > 0); test_memeq(plain_17, decrypted1, 17); done: /* Free memory. */ tor_free(plain); tor_free(encrypted1); tor_free(encrypted2); tor_free(decrypted1); tor_free(decrypted2); if (cipher) crypto_free_cipher_env(cipher); }
/** Deallocate space associated with circ. */ static void circuit_free(circuit_t *circ) { void *mem; size_t memlen; if (!circ) return; if (CIRCUIT_IS_ORIGIN(circ)) { origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); mem = ocirc; memlen = sizeof(origin_circuit_t); tor_assert(circ->magic == ORIGIN_CIRCUIT_MAGIC); if (ocirc->build_state) { extend_info_free(ocirc->build_state->chosen_exit); circuit_free_cpath_node(ocirc->build_state->pending_final_cpath); } tor_free(ocirc->build_state); circuit_free_cpath(ocirc->cpath); crypto_free_pk_env(ocirc->intro_key); rend_data_free(ocirc->rend_data); tor_free(ocirc->dest_address); if (ocirc->socks_username) { memset(ocirc->socks_username, 0x12, ocirc->socks_username_len); tor_free(ocirc->socks_username); } if (ocirc->socks_password) { memset(ocirc->socks_password, 0x06, ocirc->socks_password_len); tor_free(ocirc->socks_password); } } else { or_circuit_t *ocirc = TO_OR_CIRCUIT(circ); /* Remember cell statistics for this circuit before deallocating. */ if (get_options()->CellStatistics) rep_hist_buffer_stats_add_circ(circ, time(NULL)); mem = ocirc; memlen = sizeof(or_circuit_t); tor_assert(circ->magic == OR_CIRCUIT_MAGIC); crypto_free_cipher_env(ocirc->p_crypto); crypto_free_digest_env(ocirc->p_digest); crypto_free_cipher_env(ocirc->n_crypto); crypto_free_digest_env(ocirc->n_digest); if (ocirc->rend_splice) { or_circuit_t *other = ocirc->rend_splice; tor_assert(other->_base.magic == OR_CIRCUIT_MAGIC); other->rend_splice = NULL; } /* remove from map. */ circuit_set_p_circid_orconn(ocirc, 0, NULL); /* Clear cell queue _after_ removing it from the map. Otherwise our * "active" checks will be violated. */ cell_queue_clear(ô->p_conn_cells); } extend_info_free(circ->n_hop); tor_free(circ->n_conn_onionskin); /* Remove from map. */ circuit_set_n_circid_orconn(circ, 0, NULL); /* Clear cell queue _after_ removing it from the map. Otherwise our * "active" checks will be violated. */ cell_queue_clear(&circ->n_conn_cells); memset(mem, 0xAA, memlen); /* poison memory */ tor_free(mem); }