static void test_fast_handshake(void *arg) { /* tests for the obsolete "CREATE_FAST" handshake. */ (void) arg; fast_handshake_state_t *state = NULL; uint8_t client_handshake[CREATE_FAST_LEN]; uint8_t server_handshake[CREATED_FAST_LEN]; uint8_t s_keys[100], c_keys[100]; /* First, test an entire handshake. */ memset(client_handshake, 0, sizeof(client_handshake)); tt_int_op(0, OP_EQ, fast_onionskin_create(&state, client_handshake)); tt_assert(! tor_mem_is_zero((char*)client_handshake, sizeof(client_handshake))); tt_int_op(0, OP_EQ, fast_server_handshake(client_handshake, server_handshake, s_keys, 100)); const char *msg = NULL; tt_int_op(0, OP_EQ, fast_client_handshake(state, server_handshake, c_keys, 100, &msg)); tt_ptr_op(msg, OP_EQ, NULL); tt_mem_op(s_keys, OP_EQ, c_keys, 100); /* Now test a failing handshake. */ server_handshake[0] ^= 3; tt_int_op(-1, OP_EQ, fast_client_handshake(state, server_handshake, c_keys, 100, &msg)); tt_str_op(msg, OP_EQ, "Digest DOES NOT MATCH on fast handshake. " "Bug or attack."); done: fast_handshake_state_free(state); }
/** Perform the first step of a circuit-creation handshake of type <b>type</b> * (one of ONION_HANDSHAKE_TYPE_*): generate the initial "onion skin" in * <b>onion_skin_out</b>, and store any state information in <b>state_out</b>. * Return -1 on failure, and the length of the onionskin on acceptance. */ int onion_skin_create(int type, const extend_info_t *node, onion_handshake_state_t *state_out, uint8_t *onion_skin_out) { int r = -1; switch (type) { case ONION_HANDSHAKE_TYPE_TAP: if (!node->onion_key) return -1; if (onion_skin_TAP_create(node->onion_key, &state_out->u.tap, (char*)onion_skin_out) < 0) return -1; r = TAP_ONIONSKIN_CHALLENGE_LEN; break; case ONION_HANDSHAKE_TYPE_FAST: if (fast_onionskin_create(&state_out->u.fast, onion_skin_out) < 0) return -1; r = CREATE_FAST_LEN; break; case ONION_HANDSHAKE_TYPE_NTOR: #ifdef CURVE25519_ENABLED if (tor_mem_is_zero((const char*)node->curve25519_onion_key.public_key, CURVE25519_PUBKEY_LEN)) return -1; if (onion_skin_ntor_create((const uint8_t*)node->identity_digest, &node->curve25519_onion_key, &state_out->u.ntor, onion_skin_out) < 0) return -1; r = NTOR_ONIONSKIN_LEN; #else return -1; #endif break; default: log_warn(LD_BUG, "called with unknown handshake state type %d", type); tor_fragile_assert(); r = -1; } if (r > 0) state_out->tag = (uint16_t) type; return r; }
/** Perform the first step of a circuit-creation handshake of type <b>type</b> * (one of ONION_HANDSHAKE_TYPE_*): generate the initial "onion skin" in * <b>onion_skin_out</b>, and store any state information in <b>state_out</b>. * Return -1 on failure, and the length of the onionskin on acceptance. */ int onion_skin_create(int type, const extend_info_t *node, onion_handshake_state_t *state_out, uint8_t *onion_skin_out) { int r = -1; switch (type) { case ONION_HANDSHAKE_TYPE_TAP: if (!node->onion_key) return -1; if (onion_skin_TAP_create(node->onion_key, &state_out->u.tap, (char*)onion_skin_out) < 0) return -1; r = TAP_ONIONSKIN_CHALLENGE_LEN; break; case ONION_HANDSHAKE_TYPE_FAST: if (fast_onionskin_create(&state_out->u.fast, onion_skin_out) < 0) return -1; r = CREATE_FAST_LEN; break; case ONION_HANDSHAKE_TYPE_NTOR: if (!extend_info_supports_ntor(node)) return -1; if (onion_skin_ntor_create((const uint8_t*)node->identity_digest, &node->curve25519_onion_key, &state_out->u.ntor, onion_skin_out) < 0) return -1; r = NTOR_ONIONSKIN_LEN; break; default: /* LCOV_EXCL_START * We should never try to create an impossible handshake type. */ log_warn(LD_BUG, "called with unknown handshake state type %d", type); tor_fragile_assert(); r = -1; /* LCOV_EXCL_STOP */ } if (r > 0) state_out->tag = (uint16_t) type; return r; }