/* Process the remaining bytes in the internal buffer and the usual
prolog according to the standard and write the result to RESBUF. */
static void
sha512_conclude_ctx (struct sha512_ctx *ctx)
{
/* Take yet unprocessed bytes into account. */
size_t bytes = ctx->buflen;
size_t size = (bytes < 112) ? 128 / 8 : 128 * 2 / 8;
/* Now count remaining bytes. */
ctx->total[0] = u64plus (ctx->total[0], u64lo (bytes));
if (u64lt (ctx->total[0], u64lo (bytes)))
ctx->total[1] = u64plus (ctx->total[1], u64lo (1));
/* Put the 128-bit file length in *bits* at the end of the buffer.
Use set_uint64 rather than a simple assignment, to avoid risk of
unaligned access. */
set_uint64 ((char *) &ctx->buffer[size - 2],
SWAP (u64or (u64shl (ctx->total[1], 3),
u64shr (ctx->total[0], 61))));
set_uint64 ((char *) &ctx->buffer[size - 1],
SWAP (u64shl (ctx->total[0], 3)));
memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 8 - bytes);
/* Process last bytes. */
sha512_process_block (ctx->buffer, size * 8, ctx);
}
/** Pack global_id and circ_id; set *tag to the result. (See note on
* cpuworker_main for wire format.) */
static void
tag_pack(char *tag, uint64_t conn_id, circid_t circ_id)
{
/*XXXX RETHINK THIS WHOLE MESS !!!! !NM NM NM NM*/
set_uint64(tag, conn_id);
set_uint16(tag+8, circ_id);
}
static void
test_util_format_unaligned_accessors(void *ignored)
{
(void)ignored;
char buf[9] = "onionsoup"; // 6f6e696f6e736f7570
tt_u64_op(get_uint64(buf+1), OP_EQ, htonll(U64_LITERAL(0x6e696f6e736f7570)));
tt_uint_op(get_uint32(buf+1), OP_EQ, htonl(0x6e696f6e));
tt_uint_op(get_uint16(buf+1), OP_EQ, htons(0x6e69));
tt_uint_op(get_uint8(buf+1), OP_EQ, 0x6e);
set_uint8(buf+7, 0x61);
tt_mem_op(buf, OP_EQ, "onionsoap", 9);
set_uint16(buf+6, htons(0x746f));
tt_mem_op(buf, OP_EQ, "onionstop", 9);
set_uint32(buf+1, htonl(0x78696465));
tt_mem_op(buf, OP_EQ, "oxidestop", 9);
set_uint64(buf+1, htonll(U64_LITERAL(0x6266757363617465)));
tt_mem_op(buf, OP_EQ, "obfuscate", 9);
done:
;
}
/** Pack global_id and circ_id; set *tag to the result. (See note on
* cpuworker_main for wire format.) */
static void
tag_pack(uint8_t *tag, uint64_t chan_id, circid_t circ_id)
{
/*XXXX RETHINK THIS WHOLE MESS !!!! !NM NM NM NM*/
/*XXXX DOUBLEPLUSTHIS!!!! AS AS AS AS*/
set_uint64(tag, chan_id);
set_uint32(tag+8, circ_id);
}
void *
sha384_read_ctx (const struct sha512_ctx *ctx, void *resbuf)
{
int i;
char *r = (char *)resbuf;
for (i = 0; i < 6; i++)
set_uint64 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
return resbuf;
}
/* Encode the given commit object to dst which is a buffer large enough to
* put the base64-encoded commit. The format is as follow:
* COMMIT = base64-encode( TIMESTAMP || H(H(RN)) )
* Return base64 encoded length on success else a negative value.
*/
STATIC int
commit_encode(const sr_commit_t *commit, char *dst, size_t len)
{
size_t offset = 0;
char buf[SR_COMMIT_LEN] = {0};
tor_assert(commit);
tor_assert(dst);
/* First is the timestamp (8 bytes). */
set_uint64(buf, tor_htonll(commit->commit_ts));
offset += sizeof(uint64_t);
/* and then the hashed reveal. */
memcpy(buf + offset, commit->hashed_reveal,
sizeof(commit->hashed_reveal));
/* Clean the buffer and then b64 encode it. */
memset(dst, 0, len);
return base64_encode(dst, len, buf, sizeof(buf), 0);
}
/* Encode a reveal element using a given commit object to dst which is a
* buffer large enough to put the base64-encoded reveal construction. The
* format is as follow:
* REVEAL = base64-encode( TIMESTAMP || H(RN) )
* Return base64 encoded length on success else a negative value.
*/
STATIC int
reveal_encode(const sr_commit_t *commit, char *dst, size_t len)
{
int ret;
size_t offset = 0;
char buf[SR_REVEAL_LEN] = {0};
tor_assert(commit);
tor_assert(dst);
set_uint64(buf, tor_htonll(commit->reveal_ts));
offset += sizeof(uint64_t);
memcpy(buf + offset, commit->random_number,
sizeof(commit->random_number));
/* Let's clean the buffer and then b64 encode it. */
memset(dst, 0, len);
ret = base64_encode(dst, len, buf, sizeof(buf), 0);
/* Wipe this buffer because it contains our random value. */
memwipe(buf, 0, sizeof(buf));
return ret;
}
vector<uint64> burns::set(const uint64* X, int length) const
{
if(length == 0)
{
return set_uint64(0);
}
vector<uint64> x;
x.reserve(size());
for(int j = 0; j < size(); j++)
{
const monty& m = mb.field(j);
uint64 R2 = m.monty_R() * m.monty_R();
uint64 xj = m.set(X[length - 1]);
for(int i = length - 2; i >= 0; --i)
{
xj = m.mul(xj, R2);
xj = m.add(xj, m.set(X[i]));
}
x.push_back(xj);
}
return x;
}
/* Return a srv object that is built with the construction:
* SRV = SHA3-256("shared-random" | INT_8(reveal_num) |
* INT_4(version) | HASHED_REVEALS | previous_SRV)
* This function cannot fail. */
static sr_srv_t *
generate_srv(const char *hashed_reveals, uint64_t reveal_num,
const sr_srv_t *previous_srv)
{
char msg[DIGEST256_LEN + SR_SRV_MSG_LEN] = {0};
size_t offset = 0;
sr_srv_t *srv;
tor_assert(hashed_reveals);
/* Add the invariant token. */
memcpy(msg, SR_SRV_TOKEN, SR_SRV_TOKEN_LEN);
offset += SR_SRV_TOKEN_LEN;
set_uint64(msg + offset, tor_htonll(reveal_num));
offset += sizeof(uint64_t);
set_uint32(msg + offset, htonl(SR_PROTO_VERSION));
offset += sizeof(uint32_t);
memcpy(msg + offset, hashed_reveals, DIGEST256_LEN);
offset += DIGEST256_LEN;
if (previous_srv != NULL) {
memcpy(msg + offset, previous_srv->value, sizeof(previous_srv->value));
}
/* Ok we have our message and key for the HMAC computation, allocate our
* srv object and do the last step. */
srv = tor_malloc_zero(sizeof(*srv));
crypto_digest256((char *) srv->value, msg, sizeof(msg), SR_DIGEST_ALG);
srv->num_reveals = reveal_num;
{
/* Debugging. */
char srv_hash_encoded[SR_SRV_VALUE_BASE64_LEN + 1];
sr_srv_encode(srv_hash_encoded, sizeof(srv_hash_encoded), srv);
log_info(LD_DIR, "SR: Generated SRV: %s", srv_hash_encoded);
}
return srv;
}
