Tor  0.4.4.0-alpha-dev
crypt_path.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2019-2020, The Tor Project, Inc. */
3 /* See LICENSE for licensing information */
4 
5 /**
6  * \file crypt_path.c
7  *
8  * \brief Functions dealing with layered circuit encryption. This file aims to
9  * provide an API around the crypt_path_t structure which holds crypto
10  * information about a specific hop of a circuit.
11  *
12  * TODO: We should eventually move all functions dealing and manipulating
13  * crypt_path_t to this file, so that eventually we encapsulate more and more
14  * of crypt_path_t. Here are some more functions that can be moved here with
15  * some more effort:
16  *
17  * - circuit_list_path_impl()
18  * - Functions dealing with cpaths in HSv2 create_rend_cpath() and
19  * create_rend_cpath_legacy()
20  * - The cpath related parts of rend_service_receive_introduction() and
21  * rend_client_send_introduction().
22  **/
23 
24 #define CRYPT_PATH_PRIVATE
25 
26 #include "core/or/or.h"
27 #include "core/or/crypt_path.h"
28 
31 #include "core/or/circuitbuild.h"
32 #include "core/or/circuitlist.h"
33 
36 
37 #include "core/or/crypt_path_st.h"
38 #include "core/or/cell_st.h"
39 
40 /** Add <b>new_hop</b> to the end of the doubly-linked-list <b>head_ptr</b>.
41  * This function is used to extend cpath by another hop.
42  */
43 void
45 {
46  if (*head_ptr) {
47  new_hop->next = (*head_ptr);
48  new_hop->prev = (*head_ptr)->prev;
49  (*head_ptr)->prev->next = new_hop;
50  (*head_ptr)->prev = new_hop;
51  } else {
52  *head_ptr = new_hop;
53  new_hop->prev = new_hop->next = new_hop;
54  }
55 }
56 
57 /** Create a new hop, annotate it with information about its
58  * corresponding router <b>choice</b>, and append it to the
59  * end of the cpath <b>head_ptr</b>. */
60 int
62 {
63  crypt_path_t *hop = tor_malloc_zero(sizeof(crypt_path_t));
64 
65  /* link hop into the cpath, at the end. */
66  cpath_extend_linked_list(head_ptr, hop);
67 
68  hop->magic = CRYPT_PATH_MAGIC;
69  hop->state = CPATH_STATE_CLOSED;
70 
71  hop->extend_info = extend_info_dup(choice);
72 
75 
76  return 0;
77 }
78 
79 /** Verify that cpath <b>cp</b> has all of its invariants
80  * correct. Trigger an assert if anything is invalid.
81  */
82 void
84 {
85  const crypt_path_t *start = cp;
86 
87  do {
89  /* layers must be in sequence of: "open* awaiting? closed*" */
90  if (cp != start) {
91  if (cp->state == CPATH_STATE_AWAITING_KEYS) {
92  tor_assert(cp->prev->state == CPATH_STATE_OPEN);
93  } else if (cp->state == CPATH_STATE_OPEN) {
94  tor_assert(cp->prev->state == CPATH_STATE_OPEN);
95  }
96  }
97  cp = cp->next;
98  tor_assert(cp);
99  } while (cp != start);
100 }
101 
102 /** Verify that cpath layer <b>cp</b> has all of its invariants
103  * correct. Trigger an assert if anything is invalid.
104  */
105 void
107 {
108 // tor_assert(cp->addr); /* these are zero for rendezvous extra-hops */
109 // tor_assert(cp->port);
110  tor_assert(cp);
111  tor_assert(cp->magic == CRYPT_PATH_MAGIC);
112  switch (cp->state)
113  {
114  case CPATH_STATE_OPEN:
115  relay_crypto_assert_ok(&cp->pvt_crypto);
116  /* fall through */
117  case CPATH_STATE_CLOSED:
118  /*XXXX Assert that there's no handshake_state either. */
120  break;
121  case CPATH_STATE_AWAITING_KEYS:
122  /* tor_assert(cp->dh_handshake_state); */
123  break;
124  default:
125  log_fn(LOG_ERR, LD_BUG, "Unexpected state %d", cp->state);
126  tor_assert(0);
127  }
128  tor_assert(cp->package_window >= 0);
129  tor_assert(cp->deliver_window >= 0);
130 }
131 
132 /** Initialize cpath->{f|b}_{crypto|digest} from the key material in key_data.
133  *
134  * If <b>is_hs_v3</b> is set, this cpath will be used for next gen hidden
135  * service circuits and <b>key_data</b> must be at least
136  * HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN bytes in length.
137  *
138  * If <b>is_hs_v3</b> is not set, key_data must contain CPATH_KEY_MATERIAL_LEN
139  * bytes, which are used as follows:
140  * - 20 to initialize f_digest
141  * - 20 to initialize b_digest
142  * - 16 to key f_crypto
143  * - 16 to key b_crypto
144  *
145  * (If 'reverse' is true, then f_XX and b_XX are swapped.)
146  *
147  * Return 0 if init was successful, else -1 if it failed.
148  */
149 int
151  const char *key_data, size_t key_data_len,
152  int reverse, int is_hs_v3)
153 {
154 
155  tor_assert(cpath);
156  return relay_crypto_init(&cpath->pvt_crypto, key_data, key_data_len,
157  reverse, is_hs_v3);
158 }
159 
160 /** Deallocate space associated with the cpath node <b>victim</b>. */
161 void
163 {
164  if (!victim)
165  return;
166 
167  relay_crypto_clear(&victim->pvt_crypto);
169  crypto_dh_free(victim->rend_dh_handshake_state);
170  extend_info_free(victim->extend_info);
171 
172  memwipe(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */
173  tor_free(victim);
174 }
175 
176 /********************** cpath crypto API *******************************/
177 
178 /** Encrypt or decrypt <b>payload</b> using the crypto of <b>cpath</b>. Actual
179  * operation decided by <b>is_decrypt</b>. */
180 void
181 cpath_crypt_cell(const crypt_path_t *cpath, uint8_t *payload, bool is_decrypt)
182 {
183  if (is_decrypt) {
184  relay_crypt_one_payload(cpath->pvt_crypto.b_crypto, payload);
185  } else {
186  relay_crypt_one_payload(cpath->pvt_crypto.f_crypto, payload);
187  }
188 }
189 
190 /** Getter for the incoming digest of <b>cpath</b>. */
191 struct crypto_digest_t *
193 {
194  return cpath->pvt_crypto.b_digest;
195 }
196 
197 /** Set the right integrity digest on the outgoing <b>cell</b> based on the
198  * cell payload and update the forward digest of <b>cpath</b>. */
199 void
201 {
202  relay_set_digest(cpath->pvt_crypto.f_digest, cell);
203 }
204 
205 /************ cpath sendme API ***************************/
206 
207 /** Return the sendme_digest of this <b>cpath</b>. */
208 uint8_t *
210 {
211  return relay_crypto_get_sendme_digest(&cpath->pvt_crypto);
212 }
213 
214 /** Record the cell digest, indicated by is_foward_digest or not, as the
215  * SENDME cell digest. */
216 void
217 cpath_sendme_record_cell_digest(crypt_path_t *cpath, bool is_foward_digest)
218 {
219  tor_assert(cpath);
220  relay_crypto_record_sendme_digest(&cpath->pvt_crypto, is_foward_digest);
221 }
222 
223 /************ other cpath functions ***************************/
224 
225 /** Return the first non-open hop in cpath, or return NULL if all
226  * hops are open. */
227 crypt_path_t *
229 {
230  crypt_path_t *hop = cpath;
231  do {
232  if (hop->state != CPATH_STATE_OPEN)
233  return hop;
234  hop = hop->next;
235  } while (hop != cpath);
236  return NULL;
237 }
238 
239 #ifdef TOR_UNIT_TESTS
240 
241 /** Unittest helper function: Count number of hops in cpath linked list. */
242 unsigned int
243 cpath_get_n_hops(crypt_path_t **head_ptr)
244 {
245  unsigned int n_hops = 0;
246  crypt_path_t *tmp;
247 
248  if (!*head_ptr) {
249  return 0;
250  }
251 
252  tmp = *head_ptr;
253  do {
254  n_hops++;
255  tmp = tmp->next;
256  } while (tmp != *head_ptr);
257 
258  return n_hops;
259 }
260 
261 #endif /* defined(TOR_UNIT_TESTS) */
262 
uint8_t * relay_crypto_get_sendme_digest(relay_crypto_t *crypto)
Definition: relay_crypto.c:102
Headers for crypto_dh.c.
void cpath_extend_linked_list(crypt_path_t **head_ptr, crypt_path_t *new_hop)
Definition: crypt_path.c:44
extend_info_t * extend_info
Definition: crypt_path_st.h:61
void relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in)
Definition: relay_crypto.c:95
Definition: cell_st.h:17
Path structures for origin circuits.
void cpath_crypt_cell(const crypt_path_t *cpath, uint8_t *payload, bool is_decrypt)
Definition: crypt_path.c:181
#define CIRCWINDOW_START
Definition: or.h:501
void cpath_sendme_record_cell_digest(crypt_path_t *cpath, bool is_foward_digest)
Definition: crypt_path.c:217
crypt_path_t * cpath_get_next_non_open_hop(crypt_path_t *cpath)
Definition: crypt_path.c:228
#define tor_assert(expr)
Definition: util_bug.h:102
struct crypt_path_t * prev
Definition: crypt_path_st.h:75
#define tor_free(p)
Definition: malloc.h:52
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
void relay_set_digest(crypto_digest_t *digest, cell_t *cell)
Definition: relay_crypto.c:31
void cpath_assert_ok(const crypt_path_t *cp)
Definition: crypt_path.c:83
onion_handshake_state_t handshake_state
Definition: crypt_path_st.h:52
int32_t circuit_initial_package_window(void)
Definition: circuitlist.c:972
Common functions for cryptographic routines.
void relay_crypto_assert_ok(const relay_crypto_t *crypto)
Definition: relay_crypto.c:367
int relay_crypto_init(relay_crypto_t *crypto, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3)
Definition: relay_crypto.c:293
Master header file for Tor-specific functionality.
Header file for circuitbuild.c.
struct crypto_dh_t * rend_dh_handshake_state
Definition: crypt_path_st.h:55
void cpath_free(crypt_path_t *victim)
Definition: crypt_path.c:162
void relay_crypto_record_sendme_digest(relay_crypto_t *crypto, bool is_foward_digest)
Definition: relay_crypto.c:111
extend_info_t * extend_info_dup(extend_info_t *info)
Header file for circuitlist.c.
Fixed-size cell structure.
int cpath_init_circuit_crypto(crypt_path_t *cpath, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3)
Definition: crypt_path.c:150
#define LOG_ERR
Definition: log.h:56
void cpath_set_cell_forward_digest(crypt_path_t *cpath, cell_t *cell)
Definition: crypt_path.c:200
Header file for crypt_path.c.
#define log_fn(severity, domain, args,...)
Definition: log.h:287
void cpath_assert_layer_ok(const crypt_path_t *cp)
Definition: crypt_path.c:106
struct crypto_digest_t * cpath_get_incoming_digest(const crypt_path_t *cpath)
Definition: crypt_path.c:192
uint8_t * cpath_get_sendme_digest(crypt_path_t *cpath)
Definition: crypt_path.c:209
struct crypt_path_t * next
Definition: crypt_path_st.h:72
void onion_handshake_state_release(onion_handshake_state_t *state)
Definition: onion_crypto.c:79
void relay_crypto_clear(relay_crypto_t *crypto)
Definition: relay_crypto.c:265
#define LD_BUG
Definition: log.h:86
int cpath_append_hop(crypt_path_t **head_ptr, extend_info_t *choice)
Definition: crypt_path.c:61
Header for relay_crypto.c.
uint8_t state
Definition: crypt_path_st.h:68
Header file for onion_crypto.c.