commit df90c781653b81763345b2bfae76e09d1e4c5586
parent 144c7c4613cb5cbeb9d3befb9d6d8b1c3375e6ef
Author: Nick Mathewson <nickm@torproject.org>
Date: Wed, 28 May 2025 15:04:48 -0400
Refactor relay_crypto_init API to take an algorithm.
Diffstat:
12 files changed, 63 insertions(+), 33 deletions(-)
diff --git a/src/core/crypto/relay_crypto.c b/src/core/crypto/relay_crypto.c
@@ -181,12 +181,23 @@ relay_crypto_clear(relay_crypto_t *crypto)
* Return 0 if init was successful, else -1 if it failed.
*/
int
-relay_crypto_init(relay_crypto_t *crypto,
- const char *key_data, size_t key_data_len,
- int reverse, int is_hs_v3)
+relay_crypto_init(relay_crypto_alg_t alg,
+ relay_crypto_t *crypto,
+ const char *key_data, size_t key_data_len)
{
- return tor1_crypt_init(&crypto->tor1,
- key_data, key_data_len, reverse, is_hs_v3);
+ switch (alg) {
+ /* Tor1 cases: the booleans are "reverse" and "is_hs_v3". */
+ case RELAY_CRYPTO_ALG_TOR1:
+ return tor1_crypt_init(&crypto->tor1, key_data, key_data_len,
+ false, false);
+ case RELAY_CRYPTO_ALG_TOR1_HSC:
+ return tor1_crypt_init(&crypto->tor1, key_data, key_data_len,
+ false, true);
+ case RELAY_CRYPTO_ALG_TOR1_HSS:
+ return tor1_crypt_init(&crypto->tor1, key_data, key_data_len,
+ true, true);
+ }
+ tor_assert_unreached();
}
/** Return the amount of key material we need to initialize
@@ -200,7 +211,8 @@ relay_crypto_key_material_len(relay_crypto_alg_t alg)
switch (alg) {
case RELAY_CRYPTO_ALG_TOR1:
return tor1_key_material_len(false);
- case RELAY_CRYPTO_ALG_TOR1_HS:
+ case RELAY_CRYPTO_ALG_TOR1_HSC:
+ case RELAY_CRYPTO_ALG_TOR1_HSS:
return tor1_key_material_len(true);
}
return -1;
diff --git a/src/core/crypto/relay_crypto.h b/src/core/crypto/relay_crypto.h
@@ -12,9 +12,18 @@
#ifndef TOR_RELAY_CRYPTO_H
#define TOR_RELAY_CRYPTO_H
+/** Enumeration to identify which relay crypto algorithm is in use. */
typedef enum relay_crypto_alg_t {
+ /** Tor1 relay crypto, as used for ordinary circuit hops. */
RELAY_CRYPTO_ALG_TOR1,
- RELAY_CRYPTO_ALG_TOR1_HS,
+ /** Tor1 relay crypto, as used as an onion service client for
+ * the shared virtual HS hop created with an INTRODUCE/RENVEZVOUS
+ * handshake. */
+ RELAY_CRYPTO_ALG_TOR1_HSC,
+ /** Tor1 relay crypto, as used as an onion service for
+ * the shared virtual HS hop created with an INTRODUCE/RENVEZVOUS
+ * handshake. */
+ RELAY_CRYPTO_ALG_TOR1_HSS,
} relay_crypto_alg_t;
#define relay_crypto_alg_bitfield_t ENUM_BF(relay_crypto_alg_t)
@@ -26,9 +35,9 @@ typedef enum relay_crypto_alg_t {
ssize_t relay_crypto_key_material_len(relay_crypto_alg_t alg);
-int relay_crypto_init(relay_crypto_t *crypto,
- const char *key_data, size_t key_data_len,
- int reverse, int is_hs_v3);
+int relay_crypto_init(relay_crypto_alg_t alg,
+ relay_crypto_t *crypto,
+ const char *key_data, size_t key_data_len);
int relay_decrypt_cell(circuit_t *circ, cell_t *cell,
cell_direction_t cell_direction,
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
@@ -1299,7 +1299,8 @@ circuit_finish_handshake(origin_circuit_t *circ,
onion_handshake_state_release(&hop->handshake_state);
- if (cpath_init_circuit_crypto(hop, keys, sizeof(keys), 0, 0)<0) {
+ if (cpath_init_circuit_crypto(RELAY_CRYPTO_ALG_TOR1,
+ hop, keys, sizeof(keys))<0) {
return -END_CIRC_REASON_TORPROTOCOL;
}
diff --git a/src/core/or/crypt_path.c b/src/core/or/crypt_path.c
@@ -148,14 +148,13 @@ cpath_assert_layer_ok(const crypt_path_t *cp)
* Return 0 if init was successful, else -1 if it failed.
*/
int
-cpath_init_circuit_crypto(crypt_path_t *cpath,
- const char *key_data, size_t key_data_len,
- int reverse, int is_hs_v3)
+cpath_init_circuit_crypto(relay_crypto_alg_t alg,
+ crypt_path_t *cpath,
+ const char *key_data, size_t key_data_len)
{
tor_assert(cpath);
- return relay_crypto_init(&cpath->pvt_crypto, key_data, key_data_len,
- reverse, is_hs_v3);
+ return relay_crypto_init(alg, &cpath->pvt_crypto, key_data, key_data_len);
}
/** Deallocate space associated with the cpath node <b>victim</b>. */
diff --git a/src/core/or/crypt_path.h b/src/core/or/crypt_path.h
@@ -6,15 +6,17 @@
#ifndef CRYPT_PATH_H
#define CRYPT_PATH_H
+#include "core/crypto/relay_crypto.h"
+
void cpath_assert_layer_ok(const crypt_path_t *cp);
void cpath_assert_ok(const crypt_path_t *cp);
int cpath_append_hop(crypt_path_t **head_ptr, extend_info_t *choice);
-int cpath_init_circuit_crypto(crypt_path_t *cpath,
- const char *key_data, size_t key_data_len,
- int reverse, int is_hs_v3);
+int cpath_init_circuit_crypto(relay_crypto_alg_t alg,
+ crypt_path_t *cpath,
+ const char *key_data, size_t key_data_len);
void
cpath_free(crypt_path_t *victim);
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c
@@ -112,9 +112,10 @@ create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len,
// TODO CGO: Pick relay cell format based on capabilities.
cpath->relay_cell_format = RELAY_CELL_FORMAT_V0;
+ relay_crypto_alg_t alg = is_service_side ? RELAY_CRYPTO_ALG_TOR1_HSS :
+ RELAY_CRYPTO_ALG_TOR1_HSC;
- if (cpath_init_circuit_crypto(cpath, (char*)keys, sizeof(keys),
- is_service_side, 1) < 0) {
+ if (cpath_init_circuit_crypto(alg, cpath, (char*)keys, sizeof(keys)) < 0) {
tor_free(cpath);
goto err;
}
diff --git a/src/feature/relay/circuitbuild_relay.c b/src/feature/relay/circuitbuild_relay.c
@@ -556,6 +556,7 @@ onionskin_answer(struct or_circuit_t *circ,
return -1;
}
+ // XXXX: This will be wrong for cgo.
tor_assert(keys_len == CPATH_KEY_MATERIAL_LEN);
if (created_cell_format(&cell, created_cell) < 0) {
@@ -570,7 +571,8 @@ onionskin_answer(struct or_circuit_t *circ,
log_debug(LD_CIRC,"init digest forward 0x%.8x, backward 0x%.8x.",
(unsigned int)get_uint32(keys),
(unsigned int)get_uint32(keys+20));
- if (relay_crypto_init(&circ->crypto, keys, keys_len, 0, 0)<0) {
+ if (relay_crypto_init(RELAY_CRYPTO_ALG_TOR1,
+ &circ->crypto, keys, keys_len)<0) {
log_warn(LD_BUG,"Circuit initialization failed.");
return -1;
}
diff --git a/src/test/bench.c b/src/test/bench.c
@@ -548,8 +548,8 @@ bench_cell_ops_tor1(void)
char keys[CPATH_KEY_MATERIAL_LEN];
crypto_rand(keys, sizeof(keys));
size_t keylen = sizeof(keys);
- relay_crypto_init(&or_circ->crypto,
- keys, keylen, false, false);
+ relay_crypto_init(RELAY_CRYPTO_ALG_TOR1,
+ &or_circ->crypto, keys, keylen);
reset_perftime();
diff --git a/src/test/fakecircs.c b/src/test/fakecircs.c
@@ -59,8 +59,9 @@ new_fake_orcirc(channel_t *nchan, channel_t *pchan)
cell_queue_init(&(orcirc->p_chan_cells));
memset(&tmp_cpath, 0, sizeof(tmp_cpath));
- if (cpath_init_circuit_crypto(&tmp_cpath, whatevs_key,
- sizeof(whatevs_key), 0, 0)<0) {
+ if (cpath_init_circuit_crypto(RELAY_CRYPTO_ALG_TOR1,
+ &tmp_cpath, whatevs_key,
+ sizeof(whatevs_key))<0) {
log_warn(LD_BUG,"Circuit initialization failed");
return NULL;
}
diff --git a/src/test/test_circuitpadding.c b/src/test/test_circuitpadding.c
@@ -1623,7 +1623,8 @@ simulate_single_hop_extend(circuit_t *client, circuit_t *mid_relay,
digest, NULL, NULL,
&addr, padding, NULL, false);
- cpath_init_circuit_crypto(hop, whatevs_key, sizeof(whatevs_key), 0, 0);
+ cpath_init_circuit_crypto(RELAY_CRYPTO_ALG_TOR1, hop,
+ whatevs_key, sizeof(whatevs_key));
hop->package_window = circuit_initial_package_window();
hop->deliver_window = CIRCWINDOW_START;
diff --git a/src/test/test_conflux_pool.c b/src/test/test_conflux_pool.c
@@ -359,7 +359,8 @@ simulate_single_hop_extend(origin_circuit_t *client, int exit)
digest, NULL, NULL,
&addr, exit, NULL, exit);
- cpath_init_circuit_crypto(hop, whatevs_key, sizeof(whatevs_key), 0, 0);
+ cpath_init_circuit_crypto(RELAY_CRYPTO_ALG_TOR1, hop,
+ whatevs_key, sizeof(whatevs_key));
hop->package_window = circuit_initial_package_window();
hop->deliver_window = CIRCWINDOW_START;
diff --git a/src/test/test_relaycrypt.c b/src/test/test_relaycrypt.c
@@ -49,17 +49,18 @@ testing_circuitset_setup(const struct testcase_t *testcase)
for (i=0; i<3; ++i) {
cs->or_circ[i] = or_circuit_new(0, NULL);
tt_int_op(0, OP_EQ,
- relay_crypto_init(&cs->or_circ[i]->crypto,
- KEY_MATERIAL[i], sizeof(KEY_MATERIAL[i]),
- 0, 0));
+ relay_crypto_init(RELAY_CRYPTO_ALG_TOR1,
+ &cs->or_circ[i]->crypto,
+ KEY_MATERIAL[i], sizeof(KEY_MATERIAL[i])));
}
cs->origin_circ = origin_circuit_new();
cs->origin_circ->base_.purpose = CIRCUIT_PURPOSE_C_GENERAL;
for (i=0; i<3; ++i) {
crypt_path_t *hop = tor_malloc_zero(sizeof(*hop));
- relay_crypto_init(&hop->pvt_crypto, KEY_MATERIAL[i],
- sizeof(KEY_MATERIAL[i]), 0, 0);
+ relay_crypto_init(RELAY_CRYPTO_ALG_TOR1,
+ &hop->pvt_crypto, KEY_MATERIAL[i],
+ sizeof(KEY_MATERIAL[i]));
hop->state = CPATH_STATE_OPEN;
cpath_extend_linked_list(&cs->origin_circ->cpath, hop);
tt_ptr_op(hop, OP_EQ, cs->origin_circ->cpath->prev);
