[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] Document stuff, reduce magic numbers, add emacs magic



Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/tmp/cvs-serv9571/src/or

Modified Files:
	rendclient.c rendcommon.c rendmid.c rendservice.c 
Log Message:
Document stuff, reduce magic numbers, add emacs magic

Index: rendclient.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendclient.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- rendclient.c	5 Apr 2004 23:40:59 -0000	1.19
+++ rendclient.c	6 Apr 2004 03:44:36 -0000	1.20
@@ -41,12 +41,15 @@
   return 0;
 }
 
+/* Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell
+ * down introcirc if possible.
+ */
 int
 rend_client_send_introduction(circuit_t *introcirc, circuit_t *rendcirc) {
   const char *descp;
   int desc_len, payload_len, r;
   char payload[RELAY_PAYLOAD_SIZE];
-  char tmp[20+20+128];
+  char tmp[(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+DH_KEY_LEN];
   rend_service_descriptor_t *parsed=NULL;
   crypt_path_t *cpath;
 
@@ -85,22 +88,25 @@
   }
 
   /* write the remaining items into tmp */
-  strncpy(tmp, rendcirc->build_state->chosen_exit, 20); /* nul pads */
-  memcpy(tmp+20, rendcirc->rend_cookie, 20);
-  if (crypto_dh_get_public(cpath->handshake_state, tmp+40, 128)<0) {
+  strncpy(tmp, rendcirc->build_state->chosen_exit, (MAX_NICKNAME_LEN+1)); /* nul pads */
+  memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_cookie, REND_COOKIE_LEN);
+  if (crypto_dh_get_public(cpath->handshake_state,
+                           tmp+MAX_NICKNAME_LEN+1+REND_COOKIE_LEN,
+                           DH_KEY_LEN)<0) {
     log_fn(LOG_WARN, "Couldn't extract g^x");
     goto err;
   }
 
   r = crypto_pk_public_hybrid_encrypt(parsed->pk, tmp,
-                                      20+20+128, payload+20,
+                           MAX_NICKNAME_LEN+1+REND_COOKIE_LEN+DH_KEY_LEN,
+                                      payload+DIGEST_LEN,
                                       PK_PKCS1_OAEP_PADDING);
   if (r<0) {
     log_fn(LOG_WARN,"hybrid pk encrypt failed.");
     goto err;
   }
 
-  payload_len = 20 + r;
+  payload_len = DIGEST_LEN + r;
 
   rend_service_descriptor_free(parsed);
 
@@ -142,6 +148,9 @@
   connection_ap_attach_pending();
 }
 
+/* Called when we recieve a RENDEZVOUS_ESTABLISHED cell; changes the state of
+ * the circuit to C_REND_READY.
+ */
 int
 rend_client_rendezvous_acked(circuit_t *circ, const char *request, int request_len)
 {

Index: rendcommon.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendcommon.c,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -d -r1.18 -r1.19
--- rendcommon.c	5 Apr 2004 07:41:31 -0000	1.18
+++ rendcommon.c	6 Apr 2004 03:44:36 -0000	1.19
@@ -4,6 +4,8 @@
 
 #include "or.h"
 
+/* Free the storage held by held by 'desc'.
+ */
 void rend_service_descriptor_free(rend_service_descriptor_t *desc)
 {
   int i;
@@ -18,6 +20,9 @@
   tor_free(desc);
 }
 
+/* Encode a service descriptor for 'desc', and sign it with 'key'. Stores
+ * the descriptor in *str_out, and sets *len_out to its length.
+ */
 int
 rend_encode_service_descriptor(rend_service_descriptor_t *desc,
                                crypto_pk_env_t *key,
@@ -120,6 +125,9 @@
   return NULL;
 }
 
+/* Sets out to the first 10 bytes of the digest of 'pk', base32 encoded.
+ * NUL-terminates out.
+ */
 int rend_get_service_id(crypto_pk_env_t *pk, char *out)
 {
   char buf[DIGEST_LEN];
@@ -136,18 +144,22 @@
 #define REND_CACHE_MAX_SKEW 60*60
 
 typedef struct rend_cache_entry_t {
-  int len;
-  char *desc;
-  rend_service_descriptor_t *parsed;
+  int len; /* Length of desc */
+  char *desc; /* Service descriptor */
+  rend_service_descriptor_t *parsed; /* Parsed vvalue of 'desc' */
 } rend_cache_entry_t;
 
 static strmap_t *rend_cache = NULL;
 
+/* Initializes the service descriptor cache.
+ */
 void rend_cache_init(void)
 {
   rend_cache = strmap_new();
 }
 
+/* Removes all old entries from the service descriptor cache.
+ */
 void rend_cache_clean(void)
 {
   strmap_iter_t *iter;

Index: rendmid.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendmid.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- rendmid.c	5 Apr 2004 21:40:22 -0000	1.14
+++ rendmid.c	6 Apr 2004 03:44:36 -0000	1.15
@@ -5,7 +5,7 @@
 #include "or.h"
 
 /* Respond to an ESTABLISH_INTRO cell by setting the circuit's purpose and
- * rendevous service.
+ * service pk digest..
  */
 int
 rend_mid_establish_intro(circuit_t *circ, const char *request, int request_len)
@@ -85,7 +85,7 @@
 
   /* Now, set up this circuit. */
   circ->purpose = CIRCUIT_PURPOSE_INTRO_POINT;
-  memcpy(circ->rend_pk_digest, pk_digest, 20);
+  memcpy(circ->rend_pk_digest, pk_digest, DIGEST_LEN);
 
   log_fn(LOG_INFO,
          "Established introduction point on circuit %d for service %s",
@@ -116,7 +116,8 @@
     goto err;
   }
 
-  if (request_len < 246) {
+  if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+
+                     DH_KEY_LEN+CIPHER_KEY_LEN+PKCS1_OAEP_PADDING_OVERHEAD)) {
     log_fn(LOG_WARN,
            "Impossibly short INTRODUCE1 cell on circuit %d; dropping.",
            circ->p_circ_id);
@@ -237,7 +238,8 @@
   /* Send the RENDEZVOUS2 cell to Alice. */
   if (connection_edge_send_command(NULL, rend_circ,
                                    RELAY_COMMAND_RENDEZVOUS2,
-                                   request+20, request_len-20, NULL)) {
+                                   request+REND_COOKIE_LEN,
+                                   request_len-REND_COOKIE_LEN, NULL)) {
     log_fn(LOG_WARN, "Unable to send RENDEZVOUS2 cell to OP on circuit %d",
            rend_circ->p_circ_id);
     goto err;
@@ -250,7 +252,7 @@
 
   circ->purpose = CIRCUIT_PURPOSE_REND_ESTABLISHED;
   rend_circ->purpose = CIRCUIT_PURPOSE_REND_ESTABLISHED;
-  memset(circ->rend_cookie, 0, 20);
+  memset(circ->rend_cookie, 0, REND_COOKIE_LEN);
 
   rend_circ->rend_splice = circ;
   circ->rend_splice = rend_circ;

Index: rendservice.c
===================================================================
RCS file: /home/or/cvsroot/src/or/rendservice.c,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -d -r1.30 -r1.31
--- rendservice.c	5 Apr 2004 23:40:59 -0000	1.30
+++ rendservice.c	6 Apr 2004 03:44:36 -0000	1.31
@@ -16,6 +16,8 @@
   uint32_t real_address;
 } rend_service_port_config_t;
 
+/* Try to maintain this many intro points per service if possible.
+ */
 #define NUM_INTRO_POINTS 3
 
 /* Represents a single hidden service running at this OP.
@@ -34,27 +36,32 @@
   rend_service_descriptor_t *desc;
 } rend_service_t;
 
-/* A list of rend_service_t.
+/* A list of rend_service_t's for services run on this OP.
  */
 static smartlist_t *rend_service_list = NULL;
 
-static void rend_service_free(rend_service_t *config)
+/* Release the storage held by 'service'.
+ */
+static void rend_service_free(rend_service_t *service)
 {
-  if (!config) return;
-  tor_free(config->directory);
-  SMARTLIST_FOREACH(config->ports, void*, p, tor_free(p));
-  smartlist_free(config->ports);
-  if (config->private_key)
-    crypto_free_pk_env(config->private_key);
-  tor_free(config->intro_prefer_nodes);
-  tor_free(config->intro_exclude_nodes);
-  SMARTLIST_FOREACH(config->intro_nodes, void*, p, tor_free(p));
-  smartlist_free(config->intro_nodes);
-  if (config->desc)
-    rend_service_descriptor_free(config->desc);
-  tor_free(config);
+  if (!service) return;
+  tor_free(service->directory);
+  SMARTLIST_FOREACH(service->ports, void*, p, tor_free(p));
+  smartlist_free(service->ports);
+  if (service->private_key)
+    crypto_free_pk_env(service->private_key);
+  tor_free(service->intro_prefer_nodes);
+  tor_free(service->intro_exclude_nodes);
+  SMARTLIST_FOREACH(service->intro_nodes, void*, p, tor_free(p));
+  smartlist_free(service->intro_nodes);
+  if (service->desc)
+    rend_service_descriptor_free(service->desc);
+  tor_free(service);
 }
 
+/* Release all the storage held in rend_service_list, and allocate a new,
+ * empty rend_service_list.
+ */
 static void rend_service_free_all(void)
 {
   if (!rend_service_list) {
@@ -67,6 +74,8 @@
   rend_service_list = smartlist_create();
 }
 
+/* Validate 'service' and add it to rend_service_list if possible.
+ */
 static void add_service(rend_service_t *service)
 {
   int i;
@@ -94,7 +103,10 @@
   }
 }
 
-/* Format: VirtualPort (IP|RealPort|IP:RealPort)?
+/* Parses a real-port to virtual-port mapping and returns a new
+ * rend_service_port_config_t.
+ *
+ * The format is: VirtualPort (IP|RealPort|IP:RealPort)?
  *    IP defaults to 127.0.0.1; RealPort defaults to VirtualPort.
  */
 static rend_service_port_config_t *parse_port_config(const char *string)
@@ -117,7 +129,7 @@
   if (!*string) {
     /* No addr:port part; use default. */
     realport = virtport;
-    addr.s_addr = htonl(0x7F000001u);
+    addr.s_addr = htonl(0x7F000001u); /* 127.0.0.1 */
   } else {
     colon = strchr(string, ':');
     if (colon) {
@@ -256,8 +268,8 @@
       return -1;
 
     /* Load key */
-    if (strlcpy(fname,s->directory,512) >= 512 ||
-        strlcat(fname,"/private_key",512) >= 512) {
+    if (strlcpy(fname,s->directory,sizeof(fname)) >= sizeof(fname) ||
+        strlcat(fname,"/private_key",sizeof(fname)) >= sizeof(fname)) {
       log_fn(LOG_WARN, "Directory name too long: '%s'", s->directory);
       return -1;
     }
@@ -274,8 +286,8 @@
       log_fn(LOG_WARN, "Couldn't compute hash of public key");
       return -1;
     }
-    if (strlcpy(fname,s->directory,512) >= 512 ||
-        strlcat(fname,"/hostname",512) >= 512) {
+    if (strlcpy(fname,s->directory,sizeof(fname)) >= sizeof(fname) ||
+        strlcat(fname,"/hostname",sizeof(fname)) >= sizeof(fname)) {
       log_fn(LOG_WARN, "Directory name too long: '%s'", s->directory);
       return -1;
     }
@@ -286,11 +298,14 @@
   return 0;
 }
 
+/* Return the service whose public key has a digest of 'digest'. Return
+ * NULL if no such service exists.
+ */
 static rend_service_t *
 rend_service_get_by_pk_digest(const char* digest)
 {
   SMARTLIST_FOREACH(rend_service_list, rend_service_t*, s,
-                    if (!memcmp(s->pk_digest,digest,20)) return s);
+                    if (!memcmp(s->pk_digest,digest,DIGEST_LEN)) return s);
   return NULL;
 }
 
@@ -326,9 +341,9 @@
     return -1;
   }
 
-  /* XXX NM this is wrong, right? */
   /* min key length plus digest length plus nickname length */
-  if (request_len < 148) {
+  if (request_len < DIGEST_LEN+REND_COOKIE_LEN+(MAX_NICKNAME_LEN+1)+
+      DH_KEY_LEN+42){
     log_fn(LOG_WARN, "Got a truncated INTRODUCE2 cell on circ %d",
            circuit->n_circ_id);
     return -1;
@@ -374,7 +389,7 @@
   rp_nickname = buf;
   ptr = buf+(MAX_NICKNAME_LEN+1);
   len -= (MAX_NICKNAME_LEN+1);
-  if (len != 20+128) {
+  if (len != REND_COOKIE_LEN+DH_KEY_LEN) {
     log_fn(LOG_WARN, "Bad length for INTRODUCE2 cell.");
     return -1;
   }
@@ -415,9 +430,9 @@
 
   cpath->handshake_state = dh;
   dh = NULL;
-  if (circuit_init_cpath_crypto(cpath,keys+20,1)<0)
+  if (circuit_init_cpath_crypto(cpath,keys+DIGEST_LEN,1)<0)
     goto err;
-  memcpy(cpath->handshake_digest, keys, 20);
+  memcpy(cpath->handshake_digest, keys, DIGEST_LEN);
 
   return 0;
  err:
@@ -460,9 +475,8 @@
   rend_service_t *service;
   int len, r;
   char buf[RELAY_PAYLOAD_SIZE];
-  char auth[DIGEST_LEN + 10];
+  char auth[DIGEST_LEN + 9];
   char hexid[9];
-  char hexdigest[DIGEST_LEN*2+1];
 
   assert(circuit->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO);
   assert(circuit->cpath);
@@ -485,15 +499,9 @@
   set_uint16(buf, len);
   len += 2;
   memcpy(auth, circuit->cpath->prev->handshake_digest, DIGEST_LEN);
-  /* XXXX remove me once we've debugged this; this info should not be logged.
-   */
-  hex_encode(circuit->cpath->prev->handshake_digest, DIGEST_LEN, hexdigest);
-  log_fn(LOG_INFO,"Handshake information is: %s", hexdigest);
   memcpy(auth+DIGEST_LEN, "INTRODUCE", 9);
   if (crypto_digest(auth, DIGEST_LEN+9, buf+len))
     goto err;
-  hex_encode(buf+len, DIGEST_LEN, hexdigest);
-  log_fn(LOG_INFO,"Authentication is: %s", hexdigest);
   len += 20;
   r = crypto_pk_private_sign_digest(service->private_key, buf, len, buf+len);
   if (r<0) {
@@ -597,6 +605,10 @@
  * Manage introduction points
  ******/
 
+/* Return the introduction circuit ending at 'router' for the service
+ * whose public key is 'pk_digest'.  Return NULL if no such service is
+ * found.
+ */
 static circuit_t *
 find_intro_circuit(routerinfo_t *router, const char *pk_digest)
 {