[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Split the cryptographic part of handle_client_auth_nonce into new fn
commit b64351ed17f3d30425e1e007de50ef66c2b6c789
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Wed Jul 31 12:31:26 2013 -0400
Split the cryptographic part of handle_client_auth_nonce into new fn
---
src/or/ext_orport.c | 91 +++++++++++++++++++++++++++++++++------------------
1 file changed, 60 insertions(+), 31 deletions(-)
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index 9b4db73..f4df1b7 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -197,40 +197,19 @@ connection_ext_or_auth_neg_auth_type(connection_t *conn)
return 1;
}
-/** Read the client's nonce out of <b>conn</b>, setup the safe-cookie
- * crypto, and then send our own hash and nonce to the client
- *
- * Return -1 if there was an error; return 0 if we need more data in
- * <b>conn</b>, and return 1 if we successfully retrieved the
- * client's nonce and sent our own. */
+/** DOCDOC */
static int
-connection_ext_or_auth_handle_client_nonce(connection_t *conn)
+handle_client_auth_nonce(const char *client_nonce, size_t client_nonce_len,
+ char **client_hash_out,
+ char**reply_out, size_t *reply_len_out)
{
char server_hash[EXT_OR_PORT_AUTH_HASH_LEN] = {0};
- char client_nonce[EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
char server_nonce[EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
- char reply[EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_NONCE_LEN] = {0};
+ char *reply;
+ size_t reply_len;
- if (!ext_or_auth_cookie_is_set) { /* this should not happen */
- log_warn(LD_BUG, "Extended ORPort authentication cookie was not set. "
- "That's weird since we should have done that on startup. "
- "This might be a Tor bug, please file a bug report. ");
+ if (client_nonce_len != EXT_OR_PORT_AUTH_NONCE_LEN)
return -1;
- }
-
- if (connection_get_inbuf_len(conn) < EXT_OR_PORT_AUTH_NONCE_LEN)
- return 0;
-
- if (connection_fetch_from_buf(client_nonce,
- EXT_OR_PORT_AUTH_NONCE_LEN, conn) < 0)
- return -1;
-
- /* We extract the ClientNonce from the received data, and use it to
- calculate ServerHash and ServerNonce according to proposal 217.
-
- We also calculate our own ClientHash value and save it in the
- connection state. We validate it later against the ClientHash
- sent by the client. */
/* Get our nonce */
if (crypto_rand(server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN) < 0)
@@ -278,7 +257,7 @@ connection_ext_or_auth_handle_client_nonce(connection_t *conn)
/* Store the client hash we generated. We will need to compare it
with the hash sent by the client. */
- TO_OR_CONN(conn)->ext_or_auth_correct_client_hash = correct_client_hash;
+ *client_hash_out = correct_client_hash;
memwipe(hmac_s_msg, 0, hmac_s_msg_len);
memwipe(hmac_c_msg, 0, hmac_c_msg_len);
@@ -309,13 +288,63 @@ connection_ext_or_auth_handle_client_nonce(connection_t *conn)
}
{ /* write reply: (server_hash, server_nonce) */
+
+ reply_len = EXT_OR_PORT_AUTH_COOKIE_LEN+EXT_OR_PORT_AUTH_NONCE_LEN;
+ reply = tor_malloc_zero(reply_len);
memcpy(reply, server_hash, EXT_OR_PORT_AUTH_HASH_LEN);
memcpy(reply + EXT_OR_PORT_AUTH_HASH_LEN, server_nonce,
EXT_OR_PORT_AUTH_NONCE_LEN);
- connection_write_to_buf(reply, sizeof(reply), conn);
- memwipe(reply, 0, sizeof(reply));
}
+ *reply_out = reply;
+ *reply_len_out = reply_len;
+
+ return 0;
+}
+
+/** Read the client's nonce out of <b>conn</b>, setup the safe-cookie
+ * crypto, and then send our own hash and nonce to the client
+ *
+ * Return -1 if there was an error; return 0 if we need more data in
+ * <b>conn</b>, and return 1 if we successfully retrieved the
+ * client's nonce and sent our own. */
+static int
+connection_ext_or_auth_handle_client_nonce(connection_t *conn)
+{
+ char client_nonce[EXT_OR_PORT_AUTH_NONCE_LEN];
+ char *reply=NULL;
+ size_t reply_len=0;
+
+ if (!ext_or_auth_cookie_is_set) { /* this should not happen */
+ log_warn(LD_BUG, "Extended ORPort authentication cookie was not set. "
+ "That's weird since we should have done that on startup. "
+ "This might be a Tor bug, please file a bug report. ");
+ return -1;
+ }
+
+ if (connection_get_inbuf_len(conn) < EXT_OR_PORT_AUTH_NONCE_LEN)
+ return 0;
+
+ if (connection_fetch_from_buf(client_nonce,
+ EXT_OR_PORT_AUTH_NONCE_LEN, conn) < 0)
+ return -1;
+
+ /* We extract the ClientNonce from the received data, and use it to
+ calculate ServerHash and ServerNonce according to proposal 217.
+
+ We also calculate our own ClientHash value and save it in the
+ connection state. We validate it later against the ClientHash
+ sent by the client. */
+ if (handle_client_auth_nonce(client_nonce, sizeof(client_nonce),
+ &TO_OR_CONN(conn)->ext_or_auth_correct_client_hash,
+ &reply, &reply_len) < 0)
+ return -1;
+
+ connection_write_to_buf(reply, reply_len, conn);
+
+ memwipe(reply, 0, reply_len);
+ tor_free(reply);
+
log_debug(LD_GENERAL, "Got client nonce, and sent our own nonce and hash.");
conn->state = EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH;
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits