68 crypto_pk_free(keys->onion_key);
69 crypto_pk_free(keys->last_onion_key);
70 ntor_key_map_free(keys->curve25519_key_map);
82 case ONION_HANDSHAKE_TYPE_TAP:
83 crypto_dh_free(state->u.tap);
86 case ONION_HANDSHAKE_TYPE_FAST:
87 fast_handshake_state_free(state->u.fast);
90 case ONION_HANDSHAKE_TYPE_NTOR:
91 ntor_handshake_state_free(state->u.ntor);
97 log_warn(
LD_BUG,
"called with unknown handshake state type %d",
113 uint8_t *onion_skin_out)
118 case ONION_HANDSHAKE_TYPE_TAP:
124 (
char*)onion_skin_out) < 0)
127 r = TAP_ONIONSKIN_CHALLENGE_LEN;
129 case ONION_HANDSHAKE_TYPE_FAST:
135 case ONION_HANDSHAKE_TYPE_NTOR:
136 if (!extend_info_supports_ntor(node))
149 log_warn(
LD_BUG,
"called with unknown handshake state type %d", type);
156 state_out->tag = (uint16_t) type;
164 #define MAX_KEYS_TMP_LEN 128
175 const uint8_t *onion_skin,
size_t onionskin_len,
178 uint8_t *keys_out,
size_t keys_out_len,
179 uint8_t *rend_nonce_out)
184 case ONION_HANDSHAKE_TYPE_TAP:
185 if (onionskin_len != TAP_ONIONSKIN_CHALLENGE_LEN)
188 keys->onion_key, keys->last_onion_key,
190 (
char*)keys_out, keys_out_len)<0)
192 r = TAP_ONIONSKIN_REPLY_LEN;
195 case ONION_HANDSHAKE_TYPE_FAST:
196 if (onionskin_len != CREATE_FAST_LEN)
200 r = CREATED_FAST_LEN;
203 case ONION_HANDSHAKE_TYPE_NTOR:
207 size_t keys_tmp_len = keys_out_len +
DIGEST_LEN;
209 uint8_t keys_tmp[MAX_KEYS_TMP_LEN];
212 onion_skin, keys->curve25519_key_map,
215 reply_out, keys_tmp, keys_tmp_len)<0) {
220 memcpy(keys_out, keys_tmp, keys_out_len);
221 memcpy(rend_nonce_out, keys_tmp+keys_out_len,
DIGEST_LEN);
222 memwipe(keys_tmp, 0,
sizeof(keys_tmp));
229 log_warn(
LD_BUG,
"called with unknown handshake state type %d", type);
249 const uint8_t *reply,
size_t reply_len,
250 uint8_t *keys_out,
size_t keys_out_len,
251 uint8_t *rend_authenticator_out,
252 const char **msg_out)
254 if (handshake_state->tag != type)
258 case ONION_HANDSHAKE_TYPE_TAP:
259 if (reply_len != TAP_ONIONSKIN_REPLY_LEN) {
261 *msg_out =
"TAP reply was not of the correct length.";
266 (
char *)keys_out, keys_out_len,
273 case ONION_HANDSHAKE_TYPE_FAST:
274 if (reply_len != CREATED_FAST_LEN) {
276 *msg_out =
"TAP reply was not of the correct length.";
280 keys_out, keys_out_len, msg_out) < 0)
285 case ONION_HANDSHAKE_TYPE_NTOR:
288 *msg_out =
"ntor reply was not of the correct length.";
292 size_t keys_tmp_len = keys_out_len +
DIGEST_LEN;
293 uint8_t *keys_tmp = tor_malloc(keys_tmp_len);
296 keys_tmp, keys_tmp_len, msg_out) < 0) {
300 memcpy(keys_out, keys_tmp, keys_out_len);
301 memcpy(rend_authenticator_out, keys_tmp + keys_out_len,
DIGEST_LEN);
302 memwipe(keys_tmp, 0, keys_tmp_len);
307 log_warn(
LD_BUG,
"called with unknown handshake state type %d", type);
Path structures for origin circuits.
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
Header for core/or/extendinfo.c.
int onion_skin_client_handshake(int type, const onion_handshake_state_t *handshake_state, const uint8_t *reply, size_t reply_len, uint8_t *keys_out, size_t keys_out_len, uint8_t *rend_authenticator_out, const char **msg_out)
int onion_skin_server_handshake(int type, const uint8_t *onion_skin, size_t onionskin_len, const server_onion_keys_t *keys, uint8_t *reply_out, uint8_t *keys_out, size_t keys_out_len, uint8_t *rend_nonce_out)
server_onion_keys_t * server_onion_keys_new(void)
void server_onion_keys_free_(server_onion_keys_t *keys)
void onion_handshake_state_release(onion_handshake_state_t *state)
int onion_skin_create(int type, const extend_info_t *node, onion_handshake_state_t *state_out, uint8_t *onion_skin_out)
Header file for onion_crypto.c.
int fast_client_handshake(const fast_handshake_state_t *handshake_state, const uint8_t *handshake_reply_out, uint8_t *key_out, size_t key_out_len, const char **msg_out)
int fast_server_handshake(const uint8_t *key_in, uint8_t *handshake_reply_out, uint8_t *key_out, size_t key_out_len)
int fast_onionskin_create(fast_handshake_state_t **handshake_state_out, uint8_t *handshake_out)
Header file for onion_fast.c.
int onion_skin_ntor_client_handshake(const ntor_handshake_state_t *handshake_state, const uint8_t *handshake_reply, uint8_t *key_out, size_t key_out_len, const char **msg_out)
int onion_skin_ntor_server_handshake(const uint8_t *onion_skin, const di_digest256_map_t *private_keys, const curve25519_keypair_t *junk_keys, const uint8_t *my_node_id, uint8_t *handshake_reply_out, uint8_t *key_out, size_t key_out_len)
int onion_skin_ntor_create(const uint8_t *router_id, const curve25519_public_key_t *router_key, ntor_handshake_state_t **handshake_state_out, uint8_t *onion_skin_out)
#define NTOR_ONIONSKIN_LEN
int onion_skin_TAP_client_handshake(crypto_dh_t *handshake_state, const char *handshake_reply, char *key_out, size_t key_out_len, const char **msg_out)
int onion_skin_TAP_create(crypto_pk_t *dest_router_key, crypto_dh_t **handshake_state_out, char *onion_skin_out)
int onion_skin_TAP_server_handshake(const char *onion_skin, crypto_pk_t *private_key, crypto_pk_t *prev_private_key, char *handshake_reply_out, char *key_out, size_t key_out_len)
Header file for onion_tap.c.
Master header file for Tor-specific functionality.
di_digest256_map_t * construct_ntor_key_map(void)
void dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
const uint8_t * router_get_my_id_digest(void)
Header file for router.c.
char identity_digest[DIGEST_LEN]
curve25519_public_key_t curve25519_onion_key
#define tor_fragile_assert()