64 *handshake_state_out = NULL;
65 memset(onion_skin_out, 0, TAP_ONIONSKIN_CHALLENGE_LEN);
80 TAP_ONIONSKIN_CHALLENGE_LEN,
85 memwipe(challenge, 0,
sizeof(challenge));
86 *handshake_state_out = dh;
93 memwipe(challenge, 0,
sizeof(challenge));
94 if (dh) crypto_dh_free(dh);
107 const char *onion_skin,
111 char *handshake_reply_out,
115 char challenge[TAP_ONIONSKIN_CHALLENGE_LEN];
118 char *key_material=NULL;
119 size_t key_material_len=0;
125 k = i==0?private_key:prev_private_key;
129 TAP_ONIONSKIN_CHALLENGE_LEN,
131 TAP_ONIONSKIN_CHALLENGE_LEN,
138 "Couldn't decrypt onionskin: client may be using old onion key");
142 "Unexpected onionskin length after decryption: %ld",
152 log_warn(
LD_BUG,
"Couldn't allocate DH key");
160 log_info(
LD_GENERAL,
"crypto_dh_get_public failed.");
166 key_material = tor_malloc(key_material_len);
171 log_info(
LD_GENERAL,
"crypto_dh_compute_secret failed.");
179 memcpy(key_out, key_material+
DIGEST_LEN, key_out_len);
181 memwipe(challenge, 0,
sizeof(challenge));
182 memwipe(key_material, 0, key_material_len);
187 memwipe(challenge, 0,
sizeof(challenge));
189 memwipe(key_material, 0, key_material_len);
192 if (dh) crypto_dh_free(dh);
208 const char *handshake_reply,
211 const char **msg_out)
214 char *key_material=NULL;
215 size_t key_material_len;
219 key_material = tor_malloc(key_material_len);
225 *msg_out =
"DH computation failed.";
232 *msg_out =
"Digest DOES NOT MATCH on onion handshake. Bug or attack.";
237 memcpy(key_out, key_material+
DIGEST_LEN, key_out_len);
239 memwipe(key_material, 0, key_material_len);
243 memwipe(key_material, 0, key_material_len);