Tor  0.4.7.0-alpha-dev
Macros | Functions
onion_tap.h File Reference

Header file for onion_tap.c. More...

Go to the source code of this file.

Macros

#define TAP_ONIONSKIN_CHALLENGE_LEN
 
#define TAP_ONIONSKIN_REPLY_LEN   (DH1024_KEY_LEN+DIGEST_LEN)
 

Functions

int onion_skin_TAP_create (struct crypto_pk_t *router_key, struct crypto_dh_t **handshake_state_out, char *onion_skin_out)
 
int onion_skin_TAP_server_handshake (const char *onion_skin, struct crypto_pk_t *private_key, struct crypto_pk_t *prev_private_key, char *handshake_reply_out, char *key_out, size_t key_out_len)
 
int onion_skin_TAP_client_handshake (struct crypto_dh_t *handshake_state, const char *handshake_reply, char *key_out, size_t key_out_len, const char **msg_out)
 

Detailed Description

Header file for onion_tap.c.

Definition in file onion_tap.h.

Macro Definition Documentation

◆ TAP_ONIONSKIN_CHALLENGE_LEN

#define TAP_ONIONSKIN_CHALLENGE_LEN
Value:
CIPHER_KEY_LEN+\
DH1024_KEY_LEN)
#define PKCS1_OAEP_PADDING_OVERHEAD
Definition: crypto_rsa.h:30

Definition at line 15 of file onion_tap.h.

Function Documentation

◆ onion_skin_TAP_client_handshake()

int onion_skin_TAP_client_handshake ( crypto_dh_t handshake_state,
const char *  handshake_reply,
char *  key_out,
size_t  key_out_len,
const char **  msg_out 
)

Finish the client side of the DH handshake. Given the 128 byte DH reply + 20 byte hash as generated by onion_skin_server_handshake and the handshake state generated by onion_skin_create, verify H(K) with the first 20 bytes of shared key material, then generate key_out_len more bytes of shared key material and store them in key_out.

After the invocation, call crypto_dh_free on handshake_state.

Definition at line 207 of file onion_tap.c.

◆ onion_skin_TAP_create()

int onion_skin_TAP_create ( crypto_pk_t dest_router_key,
crypto_dh_t **  handshake_state_out,
char *  onion_skin_out 
)

Given a router's 128 byte public key, stores the following in onion_skin_out:

  • [42 bytes] OAEP padding
  • [16 bytes] Symmetric key for encrypting blob past RSA
  • [70 bytes] g^x part 1 (inside the RSA)
  • [58 bytes] g^x part 2 (symmetrically encrypted)

Stores the DH private key into handshake_state_out for later completion of the handshake.

The meeting point/cookies and auth are zeroed out for now.

Definition at line 53 of file onion_tap.c.

◆ onion_skin_TAP_server_handshake()

int onion_skin_TAP_server_handshake ( const char *  onion_skin,
crypto_pk_t private_key,
crypto_pk_t prev_private_key,
char *  handshake_reply_out,
char *  key_out,
size_t  key_out_len 
)

Given an encrypted DH public key as generated by onion_skin_create, and the private key for this onion router, generate the reply (128-byte DH plus the first 20 bytes of shared key material), and store the next key_out_len bytes of key material in key_out.

Definition at line 105 of file onion_tap.c.