Tor
0.4.7.0-alpha-dev
|
Functions to implement the relay-only parts of our connection handshake. More...
#include "orconfig.h"
#include "core/or/or.h"
#include "feature/relay/relay_handshake.h"
#include "app/config/config.h"
#include "core/or/connection_or.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "trunnel/link_handshake.h"
#include "feature/relay/routerkeys.h"
#include "feature/nodelist/torcert.h"
#include "core/or/or_connection_st.h"
#include "core/or/or_handshake_certs_st.h"
#include "core/or/or_handshake_state_st.h"
#include "core/or/var_cell_st.h"
#include "lib/tls/tortls.h"
#include "lib/tls/x509.h"
Go to the source code of this file.
Macros | |
#define | certs_cell_ed25519_disabled_for_testing 0 |
#define | testing__connection_or_pretend_TLSSECRET_is_supported 0 |
Functions | |
static void | add_certs_cell_cert_helper (certs_cell_t *certs_cell, uint8_t cert_type, const uint8_t *cert_encoded, size_t cert_len) |
static void | add_x509_cert (certs_cell_t *certs_cell, uint8_t cert_type, const tor_x509_cert_t *cert) |
static void | add_ed25519_cert (certs_cell_t *certs_cell, uint8_t cert_type, const tor_cert_t *cert) |
int | connection_or_send_certs_cell (or_connection_t *conn) |
int | authchallenge_type_is_supported (uint16_t challenge_type) |
int | authchallenge_type_is_better (uint16_t challenge_type_a, uint16_t challenge_type_b) |
int | connection_or_send_auth_challenge_cell (or_connection_t *conn) |
var_cell_t * | connection_or_compute_authenticate_cell_body (or_connection_t *conn, const int authtype, crypto_pk_t *signing_key, const ed25519_keypair_t *ed_signing_key, int server) |
int | connection_or_send_authenticate_cell (or_connection_t *conn, int authtype) |
Functions to implement the relay-only parts of our connection handshake.
Some parts of our TLS link handshake are only done by relays (including bridges). Specifically, only relays need to send CERTS cells; only relays need to send or receive AUTHCHALLENGE cells, and only relays need to send or receive AUTHENTICATE cells.
Definition in file relay_handshake.c.
|
static |
Helper used to add an encoded certs to a cert cell
Definition at line 39 of file relay_handshake.c.
Referenced by add_ed25519_cert(), and add_x509_cert().
|
static |
Add an Ed25519 cert from cert to the trunnel certs_cell_t object that we are building in certs_cell. Set its type field to cert_type. (If cert is NULL, take no action.)
Definition at line 77 of file relay_handshake.c.
|
static |
Add an encoded X509 cert (stored as cert_len bytes at cert_encoded) to the trunnel certs_cell_t object that we are building in certs_cell. Set its type field to cert_type. (If cert is NULL, take no action.)
Definition at line 59 of file relay_handshake.c.
int authchallenge_type_is_better | ( | uint16_t | challenge_type_a, |
uint16_t | challenge_type_b | ||
) |
Return true iff challenge_type_a is one that we would rather use than challenge_type_b.
Definition at line 215 of file relay_handshake.c.
int authchallenge_type_is_supported | ( | uint16_t | challenge_type | ) |
Return true iff challenge_type is an AUTHCHALLENGE type that we can send and receive.
Definition at line 195 of file relay_handshake.c.
Referenced by authchallenge_type_is_better(), and connection_or_send_auth_challenge_cell().
var_cell_t* connection_or_compute_authenticate_cell_body | ( | or_connection_t * | conn, |
const int | authtype, | ||
crypto_pk_t * | signing_key, | ||
const ed25519_keypair_t * | ed_signing_key, | ||
int | server | ||
) |
Compute the main body of an AUTHENTICATE cell that a client can use to authenticate itself on a v3 handshake for conn. Return it in a var_cell_t.
If server is true, only calculate the first V3_AUTH_FIXED_PART_LEN bytes – the part of the authenticator that's determined by the rest of the handshake, and which match the provided value exactly.
If server is false and signing_key is NULL, calculate the first V3_AUTH_BODY_LEN bytes of the authenticator (that is, everything that should be signed), but don't actually sign it.
If server is false and signing_key is provided, calculate the entire authenticator, signed with signing_key.
Return the length of the cell body on success, and -1 on failure.
Definition at line 296 of file relay_handshake.c.
int connection_or_send_auth_challenge_cell | ( | or_connection_t * | conn | ) |
Send an AUTH_CHALLENGE cell on the connection conn. Return 0 on success, -1 on failure.
Definition at line 232 of file relay_handshake.c.
int connection_or_send_authenticate_cell | ( | or_connection_t * | conn, |
int | authtype | ||
) |
Send an AUTHENTICATE cell on the connection conn. Return 0 on success, -1 on failure
Definition at line 536 of file relay_handshake.c.
int connection_or_send_certs_cell | ( | or_connection_t * | conn | ) |
Send a CERTS cell on the connection conn. Return 0 on success, -1 on failure.
Definition at line 97 of file relay_handshake.c.