Tor  0.4.7.0-alpha-dev
Macros | Functions
relay_handshake.c File Reference

Functions to implement the relay-only parts of our connection handshake. More...

#include "orconfig.h"
#include "core/or/or.h"
#include "feature/relay/relay_handshake.h"
#include "app/config/config.h"
#include "core/or/connection_or.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "trunnel/link_handshake.h"
#include "feature/relay/routerkeys.h"
#include "feature/nodelist/torcert.h"
#include "core/or/or_connection_st.h"
#include "core/or/or_handshake_certs_st.h"
#include "core/or/or_handshake_state_st.h"
#include "core/or/var_cell_st.h"
#include "lib/tls/tortls.h"
#include "lib/tls/x509.h"

Go to the source code of this file.

Macros

#define certs_cell_ed25519_disabled_for_testing   0
 
#define testing__connection_or_pretend_TLSSECRET_is_supported   0
 

Functions

static void add_certs_cell_cert_helper (certs_cell_t *certs_cell, uint8_t cert_type, const uint8_t *cert_encoded, size_t cert_len)
 
static void add_x509_cert (certs_cell_t *certs_cell, uint8_t cert_type, const tor_x509_cert_t *cert)
 
static void add_ed25519_cert (certs_cell_t *certs_cell, uint8_t cert_type, const tor_cert_t *cert)
 
int connection_or_send_certs_cell (or_connection_t *conn)
 
int authchallenge_type_is_supported (uint16_t challenge_type)
 
int authchallenge_type_is_better (uint16_t challenge_type_a, uint16_t challenge_type_b)
 
int connection_or_send_auth_challenge_cell (or_connection_t *conn)
 
var_cell_tconnection_or_compute_authenticate_cell_body (or_connection_t *conn, const int authtype, crypto_pk_t *signing_key, const ed25519_keypair_t *ed_signing_key, int server)
 
int connection_or_send_authenticate_cell (or_connection_t *conn, int authtype)
 

Detailed Description

Functions to implement the relay-only parts of our connection handshake.

Some parts of our TLS link handshake are only done by relays (including bridges). Specifically, only relays need to send CERTS cells; only relays need to send or receive AUTHCHALLENGE cells, and only relays need to send or receive AUTHENTICATE cells.

Definition in file relay_handshake.c.

Function Documentation

◆ add_certs_cell_cert_helper()

static void add_certs_cell_cert_helper ( certs_cell_t *  certs_cell,
uint8_t  cert_type,
const uint8_t *  cert_encoded,
size_t  cert_len 
)
static

Helper used to add an encoded certs to a cert cell

Definition at line 39 of file relay_handshake.c.

Referenced by add_ed25519_cert(), and add_x509_cert().

◆ add_ed25519_cert()

static void add_ed25519_cert ( certs_cell_t *  certs_cell,
uint8_t  cert_type,
const tor_cert_t cert 
)
static

Add an Ed25519 cert from cert to the trunnel certs_cell_t object that we are building in certs_cell. Set its type field to cert_type. (If cert is NULL, take no action.)

Definition at line 77 of file relay_handshake.c.

◆ add_x509_cert()

static void add_x509_cert ( certs_cell_t *  certs_cell,
uint8_t  cert_type,
const tor_x509_cert_t *  cert 
)
static

Add an encoded X509 cert (stored as cert_len bytes at cert_encoded) to the trunnel certs_cell_t object that we are building in certs_cell. Set its type field to cert_type. (If cert is NULL, take no action.)

Definition at line 59 of file relay_handshake.c.

◆ authchallenge_type_is_better()

int authchallenge_type_is_better ( uint16_t  challenge_type_a,
uint16_t  challenge_type_b 
)

Return true iff challenge_type_a is one that we would rather use than challenge_type_b.

Definition at line 215 of file relay_handshake.c.

◆ authchallenge_type_is_supported()

int authchallenge_type_is_supported ( uint16_t  challenge_type)

Return true iff challenge_type is an AUTHCHALLENGE type that we can send and receive.

Definition at line 195 of file relay_handshake.c.

Referenced by authchallenge_type_is_better(), and connection_or_send_auth_challenge_cell().

◆ connection_or_compute_authenticate_cell_body()

var_cell_t* connection_or_compute_authenticate_cell_body ( or_connection_t conn,
const int  authtype,
crypto_pk_t signing_key,
const ed25519_keypair_t ed_signing_key,
int  server 
)

Compute the main body of an AUTHENTICATE cell that a client can use to authenticate itself on a v3 handshake for conn. Return it in a var_cell_t.

If server is true, only calculate the first V3_AUTH_FIXED_PART_LEN bytes – the part of the authenticator that's determined by the rest of the handshake, and which match the provided value exactly.

If server is false and signing_key is NULL, calculate the first V3_AUTH_BODY_LEN bytes of the authenticator (that is, everything that should be signed), but don't actually sign it.

If server is false and signing_key is provided, calculate the entire authenticator, signed with signing_key.

Return the length of the cell body on success, and -1 on failure.

Definition at line 296 of file relay_handshake.c.

◆ connection_or_send_auth_challenge_cell()

int connection_or_send_auth_challenge_cell ( or_connection_t conn)

Send an AUTH_CHALLENGE cell on the connection conn. Return 0 on success, -1 on failure.

Definition at line 232 of file relay_handshake.c.

◆ connection_or_send_authenticate_cell()

int connection_or_send_authenticate_cell ( or_connection_t conn,
int  authtype 
)

Send an AUTHENTICATE cell on the connection conn. Return 0 on success, -1 on failure

Definition at line 536 of file relay_handshake.c.

◆ connection_or_send_certs_cell()

int connection_or_send_certs_cell ( or_connection_t conn)

Send a CERTS cell on the connection conn. Return 0 on success, -1 on failure.

Definition at line 97 of file relay_handshake.c.