Functions to implement the relay-only parts of our connection handshake. More...

#include "orconfig.h"
#include "core/or/or.h"
#include "feature/relay/relay_handshake.h"
#include "app/config/config.h"
#include "core/or/connection_or.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "trunnel/link_handshake.h"
#include "feature/relay/routerkeys.h"
#include "feature/nodelist/torcert.h"
#include "core/or/or_connection_st.h"
#include "core/or/or_handshake_certs_st.h"
#include "core/or/or_handshake_state_st.h"
#include "core/or/var_cell_st.h"
#include "lib/tls/tortls.h"
#include "lib/tls/x509.h"

Macros
#define	certs_cell_ed25519_disabled_for_testing 0

#define	testing__connection_or_pretend_TLSSECRET_is_supported 0

Functions
static void	add_certs_cell_cert_helper (certs_cell_t certs_cell, uint8_t cert_type, const uint8_t cert_encoded, size_t cert_len)

static void	add_x509_cert (certs_cell_t certs_cell, uint8_t cert_type, const tor_x509_cert_t cert)

static void	add_ed25519_cert (certs_cell_t certs_cell, uint8_t cert_type, const tor_cert_t cert)

int	connection_or_send_certs_cell (or_connection_t *conn)

int	authchallenge_type_is_supported (uint16_t challenge_type)

int	authchallenge_type_is_better (uint16_t challenge_type_a, uint16_t challenge_type_b)

int	connection_or_send_auth_challenge_cell (or_connection_t *conn)

var_cell_t *	connection_or_compute_authenticate_cell_body (or_connection_t conn, const int authtype, crypto_pk_t signing_key, const ed25519_keypair_t *ed_signing_key, int server)

int	connection_or_send_authenticate_cell (or_connection_t *conn, int authtype)

Detailed Description

Functions to implement the relay-only parts of our connection handshake.

Some parts of our TLS link handshake are only done by relays (including bridges). Specifically, only relays need to send CERTS cells; only relays need to send or receive AUTHCHALLENGE cells, and only relays need to send or receive AUTHENTICATE cells.

Definition in file relay_handshake.c.

Function Documentation

◆ add_certs_cell_cert_helper()

static void add_certs_cell_cert_helper	(	certs_cell_t *	certs_cell,
		uint8_t	cert_type,
		const uint8_t *	cert_encoded,
		size_t	cert_len
	)

static

Helper used to add an encoded certs to a cert cell

Definition at line 39 of file relay_handshake.c.

Referenced by add_ed25519_cert(), and add_x509_cert().

◆ add_ed25519_cert()

static void add_ed25519_cert	(	certs_cell_t *	certs_cell,
		uint8_t	cert_type,
		const tor_cert_t *	cert
	)

static

Add an Ed25519 cert from cert to the trunnel certs_cell_t object that we are building in certs_cell. Set its type field to cert_type. (If cert is NULL, take no action.)

Definition at line 77 of file relay_handshake.c.

◆ add_x509_cert()

static void add_x509_cert	(	certs_cell_t *	certs_cell,
		uint8_t	cert_type,
		const tor_x509_cert_t *	cert
	)

static

Add an encoded X509 cert (stored as cert_len bytes at cert_encoded) to the trunnel certs_cell_t object that we are building in certs_cell. Set its type field to cert_type. (If cert is NULL, take no action.)

Definition at line 59 of file relay_handshake.c.

◆ authchallenge_type_is_better()

int authchallenge_type_is_better	(	uint16_t	challenge_type_a,
		uint16_t	challenge_type_b
	)

Return true iff challenge_type_a is one that we would rather use than challenge_type_b.

Definition at line 215 of file relay_handshake.c.

◆ authchallenge_type_is_supported()

int authchallenge_type_is_supported ( uint16_t challenge_type )

Return true iff challenge_type is an AUTHCHALLENGE type that we can send and receive.

Definition at line 195 of file relay_handshake.c.

Referenced by authchallenge_type_is_better(), and connection_or_send_auth_challenge_cell().

◆ connection_or_compute_authenticate_cell_body()

var_cell_t* connection_or_compute_authenticate_cell_body	(	or_connection_t *	conn,
		const int	authtype,
		crypto_pk_t *	signing_key,
		const ed25519_keypair_t *	ed_signing_key,
		int	server
	)

Compute the main body of an AUTHENTICATE cell that a client can use to authenticate itself on a v3 handshake for conn. Return it in a var_cell_t.

If server is true, only calculate the first V3_AUTH_FIXED_PART_LEN bytes – the part of the authenticator that's determined by the rest of the handshake, and which match the provided value exactly.

If server is false and signing_key is NULL, calculate the first V3_AUTH_BODY_LEN bytes of the authenticator (that is, everything that should be signed), but don't actually sign it.

If server is false and signing_key is provided, calculate the entire authenticator, signed with signing_key.

Return the length of the cell body on success, and -1 on failure.

Definition at line 296 of file relay_handshake.c.

◆ connection_or_send_auth_challenge_cell()

int connection_or_send_auth_challenge_cell ( or_connection_t * conn )

Send an AUTH_CHALLENGE cell on the connection conn. Return 0 on success, -1 on failure.

Definition at line 232 of file relay_handshake.c.

◆ connection_or_send_authenticate_cell()

int connection_or_send_authenticate_cell	(	or_connection_t *	conn,
		int	authtype
	)

Send an AUTHENTICATE cell on the connection conn. Return 0 on success, -1 on failure

Definition at line 536 of file relay_handshake.c.

◆ connection_or_send_certs_cell()

int connection_or_send_certs_cell ( or_connection_t * conn )

Send a CERTS cell on the connection conn. Return 0 on success, -1 on failure.

Definition at line 97 of file relay_handshake.c.

Macros

Functions

Detailed Description

Function Documentation

◆ add_certs_cell_cert_helper()

◆ add_ed25519_cert()

◆ add_x509_cert()

◆ authchallenge_type_is_better()

◆ authchallenge_type_is_supported()

◆ connection_or_compute_authenticate_cell_body()

◆ connection_or_send_auth_challenge_cell()

◆ connection_or_send_authenticate_cell()

◆ connection_or_send_certs_cell()