Tor  0.4.6.0-alpha-dev
relay_handshake.c
Go to the documentation of this file.
1 /* Copyright (c) 2001 Matej Pfajfar.
2  * Copyright (c) 2001-2004, Roger Dingledine.
3  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4  * Copyright (c) 2007-2020, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
6 
7 /**
8  * @file relay_handshake.c
9  * @brief Functions to implement the relay-only parts of our
10  * connection handshake.
11  *
12  * Some parts of our TLS link handshake are only done by relays (including
13  * bridges). Specifically, only relays need to send CERTS cells; only
14  * relays need to send or receive AUTHCHALLENGE cells, and only relays need to
15  * send or receive AUTHENTICATE cells.
16  **/
17 
18 #include "orconfig.h"
19 #include "core/or/or.h"
21 
22 #include "app/config/config.h"
23 #include "core/or/connection_or.h"
25 #include "trunnel/link_handshake.h"
28 
32 #include "core/or/var_cell_st.h"
33 
34 #include "lib/tls/tortls.h"
35 #include "lib/tls/x509.h"
36 
37 /** Helper used to add an encoded certs to a cert cell */
38 static void
39 add_certs_cell_cert_helper(certs_cell_t *certs_cell,
40  uint8_t cert_type,
41  const uint8_t *cert_encoded,
42  size_t cert_len)
43 {
44  tor_assert(cert_len <= UINT16_MAX);
45  certs_cell_cert_t *ccc = certs_cell_cert_new();
46  ccc->cert_type = cert_type;
47  ccc->cert_len = cert_len;
48  certs_cell_cert_setlen_body(ccc, cert_len);
49  memcpy(certs_cell_cert_getarray_body(ccc), cert_encoded, cert_len);
50 
51  certs_cell_add_certs(certs_cell, ccc);
52 }
53 
54 /** Add an encoded X509 cert (stored as <b>cert_len</b> bytes at
55  * <b>cert_encoded</b>) to the trunnel certs_cell_t object that we are
56  * building in <b>certs_cell</b>. Set its type field to <b>cert_type</b>.
57  * (If <b>cert</b> is NULL, take no action.) */
58 static void
59 add_x509_cert(certs_cell_t *certs_cell,
60  uint8_t cert_type,
61  const tor_x509_cert_t *cert)
62 {
63  if (NULL == cert)
64  return;
65 
66  const uint8_t *cert_encoded = NULL;
67  size_t cert_len;
68  tor_x509_cert_get_der(cert, &cert_encoded, &cert_len);
69 
70  add_certs_cell_cert_helper(certs_cell, cert_type, cert_encoded, cert_len);
71 }
72 
73 /** Add an Ed25519 cert from <b>cert</b> to the trunnel certs_cell_t object
74  * that we are building in <b>certs_cell</b>. Set its type field to
75  * <b>cert_type</b>. (If <b>cert</b> is NULL, take no action.) */
76 static void
77 add_ed25519_cert(certs_cell_t *certs_cell,
78  uint8_t cert_type,
79  const tor_cert_t *cert)
80 {
81  if (NULL == cert)
82  return;
83 
84  add_certs_cell_cert_helper(certs_cell, cert_type,
85  cert->encoded, cert->encoded_len);
86 }
87 
88 #ifdef TOR_UNIT_TESTS
89 int certs_cell_ed25519_disabled_for_testing = 0;
90 #else
91 #define certs_cell_ed25519_disabled_for_testing 0
92 #endif
93 
94 /** Send a CERTS cell on the connection <b>conn</b>. Return 0 on success, -1
95  * on failure. */
96 int
98 {
99  const tor_x509_cert_t *global_link_cert = NULL, *id_cert = NULL;
100  tor_x509_cert_t *own_link_cert = NULL;
101  var_cell_t *cell;
102 
103  certs_cell_t *certs_cell = NULL;
104 
106 
107  if (! conn->handshake_state)
108  return -1;
109 
110  const int conn_in_server_mode = ! conn->handshake_state->started_here;
111 
112  /* Get the encoded values of the X509 certificates */
113  if (tor_tls_get_my_certs(conn_in_server_mode,
114  &global_link_cert, &id_cert) < 0)
115  return -1;
116 
117  if (conn_in_server_mode) {
118  own_link_cert = tor_tls_get_own_cert(conn->tls);
119  }
120  tor_assert(id_cert);
121 
122  certs_cell = certs_cell_new();
123 
124  /* Start adding certs. First the link cert or auth1024 cert. */
125  if (conn_in_server_mode) {
126  tor_assert_nonfatal(own_link_cert);
127  add_x509_cert(certs_cell,
128  OR_CERT_TYPE_TLS_LINK, own_link_cert);
129  } else {
130  tor_assert(global_link_cert);
131  add_x509_cert(certs_cell,
132  OR_CERT_TYPE_AUTH_1024, global_link_cert);
133  }
134 
135  /* Next the RSA->RSA ID cert */
136  add_x509_cert(certs_cell,
137  OR_CERT_TYPE_ID_1024, id_cert);
138 
139  /* Next the Ed25519 certs */
140  add_ed25519_cert(certs_cell,
141  CERTTYPE_ED_ID_SIGN,
142  get_master_signing_key_cert());
143  if (conn_in_server_mode) {
144  tor_assert_nonfatal(conn->handshake_state->own_link_cert ||
145  certs_cell_ed25519_disabled_for_testing);
146  add_ed25519_cert(certs_cell,
147  CERTTYPE_ED_SIGN_LINK,
149  } else {
150  add_ed25519_cert(certs_cell,
151  CERTTYPE_ED_SIGN_AUTH,
152  get_current_auth_key_cert());
153  }
154 
155  /* And finally the crosscert. */
156  {
157  const uint8_t *crosscert=NULL;
158  size_t crosscert_len;
159  get_master_rsa_crosscert(&crosscert, &crosscert_len);
160  if (crosscert) {
161  add_certs_cell_cert_helper(certs_cell,
162  CERTTYPE_RSA1024_ID_EDID,
163  crosscert, crosscert_len);
164  }
165  }
166 
167  /* We've added all the certs; make the cell. */
168  certs_cell->n_certs = certs_cell_getlen_certs(certs_cell);
169 
170  ssize_t alloc_len = certs_cell_encoded_len(certs_cell);
171  tor_assert(alloc_len >= 0 && alloc_len <= UINT16_MAX);
172  cell = var_cell_new(alloc_len);
173  cell->command = CELL_CERTS;
174  ssize_t enc_len = certs_cell_encode(cell->payload, alloc_len, certs_cell);
175  tor_assert(enc_len > 0 && enc_len <= alloc_len);
176  cell->payload_len = enc_len;
177 
179  var_cell_free(cell);
180  certs_cell_free(certs_cell);
181  tor_x509_cert_free(own_link_cert);
182 
183  return 0;
184 }
185 
186 #ifdef TOR_UNIT_TESTS
187 int testing__connection_or_pretend_TLSSECRET_is_supported = 0;
188 #else
189 #define testing__connection_or_pretend_TLSSECRET_is_supported 0
190 #endif
191 
192 /** Return true iff <b>challenge_type</b> is an AUTHCHALLENGE type that
193  * we can send and receive. */
194 int
195 authchallenge_type_is_supported(uint16_t challenge_type)
196 {
197  switch (challenge_type) {
199 #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
200  return 1;
201 #else
202  return testing__connection_or_pretend_TLSSECRET_is_supported;
203 #endif
205  return 1;
207  default:
208  return 0;
209  }
210 }
211 
212 /** Return true iff <b>challenge_type_a</b> is one that we would rather
213  * use than <b>challenge_type_b</b>. */
214 int
215 authchallenge_type_is_better(uint16_t challenge_type_a,
216  uint16_t challenge_type_b)
217 {
218  /* Any supported type is better than an unsupported one;
219  * all unsupported types are equally bad. */
220  if (!authchallenge_type_is_supported(challenge_type_a))
221  return 0;
222  if (!authchallenge_type_is_supported(challenge_type_b))
223  return 1;
224  /* It happens that types are superior in numerically ascending order.
225  * If that ever changes, this must change too. */
226  return (challenge_type_a > challenge_type_b);
227 }
228 
229 /** Send an AUTH_CHALLENGE cell on the connection <b>conn</b>. Return 0
230  * on success, -1 on failure. */
231 int
233 {
234  var_cell_t *cell = NULL;
235  int r = -1;
237 
238  if (! conn->handshake_state)
239  return -1;
240 
241  auth_challenge_cell_t *ac = auth_challenge_cell_new();
242 
243  tor_assert(sizeof(ac->challenge) == 32);
244  crypto_rand((char*)ac->challenge, sizeof(ac->challenge));
245 
247  auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_TLSSECRET);
248  /* Disabled, because everything that supports this method also supports
249  * the much-superior ED25519_SHA256_RFC5705 */
250  /* auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_RFC5705); */
252  auth_challenge_cell_add_methods(ac, AUTHTYPE_ED25519_SHA256_RFC5705);
253  auth_challenge_cell_set_n_methods(ac,
254  auth_challenge_cell_getlen_methods(ac));
255 
256  cell = var_cell_new(auth_challenge_cell_encoded_len(ac));
257  ssize_t len = auth_challenge_cell_encode(cell->payload, cell->payload_len,
258  ac);
259  if (len != cell->payload_len) {
260  /* LCOV_EXCL_START */
261  log_warn(LD_BUG, "Encoded auth challenge cell length not as expected");
262  goto done;
263  /* LCOV_EXCL_STOP */
264  }
265  cell->command = CELL_AUTH_CHALLENGE;
266 
268  r = 0;
269 
270  done:
271  var_cell_free(cell);
272  auth_challenge_cell_free(ac);
273 
274  return r;
275 }
276 
277 /** Compute the main body of an AUTHENTICATE cell that a client can use
278  * to authenticate itself on a v3 handshake for <b>conn</b>. Return it
279  * in a var_cell_t.
280  *
281  * If <b>server</b> is true, only calculate the first
282  * V3_AUTH_FIXED_PART_LEN bytes -- the part of the authenticator that's
283  * determined by the rest of the handshake, and which match the provided value
284  * exactly.
285  *
286  * If <b>server</b> is false and <b>signing_key</b> is NULL, calculate the
287  * first V3_AUTH_BODY_LEN bytes of the authenticator (that is, everything
288  * that should be signed), but don't actually sign it.
289  *
290  * If <b>server</b> is false and <b>signing_key</b> is provided, calculate the
291  * entire authenticator, signed with <b>signing_key</b>.
292  *
293  * Return the length of the cell body on success, and -1 on failure.
294  */
295 var_cell_t *
297  const int authtype,
298  crypto_pk_t *signing_key,
299  const ed25519_keypair_t *ed_signing_key,
300  int server)
301 {
302  auth1_t *auth = NULL;
303  auth_ctx_t *ctx = auth_ctx_new();
304  var_cell_t *result = NULL;
305  int old_tlssecrets_algorithm = 0;
306  const char *authtype_str = NULL;
307 
308  int is_ed = 0;
309 
310  /* assert state is reasonable XXXX */
311  switch (authtype) {
313  authtype_str = "AUTH0001";
314  old_tlssecrets_algorithm = 1;
315  break;
317  authtype_str = "AUTH0002";
318  break;
320  authtype_str = "AUTH0003";
321  is_ed = 1;
322  break;
323  default:
324  tor_assert(0);
325  break;
326  }
327 
328  auth = auth1_new();
329  ctx->is_ed = is_ed;
330 
331  /* Type: 8 bytes. */
332  memcpy(auth1_getarray_type(auth), authtype_str, 8);
333 
334  {
335  const tor_x509_cert_t *id_cert=NULL;
336  const common_digests_t *my_digests, *their_digests;
337  const uint8_t *my_id, *their_id, *client_id, *server_id;
338  if (tor_tls_get_my_certs(server, NULL, &id_cert))
339  goto err;
340  my_digests = tor_x509_cert_get_id_digests(id_cert);
341  their_digests =
343  tor_assert(my_digests);
344  tor_assert(their_digests);
345  my_id = (uint8_t*)my_digests->d[DIGEST_SHA256];
346  their_id = (uint8_t*)their_digests->d[DIGEST_SHA256];
347 
348  client_id = server ? their_id : my_id;
349  server_id = server ? my_id : their_id;
350 
351  /* Client ID digest: 32 octets. */
352  memcpy(auth->cid, client_id, 32);
353 
354  /* Server ID digest: 32 octets. */
355  memcpy(auth->sid, server_id, 32);
356  }
357 
358  if (is_ed) {
359  const ed25519_public_key_t *my_ed_id, *their_ed_id;
360  if (!conn->handshake_state->certs->ed_id_sign) {
361  log_warn(LD_OR, "Ed authenticate without Ed ID cert from peer.");
362  goto err;
363  }
364  my_ed_id = get_master_identity_key();
365  their_ed_id = &conn->handshake_state->certs->ed_id_sign->signing_key;
366 
367  const uint8_t *cid_ed = (server ? their_ed_id : my_ed_id)->pubkey;
368  const uint8_t *sid_ed = (server ? my_ed_id : their_ed_id)->pubkey;
369 
370  memcpy(auth->u1_cid_ed, cid_ed, ED25519_PUBKEY_LEN);
371  memcpy(auth->u1_sid_ed, sid_ed, ED25519_PUBKEY_LEN);
372  }
373 
374  {
375  crypto_digest_t *server_d, *client_d;
376  if (server) {
377  server_d = conn->handshake_state->digest_sent;
378  client_d = conn->handshake_state->digest_received;
379  } else {
380  client_d = conn->handshake_state->digest_sent;
381  server_d = conn->handshake_state->digest_received;
382  }
383 
384  /* Server log digest : 32 octets */
385  crypto_digest_get_digest(server_d, (char*)auth->slog, 32);
386 
387  /* Client log digest : 32 octets */
388  crypto_digest_get_digest(client_d, (char*)auth->clog, 32);
389  }
390 
391  {
392  /* Digest of cert used on TLS link : 32 octets. */
393  tor_x509_cert_t *cert = NULL;
394  if (server) {
395  cert = tor_tls_get_own_cert(conn->tls);
396  } else {
397  cert = tor_tls_get_peer_cert(conn->tls);
398  }
399  if (!cert) {
400  log_warn(LD_OR, "Unable to find cert when making %s data.",
401  authtype_str);
402  goto err;
403  }
404 
405  memcpy(auth->scert,
406  tor_x509_cert_get_cert_digests(cert)->d[DIGEST_SHA256], 32);
407 
408  tor_x509_cert_free(cert);
409  }
410 
411  /* HMAC of clientrandom and serverrandom using master key : 32 octets */
412  if (old_tlssecrets_algorithm) {
413  if (tor_tls_get_tlssecrets(conn->tls, auth->tlssecrets) < 0) {
414  log_fn(LOG_PROTOCOL_WARN, LD_OR, "Somebody asked us for an older TLS "
415  "authentication method (AUTHTYPE_RSA_SHA256_TLSSECRET) "
416  "which we don't support.");
417  }
418  } else {
419  char label[128];
420  tor_snprintf(label, sizeof(label),
421  "EXPORTER FOR TOR TLS CLIENT BINDING %s", authtype_str);
422  int r = tor_tls_export_key_material(conn->tls, auth->tlssecrets,
423  auth->cid, sizeof(auth->cid),
424  label);
425  if (r < 0) {
426  if (r != -2)
427  log_warn(LD_BUG, "TLS key export failed for unknown reason.");
428  // If r == -2, this was openssl bug 7712.
429  goto err;
430  }
431  }
432 
433  /* 8 octets were reserved for the current time, but we're trying to get out
434  * of the habit of sending time around willynilly. Fortunately, nothing
435  * checks it. That's followed by 16 bytes of nonce. */
436  crypto_rand((char*)auth->rand, 24);
437 
438  ssize_t maxlen = auth1_encoded_len(auth, ctx);
439  if (ed_signing_key && is_ed) {
440  maxlen += ED25519_SIG_LEN;
441  } else if (signing_key && !is_ed) {
442  maxlen += crypto_pk_keysize(signing_key);
443  }
444 
445  const int AUTH_CELL_HEADER_LEN = 4; /* 2 bytes of type, 2 bytes of length */
446  result = var_cell_new(AUTH_CELL_HEADER_LEN + maxlen);
447  uint8_t *const out = result->payload + AUTH_CELL_HEADER_LEN;
448  const size_t outlen = maxlen;
449  ssize_t len;
450 
451  result->command = CELL_AUTHENTICATE;
452  set_uint16(result->payload, htons(authtype));
453 
454  if ((len = auth1_encode(out, outlen, auth, ctx)) < 0) {
455  /* LCOV_EXCL_START */
456  log_warn(LD_BUG, "Unable to encode signed part of AUTH1 data.");
457  goto err;
458  /* LCOV_EXCL_STOP */
459  }
460 
461  if (server) {
462  auth1_t *tmp = NULL;
463  ssize_t len2 = auth1_parse(&tmp, out, len, ctx);
464  if (!tmp) {
465  /* LCOV_EXCL_START */
466  log_warn(LD_BUG, "Unable to parse signed part of AUTH1 data that "
467  "we just encoded");
468  goto err;
469  /* LCOV_EXCL_STOP */
470  }
471  result->payload_len = (tmp->end_of_signed - result->payload);
472 
473  auth1_free(tmp);
474  if (len2 != len) {
475  /* LCOV_EXCL_START */
476  log_warn(LD_BUG, "Mismatched length when re-parsing AUTH1 data.");
477  goto err;
478  /* LCOV_EXCL_STOP */
479  }
480  goto done;
481  }
482 
483  if (ed_signing_key && is_ed) {
485  if (ed25519_sign(&sig, out, len, ed_signing_key) < 0) {
486  /* LCOV_EXCL_START */
487  log_warn(LD_BUG, "Unable to sign ed25519 authentication data");
488  goto err;
489  /* LCOV_EXCL_STOP */
490  }
491  auth1_setlen_sig(auth, ED25519_SIG_LEN);
492  memcpy(auth1_getarray_sig(auth), sig.sig, ED25519_SIG_LEN);
493 
494  } else if (signing_key && !is_ed) {
495  auth1_setlen_sig(auth, crypto_pk_keysize(signing_key));
496 
497  char d[32];
498  crypto_digest256(d, (char*)out, len, DIGEST_SHA256);
499  int siglen = crypto_pk_private_sign(signing_key,
500  (char*)auth1_getarray_sig(auth),
501  auth1_getlen_sig(auth),
502  d, 32);
503  if (siglen < 0) {
504  log_warn(LD_OR, "Unable to sign AUTH1 data.");
505  goto err;
506  }
507 
508  auth1_setlen_sig(auth, siglen);
509  }
510 
511  len = auth1_encode(out, outlen, auth, ctx);
512  if (len < 0) {
513  /* LCOV_EXCL_START */
514  log_warn(LD_BUG, "Unable to encode signed AUTH1 data.");
515  goto err;
516  /* LCOV_EXCL_STOP */
517  }
518  tor_assert(len + AUTH_CELL_HEADER_LEN <= result->payload_len);
519  result->payload_len = len + AUTH_CELL_HEADER_LEN;
520  set_uint16(result->payload+2, htons(len));
521 
522  goto done;
523 
524  err:
525  var_cell_free(result);
526  result = NULL;
527  done:
528  auth1_free(auth);
529  auth_ctx_free(ctx);
530  return result;
531 }
532 
533 /** Send an AUTHENTICATE cell on the connection <b>conn</b>. Return 0 on
534  * success, -1 on failure */
535 MOCK_IMPL(int,
537 {
538  var_cell_t *cell;
540  /* XXXX make sure we're actually supposed to send this! */
541 
542  if (!pk) {
543  log_warn(LD_BUG, "Can't compute authenticate cell: no client auth key");
544  return -1;
545  }
546  if (! authchallenge_type_is_supported(authtype)) {
547  log_warn(LD_BUG, "Tried to send authenticate cell with unknown "
548  "authentication type %d", authtype);
549  return -1;
550  }
551 
553  authtype,
554  pk,
555  get_current_auth_keypair(),
556  0 /* not server */);
557  if (! cell) {
558  log_fn(LOG_PROTOCOL_WARN, LD_NET, "Unable to compute authenticate cell!");
559  return -1;
560  }
562  var_cell_free(cell);
563 
564  return 0;
565 }
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:283
or_handshake_certs_t::id_cert
struct tor_x509_cert_t * id_cert
Definition: or_handshake_certs_st.h:30
tor_cert_t::encoded_len
size_t encoded_len
Definition: torcert.h:42
OR_CERT_TYPE_ID_1024
#define OR_CERT_TYPE_ID_1024
Definition: or.h:666
or_handshake_state_t::digest_sent
crypto_digest_t * digest_sent
Definition: or_handshake_state_st.h:72
add_x509_cert
static void add_x509_cert(certs_cell_t *certs_cell, uint8_t cert_type, const tor_x509_cert_t *cert)
Definition: relay_handshake.c:59
or_connection_t::handshake_state
or_handshake_state_t * handshake_state
Definition: or_connection_st.h:98
tor_cert_t
Definition: torcert.h:30
add_certs_cell_cert_helper
static void add_certs_cell_cert_helper(certs_cell_t *certs_cell, uint8_t cert_type, const uint8_t *cert_encoded, size_t cert_len)
Definition: relay_handshake.c:39
MOCK_IMPL
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
ed25519_sign
int ed25519_sign(ed25519_signature_t *signature_out, const uint8_t *msg, size_t len, const ed25519_keypair_t *keypair)
Definition: crypto_ed25519.c:271
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
routerkeys.h
Header for routerkeys.c.
LD_BUG
#define LD_BUG
Definition: log.h:86
or_handshake_state_t::started_here
unsigned int started_here
Definition: or_handshake_state_st.h:23
authchallenge_type_is_better
int authchallenge_type_is_better(uint16_t challenge_type_a, uint16_t challenge_type_b)
Definition: relay_handshake.c:215
ED25519_PUBKEY_LEN
#define ED25519_PUBKEY_LEN
Definition: x25519_sizes.h:27
connection_or_write_var_cell_to_buf
void connection_or_write_var_cell_to_buf(const var_cell_t *cell, or_connection_t *conn)
Definition: connection_or.c:2318
tor_cert_t::encoded
uint8_t * encoded
Definition: torcert.h:40
crypto_digest_t
Definition: crypto_digest_nss.c:166
or_connection_t
Definition: or_connection_st.h:22
tor_snprintf
int tor_snprintf(char *str, size_t size, const char *format,...)
Definition: printf.c:27
common_digests_t
Definition: crypto_digest.h:87
AUTHTYPE_RSA_SHA256_RFC5705
#define AUTHTYPE_RSA_SHA256_RFC5705
Definition: or.h:689
tor_tls_get_tlssecrets
int tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
Definition: tortls_nss.c:795
OR_CERT_TYPE_TLS_LINK
#define OR_CERT_TYPE_TLS_LINK
Definition: or.h:663
tortls.h
Headers for tortls.c.
tor_x509_cert_get_cert_digests
const common_digests_t * tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert)
Definition: x509.c:69
connection_or_compute_authenticate_cell_body
var_cell_t * connection_or_compute_authenticate_cell_body(or_connection_t *conn, const int authtype, crypto_pk_t *signing_key, const ed25519_keypair_t *ed_signing_key, int server)
Definition: relay_handshake.c:296
tor_tls_get_my_client_auth_key
crypto_pk_t * tor_tls_get_my_client_auth_key(void)
Definition: tortls.c:101
LD_OR
#define LD_OR
Definition: log.h:92
tor_tls_get_own_cert
struct tor_x509_cert_t * tor_tls_get_own_cert(tor_tls_t *tls)
Definition: tortls_nss.c:551
torcert.h
Header for torcert.c.
ed25519_public_key_t
Definition: crypto_ed25519.h:23
var_cell_t::payload_len
uint16_t payload_len
Definition: var_cell_st.h:22
relay_handshake.h
Header for feature/relay/relay_handshake.c.
common_digests_t::d
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
Definition: crypto_digest.h:89
or_handshake_certs_st.h
OR handshake certs structure.
crypto_rand.h
Common functions for using (pseudo-)random number generators.
crypto_pk_keysize
size_t crypto_pk_keysize(const crypto_pk_t *env)
Definition: crypto_rsa_nss.c:331
var_cell_st.h
Variable-length cell structure.
OR_CERT_TYPE_AUTH_1024
#define OR_CERT_TYPE_AUTH_1024
Definition: or.h:670
OR_CONN_STATE_OR_HANDSHAKING_V3
#define OR_CONN_STATE_OR_HANDSHAKING_V3
Definition: orconn_event.h:51
or_handshake_certs_t::ed_id_sign
struct tor_cert_st * ed_id_sign
Definition: or_handshake_certs_st.h:32
ed25519_signature_t
Definition: crypto_ed25519.h:18
tor_tls_get_my_certs
int tor_tls_get_my_certs(int server, const tor_x509_cert_t **link_cert_out, const tor_x509_cert_t **id_cert_out)
Definition: tortls.c:76
or_handshake_state_t::certs
or_handshake_certs_t * certs
Definition: or_handshake_state_st.h:79
AUTHTYPE_ED25519_SHA256_RFC5705
#define AUTHTYPE_ED25519_SHA256_RFC5705
Definition: or.h:692
or_connection_st.h
OR connection structure.
crypto_pk_t
Definition: crypto_rsa_nss.c:37
or_handshake_state_t::own_link_cert
struct tor_cert_st * own_link_cert
Definition: or_handshake_state_st.h:45
var_cell_new
var_cell_t * var_cell_new(uint16_t payload_len)
Definition: connection_or.c:510
AUTHTYPE_RSA_SHA256_TLSSECRET
#define AUTHTYPE_RSA_SHA256_TLSSECRET
Definition: or.h:681
authchallenge_type_is_supported
int authchallenge_type_is_supported(uint16_t challenge_type)
Definition: relay_handshake.c:195
config.h
Header file for config.c.
crypto_digest256
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
Definition: crypto_digest_nss.c:121
connection_or_send_authenticate_cell
int connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
Definition: relay_handshake.c:536
tor_x509_cert_get_der
void tor_x509_cert_get_der(const tor_x509_cert_t *cert, const uint8_t **encoded_out, size_t *size_out)
Definition: x509_nss.c:216
tor_tls_get_peer_cert
struct tor_x509_cert_t * tor_tls_get_peer_cert(tor_tls_t *tls)
Definition: tortls_nss.c:541
LD_NET
#define LD_NET
Definition: log.h:66
connection_t::state
uint8_t state
Definition: connection_st.h:49
crypto_rand
void crypto_rand(char *to, size_t n)
Definition: crypto_rand.c:477
connection_or_send_certs_cell
int connection_or_send_certs_cell(or_connection_t *conn)
Definition: relay_handshake.c:97
add_ed25519_cert
static void add_ed25519_cert(certs_cell_t *certs_cell, uint8_t cert_type, const tor_cert_t *cert)
Definition: relay_handshake.c:77
set_uint16
static void set_uint16(void *cp, uint16_t v)
Definition: bytes.h:78
var_cell_t::payload
uint8_t payload[FLEXIBLE_ARRAY_MEMBER]
Definition: var_cell_st.h:24
or_handshake_state_st.h
OR handshake state structure.
tor_tls_export_key_material
int tor_tls_export_key_material(tor_tls_t *tls, uint8_t *secrets_out, const uint8_t *context, size_t context_len, const char *label)
Definition: tortls_nss.c:809
var_cell_t::command
uint8_t command
Definition: var_cell_st.h:18
var_cell_t
Definition: var_cell_st.h:16
crypto_pk_private_sign
int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
Definition: crypto_rsa_nss.c:549
or_connection_t::tls
struct tor_tls_t * tls
Definition: or_connection_st.h:44
tor_x509_cert_get_id_digests
const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)
Definition: x509.c:59
crypto_digest_get_digest
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
Definition: crypto_digest_nss.c:348
ED25519_SIG_LEN
#define ED25519_SIG_LEN
Definition: x25519_sizes.h:34
connection_or.h
Header file for connection_or.c.
connection_or_send_auth_challenge_cell
int connection_or_send_auth_challenge_cell(or_connection_t *conn)
Definition: relay_handshake.c:232
or.h
Master header file for Tor-specific functionality.
ed25519_keypair_t
Definition: crypto_ed25519.h:39
x509.h
Headers for tortls.c.