25 #include "trunnel/link_handshake.h"
41 const uint8_t *cert_encoded,
45 certs_cell_cert_t *ccc = certs_cell_cert_new();
46 ccc->cert_type = cert_type;
47 ccc->cert_len = cert_len;
48 certs_cell_cert_setlen_body(ccc, cert_len);
49 memcpy(certs_cell_cert_getarray_body(ccc), cert_encoded, cert_len);
51 certs_cell_add_certs(certs_cell, ccc);
61 const tor_x509_cert_t *cert)
66 const uint8_t *cert_encoded = NULL;
89 int certs_cell_ed25519_disabled_for_testing = 0;
91 #define certs_cell_ed25519_disabled_for_testing 0
99 const tor_x509_cert_t *global_link_cert = NULL, *id_cert = NULL;
100 tor_x509_cert_t *own_link_cert = NULL;
103 certs_cell_t *certs_cell = NULL;
114 &global_link_cert, &id_cert) < 0)
117 if (conn_in_server_mode) {
122 certs_cell = certs_cell_new();
125 if (conn_in_server_mode) {
126 tor_assert_nonfatal(own_link_cert);
142 get_master_signing_key_cert());
143 if (conn_in_server_mode) {
145 certs_cell_ed25519_disabled_for_testing);
147 CERTTYPE_ED_SIGN_LINK,
151 CERTTYPE_ED_SIGN_AUTH,
152 get_current_auth_key_cert());
157 const uint8_t *crosscert=NULL;
158 size_t crosscert_len;
159 get_master_rsa_crosscert(&crosscert, &crosscert_len);
162 CERTTYPE_RSA1024_ID_EDID,
163 crosscert, crosscert_len);
168 certs_cell->n_certs = certs_cell_getlen_certs(certs_cell);
170 ssize_t alloc_len = certs_cell_encoded_len(certs_cell);
171 tor_assert(alloc_len >= 0 && alloc_len <= UINT16_MAX);
174 ssize_t enc_len = certs_cell_encode(cell->
payload, alloc_len, certs_cell);
175 tor_assert(enc_len > 0 && enc_len <= alloc_len);
180 certs_cell_free(certs_cell);
181 tor_x509_cert_free(own_link_cert);
186 #ifdef TOR_UNIT_TESTS
187 int testing__connection_or_pretend_TLSSECRET_is_supported = 0;
189 #define testing__connection_or_pretend_TLSSECRET_is_supported 0
197 switch (challenge_type) {
199 #ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS
202 return testing__connection_or_pretend_TLSSECRET_is_supported;
216 uint16_t challenge_type_b)
226 return (challenge_type_a > challenge_type_b);
241 auth_challenge_cell_t *ac = auth_challenge_cell_new();
244 crypto_rand((
char*)ac->challenge,
sizeof(ac->challenge));
253 auth_challenge_cell_set_n_methods(ac,
254 auth_challenge_cell_getlen_methods(ac));
256 cell =
var_cell_new(auth_challenge_cell_encoded_len(ac));
261 log_warn(
LD_BUG,
"Encoded auth challenge cell length not as expected");
265 cell->
command = CELL_AUTH_CHALLENGE;
272 auth_challenge_cell_free(ac);
302 auth1_t *auth = NULL;
303 auth_ctx_t *ctx = auth_ctx_new();
305 int old_tlssecrets_algorithm = 0;
306 const char *authtype_str = NULL;
313 authtype_str =
"AUTH0001";
314 old_tlssecrets_algorithm = 1;
317 authtype_str =
"AUTH0002";
320 authtype_str =
"AUTH0003";
332 memcpy(auth1_getarray_type(auth), authtype_str, 8);
335 const tor_x509_cert_t *id_cert=NULL;
337 const uint8_t *my_id, *their_id, *client_id, *server_id;
345 my_id = (uint8_t*)my_digests->
d[DIGEST_SHA256];
346 their_id = (uint8_t*)their_digests->
d[DIGEST_SHA256];
348 client_id = server ? their_id : my_id;
349 server_id = server ? my_id : their_id;
352 memcpy(auth->cid, client_id, 32);
355 memcpy(auth->sid, server_id, 32);
361 log_warn(
LD_OR,
"Ed authenticate without Ed ID cert from peer.");
364 my_ed_id = get_master_identity_key();
367 const uint8_t *cid_ed = (server ? their_ed_id : my_ed_id)->pubkey;
368 const uint8_t *sid_ed = (server ? my_ed_id : their_ed_id)->pubkey;
393 tor_x509_cert_t *cert = NULL;
400 log_warn(
LD_OR,
"Unable to find cert when making %s data.",
408 tor_x509_cert_free(cert);
412 if (old_tlssecrets_algorithm) {
414 log_fn(LOG_PROTOCOL_WARN,
LD_OR,
"Somebody asked us for an older TLS "
415 "authentication method (AUTHTYPE_RSA_SHA256_TLSSECRET) "
416 "which we don't support.");
421 "EXPORTER FOR TOR TLS CLIENT BINDING %s", authtype_str);
423 auth->cid,
sizeof(auth->cid),
427 log_warn(
LD_BUG,
"TLS key export failed for unknown reason.");
438 ssize_t maxlen = auth1_encoded_len(auth, ctx);
439 if (ed_signing_key && is_ed) {
441 }
else if (signing_key && !is_ed) {
445 const int AUTH_CELL_HEADER_LEN = 4;
447 uint8_t *
const out = result->
payload + AUTH_CELL_HEADER_LEN;
448 const size_t outlen = maxlen;
451 result->
command = CELL_AUTHENTICATE;
454 if ((len = auth1_encode(out, outlen, auth, ctx)) < 0) {
456 log_warn(
LD_BUG,
"Unable to encode signed part of AUTH1 data.");
463 ssize_t len2 = auth1_parse(&tmp, out, len, ctx);
466 log_warn(
LD_BUG,
"Unable to parse signed part of AUTH1 data that "
476 log_warn(
LD_BUG,
"Mismatched length when re-parsing AUTH1 data.");
483 if (ed_signing_key && is_ed) {
487 log_warn(
LD_BUG,
"Unable to sign ed25519 authentication data");
494 }
else if (signing_key && !is_ed) {
500 (
char*)auth1_getarray_sig(auth),
501 auth1_getlen_sig(auth),
504 log_warn(
LD_OR,
"Unable to sign AUTH1 data.");
508 auth1_setlen_sig(auth, siglen);
511 len = auth1_encode(out, outlen, auth, ctx);
514 log_warn(
LD_BUG,
"Unable to encode signed AUTH1 data.");
518 tor_assert(len + AUTH_CELL_HEADER_LEN <= result->payload_len);
525 var_cell_free(result);
543 log_warn(
LD_BUG,
"Can't compute authenticate cell: no client auth key");
547 log_warn(
LD_BUG,
"Tried to send authenticate cell with unknown "
548 "authentication type %d", authtype);
555 get_current_auth_keypair(),
558 log_fn(LOG_PROTOCOL_WARN,
LD_NET,
"Unable to compute authenticate cell!");
static void set_uint16(void *cp, uint16_t v)
Header file for config.c.
var_cell_t * var_cell_new(uint16_t payload_len)
void connection_or_write_var_cell_to_buf(const var_cell_t *cell, or_connection_t *conn)
Header file for connection_or.c.
int crypto_digest256(char *digest, const char *m, size_t len, digest_algorithm_t algorithm)
void crypto_digest_get_digest(crypto_digest_t *digest, char *out, size_t out_len)
int ed25519_sign(ed25519_signature_t *signature_out, const uint8_t *msg, size_t len, const ed25519_keypair_t *keypair)
void crypto_rand(char *to, size_t n)
Common functions for using (pseudo-)random number generators.
size_t crypto_pk_keysize(const crypto_pk_t *env)
int crypto_pk_private_sign(const crypto_pk_t *env, char *to, size_t tolen, const char *from, size_t fromlen)
#define log_fn(severity, domain, args,...)
Master header file for Tor-specific functionality.
#define OR_CERT_TYPE_ID_1024
#define AUTHTYPE_RSA_SHA256_TLSSECRET
#define OR_CERT_TYPE_AUTH_1024
#define OR_CERT_TYPE_TLS_LINK
#define AUTHTYPE_RSA_SHA256_RFC5705
#define AUTHTYPE_ED25519_SHA256_RFC5705
OR handshake certs structure.
OR handshake state structure.
#define OR_CONN_STATE_OR_HANDSHAKING_V3
int tor_snprintf(char *str, size_t size, const char *format,...)
var_cell_t * connection_or_compute_authenticate_cell_body(or_connection_t *conn, const int authtype, crypto_pk_t *signing_key, const ed25519_keypair_t *ed_signing_key, int server)
int authchallenge_type_is_better(uint16_t challenge_type_a, uint16_t challenge_type_b)
static void add_certs_cell_cert_helper(certs_cell_t *certs_cell, uint8_t cert_type, const uint8_t *cert_encoded, size_t cert_len)
int connection_or_send_certs_cell(or_connection_t *conn)
static void add_ed25519_cert(certs_cell_t *certs_cell, uint8_t cert_type, const tor_cert_t *cert)
int authchallenge_type_is_supported(uint16_t challenge_type)
int connection_or_send_authenticate_cell(or_connection_t *conn, int authtype)
int connection_or_send_auth_challenge_cell(or_connection_t *conn)
static void add_x509_cert(certs_cell_t *certs_cell, uint8_t cert_type, const tor_x509_cert_t *cert)
Header for feature/relay/relay_handshake.c.
char d[N_COMMON_DIGEST_ALGORITHMS][DIGEST256_LEN]
or_handshake_state_t * handshake_state
struct tor_cert_st * ed_id_sign
struct tor_x509_cert_t * id_cert
struct tor_cert_st * own_link_cert
unsigned int started_here
crypto_digest_t * digest_sent
or_handshake_certs_t * certs
uint8_t payload[FLEXIBLE_ARRAY_MEMBER]
#define MOCK_IMPL(rv, funcname, arglist)
int tor_tls_get_my_certs(int server, const tor_x509_cert_t **link_cert_out, const tor_x509_cert_t **id_cert_out)
crypto_pk_t * tor_tls_get_my_client_auth_key(void)
struct tor_x509_cert_t * tor_tls_get_peer_cert(tor_tls_t *tls)
struct tor_x509_cert_t * tor_tls_get_own_cert(tor_tls_t *tls)
int tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
int tor_tls_export_key_material(tor_tls_t *tls, uint8_t *secrets_out, const uint8_t *context, size_t context_len, const char *label)
Variable-length cell structure.
#define ED25519_PUBKEY_LEN
const common_digests_t * tor_x509_cert_get_cert_digests(const tor_x509_cert_t *cert)
void tor_x509_cert_get_der(const tor_x509_cert_t *cert, const uint8_t **encoded_out, size_t *size_out)
const common_digests_t * tor_x509_cert_get_id_digests(const tor_x509_cert_t *cert)