Tor
0.4.7.0-alpha-dev
|
Shared functionality for our TLS backends. More...
#include "lib/tls/x509.h"
#include "lib/tls/x509_internal.h"
#include "lib/tls/tortls_sys.h"
#include "lib/tls/tortls.h"
#include "lib/tls/tortls_st.h"
#include "lib/tls/tortls_internal.h"
#include "lib/log/util_bug.h"
#include "lib/intmath/cmp.h"
#include "lib/crypt_ops/crypto_rsa.h"
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/net/socket.h"
#include "lib/subsys/subsys.h"
#include <time.h>
Go to the source code of this file.
Macros | |
#define | TORTLS_PRIVATE |
#define | TOR_X509_PRIVATE |
#define | RSA_LINK_KEY_BITS 2048 |
#define | IDENTITY_CERT_LIFETIME (365*24*60*60) |
Functions | |
tor_tls_context_t * | tor_tls_context_get (int is_server) |
int | tor_errno_to_tls_error (int e) |
int | tor_tls_get_my_certs (int server, const tor_x509_cert_t **link_cert_out, const tor_x509_cert_t **id_cert_out) |
crypto_pk_t * | tor_tls_get_my_client_auth_key (void) |
void | tor_tls_context_incref (tor_tls_context_t *ctx) |
void | tor_tls_context_decref (tor_tls_context_t *ctx) |
void | tor_tls_free_all (void) |
const char * | tor_tls_err_to_string (int err) |
int | tor_tls_context_init (unsigned flags, crypto_pk_t *client_identity, crypto_pk_t *server_identity, unsigned int key_lifetime) |
int | tor_tls_context_init_one (tor_tls_context_t **ppcontext, crypto_pk_t *identity, unsigned int key_lifetime, unsigned int flags, int is_client) |
int | tor_tls_context_init_certificates (tor_tls_context_t *result, crypto_pk_t *identity, unsigned key_lifetime, unsigned flags) |
void | tor_tls_set_logged_address (tor_tls_t *tls, const char *address) |
int | tor_tls_is_server (tor_tls_t *tls) |
void | tor_tls_free_ (tor_tls_t *tls) |
int | tor_tls_verify (int severity, tor_tls_t *tls, crypto_pk_t **identity) |
static void | subsys_tortls_shutdown (void) |
Variables | |
const subsys_fns_t | sys_tortls |
STATIC tor_tls_context_t * | server_tls_context = NULL |
STATIC tor_tls_context_t * | client_tls_context = NULL |
Shared functionality for our TLS backends.
Wrapper functions to present a consistent interface to TLS, SSL, and X.509 functions from OpenSSL.
Definition in file tortls.c.
#define IDENTITY_CERT_LIFETIME (365*24*60*60) |
#define RSA_LINK_KEY_BITS 2048 |
int tor_errno_to_tls_error | ( | int | e | ) |
void tor_tls_context_decref | ( | tor_tls_context_t * | ctx | ) |
Remove a reference to ctx, and free it if it has no more references.
Definition at line 119 of file tortls.c.
Referenced by tor_tls_context_init_one().
tor_tls_context_t* tor_tls_context_get | ( | int | is_server | ) |
Return the appropriate TLS context.
Definition at line 45 of file tortls.c.
Referenced by tor_tls_get_my_certs(), tor_tls_get_my_client_auth_key(), and tor_tls_new().
void tor_tls_context_incref | ( | tor_tls_context_t * | ctx | ) |
int tor_tls_context_init | ( | unsigned | flags, |
crypto_pk_t * | client_identity, | ||
crypto_pk_t * | server_identity, | ||
unsigned int | key_lifetime | ||
) |
Create new global client and server TLS contexts.
If server_identity is NULL, this will not generate a server TLS context. If TOR_TLS_CTX_IS_PUBLIC_SERVER is set in flags, use the same TLS context for incoming and outgoing connections, and ignore client_identity. If one of TOR_TLS_CTX_USE_ECDHE_P{224,256} is set in flags, use that ECDHE group if possible; otherwise use the default ECDHE group.
int tor_tls_context_init_certificates | ( | tor_tls_context_t * | result, |
crypto_pk_t * | identity, | ||
unsigned | key_lifetime, | ||
unsigned | flags | ||
) |
Initialize the certificates and keys for a TLS context result
Other arguments as for tor_tls_context_new().
int tor_tls_context_init_one | ( | tor_tls_context_t ** | ppcontext, |
crypto_pk_t * | identity, | ||
unsigned int | key_lifetime, | ||
unsigned int | flags, | ||
int | is_client | ||
) |
const char* tor_tls_err_to_string | ( | int | err | ) |
void tor_tls_free_ | ( | tor_tls_t * | tls | ) |
void tor_tls_free_all | ( | void | ) |
int tor_tls_get_my_certs | ( | int | server, |
const tor_x509_cert_t ** | link_cert_out, | ||
const tor_x509_cert_t ** | id_cert_out | ||
) |
Set *link_cert_out and *id_cert_out to the link certificate and ID certificate that we're currently using for our V3 in-protocol handshake's certificate chain. If server is true, provide the certs that we use in server mode (auth, ID); otherwise, provide the certs that we use in client mode. (link, ID)
Definition at line 76 of file tortls.c.
Referenced by connection_or_compute_authenticate_cell_body(), connection_or_send_certs_cell(), and generate_ed_link_cert().
crypto_pk_t* tor_tls_get_my_client_auth_key | ( | void | ) |
Return the authentication key that we use to authenticate ourselves as a client in the V3 in-protocol handshake.
Definition at line 101 of file tortls.c.
Referenced by connection_or_send_authenticate_cell().
int tor_tls_is_server | ( | tor_tls_t * | tls | ) |
Return whether this tls initiated the connect (client) or received it (server).
Definition at line 379 of file tortls.c.
Referenced by connection_or_nonopen_was_started_here().
void tor_tls_set_logged_address | ( | tor_tls_t * | tls, |
const char * | address | ||
) |
int tor_tls_verify | ( | int | severity, |
tor_tls_t * | tls, | ||
crypto_pk_t ** | identity | ||
) |
STATIC tor_tls_context_t* server_tls_context = NULL |
Global TLS contexts. We keep them here because nobody else needs to touch them.
Definition at line 37 of file tortls.c.
Referenced by tor_tls_context_get().
const subsys_fns_t sys_tortls |