|
Tor 0.4.9.0-alpha-dev
|
Functions to handle different kinds of circuit extension crypto. More...
#include "core/or/or.h"#include "core/or/extendinfo.h"#include "core/crypto/onion_crypto.h"#include "core/crypto/onion_fast.h"#include "core/crypto/onion_ntor.h"#include "core/crypto/onion_ntor_v3.h"#include "core/crypto/onion_tap.h"#include "feature/relay/router.h"#include "lib/crypt_ops/crypto_dh.h"#include "lib/crypt_ops/crypto_util.h"#include "feature/relay/routerkeys.h"#include "core/or/congestion_control_common.h"#include "core/or/circuitbuild.h"#include "core/or/crypt_path_st.h"#include "core/or/extend_info_st.h"#include "trunnel/congestion_control.h"#include "trunnel/extension.h"Go to the source code of this file.
Macros | |
| #define | NTOR3_VERIFICATION_ARGS NTOR3_CIRC_VERIFICATION, NTOR3_CIRC_VERIFICATION_LEN |
| #define | MAX_KEYS_TMP_LEN 128 |
Functions | |
| server_onion_keys_t * | server_onion_keys_new (void) |
| void | server_onion_keys_free_ (server_onion_keys_t *keys) |
| void | onion_handshake_state_release (onion_handshake_state_t *state) |
| int | onion_skin_create (int type, const extend_info_t *node, onion_handshake_state_t *state_out, uint8_t *onion_skin_out, size_t onion_skin_out_maxlen) |
| static int | negotiate_v3_ntor_server_circ_params (const uint8_t *param_request_msg, size_t param_request_len, const circuit_params_t *our_ns_params, circuit_params_t *params_out, uint8_t **resp_msg_out, size_t *resp_msg_len_out) |
| int | onion_skin_server_handshake (int type, const uint8_t *onion_skin, size_t onionskin_len, const server_onion_keys_t *keys, const circuit_params_t *our_ns_params, uint8_t *reply_out, size_t reply_out_maxlen, uint8_t *keys_out, size_t keys_out_len, uint8_t *rend_nonce_out, circuit_params_t *params_out) |
| static int | negotiate_v3_ntor_client_circ_params (const uint8_t *param_response_msg, size_t param_response_len, circuit_params_t *params_out) |
| int | onion_skin_client_handshake (int type, const onion_handshake_state_t *handshake_state, const uint8_t *reply, size_t reply_len, uint8_t *keys_out, size_t keys_out_len, uint8_t *rend_authenticator_out, circuit_params_t *params_out, const char **msg_out) |
Variables | |
| static const uint8_t | NTOR3_CIRC_VERIFICATION [] = "circuit extend" |
| static const size_t | NTOR3_CIRC_VERIFICATION_LEN = 14 |
Functions to handle different kinds of circuit extension crypto.
In this module, we provide a set of abstractions to create a uniform interface over the three circuit extension handshakes that Tor has used over the years (TAP, CREATE_FAST, and ntor). These handshakes are implemented in onion_tap.c, onion_fast.c, and onion_ntor.c respectively.
All[*] of these handshakes follow a similar pattern: a client, knowing some key from the relay it wants to extend through, generates the first part of a handshake. A relay receives that handshake, and sends a reply. Once the client handles the reply, it knows that it is talking to the right relay, and it shares some freshly negotiated key material with that relay.
We sometimes call the client's part of the handshake an "onionskin". We do this because historically, Onion Routing used a multi-layer structure called an "onion" to construct circuits. Each layer of the onion contained key material chosen by the client, the identity of the next relay in the circuit, and a smaller onion, encrypted with the key of the next relay. When we changed Tor to use a telescoping circuit extension design, it corresponded to sending each layer of the onion separately – as a series of onionskins.
Definition in file onion_crypto.c.
| #define MAX_KEYS_TMP_LEN 128 |
Definition at line 266 of file onion_crypto.c.
| #define NTOR3_VERIFICATION_ARGS NTOR3_CIRC_VERIFICATION, NTOR3_CIRC_VERIFICATION_LEN |
Definition at line 57 of file onion_crypto.c.
|
static |
Takes a param response message from the exit, compares it to our consensus parameters for sanity, and creates output parameters if sane.
Returns -1 on parsing or insane params, 0 if success.
Definition at line 423 of file onion_crypto.c.
|
static |
Takes a param request message from the client, compares it to our consensus parameters, and creates a reply message and output parameters.
This function runs in a worker thread, so it can only inspect arguments and local variables.
Returns 0 if successful. Returns -1 on parsing, parameter failure, or reply creation failure.
Definition at line 231 of file onion_crypto.c.
| void onion_handshake_state_release | ( | onion_handshake_state_t * | state | ) |
Release whatever storage is held in state, depending on its type, and clear its pointer.
Definition at line 97 of file onion_crypto.c.
Referenced by cpath_free().
| int onion_skin_client_handshake | ( | int | type, |
| const onion_handshake_state_t * | handshake_state, | ||
| const uint8_t * | reply, | ||
| size_t | reply_len, | ||
| uint8_t * | keys_out, | ||
| size_t | keys_out_len, | ||
| uint8_t * | rend_authenticator_out, | ||
| circuit_params_t * | params_out, | ||
| const char ** | msg_out | ||
| ) |
Perform the final (client-side) step of a circuit-creation handshake of type type, using our state in handshake_state and the server's response in reply. On success, generate keys_out_len bytes worth of key material in keys_out_len, set rend_authenticator_out to the "KH" field that can be used to establish introduction points at this hop, and return 0. On failure, return -1, and set *msg_out to an error message if this is worth complaining to the user about.
Definition at line 462 of file onion_crypto.c.
| int onion_skin_create | ( | int | type, |
| const extend_info_t * | node, | ||
| onion_handshake_state_t * | state_out, | ||
| uint8_t * | onion_skin_out, | ||
| size_t | onion_skin_out_maxlen | ||
| ) |
Perform the first step of a circuit-creation handshake of type type (one of ONION_HANDSHAKE_TYPE_*): generate the initial "onion skin" in onion_skin_out with length of up to onion_skin_out_maxlen, and store any state information in state_out. Return -1 on failure, and the length of the onionskin on acceptance.
Definition at line 132 of file onion_crypto.c.
| int onion_skin_server_handshake | ( | int | type, |
| const uint8_t * | onion_skin, | ||
| size_t | onionskin_len, | ||
| const server_onion_keys_t * | keys, | ||
| const circuit_params_t * | our_ns_params, | ||
| uint8_t * | reply_out, | ||
| size_t | reply_out_maxlen, | ||
| uint8_t * | keys_out, | ||
| size_t | keys_out_len, | ||
| uint8_t * | rend_nonce_out, | ||
| circuit_params_t * | params_out | ||
| ) |
Perform the second (server-side) step of a circuit-creation handshake of type type, responding to the client request in onion_skin using the keys in keys. On success, write our response into reply_out, generate keys_out_len bytes worth of key material in keys_out_len, a hidden service nonce to rend_nonce_out, and return the length of the reply. On failure, return -1.
Definition at line 276 of file onion_crypto.c.
Referenced by cpuworker_onion_handshake_threadfn().
| void server_onion_keys_free_ | ( | server_onion_keys_t * | keys | ) |
Release all storage held in keys.
Definition at line 81 of file onion_crypto.c.
| server_onion_keys_t * server_onion_keys_new | ( | void | ) |
Return a new server_onion_keys_t object with all of the keys and other info we might need to do onion handshakes. (We make a copy of our keys for each cpuworker to avoid race conditions with the main thread, and to avoid locking)
Definition at line 65 of file onion_crypto.c.
|
static |
Definition at line 54 of file onion_crypto.c.
|
static |
Definition at line 55 of file onion_crypto.c.
1.9.4