|
Tor 0.4.9.2-alpha-dev
|
Functions to handle different kinds of circuit extension crypto. More...
#include "core/or/or.h"#include "core/or/extendinfo.h"#include "core/crypto/onion_crypto.h"#include "core/crypto/onion_fast.h"#include "core/crypto/onion_ntor.h"#include "core/crypto/onion_ntor_v3.h"#include "feature/relay/router.h"#include "lib/crypt_ops/crypto_dh.h"#include "lib/crypt_ops/crypto_util.h"#include "feature/relay/routerkeys.h"#include "core/or/congestion_control_common.h"#include "core/crypto/relay_crypto.h"#include "core/or/protover.h"#include "core/or/circuitbuild.h"#include "core/or/crypt_path_st.h"#include "core/or/extend_info_st.h"#include "trunnel/congestion_control.h"#include "trunnel/extension.h"#include "trunnel/subproto_request.h"Go to the source code of this file.
Macros | |
| #define | EXT_TYPE_SUBPROTO 3 |
| #define | NTOR3_VERIFICATION_ARGS NTOR3_CIRC_VERIFICATION, NTOR3_CIRC_VERIFICATION_LEN |
| #define | MAX_KEYS_TMP_LEN (MAX_RELAY_KEY_MATERIAL_LEN + DIGEST_LEN) |
Functions | |
| static void | circuit_params_init (circuit_params_t *params) |
| server_onion_keys_t * | server_onion_keys_new (void) |
| void | server_onion_keys_free_ (server_onion_keys_t *keys) |
| void | onion_handshake_state_release (onion_handshake_state_t *state) |
| int | onion_skin_create (int type, const extend_info_t *node, onion_handshake_state_t *state_out, uint8_t *onion_skin_out, size_t onion_skin_out_maxlen) |
| static bool | subproto_requests_in_order (const trn_subproto_request_t *a, const trn_subproto_request_t *b) |
| static int | relay_process_subproto_ext (const trn_extension_t *ext, circuit_params_t *params_out) |
| static int | negotiate_v3_ntor_server_circ_params (const uint8_t *param_request_msg, size_t param_request_len, const circuit_params_t *our_ns_params, circuit_params_t *params_out, uint8_t **resp_msg_out, size_t *resp_msg_len_out) |
| int | onion_skin_server_handshake (int type, const uint8_t *onion_skin, size_t onionskin_len, const server_onion_keys_t *keys, const circuit_params_t *our_ns_params, uint8_t *reply_out, size_t reply_out_maxlen, uint8_t *keys_out, size_t *keys_len_out, uint8_t *rend_nonce_out, circuit_params_t *params_out) |
| static int | negotiate_v3_ntor_client_circ_params (const uint8_t *param_response_msg, size_t param_response_len, circuit_params_t *params_out) |
| int | onion_skin_client_handshake (int type, const onion_handshake_state_t *handshake_state, const uint8_t *reply, size_t reply_len, uint8_t *keys_out, size_t *keys_len_out, uint8_t *rend_authenticator_out, circuit_params_t *params_out, const char **msg_out) |
| const trn_extension_field_t * | trn_extension_find (const trn_extension_t *ext, uint8_t ext_type) |
Variables | |
| static const uint8_t | NTOR3_CIRC_VERIFICATION [] = "circuit extend" |
| static const size_t | NTOR3_CIRC_VERIFICATION_LEN = 14 |
Functions to handle different kinds of circuit extension crypto.
In this module, we provide a set of abstractions to create a uniform interface over the circuit extension handshakes that Tor has used over the years (CREATE_FAST, ntor, hs_ntor, and ntorv3). These handshakes are implemented in the onion_*.c modules.
All[*] of these handshakes follow a similar pattern: a client, knowing some key from the relay it wants to extend through, generates the first part of a handshake. A relay receives that handshake, and sends a reply. Once the client handles the reply, it knows that it is talking to the right relay, and it shares some freshly negotiated key material with that relay.
We sometimes call the client's part of the handshake an "onionskin". We do this because historically, Onion Routing used a multi-layer structure called an "onion" to construct circuits. Each layer of the onion contained key material chosen by the client, the identity of the next relay in the circuit, and a smaller onion, encrypted with the key of the next relay. When we changed Tor to use a telescoping circuit extension design, it corresponded to sending each layer of the onion separately – as a series of onionskins.
Definition in file onion_crypto.c.
| #define EXT_TYPE_SUBPROTO 3 |
Definition at line 56 of file onion_crypto.c.
| #define MAX_KEYS_TMP_LEN (MAX_RELAY_KEY_MATERIAL_LEN + DIGEST_LEN) |
Definition at line 367 of file onion_crypto.c.
| #define NTOR3_VERIFICATION_ARGS NTOR3_CIRC_VERIFICATION, NTOR3_CIRC_VERIFICATION_LEN |
Definition at line 61 of file onion_crypto.c.
|
static |
Set params to a set of defaults.
These defaults will only change later on if we're using a handshake that has parameter negotiation.
Definition at line 69 of file onion_crypto.c.
|
static |
Takes a param response message from the exit, compares it to our consensus parameters for sanity, and creates output parameters if sane.
Returns -1 on parsing or insane params, 0 if success.
Definition at line 536 of file onion_crypto.c.
|
static |
Takes a param request message from the client, compares it to our consensus parameters, and creates a reply message and output parameters.
This function runs in a worker thread, so it can only inspect arguments and local variables.
Returns 0 if successful. Returns -1 on parsing, parameter failure, or reply creation failure.
Definition at line 313 of file onion_crypto.c.
| void onion_handshake_state_release | ( | onion_handshake_state_t * | state | ) |
Release whatever storage is held in state, depending on its type, and clear its pointer.
Definition at line 113 of file onion_crypto.c.
Referenced by cpath_free().
| int onion_skin_client_handshake | ( | int | type, |
| const onion_handshake_state_t * | handshake_state, | ||
| const uint8_t * | reply, | ||
| size_t | reply_len, | ||
| uint8_t * | keys_out, | ||
| size_t * | keys_len_out, | ||
| uint8_t * | rend_authenticator_out, | ||
| circuit_params_t * | params_out, | ||
| const char ** | msg_out | ||
| ) |
Perform the final (client-side) step of a circuit-creation handshake of type type, using our state in handshake_state and the server's response in reply. On success, generate an appropriate amount of key material in keys_out, set keys_out_len to the amount generated, set rend_authenticator_out to the "KH" field that can be used to establish introduction points at this hop, and return 0. On failure, return -1, and set *msg_out to an error message if this is worth complaining to the user about.
Requires that *keys_len_out of bytes are allocated at keys_out; adjusts *keys_out_len to the number of bytes actually genarated.
Definition at line 590 of file onion_crypto.c.
| int onion_skin_create | ( | int | type, |
| const extend_info_t * | node, | ||
| onion_handshake_state_t * | state_out, | ||
| uint8_t * | onion_skin_out, | ||
| size_t | onion_skin_out_maxlen | ||
| ) |
Perform the first step of a circuit-creation handshake of type type (one of ONION_HANDSHAKE_TYPE_*): generate the initial "onion skin" in onion_skin_out with length of up to onion_skin_out_maxlen, and store any state information in state_out. Return -1 on failure, and the length of the onionskin on acceptance.
Definition at line 146 of file onion_crypto.c.
| int onion_skin_server_handshake | ( | int | type, |
| const uint8_t * | onion_skin, | ||
| size_t | onionskin_len, | ||
| const server_onion_keys_t * | keys, | ||
| const circuit_params_t * | our_ns_params, | ||
| uint8_t * | reply_out, | ||
| size_t | reply_out_maxlen, | ||
| uint8_t * | keys_out, | ||
| size_t * | keys_len_out, | ||
| uint8_t * | rend_nonce_out, | ||
| circuit_params_t * | params_out | ||
| ) |
Perform the second (server-side) step of a circuit-creation handshake of type type, responding to the client request in onion_skin using the keys in keys. On success, write our response into reply_out, generate keys_out_len bytes worth of key material in keys_out_len, a hidden service nonce to rend_nonce_out, and return the length of the reply. On failure, return -1.
Requires that *keys_len_out of bytes are allocated at keys_out; adjusts *keys_out_len to the number of bytes actually genarated.
Definition at line 380 of file onion_crypto.c.
Referenced by cpuworker_onion_handshake_threadfn().
|
static |
Process the SUBPROTO extension, as an OR.
This extension declares one or more subproto capabilities that the relay must implement, and tells it to enable them.
Definition at line 252 of file onion_crypto.c.
Referenced by negotiate_v3_ntor_server_circ_params().
| void server_onion_keys_free_ | ( | server_onion_keys_t * | keys | ) |
Release all storage held in keys.
Definition at line 97 of file onion_crypto.c.
| server_onion_keys_t * server_onion_keys_new | ( | void | ) |
Return a new server_onion_keys_t object with all of the keys and other info we might need to do onion handshakes. (We make a copy of our keys for each cpuworker to avoid race conditions with the main thread, and to avoid locking)
Definition at line 81 of file onion_crypto.c.
|
static |
Definition at line 233 of file onion_crypto.c.
| const trn_extension_field_t * trn_extension_find | ( | const trn_extension_t * | ext, |
| uint8_t | ext_type | ||
| ) |
If there is an extension field of type ext_type in ext, return that field. Otherwise return NULL.
Definition at line 693 of file onion_crypto.c.
Referenced by congestion_control_parse_ext_request(), congestion_control_parse_ext_response(), and relay_process_subproto_ext().
|
static |
Definition at line 58 of file onion_crypto.c.
|
static |
Definition at line 59 of file onion_crypto.c.
1.9.4