Tor 0.4.9.1-alpha-dev
onion_crypto.c
Go to the documentation of this file.
1/* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2021, The Tor Project, Inc. */
5/* See LICENSE for licensing information */
6
7/**
8 * \file onion_crypto.c
9 * \brief Functions to handle different kinds of circuit extension crypto.
10 *
11 * In this module, we provide a set of abstractions to create a uniform
12 * interface over the circuit extension handshakes that Tor has used
13 * over the years (CREATE_FAST, ntor, hs_ntor, and ntorv3).
14 * These handshakes are implemented in the onion_*.c modules.
15 *
16 * All[*] of these handshakes follow a similar pattern: a client, knowing
17 * some key from the relay it wants to extend through, generates the
18 * first part of a handshake. A relay receives that handshake, and sends
19 * a reply. Once the client handles the reply, it knows that it is
20 * talking to the right relay, and it shares some freshly negotiated key
21 * material with that relay.
22 *
23 * We sometimes call the client's part of the handshake an "onionskin".
24 * We do this because historically, Onion Routing used a multi-layer
25 * structure called an "onion" to construct circuits. Each layer of the
26 * onion contained key material chosen by the client, the identity of
27 * the next relay in the circuit, and a smaller onion, encrypted with
28 * the key of the next relay. When we changed Tor to use a telescoping
29 * circuit extension design, it corresponded to sending each layer of the
30 * onion separately -- as a series of onionskins.
31 **/
32
33#include "core/or/or.h"
34#include "core/or/extendinfo.h"
44
46
49
50#include "trunnel/congestion_control.h"
51#include "trunnel/extension.h"
52
53static const uint8_t NTOR3_CIRC_VERIFICATION[] = "circuit extend";
54static const size_t NTOR3_CIRC_VERIFICATION_LEN = 14;
55
56#define NTOR3_VERIFICATION_ARGS \
57 NTOR3_CIRC_VERIFICATION, NTOR3_CIRC_VERIFICATION_LEN
58
59/** Return a new server_onion_keys_t object with all of the keys
60 * and other info we might need to do onion handshakes. (We make a copy of
61 * our keys for each cpuworker to avoid race conditions with the main thread,
62 * and to avoid locking) */
65{
66 if (!get_master_identity_key())
67 return NULL;
68
69 server_onion_keys_t *keys = tor_malloc_zero(sizeof(server_onion_keys_t));
70 memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN);
71 ed25519_pubkey_copy(&keys->my_ed_identity, get_master_identity_key());
72 dup_onion_keys(&keys->onion_key, &keys->last_onion_key);
73 keys->curve25519_key_map = construct_ntor_key_map();
74 keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t));
75 curve25519_keypair_generate(keys->junk_keypair, 0);
76 return keys;
77}
78/** Release all storage held in <b>keys</b>. */
79void
81{
82 if (! keys)
83 return;
84
85 crypto_pk_free(keys->onion_key);
86 crypto_pk_free(keys->last_onion_key);
87 ntor_key_map_free(keys->curve25519_key_map);
88 tor_free(keys->junk_keypair);
89 memwipe(keys, 0, sizeof(server_onion_keys_t));
90 tor_free(keys);
91}
92
93/** Release whatever storage is held in <b>state</b>, depending on its
94 * type, and clear its pointer. */
95void
97{
98 switch (state->tag) {
99 case ONION_HANDSHAKE_TYPE_TAP:
100 break;
101 case ONION_HANDSHAKE_TYPE_FAST:
102 fast_handshake_state_free(state->u.fast);
103 state->u.fast = NULL;
104 break;
105 case ONION_HANDSHAKE_TYPE_NTOR:
106 ntor_handshake_state_free(state->u.ntor);
107 state->u.ntor = NULL;
108 break;
109 case ONION_HANDSHAKE_TYPE_NTOR_V3:
110 ntor3_handshake_state_free(state->u.ntor3);
111 break;
112 default:
113 /* LCOV_EXCL_START
114 * This state should not even exist. */
115 log_warn(LD_BUG, "called with unknown handshake state type %d",
116 (int)state->tag);
118 /* LCOV_EXCL_STOP */
119 }
120}
121
122/** Perform the first step of a circuit-creation handshake of type <b>type</b>
123 * (one of ONION_HANDSHAKE_TYPE_*): generate the initial "onion skin" in
124 * <b>onion_skin_out</b> with length of up to <b>onion_skin_out_maxlen</b>,
125 * and store any state information in <b>state_out</b>.
126 * Return -1 on failure, and the length of the onionskin on acceptance.
127 */
128int
130 const extend_info_t *node,
131 onion_handshake_state_t *state_out,
132 uint8_t *onion_skin_out,
133 size_t onion_skin_out_maxlen)
134{
135 int r = -1;
136
137 switch (type) {
138 case ONION_HANDSHAKE_TYPE_TAP:
139 return -1;
140 case ONION_HANDSHAKE_TYPE_FAST:
141 if (fast_onionskin_create(&state_out->u.fast, onion_skin_out) < 0)
142 return -1;
143
144 r = CREATE_FAST_LEN;
145 break;
146 case ONION_HANDSHAKE_TYPE_NTOR:
147 if (onion_skin_out_maxlen < NTOR_ONIONSKIN_LEN)
148 return -1;
149 if (!extend_info_supports_ntor(node))
150 return -1;
151 if (onion_skin_ntor_create((const uint8_t*)node->identity_digest,
153 &state_out->u.ntor,
154 onion_skin_out) < 0)
155 return -1;
156
158 break;
159 case ONION_HANDSHAKE_TYPE_NTOR_V3:
161 return -1;
163 return -1;
164 size_t msg_len = 0;
165 uint8_t *msg = NULL;
166 if (client_circ_negotiation_message(node, &msg, &msg_len) < 0)
167 return -1;
168 uint8_t *onion_skin = NULL;
169 size_t onion_skin_len = 0;
170 int status = onion_skin_ntor3_create(
171 &node->ed_identity,
173 NTOR3_VERIFICATION_ARGS,
174 msg, msg_len, /* client message */
175 &state_out->u.ntor3,
176 &onion_skin, &onion_skin_len);
177 tor_free(msg);
178 if (status < 0) {
179 return -1;
180 }
181 if (onion_skin_len > onion_skin_out_maxlen) {
182 tor_free(onion_skin);
183 return -1;
184 }
185 memcpy(onion_skin_out, onion_skin, onion_skin_len);
186 tor_free(onion_skin);
187 r = (int) onion_skin_len;
188 break;
189
190 default:
191 /* LCOV_EXCL_START
192 * We should never try to create an impossible handshake type. */
193 log_warn(LD_BUG, "called with unknown handshake state type %d", type);
195 r = -1;
196 /* LCOV_EXCL_STOP */
197 }
198
199 if (r > 0)
200 state_out->tag = (uint16_t) type;
201
202 return r;
203}
204
205/**
206 * Takes a param request message from the client, compares it to our
207 * consensus parameters, and creates a reply message and output
208 * parameters.
209 *
210 * This function runs in a worker thread, so it can only inspect
211 * arguments and local variables.
212 *
213 * Returns 0 if successful.
214 * Returns -1 on parsing, parameter failure, or reply creation failure.
215 */
216static int
217negotiate_v3_ntor_server_circ_params(const uint8_t *param_request_msg,
218 size_t param_request_len,
219 const circuit_params_t *our_ns_params,
220 circuit_params_t *params_out,
221 uint8_t **resp_msg_out,
222 size_t *resp_msg_len_out)
223{
224 int ret;
225
226 /* Parse request. */
227 ret = congestion_control_parse_ext_request(param_request_msg,
228 param_request_len);
229 if (ret < 0) {
230 goto err;
231 }
232 params_out->cc_enabled = ret && our_ns_params->cc_enabled;
233
234 /* Build the response. */
235 ret = congestion_control_build_ext_response(our_ns_params, params_out,
236 resp_msg_out, resp_msg_len_out);
237 if (ret < 0) {
238 goto err;
239 }
240 params_out->sendme_inc_cells = our_ns_params->sendme_inc_cells;
241
242 /* Success. */
243 ret = 0;
244
245 err:
246 return ret;
247}
248
249/* This is the maximum value for keys_out_len passed to
250 * onion_skin_server_handshake, plus 16. We can make it bigger if needed:
251 * It just defines how many bytes to stack-allocate. */
252#define MAX_KEYS_TMP_LEN 128
253
254/** Perform the second (server-side) step of a circuit-creation handshake of
255 * type <b>type</b>, responding to the client request in <b>onion_skin</b>
256 * using the keys in <b>keys</b>. On success, write our response into
257 * <b>reply_out</b>, generate <b>keys_out_len</b> bytes worth of key material
258 * in <b>keys_out_len</b>, a hidden service nonce to <b>rend_nonce_out</b>,
259 * and return the length of the reply. On failure, return -1.
260 */
261int
263 const uint8_t *onion_skin, size_t onionskin_len,
264 const server_onion_keys_t *keys,
265 const circuit_params_t *our_ns_params,
266 uint8_t *reply_out,
267 size_t reply_out_maxlen,
268 uint8_t *keys_out, size_t keys_out_len,
269 uint8_t *rend_nonce_out,
270 circuit_params_t *params_out)
271{
272 int r = -1;
273 memset(params_out, 0, sizeof(*params_out));
274
275 switch (type) {
276 case ONION_HANDSHAKE_TYPE_TAP:
277 return -1;
278 case ONION_HANDSHAKE_TYPE_FAST:
279 if (reply_out_maxlen < CREATED_FAST_LEN)
280 return -1;
281 if (onionskin_len != CREATE_FAST_LEN)
282 return -1;
283 if (fast_server_handshake(onion_skin, reply_out, keys_out, keys_out_len)<0)
284 return -1;
285 r = CREATED_FAST_LEN;
286 memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN);
287 break;
288 case ONION_HANDSHAKE_TYPE_NTOR:
289 if (reply_out_maxlen < NTOR_REPLY_LEN)
290 return -1;
291 if (onionskin_len < NTOR_ONIONSKIN_LEN)
292 return -1;
293 {
294 size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
295 tor_assert(keys_tmp_len <= MAX_KEYS_TMP_LEN);
296 uint8_t keys_tmp[MAX_KEYS_TMP_LEN];
297
299 onion_skin, keys->curve25519_key_map,
300 keys->junk_keypair,
301 keys->my_identity,
302 reply_out, keys_tmp, keys_tmp_len)<0) {
303 /* no need to memwipe here, since the output will never be used */
304 return -1;
305 }
306
307 memcpy(keys_out, keys_tmp, keys_out_len);
308 memcpy(rend_nonce_out, keys_tmp+keys_out_len, DIGEST_LEN);
309 memwipe(keys_tmp, 0, sizeof(keys_tmp));
310 r = NTOR_REPLY_LEN;
311 }
312 break;
313 case ONION_HANDSHAKE_TYPE_NTOR_V3: {
314 size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
315 tor_assert(keys_tmp_len <= MAX_KEYS_TMP_LEN);
316 uint8_t keys_tmp[MAX_KEYS_TMP_LEN];
317 uint8_t *client_msg = NULL;
318 size_t client_msg_len = 0;
319 uint8_t *reply_msg = NULL;
320 size_t reply_msg_len = 0;
321
322 ntor3_server_handshake_state_t *state = NULL;
323
325 keys->curve25519_key_map,
326 keys->junk_keypair,
327 &keys->my_ed_identity,
328 onion_skin, onionskin_len,
329 NTOR3_VERIFICATION_ARGS,
330 &client_msg, &client_msg_len,
331 &state) < 0) {
332 return -1;
333 }
334
336 client_msg_len,
337 our_ns_params,
338 params_out,
339 &reply_msg,
340 &reply_msg_len) < 0) {
341 ntor3_server_handshake_state_free(state);
342 tor_free(client_msg);
343 return -1;
344 }
345 tor_free(client_msg);
346
347 uint8_t *server_handshake = NULL;
348 size_t server_handshake_len = 0;
350 state,
351 NTOR3_VERIFICATION_ARGS,
352 reply_msg, reply_msg_len,
353 &server_handshake, &server_handshake_len,
354 keys_tmp, keys_tmp_len) < 0) {
355 tor_free(reply_msg);
356 ntor3_server_handshake_state_free(state);
357 return -1;
358 }
359 tor_free(reply_msg);
360
361 if (server_handshake_len > reply_out_maxlen) {
362 tor_free(server_handshake);
363 ntor3_server_handshake_state_free(state);
364 return -1;
365 }
366
367 memcpy(keys_out, keys_tmp, keys_out_len);
368 memcpy(rend_nonce_out, keys_tmp+keys_out_len, DIGEST_LEN);
369 memcpy(reply_out, server_handshake, server_handshake_len);
370 memwipe(keys_tmp, 0, keys_tmp_len);
371 memwipe(server_handshake, 0, server_handshake_len);
372 tor_free(server_handshake);
373 ntor3_server_handshake_state_free(state);
374
375 r = (int) server_handshake_len;
376 }
377 break;
378 default:
379 /* LCOV_EXCL_START
380 * We should have rejected this far before this point */
381 log_warn(LD_BUG, "called with unknown handshake state type %d", type);
383 return -1;
384 /* LCOV_EXCL_STOP */
385 }
386
387 return r;
388}
389
390/**
391 * Takes a param response message from the exit, compares it to our
392 * consensus parameters for sanity, and creates output parameters
393 * if sane.
394 *
395 * Returns -1 on parsing or insane params, 0 if success.
396 */
397static int
398negotiate_v3_ntor_client_circ_params(const uint8_t *param_response_msg,
399 size_t param_response_len,
400 circuit_params_t *params_out)
401{
402 int ret = congestion_control_parse_ext_response(param_response_msg,
403 param_response_len,
404 params_out);
405 if (ret < 0) {
406 return -1;
407 }
408
409 /* If congestion control came back enabled, but we didn't ask for it
410 * because the consensus said no, close the circuit.
411 *
412 * This is a fatal error condition for the circuit, because it either
413 * means that congestion control was disabled by the consensus
414 * during the handshake, or the exit decided to send us an unsolicited
415 * congestion control response.
416 *
417 * In either case, we cannot proceed on this circuit, and must try a
418 * new one.
419 */
420 if (ret && !congestion_control_enabled()) {
421 return -1;
422 }
423 params_out->cc_enabled = ret;
424
425 return 0;
426}
427
428/** Perform the final (client-side) step of a circuit-creation handshake of
429 * type <b>type</b>, using our state in <b>handshake_state</b> and the
430 * server's response in <b>reply</b>. On success, generate <b>keys_out_len</b>
431 * bytes worth of key material in <b>keys_out_len</b>, set
432 * <b>rend_authenticator_out</b> to the "KH" field that can be used to
433 * establish introduction points at this hop, and return 0. On failure,
434 * return -1, and set *msg_out to an error message if this is worth
435 * complaining to the user about. */
436int
438 const onion_handshake_state_t *handshake_state,
439 const uint8_t *reply, size_t reply_len,
440 uint8_t *keys_out, size_t keys_out_len,
441 uint8_t *rend_authenticator_out,
442 circuit_params_t *params_out,
443 const char **msg_out)
444{
445 if (handshake_state->tag != type)
446 return -1;
447
448 memset(params_out, 0, sizeof(*params_out));
449
450 switch (type) {
451 case ONION_HANDSHAKE_TYPE_TAP:
452 return -1;
453 case ONION_HANDSHAKE_TYPE_FAST:
454 if (reply_len != CREATED_FAST_LEN) {
455 if (msg_out)
456 *msg_out = "TAP reply was not of the correct length.";
457 return -1;
458 }
459 if (fast_client_handshake(handshake_state->u.fast, reply,
460 keys_out, keys_out_len, msg_out) < 0)
461 return -1;
462
463 memcpy(rend_authenticator_out, reply+DIGEST_LEN, DIGEST_LEN);
464 return 0;
465 case ONION_HANDSHAKE_TYPE_NTOR:
466 if (reply_len < NTOR_REPLY_LEN) {
467 if (msg_out)
468 *msg_out = "ntor reply was not of the correct length.";
469 return -1;
470 }
471 {
472 size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
473 uint8_t *keys_tmp = tor_malloc(keys_tmp_len);
474 if (onion_skin_ntor_client_handshake(handshake_state->u.ntor,
475 reply,
476 keys_tmp, keys_tmp_len, msg_out) < 0) {
477 tor_free(keys_tmp);
478 return -1;
479 }
480 memcpy(keys_out, keys_tmp, keys_out_len);
481 memcpy(rend_authenticator_out, keys_tmp + keys_out_len, DIGEST_LEN);
482 memwipe(keys_tmp, 0, keys_tmp_len);
483 tor_free(keys_tmp);
484 }
485 return 0;
486 case ONION_HANDSHAKE_TYPE_NTOR_V3: {
487 size_t keys_tmp_len = keys_out_len + DIGEST_LEN;
488 uint8_t *keys_tmp = tor_malloc(keys_tmp_len);
489 uint8_t *server_msg = NULL;
490 size_t server_msg_len = 0;
492 handshake_state->u.ntor3,
493 reply, reply_len,
494 NTOR3_VERIFICATION_ARGS,
495 keys_tmp, keys_tmp_len,
496 &server_msg, &server_msg_len);
497 if (r < 0) {
498 tor_free(keys_tmp);
499 tor_free(server_msg);
500 return -1;
501 }
502
504 server_msg_len,
505 params_out) < 0) {
506 tor_free(keys_tmp);
507 tor_free(server_msg);
508 return -1;
509 }
510 tor_free(server_msg);
511
512 memcpy(keys_out, keys_tmp, keys_out_len);
513 memcpy(rend_authenticator_out, keys_tmp + keys_out_len, DIGEST_LEN);
514 memwipe(keys_tmp, 0, keys_tmp_len);
515 tor_free(keys_tmp);
516
517 return 0;
518 }
519 default:
520 log_warn(LD_BUG, "called with unknown handshake state type %d", type);
522 return -1;
523 }
524}
int client_circ_negotiation_message(const extend_info_t *ei, uint8_t **msg_out, size_t *msg_len_out)
Header file for circuitbuild.c.
int congestion_control_build_ext_response(const circuit_params_t *our_params, const circuit_params_t *circ_params, uint8_t **msg_out, size_t *msg_len_out)
int congestion_control_parse_ext_request(const uint8_t *msg, const size_t msg_len)
int congestion_control_parse_ext_response(const uint8_t *msg, const size_t msg_len, circuit_params_t *params_out)
bool congestion_control_enabled(void)
Public APIs for congestion control.
Path structures for origin circuits.
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
Headers for crypto_dh.c.
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_public_key_is_zero(const ed25519_public_key_t *pubkey)
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Common functions for cryptographic routines.
#define DIGEST_LEN
Definition: digest_sizes.h:20
Extend-info structure.
int extend_info_supports_ntor_v3(const extend_info_t *ei)
Definition: extendinfo.c:206
Header for core/or/extendinfo.c.
#define LD_BUG
Definition: log.h:86
#define tor_free(p)
Definition: malloc.h:56
int onion_skin_client_handshake(int type, const onion_handshake_state_t *handshake_state, const uint8_t *reply, size_t reply_len, uint8_t *keys_out, size_t keys_out_len, uint8_t *rend_authenticator_out, circuit_params_t *params_out, const char **msg_out)
Definition: onion_crypto.c:437
static int negotiate_v3_ntor_client_circ_params(const uint8_t *param_response_msg, size_t param_response_len, circuit_params_t *params_out)
Definition: onion_crypto.c:398
int onion_skin_create(int type, const extend_info_t *node, onion_handshake_state_t *state_out, uint8_t *onion_skin_out, size_t onion_skin_out_maxlen)
Definition: onion_crypto.c:129
int onion_skin_server_handshake(int type, const uint8_t *onion_skin, size_t onionskin_len, const server_onion_keys_t *keys, const circuit_params_t *our_ns_params, uint8_t *reply_out, size_t reply_out_maxlen, uint8_t *keys_out, size_t keys_out_len, uint8_t *rend_nonce_out, circuit_params_t *params_out)
Definition: onion_crypto.c:262
void server_onion_keys_free_(server_onion_keys_t *keys)
Definition: onion_crypto.c:80
void onion_handshake_state_release(onion_handshake_state_t *state)
Definition: onion_crypto.c:96
static int negotiate_v3_ntor_server_circ_params(const uint8_t *param_request_msg, size_t param_request_len, const circuit_params_t *our_ns_params, circuit_params_t *params_out, uint8_t **resp_msg_out, size_t *resp_msg_len_out)
Definition: onion_crypto.c:217
server_onion_keys_t * server_onion_keys_new(void)
Definition: onion_crypto.c:64
Header file for onion_crypto.c.
int fast_client_handshake(const fast_handshake_state_t *handshake_state, const uint8_t *handshake_reply_out, uint8_t *key_out, size_t key_out_len, const char **msg_out)
Definition: onion_fast.c:109
int fast_server_handshake(const uint8_t *key_in, uint8_t *handshake_reply_out, uint8_t *key_out, size_t key_out_len)
Definition: onion_fast.c:67
int fast_onionskin_create(fast_handshake_state_t **handshake_state_out, uint8_t *handshake_out)
Definition: onion_fast.c:49
Header file for onion_fast.c.
int onion_skin_ntor_client_handshake(const ntor_handshake_state_t *handshake_state, const uint8_t *handshake_reply, uint8_t *key_out, size_t key_out_len, const char **msg_out)
Definition: onion_ntor.c:254
int onion_skin_ntor_server_handshake(const uint8_t *onion_skin, const di_digest256_map_t *private_keys, const curve25519_keypair_t *junk_keys, const uint8_t *my_node_id, uint8_t *handshake_reply_out, uint8_t *key_out, size_t key_out_len)
Definition: onion_ntor.c:149
int onion_skin_ntor_create(const uint8_t *router_id, const curve25519_public_key_t *router_key, ntor_handshake_state_t **handshake_state_out, uint8_t *onion_skin_out)
Definition: onion_ntor.c:93
Header for onion_ntor.c.
#define NTOR_REPLY_LEN
Definition: onion_ntor.h:25
#define NTOR_ONIONSKIN_LEN
Definition: onion_ntor.h:23
int onion_ntor3_client_handshake(const ntor3_handshake_state_t *handshake_state, const uint8_t *handshake_reply, size_t reply_len, const uint8_t *verification, size_t verification_len, uint8_t *keys_out, size_t keys_out_len, uint8_t **message_out, size_t *message_len_out)
int onion_skin_ntor3_server_handshake_part1(const di_digest256_map_t *private_keys, const curve25519_keypair_t *junk_key, const ed25519_public_key_t *my_id, const uint8_t *client_handshake, size_t client_handshake_len, const uint8_t *verification, size_t verification_len, uint8_t **client_message_out, size_t *client_message_len_out, ntor3_server_handshake_state_t **state_out)
int onion_skin_ntor3_create(const ed25519_public_key_t *relay_id, const curve25519_public_key_t *relay_key, const uint8_t *verification, const size_t verification_len, const uint8_t *message, const size_t message_len, ntor3_handshake_state_t **handshake_state_out, uint8_t **onion_skin_out, size_t *onion_skin_len_out)
int onion_skin_ntor3_server_handshake_part2(const ntor3_server_handshake_state_t *state, const uint8_t *verification, size_t verification_len, const uint8_t *server_message, size_t server_message_len, uint8_t **handshake_out, size_t *handshake_len_out, uint8_t *keys_out, size_t keys_out_len)
Header for core/crypto/onion_ntor_v3.c.
struct ntor3_server_handshake_state_t ntor3_server_handshake_state_t
Definition: onion_ntor_v3.h:31
Master header file for Tor-specific functionality.
const uint8_t * router_get_my_id_digest(void)
Definition: router.c:1776
void dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
Definition: router.c:252
di_digest256_map_t * construct_ntor_key_map(void)
Definition: router.c:324
Header file for router.c.
Header for routerkeys.c.
uint8_t sendme_inc_cells
Definition: onion_crypto.h:36
ed25519_public_key_t ed_identity
char identity_digest[DIGEST_LEN]
curve25519_public_key_t curve25519_onion_key
#define tor_assert(expr)
Definition: util_bug.h:103
#define tor_fragile_assert()
Definition: util_bug.h:278