diff options
| author | Nick Mathewson <nickm@torproject.org> | 2015-06-19 09:09:49 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-11-03 08:39:28 -0400 |
| commit | b4a5c779014b35d60f4a2ddcec31e7075ad52995 (patch) | |
| tree | a844a09789e2a78be68fdc4e47d082d0d92918c1 /src/or/or.h | |
| parent | 99b3e54691f451b766556391cba6e26120ad7d84 (diff) | |
| download | tor-b4a5c779014b35d60f4a2ddcec31e7075ad52995.tar.gz tor-b4a5c779014b35d60f4a2ddcec31e7075ad52995.zip | |
Verify ed25519 link handshake certificates
This code stores the ed certs as appropriate, and tries to check
them. The Ed25519 result is not yet used, and (because of its
behavior) this will break RSA authenticate cells. That will get
fixed as we go, however.
This should implement 19157, but it needs tests, and it needs
to get wired in.
Diffstat (limited to 'src/or/or.h')
| -rw-r--r-- | src/or/or.h | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/src/or/or.h b/src/or/or.h index 65d40579cb..e6162c5f32 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1386,17 +1386,32 @@ typedef struct listener_connection_t { * signs. */ #define V3_AUTH_BODY_LEN (V3_AUTH_FIXED_PART_LEN + 8 + 16) +/** Structure to hold all the certificates we've received on an OR connection + */ typedef struct or_handshake_certs_t { - /** DOCDOC */ + /** True iff we originated this connection. */ int started_here; - /** The cert for the key that's supposed to sign the AUTHENTICATE cell */ + /** The cert for the 'auth' RSA key that's supposed to sign the AUTHENTICATE + * cell. Signed with the RSA identity key. */ tor_x509_cert_t *auth_cert; - /** DOCDOC */ + /** The cert for the 'link' RSA key that was used to negotiate the TLS + * connection. Signed with the RSA identity key. */ tor_x509_cert_t *link_cert; - /** A self-signed identity certificate */ + /** A self-signed identity certificate: the RSA identity key signed + * with itself. */ tor_x509_cert_t *id_cert; - /** DOCDOC */ - struct tor_cert_st *ed_id_sign_cert; + /** The Ed25519 signing key, signed with the Ed25519 identity key. */ + struct tor_cert_st *ed_id_sign; + /** A digest of the X509 link certificate for the TLS connection, signed + * with the Ed25519 siging key. */ + struct tor_cert_st *ed_sign_link; + /** The Ed25519 authentication key (that's supposed to sign an AUTHENTICATE + * cell) , signed with the Ed25519 siging key. */ + struct tor_cert_st *ed_sign_auth; + /** The Ed25519 identity key, crosssigned with the RSA identity key. */ + uint8_t *ed_rsa_crosscert; + /** The length of <b>ed_rsa_crosscert</b> in bytes */ + size_t ed_rsa_crosscert_len; } or_handshake_certs_t; /** Stores flags and information related to the portion of a v2/v3 Tor OR |