1 files changed, 140 insertions, 0 deletions

diff --git a/src/core/crypto/onion_ntor_v3.h b/src/core/crypto/onion_ntor_v3.h
new file mode 100644
index 0000000000..4449eb237d
--- /dev/null
+++ b/src/core/crypto/onion_ntor_v3.h
@@ -0,0 +1,140 @@
+/* Copyright (c) 2001 Matej Pfajfar.
+ * Copyright (c) 2001-2004, Roger Dingledine.
+ * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
+ * Copyright (c) 2007-2021, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+/**
+ * @file onion_ntor_v3.h
+ * @brief Header for core/crypto/onion_ntor_v3.c
+ **/
+
+#ifndef TOR_CORE_CRYPTO_ONION_NTOR_V3_H
+#define TOR_CORE_CRYPTO_ONION_NTOR_V3_H
+
+#include "lib/cc/torint.h"
+#include "lib/testsupport/testsupport.h"
+#include "lib/crypt_ops/crypto_cipher.h"
+#include "lib/crypt_ops/crypto_curve25519.h"
+#include "lib/crypt_ops/crypto_ed25519.h"
+#include "lib/malloc/malloc.h"
+
+/**
+ * Client-side state held while an ntor v3 handshake is in progress.
+ **/
+typedef struct ntor3_handshake_state_t ntor3_handshake_state_t;
+
+/**
+ * Server-side state held while the relay is handling a client's
+ * encapsulated message, before replying to the v3 handshake.
+ **/
+typedef struct ntor3_server_handshake_state_t ntor3_server_handshake_state_t;
+
+void ntor3_handshake_state_free_(ntor3_handshake_state_t *st);
+#define ntor3_handshake_state_free(ptr) \
+  FREE_AND_NULL(ntor3_handshake_state_t, ntor3_handshake_state_free_, (ptr))
+void ntor3_server_handshake_state_free_(ntor3_server_handshake_state_t *st);
+#define ntor3_server_handshake_state_free(ptr) \
+  FREE_AND_NULL(ntor3_server_handshake_state_t, \
+                ntor3_server_handshake_state_free_, (ptr))
+
+int onion_skin_ntor3_create(const ed25519_public_key_t *relay_id,
+                            const curve25519_public_key_t *relay_key,
+                            const uint8_t *verification,
+                            const size_t verification_len,
+                            const uint8_t *message,
+                            const size_t message_len,
+                            ntor3_handshake_state_t **handshake_state_out,
+                            uint8_t **onion_skin_out,
+                            size_t *onion_skin_len_out);
+
+int onion_ntor3_client_handshake(
+                             const ntor3_handshake_state_t *handshake_state,
+                             const uint8_t *handshake_reply,
+                             size_t reply_len,
+                             const uint8_t *verification,
+                             size_t verification_len,
+                             uint8_t *keys_out,
+                             size_t keys_out_len,
+                             uint8_t **message_out,
+                             size_t *message_len_out);
+
+struct di_digest256_map_t;
+int onion_skin_ntor3_server_handshake_part1(
+                const struct di_digest256_map_t *private_keys,
+                const curve25519_keypair_t *junk_key,
+                const ed25519_public_key_t *my_id,
+                const uint8_t *client_handshake,
+                size_t client_handshake_len,
+                const uint8_t *verification,
+                size_t verification_len,
+                uint8_t **client_message_out,
+                size_t *client_message_len_out,
+                ntor3_server_handshake_state_t **state_out);
+
+int onion_skin_ntor3_server_handshake_part2(
+                const ntor3_server_handshake_state_t *state,
+                const uint8_t *verification,
+                size_t verification_len,
+                const uint8_t *server_message,
+                size_t server_message_len,
+                uint8_t **handshake_out,
+                size_t *handshake_len_out,
+                uint8_t *keys_out,
+                size_t keys_out_len);
+
+#ifdef ONION_NTOR_V3_PRIVATE
+struct ntor3_handshake_state_t {
+  /** Ephemeral (x,X) keypair. */
+  curve25519_keypair_t client_keypair;
+  /** Relay's ed25519 identity key (ID) */
+  ed25519_public_key_t relay_id;
+  /** Relay's public key (B) */
+  curve25519_public_key_t relay_key;
+  /** Shared secret (Bx). */
+  uint8_t bx[CURVE25519_OUTPUT_LEN];
+  /** MAC of the client's encrypted message data (MAC) */
+  uint8_t msg_mac[DIGEST256_LEN];
+};
+
+struct ntor3_server_handshake_state_t {
+  /** Relay's ed25519 identity key (ID) */
+  ed25519_public_key_t my_id;
+  /** Relay's public key (B) */
+  curve25519_public_key_t my_key;
+  /** Client's public ephemeral key (X). */
+  curve25519_public_key_t client_key;
+
+  /** Shared secret (Xb) */
+  uint8_t xb[CURVE25519_OUTPUT_LEN];
+  /** MAC of the client's encrypted message data */
+  uint8_t msg_mac[DIGEST256_LEN];
+};
+
+STATIC int onion_skin_ntor3_create_nokeygen(
+                        const curve25519_keypair_t *client_keypair,
+                        const ed25519_public_key_t *relay_id,
+                        const curve25519_public_key_t *relay_key,
+                        const uint8_t *verification,
+                        const size_t verification_len,
+                        const uint8_t *message,
+                        const size_t message_len,
+                        ntor3_handshake_state_t **handshake_state_out,
+                        uint8_t **onion_skin_out,
+                        size_t *onion_skin_len_out);
+
+STATIC int onion_skin_ntor3_server_handshake_part2_nokeygen(
+                const curve25519_keypair_t *relay_keypair_y,
+                const ntor3_server_handshake_state_t *state,
+                const uint8_t *verification,
+                size_t verification_len,
+                const uint8_t *server_message,
+                size_t server_message_len,
+                uint8_t **handshake_out,
+                size_t *handshake_len_out,
+                uint8_t *keys_out,
+                size_t keys_out_len);
+
+#endif
+
+#endif /* !defined(TOR_CORE_CRYPTO_ONION_NTOR_V3_H) */