src/core/crypto/onion_ntor_v3.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

/* Copyright (c) 2001 Matej Pfajfar.
 * Copyright (c) 2001-2004, Roger Dingledine.
 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
 * Copyright (c) 2007-2021, The Tor Project, Inc. */
/* See LICENSE for licensing information */

/**
 * @file onion_ntor_v3.h
 * @brief Header for core/crypto/onion_ntor_v3.c
 **/

#ifndef TOR_CORE_CRYPTO_ONION_NTOR_V3_H
#define TOR_CORE_CRYPTO_ONION_NTOR_V3_H

#include "lib/cc/torint.h"
#include "lib/testsupport/testsupport.h"
#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/crypt_ops/crypto_curve25519.h"
#include "lib/crypt_ops/crypto_ed25519.h"
#include "lib/malloc/malloc.h"

/**
 * Client-side state held while an ntor v3 handshake is in progress.
 **/
typedef struct ntor3_handshake_state_t ntor3_handshake_state_t;

/**
 * Server-side state held while the relay is handling a client's
 * encapsulated message, before replying to the v3 handshake.
 **/
typedef struct ntor3_server_handshake_state_t ntor3_server_handshake_state_t;

void ntor3_handshake_state_free_(ntor3_handshake_state_t *st);
#define ntor3_handshake_state_free(ptr) \
  FREE_AND_NULL(ntor3_handshake_state_t, ntor3_handshake_state_free_, (ptr))
void ntor3_server_handshake_state_free_(ntor3_server_handshake_state_t *st);
#define ntor3_server_handshake_state_free(ptr) \
  FREE_AND_NULL(ntor3_server_handshake_state_t, \
                ntor3_server_handshake_state_free_, (ptr))

int onion_skin_ntor3_create(const ed25519_public_key_t *relay_id,
                            const curve25519_public_key_t *relay_key,
                            const uint8_t *verification,
                            const size_t verification_len,
                            const uint8_t *message,
                            const size_t message_len,
                            ntor3_handshake_state_t **handshake_state_out,
                            uint8_t **onion_skin_out,
                            size_t *onion_skin_len_out);

int onion_ntor3_client_handshake(
                             const ntor3_handshake_state_t *handshake_state,
                             const uint8_t *handshake_reply,
                             size_t reply_len,
                             const uint8_t *verification,
                             size_t verification_len,
                             uint8_t *keys_out,
                             size_t keys_out_len,
                             uint8_t **message_out,
                             size_t *message_len_out);

struct di_digest256_map_t;
int onion_skin_ntor3_server_handshake_part1(
                const struct di_digest256_map_t *private_keys,
                const curve25519_keypair_t *junk_key,
                const ed25519_public_key_t *my_id,
                const uint8_t *client_handshake,
                size_t client_handshake_len,
                const uint8_t *verification,
                size_t verification_len,
                uint8_t **client_message_out,
                size_t *client_message_len_out,
                ntor3_server_handshake_state_t **state_out);

int onion_skin_ntor3_server_handshake_part2(
                const ntor3_server_handshake_state_t *state,
                const uint8_t *verification,
                size_t verification_len,
                const uint8_t *server_message,
                size_t server_message_len,
                uint8_t **handshake_out,
                size_t *handshake_len_out,
                uint8_t *keys_out,
                size_t keys_out_len);

#ifdef ONION_NTOR_V3_PRIVATE
struct ntor3_handshake_state_t {
  /** Ephemeral (x,X) keypair. */
  curve25519_keypair_t client_keypair;
  /** Relay's ed25519 identity key (ID) */
  ed25519_public_key_t relay_id;
  /** Relay's public key (B) */
  curve25519_public_key_t relay_key;
  /** Shared secret (Bx). */
  uint8_t bx[CURVE25519_OUTPUT_LEN];
  /** MAC of the client's encrypted message data (MAC) */
  uint8_t msg_mac[DIGEST256_LEN];
};

struct ntor3_server_handshake_state_t {
  /** Relay's ed25519 identity key (ID) */
  ed25519_public_key_t my_id;
  /** Relay's public key (B) */
  curve25519_public_key_t my_key;
  /** Client's public ephemeral key (X). */
  curve25519_public_key_t client_key;

  /** Shared secret (Xb) */
  uint8_t xb[CURVE25519_OUTPUT_LEN];
  /** MAC of the client's encrypted message data */
  uint8_t msg_mac[DIGEST256_LEN];
};

STATIC int onion_skin_ntor3_create_nokeygen(
                        const curve25519_keypair_t *client_keypair,
                        const ed25519_public_key_t *relay_id,
                        const curve25519_public_key_t *relay_key,
                        const uint8_t *verification,
                        const size_t verification_len,
                        const uint8_t *message,
                        const size_t message_len,
                        ntor3_handshake_state_t **handshake_state_out,
                        uint8_t **onion_skin_out,
                        size_t *onion_skin_len_out);

STATIC int onion_skin_ntor3_server_handshake_part2_nokeygen(
                const curve25519_keypair_t *relay_keypair_y,
                const ntor3_server_handshake_state_t *state,
                const uint8_t *verification,
                size_t verification_len,
                const uint8_t *server_message,
                size_t server_message_len,
                uint8_t **handshake_out,
                size_t *handshake_len_out,
                uint8_t *keys_out,
                size_t keys_out_len);

#endif

#endif /* !defined(TOR_CORE_CRYPTO_ONION_NTOR_V3_H) */