onion_ntor_v3.h (5571B)
1 /* Copyright (c) 2001 Matej Pfajfar. 2 * Copyright (c) 2001-2004, Roger Dingledine. 3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. 4 * Copyright (c) 2007-2021, The Tor Project, Inc. */ 5 /* See LICENSE for licensing information */ 6 7 /** 8 * @file onion_ntor_v3.h 9 * @brief Header for core/crypto/onion_ntor_v3.c 10 **/ 11 12 #ifndef TOR_CORE_CRYPTO_ONION_NTOR_V3_H 13 #define TOR_CORE_CRYPTO_ONION_NTOR_V3_H 14 15 #include "lib/cc/torint.h" 16 #include "lib/testsupport/testsupport.h" 17 #include "lib/crypt_ops/crypto_cipher.h" 18 #include "lib/crypt_ops/crypto_curve25519.h" 19 #include "lib/crypt_ops/crypto_ed25519.h" 20 #include "lib/malloc/malloc.h" 21 22 /** 23 * Client-side state held while an ntor v3 handshake is in progress. 24 **/ 25 typedef struct ntor3_handshake_state_t ntor3_handshake_state_t; 26 27 /** 28 * Server-side state held while the relay is handling a client's 29 * encapsulated message, before replying to the v3 handshake. 30 **/ 31 typedef struct ntor3_server_handshake_state_t ntor3_server_handshake_state_t; 32 33 void ntor3_handshake_state_free_(ntor3_handshake_state_t *st); 34 #define ntor3_handshake_state_free(ptr) \ 35 FREE_AND_NULL(ntor3_handshake_state_t, ntor3_handshake_state_free_, (ptr)) 36 void ntor3_server_handshake_state_free_(ntor3_server_handshake_state_t *st); 37 #define ntor3_server_handshake_state_free(ptr) \ 38 FREE_AND_NULL(ntor3_server_handshake_state_t, \ 39 ntor3_server_handshake_state_free_, (ptr)) 40 41 int onion_skin_ntor3_create(const ed25519_public_key_t *relay_id, 42 const curve25519_public_key_t *relay_key, 43 const uint8_t *verification, 44 const size_t verification_len, 45 const uint8_t *message, 46 const size_t message_len, 47 ntor3_handshake_state_t **handshake_state_out, 48 uint8_t **onion_skin_out, 49 size_t *onion_skin_len_out); 50 51 int onion_ntor3_client_handshake( 52 const ntor3_handshake_state_t *handshake_state, 53 const uint8_t *handshake_reply, 54 size_t reply_len, 55 const uint8_t *verification, 56 size_t verification_len, 57 uint8_t *keys_out, 58 size_t keys_out_len, 59 uint8_t **message_out, 60 size_t *message_len_out); 61 62 struct di_digest256_map_t; 63 int onion_skin_ntor3_server_handshake_part1( 64 const struct di_digest256_map_t *private_keys, 65 const curve25519_keypair_t *junk_key, 66 const ed25519_public_key_t *my_id, 67 const uint8_t *client_handshake, 68 size_t client_handshake_len, 69 const uint8_t *verification, 70 size_t verification_len, 71 uint8_t **client_message_out, 72 size_t *client_message_len_out, 73 ntor3_server_handshake_state_t **state_out); 74 75 int onion_skin_ntor3_server_handshake_part2( 76 const ntor3_server_handshake_state_t *state, 77 const uint8_t *verification, 78 size_t verification_len, 79 const uint8_t *server_message, 80 size_t server_message_len, 81 uint8_t **handshake_out, 82 size_t *handshake_len_out, 83 uint8_t *keys_out, 84 size_t keys_out_len); 85 86 #ifdef ONION_NTOR_V3_PRIVATE 87 struct ntor3_handshake_state_t { 88 /** Ephemeral (x,X) keypair. */ 89 curve25519_keypair_t client_keypair; 90 /** Relay's ed25519 identity key (ID) */ 91 ed25519_public_key_t relay_id; 92 /** Relay's public key (B) */ 93 curve25519_public_key_t relay_key; 94 /** Shared secret (Bx). */ 95 uint8_t bx[CURVE25519_OUTPUT_LEN]; 96 /** MAC of the client's encrypted message data (MAC) */ 97 uint8_t msg_mac[DIGEST256_LEN]; 98 }; 99 100 struct ntor3_server_handshake_state_t { 101 /** Relay's ed25519 identity key (ID) */ 102 ed25519_public_key_t my_id; 103 /** Relay's public key (B) */ 104 curve25519_public_key_t my_key; 105 /** Client's public ephemeral key (X). */ 106 curve25519_public_key_t client_key; 107 108 /** Shared secret (Xb) */ 109 uint8_t xb[CURVE25519_OUTPUT_LEN]; 110 /** MAC of the client's encrypted message data */ 111 uint8_t msg_mac[DIGEST256_LEN]; 112 }; 113 114 STATIC int onion_skin_ntor3_create_nokeygen( 115 const curve25519_keypair_t *client_keypair, 116 const ed25519_public_key_t *relay_id, 117 const curve25519_public_key_t *relay_key, 118 const uint8_t *verification, 119 const size_t verification_len, 120 const uint8_t *message, 121 const size_t message_len, 122 ntor3_handshake_state_t **handshake_state_out, 123 uint8_t **onion_skin_out, 124 size_t *onion_skin_len_out); 125 126 STATIC int onion_skin_ntor3_server_handshake_part2_nokeygen( 127 const curve25519_keypair_t *relay_keypair_y, 128 const ntor3_server_handshake_state_t *state, 129 const uint8_t *verification, 130 size_t verification_len, 131 const uint8_t *server_message, 132 size_t server_message_len, 133 uint8_t **handshake_out, 134 size_t *handshake_len_out, 135 uint8_t *keys_out, 136 size_t keys_out_len); 137 138 #endif 139 140 #endif /* !defined(TOR_CORE_CRYPTO_ONION_NTOR_V3_H) */