nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-13 06:33:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

r16410@catbus: nickm | 2007-11-05 10:54:29 -0500

Browse Source 
Code to remember client_random and server_random values, and to compute hmac using TLS master secret.


svn:r12381
This commit is contained in:
Nick Mathewson 2007-11-05 18:15:47 +00:00
parent e94fad36ac
commit 22c31d91ab
4 changed files with 53 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
src/common/tortls.c
View File

@ -20,6 +20,7 @@ const char tortls_c_id[] =
#include <assert.h> #include <assert.h>
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/ssl3.h>
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/tls1.h> #include <openssl/tls1.h>
#include <openssl/asn1.h> #include <openssl/asn1.h>
@ -896,3 +897,39 @@ tor_tls_used_v1_handshake(tor_tls_t *tls)
return 1; return 1;
} }
#if SSL3_RANDOM_SIZE != TOR_TLS_RANDOM_LEN
#error "The TOR_TLS_RANDOM_LEN macro is defined incorrectly. That's a bug."
#endif
/** DOCDOC */
int
tor_tls_get_random_values(tor_tls_t *tls, char *client_random_out,
char *server_random_out)
{
tor_assert(tls && tls->ssl);
if (!tls->ssl->s3)
return -1;
memcpy(client_random_out, tls->ssl->s3->client_random, SSL3_RANDOM_SIZE);
memcpy(server_random_out, tls->ssl->s3->server_random, SSL3_RANDOM_SIZE);
return 0;
}
/** DOCDOC */
int
tor_tls_hmac_with_master_secret(tor_tls_t *tls, char *hmac_out,
const char *data, size_t data_len)
{
SSL_SESSION *s;
tor_assert(tls && tls->ssl);
if (!(s = SSL_get_session(tls->ssl)))
return -1;
if (s->master_key_length < 0)
return -1;
crypto_hmac_sha1(hmac_out,
(const char*)s->master_key,
(size_t)s->master_key_length,
data, data_len);
return 0;
}

7
src/common/tortls.h
View File

@ -41,6 +41,9 @@ typedef struct tor_tls_t tor_tls_t;
case TOR_TLS_ERROR_NO_ROUTE: \ case TOR_TLS_ERROR_NO_ROUTE: \
case TOR_TLS_ERROR_TIMEOUT case TOR_TLS_ERROR_TIMEOUT
/**DOCDOC*/
#define TOR_TLS_RANDOM_LEN 32
#define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE) #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
void tor_tls_free_all(void); void tor_tls_free_all(void);
@ -65,6 +68,10 @@ void tor_tls_get_n_raw_bytes(tor_tls_t *tls,
size_t *n_read, size_t *n_written); size_t *n_read, size_t *n_written);
int tor_tls_used_v1_handshake(tor_tls_t *tls); int tor_tls_used_v1_handshake(tor_tls_t *tls);
int tor_tls_get_random_values(tor_tls_t *tls, char *client_random_out,
char *server_random_out);
int tor_tls_hmac_with_master_secret(tor_tls_t *tls, char *hmac_out,
const char *data, size_t data_len);
/* Log and abort if there are unhandled TLS errors in OpenSSL's error stack. /* Log and abort if there are unhandled TLS errors in OpenSSL's error stack.
*/ */

9
src/or/connection_or.c
View File

@ -728,7 +728,7 @@ connection_tls_finish_handshake(or_connection_t *conn)
if (connection_or_check_valid_handshake(conn, started_here, digest_rcvd) < 0) if (connection_or_check_valid_handshake(conn, started_here, digest_rcvd) < 0)
return -1; return -1;
if (!started_here) { if (!started_here) { /* V1 only XXX020 */
connection_or_init_conn_from_address(conn,conn->_base.addr, connection_or_init_conn_from_address(conn,conn->_base.addr,
conn->_base.port, digest_rcvd, 0); conn->_base.port, digest_rcvd, 0);
} }
@ -741,10 +741,16 @@ connection_tls_finish_handshake(or_connection_t *conn)
} else { } else {
conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING; conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING;
conn->handshake_state = tor_malloc_zero(sizeof(or_handshake_state_t)); conn->handshake_state = tor_malloc_zero(sizeof(or_handshake_state_t));
conn->handshake_state->started_here = started_here ? 1 : 0;
if (tor_tls_get_random_values(conn->tls,
conn->handshake_state->client_random,
conn->handshake_state->server_random) < 0)
return -1;
return connection_or_send_versions(conn); return connection_or_send_versions(conn);
} }
} }
/** DOCDOC */ /** DOCDOC */
void void
or_handshake_state_free(or_handshake_state_t *state) or_handshake_state_free(or_handshake_state_t *state)
@ -752,6 +758,7 @@ or_handshake_state_free(or_handshake_state_t *state)
tor_assert(state); tor_assert(state);
if (state->signing_key) if (state->signing_key)
crypto_free_pk_env(state->signing_key); crypto_free_pk_env(state->signing_key);
memset(state, 0xBE, sizeof(or_handshake_state_t));
tor_free(state); tor_free(state);
} }

2
src/or/or.h
View File

@ -861,6 +861,7 @@ typedef struct connection_t {
/** DOCDOC */ /** DOCDOC */
typedef struct or_handshake_state_t { typedef struct or_handshake_state_t {
time_t sent_versions_at; time_t sent_versions_at;
unsigned int started_here : 1;
unsigned int received_versions : 1; unsigned int received_versions : 1;
unsigned int received_netinfo : 1; unsigned int received_netinfo : 1;
unsigned int received_certs : 1; unsigned int received_certs : 1;
@ -878,7 +879,6 @@ typedef struct or_handshake_state_t {
/* from certs */ /* from certs */
char cert_id_digest[DIGEST_LEN]; char cert_id_digest[DIGEST_LEN];
crypto_pk_env_t *signing_key; crypto_pk_env_t *signing_key;
} or_handshake_state_t; } or_handshake_state_t;
/** Subtype of connection_t for an "OR connection" -- that is, one that speaks /** Subtype of connection_t for an "OR connection" -- that is, one that speaks