Code to send correct authentication data when we are using AUTHTYPE>2

Implements the major part of 19156, except doesn't actually send the new cell type yet.
2024-09-21 13:34:59 +02:00 · 2015-05-16 12:09:25 -04:00 · 2015-05-16 12:09:25 -04:00 · 2bf6553949
commit 2bf6553949
parent b004ff45d7
4 changed files with 44 additions and 11 deletions
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@ -2170,7 +2170,8 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)

  ssize_t bodylen =
    connection_or_compute_authenticate_cell_body(
-                        chan->conn, expected, sizeof(expected), NULL, 1);
+                chan->conn, expected, sizeof(expected),
+                AUTHTYPE_RSA_SHA256_TLSSECRET, NULL, NULL, 1);
  if (bodylen < 0 || bodylen != V3_AUTH_FIXED_PART_LEN)
    ERR("Couldn't compute expected AUTHENTICATE cell body");

--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@ -2312,7 +2312,9 @@ connection_or_send_auth_challenge_cell(or_connection_t *conn)
 int
 connection_or_compute_authenticate_cell_body(or_connection_t *conn,
                                             uint8_t *out, size_t outlen,
+                                             const int authtype,
                                             crypto_pk_t *signing_key,
+                                             ed25519_keypair_t *ed_signing_key,
                                             int server)
 {
  auth1_t *auth = NULL;
@ -2322,7 +2324,6 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
  const char *authtype_str = NULL;

  int is_ed = 0;
-  const int authtype = 1; /* XXXX this should be an argument. */

  /* assert state is reasonable XXXX */
  switch (authtype) {
@ -2343,6 +2344,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
  }

  auth = auth1_new();
+  ctx->is_ed = is_ed;

  /* Type: 8 bytes. */
  memcpy(auth1_getarray_type(auth), authtype_str, 8);
@ -2371,6 +2373,20 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
    memcpy(auth->sid, server_id, 32);
  }

+  if (is_ed) {
+    const ed25519_public_key_t *my_ed_id, *their_ed_id;
+    if (!conn->handshake_state->ed_id_sign_cert)
+      goto err;
+    my_ed_id = get_master_identity_key();
+    their_ed_id = &conn->handshake_state->ed_id_sign_cert->signing_key;
+
+    const uint8_t *cid_ed = (server ? their_ed_id : my_ed_id)->pubkey;
+    const uint8_t *sid_ed = (server ? my_ed_id : their_ed_id)->pubkey;
+
+    memcpy(auth->u1_cid_ed, cid_ed, ED25519_PUBKEY_LEN);
+    memcpy(auth->u1_sid_ed, sid_ed, ED25519_PUBKEY_LEN);
+  }
+
  {
    crypto_digest_t *server_d, *client_d;
    if (server) {
@ -2450,7 +2466,14 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
    goto done;
  }

-  if (signing_key) {
+  if (ed_signing_key && is_ed) {
+    ed25519_signature_t sig;
+    if (ed25519_sign(&sig, out, len, ed_signing_key) < 0)
+      goto err;
+    auth1_setlen_sig(auth, ED25519_SIG_LEN);
+    memcpy(auth1_getarray_sig(auth), sig.sig, ED25519_SIG_LEN);
+
+  } else if (signing_key && !is_ed) {
    auth1_setlen_sig(auth, crypto_pk_keysize(signing_key));

    char d[32];
@ -2466,12 +2489,14 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,

    auth1_setlen_sig(auth, siglen);

-    len = auth1_encode(out, outlen, auth, ctx);
-    if (len < 0) {
-      log_warn(LD_OR, "Unable to encode signed AUTH1 data.");
-      goto err;
-    }
  }
+
+  len = auth1_encode(out, outlen, auth, ctx);
+  if (len < 0) {
+    log_warn(LD_OR, "Unable to encode signed AUTH1 data.");
+    goto err;
+  }
+
  result = (int) len;
  goto done;

@ -2504,6 +2529,7 @@ connection_or_send_authenticate_cell,(or_connection_t *conn, int authtype))
    return -1;
  }

+  /* XXXX stop precomputing this. */
  cell_maxlen = 4 + /* overhead */
    V3_AUTH_BODY_LEN + /* Authentication body */
    crypto_pk_keysize(pk) + /* Max signature length */
@ -2517,7 +2543,9 @@ connection_or_send_authenticate_cell,(or_connection_t *conn, int authtype))
  authlen = connection_or_compute_authenticate_cell_body(conn,
                                                         cell->payload+4,
                                                         cell_maxlen-4,
+                                             AUTHTYPE_RSA_SHA256_TLSSECRET,
                                                         pk,
+                                                         NULL,
                                                         0 /* not server */);
  if (authlen < 0) {
    log_warn(LD_BUG, "Unable to compute authenticate cell!");
--- a/src/or/connection_or.h
+++ b/src/or/connection_or.h
@ -85,9 +85,11 @@ MOCK_DECL(int,connection_or_send_netinfo,(or_connection_t *conn));
 int connection_or_send_certs_cell(or_connection_t *conn);
 int connection_or_send_auth_challenge_cell(or_connection_t *conn);
 int connection_or_compute_authenticate_cell_body(or_connection_t *conn,
-                                                 uint8_t *out, size_t outlen,
-                                                 crypto_pk_t *signing_key,
-                                                 int server);
+                                             uint8_t *out, size_t outlen,
+                                             const int authtype,
+                                             crypto_pk_t *signing_key,
+                                             ed25519_keypair_t *ed_signing_key,
+                                             int server);
 MOCK_DECL(int,connection_or_send_authenticate_cell,
          (or_connection_t *conn, int type));

--- a/src/or/or.h
+++ b/src/or/or.h
@ -1445,6 +1445,8 @@ typedef struct or_handshake_state_t {
  tor_x509_cert_t *auth_cert;
  /** A self-signed identity certificate */
  tor_x509_cert_t *id_cert;
+  /** DOCDOC */
+  struct tor_cert_st *ed_id_sign_cert;
  /**@}*/
 } or_handshake_state_t;