Code to send correct authentication data when we are using AUTHTYPE>2

Implements the major part of 19156, except doesn't actually send the
new cell type yet.

src/or/channeltls.c

@@ -2170,7 +2170,8 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
 
   ssize_t bodylen =
     connection_or_compute_authenticate_cell_body(
-                        chan->conn, expected, sizeof(expected), NULL, 1);
+                chan->conn, expected, sizeof(expected),
+                AUTHTYPE_RSA_SHA256_TLSSECRET, NULL, NULL, 1);
   if (bodylen < 0 || bodylen != V3_AUTH_FIXED_PART_LEN)
     ERR("Couldn't compute expected AUTHENTICATE cell body");
 

src/or/connection_or.c

@@ -2312,7 +2312,9 @@ connection_or_send_auth_challenge_cell(or_connection_t *conn)
 int
 connection_or_compute_authenticate_cell_body(or_connection_t *conn,
                                              uint8_t *out, size_t outlen,
+                                             const int authtype,
                                              crypto_pk_t *signing_key,
+                                             ed25519_keypair_t *ed_signing_key,
                                              int server)
 {
   auth1_t *auth = NULL;
@@ -2322,7 +2324,6 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
   const char *authtype_str = NULL;
 
   int is_ed = 0;
-  const int authtype = 1; /* XXXX this should be an argument. */
 
   /* assert state is reasonable XXXX */
   switch (authtype) {
@@ -2343,6 +2344,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
   }
 
   auth = auth1_new();
+  ctx->is_ed = is_ed;
 
   /* Type: 8 bytes. */
   memcpy(auth1_getarray_type(auth), authtype_str, 8);
@@ -2371,6 +2373,20 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
     memcpy(auth->sid, server_id, 32);
   }
 
+  if (is_ed) {
+    const ed25519_public_key_t *my_ed_id, *their_ed_id;
+    if (!conn->handshake_state->ed_id_sign_cert)
+      goto err;
+    my_ed_id = get_master_identity_key();
+    their_ed_id = &conn->handshake_state->ed_id_sign_cert->signing_key;
+
+    const uint8_t *cid_ed = (server ? their_ed_id : my_ed_id)->pubkey;
+    const uint8_t *sid_ed = (server ? my_ed_id : their_ed_id)->pubkey;
+
+    memcpy(auth->u1_cid_ed, cid_ed, ED25519_PUBKEY_LEN);
+    memcpy(auth->u1_sid_ed, sid_ed, ED25519_PUBKEY_LEN);
+  }
+
   {
     crypto_digest_t *server_d, *client_d;
     if (server) {
@@ -2450,7 +2466,14 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
     goto done;
   }
 
-  if (signing_key) {
+  if (ed_signing_key && is_ed) {
+    ed25519_signature_t sig;
+    if (ed25519_sign(&sig, out, len, ed_signing_key) < 0)
+      goto err;
+    auth1_setlen_sig(auth, ED25519_SIG_LEN);
+    memcpy(auth1_getarray_sig(auth), sig.sig, ED25519_SIG_LEN);
+
+  } else if (signing_key && !is_ed) {
     auth1_setlen_sig(auth, crypto_pk_keysize(signing_key));
 
     char d[32];
@@ -2466,12 +2489,14 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn,
 
     auth1_setlen_sig(auth, siglen);
 
-    len = auth1_encode(out, outlen, auth, ctx);
-    if (len < 0) {
-      log_warn(LD_OR, "Unable to encode signed AUTH1 data.");
-      goto err;
-    }
   }
+
+  len = auth1_encode(out, outlen, auth, ctx);
+  if (len < 0) {
+    log_warn(LD_OR, "Unable to encode signed AUTH1 data.");
+    goto err;
+  }
+
   result = (int) len;
   goto done;
 
@@ -2504,6 +2529,7 @@ connection_or_send_authenticate_cell,(or_connection_t *conn, int authtype))
     return -1;
   }
 
+  /* XXXX stop precomputing this. */
   cell_maxlen = 4 + /* overhead */
     V3_AUTH_BODY_LEN + /* Authentication body */
     crypto_pk_keysize(pk) + /* Max signature length */
@@ -2517,7 +2543,9 @@ connection_or_send_authenticate_cell,(or_connection_t *conn, int authtype))
   authlen = connection_or_compute_authenticate_cell_body(conn,
                                                          cell->payload+4,
                                                          cell_maxlen-4,
+                                             AUTHTYPE_RSA_SHA256_TLSSECRET,
                                                          pk,
+                                                         NULL,
                                                          0 /* not server */);
   if (authlen < 0) {
     log_warn(LD_BUG, "Unable to compute authenticate cell!");

src/or/connection_or.h

@@ -85,9 +85,11 @@ MOCK_DECL(int,connection_or_send_netinfo,(or_connection_t *conn));
 int connection_or_send_certs_cell(or_connection_t *conn);
 int connection_or_send_auth_challenge_cell(or_connection_t *conn);
 int connection_or_compute_authenticate_cell_body(or_connection_t *conn,
-                                                 uint8_t *out, size_t outlen,
+                                             uint8_t *out, size_t outlen,
-                                                 crypto_pk_t *signing_key,
+                                             const int authtype,
-                                                 int server);
+                                             crypto_pk_t *signing_key,
+                                             ed25519_keypair_t *ed_signing_key,
+                                             int server);
 MOCK_DECL(int,connection_or_send_authenticate_cell,
           (or_connection_t *conn, int type));
 

src/or/or.h

@@ -1445,6 +1445,8 @@ typedef struct or_handshake_state_t {
   tor_x509_cert_t *auth_cert;
   /** A self-signed identity certificate */
   tor_x509_cert_t *id_cert;
+  /** DOCDOC */
+  struct tor_cert_st *ed_id_sign_cert;
   /**@}*/
 } or_handshake_state_t;