nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

HSv3: Add subcredential in client auth KDF on the client-side.

Browse Source
This commit is contained in:
George Kadianakis 2018-09-06 16:25:31 +03:00 committed by David Goulet
parent 1e9428dc61
commit 6583d1e709
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/feature/hs/hs_descriptor.c
View File

@ -1427,13 +1427,15 @@ decrypt_descriptor_cookie(const hs_descriptor_t *desc,
sizeof(desc->superencrypted_data.auth_ephemeral_pubkey))); sizeof(desc->superencrypted_data.auth_ephemeral_pubkey)));
tor_assert(!tor_mem_is_zero((char *) client_auth_sk, tor_assert(!tor_mem_is_zero((char *) client_auth_sk,
sizeof(*client_auth_sk))); sizeof(*client_auth_sk)));
tor_assert(!tor_mem_is_zero((char *) desc->subcredential, DIGEST256_LEN));
/* Calculate x25519(client_x, hs_Y) */ /* Calculate x25519(client_x, hs_Y) */
curve25519_handshake(secret_seed, client_auth_sk, curve25519_handshake(secret_seed, client_auth_sk,
&desc->superencrypted_data.auth_ephemeral_pubkey); &desc->superencrypted_data.auth_ephemeral_pubkey);
/* Calculate KEYS = KDF(SECRET_SEED, 40) */ /* Calculate KEYS = KDF(subcredential | SECRET_SEED, 40) */
xof = crypto_xof_new(); xof = crypto_xof_new();
crypto_xof_add_bytes(xof, desc->subcredential, DIGEST256_LEN);
crypto_xof_add_bytes(xof, secret_seed, sizeof(secret_seed)); crypto_xof_add_bytes(xof, secret_seed, sizeof(secret_seed));
crypto_xof_squeeze_bytes(xof, keystream, sizeof(keystream)); crypto_xof_squeeze_bytes(xof, keystream, sizeof(keystream));
crypto_xof_free(xof); crypto_xof_free(xof);
@ -2539,9 +2541,8 @@ hs_desc_decode_plaintext(const char *encoded,
} }
/* Fully decode an encoded descriptor and set a newly allocated descriptor /* Fully decode an encoded descriptor and set a newly allocated descriptor
* object in desc_out. Subcredentials are used if not NULL else it's ignored. * object in desc_out. Client secret key is used to decrypt the "encrypted"
* Client secret key is used to decrypt the "encrypted" section if not NULL * section if not NULL else it's ignored.
* else it's ignored.
* *
* Return 0 on success. A negative value is returned on error and desc_out is * Return 0 on success. A negative value is returned on error and desc_out is
* set to NULL. */ * set to NULL. */
@ -2558,8 +2559,9 @@ hs_desc_decode_descriptor(const char *encoded,
desc = tor_malloc_zero(sizeof(hs_descriptor_t)); desc = tor_malloc_zero(sizeof(hs_descriptor_t));
/* Subcredentials are optional. */ /* Subcredentials are not optional. */
if (BUG(!subcredential)) { if (BUG(!subcredential ||
tor_mem_is_zero((char*)subcredential, DIGEST256_LEN))) {
log_warn(LD_GENERAL, "Tried to decrypt without subcred. Impossible!"); log_warn(LD_GENERAL, "Tried to decrypt without subcred. Impossible!");
goto err; goto err;
} }

3
src/feature/hs/hs_descriptor.h
View File

@ -303,7 +303,8 @@ link_specifier_t *hs_desc_lspec_to_trunnel(
const hs_desc_link_specifier_t *spec); const hs_desc_link_specifier_t *spec);
hs_desc_authorized_client_t *hs_desc_build_fake_authorized_client(void); hs_desc_authorized_client_t *hs_desc_build_fake_authorized_client(void);
void hs_desc_build_authorized_client(const curve25519_public_key_t * void hs_desc_build_authorized_client(const uint8_t *subcredential,
const curve25519_public_key_t *
client_auth_pk, client_auth_pk,
const curve25519_secret_key_t * const curve25519_secret_key_t *
auth_ephemeral_sk, auth_ephemeral_sk,