mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 20:33:31 +01:00
Refactor the HS ntor key expansion to fit the e2e circuit API.
We want to use the circuit_init_cpath_crypto() function to setup our cpath, and that function accepts a key array as input. So let's make our HS ntor key expansion function also return a key array as output, instead of a struct. Also, we actually don't need KH from the key expansion, so the key expansion output can be one DIGEST256_LEN shorter. See here for more info: https://trac.torproject.org/projects/tor/ticket/22052#comment:3
This commit is contained in:
parent
f8dc1164ba
commit
ba928e1ac8
@ -578,49 +578,28 @@ hs_ntor_client_rendezvous2_mac_is_good(
|
||||
|
||||
/* Input length to KDF for key expansion */
|
||||
#define NTOR_KEY_EXPANSION_KDF_INPUT_LEN (DIGEST256_LEN + M_HSEXPAND_LEN)
|
||||
/* Output length of KDF for key expansion */
|
||||
#define NTOR_KEY_EXPANSION_KDF_OUTPUT_LEN (DIGEST256_LEN*3+CIPHER256_KEY_LEN*2)
|
||||
|
||||
/** Given the rendezvous key material in <b>hs_ntor_rend_cell_keys</b>, do the
|
||||
* circuit key expansion as specified by section '4.2.1. Key expansion' and
|
||||
* return a hs_ntor_rend_circuit_keys_t structure with the computed keys. */
|
||||
hs_ntor_rend_circuit_keys_t *
|
||||
hs_ntor_circuit_key_expansion(
|
||||
const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys)
|
||||
/** Given the rendezvous key seed in <b>ntor_key_seed</b> (of size
|
||||
* DIGEST256_LEN), do the circuit key expansion as specified by section
|
||||
* '4.2.1. Key expansion' and place the keys in <b>keys_out</b> (which must be
|
||||
* of size HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN). */
|
||||
void
|
||||
hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, uint8_t *keys_out)
|
||||
{
|
||||
uint8_t *ptr;
|
||||
uint8_t kdf_input[NTOR_KEY_EXPANSION_KDF_INPUT_LEN];
|
||||
uint8_t keys[NTOR_KEY_EXPANSION_KDF_OUTPUT_LEN];
|
||||
crypto_xof_t *xof;
|
||||
hs_ntor_rend_circuit_keys_t *rend_circuit_keys = NULL;
|
||||
|
||||
/* Let's build the input to the KDF */
|
||||
ptr = kdf_input;
|
||||
APPEND(ptr, hs_ntor_rend_cell_keys->ntor_key_seed, DIGEST256_LEN);
|
||||
APPEND(ptr, ntor_key_seed, DIGEST256_LEN);
|
||||
APPEND(ptr, M_HSEXPAND, strlen(M_HSEXPAND));
|
||||
tor_assert(ptr == kdf_input + sizeof(kdf_input));
|
||||
|
||||
/* Generate the keys */
|
||||
xof = crypto_xof_new();
|
||||
crypto_xof_add_bytes(xof, kdf_input, sizeof(kdf_input));
|
||||
crypto_xof_squeeze_bytes(xof, keys, sizeof(keys));
|
||||
crypto_xof_squeeze_bytes(xof, keys_out, HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN);
|
||||
crypto_xof_free(xof);
|
||||
|
||||
/* Generate keys structure and assign keys to it */
|
||||
rend_circuit_keys = tor_malloc_zero(sizeof(hs_ntor_rend_circuit_keys_t));
|
||||
ptr = keys;
|
||||
memcpy(rend_circuit_keys->KH, ptr, DIGEST256_LEN);
|
||||
ptr += DIGEST256_LEN;;
|
||||
memcpy(rend_circuit_keys->Df, ptr, DIGEST256_LEN);
|
||||
ptr += DIGEST256_LEN;
|
||||
memcpy(rend_circuit_keys->Db, ptr, DIGEST256_LEN);
|
||||
ptr += DIGEST256_LEN;
|
||||
memcpy(rend_circuit_keys->Kf, ptr, CIPHER256_KEY_LEN);
|
||||
ptr += CIPHER256_KEY_LEN;
|
||||
memcpy(rend_circuit_keys->Kb, ptr, CIPHER256_KEY_LEN);
|
||||
ptr += CIPHER256_KEY_LEN;
|
||||
tor_assert(ptr == keys + sizeof(keys));
|
||||
|
||||
return rend_circuit_keys;
|
||||
}
|
||||
|
||||
|
@ -6,6 +6,10 @@
|
||||
|
||||
#include "or.h"
|
||||
|
||||
/* Output length of KDF for key expansion */
|
||||
#define HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN \
|
||||
(DIGEST256_LEN*2 + CIPHER256_KEY_LEN*2)
|
||||
|
||||
/* Key material needed to encode/decode INTRODUCE1 cells */
|
||||
typedef struct {
|
||||
/* Key used for encryption of encrypted INTRODUCE1 blob */
|
||||
@ -23,21 +27,6 @@ typedef struct {
|
||||
uint8_t ntor_key_seed[DIGEST256_LEN];
|
||||
} hs_ntor_rend_cell_keys_t;
|
||||
|
||||
/* Key material resulting from key expansion as detailed in section "4.2.1. Key
|
||||
* expansion" of rend-spec-ng.txt. */
|
||||
typedef struct {
|
||||
/* Per-circuit key material used in ESTABLISH_INTRO cell */
|
||||
uint8_t KH[DIGEST256_LEN];
|
||||
/* Authentication key for outgoing RELAY cells */
|
||||
uint8_t Df[DIGEST256_LEN];
|
||||
/* Authentication key for incoming RELAY cells */
|
||||
uint8_t Db[DIGEST256_LEN];
|
||||
/* Encryption key for outgoing RELAY cells */
|
||||
uint8_t Kf[CIPHER256_KEY_LEN];
|
||||
/* Decryption key for incoming RELAY cells */
|
||||
uint8_t Kb[CIPHER256_KEY_LEN];
|
||||
} hs_ntor_rend_circuit_keys_t;
|
||||
|
||||
int hs_ntor_client_get_introduce1_keys(
|
||||
const ed25519_public_key_t *intro_auth_pubkey,
|
||||
const curve25519_public_key_t *intro_enc_pubkey,
|
||||
@ -66,8 +55,8 @@ int hs_ntor_service_get_rendezvous1_keys(
|
||||
const curve25519_public_key_t *client_ephemeral_enc_pubkey,
|
||||
hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
|
||||
|
||||
hs_ntor_rend_circuit_keys_t *hs_ntor_circuit_key_expansion(
|
||||
const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys);
|
||||
void hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed,
|
||||
uint8_t *keys_out);
|
||||
|
||||
int hs_ntor_client_rendezvous2_mac_is_good(
|
||||
const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys,
|
||||
|
Loading…
Reference in New Issue
Block a user