mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-25 07:07:52 +01:00
Code Issues Projects Releases Wiki Activity

HSv3: Add subcredential in client auth KDF on the service-side.

Browse source 
Also update some client auth test vectors that broke...
This commit is contained in:
George Kadianakis 2018-09-06 16:07:27 +03:00 committed by David Goulet
parent c76d00abfa
commit 1e9428dc61
3 changed files with 32 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/feature/hs/hs_descriptor.c
View file

@ -2851,11 +2851,12 @@ hs_desc_build_fake_authorized_client(void)
return client_auth; return client_auth;
} }
/* Using the client public key, auth ephemeral secret key, and descriptor /* Using the service's subcredential, client public key, auth ephemeral secret
* cookie, build the auth client so we can then encode the descriptor for * key, and descriptor cookie, build the auth client so we can then encode the
* publication. client_out must be already allocated. */ * descriptor for publication. client_out must be already allocated. */
void void
hs_desc_build_authorized_client(const curve25519_public_key_t *client_auth_pk, hs_desc_build_authorized_client(const uint8_t *subcredential,
const curve25519_public_key_t *client_auth_pk,
const curve25519_secret_key_t * const curve25519_secret_key_t *
auth_ephemeral_sk, auth_ephemeral_sk,
const uint8_t *descriptor_cookie, const uint8_t *descriptor_cookie,
@ -2871,20 +2872,24 @@ hs_desc_build_authorized_client(const curve25519_public_key_t *client_auth_pk,
tor_assert(auth_ephemeral_sk); tor_assert(auth_ephemeral_sk);
tor_assert(descriptor_cookie); tor_assert(descriptor_cookie);
tor_assert(client_out); tor_assert(client_out);
tor_assert(subcredential);
tor_assert(!tor_mem_is_zero((char *) auth_ephemeral_sk, tor_assert(!tor_mem_is_zero((char *) auth_ephemeral_sk,
sizeof(*auth_ephemeral_sk))); sizeof(*auth_ephemeral_sk)));
tor_assert(!tor_mem_is_zero((char *) client_auth_pk, tor_assert(!tor_mem_is_zero((char *) client_auth_pk,
sizeof(*client_auth_pk))); sizeof(*client_auth_pk)));
tor_assert(!tor_mem_is_zero((char *) descriptor_cookie, tor_assert(!tor_mem_is_zero((char *) descriptor_cookie,
HS_DESC_DESCRIPTOR_COOKIE_LEN)); HS_DESC_DESCRIPTOR_COOKIE_LEN));
tor_assert(!tor_mem_is_zero((char *) subcredential,
DIGEST256_LEN));
/* Calculate x25519(hs_y, client_X) */ /* Calculate x25519(hs_y, client_X) */
curve25519_handshake(secret_seed, curve25519_handshake(secret_seed,
auth_ephemeral_sk, auth_ephemeral_sk,
client_auth_pk); client_auth_pk);
/* Calculate KEYS = KDF(SECRET_SEED, 40) */ /* Calculate KEYS = KDF(subcredential | SECRET_SEED, 40) */
xof = crypto_xof_new(); xof = crypto_xof_new();
crypto_xof_add_bytes(xof, subcredential, DIGEST256_LEN);
crypto_xof_add_bytes(xof, secret_seed, sizeof(secret_seed)); crypto_xof_add_bytes(xof, secret_seed, sizeof(secret_seed));
crypto_xof_squeeze_bytes(xof, keystream, sizeof(keystream)); crypto_xof_squeeze_bytes(xof, keystream, sizeof(keystream));
crypto_xof_free(xof); crypto_xof_free(xof);

11
src/feature/hs/hs_service.c
View file

@ -1744,10 +1744,18 @@ build_service_desc_superencrypted(const hs_service_t *service,
/* The ephemeral key pair is already generated, so this should not give /* The ephemeral key pair is already generated, so this should not give
* an error. */ * an error. */
if (BUG(!curve25519_public_key_is_ok(&desc->auth_ephemeral_kp.pubkey))) {
return -1;
}
memcpy(&superencrypted->auth_ephemeral_pubkey, memcpy(&superencrypted->auth_ephemeral_pubkey,
&desc->auth_ephemeral_kp.pubkey, &desc->auth_ephemeral_kp.pubkey,
sizeof(curve25519_public_key_t)); sizeof(curve25519_public_key_t));
/* Test that subcred is not zero because we might use it below */
if (BUG(tor_mem_is_zero((char*)desc->desc->subcredential, DIGEST256_LEN))) {
return -1;
}
/* Create a smartlist to store clients */ /* Create a smartlist to store clients */
superencrypted->clients = smartlist_new(); superencrypted->clients = smartlist_new();
@ -1761,7 +1769,8 @@ build_service_desc_superencrypted(const hs_service_t *service,
/* Prepare the client for descriptor and then add to the list in the /* Prepare the client for descriptor and then add to the list in the
* superencrypted part of the descriptor */ * superencrypted part of the descriptor */
hs_desc_build_authorized_client(&client->client_pk, hs_desc_build_authorized_client(desc->desc->subcredential,
&client->client_pk,
&desc->auth_ephemeral_kp.seckey, &desc->auth_ephemeral_kp.seckey,
desc->descriptor_cookie, desc_client); desc->descriptor_cookie, desc_client);
smartlist_add(superencrypted->clients, desc_client); smartlist_add(superencrypted->clients, desc_client);

18
src/test/test_hs_descriptor.c
View file

@ -400,12 +400,16 @@ test_decode_descriptor(void *arg)
memcpy(&desc->superencrypted_data.auth_ephemeral_pubkey, memcpy(&desc->superencrypted_data.auth_ephemeral_pubkey,
&auth_ephemeral_kp.pubkey, CURVE25519_PUBKEY_LEN); &auth_ephemeral_kp.pubkey, CURVE25519_PUBKEY_LEN);
hs_helper_get_subcred_from_identity_keypair(&signing_kp,
subcredential);
/* Build and add the auth client to the descriptor. */ /* Build and add the auth client to the descriptor. */
clients = desc->superencrypted_data.clients; clients = desc->superencrypted_data.clients;
if (!clients) { if (!clients) {
clients = smartlist_new(); clients = smartlist_new();
} }
hs_desc_build_authorized_client(&client_kp.pubkey, hs_desc_build_authorized_client(subcredential,
&client_kp.pubkey,
&auth_ephemeral_kp.seckey, &auth_ephemeral_kp.seckey,
descriptor_cookie, client); descriptor_cookie, client);
smartlist_add(clients, client); smartlist_add(clients, client);
@ -418,8 +422,6 @@ test_decode_descriptor(void *arg)
desc->superencrypted_data.clients = clients; desc->superencrypted_data.clients = clients;
/* Test the encoding/decoding in the following lines. */ /* Test the encoding/decoding in the following lines. */
hs_helper_get_subcred_from_identity_keypair(&signing_kp,
subcredential);
tor_free(encoded); tor_free(encoded);
ret = hs_desc_encode_descriptor(desc, &signing_kp, ret = hs_desc_encode_descriptor(desc, &signing_kp,
descriptor_cookie, &encoded); descriptor_cookie, &encoded);
@ -874,6 +876,7 @@ test_build_authorized_client(void *arg)
"07d087f1d8c68393721f6e70316d3b29"; "07d087f1d8c68393721f6e70316d3b29";
const char client_pubkey_b16[] = const char client_pubkey_b16[] =
"8c1298fa6050e372f8598f6deca32e27b0ad457741422c2629ebb132cf7fae37"; "8c1298fa6050e372f8598f6deca32e27b0ad457741422c2629ebb132cf7fae37";
uint8_t subcredential[DIGEST256_LEN];
char *mem_op_hex_tmp=NULL; char *mem_op_hex_tmp=NULL;
(void) arg; (void) arg;
@ -885,6 +888,8 @@ test_build_authorized_client(void *arg)
tt_int_op(ret, OP_EQ, 0); tt_int_op(ret, OP_EQ, 0);
curve25519_public_key_generate(&client_auth_pk, &client_auth_sk); curve25519_public_key_generate(&client_auth_pk, &client_auth_sk);
memset(subcredential, 42, sizeof(subcredential));
desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t)); desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));
base16_decode((char *) &auth_ephemeral_sk, base16_decode((char *) &auth_ephemeral_sk,
@ -904,15 +909,16 @@ test_build_authorized_client(void *arg)
MOCK(crypto_strongest_rand, mock_crypto_strongest_rand); MOCK(crypto_strongest_rand, mock_crypto_strongest_rand);
hs_desc_build_authorized_client(&client_auth_pk, &auth_ephemeral_sk, hs_desc_build_authorized_client(subcredential,
&client_auth_pk, &auth_ephemeral_sk,
descriptor_cookie, desc_client); descriptor_cookie, desc_client);
test_memeq_hex((char *) desc_client->client_id, test_memeq_hex((char *) desc_client->client_id,
"b514ef67192cad5f"); "EC19B7FF4D2DDA13");
test_memeq_hex((char *) desc_client->iv, test_memeq_hex((char *) desc_client->iv,
"01010101010101010101010101010101"); "01010101010101010101010101010101");
test_memeq_hex((char *) desc_client->encrypted_cookie, test_memeq_hex((char *) desc_client->encrypted_cookie,
"46860a9df37b9f6d708E0D7E730C10C1"); "B21222BE13F385F355BD07B2381F9F29");
done: done:
tor_free(desc_client); tor_free(desc_client);