mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-26 07:31:33 +01:00
Code Issues Projects Releases Wiki Activity

Define a variant of hs_ntor that takes multiple subcredentials.

Browse source
This commit is contained in:
Nick Mathewson 2020-01-16 18:40:50 -05:00
parent bd0efb2702
commit 46e6a4819a
2 changed files with 39 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
src/core/crypto/hs_ntor.c
View file

@ -452,6 +452,28 @@ hs_ntor_service_get_introduce1_keys(
const curve25519_public_key_t *client_ephemeral_enc_pubkey, const curve25519_public_key_t *client_ephemeral_enc_pubkey,
const hs_subcredential_t *subcredential, const hs_subcredential_t *subcredential,
hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out) hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out)
{
return hs_ntor_service_get_introduce1_keys_multi(
intro_auth_pubkey,
intro_enc_keypair,
client_ephemeral_enc_pubkey,
1,
subcredential,
hs_ntor_intro_cell_keys_out);
}
/**
* As hs_ntor_service_get_introduce1_keys(), but take multiple subcredentials
* as input, and yield multiple sets of keys as output.
**/
int
hs_ntor_service_get_introduce1_keys_multi(
const struct ed25519_public_key_t *intro_auth_pubkey,
const struct curve25519_keypair_t *intro_enc_keypair,
const struct curve25519_public_key_t *client_ephemeral_enc_pubkey,
int n_subcredentials,
const hs_subcredential_t *subcredentials,
hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out)
{ {
int bad = 0; int bad = 0;
uint8_t secret_input[INTRO_SECRET_HS_INPUT_LEN]; uint8_t secret_input[INTRO_SECRET_HS_INPUT_LEN];
@ -460,7 +482,8 @@ hs_ntor_service_get_introduce1_keys(
tor_assert(intro_auth_pubkey); tor_assert(intro_auth_pubkey);
tor_assert(intro_enc_keypair); tor_assert(intro_enc_keypair);
tor_assert(client_ephemeral_enc_pubkey); tor_assert(client_ephemeral_enc_pubkey);
tor_assert(subcredential); tor_assert(n_subcredentials >= 1);
tor_assert(subcredentials);
tor_assert(hs_ntor_intro_cell_keys_out); tor_assert(hs_ntor_intro_cell_keys_out);
/* Compute EXP(X, b) */ /* Compute EXP(X, b) */
@ -476,13 +499,16 @@ hs_ntor_service_get_introduce1_keys(
secret_input); secret_input);
bad |= safe_mem_is_zero(secret_input, CURVE25519_OUTPUT_LEN); bad |= safe_mem_is_zero(secret_input, CURVE25519_OUTPUT_LEN);
for (int i = 0; i < n_subcredentials; ++i) {
/* Get ENC_KEY and MAC_KEY! */ /* Get ENC_KEY and MAC_KEY! */
get_introduce1_key_material(secret_input, subcredential, get_introduce1_key_material(secret_input, &subcredentials[i],
hs_ntor_intro_cell_keys_out); &hs_ntor_intro_cell_keys_out[i]);
}
memwipe(secret_input, 0, sizeof(secret_input)); memwipe(secret_input, 0, sizeof(secret_input));
if (bad) { if (bad) {
memwipe(hs_ntor_intro_cell_keys_out, 0, sizeof(hs_ntor_intro_cell_keys_t)); memwipe(hs_ntor_intro_cell_keys_out, 0,
sizeof(hs_ntor_intro_cell_keys_t) * n_subcredentials);
} }
return bad ? -1 : 0; return bad ? -1 : 0;

8
src/core/crypto/hs_ntor.h
View file

@ -58,6 +58,14 @@ int hs_ntor_client_get_rendezvous1_keys(
const struct curve25519_public_key_t *service_ephemeral_rend_pubkey, const struct curve25519_public_key_t *service_ephemeral_rend_pubkey,
hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out); hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
int hs_ntor_service_get_introduce1_keys_multi(
const struct ed25519_public_key_t *intro_auth_pubkey,
const struct curve25519_keypair_t *intro_enc_keypair,
const struct curve25519_public_key_t *client_ephemeral_enc_pubkey,
int n_subcredentials,
const hs_subcredential_t *subcredentials,
hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out);
int hs_ntor_service_get_introduce1_keys( int hs_ntor_service_get_introduce1_keys(
const struct ed25519_public_key_t *intro_auth_pubkey, const struct ed25519_public_key_t *intro_auth_pubkey,
const struct curve25519_keypair_t *intro_enc_keypair, const struct curve25519_keypair_t *intro_enc_keypair,