[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r12381: Code to remember client_random and server_random values, and (in tor/trunk: . src/common src/or)



Author: nickm
Date: 2007-11-05 13:15:47 -0500 (Mon, 05 Nov 2007)
New Revision: 12381

Modified:
   tor/trunk/
   tor/trunk/src/common/tortls.c
   tor/trunk/src/common/tortls.h
   tor/trunk/src/or/connection_or.c
   tor/trunk/src/or/or.h
Log:
 r16410@catbus:  nickm | 2007-11-05 10:54:29 -0500
 Code to remember client_random and server_random values, and to compute hmac using TLS master secret.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r16410] on 8246c3cf-6607-4228-993b-4d95d33730f1

Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c	2007-11-05 18:15:44 UTC (rev 12380)
+++ tor/trunk/src/common/tortls.c	2007-11-05 18:15:47 UTC (rev 12381)
@@ -20,6 +20,7 @@
 
 #include <assert.h>
 #include <openssl/ssl.h>
+#include <openssl/ssl3.h>
 #include <openssl/err.h>
 #include <openssl/tls1.h>
 #include <openssl/asn1.h>
@@ -896,3 +897,39 @@
   return 1;
 }
 
+#if SSL3_RANDOM_SIZE != TOR_TLS_RANDOM_LEN
+#error "The TOR_TLS_RANDOM_LEN macro is defined incorrectly.  That's a bug."
+#endif
+
+/** DOCDOC */
+int
+tor_tls_get_random_values(tor_tls_t *tls, char *client_random_out,
+                          char *server_random_out)
+{
+  tor_assert(tls && tls->ssl);
+  if (!tls->ssl->s3)
+    return -1;
+  memcpy(client_random_out, tls->ssl->s3->client_random, SSL3_RANDOM_SIZE);
+  memcpy(server_random_out, tls->ssl->s3->server_random, SSL3_RANDOM_SIZE);
+  return 0;
+}
+
+/** DOCDOC */
+int
+tor_tls_hmac_with_master_secret(tor_tls_t *tls, char *hmac_out,
+                                const char *data, size_t data_len)
+{
+  SSL_SESSION *s;
+  tor_assert(tls && tls->ssl);
+  if (!(s = SSL_get_session(tls->ssl)))
+    return -1;
+  if (s->master_key_length < 0)
+    return -1;
+  crypto_hmac_sha1(hmac_out,
+                   (const char*)s->master_key,
+                   (size_t)s->master_key_length,
+                   data, data_len);
+  return 0;
+}
+
+

Modified: tor/trunk/src/common/tortls.h
===================================================================
--- tor/trunk/src/common/tortls.h	2007-11-05 18:15:44 UTC (rev 12380)
+++ tor/trunk/src/common/tortls.h	2007-11-05 18:15:47 UTC (rev 12381)
@@ -41,6 +41,9 @@
   case TOR_TLS_ERROR_NO_ROUTE:                  \
   case TOR_TLS_ERROR_TIMEOUT
 
+/**DOCDOC*/
+#define TOR_TLS_RANDOM_LEN 32
+
 #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
 
 void tor_tls_free_all(void);
@@ -65,6 +68,10 @@
                              size_t *n_read, size_t *n_written);
 
 int tor_tls_used_v1_handshake(tor_tls_t *tls);
+int tor_tls_get_random_values(tor_tls_t *tls, char *client_random_out,
+                              char *server_random_out);
+int tor_tls_hmac_with_master_secret(tor_tls_t *tls, char *hmac_out,
+                                    const char *data, size_t data_len);
 
 /* Log and abort if there are unhandled TLS errors in OpenSSL's error stack.
  */

Modified: tor/trunk/src/or/connection_or.c
===================================================================
--- tor/trunk/src/or/connection_or.c	2007-11-05 18:15:44 UTC (rev 12380)
+++ tor/trunk/src/or/connection_or.c	2007-11-05 18:15:47 UTC (rev 12381)
@@ -728,7 +728,7 @@
   if (connection_or_check_valid_handshake(conn, started_here, digest_rcvd) < 0)
     return -1;
 
-  if (!started_here) {
+  if (!started_here) { /* V1 only XXX020 */
     connection_or_init_conn_from_address(conn,conn->_base.addr,
                                          conn->_base.port, digest_rcvd, 0);
   }
@@ -741,10 +741,16 @@
   } else {
     conn->_base.state = OR_CONN_STATE_OR_HANDSHAKING;
     conn->handshake_state = tor_malloc_zero(sizeof(or_handshake_state_t));
+    conn->handshake_state->started_here = started_here ? 1 : 0;
+    if (tor_tls_get_random_values(conn->tls,
+                                  conn->handshake_state->client_random,
+                                  conn->handshake_state->server_random) < 0)
+      return -1;
     return connection_or_send_versions(conn);
   }
 }
 
+
 /** DOCDOC */
 void
 or_handshake_state_free(or_handshake_state_t *state)
@@ -752,6 +758,7 @@
   tor_assert(state);
   if (state->signing_key)
     crypto_free_pk_env(state->signing_key);
+  memset(state, 0xBE, sizeof(or_handshake_state_t));
   tor_free(state);
 }
 

Modified: tor/trunk/src/or/or.h
===================================================================
--- tor/trunk/src/or/or.h	2007-11-05 18:15:44 UTC (rev 12380)
+++ tor/trunk/src/or/or.h	2007-11-05 18:15:47 UTC (rev 12381)
@@ -861,6 +861,7 @@
 /** DOCDOC */
 typedef struct or_handshake_state_t {
   time_t sent_versions_at;
+  unsigned int started_here : 1;
   unsigned int received_versions : 1;
   unsigned int received_netinfo : 1;
   unsigned int received_certs : 1;
@@ -878,7 +879,6 @@
   /* from certs */
   char cert_id_digest[DIGEST_LEN];
   crypto_pk_env_t *signing_key;
-
 } or_handshake_state_t;
 
 /** Subtype of connection_t for an "OR connection" -- that is, one that speaks