if (! expected_cell)
ERR("Couldn't compute expected AUTHENTICATE cell body");
- int sig_is_rsa;
- if (authtype == AUTHTYPE_RSA_SHA256_TLSSECRET ||
- authtype == AUTHTYPE_RSA_SHA256_RFC5705) {
- bodylen = V3_AUTH_BODY_LEN;
- sig_is_rsa = 1;
+ if (BUG(authtype != AUTHTYPE_ED25519_SHA256_RFC5705)) {
+ /* We should have detected that we don't support this
+ * authentication type earlier, when we called
+ * authchallenge_type_is_supported(). */
+ ERR("Unsupported authentication type");
} else {
- tor_assert(authtype == AUTHTYPE_ED25519_SHA256_RFC5705);
/* Our earlier check had better have made sure we had room
* for an ed25519 sig (inadvertently) */
tor_assert(V3_AUTH_BODY_LEN > ED25519_SIG_LEN);
bodylen = authlen - ED25519_SIG_LEN;
- sig_is_rsa = 0;
}
if (expected_cell->payload_len != bodylen+4) {
ERR("Expected AUTHENTICATE cell body len not as expected.");
if (tor_memneq(expected_cell->payload+4, auth, bodylen-24))
ERR("Some field in the AUTHENTICATE cell body was not as expected");
- if (sig_is_rsa) {
- if (chan->conn->handshake_state->certs->ed_id_sign != NULL)
- ERR("RSA-signed AUTHENTICATE response provided with an ED25519 cert");
-
- if (chan->conn->handshake_state->certs->auth_cert == NULL)
- ERR("We never got an RSA authentication certificate");
-
- crypto_pk_t *pk = tor_tls_cert_get_key(
- chan->conn->handshake_state->certs->auth_cert);
- char d[DIGEST256_LEN];
- char *signed_data;
- size_t keysize;
- int signed_len;
-
- if (! pk) {
- ERR("Couldn't get RSA key from AUTH cert.");
- }
- crypto_digest256(d, (char*)auth, V3_AUTH_BODY_LEN, DIGEST_SHA256);
-
- keysize = crypto_pk_keysize(pk);
- signed_data = tor_malloc(keysize);
- signed_len = crypto_pk_public_checksig(pk, signed_data, keysize,
- (char*)auth + V3_AUTH_BODY_LEN,
- authlen - V3_AUTH_BODY_LEN);
- crypto_pk_free(pk);
- if (signed_len < 0) {
- tor_free(signed_data);
- ERR("RSA signature wasn't valid");
- }
- if (signed_len < DIGEST256_LEN) {
- tor_free(signed_data);
- ERR("Not enough data was signed");
- }
- /* Note that we deliberately allow *more* than DIGEST256_LEN bytes here,
- * in case they're later used to hold a SHA3 digest or something. */
- if (tor_memneq(signed_data, d, DIGEST256_LEN)) {
- tor_free(signed_data);
- ERR("Signature did not match data to be signed.");
- }
- tor_free(signed_data);
- } else {
+ {
if (chan->conn->handshake_state->certs->ed_id_sign == NULL)
ERR("We never got an Ed25519 identity certificate.");
if (chan->conn->handshake_state->certs->ed_sign_auth == NULL)
const common_digests_t *id_digests = tor_x509_cert_get_id_digests(id_cert);
const ed25519_public_key_t *ed_identity_received = NULL;
- if (! sig_is_rsa) {
+ {
chan->conn->handshake_state->authenticated_ed25519 = 1;
ed_identity_received =
&chan->conn->handshake_state->certs->ed_id_sign->signing_key;
tor_assert(sizeof(ac->challenge) == 32);
crypto_rand((char*)ac->challenge, sizeof(ac->challenge));
- if (authchallenge_type_is_supported(AUTHTYPE_RSA_SHA256_TLSSECRET))
- auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_TLSSECRET);
- /* Disabled, because everything that supports this method also supports
- * the much-superior ED25519_SHA256_RFC5705 */
- /* auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_RFC5705); */
if (authchallenge_type_is_supported(AUTHTYPE_ED25519_SHA256_RFC5705))
auth_challenge_cell_add_methods(ac, AUTHTYPE_ED25519_SHA256_RFC5705);
auth_challenge_cell_set_n_methods(ac,
auth1_t *auth = NULL;
auth_ctx_t *ctx = auth_ctx_new();
var_cell_t *result = NULL;
- int old_tlssecrets_algorithm = 0;
const char *authtype_str = NULL;
- int is_ed = 0;
+ (void) signing_key; // XXXX remove.
/* assert state is reasonable XXXX */
switch (authtype) {
case AUTHTYPE_RSA_SHA256_TLSSECRET:
- authtype_str = "AUTH0001";
- old_tlssecrets_algorithm = 1;
- break;
case AUTHTYPE_RSA_SHA256_RFC5705:
- authtype_str = "AUTH0002";
+ /* These are unsupported; we should never reach this point. */
+ tor_assert_nonfatal_unreached_once();
+ return NULL;
break;
case AUTHTYPE_ED25519_SHA256_RFC5705:
authtype_str = "AUTH0003";
- is_ed = 1;
break;
default:
tor_assert(0);
}
auth = auth1_new();
- ctx->is_ed = is_ed;
+ ctx->is_ed = 1;
/* Type: 8 bytes. */
memcpy(auth1_getarray_type(auth), authtype_str, 8);
memcpy(auth->sid, server_id, 32);
}
- if (is_ed) {
+ {
const ed25519_public_key_t *my_ed_id, *their_ed_id;
if (!conn->handshake_state->certs->ed_id_sign) {
log_warn(LD_OR, "Ed authenticate without Ed ID cert from peer.");
tor_x509_cert_free(cert);
}
- /* HMAC of clientrandom and serverrandom using master key : 32 octets */
- if (old_tlssecrets_algorithm) {
- log_fn(LOG_PROTOCOL_WARN, LD_OR, "Somebody asked us for an obsolete TLS "
- "authentication method (AUTHTYPE_RSA_SHA256_TLSSECRET) "
- "which we don't support.");
- goto err;
- } else {
+ /* RFC5709 key exporter material : 32 octets */
+ {
char label[128];
tor_snprintf(label, sizeof(label),
"EXPORTER FOR TOR TLS CLIENT BINDING %s", authtype_str);
crypto_rand((char*)auth->rand, 24);
ssize_t maxlen = auth1_encoded_len(auth, ctx);
- if (ed_signing_key && is_ed) {
+ if (ed_signing_key) {
maxlen += ED25519_SIG_LEN;
- } else if (signing_key && !is_ed) {
- maxlen += crypto_pk_keysize(signing_key);
}
const int AUTH_CELL_HEADER_LEN = 4; /* 2 bytes of type, 2 bytes of length */
goto done;
}
- if (ed_signing_key && is_ed) {
+ if (ed_signing_key) {
ed25519_signature_t sig;
if (ed25519_sign(&sig, out, len, ed_signing_key) < 0) {
/* LCOV_EXCL_START */
}
auth1_setlen_sig(auth, ED25519_SIG_LEN);
memcpy(auth1_getarray_sig(auth), sig.sig, ED25519_SIG_LEN);
-
- } else if (signing_key && !is_ed) {
- auth1_setlen_sig(auth, crypto_pk_keysize(signing_key));
-
- char d[32];
- crypto_digest256(d, (char*)out, len, DIGEST_SHA256);
- int siglen = crypto_pk_private_sign(signing_key,
- (char*)auth1_getarray_sig(auth),
- auth1_getlen_sig(auth),
- d, 32);
- if (siglen < 0) {
- log_warn(LD_OR, "Unable to sign AUTH1 data.");
- goto err;
- }
-
- auth1_setlen_sig(auth, siglen);
}
len = auth1_encode(out, outlen, auth, ctx);
projects / thirdparty / tor.git / commitdiff
