From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 13 Sep 2011 17:46:21 +0000 (-0400)
Subject: Function to extract the TLSSECRETS field for v3 handshakes
X-Git-Tag: tor-0.2.3.6-alpha~30^2~30
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c39688de6c5d4bf19739ecffb2e98aa560a4630a;p=thirdparty%2Ftor.git

Function to extract the TLSSECRETS field for v3 handshakes
---

diff --git a/src/common/tortls.c b/src/common/tortls.c
index b7119675e5..2b12eea8dc 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1985,6 +1985,36 @@ tor_tls_server_got_renegotiate(tor_tls_t *tls)
   return tls->got_renegotiate;
 }
 
+/** Set the DIGEST256_LEN buffer at <b>secrets_out</b> to the value used in
+ * the v3 handshake to prove that the client knows the TLS secrets for the
+ * connection <b>tls</b>.  Return 0 on success, -1 on failure.
+ */
+int
+tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
+{
+#define TLSSECRET_MAGIC "Tor V3 handshake TLS cross-certification"
+  char buf[128];
+  size_t len;
+  tor_assert(tls);
+  tor_assert(tls->ssl);
+  tor_assert(tls->ssl->s3);
+  tor_assert(tls->ssl->session);
+  /*
+    The value is an HMAC, using the TLS master key as the HMAC key, of
+    client_random | server_random | TLSSECRET_MAGIC
+  */
+  memcpy(buf +  0, tls->ssl->s3->client_random, 32);
+  memcpy(buf + 32, tls->ssl->s3->server_random, 32);
+  memcpy(buf + 64, TLSSECRET_MAGIC, strlen(TLSSECRET_MAGIC) + 1);
+  len = 64 + strlen(TLSSECRET_MAGIC) + 1;
+  crypto_hmac_sha256((char*)secrets_out,
+                     (char*)tls->ssl->session->master_key,
+                     tls->ssl->session->master_key_length,
+                     buf, len);
+  memset(buf, 0, sizeof(buf));
+  return 0;
+}
+
 /** Examine the amount of memory used and available for buffers in <b>tls</b>.
  * Set *<b>rbuf_capacity</b> to the amount of storage allocated for the read
  * buffer and *<b>rbuf_bytes</b> to the amount actually used.
diff --git a/src/common/tortls.h b/src/common/tortls.h
index c55da4afd2..a6aed29852 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -90,6 +90,7 @@ void tor_tls_get_buffer_sizes(tor_tls_t *tls,
 int tor_tls_used_v1_handshake(tor_tls_t *tls);
 int tor_tls_get_num_server_handshakes(tor_tls_t *tls);
 int tor_tls_server_got_renegotiate(tor_tls_t *tls);
+int tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out);
 
 /* Log and abort if there are unhandled TLS errors in OpenSSL's error stack.
  */