tor-commits October 2011

tor-commits@lists.torproject.org

18 participants
1256 discussions

[tor/master] New functions to record digests of cells during v3 handshake
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit 3f22ec179c6f90b9c2af9483e2c8000132d2f33e Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Sep 16 18:32:11 2011 -0400 New functions to record digests of cells during v3 handshake Also, free all of the new fields in or_handshake_state_t --- src/or/connection_or.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ src/or/connection_or.h | 7 +++++ 2 files changed, 71 insertions(+), 0 deletions(-) diff --git a/src/or/connection_or.c b/src/or/… [View More]connection_or.c index 93b0b3a..4caa3d3 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1504,10 +1504,74 @@ or_handshake_state_free(or_handshake_state_t *state) { if (!state) return; + crypto_free_digest_env(state->digest_sent); + crypto_free_digest_env(state->digest_received); + tor_cert_free(state->auth_cert); + tor_cert_free(state->id_cert); memset(state, 0xBE, sizeof(or_handshake_state_t)); tor_free(state); } +/** + * Remember that cell has been transmitted (if incoming is + * false) or received (if incoming is true) during a V3 handshake using + * state. + * + * (We don't record the cell, but we keep a digest of everything sent or + * received during the v3 handshake, and the client signs it in an + * authenticate cell.) + */ +void +or_handshake_state_record_cell(or_handshake_state_t *state, + const cell_t *cell, + int incoming) +{ + crypto_digest_env_t *d, **dptr; + packed_cell_t packed; + if (!incoming) { + log_warn(LD_BUG, "We shouldn't be sending any non-variable-length cells " + "whilemaking a handshake digest. But we think we are."); + } + dptr = incoming ? &state->digest_received : &state->digest_sent; + if (! *dptr) + *dptr = crypto_new_digest256_env(DIGEST_SHA256); + + d = *dptr; + /* Re-packing like this is a little inefficient, but we don't have to do + this very often at all. */ + cell_pack(&packed, cell); + crypto_digest_add_bytes(d, packed.body, sizeof(packed.body)); + memset(&packed, 0, sizeof(packed)); +} + +/** Remember that a variable-length cell has been transmitted (if + * incoming is false) or received (if incoming is true) during a V3 + * handshake using state. + * + * (We don't record the cell, but we keep a digest of everything sent or + * received during the v3 handshake, and the client signs it in an + * authenticate cell.) + */ +void +or_handshake_state_record_var_cell(or_handshake_state_t *state, + const var_cell_t *cell, + int incoming) +{ + crypto_digest_env_t *d, **dptr; + char buf[VAR_CELL_HEADER_SIZE]; + dptr = incoming ? &state->digest_received : &state->digest_sent; + if (! *dptr) + *dptr = crypto_new_digest256_env(DIGEST_SHA256); + + d = *dptr; + + var_cell_pack_header(cell, buf); + crypto_digest_add_bytes(d, buf, sizeof(buf)); + crypto_digest_add_bytes(d, (const char *)cell->payload, cell->payload_len); + + memset(buf, 0, sizeof(buf)); +} + /** Set conn's state to OR_CONN_STATE_OPEN, and tell other subsystems * as appropriate. Called when we are done with all TLS and OR handshaking. */ diff --git a/src/or/connection_or.h b/src/or/connection_or.h index ba441c4..a4d3be0 100644 --- a/src/or/connection_or.h +++ b/src/or/connection_or.h @@ -42,6 +42,13 @@ int connection_tls_start_handshake(or_connection_t *conn, int receiving); int connection_tls_continue_handshake(or_connection_t *conn); void or_handshake_state_free(or_handshake_state_t *state); +void or_handshake_state_record_cell(or_handshake_state_t *state, + const cell_t *cell, + int incoming); +void or_handshake_state_record_var_cell(or_handshake_state_t *state, + const var_cell_t *cell, + int incoming); + int connection_or_set_state_open(or_connection_t *conn); void connection_or_write_cell_to_buf(const cell_t *cell, or_connection_t *conn); [View Less]

1 0

[tor/master] Function to return peer cert as tor_tls_cert
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit e48e47fa03fa09d89527c1bbfaee4c9d7d3eee6e Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Sep 22 11:01:14 2011 -0400 Function to return peer cert as tor_tls_cert --- src/common/tortls.c | 12 ++++++++++++ src/common/tortls.h | 1 + 2 files changed, 13 insertions(+), 0 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index e275307..aa90f18 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1856,6 +1856,18 @@ tor_tls_peer_has_cert(… [View More]

1 0

[tor/master] Function to extract the TLSSECRETS field for v3 handshakes
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit c39688de6c5d4bf19739ecffb2e98aa560a4630a Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Sep 13 13:46:21 2011 -0400 Function to extract the TLSSECRETS field for v3 handshakes --- src/common/tortls.c | 30 ++++++++++++++++++++++++++++++ src/common/tortls.h | 1 + 2 files changed, 31 insertions(+), 0 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index b711967..2b12eea 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1985,6 +… [View More]

1 0

[tor/master] Add AUTH keys as specified in proposal 176
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit a6fc5059cdb3263c0053ac76c39bef43a61269cc Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Sep 16 11:21:30 2011 -0400 Add AUTH keys as specified in proposal 176 Our keys and x.509 certs are proliferating here. Previously we had: An ID cert (using the main ID key), self-signed A link cert (using a shorter-term link key), signed by the ID key Once proposal 176 and 179 are done, we will also have: Optionally, a presentation cert (… [View More]using the link key), signed by whomever. An authentication cert (using a shorter-term ID key), signed by the ID key. These new keys are managed as part of the tls context infrastructure, since you want to rotate them under exactly the same circumstances, and since they need X509 certificates. --- src/common/tortls.c | 46 ++++++++++++++++++++++++++++++++++------------ 1 files changed, 34 insertions(+), 12 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 5d36fd0..e275307 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -112,9 +112,11 @@ struct tor_cert_t { typedef struct tor_tls_context_t { int refcnt; SSL_CTX *ctx; - tor_cert_t *my_cert; + tor_cert_t *my_link_cert; tor_cert_t *my_id_cert; - crypto_pk_env_t *key; + tor_cert_t *my_auth_cert; + crypto_pk_env_t *link_key; + crypto_pk_env_t *auth_key; } tor_tls_context_t; #define TOR_TLS_MAGIC 0x71571571 @@ -811,9 +813,11 @@ tor_tls_context_decref(tor_tls_context_t *ctx) tor_assert(ctx); if (--ctx->refcnt == 0) { SSL_CTX_free(ctx->ctx); - tor_cert_free(ctx->my_cert); + tor_cert_free(ctx->my_link_cert); tor_cert_free(ctx->my_id_cert); - crypto_free_pk_env(ctx->key); + tor_cert_free(ctx->my_auth_cert); + crypto_free_pk_env(ctx->link_key); + crypto_free_pk_env(ctx->auth_key); tor_free(ctx); } } @@ -832,7 +836,7 @@ tor_tls_get_my_certs(int server, if (! ctx) return -1; if (link_cert_out) - *link_cert_out = ctx->my_cert; + *link_cert_out = server ? ctx->my_link_cert : ctx->my_auth_cert; if (id_cert_out) *id_cert_out = ctx->my_id_cert; return 0; @@ -1050,37 +1054,48 @@ tor_tls_context_init_one(tor_tls_context_t **ppcontext, static tor_tls_context_t * tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) { - crypto_pk_env_t *rsa = NULL; + crypto_pk_env_t *rsa = NULL, *rsa_auth = NULL; EVP_PKEY *pkey = NULL; tor_tls_context_t *result = NULL; - X509 *cert = NULL, *idcert = NULL; + X509 *cert = NULL, *idcert = NULL, *authcert = NULL; char *nickname = NULL, *nn2 = NULL; tor_tls_init(); nickname = crypto_random_hostname(8, 20, "www.", ".net"); nn2 = crypto_random_hostname(8, 20, "www.", ".net"); - /* Generate short-term RSA key. */ + /* Generate short-term RSA key for use with TLS. */ if (!(rsa = crypto_new_pk_env())) goto error; if (crypto_pk_generate_key(rsa)<0) goto error; - /* Create certificate signed by identity key. */ + /* Generate short-term RSA key for use in the in-protocol ("v3") + * authentication handshake. */ + if (!(rsa_auth = crypto_new_pk_env())) + goto error; + if (crypto_pk_generate_key(rsa_auth)<0) + goto error; + /* Create a link certificate signed by identity key. */ cert = tor_tls_create_certificate(rsa, identity, nickname, nn2, key_lifetime); /* Create self-signed certificate for identity key. */ idcert = tor_tls_create_certificate(identity, identity, nn2, nn2, IDENTITY_CERT_LIFETIME); - if (!cert || !idcert) { + /* Create an authentication certificate signed by identity key. */ + authcert = tor_tls_create_certificate(rsa_auth, identity, nickname, nn2, + key_lifetime); + if (!cert || !idcert || !authcert) { log(LOG_WARN, LD_CRYPTO, "Error creating certificate"); goto error; } result = tor_malloc_zero(sizeof(tor_tls_context_t)); result->refcnt = 1; - result->my_cert = tor_cert_new(X509_dup(cert)); + result->my_link_cert = tor_cert_new(X509_dup(cert)); result->my_id_cert = tor_cert_new(X509_dup(idcert)); - result->key = crypto_pk_dup_key(rsa); + result->my_auth_cert = tor_cert_new(X509_dup(authcert)); + result->link_key = crypto_pk_dup_key(rsa); + result->auth_key = crypto_pk_dup_key(rsa_auth); #ifdef EVERYONE_HAS_AES /* Tell OpenSSL to only use TLS1 */ @@ -1146,6 +1161,9 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) if (rsa) crypto_free_pk_env(rsa); + if (rsa_auth) + crypto_free_pk_env(rsa_auth); + X509_free(authcert); tor_free(nickname); tor_free(nn2); return result; @@ -1158,12 +1176,16 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) EVP_PKEY_free(pkey); if (rsa) crypto_free_pk_env(rsa); + if (rsa_auth) + crypto_free_pk_env(rsa_auth); if (result) tor_tls_context_decref(result); if (cert) X509_free(cert); if (idcert) X509_free(idcert); + if (authcert) + X509_free(authcert); return NULL; } [View Less]

1 0

[tor/master] Function to get digests of the certs and their keys
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit 8c9fdecfe9e6c93e678a5917e302aa18ada8a3b6 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Sep 14 14:43:44 2011 -0400 Function to get digests of the certs and their keys --- src/common/tortls.c | 14 ++++++++++++++ src/common/tortls.h | 2 ++ 2 files changed, 16 insertions(+), 0 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 0ba47ba..1435223 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -789,6 +789,20 @@ … [View More]

1 0

[tor/master] Functions to send cert and auth_challenge cells.
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit df78daa5da0fd27fdd2fd8ad13aa12e74696a4ef Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Sep 13 11:38:38 2011 -0400 Functions to send cert and auth_challenge cells. --- src/or/connection_or.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++ src/or/connection_or.h | 3 ++ src/or/or.h | 15 ++++++++- 3 files changed, 98 insertions(+), 1 deletions(-) diff --git a/src/or/connection_or.c b/src/or/connection_or.c index b146efb..dcb838b 100644 ---… [View More] a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1761,3 +1761,84 @@ connection_or_send_netinfo(or_connection_t *conn) return 0; } +/** DOCDOC */ +#define OR_CERT_TYPE_TLS_LINK 1 +#define OR_CERT_TYPE_ID_1024 2 + +/** Send a CERT cell on the connection conn. Return 0 on success, -1 + * on failure. */ +int +connection_or_send_cert_cell(or_connection_t *conn) +{ + const tor_cert_t *link_cert = NULL, *id_cert = NULL; + const uint8_t *link_encoded = NULL, *id_encoded = NULL; + size_t link_len, id_len; + var_cell_t *cell; + size_t cell_len; + int pos; + + tor_assert(conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3); + + if (! conn->handshake_state) + return -1; + if (tor_tls_get_my_certs(! conn->handshake_state->started_here, + &link_cert, &id_cert) < 0) + return -1; + tor_cert_get_der(link_cert, &link_encoded, &link_len); + tor_cert_get_der(id_cert, &id_encoded, &id_len); + + cell_len = 1 /* 1 octet: num certs in cell */ + + 2 * ( 1 + 2 ) /* For each cert: 1 octet for type, 2 for length */ + + link_len + id_len; + cell = var_cell_new(cell_len); + cell->command = CELL_CERT; + cell->payload[0] = 2; + pos = 1; + + cell->payload[pos] = OR_CERT_TYPE_TLS_LINK; /* Link cert */ + set_uint16(&cell->payload[pos+1], htons(link_len)); + memcpy(&cell->payload[pos+3], link_encoded, link_len); + pos += 3 + link_len; + + cell->payload[pos] = OR_CERT_TYPE_ID_1024; /* ID cert */ + set_uint16(&cell->payload[pos+1], htons(id_len)); + memcpy(&cell->payload[pos+3], id_encoded, id_len); + pos += 3 + id_len; + + tor_assert(pos == (int)cell_len); /* Otherwise we just smashed the heap */ + + connection_or_write_var_cell_to_buf(cell, conn); + var_cell_free(cell); + + return 0; +} + +/** Send an AUTH_CHALLENGE cell on the connection conn. Return 0 + * on success, -1 on failure. */ +int +connection_or_send_auth_challenge_cell(or_connection_t *conn) +{ + var_cell_t *cell; + uint8_t *cp; + uint8_t challenge[OR_AUTH_CHALLENGE_LEN]; + tor_assert(conn->_base.state == OR_CONN_STATE_OR_HANDSHAKING_V3); + + if (! conn->handshake_state) + return -1; + + if (crypto_rand((char*)challenge, OR_AUTH_CHALLENGE_LEN) < 0) + return -1; + cell = var_cell_new(OR_AUTH_CHALLENGE_LEN + 4); + cell->command = CELL_AUTH_CHALLENGE; + memcpy(cell->payload, challenge, OR_AUTH_CHALLENGE_LEN); + cp = cell->payload + OR_AUTH_CHALLENGE_LEN; + set_uint16(cp, htons(1)); /* We recognize one authentication type. */ + set_uint16(cp+2, htons(AUTHTYPE_RSA_SHA256_TLSSECRET)); + + connection_or_write_var_cell_to_buf(cell, conn); + var_cell_free(cell); + memset(challenge, 0, sizeof(challenge)); + + return 0; +} + diff --git a/src/or/connection_or.h b/src/or/connection_or.h index 072edbd..6e50e29 100644 --- a/src/or/connection_or.h +++ b/src/or/connection_or.h @@ -50,6 +50,9 @@ void connection_or_write_var_cell_to_buf(const var_cell_t *cell, int connection_or_send_destroy(circid_t circ_id, or_connection_t *conn, int reason); int connection_or_send_netinfo(or_connection_t *conn); +int connection_or_send_cert_cell(or_connection_t *conn); +int connection_or_send_auth_challenge_cell(or_connection_t *conn); + int is_or_protocol_version_known(uint16_t version); void cell_pack(packed_cell_t *dest, const cell_t *src); diff --git a/src/or/or.h b/src/or/or.h index ef4ddbd..ebf9ab5 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1084,7 +1084,10 @@ typedef struct listener_connection_t { } listener_connection_t; -/** Stores flags and information related to the portion of a v2 Tor OR +/** Minimum length of the random part of an AUTH_CHALLENGE cell. */ +#define OR_AUTH_CHALLENGE_LEN 32 + +/** Stores flags and information related to the portion of a v2/v3 Tor OR * connection handshake that happens after the TLS handshake is finished. */ typedef struct or_handshake_state_t { @@ -1095,6 +1098,16 @@ typedef struct or_handshake_state_t { unsigned int started_here : 1; /** True iff we have received and processed a VERSIONS cell. */ unsigned int received_versions : 1; + + /** Digests of the cells that we have sent or received as part of a V3 + * handshake. Used for making and checking AUTHENTICATE cells. + * + * @{ + */ + crypto_digest_env_t *digest_sent; + crypto_digest_env_t *digest_received; + /** @} */ + } or_handshake_state_t; /** Subtype of connection_t for an "OR connection" -- that is, one that speaks [View Less]

1 0

[tor/master] Turn X509 certificates into a first-class type and add some functions
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit c0bbcf138fa4e7d8e1974ed91718025d0dd5cc7a Author: Nick Mathewson <nickm(a)torproject.org> Date: Tue Sep 13 11:37:15 2011 -0400 Turn X509 certificates into a first-class type and add some functions --- src/common/tortls.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++++-- src/common/tortls.h | 11 ++++ 2 files changed, 155 insertions(+), 6 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 1bb9c74..b711967 100644 --- a/src/common/tortls.c +++ … [View More]b/src/common/tortls.c @@ -97,14 +97,23 @@ static int use_unsafe_renegotiation_op = 0; * SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION? */ static int use_unsafe_renegotiation_flag = 0; +/** Structure that we use for a single certificate. */ +struct tor_cert_t { + X509 *cert; + uint8_t *encoded; + size_t encoded_len; + digests_t cert_digests; + digests_t pkey_digests; +}; + /** Holds a SSL_CTX object and related state used to configure TLS * connections. */ typedef struct tor_tls_context_t { int refcnt; SSL_CTX *ctx; - X509 *my_cert; - X509 *my_id_cert; + tor_cert_t *my_cert; + tor_cert_t *my_id_cert; crypto_pk_env_t *key; } tor_tls_context_t; @@ -670,6 +679,115 @@ static const int N_CLIENT_CIPHERS = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) #endif +/** Free all storage held in cert */ +void +tor_cert_free(tor_cert_t *cert) +{ + if (! cert) + return; + if (cert->cert) + X509_free(cert->cert); + tor_free(cert->encoded); + memset(cert, 0x03, sizeof(cert)); + tor_free(cert); +} + +/** + * Allocate a new tor_cert_t to hold the certificate "x509_cert". + * + * Steals a reference to x509_cert. + */ +static tor_cert_t * +tor_cert_new(X509 *x509_cert) +{ + tor_cert_t *cert; + EVP_PKEY *pkey; + RSA *rsa; + int length = i2d_X509(x509_cert, NULL), length2; + unsigned char *cp; + + cert = tor_malloc_zero(sizeof(tor_cert_t)); + if (length <= 0) { + tor_free(cert); + log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate"); + X509_free(x509_cert); + return NULL; + } + cert->encoded_len = (size_t) length; + cp = cert->encoded = tor_malloc(length); + length2 = i2d_X509(x509_cert, &cp); + tor_assert(length2 == length); + + cert->cert = x509_cert; + + crypto_digest_all(&cert->cert_digests, + (char*)cert->encoded, cert->encoded_len); + + if ((pkey = X509_get_pubkey(x509_cert)) && + (rsa = EVP_PKEY_get1_RSA(pkey))) { + crypto_pk_env_t *pk = _crypto_new_pk_env_rsa(rsa); + crypto_pk_get_all_digests(pk, &cert->pkey_digests); + crypto_free_pk_env(pk); + EVP_PKEY_free(pkey); + } + + return cert; +} + +/** Read a DER-encoded X509 cert, of length exactly certificate_len, + * from a certificate. Return a newly allocated tor_cert_t on success + * and NULL on failure. */ +tor_cert_t * +tor_cert_decode(const uint8_t *certificate, size_t certificate_len) +{ + X509 *x509; + const unsigned char *cp = (const unsigned char *)certificate; + tor_cert_t *newcert; + tor_assert(certificate); + + if (certificate_len > INT_MAX) + return NULL; + +#if OPENSSL_VERSION_NUMBER < 0x00908000l + /* This ifdef suppresses a type warning. Take out this case once everybody + * is using OpenSSL 0.9.8 or later. */ + x509 = d2i_X509(NULL, (unsigned char**)&cp, (int)certificate_len); +#else + x509 = d2i_X509(NULL, &cp, (int)certificate_len); +#endif + if (!x509) + return NULL; /* Couldn't decode */ + if (cp - certificate != (int)certificate_len) { + X509_free(x509); + return NULL; /* Didn't use all the bytes */ + } + newcert = tor_cert_new(x509); + if (!newcert) { + X509_free(x509); + return NULL; + } + if (newcert->encoded_len != certificate_len || + fast_memneq(newcert->encoded, certificate, certificate_len)) { + /* Cert wasn't in DER */ + tor_cert_free(newcert); + return NULL; + } + return newcert; +} + +/** Set *encoded_out and *size_out/b> to cert's encoded DER + * representation and length, respectively. */ +void +tor_cert_get_der(const tor_cert_t *cert, + const uint8_t **encoded_out, size_t *size_out) +{ + tor_assert(cert); + tor_assert(encoded_out); + tor_assert(size_out); + *encoded_out = cert->encoded; + *size_out = cert->encoded_len; +} + /** Remove a reference to ctx, and free it if it has no more * references. */ static void @@ -678,13 +796,33 @@ tor_tls_context_decref(tor_tls_context_t *ctx) tor_assert(ctx); if (--ctx->refcnt == 0) { SSL_CTX_free(ctx->ctx); - X509_free(ctx->my_cert); - X509_free(ctx->my_id_cert); + tor_cert_free(ctx->my_cert); + tor_cert_free(ctx->my_id_cert); crypto_free_pk_env(ctx->key); tor_free(ctx); } } +/** Set *link_cert_out and *id_cert_out to the link certificate + * and ID certificate that we're currently using for our V3 in-protocol + * handshake's certificate chain. If server is true, provide the certs + * that we use in server mode; otherwise, provide the certs that we use in + * client mode. */ +int +tor_tls_get_my_certs(int server, + const tor_cert_t **link_cert_out, + const tor_cert_t **id_cert_out) +{ + tor_tls_context_t *ctx = server ? server_tls_context : client_tls_context; + if (! ctx) + return -1; + if (link_cert_out) + *link_cert_out = ctx->my_cert; + if (id_cert_out) + *id_cert_out = ctx->my_id_cert; + return 0; +} + /** Increase the reference count of ctx. */ static void tor_tls_context_incref(tor_tls_context_t *ctx) @@ -813,8 +951,8 @@ tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime) result = tor_malloc_zero(sizeof(tor_tls_context_t)); result->refcnt = 1; - result->my_cert = X509_dup(cert); - result->my_id_cert = X509_dup(idcert); + result->my_cert = tor_cert_new(X509_dup(cert)); + result->my_id_cert = tor_cert_new(X509_dup(idcert)); result->key = crypto_pk_dup_key(rsa); #ifdef EVERYONE_HAS_AES diff --git a/src/common/tortls.h b/src/common/tortls.h index 9b8108b..c55da4a 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -17,6 +17,9 @@ /* Opaque structure to hold a TLS connection. */ typedef struct tor_tls_t tor_tls_t; +/* Opaque structure to hold an X509 certificate. */ +typedef struct tor_cert_t tor_cert_t; + /* Possible return values for most tor_tls_* functions. */ #define _MIN_TOR_TLS_ERROR_VAL -9 #define TOR_TLS_ERROR_MISC -9 @@ -104,5 +107,13 @@ struct bufferevent *tor_tls_init_bufferevent(tor_tls_t *tls, int filter); #endif +void tor_cert_free(tor_cert_t *cert); +tor_cert_t *tor_cert_decode(const uint8_t *certificate, size_t certificate_len); +void tor_cert_get_der(const tor_cert_t *cert, + const uint8_t **encoded_out, size_t *size_out); +int tor_tls_get_my_certs(int server, + const tor_cert_t **link_cert_out, + const tor_cert_t **id_cert_out); + #endif [View Less]

1 0

[tor/master] Functions to get a public RSA key from a cert
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit 0a4f56277290d4736db3b15dc4c2071000f7883f Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Sep 22 10:18:17 2011 -0400 Functions to get a public RSA key from a cert --- src/common/tortls.c | 34 ++++++++++++++++++++++++++++++++++ src/common/tortls.h | 2 ++ 2 files changed, 36 insertions(+), 0 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 332d784..5d36fd0 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -838,6 +838,40 @@ … [View More]

1 0

[tor/master] Function to detect certificate types that signal v3 certificates
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit 92602345e001d8e66038d5d98cbb21eea5ef40c9 Author: Nick Mathewson <nickm(a)torproject.org> Date: Fri Sep 16 17:48:20 2011 -0400 Function to detect certificate types that signal v3 certificates --- src/common/tortls.c | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/common/tortls.h | 1 + 2 files changed, 72 insertions(+), 0 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 1435223..332d784 100644 --- a/src/common/tortls.c +++ b/src/… [View More]common/tortls.c @@ -2075,6 +2075,77 @@ tor_tls_used_v1_handshake(tor_tls_t *tls) return 1; } +/** Return true iff name is a DN of a kind that could only + * occur in a v3-handshake-indicating certificate */ +static int +dn_indicates_v3_cert(X509_NAME *name) +{ + X509_NAME_ENTRY *entry; + int n_entries; + ASN1_OBJECT *obj; + ASN1_STRING *str; + unsigned char *s; + int len, r; + + n_entries = X509_NAME_entry_count(name); + if (n_entries != 1) + return 1; /* More than one entry in the DN. */ + entry = X509_NAME_get_entry(name, 0); + + obj = X509_NAME_ENTRY_get_object(entry); + if (OBJ_obj2nid(obj) != OBJ_txt2nid("commonName")) + return 1; /* The entry isn't a commonName. */ + + str = X509_NAME_ENTRY_get_data(entry); + len = ASN1_STRING_to_UTF8(&s, str); + if (len < 0) + return 0; + r = fast_memneq(s + len - 4, ".net", 4); + OPENSSL_free(s); + return r; +} + +/** Return true iff the peer certificate we're received on tls + * indicates that this connection should use the v3 (in-protocol) + * authentication handshake. + * + * Only the connection initiator should use this, and only once the initial + * handshake is done; the responder detects a v1 handshake by cipher types, + * and a v3/v2 handshake by Versions cell vs renegotiation. + */ +int +tor_tls_received_v3_certificate(tor_tls_t *tls) +{ + X509 *cert = SSL_get_peer_certificate(tls->ssl); + EVP_PKEY *key; + X509_NAME *issuer_name, *subject_name; + + if (!cert) { + log_warn(LD_BUG, "Called on a connection with no peer certificate"); + return 0; + } + + subject_name = X509_get_subject_name(cert); + issuer_name = X509_get_issuer_name(cert); + + if (X509_name_cmp(subject_name, issuer_name) == 0) + return 1; /* purportedly self signed */ + + if (dn_indicates_v3_cert(subject_name) || + dn_indicates_v3_cert(issuer_name)) + return 1; /* DN is fancy */ + + key = X509_get_pubkey(cert); + if (EVP_PKEY_bits(key) != 1024 || + EVP_PKEY_type(key->type) != EVP_PKEY_RSA) { + EVP_PKEY_free(key); + return 1; /* Key is fancy */ + } + + EVP_PKEY_free(key); + return 0; +} + /** Return the number of server handshakes that we've noticed doing on * tls. */ int diff --git a/src/common/tortls.h b/src/common/tortls.h index 40eb830..70d24a5 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -88,6 +88,7 @@ void tor_tls_get_buffer_sizes(tor_tls_t *tls, size_t *wbuf_capacity, size_t *wbuf_bytes); int tor_tls_used_v1_handshake(tor_tls_t *tls); +int tor_tls_received_v3_certificate(tor_tls_t *tls); int tor_tls_get_num_server_handshakes(tor_tls_t *tls); int tor_tls_server_got_renegotiate(tor_tls_t *tls); int tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out); [View Less]

1 0

[tor/master] More functions to manipulate certs received in cells
by nickm＠torproject.org 11 Oct '11

11 Oct '11

commit f4c1fa2a04c310c4e0274129bb2fff2aacb59248 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Sep 14 13:04:48 2011 -0400 More functions to manipulate certs received in cells --- src/common/tortls.c | 118 +++++++++++++++++++++++++++++++++++++++++++++------ src/common/tortls.h | 3 + 2 files changed, 108 insertions(+), 13 deletions(-) diff --git a/src/common/tortls.c b/src/common/tortls.c index 2b12eea..0ba47ba 100644 --- a/src/common/tortls.c +++ b/src/common/… [View More]tortls.c @@ -207,6 +207,7 @@ static int tor_tls_context_init_one(tor_tls_context_t **ppcontext, unsigned int key_lifetime); static tor_tls_context_t *tor_tls_context_new(crypto_pk_env_t *identity, unsigned int key_lifetime); +static int check_cert_lifetime_internal(const X509 *cert, int tolerance); /** Global TLS contexts. We keep them here because nobody else needs * to touch them. */ @@ -823,6 +824,84 @@ tor_tls_get_my_certs(int server, return 0; } +/** Return true iff a and b represent the same public key. */ +static int +pkey_eq(EVP_PKEY *a, EVP_PKEY *b) +{ + /* We'd like to do this, but openssl 0.9.7 doesn't have it: + return EVP_PKEY_cmp(a,b) == 1; + */ + unsigned char *a_enc=NULL, *b_enc=NULL, *a_ptr, *b_ptr; + int a_len1, b_len1, a_len2, b_len2, result; + a_len1 = i2d_PublicKey(a, NULL); + b_len1 = i2d_PublicKey(b, NULL); + if (a_len1 != b_len1) + return 0; + a_ptr = a_enc = tor_malloc(a_len1); + b_ptr = b_enc = tor_malloc(b_len1); + a_len2 = i2d_PublicKey(a, &a_ptr); + b_len2 = i2d_PublicKey(b, &b_ptr); + tor_assert(a_len2 == a_len1); + tor_assert(b_len2 == b_len1); + result = tor_memeq(a_enc, b_enc, a_len1); + tor_free(a_enc); + tor_free(b_enc); + return result; +} + +/** Return true iff the other side of tls has authenticated to us, and + * the key certified in cert is the same as the key they used to do it. + */ +int +tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert) +{ + X509 *peercert = SSL_get_peer_certificate(tls->ssl); + EVP_PKEY *link_key = NULL, *cert_key = NULL; + int result; + + if (!peercert) + return 0; + link_key = X509_get_pubkey(peercert); + cert_key = X509_get_pubkey(cert->cert); + + result = link_key && cert_key && pkey_eq(cert_key, link_key); + + X509_free(peercert); + if (link_key) + EVP_PKEY_free(link_key); + if (cert_key) + EVP_PKEY_free(cert_key); + + return result; +} + +/** Check wither cert is well-formed, currently live, and correctly + * signed by the public key in signing_cert. Return 0 if the cert is + * good, and -1 if it's bad or we couldn't check it. */ +int +tor_tls_cert_is_valid(const tor_cert_t *cert, + const tor_cert_t *signing_cert) +{ + EVP_PKEY *signing_key = X509_get_pubkey(signing_cert->cert); + int r; + if (!signing_key) + return 0; + r = X509_verify(cert->cert, signing_key); + EVP_PKEY_free(signing_key); + if (r <= 0) + return 0; + + /* okay, the signature checked out right. Now let's check the check the + * lifetime. */ + /*XXXX tolerance might be iffy here */ + if (check_cert_lifetime_internal(cert->cert, 60*60) < 0) + return 0; + + /* XXXX compare DNs or anything? */ + + return -1; +} + /** Increase the reference count of ctx. */ static void tor_tls_context_incref(tor_tls_context_t *ctx) @@ -1709,7 +1788,7 @@ tor_tls_peer_has_cert(tor_tls_t *tls) /** Warn that a certificate lifetime extends through a certain range. */ static void -log_cert_lifetime(X509 *cert, const char *problem) +log_cert_lifetime(const X509 *cert, const char *problem) { BIO *bio = NULL; BUF_MEM *buf; @@ -1856,25 +1935,14 @@ tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_env_t **identity_key) int tor_tls_check_lifetime(tor_tls_t *tls, int tolerance) { - time_t now, t; X509 *cert; int r = -1; - now = time(NULL); - if (!(cert = SSL_get_peer_certificate(tls->ssl))) goto done; - t = now + tolerance; - if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) { - log_cert_lifetime(cert, "not yet valid"); + if (check_cert_lifetime_internal(cert, tolerance) < 0) goto done; - } - t = now - tolerance; - if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) { - log_cert_lifetime(cert, "already expired"); - goto done; - } r = 0; done: @@ -1886,6 +1954,30 @@ tor_tls_check_lifetime(tor_tls_t *tls, int tolerance) return r; } +/** Helper: check whether cert is currently live, give or take + * tolerance seconds. If it is live, return 0. If it is not live, + * log a message and return -1. */ +static int +check_cert_lifetime_internal(const X509 *cert, int tolerance) +{ + time_t now, t; + + now = time(NULL); + + t = now + tolerance; + if (X509_cmp_time(X509_get_notBefore(cert), &t) > 0) { + log_cert_lifetime(cert, "not yet valid"); + return -1; + } + t = now - tolerance; + if (X509_cmp_time(X509_get_notAfter(cert), &t) < 0) { + log_cert_lifetime(cert, "already expired"); + return -1; + } + + return 0; +} + /** Return the number of bytes available for reading from tls. */ int diff --git a/src/common/tortls.h b/src/common/tortls.h index a6aed29..36309af 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -115,6 +115,9 @@ void tor_cert_get_der(const tor_cert_t *cert, int tor_tls_get_my_certs(int server, const tor_cert_t **link_cert_out, const tor_cert_t **id_cert_out); +int tor_tls_cert_matches_key(const tor_tls_t *tls, const tor_cert_t *cert); +int tor_tls_cert_is_valid(const tor_cert_t *cert, + const tor_cert_t *signing_cert); #endif [View Less]

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits October 2011