piros
/
tor


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677
							/* Copyright (c) 2017, The Tor Project, Inc. */
/* See LICENSE for licensing information */

#ifndef TOR_HS_NTOR_H
#define TOR_HS_NTOR_H

#include "or.h"

/* Key material needed to encode/decode INTRODUCE1 cells */
typedef struct {
  /* Key used for encryption of encrypted INTRODUCE1 blob */
  uint8_t enc_key[CIPHER256_KEY_LEN];
  /* MAC key used to protect encrypted INTRODUCE1 blob */
  uint8_t mac_key[DIGEST256_LEN];
} hs_ntor_intro_cell_keys_t;

/* Key material needed to encode/decode RENDEZVOUS1 cells */
typedef struct {
  /* This is the MAC of the HANDSHAKE_INFO field */
  uint8_t rend_cell_auth_mac[DIGEST256_LEN];
  /* This is the key seed used to derive further rendezvous crypto keys as
   * detailed in section 4.2.1 of rend-spec-ng.txt. */
  uint8_t ntor_key_seed[DIGEST256_LEN];
} hs_ntor_rend_cell_keys_t;

/* Key material resulting from key expansion as detailed in section "4.2.1. Key
 * expansion" of rend-spec-ng.txt. */
typedef struct {
  /* Per-circuit key material used in ESTABLISH_INTRO cell */
  uint8_t KH[DIGEST256_LEN];
  /* Authentication key for outgoing RELAY cells */
  uint8_t Df[DIGEST256_LEN];
  /* Authentication key for incoming RELAY cells */
  uint8_t Db[DIGEST256_LEN];
  /* Encryption key for outgoing RELAY cells */
  uint8_t Kf[CIPHER256_KEY_LEN];
  /* Decryption key for incoming RELAY cells */
  uint8_t Kb[CIPHER256_KEY_LEN];
} hs_ntor_rend_circuit_keys_t;

int hs_ntor_client_get_introduce1_keys(
                      const ed25519_public_key_t *intro_auth_pubkey,
                      const curve25519_public_key_t *intro_enc_pubkey,
                      const curve25519_keypair_t *client_ephemeral_enc_keypair,
                      const uint8_t *subcredential,
                      hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out);

int hs_ntor_client_get_rendezvous1_keys(
                  const ed25519_public_key_t *intro_auth_pubkey,
                  const curve25519_keypair_t *client_ephemeral_enc_keypair,
                  const curve25519_public_key_t *intro_enc_pubkey,
                  const curve25519_public_key_t *service_ephemeral_rend_pubkey,
                  hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);

int hs_ntor_service_get_introduce1_keys(
                  const ed25519_public_key_t *intro_auth_pubkey,
                  const curve25519_keypair_t *intro_enc_keypair,
                  const curve25519_public_key_t *client_ephemeral_enc_pubkey,
                  const uint8_t *subcredential,
                  hs_ntor_intro_cell_keys_t *hs_ntor_intro_cell_keys_out);

int hs_ntor_service_get_rendezvous1_keys(
                  const ed25519_public_key_t *intro_auth_pubkey,
                  const curve25519_keypair_t *intro_enc_keypair,
                  const curve25519_keypair_t *service_ephemeral_rend_keypair,
                  const curve25519_public_key_t *client_ephemeral_enc_pubkey,
                  hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);

hs_ntor_rend_circuit_keys_t *hs_ntor_circuit_key_expansion(
                       const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys);

int hs_ntor_client_rendezvous2_mac_is_good(
                        const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys,
                        const uint8_t *rcvd_mac);

#endif