piros
/
tor


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259
							/* Copyright (c) 2017-2018, The Tor Project, Inc. */
/* See LICENSE for licensing information */

/** This is a wrapper over the little-t-tor HS ntor functions. The wrapper is
 *  used by src/test/hs_ntor_ref.py to conduct the HS ntor integration
 *  tests.
 *
 *  The logic of this wrapper is basically copied from src/test/test_ntor_cl.c
 */

#include "orconfig.h"
#include <stdio.h>
#include <stdlib.h>

#define ONION_NTOR_PRIVATE
#include "core/or/or.h"
#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/crypt_ops/crypto_curve25519.h"
#include "lib/crypt_ops/crypto_ed25519.h"
#include "lib/crypt_ops/crypto_format.h"
#include "lib/crypt_ops/crypto_init.h"
#include "core/crypto/hs_ntor.h"
#include "core/crypto/onion_ntor.h"

#define N_ARGS(n) STMT_BEGIN {                                  \
    if (argc < (n)) {                                           \
      fprintf(stderr, "%s needs %d arguments.\n",argv[1],n);    \
      return 1;                                                 \
    }                                                           \
  } STMT_END
#define BASE16(idx, var, n) STMT_BEGIN {                                \
    const char *s = argv[(idx)];                                        \
    if (base16_decode((char*)var, n, s, strlen(s)) < (int)n ) {              \
      fprintf(stderr, "couldn't decode argument %d (%s)\n",idx,s);      \
      return 1;                                                         \
    }                                                                   \
  } STMT_END
#define INT(idx, var) STMT_BEGIN {                                      \
    var = atoi(argv[(idx)]);                                            \
    if (var <= 0) {                                                     \
      fprintf(stderr, "bad integer argument %d (%s)\n",idx,argv[(idx)]); \
    }                                                                   \
  } STMT_END

/** The first part of the HS ntor protocol. The client-side computes all
    necessary key material and sends the appropriate message to the service. */
static int
client1(int argc, char **argv)
{
  int retval;

  /* Inputs */
  curve25519_public_key_t intro_enc_pubkey;
  ed25519_public_key_t intro_auth_pubkey;
  curve25519_keypair_t client_ephemeral_enc_keypair;
  uint8_t subcredential[DIGEST256_LEN];

  /* Output */
  hs_ntor_intro_cell_keys_t hs_ntor_intro_cell_keys;

  char buf[256];

  N_ARGS(6);
  BASE16(2, intro_auth_pubkey.pubkey, ED25519_PUBKEY_LEN);
  BASE16(3, intro_enc_pubkey.public_key, CURVE25519_PUBKEY_LEN);
  BASE16(4, client_ephemeral_enc_keypair.seckey.secret_key,
         CURVE25519_SECKEY_LEN);
  BASE16(5, subcredential, DIGEST256_LEN);

  /* Generate keypair */
  curve25519_public_key_generate(&client_ephemeral_enc_keypair.pubkey,
                                 &client_ephemeral_enc_keypair.seckey);

  retval = hs_ntor_client_get_introduce1_keys(&intro_auth_pubkey,
                                              &intro_enc_pubkey,
                                              &client_ephemeral_enc_keypair,
                                              subcredential,
                                              &hs_ntor_intro_cell_keys);
  if (retval < 0) {
    goto done;
  }

  /* Send ENC_KEY */
  base16_encode(buf, sizeof(buf),
                (const char*)hs_ntor_intro_cell_keys.enc_key,
                sizeof(hs_ntor_intro_cell_keys.enc_key));
  printf("%s\n", buf);
  /* Send MAC_KEY */
  base16_encode(buf, sizeof(buf),
                (const char*)hs_ntor_intro_cell_keys.mac_key,
                sizeof(hs_ntor_intro_cell_keys.mac_key));
  printf("%s\n", buf);

 done:
  return retval;
}

/** The second part of the HS ntor protocol. The service-side computes all
    necessary key material and sends the appropriate message to the client */
static int
server1(int argc, char **argv)
{
  int retval;

  /* Inputs */
  curve25519_keypair_t intro_enc_keypair;
  ed25519_public_key_t intro_auth_pubkey;
  curve25519_public_key_t client_ephemeral_enc_pubkey;
  uint8_t subcredential[DIGEST256_LEN];

  /* Output */
  hs_ntor_intro_cell_keys_t hs_ntor_intro_cell_keys;
  hs_ntor_rend_cell_keys_t hs_ntor_rend_cell_keys;
  curve25519_keypair_t service_ephemeral_rend_keypair;

  char buf[256];

  N_ARGS(6);
  BASE16(2, intro_auth_pubkey.pubkey, ED25519_PUBKEY_LEN);
  BASE16(3, intro_enc_keypair.seckey.secret_key, CURVE25519_SECKEY_LEN);
  BASE16(4, client_ephemeral_enc_pubkey.public_key, CURVE25519_PUBKEY_LEN);
  BASE16(5, subcredential, DIGEST256_LEN);

  /* Generate keypair */
  curve25519_public_key_generate(&intro_enc_keypair.pubkey,
                                 &intro_enc_keypair.seckey);
  curve25519_keypair_generate(&service_ephemeral_rend_keypair, 0);

  /* Get INTRODUCE1 keys */
  retval = hs_ntor_service_get_introduce1_keys(&intro_auth_pubkey,
                                               &intro_enc_keypair,
                                               &client_ephemeral_enc_pubkey,
                                               subcredential,
                                               &hs_ntor_intro_cell_keys);
  if (retval < 0) {
    goto done;
  }

  /* Get RENDEZVOUS1 keys */
  retval = hs_ntor_service_get_rendezvous1_keys(&intro_auth_pubkey,
                                               &intro_enc_keypair,
                                               &service_ephemeral_rend_keypair,
                                               &client_ephemeral_enc_pubkey,
                                               &hs_ntor_rend_cell_keys);
  if (retval < 0) {
    goto done;
  }

  /* Send ENC_KEY */
  base16_encode(buf, sizeof(buf),
                (const char*)hs_ntor_intro_cell_keys.enc_key,
                sizeof(hs_ntor_intro_cell_keys.enc_key));
  printf("%s\n", buf);
  /* Send MAC_KEY */
  base16_encode(buf, sizeof(buf),
                (const char*)hs_ntor_intro_cell_keys.mac_key,
                sizeof(hs_ntor_intro_cell_keys.mac_key));
  printf("%s\n", buf);
  /* Send AUTH_MAC */
  base16_encode(buf, sizeof(buf),
                (const char*)hs_ntor_rend_cell_keys.rend_cell_auth_mac,
                sizeof(hs_ntor_rend_cell_keys.rend_cell_auth_mac));
  printf("%s\n", buf);
  /* Send NTOR_KEY_SEED */
  base16_encode(buf, sizeof(buf),
                (const char*)hs_ntor_rend_cell_keys.ntor_key_seed,
                sizeof(hs_ntor_rend_cell_keys.ntor_key_seed));
  printf("%s\n", buf);
  /* Send service ephemeral pubkey (Y) */
  base16_encode(buf, sizeof(buf),
                (const char*)service_ephemeral_rend_keypair.pubkey.public_key,
                sizeof(service_ephemeral_rend_keypair.pubkey.public_key));
  printf("%s\n", buf);

 done:
  return retval;
}

/** The final step of the ntor protocol, the client computes and returns the
 *  rendezvous key material. */
static int
client2(int argc, char **argv)
{
  int retval;

  /* Inputs */
  curve25519_public_key_t intro_enc_pubkey;
  ed25519_public_key_t intro_auth_pubkey;
  curve25519_keypair_t client_ephemeral_enc_keypair;
  curve25519_public_key_t service_ephemeral_rend_pubkey;
  uint8_t subcredential[DIGEST256_LEN];

  /* Output */
  hs_ntor_rend_cell_keys_t hs_ntor_rend_cell_keys;

  char buf[256];

  N_ARGS(7);
  BASE16(2, intro_auth_pubkey.pubkey, ED25519_PUBKEY_LEN);
  BASE16(3, client_ephemeral_enc_keypair.seckey.secret_key,
         CURVE25519_SECKEY_LEN);
  BASE16(4, intro_enc_pubkey.public_key, CURVE25519_PUBKEY_LEN);
  BASE16(5, service_ephemeral_rend_pubkey.public_key, CURVE25519_PUBKEY_LEN);
  BASE16(6, subcredential, DIGEST256_LEN);

  /* Generate keypair */
  curve25519_public_key_generate(&client_ephemeral_enc_keypair.pubkey,
                                 &client_ephemeral_enc_keypair.seckey);

  /* Get RENDEZVOUS1 keys */
  retval = hs_ntor_client_get_rendezvous1_keys(&intro_auth_pubkey,
                                               &client_ephemeral_enc_keypair,
                                               &intro_enc_pubkey,
                                               &service_ephemeral_rend_pubkey,
                                               &hs_ntor_rend_cell_keys);
  if (retval < 0) {
    goto done;
  }

  /* Send AUTH_MAC */
  base16_encode(buf, sizeof(buf),
                (const char*)hs_ntor_rend_cell_keys.rend_cell_auth_mac,
                sizeof(hs_ntor_rend_cell_keys.rend_cell_auth_mac));
  printf("%s\n", buf);
  /* Send NTOR_KEY_SEED */
  base16_encode(buf, sizeof(buf),
                (const char*)hs_ntor_rend_cell_keys.ntor_key_seed,
                sizeof(hs_ntor_rend_cell_keys.ntor_key_seed));
  printf("%s\n", buf);

 done:
  return 1;
}

/** Perform a different part of the protocol depdning on the argv used. */
int
main(int argc, char **argv)
{
  if (argc < 2) {
    fprintf(stderr, "I need arguments. Read source for more info.\n");
    return 1;
  }

  init_logging(1);
  curve25519_init();
  if (crypto_global_init(0, NULL, NULL) < 0)
    return 1;

  if (!strcmp(argv[1], "client1")) {
    return client1(argc, argv);
  } else if (!strcmp(argv[1], "server1")) {
    return server1(argc, argv);
  } else if (!strcmp(argv[1], "client2")) {
    return client2(argc, argv);
  } else {
    fprintf(stderr, "What's a %s?\n", argv[1]);
    return 1;
  }
}