[tor-commits] [tor/master] Function to extract the TLSSECRETS field for v3 handshakes

Tue Oct 11 03:22:15 UTC 2011

commit c39688de6c5d4bf19739ecffb2e98aa560a4630a
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Sep 13 13:46:21 2011 -0400

    Function to extract the TLSSECRETS field for v3 handshakes
---
 src/common/tortls.c |   30 ++++++++++++++++++++++++++++++
 src/common/tortls.h |    1 +
 2 files changed, 31 insertions(+), 0 deletions(-)

diff --git a/src/common/tortls.c b/src/common/tortls.c
index b711967..2b12eea 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1985,6 +1985,36 @@ tor_tls_server_got_renegotiate(tor_tls_t *tls)
   return tls->got_renegotiate;
 }
 
+/** Set the DIGEST256_LEN buffer at <b>secrets_out</b> to the value used in
+ * the v3 handshake to prove that the client knows the TLS secrets for the
+ * connection <b>tls</b>.  Return 0 on success, -1 on failure.
+ */
+int
+tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out)
+{
+#define TLSSECRET_MAGIC "Tor V3 handshake TLS cross-certification"
+  char buf[128];
+  size_t len;
+  tor_assert(tls);
+  tor_assert(tls->ssl);
+  tor_assert(tls->ssl->s3);
+  tor_assert(tls->ssl->session);
+  /*
+    The value is an HMAC, using the TLS master key as the HMAC key, of
+    client_random | server_random | TLSSECRET_MAGIC
+  */
+  memcpy(buf +  0, tls->ssl->s3->client_random, 32);
+  memcpy(buf + 32, tls->ssl->s3->server_random, 32);
+  memcpy(buf + 64, TLSSECRET_MAGIC, strlen(TLSSECRET_MAGIC) + 1);
+  len = 64 + strlen(TLSSECRET_MAGIC) + 1;
+  crypto_hmac_sha256((char*)secrets_out,
+                     (char*)tls->ssl->session->master_key,
+                     tls->ssl->session->master_key_length,
+                     buf, len);
+  memset(buf, 0, sizeof(buf));
+  return 0;
+}
+
 /** Examine the amount of memory used and available for buffers in <b>tls</b>.
  * Set *<b>rbuf_capacity</b> to the amount of storage allocated for the read
  * buffer and *<b>rbuf_bytes</b> to the amount actually used.
diff --git a/src/common/tortls.h b/src/common/tortls.h
index c55da4a..a6aed29 100644
--- a/src/common/tortls.h
+++ b/src/common/tortls.h
@@ -90,6 +90,7 @@ void tor_tls_get_buffer_sizes(tor_tls_t *tls,
 int tor_tls_used_v1_handshake(tor_tls_t *tls);
 int tor_tls_get_num_server_handshakes(tor_tls_t *tls);
 int tor_tls_server_got_renegotiate(tor_tls_t *tls);
+int tor_tls_get_tlssecrets(tor_tls_t *tls, uint8_t *secrets_out);
 
 /* Log and abort if there are unhandled TLS errors in OpenSSL's error stack.
  */



