Opened 4 years ago

Closed 4 years ago

#16035 closed defect (worksforme)

Implement proposal 244: RFC5705 for exporting key material in tls handshake

Reported by: nickm Owned by: nickm
Priority: Medium Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: TorCoreTeam201509, 028-triaged
Cc: Actual Points:
Parent ID: #15055 Points: small
Reviewer: Sponsor:


From the proposal:
{{{ We use AUTHENTICATE cells to bind the connection-initiator's Tor

identity to a TLS session. Our current type of authentication
("RSA-SHA256-TLSSecret", see tor-spec.txt section 4.4) does this by
signing a document that includes an HMAC of client_random and
server_random, using the TLS master secret as a secret key.

There is a more standard way to get at this information, by using the
facility defined in RFC5705. Further, it is likely to continue to.
work with more TLS libraries, including TLS libraries like OpenSSL 1.1
that make master secrets and session data opaque.


This is easy, and easily done as part of #15055

Child Tickets

Change History (7)

comment:1 Changed 4 years ago by nickm

My branch for #15055 now contains code for this.

comment:2 Changed 4 years ago by nickm

Keywords: TorCoreTeam201508 added

comment:3 Changed 4 years ago by nickm

Status: newneeds_review

comment:4 Changed 4 years ago by nickm

Keywords: TorCoreTeam201509 added; TorCoreTeam201508 removed
Milestone: Tor: 0.2.7.x-finalTor: 0.2.8.x-final
Owner: set to nickm
Status: needs_reviewassigned

comment:5 Changed 4 years ago by nickm

Status: assignedneeds_review

comment:6 Changed 4 years ago by nickm

Keywords: 028-triaged added

comment:7 Changed 4 years ago by nickm

Points: small
Resolution: worksforme
Status: needs_reviewclosed

This is done as part of 15055; folding this back into that one.

Note: See TracTickets for help on using tickets.