[tor-commits] [tor/master] Implement proposal-214 rules for CircID checking.

nickm at torproject.org nickm at torproject.org
Fri Feb 15 21:23:51 UTC 2013


commit 8e8c0674c4729a6aa39ded658e800baa654fe289
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Nov 6 21:33:53 2012 -0500

    Implement proposal-214 rules for CircID checking.
---
 src/or/channel.c       |   14 ++++++++++++--
 src/or/channel.h       |    3 ++-
 src/or/channeltls.c    |    9 ++++++---
 src/or/connection_or.c |    3 ++-
 4 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/src/or/channel.c b/src/or/channel.c
index cbf7f99..9b353a1 100644
--- a/src/or/channel.c
+++ b/src/or/channel.c
@@ -4043,9 +4043,10 @@ channel_num_circuits(channel_t *chan)
  * This is called when setting up a channel and replaces the old
  * connection_or_set_circid_type()
  */
-
 void
-channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd)
+channel_set_circid_type(channel_t *chan,
+                        crypto_pk_t *identity_rcvd,
+                        int consider_identity)
 {
   int started_here;
   crypto_pk_t *our_identity;
@@ -4053,6 +4054,15 @@ channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd)
   tor_assert(chan);
 
   started_here = channel_is_outgoing(chan);
+
+  if (! consider_identity) {
+    if (started_here)
+      chan->circ_id_type = CIRC_ID_TYPE_HIGHER;
+    else
+      chan->circ_id_type = CIRC_ID_TYPE_LOWER;
+    return;
+  }
+
   our_identity = started_here ?
     get_tlsclient_identity_key() : get_server_identity_key();
 
diff --git a/src/or/channel.h b/src/or/channel.h
index 3cfc8b1..a21271c 100644
--- a/src/or/channel.h
+++ b/src/or/channel.h
@@ -449,7 +449,8 @@ int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info);
 int channel_matches_target_addr_for_extend(channel_t *chan,
                                            const tor_addr_t *target);
 unsigned int channel_num_circuits(channel_t *chan);
-void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd);
+void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd,
+                             int consider_identity);
 void channel_timestamp_client(channel_t *chan);
 
 const char * channel_listener_describe_transport(channel_listener_t *chan_l);
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 4f87eb5..ed56e1a 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1384,7 +1384,8 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
         tor_assert(tor_digest_is_zero(
                   (const char*)(chan->conn->handshake_state->
                       authenticated_peer_id)));
-        channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL);
+        channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
+               chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
 
         connection_or_init_conn_from_address(chan->conn,
                   &(chan->conn->base_.addr),
@@ -1638,7 +1639,8 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
         ERR("Internal error: Couldn't get RSA key from ID cert.");
       memcpy(chan->conn->handshake_state->authenticated_peer_id,
              id_digests->d[DIGEST_SHA1], DIGEST_LEN);
-      channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd);
+      channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
+                chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
       crypto_pk_free(identity_rcvd);
     }
 
@@ -1922,7 +1924,8 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
     memcpy(chan->conn->handshake_state->authenticated_peer_id,
            id_digests->d[DIGEST_SHA1], DIGEST_LEN);
 
-    channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd);
+    channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
+               chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
     crypto_pk_free(identity_rcvd);
 
     connection_or_init_conn_from_address(chan->conn,
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 0775eb5..63bdd9a 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1554,7 +1554,8 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
   }
 
   tor_assert(conn->chan);
-  channel_set_circid_type(TLS_CHAN_TO_BASE(conn->chan), identity_rcvd);
+  channel_set_circid_type(TLS_CHAN_TO_BASE(conn->chan), identity_rcvd, 1);
+
   crypto_pk_free(identity_rcvd);
 
   if (started_here)





More information about the tor-commits mailing list