[tor-commits] [tor/master] Add a bunch of work-in-progress comments for 15056 planning
nickm at torproject.org
nickm at torproject.org
Thu Dec 8 21:53:43 UTC 2016
commit bfff729728e04d404533be7b86426833ca8d4a32
Author: Nick Mathewson <nickm at torproject.org>
Date: Sun Sep 18 20:21:08 2016 -0400
Add a bunch of work-in-progress comments for 15056 planning
---
src/or/channel.h | 22 ++++++++++++++++------
src/or/channeltls.c | 3 ++-
src/or/circuitbuild.c | 4 ++++
src/or/connection_or.c | 16 +++++++++++-----
4 files changed, 33 insertions(+), 12 deletions(-)
diff --git a/src/or/channel.h b/src/or/channel.h
index 2747e52..39a4d05 100644
--- a/src/or/channel.h
+++ b/src/or/channel.h
@@ -153,13 +153,23 @@ struct channel_s {
int (*write_var_cell)(channel_t *, var_cell_t *);
/**
- * Hash of the public RSA key for the other side's RSA identity key, or
- * zeroes if the other side hasn't shown us a valid RSA identity key.
+ * Hash of the public RSA key for the other side's RSA identity key -- or
+ * zeroes if we don't have an RSA identity in mind for the other side, and
+ * it hasn't shown us one.
+ *
+ * Note that this is the RSA identity that we hope the other side has -- not
+ * necessarily its true identity. Don't believe this identity unless
+ * authentication has happened.
*/
char identity_digest[DIGEST_LEN];
/**
- * The Ed25519 public identity key for the other side, or zeros if the other
- * size hasn't shown us a valid Ed25519 identity key
+ * Ed25519 key for the other side of this channel -- or zeroes if we don't
+ * have an Ed25519 identity in mind for the other side, and it hasn't shown
+ * us one.
+ *
+ * Note that this is the identity that we hope the other side has -- not
+ * necessarily its true identity. Don't believe this identity unless
+ * authentication has happened.
*/
ed25519_public_key_t ed25519_identity;
@@ -167,8 +177,8 @@ struct channel_s {
char *nickname;
/**
- * Linked list of channels with the same identity digest, for the
- * digest->channel map
+ * Linked list of channels with the same RSA identity digest, for use with
+ * the digest->channel map
*/
TOR_LIST_ENTRY(channel_s) next_with_same_id;
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 8384576..fafa08c 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1651,9 +1651,10 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
connection_or_init_conn_from_address(chan->conn,
&(chan->conn->base_.addr),
chan->conn->base_.port,
+ /* zero, checked above */
(const char*)(chan->conn->handshake_state->
authenticated_rsa_peer_id),
- NULL, // XXXX Ed key
+ NULL, /* Ed25519 ID: Also checked as zero */
0);
}
}
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 9a3af40..887b8ec 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1185,6 +1185,10 @@ circuit_extend(cell_t *cell, circuit_t *circ)
"Client asked me to extend back to the previous hop.");
return -1;
}
+ // XXX 15056 check prev-hop Ed ID too
+
+ // XXX 15056 Fill in ed_pubkey if it was not provided and we can infer
+ // XXX 15056 it from the networkstatus.
n_chan = channel_get_for_extend((const char*)ec.node_id,
&ec.ed_pubkey,
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index e83dca2..d0cd9c0 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -80,7 +80,7 @@ static void connection_or_change_state(or_connection_t *conn, uint8_t state);
/** Map from identity digest of connected OR or desired OR to a connection_t
* with that identity digest. If there is more than one such connection_t,
* they form a linked list, with next_with_same_id as the next pointer. */
-static digestmap_t *orconn_identity_map = NULL;
+static digestmap_t *orconn_identity_map = NULL; // XXXX 15056 disused.
/** Global map between Extended ORPort identifiers and OR
* connections. */
@@ -883,7 +883,7 @@ connection_or_init_conn_from_address(or_connection_t *conn,
const ed25519_public_key_t *ed_id,
int started_here)
{
- (void) ed_id; // not fully used yet.
+ (void) ed_id; // not fully used yet. 15056
const node_t *r = node_get_by_id(id_digest);
connection_or_set_identity_digest(conn, id_digest, ed_id);
connection_or_update_token_buckets_helper(conn, 1, get_options());
@@ -981,6 +981,9 @@ connection_or_mark_bad_for_new_circs(or_connection_t *or_conn)
static void
connection_or_group_set_badness(or_connection_t *head, int force)
{
+ // XXXX 15056 we should make this about channels instead, so we
+ // can finally remove orconn_identity_map.
+
or_connection_t *or_conn = NULL, *best = NULL;
int n_old = 0, n_inprogress = 0, n_canonical = 0, n_other = 0;
time_t now = time(NULL);
@@ -1109,6 +1112,9 @@ connection_or_set_bad_connections(const char *digest, int force)
if (!orconn_identity_map)
return;
+ // XXXX This is just about the only remaining user of orconn_identity_map!
+ // XXXX If we kill it, we can yoink out the map. 15056.
+
DIGESTMAP_FOREACH(orconn_identity_map, identity, or_connection_t *, conn) {
if (!digest || tor_memeq(digest, conn->identity_digest, DIGEST_LEN))
connection_or_group_set_badness(conn, force);
@@ -1573,7 +1579,7 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
if (started_here)
return connection_or_client_learned_peer_id(conn,
(const uint8_t*)digest_rcvd_out,
- NULL // Ed25519 ID
+ NULL // Ed25519 ID 15056
);
return 0;
@@ -1607,7 +1613,7 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
const uint8_t *rsa_peer_id,
const ed25519_public_key_t *ed_peer_id)
{
- (void) ed_peer_id; // not used yet.
+ (void) ed_peer_id; // not used yet. 15056
const or_options_t *options = get_options();
@@ -1685,7 +1691,7 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
}
if (authdir_mode_tests_reachability(options)) {
dirserv_orconn_tls_done(&conn->base_.addr, conn->base_.port,
- (const char*)rsa_peer_id /*, ed_id XXXX */);
+ (const char*)rsa_peer_id /*, ed_id XXXX 15056 */);
}
return 0;
More information about the tor-commits
mailing list