[tor-commits] [tor/master] Propagate Ed25519 identities downwards into more functions.
nickm at torproject.org
nickm at torproject.org
Thu Dec 8 21:53:43 UTC 2016
commit 6788418f28930467121537f31c4b43f981ae6ca8
Author: Nick Mathewson <nickm at torproject.org>
Date: Sat Sep 24 11:25:48 2016 -0700
Propagate Ed25519 identities downwards into more functions.
Actually set ed25519 identities on channels when we set a channel's
identity.
---
src/or/channel.c | 6 +++++-
src/or/channel.h | 3 ++-
src/or/connection_or.c | 28 +++++++++++++++++-----------
src/or/dirserv.c | 4 +++-
src/or/dirserv.h | 3 ++-
src/or/entrynodes.c | 24 +++++++++++++++++++++---
src/or/entrynodes.h | 3 ++-
7 files changed, 52 insertions(+), 19 deletions(-)
diff --git a/src/or/channel.c b/src/or/channel.c
index 4712891..e9bda24 100644
--- a/src/or/channel.c
+++ b/src/or/channel.c
@@ -1471,7 +1471,8 @@ channel_clear_identity_digest(channel_t *chan)
void
channel_set_identity_digest(channel_t *chan,
- const char *identity_digest)
+ const char *identity_digest,
+ const ed25519_public_key_t *ed_identity)
{
int was_in_digest_map, should_be_in_digest_map, state_not_in_map;
@@ -1510,6 +1511,9 @@ channel_set_identity_digest(channel_t *chan,
memset(chan->identity_digest, 0,
sizeof(chan->identity_digest));
}
+ if (ed_identity) {
+ memcpy(&chan->ed25519_identity, ed_identity, sizeof(*ed_identity));
+ }
/* Put it in the digest map if we should */
if (should_be_in_digest_map)
diff --git a/src/or/channel.h b/src/or/channel.h
index 3f0bb37..26aa93b 100644
--- a/src/or/channel.h
+++ b/src/or/channel.h
@@ -443,7 +443,8 @@ void channel_mark_incoming(channel_t *chan);
void channel_mark_outgoing(channel_t *chan);
void channel_mark_remote(channel_t *chan);
void channel_set_identity_digest(channel_t *chan,
- const char *identity_digest);
+ const char *identity_digest,
+ const ed25519_public_key_t *ed_identity);
void channel_set_remote_end(channel_t *chan,
const char *identity_digest,
const char *nickname);
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 4449d3f..a22c4ad 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -111,7 +111,6 @@ connection_or_set_identity_digest(or_connection_t *conn,
const char *rsa_digest,
const ed25519_public_key_t *ed_id)
{
- (void) ed_id; // DOCDOC // XXXX not implemented yet. 15056
tor_assert(conn);
tor_assert(rsa_digest);
@@ -133,7 +132,8 @@ connection_or_set_identity_digest(or_connection_t *conn,
/* Deal with channels */
if (conn->chan)
- channel_set_identity_digest(TLS_CHAN_TO_BASE(conn->chan), rsa_digest);
+ channel_set_identity_digest(TLS_CHAN_TO_BASE(conn->chan),
+ rsa_digest, ed_id);
}
/** Remove the Extended ORPort identifier of <b>conn</b> from the
@@ -831,7 +831,6 @@ connection_or_init_conn_from_address(or_connection_t *conn,
const ed25519_public_key_t *ed_id,
int started_here)
{
- (void) ed_id; // not fully used yet. 15056
const node_t *r = node_get_by_id(id_digest);
connection_or_set_identity_digest(conn, id_digest, ed_id);
connection_or_update_token_buckets_helper(conn, 1, get_options());
@@ -1116,7 +1115,6 @@ connection_or_connect, (const tor_addr_t *_addr, uint16_t port,
const ed25519_public_key_t *ed_id,
channel_tls_t *chan))
{
- (void) ed_id; // XXXX not fully used yet. 15056
or_connection_t *conn;
const or_options_t *options = get_options();
int socket_error = 0;
@@ -1135,6 +1133,11 @@ connection_or_connect, (const tor_addr_t *_addr, uint16_t port,
log_info(LD_PROTOCOL,"Client asked me to connect to myself. Refusing.");
return NULL;
}
+ if (server_mode(options) && router_ed25519_id_is_me(ed_id)) {
+ log_info(LD_PROTOCOL,"Client asked me to connect to myself by Ed25519 "
+ "identity. Refusing.");
+ return NULL;
+ }
conn = or_connection_new(CONN_TYPE_OR, tor_addr_family(&addr));
@@ -1504,11 +1507,13 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
crypto_pk_free(identity_rcvd);
- if (started_here)
+ if (started_here) {
+ /* A TLS handshake can't teach us an Ed25519 ID, so we set it to NULL
+ * here. */
return connection_or_client_learned_peer_id(conn,
(const uint8_t*)digest_rcvd_out,
- NULL // Ed25519 ID 15056
- );
+ NULL);
+ }
return 0;
}
@@ -1541,8 +1546,6 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
const uint8_t *rsa_peer_id,
const ed25519_public_key_t *ed_peer_id)
{
- (void) ed_peer_id; // not used yet. 15056
-
const or_options_t *options = get_options();
if (tor_digest_is_zero(conn->identity_digest)) {
@@ -1559,7 +1562,7 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
/* if it's a bridge and we didn't know its identity fingerprint, now
* we do -- remember it for future attempts. */
learned_router_identity(&conn->base_.addr, conn->base_.port,
- (const char*)rsa_peer_id /*, ed_peer_id XXXX */);
+ (const char*)rsa_peer_id, ed_peer_id);
}
if (tor_memneq(rsa_peer_id, conn->identity_digest, DIGEST_LEN)) {
@@ -1617,9 +1620,12 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
conn);
return -1;
}
+
+ /* XXXX 15056 -- use the Ed25519 key */
+
if (authdir_mode_tests_reachability(options)) {
dirserv_orconn_tls_done(&conn->base_.addr, conn->base_.port,
- (const char*)rsa_peer_id /*, ed_id XXXX 15056 */);
+ (const char*)rsa_peer_id, ed_peer_id);
}
return 0;
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index c797c9a..54b434d 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -3170,8 +3170,10 @@ dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
void
dirserv_orconn_tls_done(const tor_addr_t *addr,
uint16_t or_port,
- const char *digest_rcvd)
+ const char *digest_rcvd,
+ const ed25519_public_key_t *ed_id_rcvd)
{
+ (void)ed_id_rcvd; // XXXX 15056 use this.
node_t *node = NULL;
tor_addr_port_t orport;
routerinfo_t *ri = NULL;
diff --git a/src/or/dirserv.h b/src/or/dirserv.h
index 1e4f27e..e83da5e 100644
--- a/src/or/dirserv.h
+++ b/src/or/dirserv.h
@@ -73,7 +73,8 @@ int dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
const char **msg);
void dirserv_orconn_tls_done(const tor_addr_t *addr,
uint16_t or_port,
- const char *digest_rcvd);
+ const char *digest_rcvd,
+ const ed25519_public_key_t *ed_id_rcvd);
int dirserv_should_launch_reachability_test(const routerinfo_t *ri,
const routerinfo_t *ri_old);
void dirserv_single_reachability_test(time_t now, routerinfo_t *router);
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index c8215d3..af1b1a3 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -2108,18 +2108,34 @@ node_is_a_configured_bridge(const node_t *node)
*/
void
learned_router_identity(const tor_addr_t *addr, uint16_t port,
- const char *digest)
+ const char *digest,
+ const ed25519_public_key_t *ed_id)
{
+ // XXXX prop220 use ed_id here, once there is some way to specify
+ (void)ed_id;
+ int learned = 0;
bridge_info_t *bridge =
get_configured_bridge_by_addr_port_digest(addr, port, digest);
if (bridge && tor_digest_is_zero(bridge->identity)) {
+ memcpy(bridge->identity, digest, DIGEST_LEN);
+ learned = 1;
+ }
+ /* XXXX prop220 remember bridge ed25519 identities -- add a field */
+#if 0
+ if (bridge && ed_id &&
+ ed25519_public_key_is_zero(&bridge->ed25519_identity) &&
+ !ed25519_public_key_is_zero(ed_id)) {
+ memcpy(&bridge->ed25519_identity, ed_id, sizeof(*ed_id));
+ learned = 1;
+ }
+#endif
+ if (learned) {
char *transport_info = NULL;
const char *transport_name =
find_transport_name_by_bridge_addrport(addr, port);
if (transport_name)
tor_asprintf(&transport_info, " (with transport '%s')", transport_name);
-
- memcpy(bridge->identity, digest, DIGEST_LEN);
+ // XXXX prop220 log both fingerprints.
log_notice(LD_DIR, "Learned fingerprint %s for bridge %s%s.",
hex_str(digest, DIGEST_LEN), fmt_addrport(addr, port),
transport_info ? transport_info : "");
@@ -2216,6 +2232,8 @@ bridge_add_from_config(bridge_line_t *bridge_line)
{
bridge_info_t *b;
+ // XXXX prop220 add a way to specify ed25519 ID to bridge_line_t.
+
{ /* Log the bridge we are about to register: */
log_debug(LD_GENERAL, "Registering bridge at %s (transport: %s) (%s)",
fmt_addrport(&bridge_line->addr, bridge_line->port),
diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index 00f9691..f8aaedf 100644
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -167,7 +167,8 @@ int extend_info_is_a_configured_bridge(const extend_info_t *ei);
int routerinfo_is_a_configured_bridge(const routerinfo_t *ri);
int node_is_a_configured_bridge(const node_t *node);
void learned_router_identity(const tor_addr_t *addr, uint16_t port,
- const char *digest);
+ const char *digest,
+ const ed25519_public_key_t *ed_id);
struct bridge_line_t;
void bridge_add_from_config(struct bridge_line_t *bridge_line);
void retry_bridge_descriptor_fetch_directly(const char *digest);
More information about the tor-commits
mailing list