[tor-commits] [tor/master] Drop support for AUTHTYPE_RSA_SHA256_RFC5705 authentication.

nickm at torproject.org nickm at torproject.org
Thu Nov 3 13:18:59 UTC 2016


commit 805e97a4336f07e366937f7ce4da0733fa4884c1
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sun Sep 11 17:01:38 2016 -0400

    Drop support for AUTHTYPE_RSA_SHA256_RFC5705 authentication.
    
    This was a stopgap method, designed on the theory that some routers
    might support it before they could support Ed25519.  But it looks
    like everybody who supports RFC5705 will also have an Ed25519 key,
    so there's not a lot of reason to have this even supported.
---
 src/or/connection_or.c         | 6 ++++--
 src/test/test_link_handshake.c | 8 ++++----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 112a2c8..428c016 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -2278,9 +2278,9 @@ authchallenge_type_is_supported(uint16_t challenge_type)
 {
   switch (challenge_type) {
      case AUTHTYPE_RSA_SHA256_TLSSECRET:
-     case AUTHTYPE_RSA_SHA256_RFC5705:
      case AUTHTYPE_ED25519_SHA256_RFC5705:
        return 1;
+     case AUTHTYPE_RSA_SHA256_RFC5705:
      default:
        return 0;
   }
@@ -2321,7 +2321,9 @@ connection_or_send_auth_challenge_cell(or_connection_t *conn)
   crypto_rand((char*)ac->challenge, sizeof(ac->challenge));
 
   auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_TLSSECRET);
-  auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_RFC5705);
+  /* Disabled, because everything that supports this method also supports
+   * the much-superior ED25519_SHA256_RFC5705 */
+  /* auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_RFC5705); */
   auth_challenge_cell_add_methods(ac, AUTHTYPE_ED25519_SHA256_RFC5705);
   auth_challenge_cell_set_n_methods(ac,
                                     auth_challenge_cell_getlen_methods(ac));
diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c
index ba1c9b0..bf5ff67 100644
--- a/src/test/test_link_handshake.c
+++ b/src/test/test_link_handshake.c
@@ -890,15 +890,15 @@ test_link_handshake_send_authchallenge(void *arg)
   cell1 = mock_got_var_cell;
   tt_int_op(0, ==, connection_or_send_auth_challenge_cell(c1));
   cell2 = mock_got_var_cell;
-  tt_int_op(40, ==, cell1->payload_len);
-  tt_int_op(40, ==, cell2->payload_len);
+  tt_int_op(38, ==, cell1->payload_len);
+  tt_int_op(38, ==, cell2->payload_len);
   tt_int_op(0, ==, cell1->circ_id);
   tt_int_op(0, ==, cell2->circ_id);
   tt_int_op(CELL_AUTH_CHALLENGE, ==, cell1->command);
   tt_int_op(CELL_AUTH_CHALLENGE, ==, cell2->command);
 
-  tt_mem_op("\x00\x03\x00\x01\x00\x02\x00\x03", ==, cell1->payload + 32, 8);
-  tt_mem_op("\x00\x03\x00\x01\x00\x02\x00\x03", ==, cell2->payload + 32, 8);
+  tt_mem_op("\x00\x02\x00\x01\x00\x03", ==, cell1->payload + 32, 6);
+  tt_mem_op("\x00\x02\x00\x01\x00\x03", ==, cell2->payload + 32, 6);
   tt_mem_op(cell1->payload, !=, cell2->payload, 32);
 
  done:





More information about the tor-commits mailing list