[tor-commits] [tor/master] Also, include ed25519 identities in connection_describe().

dgoulet at torproject.org dgoulet at torproject.org
Tue Oct 27 13:44:51 UTC 2020 

commit 47d6eef1901c82823362e097156693685c4eb4a8
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Oct 15 10:53:45 2020 -0400

    Also, include ed25519 identities in connection_describe().
    
    Related to #22668.
---
 src/core/mainloop/connection.c | 15 ++++++++++++---
 src/core/or/connection_or.c    | 20 ++++++++++++++++++++
 src/core/or/connection_or.h    |  2 ++
 src/test/test_connection.c     |  6 +++---
 4 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c
index c043b1ccec..7a17d7ff9d 100644
--- a/src/core/mainloop/connection.c
+++ b/src/core/mainloop/connection.c
@@ -110,6 +110,7 @@
 #include "feature/stats/rephist.h"
 #include "feature/stats/bwhist.h"
 #include "lib/crypt_ops/crypto_util.h"
+#include "lib/crypt_ops/crypto_format.h"
 #include "lib/geoip/geoip.h"
 
 #include "lib/cc/ctassert.h"
@@ -440,11 +441,19 @@ connection_describe_peer_internal(const connection_t *conn,
       // This could be a client, so scrub it.  No identity to report.
       scrub = true;
     } else {
-      char id_buf[HEX_DIGEST_LEN+1];
-      base16_encode(id_buf, sizeof(id_buf),
+      const ed25519_public_key_t *ed_id =
+        connection_or_get_alleged_ed25519_id(or_conn);
+      char ed_id_buf[ED25519_BASE64_LEN+1];
+      char rsa_id_buf[HEX_DIGEST_LEN+1];
+      if (ed_id) {
+        ed25519_public_to_base64(ed_id_buf, ed_id);
+      } else {
+        strlcpy(ed_id_buf, "<none>", sizeof(ed_id_buf));
+      }
+      base16_encode(rsa_id_buf, sizeof(rsa_id_buf),
                     or_conn->identity_digest, DIGEST_LEN);
       tor_snprintf(extra_buf, sizeof(extra_buf),
-                   " ID=%s", id_buf);
+                   " ID=%s RSA_ID=%s", ed_id_buf, rsa_id_buf);
     }
     if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) ||
                     conn->port != or_conn->canonical_orport.port)) {
diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c
index 0795521be0..bf29cd2c3a 100644
--- a/src/core/or/connection_or.c
+++ b/src/core/or/connection_or.c
@@ -207,6 +207,26 @@ connection_or_set_identity_digest(or_connection_t *conn,
     channel_set_identity_digest(chan, rsa_digest, ed_id);
 }
 
+/**
+ * Return the Ed25519 identity of the peer for this connection (if any).
+ *
+ * Note that this ID may not be the _actual_ identity for the peer if
+ * authentication is not complete.
+ **/
+const struct ed25519_public_key_t *
+connection_or_get_alleged_ed25519_id(const or_connection_t *conn)
+{
+  if (conn && conn->chan) {
+    const channel_t *chan = NULL;
+    chan = TLS_CHAN_TO_BASE(conn->chan);
+    if (!ed25519_public_key_is_zero(&chan->ed25519_identity)) {
+      return &chan->ed25519_identity;
+    }
+  }
+
+  return NULL;
+}
+
 /**************************************************************/
 
 /** Map from a string describing what a non-open OR connection was doing when
diff --git a/src/core/or/connection_or.h b/src/core/or/connection_or.h
index fe81b5c5e1..b6aaa44df2 100644
--- a/src/core/or/connection_or.h
+++ b/src/core/or/connection_or.h
@@ -73,6 +73,8 @@ void connection_or_init_conn_from_address(or_connection_t *conn,
 int connection_or_client_learned_peer_id(or_connection_t *conn,
                               const uint8_t *rsa_peer_id,
                               const struct ed25519_public_key_t *ed_peer_id);
+const struct ed25519_public_key_t *connection_or_get_alleged_ed25519_id(
+                              const or_connection_t *conn);
 time_t connection_or_client_used(or_connection_t *conn);
 MOCK_DECL(int, connection_or_get_num_circuits, (or_connection_t *conn));
 void or_handshake_state_free_(or_handshake_state_t *state);
diff --git a/src/test/test_connection.c b/src/test/test_connection.c
index 178a37adf6..cf5626ead7 100644
--- a/src/test/test_connection.c
+++ b/src/test/test_connection.c
@@ -1049,20 +1049,20 @@ test_conn_describe(void *arg)
   options->SafeLogging_ = SAFELOG_SCRUB_RELAY; // back to safelogging.
   tt_str_op(connection_describe(conn), OP_EQ,
             "OR connection (open) with [ffff:3333:1111::2]:8080 "
-            "ID=0000000700000000000000000000000000000000");
+            "ID=<none> RSA_ID=0000000700000000000000000000000000000000");
   // Add a 'canonical address' that is the same as the one we have.
   tor_addr_parse(&TO_OR_CONN(conn)->canonical_orport.addr,
                  "[ffff:3333:1111::2]");
   TO_OR_CONN(conn)->canonical_orport.port = 8080;
   tt_str_op(connection_describe(conn), OP_EQ,
             "OR connection (open) with [ffff:3333:1111::2]:8080 "
-            "ID=0000000700000000000000000000000000000000");
+            "ID=<none> RSA_ID=0000000700000000000000000000000000000000");
   // Add a different 'canonical address'
   tor_addr_parse(&TO_OR_CONN(conn)->canonical_orport.addr,
                  "[ffff:3333:1111::8]");
   tt_str_op(connection_describe(conn), OP_EQ,
             "OR connection (open) with [ffff:3333:1111::2]:8080 "
-            "ID=0000000700000000000000000000000000000000 "
+            "ID=<none> RSA_ID=0000000700000000000000000000000000000000 "
             "canonical_addr=[ffff:3333:1111::8]:8080");
 
   // Clear identity_digest so that free_minimal won't complain.

More information about the tor-commits mailing list