summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2012-11-06 21:33:53 -0500
committerNick Mathewson <nickm@torproject.org>2012-11-06 21:33:53 -0500
commit8e8c0674c4729a6aa39ded658e800baa654fe289 (patch)
tree5c32d38030f3a1e87e10bcb18908c85015afd984
parent1c0e87f6d8c7a0abdadf1b5cd9082c10abc7f4e2 (diff)
downloadtor-8e8c0674c4729a6aa39ded658e800baa654fe289.tar.gz
tor-8e8c0674c4729a6aa39ded658e800baa654fe289.zip
Implement proposal-214 rules for CircID checking.
-rw-r--r--src/or/channel.c14
-rw-r--r--src/or/channel.h3
-rw-r--r--src/or/channeltls.c9
-rw-r--r--src/or/connection_or.c3
4 files changed, 22 insertions, 7 deletions
diff --git a/src/or/channel.c b/src/or/channel.c
index cbf7f99be1..9b353a102c 100644
--- a/src/or/channel.c
+++ b/src/or/channel.c
@@ -4043,9 +4043,10 @@ channel_num_circuits(channel_t *chan)
* This is called when setting up a channel and replaces the old
* connection_or_set_circid_type()
*/
-
void
-channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd)
+channel_set_circid_type(channel_t *chan,
+ crypto_pk_t *identity_rcvd,
+ int consider_identity)
{
int started_here;
crypto_pk_t *our_identity;
@@ -4053,6 +4054,15 @@ channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd)
tor_assert(chan);
started_here = channel_is_outgoing(chan);
+
+ if (! consider_identity) {
+ if (started_here)
+ chan->circ_id_type = CIRC_ID_TYPE_HIGHER;
+ else
+ chan->circ_id_type = CIRC_ID_TYPE_LOWER;
+ return;
+ }
+
our_identity = started_here ?
get_tlsclient_identity_key() : get_server_identity_key();
diff --git a/src/or/channel.h b/src/or/channel.h
index 3cfc8b183c..a21271ca1e 100644
--- a/src/or/channel.h
+++ b/src/or/channel.h
@@ -449,7 +449,8 @@ int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info);
int channel_matches_target_addr_for_extend(channel_t *chan,
const tor_addr_t *target);
unsigned int channel_num_circuits(channel_t *chan);
-void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd);
+void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd,
+ int consider_identity);
void channel_timestamp_client(channel_t *chan);
const char * channel_listener_describe_transport(channel_listener_t *chan_l);
diff --git a/src/or/channeltls.c b/src/or/channeltls.c
index 4f87eb5671..ed56e1ad19 100644
--- a/src/or/channeltls.c
+++ b/src/or/channeltls.c
@@ -1384,7 +1384,8 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
tor_assert(tor_digest_is_zero(
(const char*)(chan->conn->handshake_state->
authenticated_peer_id)));
- channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL);
+ channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
+ chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
connection_or_init_conn_from_address(chan->conn,
&(chan->conn->base_.addr),
@@ -1638,7 +1639,8 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
ERR("Internal error: Couldn't get RSA key from ID cert.");
memcpy(chan->conn->handshake_state->authenticated_peer_id,
id_digests->d[DIGEST_SHA1], DIGEST_LEN);
- channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd);
+ channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
+ chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
crypto_pk_free(identity_rcvd);
}
@@ -1922,7 +1924,8 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
memcpy(chan->conn->handshake_state->authenticated_peer_id,
id_digests->d[DIGEST_SHA1], DIGEST_LEN);
- channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd);
+ channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
+ chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
crypto_pk_free(identity_rcvd);
connection_or_init_conn_from_address(chan->conn,
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 0775eb5c40..63bdd9a5e9 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1554,7 +1554,8 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
}
tor_assert(conn->chan);
- channel_set_circid_type(TLS_CHAN_TO_BASE(conn->chan), identity_rcvd);
+ channel_set_circid_type(TLS_CHAN_TO_BASE(conn->chan), identity_rcvd, 1);
+
crypto_pk_free(identity_rcvd);
if (started_here)