prop224: Helper function to assert on invalid client intro circuit

Put all the possible assert() we can do on a client introduction circuit in
one helper function to make sure it is valid and usable.

It is disabled for now so gcc doesn't complain that we have a unused function.

Signed-off-by: David Goulet <dgoulet@torproject.org>

6 files changed, 42 insertions, 2 deletions

diff --git a/src/or/hs_client.c b/src/or/hs_client.c
index 8cf98a6b90..514ecf99ba 100644
--- a/src/or/hs_client.c
+++ b/src/or/hs_client.c
@@ -140,6 +140,20 @@ fetch_v3_desc(const ed25519_public_key_t *onion_identity_pk)
   return directory_launch_v3_desc_fetch(onion_identity_pk, hsdir_rs);
 }
 
+#if 0
+/* Make sure that the given origin circuit circ is a valid correct
+ * introduction circuit. This asserts on validation failure. */
+static void
+assert_intro_circ(const origin_circuit_t *circ)
+{
+  tor_assert(circ);
+  tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
+  tor_assert(circ->hs_ident);
+  tor_assert(hs_ident_intro_circ_is_valid(circ->hs_ident));
+  assert_circ_anonymity_ok(circ, get_options());
+}
+#endif
+
 /** A circuit just finished connecting to a hidden service that the stream
  *  <b>conn</b> has been waiting for. Let the HS subsystem know about this. */
 void
diff --git a/src/or/hs_common.c b/src/or/hs_common.c
index bc44265d53..e0c7dca4bc 100644
--- a/src/or/hs_common.c
+++ b/src/or/hs_common.c
@@ -18,6 +18,7 @@
 #include "nodelist.h"
 #include "hs_cache.h"
 #include "hs_common.h"
+#include "hs_ident.h"
 #include "hs_service.h"
 #include "rendcommon.h"
 #include "rendservice.h"
diff --git a/src/or/hs_ident.c b/src/or/hs_ident.c
index e69350d82e..df39285158 100644
--- a/src/or/hs_ident.c
+++ b/src/or/hs_ident.c
@@ -86,3 +86,25 @@ hs_ident_edge_conn_free(hs_ident_edge_conn_t *ident)
   tor_free(ident);
 }
 
+/* Return true if the given ident is valid for an introduction circuit. */
+int
+hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident)
+{
+  if (ident == NULL) {
+    goto invalid;
+  }
+
+  if (ed25519_public_key_is_zero(&ident->identity_pk)) {
+    goto invalid;
+  }
+
+  if (ed25519_public_key_is_zero(&ident->intro_auth_pk)) {
+    goto invalid;
+  }
+
+  /* Valid. */
+  return 1;
+ invalid:
+  return 0;
+}
+
diff --git a/src/or/hs_ident.h b/src/or/hs_ident.h
index e259fde54d..cfcde781d1 100644
--- a/src/or/hs_ident.h
+++ b/src/or/hs_ident.h
@@ -126,5 +126,8 @@ hs_ident_edge_conn_t *hs_ident_edge_conn_new(
                                     const ed25519_public_key_t *identity_pk);
 void hs_ident_edge_conn_free(hs_ident_edge_conn_t *ident);
 
+/* Validators */
+int hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident);
+
 #endif /* TOR_HS_IDENT_H */
 
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index 8829ede960..a6b59881ad 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -990,7 +990,7 @@ rend_non_anonymous_mode_enabled(const or_options_t *options)
  * service.
  */
 void
-assert_circ_anonymity_ok(origin_circuit_t *circ,
+assert_circ_anonymity_ok(const origin_circuit_t *circ,
                          const or_options_t *options)
 {
   tor_assert(options);
diff --git a/src/or/rendcommon.h b/src/or/rendcommon.h
index f03a57f2e1..af8dd60099 100644
--- a/src/or/rendcommon.h
+++ b/src/or/rendcommon.h
@@ -60,7 +60,7 @@ int rend_auth_decode_cookie(const char *cookie_in,
 int rend_allow_non_anonymous_connection(const or_options_t* options);
 int rend_non_anonymous_mode_enabled(const or_options_t *options);
 
-void assert_circ_anonymity_ok(origin_circuit_t *circ,
+void assert_circ_anonymity_ok(const origin_circuit_t *circ,
                               const or_options_t *options);
 
 #ifdef RENDCOMMON_PRIVATE