summaryrefslogtreecommitdiff
path: root/src/or/connection_or.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2016-09-24 11:25:48 -0700
committerNick Mathewson <nickm@torproject.org>2016-12-08 16:47:58 -0500
commit6788418f28930467121537f31c4b43f981ae6ca8 (patch)
treea04045202309f715bdd0381ac5201fc9717edd20 /src/or/connection_or.c
parentaf3af494083f041c3ce9f722e4989ecd4b4e6304 (diff)
downloadtor-6788418f28930467121537f31c4b43f981ae6ca8.tar.gz
tor-6788418f28930467121537f31c4b43f981ae6ca8.zip
Propagate Ed25519 identities downwards into more functions.
Actually set ed25519 identities on channels when we set a channel's identity.
Diffstat (limited to 'src/or/connection_or.c')
-rw-r--r--src/or/connection_or.c28
1 files changed, 17 insertions, 11 deletions
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 4449d3f3ae..a22c4ad1ef 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -111,7 +111,6 @@ connection_or_set_identity_digest(or_connection_t *conn,
const char *rsa_digest,
const ed25519_public_key_t *ed_id)
{
- (void) ed_id; // DOCDOC // XXXX not implemented yet. 15056
tor_assert(conn);
tor_assert(rsa_digest);
@@ -133,7 +132,8 @@ connection_or_set_identity_digest(or_connection_t *conn,
/* Deal with channels */
if (conn->chan)
- channel_set_identity_digest(TLS_CHAN_TO_BASE(conn->chan), rsa_digest);
+ channel_set_identity_digest(TLS_CHAN_TO_BASE(conn->chan),
+ rsa_digest, ed_id);
}
/** Remove the Extended ORPort identifier of <b>conn</b> from the
@@ -831,7 +831,6 @@ connection_or_init_conn_from_address(or_connection_t *conn,
const ed25519_public_key_t *ed_id,
int started_here)
{
- (void) ed_id; // not fully used yet. 15056
const node_t *r = node_get_by_id(id_digest);
connection_or_set_identity_digest(conn, id_digest, ed_id);
connection_or_update_token_buckets_helper(conn, 1, get_options());
@@ -1116,7 +1115,6 @@ connection_or_connect, (const tor_addr_t *_addr, uint16_t port,
const ed25519_public_key_t *ed_id,
channel_tls_t *chan))
{
- (void) ed_id; // XXXX not fully used yet. 15056
or_connection_t *conn;
const or_options_t *options = get_options();
int socket_error = 0;
@@ -1135,6 +1133,11 @@ connection_or_connect, (const tor_addr_t *_addr, uint16_t port,
log_info(LD_PROTOCOL,"Client asked me to connect to myself. Refusing.");
return NULL;
}
+ if (server_mode(options) && router_ed25519_id_is_me(ed_id)) {
+ log_info(LD_PROTOCOL,"Client asked me to connect to myself by Ed25519 "
+ "identity. Refusing.");
+ return NULL;
+ }
conn = or_connection_new(CONN_TYPE_OR, tor_addr_family(&addr));
@@ -1504,11 +1507,13 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
crypto_pk_free(identity_rcvd);
- if (started_here)
+ if (started_here) {
+ /* A TLS handshake can't teach us an Ed25519 ID, so we set it to NULL
+ * here. */
return connection_or_client_learned_peer_id(conn,
(const uint8_t*)digest_rcvd_out,
- NULL // Ed25519 ID 15056
- );
+ NULL);
+ }
return 0;
}
@@ -1541,8 +1546,6 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
const uint8_t *rsa_peer_id,
const ed25519_public_key_t *ed_peer_id)
{
- (void) ed_peer_id; // not used yet. 15056
-
const or_options_t *options = get_options();
if (tor_digest_is_zero(conn->identity_digest)) {
@@ -1559,7 +1562,7 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
/* if it's a bridge and we didn't know its identity fingerprint, now
* we do -- remember it for future attempts. */
learned_router_identity(&conn->base_.addr, conn->base_.port,
- (const char*)rsa_peer_id /*, ed_peer_id XXXX */);
+ (const char*)rsa_peer_id, ed_peer_id);
}
if (tor_memneq(rsa_peer_id, conn->identity_digest, DIGEST_LEN)) {
@@ -1617,9 +1620,12 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
conn);
return -1;
}
+
+ /* XXXX 15056 -- use the Ed25519 key */
+
if (authdir_mode_tests_reachability(options)) {
dirserv_orconn_tls_done(&conn->base_.addr, conn->base_.port,
- (const char*)rsa_peer_id /*, ed_id XXXX 15056 */);
+ (const char*)rsa_peer_id, ed_peer_id);
}
return 0;