diff options
| author | Nick Mathewson <nickm@torproject.org> | 2016-12-08 16:49:24 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-12-08 16:49:24 -0500 |
| commit | e93234af70da5cf3d513e57b12e4934b1c4d9529 (patch) | |
| tree | e8c72b7f9a1cbbedd154444bdb23b54c051c48ea /src/or/dirserv.c | |
| parent | e33c85a450c4819cdad30acfc280aece7c521d6e (diff) | |
| parent | 236e8b605e6aebf87787951ca05f5c75ad530c8a (diff) | |
| download | tor-e93234af70da5cf3d513e57b12e4934b1c4d9529.tar.gz tor-e93234af70da5cf3d513e57b12e4934b1c4d9529.zip | |
Merge branch 'feature15056_v1_squashed'
Diffstat (limited to 'src/or/dirserv.c')
| -rw-r--r-- | src/or/dirserv.c | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/src/or/dirserv.c b/src/or/dirserv.c index e2a6943708..399d5ea955 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -3176,7 +3176,8 @@ dirserv_get_routerdescs(smartlist_t *descs_out, const char *key, void dirserv_orconn_tls_done(const tor_addr_t *addr, uint16_t or_port, - const char *digest_rcvd) + const char *digest_rcvd, + const ed25519_public_key_t *ed_id_rcvd) { node_t *node = NULL; tor_addr_port_t orport; @@ -3188,8 +3189,25 @@ dirserv_orconn_tls_done(const tor_addr_t *addr, node = node_get_mutable_by_id(digest_rcvd); if (node == NULL || node->ri == NULL) return; + ri = node->ri; + if (get_options()->AuthDirTestEd25519LinkKeys && + ri->cache_info.signing_key_cert) { + /* We allow the node to have an ed25519 key if we haven't been told one in + * the routerinfo, but if we *HAVE* been told one in the routerinfo, it + * needs to match. */ + const ed25519_public_key_t *expected_id = + &ri->cache_info.signing_key_cert->signing_key; + tor_assert(!ed25519_public_key_is_zero(expected_id)); + if (! ed_id_rcvd || ! ed25519_pubkey_eq(ed_id_rcvd, expected_id)) { + log_info(LD_DIRSERV, "Router at %s:%d with RSA ID %s " + "did not present expected Ed25519 ID.", + fmt_addr(addr), or_port, hex_str(digest_rcvd, DIGEST_LEN)); + return; /* Don't mark it as reachable. */ + } + } + tor_addr_copy(&orport.addr, addr); orport.port = or_port; if (router_has_orport(ri, &orport)) { @@ -3245,23 +3263,31 @@ dirserv_should_launch_reachability_test(const routerinfo_t *ri, void dirserv_single_reachability_test(time_t now, routerinfo_t *router) { + const or_options_t *options = get_options(); channel_t *chan = NULL; node_t *node = NULL; tor_addr_t router_addr; + const ed25519_public_key_t *ed_id_key; (void) now; tor_assert(router); node = node_get_mutable_by_id(router->cache_info.identity_digest); tor_assert(node); + if (options->AuthDirTestEd25519LinkKeys && + node_supports_ed25519_link_authentication(node)) { + ed_id_key = &router->cache_info.signing_key_cert->signing_key; + } else { + ed_id_key = NULL; + } + /* IPv4. */ log_debug(LD_OR,"Testing reachability of %s at %s:%u.", router->nickname, fmt_addr32(router->addr), router->or_port); tor_addr_from_ipv4h(&router_addr, router->addr); chan = channel_tls_connect(&router_addr, router->or_port, router->cache_info.identity_digest, - NULL // XXXX Ed25519 ID. - ); + ed_id_key); if (chan) command_setup_channel(chan); /* Possible IPv6. */ @@ -3274,8 +3300,7 @@ dirserv_single_reachability_test(time_t now, routerinfo_t *router) router->ipv6_orport); chan = channel_tls_connect(&router->ipv6_addr, router->ipv6_orport, router->cache_info.identity_digest, - NULL // XXXX Ed25519 ID. - ); + ed_id_key); if (chan) command_setup_channel(chan); } } |