diff options
author | Nick Mathewson <nickm@torproject.org> | 2017-09-11 10:00:11 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-09-11 10:00:11 -0400 |
commit | 3124c921e7af15548b8b16d5f239bfdcd178b2ca (patch) | |
tree | bc58c6a9f9b761672ce00d5e19bc5fce3bbe02fa /src/or/nodelist.c | |
parent | 362bc880b1c4bbccba8698b872c16fc6a6da168e (diff) | |
download | tor-3124c921e7af15548b8b16d5f239bfdcd178b2ca.tar.gz tor-3124c921e7af15548b8b16d5f239bfdcd178b2ca.zip |
Split the behavior of node_supports_ed25519_link_authentication().
Before, this function meant "can we connect to this node and
authenticate it using its ed25519 key?" Now it can additionally
mean, "when somebody else connects to this node, do we expect that
they can authenticate using the node's ed25519 key"?
This change lets us future-proof our link authentication a bit.
Closes ticket 20895. No backport needed, since ed25519 link
authentication support has not been in any LTS release yet, and
existing releases with it should be obsolete before any releases
without support for linkauth=3 are released.
Diffstat (limited to 'src/or/nodelist.c')
-rw-r--r-- | src/or/nodelist.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 00b8fb144f..1f2d37f285 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -962,23 +962,29 @@ node_ed25519_id_matches(const node_t *node, const ed25519_public_key_t *id) } /** Return true iff <b>node</b> supports authenticating itself - * by ed25519 ID during the link handshake in a way that we can understand - * when we probe it. */ + * by ed25519 ID during the link handshake. If <b>compatible_with_us</b>, + * it needs to be using a link authentication method that we understand. + * If not, any plausible link authentication method will do. */ int -node_supports_ed25519_link_authentication(const node_t *node) +node_supports_ed25519_link_authentication(const node_t *node, + int compatible_with_us) { - /* XXXX Oh hm. What if some day in the future there are link handshake - * versions that aren't 3 but which are ed25519 */ if (! node_get_ed25519_id(node)) return 0; if (node->ri) { const char *protos = node->ri->protocol_list; if (protos == NULL) return 0; - return protocol_list_supports_protocol(protos, PRT_LINKAUTH, 3); + if (compatible_with_us) + return protocol_list_supports_protocol(protos, PRT_LINKAUTH, 3); + else + return protocol_list_supports_protocol_or_later(protos, PRT_LINKAUTH, 3); } if (node->rs) { - return node->rs->supports_ed25519_link_handshake; + if (compatible_with_us) + return node->rs->supports_ed25519_link_handshake_compat; + else + return node->rs->supports_ed25519_link_handshake_any; } tor_assert_nonfatal_unreached_once(); return 0; |