aboutsummaryrefslogtreecommitdiff
path: root/src/or/router.c
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2010-10-21 13:54:12 -0400
committerNick Mathewson <nickm@torproject.org>2010-10-21 13:54:12 -0400
commit03adb8caadb894a7fcd7c7a24e3147fa6d3fc4f9 (patch)
treea15f7db95aec32ed4aec9edcaca217b6ff94dae1 /src/or/router.c
parent704076680abd188dcb3432403e591a6cb614a1dc (diff)
downloadtor-03adb8caadb894a7fcd7c7a24e3147fa6d3fc4f9.tar.gz
tor-03adb8caadb894a7fcd7c7a24e3147fa6d3fc4f9.zip
Add some asserts to get_{tlsclient|server}_identity_key
We now require that: - Only actual servers should ever call get_server_identity_key - If you're being a client or bridge, the client and server keys should differ. - If you're being a public relay, the client and server keys should be the same.
Diffstat (limited to 'src/or/router.c')
-rw-r--r--src/or/router.c22
1 files changed, 21 insertions, 1 deletions
diff --git a/src/or/router.c b/src/or/router.c
index a2adfe155e..d289b0c3db 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -137,13 +137,32 @@ set_server_identity_key(crypto_pk_env_t *k)
crypto_pk_get_digest(server_identitykey, server_identitykey_digest);
}
+/** Make sure that we have set up our identity keys to match or not match as
+ * appropriate, and die with an assertion if we have not. */
+static void
+assert_identity_keys_ok(void)
+{
+ tor_assert(client_identitykey);
+ if (public_server_mode(get_options())) {
+ /* assert that we have set the client and server keys to be equal */
+ tor_assert(server_identitykey);
+ tor_assert(0==crypto_pk_cmp_keys(client_identitykey, server_identitykey));
+ } else {
+ /* assert that we have set the client and server keys to be unequal */
+ if (server_identitykey)
+ tor_assert(0!=crypto_pk_cmp_keys(client_identitykey, server_identitykey));
+ }
+}
+
/** Returns the current server identity key; requires that the key has
- * been set.
+ * been set, and that we are running as a Tor server.
*/
crypto_pk_env_t *
get_server_identity_key(void)
{
tor_assert(server_identitykey);
+ tor_assert(server_mode(get_options()));
+ assert_identity_keys_ok();
return server_identitykey;
}
@@ -170,6 +189,7 @@ crypto_pk_env_t *
get_tlsclient_identity_key(void)
{
tor_assert(client_identitykey);
+ assert_identity_keys_ok();
return client_identitykey;
}