summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2017-06-29 13:29:23 -0400
committerDavid Goulet <dgoulet@torproject.org>2017-08-24 13:03:28 -0400
commit8e2854372d777d6be63d1bf766ca6db9100490de (patch)
treeeed4c9eb96908cdf0a7def3b2a7832424c419aec /src
parentb13ee8e4ae59f85ce75800aa7dd90cfe58c04a5e (diff)
downloadtor-8e2854372d777d6be63d1bf766ca6db9100490de.tar.gz
tor-8e2854372d777d6be63d1bf766ca6db9100490de.zip
prop224: Helper function to assert on invalid client intro circuit
Put all the possible assert() we can do on a client introduction circuit in one helper function to make sure it is valid and usable. It is disabled for now so gcc doesn't complain that we have a unused function. Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src')
-rw-r--r--src/or/hs_client.c14
-rw-r--r--src/or/hs_common.c1
-rw-r--r--src/or/hs_ident.c22
-rw-r--r--src/or/hs_ident.h3
-rw-r--r--src/or/rendcommon.c2
-rw-r--r--src/or/rendcommon.h2
6 files changed, 42 insertions, 2 deletions
diff --git a/src/or/hs_client.c b/src/or/hs_client.c
index 8cf98a6b90..514ecf99ba 100644
--- a/src/or/hs_client.c
+++ b/src/or/hs_client.c
@@ -140,6 +140,20 @@ fetch_v3_desc(const ed25519_public_key_t *onion_identity_pk)
return directory_launch_v3_desc_fetch(onion_identity_pk, hsdir_rs);
}
+#if 0
+/* Make sure that the given origin circuit circ is a valid correct
+ * introduction circuit. This asserts on validation failure. */
+static void
+assert_intro_circ(const origin_circuit_t *circ)
+{
+ tor_assert(circ);
+ tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
+ tor_assert(circ->hs_ident);
+ tor_assert(hs_ident_intro_circ_is_valid(circ->hs_ident));
+ assert_circ_anonymity_ok(circ, get_options());
+}
+#endif
+
/** A circuit just finished connecting to a hidden service that the stream
* <b>conn</b> has been waiting for. Let the HS subsystem know about this. */
void
diff --git a/src/or/hs_common.c b/src/or/hs_common.c
index bc44265d53..e0c7dca4bc 100644
--- a/src/or/hs_common.c
+++ b/src/or/hs_common.c
@@ -18,6 +18,7 @@
#include "nodelist.h"
#include "hs_cache.h"
#include "hs_common.h"
+#include "hs_ident.h"
#include "hs_service.h"
#include "rendcommon.h"
#include "rendservice.h"
diff --git a/src/or/hs_ident.c b/src/or/hs_ident.c
index e69350d82e..df39285158 100644
--- a/src/or/hs_ident.c
+++ b/src/or/hs_ident.c
@@ -86,3 +86,25 @@ hs_ident_edge_conn_free(hs_ident_edge_conn_t *ident)
tor_free(ident);
}
+/* Return true if the given ident is valid for an introduction circuit. */
+int
+hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident)
+{
+ if (ident == NULL) {
+ goto invalid;
+ }
+
+ if (ed25519_public_key_is_zero(&ident->identity_pk)) {
+ goto invalid;
+ }
+
+ if (ed25519_public_key_is_zero(&ident->intro_auth_pk)) {
+ goto invalid;
+ }
+
+ /* Valid. */
+ return 1;
+ invalid:
+ return 0;
+}
+
diff --git a/src/or/hs_ident.h b/src/or/hs_ident.h
index e259fde54d..cfcde781d1 100644
--- a/src/or/hs_ident.h
+++ b/src/or/hs_ident.h
@@ -126,5 +126,8 @@ hs_ident_edge_conn_t *hs_ident_edge_conn_new(
const ed25519_public_key_t *identity_pk);
void hs_ident_edge_conn_free(hs_ident_edge_conn_t *ident);
+/* Validators */
+int hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident);
+
#endif /* TOR_HS_IDENT_H */
diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c
index 8829ede960..a6b59881ad 100644
--- a/src/or/rendcommon.c
+++ b/src/or/rendcommon.c
@@ -990,7 +990,7 @@ rend_non_anonymous_mode_enabled(const or_options_t *options)
* service.
*/
void
-assert_circ_anonymity_ok(origin_circuit_t *circ,
+assert_circ_anonymity_ok(const origin_circuit_t *circ,
const or_options_t *options)
{
tor_assert(options);
diff --git a/src/or/rendcommon.h b/src/or/rendcommon.h
index f03a57f2e1..af8dd60099 100644
--- a/src/or/rendcommon.h
+++ b/src/or/rendcommon.h
@@ -60,7 +60,7 @@ int rend_auth_decode_cookie(const char *cookie_in,
int rend_allow_non_anonymous_connection(const or_options_t* options);
int rend_non_anonymous_mode_enabled(const or_options_t *options);
-void assert_circ_anonymity_ok(origin_circuit_t *circ,
+void assert_circ_anonymity_ok(const origin_circuit_t *circ,
const or_options_t *options);
#ifdef RENDCOMMON_PRIVATE