diff options
author | David Goulet <dgoulet@torproject.org> | 2017-04-06 14:37:24 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2017-08-08 20:29:33 -0400 |
commit | 27dd1a716c63bcdda31f24ed08d259b4a91aa1c3 (patch) | |
tree | 29b34922764c554c0bd005bbbefb8b41b0a5b06e /src | |
parent | 100386e659533cfa92c5bfff93a15fb3535f7970 (diff) | |
download | tor-27dd1a716c63bcdda31f24ed08d259b4a91aa1c3.tar.gz tor-27dd1a716c63bcdda31f24ed08d259b4a91aa1c3.zip |
prop224: Support INTRODUCE2 cell replay cache
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/or/hs_cell.c | 13 | ||||
-rw-r--r-- | src/or/hs_cell.h | 2 | ||||
-rw-r--r-- | src/or/hs_circuit.c | 1 |
3 files changed, 14 insertions, 2 deletions
diff --git a/src/or/hs_cell.c b/src/or/hs_cell.c index 9ab83525d4..4c476b1388 100644 --- a/src/or/hs_cell.c +++ b/src/or/hs_cell.c @@ -9,6 +9,7 @@ #include "or.h" #include "config.h" #include "rendservice.h" +#include "replaycache.h" #include "hs_cell.h" #include "hs_ntor.h" @@ -460,6 +461,7 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, const hs_service_t *service) { int ret = -1; + time_t elapsed; uint8_t *decrypted = NULL; size_t encrypted_section_len; const uint8_t *encrypted_section; @@ -477,8 +479,6 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, goto done; } - /* XXX: Add/Test replaycache. */ - log_info(LD_REND, "Received a decodable INTRODUCE2 cell on circuit %u " "for service %s. Decoding encrypted section...", TO_CIRCUIT(circ)->n_circ_id, @@ -498,6 +498,15 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, goto done; } + /* Check our replay cache for this introduction point. */ + if (replaycache_add_test_and_elapsed(data->replay_cache, encrypted_section, + encrypted_section_len, &elapsed)) { + log_warn(LD_REND, "Possible replay detected! An INTRODUCE2 cell with the" + "same ENCRYPTED section was seen %ld seconds ago. " + "Dropping cell.", elapsed); + goto done; + } + /* Build the key material out of the key material found in the cell. */ intro_keys = get_introduce2_key_material(data->auth_pk, data->enc_kp, data->subcredential, diff --git a/src/or/hs_cell.h b/src/or/hs_cell.h index 6114182439..1336a399a7 100644 --- a/src/or/hs_cell.h +++ b/src/or/hs_cell.h @@ -47,6 +47,8 @@ typedef struct hs_cell_introduce2_data_t { curve25519_public_key_t client_pk; /* Link specifiers of the rendezvous point. Contains link_specifier_t. */ smartlist_t *link_specifiers; + /* Replay cache of the introduction point. */ + replaycache_t *replay_cache; } hs_cell_introduce2_data_t; /* Build cell API. */ diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c index 543cbac6d3..ee43406c0d 100644 --- a/src/or/hs_circuit.c +++ b/src/or/hs_circuit.c @@ -811,6 +811,7 @@ hs_circ_handle_introduce2(const hs_service_t *service, data.payload_len = payload_len; data.link_specifiers = smartlist_new(); data.is_legacy = ip->base.is_only_legacy; + data.replay_cache = ip->replay_cache; if (hs_cell_parse_introduce2(&data, circ, service) < 0) { goto done; |