From 6788418f28930467121537f31c4b43f981ae6ca8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Sat, 24 Sep 2016 11:25:48 -0700 Subject: Propagate Ed25519 identities downwards into more functions. Actually set ed25519 identities on channels when we set a channel's identity. --- src/or/connection_or.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) (limited to 'src/or/connection_or.c') diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 4449d3f3ae..a22c4ad1ef 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -111,7 +111,6 @@ connection_or_set_identity_digest(or_connection_t *conn, const char *rsa_digest, const ed25519_public_key_t *ed_id) { - (void) ed_id; // DOCDOC // XXXX not implemented yet. 15056 tor_assert(conn); tor_assert(rsa_digest); @@ -133,7 +132,8 @@ connection_or_set_identity_digest(or_connection_t *conn, /* Deal with channels */ if (conn->chan) - channel_set_identity_digest(TLS_CHAN_TO_BASE(conn->chan), rsa_digest); + channel_set_identity_digest(TLS_CHAN_TO_BASE(conn->chan), + rsa_digest, ed_id); } /** Remove the Extended ORPort identifier of conn from the @@ -831,7 +831,6 @@ connection_or_init_conn_from_address(or_connection_t *conn, const ed25519_public_key_t *ed_id, int started_here) { - (void) ed_id; // not fully used yet. 15056 const node_t *r = node_get_by_id(id_digest); connection_or_set_identity_digest(conn, id_digest, ed_id); connection_or_update_token_buckets_helper(conn, 1, get_options()); @@ -1116,7 +1115,6 @@ connection_or_connect, (const tor_addr_t *_addr, uint16_t port, const ed25519_public_key_t *ed_id, channel_tls_t *chan)) { - (void) ed_id; // XXXX not fully used yet. 15056 or_connection_t *conn; const or_options_t *options = get_options(); int socket_error = 0; @@ -1135,6 +1133,11 @@ connection_or_connect, (const tor_addr_t *_addr, uint16_t port, log_info(LD_PROTOCOL,"Client asked me to connect to myself. Refusing."); return NULL; } + if (server_mode(options) && router_ed25519_id_is_me(ed_id)) { + log_info(LD_PROTOCOL,"Client asked me to connect to myself by Ed25519 " + "identity. Refusing."); + return NULL; + } conn = or_connection_new(CONN_TYPE_OR, tor_addr_family(&addr)); @@ -1504,11 +1507,13 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn, crypto_pk_free(identity_rcvd); - if (started_here) + if (started_here) { + /* A TLS handshake can't teach us an Ed25519 ID, so we set it to NULL + * here. */ return connection_or_client_learned_peer_id(conn, (const uint8_t*)digest_rcvd_out, - NULL // Ed25519 ID 15056 - ); + NULL); + } return 0; } @@ -1541,8 +1546,6 @@ connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *rsa_peer_id, const ed25519_public_key_t *ed_peer_id) { - (void) ed_peer_id; // not used yet. 15056 - const or_options_t *options = get_options(); if (tor_digest_is_zero(conn->identity_digest)) { @@ -1559,7 +1562,7 @@ connection_or_client_learned_peer_id(or_connection_t *conn, /* if it's a bridge and we didn't know its identity fingerprint, now * we do -- remember it for future attempts. */ learned_router_identity(&conn->base_.addr, conn->base_.port, - (const char*)rsa_peer_id /*, ed_peer_id XXXX */); + (const char*)rsa_peer_id, ed_peer_id); } if (tor_memneq(rsa_peer_id, conn->identity_digest, DIGEST_LEN)) { @@ -1617,9 +1620,12 @@ connection_or_client_learned_peer_id(or_connection_t *conn, conn); return -1; } + + /* XXXX 15056 -- use the Ed25519 key */ + if (authdir_mode_tests_reachability(options)) { dirserv_orconn_tls_done(&conn->base_.addr, conn->base_.port, - (const char*)rsa_peer_id /*, ed_id XXXX 15056 */); + (const char*)rsa_peer_id, ed_peer_id); } return 0; -- cgit v1.2.3-54-g00ecf