nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-21 21:44:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rename accepted_intros fields

Browse Source
This commit is contained in:
Robert Ransom 2011-11-27 09:26:48 -08:00
parent 60ed98e184
commit 256bcb4755
3 changed files with 29 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/or/or.h
View File

@ -3510,7 +3510,7 @@ typedef struct rend_intro_point_t {
* of the RSA-encrypted part of a received INTRODUCE2 cell; each * of the RSA-encrypted part of a received INTRODUCE2 cell; each
* value is a pointer to the time_t at which the cell was * value is a pointer to the time_t at which the cell was
* received. */ * received. */
digestmap_t *accepted_intros; digestmap_t *accepted_intro_rsa_parts;
/** (Service side only) The time at which this intro point was first /** (Service side only) The time at which this intro point was first
* published, or -1 if this intro point has not yet been * published, or -1 if this intro point has not yet been

4
src/or/rendcommon.c
View File

@ -441,8 +441,8 @@ rend_intro_point_free(rend_intro_point_t *intro)
extend_info_free(intro->extend_info); extend_info_free(intro->extend_info);
crypto_free_pk_env(intro->intro_key); crypto_free_pk_env(intro->intro_key);
if (intro->accepted_intros != NULL) { if (intro->accepted_intro_rsa_parts != NULL) {
digestmap_free(intro->accepted_intros, _tor_free); digestmap_free(intro->accepted_intro_rsa_parts, _tor_free);
} }
tor_free(intro); tor_free(intro);

45
src/or/rendservice.c
View File

@ -91,9 +91,10 @@ typedef struct rend_service_t {
* upload time. */ * upload time. */
/** Map from digests of Diffie-Hellman values INTRODUCE2 to time_t of when /** Map from digests of Diffie-Hellman values INTRODUCE2 to time_t of when
* they were received; used to prevent replays. */ * they were received; used to prevent replays. */
digestmap_t *accepted_intros; digestmap_t *accepted_intro_dh_parts;
/** Time at which we last removed expired values from accepted_intros. */ /** Time at which we last removed expired values from
time_t last_cleaned_accepted_intros; * accepted_intro_dh_parts. */
time_t last_cleaned_accepted_intro_dh_parts;
} rend_service_t; } rend_service_t;
/** A list of rend_service_t's for services run on this OP. /** A list of rend_service_t's for services run on this OP.
@ -153,7 +154,7 @@ rend_service_free(rend_service_t *service)
rend_authorized_client_free(c);); rend_authorized_client_free(c););
smartlist_free(service->clients); smartlist_free(service->clients);
} }
digestmap_free(service->accepted_intros, _tor_free); digestmap_free(service->accepted_intro_dh_parts, _tor_free);
tor_free(service); tor_free(service);
} }
@ -888,15 +889,16 @@ rend_check_authorization(rend_service_t *service,
/** Remove elements from <b>service</b>'s replay cache that are old enough to /** Remove elements from <b>service</b>'s replay cache that are old enough to
* be noticed by timestamp checking. */ * be noticed by timestamp checking. */
static void static void
clean_accepted_intros(rend_service_t *service, time_t now) clean_accepted_intro_dh_parts(rend_service_t *service, time_t now)
{ {
const time_t cutoff = now - REND_REPLAY_TIME_INTERVAL; const time_t cutoff = now - REND_REPLAY_TIME_INTERVAL;
service->last_cleaned_accepted_intros = now; service->last_cleaned_accepted_intro_dh_parts = now;
if (!service->accepted_intros) if (!service->accepted_intro_dh_parts)
return; return;
DIGESTMAP_FOREACH_MODIFY(service->accepted_intros, digest, time_t *, t) { DIGESTMAP_FOREACH_MODIFY(service->accepted_intro_dh_parts, digest,
time_t *, t) {
if (*t < cutoff) { if (*t < cutoff) {
tor_free(t); tor_free(t);
MAP_DEL_CURRENT(digest); MAP_DEL_CURRENT(digest);
@ -1002,17 +1004,18 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
return -1; return -1;
} }
if (!service->accepted_intros) if (!service->accepted_intro_dh_parts)
service->accepted_intros = digestmap_new(); service->accepted_intro_dh_parts = digestmap_new();
if (!intro_point->accepted_intros) if (!intro_point->accepted_intro_rsa_parts)
intro_point->accepted_intros = digestmap_new(); intro_point->accepted_intro_rsa_parts = digestmap_new();
{ {
char pkpart_digest[DIGEST_LEN]; char pkpart_digest[DIGEST_LEN];
/* Check for replay of PK-encrypted portion. */ /* Check for replay of PK-encrypted portion. */
crypto_digest(pkpart_digest, (char*)request+DIGEST_LEN, keylen); crypto_digest(pkpart_digest, (char*)request+DIGEST_LEN, keylen);
access_time = digestmap_get(intro_point->accepted_intros, pkpart_digest); access_time = digestmap_get(intro_point->accepted_intro_rsa_parts,
pkpart_digest);
if (access_time != NULL) { if (access_time != NULL) {
log_warn(LD_REND, "Possible replay detected! We received an " log_warn(LD_REND, "Possible replay detected! We received an "
"INTRODUCE2 cell with same PK-encrypted part %d seconds ago. " "INTRODUCE2 cell with same PK-encrypted part %d seconds ago. "
@ -1021,7 +1024,8 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
} }
access_time = tor_malloc(sizeof(time_t)); access_time = tor_malloc(sizeof(time_t));
*access_time = now; *access_time = now;
digestmap_set(intro_point->accepted_intros, pkpart_digest, access_time); digestmap_set(intro_point->accepted_intro_rsa_parts,
pkpart_digest, access_time);
} }
/* Next N bytes is encrypted with service key */ /* Next N bytes is encrypted with service key */
@ -1158,7 +1162,8 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
/* Check whether there is a past request with the same Diffie-Hellman, /* Check whether there is a past request with the same Diffie-Hellman,
* part 1. */ * part 1. */
access_time = digestmap_get(service->accepted_intros, diffie_hellman_hash); access_time = digestmap_get(service->accepted_intro_dh_parts,
diffie_hellman_hash);
if (access_time != NULL) { if (access_time != NULL) {
/* A Tor client will send a new INTRODUCE1 cell with the same rend /* A Tor client will send a new INTRODUCE1 cell with the same rend
* cookie and DH public key as its previous one if its intro circ * cookie and DH public key as its previous one if its intro circ
@ -1180,9 +1185,11 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
* one hour. */ * one hour. */
access_time = tor_malloc(sizeof(time_t)); access_time = tor_malloc(sizeof(time_t));
*access_time = now; *access_time = now;
digestmap_set(service->accepted_intros, diffie_hellman_hash, access_time); digestmap_set(service->accepted_intro_dh_parts,
if (service->last_cleaned_accepted_intros + REND_REPLAY_TIME_INTERVAL < now) diffie_hellman_hash, access_time);
clean_accepted_intros(service, now); if (service->last_cleaned_accepted_intro_dh_parts + REND_REPLAY_TIME_INTERVAL
< now)
clean_accepted_intro_dh_parts(service, now);
/* If the service performs client authorization, check included auth data. */ /* If the service performs client authorization, check included auth data. */
if (service->clients) { if (service->clients) {
@ -1918,7 +1925,7 @@ intro_point_should_expire_now(rend_intro_point_t *intro,
return 1; return 1;
} }
if (digestmap_size(intro->accepted_intros) >= if (digestmap_size(intro->accepted_intro_rsa_parts) >=
INTRO_POINT_LIFETIME_INTRODUCTIONS) { INTRO_POINT_LIFETIME_INTRODUCTIONS) {
/* This intro point has been used too many times. Expire it now. */ /* This intro point has been used too many times. Expire it now. */
return 1; return 1;