nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-20 04:56:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Also, include ed25519 identities in connection_describe().

Browse Source 
Related to #22668.
This commit is contained in:
Nick Mathewson 2020-10-15 10:53:45 -04:00
parent 5718f38c85
commit 47d6eef190
4 changed files with 37 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/core/mainloop/connection.c
View File

@ -110,6 +110,7 @@
#include "feature/stats/rephist.h" #include "feature/stats/rephist.h"
#include "feature/stats/bwhist.h" #include "feature/stats/bwhist.h"
#include "lib/crypt_ops/crypto_util.h" #include "lib/crypt_ops/crypto_util.h"
#include "lib/crypt_ops/crypto_format.h"
#include "lib/geoip/geoip.h" #include "lib/geoip/geoip.h"
#include "lib/cc/ctassert.h" #include "lib/cc/ctassert.h"
@ -440,11 +441,19 @@ connection_describe_peer_internal(const connection_t *conn,
// This could be a client, so scrub it. No identity to report. // This could be a client, so scrub it. No identity to report.
scrub = true; scrub = true;
} else { } else {
char id_buf[HEX_DIGEST_LEN+1]; const ed25519_public_key_t *ed_id =
base16_encode(id_buf, sizeof(id_buf), connection_or_get_alleged_ed25519_id(or_conn);
char ed_id_buf[ED25519_BASE64_LEN+1];
char rsa_id_buf[HEX_DIGEST_LEN+1];
if (ed_id) {
ed25519_public_to_base64(ed_id_buf, ed_id);
} else {
strlcpy(ed_id_buf, "<none>", sizeof(ed_id_buf));
}
base16_encode(rsa_id_buf, sizeof(rsa_id_buf),
or_conn->identity_digest, DIGEST_LEN); or_conn->identity_digest, DIGEST_LEN);
tor_snprintf(extra_buf, sizeof(extra_buf), tor_snprintf(extra_buf, sizeof(extra_buf),
" ID=%s", id_buf); " ID=%s RSA_ID=%s", ed_id_buf, rsa_id_buf);
} }
if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) || if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) ||
conn->port != or_conn->canonical_orport.port)) { conn->port != or_conn->canonical_orport.port)) {

20
src/core/or/connection_or.c
View File

@ -207,6 +207,26 @@ connection_or_set_identity_digest(or_connection_t *conn,
channel_set_identity_digest(chan, rsa_digest, ed_id); channel_set_identity_digest(chan, rsa_digest, ed_id);
} }
/**
* Return the Ed25519 identity of the peer for this connection (if any).
*
* Note that this ID may not be the _actual_ identity for the peer if
* authentication is not complete.
**/
const struct ed25519_public_key_t *
connection_or_get_alleged_ed25519_id(const or_connection_t *conn)
{
if (conn && conn->chan) {
const channel_t *chan = NULL;
chan = TLS_CHAN_TO_BASE(conn->chan);
if (!ed25519_public_key_is_zero(&chan->ed25519_identity)) {
return &chan->ed25519_identity;
}
}
return NULL;
}
/**************************************************************/ /**************************************************************/
/** Map from a string describing what a non-open OR connection was doing when /** Map from a string describing what a non-open OR connection was doing when

2
src/core/or/connection_or.h
View File

@ -73,6 +73,8 @@ void connection_or_init_conn_from_address(or_connection_t *conn,
int connection_or_client_learned_peer_id(or_connection_t *conn, int connection_or_client_learned_peer_id(or_connection_t *conn,
const uint8_t *rsa_peer_id, const uint8_t *rsa_peer_id,
const struct ed25519_public_key_t *ed_peer_id); const struct ed25519_public_key_t *ed_peer_id);
const struct ed25519_public_key_t *connection_or_get_alleged_ed25519_id(
const or_connection_t *conn);
time_t connection_or_client_used(or_connection_t *conn); time_t connection_or_client_used(or_connection_t *conn);
MOCK_DECL(int, connection_or_get_num_circuits, (or_connection_t *conn)); MOCK_DECL(int, connection_or_get_num_circuits, (or_connection_t *conn));
void or_handshake_state_free_(or_handshake_state_t *state); void or_handshake_state_free_(or_handshake_state_t *state);

6
src/test/test_connection.c
View File

@ -1049,20 +1049,20 @@ test_conn_describe(void *arg)
options->SafeLogging_ = SAFELOG_SCRUB_RELAY; // back to safelogging. options->SafeLogging_ = SAFELOG_SCRUB_RELAY; // back to safelogging.
tt_str_op(connection_describe(conn), OP_EQ, tt_str_op(connection_describe(conn), OP_EQ,
"OR connection (open) with [ffff:3333:1111::2]:8080 " "OR connection (open) with [ffff:3333:1111::2]:8080 "
"ID=0000000700000000000000000000000000000000"); "ID=<none> RSA_ID=0000000700000000000000000000000000000000");
// Add a 'canonical address' that is the same as the one we have. // Add a 'canonical address' that is the same as the one we have.
tor_addr_parse(&TO_OR_CONN(conn)->canonical_orport.addr, tor_addr_parse(&TO_OR_CONN(conn)->canonical_orport.addr,
"[ffff:3333:1111::2]"); "[ffff:3333:1111::2]");
TO_OR_CONN(conn)->canonical_orport.port = 8080; TO_OR_CONN(conn)->canonical_orport.port = 8080;
tt_str_op(connection_describe(conn), OP_EQ, tt_str_op(connection_describe(conn), OP_EQ,
"OR connection (open) with [ffff:3333:1111::2]:8080 " "OR connection (open) with [ffff:3333:1111::2]:8080 "
"ID=0000000700000000000000000000000000000000"); "ID=<none> RSA_ID=0000000700000000000000000000000000000000");
// Add a different 'canonical address' // Add a different 'canonical address'
tor_addr_parse(&TO_OR_CONN(conn)->canonical_orport.addr, tor_addr_parse(&TO_OR_CONN(conn)->canonical_orport.addr,
"[ffff:3333:1111::8]"); "[ffff:3333:1111::8]");
tt_str_op(connection_describe(conn), OP_EQ, tt_str_op(connection_describe(conn), OP_EQ,
"OR connection (open) with [ffff:3333:1111::2]:8080 " "OR connection (open) with [ffff:3333:1111::2]:8080 "
"ID=0000000700000000000000000000000000000000 " "ID=<none> RSA_ID=0000000700000000000000000000000000000000 "
"canonical_addr=[ffff:3333:1111::8]:8080"); "canonical_addr=[ffff:3333:1111::8]:8080");
// Clear identity_digest so that free_minimal won't complain. // Clear identity_digest so that free_minimal won't complain.