nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 05:03:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Rename "onion_pkey" fields in routerinfo_t, and make them optional.

Browse Source 
(Renaming them has forced me to look at every place where they are used, so I
can make sure that they are really optional now.)
This commit is contained in:
Nick Mathewson 2024-06-24 14:30:32 -04:00
parent cbbfb812a8
commit 4cdf56a173
8 changed files with 69 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/feature/dirauth/dirvote.c
View File

@ -3870,8 +3870,12 @@ dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method)
size_t keylen; size_t keylen;
smartlist_t *chunks = smartlist_new(); smartlist_t *chunks = smartlist_new();
char *output = NULL; char *output = NULL;
crypto_pk_t *rsa_pubkey = router_get_rsa_onion_pkey(ri->onion_pkey, crypto_pk_t *rsa_pubkey = router_get_rsa_onion_pkey(ri->tap_onion_pkey,
ri->onion_pkey_len); ri->tap_onion_pkey_len);
if (!rsa_pubkey) {
/* We do not yet support creating MDs for relays without TAP onion keys. */
goto done;
}
if (crypto_pk_write_public_key_to_string(rsa_pubkey, &key, &keylen)<0) if (crypto_pk_write_public_key_to_string(rsa_pubkey, &key, &keylen)<0)
goto done; goto done;

12
src/feature/dirparse/routerparse.c
View File

@ -601,8 +601,8 @@ router_parse_entry_from_string(const char *s, const char *end,
"Relay's onion key had invalid exponent."); "Relay's onion key had invalid exponent.");
goto err; goto err;
} }
router->onion_pkey = tor_memdup(tok->object_body, tok->object_size); router->tap_onion_pkey = tor_memdup(tok->object_body, tok->object_size);
router->onion_pkey_len = tok->object_size; router->tap_onion_pkey_len = tok->object_size;
crypto_pk_free(tok->key); crypto_pk_free(tok->key);
if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) { if ((tok = find_opt_by_keyword(tokens, K_ONION_KEY_NTOR))) {
@ -776,8 +776,12 @@ router_parse_entry_from_string(const char *s, const char *end,
goto err; goto err;
} }
rsa_pubkey = router_get_rsa_onion_pkey(router->onion_pkey, rsa_pubkey = router_get_rsa_onion_pkey(router->tap_onion_pkey,
router->onion_pkey_len); router->tap_onion_pkey_len);
if (rsa_pubkey == NULL) {
log_warn(LD_DIR, "No pubkey for TAP cross-verification.");
goto err;
}
if (check_tap_onion_key_crosscert( if (check_tap_onion_key_crosscert(
(const uint8_t*)cc_tap_tok->object_body, (const uint8_t*)cc_tap_tok->object_body,
(int)cc_tap_tok->object_size, (int)cc_tap_tok->object_size,

9
src/feature/nodelist/routerinfo_st.h
View File

@ -33,10 +33,13 @@ struct routerinfo_t {
/** /**
* Public RSA TAP key for onions, ASN.1 encoded. We store this * Public RSA TAP key for onions, ASN.1 encoded. We store this
* in its encoded format since storing it as a crypto_pk_t uses * in its encoded format since storing it as a crypto_pk_t uses
* significantly more memory. */ * significantly more memory.
char *onion_pkey; *
* This may be absent.
*/
char *tap_onion_pkey;
/** Length of onion_pkey, in bytes. */ /** Length of onion_pkey, in bytes. */
size_t onion_pkey_len; size_t tap_onion_pkey_len;
crypto_pk_t *identity_pkey; /**< Public RSA key for signing. */ crypto_pk_t *identity_pkey; /**< Public RSA key for signing. */
/** Public curve25519 key for onions */ /** Public curve25519 key for onions */

25
src/feature/nodelist/routerlist.c
View File

@ -930,8 +930,8 @@ routerinfo_free_(routerinfo_t *router)
tor_free(router->platform); tor_free(router->platform);
tor_free(router->protocol_list); tor_free(router->protocol_list);
tor_free(router->contact_info); tor_free(router->contact_info);
if (router->onion_pkey) if (router->tap_onion_pkey)
tor_free(router->onion_pkey); tor_free(router->tap_onion_pkey);
tor_free(router->onion_curve25519_pkey); tor_free(router->onion_curve25519_pkey);
if (router->identity_pkey) if (router->identity_pkey)
crypto_pk_free(router->identity_pkey); crypto_pk_free(router->identity_pkey);
@ -2957,6 +2957,24 @@ router_reset_descriptor_download_failures(void)
/** We allow uptime to vary from how much it ought to be by this much. */ /** We allow uptime to vary from how much it ought to be by this much. */
#define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60) #define ROUTER_ALLOW_UPTIME_DRIFT (6*60*60)
/** Return true iff r1 and r2 have the same TAP onion keys. */
static int
router_tap_onion_keys_eq(const routerinfo_t *r1, const routerinfo_t *r2)
{
if (r1->tap_onion_pkey_len != r2->tap_onion_pkey_len)
return 0;
if ((r1->tap_onion_pkey == NULL) && (r2->tap_onion_pkey == NULL)) {
return 1;
} else if ((r1->tap_onion_pkey != NULL) && (r2->tap_onion_pkey != NULL)) {
return tor_memeq(r1->tap_onion_pkey, r2->tap_onion_pkey,
r1->tap_onion_pkey_len);
} else {
/* One is NULL; one is not. */
return 0;
}
}
/** Return true iff the only differences between r1 and r2 are such that /** Return true iff the only differences between r1 and r2 are such that
* would not cause a recent (post 0.1.1.6) dirserver to republish. * would not cause a recent (post 0.1.1.6) dirserver to republish.
*/ */
@ -2982,8 +3000,7 @@ router_differences_are_cosmetic(const routerinfo_t *r1, const routerinfo_t *r2)
r1->ipv6_orport != r2->ipv6_orport || r1->ipv6_orport != r2->ipv6_orport ||
r1->ipv4_dirport != r2->ipv4_dirport || r1->ipv4_dirport != r2->ipv4_dirport ||
r1->purpose != r2->purpose || r1->purpose != r2->purpose ||
r1->onion_pkey_len != r2->onion_pkey_len || !router_tap_onion_keys_eq(r1,r2) ||
!tor_memeq(r1->onion_pkey, r2->onion_pkey, r1->onion_pkey_len) ||
!crypto_pk_eq_keys(r1->identity_pkey, r2->identity_pkey) || !crypto_pk_eq_keys(r1->identity_pkey, r2->identity_pkey) ||
strcasecmp(r1->platform, r2->platform) || strcasecmp(r1->platform, r2->platform) ||
(r1->contact_info && !r2->contact_info) || /* contact_info is optional */ (r1->contact_info && !r2->contact_info) || /* contact_info is optional */

27
src/feature/relay/router.c
View File

@ -2139,8 +2139,8 @@ router_build_fresh_unsigned_routerinfo,(routerinfo_t **ri_out))
directory_permits_begindir_requests(options); directory_permits_begindir_requests(options);
ri->cache_info.published_on = time(NULL); ri->cache_info.published_on = time(NULL);
/* get_onion_key() must invoke from main thread */ /* get_onion_key() must invoke from main thread */
router_set_rsa_onion_pkey(get_onion_key(), &ri->onion_pkey, router_set_rsa_onion_pkey(get_onion_key(), &ri->tap_onion_pkey,
&ri->onion_pkey_len); &ri->tap_onion_pkey_len);
ri->onion_curve25519_pkey = ri->onion_curve25519_pkey =
tor_memdup(&get_current_curve25519_keypair()->pubkey, tor_memdup(&get_current_curve25519_keypair()->pubkey,
@ -2777,7 +2777,7 @@ router_dump_router_to_string(routerinfo_t *router,
char published[ISO_TIME_LEN+1]; char published[ISO_TIME_LEN+1];
char fingerprint[FINGERPRINT_LEN+1]; char fingerprint[FINGERPRINT_LEN+1];
char *extra_info_line = NULL; char *extra_info_line = NULL;
size_t onion_pkeylen, identity_pkeylen; size_t onion_pkeylen=0, identity_pkeylen;
char *family_line = NULL; char *family_line = NULL;
char *extra_or_address = NULL; char *extra_or_address = NULL;
const or_options_t *options = get_options(); const or_options_t *options = get_options();
@ -2835,12 +2835,14 @@ router_dump_router_to_string(routerinfo_t *router,
} }
/* PEM-encode the onion key */ /* PEM-encode the onion key */
rsa_pubkey = router_get_rsa_onion_pkey(router->onion_pkey, rsa_pubkey = router_get_rsa_onion_pkey(router->tap_onion_pkey,
router->onion_pkey_len); router->tap_onion_pkey_len);
if (crypto_pk_write_public_key_to_string(rsa_pubkey, if (rsa_pubkey) {
&onion_pkey,&onion_pkeylen)<0) { if (crypto_pk_write_public_key_to_string(rsa_pubkey,
log_warn(LD_BUG,"write onion_pkey to string failed!"); &onion_pkey,&onion_pkeylen)<0) {
goto err; log_warn(LD_BUG,"write onion_pkey to string failed!");
goto err;
}
} }
/* PEM-encode the identity key */ /* PEM-encode the identity key */
@ -2851,7 +2853,7 @@ router_dump_router_to_string(routerinfo_t *router,
} }
/* Cross-certify with RSA key */ /* Cross-certify with RSA key */
if (tap_key && router->cache_info.signing_key_cert && if (tap_key && rsa_pubkey && router->cache_info.signing_key_cert &&
router->cache_info.signing_key_cert->signing_key_included) { router->cache_info.signing_key_cert->signing_key_included) {
char buf[256]; char buf[256];
int tap_cc_len = 0; int tap_cc_len = 0;
@ -2976,7 +2978,7 @@ router_dump_router_to_string(routerinfo_t *router,
"uptime %ld\n" "uptime %ld\n"
"bandwidth %d %d %d\n" "bandwidth %d %d %d\n"
"%s%s" "%s%s"
"onion-key\n%s" "%s%s"
"signing-key\n%s" "signing-key\n%s"
"%s%s" "%s%s"
"%s%s%s", "%s%s%s",
@ -2997,7 +2999,8 @@ router_dump_router_to_string(routerinfo_t *router,
extra_info_line ? extra_info_line : "", extra_info_line ? extra_info_line : "",
(options->DownloadExtraInfo || options->V3AuthoritativeDir) ? (options->DownloadExtraInfo || options->V3AuthoritativeDir) ?
"caches-extra-info\n" : "", "caches-extra-info\n" : "",
onion_pkey, identity_pkey, onion_pkey?"onion-key\n":"", onion_pkey?onion_pkey:"",
identity_pkey,
rsa_tap_cc_line ? rsa_tap_cc_line : "", rsa_tap_cc_line ? rsa_tap_cc_line : "",
ntor_cc_line ? ntor_cc_line : "", ntor_cc_line ? ntor_cc_line : "",
family_line, family_line,

20
src/test/test_dir.c
View File

@ -217,7 +217,7 @@ basic_routerinfo_new(const char *nickname, uint32_t ipv4_addr,
r1->ipv4_dirport = dir_port; r1->ipv4_dirport = dir_port;
r1->supports_tunnelled_dir_requests = 1; r1->supports_tunnelled_dir_requests = 1;
router_set_rsa_onion_pkey(pk1, &r1->onion_pkey, &r1->onion_pkey_len); router_set_rsa_onion_pkey(pk1, &r1->tap_onion_pkey, &r1->tap_onion_pkey_len);
r1->identity_pkey = pk2; r1->identity_pkey = pk2;
r1->bandwidthrate = bandwidthrate; r1->bandwidthrate = bandwidthrate;
@ -382,8 +382,8 @@ get_new_onion_key_block(const routerinfo_t *r1)
{ {
char *block = NULL; char *block = NULL;
tor_assert(r1); tor_assert(r1);
crypto_pk_t *pk_tmp = router_get_rsa_onion_pkey(r1->onion_pkey, crypto_pk_t *pk_tmp = router_get_rsa_onion_pkey(r1->tap_onion_pkey,
r1->onion_pkey_len); r1->tap_onion_pkey_len);
block = get_new_rsa_key_block("onion-key", pk_tmp); block = get_new_rsa_key_block("onion-key", pk_tmp);
crypto_pk_free(pk_tmp); crypto_pk_free(pk_tmp);
return block; return block;
@ -587,8 +587,8 @@ setup_mocks_for_fresh_descriptor(const routerinfo_t *r1,
if (rsa_onion_keypair) { if (rsa_onion_keypair) {
mocked_onionkey = crypto_pk_dup_key(rsa_onion_keypair); mocked_onionkey = crypto_pk_dup_key(rsa_onion_keypair);
} else { } else {
mocked_onionkey = router_get_rsa_onion_pkey(r1->onion_pkey, mocked_onionkey = router_get_rsa_onion_pkey(r1->tap_onion_pkey,
r1->onion_pkey_len); r1->tap_onion_pkey_len);
} }
MOCK(get_onion_key, mock_get_onion_key); MOCK(get_onion_key, mock_get_onion_key);
} }
@ -643,10 +643,12 @@ STMT_BEGIN \
tt_int_op(rp1->bandwidthrate,OP_EQ, r1->bandwidthrate); \ tt_int_op(rp1->bandwidthrate,OP_EQ, r1->bandwidthrate); \
tt_int_op(rp1->bandwidthburst,OP_EQ, r1->bandwidthburst); \ tt_int_op(rp1->bandwidthburst,OP_EQ, r1->bandwidthburst); \
tt_int_op(rp1->bandwidthcapacity,OP_EQ, r1->bandwidthcapacity); \ tt_int_op(rp1->bandwidthcapacity,OP_EQ, r1->bandwidthcapacity); \
crypto_pk_t *rp1_onion_pkey = router_get_rsa_onion_pkey(rp1->onion_pkey, \ crypto_pk_t *rp1_onion_pkey = router_get_rsa_onion_pkey( \
rp1->onion_pkey_len); \ rp1->tap_onion_pkey, \
crypto_pk_t *r1_onion_pkey = router_get_rsa_onion_pkey(r1->onion_pkey, \ rp1->tap_onion_pkey_len); \
r1->onion_pkey_len); \ crypto_pk_t *r1_onion_pkey = router_get_rsa_onion_pkey( \
r1->tap_onion_pkey, \
r1->tap_onion_pkey_len); \
tt_int_op(crypto_pk_cmp_keys(rp1_onion_pkey, r1_onion_pkey), OP_EQ, 0); \ tt_int_op(crypto_pk_cmp_keys(rp1_onion_pkey, r1_onion_pkey), OP_EQ, 0); \
crypto_pk_free(rp1_onion_pkey); \ crypto_pk_free(rp1_onion_pkey); \
crypto_pk_free(r1_onion_pkey); \ crypto_pk_free(r1_onion_pkey); \

2
src/test/test_hs_service.c
View File

@ -1605,7 +1605,6 @@ test_build_update_descriptors(void *arg)
tt_int_op(ret, OP_EQ, 0); tt_int_op(ret, OP_EQ, 0);
ri.onion_curve25519_pkey = ri.onion_curve25519_pkey =
tor_malloc_zero(sizeof(curve25519_public_key_t)); tor_malloc_zero(sizeof(curve25519_public_key_t));
ri.onion_pkey = tor_malloc_zero(140);
curve25519_public_key_generate(ri.onion_curve25519_pkey, curve25519_public_key_generate(ri.onion_curve25519_pkey,
&curve25519_secret_key); &curve25519_secret_key);
memset(ri.cache_info.identity_digest, 'A', DIGEST_LEN); memset(ri.cache_info.identity_digest, 'A', DIGEST_LEN);
@ -1631,7 +1630,6 @@ test_build_update_descriptors(void *arg)
update_all_descriptors_intro_points(now); update_all_descriptors_intro_points(now);
tor_free(node->ri->onion_curve25519_pkey); /* Avoid memleak. */ tor_free(node->ri->onion_curve25519_pkey); /* Avoid memleak. */
tor_free(node->ri->cache_info.signing_key_cert); tor_free(node->ri->cache_info.signing_key_cert);
tor_free(node->ri->onion_pkey);
expect_log_msg_containing("just picked 1 intro points and wanted 3 for next " expect_log_msg_containing("just picked 1 intro points and wanted 3 for next "
"descriptor. It currently has 0 intro points. " "descriptor. It currently has 0 intro points. "
"Launching ESTABLISH_INTRO circuit shortly."); "Launching ESTABLISH_INTRO circuit shortly.");

4
src/test/test_router.c
View File

@ -60,8 +60,8 @@ rtr_tests_gen_routerinfo(crypto_pk_t *ident_key, crypto_pk_t *tap_key)
mock_routerinfo->identity_pkey = crypto_pk_dup_key(ident_key); mock_routerinfo->identity_pkey = crypto_pk_dup_key(ident_key);
mock_routerinfo->protocol_list = mock_routerinfo->protocol_list =
tor_strdup("Cons=1-2 Desc=1-2 DirCache=1-2"); tor_strdup("Cons=1-2 Desc=1-2 DirCache=1-2");
router_set_rsa_onion_pkey(tap_key, &mock_routerinfo->onion_pkey, router_set_rsa_onion_pkey(tap_key, &mock_routerinfo->tap_onion_pkey,
&mock_routerinfo->onion_pkey_len); &mock_routerinfo->tap_onion_pkey_len);
mock_routerinfo->bandwidthrate = 9001; mock_routerinfo->bandwidthrate = 9001;
mock_routerinfo->bandwidthburst = 9002; mock_routerinfo->bandwidthburst = 9002;