Propagate Ed25519 identities downwards into more functions.

Actually set ed25519 identities on channels when we set a channel's identity.
2024-09-21 21:44:58 +02:00 · 2016-09-24 11:25:48 -07:00 · 2016-09-24 11:25:48 -07:00 · 6788418f28
commit 6788418f28
parent af3af49408
7 changed files with 52 additions and 19 deletions
--- a/src/or/channel.c
+++ b/src/or/channel.c
@ -1471,7 +1471,8 @@ channel_clear_identity_digest(channel_t *chan)

 void
 channel_set_identity_digest(channel_t *chan,
-                            const char *identity_digest)
+                            const char *identity_digest,
+                            const ed25519_public_key_t *ed_identity)
 {
  int was_in_digest_map, should_be_in_digest_map, state_not_in_map;

@ -1510,6 +1511,9 @@ channel_set_identity_digest(channel_t *chan,
    memset(chan->identity_digest, 0,
           sizeof(chan->identity_digest));
  }
+  if (ed_identity) {
+    memcpy(&chan->ed25519_identity, ed_identity, sizeof(*ed_identity));
+  }

  /* Put it in the digest map if we should */
  if (should_be_in_digest_map)
--- a/src/or/channel.h
+++ b/src/or/channel.h
@ -443,7 +443,8 @@ void channel_mark_incoming(channel_t *chan);
 void channel_mark_outgoing(channel_t *chan);
 void channel_mark_remote(channel_t *chan);
 void channel_set_identity_digest(channel_t *chan,
-                                 const char *identity_digest);
+                                 const char *identity_digest,
+                                 const ed25519_public_key_t *ed_identity);
 void channel_set_remote_end(channel_t *chan,
                            const char *identity_digest,
                            const char *nickname);
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@ -111,7 +111,6 @@ connection_or_set_identity_digest(or_connection_t *conn,
                                  const char *rsa_digest,
                                  const ed25519_public_key_t *ed_id)
 {
-  (void) ed_id; // DOCDOC // XXXX not implemented yet. 15056
  tor_assert(conn);
  tor_assert(rsa_digest);

@ -133,7 +132,8 @@ connection_or_set_identity_digest(or_connection_t *conn,

  /* Deal with channels */
  if (conn->chan)
-    channel_set_identity_digest(TLS_CHAN_TO_BASE(conn->chan), rsa_digest);
+    channel_set_identity_digest(TLS_CHAN_TO_BASE(conn->chan),
+                                rsa_digest, ed_id);
 }

 /** Remove the Extended ORPort identifier of <b>conn</b> from the
@ -831,7 +831,6 @@ connection_or_init_conn_from_address(or_connection_t *conn,
                                     const ed25519_public_key_t *ed_id,
                                     int started_here)
 {
-  (void) ed_id; // not fully used yet. 15056
  const node_t *r = node_get_by_id(id_digest);
  connection_or_set_identity_digest(conn, id_digest, ed_id);
  connection_or_update_token_buckets_helper(conn, 1, get_options());
@ -1116,7 +1115,6 @@ connection_or_connect, (const tor_addr_t *_addr, uint16_t port,
                        const ed25519_public_key_t *ed_id,
                        channel_tls_t *chan))
 {
-  (void) ed_id; // XXXX not fully used yet. 15056
  or_connection_t *conn;
  const or_options_t *options = get_options();
  int socket_error = 0;
@ -1135,6 +1133,11 @@ connection_or_connect, (const tor_addr_t *_addr, uint16_t port,
    log_info(LD_PROTOCOL,"Client asked me to connect to myself. Refusing.");
    return NULL;
  }
+  if (server_mode(options) && router_ed25519_id_is_me(ed_id)) {
+    log_info(LD_PROTOCOL,"Client asked me to connect to myself by Ed25519 "
+             "identity. Refusing.");
+    return NULL;
+  }

  conn = or_connection_new(CONN_TYPE_OR, tor_addr_family(&addr));

@ -1504,11 +1507,13 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,

  crypto_pk_free(identity_rcvd);

-  if (started_here)
+  if (started_here) {
+    /* A TLS handshake can't teach us an Ed25519 ID, so we set it to NULL
+     * here. */
    return connection_or_client_learned_peer_id(conn,
                                        (const uint8_t*)digest_rcvd_out,
-                                        NULL // Ed25519 ID 15056
-                                        );
+                                        NULL);
+  }

  return 0;
 }
@ -1541,8 +1546,6 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
                                     const uint8_t *rsa_peer_id,
                                     const ed25519_public_key_t *ed_peer_id)
 {
-  (void) ed_peer_id; // not used yet. 15056
-
  const or_options_t *options = get_options();

  if (tor_digest_is_zero(conn->identity_digest)) {
@ -1559,7 +1562,7 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
    /* if it's a bridge and we didn't know its identity fingerprint, now
     * we do -- remember it for future attempts. */
    learned_router_identity(&conn->base_.addr, conn->base_.port,
-                            (const char*)rsa_peer_id /*, ed_peer_id XXXX */);
+                            (const char*)rsa_peer_id, ed_peer_id);
  }

  if (tor_memneq(rsa_peer_id, conn->identity_digest, DIGEST_LEN)) {
@ -1617,9 +1620,12 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
                                conn);
    return -1;
  }
+
+  /* XXXX 15056 -- use the Ed25519 key */
+
  if (authdir_mode_tests_reachability(options)) {
    dirserv_orconn_tls_done(&conn->base_.addr, conn->base_.port,
-                            (const char*)rsa_peer_id /*, ed_id XXXX 15056 */);
+                            (const char*)rsa_peer_id, ed_peer_id);
  }

  return 0;
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@ -3170,8 +3170,10 @@ dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
 void
 dirserv_orconn_tls_done(const tor_addr_t *addr,
                        uint16_t or_port,
-                        const char *digest_rcvd)
+                        const char *digest_rcvd,
+                        const ed25519_public_key_t *ed_id_rcvd)
 {
+  (void)ed_id_rcvd; // XXXX 15056 use this.
  node_t *node = NULL;
  tor_addr_port_t orport;
  routerinfo_t *ri = NULL;
--- a/src/or/dirserv.h
+++ b/src/or/dirserv.h
@ -73,7 +73,8 @@ int dirserv_get_routerdescs(smartlist_t *descs_out, const char *key,
                            const char **msg);
 void dirserv_orconn_tls_done(const tor_addr_t *addr,
                             uint16_t or_port,
-                             const char *digest_rcvd);
+                             const char *digest_rcvd,
+                             const ed25519_public_key_t *ed_id_rcvd);
 int dirserv_should_launch_reachability_test(const routerinfo_t *ri,
                                            const routerinfo_t *ri_old);
 void dirserv_single_reachability_test(time_t now, routerinfo_t *router);
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@ -2108,18 +2108,34 @@ node_is_a_configured_bridge(const node_t *node)
 */
 void
 learned_router_identity(const tor_addr_t *addr, uint16_t port,
-                        const char *digest)
+                        const char *digest,
+                        const ed25519_public_key_t *ed_id)
 {
+  // XXXX prop220 use ed_id here, once there is some way to specify
+  (void)ed_id;
+  int learned = 0;
  bridge_info_t *bridge =
    get_configured_bridge_by_addr_port_digest(addr, port, digest);
  if (bridge && tor_digest_is_zero(bridge->identity)) {
+    memcpy(bridge->identity, digest, DIGEST_LEN);
+    learned = 1;
+  }
+  /* XXXX prop220 remember bridge ed25519 identities -- add a field */
+#if 0
+  if (bridge && ed_id &&
+      ed25519_public_key_is_zero(&bridge->ed25519_identity) &&
+      !ed25519_public_key_is_zero(ed_id)) {
+    memcpy(&bridge->ed25519_identity, ed_id, sizeof(*ed_id));
+    learned = 1;
+  }
+#endif
+  if (learned) {
    char *transport_info = NULL;
    const char *transport_name =
      find_transport_name_by_bridge_addrport(addr, port);
    if (transport_name)
      tor_asprintf(&transport_info, " (with transport '%s')", transport_name);
-
-    memcpy(bridge->identity, digest, DIGEST_LEN);
+    // XXXX prop220 log both fingerprints.
    log_notice(LD_DIR, "Learned fingerprint %s for bridge %s%s.",
               hex_str(digest, DIGEST_LEN), fmt_addrport(addr, port),
               transport_info ? transport_info : "");
@ -2216,6 +2232,8 @@ bridge_add_from_config(bridge_line_t *bridge_line)
 {
  bridge_info_t *b;

+  // XXXX prop220 add a way to specify ed25519 ID to bridge_line_t.
+
  { /* Log the bridge we are about to register: */
    log_debug(LD_GENERAL, "Registering bridge at %s (transport: %s) (%s)",
              fmt_addrport(&bridge_line->addr, bridge_line->port),
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@ -167,7 +167,8 @@ int extend_info_is_a_configured_bridge(const extend_info_t *ei);
 int routerinfo_is_a_configured_bridge(const routerinfo_t *ri);
 int node_is_a_configured_bridge(const node_t *node);
 void learned_router_identity(const tor_addr_t *addr, uint16_t port,
-                             const char *digest);
+                             const char *digest,
+                             const ed25519_public_key_t *ed_id);
 struct bridge_line_t;
 void bridge_add_from_config(struct bridge_line_t *bridge_line);
 void retry_bridge_descriptor_fetch_directly(const char *digest);