prop224: Helper function to assert on invalid client intro circuit

Put all the possible assert() we can do on a client introduction circuit in
one helper function to make sure it is valid and usable.

It is disabled for now so gcc doesn't complain that we have a unused function.

Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
David Goulet 2017-06-29 13:29:23 -04:00
parent b13ee8e4ae
commit 8e2854372d
6 changed files with 42 additions and 2 deletions

View File

@ -140,6 +140,20 @@ fetch_v3_desc(const ed25519_public_key_t *onion_identity_pk)
return directory_launch_v3_desc_fetch(onion_identity_pk, hsdir_rs); return directory_launch_v3_desc_fetch(onion_identity_pk, hsdir_rs);
} }
#if 0
/* Make sure that the given origin circuit circ is a valid correct
* introduction circuit. This asserts on validation failure. */
static void
assert_intro_circ(const origin_circuit_t *circ)
{
tor_assert(circ);
tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
tor_assert(circ->hs_ident);
tor_assert(hs_ident_intro_circ_is_valid(circ->hs_ident));
assert_circ_anonymity_ok(circ, get_options());
}
#endif
/** A circuit just finished connecting to a hidden service that the stream /** A circuit just finished connecting to a hidden service that the stream
* <b>conn</b> has been waiting for. Let the HS subsystem know about this. */ * <b>conn</b> has been waiting for. Let the HS subsystem know about this. */
void void

View File

@ -18,6 +18,7 @@
#include "nodelist.h" #include "nodelist.h"
#include "hs_cache.h" #include "hs_cache.h"
#include "hs_common.h" #include "hs_common.h"
#include "hs_ident.h"
#include "hs_service.h" #include "hs_service.h"
#include "rendcommon.h" #include "rendcommon.h"
#include "rendservice.h" #include "rendservice.h"

View File

@ -86,3 +86,25 @@ hs_ident_edge_conn_free(hs_ident_edge_conn_t *ident)
tor_free(ident); tor_free(ident);
} }
/* Return true if the given ident is valid for an introduction circuit. */
int
hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident)
{
if (ident == NULL) {
goto invalid;
}
if (ed25519_public_key_is_zero(&ident->identity_pk)) {
goto invalid;
}
if (ed25519_public_key_is_zero(&ident->intro_auth_pk)) {
goto invalid;
}
/* Valid. */
return 1;
invalid:
return 0;
}

View File

@ -126,5 +126,8 @@ hs_ident_edge_conn_t *hs_ident_edge_conn_new(
const ed25519_public_key_t *identity_pk); const ed25519_public_key_t *identity_pk);
void hs_ident_edge_conn_free(hs_ident_edge_conn_t *ident); void hs_ident_edge_conn_free(hs_ident_edge_conn_t *ident);
/* Validators */
int hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident);
#endif /* TOR_HS_IDENT_H */ #endif /* TOR_HS_IDENT_H */

View File

@ -990,7 +990,7 @@ rend_non_anonymous_mode_enabled(const or_options_t *options)
* service. * service.
*/ */
void void
assert_circ_anonymity_ok(origin_circuit_t *circ, assert_circ_anonymity_ok(const origin_circuit_t *circ,
const or_options_t *options) const or_options_t *options)
{ {
tor_assert(options); tor_assert(options);

View File

@ -60,7 +60,7 @@ int rend_auth_decode_cookie(const char *cookie_in,
int rend_allow_non_anonymous_connection(const or_options_t* options); int rend_allow_non_anonymous_connection(const or_options_t* options);
int rend_non_anonymous_mode_enabled(const or_options_t *options); int rend_non_anonymous_mode_enabled(const or_options_t *options);
void assert_circ_anonymity_ok(origin_circuit_t *circ, void assert_circ_anonymity_ok(const origin_circuit_t *circ,
const or_options_t *options); const or_options_t *options);
#ifdef RENDCOMMON_PRIVATE #ifdef RENDCOMMON_PRIVATE