mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 14:23:30 +01:00
prop224: Helper function to assert on invalid client intro circuit
Put all the possible assert() we can do on a client introduction circuit in one helper function to make sure it is valid and usable. It is disabled for now so gcc doesn't complain that we have a unused function. Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
parent
b13ee8e4ae
commit
8e2854372d
@ -140,6 +140,20 @@ fetch_v3_desc(const ed25519_public_key_t *onion_identity_pk)
|
||||
return directory_launch_v3_desc_fetch(onion_identity_pk, hsdir_rs);
|
||||
}
|
||||
|
||||
#if 0
|
||||
/* Make sure that the given origin circuit circ is a valid correct
|
||||
* introduction circuit. This asserts on validation failure. */
|
||||
static void
|
||||
assert_intro_circ(const origin_circuit_t *circ)
|
||||
{
|
||||
tor_assert(circ);
|
||||
tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
|
||||
tor_assert(circ->hs_ident);
|
||||
tor_assert(hs_ident_intro_circ_is_valid(circ->hs_ident));
|
||||
assert_circ_anonymity_ok(circ, get_options());
|
||||
}
|
||||
#endif
|
||||
|
||||
/** A circuit just finished connecting to a hidden service that the stream
|
||||
* <b>conn</b> has been waiting for. Let the HS subsystem know about this. */
|
||||
void
|
||||
|
@ -18,6 +18,7 @@
|
||||
#include "nodelist.h"
|
||||
#include "hs_cache.h"
|
||||
#include "hs_common.h"
|
||||
#include "hs_ident.h"
|
||||
#include "hs_service.h"
|
||||
#include "rendcommon.h"
|
||||
#include "rendservice.h"
|
||||
|
@ -86,3 +86,25 @@ hs_ident_edge_conn_free(hs_ident_edge_conn_t *ident)
|
||||
tor_free(ident);
|
||||
}
|
||||
|
||||
/* Return true if the given ident is valid for an introduction circuit. */
|
||||
int
|
||||
hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident)
|
||||
{
|
||||
if (ident == NULL) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
if (ed25519_public_key_is_zero(&ident->identity_pk)) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
if (ed25519_public_key_is_zero(&ident->intro_auth_pk)) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
/* Valid. */
|
||||
return 1;
|
||||
invalid:
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -126,5 +126,8 @@ hs_ident_edge_conn_t *hs_ident_edge_conn_new(
|
||||
const ed25519_public_key_t *identity_pk);
|
||||
void hs_ident_edge_conn_free(hs_ident_edge_conn_t *ident);
|
||||
|
||||
/* Validators */
|
||||
int hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident);
|
||||
|
||||
#endif /* TOR_HS_IDENT_H */
|
||||
|
||||
|
@ -990,7 +990,7 @@ rend_non_anonymous_mode_enabled(const or_options_t *options)
|
||||
* service.
|
||||
*/
|
||||
void
|
||||
assert_circ_anonymity_ok(origin_circuit_t *circ,
|
||||
assert_circ_anonymity_ok(const origin_circuit_t *circ,
|
||||
const or_options_t *options)
|
||||
{
|
||||
tor_assert(options);
|
||||
|
@ -60,7 +60,7 @@ int rend_auth_decode_cookie(const char *cookie_in,
|
||||
int rend_allow_non_anonymous_connection(const or_options_t* options);
|
||||
int rend_non_anonymous_mode_enabled(const or_options_t *options);
|
||||
|
||||
void assert_circ_anonymity_ok(origin_circuit_t *circ,
|
||||
void assert_circ_anonymity_ok(const origin_circuit_t *circ,
|
||||
const or_options_t *options);
|
||||
|
||||
#ifdef RENDCOMMON_PRIVATE
|
||||
|
Loading…
Reference in New Issue
Block a user