From 8e8c0674c4729a6aa39ded658e800baa654fe289 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 6 Nov 2012 21:33:53 -0500 Subject: [PATCH] Implement proposal-214 rules for CircID checking. --- src/or/channel.c | 14 ++++++++++++-- src/or/channel.h | 3 ++- src/or/channeltls.c | 9 ++++++--- src/or/connection_or.c | 3 ++- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/src/or/channel.c b/src/or/channel.c index cbf7f99be1..9b353a102c 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -4043,9 +4043,10 @@ channel_num_circuits(channel_t *chan) * This is called when setting up a channel and replaces the old * connection_or_set_circid_type() */ - void -channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd) +channel_set_circid_type(channel_t *chan, + crypto_pk_t *identity_rcvd, + int consider_identity) { int started_here; crypto_pk_t *our_identity; @@ -4053,6 +4054,15 @@ channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd) tor_assert(chan); started_here = channel_is_outgoing(chan); + + if (! consider_identity) { + if (started_here) + chan->circ_id_type = CIRC_ID_TYPE_HIGHER; + else + chan->circ_id_type = CIRC_ID_TYPE_LOWER; + return; + } + our_identity = started_here ? get_tlsclient_identity_key() : get_server_identity_key(); diff --git a/src/or/channel.h b/src/or/channel.h index 3cfc8b183c..a21271ca1e 100644 --- a/src/or/channel.h +++ b/src/or/channel.h @@ -449,7 +449,8 @@ int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info); int channel_matches_target_addr_for_extend(channel_t *chan, const tor_addr_t *target); unsigned int channel_num_circuits(channel_t *chan); -void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd); +void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd, + int consider_identity); void channel_timestamp_client(channel_t *chan); const char * channel_listener_describe_transport(channel_listener_t *chan_l); diff --git a/src/or/channeltls.c b/src/or/channeltls.c index 4f87eb5671..ed56e1ad19 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1384,7 +1384,8 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) tor_assert(tor_digest_is_zero( (const char*)(chan->conn->handshake_state-> authenticated_peer_id))); - channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL); + channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL, + chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS); connection_or_init_conn_from_address(chan->conn, &(chan->conn->base_.addr), @@ -1638,7 +1639,8 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan) ERR("Internal error: Couldn't get RSA key from ID cert."); memcpy(chan->conn->handshake_state->authenticated_peer_id, id_digests->d[DIGEST_SHA1], DIGEST_LEN); - channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd); + channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd, + chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS); crypto_pk_free(identity_rcvd); } @@ -1922,7 +1924,8 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan) memcpy(chan->conn->handshake_state->authenticated_peer_id, id_digests->d[DIGEST_SHA1], DIGEST_LEN); - channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd); + channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd, + chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS); crypto_pk_free(identity_rcvd); connection_or_init_conn_from_address(chan->conn, diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 0775eb5c40..63bdd9a5e9 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1554,7 +1554,8 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn, } tor_assert(conn->chan); - channel_set_circid_type(TLS_CHAN_TO_BASE(conn->chan), identity_rcvd); + channel_set_circid_type(TLS_CHAN_TO_BASE(conn->chan), identity_rcvd, 1); + crypto_pk_free(identity_rcvd); if (started_here)