nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 13:43:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement proposal-214 rules for CircID checking.

Browse Source
This commit is contained in:
Nick Mathewson 2012-11-06 21:33:53 -05:00
parent 1c0e87f6d8
commit 8e8c0674c4
4 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/or/channel.c
View File

@ -4043,9 +4043,10 @@ channel_num_circuits(channel_t *chan)
* This is called when setting up a channel and replaces the old * This is called when setting up a channel and replaces the old
* connection_or_set_circid_type() * connection_or_set_circid_type()
*/ */
void void
channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd) channel_set_circid_type(channel_t *chan,
crypto_pk_t *identity_rcvd,
int consider_identity)
{ {
int started_here; int started_here;
crypto_pk_t *our_identity; crypto_pk_t *our_identity;
@ -4053,6 +4054,15 @@ channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd)
tor_assert(chan); tor_assert(chan);
started_here = channel_is_outgoing(chan); started_here = channel_is_outgoing(chan);
if (! consider_identity) {
if (started_here)
chan->circ_id_type = CIRC_ID_TYPE_HIGHER;
else
chan->circ_id_type = CIRC_ID_TYPE_LOWER;
return;
}
our_identity = started_here ? our_identity = started_here ?
get_tlsclient_identity_key() : get_server_identity_key(); get_tlsclient_identity_key() : get_server_identity_key();

3
src/or/channel.h
View File

@ -449,7 +449,8 @@ int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info);
int channel_matches_target_addr_for_extend(channel_t *chan, int channel_matches_target_addr_for_extend(channel_t *chan,
const tor_addr_t *target); const tor_addr_t *target);
unsigned int channel_num_circuits(channel_t *chan); unsigned int channel_num_circuits(channel_t *chan);
void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd); void channel_set_circid_type(channel_t *chan, crypto_pk_t *identity_rcvd,
int consider_identity);
void channel_timestamp_client(channel_t *chan); void channel_timestamp_client(channel_t *chan);
const char * channel_listener_describe_transport(channel_listener_t *chan_l); const char * channel_listener_describe_transport(channel_listener_t *chan_l);

9
src/or/channeltls.c
View File

@ -1384,7 +1384,8 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan)
tor_assert(tor_digest_is_zero( tor_assert(tor_digest_is_zero(
(const char*)(chan->conn->handshake_state-> (const char*)(chan->conn->handshake_state->
authenticated_peer_id))); authenticated_peer_id)));
channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL); channel_set_circid_type(TLS_CHAN_TO_BASE(chan), NULL,
chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
connection_or_init_conn_from_address(chan->conn, connection_or_init_conn_from_address(chan->conn,
&(chan->conn->base_.addr), &(chan->conn->base_.addr),
@ -1638,7 +1639,8 @@ channel_tls_process_certs_cell(var_cell_t *cell, channel_tls_t *chan)
ERR("Internal error: Couldn't get RSA key from ID cert."); ERR("Internal error: Couldn't get RSA key from ID cert.");
memcpy(chan->conn->handshake_state->authenticated_peer_id, memcpy(chan->conn->handshake_state->authenticated_peer_id,
id_digests->d[DIGEST_SHA1], DIGEST_LEN); id_digests->d[DIGEST_SHA1], DIGEST_LEN);
channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd); channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
crypto_pk_free(identity_rcvd); crypto_pk_free(identity_rcvd);
} }
@ -1922,7 +1924,8 @@ channel_tls_process_authenticate_cell(var_cell_t *cell, channel_tls_t *chan)
memcpy(chan->conn->handshake_state->authenticated_peer_id, memcpy(chan->conn->handshake_state->authenticated_peer_id,
id_digests->d[DIGEST_SHA1], DIGEST_LEN); id_digests->d[DIGEST_SHA1], DIGEST_LEN);
channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd); channel_set_circid_type(TLS_CHAN_TO_BASE(chan), identity_rcvd,
chan->conn->link_proto < MIN_LINK_PROTO_FOR_WIDE_CIRC_IDS);
crypto_pk_free(identity_rcvd); crypto_pk_free(identity_rcvd);
connection_or_init_conn_from_address(chan->conn, connection_or_init_conn_from_address(chan->conn,

3
src/or/connection_or.c
View File

@ -1554,7 +1554,8 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
} }
tor_assert(conn->chan); tor_assert(conn->chan);
channel_set_circid_type(TLS_CHAN_TO_BASE(conn->chan), identity_rcvd); channel_set_circid_type(TLS_CHAN_TO_BASE(conn->chan), identity_rcvd, 1);
crypto_pk_free(identity_rcvd); crypto_pk_free(identity_rcvd);
if (started_here) if (started_here)