From f106af3c41dffdc8576c52399a61d34116b78f38 Mon Sep 17 00:00:00 2001 From: George Kadianakis Date: Thu, 3 Aug 2017 16:00:18 +0300 Subject: [PATCH] Make ed25519 id keys optional for IPs and RPs. --- src/or/hs_circuit.c | 6 ++++-- src/or/hs_descriptor.c | 8 ++++++++ src/or/hs_service.c | 11 +++++++---- src/test/test_hs_service.c | 11 ++++++++++- 4 files changed, 29 insertions(+), 7 deletions(-) diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c index c78ac6057f..3d67f24cb8 100644 --- a/src/or/hs_circuit.c +++ b/src/or/hs_circuit.c @@ -406,7 +406,7 @@ get_rp_extend_info(const smartlist_t *link_specifiers, } SMARTLIST_FOREACH_END(ls); /* IPv4, legacy ID and ed25519 are mandatory. */ - if (!have_v4 || !have_legacy_id || !have_ed25519_id) { + if (!have_v4 || !have_legacy_id) { goto done; } /* By default, we pick IPv4 but this might change to v6 if certain @@ -451,7 +451,9 @@ get_rp_extend_info(const smartlist_t *link_specifiers, } /* We do have everything for which we think we can connect successfully. */ - info = extend_info_new(NULL, legacy_id, &ed25519_pk, NULL, onion_key, + info = extend_info_new(NULL, legacy_id, + have_ed25519_id ? &ed25519_pk : NULL, + NULL, onion_key, addr, port); done: return info; diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c index 700d1b0cfc..430e2f6f99 100644 --- a/src/or/hs_descriptor.c +++ b/src/or/hs_descriptor.c @@ -2471,9 +2471,17 @@ hs_desc_link_specifier_new(const extend_info_t *info, uint8_t type) ls->u.ap.port = info->port; break; case LS_LEGACY_ID: + /* Bug out if the identity digest is not set */ + if (BUG(tor_mem_is_zero(info->identity_digest, + sizeof(info->identity_digest)))) { + goto err; + } memcpy(ls->u.legacy_id, info->identity_digest, sizeof(ls->u.legacy_id)); break; case LS_ED25519_ID: + if (ed25519_public_key_is_zero(&info->ed_identity)) { + goto err; + } memcpy(ls->u.ed25519_id, info->ed_identity.pubkey, sizeof(ls->u.ed25519_id)); break; diff --git a/src/or/hs_service.c b/src/or/hs_service.c index 86e7d40cb7..a6f548d319 100644 --- a/src/or/hs_service.c +++ b/src/or/hs_service.c @@ -394,6 +394,7 @@ service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) goto err; } smartlist_add(ip->base.link_specifiers, ls); + ls = hs_desc_link_specifier_new(ei, LS_LEGACY_ID); /* It is impossible to have an extend info object without an identity * digest. */ @@ -401,11 +402,13 @@ service_intro_point_new(const extend_info_t *ei, unsigned int is_legacy) goto err; } smartlist_add(ip->base.link_specifiers, ls); + + /* ed25519 identity key is optional */ ls = hs_desc_link_specifier_new(ei, LS_ED25519_ID); - /* It is impossible to have an extend info object without an ed25519 - * identity key. */ - tor_assert(ls); - smartlist_add(ip->base.link_specifiers, ls); + if (ls) { + smartlist_add(ip->base.link_specifiers, ls); + } + /* IPv6 is optional. */ ls = hs_desc_link_specifier_new(ei, LS_IPV6); if (ls) { diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index 2ad8393e84..4ee2cdac88 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -1086,14 +1086,21 @@ test_build_update_descriptors(void *arg) ri.purpose = ROUTER_PURPOSE_GENERAL; /* Ugly yes but we never free the "ri" object so this just makes things * easier. */ - ri.protocol_list = (char *) "HSDir 1-2"; + ri.protocol_list = (char *) "HSDir=1-2 LinkAuth=3"; ret = curve25519_secret_key_generate(&curve25519_secret_key, 0); tt_int_op(ret, OP_EQ, 0); ri.onion_curve25519_pkey = tor_malloc_zero(sizeof(curve25519_public_key_t)); + ri.onion_pkey = crypto_pk_new(); curve25519_public_key_generate(ri.onion_curve25519_pkey, &curve25519_secret_key); memset(ri.cache_info.identity_digest, 'A', DIGEST_LEN); + /* Setup ed25519 identity */ + ed25519_keypair_t kp1; + ed25519_keypair_generate(&kp1, 0); + ri.cache_info.signing_key_cert = tor_malloc_zero(sizeof(tor_cert_t)); + tt_assert(ri.cache_info.signing_key_cert); + ed25519_pubkey_copy(&ri.cache_info.signing_key_cert->signing_key, &kp1.pubkey); nodelist_set_routerinfo(&ri, NULL); node = node_get_mutable_by_id(ri.cache_info.identity_digest); tt_assert(node); @@ -1104,6 +1111,8 @@ test_build_update_descriptors(void *arg) setup_full_capture_of_logs(LOG_INFO); update_all_descriptors(now); tor_free(node->ri->onion_curve25519_pkey); /* Avoid memleak. */ + tor_free(node->ri->cache_info.signing_key_cert); + crypto_pk_free(node->ri->onion_pkey); expect_log_msg_containing("just picked 1 intro points and wanted 3. It " "currently has 0 intro points. Launching " "ESTABLISH_INTRO circuit shortly.");