[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Teach circuit_extend() more about Ed25519 identities.

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] Teach circuit_extend() more about Ed25519 identities.
From: nickm@xxxxxxxxxxxxxx
Date: Thu, 8 Dec 2016 21:53:43 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 08 Dec 2016 18:13:15 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit c83778686839c4596504ea392854e9e95884fcfa
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Sat Sep 24 11:04:47 2016 -0700

    Teach circuit_extend() more about Ed25519 identities.
    
    - forbid extending to the previous hop by Ed25519 ID.
    - If we know the Ed25519 ID for the next hop and the client doesn't,
      insist on the one from the consensus.
---
 src/or/circuitbuild.c | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 887b8ec..e833fcb 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1175,6 +1175,16 @@ circuit_extend(cell_t *cell, circuit_t *circ)
     return -1;
   }
 
+  /* Fill in ed_pubkey if it was not provided and we can infer it from
+   * our networkstatus */
+  if (ed25519_public_key_is_zero(&ec.ed_pubkey)) {
+    const node_t *node = node_get_by_id((const char*)ec.node_id);
+    const ed25519_public_key_t *node_ed_id = NULL;
+    if (node && (node_ed_id = node_get_ed25519_id(node))) {
+      memcpy(ec.ed_pubkey.pubkey, node_ed_id->pubkey, ED25519_PUBKEY_LEN);
+    }
+  }
+
   /* Next, check if we're being asked to connect to the hop that the
    * extend cell came from. There isn't any reason for that, and it can
    * assist circular-path attacks. */
@@ -1185,10 +1195,15 @@ circuit_extend(cell_t *cell, circuit_t *circ)
            "Client asked me to extend back to the previous hop.");
     return -1;
   }
-  // XXX 15056 check prev-hop Ed ID too
 
-  // XXX 15056 Fill in ed_pubkey if it was not provided and we can infer
-  // XXX 15056 it from the networkstatus.
+  /* Check the previous hop Ed25519 ID too */
+  if (! ed25519_public_key_is_zero(&ec.ed_pubkey) &&
+      ed25519_pubkey_eq(&ec.ed_pubkey,
+                        &TO_OR_CIRCUIT(circ)->p_chan->ed25519_identity)) {
+    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+           "Client asked me to extend back to the previous hop "
+           "(by Ed25519 ID).");
+  }
 
   n_chan = channel_get_for_extend((const char*)ec.node_id,
                                   &ec.ed_pubkey,



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [tor/maint-0.2.6] Add a one-word sentinel value of 0x0 at the end of each buf_t chunk
Next by Author: [tor-commits] [tor/master] Change return value of entry_guard_succeeded to an enum.
Previous by thread: [tor-commits] [tor/master] Propagate Ed25519 identities downwards into more functions.
Next by thread: [tor-commits] [tor/master] Fix comment on connection_or_client_learned_peer_id().
Index(es):
- Author
- Thread