/* We would like every path to support ntor, but we have to allow for some
* edge cases. */
tor_assert(circuit_get_cpath_len(circ));
- if (circuit_can_use_tap(circ)) {
- /* Circuits from clients to intro points, and hidden services to rend
- * points do not support ntor, because the hidden service protocol does
- * not include ntor onion keys. This is also true for Single Onion
- * Services. */
- return 0;
- }
if (circuit_get_cpath_len(circ) == 1) {
/* Allow for bootstrapping: when we're fetching directly from a fallback,
return state->chosen_exit->nickname;
}
-/* Is circuit purpose allowed to use the deprecated TAP encryption protocol?
- * The hidden service protocol still uses TAP for some connections, because
- * ntor onion keys aren't included in HS descriptors or INTRODUCE cells. */
-static int
-circuit_purpose_can_use_tap_impl(uint8_t purpose)
-{
- return (purpose == CIRCUIT_PURPOSE_S_CONNECT_REND ||
- purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
-}
-
-/* Is circ allowed to use the deprecated TAP encryption protocol?
- * The hidden service protocol still uses TAP for some connections, because
- * ntor onion keys aren't included in HS descriptors or INTRODUCE cells. */
-int
-circuit_can_use_tap(const origin_circuit_t *circ)
-{
- tor_assert(circ);
- tor_assert(circ->cpath);
- tor_assert(circ->cpath->extend_info);
- return (circuit_purpose_can_use_tap_impl(circ->base_.purpose) &&
- extend_info_supports_tap(circ->cpath->extend_info));
-}
-
/* Does circ have an onion key which it's allowed to use? */
int
circuit_has_usable_onion_key(const origin_circuit_t *circ)
tor_assert(circ);
tor_assert(circ->cpath);
tor_assert(circ->cpath->extend_info);
- return (extend_info_supports_ntor(circ->cpath->extend_info) ||
- circuit_can_use_tap(circ));
+ return extend_info_supports_ntor(circ->cpath->extend_info);
}
/** Find the circuits that are waiting to find out whether their guards are
int circuit_append_new_exit(origin_circuit_t *circ, extend_info_t *info);
int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *info);
-int circuit_can_use_tap(const origin_circuit_t *circ);
int circuit_has_usable_onion_key(const origin_circuit_t *circ);
const uint8_t *build_state_get_exit_rsa_id(cpath_build_state_t *state);
MOCK_DECL(const node_t *,
extend_info = extend_info_new(conn->chosen_exit_name+1,
digest,
NULL, /* Ed25519 ID */
- NULL, NULL, /* onion keys */
+ NULL, /* onion keys */
&addr, conn->socks_request->port,
NULL,
false);
/** IP/Port values for this hop's ORPort(s). Any unused values are set
* to a null address. */
tor_addr_port_t orports[EXTEND_INFO_MAX_ADDRS];
- /** TAP onion key for this hop. */
- crypto_pk_t *onion_key;
/** Ntor onion key for this hop. */
curve25519_public_key_t curve25519_onion_key;
/** True if this hop is to be used as an _exit_,
extend_info_new(const char *nickname,
const char *rsa_id_digest,
const ed25519_public_key_t *ed_id,
- crypto_pk_t *onion_key,
const curve25519_public_key_t *ntor_key,
const tor_addr_t *addr, uint16_t port,
const protover_summary_flags_t *pv,
memcpy(&info->ed_identity, ed_id, sizeof(ed25519_public_key_t));
if (nickname)
strlcpy(info->nickname, nickname, sizeof(info->nickname));
- if (onion_key)
- info->onion_key = crypto_pk_dup_key(onion_key);
if (ntor_key)
memcpy(&info->curve25519_onion_key, ntor_key,
sizeof(curve25519_public_key_t));
/* Retrieve the curve25519 pubkey. */
const curve25519_public_key_t *curve_pubkey =
node_get_curve25519_onion_key(node);
- rsa_pubkey = node_get_rsa_onion_key(node);
if (valid_addr && node->ri) {
info = extend_info_new(node->ri->nickname,
node->identity,
ed_pubkey,
- rsa_pubkey,
curve_pubkey,
&ap.addr,
ap.port,
info = extend_info_new(node->rs->nickname,
node->identity,
ed_pubkey,
- rsa_pubkey,
curve_pubkey,
&ap.addr,
ap.port,
for_exit);
}
- crypto_pk_free(rsa_pubkey);
return info;
}
{
if (!info)
return;
- crypto_pk_free(info->onion_key);
tor_free(info);
}
tor_assert(info);
newinfo = tor_malloc(sizeof(extend_info_t));
memcpy(newinfo, info, sizeof(extend_info_t));
- if (info->onion_key)
- newinfo->onion_key = crypto_pk_dup_key(info->onion_key);
- else
- newinfo->onion_key = NULL;
return newinfo;
}
-/* Does ei have a valid TAP key? */
-int
-extend_info_supports_tap(const extend_info_t* ei)
-{
- tor_assert(ei);
- /* Valid TAP keys are not NULL */
- return ei->onion_key != NULL;
-}
-
/* Does ei have a valid ntor key? */
int
extend_info_supports_ntor(const extend_info_t* ei)
extend_info_t *extend_info_new(const char *nickname,
const char *rsa_id_digest,
const struct ed25519_public_key_t *ed_id,
- crypto_pk_t *onion_key,
const struct curve25519_public_key_t *ntor_key,
const tor_addr_t *addr, uint16_t port,
const struct protover_summary_flags_t *pv,
#define extend_info_free(info) \
FREE_AND_NULL(extend_info_t, extend_info_free_, (info))
int extend_info_addr_is_allowed(const tor_addr_t *addr);
-int extend_info_supports_tap(const extend_info_t* ei);
int extend_info_supports_ntor(const extend_info_t* ei);
int extend_info_supports_ntor_v3(const extend_info_t *ei);
int extend_info_has_preferred_onion_key(const extend_info_t* ei);
/** If we have a bridge configured whose digest matches
* <b>ei->identity_digest</b>, or a bridge with no known digest whose address
* matches <b>ei->addr</b>:<b>ei->port</b>, return 1. Else return 0.
- * If <b>ei->onion_key</b> is NULL, check for address/port matches only.
+ * If <b>ei</b> has no onion key configured, check for address/port matches
+ * only.
*
* Note that if the extend_info_t contains multiple addresses, we return true
* only if _every_ address is a bridge.
int
extend_info_is_a_configured_bridge(const extend_info_t *ei)
{
- const char *digest = ei->onion_key ? ei->identity_digest : NULL;
+ const char *digest = curve25519_public_key_is_ok(&ei->curve25519_onion_key)
+ ? ei->identity_digest : NULL;
const tor_addr_port_t *ap1 = NULL, *ap2 = NULL;
if (! tor_addr_is_null(&ei->orports[0].addr))
ap1 = &ei->orports[0];
/* We do have everything for which we think we can connect successfully. */
info = extend_info_new(NULL, legacy_id,
- (have_ed25519_id) ? &ed25519_pk : NULL, NULL,
+ (have_ed25519_id) ? &ed25519_pk : NULL,
onion_key, &ap.addr, ap.port, NULL, false);
done:
return info;
circ->n_hop = extend_info_new(NULL /*nickname*/,
(const char*)ec->node_id,
&ec->ed_pubkey,
- NULL, /*onion_key*/
NULL, /*curve25519_key*/
&chosen_ap->addr,
chosen_ap->port,
static extend_info_t *
extend_info_from_router(const routerinfo_t *r, int family)
{
- crypto_pk_t *rsa_pubkey;
extend_info_t *info;
tor_addr_port_t ap;
/* We don't have an ORPort for the requested family. */
return NULL;
}
- rsa_pubkey = router_get_rsa_onion_pkey(r->onion_pkey, r->onion_pkey_len);
info = extend_info_new(r->nickname, r->cache_info.identity_digest,
ed_id_key,
- rsa_pubkey, r->onion_curve25519_pkey,
+ r->onion_curve25519_pkey,
&ap.addr, ap.port,
/* TODO-324: Should self-test circuits use
* congestion control? */
NULL, false);
- crypto_pk_free(rsa_pubkey);
+
return info;
}
hop->extend_info = extend_info_new(
padding ? "padding" : "non-padding",
- digest, NULL, NULL, NULL,
+ digest, NULL, NULL,
&addr, padding, NULL, false);
cpath_init_circuit_crypto(hop, whatevs_key, sizeof(whatevs_key), 0, 0);
hop->extend_info = extend_info_new(
exit ? "exit" : "non-exit",
- digest, NULL, NULL, NULL,
+ digest, NULL, NULL,
&addr, exit, NULL, exit);
cpath_init_circuit_crypto(hop, whatevs_key, sizeof(whatevs_key), 0, 0);
ocirc->build_state = tor_malloc_zero(sizeof(cpath_build_state_t));
/* Code path will log this exit so build it. */
ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest,
- NULL, NULL, NULL, &addr,
+ NULL, NULL, &addr,
4242, NULL, false);
/* Attach socks connection to this rendezvous circuit. */
ocirc->p_streams = ENTRY_TO_EDGE_CONN(socks_conn);
ocirc->build_state = tor_malloc_zero(sizeof(cpath_build_state_t));
/* Code path will log this exit so build it. */
ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest,
- NULL, NULL, NULL, &addr,
+ NULL, NULL, &addr,
4242, NULL, false);
ed25519_pubkey_copy(ô->hs_ident->intro_auth_pk, &intro_kp.pubkey);
ocirc->build_state = tor_malloc_zero(sizeof(cpath_build_state_t));
/* Code path will log this exit so build it. */
ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest,
- NULL, NULL, NULL, &addr,
+ NULL, NULL, &addr,
4242, NULL, false);
ed25519_pubkey_copy(ô->hs_ident->intro_auth_pk, &intro_kp.pubkey);
ocirc->build_state = tor_malloc_zero(sizeof(cpath_build_state_t));
/* Code path will log this exit so build it. */
ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest,
- NULL, NULL, NULL, &addr,
+ NULL, NULL, &addr,
4242, NULL, false);
ed25519_pubkey_copy(ô->hs_ident->intro_auth_pk, &intro_kp.pubkey);
projects / thirdparty / tor.git / commitdiff
