From: Nick Mathewson Date: Thu, 21 Oct 2010 17:54:12 +0000 (-0400) Subject: Add some asserts to get_{tlsclient|server}_identity_key X-Git-Tag: tor-0.2.2.18-alpha~22^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=03adb8caadb894a7fcd7c7a24e3147fa6d3fc4f9;p=thirdparty%2Ftor.git Add some asserts to get_{tlsclient|server}_identity_key We now require that: - Only actual servers should ever call get_server_identity_key - If you're being a client or bridge, the client and server keys should differ. - If you're being a public relay, the client and server keys should be the same. --- diff --git a/src/or/router.c b/src/or/router.c index a2adfe155e..d289b0c3db 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -137,13 +137,32 @@ set_server_identity_key(crypto_pk_env_t *k) crypto_pk_get_digest(server_identitykey, server_identitykey_digest); } +/** Make sure that we have set up our identity keys to match or not match as + * appropriate, and die with an assertion if we have not. */ +static void +assert_identity_keys_ok(void) +{ + tor_assert(client_identitykey); + if (public_server_mode(get_options())) { + /* assert that we have set the client and server keys to be equal */ + tor_assert(server_identitykey); + tor_assert(0==crypto_pk_cmp_keys(client_identitykey, server_identitykey)); + } else { + /* assert that we have set the client and server keys to be unequal */ + if (server_identitykey) + tor_assert(0!=crypto_pk_cmp_keys(client_identitykey, server_identitykey)); + } +} + /** Returns the current server identity key; requires that the key has - * been set. + * been set, and that we are running as a Tor server. */ crypto_pk_env_t * get_server_identity_key(void) { tor_assert(server_identitykey); + tor_assert(server_mode(get_options())); + assert_identity_keys_ok(); return server_identitykey; } @@ -170,6 +189,7 @@ crypto_pk_env_t * get_tlsclient_identity_key(void) { tor_assert(client_identitykey); + assert_identity_keys_ok(); return client_identitykey; }