Loading changes/ticket22668 0 → 100644 +3 −0 Original line number Diff line number Diff line o Minor features (logging): - When describing a relay in th elogs, we now include its ed25519 identity. Closes ticket 22668. src/core/mainloop/connection.c +12 −3 Original line number Diff line number Diff line Loading @@ -110,6 +110,7 @@ #include "feature/stats/rephist.h" #include "feature/stats/bwhist.h" #include "lib/crypt_ops/crypto_util.h" #include "lib/crypt_ops/crypto_format.h" #include "lib/geoip/geoip.h" #include "lib/cc/ctassert.h" Loading Loading @@ -440,11 +441,19 @@ connection_describe_peer_internal(const connection_t *conn, // This could be a client, so scrub it. No identity to report. scrub = true; } else { char id_buf[HEX_DIGEST_LEN+1]; base16_encode(id_buf, sizeof(id_buf), const ed25519_public_key_t *ed_id = connection_or_get_alleged_ed25519_id(or_conn); char ed_id_buf[ED25519_BASE64_LEN+1]; char rsa_id_buf[HEX_DIGEST_LEN+1]; if (ed_id) { ed25519_public_to_base64(ed_id_buf, ed_id); } else { strlcpy(ed_id_buf, "<none>", sizeof(ed_id_buf)); } base16_encode(rsa_id_buf, sizeof(rsa_id_buf), or_conn->identity_digest, DIGEST_LEN); tor_snprintf(extra_buf, sizeof(extra_buf), " ID=%s", id_buf); " ID=%s RSA_ID=%s", ed_id_buf, rsa_id_buf); } if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) || conn->port != or_conn->canonical_orport.port)) { Loading src/core/or/connection_or.c +20 −0 Original line number Diff line number Diff line Loading @@ -207,6 +207,26 @@ connection_or_set_identity_digest(or_connection_t *conn, channel_set_identity_digest(chan, rsa_digest, ed_id); } /** * Return the Ed25519 identity of the peer for this connection (if any). * * Note that this ID may not be the _actual_ identity for the peer if * authentication is not complete. **/ const struct ed25519_public_key_t * connection_or_get_alleged_ed25519_id(const or_connection_t *conn) { if (conn && conn->chan) { const channel_t *chan = NULL; chan = TLS_CHAN_TO_BASE(conn->chan); if (!ed25519_public_key_is_zero(&chan->ed25519_identity)) { return &chan->ed25519_identity; } } return NULL; } /**************************************************************/ /** Map from a string describing what a non-open OR connection was doing when Loading src/core/or/connection_or.h +2 −0 Original line number Diff line number Diff line Loading @@ -73,6 +73,8 @@ void connection_or_init_conn_from_address(or_connection_t *conn, int connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *rsa_peer_id, const struct ed25519_public_key_t *ed_peer_id); const struct ed25519_public_key_t *connection_or_get_alleged_ed25519_id( const or_connection_t *conn); time_t connection_or_client_used(or_connection_t *conn); MOCK_DECL(int, connection_or_get_num_circuits, (or_connection_t *conn)); void or_handshake_state_free_(or_handshake_state_t *state); Loading src/feature/nodelist/describe.c +30 −3 Original line number Diff line number Diff line Loading @@ -14,6 +14,10 @@ #include "core/or/or.h" #include "core/or/extendinfo.h" #include "feature/nodelist/describe.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerinfo.h" #include "lib/crypt_ops/crypto_ed25519.h" #include "lib/crypt_ops/crypto_format.h" #include "core/or/extend_info_st.h" #include "feature/nodelist/node_st.h" Loading @@ -34,7 +38,8 @@ */ STATIC const char * format_node_description(char *buf, const char *id_digest, const char *rsa_id_digest, const ed25519_public_key_t *ed25519_id, const char *nickname, const tor_addr_t *ipv4_addr, const tor_addr_t *ipv6_addr) Loading @@ -48,7 +53,7 @@ format_node_description(char *buf, memset(buf, 0, NODE_DESC_BUF_LEN); if (!id_digest) { if (!rsa_id_digest) { /* strlcpy() returns the length of the source string it attempted to copy, * ignoring any required truncation due to the buffer length. */ rv = strlcpy(buf, "<NULL ID DIGEST>", NODE_DESC_BUF_LEN); Loading @@ -66,7 +71,7 @@ format_node_description(char *buf, memset(hex_digest, 0, sizeof(hex_digest)); base16_encode(hex_digest, sizeof(hex_digest), id_digest, DIGEST_LEN); rsa_id_digest, DIGEST_LEN); rv = strlcat(buf, hex_digest, NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); } Loading @@ -77,6 +82,16 @@ format_node_description(char *buf, rv = strlcat(buf, nickname, NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); } if (ed25519_id) { char ed_base64[ED25519_BASE64_LEN+1]; ed25519_public_to_base64(ed_base64, ed25519_id); rv = strlcat(buf, " [", NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); rv = strlcat(buf, ed_base64, NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); rv = strlcat(buf, "]", NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); } if (ipv4_addr || has_ipv6) { rv = strlcat(buf, " at ", NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); Loading Loading @@ -126,8 +141,11 @@ router_describe(const routerinfo_t *ri) if (!ri) return "<null>"; const ed25519_public_key_t *ed25519_id = routerinfo_get_ed25519_id(ri); return format_node_description(buf, ri->cache_info.identity_digest, ed25519_id, ri->nickname, &ri->ipv4_addr, &ri->ipv6_addr); Loading Loading @@ -166,8 +184,11 @@ node_describe(const node_t *node) return "<null rs and ri>"; } const ed25519_public_key_t *ed25519_id = node_get_ed25519_id(node); return format_node_description(buf, node->identity, ed25519_id, nickname, ipv4_addr, ipv6_addr); Loading @@ -188,6 +209,7 @@ routerstatus_describe(const routerstatus_t *rs) return format_node_description(buf, rs->identity_digest, NULL, rs->nickname, &rs->ipv4_addr, &rs->ipv6_addr); Loading @@ -211,8 +233,13 @@ extend_info_describe(const extend_info_t *ei) const tor_addr_t *addr4 = ap4 ? &ap4->addr : NULL; const tor_addr_t *addr6 = ap6 ? &ap6->addr : NULL; const ed25519_public_key_t *ed25519_id = &ei->ed_identity; if (ed25519_public_key_is_zero(ed25519_id)) ed25519_id = NULL; return format_node_description(buf, ei->identity_digest, ed25519_id, ei->nickname, addr4, addr6); Loading Loading
changes/ticket22668 0 → 100644 +3 −0 Original line number Diff line number Diff line o Minor features (logging): - When describing a relay in th elogs, we now include its ed25519 identity. Closes ticket 22668.
src/core/mainloop/connection.c +12 −3 Original line number Diff line number Diff line Loading @@ -110,6 +110,7 @@ #include "feature/stats/rephist.h" #include "feature/stats/bwhist.h" #include "lib/crypt_ops/crypto_util.h" #include "lib/crypt_ops/crypto_format.h" #include "lib/geoip/geoip.h" #include "lib/cc/ctassert.h" Loading Loading @@ -440,11 +441,19 @@ connection_describe_peer_internal(const connection_t *conn, // This could be a client, so scrub it. No identity to report. scrub = true; } else { char id_buf[HEX_DIGEST_LEN+1]; base16_encode(id_buf, sizeof(id_buf), const ed25519_public_key_t *ed_id = connection_or_get_alleged_ed25519_id(or_conn); char ed_id_buf[ED25519_BASE64_LEN+1]; char rsa_id_buf[HEX_DIGEST_LEN+1]; if (ed_id) { ed25519_public_to_base64(ed_id_buf, ed_id); } else { strlcpy(ed_id_buf, "<none>", sizeof(ed_id_buf)); } base16_encode(rsa_id_buf, sizeof(rsa_id_buf), or_conn->identity_digest, DIGEST_LEN); tor_snprintf(extra_buf, sizeof(extra_buf), " ID=%s", id_buf); " ID=%s RSA_ID=%s", ed_id_buf, rsa_id_buf); } if (! scrub && (! tor_addr_eq(addr, &or_conn->canonical_orport.addr) || conn->port != or_conn->canonical_orport.port)) { Loading
src/core/or/connection_or.c +20 −0 Original line number Diff line number Diff line Loading @@ -207,6 +207,26 @@ connection_or_set_identity_digest(or_connection_t *conn, channel_set_identity_digest(chan, rsa_digest, ed_id); } /** * Return the Ed25519 identity of the peer for this connection (if any). * * Note that this ID may not be the _actual_ identity for the peer if * authentication is not complete. **/ const struct ed25519_public_key_t * connection_or_get_alleged_ed25519_id(const or_connection_t *conn) { if (conn && conn->chan) { const channel_t *chan = NULL; chan = TLS_CHAN_TO_BASE(conn->chan); if (!ed25519_public_key_is_zero(&chan->ed25519_identity)) { return &chan->ed25519_identity; } } return NULL; } /**************************************************************/ /** Map from a string describing what a non-open OR connection was doing when Loading
src/core/or/connection_or.h +2 −0 Original line number Diff line number Diff line Loading @@ -73,6 +73,8 @@ void connection_or_init_conn_from_address(or_connection_t *conn, int connection_or_client_learned_peer_id(or_connection_t *conn, const uint8_t *rsa_peer_id, const struct ed25519_public_key_t *ed_peer_id); const struct ed25519_public_key_t *connection_or_get_alleged_ed25519_id( const or_connection_t *conn); time_t connection_or_client_used(or_connection_t *conn); MOCK_DECL(int, connection_or_get_num_circuits, (or_connection_t *conn)); void or_handshake_state_free_(or_handshake_state_t *state); Loading
src/feature/nodelist/describe.c +30 −3 Original line number Diff line number Diff line Loading @@ -14,6 +14,10 @@ #include "core/or/or.h" #include "core/or/extendinfo.h" #include "feature/nodelist/describe.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerinfo.h" #include "lib/crypt_ops/crypto_ed25519.h" #include "lib/crypt_ops/crypto_format.h" #include "core/or/extend_info_st.h" #include "feature/nodelist/node_st.h" Loading @@ -34,7 +38,8 @@ */ STATIC const char * format_node_description(char *buf, const char *id_digest, const char *rsa_id_digest, const ed25519_public_key_t *ed25519_id, const char *nickname, const tor_addr_t *ipv4_addr, const tor_addr_t *ipv6_addr) Loading @@ -48,7 +53,7 @@ format_node_description(char *buf, memset(buf, 0, NODE_DESC_BUF_LEN); if (!id_digest) { if (!rsa_id_digest) { /* strlcpy() returns the length of the source string it attempted to copy, * ignoring any required truncation due to the buffer length. */ rv = strlcpy(buf, "<NULL ID DIGEST>", NODE_DESC_BUF_LEN); Loading @@ -66,7 +71,7 @@ format_node_description(char *buf, memset(hex_digest, 0, sizeof(hex_digest)); base16_encode(hex_digest, sizeof(hex_digest), id_digest, DIGEST_LEN); rsa_id_digest, DIGEST_LEN); rv = strlcat(buf, hex_digest, NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); } Loading @@ -77,6 +82,16 @@ format_node_description(char *buf, rv = strlcat(buf, nickname, NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); } if (ed25519_id) { char ed_base64[ED25519_BASE64_LEN+1]; ed25519_public_to_base64(ed_base64, ed25519_id); rv = strlcat(buf, " [", NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); rv = strlcat(buf, ed_base64, NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); rv = strlcat(buf, "]", NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); } if (ipv4_addr || has_ipv6) { rv = strlcat(buf, " at ", NODE_DESC_BUF_LEN); tor_assert_nonfatal(rv < NODE_DESC_BUF_LEN); Loading Loading @@ -126,8 +141,11 @@ router_describe(const routerinfo_t *ri) if (!ri) return "<null>"; const ed25519_public_key_t *ed25519_id = routerinfo_get_ed25519_id(ri); return format_node_description(buf, ri->cache_info.identity_digest, ed25519_id, ri->nickname, &ri->ipv4_addr, &ri->ipv6_addr); Loading Loading @@ -166,8 +184,11 @@ node_describe(const node_t *node) return "<null rs and ri>"; } const ed25519_public_key_t *ed25519_id = node_get_ed25519_id(node); return format_node_description(buf, node->identity, ed25519_id, nickname, ipv4_addr, ipv6_addr); Loading @@ -188,6 +209,7 @@ routerstatus_describe(const routerstatus_t *rs) return format_node_description(buf, rs->identity_digest, NULL, rs->nickname, &rs->ipv4_addr, &rs->ipv6_addr); Loading @@ -211,8 +233,13 @@ extend_info_describe(const extend_info_t *ei) const tor_addr_t *addr4 = ap4 ? &ap4->addr : NULL; const tor_addr_t *addr6 = ap6 ? &ap6->addr : NULL; const ed25519_public_key_t *ed25519_id = &ei->ed_identity; if (ed25519_public_key_is_zero(ed25519_id)) ed25519_id = NULL; return format_node_description(buf, ei->identity_digest, ed25519_id, ei->nickname, addr4, addr6); Loading
