Ticket #24509: 0001-Restricts-TAP-usage-for-circuits-to-only-v2-onion-se.patch

File 0001-Restricts-TAP-usage-for-circuits-to-only-v2-onion-se.patch, 1.9 KB (added by irl, 2 years ago)
  • src/or/circuitbuild.c

    From 9109724e103eb107de9390b7fda9a1a7dfc760e2 Mon Sep 17 00:00:00 2001
    From: "Iain R. Learmonth" <irl@fsfe.org>
    Date: Mon, 4 Dec 2017 13:55:31 +0000
    Subject: [PATCH] Restricts TAP usage for circuits to only v2 onion services
    
    circuit_can_use_tap() checks the circuit purpose to make sure that it's an
    onion service circuit. This change introduces an additional check to ensure
    that it is a v2 onion service, and so not v3 which would support ntor.
    
    Fixes: #24509
    ---
     src/or/circuitbuild.c | 17 +++++++++++++++--
     1 file changed, 15 insertions(+), 2 deletions(-)
    
    diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
    index 2e6b63b4d..3a34547bc 100644
    a b circuit_purpose_can_use_tap_impl(uint8_t purpose) 
    28392839          purpose == CIRCUIT_PURPOSE_C_INTRODUCING);
    28402840}
    28412841
     2842/* Is the hidden service version allowed to use the deprecated TAP encryption
     2843 * protocol? Version 3 supports ntor and so TAP should never be used for
     2844 * version 3, only for version 2. */
     2845static int
     2846circuit_rend_version_can_use_tap_impl(uint8_t version)
     2847{
     2848  return version == 2;
     2849}
     2850
    28422851/* Is circ allowed to use the deprecated TAP encryption protocol?
    28432852 * The hidden service protocol still uses TAP for some connections, because
    28442853 * ntor onion keys aren't included in HS descriptors or INTRODUCE cells. */
    circuit_can_use_tap(const origin_circuit_t *circ) 
    28482857  tor_assert(circ);
    28492858  tor_assert(circ->cpath);
    28502859  tor_assert(circ->cpath->extend_info);
    2851   return (circuit_purpose_can_use_tap_impl(circ->base_.purpose) &&
    2852           extend_info_supports_tap(circ->cpath->extend_info));
     2860  if (circuit_purpose_can_use_tap_impl(circ->base_.purpose) &&
     2861      extend_info_supports_tap(circ->cpath->extend_info)) {
     2862    tor_assert(circ->rend_data);
     2863    return circuit_rend_version_can_use_tap_impl(circ->rend_data->version);
     2864  }
     2865  return 0;
    28532866}
    28542867
    28552868/* Does circ have an onion key which it's allowed to use? */