[or-cvs] move the tls handshake stuff to connection_or
Roger Dingledine
arma at seul.org
Tue Sep 30 18:45:57 UTC 2003
Update of /home/or/cvsroot/src/or
In directory moria.mit.edu:/home2/arma/work/onion/cvs/src/or
Modified Files:
or.h connection.c connection_or.c
Log Message:
move the tls handshake stuff to connection_or
Index: or.h
===================================================================
RCS file: /home/or/cvsroot/src/or/or.h,v
retrieving revision 1.145
retrieving revision 1.146
diff -u -d -r1.145 -r1.146
--- or.h 30 Sep 2003 08:18:10 -0000 1.145
+++ or.h 30 Sep 2003 18:45:54 -0000 1.146
@@ -525,8 +525,6 @@
int connection_create_listener(struct sockaddr_in *bindaddr, int type);
int connection_handle_listener_read(connection_t *conn, int new_type);
-int connection_tls_start_handshake(connection_t *conn, int receiving);
-
int connection_connect(connection_t *conn, char *address, uint32_t addr, uint16_t port);
int retry_all_connections(uint16_t or_listenport, uint16_t ap_listenport, uint16_t dir_listenport);
@@ -575,6 +573,9 @@
void connection_or_init_conn_from_router(connection_t *conn, routerinfo_t *router);
connection_t *connection_or_connect(routerinfo_t *router);
+
+int connection_tls_start_handshake(connection_t *conn, int receiving);
+int connection_tls_continue_handshake(connection_t *conn);
int connection_write_cell_to_buf(const cell_t *cellp, connection_t *conn);
int connection_process_cell_from_inbuf(connection_t *conn);
Index: connection.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection.c,v
retrieving revision 1.109
retrieving revision 1.110
diff -u -d -r1.109 -r1.110
--- connection.c 30 Sep 2003 08:18:07 -0000 1.109
+++ connection.c 30 Sep 2003 18:45:54 -0000 1.110
@@ -68,8 +68,6 @@
/********* END VARIABLES ************/
static int connection_init_accepted_conn(connection_t *conn);
-static int connection_tls_continue_handshake(connection_t *conn);
-static int connection_tls_finish_handshake(connection_t *conn);
/**************************************************************/
@@ -226,107 +224,6 @@
case CONN_TYPE_DIR:
conn->state = DIR_CONN_STATE_SERVER_COMMAND_WAIT;
break;
- }
- return 0;
-}
-
-int connection_tls_start_handshake(connection_t *conn, int receiving) {
- conn->state = OR_CONN_STATE_HANDSHAKING;
- conn->tls = tor_tls_new(conn->s, receiving);
- if(!conn->tls) {
- log_fn(LOG_WARNING,"tor_tls_new failed. Closing.");
- return -1;
- }
- connection_start_reading(conn);
- log_fn(LOG_DEBUG,"starting the handshake");
- if(connection_tls_continue_handshake(conn) < 0)
- return -1;
- return 0;
-}
-
-static int connection_tls_continue_handshake(connection_t *conn) {
- switch(tor_tls_handshake(conn->tls)) {
- case TOR_TLS_ERROR:
- case TOR_TLS_CLOSE:
- log_fn(LOG_INFO,"tls error. breaking.");
- return -1;
- case TOR_TLS_DONE:
- return connection_tls_finish_handshake(conn);
- case TOR_TLS_WANTWRITE:
- connection_start_writing(conn);
- log_fn(LOG_DEBUG,"wanted write");
- return 0;
- case TOR_TLS_WANTREAD: /* handshaking conns are *always* reading */
- log_fn(LOG_DEBUG,"wanted read");
- return 0;
- }
- return 0;
-}
-
-static int connection_tls_finish_handshake(connection_t *conn) {
- crypto_pk_env_t *pk;
- routerinfo_t *router;
-
- conn->state = OR_CONN_STATE_OPEN;
- directory_set_dirty();
- connection_watch_events(conn, POLLIN);
- log_fn(LOG_DEBUG,"tls handshake done. verifying.");
- if(options.OnionRouter) { /* I'm an OR */
- if(tor_tls_peer_has_cert(conn->tls)) { /* it's another OR */
- pk = tor_tls_verify(conn->tls);
- if(!pk) {
- log_fn(LOG_WARNING,"Other side has a cert but it's invalid. Closing.");
- return -1;
- }
- router = router_get_by_link_pk(pk);
- if (!router) {
- log_fn(LOG_WARNING,"Unrecognized public key from peer. Closing.");
- crypto_free_pk_env(pk);
- return -1;
- }
- if(conn->link_pkey) { /* I initiated this connection. */
- if(crypto_pk_cmp_keys(conn->link_pkey, pk)) {
- log_fn(LOG_WARNING,"We connected to '%s' but he gave us a different key. Closing.", router->nickname);
- crypto_free_pk_env(pk);
- return -1;
- }
- log_fn(LOG_DEBUG,"The router's pk matches the one we meant to connect to. Good.");
- } else {
- if(connection_exact_get_by_addr_port(router->addr,router->or_port)) {
- log_fn(LOG_INFO,"Router %s is already connected. Dropping.", router->nickname);
- return -1;
- }
- connection_or_init_conn_from_router(conn, router);
- }
- crypto_free_pk_env(pk);
- } else { /* it's an OP */
- conn->receiver_bucket = conn->bandwidth = DEFAULT_BANDWIDTH_OP;
- }
- } else { /* I'm a client */
- if(!tor_tls_peer_has_cert(conn->tls)) { /* it's a client too?! */
- log_fn(LOG_WARNING,"Neither peer sent a cert! Closing.");
- return -1;
- }
- pk = tor_tls_verify(conn->tls);
- if(!pk) {
- log_fn(LOG_WARNING,"Other side has a cert but it's invalid. Closing.");
- return -1;
- }
- router = router_get_by_link_pk(pk);
- if (!router) {
- log_fn(LOG_WARNING,"Unrecognized public key from peer. Closing.");
- crypto_free_pk_env(pk);
- return -1;
- }
- if(crypto_pk_cmp_keys(conn->link_pkey, pk)) {
- log_fn(LOG_WARNING,"We connected to '%s' but he gave us a different key. Closing.", router->nickname);
- crypto_free_pk_env(pk);
- return -1;
- }
- log_fn(LOG_DEBUG,"The router's pk matches the one we meant to connect to. Good.");
- crypto_free_pk_env(pk);
- conn->receiver_bucket = conn->bandwidth = DEFAULT_BANDWIDTH_OP;
- circuit_n_conn_open(conn); /* send the pending create */
}
return 0;
}
Index: connection_or.c
===================================================================
RCS file: /home/or/cvsroot/src/or/connection_or.c,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -d -r1.58 -r1.59
--- connection_or.c 27 Sep 2003 21:30:10 -0000 1.58
+++ connection_or.c 30 Sep 2003 18:45:55 -0000 1.59
@@ -6,6 +6,8 @@
extern or_options_t options; /* command-line and config-file options */
+static int connection_tls_finish_handshake(connection_t *conn);
+
/**************************************************************/
static void cell_pack(char *dest, const cell_t *src) {
@@ -138,6 +140,111 @@
connection_remove(conn);
connection_free(conn);
return NULL;
+}
+
+/* ********************************** */
+
+int connection_tls_start_handshake(connection_t *conn, int receiving) {
+ conn->state = OR_CONN_STATE_HANDSHAKING;
+ conn->tls = tor_tls_new(conn->s, receiving);
+ if(!conn->tls) {
+ log_fn(LOG_WARNING,"tor_tls_new failed. Closing.");
+ return -1;
+ }
+ connection_start_reading(conn);
+ log_fn(LOG_DEBUG,"starting the handshake");
+ if(connection_tls_continue_handshake(conn) < 0)
+ return -1;
+ return 0;
+}
+
+int connection_tls_continue_handshake(connection_t *conn) {
+ switch(tor_tls_handshake(conn->tls)) {
+ case TOR_TLS_ERROR:
+ case TOR_TLS_CLOSE:
+ log_fn(LOG_INFO,"tls error. breaking.");
+ return -1;
+ case TOR_TLS_DONE:
+ return connection_tls_finish_handshake(conn);
+ case TOR_TLS_WANTWRITE:
+ connection_start_writing(conn);
+ log_fn(LOG_DEBUG,"wanted write");
+ return 0;
+ case TOR_TLS_WANTREAD: /* handshaking conns are *always* reading */
+ log_fn(LOG_DEBUG,"wanted read");
+ return 0;
+ }
+ return 0;
+}
+
+static int connection_tls_finish_handshake(connection_t *conn) {
+ crypto_pk_env_t *pk;
+ routerinfo_t *router;
+
+ conn->state = OR_CONN_STATE_OPEN;
+ directory_set_dirty();
+ connection_watch_events(conn, POLLIN);
+ log_fn(LOG_DEBUG,"tls handshake done. verifying.");
+ if(options.OnionRouter) { /* I'm an OR */
+ if(tor_tls_peer_has_cert(conn->tls)) { /* it's another OR */
+ pk = tor_tls_verify(conn->tls);
+ if(!pk) {
+ log_fn(LOG_WARNING,"Other side has a cert but it's invalid. Closing.");
+ return -1;
+ }
+ router = router_get_by_link_pk(pk);
+ if (!router) {
+ log_fn(LOG_WARNING,"Unrecognized public key from peer. Closing.");
+ crypto_free_pk_env(pk);
+ return -1;
+ }
+ if(conn->link_pkey) { /* I initiated this connection. */
+ if(crypto_pk_cmp_keys(conn->link_pkey, pk)) {
+ log_fn(LOG_WARNING,"We connected to '%s' but he gave us a different key. Closing.",
+ router->nickname);
+ crypto_free_pk_env(pk);
+ return -1;
+ }
+ log_fn(LOG_DEBUG,"The router's pk matches the one we meant to connect to. Good.");
+ } else {
+ if(connection_exact_get_by_addr_port(router->addr,router->or_port)) {
+ log_fn(LOG_INFO,"Router %s is already connected. Dropping.", router->nickname);
+ return -1;
+ }
+ connection_or_init_conn_from_router(conn, router);
+ }
+ crypto_free_pk_env(pk);
+ } else { /* it's an OP */
+ conn->receiver_bucket = conn->bandwidth = DEFAULT_BANDWIDTH_OP;
+ }
+ } else { /* I'm a client */
+ if(!tor_tls_peer_has_cert(conn->tls)) { /* it's a client too?! */
+ log_fn(LOG_WARNING,"Neither peer sent a cert! Closing.");
+ return -1;
+ }
+ pk = tor_tls_verify(conn->tls);
+ if(!pk) {
+ log_fn(LOG_WARNING,"Other side has a cert but it's invalid. Closing.");
+ return -1;
+ }
+ router = router_get_by_link_pk(pk);
+ if (!router) {
+ log_fn(LOG_WARNING,"Unrecognized public key from peer. Closing.");
+ crypto_free_pk_env(pk);
+ return -1;
+ }
+ if(crypto_pk_cmp_keys(conn->link_pkey, pk)) {
+ log_fn(LOG_WARNING,"We connected to '%s' but he gave us a different key. Closing.",
+ router->nickname);
+ crypto_free_pk_env(pk);
+ return -1;
+ }
+ log_fn(LOG_DEBUG,"The router's pk matches the one we meant to connect to. Good.");
+ crypto_free_pk_env(pk);
+ conn->receiver_bucket = conn->bandwidth = DEFAULT_BANDWIDTH_OP;
+ circuit_n_conn_open(conn); /* send the pending create */
+ }
+ return 0;
}
/* ********************************** */
More information about the tor-commits
mailing list