탐색 도움말
로그인
piros
/
tor
3
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
소스 검색

Drop support for AUTHTYPE_RSA_SHA256_RFC5705 authentication.

This was a stopgap method, designed on the theory that some routers
might support it before they could support Ed25519.  But it looks
like everybody who supports RFC5705 will also have an Ed25519 key,
so there's not a lot of reason to have this even supported.
Nick Mathewson 9 년 전
부모
53656381df
커밋
805e97a433
2개의 변경된 파일8개의 추가작업 그리고 6개의 파일을 삭제
분할 보기 변경상태 보기
  1. 4 2
      src/or/connection_or.c
  2. 4 4
      src/test/test_link_handshake.c

+ 4 - 2
src/or/connection_or.c
파일 보기 

@@ -2278,9 +2278,9 @@ authchallenge_type_is_supported(uint16_t challenge_type)
 
 {
 
   switch (challenge_type) {
 
      case AUTHTYPE_RSA_SHA256_TLSSECRET:
 
-     case AUTHTYPE_RSA_SHA256_RFC5705:
 
      case AUTHTYPE_ED25519_SHA256_RFC5705:
 
        return 1;
 
+     case AUTHTYPE_RSA_SHA256_RFC5705:
 
      default:
 
        return 0;
 
   }
 
@@ -2321,7 +2321,9 @@ connection_or_send_auth_challenge_cell(or_connection_t *conn)
 
   crypto_rand((char*)ac->challenge, sizeof(ac->challenge));
 
 
   auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_TLSSECRET);
 
-  auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_RFC5705);
 
+  /* Disabled, because everything that supports this method also supports
 
+   * the much-superior ED25519_SHA256_RFC5705 */
 
+  /* auth_challenge_cell_add_methods(ac, AUTHTYPE_RSA_SHA256_RFC5705); */
 
   auth_challenge_cell_add_methods(ac, AUTHTYPE_ED25519_SHA256_RFC5705);
 
   auth_challenge_cell_set_n_methods(ac,
 
                                     auth_challenge_cell_getlen_methods(ac));

+ 4 - 4
src/test/test_link_handshake.c
파일 보기 

@@ -890,15 +890,15 @@ test_link_handshake_send_authchallenge(void *arg)
 
   cell1 = mock_got_var_cell;
 
   tt_int_op(0, ==, connection_or_send_auth_challenge_cell(c1));
 
   cell2 = mock_got_var_cell;
 
-  tt_int_op(40, ==, cell1->payload_len);
 
-  tt_int_op(40, ==, cell2->payload_len);
 
+  tt_int_op(38, ==, cell1->payload_len);
 
+  tt_int_op(38, ==, cell2->payload_len);
 
   tt_int_op(0, ==, cell1->circ_id);
 
   tt_int_op(0, ==, cell2->circ_id);
 
   tt_int_op(CELL_AUTH_CHALLENGE, ==, cell1->command);
 
   tt_int_op(CELL_AUTH_CHALLENGE, ==, cell2->command);
 
 
-  tt_mem_op("\x00\x03\x00\x01\x00\x02\x00\x03", ==, cell1->payload + 32, 8);
 
-  tt_mem_op("\x00\x03\x00\x01\x00\x02\x00\x03", ==, cell2->payload + 32, 8);
 
+  tt_mem_op("\x00\x02\x00\x01\x00\x03", ==, cell1->payload + 32, 6);
 
+  tt_mem_op("\x00\x02\x00\x01\x00\x03", ==, cell2->payload + 32, 6);
 
   tt_mem_op(cell1->payload, !=, cell2->payload, 32);
 
 
  done: