hsdesc: Use an IntegerMinutes<u16> to hold lifetime.

2023-02-08 13:33:07 -05:00 · 2023-02-08 13:33:07 -05:00 · 0a80c468df
parent 39f5f90f3f
commit 0a80c468df
4 changed files with 21 additions and 10 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -4100,6 +4100,7 @@ dependencies = [
 "tor-linkspec",
 "tor-llcrypto",
 "tor-protover",
+ "tor-units",
 "visibility",
 "visible",
 "weak-table",
--- a/crates/tor-netdoc/Cargo.toml
+++ b/crates/tor-netdoc/Cargo.toml
@ -32,7 +32,7 @@ ns_consensus = []
 # TODO hs: mark these as part of "full" once they are done and stable.
 onion-client = ["onion-common"]
 onion-service = ["onion-common", "rand"]
-onion-common = ["tor-hscrypto", "tor-linkspec"]
+onion-common = ["tor-hscrypto", "tor-linkspec", "tor-units"]

 # Enable experimental APIs that are not yet officially supported.
 #
@ -80,6 +80,7 @@ tor-hscrypto = { path = "../tor-hscrypto", version = "0.1.0", optional = true }
 tor-linkspec = { path = "../tor-linkspec", version = "0.6.0", optional = true }
 tor-llcrypto = { path = "../tor-llcrypto", version = "0.4.1" }
 tor-protover = { path = "../tor-protover", version = "0.4.0" }
+tor-units = { version = "0.4.1", path = "../tor-units", optional = true }
 visibility = { version = "0.0.1", optional = true }
 visible = { version = "0.0.1", optional = true }
 weak-table = "0.3.0"
--- a/crates/tor-netdoc/src/doc/hsdesc.rs
+++ b/crates/tor-netdoc/src/doc/hsdesc.rs
@ -30,6 +30,7 @@ use tor_hscrypto::{
 };
 use tor_linkspec::LinkSpec;
 use tor_llcrypto::pk::curve25519;
+use tor_units::IntegerMinutes;

 /// Metadata about an onion service descriptor, as stored at an HsDir.
 ///
@ -60,7 +61,7 @@ pub type UncheckedStoredHsDescMeta =
 struct IndexInfo {
    /// The lifetime in minutes that this descriptor should be held after it is
    /// received.
-    lifetime_minutes: u16,
+    lifetime: IntegerMinutes<u16>,
    /// The expiration time on the `descriptor-signing-key-cert` included in this
    /// descriptor.
    signing_cert_expires: SystemTime,
@ -275,7 +276,7 @@ impl IndexInfo {
    /// Create a new `IndexInfo` from the outer part of an onion service descriptor.
    fn from_outer_doc(outer: &outer::HsDescOuter) -> Self {
        IndexInfo {
-            lifetime_minutes: outer.lifetime_minutes,
+            lifetime: outer.lifetime,
            signing_cert_expires: outer.desc_signing_key_cert.expiry(),
            revision: outer.revision_counter,
        }
@ -311,6 +312,8 @@ mod test {
    #![allow(clippy::unwrap_used)]
    #![allow(clippy::unchecked_duration_subtraction)]
    //! <!-- @@ end test lint list maintained by maint/add_warning @@ -->    
+    use std::time::Duration;
+
    use super::*;
    use hex_literal::hex;
    use tor_checkable::{SelfSigned, Timebound};
@ -330,7 +333,10 @@ mod test {
            meta.blinded_id.as_ref(),
            &hex!("43cc0d62fc6252f578705ca645a46109e265290343b1137e90189744b20b3f2d")
        );
-        assert_eq!(meta.idx_info.lifetime_minutes, 180);
+        assert_eq!(
+            Duration::try_from(meta.idx_info.lifetime).unwrap(),
+            Duration::from_secs(60 * 180)
+        );
        assert_eq!(
            meta.idx_info.signing_cert_expires,
            humantime::parse_rfc3339("2023-01-26T03:00:00Z").unwrap()
@ -353,7 +359,10 @@ mod test {
            .unwrap()
            .decrypt(&TEST_SUBCREDENTIAL.into(), None)?;

-        assert_eq!(desc.idx_info.lifetime_minutes, 180);
+        assert_eq!(
+            Duration::try_from(desc.idx_info.lifetime).unwrap(),
+            Duration::from_secs(60 * 180)
+        );
        assert_eq!(
            desc.idx_info.signing_cert_expires,
            humantime::parse_rfc3339("2023-01-26T03:00:00Z").unwrap()
--- a/crates/tor-netdoc/src/doc/hsdesc/outer.rs
+++ b/crates/tor-netdoc/src/doc/hsdesc/outer.rs
@ -8,6 +8,7 @@ use tor_checkable::Timebound;
 use tor_hscrypto::pk::HsBlindId;
 use tor_hscrypto::{RevisionCounter, Subcredential};
 use tor_llcrypto::pk::ed25519::{self, ValidatableEd25519Signature};
+use tor_units::IntegerMinutes;

 use crate::parse::{keyword::Keyword, parser::SectionRules, tokenize::NetDocReader};
 use crate::types::misc::{UnvalidatedEdCert, B64};
@ -24,8 +25,7 @@ pub(super) struct HsDescOuter {
    /// This doesn't actually list the starting time or the end time for the
    /// descriptor: presumably, because we didn't want to leak the onion
    /// service's view of the wallclock.
-    // TODO HS: Use IntegerMinutes, and rename to `Lifetime`.
-    pub(super) lifetime_minutes: u16,
+    pub(super) lifetime: IntegerMinutes<u16>,
    /// A certificate containing the descriptor-signing-key for this onion
    /// service (`KP_hs_desc_sign`) signed by the blinded ed25519 identity
    /// (`HS_blind_id`) for this onion service.
@ -185,7 +185,7 @@ impl HsDescOuter {
        }

        // Parse `descryptor-lifetime`.
-        let lifetime_minutes = {
+        let lifetime: IntegerMinutes<u16> = {
            let tok = body.required(DESCRIPTOR_LIFETIME)?;
            let lifetime_minutes: u16 = tok.parse_arg(0)?;
            if !(30..=720).contains(&lifetime_minutes) {
@ -193,7 +193,7 @@ impl HsDescOuter {
                    .with_msg(format!("Invalid HsDesc lifetime {}", lifetime_minutes))
                    .at_pos(tok.pos()));
            }
-            lifetime_minutes
+            lifetime_minutes.into()
        };

        // Parse `descriptor-signing-key-cert`.  This certificate is signed with
@ -249,7 +249,7 @@ impl HsDescOuter {

        // Build our return value.
        let desc = HsDescOuter {
-            lifetime_minutes,
+            lifetime,
            desc_signing_key_cert,
            revision_counter,
            superencrypted: encrypted_body,