netdoc: Fix most "TODO HS rename" comments

2023-02-08 13:23:21 -05:00 · 2023-02-08 13:23:21 -05:00 · 39f5f90f3f
parent 8c3bd3626b
commit 39f5f90f3f
4 changed files with 14 additions and 16 deletions
--- a/crates/tor-netdoc/src/doc/hsdesc.rs
+++ b/crates/tor-netdoc/src/doc/hsdesc.rs
@ -132,11 +132,11 @@ pub struct IntroPointDesc {

    /// The key used to extend a circuit _to the introduction point_, using the
    /// ntor or ntor3 handshakes.  (`KP_ntor`)
-    ntor_onion_key: curve25519::PublicKey,
+    ipt_ntor_key: curve25519::PublicKey,

    /// A key used to identify the onion service at this introduction point.
    /// (`KP_hs_ipt_sid`)
-    auth_key: HsIntroPtSessionIdKey,
+    ipt_sid_key: HsIntroPtSessionIdKey,

    /// `KP_hss_ntor`, the key used to encrypt a handshake _to the onion
    /// service_ when using this introduction point.
@ -144,8 +144,7 @@ pub struct IntroPointDesc {
    /// The onion service uses a separate key of this type with each
    /// introduction point as part of its strategy for preventing replay
    /// attacks.
-    // TODO HS RENAME: Rename to KP_hs_intro_intor, or whatever we wind up with.
-    hs_enc_key: HsSvcNtorKey,
+    svc_ntor_key: HsSvcNtorKey,
 }

 /// An onion service after it has been parsed by the client, but not yet decrypted.
@ -218,11 +217,10 @@ impl EncryptedHsDesc {
    /// this.
    //
    // TODO hs: I'm not sure that taking `hsc_desc_enc` as an argument is correct. Instead, maybe
-    // we should take a keystore trait?  Or a function from &ClientDescAuthKey to &ClientDescAuthSecretKey?
+    // we should take a set of keys?
    pub fn decrypt(
        self,
        subcredential: &Subcredential,
-        // TODO HS: rename depending on how the spec goes.
        hsc_desc_enc: Option<(&HsClientDescEncKey, &HsClientDescEncSecretKey)>,
    ) -> Result<HsDesc> {
        let blinded_id = self.outer_doc.blinded_id();
--- a/crates/tor-netdoc/src/doc/hsdesc/inner.rs
+++ b/crates/tor-netdoc/src/doc/hsdesc/inner.rs
@ -251,8 +251,7 @@ impl HsDescInner {
            // Extract the key `KP_hss_ntor` that we'll use for our
            // handshake with the onion service itself.  This comes from the
            // "enc-key" item.
-            // TODO HS RENAME: Rename to KP_hs_intro_intor, or whatever we wind up with.
-            let hs_enc_key: HsSvcNtorKey = {
+            let svc_ntor_key: HsSvcNtorKey = {
                let tok = ipt_section
                    .slice(ENC_KEY)
                    .iter()
@ -295,7 +294,7 @@ impl HsDescInner {
                    })?;
                let expected_ed_key =
                    tor_llcrypto::pk::keymanip::convert_curve25519_to_ed25519_public(
-                        &hs_enc_key,
+                        &svc_ntor_key,
                        0,
                    );
                if expected_ed_key != Some(ed_key) {
@ -307,9 +306,9 @@ impl HsDescInner {

            intro_points.push(IntroPointDesc {
                link_specifiers,
-                ntor_onion_key,
-                auth_key,
-                hs_enc_key,
+                ipt_ntor_key: ntor_onion_key,
+                ipt_sid_key: auth_key,
+                svc_ntor_key,
            });
        }

--- a/crates/tor-netdoc/src/doc/hsdesc/middle.rs
+++ b/crates/tor-netdoc/src/doc/hsdesc/middle.rs
@ -26,7 +26,7 @@ pub(super) struct HsDescMiddle {
    /// This is `KP_hss_desc_enc`, and appears as `desc-auth-ephemeral-key` in
    /// the document format; It is used along with `KS_hsc_desc_enc` to perform
    /// a diffie-hellman operation and decrypt the encryption layer.
-    ephemeral_key: HsSvcDescEncKey,
+    svc_desc_enc_key: HsSvcDescEncKey,
    /// One or more authorized clients, and the key exchange information that
    /// they use to compute shared keys for decrypting the encryption layer.
    ///
@ -98,7 +98,9 @@ impl HsDescMiddle {
        // Where:
        //     hs_{X,y} = K{P,S}_hss_desc_enc
        //     client_{X,Y} = K{P,S}_hsc_desc_enc
-        let secret_seed = ks_hsc_desc_enc.as_ref().diffie_hellman(&self.ephemeral_key);
+        let secret_seed = ks_hsc_desc_enc
+            .as_ref()
+            .diffie_hellman(&self.svc_desc_enc_key);
        let mut kdf = KDF::default();
        kdf.update(subcredential.as_ref());
        kdf.update(secret_seed.as_bytes());
@ -236,7 +238,7 @@ impl HsDescMiddle {
        let encrypted_body: Vec<u8> = body.required(ENCRYPTED)?.obj("MESSAGE")?;

        Ok(HsDescMiddle {
-            ephemeral_key,
+            svc_desc_enc_key: ephemeral_key,
            auth_clients,
            encrypted: encrypted_body,
        })
--- a/crates/tor-netdoc/src/doc/hsdesc/outer.rs
+++ b/crates/tor-netdoc/src/doc/hsdesc/outer.rs
@ -29,7 +29,6 @@ pub(super) struct HsDescOuter {
    /// A certificate containing the descriptor-signing-key for this onion
    /// service (`KP_hs_desc_sign`) signed by the blinded ed25519 identity
    /// (`HS_blind_id`) for this onion service.
-    // TODO HS: decide what to call this, and RENAME.
    pub(super) desc_signing_key_cert: Ed25519Cert,
    /// A revision counter to tell whether this descriptor is more or less recent
    /// than another one for the same blinded ID.