netdoc: Fix most "TODO HS rename" comments
This commit is contained in:
parent
8c3bd3626b
commit
39f5f90f3f
|
@ -132,11 +132,11 @@ pub struct IntroPointDesc {
|
|||
|
||||
/// The key used to extend a circuit _to the introduction point_, using the
|
||||
/// ntor or ntor3 handshakes. (`KP_ntor`)
|
||||
ntor_onion_key: curve25519::PublicKey,
|
||||
ipt_ntor_key: curve25519::PublicKey,
|
||||
|
||||
/// A key used to identify the onion service at this introduction point.
|
||||
/// (`KP_hs_ipt_sid`)
|
||||
auth_key: HsIntroPtSessionIdKey,
|
||||
ipt_sid_key: HsIntroPtSessionIdKey,
|
||||
|
||||
/// `KP_hss_ntor`, the key used to encrypt a handshake _to the onion
|
||||
/// service_ when using this introduction point.
|
||||
|
@ -144,8 +144,7 @@ pub struct IntroPointDesc {
|
|||
/// The onion service uses a separate key of this type with each
|
||||
/// introduction point as part of its strategy for preventing replay
|
||||
/// attacks.
|
||||
// TODO HS RENAME: Rename to KP_hs_intro_intor, or whatever we wind up with.
|
||||
hs_enc_key: HsSvcNtorKey,
|
||||
svc_ntor_key: HsSvcNtorKey,
|
||||
}
|
||||
|
||||
/// An onion service after it has been parsed by the client, but not yet decrypted.
|
||||
|
@ -218,11 +217,10 @@ impl EncryptedHsDesc {
|
|||
/// this.
|
||||
//
|
||||
// TODO hs: I'm not sure that taking `hsc_desc_enc` as an argument is correct. Instead, maybe
|
||||
// we should take a keystore trait? Or a function from &ClientDescAuthKey to &ClientDescAuthSecretKey?
|
||||
// we should take a set of keys?
|
||||
pub fn decrypt(
|
||||
self,
|
||||
subcredential: &Subcredential,
|
||||
// TODO HS: rename depending on how the spec goes.
|
||||
hsc_desc_enc: Option<(&HsClientDescEncKey, &HsClientDescEncSecretKey)>,
|
||||
) -> Result<HsDesc> {
|
||||
let blinded_id = self.outer_doc.blinded_id();
|
||||
|
|
|
@ -251,8 +251,7 @@ impl HsDescInner {
|
|||
// Extract the key `KP_hss_ntor` that we'll use for our
|
||||
// handshake with the onion service itself. This comes from the
|
||||
// "enc-key" item.
|
||||
// TODO HS RENAME: Rename to KP_hs_intro_intor, or whatever we wind up with.
|
||||
let hs_enc_key: HsSvcNtorKey = {
|
||||
let svc_ntor_key: HsSvcNtorKey = {
|
||||
let tok = ipt_section
|
||||
.slice(ENC_KEY)
|
||||
.iter()
|
||||
|
@ -295,7 +294,7 @@ impl HsDescInner {
|
|||
})?;
|
||||
let expected_ed_key =
|
||||
tor_llcrypto::pk::keymanip::convert_curve25519_to_ed25519_public(
|
||||
&hs_enc_key,
|
||||
&svc_ntor_key,
|
||||
0,
|
||||
);
|
||||
if expected_ed_key != Some(ed_key) {
|
||||
|
@ -307,9 +306,9 @@ impl HsDescInner {
|
|||
|
||||
intro_points.push(IntroPointDesc {
|
||||
link_specifiers,
|
||||
ntor_onion_key,
|
||||
auth_key,
|
||||
hs_enc_key,
|
||||
ipt_ntor_key: ntor_onion_key,
|
||||
ipt_sid_key: auth_key,
|
||||
svc_ntor_key,
|
||||
});
|
||||
}
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ pub(super) struct HsDescMiddle {
|
|||
/// This is `KP_hss_desc_enc`, and appears as `desc-auth-ephemeral-key` in
|
||||
/// the document format; It is used along with `KS_hsc_desc_enc` to perform
|
||||
/// a diffie-hellman operation and decrypt the encryption layer.
|
||||
ephemeral_key: HsSvcDescEncKey,
|
||||
svc_desc_enc_key: HsSvcDescEncKey,
|
||||
/// One or more authorized clients, and the key exchange information that
|
||||
/// they use to compute shared keys for decrypting the encryption layer.
|
||||
///
|
||||
|
@ -98,7 +98,9 @@ impl HsDescMiddle {
|
|||
// Where:
|
||||
// hs_{X,y} = K{P,S}_hss_desc_enc
|
||||
// client_{X,Y} = K{P,S}_hsc_desc_enc
|
||||
let secret_seed = ks_hsc_desc_enc.as_ref().diffie_hellman(&self.ephemeral_key);
|
||||
let secret_seed = ks_hsc_desc_enc
|
||||
.as_ref()
|
||||
.diffie_hellman(&self.svc_desc_enc_key);
|
||||
let mut kdf = KDF::default();
|
||||
kdf.update(subcredential.as_ref());
|
||||
kdf.update(secret_seed.as_bytes());
|
||||
|
@ -236,7 +238,7 @@ impl HsDescMiddle {
|
|||
let encrypted_body: Vec<u8> = body.required(ENCRYPTED)?.obj("MESSAGE")?;
|
||||
|
||||
Ok(HsDescMiddle {
|
||||
ephemeral_key,
|
||||
svc_desc_enc_key: ephemeral_key,
|
||||
auth_clients,
|
||||
encrypted: encrypted_body,
|
||||
})
|
||||
|
|
|
@ -29,7 +29,6 @@ pub(super) struct HsDescOuter {
|
|||
/// A certificate containing the descriptor-signing-key for this onion
|
||||
/// service (`KP_hs_desc_sign`) signed by the blinded ed25519 identity
|
||||
/// (`HS_blind_id`) for this onion service.
|
||||
// TODO HS: decide what to call this, and RENAME.
|
||||
pub(super) desc_signing_key_cert: Ed25519Cert,
|
||||
/// A revision counter to tell whether this descriptor is more or less recent
|
||||
/// than another one for the same blinded ID.
|
||||
|
|
Loading…
Reference in New Issue