From 61513de6d0f0c8878431d91bc3c95a23b3f084e8 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 4 Aug 2023 08:17:49 -0400 Subject: [PATCH] proto: Take CircuitBinding one step forward into Reactor::add_hop. --- crates/tor-proto/src/circuit.rs | 4 ++-- crates/tor-proto/src/circuit/handshake.rs | 7 +++++-- crates/tor-proto/src/circuit/reactor.rs | 23 ++++++++++++++++++----- crates/tor-proto/src/crypto.rs | 2 +- 4 files changed, 26 insertions(+), 10 deletions(-) diff --git a/crates/tor-proto/src/circuit.rs b/crates/tor-proto/src/circuit.rs index 7b647ea2f..b673e6f4f 100644 --- a/crates/tor-proto/src/circuit.rs +++ b/crates/tor-proto/src/circuit.rs @@ -591,11 +591,11 @@ impl ClientCirc { seed: impl handshake::KeyGenerator, params: CircParameters, ) -> Result<()> { - let (outbound, inbound) = protocol.construct_layers(role, seed)?; + let (outbound, inbound, binding) = protocol.construct_layers(role, seed)?; let (tx, rx) = oneshot::channel(); let message = CtrlMsg::ExtendVirtual { - cell_crypto: (outbound, inbound), + cell_crypto: (outbound, inbound, binding), params, done: tx, }; diff --git a/crates/tor-proto/src/circuit/handshake.rs b/crates/tor-proto/src/circuit/handshake.rs index d13b84718..f8803a648 100644 --- a/crates/tor-proto/src/circuit/handshake.rs +++ b/crates/tor-proto/src/circuit/handshake.rs @@ -11,6 +11,7 @@ // that can wait IMO until we have a second circuit creation mechanism for use // with onion services. +use crate::crypto::binding::CircuitBinding; use crate::crypto::cell::{ ClientLayer, CryptInit, InboundClientLayer, OutboundClientLayer, Tor1Hsv3RelayCrypto, }; @@ -44,6 +45,7 @@ pub enum HandshakeRole { impl RelayProtocol { /// Construct the cell-crypto layers that are needed for a given set of /// circuit hop parameters. + #[allow(clippy::type_complexity)] // XXXX pub(crate) fn construct_layers( self, role: HandshakeRole, @@ -51,18 +53,19 @@ impl RelayProtocol { ) -> Result<( Box, Box, + Option, )> { match self { RelayProtocol::HsV3 => { let seed_needed = Tor1Hsv3RelayCrypto::seed_len(); let seed = keygen.expand(seed_needed)?; let layer = Tor1Hsv3RelayCrypto::initialize(&seed)?; - let (fwd, back, _) = layer.split(); + let (fwd, back, binding) = layer.split(); let (fwd, back) = match role { HandshakeRole::Initiator => (fwd, back), HandshakeRole::Responder => (back, fwd), }; - Ok((Box::new(fwd), Box::new(back))) + Ok((Box::new(fwd), Box::new(back), Some(binding))) } } } diff --git a/crates/tor-proto/src/circuit/reactor.rs b/crates/tor-proto/src/circuit/reactor.rs index cb2a8e238..484bd07fa 100644 --- a/crates/tor-proto/src/circuit/reactor.rs +++ b/crates/tor-proto/src/circuit/reactor.rs @@ -22,6 +22,7 @@ use crate::circuit::unique_id::UniqId; use crate::circuit::{ sendme, streammap, CircParameters, Create2Wrap, CreateFastWrap, CreateHandshakeWrap, }; +use crate::crypto::binding::CircuitBinding; use crate::crypto::cell::{ ClientLayer, CryptInit, HopNum, InboundClientCrypt, InboundClientLayer, OutboundClientCrypt, OutboundClientLayer, RelayCellBody, Tor1RelayCrypto, @@ -134,6 +135,7 @@ pub(super) enum CtrlMsg { cell_crypto: ( Box, Box, + Option, ), /// A set of parameters used to configure this hop. params: CircParameters, @@ -490,11 +492,12 @@ where debug!("{}: Handshake complete; circuit extended.", self.unique_id); // If we get here, it succeeded. Add a new hop to the circuit. - let (layer_fwd, layer_back, _) = layer.split(); + let (layer_fwd, layer_back, binding) = layer.split(); reactor.add_hop( path::HopDetail::Relay(self.peer_id.clone()), Box::new(layer_fwd), Box::new(layer_back), + Some(binding), &self.params, ); Ok(MetaCellDisposition::ConversationFinished) @@ -937,7 +940,14 @@ impl Reactor { let fwd = Box::new(DummyCrypto::new(fwd_lasthop)); let rev = Box::new(DummyCrypto::new(rev_lasthop)); - self.add_hop(path::HopDetail::Relay(dummy_peer_id), fwd, rev, params); + let binding = None; + self.add_hop( + path::HopDetail::Relay(dummy_peer_id), + fwd, + rev, + binding, + params, + ); let _ = done.send(Ok(())); } @@ -991,13 +1001,14 @@ impl Reactor { debug!("{}: Handshake complete; circuit created.", self.unique_id); - let (layer_fwd, layer_back, _) = layer.split(); + let (layer_fwd, layer_back, binding) = layer.split(); let peer_id = self.channel.target().clone(); self.add_hop( path::HopDetail::Relay(peer_id), Box::new(layer_fwd), Box::new(layer_back), + Some(binding), params, ); Ok(()) @@ -1062,12 +1073,14 @@ impl Reactor { peer_id: path::HopDetail, fwd: Box, rev: Box, + binding: Option, params: &CircParameters, ) { let hop = crate::circuit::reactor::CircHop::new(params.initial_send_window()); self.hops.push(hop); self.crypto_in.add_layer(rev); self.crypto_out.add_layer(fwd); + drop(binding); // XXXX let mut mutable = self.mutable.lock().expect("poisoned lock"); Arc::make_mut(&mut mutable.path).push_hop(peer_id); } @@ -1382,13 +1395,13 @@ impl Reactor { params, done, } => { - let (outbound, inbound) = cell_crypto; + let (outbound, inbound, binding) = cell_crypto; // TODO HS: Perhaps this should describe the onion service, or // describe why the virtual hop was added, or something? let peer_id = path::HopDetail::Virtual; - self.add_hop(peer_id, outbound, inbound, ¶ms); + self.add_hop(peer_id, outbound, inbound, binding, ¶ms); let _ = done.send(Ok(())); } CtrlMsg::BeginStream { diff --git a/crates/tor-proto/src/crypto.rs b/crates/tor-proto/src/crypto.rs index 6fd4e1da2..29ba52d17 100644 --- a/crates/tor-proto/src/crypto.rs +++ b/crates/tor-proto/src/crypto.rs @@ -6,7 +6,7 @@ //! * `handshake` implements the ntor handshake. //! * `ll` provides building blocks for other parts of the protocol. -mod binding; +pub(crate) mod binding; pub(crate) mod cell; pub(crate) mod handshake; pub(crate) mod ll;