From 89ca965d2a831fe7b515cf83175652db1d0ecdc9 Mon Sep 17 00:00:00 2001 From: Gabriela Moldovan Date: Fri, 17 Mar 2023 20:19:22 +0000 Subject: [PATCH] Define constants for `AuthClient` field lengths. These are used in multiple places (and will also be used by the HS descriptor encoder later on), so let's make them named constants. Signed-off-by: Gabriela Moldovan --- crates/tor-netdoc/src/doc/hsdesc/desc_enc.rs | 11 ++++++++++- crates/tor-netdoc/src/doc/hsdesc/middle.rs | 15 +++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/crates/tor-netdoc/src/doc/hsdesc/desc_enc.rs b/crates/tor-netdoc/src/doc/hsdesc/desc_enc.rs index fe00d505f..89452c6ed 100644 --- a/crates/tor-netdoc/src/doc/hsdesc/desc_enc.rs +++ b/crates/tor-netdoc/src/doc/hsdesc/desc_enc.rs @@ -41,13 +41,22 @@ pub(super) struct HsDescEncryption<'a> { pub(super) string_const: &'a [u8], } +/// The length of a client ID. +pub(crate) const HS_DESC_MIDDLE_CLIENT_ID_LEN: usize = 8; + +/// The length of the the `AuthClient` IV. +pub(crate) const HS_DESC_MIDDLE_IV_LEN: usize = 16; + +/// The length of an `N_hs_desc_enc` nonce (also known as a "descriptor cookie"). +pub(crate) const HS_DESC_MIDDLE_ENC_NONCE_LEN: usize = 16; + /// A value used in deriving the encryption key for the inner (encryption) layer /// of onion service encryption. /// /// This is `N_hs_desc_enc` in the spec, where sometimes we also call it a /// "descriptor cookie". #[derive(derive_more::AsRef, derive_more::From)] -pub(super) struct HsDescEncNonce([u8; 16]); +pub(super) struct HsDescEncNonce([u8; HS_DESC_MIDDLE_ENC_NONCE_LEN]); /// Length of our cryptographic salt. const SALT_LEN: usize = 16; diff --git a/crates/tor-netdoc/src/doc/hsdesc/middle.rs b/crates/tor-netdoc/src/doc/hsdesc/middle.rs index ff9cdb0c5..b3df1ca2c 100644 --- a/crates/tor-netdoc/src/doc/hsdesc/middle.rs +++ b/crates/tor-netdoc/src/doc/hsdesc/middle.rs @@ -12,7 +12,10 @@ use crate::parse::{keyword::Keyword, parser::SectionRules}; use crate::types::misc::B64; use crate::{Pos, Result}; -use super::desc_enc::{HsDescEncNonce, HsDescEncryption}; +use super::desc_enc::{ + HsDescEncNonce, HsDescEncryption, HS_DESC_MIDDLE_CLIENT_ID_LEN, HS_DESC_MIDDLE_ENC_NONCE_LEN, + HS_DESC_MIDDLE_IV_LEN, +}; use super::DecryptionError; /// A more-or-less verbatim representation of the middle document of an onion @@ -67,7 +70,7 @@ impl HsDescMiddle { } /// Use a `ClientDescAuthSecretKey` (`KS_hsc_desc_enc`) to see if there is any `auth-client` - /// entry for us (a client who holds that secret key) in this descriptor. + /// entry for us (a client who holds that secret key) in this descriptor. /// If so, decrypt it and return its /// corresponding "Descriptor Cookie" (`N_hs_desc_enc`) /// @@ -135,11 +138,11 @@ struct AuthClient { /// A check field that clients can use to see if this [`AuthClient`] entry corresponds to a key they hold. /// /// This is the first part of the `auth-client` line. - client_id: CtByteArray<8>, + client_id: CtByteArray, /// An IV used to decrypt `encrypted_cookie`. /// /// This is the second item on the `auth-client` line. - iv: [u8; 16], + iv: [u8; HS_DESC_MIDDLE_IV_LEN], /// An encrypted value used to find the descriptor cookie `N_hs_desc_enc`, /// which in turn is /// needed to decrypt the [HsDescMiddle]'s `encrypted_body`. @@ -147,7 +150,7 @@ struct AuthClient { /// This is the third item on the `auth-client` line. When decrypted, it /// reveals a `DescEncEncryptionCookie` (`N_hs_desc_enc`, not yet so named /// in the spec). - encrypted_cookie: [u8; 16], + encrypted_cookie: [u8; HS_DESC_MIDDLE_ENC_NONCE_LEN], } impl AuthClient { @@ -203,7 +206,7 @@ impl HsDescMiddle { Ok(result) } - /// Extract an HsDescMiddle from a reader. + /// Extract an HsDescMiddle from a reader. /// /// The reader must contain a single HsDescOuter; we return an error if not. fn take_from_reader(reader: &mut NetDocReader<'_, HsMiddleKwd>) -> Result {