Commit Graph

500 Commits

Author SHA1 Message Date
Nick Mathewson 393147e55e Run "cargo update" in preparation for next week's releases. 2022-07-20 08:37:13 -04:00
Nick Mathewson 131d880c7f Upgrade to latest phf, serde_with, serial_test. 2022-07-19 16:49:44 -04:00
Nick Mathewson 052f3089ca Bump to rusqlite 0.28. 2022-07-19 16:49:44 -04:00
Ian Jackson 7acdd21750 Provide maybe_send on postage::Sender, via extension trait
We need to replace the AtomicBool for dormant mode with something that
can wake up tasks.  postage::watch is the right shape.

But we want to be able to update it but suppress no-op updates.
(There is going to be a call site where no-op updates can occur.)

In the absence of a suitable upstream method as requested here
  https://github.com/austinjones/postage-rs/issues/56
we introduce this facility via an extension trait.
2022-07-18 18:13:13 +01:00
Nick Mathewson 9d3beb34a3 Bump tor-dirmgr to version 0.5.1.
This does not require a change in any other crate, since
the change here does not affect tor-dirmgr's APIs.
2022-07-14 12:00:42 -04:00
Nick Mathewson 033a05a9af Merge branch 'generate_cert' into 'main'
Implement functionality to construct signed Ed25519 certs.

Closes #511

See merge request tpo/core/arti!611
2022-07-08 13:25:29 +00:00
eta 0537e88d80 Merge branch 'persist-error-cleanup' into 'main'
tor-persist: Big refactoring on Error type.

See merge request tpo/core/arti!614
2022-07-06 17:20:43 +00:00
Nick Mathewson 853aed6859 tor-persist: Big refactoring on Error type.
Every error now has an action (what we were trying to do), a
resource (what we were trying to do it to), and a source (what
problem we encountered).

Initially I tried to add "action" and "resource" fields to error
variants individually, but that led to a combinatorial explosion.

Part of #323.
2022-07-06 11:47:17 -04:00
Nick Mathewson 48e44b0140 Implement functionality to construct signed Ed25519 certs.
This is behind a feature flag, since it isn't needed for pure
clients: only onion services and relays need this.

I've named the object that constructs these certs
`Ed25519CertConstructor` because it doesn't follow the builder
pattern exactly: mainly because you can't get an Ed25519Cert out of
it.  _That_ part is necessary because we require that an Ed25519Cert
should only exist if the certificate was found to be well-signed
with the right public key.

Closes #511.
2022-07-06 11:11:04 -04:00
Ian Jackson 6878e3a2d4 Merge branch 'update-rsa-v2' into 'main'
Update `rsa` dependency (and use `x25519-dalek` prerelease)

Closes #448

See merge request tpo/core/arti!612
2022-07-06 14:42:26 +00:00
eta c2e2da5dc3 Update `rsa` dependency (and use `x25519-dalek` prerelease)
- arti#448 and arti!607 highlight an issue with upgrading `rsa`: namely,
  the `x25519-dalek` version previously used has a hard dependency on
  `zeroize` 1.3, which creates a dependency conflict.
- However, `x25519-dalek` version `2.0.0-pre.1` relaxes this dependency.
  Reviewing the changelogs, it doesn't look like that version is
  substantially different from the current one at all, so it should be
  safe to use despite the "prerelease" tag.
- The new `x25519-dalek` version also bumps `rand_core`, which means we
  don't have to use the RNG compat wrapper in `tor-llcrypto` as much.

closes arti#448
2022-07-06 14:57:45 +01:00
Ian Jackson 8f63c07b5f tor-netdoc: b64 tests: add exhaustive roundtrip test 2022-07-06 12:04:23 +01:00
Ian Jackson a032137cad cargo update
This fixes a complaint from cargo audit about
  https://rustsec.org/advisories/RUSTSEC-2022-0032
in openssl.
2022-07-05 17:52:28 +01:00
Arturo Marquez af4970ec1f
Bump `base64ct` crate `1.5.0` -> `1.5.1`
This new release checks for invalid symbols in non-padded inputs
for decoding. Therefore, we can get rid of the logic implemented
in `https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/600`
2022-06-27 23:10:58 -05:00
Nick Mathewson 20435aea75 Bump crate and dependency versions.
These were done with the following commands:

```
cargo set-version -p tor-basic-utils   --bump patch
cargo set-version -p fs-mistrust       --bump minor
cargo set-version -p tor-error         --bump patch
cargo set-version -p tor-config        --bump patch
cargo set-version -p tor-units         --bump patch
cargo set-version -p tor-rtcompat      --bump minor
cargo set-version -p tor-llcrypto      --bump patch
cargo set-version -p tor-bytes         --bump minor
cargo set-version -p tor-socksproto    --bump minor
cargo set-version -p tor-cert          --bump minor
cargo set-version -p tor-cell          --bump minor
cargo set-version -p tor-proto         --bump minor
cargo set-version -p tor-netdoc        --bump patch
cargo set-version -p tor-netdir        --bump minor
cargo set-version -p tor-persist       --bump patch
cargo set-version -p tor-chanmgr       --bump minor
cargo set-version -p tor-guardmgr      --bump minor
cargo set-version -p tor-circmgr       --bump patch
cargo set-version -p tor-dirclient     --bump patch
cargo set-version -p tor-dirmgr        --bump minor
cargo set-version -p arti-client       --bump patch
cargo set-version -p arti              --bump minor
cargo set-version -p arti-bench        --bump minor
cargo set-version -p arti-testing      --bump minor
```
2022-06-24 12:00:22 -04:00
Nick Mathewson d5170d5318 Increment versions of crates with trivial changes only.
"Trivial" here includes stuff like cargo reformatting, comment
edits, error message string changes, and clippy warning changes.
Crates that depend on these do not need to increment.
2022-06-24 11:43:02 -04:00
eta ec3e1f2ada Merge branch 'error_cleanup_2' into 'main'
Error refactoring: bytes, cert, proto.

See merge request tpo/core/arti!604
2022-06-24 13:01:42 +00:00
Nick Mathewson da0e199bd3 Run cargo upgrade in preparation for release. 2022-06-24 07:55:26 -04:00
Nick Mathewson 38004a4f4d tor-proto: split and elaborate tor_bytes::Error instances
Some of these were for decoding particular objects (we now say
what kind of objects), and some were unrelated tor_cert errors that
for some reason we had shoved into a tor_bytes::Error.

There is now a separate tor_cert::CertError type, independent from
tor_cert's use of `tor_bytes::Error` for parsing errors.
2022-06-23 15:42:45 -04:00
Ian Jackson b1aab512ff Merge branch 'tor-netdoc/use-base64ct' into 'main'
Replace `base64` crate with `base64ct` crate in `tor-netdoc`

See merge request tpo/core/arti!600
2022-06-23 18:52:14 +00:00
Nick Mathewson 210f3f1587 Merge branch 'error_cleanup' into 'main'
Error cleanup, part 1

See merge request tpo/core/arti!601
2022-06-22 19:43:50 +00:00
Nick Mathewson e3e922d03f Improve error messages in tor-checkable. 2022-06-22 09:48:42 -04:00
Nick Mathewson 326ab1a7ae Editorial improvements on fs-mistrust errors
These changes make sure that the errors conform to our preferred
style, and include a description of what exactly we were doing when
something went wrong.
2022-06-22 08:03:15 -04:00
Arturo Marquez 2d92e9e218
Remove unused `base64` crate 2022-06-21 20:28:58 -05:00
Arturo Marquez 6536ca0f61
Replace `base64` crate with `base64ct` crate
Note: the `base64ct` crate rejects invalid characters when the
decoding is done on padded strings. However, the `FromStr` impl
for `B64` can have both padded **and** unpadded inputs, so all
inputs are now padded first, before decoding.
2022-06-21 20:02:33 -05:00
Ian Jackson da2e53bf76 tor-chanmgr: Change to use unwrap_void
As per discussion in
  https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/586#note_2813573
2022-06-21 19:19:28 +01:00
Ian Jackson 9779e5a2e2 channel padding: Use IntegerMilliseconds in padding::Parameters 2022-06-21 19:19:28 +01:00
Ian Jackson 7f3f426738 channel padding: Plumb settings from chanmgr 2022-06-21 19:19:22 +01:00
Ian Jackson 7135b7c4c7 channel padding: Make Parameters a pub struct with builder
chanmgr is going to want to make one of these from a NetDir.
2022-06-21 19:19:22 +01:00
Nick Mathewson d95f597323 Run cargo update in preparation for release on Friday 2022-06-21 08:54:12 -04:00
Nick Mathewson 9ae57e8bc4 Merge branch 'reachable_addrs_v2' into 'main'
Implement support for reachable_addrs

Closes #491 and #93

See merge request tpo/core/arti!583
2022-06-17 13:16:16 +00:00
Nick Mathewson fb672dc688 NetDoc: Make AddrPortPattern implement serde traits
I'm using serde_with here to just re-use the Display and FromStr
implementations, since those are what has proven easier to type in
the past.
2022-06-17 08:47:57 -04:00
Nick Mathewson 5509bd0269 Merge branch 'config-fix2' into 'main'
Use impl_standard_builder more and remove manual Default/builder impls

See merge request tpo/core/arti!594
2022-06-16 20:30:34 +00:00
Ian Jackson 61bd8b810a Merge branch 'upgrade_float_eq' into 'main'
Upgrade to float_eq 1.0.0

See merge request tpo/core/arti!591
2022-06-16 17:26:04 +00:00
Ian Jackson c5bbaf470a arti: logging config: Replace a manual Debug impl 2022-06-16 15:27:00 +01:00
Nick Mathewson c4a9c8a1c4 Merge branch 'main' into 'accel-features'
# Conflicts:
#   crates/arti-client/Cargo.toml
2022-06-16 13:24:46 +00:00
Nick Mathewson 519f7dfa88 Upgrade to float_eq 1.0.0 2022-06-16 08:39:03 -04:00
Nick Mathewson 0223c91b26 Merge branch 'high-level-features' into 'main'
Add "full" and "experimental" features to arti, arti-client, and below.

Closes #499

See merge request tpo/core/arti!584
2022-06-16 12:24:47 +00:00
Nick Mathewson 10b38a7d7c Add "accel-*" features to arti-client and arti.
These need to be optional: they improve performance by shifting to
asm implementations, which may not be everybody's idea of good practice.

These are not 'pure' features, since they select one implementation
but disable another.  Therefore they don't go in `full`.

Closes #441.
2022-06-13 10:22:24 -04:00
Nick Mathewson 3673409735 Add a feature to tor-llcrypto to enable sha-1/asm.
SHA1 is a reasonably large part of our CPU usage (sigh), and this
implementation is 20-50% faster, depending on arch.
2022-06-13 10:13:13 -04:00
Nick Mathewson d44dd6f44f Merge branch 'dormant_directory' into 'main'
Use TaskSchedule to sleep in directory bootstrapping

Closes #497

See merge request tpo/core/arti!571
2022-06-13 13:59:26 +00:00
Nick Mathewson 2129aee6cd DirMgr: Use scopeguard crate in place of ad hoc RAII substitutes 2022-06-13 08:28:41 -04:00
Nick Mathewson 8a586a40fa Add "full" and "experimental" features to arti-client and below.
The "full" feature is a catch-all for all features, _except_:

   * Those that select a particular implementation (like
     tor-llcrypto/with-openssl) or build flag (like "static")
   * Those that are experimental or unstable (like "experimental-api")
   * Those that are testing-only.
2022-06-10 15:32:21 -04:00
Nick Mathewson 4f6c4f91c9 Merge branch 'channel' into 'main'
Have channel reactor able to send channel padding

See merge request tpo/core/arti!574
2022-06-10 13:28:51 +00:00
Ian Jackson a38c86a020 Merge branch 'format-ids' into 'main'
Replace four very similar "ids in request"

See merge request tpo/core/arti!577
2022-06-10 11:21:15 +00:00
Ian Jackson 6f92bf9e86 tor-bytes: Provide nested writers 2022-06-09 17:08:56 +01:00
Ian Jackson eb7bcc963b dirclient: Replace four very similar "ids in request"
In reviewing !553 I noticed that the empty digest list error had to be
handled in two places.  I filed #492 about the duplication.

In fact it turns out to have been quadruplication.

The new code also avoids cloning the underlying objects, instead
sorting a Vec of references.
2022-06-09 15:05:32 +01:00
Ian Jackson 3f2e164bc5 tor-proto: padding: Test padding timer distribution 2022-06-08 16:04:58 +01:00
Ian Jackson 0027b2371f tor-proto: channel: Provide padding::Timer 2022-06-08 16:04:58 +01:00
Nick Mathewson 5854e4bbd9 Merge branch 'use-testing-rng' 2022-06-07 19:02:12 -04:00
Nick Mathewson cfad648e16 Merge branch 'llcrypto-openssl' into 'main'
add support for openssl backend in llcrypto

Closes #442

See merge request tpo/core/arti!550
2022-06-07 15:50:48 +00:00
Nick Mathewson aa3a81c3ba Upgrade serial_test dev-dependency to 0.7.0 2022-06-07 09:22:24 -04:00
Nick Mathewson 7f785b66c2 Upgrade float_eq dev-dependency to 1.0.0 2022-06-07 08:03:55 -04:00
Nick Mathewson df06e7b9bc Upgrade tls-api to latest versions in arti-hyper. 2022-06-07 08:01:39 -04:00
Nick Mathewson 1076f25031 Rewrite tests in tor-netdir to use testing_rng()
The randomized tests in this crate take a lot of iterations to
converge, so they default to using a deterministic PRNG seed with
few iterations and higher tolerance, and they only randomize the
tests (with more iterations and tighter tolerances) when you
explicitly opt in to randomization.

(If you specify a seed explicitly, you're doing that to reproduce a
randomized case, so we use the same behavior.)
2022-06-02 15:48:41 -04:00
Nick Mathewson 967ea67b7d Use testing_rng() in tests throughout our crates.
This only affects uses of thread_rng(), and affects them all more or
less indiscriminately.  One test does not work with
ARTI_TEST_PRNG=deterministic; the next commit will fix it.
2022-06-02 14:56:42 -04:00
Nick Mathewson 69d352a7c7 New facility for deterministic and reproducible test PRNGs.
The new `testing_rng()` function is meant as a replacement for
thread_rng() for use in unit tests.  By default, it uses a randomly
seeded RNG, but prints the seed before the test so that you can
reproduce any failures that occur.  You can override this via the
environment to use a previous seed, or by using a deterministic
seed for all your tests.

Backend for #486.
2022-06-02 14:51:51 -04:00
trinity-1686a 0f290da005 add support for openssl backend in llcrypto 2022-05-30 17:22:31 +02:00
Ian Jackson fe9fb6b6ee arti config: Check that example config is exhaustive
This is the final piece of #457.
2022-05-30 16:03:01 +01:00
Nick Mathewson b232365a75 Semantic version changes for Arti 0.4.0 release
I followed the following procedure to make these changes:

* I used maint/changed_crates to find out which crates had changed
  since 0.3.0.
* I used grep and maint/list_crates to sort those crates in
  topological (dependency) order.
* I looked through semver_status to find which crates were listed as
  having semver-relevant changes (new APIs and breaking changes).
* I scanned through the git logs of the crates with no
  semver-relevant changes listed to confirm that, indeed, they had
  no changes.  For those crates, I incremented their patch-level
  version _without_ changing the version that other crates depend on.
* I scanned through the git logs of the crates with no
  semver-relevant changes listed to confirm that, indeed, they had
  no obvious breaking changes.
* I treated all crates that depend on `arti` and/or `arti-client` as
  having breaking changes.
* I identified crates that depend on crates that have changed, even
  if they have not changed themselves, and identified them as having
  a non-breaking change.
* For all of the crates, I used `cargo set-version -p $CRATE --bump
  $STATUS` (where `STATUS` is `patch` or `minor`) to update the
  versions, and the depended-upon versions.
2022-05-27 09:01:20 -04:00
Nick Mathewson 45d21d2520 Bump versions of trivially-changed crates.
These crates had only clippy fixes that do not affect their
behavior:
        tor-bytes
        tor-cell
        tor-events
        tor-linkspec
        tor-netdir
        tor-socksproto

This crate only had the cargo-husky dependency removed, which
does not affect compatibility:
        tor-llcrypto

Since these changes have no compatibility effects, it is not
necessary to bump the versions of these crates which other crates
depend on.
2022-05-27 08:52:44 -04:00
Nick Mathewson f17c9083da Run "cargo update" in preparation for release 2022-05-27 08:30:27 -04:00
Ian Jackson 4bf87d61ca Merge branch 'config-split' into 'main'
Break TorClientConfig out of ArtiConfig and warn on unknown config keys

Closes #459 and #417

See merge request tpo/core/arti!529
2022-05-26 10:40:43 +00:00
Ian Jackson 9c88158740 tor-config: Example for load module 2022-05-24 20:14:57 +01:00
Ian Jackson 865ae13502 tor-config: Support functions for tracking ignored config keys
This turns out to need quite a complicated algorithm.
2022-05-24 20:14:57 +01:00
Nick Mathewson af54b99b40 Run "cargo update" in preparation for the next release. 2022-05-24 15:08:01 -04:00
Nick Mathewson 12f2a47fcb Write custom serde impls for Trusted{User,Group}
We support all of the following (in TOML notation):

```
user = "rose"  # by name
user = 413     # by ID
user = false   # no user
user = ":current"  # A 'special' user.

user = { name: "rose" }
user = { id: 413 }
user = { special: ":none" }
user = { special: ":current" }
```
2022-05-24 10:54:02 -04:00
Nick Mathewson 9dd7b99de1 Add serde derives for MistrustBuilder.
The Group and User (de)serialization is pretty ugly, and I can't
vouch for the correcness of MistrustBuilder.  I will seek feedback
before I proceed.
2022-05-24 10:54:02 -04:00
Nick Mathewson 330582a142 fs-mistrust: Add Group and User types.
This will help make the actual configuration more serializable,
I hope.
2022-05-24 10:54:02 -04:00
Nick Mathewson 95200383b5 fs-mistrust: make Mistrust have a corresponding Builder type.
This is an approximately minimal revision to get Builder in place;
subsequent commits will clean up the API.
2022-05-24 10:54:02 -04:00
Nick Mathewson c27b3cb701 Update to newer sanitize-filename and tinystr. 2022-05-23 16:02:50 -04:00
Ian Jackson 793782acc8 channel: Provide and use Sink::prepare_send_from
This is a general-purpose implementation of the ad-hoc approach
currently taken in (eg) crates/tor-proto/src/channel/reactor.rs,
with an API intended to defned against the more obvious mistakes.

This allows us to separate the two concerns: the channel reactor can
focus on handling channel cells and control messages and is over 2.5x
shorter.

The complexity of the manual sink implementation, and the machinery
needed to avoid having to suspend while holding an item, are dealt
with separately.  That separate implemenation now has proper
documentation.  (Tests are in the nest commit to avoid this one being
even more unwieldy.)

We use `extend` to define this as an extension trait.  A competitor is
`ext` but in my personal projects I have found `extend` slightly
better.
2022-05-23 11:28:05 +01:00
Jim Newsome d54faaf500
async-compression v0.3.12 -> v0.3.14
This is to pick up
https://github.com/Nemo157/async-compression/pull/148#issuecomment-1128862482

Fixes https://gitlab.torproject.org/tpo/core/arti/-/issues/473
2022-05-20 16:33:19 -05:00
Nick Mathewson f70ad60e65 DirMgr: Improve display for DocSource
(Also, implement Display for tor_dirclient::SourceInfo).
2022-05-16 12:42:25 -04:00
Ian Jackson 4e2bd6c798 Abolish arti-config, replacing with tombstone crate 2022-05-13 12:42:30 +01:00
Ian Jackson ef36882807 arti-config abolition: Change references to use tor_config
Generally, change the paths that mention the crate name to go via a
module-level "use".

This involves adding tor-config as a direct dependency for a few
crates.
2022-05-13 12:42:30 +01:00
Ian Jackson 9a3205aeba arti-config abolition: Add deps to tor-config
These are needed to support the code which is moving.
2022-05-13 12:41:27 +01:00
Ian Jackson 58c753429f arti-bench: Disable all fs permissions (fs-mistrust) checks
This is a benchmarking tool, and fs-mistrust doesn't like the
permissions in our CI.  The env var ARTI_FS_DISABLE_PERMISSION_CHECKS
is (of course) specific to arti.  Maybe it should be honoured here,
or this should be done via the config files.

But disabling this is fine for now.
2022-05-13 10:56:56 +01:00
Ian Jackson bb166c14da arti-example-config.toml: Re-un-comment the example settings in test 2022-05-12 14:55:39 +01:00
Ian Jackson ab3bd9d6d5 arti-config: Move cmdline to tor-config
This does not know anything about arti, only about TOML and Config.

Code motion, plus necessary import adjustments.
2022-05-11 18:23:05 +01:00
Ian Jackson c9fee15cbf ConfigurationSource: Move "usual" logic for construction 2022-05-11 15:53:03 +01:00
eta 0597c31a6f Merge branch 'dirmgr-purification-2' into 'main'
Refactor the tor-dirmgr bootstrapping code more gracefully

See merge request tpo/core/arti!488
2022-05-10 17:10:45 +00:00
eta 6fc7a864c7 Remove cargo-husky, and replace with manual instructions
A build script reaching into your .git/hooks/ and modifying them
nonconsensually was a bit of a horrifying concept, and also made it hard
to build arti with the feature disabled. Remove this crate, and replace
it with manual instructions on how to install the hooks in
CONTRIBUTING.md.
2022-05-10 13:36:49 +01:00
eta cad815e31d tor-dirmgr/state.rs: feed through additional parameters, use them
- The additional parameters passed to GetConsensusState are now passed
  through all the states, and used as well.
- WriteNetDir doesn't have a now() or config() method any more, since
  the states now get this from the runtime or the config parameters.
- This required modifying the tests to make a mocked runtime and custom
  config directly, instead of using DirRcv for this purpose.
- Additionally, because we don't have to upgrade a weak reference for
  DirState::dl_config(), that function no longer wraps its return value
  in Result.
- (A bunch of the FIXMEs from the previous commit that introduced the
  additional parameters have now been rectified as a result.)
2022-05-10 11:48:56 +01:00
Nick Mathewson 3b0336e841 netdoc: add a new type for Nicknames
Relay nicknames are always between 1 and 19 characters long, and
they're always ASCII: That means that storing them in a [u8;19] will
always be possible, and always use less resources than storing them
in a String.

Fortunately, the tinystr crate already helps us with this kind of
thing.
2022-05-09 15:59:38 -04:00
Nick Mathewson 4262e9d0ec Merge branch 'use-fs-mistrust' 2022-05-09 15:27:25 -04:00
Nick Mathewson b0f39abe32 arti: use fs-mistrust to validate configuration file locations. 2022-05-09 14:40:29 -04:00
Nick Mathewson 2938268f34 arti-client: Configure and use fs-mistrust.
This is derived from the environment, not the configuration file: We
might not want to trust the configuration file until we've decided
whether we like its permissions.
2022-05-09 14:40:29 -04:00
Nick Mathewson 7b93091f57 Bump the version of every* crate to 0.3.0
* Except for safelog and fs-mistrust, which are new.
2022-05-06 10:03:15 -04:00
Nick Mathewson 013bb26040 Merge branch 'derive-builder-fork' into 'main'
Switch to derive_builder_arti_fork

Closes #446

See merge request tpo/core/arti!490
2022-05-06 13:07:51 +00:00
Ian Jackson 030289481f Switch to derive_builder_arti_fork
For reference, the git source for this crate (and the others in its
workspace) currently lives in my personal github account (ijackson).
If this fork turns out to be long-lived and gains features and/or
users, it would be good to move it to a gitlab somewhere.

I have granted Nick crate ownership on the crates.io system.
2022-05-06 13:36:40 +01:00
Nick Mathewson 4679023c39 Apply `sensitive` in some info-level log messages.
This specifically applies the `sensitive` wrapper in the places
where we're logging target addresses at level "info" or higher.
2022-05-06 07:36:50 -04:00
Nick Mathewson 7aacc6e30c Implement a safe-logging facility.
This is a rough first-cut of an API that I think might help us with
keeping limited categories of sensitive information out of our logs.
I'll refine it based on experiences with using it.
2022-05-06 07:36:48 -04:00
Nick Mathewson 66ee39995d Run "cargo update" in preparation for a release... next week? 2022-05-04 14:17:11 -04:00
Ian Jackson 221fe63430 list_builder: Use Educe to derive Default
This allows us to use this with an item builder type which doesn't
impl Default.  (Obviously this only makes sense for items which aren't
actually builders.)
2022-05-04 17:18:05 +01:00
Ian Jackson 8ad4735d58 Add dependency on paste crate
The list accessor macro is going to want this.
2022-05-04 13:48:30 +01:00
Ian Jackson fbf5e8dcb5 Merge branch 'path' into 'main'
CfgPath overhaul

Closes #449

See merge request tpo/core/arti!478
2022-05-03 17:00:41 +00:00
Ian Jackson 2da84857a5 CfgPath: Test serialisation round-trip with a binary format
Use MessagePack.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
2022-05-03 17:42:54 +01:00
Ian Jackson ed970310e2 CfgPath: Overhaul API
Document that this can contain either a string for expansion, or a
literal PathBuf not for expansion.

Rename the `from_path` method to `new_literal`: a very important
difference is whether it gets expanded - less important than the Rust
type.  Also, now it takes `Into<PathBuf>`, which avoids a needless
clone.

(We don't change the API in `arti-client` because
`&tempfile::Tempdir()` doesn't implement `Into<PathBuf>`, so
`arti-client` has to have some new `as_ref` calls.)

Provide accessors `as_unexpanded_str` and `as_literal_path`.  The
deserialisation already makes this part of the stable API,l so not
pvoding accessors seems just obstructive.  They are useful for tests,
too.

Add tests for the new entrypoints, and for deserialisation of both
variants from TOML (via config, or directly) and JSON.
2022-05-03 17:42:14 +01:00
Nick Mathewson e46edc21fa Merge branch 'fs-mistrust-v2' into 'main'
Second cut at a fs-mistrust crate.

See merge request tpo/core/arti!468
2022-05-03 14:28:28 +00:00
Nick Mathewson 85d7084d95 fs-mistrust: Add code to make a self-named group "trusted".
This required a bit of poking through the `users` crate, to mess
with the user and group dbs.  The original goal was to "trust the
group with the same name as us", but it turned into a bit of a
production, since:

  * We want to take our own name from $USER, assuming that matches
    our uid.  (Otherwise we want to ask getpwuid_r().)
  * We only want to trust the group if we are actually a member of
    that group.
  * We want to cache this information.
  * We want to test this code.
2022-05-03 10:03:32 -04:00
Nick Mathewson 7254fc60eb fs-mistrust: more examples, documentation. 2022-05-03 10:03:32 -04:00
Nick Mathewson 75633109c2 Add functionality to inspect directory content permissions
Also, explain _why_ this is pretty important.
2022-05-03 10:03:32 -04:00
Nick Mathewson c4a5a49b55 Second cut at a fs-mistrust crate.
This crate is meant to solve #315 by giving a way to make sure that
a file or directory is only accessible by trusted users.  I've tried
to explain carefully (in comments and documentation) what this crate
is doing and why, under the assumption that it will someday be read
by another person like me who does _not_ live and breathe unix file
permissions.  The crate is still missing some key features, noted in
the TODO section.

It differs from the first version of the crate by taking a more
principled approach to directory checking: it emulates the path
lookup process (reading symlinks and all) one path change at a time,
thus ensuring that we check every directory which could enable
an untrusted user to get to our target file, _or_ which could
enable them to get to any symlink that would get them to the target
file.

The API is also slightly different: It separates the `Mistrust`
object (where you configure what you do or do not trust) from the
`Verifier` (where you set up a check that you want to perform on a
single object).  Verifiers are set up to be a bit ephemeral,
so that it is hard to accidentally declare that _every_ object
is meant to be readable when you only mean that _some_ objects
may be readable.
2022-05-03 10:03:32 -04:00
trinity-1686a d1bd9e209f update tls-api to 0.8.0
and remove corresponding RUSTSEC from ignored list
2022-04-28 17:43:32 +02:00
eta 6f787e1e77 Merge branch 'derive-builder-git-fixup' into 'main'
derive_builder: Use git dep everywhere, rather than cargo patch

See merge request tpo/core/arti!477
2022-04-27 14:31:08 +00:00
Ian Jackson a97ad69855 derive_builder: Use git dep everywhere, rather than cargo patch
The `[patch]` approach causes the tree not to build when used as a
dependency, unless the `[patch]` is replicated into the depending
project.

Instead, replace our `derive_builer =` dependencies with a reference
to a specific git commit:

  perl -i~ -pe 'next unless m/^derive_builder/; s#"(0\.11\.2)"#{ version = "$1", git = "https://github.com/ijackson/rust-derive-builder", rev = "ba0c1a5311bd9f93ddf5f5b8ec2a5f6f03b22fbe" }#' crates/*/Cargo.toml

Note that the commitid has changed.  This is because derive_builder is
in fact a workspace of 4 crates.  3 of them are of interest to arti
itself (the 4th exists only for testing).  So the same "add git
revision" treatment had to be done to the `derive_builder` and
`derive_builder_macro` crates.  Each dependency edge involves a new
commit in the derive_builder workspace, since we can't create a git
commit containing its own commitid.  (We want to use commits, rather
than a branch, so that what we are depending on is actually properly
defined, and not subject to the whims of my personal github
namespace.)

There are no actual code changes in derive_builder.
2022-04-27 14:57:59 +01:00
Nick Mathewson f8dbad941e Bump async_executors to 0.6 2022-04-26 12:16:22 -04:00
Nick Mathewson aaab6f3812 Upgrade to AES 0.8
Now that we require Rust 1.56, we can upgrade to AES 0.8.  This
forces us to have some slight API changes.

We require cipher 0.4.1, not cipher 0.4.0, since 0.4.0 has
compatibility issues with Rust 1.56.
2022-04-26 12:16:22 -04:00
Nick Mathewson 6b5cefcccf Bump to config 0.13 2022-04-26 12:16:22 -04:00
Nick Mathewson fe0e5b4ded Upgrade tracing-journald to 0.3.0 2022-04-26 12:16:22 -04:00
Nick Mathewson 5586f0d039 Upgrade to Postage 0.5.0 2022-04-26 12:16:22 -04:00
Nick Mathewson ae72d21092 Upgrade to rlimit 0.8.3, again.
Now that our MSRV is at 1.56, we can use the latest rlimit.

It has to be 0.8.3 (not "0.8"), since 0.8.2 has compatibility issues
with 1.56.
2022-04-26 12:16:22 -04:00
Ian Jackson 961f6b527e config list-builder: Allow overriding the per-item build method
This will be useful especially for simple lists where the entry
doesn't need a separate builder type.
2022-04-25 17:04:23 +01:00
Ian Jackson 61425a96bd fallback list: Move default list into tor-guardmgr
This is where the FallbackList type is.  We are going to want to
provide a builder too, which ought to impl Default.

This means that the default value for the type must be next to the
type.  In any case, it was anomalous that it wasn't.

This commit is pure code motion.
2022-04-22 17:39:58 +01:00
Ian Jackson 6da7a2e3e2 Use git source for derive_builder for now, for sub_builder feature
This commitid is the current head of my MR branch
  https://github.com/colin-kiegel/rust-derive-builder/pull/253
  https://github.com/ijackson/rust-derive-builder/tree/field-builder
Using the commitid prevents surprises if that branch is updated.

We will require this newer version of derive_builder.  The version
will need to be bumped again later, assuming the upstream MR is merged
and upstream do a release containing the needed changes.

We will need the new version of not only `derive_builder_core` (the
main macro implementation) but also`derive_builder` for a new error
type.
2022-04-21 14:07:28 +01:00
Nick Mathewson ac8d444aa3 Merge branch 'ticket_282' into 'main'
Remove obsolete files from our state directory.

Closes #282

See merge request tpo/core/arti!457
2022-04-14 12:18:30 +00:00
Nick Mathewson 64699a2b99 Remove obsolete files from our state directory.
This patch removes files created by older versions of arti, if they
are at least 4 weeks old.

Closes #282
2022-04-12 17:15:05 -04:00
Nick Mathewson 5f5cbdc08e GuardMgr: publish skew estimates.
Instead of just having a function that recalculates the latest clock
skew, instead recalculate the clock skew when it may have changed,
and notify other processes via a postage::watch.
2022-04-12 08:03:49 -04:00
Nick Mathewson cf362fac9f Implement a better clock skew estimator.
This time, our estimator discards outliers, takes the mean of what's
left, and uses the standard deviation to try to figure out how
seriously to take our report of skew/not-skew.

These estimates are still not actually used.
2022-04-11 12:34:16 -04:00
Nick Mathewson eedee51899 Initial functions to determine and expose a clock skew estimate.
(This is just a placeholder; I'm going to make the functions
smarter in the next commit.)
2022-04-07 16:01:46 -04:00
Nick Mathewson 4acba0df9b Downgrade `rlimit` to 0.7.
Upstream 0.8.2 has broken compilation with Rust 1.53; versions
0.8.{0,1} have been yanked.

Possibly by the time the next arti version comes out, they'll have
fixed this situation, or we'll have upgraded our MSRV.

Upstream issue at https://github.com/Nugine/rlimit/issues/42 .
2022-04-06 10:21:33 -04:00
Nick Mathewson 160cb91669 RetryTime: use strum::EnumDiscriminants to simplify loose_cmp.
Also add tests for RetryTime comparison functions to make sure they
work as expected.
2022-04-04 11:15:18 -04:00
Nick Mathewson 3676826d03 tor-error: Add a new RetryTime type and related trait. 2022-04-04 11:09:25 -04:00
Nick Mathewson e6c6628adb Update rlimit to 0.8.1
This is necessary to fix build for M1 apples.
2022-04-02 08:10:18 -04:00
Nick Mathewson 5b2fc118df Bump all arti*, tor* crates to 0.2.0
Not all of these strictly need to be bumped to 0.2.0; many could go
to 0.1.1 instead.  But since everything at the tor-rtcompat and
higher layers has had breaking API changes, it seems not so useful
to distinguish.  (It seems unlikely that anybody at this stage is
depending on e.g. tor-protover but not arti-client.)
2022-04-01 09:15:18 -04:00
Nick Mathewson aae242af22 Bump caret, retry-error to 0.1.1
Unlike the rest of the crates, these don't have a "tor-" or "arti-"
prefix, and are potentially used by code outside arti.  With that in
mind, it's probably for the best not to bump them to 0.2.0 along
with the rest of our crates.

They have had no changes since 0.1.0 other than refactoring and
changing of clippy lints.  Therefore, I'm not bumping the
dependencies from other crates onto these: it's fine whether our
other crates use caret/retry-error 0.1.0 or 0.1.1.
2022-04-01 09:14:46 -04:00
Nick Mathewson a7cf65ca0d Update Cargo.lock based on build. 2022-04-01 09:03:25 -04:00
Nick Mathewson ae387f5eeb Merge branch 'upgrade_pre_020' into 'main'
Run cargo upgrade/update in preparation for 0.2.0

See merge request tpo/core/arti!444
2022-04-01 12:48:50 +00:00
Nick Mathewson 8393a341e7 Final "cargo update" before 0.2.0 2022-04-01 08:05:38 -04:00
Nick Mathewson e98aa50e72 Directory filtering in arti-testing.
This feature allows us to detect different failing cases for
arti#329 that would otherwise be hard to induce.  It works by
filtering consensus directory objects and/or microdescriptor objects
before introducing them to the directory manager.

Closes #397.
2022-03-31 09:27:27 -04:00
Nick Mathewson b1b7ef00a0 tor-netdoc: Conditionally expose document fields.
This commit uses the `visibility` and `visible` crates to
conditionally make certain structs and their fields public
(respectively).  This is incredibly dangerous to use for anything
besides testing, and I've tried to write the documentation for the
feature accordingly.
2022-03-31 09:27:27 -04:00
Nick Mathewson df3c51c8a0 Use derive_more to derive AsRef. 2022-03-30 10:41:40 -04:00
Nick Mathewson 9da43189f3 Turn FallbackList into a real type, and store one in GuardMgr.
The guard manager is responsible for handing out the first hops of
tor circuits, keeping track of their successes and failures, and
remembering their states.  Given that, it makes sense to store this
information here.  It is not yet used; I'll be fixing that in
upcoming commits.

Arguably, this information no longer belongs in the directory
manager: I've added a todo about moving it.

This commit will break compilation on its own in a couple of places;
subsequent commits will fix it up.
2022-03-30 10:39:06 -04:00
Nick Mathewson 80b65c3a4d Move fallback.rs into guardmgr.
This is the logical place for it, I think: the GuardMgr's job is to
pick the first hop for a circuit depending on remembered status for
possible first hops.  Making this change will let us streamline the
code that interacts with these objects.
2022-03-30 10:34:48 -04:00
eta ac64bdea27 Make daemon tasks self-contained; introduce NetDirProvider
The various background daemon tasks that `arti-client` used to spawn are
now handled inside their respective crates instead, with functions
provided to spawn them that return `TaskHandle`s.

This required introducing a new trait, `NetDirProvider`, which steals
some functionality from the `DirProvider` trait to enable `tor-circmgr`
to depend on it (`tor-circmgr` is a dependency of `tor-dirmgr`, so it
can't depend on `DirProvider` directly).

While we're at it, we also make some of the tasks wait for events from
the `NetDirProvider` instead of sleeping, slightly increasing
efficiency.
2022-03-30 14:26:43 +01:00
Nick Mathewson 3bab96f064 Upgrade to rusqlite 0.27.0 2022-03-29 13:27:08 -04:00
Nick Mathewson b0a978c23a Run cargo-update in preparation for Arti 0.2.0
(Doing this a few days ahead of time to give updated code time to
get testing)
2022-03-29 13:22:28 -04:00
Nick Mathewson 87a3f6b58a dirclient: Remember the source of each resposne we receive. 2022-03-21 09:06:32 -04:00
Nick Mathewson fdd80dbf5b derive_builder: more entries in Cargo.lock 2022-03-21 09:04:00 -04:00
Ian Jackson 32d3076a82 Move logging configuration from arti_config::options to arti::logging
Code motion and import fixups.
2022-03-21 11:44:21 +00:00
Ian Jackson 8aea5c9e43 Move ArtiConfig to new arti::cfg module
Code motion and import fixups.
2022-03-21 11:42:33 +00:00
Nick Mathewson 2818a3cb35 Merge branch 'test-isolation' into 'main'
new api for isolation

See merge request tpo/core/arti!377
2022-03-17 12:46:13 +00:00
Ian Jackson 40bede587c Merge branch 'config-partials-transparent' into 'main'
Absolish builders for CircMgrConfig and DirMgrConfig

See merge request tpo/core/arti!417
2022-03-17 12:30:46 +00:00
Ian Jackson 82aa4b902a Provide define_accessor_trait and use it to generate CircMgrConfig 2022-03-16 19:31:05 +00:00
Ian Jackson 8d54c0f073 Change type of TorClientConfig::override_net_params
Now we use NetParams.  That implies making its constructor public,
which I think it fine.

This is related to #413 but is far from completing that ticket.
2022-03-16 19:30:59 +00:00
trinity-1686a cb00ac677b replace Arc with Box and use dyn-clone
this also removes JoinResult
2022-03-16 19:24:23 +01:00
trinity-1686a 4826d757ac use downcast-rs instead of our own AsAny 2022-03-16 19:24:19 +01:00
Ian Jackson fb4111f524 Merge branch 'derive-builder' into 'main'
derive_builder: Switch to upstream 0.11

See merge request tpo/core/arti!414
2022-03-16 17:54:53 +00:00
Ian Jackson da787d074a derive_builder: Switch to upstream 0.11
This has the different syntax for builder field attributes than what I
originally proposed in my MR, and which therefore is in the pinned
branch.

My upstream MR for the field attributes feature was morged:
  https://github.com/colin-kiegel/rust-derive-builder/issues/239
2022-03-16 16:34:44 +00:00
Nick Mathewson 67645473d5 Move RetryDelay from dirmgr to basic-utils.
This (almost) a pure code-movement commit: it also makes one public
function private in order to suppress a warning.
2022-03-16 08:31:54 -04:00
trinity-1686a 604362bf80 actually add DNS support 2022-03-14 21:04:38 +01:00
eta 258e42ad3e Merge branch 'slice-from-ref' into 'main'
Simpify tor-netdoc TokVal

See merge request tpo/core/arti!404
2022-03-14 13:14:05 +00:00
Ian Jackson 8f5d089f53 Revert "humantime_serde_option: New module in tor-basic-utils"
We have upstreamed this code.

This reverts commit 6193c9d974.
2022-03-14 10:33:59 +00:00
Ian Jackson 8b8c2a426e humantime: Update to humantime-serde 1.1.1
This has the humantime_serde::option module, which we have upstreamed
and are about to switch to.

The remaining dependency with  version = "1"  is going to be removed
in a moment.
2022-03-14 10:33:59 +00:00
Ian Jackson 888eea47b3 tor-netdoc: Actually, make TokVal be a Vec
This enum was otiose: its set of valid values is precisely those of a
Vec.  (Indeed what would TokVal::Multi(vec![]) have meant?)
2022-03-11 18:42:01 +00:00
Ian Jackson 6761cf2b69 Merge branch 'config-no-retcon' into 'main'
Drop config back-conversion from FooConfig to FooConfigBuilder

See merge request tpo/core/arti!391
2022-03-10 14:47:01 +00:00
Ian Jackson 416b56d852 Use git source for derive_builder for now, for attrs feature
We are going to want to specify custom attributes on fields of the
builder struct.  This feature was missing from derive_builder.

This commitid is the current head of my MR branch
  https://github.com/colin-kiegel/rust-derive-builder/pull/237
  https://github.com/ijackson/rust-derive-builder/tree/builder-field-attrs
Using the commitid prevents surprises if that branch is updated.

We will require this newer version of derive_builder.  The version
will need to be bumped again later, assuming the upstream MR is merged
and upstream do a release containing the needed changes.
2022-03-07 15:56:57 +00:00
Nick Mathewson ca6070b962 arti-testing: Initial support for broken TCP.
This commit adds support for a BrokenTcp provider that can make
connection attempts fail or time out.  It doesn't yet have a way to
turn on the failure.
2022-03-07 10:12:48 -05:00
Ian Jackson 6193c9d974 humantime_serde_option: New module in tor-basic-utils
This will be used to allow our config *builder* structs to be
Deserialize.
2022-03-07 12:38:30 +00:00
Ian Jackson b095265257 Merge branch 'educe-traits' into 'main'
Replace many manual trait impls with use of educe

See merge request tpo/core/arti!375
2022-03-04 18:00:17 +00:00
eta 8d26726fdf Merge branch 'arti-testing-part1' into 'main'
arti-testing: Initial implementation

See merge request tpo/core/arti!378
2022-03-04 16:29:41 +00:00
Ian Jackson ebfd734956 Move skip_fmt into tor-basic-utils
Code motion and the minimal mechanical changes.

As per
  https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/375#note_2783078
2022-03-04 11:45:24 +00:00
Ian Jackson aba68088d1 Introduce tor-basic-utils
Empty crate right now
2022-03-04 11:45:24 +00:00
Nick Mathewson 9329c7b878 arti-testing: Initial implementation
This commit adds a new program to try to implement the ideas behind
experimentation in arti#329.  In particular, it tries to implement
basic client "can I bootstrap and connect" functionality testing,
with a lot of instrumentation, and support for breaking things.

So far, the instrumentation is limited to counting TCP bytes and
connections, and counting events.  Still, this is enough to measure
behavior on some of the incorrect-clock tests.

NOTE:

For now, you are _required_ to pass in an explicit configuration, in
hopes that this will lead you to override your storage directories
for doing specific experiments.
2022-03-03 13:05:30 -05:00
Ian Jackson 1b8a8f933a Replace manual Debug impl with educe in arti-client 2022-03-02 18:06:37 +00:00
Ian Jackson decdd05ec5 Replace manual Clone impl with educe in arti-hyper 2022-03-02 18:06:37 +00:00
Ian Jackson ea03cc4084 Replace manual Clone impl with educe in tor-rtcompat 2022-03-02 18:06:37 +00:00
Ian Jackson 9dca756e23 Replace manual Debug impls with educe in tor-proto
We now print slighly more information.
2022-03-02 18:06:37 +00:00
Ian Jackson 210b9b70a8 Replace manual Debug impl with educe in tor-dirmgr 2022-03-02 18:06:37 +00:00
Ian Jackson f467f4666e Replace manual Debug impl with educe in tor-chanmgr 2022-03-02 18:06:37 +00:00
Ian Jackson 1c44dfa595 Replace manual Debug impl with educe in tor-cell 2022-03-02 18:03:00 +00:00
Ian Jackson b2d8c14c90 Replace manual Debug impl with educe in tor-guardmgr 2022-03-02 18:03:00 +00:00
Ian Jackson f474a583f1 Replace manual Debug impl with educe in tor-circmgr 2022-03-02 18:03:00 +00:00
Ian Jackson c1b80d6503 Import educe into tor-bytes and provide skip_fmt
Preparatory work for getting rid of some manual Debug impls
2022-03-02 18:03:00 +00:00
Ian Jackson 72bb8e7f28 Switch to shellexpand-fork version of shellexpand
Apropos discussion in
  https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/274
2022-03-02 12:14:51 +00:00
Nick Mathewson e8e9791a97 Bump all crates to 0.1.0 2022-03-01 08:59:34 -05:00
Nick Mathewson 8a5b766539 Final "cargo update" before relase. 2022-03-01 08:36:31 -05:00
Ian Jackson c397c772e6 arti-hyper: Provide TLS connector and make space for TLS stream
Add tls_conn field to ArtiHttpConnector (and argument to constructor).
Introduce MaybeHttpsStream and use it in ArtiHttpConnection.
Have the example program pass the native TLS connector.

Currently the TLS connector and the HTTPS variant are not used, but
this commit is very noisy and fomrulaic, so I have split out the code
to use them into a separate commit for easier preparation and review.
2022-02-28 13:07:44 +00:00
Nick Mathewson 4bd620b4ff Run "cargo upgrade" in preparation for 0.1.0.
(It's good to do this a couple of days in advance in case it turns
up any bugs.  That's how we caught the panic bug in simple_asn1
0.6.0)
2022-02-25 11:32:09 -05:00
Nick Mathewson a3bc59918d Upgrade to newer version of config crate. 2022-02-25 09:20:48 -05:00
Nick Mathewson c627f50544 Upgrade dependency to new version of rlimit. 2022-02-25 08:45:24 -05:00
Ian Jackson fc35ffd6cd arti-hyper: impl HasKind for ConnectionError 2022-02-23 14:35:41 +00:00
Ian Jackson 80d8edc51f arti-hyper: Introduce new ConnectionError type
We need this not to use anyhow because we don't want our libraries to
expose anyhow, and this is about to go into the library.
2022-02-23 14:34:53 +00:00
Ian Jackson 0cf9751d7f arti-hyper: Move hyper example from arti-client
Code motion and consequential dependency adjustments.
2022-02-23 13:55:17 +00:00
Ian Jackson 0f80be6b35 arti-hyper: empty crate skeleton 2022-02-23 13:55:14 +00:00
Ian Jackson 8c4726b55e Provide error reporter and use it in the arti binary 2022-02-18 12:10:31 +00:00
Nick Mathewson 83d001d661 Merge branch 'remaining-errors' 2022-02-17 14:22:47 -05:00
Nick Mathewson 2a7087ff93 dirmgr: Remember where netdocs came from.
This isn't complete (see TODO), but it's enough to let us report the
right ErrorKind if something fails to parse.
2022-02-16 16:28:23 -05:00
eta 30439f9dc2 Merge branch 'eta/lazy-init' into 'main'
arti-client: add ability to automatically bootstrap

Closes #278

See merge request tpo/core/arti!322
2022-02-16 20:08:38 +00:00
Nick Mathewson 49c87fa8f9 Implement HasKind for tor_dirclient::Error 2022-02-16 14:53:58 -05:00
eta 790ea4af4b arti-client: add ability to automatically bootstrap
The new `BootstrapBehavior` enum controls whether an unbootstrapped
`TorClient` will bootstrap itself automatically (`Ondemand`) when an
attempt is made to use it, or whether the user must perform
bootstrapping themselves (`Manual`).

The `lazy-init` example shows how you could write a simple
`get_tor_client()` function that used a global `OnceCell` to share
a Tor client across an entire application with this API.

closes arti#278
2022-02-16 19:29:16 +00:00
Nick Mathewson 2147d0849f Merge branch 'cell-proto-error' into 'main'
tor-cell and tor-proto: provide HasKind.

See merge request tpo/core/arti!304
2022-02-16 16:55:14 +00:00
Nick Mathewson 7b6a7a57d3 Merge branch 'doc-errors' into 'main'
Refactor errors in tor-netdoc

See merge request tpo/core/arti!314
2022-02-15 15:09:48 +00:00
Nick Mathewson f23f375e42 tor-proto: use InternalError for internal errors. 2022-02-15 09:41:11 -05:00
Nick Mathewson da0e9e456c tor-cell: provide HasKind.
Additionally, refactor the IoError out of tor_cell::Error:
nothing in TorCell created this; it was only used by tor_proto.

This required refactoring in tor_proto to use a new error type. Here I
decided to use a new CodecError for now, though we may refactor that
away soon too.
2022-02-15 09:41:10 -05:00
Nick Mathewson b6d23c36be Refactor tor_netdoc::Error
This error type doesn't impement HasKind, since the kind will depend
on context.

However, the existing implementation was pretty messy and inconsistent:
Some errors had positions, some didn't.
Some took messages as str, some as String.
Some had internal errors that were somewhat orthogonal to their actual
types.

This commit refactors tor_netdoc::Error to use a ParseErrorKind, and
adds a set of convenience functions to add positions and
messages to the errors that need them.
2022-02-14 13:08:28 -05:00
Nick Mathewson 8ea95aee7a Simplify wait_for_bootstrap to use a Mutex.
Since the only purpose of this function is to make sure that no
bootstrapping task is running, a simple futures:🔒:Mutex
should do the job just fine.

Closes #337.
2022-02-14 09:59:37 -05:00
Nick Mathewson 7885db406a Merge branch 'eta/unbootstrapped-clients' into 'main'
Allow creating unbootstrapped `TorClient`s (and `DirMgr`s)

Closes #293

See merge request tpo/core/arti!298
2022-02-11 17:43:46 +00:00
eta 882e75cd28 Allow creating unbootstrapped `TorClient`s (and `DirMgr`s)
This commit changes how the `TorClient` type works, enabling it to be
constructed synchronously without initiating the bootstrapping process.
Daemon tasks are still started on construction (although some of them
won't do anything if the client isn't bootstrapped).

The old bootstrap() methods are now reimplemented in terms of the new
create_unbootstrapped() and bootstrap_existing() methods.

This required refactoring how the `DirMgr` works to enable the same sort
of thing there.

closes #293
2022-02-11 16:42:19 +00:00
Nick Mathewson f6189e174b tor-socksproto: Implement HasKind
(This error isn't yet wrapped in TorError, but it will be eventually
when we implement socks proxy and PT support.)
2022-02-11 09:36:57 -05:00
Nick Mathewson 7670a26d9c tor-bytes: Use InternalError.
This crate's Error type is too low-level to have an ErrorKind, but
it does make sense to use InternalError for the internal errors
here.
2022-02-09 14:39:04 -05:00
Nick Mathewson cb6de69ef6 tor-config: Add HasKind support.
This required a few new ErrorKinds.
2022-02-09 12:30:20 -05:00
Yuan Lyu f6f732a478 Expire channels that have been unused for too long 2022-02-04 22:52:51 -05:00
Ian Jackson 68d0ec437f spawn errors: impl HasKind for futures::SpawnError
This needs two kinds.  We have decided to treat a non-shutdown
SpawnError as "unexplained" rather than as an InternalError.

There are many crates whose
  From<futures::task::SpawnError> for Error
erroneously treat it as an internal error.  We will fix them in a moment.
2022-02-04 14:42:37 +00:00
Ian Jackson 6e1dc612cc tor-error: Add as a ddpendency to many crates
Doing this here makes it easier when I rebase/reorder things
2022-02-04 14:42:37 +00:00
Ian Jackson c963bd648b tor-error: Introduce InternalError as a type and a kind
This can contain a backtrace, which will be printed.
2022-02-04 14:42:37 +00:00
Ian Jackson 9e5b6fa820 tor-error: Skeleton for new crate
As per doc/Errors.md.

Currently there are no error kinds.  Some will be added as we go along.
2022-02-04 14:33:09 +00:00
Nick Mathewson b4c3aaf362 Reload configuration when our configuration files change.
Closes #270
2022-02-01 16:04:53 -05:00
Nick Mathewson 329bde58dd Bump tor-netdir and tor-guardmgr versions
tor-netdir needs to bump because tor-netdoc bumped, even though
there were no other changes in tor-netdir.  Whoops.

tor-guardmgr needs to bump because it already published, with the
older tor-netdir.
2022-01-31 11:05:34 -05:00
Nick Mathewson 01d9937308 Bump the patch version of every crate that changed since 0.0.3 2022-01-31 10:30:52 -05:00
Nick Mathewson 2f51add62f Run "cargo update" in preparation for monday's release. 2022-01-28 08:38:54 -05:00
Nick Mathewson 9c043a648a arti: be more careful to use the user-selected runtime 2022-01-26 14:31:49 -05:00
Nick Mathewson d1d121aac6 Refactor native_tls usage into its own module
This change uses the async-native-tls crate for everything, and
deletes some duplicated code.
2022-01-25 13:16:39 -05:00
Nick Mathewson 8def5a0d89 tor-rtcompat: Add support for rustls.
This is based on @janimo's approach in !74, but diverges in a few
important ways.

1. It assumes that something like !251 will merge, so that we can
   have separate implementations for native_tls and rustls compiled
   at the same time.

2. It assumes that we can implement this for the futures::io traits
   only with no real penalty.

3. It uses the `x509-signature` crate to work around the pickiness of
   the `webpki` crate.  If webpki eventually solves their
   [bug 219](https://github.com/briansmith/webpki/issues/219), we
   can remove a lot of that workaround.

Closes #86.
2022-01-25 13:16:39 -05:00
Nick Mathewson 17920e43f8 Refactor Runtimes to use separate TLS implementations internally.
This will make it easier to implement them using some other TLS
provider as well, without having to duplicate all of our code.
2022-01-19 15:47:26 -05:00
Nick Mathewson db2ca6ebc4 Merge branch 'bootstrap_reporting' 2022-01-19 08:40:36 -05:00
Nick Mathewson c162e57e29 tor-chanmgr: Add bootstrap/status reporting.
The information is pretty basic here: we use "have we been able to
connect/TLS-handshake/Tor-handshake" as a proxy for "are we on the
internet? Are we on a reasonably unfiltered part of the internet?"

Eventually we'll want to make the information gathered and exported
more detailed: I've noted a few places in the code.  For now,
however, this is about as good as C Tor does today, and it should be
a good starting point.

This uses a slightly different design from tor-dirmgr.  Instead of
exporting an entire state structure via `postage::watch`, it exports
only the parts of that structure which the user is supposed to
read.  I think that's more reasonable in this case because most of
the possible internal transitions in the tor-chanmgr state don't
cause a change in the exposed status.
2022-01-18 13:06:08 -05:00
Nick Mathewson f34faec7d9 tor-dirmgr: Create a bootstrap-status exporting mechanism.
The interface is similar to the one exposed by `arti-client`: it
internally uses postage::watch to give a series of events showing
when a bootstrap status is changing.

Thanks to the existing state/driver separation in the DirMgr design
we don't need much new logic: each download state needs to expose
(internally) how far along it is in its download, which the
bootstrap code passes to the DirMgr if it has changed.

I believe that in the long run, we'll probably want to expose more
(or different) information here, and we'll want to process it
differently.  With that in mind, I've made the API for
`DirBootstrapStatus` deliberately narrow, so that we can change its
of its internal later on without breaking code that depends on it.

(The information exposed by this commit is not yet summarized in
`arti-client`.)

Part of #96.
2022-01-18 13:06:08 -05:00
eta 51ddac646b Merge branch 'eta/292-1' into 'main'
arti-bench: add support for multiple samples & averaging

See merge request tpo/core/arti!240
2022-01-14 15:18:58 +00:00
eta 82beb52fca arti-bench: add support for multiple samples & averaging
We now do multiple samples (configurable; default 3) per type of
`arti-bench` benchmark run, and take a mean and median average of all
data collected, in order to hopefully be a bit more resilient to random
outliers / variation.

This uses some `futures::stream::Stream` hacks, which might result in
more connections being made than required (and might impact the TTFB
metrics somewhat, at least for downloading).

Results now get collected into a `BenchmarkResults` struct per type of
benchmark, which will be in turn placed into a `BenchmarkSummary` in a
later commit; this will also add the ability to serialize the latter
struct out to disk, for future reference.

part of arti#292
2022-01-14 15:00:11 +00:00
Nick Mathewson 1bd2790d51 Implement the basics of a bootstrap-status API.
The purpose of a this API is to tell the user how far along Arti is
in getting bootstrapped, and if it's stuck, what it's stuck on.

This API doesn't yet expose any useful information: by the time it's
observable to a client, it's always "100% bootstrapped."  But I'm
putting it in a MR now so that we can review the basic idea, and to
avoid conflicts with later work on tickets like #293 and #278.

This is part of #96.
2022-01-13 10:29:49 -05:00
Nick Mathewson f89b0bc752 guardmgr::..::sample_test: Fix intermittent failure.
This test should only fail very rarely (around 1/2.4e8) when guards
are chosen from a list of 20 with uniform probability.  But that
wasn't what we were doing on the mock test network: we were choosing
from a list of 10 viable guards, with nonuniform probability.

As a fix, we change the test network probabilities so that the
guards _are_ chosen with a uniform probability for this test, and we
use a modified version of the test network where there are indeed 20
Guard-flagged relays with the required DirCache=2 protocol.

Closes #276.
2022-01-11 11:35:16 -05:00
Nick Mathewson 7d3482ca1a Bump all crate versions to 0.0.3. 2022-01-11 09:40:32 -05:00
Nick Mathewson 1b6b889c2c Run "cargo update". 2022-01-11 09:27:22 -05:00
Nick Mathewson 1a16f5a7d6 Tracing configuration for logfiles, per-target filters
Previously we could only configure one global tracing filter that
applied to stdout and journald.  There was no support for log files,
either.

This patch fixes both issues, by substantially revising the
configuration format: There are now separate filters for each log
file, for journald, and for the console log.  Because we want to
allow multiple logfiles, they have to go into an array in the
configuration.

The configuration logic has grown a bit complicated in its types,
since the tracing_subscriber crate would prefer to have the complete
structure of tracing Layers known statically. That's fine when you
know how many you have, and which kinds there will be, but for
the runtime-configuration case we need to mess around with
`Box<dyn Layer ...>`.

I also had to switch from tracing_subscriber's EnvFilter to its
Targets filter.  It seems "EnvFilter" can only be applied as a Layer
in itself, and won't work as a Filter on an individual Layer.

Closes #166.

Closes #170.
2022-01-10 13:23:11 -05:00
eta b01f695f53 Merge branch 'arti-bench' into 'main'
Introduce an experimental benchmarking utility for Arti

See merge request tpo/core/arti!195
2021-12-16 20:47:47 +00:00
eta 06a94288ca Introduce an experimental benchmarking utility for Arti
The new `arti-bench` crate does a simple end-to-end benchmark test
embedding Arti: it generates some random data (of configurable amount,
depending on command-line parameters), and then sends said data back and
forth via Arti (which should be configured to use a local Chutney
network).

Additionally, the benchmark can also be run via a local SOCKS5 server
(in order to benchmark the performance via a local Chutney node, for
comparison).

The `tests/chutney/arti-bench.sh` sets up and tears down Chutney as
required to make this work.

This is very much a first cut; there are many things that should
eventually get added, such as support for multiple connections, JSON
output capabilities, running multiple tests, ...
2021-12-16 16:12:59 +00:00
Nick Mathewson 7f4578bec1 Refactor directory events to use a FlagPublisher mechanism.
This approach tries to preserve the current interface, but uses a
counter-based event backend to implement a coalescing stream of
events that can be represented as small integers.  The advantage
here is that publishing events no longer needs to be a blocking
operation, since there is no queue to fill up.
2021-12-14 14:05:02 -05:00
eta 8040f7afb2 Merge branch 'reconfigure' into 'main'
Make most arti-client fields reconfigurable.

See merge request tpo/core/arti!181
2021-12-13 14:49:23 +00:00
Trinity Pointard 7dd1a20d42 update rusqlite and revert minimal version change 2021-12-09 11:51:39 +01:00
Nick Mathewson 4536c2ac87 Upgrade to digest v0.10.0
We generally try to track the latest rust-crypto traits when we can:
fortunately, this upgrade didn't break much, considering.
2021-12-07 20:33:46 -05:00
Nick Mathewson b3b6a92145 Add a few tests to tor-config. 2021-12-07 19:52:49 -05:00
Nick Mathewson 606d64eac5 Sketch API for reconfiguration.
This patch doesn't actually make anything reconfigurable, but it
does create an API that will tell you "you can't change the value of
that!"  If the API looks reasonable, I can start making it possible
to change the values of individual items.
2021-12-07 15:42:14 -05:00
eta 47c3163ce5 Merge branch 'bug252' into 'main'
Make DNS fields in arti-client/src/client.rs configurable

Closes #252

See merge request tpo/core/arti!171
2021-12-07 17:27:38 +00:00
eta 45b96579b8 Merge branch 'preemptive-config' into 'main'
Allow configurability on preemptive circuits

Closes #245

See merge request tpo/core/arti!164
2021-12-07 15:04:42 +00:00
Neel Chauhan 0e9c2d274e Allow configurability on preemptive circuits 2021-12-07 15:04:41 +00:00
Nick Mathewson d33d7f7fdd tor-netdir: Use reproducible RNG in tests.
The rand crate's documentation says it's not okay to rely on StdRng
having reproducible output.  So instead, let's switch to ChaCha12Rng
instead (which is what StrRng currently uses).
2021-12-06 15:11:03 -05:00
Neel Chauhan f32a10865e Make DNS fields in arti-client/src/client.rs configurable 2021-12-03 10:28:42 -08:00
Neel Chauhan d586925388 tor-netdir: Use bitflags for WeightKind 2021-11-30 15:16:12 -08:00
Nick Mathewson 92c56eaa83 One more "cargo update" before the release. 2021-11-30 09:17:31 -05:00
Nick Mathewson eef81d9d57 Bump every crate by one patch version. 2021-11-29 15:21:58 -05:00
Nick Mathewson 805e558045 Run "cargo update" to get latest versions.
Also fix a couple of warnings introduced by now-unneeded imports
with new ed25519 crate.

This is part of the process for releasing our next version.
2021-11-29 14:52:53 -05:00
eta e35a8bf60e Merge branch 'arti-client-config' into 'main'
Further configuration refactoring

See merge request tpo/core/arti!137
2021-11-22 15:43:22 +00:00
eta ee2ec31ede Merge commit '98f38dc' (arti!131) into HEAD
This commit message totally gives away the cursed way in which I use
git. branches? what are those?
2021-11-22 14:40:18 +00:00
eta 98f38dc186 Initial cut at a typed event framework for arti (arti#230).
This implements a basic typed event broadcast mechanism, as described in
arti#230: consumers of the new `tor-events` crate can emit `TorEvent`
events, which others can consume via the `TorEventReceiver`.

Under the hood, the crate uses the `async-broadcast`
(https://github.com/smol-rs/async-broadcast) crate, and a
`futures::mpsc::UnboundedSender` for the event emitters; these are glued
together in the `EventReactor`, which must be run in a background thread
for things to work. (This is done so event sending is always cheap and
non-blocking, since `async-broadcast` senders don't have this
functionality.)

Additionally, the `TorEventKind` type is used to implement selective
event reception / emission: receivers can subscribe to certain event
types (and in fact start out receiving nothing), which filters the set
of events they receive. Having no subscribers for a given event type
means it won't even be emitted in the first place, making things more
efficient.
2021-11-22 14:39:38 +00:00
Nick Mathewson aa83a5e38a Ensure that every section-level config type has a builder() function. 2021-11-21 10:54:34 -05:00
Nick Mathewson 5184f5ba84 Move top-level configuration downwards from `arti` to `arti-config`.
To do this at all neatly, I had to split out `tor-config` from
`arti-config` again, and putting the lower level stuff (paths,
builder errors) into tor-config.  I also changed our use of
derive_builder to always use a common error type, to avoid
error type proliferation.
2021-11-18 11:37:48 -05:00
Nick Mathewson f0dc4a973d Merge remote-tracking branch 'origin/mr/131' 2021-11-17 19:26:28 -05:00
Trinity Pointard ab8e4cb6f0 update dependencies 2021-11-17 20:17:08 +01:00