Commit Graph

452 Commits

Author SHA1 Message Date
Nick Mathewson 388e0cbab5 Bump crates that have had backward compatible API changes. 2022-10-03 09:52:34 -04:00
Nick Mathewson 627a8f09bd Run cargo update in preparation for upcoming release. 2022-09-30 15:19:39 -04:00
Nick Mathewson 66ddbee1a4 Upgrade dependencies in preparation for upcoming release 2022-09-30 15:19:32 -04:00
Nick Mathewson e412d7400c Add the skeleton of a tor-ptmgr crate
When complete, this crate will handle launching and using pluggable
transports on demand.
2022-09-23 14:08:24 -04:00
Nick Mathewson 63dbc7b22d Create an API for TransportId 2022-09-23 09:55:33 -04:00
trinity-1686a edfd416ba4 enumerate platform with getresuid support 2022-09-10 14:13:26 +02:00
eta d9c140992f Merge branch 'fix-async-std' into 'main'
fix compilation error with async-std

See merge request tpo/core/arti!723
2022-09-07 17:16:28 +00:00
Nick Mathewson 86e479ae13 `TaskSchedule`: give error on `sleep*()` if last handle is dropped
This fixes an busy-loop.

When the last `TaskHandle` on a `TaskSchedule` is dropped, the
schedule is permanently canceled: whatever operation it was
scheduling should no longer be performed.  But our code was broken:
the `sleep()` and `sleep_until_wallclock()` functions don't verify
whether the handles are dropped or not.

This breakage caused an CPU-eating busy-loop in
`sleep_until_wallclock`.

With this patch, we now return a `Result<(), SleepError>` from these
functions.

Fixes #572.
2022-09-07 09:22:38 -04:00
trinity-1686a 4c543b570a fix compilation error with async-std 2022-09-06 21:32:20 +02:00
Ian Jackson 905aa29a9f Merge branch 'update-notify' into 'main'
update to notify v5.0.0

Closes #454

See merge request tpo/core/arti!679
2022-09-01 16:18:20 +00:00
Nick Mathewson 96875ea208 Bump crate versions in preparation for Arti 1.0.0 release.
Because we want to work more on ensuring that our semver stability
story is solid, we are _not_ bumping arti-client to 1.0.0 right now.

Here are the bumps we _are_ doing.  Crates with "minor" bumps have
had API breaks; crates with "patch" bumps have had new APIs added.

Note that `tor-congestion` is not bumped here: it's a new crate, and
hasn't been published before.

```
tor-basic-utils         minor
fs-mistrust             minor
tor-config              minor
tor-rtcompat            minor
tor-rtmock              minor
tor-llcrypto            patch
tor-bytes               patch
tor-linkspec            minor
tor-cell                minor
tor-proto               minor
tor-netdoc              patch
tor-netdir              minor
tor-persist             patch
tor-chanmgr             minor
tor-guardmgr            minor
tor-circmgr             minor
tor-dirmgr              minor
arti-client             minor
arti-hyper              minor
arti                    major
arti-bench              minor
arti-testing            minor
```
2022-09-01 08:59:49 -04:00
Nick Mathewson b3f989d689 Update patch-versions on crates without API changes.
Since our last round of releases, these crates have had either
trivial changes, or changes that did not affect their APIs.
Therefore we are bumping their versions, but not changing which
versions of them other crates depend on.
2022-09-01 08:45:02 -04:00
trinity-1686a e1e3f912b3 update to v5.0.0 2022-08-31 19:08:06 +02:00
Nick Mathewson 03a6338ee0 Run cargo update again, in preparation for release 2022-08-31 11:09:26 -04:00
Nick Mathewson 77cb5acceb Merge branch 'compact_home_2' into 'main'
Represent the home directory as ${HOME} or %UserProfile%

Closes #555

See merge request tpo/core/arti!700
2022-08-31 13:57:11 +00:00
Nick Mathewson 7888ca09d2 fs-mistrust: Add a `anonymize_home` extension fn for Path.
This function transforms `/home/nickm/.config` to
`${HOME}/.config/`, so that we can expose the username less in our
logs.
2022-08-31 09:38:09 -04:00
Nick Mathewson 8d6a1ea6ec Merge branch 'refactor-anyhow-arti-crate' into 'main'
Remove `anyhow` from `tor-config` crate

See merge request tpo/core/arti!707
2022-08-31 13:14:46 +00:00
Nick Mathewson f2699cb715 Run cargo update in preparation for release. 2022-08-30 20:09:19 -04:00
Nick Mathewson db50d57880 Upgrade serial_test in preparation for release. 2022-08-30 20:09:19 -04:00
Nick Mathewson 79860041fe Upgrade statrs in preparation for release. 2022-08-30 20:09:19 -04:00
Arturo Marquez 7d3d24cddf
Remove `anyhow` from `tor-config` crate 2022-08-28 18:07:53 -05:00
Nick Mathewson 2c4a176e66 Add functionality to listen for SIGHUPs. 2022-08-26 15:33:56 -04:00
Ian Jackson 56fd5ac779 Merge branch 'safelog_more' into 'main'
Apply safelog to more of the things that we log

See merge request tpo/core/arti!693
2022-08-26 13:20:00 +00:00
Ian Jackson 12476bf0d4 arti: cfg: Rename `*_port` to `*_listen` and change the type
This commit largely follows the example for resolve_alternative_specs.

The difference is that there are two fields, so we use a macro to
avoid recapitulating the field names.
2022-08-25 18:41:28 +01:00
Ian Jackson f588268128 tor-config: Provide misc::Listen 2022-08-25 18:40:14 +01:00
Ian Jackson 2fa75be660 tor-basic-utils: Provide IoErrorExt is_not_a_directory()
We're going to want this functionality, which isn't in the stable
stdlib.
2022-08-25 15:58:29 +01:00
Nick Mathewson 920f7a3f53 tor-chanmgr: don't log addresses so much.
We now log connection attempts at debug!, and mark relay target
addresses as sensitive.
2022-08-25 10:54:50 -04:00
Nick Mathewson a8b3e147fe arti_client: Refuse to build a client if we are setuid.
Arti is not designed to be a setuid-safe program.

Part of #523.
2022-08-24 15:23:24 -04:00
Ian Jackson 14c6e17797 tor-cell: PaddingNegotiate::start: take IntegerMilliseconds 2022-08-17 10:54:41 +01:00
Ian Jackson 18a6234101 channel padding: Test through most of the layers 2022-08-17 10:54:41 +01:00
Ian Jackson 50ca64218e channel padding: Send negotiation cells 2022-08-16 18:43:23 +01:00
Ian Jackson 76a1c45202 Introduce ChannelConfig
This commit is just the necessary plumbing.  The config is currently
empty.  We'll add something to it, for padding control, later.
2022-08-16 18:39:57 +01:00
Ian Jackson 2fbc196f8e tor-config: Introduce PaddingLevel
This will be used for controlling channel padding, for now.
2022-08-16 18:38:53 +01:00
Ian Jackson 806828c01c tor-proto: padding::Parameters: use impl_standard_builder
This is more standard.  It also provides the ::build() method.

This isn't a config type, and build failures ought not to happen,
so we use Bug for the error.
2022-08-16 18:37:06 +01:00
Nick Mathewson 3c1bfb4916 arti: Add support for process hardening
This is a compile-time feature with an associated configuration
flag, both enabled by default.

When it's turned on, hardening prevents the arti process from
dumping core or being attached to by low-privileged processes.
(This is a defense-in-depth measure, not an absolute way to prevent
attacks.  For more information, see
[`secmem_proc`](https://docs.rs/secmem-proc/0.1.1/secmem_proc/).)

Closes #364.
2022-08-15 12:59:56 -04:00
Nick Mathewson e74612456f Merge branch 'less_arti_surface' into 'main'
Reduce the arti crate's API surface; improve semver documentation.

Closes #522, #530, and #532

See merge request tpo/core/arti!664
2022-08-11 20:09:53 +00:00
Nick Mathewson f548a6ac55 arti: Move most public APIs behind `experimental-api`.
The remaining unconditionally public APIs are those related to our
configuration objects, and the main_main() API.

The rationale for making main_main() public is to have an actual
entry point.

The rationale for making the config APIs public is:

  1. We really do intend for others to be able to read our
     configuration files using this API.
  2. The structure of our configuration files is already part of our
     interface.

Closes #530.
2022-08-11 15:35:32 -04:00
eta 0775b6d42d tor-congestion: implement the RTT estimation algorithm from prop#324
This commit implements the round-trip-time estimation algorithm from Tor
proposal 324, validating the implementation against the test vectors
found in C tor. (Note that at the time of writing, the new test vectors
may not be committed to C tor yet, but they will be soon.)

This also adds the necessary consensus parameters to `NetParameters`.
Some of them have been renamed in order to (hopefully) make them more
understandable.
2022-08-11 15:33:50 +01:00
Nick Mathewson 36a28a8587 Merge branch 'main' into 'linkspec_refactor_v3'
# Conflicts:
#   crates/tor-netdir/semver.md
2022-08-10 14:48:57 +00:00
Nick Mathewson 19079c5a7d tor-proto: Unify the check_match code in channel and handshake
This had to become a new internal function, since at the point that
the handshake needs this code, it does not yet have a Channel to use.

This change made the error messages in the handshake code more
informative: and now they require a regex to check.  Later, we might
want to defer formatting these strings, but I don't think we need
to do it now.
2022-08-10 10:39:47 -04:00
Nick Mathewson 9b91edcb19 tor-netdir: Add a static assertion about RelayIdType::COUNT
Doing this will make sure that we fix a correctness issue in netdir that
will be caused if we add more IDs.

(Also add RelayIdType::COUNT in tor-linkspec.)
2022-08-10 10:39:47 -04:00
Nick Mathewson d60d875749 Parsing, encoding, and serde for RelayId.
The formats used here are backward-compatible with those used by C
tor and those used elsewhere in our code.  We need a way to encode
_both_ current kinds of identities as a string that tells you what
kind of ID they are.  Traditionally we have used hexadecimal,
sometimes with a $, for RSA ids, and we have used base64 for Ed25519
IDs.

We also introduce a new forward-compatible format for new identity
keys in the future.  (The new format is the key identity type, a
colon, and the id encoded as base64.)  We will use this new format
_only_ when we need to encode identities in a way where it would be
otherwise unclear what kind of key we are dealing with.
2022-08-10 10:39:36 -04:00
Nick Mathewson 9d4729a072 Add a set of Identity-related types and accessors.
I wonder if these types are correct.  I think it makes sense to have
a Ref type like this, rather than just using `&RelayId`, but it
doesn't seems that I can make `RelayId` and `RelayIdRef` implement
Borrow and ToOwned for one another, so maybe I've messed up.
2022-08-10 10:39:36 -04:00
Ian Jackson 33e0d67018 Update shellexpand, and switch to non-fork
Now we have bus>1 ownership of the crate name `shellexpand`.  I have
made a release, and retired `shellexpand-fork`.

The new shellexpand release switches to a (quite similarly) unforked
version of `dirs`.
2022-08-05 15:36:47 +01:00
Nick Mathewson be7cf7a24b Implement serde traits on RelayIds.
This will allow RelayIds to replace IdPair in tor-guardmgr.  (The
fields are named accordingly with `serde(rename)`.)
2022-08-02 12:40:55 -04:00
Nick Mathewson f1c6447403 New SecretBuf type in tor-bytes
This Writer is a simple wrapper around `Vec<u8>` that makes sure
that its contents are cleared whenever they are dropped _or
reallocated_.

The reallocation is the important part here: without that, we risk
not zeroizing the first allocation of the buffer.
2022-08-01 15:41:22 -04:00
Nick Mathewson 514c3a8e62 Use the `zeroize` feature in several crates
Using `zeroize` here tells these crates that they should make
various structures zeroize-on-drop.

(This is not yet implemented in `aes` 0.8.1, but support has been
merged in the repository for `aes`, so it should go out in the next
release.)

No corresponding feature flag is needed to enable zeroize-on-drop
for `rsa` and `*25519-dalek` private keys.
2022-08-01 12:13:05 -04:00
Nick Mathewson 6d5af26f95 Update Cargo.lock based on version bumps. 2022-08-01 10:17:04 -04:00
Nick Mathewson a0b2795e5e Run "cargo update" in preparation for next week's release. 2022-07-27 09:27:30 -04:00
Nick Mathewson 1f79e1c49b Update arti-client to new NetDirProvider API.
This allows us to give better errors in the case where bootstrapping
succeeds at first, but fails thereafter for long enough to make our
directory expire.
2022-07-26 10:41:38 +01:00
Nick Mathewson cf02d9990c Also downgrade serde_with: Version 2.0 requires Rust 1.60 2022-07-20 11:45:19 -04:00
Nick Mathewson 3ad312320e Downgrade phf back to 0.10
It turns out that phf 0.11 depends on Rust 1.60, which is above our
MSRV.
2022-07-20 10:48:28 -04:00
Nick Mathewson 393147e55e Run "cargo update" in preparation for next week's releases. 2022-07-20 08:37:13 -04:00
Nick Mathewson 131d880c7f Upgrade to latest phf, serde_with, serial_test. 2022-07-19 16:49:44 -04:00
Nick Mathewson 052f3089ca Bump to rusqlite 0.28. 2022-07-19 16:49:44 -04:00
Ian Jackson 7acdd21750 Provide maybe_send on postage::Sender, via extension trait
We need to replace the AtomicBool for dormant mode with something that
can wake up tasks.  postage::watch is the right shape.

But we want to be able to update it but suppress no-op updates.
(There is going to be a call site where no-op updates can occur.)

In the absence of a suitable upstream method as requested here
  https://github.com/austinjones/postage-rs/issues/56
we introduce this facility via an extension trait.
2022-07-18 18:13:13 +01:00
Nick Mathewson 9d3beb34a3 Bump tor-dirmgr to version 0.5.1.
This does not require a change in any other crate, since
the change here does not affect tor-dirmgr's APIs.
2022-07-14 12:00:42 -04:00
Nick Mathewson 033a05a9af Merge branch 'generate_cert' into 'main'
Implement functionality to construct signed Ed25519 certs.

Closes #511

See merge request tpo/core/arti!611
2022-07-08 13:25:29 +00:00
eta 0537e88d80 Merge branch 'persist-error-cleanup' into 'main'
tor-persist: Big refactoring on Error type.

See merge request tpo/core/arti!614
2022-07-06 17:20:43 +00:00
Nick Mathewson 853aed6859 tor-persist: Big refactoring on Error type.
Every error now has an action (what we were trying to do), a
resource (what we were trying to do it to), and a source (what
problem we encountered).

Initially I tried to add "action" and "resource" fields to error
variants individually, but that led to a combinatorial explosion.

Part of #323.
2022-07-06 11:47:17 -04:00
Nick Mathewson 48e44b0140 Implement functionality to construct signed Ed25519 certs.
This is behind a feature flag, since it isn't needed for pure
clients: only onion services and relays need this.

I've named the object that constructs these certs
`Ed25519CertConstructor` because it doesn't follow the builder
pattern exactly: mainly because you can't get an Ed25519Cert out of
it.  _That_ part is necessary because we require that an Ed25519Cert
should only exist if the certificate was found to be well-signed
with the right public key.

Closes #511.
2022-07-06 11:11:04 -04:00
Ian Jackson 6878e3a2d4 Merge branch 'update-rsa-v2' into 'main'
Update `rsa` dependency (and use `x25519-dalek` prerelease)

Closes #448

See merge request tpo/core/arti!612
2022-07-06 14:42:26 +00:00
eta c2e2da5dc3 Update `rsa` dependency (and use `x25519-dalek` prerelease)
- arti#448 and arti!607 highlight an issue with upgrading `rsa`: namely,
  the `x25519-dalek` version previously used has a hard dependency on
  `zeroize` 1.3, which creates a dependency conflict.
- However, `x25519-dalek` version `2.0.0-pre.1` relaxes this dependency.
  Reviewing the changelogs, it doesn't look like that version is
  substantially different from the current one at all, so it should be
  safe to use despite the "prerelease" tag.
- The new `x25519-dalek` version also bumps `rand_core`, which means we
  don't have to use the RNG compat wrapper in `tor-llcrypto` as much.

closes arti#448
2022-07-06 14:57:45 +01:00
Ian Jackson 8f63c07b5f tor-netdoc: b64 tests: add exhaustive roundtrip test 2022-07-06 12:04:23 +01:00
Ian Jackson a032137cad cargo update
This fixes a complaint from cargo audit about
  https://rustsec.org/advisories/RUSTSEC-2022-0032
in openssl.
2022-07-05 17:52:28 +01:00
Arturo Marquez af4970ec1f
Bump `base64ct` crate `1.5.0` -> `1.5.1`
This new release checks for invalid symbols in non-padded inputs
for decoding. Therefore, we can get rid of the logic implemented
in `https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/600`
2022-06-27 23:10:58 -05:00
Nick Mathewson 20435aea75 Bump crate and dependency versions.
These were done with the following commands:

```
cargo set-version -p tor-basic-utils   --bump patch
cargo set-version -p fs-mistrust       --bump minor
cargo set-version -p tor-error         --bump patch
cargo set-version -p tor-config        --bump patch
cargo set-version -p tor-units         --bump patch
cargo set-version -p tor-rtcompat      --bump minor
cargo set-version -p tor-llcrypto      --bump patch
cargo set-version -p tor-bytes         --bump minor
cargo set-version -p tor-socksproto    --bump minor
cargo set-version -p tor-cert          --bump minor
cargo set-version -p tor-cell          --bump minor
cargo set-version -p tor-proto         --bump minor
cargo set-version -p tor-netdoc        --bump patch
cargo set-version -p tor-netdir        --bump minor
cargo set-version -p tor-persist       --bump patch
cargo set-version -p tor-chanmgr       --bump minor
cargo set-version -p tor-guardmgr      --bump minor
cargo set-version -p tor-circmgr       --bump patch
cargo set-version -p tor-dirclient     --bump patch
cargo set-version -p tor-dirmgr        --bump minor
cargo set-version -p arti-client       --bump patch
cargo set-version -p arti              --bump minor
cargo set-version -p arti-bench        --bump minor
cargo set-version -p arti-testing      --bump minor
```
2022-06-24 12:00:22 -04:00
Nick Mathewson d5170d5318 Increment versions of crates with trivial changes only.
"Trivial" here includes stuff like cargo reformatting, comment
edits, error message string changes, and clippy warning changes.
Crates that depend on these do not need to increment.
2022-06-24 11:43:02 -04:00
eta ec3e1f2ada Merge branch 'error_cleanup_2' into 'main'
Error refactoring: bytes, cert, proto.

See merge request tpo/core/arti!604
2022-06-24 13:01:42 +00:00
Nick Mathewson da0e199bd3 Run cargo upgrade in preparation for release. 2022-06-24 07:55:26 -04:00
Nick Mathewson 38004a4f4d tor-proto: split and elaborate tor_bytes::Error instances
Some of these were for decoding particular objects (we now say
what kind of objects), and some were unrelated tor_cert errors that
for some reason we had shoved into a tor_bytes::Error.

There is now a separate tor_cert::CertError type, independent from
tor_cert's use of `tor_bytes::Error` for parsing errors.
2022-06-23 15:42:45 -04:00
Ian Jackson b1aab512ff Merge branch 'tor-netdoc/use-base64ct' into 'main'
Replace `base64` crate with `base64ct` crate in `tor-netdoc`

See merge request tpo/core/arti!600
2022-06-23 18:52:14 +00:00
Nick Mathewson 210f3f1587 Merge branch 'error_cleanup' into 'main'
Error cleanup, part 1

See merge request tpo/core/arti!601
2022-06-22 19:43:50 +00:00
Nick Mathewson e3e922d03f Improve error messages in tor-checkable. 2022-06-22 09:48:42 -04:00
Nick Mathewson 326ab1a7ae Editorial improvements on fs-mistrust errors
These changes make sure that the errors conform to our preferred
style, and include a description of what exactly we were doing when
something went wrong.
2022-06-22 08:03:15 -04:00
Arturo Marquez 2d92e9e218
Remove unused `base64` crate 2022-06-21 20:28:58 -05:00
Arturo Marquez 6536ca0f61
Replace `base64` crate with `base64ct` crate
Note: the `base64ct` crate rejects invalid characters when the
decoding is done on padded strings. However, the `FromStr` impl
for `B64` can have both padded **and** unpadded inputs, so all
inputs are now padded first, before decoding.
2022-06-21 20:02:33 -05:00
Ian Jackson da2e53bf76 tor-chanmgr: Change to use unwrap_void
As per discussion in
  https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/586#note_2813573
2022-06-21 19:19:28 +01:00
Ian Jackson 9779e5a2e2 channel padding: Use IntegerMilliseconds in padding::Parameters 2022-06-21 19:19:28 +01:00
Ian Jackson 7f3f426738 channel padding: Plumb settings from chanmgr 2022-06-21 19:19:22 +01:00
Ian Jackson 7135b7c4c7 channel padding: Make Parameters a pub struct with builder
chanmgr is going to want to make one of these from a NetDir.
2022-06-21 19:19:22 +01:00
Nick Mathewson d95f597323 Run cargo update in preparation for release on Friday 2022-06-21 08:54:12 -04:00
Nick Mathewson 9ae57e8bc4 Merge branch 'reachable_addrs_v2' into 'main'
Implement support for reachable_addrs

Closes #491 and #93

See merge request tpo/core/arti!583
2022-06-17 13:16:16 +00:00
Nick Mathewson fb672dc688 NetDoc: Make AddrPortPattern implement serde traits
I'm using serde_with here to just re-use the Display and FromStr
implementations, since those are what has proven easier to type in
the past.
2022-06-17 08:47:57 -04:00
Nick Mathewson 5509bd0269 Merge branch 'config-fix2' into 'main'
Use impl_standard_builder more and remove manual Default/builder impls

See merge request tpo/core/arti!594
2022-06-16 20:30:34 +00:00
Ian Jackson 61bd8b810a Merge branch 'upgrade_float_eq' into 'main'
Upgrade to float_eq 1.0.0

See merge request tpo/core/arti!591
2022-06-16 17:26:04 +00:00
Ian Jackson c5bbaf470a arti: logging config: Replace a manual Debug impl 2022-06-16 15:27:00 +01:00
Nick Mathewson c4a9c8a1c4 Merge branch 'main' into 'accel-features'
# Conflicts:
#   crates/arti-client/Cargo.toml
2022-06-16 13:24:46 +00:00
Nick Mathewson 519f7dfa88 Upgrade to float_eq 1.0.0 2022-06-16 08:39:03 -04:00
Nick Mathewson 0223c91b26 Merge branch 'high-level-features' into 'main'
Add "full" and "experimental" features to arti, arti-client, and below.

Closes #499

See merge request tpo/core/arti!584
2022-06-16 12:24:47 +00:00
Nick Mathewson 10b38a7d7c Add "accel-*" features to arti-client and arti.
These need to be optional: they improve performance by shifting to
asm implementations, which may not be everybody's idea of good practice.

These are not 'pure' features, since they select one implementation
but disable another.  Therefore they don't go in `full`.

Closes #441.
2022-06-13 10:22:24 -04:00
Nick Mathewson 3673409735 Add a feature to tor-llcrypto to enable sha-1/asm.
SHA1 is a reasonably large part of our CPU usage (sigh), and this
implementation is 20-50% faster, depending on arch.
2022-06-13 10:13:13 -04:00
Nick Mathewson d44dd6f44f Merge branch 'dormant_directory' into 'main'
Use TaskSchedule to sleep in directory bootstrapping

Closes #497

See merge request tpo/core/arti!571
2022-06-13 13:59:26 +00:00
Nick Mathewson 2129aee6cd DirMgr: Use scopeguard crate in place of ad hoc RAII substitutes 2022-06-13 08:28:41 -04:00
Nick Mathewson 8a586a40fa Add "full" and "experimental" features to arti-client and below.
The "full" feature is a catch-all for all features, _except_:

   * Those that select a particular implementation (like
     tor-llcrypto/with-openssl) or build flag (like "static")
   * Those that are experimental or unstable (like "experimental-api")
   * Those that are testing-only.
2022-06-10 15:32:21 -04:00
Nick Mathewson 4f6c4f91c9 Merge branch 'channel' into 'main'
Have channel reactor able to send channel padding

See merge request tpo/core/arti!574
2022-06-10 13:28:51 +00:00
Ian Jackson a38c86a020 Merge branch 'format-ids' into 'main'
Replace four very similar "ids in request"

See merge request tpo/core/arti!577
2022-06-10 11:21:15 +00:00
Ian Jackson 6f92bf9e86 tor-bytes: Provide nested writers 2022-06-09 17:08:56 +01:00
Ian Jackson eb7bcc963b dirclient: Replace four very similar "ids in request"
In reviewing !553 I noticed that the empty digest list error had to be
handled in two places.  I filed #492 about the duplication.

In fact it turns out to have been quadruplication.

The new code also avoids cloning the underlying objects, instead
sorting a Vec of references.
2022-06-09 15:05:32 +01:00
Ian Jackson 3f2e164bc5 tor-proto: padding: Test padding timer distribution 2022-06-08 16:04:58 +01:00
Ian Jackson 0027b2371f tor-proto: channel: Provide padding::Timer 2022-06-08 16:04:58 +01:00
Nick Mathewson 5854e4bbd9 Merge branch 'use-testing-rng' 2022-06-07 19:02:12 -04:00
Nick Mathewson cfad648e16 Merge branch 'llcrypto-openssl' into 'main'
add support for openssl backend in llcrypto

Closes #442

See merge request tpo/core/arti!550
2022-06-07 15:50:48 +00:00
Nick Mathewson aa3a81c3ba Upgrade serial_test dev-dependency to 0.7.0 2022-06-07 09:22:24 -04:00
Nick Mathewson 7f785b66c2 Upgrade float_eq dev-dependency to 1.0.0 2022-06-07 08:03:55 -04:00
Nick Mathewson df06e7b9bc Upgrade tls-api to latest versions in arti-hyper. 2022-06-07 08:01:39 -04:00
Nick Mathewson 1076f25031 Rewrite tests in tor-netdir to use testing_rng()
The randomized tests in this crate take a lot of iterations to
converge, so they default to using a deterministic PRNG seed with
few iterations and higher tolerance, and they only randomize the
tests (with more iterations and tighter tolerances) when you
explicitly opt in to randomization.

(If you specify a seed explicitly, you're doing that to reproduce a
randomized case, so we use the same behavior.)
2022-06-02 15:48:41 -04:00
Nick Mathewson 967ea67b7d Use testing_rng() in tests throughout our crates.
This only affects uses of thread_rng(), and affects them all more or
less indiscriminately.  One test does not work with
ARTI_TEST_PRNG=deterministic; the next commit will fix it.
2022-06-02 14:56:42 -04:00
Nick Mathewson 69d352a7c7 New facility for deterministic and reproducible test PRNGs.
The new `testing_rng()` function is meant as a replacement for
thread_rng() for use in unit tests.  By default, it uses a randomly
seeded RNG, but prints the seed before the test so that you can
reproduce any failures that occur.  You can override this via the
environment to use a previous seed, or by using a deterministic
seed for all your tests.

Backend for #486.
2022-06-02 14:51:51 -04:00
trinity-1686a 0f290da005 add support for openssl backend in llcrypto 2022-05-30 17:22:31 +02:00
Ian Jackson fe9fb6b6ee arti config: Check that example config is exhaustive
This is the final piece of #457.
2022-05-30 16:03:01 +01:00
Nick Mathewson b232365a75 Semantic version changes for Arti 0.4.0 release
I followed the following procedure to make these changes:

* I used maint/changed_crates to find out which crates had changed
  since 0.3.0.
* I used grep and maint/list_crates to sort those crates in
  topological (dependency) order.
* I looked through semver_status to find which crates were listed as
  having semver-relevant changes (new APIs and breaking changes).
* I scanned through the git logs of the crates with no
  semver-relevant changes listed to confirm that, indeed, they had
  no changes.  For those crates, I incremented their patch-level
  version _without_ changing the version that other crates depend on.
* I scanned through the git logs of the crates with no
  semver-relevant changes listed to confirm that, indeed, they had
  no obvious breaking changes.
* I treated all crates that depend on `arti` and/or `arti-client` as
  having breaking changes.
* I identified crates that depend on crates that have changed, even
  if they have not changed themselves, and identified them as having
  a non-breaking change.
* For all of the crates, I used `cargo set-version -p $CRATE --bump
  $STATUS` (where `STATUS` is `patch` or `minor`) to update the
  versions, and the depended-upon versions.
2022-05-27 09:01:20 -04:00
Nick Mathewson 45d21d2520 Bump versions of trivially-changed crates.
These crates had only clippy fixes that do not affect their
behavior:
        tor-bytes
        tor-cell
        tor-events
        tor-linkspec
        tor-netdir
        tor-socksproto

This crate only had the cargo-husky dependency removed, which
does not affect compatibility:
        tor-llcrypto

Since these changes have no compatibility effects, it is not
necessary to bump the versions of these crates which other crates
depend on.
2022-05-27 08:52:44 -04:00
Nick Mathewson f17c9083da Run "cargo update" in preparation for release 2022-05-27 08:30:27 -04:00
Ian Jackson 4bf87d61ca Merge branch 'config-split' into 'main'
Break TorClientConfig out of ArtiConfig and warn on unknown config keys

Closes #459 and #417

See merge request tpo/core/arti!529
2022-05-26 10:40:43 +00:00
Ian Jackson 9c88158740 tor-config: Example for load module 2022-05-24 20:14:57 +01:00
Ian Jackson 865ae13502 tor-config: Support functions for tracking ignored config keys
This turns out to need quite a complicated algorithm.
2022-05-24 20:14:57 +01:00
Nick Mathewson af54b99b40 Run "cargo update" in preparation for the next release. 2022-05-24 15:08:01 -04:00
Nick Mathewson 12f2a47fcb Write custom serde impls for Trusted{User,Group}
We support all of the following (in TOML notation):

```
user = "rose"  # by name
user = 413     # by ID
user = false   # no user
user = ":current"  # A 'special' user.

user = { name: "rose" }
user = { id: 413 }
user = { special: ":none" }
user = { special: ":current" }
```
2022-05-24 10:54:02 -04:00
Nick Mathewson 9dd7b99de1 Add serde derives for MistrustBuilder.
The Group and User (de)serialization is pretty ugly, and I can't
vouch for the correcness of MistrustBuilder.  I will seek feedback
before I proceed.
2022-05-24 10:54:02 -04:00
Nick Mathewson 330582a142 fs-mistrust: Add Group and User types.
This will help make the actual configuration more serializable,
I hope.
2022-05-24 10:54:02 -04:00
Nick Mathewson 95200383b5 fs-mistrust: make Mistrust have a corresponding Builder type.
This is an approximately minimal revision to get Builder in place;
subsequent commits will clean up the API.
2022-05-24 10:54:02 -04:00
Nick Mathewson c27b3cb701 Update to newer sanitize-filename and tinystr. 2022-05-23 16:02:50 -04:00
Ian Jackson 793782acc8 channel: Provide and use Sink::prepare_send_from
This is a general-purpose implementation of the ad-hoc approach
currently taken in (eg) crates/tor-proto/src/channel/reactor.rs,
with an API intended to defned against the more obvious mistakes.

This allows us to separate the two concerns: the channel reactor can
focus on handling channel cells and control messages and is over 2.5x
shorter.

The complexity of the manual sink implementation, and the machinery
needed to avoid having to suspend while holding an item, are dealt
with separately.  That separate implemenation now has proper
documentation.  (Tests are in the nest commit to avoid this one being
even more unwieldy.)

We use `extend` to define this as an extension trait.  A competitor is
`ext` but in my personal projects I have found `extend` slightly
better.
2022-05-23 11:28:05 +01:00
Jim Newsome d54faaf500
async-compression v0.3.12 -> v0.3.14
This is to pick up
https://github.com/Nemo157/async-compression/pull/148#issuecomment-1128862482

Fixes https://gitlab.torproject.org/tpo/core/arti/-/issues/473
2022-05-20 16:33:19 -05:00
Nick Mathewson f70ad60e65 DirMgr: Improve display for DocSource
(Also, implement Display for tor_dirclient::SourceInfo).
2022-05-16 12:42:25 -04:00
Ian Jackson 4e2bd6c798 Abolish arti-config, replacing with tombstone crate 2022-05-13 12:42:30 +01:00
Ian Jackson ef36882807 arti-config abolition: Change references to use tor_config
Generally, change the paths that mention the crate name to go via a
module-level "use".

This involves adding tor-config as a direct dependency for a few
crates.
2022-05-13 12:42:30 +01:00
Ian Jackson 9a3205aeba arti-config abolition: Add deps to tor-config
These are needed to support the code which is moving.
2022-05-13 12:41:27 +01:00
Ian Jackson 58c753429f arti-bench: Disable all fs permissions (fs-mistrust) checks
This is a benchmarking tool, and fs-mistrust doesn't like the
permissions in our CI.  The env var ARTI_FS_DISABLE_PERMISSION_CHECKS
is (of course) specific to arti.  Maybe it should be honoured here,
or this should be done via the config files.

But disabling this is fine for now.
2022-05-13 10:56:56 +01:00
Ian Jackson bb166c14da arti-example-config.toml: Re-un-comment the example settings in test 2022-05-12 14:55:39 +01:00
Ian Jackson ab3bd9d6d5 arti-config: Move cmdline to tor-config
This does not know anything about arti, only about TOML and Config.

Code motion, plus necessary import adjustments.
2022-05-11 18:23:05 +01:00
Ian Jackson c9fee15cbf ConfigurationSource: Move "usual" logic for construction 2022-05-11 15:53:03 +01:00
eta 0597c31a6f Merge branch 'dirmgr-purification-2' into 'main'
Refactor the tor-dirmgr bootstrapping code more gracefully

See merge request tpo/core/arti!488
2022-05-10 17:10:45 +00:00
eta 6fc7a864c7 Remove cargo-husky, and replace with manual instructions
A build script reaching into your .git/hooks/ and modifying them
nonconsensually was a bit of a horrifying concept, and also made it hard
to build arti with the feature disabled. Remove this crate, and replace
it with manual instructions on how to install the hooks in
CONTRIBUTING.md.
2022-05-10 13:36:49 +01:00
eta cad815e31d tor-dirmgr/state.rs: feed through additional parameters, use them
- The additional parameters passed to GetConsensusState are now passed
  through all the states, and used as well.
- WriteNetDir doesn't have a now() or config() method any more, since
  the states now get this from the runtime or the config parameters.
- This required modifying the tests to make a mocked runtime and custom
  config directly, instead of using DirRcv for this purpose.
- Additionally, because we don't have to upgrade a weak reference for
  DirState::dl_config(), that function no longer wraps its return value
  in Result.
- (A bunch of the FIXMEs from the previous commit that introduced the
  additional parameters have now been rectified as a result.)
2022-05-10 11:48:56 +01:00
Nick Mathewson 3b0336e841 netdoc: add a new type for Nicknames
Relay nicknames are always between 1 and 19 characters long, and
they're always ASCII: That means that storing them in a [u8;19] will
always be possible, and always use less resources than storing them
in a String.

Fortunately, the tinystr crate already helps us with this kind of
thing.
2022-05-09 15:59:38 -04:00
Nick Mathewson 4262e9d0ec Merge branch 'use-fs-mistrust' 2022-05-09 15:27:25 -04:00
Nick Mathewson b0f39abe32 arti: use fs-mistrust to validate configuration file locations. 2022-05-09 14:40:29 -04:00
Nick Mathewson 2938268f34 arti-client: Configure and use fs-mistrust.
This is derived from the environment, not the configuration file: We
might not want to trust the configuration file until we've decided
whether we like its permissions.
2022-05-09 14:40:29 -04:00
Nick Mathewson 7b93091f57 Bump the version of every* crate to 0.3.0
* Except for safelog and fs-mistrust, which are new.
2022-05-06 10:03:15 -04:00
Nick Mathewson 013bb26040 Merge branch 'derive-builder-fork' into 'main'
Switch to derive_builder_arti_fork

Closes #446

See merge request tpo/core/arti!490
2022-05-06 13:07:51 +00:00
Ian Jackson 030289481f Switch to derive_builder_arti_fork
For reference, the git source for this crate (and the others in its
workspace) currently lives in my personal github account (ijackson).
If this fork turns out to be long-lived and gains features and/or
users, it would be good to move it to a gitlab somewhere.

I have granted Nick crate ownership on the crates.io system.
2022-05-06 13:36:40 +01:00
Nick Mathewson 4679023c39 Apply `sensitive` in some info-level log messages.
This specifically applies the `sensitive` wrapper in the places
where we're logging target addresses at level "info" or higher.
2022-05-06 07:36:50 -04:00
Nick Mathewson 7aacc6e30c Implement a safe-logging facility.
This is a rough first-cut of an API that I think might help us with
keeping limited categories of sensitive information out of our logs.
I'll refine it based on experiences with using it.
2022-05-06 07:36:48 -04:00
Nick Mathewson 66ee39995d Run "cargo update" in preparation for a release... next week? 2022-05-04 14:17:11 -04:00
Ian Jackson 221fe63430 list_builder: Use Educe to derive Default
This allows us to use this with an item builder type which doesn't
impl Default.  (Obviously this only makes sense for items which aren't
actually builders.)
2022-05-04 17:18:05 +01:00
Ian Jackson 8ad4735d58 Add dependency on paste crate
The list accessor macro is going to want this.
2022-05-04 13:48:30 +01:00
Ian Jackson fbf5e8dcb5 Merge branch 'path' into 'main'
CfgPath overhaul

Closes #449

See merge request tpo/core/arti!478
2022-05-03 17:00:41 +00:00
Ian Jackson 2da84857a5 CfgPath: Test serialisation round-trip with a binary format
Use MessagePack.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
2022-05-03 17:42:54 +01:00