At the very least, I need FatalError to be distinct:
IptEstablisher::new ought not to fail unless everything is terrible.
Add a the Spawn variant to FatalError (that we'll need soon) and the
Bug variant (which it seems likely we might need).
This also gets rid of the crate-level Result alias.
This code has most of what we need to go from an INTRODUCE2 message
we've just received to the point where we've connected to the
rendezvous point and we're waiting for a stream of BEGIN messages.
Unfinished pieces are marked with TODO HSS.
Most of #980.
We want to change the error return types of many methods, so we need a
way to name `std::result::Result`.
We could use `StdResult`, but, actually, properly distinguishing the
kinds of errors that can occur in various contexts means we don't
actually want a single Error type for the whole crate, so
`crate::Result` is going to go away.
This commit deprecates the `EncodeError::always_bug` function with a
`From<EncodeError> for Bug` trait, which is a more semantically correct
way to perform this action.
The IPT manager is going to want to separate the IptEstablisher
struct (which contains the Drop signal) from the watch receiver.
We could add an accessor to clone the watch, but the copy in the
IptEstablisher would be redundant.
This makes new()'s signature a bit funky but it's an internal method
so I think that's fine.
This implements the part of the spec that says a node that has already
been selected for a lowered-numbered replica, shouldn't be considered
when choosing `spread` nodes for any other higher-numbered replicas.
Note: previously, the test added in this commit wouldn't have passed
(because `NetDir::hs_dirs` used to return duplicate relays under some
circumstances).
Part of #960
This makes `ring_items_at()` take an extra parameter which specifies
whether an item is acceptable or not. The newly added filtering
capabilities will be used to implement the part of the spec that says
that if a node was selected for a replica, then it shouldn't be
considered when choosing `spread` nodes for any other higher-numbered
replicas.
Previously, the `Requestable` trait assumed the body of the request
would always be empty (`http::Request<()>`). This change replaces the
hardcoded `()` body type with the `Requestable::Body` associated type
(which will allow implementors to create requests with non-empty
bodies). This will enable us to reuse the `Requestable` trait for
building `POST` requests for uploading descriptors.
`download()` is actually a general-purpose function for sending HTTP
requests on a stream. We will soon repurpose it for `POST`-ing
descriptors, so let's rename it to `send_request`.
The `KeypairData` type from [ssh-key] at some point leaked into the
keymgr API (via the `EncodableKey` trait). Instead of re-exporting just
`KeypairData`, let's re-export the entire `ssh_key` crate
(`EncodableKey` implementors would need additional types from `ssh_key`
to construct a `KeypairData` object anyway).
[ssh-key]: https://crates.io/crates/ssh-key
Previously, the Arti key store would store x25519 secret keys as ed25519
OpenSSH keys, which it would convert to x25519 upon loading (using the
conversion function added in !1297 (merged)). This approach isn't good
enough though: most people will probably want to bring their existing
x25519 keys, and in order to store those in OpenSSH format, we'd need
convert them to ed25519, which is impossible (because the secret part of
an x25519 key contains a SHA512'd secret, whereas the corresponding,
"un-expanded", ed25519 secret key contains the secret itself rather than
the SHA).
Now that `ssh-key` has support for ssh keys with [custom algorithm
names], we can store x25519 in OpenSSH format directly. This commit
changes the storage format used by the keymgr for x25519 client auth
keys (from ed25519-ssh to our own custom key type with an algorithm name
of `"x25519@torproject.org"`).
Closes#936
[custom algorithm names]: https://github.com/RustCrypto/SSH/pull/136
I had planned to make this code accept extensions of unknown type,
but for now I'm backing out of that plan: the set of extensions we
send influences the set that we're willing to receive.
Previously we were using backtrace 0.3.39, which has a [bug] that causes
it to segault in some circumstances. I experienced this bug while trying
to fix the minimal-versions build in !1508.
[bug]: https://github.com/rust-lang/backtrace-rs/issues/267
This should be enough now to establish real introduction points,
though there is still a lot of work to do. Part of #976.
This has been rebased and edited to incorporate discussions from
!1465.
These values are computed as part of the circuit extension
handshake, and are used as MAC keys to bind `ESTABLISH_INTRO`
messages to a particular circuit so that they can't be replayed.
Part of #993.
This allows us to allow passing in opaque HsMacKey objects,
rather than untyped byte slices.
Additionally, we now check both MAC and signature unconditionally,
to avoid the large timing side-channel. The small timing
side-channel of combining booleans with `&` is considered safe.
Part of #993.
This will be useful in preference to the regular Mac trait for the
places where we need to pass a Mac key around, but we don't need to
support incremental operation.
Part of arti#993, where we want to expose a MAC object without
exposing sensitive data.
This commit makes a trait function use another currently unused trait
function, thereby increasing the test coverage, as well as being
potentially more correct from a semantic point of view.
This commit introduces an `IncomingStreamState` enum, which indicates
whether the stream was accepted, discarded, or rejected, or if it is
still pending. The `is_rejected`/`is_accepted` boolean flags are no
longer needed.
Without this change, we'd need to introduce yet another boolean flag
when we implement `discard()` (for the "discarded" state).