e06fc04b0b
llcrypto: Explain what we need the ed25519->x25519 conversion for.
2023-06-27 19:23:42 +01:00
fa6290c0cc
llcrypto: Document how convert_ed25519_to_curve25519_private computes the key.
2023-06-27 19:23:42 +01:00
7ecb2221a0
llcrypto: Add note about bumping x25519-dalek and clamping.
...
This adds a TODO explaining how convert_ed25519_to_curve25519_private
will need to be audited when we upgrade to the latest x25519-dalek.
This also adds a `debug_assertions` and a test that ensures
`StaticSecret::from` is clamping the input (when we bump x25519-dalek,
the assertions will fail, as the latest version doesn't do clamping in
StaticSecret::from).
2023-06-27 19:23:42 +01:00
1fe15c5012
llcrypto: Document ed25519->curve25519->ed25519 conversion behaviour.
2023-06-27 19:23:42 +01:00
47606ad881
llcrypto: Implement ed25519_to_curve25519_private conversion.
...
In `ArtiNativeKeyStore`, private keys are stored in OpenSSH format.
However, `ssh-key` (the crate we use for parsing OpenSSH keys) doesn't
support x25519 keys. As a workaround, this type of key will stored
as ed25519 and converted to x25519 upon retrieval.
This commit implements the `convert_ed25519_to_curve25519_private`
conversion function (needed by `ArtiNativeKeyStore` to support x25519
keys).
Part of #900
2023-06-27 19:23:42 +01:00
58a4cc3000
llcrypto: Add missing docs for hsv3-service feature flag.
2023-06-27 19:23:42 +01:00
6dfcf40d20
keymgr: Add regression test for tor_keymgr::Error recursion bug.
2023-06-27 19:22:30 +01:00
a41c3a5c7c
keymgr: Fix infinite recursion in Error impl.
...
The `source` impl `tor_keymgr::Error` was just calling itself
recursively.
2023-06-27 19:22:30 +01:00
dd7b965199
Merge branch 'revert_to_x25519_pre1' into 'main'
...
Back down x25519-dalek to 2.0.0-pre.1 from 2.0.0-rc.2
Closes #926
See merge request tpo/core/arti!1317
2023-06-27 18:16:38 +00:00
4be2e3ce0f
Back down x25519-dalek to 2.0.0-pre.1 from 2.0.0-rc.2
...
=========================
Notes from nickm:
(This differs from pinkforest's original MR: It removes the
Cargo.lock changes and the version bump on tor-llcrypto.)
Minimal Cargo.lock changes from downgrade.
(These are exactly those changes generated by running "build" and
"test".)
There are several reasons to do this:
* It's best to bump all of our dalek dependencies at once to rc.3
or later, rather than the piecemeal approach we've been stuck
with so far.
* We don't want to do this bump right now, since there are some
tricky questions about clamping we need to figure out (see
#808 ), and we need to make sure we get them right, and we're in
a distracted this week.
* We _do_ need to move away from 2.0.0-rc.2 right now, since
it was causing a failure in `cargo install arti`, and then it
got yanked.
Thanks to pinkforest for helping us out here and explaining all of
this!
Fixes #926 .
Commit-edited-by: Nick Mathewson <nickm@torproject.org>
2023-06-27 13:55:24 -04:00
d6626acd65
Add Channel expiry info in ChanMgr docs
2023-06-27 18:24:56 +05:30
062b7e7ced
tor-hsclient: Increase some timeouts
...
1. Fix a use of 10ms that should have been TIMEOUT_SLOP.
2. Increase BODGE_YIELD by a factor of 5.
Now this test should tolerate being hung up for 125ms. I am hoping
that this will fix the CI failure
https://gitlab.torproject.org/Diziet/arti/-/jobs/302457
which fails at the line comparing circuit1 with circuit2a.
(I can't repro that locally.)
2023-06-26 17:57:33 +01:00
e5c4551993
tor-hsclient: test: Introduce some constants for timings
2023-06-26 17:57:33 +01:00
c8d1cdded7
tor-hsclient: test: Add another sleep for expiry task *start*
...
Without this, the expiry task can end up choosing a 600s timeout
starting *after we advanced the clock*.
Fixes #923
2023-06-26 17:55:10 +01:00
355e65003c
tor-hsclient: impl Debug by hand for MockCirc
...
The provided impl for Mutex is hopeless: it prints just some internal
flags and doesn't acquire the mutex for printing purposes.
At some point we might want to factor this out as a general function
on `Arc<Mutex<...>>` but not now.
2023-06-26 17:55:10 +01:00
639efe65f6
Merge branch 'send_sync_torclientbuilder' into 'main'
...
arti-client: Mark DirProviderBuilder Send+Sync;
Closes #924
See merge request tpo/core/arti!1307
2023-06-26 15:51:37 +00:00
09e4676a99
Also require that TorClientBuilder be Sync.
2023-06-26 10:58:48 -04:00
357f8ebf8d
Merge branch 'netdoc-todos-again' into 'main'
...
netdoc: Resolve nearly all remaining TODO HS items.
See merge request tpo/core/arti!1304
2023-06-26 14:55:27 +00:00
dece1bec6c
Merge branch 'upgrade-itertools' into 'main'
...
Upgrade to itertools 0.11.0
See merge request tpo/core/arti!1306
2023-06-26 14:42:02 +00:00
5f0855f3df
netdoc: remove final TODO HS
...
Although this Errorkind is not perfect, it is good enough.
2023-06-26 09:57:26 -04:00
83fbae201d
netdoc: Downgrade TODO on EncryptedHsDesc::decrypt
2023-06-26 09:57:26 -04:00
0933937567
netdoc: Remove "decrypted_with_id" as meaningless
...
Actually, never mind about adding an accessor here: this value was
set incorrectly and didn't match its documentation. As such it's
basically useless, and we might as well throw it out.
2023-06-26 09:57:26 -04:00
6313f0513e
netdoc: Remove dead_code exception; add accessors.
...
This commit removes some actual dead code and additionally adds some
minimal accessors to HsDesc to expose some of its properties. (I'm
trying to keep these minimal since it's not yet clear whether we
want to expose more detail here.)
Here we also make StoredHsDescMeta a conditional type that's only
present when the new "hs-dir" feature is enabled. Neither relays
nor clients need this: Only HsDirs will need it, when we finally
implement relays.
2023-06-26 09:57:26 -04:00
30124acbc5
arti-client: Mark DirProviderBuilder Send+Sync;
...
Doing this causes TorClientBuilder to become Send. I also add a
test to ensure that TorClientBuilder remains Send in the future.
This isn't a semver break, but only because DirProviderBuilder is
marked with `experimental-api`.
Closes #924
2023-06-26 09:49:56 -04:00
b31a253931
Merge branch 'data' into 'main'
...
tor-hsclient: Expire old IPT and HS descriptor data eventually
See merge request tpo/core/arti!1290
2023-06-26 13:45:15 +00:00
2f513fd82d
netdoc: Note new feature in itertools
2023-06-26 09:41:34 -04:00
0bffdf23a4
Upgrade to itertools 0.11.0
...
The breaking changes here do not seem to affect us.
2023-06-26 09:30:54 -04:00
8a707bef85
tor-hsclient: Split out expire_old_data function
...
As per discussion in
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1290#note_2915679
2023-06-26 13:45:57 +01:00
c653a8ce89
netdoc: change a TODO HS about a distinguisher to a NOTE.
...
(We explicitly do not care if Arti can be distinguished from C tor.)
2023-06-26 08:45:06 -04:00
69dcacd69b
netdoc: replace a test TODO with a reference to other tests
...
The tests called for here already existed.
2023-06-26 08:45:06 -04:00
f4a4c11627
proto: Remove support for receiving unauthenticated SENDMEs
...
We haven't generated these since Tor 0.3.5, which is no longer
supported on the network.
Closes #914 .
2023-06-26 08:38:24 -04:00
cccf6309d8
tor-hsclient: Add a comment about what run_housekeeping does
...
Prompted by
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1290#note_2915679
2023-06-26 13:23:41 +01:00
e588f4be72
tor-hsclient: Add a debug message about task exit
...
As per
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1290#note_2915678
2023-06-26 13:23:41 +01:00
b3b4abcf90
keymgr: Document why we need the StdError impl for tor_keymgr::Error.
2023-06-26 13:16:58 +01:00
a1dbec79bd
keymgr: Remove AsRef<dyn StdError> trait bound and unneeded impls.
...
We don't really need the `AsRef<dyn StdError>` impls if we make
`StdError` a supertrait of `KeystoreError` (and remove the `AsRef<dyn
StdError>` trait bound).
2023-06-26 13:16:58 +01:00
de0f662fb6
keymgr: Add the file path to SshKeyError context.
2023-06-26 13:16:04 +01:00
60036b3cc3
keymgr: Add the path to ArtiNativeKeystoreError Display impl.
2023-06-26 13:16:04 +01:00
85305e156f
keymgr: Replace Error with Box<dyn KeystoreError>.
...
Part of #901
2023-06-26 13:16:03 +01:00
e5e4cf65f7
tor-hsclient: Comment explaining why no launch_background_tasks
...
As per
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1290#note_2915676
2023-06-26 13:15:22 +01:00
09ae0aed4a
tor-hsclient: Say we *mustn't* do housekeeping while dormant
...
This is a change to the API docs, but not to the actual code, since
our call site is in arti-client and tied to netdir fetch,
which *doesn't* happen when dormant.
As per
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1290#note_2915677
2023-06-26 13:14:17 +01:00
4870c2e7d9
keymgr: Add helper for boxing SshKeyError.
2023-06-26 13:13:44 +01:00
74f41fd7f3
keymgr: Implement KeystoreError for SshKeyError.
2023-06-26 13:13:43 +01:00
165b1060ef
keymgr: Add some initial variants to SshKeyError.
2023-06-26 13:13:16 +01:00
a5b8291ca9
keymgr: Define an error type for the ssh module.
2023-06-26 13:13:16 +01:00
158255b827
keymgr: Define an error type for ArtiNativeKeyStore.
...
Part of #901
2023-06-26 13:13:16 +01:00
fe929d8efe
keymgr: Implement KeystoreError for Bug.
...
This also implements `AsRef<StdError>` for `Bug` to satisfy the
`KeystoreError: AsRef<dyn StdError>` trait bound.
Part of #901
2023-06-26 13:13:16 +01:00
7c023f2ec2
keymgr: Create a KeyStoreError trait for keystore errors.
...
The new `BoxedError` type will replace `tor_keymgr::Error`.
Part of #901
2023-06-26 13:13:15 +01:00
08d1155cb9
Merge branch 'stabilize-ll-crates' into 'main'
...
Remove final "experimental" status from tor-hscrypto and tor-error.
See merge request tpo/core/arti!1291
2023-06-23 21:09:11 +00:00
9e3e683e1b
arti, hsclent: remove dependencies on tor-error/experimental-api
...
The relevant ErrorKinds and macros are now stable.
2023-06-23 12:49:46 -04:00
7510f52eea
hscrypto: remove "tor-error/experimental-api" dependency
...
The ErrorKinds that we use here are now non-experimental.
2023-06-23 12:49:46 -04:00
085c45ed18
tor-error: Mark define_asref_dyn_std_error as non-experimental
...
(I see no problems with this macro. In the worst case, we deprecate
it someday.)
2023-06-23 12:49:46 -04:00
e3b13f6cd8
netdoc: fill in some test data
...
This resolves some TODO HS items now that we are confident we want
to have these actual examples in our tests.
2023-06-23 11:23:18 -04:00
6572de2677
Merge branch 'random-idx-where' into 'main'
...
random_idx_where: Fix bias
See merge request tpo/core/arti!1301
2023-06-23 14:57:39 +00:00
0fb70f646e
Merge branch 'circuit-bis' into 'main'
...
Add TODO SPEC for issues dealt with in !1299
See merge request tpo/core/arti!1303
2023-06-23 14:11:33 +00:00
56198928ee
Merge branch 'expire' into 'main'
...
tor-hsclient: Add a TODO SPEC re circuit dirtiness
See merge request tpo/core/arti!1302
2023-06-23 13:31:24 +00:00
7a8bade262
random_idx_where: Ensure uniform distribution of choice
...
Previously, this was more likely to select elements that occurred after
other elements that didn't satisfy the predicate.
2023-06-23 08:25:01 -05:00
35e6cc285b
Add more tests for random_idx_where
2023-06-23 08:24:35 -05:00
03960b5048
Merge branch 'idx' into 'main'
...
tor-circmgr: Fix random_idx_where with empty slice
Closes #918
See merge request tpo/core/arti!1296
2023-06-23 13:12:22 +00:00
7f965e465a
Merge branch 'circuit' into 'main'
...
Drop intro circuit after ack, and deal with TODOs
See merge request tpo/core/arti!1299
2023-06-23 13:09:50 +00:00
73cce4b93c
tor-hsclient: Add TODO SPEC for issues dealt with in !1299
2023-06-23 14:00:45 +01:00
f0c9e482da
tor-hsclient: Add a TODO SPEC re HS intro extend-and-reuse
2023-06-23 13:53:51 +01:00
21fb232a6c
tor-hsclient: Add a TODO SPEC re data lifetime
2023-06-23 13:49:38 +01:00
ee76d3b9ee
tor-hsclient: state tests: Test housekeeping (data expiry)
2023-06-23 13:49:38 +01:00
a54f33f77b
tor-hsclient: state tests: Promote mk_hsconn call
2023-06-23 13:49:38 +01:00
3cd7cf25b2
tor-hsclient: state tests: Introduce connect_called
...
This will allow us to track when `Data` is discarded.
2023-06-23 13:49:38 +01:00
f4057285ce
tor-hsclient: Expire old data eventually
...
Otherwise we'll fill up our RAM with junk.
2023-06-23 13:49:38 +01:00
163ee44902
tor-hsclient: Add a TODO SPEC re circuit dirtiness
2023-06-23 13:46:40 +01:00
48d839e1b5
Merge branch 'data2' into 'main'
...
tor-hsclient: Expire old IPT data
See merge request tpo/core/arti!1295
2023-06-23 12:06:09 +00:00
a6ca13d056
tor-hsclient: Discuss HS descriptor expiry and revision counters
...
And delete the corresponding TODO.
2023-06-23 12:52:59 +01:00
5ae0c581bc
Merge commit '3105f99a'.
...
(This is !1294 , minus a redundant merge.)
2023-06-23 07:51:00 -04:00
9938491057
tor-hsclient: Downgrade multi-ipt TODO
2023-06-23 12:43:00 +01:00
6448e56942
tor-hsclient: Downgrade rend/ipt parallelism TODOs and add links
2023-06-23 12:43:00 +01:00
546d1159a6
tor-hsclient: Downgrade ipt parallelism to a note
2023-06-23 12:43:00 +01:00
cf4659a981
tor-hsclient: Downgrade hsdir fetch parallelism to a note
2023-06-23 12:43:00 +01:00
ef85b9290e
tor-hsclient: Drop intro circuit after ack
2023-06-23 12:43:00 +01:00
6bbe1dd4ef
tor-hsclient: Discuss intro circuit extend-and-reuse
...
This is a summary of a discussion I had on IRC.
2023-06-23 12:41:29 +01:00
9a2702b58b
Merge branch 'expire' into 'main'
...
tor-hsclient: Expire circuits when they get too old
See merge request tpo/core/arti!1287
2023-06-23 10:40:19 +00:00
879c540cfa
tor-circmgr: Test random_idx_where with empty slice
...
I have verified that this test fails, as expected, when applied
without the corresponding bugfix.
2023-06-23 11:09:59 +01:00
a0f5dbc05d
tor-circmgr: random_idx_where: Don't panic on empty range
...
Fixes #918 .
2023-06-23 11:09:55 +01:00
e4ff44e760
tor-hsclient: Write a test plan for IPT state management
...
This won't be trivial. Put it in as a TODO HS rather than as part of
this fix MR.
2023-06-23 10:34:28 +01:00
14b697bcff
tor-hsclient: Expire old IPT data
...
If we don't use it for a whole, the whole of `Data` will be expired by
the new machinery in !1290 . However, we also need to expire
individual IPTs.
This bug doesn't seem to have had a relevant TODO.
2023-06-23 10:34:28 +01:00
3105f99a99
Corrected the order of imports in order to make the 'rust-checks' job complete successfully.
2023-06-23 01:25:28 +02:00
bec24f7920
Provided a fix for #831 - 'Unused import' warnings on Windows
2023-06-23 01:11:20 +02:00
8ecb4107d4
hscrypto: downgrade a comment to HSS
2023-06-22 15:37:34 -04:00
20940644ca
Merge branch 'desc-error' into 'main'
...
Clean up HsDesc error types and stabilize onion-service ErrorKinds
See merge request tpo/core/arti!1289
2023-06-22 18:56:14 +00:00
24545fd455
Merge branch 'circmgr-timeout-est' into 'main'
...
circmgr: New API to expose estimate-based timeouts.
See merge request tpo/core/arti!1281
2023-06-22 18:50:40 +00:00
f2c3b5760d
Merge branch 'move-dummy-keymgr-impl' into 'main'
...
keymgr: Move dummy keymgr impl from arti-client to tor-keymgr
See merge request tpo/core/arti!1269
2023-06-22 18:06:00 +00:00
1249d803fb
Merge branch 'proto-better-path' into 'main'
...
Better API for getting circuit paths
Closes #787
See merge request tpo/core/arti!1286
2023-06-22 17:53:23 +00:00
dcb3b06a95
circmgr: Now that Action is public, clean it up a little.
2023-06-22 13:53:14 -04:00
2b0d04a5fe
circmgr: New API to expose estimate-based timeouts.
...
This will help create good timeout values for various onion-service
operations.
2023-06-22 13:53:14 -04:00
18982e6b93
hsdescerror: Add paragraph breaks to docs.
2023-06-22 13:44:56 -04:00
90f653f582
netdoc: Use a dev-dependency on anyhow to fix a doc example
2023-06-22 13:42:40 -04:00
c78d7f63a4
Merge branch 'proto-todos' into 'main'
...
tor-proto: resolve or defer the easier TODO HS items.
See merge request tpo/core/arti!1282
2023-06-22 17:42:06 +00:00
26a8cfea6c
tor-hsclient: Add a note about circuit expiry uncertainty, ticket
2023-06-22 18:41:27 +01:00
e46d4fe66f
keymgr: Remove blank line to satisfy maint/cargo_sort.
2023-06-22 18:34:20 +01:00
bc24e7974c
keymgr: Make the dummy types non_exhaustive.
2023-06-22 18:34:20 +01:00
8bfdb69ebc
keymgr: Add a TODO regarding missing dummy impls.
2023-06-22 18:34:20 +01:00
297248cd9f
keymgr: Update outdated docs.
2023-06-22 18:34:19 +01:00
cd0cad3aa6
keymgr: Remove outdated TODOs.
2023-06-22 18:34:04 +01:00
f2d81c73ac
keymgr: Remove unnecessary dummy types.
...
We don't need dummy impls for `Error` and `Result`.
2023-06-22 18:34:04 +01:00
fbb1ad0b1e
keymgr: Move dummy implementation to tor-keymgr.
2023-06-22 18:33:43 +01:00
b83b77d83e
arti-client: Make all dummy APIs pub.
...
`dummy.rs` will be moved to `tor-keymgr`, which will export everything
from the module.
2023-06-22 18:31:28 +01:00
f293bd64f2
arti-client: Add a dummy KeyType.
2023-06-22 18:30:54 +01:00
5ce7221f06
hspool: Use let-else pattern; our MSRV permits it.
2023-06-22 13:21:36 -04:00
3ccec0b04a
tor-error: Stabilize OnionService error kinds
2023-06-22 13:17:08 -04:00
3d4181bcd4
tor-error: typo fix in a comment.
2023-06-22 13:15:50 -04:00
33bfa7c7a8
Remove onion service descriptor-related errorkinds.
...
These have been subsumed by other errorkinds, mostly
OnionServiceProtocolViolation and TorProtocolViolation.
In particular please review the change in tor-hsclient closely;
I am not sure about the new errorkinds for the error there.
2023-06-22 13:11:06 -04:00
fbdf05946c
keymgr: Remove unnecessary pub(crate).
2023-06-22 18:07:57 +01:00
273cd70021
keymgr: Define a `keymgr` feature.
...
The dummy key manager impl from `arti-client` will be moved to
`tor-keymgr` soon. This commit adds a `keymgr` feature flag to
`tor-keymgr` which will eventually be used to choose between the real
key manager API and the dummy one.
2023-06-22 18:07:57 +01:00
dbd2552178
netdoc: Introduce HsDescError
...
For higher-level HsDesc-related functions, this type indicates where
exactly an error occurred. It lets us distinguish decryption errors
from parsing errors, and attribute responsibility to the hsdir, the
onion service, or the user's lack of encryption.
This lets us remove some just-introduced complexity in
tor-hsclient.
2023-06-22 12:43:30 -04:00
fb3112fb73
tor-hsclient: Expand explanation of `last_used` (for Open)
2023-06-22 17:21:06 +01:00
7842ace4db
tor-hsclient: Make comment about circuit expiry more accurate
2023-06-22 16:16:23 +00:00
610ed2d457
Merge branch 'socks_errorkinds' into 'main'
...
Generate correct-ish socks5 errors for onion service errors.
Closes #736
See merge request tpo/core/arti!1279
2023-06-22 16:15:55 +00:00
4b7060a492
Merge branch 'notes' into 'main'
...
tor-hsclient: Delete/rewrite out-of-date commentary
See merge request tpo/core/arti!1288
2023-06-22 16:00:34 +00:00
57b1e36667
arti: Resolve TODO HS items related to extended SOCKS5 errors
...
This takes an approach discussed in #736 : Instead of trying to
distinguish INTRO/REND failures perfectly, we instead map our
existing ErrorKinds as best we can, in respect to the fact that
this distinction is not super important in practice.
Closes #736
2023-06-22 11:05:57 -04:00
967cae6ced
New ErrorKind for invalid onion addresses
...
Use this to emit HS_BAD_ADDRESS as appropriate.
2023-06-22 10:57:08 -04:00
42f16fc2ce
socksproto: Add unspecified but documented socks5 extension codes
2023-06-22 10:56:24 -04:00
1a9e5b8463
Remove ErrorKind::OnionService{Intro,Rend}Failed
...
These errors are orthogonal to our actual error kinds. See
discussion on #736 .
2023-06-22 10:56:23 -04:00
6cd56972e4
tor-hsclient: Delete/rewrite out-of-date commentary
2023-06-22 15:48:41 +01:00
7001a38c0c
tor-hsclient: linkify a URL in a doc comment
2023-06-22 15:45:13 +01:00
fe76477342
tor-hsclient: Apply broken formatting as demanded by rustfmt
2023-06-22 14:54:48 +01:00
10b54065e8
tor-hsclient: Test circuit expiry
2023-06-22 14:54:48 +01:00
3badca02c9
tor-hsclient: Expire HS circuits that we don't want to reuse
2023-06-22 14:54:00 +01:00
8a6836cf4a
proto: Resolve/downgrade some path-related "TODO HS" items
2023-06-22 09:45:47 -04:00
f80a1189a5
proto: Implement Redactable and Display for PathEntry.
2023-06-22 09:45:47 -04:00
1bb298d1e6
circmgr: Use path_ref() instead of path().
2023-06-22 09:45:47 -04:00
f2fc086594
proto: Add ClientCirc::path_ref(), deprecate path().
...
The new path_ref() method returns an Arc<Path>, which gives a much
better API for reasons discussed in the new documentation of path().
(We could just replace path() if we'd prefer, but IMO having
path_ref() here isn't so bad.)
2023-06-22 09:45:47 -04:00
b64cf3f6f0
proto: Make Path and PathEntry at least minimally useful
...
(I'm not 100% sure about having both hops() and iter(). Should I
remove one?)
2023-06-22 09:45:47 -04:00
1e1a76f7ac
proto: Expose an opaque PathEntry.
...
The new PathEntry struct wraps the old PathEntry enum, which has
been renamed to HopDetail. It's an opaque struct because we want to
be able to put new information in the enum as we think best.
2023-06-22 09:45:47 -04:00
e6735cdd9d
proto: Make Path public
...
(You can't get one yet or do much with it.)
2023-06-22 08:37:34 -04:00
8609b9f92a
proto: Remove Mutex from Path.
...
Now Path is a regular struct with no interior mutability, and we use
Arc::make_mut() for the case when we need to add a hop.
2023-06-22 08:37:18 -04:00
a35a1402ae
tor-hsclient: Introduce helper function for locking services table
2023-06-22 13:32:14 +01:00
dedda8a590
tor-hsclient: Abolish an obsolete comment
...
We don't now handle inability to store by panicking. Like the
previous comment says, such situations end up with Err in stored,
and that's handled by logging, below.
2023-06-22 13:24:16 +01:00
2d3739bfe1
proto: Move Path into a separate shared mutable structure
...
(We're about to remove the interior mutability from Path.)
2023-06-22 08:23:51 -04:00
e5aafa129b
keymgr: Downgrade 2 "TODO hs" to "TODO HSS".
2023-06-22 11:28:24 +01:00
84b2cc98d5
keymgr: Remove outdated TODO.
...
This TODO talks about a change we've decided not to implement.
2023-06-22 11:25:27 +01:00
ea99e728d2
proto: Downgrade a comment about unauthenticated SENDMEs
...
We never actually need to allow these again; see #914
2023-06-21 15:42:19 -04:00
fa9a3821a6
proto::circuit: 🤝 downgrade a "TODO HS".
2023-06-21 15:09:02 -04:00
5912509b05
proto: Put client and service hs_ntor behind individual features
...
This lets us keep the service-side hs-ntor handshake experiemental
for now.
2023-06-21 15:06:20 -04:00
cc8c3c0d7d
proto: Resolve some hs_ntor "TODO HS" comments.
2023-06-21 14:58:54 -04:00
a317476520
proto: downgrade some "TODO HS" comments to "HSS"
...
These are all related to issues that will come up for the service
side of the onion service implementation.
2023-06-21 14:52:50 -04:00
d1658a120e
Merge branch 'stderr' into 'main'
...
lints: Promote clippy::print_stderr and clippy::print_stdout
See merge request tpo/core/arti!1271
2023-06-21 16:41:10 +00:00
b8279c3421
keymgr: Fix clippy lints.
2023-06-21 17:04:03 +01:00
d8743771e8
keymgr: Remove outdated TODO.
...
This TODO was addressed in #899
2023-06-21 17:03:41 +01:00
1e1cb05d27
keymgr: Make ArtiNativeKeyStore::key_path() return a relative path.
...
This also updates `ArtiNativeKeyStore`'s `KeyStore::remove`
implementation to build the absolute path of the file being removed, by
joining `self.keystore_dir` and the relpath returned by
`ArtiNativeKeyStore::key_path()`.
This addresses #908
2023-06-21 17:03:40 +01:00
91abe17da1
keymgr: Derive Into for ArtiPath.
...
Sometimes we need the underlying String (for example to create a
PathBuf).
2023-06-21 17:01:02 +01:00
f7a93d6de9
Merge branch 'keymgr-api-consistency' into 'main'
...
keymgr: Remove Error::NotFound, update KeyMgr, KeyStore APIs.
See merge request tpo/core/arti!1280
2023-06-21 15:54:02 +00:00
8f7e86c87e
lints: Run maint/add_warning to actually apply new lints (again)
...
I prepared 161b9844d
2023-06-21 16:44:49 +01:00
ffa94d8f30
Merge branch 'keymgr-rm-cond' into 'main'
...
keymgr: Remove unnecessary condition.
See merge request tpo/core/arti!1277
2023-06-21 15:28:07 +00:00
5ca0cbdefc
Merge branch 'keymgr-remove-todo' into 'main'
...
keymgr: Remove outdated TODO.
See merge request tpo/core/arti!1278
2023-06-21 15:27:26 +00:00
8948d611bd
Merge branch 'defer-hsservice-todos' into 'main'
...
Downgrade every "TODO HS" in tor-hsservice
See merge request tpo/core/arti!1265
2023-06-21 15:13:46 +00:00
1e5004eba7
Merge branch 'hsdesc-accessors' into 'main'
...
netdoc: Use derive amplify::Getters for HsDesc accessors.
Closes #909
See merge request tpo/core/arti!1266
2023-06-21 15:11:05 +00:00
ddb81d7efd
Merge branch 'doc_link_fix' into 'main'
...
Fix a rustdoc link.
See merge request tpo/core/arti!1274
2023-06-21 15:04:54 +00:00
f633e41380
keymgr: Remove Error::NotFound, update KeyMgr, KeyStore APIs.
...
This removes the `NotFound` `tor_keymgr::Error` variant. Since `KeyMgr`
and `KeyStore` users will need to be able to distinguish between "not
found" errors and other I/O errors, this also changes the return types
of the `get()` and `remove()` functions of `KeyStore` and `KeyMgr`,
which now return `Ok(None)` instead of `Error::NotFound`.
This makes the `KeyStore` API consistent with `KeyMgr::get`, which
already has a return type of `Result<Option<K>>` (rather than
`Result<K>`).
This also prepares us for #901 , which will make key store errors
opaque. Without this change:
* we'd have to create a `struct NotFoundError;` error type. Its
`HasKind` impl would need to return a new
`ErrorKind::KeyStoreErrorNotFound` `ErrorKind` variant
* callers would have to match the `error_kind()` of the error to
figure out whether the key simply can't be found
(`ErrorKind::KeyStoreErrorNotFound`), or if something went wrong
(any other `ErrorKind`).
Given the above, I think `Result<Option<()>>` makes for a more ergonomic
API.
Part of #901
2023-06-21 16:00:30 +01:00
53a05c1e7b
Merge branch 'upgrade_21June2023' into 'main'
...
Upgrade a couple of dependencies
See merge request tpo/core/arti!1276
2023-06-21 14:23:50 +00:00
dd944bc787
Generate correct ErrorKinds for hsdesc decryption failures.
...
Part of #736
2023-06-21 10:22:42 -04:00
523eb7e5f0
keymgr: Remove outdated TODO.
...
This TODO describes something we're not planning to implement, so let's
just remove it.
2023-06-21 14:55:13 +01:00
521ba309cc
keymgr: Remove unnecessary condition.
...
We don't need to special-case `NotFound` errors because
`ssh_key::PrivateKey::from_openssh` doesn't read from disk (so it
shouldn't be returning `NotFound` errors in the first place).
Previously, this condition made sense because we were using
`ssh_key::PrivateKey::read_openssh_file` instead of
`ssh_key::PrivateKey::from_openssh`, which _does_ read from disk. This
condition should have been removed in !1263 (the refactoring where we
switched to `from_openssh`).
(Also, after #901 is implemented, we probably won't have an
`Error::NotFound` error anymore).
2023-06-21 14:42:42 +01:00
a7627341ec
Merge branch 'onionsocks' into 'main'
...
arti: return prop304 extended socks5 reply codes for onion services
See merge request tpo/core/arti!1248
2023-06-21 13:38:42 +00:00
16a07a8f63
Upgrade to memmap2 0.7
2023-06-21 09:13:55 -04:00
0505579497
Upgrade to strum 0.25.
2023-06-21 09:12:36 -04:00
056ca5c438
Remove extra 'this' in some methods
2023-06-21 18:40:18 +05:30
341cf5c690
Create chanmgr() method in TorClient
2023-06-21 18:34:24 +05:30
2d7756956e
Add and use ErrorKinds for remaining onion service errors
2023-06-21 09:01:02 -04:00
36c4112600
arti: return prop304 extended socks5 reply codes for onion services
...
We don't yet return all of them; this commit adds some todo notes
about changes we may need to our ErrorKinds.
Part of #736
2023-06-21 09:01:01 -04:00
fbb3d98fb3
arti: Abbreviate SocksStatus and ErrorKind imports and refactor.
2023-06-21 09:00:03 -04:00
f14a87e4c8
Merge branch 'todos' into 'main'
...
tor-hsclient: Dispose of easy todos and remove many allows
See merge request tpo/core/arti!1272
2023-06-21 12:53:16 +00:00
372a72e185
Fix a rustdoc link.
2023-06-21 08:45:25 -04:00
21ff8e8060
Merge branch 'chanmgr-doc-fix' into 'main'
...
Remove message 'For now, only direct channels are supported' in tor-chanmgr docs
See merge request tpo/core/arti!1273
2023-06-21 12:35:46 +00:00
107fbb05de
Merge branch 'geoip-nullity-fromstr' into 'main'
...
Followups wrt country-code robustness
See merge request tpo/core/arti!1268
2023-06-21 12:32:23 +00:00
c3384df00f
Remove message 'For now, only direct channels are supported' in tor-chanmgr docs
2023-06-21 17:29:11 +05:30
9a05fbb10d
tor-hsclient: Apply deferred clippy churn needed by fmt churn
...
rustfmt *introduced* this clippy warning.
2023-06-21 12:54:57 +01:00
fe41d2059e
tor-hsclient: Apply deferred rustfmt churn
2023-06-21 12:19:04 +01:00
60fc4ef98a
tor-hsclient: Drop most allows that are marked for removal
2023-06-21 12:19:04 +01:00
a57d3067a5
tor-hsclient: Drop a large number of unneeded imports
2023-06-21 12:19:04 +01:00
ae1f144829
tor-hsclient: Add HSID to some log messages
...
For the debug!, we can use the unredacted form. For error!, we use
Sensitive.
2023-06-21 12:19:04 +01:00
d4b7714926
tor-hsclient: Do Debug the descriptor as part of Data
...
Empirically, this does not cause the descriptor to be spat out in
normal operation. And it seems right.
2023-06-21 12:19:04 +01:00
c94a726664
tor-hsclient: Drop some temporary trace calls
...
These were added as part of a debugging #885 , and are no longer
needed.
2023-06-21 12:19:04 +01:00
8267fb4535
tor-hsclient: Drop two eprintlns in production code
2023-06-21 12:19:04 +01:00
0845694021
tor-hsclinet: Promote dead code allows to cover all tests
...
We want to remove the crate-level dead code allows. The tests are
incomplete and there are multiple todos for that.
2023-06-21 12:19:04 +01:00
63ab6fb01c
tor-hsclient: Use a formulaic TODO mark for incompleteness of tests
2023-06-21 12:19:04 +01:00
5a7ea7067d
tor-hsclinet: Add a narrow allow, pending answer to open question
...
I need to talk to HS expert(s) about when this circuit can be
torn down.
2023-06-21 12:19:04 +01:00
9a30c4afce
tor-hsclient: Remove unused Context.hs_blind_id_key
2023-06-21 12:19:04 +01:00
8f90fe619e
tor-hsclient: Add an allow for a deliberately-unused variable
2023-06-21 12:19:04 +01:00
be3433891f
tor-hsclient: Omit some unussed struct fields in patterns
...
For the arms that have a fixed retry time, or a fixed ErrorKind,
dont't bind the unused inner error.
2023-06-21 12:19:04 +01:00
161b9844da
lints: Run maint/add_warning to actually apply new lints
2023-06-21 12:15:41 +01:00
8676b27e95
geoip: Add a few more tests.
2023-06-20 16:22:21 -04:00
b0342a8ede
geoip: Explain in more detail what a CountryCode is to us.
2023-06-20 16:22:21 -04:00
f918a86c10
geoip: require that ccs actually are printable ascii.
...
(There are plenty of strings that convert into 2 bytes of UTF8
without being two ascii characters, and there are plenty of
sequences of two ascii characters that aren't printable.)
2023-06-20 16:22:21 -04:00
cf9d902320
geoip: Make ?? a little more bullet-proof
...
We want to make sure that ?? is always None, never a CountryCode.
2023-06-20 16:22:21 -04:00
db7f46265e
Merge branch 'keymgr-refactor-fs-ops' into 'main'
...
keymgr: Move FS operations out of KeyType impl
See merge request tpo/core/arti!1263
2023-06-20 18:41:33 +00:00
f41b1178c5
netdoc: downgrade two accessor-related TODOs
2023-06-20 14:02:04 -04:00
17fab6e913
netdoc: Use derive amplify::Getters for HsDesc accessors.
...
Closes #909 .
2023-06-20 14:00:41 -04:00
8d4ca94e19
Merge branch 'add-tor-geoip' into 'main'
...
tor-geoip: Add new crate with GeoIP database functionality
See merge request tpo/core/arti!1239
2023-06-20 17:59:15 +00:00
c40e064b42
keymgr: Fix clippy lints.
2023-06-20 18:54:35 +01:00
97350cfe4b
keymgr: Address clippy lints and run cargo fmt.
2023-06-20 18:54:35 +01:00
2f10b08d41
keymgr: Enforce keystore_dir properties for every key read/written from the keystore.
2023-06-20 18:54:35 +01:00
9bfd263f42
keymgr: Update function names and docs to reflect reality.
...
The functions that handle OpenSSH-formatted keys now no longer read or
write from disk. This commit updates their names and doc strings to stop
suggesting they do.
2023-06-20 18:54:35 +01:00
abdf854547
keymgr: Move FS operations out of ssh.rs
...
This moves the filesystem calls from the `ssh` module to
`ArtiNativeKeyStore`. While `ArtiNativeKeyStore` shouldn't be concerning
itself with filesystem operations either, that refactoring will be
tackled separately (see arti#899).
2023-06-20 18:54:35 +01:00
a812a486c3
Downgrade every "TODO HS" in tor-hsservice
...
These are all service-specific, and not client-specific.
2023-06-20 13:30:56 -04:00
d5632eacb2
tor-geoip: Add new crate with GeoIP database functionality
...
- This adds a new crate, `tor-geoip`, which can parse and perform
lookups in the GeoIP database C-tor already uses (generated by a
maintenance utility in the C-tor codebase).
- We embed a copy of C-tor's databases with the crate and use
`include_str!` to ship them with the binary, bloating its size
somewhat.
- This does, however, solve the problem of figuring out how to
distribute these.
- The plan is to gate this functionality behind a feature flag anyway,
so the cost should be nil unless explicitly opted into.
Part of tpo/core/onionmasq#47.
2023-06-20 16:57:58 +01:00
181638333f
keymgr: Create a temporary error type for the key types we don't support yet.
2023-06-20 16:48:36 +01:00
0c7e5d1924
keymgr: Create a separate error source for key corruption errors.
2023-06-20 16:48:36 +01:00
2fa8a4e56c
Merge branch 'update-keymgr-todo' into 'main'
...
keymgr: Change "TODO hs" to "TODO HSS".
See merge request tpo/core/arti!1264
2023-06-20 13:42:28 +00:00
c0762f76f1
keymgr: Fix broken docs.
2023-06-20 13:34:32 +01:00
84e05591c7
arti-client: Remove unnecessary #[cfgs(...)].
...
The `keymgr` module selects one of the key manager implementations
(dummy or "real") and exposes all the APIs we need, so we can remove
all of the cfgs related to the `keymgr` feature from `client.rs`.
Part of #897
2023-06-20 13:33:51 +01:00
733a559322
arti-client: Create module exposing one of the key manager APIs.
...
This moves the key manager API selection (dummy vs "real" impl) into the
`keymgr` module. The module exports the dummy API if the `keymgr`
feature is disabled, and the impl from `tor-keymgr` otherwise.
Part of #897
2023-06-20 13:33:51 +01:00
8202be3cfe
arti-client: Make some of the dummy KeyMgr impls return an error.
...
`insert` and `remove` should return an error rather than `Ok(())`, as
`Ok(())` implies the key was stored/removed, which is impossible in the
no-op implementation.
2023-06-20 13:33:51 +01:00
02c36dabd7
arti-client: Add more dummy keymgr APIs.
...
This will help us reduce the number of `#[cfgs(...)]` from `client.rs`
Part of #897
2023-06-20 13:33:51 +01:00
c7d32dbf4c
arti-client: Add a result type for the dummy keymgr impl.
...
Part of #897
2023-06-20 13:33:51 +01:00
b289c0fd15
arti-client: Add an Error type for the dummy key manager.
...
Part of #897
2023-06-20 13:33:51 +01:00
95e4021ed8
arti-client, keymgr: Introduce Mistrust settings and enforce FS permissions.
2023-06-20 13:29:10 +01:00
be5c911ac8
arti-client: Temporarily ignore key store errors.
...
We currently initialize the `ArtiNativeKeyStore` with a dummy root dir,
so when `ArtiNativeKeyStore` starts validating directories, this code
will start to fail. Let's preemptively ignore any errors coming from
`ArtiNativeKeyStore::new`. This is temporary and will be removed when we
introduce the key store config (and a real default value for the
keystore root dir).
2023-06-20 13:29:10 +01:00
e8176ac8b5
keymgr: Add TODO about separation of concerns wrt FS operations.
2023-06-20 13:29:10 +01:00
6837dbce58
keymgr: Add an error variant for fs_mistrust errors.
...
This will be useful later, when `KeyMgr` will start validating
permissions and paths.
2023-06-20 13:29:10 +01:00
01b43f7f26
keymgr: Add a FsErrorSource to Error::Fs.
...
In the future, the potential causes of an `Error::Filesystem` error will
include permission errors as well as other errors (not just
`io::Error`s).
2023-06-20 13:29:10 +01:00
f24a7d48c0
Merge branch 'circmgr-todos' into 'main'
...
Resolve several "TODO HS" comments in circmgr.
See merge request tpo/core/arti!1258
2023-06-20 12:13:24 +00:00
affa5b5e91
Merge branch 'rpcdoc' into 'main'
...
rpc: Minor docs improvements
See merge request tpo/core/arti!1260
2023-06-20 12:11:49 +00:00
602bcc3c47
Typo fixes
2023-06-20 11:47:02 +00:00
3e704a080c
rpc: Fix docs typo
2023-06-20 11:38:31 +00:00
fed726e4ff
keymgr: Defer key bundle support until "Basic Service" milestone.
...
We don't really need "key bundles" for the client keys.
2023-06-20 11:36:04 +01:00
0bb7c7f600
keymgr: Change "TODO hs" to "TODO HSS".
...
We probably don't need to support passphrases for the "Basic Client"
milestone, so let's update this TODO accordingly.
2023-06-20 11:24:03 +01:00
f55187e065
Merge branch 'arti-client' into 'main'
...
Sort out .onion handling in arti-client
See merge request tpo/core/arti!1257
2023-06-19 14:44:55 +00:00
c7fa6cb746
Merge branch 'rpc_session_mgt' into 'main'
...
More work on RPC sessions, connections, and managers
See merge request tpo/core/arti!1254
2023-06-16 18:08:58 +00:00
b9500c6f3d
Merge branch 'netdoc-todos' into 'main'
...
Resolve many TODO HS items in tor-netdoc
See merge request tpo/core/arti!1251
2023-06-16 17:31:31 +00:00
a34af0323b
Fix compilation afver last suggestion.
2023-06-16 13:24:41 -04:00
0e3dbdee8e
Apply 1 suggestion(s) to 1 file(s)
2023-06-16 17:07:25 +00:00
85a046e266
rpc: Cross-reference up from tor-rpcbase re where DispatchTable lives
2023-06-16 17:48:59 +01:00
ceaa70f41a
rpc: Expand and clarify and cross-reference lock hierarchy
2023-06-16 17:48:59 +01:00
0460a4a4d8
rpc: Document relationship between `Connection` and `RpcSession`
2023-06-16 17:48:59 +01:00
34fc77081c
hsdesc.rs: finally remove "allows".
...
The last piece here is removing some needless keygen from the
tests. This causes the test output (using the deterministic PRNG)
to change.
2023-06-16 12:24:05 -04:00
1091918525
netdoc::doc::hsdesc changes to let us downgrade/remove allows
2023-06-16 12:24:05 -04:00
f1b90fdfee
netdoc: unmark MAC_KEY_LEN as conjectural.
...
The value here is 32 bytes; I'm adding it to to the specification
as torspec!141
2023-06-16 12:24:05 -04:00
d8f7ce510c
SharedRandVal: Note that it doesn't have to be Ct.
2023-06-16 12:24:05 -04:00
984d97a38d
netdoc: remove a TODO about moving a module to where it already is.
2023-06-16 12:24:05 -04:00
6edcca7df3
netdoc: use ct_lookup for rend descriptor cookie lookup
...
(I doubt that there is a viable side channel here, but still we
might as well get in the habit of doing these things properly.)
2023-06-16 12:24:05 -04:00
2eba3d213e
llcrypto: add another warning to ct_lookup.
2023-06-16 12:24:05 -04:00
25db56777c
Lower tor-proto::util::ct::lookup to tor-llcrypto
...
This is mostly code movement; you may want to review it with
`--color-moved`.
I'm doing this so we can also use the function in netdoc for
looking up hsdesc authentication.
2023-06-16 12:24:05 -04:00
a20c3eda6e
netdoc: Downgrade an HS todo wrt HS_DESC_AUTH_TYPE
2023-06-16 12:24:05 -04:00
6fb19c00f5
netdoc: downgrade some TODO HS to TODO HSS.
...
I'm using HSS for hs-service features.
2023-06-16 12:24:05 -04:00
3c824fe302
netdoc::build remove very broken example.
...
This could never be a full rustdoc test, since rustdoc never
runs tests for private items. Even if it were a rustdoc test,
it uses a bunch of types that aren't exposed in the right places,
and it invokes nonexistent functions, and it assumes a `self`
that isn't there.
In lieu of writing a new untested test, I've added a note to refer
the developer to where they can find working example code.
2023-06-16 12:24:05 -04:00
7a617a2dbd
netdoc: Remove a TODO that we already solved.
2023-06-16 12:23:56 -04:00
072ce9182b
hsclient: note that we should check revctr.
2023-06-16 12:23:56 -04:00
c2764cf111
tor-cell: Downgrade 2 TODO-HS to TODO-HSS
2023-06-16 12:21:27 -04:00
1691c35392
circmgr: Use a slightly nicer way to pick a circuit from our pool.
...
This algorithm only looks at circuits until it finds one that
satisfies our needs. To get a random circuit, it just randomizes
the starting point within the pool.
This optimization may help if we let circuit pools grow large.
2023-06-16 12:14:49 -04:00
686d5cf209
circmgr: Make hspool size dynamic
...
Previously we'd always try to keep 8 circuits ready. That doesn't
make sense if we are super-busy. Instead, if we run out of
circuits, we double the amount that we try to keep ready, and if we
never go under 80% of our target number, we half the number we try
to keep ready.
We limit the rate of change here, to make sure that we aren't
flapping too much or shrinking too aggressively.
This algorithm is still a mite arbitrary, and will need tuning in
the future.
2023-06-16 12:11:49 -04:00
69179c5dfe
circmgr::hspool: Move the Mutex into an intermediary Inner struct
...
This will be helpful as we complexify the pool behavior a bit.
2023-06-16 11:42:38 -04:00
1c470fd483
circmgr: Remove TODOS about retrying.
...
These functions' documentation already says that they don't retry,
and hsclient appears to be where we are concentrating our retry
efforts.
2023-06-16 11:40:00 -04:00
b34ba70070
arti-client: hs: remove some now-obsolete allows
2023-06-16 16:18:02 +01:00
f877f37308
arti-client: address: Prefer to throw OnionAddressResolveRequest (fmt)
2023-06-16 16:18:02 +01:00
Gabriela Moldovan
Nick Mathewson
pinkforest
Saksham Mittal
Ian Jackson
Ian Jackson
Jim Newsome
Alexander Færøy
Andy
eta