adc180294a
tor-hsclient: impl HasKind for errors
2023-03-23 11:50:14 +00:00
2edd71a4f0
tor-hsclient: Swap errors so Bug comes last
...
This seems more consistent with the way it's done elsewhere.
2023-03-23 11:50:14 +00:00
a2f4260666
tor-hsclient: Document clone-nature of HsClientConnector
2023-03-23 11:50:14 +00:00
19cdb239bf
Bump to the lastest versions of dirs and directories.
2023-03-22 15:15:42 -04:00
dffaf60e4a
hspool: simplify loop and add a maximum
2023-03-22 12:35:41 -04:00
bd80125d73
hspool: Clarify/document more TODO HS items.
2023-03-22 12:35:41 -04:00
19a229155c
circmgr: Make a separate SupportedCircUsage for HS stuff
...
This uncovered a bug: NoUsage wasn't correct for Hs circuits because
of its behavior with channel_usage().
2023-03-22 12:35:41 -04:00
0521aa855e
tor-proto: document deep-copy in ClientCirc::path()
2023-03-22 12:35:41 -04:00
35967ca38d
circmgr: Declare builder() unconditionally.
...
(Still, only expose it when experimental-api is enabled.)
2023-03-22 12:35:41 -04:00
5b3c6b6bb3
hspool: Tweak comments and add more TODOs.
2023-03-22 12:35:41 -04:00
fcb4df8b5b
circmgr: hspool now launches circuits in the background.
...
The prediction and scheduling logic here is quite primitive;
we should probably refactor it considerably. This should be good
enough for now, though.
2023-03-22 12:35:41 -04:00
a14214fae6
circmgr: Add an actual pool to HsCircPool.
...
We now have support for a pool of pre-build circuits that we can use
for HS-related purposes, and we take circuits from this pool as
needed.
Nothing populates or cleans the circuit pool yet.
2023-03-22 12:35:41 -04:00
adafae8b3f
circmgr: Begin an HS circuit pool structure
...
This is now enough to launch circuits on demand. It still needs to
pre-build the first three hops, and to retry on failure.
2023-03-22 11:52:17 -04:00
bb47d42315
proto: Stabilize ClientCirc::n_hops.
2023-03-22 11:52:17 -04:00
dce4da55ae
circmgr: Add a usage for building the beginning of an hs circ
...
This only builds the first 3 hops. It can be extended to a fourth
hop later -- or not, depending on the circuit kind.
2023-03-22 11:52:17 -04:00
ec8c7eec4e
circmgr: Functions to launch an unmanaged circuit.
...
We'll use this to implement the circuits used by onion circuits.
2023-03-22 11:52:11 -04:00
cc399c3a29
tor-config: Apply deferred rustfmt churn
2023-03-21 16:37:50 +00:00
c18f5c35dc
tor-config: Do minimal $ and ~ handling even without expand-paths
...
Fixes #790
2023-03-21 16:37:50 +00:00
92bc9ef790
tor-config: Make CfgPathError PartialEq but only when testing
...
So, this is not a semver addition.
2023-03-21 16:33:24 +00:00
a0b78837ad
tor-config: Fix build when expand-paths is disabled
2023-03-21 16:33:12 +00:00
42ad8d99aa
tor-config: paths, unexpanded: use infallible conversion
...
str can always be made into a PathBuf.
2023-03-21 16:08:47 +00:00
70b099fd0f
Turn two blocking TODOs in hsdesc into "TODO HS"
...
TODO HS is blocking for HS release, but not for CI.
2023-03-21 13:08:14 +00:00
d24a47c1d9
Sort out some TODOs in bdtest.rs
2023-03-21 13:08:14 +00:00
52470e4ffe
Convert blockers in arti-testing to TODOs
...
I don't think these are that bad in testing code.
2023-03-21 13:08:14 +00:00
a2f2b31751
remove unused type parameter
2023-03-18 20:43:17 +01:00
d8f77018f7
Merge branch 'fix-ptmgr-fuzz' into 'main'
...
tor-ptmgr: Fix fuzzer compilation.
See merge request tpo/core/arti!1063
2023-03-13 19:28:29 +00:00
d6bb8fee0b
Upgrade to bitflags 2.0
...
This version of bitflags now requires us to explicitly list the
traits that we want to derive for our bit-flags structs.
2023-03-13 08:47:14 -04:00
2ddaaafafb
tor-ptmgr: Fix fuzzer compilation.
...
Since we made the internals of the ptmgr protocol parser
conditionally private, we need to tell Cargo to build the fuzzer
with the `experimental-api` feature so that it can access them.
2023-03-13 07:28:55 -04:00
c3347d9821
Merge branch 'warnings_168' into 'main'
...
Resolve a couple of new lints with Rust 1.68
See merge request tpo/core/arti!1062
2023-03-10 12:40:59 +00:00
552acbf07f
Fix a bunch of needless-conversion warnings.
...
Apparently 1.68 now warns when you call into_iter() on something
that's already an iterator. Fair enough. Let's stop doing that.
2023-03-10 07:09:50 -05:00
bd0f595b83
Suppress a renamed-lint lint.
...
The derive_hash_xor_eq lint was renamed in 1.68, but we can't use
it under its new name, since we still need to support back to 1.60.
Instead, we suppress the warning about the lint being renamed.
2023-03-10 07:09:50 -05:00
8c7224ef36
Discuss in comment why we're not using a newtype for the Strings in Host
2023-03-09 18:09:11 +00:00
04d843d846
Classify OnionAddressResolveRequest as NotImplemented
...
We have a theory about how this ought to work, so it's noit an API
usage error - it's an unimplemented feature.
As per
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1060#note_2884757
2023-03-09 18:09:08 +00:00
5000d11ac3
Reject invalid hostnames
...
Reject them both for .onion and for "exit" hostnames
This prevents a `Host` from having an invalid hostname in it.
2023-03-09 18:09:08 +00:00
8f8df071bc
Fix reference to no-longer-contemplated Host variant
...
Reported in
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1060#note_2884755
2023-03-09 18:09:08 +00:00
8ead708512
Dummy HsId::from_str on .onion: Return Bug, rather than panicking
...
Prompted by
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1060#note_2884754
2023-03-09 18:09:08 +00:00
654f6689cf
Improve error from HsId parse of "www.B32.onion"
...
And add some clarity and todos about address errors.
2023-03-09 18:09:08 +00:00
0a618cbe84
Avoid arti_client::ErrorDetail::Address for TorAddrError::InvalidHostname
...
Provide an explicit From impl isntead.
2023-03-09 18:09:06 +00:00
2957719c86
Test HsId parse of subdomain
...
This error is not great.
2023-03-09 13:41:12 +00:00
c198a26bf7
arti-client: Parse .onion addresses and dispatch to client.rs
...
Now, a Host has a separate variant for `.onion` which is always used,
even when HS is disabled.
Currently it ends in a todo!.
2023-03-09 13:41:12 +00:00
4502528d0e
arti-client: DoThingInstructions: Make error returns consistent
...
This is more comprehensible, and will be more convenient.
2023-03-09 13:41:12 +00:00
c31bc1dafe
arti-client: Host: Use Display::fmt rather than write!
...
write! is less good because the `{}` overwrites stuff like "did the
caller ask for padding".
2023-03-09 13:41:12 +00:00
2bf71de199
Merge branch 'tor-proto-extensions' into 'main'
...
tor-proto: send an outbound meta/control-message and expect similar messages in return.
See merge request tpo/core/arti!1051
2023-03-08 20:09:20 +00:00
e08c229412
Merge branch 'suffix' into 'main'
...
Introduce and use ends_with_ignore_ascii_case
See merge request tpo/core/arti!1058
2023-03-08 19:36:28 +00:00
f3b8f4f73f
tor-proto: Document limitation on send_control_message
2023-03-08 14:21:33 -05:00
c1b45e1be4
tor-proto: Say "control message" a little more consistently
...
(I found "user request" in one place, and fixed that. I am not
currently going to try to unify "control message" and "meta message"
since both terms are misleading and we already have TODOs to try to
merge them into a third better term.)
2023-03-08 14:21:33 -05:00
9c4bdb8d8d
tor-proto: Make send_control_message wait for the reactor.
...
This way we don't need to worry about race conditions that happen if
the caller thinks that the handler is installed before it really is.
2023-03-08 14:21:33 -05:00
7da5d7a8d7
Serval rustdoc link fixes.
2023-03-08 14:21:33 -05:00
fe6e7e52e3
Fix an unrelated missing cfg_attr.
2023-03-08 14:21:33 -05:00
fc31bf4e25
tor-proto: Have send_control_message install a handler, not return a stream
2023-03-08 14:21:33 -05:00
bc83d1e1de
tor-proto: Implement functionality to send a message and accept replies
...
This new function combines "sending a message" and "accepting
replies in a stream" into a single call, so that there is no gap
between when the message is sent and the replies are available.
There are a number of compromises here, in order to avoid API
proliferation. I've tried to contain them as best I can.
See comments for additional design discussion.
2023-03-08 14:21:33 -05:00
094fdc0d8d
tor-proto: Change semantics of MetaCellHandler
...
Now, the MetaCellHandler is responsible for consuming the messages
it gets, and reporting status to whatever task is waiting for a
status message.
Additionally, the MetaCellHandler can decide to remain installed or
shut down the circuit after a successful message. (Previously, it
could only uninstall itself on success and kill the circuit on
failure.)
These changes will enable MetaCellHandlers to be used as the basis
for handling more kinds of message.
(There is some moved and reformatted code here; you may want to
review it with `git {diff or show} --color-moved -b`.)
2023-03-08 14:21:33 -05:00
7108f923e0
tor-proto: Give Path a method to access final hop num.
2023-03-08 14:21:33 -05:00
5586a29f62
tor-proto: Give circ Reactor a constructor, and make its fields private.
2023-03-08 14:21:33 -05:00
0df1a4a704
Merge branch 'introduce2_encrypted_portion' into 'main'
...
tor-cell: Add code for the payload of an hs-ntor handshake.
See merge request tpo/core/arti!1052
2023-03-08 19:20:38 +00:00
198a95c74c
Merge branch 'host2' into 'main'
...
arti-client: Do not send resolve requests for IP addrs to exits
See merge request tpo/core/arti!1057
2023-03-08 19:10:23 +00:00
f15498bc3f
arti-client: Host: Be more explicit about what is allowed in Hostname
2023-03-08 18:48:28 +00:00
c1ae509ce6
Introduce and use ends_with_ignore_ascii_case
...
As per
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1056#note_2884428
2023-03-08 18:27:42 +00:00
939027492e
Rustfmt
2023-03-08 18:15:32 +00:00
257b761042
Abolish Host::into_string_and_port
...
When I was trying to add HS support to these layers, I found I could
add a new variant to the `Host` enum but everything would still
compile even though I hadn't written the necessary implementation!
This method is a liability: when using it, one inevitably writes such
latent bugs.
2023-03-08 18:15:32 +00:00
5df19bc888
arti-client: Do not send resolve requests for IP addrs to exits
...
Doing so doesn't seem like a good idea. It might even be some kind of
leak?
Found because I added a variant to `address::Host` for hidden
services, and noticed that the resolve code still compiled.
2023-03-08 18:15:32 +00:00
fd42ada54c
arti-client addr handling: Introduce StreamInstructions
2023-03-08 18:09:57 +00:00
2b9506ae67
intro_payload: various doc fixes and TODOs from review.
2023-03-08 12:27:05 -05:00
6540f260b5
arti-client: Reject .onion, when we should, without allocating
...
Use new strip_suffix_ignore_ascii_case
2023-03-08 17:26:47 +00:00
8d031a7147
Use strip_suffix_ignore_ascii_case to quickly reject non-.onion HsId (fmt)
2023-03-08 17:26:47 +00:00
80b69b9900
Use strip_suffix_ignore_ascii_case to quickly reject non-.onion HsId
2023-03-08 17:26:47 +00:00
440a0eb74f
tor-basic-utils: Provide str.strip_suffix_ignore_ascii_case
...
We're going to want this for cheaply stripping ".onion" from things.
2023-03-08 17:26:47 +00:00
5d5e8d8337
tor-cell: Be a little more pedantic about INTRODUCE cell types.
2023-03-08 09:50:11 -05:00
028bf6d2bc
tor-cell: Better describe the parts of intro payload.
2023-03-08 09:41:22 -05:00
13b1adb55e
Merge branch 'bug779' into 'main'
...
tor-dirmgr: Don't try to mark consensus usable in a read-only store.
Closes #779
See merge request tpo/core/arti!1055
2023-03-08 14:31:37 +00:00
edc9ace4c1
Merge branch 'fuzzing_tor_bytes' into 'main'
...
tor-bytes: defend against misuse of extract_n().
See merge request tpo/core/arti!1053
2023-03-08 14:27:53 +00:00
ac5469d0b6
tor-dirmgr: Don't try to mark consensus usable in a read-only store.
...
Doing this means that any attempt to use a read-only store would
crash as soon as it found that the consensus was usable.
It seems that this bug was introduced at some point doing all the
dirmgr refactors we did over the past year. Perhaps there should be
a test for running with a read-only store.
Fixes #779
2023-03-08 07:08:17 -05:00
034d1dfe81
Merge branch 'hsonion' into 'main'
...
Impl FromStr and Display for HsId, etc.
See merge request tpo/core/arti!1054
2023-03-07 19:27:34 +00:00
7081b73c92
Impl Redactable for HsId
2023-03-07 19:03:28 +00:00
ab8350b712
Debug HsId as the .onion; retain the hex printing as {:x}
2023-03-07 16:33:10 +00:00
641e99af98
impl Display for HsId
2023-03-07 16:32:27 +00:00
9cc09f97a9
tor-bytes: Add take_rest and read_nested_* to fuzzer.
2023-03-06 12:39:57 -05:00
dab21bc624
tor-bytes: defend against misuse of extract_n().
...
Previously, if somebody wrote this code, an attacker could easily
use it to cause an OOM panic:
```
let n = r.take_u64();
let items: Vec<Foo> = r.extract_n(n as usize)?;
```
The first line of defense here is not to write protocols like that:
we don't actually _have_ any 32-bit counters in our protocol
AFAICT.
The second line of defense is to pre-check `n` for reasonableness
before calling `extract_n`.
Here we add a third line of defense: whereas previously we would do
`Vec::with_capacity(n)` in `extract_n`, we now allocate an initial
capacity of `min(n, r.remaining())`. This ensures that the size of
the allocation can't exceed the remaining length of the message,
which (for our cell types at least) should prevent it from
overflowing or running OOM.
2023-03-06 12:33:10 -05:00
1254a8b86e
tor-cell: Add code for the payload of an hs-ntor handshake.
...
(This is the encrypted information inside the INTRODUCE2 cell; it's
used by the client to tell the service where to find its rendezvous
point.)
2023-03-06 08:46:40 -05:00
7129807843
tor-linkspec: Add a constructor for UnparsedLinkSpec
2023-03-06 08:45:05 -05:00
dedae15446
Fix typos
2023-03-03 13:00:33 +02:00
e60ab8087d
Merge branch 'hs_cert_inner_validation' into 'main'
...
tor-netdoc: Validate inner certs in HsDesc
Closes #744
See merge request tpo/core/arti!1044
2023-03-02 16:45:19 +00:00
fd0d50a330
hsclient: Discuss HsClientConnector multiplicity/reuse
...
And delete the associated TODO.
2023-03-01 18:12:29 +00:00
1fc93b4215
hsclient: Remove TODOs about circular references
...
These Arcs are all "downward", referencing items from layers lower in
the stack. So they don't cause cycles.
There was going to be a cycle involving the `OnionConnector` upcall
trait, but we have just abolished that.
2023-03-01 18:12:29 +00:00
bf2c0d6ff8
hsclient: Abolish knowledge of HS circuits in circmgr
...
Abolish CircMgr::get_or_launch_onion_client and everything to support
it. We have decided that `.onion` diversion ccan't/shouldn't occur in
tor-circmgr. Probably, it should occur much higher up - arti-client
maybe - since it will sometimes need ambient authority (KS_hsc_*).
Now all knowledge of HS connections is in tor-hsclient. This
gets rid of a layering inversion and the trait needed for tor-circmgr
to do the upcall to tor-hsclient.
2023-03-01 18:12:29 +00:00
ee666fb0b7
Merge branch 'rename_rend_message' into 'main'
...
tor-cell: Rename Rendezvous*::message to handshake_info.
See merge request tpo/core/arti!1045
2023-03-01 18:04:00 +00:00
07b1c3a505
tor-cell: Rename Rendezvous*::message to handshake_info.
...
Follow-up from !1038
2023-03-01 12:38:27 -05:00
c23c3faecb
Merge branch 'hsconn' into 'main'
...
Implement HS state management
See merge request tpo/core/arti!1034
2023-03-01 17:23:55 +00:00
992078ee43
Merge branch 'establish_intro_yet_once_more' into 'main'
...
Revise EstablishIntro messages so that they can generate and check their MAC and signature.
See merge request tpo/core/arti!1043
2023-03-01 17:10:49 +00:00
7230f89b32
hsclient isol_map: Use 1:1 notation in diagram to show correspondence
2023-03-01 16:39:03 +00:00
fea656d7ee
hsclient isol_map: Document invariant, fix comment, terminology
...
Use the occupied/vacant terminology that the slotmap docs use.
2023-03-01 16:39:03 +00:00
d4d02fa4e9
hsclient state: Rename rechecks (from attempts) and add clarifying docs
...
Prompted by
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1034#note_2882079
2023-03-01 16:39:03 +00:00
649d0e0d25
hsclient keys: Be more explicit about HsClientSecretKeys nullable
...
It can contain no keys; state this more prominently, and explain what
it represents. Also fix a few typos etc.
2023-03-01 16:39:03 +00:00
b2139731ac
hsclient state: Implement and test MultikeyIsolatedMap::retain
2023-03-01 16:39:03 +00:00
b6fc44aa71
hsclient state: Split off MultikeyIsolatedMap
2023-03-01 16:39:03 +00:00
90a7e82fcd
hsclient state: Move all the data fields into the table
...
As per
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1034#note_2881576
This is a singificant simplification, in fact.
2023-03-01 16:39:03 +00:00
76a2e82205
tor-llcrypto: Add a TODO re impl Redactable for HsId
2023-03-01 16:39:03 +00:00
08ede75905
hsclient: Clarify period task handle TODO
2023-03-01 16:39:03 +00:00
e6aa199da6
hsclient: Document sharing rules
...
Text largely from
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1034#note_2881638
2023-03-01 16:39:03 +00:00
cfa33e53d5
hsclient state: rustfmt
...
Autogenerated with rustfmt; no code changes.
This tidies up the bizarre formatting.
2023-03-01 16:39:03 +00:00
Ian Jackson
Nick Mathewson
trinity-1686a
Alexander Færøy
Ian Jackson
Dimitris Apostolou