Ian Jackson
adc180294a
tor-hsclient: impl HasKind for errors
2023-03-23 11:50:14 +00:00
Ian Jackson
2edd71a4f0
tor-hsclient: Swap errors so Bug comes last
...
This seems more consistent with the way it's done elsewhere.
2023-03-23 11:50:14 +00:00
Ian Jackson
a2f4260666
tor-hsclient: Document clone-nature of HsClientConnector
2023-03-23 11:50:14 +00:00
Nick Mathewson
19cdb239bf
Bump to the lastest versions of dirs and directories.
2023-03-22 15:15:42 -04:00
Nick Mathewson
dffaf60e4a
hspool: simplify loop and add a maximum
2023-03-22 12:35:41 -04:00
Nick Mathewson
bd80125d73
hspool: Clarify/document more TODO HS items.
2023-03-22 12:35:41 -04:00
Nick Mathewson
19a229155c
circmgr: Make a separate SupportedCircUsage for HS stuff
...
This uncovered a bug: NoUsage wasn't correct for Hs circuits because
of its behavior with channel_usage().
2023-03-22 12:35:41 -04:00
Nick Mathewson
0521aa855e
tor-proto: document deep-copy in ClientCirc::path()
2023-03-22 12:35:41 -04:00
Nick Mathewson
35967ca38d
circmgr: Declare builder() unconditionally.
...
(Still, only expose it when experimental-api is enabled.)
2023-03-22 12:35:41 -04:00
Nick Mathewson
5b3c6b6bb3
hspool: Tweak comments and add more TODOs.
2023-03-22 12:35:41 -04:00
Nick Mathewson
fcb4df8b5b
circmgr: hspool now launches circuits in the background.
...
The prediction and scheduling logic here is quite primitive;
we should probably refactor it considerably. This should be good
enough for now, though.
2023-03-22 12:35:41 -04:00
Nick Mathewson
a14214fae6
circmgr: Add an actual pool to HsCircPool.
...
We now have support for a pool of pre-build circuits that we can use
for HS-related purposes, and we take circuits from this pool as
needed.
Nothing populates or cleans the circuit pool yet.
2023-03-22 12:35:41 -04:00
Nick Mathewson
adafae8b3f
circmgr: Begin an HS circuit pool structure
...
This is now enough to launch circuits on demand. It still needs to
pre-build the first three hops, and to retry on failure.
2023-03-22 11:52:17 -04:00
Nick Mathewson
bb47d42315
proto: Stabilize ClientCirc::n_hops.
2023-03-22 11:52:17 -04:00
Nick Mathewson
dce4da55ae
circmgr: Add a usage for building the beginning of an hs circ
...
This only builds the first 3 hops. It can be extended to a fourth
hop later -- or not, depending on the circuit kind.
2023-03-22 11:52:17 -04:00
Nick Mathewson
ec8c7eec4e
circmgr: Functions to launch an unmanaged circuit.
...
We'll use this to implement the circuits used by onion circuits.
2023-03-22 11:52:11 -04:00
Ian Jackson
cc399c3a29
tor-config: Apply deferred rustfmt churn
2023-03-21 16:37:50 +00:00
Ian Jackson
c18f5c35dc
tor-config: Do minimal $ and ~ handling even without expand-paths
...
Fixes #790
2023-03-21 16:37:50 +00:00
Ian Jackson
92bc9ef790
tor-config: Make CfgPathError PartialEq but only when testing
...
So, this is not a semver addition.
2023-03-21 16:33:24 +00:00
Ian Jackson
a0b78837ad
tor-config: Fix build when expand-paths is disabled
2023-03-21 16:33:12 +00:00
Ian Jackson
42ad8d99aa
tor-config: paths, unexpanded: use infallible conversion
...
str can always be made into a PathBuf.
2023-03-21 16:08:47 +00:00
Ian Jackson
70b099fd0f
Turn two blocking TODOs in hsdesc into "TODO HS"
...
TODO HS is blocking for HS release, but not for CI.
2023-03-21 13:08:14 +00:00
Ian Jackson
d24a47c1d9
Sort out some TODOs in bdtest.rs
2023-03-21 13:08:14 +00:00
Ian Jackson
52470e4ffe
Convert blockers in arti-testing to TODOs
...
I don't think these are that bad in testing code.
2023-03-21 13:08:14 +00:00
trinity-1686a
a2f2b31751
remove unused type parameter
2023-03-18 20:43:17 +01:00
Alexander Færøy
d8f77018f7
Merge branch 'fix-ptmgr-fuzz' into 'main'
...
tor-ptmgr: Fix fuzzer compilation.
See merge request tpo/core/arti!1063
2023-03-13 19:28:29 +00:00
Nick Mathewson
d6bb8fee0b
Upgrade to bitflags 2.0
...
This version of bitflags now requires us to explicitly list the
traits that we want to derive for our bit-flags structs.
2023-03-13 08:47:14 -04:00
Nick Mathewson
2ddaaafafb
tor-ptmgr: Fix fuzzer compilation.
...
Since we made the internals of the ptmgr protocol parser
conditionally private, we need to tell Cargo to build the fuzzer
with the `experimental-api` feature so that it can access them.
2023-03-13 07:28:55 -04:00
Alexander Færøy
c3347d9821
Merge branch 'warnings_168' into 'main'
...
Resolve a couple of new lints with Rust 1.68
See merge request tpo/core/arti!1062
2023-03-10 12:40:59 +00:00
Nick Mathewson
552acbf07f
Fix a bunch of needless-conversion warnings.
...
Apparently 1.68 now warns when you call into_iter() on something
that's already an iterator. Fair enough. Let's stop doing that.
2023-03-10 07:09:50 -05:00
Nick Mathewson
bd0f595b83
Suppress a renamed-lint lint.
...
The derive_hash_xor_eq lint was renamed in 1.68, but we can't use
it under its new name, since we still need to support back to 1.60.
Instead, we suppress the warning about the lint being renamed.
2023-03-10 07:09:50 -05:00
Ian Jackson
8c7224ef36
Discuss in comment why we're not using a newtype for the Strings in Host
2023-03-09 18:09:11 +00:00
Ian Jackson
04d843d846
Classify OnionAddressResolveRequest as NotImplemented
...
We have a theory about how this ought to work, so it's noit an API
usage error - it's an unimplemented feature.
As per
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1060#note_2884757
2023-03-09 18:09:08 +00:00
Ian Jackson
5000d11ac3
Reject invalid hostnames
...
Reject them both for .onion and for "exit" hostnames
This prevents a `Host` from having an invalid hostname in it.
2023-03-09 18:09:08 +00:00
Ian Jackson
8f8df071bc
Fix reference to no-longer-contemplated Host variant
...
Reported in
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1060#note_2884755
2023-03-09 18:09:08 +00:00
Ian Jackson
8ead708512
Dummy HsId::from_str on .onion: Return Bug, rather than panicking
...
Prompted by
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1060#note_2884754
2023-03-09 18:09:08 +00:00
Ian Jackson
654f6689cf
Improve error from HsId parse of "www.B32.onion"
...
And add some clarity and todos about address errors.
2023-03-09 18:09:08 +00:00
Ian Jackson
0a618cbe84
Avoid arti_client::ErrorDetail::Address for TorAddrError::InvalidHostname
...
Provide an explicit From impl isntead.
2023-03-09 18:09:06 +00:00
Ian Jackson
2957719c86
Test HsId parse of subdomain
...
This error is not great.
2023-03-09 13:41:12 +00:00
Ian Jackson
c198a26bf7
arti-client: Parse .onion addresses and dispatch to client.rs
...
Now, a Host has a separate variant for `.onion` which is always used,
even when HS is disabled.
Currently it ends in a todo!.
2023-03-09 13:41:12 +00:00
Ian Jackson
4502528d0e
arti-client: DoThingInstructions: Make error returns consistent
...
This is more comprehensible, and will be more convenient.
2023-03-09 13:41:12 +00:00
Ian Jackson
c31bc1dafe
arti-client: Host: Use Display::fmt rather than write!
...
write! is less good because the `{}` overwrites stuff like "did the
caller ask for padding".
2023-03-09 13:41:12 +00:00
Nick Mathewson
2bf71de199
Merge branch 'tor-proto-extensions' into 'main'
...
tor-proto: send an outbound meta/control-message and expect similar messages in return.
See merge request tpo/core/arti!1051
2023-03-08 20:09:20 +00:00
Nick Mathewson
e08c229412
Merge branch 'suffix' into 'main'
...
Introduce and use ends_with_ignore_ascii_case
See merge request tpo/core/arti!1058
2023-03-08 19:36:28 +00:00
Nick Mathewson
f3b8f4f73f
tor-proto: Document limitation on send_control_message
2023-03-08 14:21:33 -05:00
Nick Mathewson
c1b45e1be4
tor-proto: Say "control message" a little more consistently
...
(I found "user request" in one place, and fixed that. I am not
currently going to try to unify "control message" and "meta message"
since both terms are misleading and we already have TODOs to try to
merge them into a third better term.)
2023-03-08 14:21:33 -05:00
Nick Mathewson
9c4bdb8d8d
tor-proto: Make send_control_message wait for the reactor.
...
This way we don't need to worry about race conditions that happen if
the caller thinks that the handler is installed before it really is.
2023-03-08 14:21:33 -05:00
Nick Mathewson
7da5d7a8d7
Serval rustdoc link fixes.
2023-03-08 14:21:33 -05:00
Nick Mathewson
fe6e7e52e3
Fix an unrelated missing cfg_attr.
2023-03-08 14:21:33 -05:00
Nick Mathewson
fc31bf4e25
tor-proto: Have send_control_message install a handler, not return a stream
2023-03-08 14:21:33 -05:00
Nick Mathewson
bc83d1e1de
tor-proto: Implement functionality to send a message and accept replies
...
This new function combines "sending a message" and "accepting
replies in a stream" into a single call, so that there is no gap
between when the message is sent and the replies are available.
There are a number of compromises here, in order to avoid API
proliferation. I've tried to contain them as best I can.
See comments for additional design discussion.
2023-03-08 14:21:33 -05:00
Nick Mathewson
094fdc0d8d
tor-proto: Change semantics of MetaCellHandler
...
Now, the MetaCellHandler is responsible for consuming the messages
it gets, and reporting status to whatever task is waiting for a
status message.
Additionally, the MetaCellHandler can decide to remain installed or
shut down the circuit after a successful message. (Previously, it
could only uninstall itself on success and kill the circuit on
failure.)
These changes will enable MetaCellHandlers to be used as the basis
for handling more kinds of message.
(There is some moved and reformatted code here; you may want to
review it with `git {diff or show} --color-moved -b`.)
2023-03-08 14:21:33 -05:00
Nick Mathewson
7108f923e0
tor-proto: Give Path a method to access final hop num.
2023-03-08 14:21:33 -05:00
Nick Mathewson
5586a29f62
tor-proto: Give circ Reactor a constructor, and make its fields private.
2023-03-08 14:21:33 -05:00
Nick Mathewson
0df1a4a704
Merge branch 'introduce2_encrypted_portion' into 'main'
...
tor-cell: Add code for the payload of an hs-ntor handshake.
See merge request tpo/core/arti!1052
2023-03-08 19:20:38 +00:00
Ian Jackson
198a95c74c
Merge branch 'host2' into 'main'
...
arti-client: Do not send resolve requests for IP addrs to exits
See merge request tpo/core/arti!1057
2023-03-08 19:10:23 +00:00
Ian Jackson
f15498bc3f
arti-client: Host: Be more explicit about what is allowed in Hostname
2023-03-08 18:48:28 +00:00
Ian Jackson
c1ae509ce6
Introduce and use ends_with_ignore_ascii_case
...
As per
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1056#note_2884428
2023-03-08 18:27:42 +00:00
Ian Jackson
939027492e
Rustfmt
2023-03-08 18:15:32 +00:00
Ian Jackson
257b761042
Abolish Host::into_string_and_port
...
When I was trying to add HS support to these layers, I found I could
add a new variant to the `Host` enum but everything would still
compile even though I hadn't written the necessary implementation!
This method is a liability: when using it, one inevitably writes such
latent bugs.
2023-03-08 18:15:32 +00:00
Ian Jackson
5df19bc888
arti-client: Do not send resolve requests for IP addrs to exits
...
Doing so doesn't seem like a good idea. It might even be some kind of
leak?
Found because I added a variant to `address::Host` for hidden
services, and noticed that the resolve code still compiled.
2023-03-08 18:15:32 +00:00
Ian Jackson
fd42ada54c
arti-client addr handling: Introduce StreamInstructions
2023-03-08 18:09:57 +00:00
Nick Mathewson
2b9506ae67
intro_payload: various doc fixes and TODOs from review.
2023-03-08 12:27:05 -05:00
Ian Jackson
6540f260b5
arti-client: Reject .onion, when we should, without allocating
...
Use new strip_suffix_ignore_ascii_case
2023-03-08 17:26:47 +00:00
Ian Jackson
8d031a7147
Use strip_suffix_ignore_ascii_case to quickly reject non-.onion HsId (fmt)
2023-03-08 17:26:47 +00:00
Ian Jackson
80b69b9900
Use strip_suffix_ignore_ascii_case to quickly reject non-.onion HsId
2023-03-08 17:26:47 +00:00
Ian Jackson
440a0eb74f
tor-basic-utils: Provide str.strip_suffix_ignore_ascii_case
...
We're going to want this for cheaply stripping ".onion" from things.
2023-03-08 17:26:47 +00:00
Nick Mathewson
5d5e8d8337
tor-cell: Be a little more pedantic about INTRODUCE cell types.
2023-03-08 09:50:11 -05:00
Nick Mathewson
028bf6d2bc
tor-cell: Better describe the parts of intro payload.
2023-03-08 09:41:22 -05:00
Ian Jackson
13b1adb55e
Merge branch 'bug779' into 'main'
...
tor-dirmgr: Don't try to mark consensus usable in a read-only store.
Closes #779
See merge request tpo/core/arti!1055
2023-03-08 14:31:37 +00:00
Ian Jackson
edc9ace4c1
Merge branch 'fuzzing_tor_bytes' into 'main'
...
tor-bytes: defend against misuse of extract_n().
See merge request tpo/core/arti!1053
2023-03-08 14:27:53 +00:00
Nick Mathewson
ac5469d0b6
tor-dirmgr: Don't try to mark consensus usable in a read-only store.
...
Doing this means that any attempt to use a read-only store would
crash as soon as it found that the consensus was usable.
It seems that this bug was introduced at some point doing all the
dirmgr refactors we did over the past year. Perhaps there should be
a test for running with a read-only store.
Fixes #779
2023-03-08 07:08:17 -05:00
Ian Jackson
034d1dfe81
Merge branch 'hsonion' into 'main'
...
Impl FromStr and Display for HsId, etc.
See merge request tpo/core/arti!1054
2023-03-07 19:27:34 +00:00
Ian Jackson
7081b73c92
Impl Redactable for HsId
2023-03-07 19:03:28 +00:00
Ian Jackson
ab8350b712
Debug HsId as the .onion; retain the hex printing as {:x}
2023-03-07 16:33:10 +00:00
Ian Jackson
641e99af98
impl Display for HsId
2023-03-07 16:32:27 +00:00
Nick Mathewson
9cc09f97a9
tor-bytes: Add take_rest and read_nested_* to fuzzer.
2023-03-06 12:39:57 -05:00
Nick Mathewson
dab21bc624
tor-bytes: defend against misuse of extract_n().
...
Previously, if somebody wrote this code, an attacker could easily
use it to cause an OOM panic:
```
let n = r.take_u64();
let items: Vec<Foo> = r.extract_n(n as usize)?;
```
The first line of defense here is not to write protocols like that:
we don't actually _have_ any 32-bit counters in our protocol
AFAICT.
The second line of defense is to pre-check `n` for reasonableness
before calling `extract_n`.
Here we add a third line of defense: whereas previously we would do
`Vec::with_capacity(n)` in `extract_n`, we now allocate an initial
capacity of `min(n, r.remaining())`. This ensures that the size of
the allocation can't exceed the remaining length of the message,
which (for our cell types at least) should prevent it from
overflowing or running OOM.
2023-03-06 12:33:10 -05:00
Nick Mathewson
1254a8b86e
tor-cell: Add code for the payload of an hs-ntor handshake.
...
(This is the encrypted information inside the INTRODUCE2 cell; it's
used by the client to tell the service where to find its rendezvous
point.)
2023-03-06 08:46:40 -05:00
Nick Mathewson
7129807843
tor-linkspec: Add a constructor for UnparsedLinkSpec
2023-03-06 08:45:05 -05:00
Dimitris Apostolou
dedae15446
Fix typos
2023-03-03 13:00:33 +02:00
Ian Jackson
e60ab8087d
Merge branch 'hs_cert_inner_validation' into 'main'
...
tor-netdoc: Validate inner certs in HsDesc
Closes #744
See merge request tpo/core/arti!1044
2023-03-02 16:45:19 +00:00
Ian Jackson
fd0d50a330
hsclient: Discuss HsClientConnector multiplicity/reuse
...
And delete the associated TODO.
2023-03-01 18:12:29 +00:00
Ian Jackson
1fc93b4215
hsclient: Remove TODOs about circular references
...
These Arcs are all "downward", referencing items from layers lower in
the stack. So they don't cause cycles.
There was going to be a cycle involving the `OnionConnector` upcall
trait, but we have just abolished that.
2023-03-01 18:12:29 +00:00
Ian Jackson
bf2c0d6ff8
hsclient: Abolish knowledge of HS circuits in circmgr
...
Abolish CircMgr::get_or_launch_onion_client and everything to support
it. We have decided that `.onion` diversion ccan't/shouldn't occur in
tor-circmgr. Probably, it should occur much higher up - arti-client
maybe - since it will sometimes need ambient authority (KS_hsc_*).
Now all knowledge of HS connections is in tor-hsclient. This
gets rid of a layering inversion and the trait needed for tor-circmgr
to do the upcall to tor-hsclient.
2023-03-01 18:12:29 +00:00
Nick Mathewson
ee666fb0b7
Merge branch 'rename_rend_message' into 'main'
...
tor-cell: Rename Rendezvous*::message to handshake_info.
See merge request tpo/core/arti!1045
2023-03-01 18:04:00 +00:00
Nick Mathewson
07b1c3a505
tor-cell: Rename Rendezvous*::message to handshake_info.
...
Follow-up from !1038
2023-03-01 12:38:27 -05:00
Ian Jackson
c23c3faecb
Merge branch 'hsconn' into 'main'
...
Implement HS state management
See merge request tpo/core/arti!1034
2023-03-01 17:23:55 +00:00
Nick Mathewson
992078ee43
Merge branch 'establish_intro_yet_once_more' into 'main'
...
Revise EstablishIntro messages so that they can generate and check their MAC and signature.
See merge request tpo/core/arti!1043
2023-03-01 17:10:49 +00:00
Ian Jackson
7230f89b32
hsclient isol_map: Use 1:1 notation in diagram to show correspondence
2023-03-01 16:39:03 +00:00
Ian Jackson
fea656d7ee
hsclient isol_map: Document invariant, fix comment, terminology
...
Use the occupied/vacant terminology that the slotmap docs use.
2023-03-01 16:39:03 +00:00
Ian Jackson
d4d02fa4e9
hsclient state: Rename rechecks (from attempts) and add clarifying docs
...
Prompted by
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1034#note_2882079
2023-03-01 16:39:03 +00:00
Ian Jackson
649d0e0d25
hsclient keys: Be more explicit about HsClientSecretKeys nullable
...
It can contain no keys; state this more prominently, and explain what
it represents. Also fix a few typos etc.
2023-03-01 16:39:03 +00:00
Ian Jackson
b2139731ac
hsclient state: Implement and test MultikeyIsolatedMap::retain
2023-03-01 16:39:03 +00:00
Ian Jackson
b6fc44aa71
hsclient state: Split off MultikeyIsolatedMap
2023-03-01 16:39:03 +00:00
Ian Jackson
90a7e82fcd
hsclient state: Move all the data fields into the table
...
As per
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1034#note_2881576
This is a singificant simplification, in fact.
2023-03-01 16:39:03 +00:00
Ian Jackson
76a2e82205
tor-llcrypto: Add a TODO re impl Redactable for HsId
2023-03-01 16:39:03 +00:00
Ian Jackson
08ede75905
hsclient: Clarify period task handle TODO
2023-03-01 16:39:03 +00:00
Ian Jackson
e6aa199da6
hsclient: Document sharing rules
...
Text largely from
https://gitlab.torproject.org/tpo/core/arti/-/merge_requests/1034#note_2881638
2023-03-01 16:39:03 +00:00
Ian Jackson
cfa33e53d5
hsclient state: rustfmt
...
Autogenerated with rustfmt; no code changes.
This tidies up the bizarre formatting.
2023-03-01 16:39:03 +00:00