23757d90c1
netdoc: Parse the inner layer of an onion service descriptor.
...
There are some places where I note certificates which are not
currently validated, because there is no cryptographic point in
doing so. We should either document that this is okay, or validate
the certificates anyway.
This code might benefit from refactoring to make it prettier.
2023-02-07 09:02:15 -05:00
6817f61641
netdoc: Add a workaround for C Tor's lack of mid-layer NL
...
It turns out that C Tor doesn't add a newline at the end of the
middle layer of an onion service descriptor. I've made a spec MR
(torspec!109) to document this: here, it's time to work around the
issue.
2023-02-07 09:02:15 -05:00
4be4d178fa
netdoc: Parse the middle layer of a hsdesc, and decrypt it.
2023-02-07 09:02:15 -05:00
321c8582ce
netdoc: Use correct size for descriptor encryption cookie
2023-02-07 09:02:15 -05:00
d8849f583e
netdoc: move test descriptor to a higher level test module
...
We're going to make use of it in all of our tests, so we may as well
expose it to them from hsdesc::test.
2023-02-07 09:02:15 -05:00
02fa682bc0
netdoc: implement onion service descryptor encryption
...
This is tested via a round-trip check, and via a successful
decryption of our example descriptor's outer layer.
2023-02-07 09:02:13 -05:00
6c4e9c8f1d
netdoc: Parser for outer layer of onion service descriptors.
2023-02-07 09:00:19 -05:00
d35e8a751d
netdoc: Add an example onion service descriptor to test our parsing.
...
I generated this using C tor (latest main) and a Chutney network
about a week ago.
The subcredential is:
78210A0D2C72BB7A0CAF606BCD938B9A3696894FDDDBC3B87D424753A7E3DF37
The HS_blind_id is:
43CC0D62FC6252F578705CA645A46109E265290343B1137E90189744B20B3F2D
2023-02-07 09:00:19 -05:00
0f1cfc308a
netdoc: Derive Debug and Clone on HsDesc and its kin.
2023-02-07 09:00:19 -05:00
4c0be7c568
hscrypto: Impl From<Ed25519Identity> for BlindedOnionId.
2023-02-07 09:00:19 -05:00
3ce5ee1499
hscrypto: add From/Into between RevisionCounter and u64.
2023-02-07 09:00:19 -05:00
a751eacd5b
tor-cert: document hs-related certificate types.
...
Also, explain why a few of these certificates aren't actually useful
as certificates. (This issue is also documented in torspec!110)
2023-02-07 09:00:19 -05:00
079002d283
tor-cert: Implement Timebound for Ed25519Cert
...
This allows us to run `is_valid_at` and friends on the certificate
itself, which we will use soon in hsdesc validity checks.
2023-02-07 09:00:19 -05:00
59b981ea5e
llcrypto: Implement `Into<[u8;32]>` for Ed25519Identity
2023-02-07 09:00:19 -05:00
72448b704a
llcrypto: Derive zeroize for CtByteArray.
2023-02-07 09:00:19 -05:00
ac7ea9d44d
Merge branch 'warning' into 'main'
...
tor-netdoc: Suppress a cfg-dependent dead code warning
See merge request tpo/core/arti!998
2023-02-07 12:49:18 +00:00
6f1d56d2ee
Merge branch 'linkspec' into 'main'
...
tor-linkspec: LinkSpec parsing: use read_nested_u8len
See merge request tpo/core/arti!1007
2023-02-06 16:46:34 +00:00
a0a740ffc1
tor-linkspec: LinkSpec parsing: use read_nested_u8len (fmt)
2023-02-06 16:08:32 +00:00
5997d99a7a
tor-linkspec: LinkSpec parsing: use read_nested_u8len
...
This eliminates hardcoded length values.
2023-02-06 16:08:21 +00:00
73199ebf68
netdoc: Require that unrecognized tokens be handled explicitly.
...
Now we require that, for all `SectionRules`, either the caller say
how to handle unrecognized tokens (using `.add(UNRECOGNIZED...)`),
or that they explicitly reject unrecognized tokens (using
`reject_unrecognized`()`.)
This solution uses an assert!() rather than an Error to indicate
failure. I say that's fine, since
1. This is a crate-internal API.
2. We never dynamically construct SectionRules according to
different behavior: they are always prefabricated in a fixed
code block. Thus, if we test a parser at all, we will make
sure that its SectionRules are well-formed.
I considered and explicitly rejected a solution where the builder
had to be finalized with separate methods `build_strict()` or
`build_tolerant()`: It's too easy IMO for the caller to forget what
these call means.
Prevents further recurrences of #752 .
Closes #752 .
2023-02-03 11:33:30 -05:00
13d5452e2e
netdoc: Switch SectionRules building to use a Buidler pattern.
...
No new behavior yet.
2023-02-03 11:14:00 -05:00
266c61f721
Add a rule to handle UNRECOGNIZED in AuthCert.
...
This fixes an instance of bug#752. Previously, we would reject any
AuthCert that contained an unexpected keyword. (Fortunately, this
data format does not change very often.)
2023-02-03 10:53:23 -05:00
28518b95f0
Merge branch 'typed-router-index' into 'main'
...
tor-netdir: Use typed-index-collections for router status index
See merge request tpo/core/arti!1004
2023-02-02 10:20:57 +00:00
d469aef72a
Tidy up docs about RouterStatusIdx
...
Always use "index" and not "position".
Remove wording which is otiose given the type name.
2023-02-01 19:40:17 +00:00
2dbffa1208
tor-netdir: Use typed-index-collections for router status index
2023-02-01 19:40:17 +00:00
b7e41c3981
tor-netdir: Provide ConsensusRelays extension trait (fmt)
2023-02-01 19:39:14 +00:00
4eee59ddb7
tor-netdir: Provide ConsensusRelays extension trait
...
Call it everywhere instead of the inherent method on MdConsensus.
(Verified by ad-hoc temporarily renaming MdConsensus::relays().)
2023-02-01 19:39:09 +00:00
7ad4310d6c
Merge branch 'misc' into 'main'
...
Fix a couple of minor issues
See merge request tpo/core/arti!1003
2023-02-01 19:22:02 +00:00
5bca38acc5
tor-netdoc: Suppress a cfg-dependent dead code warning
...
This is dead code when
cargo +stable clippy -p tor-netdir --all-features --all-targets
2023-02-01 18:46:54 +00:00
155b9ed581
Change two in-code references to the wrong feature name
...
As per
https://gitlab.torproject.org/tpo/core/arti/-/issues/756
I think this is going in the wrong direction, but it is better to fix
it so that the names agree for now, pending a decision on the naming.
2023-02-01 18:46:54 +00:00
8ee04ac203
Merge branch 'logs' into 'main'
...
Report causes of errors
Closes #680
See merge request tpo/core/arti!997
2023-02-01 18:19:33 +00:00
04628ca5ab
Remove semver.md files now that 1.1.1 is tagged.
2023-02-01 12:46:01 -05:00
db7183a64e
Merge branch 'version_bump' into 'main'
...
Bump crate versions in preparation for 1.1.1.
See merge request tpo/core/arti!1001
2023-02-01 16:30:28 +00:00
a2b1f20216
Bump minor version of tor-cell.
...
In !948 we renamed a couple of accessor functions, which is a
breaking change in `tor-cell`'s API.
In retrospect, perhaps we should have deprecated the old names and
added the new ones, so we wouldn't have to break the API. (This is
the only API break AFAICT since 1.1.0.)
2023-02-01 10:42:58 -05:00
7c1b6a5a81
Bump the patch version of every crate that had API additions
...
These crates had API or behavior changes that may affect downstream
crates. Fortunately, they're all version 0.x, and don't need minor
bumps for this.
2023-02-01 10:36:29 -05:00
66f594a4b6
Bump the patch-level version of crates with _minor_ changes.
...
These changes influence behavior, but not effect compatibility.
(If I messed up, and any crate except for `arti` has non-breaking
API changes, that's still fine, since they are all version
0.x.)
2023-02-01 10:23:58 -05:00
592d6bf8a3
Bump the patch version of each crate with _trivial_ changes.
...
These crates have not had changes to their behavior; as such it is
not necessary to bump their dependencies to require the new versions.
2023-02-01 10:10:36 -05:00
c42350c6bf
Move tor-proto/semver.md to tor-cell
...
It was erroneously created in the wrong place.
2023-02-01 09:50:02 -05:00
e172a0c893
Mark arti-config as "publish=false"
...
We no longer use it anywhere; there is no reason to keep publishing
updates to it.
2023-02-01 09:48:09 -05:00
be5b6195b1
CHANGELOG for arti 1.1.1
2023-02-01 09:03:57 -05:00
59e812bdbe
Merge branch 'update' into 'main'
...
Run cargo update in preparation for release tomorrow
See merge request tpo/core/arti!1000
2023-01-31 21:02:04 +00:00
970cc6cb29
Run cargo update in preparation for release tomorrow
2023-01-31 15:37:48 -05:00
b65ebb5d38
tor-netdoc: Suppress a cfg-dependent dead code warning
...
This is dead code when
cargo +stable clippy -p tor-netdir --all-features --all-targets
2023-01-31 16:17:54 +00:00
37edcd688a
Use ErrorReport - run rustfmt
...
Split off for ease of review and possible rebase.
2023-01-30 18:52:32 +00:00
e159bf57d2
Use ErrorReport for errors in error! in tor-ptmgr
2023-01-30 18:52:32 +00:00
aa7397bc0f
Use ErrorReport's .report() for two errors in error! in bridgedesc.rs
...
No functional change, just using the new idiom.
2023-01-30 18:52:32 +00:00
3a8c36e9c6
Use ErrorReport for remaining errors in error! in tor-circmgr
2023-01-30 18:52:32 +00:00
8c1830090c
Use ErrorReport for errors in error! in tor-chanmgr
2023-01-30 18:52:32 +00:00
22016f233b
Use tor_error::Report for remaining errors in error! in arti
2023-01-30 18:52:32 +00:00
49f3697b19
Apply safelog to DNS response serialisation errors, but report them
...
With safe logging disabled, print the error too.
With safe logging enabled, do not print the message or the error.
2023-01-30 18:52:32 +00:00
Nick Mathewson
Ian Jackson
Ian Jackson