We want each ID to have a unique form every time it is given out,
so that you can't use ID==ID to check whether Object==Object. (See
discussions leading to #848.)
We'd also like the form of object IDs to be a little annoying to
analyze, to discourage people from writing programs that depends on
their particular format. (We are reserving the right to change the
format whenever we want.)
We _don't_ want to use any cryptography here (yet), lest somebody
think that this is an actual security mechanism. (This isn't for
security; it's for encouraging developers to treat IDs as opaque.)
With that in mind, we now lightly obfuscate our generational indices
before returning them.
Per discussion referenced at #848, we want each operation that
returns a strong object ID to return a new, distinct strong ID.
Note that we no longer need to put strong and weak references in the
same arena; we can clean this code up a lot down the road.
Now we generate object IDs that we can parse. This is about to be
obsolete once we change how we generate objects and their IDs for #848,
but we may as well start from a working state.
This does the following:
- Gives every crate a `full`.
- Cause every `full` to depend on `full` from the lower-level
crates.
- Makes every feature listed _directly_ in `experimental` depend
on `__is_experimental`.
This upgrades us to 2.0.0-rc.2, which is the latest in the
not-quite-done-yet 2.0 series.
The only code change that's absolutely needed is opting into the
static_secrets feature.
By implementing `RangeBounds` for `TimerangeBound`, we get
`RangeBoundsExt` for free. This will enable `parse_decrypt_validate` to
easily compute the intersection of the `TimerangeBound`s its layers.
Signed-off-by: Gabriela Moldovan <gabi@torproject.org>
`descriptor_fetch_attempt` now returns a `TimerangeBound<HsDesc>` (and
so does `parse_descript_validate`).
Signed-off-by: Gabriela Moldovan <gabi@torproject.org>
`parse_decrypt_validate` will need to "peek" inside an encrypted
descriptor (before validating it) to extract the `TimerangeBound` of the
inner layer. This is needed to compute the intersection of the
`TimerangeBound`s of both layers.
Signed-off-by: Gabriela Moldovan <gabi@torproject.org>
This makes `descriptor_ensure` refetch the descriptor if either of its
layers (inner or outer) expires.
Signed-off-by: Gabriela Moldovan <gabi@torproject.org>
This will be used for computing the final `TimerangeBound` of a `HsDesc`
from the `TimerangeBound`s of its inner and outer layers.
Signed-off-by: Gabriela Moldovan <gabi@torproject.org>
This makes `descriptor_ensure` refetch the descriptor if it has been
cached for longer than `descriptor-lifetime` minutes.
Signed-off-by: Gabriela Moldovan <gabi@torproject.org>
Relays and onion service services/clients will both need this.
I'm marking this experimental for now; we should stabilize it before
we release onion services.
If we didn't do this, we would need to transfrom
`EncodedLinkSpec`s into a `LinkSpec::Unrecognized`, which is not
semantically right. What's more, every user of this API wants to
consume encoded link specifiers, so encoding them early saves a
little effort.
This commit adds functions to convert between LinkSpec and
EncodedLinkSpec, and refactors their read/write implementations a
bit to avoid code duplication.
Previously, we only accepted an OwnedCircTarget, which would have
kept us from getting a circuit that was aimed at a specialized
CircTarget that gave us LinkSpecs in a raw order.
This change is necessary so that we can build Extend2 messages
that have their LinkSpecs appear in a verbatim order as provided
in an INTRODUCE2 message or in a HS descriptor.
`parse_decrypt_validate` was marked as experimental because it was
unclear if the newly added `BadTimeBound` error kind belongs in
`ParseErrorKind`. However, we have since renamed `ParseErrorKind` to
`NetdocErrorKind` and decided to keep the new variant, so this API
doesn't need to be experimental anymore.
Closes arti #852
Signed-off-by: Gabriela Moldovan <gabi@torproject.org>
`ParseErrorSource` was originally meant to represent a parsing error,
this enum has since gained some variants that aren't really parsing
related (`Signature`, `CertSignature`, `UntimelyDescriptor`).
Since this error type is now used for general-purpose netdoc errors,
let's rename `ParseError{Kind, Source}` to `NetdocError{Kind, Source}`.
Signed-off-by: Gabriela Moldovan <gabi@torproject.org>
Nick Mathewson
Gabriela Moldovan
Alexander Færøy
trinity-1686a