summaryrefslogtreecommitdiff
path: root/src/feature/hs/hs_client.c
diff options
context:
space:
mode:
authorSuphanat Chunhapanya <haxx.pop@gmail.com>2018-04-19 22:44:17 +0700
committerDavid Goulet <dgoulet@torproject.org>2018-09-07 13:59:22 -0400
commit63576b01663f1af0ee2b7bd29dd840d121103315 (patch)
tree25590af724a3ff615d49ba93ccadc5a230570140 /src/feature/hs/hs_client.c
parent462d4097ce8b0059591b366c0ddb21b5efe97c3c (diff)
downloadtor-63576b01663f1af0ee2b7bd29dd840d121103315.tar.gz
tor-63576b01663f1af0ee2b7bd29dd840d121103315.zip
hs-v3: Refactor the descriptor decryption/decoding
This commit refactors the existing decryption code to make it compatible with a new logic for when the client authorization is enabled. Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/feature/hs/hs_client.c')
-rw-r--r--src/feature/hs/hs_client.c23
1 files changed, 22 insertions, 1 deletions
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 18c79e0c47..0038fdfa50 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -1181,6 +1181,19 @@ can_client_refetch_desc(const ed25519_public_key_t *identity_pk,
return 0;
}
+/* Return the client auth in the map using the service identity public key.
+ * Return NULL if it does not exist in the map. */
+static hs_client_service_authorization_t *
+find_client_auth(const ed25519_public_key_t *service_identity_pk)
+{
+ /* If the map is not allocated, we can assume that we do not have any client
+ * auth information. */
+ if (!client_auths) {
+ return NULL;
+ }
+ return digest256map_get(client_auths, service_identity_pk->pubkey);
+}
+
/* ========== */
/* Public API */
/* ========== */
@@ -1219,11 +1232,19 @@ hs_client_decode_descriptor(const char *desc_str,
int ret;
uint8_t subcredential[DIGEST256_LEN];
ed25519_public_key_t blinded_pubkey;
+ hs_client_service_authorization_t *client_auth = NULL;
+ curve25519_secret_key_t *client_sk = NULL;
tor_assert(desc_str);
tor_assert(service_identity_pk);
tor_assert(desc);
+ /* Check if we have a client authorization for this service in the map. */
+ client_auth = find_client_auth(service_identity_pk);
+ if (client_auth) {
+ client_sk = &client_auth->enc_seckey;
+ }
+
/* Create subcredential for this HS so that we can decrypt */
{
uint64_t current_time_period = hs_get_time_period_num(0);
@@ -1233,7 +1254,7 @@ hs_client_decode_descriptor(const char *desc_str,
}
/* Parse descriptor */
- ret = hs_desc_decode_descriptor(desc_str, subcredential, desc);
+ ret = hs_desc_decode_descriptor(desc_str, subcredential, client_sk, desc);
memwipe(subcredential, 0, sizeof(subcredential));
if (ret < 0) {
log_warn(LD_GENERAL, "Could not parse received descriptor as client.");