diff options
author | Suphanat Chunhapanya <haxx.pop@gmail.com> | 2018-04-19 22:44:17 +0700 |
---|---|---|
committer | David Goulet <dgoulet@torproject.org> | 2018-09-07 13:59:22 -0400 |
commit | 63576b01663f1af0ee2b7bd29dd840d121103315 (patch) | |
tree | 25590af724a3ff615d49ba93ccadc5a230570140 /src/feature/hs/hs_client.c | |
parent | 462d4097ce8b0059591b366c0ddb21b5efe97c3c (diff) | |
download | tor-63576b01663f1af0ee2b7bd29dd840d121103315.tar.gz tor-63576b01663f1af0ee2b7bd29dd840d121103315.zip |
hs-v3: Refactor the descriptor decryption/decoding
This commit refactors the existing decryption code to make it compatible with
a new logic for when the client authorization is enabled.
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/feature/hs/hs_client.c')
-rw-r--r-- | src/feature/hs/hs_client.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 18c79e0c47..0038fdfa50 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -1181,6 +1181,19 @@ can_client_refetch_desc(const ed25519_public_key_t *identity_pk, return 0; } +/* Return the client auth in the map using the service identity public key. + * Return NULL if it does not exist in the map. */ +static hs_client_service_authorization_t * +find_client_auth(const ed25519_public_key_t *service_identity_pk) +{ + /* If the map is not allocated, we can assume that we do not have any client + * auth information. */ + if (!client_auths) { + return NULL; + } + return digest256map_get(client_auths, service_identity_pk->pubkey); +} + /* ========== */ /* Public API */ /* ========== */ @@ -1219,11 +1232,19 @@ hs_client_decode_descriptor(const char *desc_str, int ret; uint8_t subcredential[DIGEST256_LEN]; ed25519_public_key_t blinded_pubkey; + hs_client_service_authorization_t *client_auth = NULL; + curve25519_secret_key_t *client_sk = NULL; tor_assert(desc_str); tor_assert(service_identity_pk); tor_assert(desc); + /* Check if we have a client authorization for this service in the map. */ + client_auth = find_client_auth(service_identity_pk); + if (client_auth) { + client_sk = &client_auth->enc_seckey; + } + /* Create subcredential for this HS so that we can decrypt */ { uint64_t current_time_period = hs_get_time_period_num(0); @@ -1233,7 +1254,7 @@ hs_client_decode_descriptor(const char *desc_str, } /* Parse descriptor */ - ret = hs_desc_decode_descriptor(desc_str, subcredential, desc); + ret = hs_desc_decode_descriptor(desc_str, subcredential, client_sk, desc); memwipe(subcredential, 0, sizeof(subcredential)); if (ret < 0) { log_warn(LD_GENERAL, "Could not parse received descriptor as client."); |