aboutsummaryrefslogtreecommitdiff
path: root/src/feature/hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/feature/hs')
-rw-r--r--src/feature/hs/hs_cell.c16
-rw-r--r--src/feature/hs/hs_cell.h13
-rw-r--r--src/feature/hs/hs_client.c18
-rw-r--r--src/feature/hs/hs_intropoint.c27
-rw-r--r--src/feature/hs/hs_intropoint.h15
5 files changed, 32 insertions, 57 deletions
diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c
index 597982b34e..613ffe7260 100644
--- a/src/feature/hs/hs_cell.c
+++ b/src/feature/hs/hs_cell.c
@@ -161,11 +161,12 @@ parse_introduce2_encrypted(const uint8_t *decrypted_data,
}
if (trn_cell_introduce_encrypted_get_onion_key_type(enc_cell) !=
- HS_CELL_ONION_KEY_TYPE_NTOR) {
+ TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR) {
log_info(LD_REND, "INTRODUCE2 onion key type is invalid. Got %u but "
"expected %u on circuit %u for service %s",
trn_cell_introduce_encrypted_get_onion_key_type(enc_cell),
- HS_CELL_ONION_KEY_TYPE_NTOR, TO_CIRCUIT(circ)->n_circ_id,
+ TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR,
+ TO_CIRCUIT(circ)->n_circ_id,
safe_str_client(service->onion_address));
goto err;
}
@@ -258,7 +259,7 @@ introduce1_set_encrypted_onion_key(trn_cell_introduce_encrypted_t *cell,
tor_assert(onion_pk);
/* There is only one possible key type for a non legacy cell. */
trn_cell_introduce_encrypted_set_onion_key_type(cell,
- HS_CELL_ONION_KEY_TYPE_NTOR);
+ TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR);
trn_cell_introduce_encrypted_set_onion_key_len(cell, CURVE25519_PUBKEY_LEN);
trn_cell_introduce_encrypted_setlen_onion_key(cell, CURVE25519_PUBKEY_LEN);
memcpy(trn_cell_introduce_encrypted_getarray_onion_key(cell), onion_pk,
@@ -442,7 +443,8 @@ introduce1_set_auth_key(trn_cell_introduce1_t *cell,
tor_assert(cell);
tor_assert(data);
/* There is only one possible type for a non legacy cell. */
- trn_cell_introduce1_set_auth_key_type(cell, HS_INTRO_AUTH_KEY_TYPE_ED25519);
+ trn_cell_introduce1_set_auth_key_type(cell,
+ TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519);
trn_cell_introduce1_set_auth_key_len(cell, ED25519_PUBKEY_LEN);
trn_cell_introduce1_setlen_auth_key(cell, ED25519_PUBKEY_LEN);
memcpy(trn_cell_introduce1_getarray_auth_key(cell),
@@ -515,7 +517,7 @@ hs_cell_build_establish_intro(const char *circ_nonce,
/* Set AUTH_KEY_TYPE: 2 means ed25519 */
trn_cell_establish_intro_set_auth_key_type(cell,
- HS_INTRO_AUTH_KEY_TYPE_ED25519);
+ TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519);
/* Set AUTH_KEY and AUTH_KEY_LEN field. Must also set byte-length of
* AUTH_KEY to match */
@@ -882,9 +884,9 @@ hs_cell_parse_introduce_ack(const uint8_t *payload, size_t payload_len)
* do a special case. */
if (payload_len <= 1) {
if (payload_len == 0) {
- ret = HS_CELL_INTRO_ACK_SUCCESS;
+ ret = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS;
} else {
- ret = HS_CELL_INTRO_ACK_FAILURE;
+ ret = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID;
}
goto end;
}
diff --git a/src/feature/hs/hs_cell.h b/src/feature/hs/hs_cell.h
index abdaba4fba..9569de535e 100644
--- a/src/feature/hs/hs_cell.h
+++ b/src/feature/hs/hs_cell.h
@@ -16,19 +16,6 @@
* 3.2.2 of the specification). Below this value, the cell must be padded. */
#define HS_CELL_INTRODUCE1_MIN_SIZE 246
-/* Status code of an INTRODUCE_ACK cell. */
-typedef enum {
- HS_CELL_INTRO_ACK_SUCCESS = 0x0000, /* Cell relayed to service. */
- HS_CELL_INTRO_ACK_FAILURE = 0x0001, /* Service ID not recognized */
- HS_CELL_INTRO_ACK_BADFMT = 0x0002, /* Bad message format */
- HS_CELL_INTRO_ACK_NORELAY = 0x0003, /* Can't relay cell to service */
-} hs_cell_introd_ack_status_t;
-
-/* Onion key type found in the INTRODUCE1 cell. */
-typedef enum {
- HS_CELL_ONION_KEY_TYPE_NTOR = 1,
-} hs_cell_onion_key_type_t;
-
/* This data structure contains data that we need to build an INTRODUCE1 cell
* used by the INTRODUCE1 build function. */
typedef struct hs_cell_introduce1_data_t {
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index bd43ef6132..2a5765aec2 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -47,6 +47,8 @@
* public key to hs_client_service_authorization_t *. */
static digest256map_t *client_auths = NULL;
+#include "trunnel/hs/cell_introduce1.h"
+
/* Return a human-readable string for the client fetch status code. */
static const char *
fetch_status_to_string(hs_client_fetch_status_t status)
@@ -1067,23 +1069,21 @@ handle_introduce_ack(origin_circuit_t *circ, const uint8_t *payload,
status = hs_cell_parse_introduce_ack(payload, payload_len);
switch (status) {
- case HS_CELL_INTRO_ACK_SUCCESS:
+ case TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS:
ret = 0;
handle_introduce_ack_success(circ);
goto end;
- case HS_CELL_INTRO_ACK_FAILURE:
- case HS_CELL_INTRO_ACK_BADFMT:
- case HS_CELL_INTRO_ACK_NORELAY:
+ case TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID:
+ case TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT:
+ /* It is possible that the intro point can send us an unknown status code
+ * for the NACK that we do not know about like a new code for instance.
+ * Just fallthrough so we can note down the NACK and re-extend. */
+ default:
handle_introduce_ack_bad(circ, status);
/* We are going to see if we have to close the circuits (IP and RP) or we
* can re-extend to a new intro point. */
ret = close_or_reextend_intro_circ(circ);
break;
- default:
- log_info(LD_PROTOCOL, "Unknown INTRODUCE_ACK status code %u from %s",
- status,
- safe_str_client(extend_info_describe(circ->build_state->chosen_exit)));
- break;
}
end:
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c
index b28a5c2b80..7717ed53d4 100644
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@ -78,7 +78,7 @@ verify_establish_intro_cell(const trn_cell_establish_intro_t *cell,
/* We only reach this function if the first byte of the cell is 0x02 which
* means that auth_key_type is of ed25519 type, hence this check should
* always pass. See hs_intro_received_establish_intro(). */
- if (BUG(cell->auth_key_type != HS_INTRO_AUTH_KEY_TYPE_ED25519)) {
+ if (BUG(cell->auth_key_type != TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519)) {
return -1;
}
@@ -318,10 +318,10 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request,
* ESTABLISH_INTRO and pass it to the appropriate cell handler */
const uint8_t first_byte = request[0];
switch (first_byte) {
- case HS_INTRO_AUTH_KEY_TYPE_LEGACY0:
- case HS_INTRO_AUTH_KEY_TYPE_LEGACY1:
+ case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0:
+ case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1:
return rend_mid_establish_intro_legacy(circ, request, request_len);
- case HS_INTRO_AUTH_KEY_TYPE_ED25519:
+ case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519:
return handle_establish_intro(circ, request, request_len);
default:
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
@@ -339,7 +339,7 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request,
* Return 0 on success else a negative value on error which will close the
* circuit. */
static int
-send_introduce_ack_cell(or_circuit_t *circ, hs_intro_ack_status_t status)
+send_introduce_ack_cell(or_circuit_t *circ, uint16_t status)
{
int ret = -1;
uint8_t *encoded_cell = NULL;
@@ -399,7 +399,7 @@ validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell)
/* The auth key of an INTRODUCE1 should be of type ed25519 thus leading to a
* known fixed length as well. */
if (trn_cell_introduce1_get_auth_key_type(cell) !=
- HS_INTRO_AUTH_KEY_TYPE_ED25519) {
+ TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519) {
log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Rejecting invalid INTRODUCE1 cell auth key type. "
"Responding with NACK.");
@@ -436,7 +436,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
int ret = -1;
or_circuit_t *service_circ;
trn_cell_introduce1_t *parsed_cell;
- hs_intro_ack_status_t status = HS_INTRO_ACK_STATUS_SUCCESS;
+ uint16_t status = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS;
tor_assert(client_circ);
tor_assert(request);
@@ -451,14 +451,14 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
"Rejecting %s INTRODUCE1 cell. Responding with NACK.",
cell_size == -1 ? "invalid" : "truncated");
/* Inform client that the INTRODUCE1 has a bad format. */
- status = HS_INTRO_ACK_STATUS_BAD_FORMAT;
+ status = TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT;
goto send_ack;
}
/* Once parsed validate the cell format. */
if (validate_introduce1_parsed_cell(parsed_cell) < 0) {
/* Inform client that the INTRODUCE1 has bad format. */
- status = HS_INTRO_ACK_STATUS_BAD_FORMAT;
+ status = TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT;
goto send_ack;
}
@@ -475,7 +475,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
"Responding with NACK.",
safe_str(b64_key), client_circ->p_circ_id);
/* Inform the client that we don't know the requested service ID. */
- status = HS_INTRO_ACK_STATUS_UNKNOWN_ID;
+ status = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID;
goto send_ack;
}
}
@@ -486,13 +486,14 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
RELAY_COMMAND_INTRODUCE2,
(char *) request, request_len, NULL)) {
log_warn(LD_PROTOCOL, "Unable to send INTRODUCE2 cell to the service.");
- /* Inform the client that we can't relay the cell. */
- status = HS_INTRO_ACK_STATUS_CANT_RELAY;
+ /* Inform the client that we can't relay the cell. Use the unknown ID
+ * status code since it means that we do not know the service. */
+ status = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID;
goto send_ack;
}
/* Success! Send an INTRODUCE_ACK success status onto the client circuit. */
- status = HS_INTRO_ACK_STATUS_SUCCESS;
+ status = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS;
ret = 0;
send_ack:
diff --git a/src/feature/hs/hs_intropoint.h b/src/feature/hs/hs_intropoint.h
index 659a9ad052..e82575f052 100644
--- a/src/feature/hs/hs_intropoint.h
+++ b/src/feature/hs/hs_intropoint.h
@@ -12,21 +12,6 @@
#include "lib/crypt_ops/crypto_curve25519.h"
#include "feature/nodelist/torcert.h"
-/* Authentication key type in an ESTABLISH_INTRO cell. */
-typedef enum {
- HS_INTRO_AUTH_KEY_TYPE_LEGACY0 = 0x00,
- HS_INTRO_AUTH_KEY_TYPE_LEGACY1 = 0x01,
- HS_INTRO_AUTH_KEY_TYPE_ED25519 = 0x02,
-} hs_intro_auth_key_type_t;
-
-/* INTRODUCE_ACK status code. */
-typedef enum {
- HS_INTRO_ACK_STATUS_SUCCESS = 0x0000,
- HS_INTRO_ACK_STATUS_UNKNOWN_ID = 0x0001,
- HS_INTRO_ACK_STATUS_BAD_FORMAT = 0x0002,
- HS_INTRO_ACK_STATUS_CANT_RELAY = 0x0003,
-} hs_intro_ack_status_t;
-
/* Object containing introduction point common data between the service and
* the client side. */
typedef struct hs_intropoint_t {