diff options
Diffstat (limited to 'src/feature/hs')
-rw-r--r-- | src/feature/hs/hs_cell.c | 16 | ||||
-rw-r--r-- | src/feature/hs/hs_cell.h | 13 | ||||
-rw-r--r-- | src/feature/hs/hs_client.c | 18 | ||||
-rw-r--r-- | src/feature/hs/hs_intropoint.c | 27 | ||||
-rw-r--r-- | src/feature/hs/hs_intropoint.h | 15 |
5 files changed, 32 insertions, 57 deletions
diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index 597982b34e..613ffe7260 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -161,11 +161,12 @@ parse_introduce2_encrypted(const uint8_t *decrypted_data, } if (trn_cell_introduce_encrypted_get_onion_key_type(enc_cell) != - HS_CELL_ONION_KEY_TYPE_NTOR) { + TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR) { log_info(LD_REND, "INTRODUCE2 onion key type is invalid. Got %u but " "expected %u on circuit %u for service %s", trn_cell_introduce_encrypted_get_onion_key_type(enc_cell), - HS_CELL_ONION_KEY_TYPE_NTOR, TO_CIRCUIT(circ)->n_circ_id, + TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR, + TO_CIRCUIT(circ)->n_circ_id, safe_str_client(service->onion_address)); goto err; } @@ -258,7 +259,7 @@ introduce1_set_encrypted_onion_key(trn_cell_introduce_encrypted_t *cell, tor_assert(onion_pk); /* There is only one possible key type for a non legacy cell. */ trn_cell_introduce_encrypted_set_onion_key_type(cell, - HS_CELL_ONION_KEY_TYPE_NTOR); + TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR); trn_cell_introduce_encrypted_set_onion_key_len(cell, CURVE25519_PUBKEY_LEN); trn_cell_introduce_encrypted_setlen_onion_key(cell, CURVE25519_PUBKEY_LEN); memcpy(trn_cell_introduce_encrypted_getarray_onion_key(cell), onion_pk, @@ -442,7 +443,8 @@ introduce1_set_auth_key(trn_cell_introduce1_t *cell, tor_assert(cell); tor_assert(data); /* There is only one possible type for a non legacy cell. */ - trn_cell_introduce1_set_auth_key_type(cell, HS_INTRO_AUTH_KEY_TYPE_ED25519); + trn_cell_introduce1_set_auth_key_type(cell, + TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519); trn_cell_introduce1_set_auth_key_len(cell, ED25519_PUBKEY_LEN); trn_cell_introduce1_setlen_auth_key(cell, ED25519_PUBKEY_LEN); memcpy(trn_cell_introduce1_getarray_auth_key(cell), @@ -515,7 +517,7 @@ hs_cell_build_establish_intro(const char *circ_nonce, /* Set AUTH_KEY_TYPE: 2 means ed25519 */ trn_cell_establish_intro_set_auth_key_type(cell, - HS_INTRO_AUTH_KEY_TYPE_ED25519); + TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519); /* Set AUTH_KEY and AUTH_KEY_LEN field. Must also set byte-length of * AUTH_KEY to match */ @@ -882,9 +884,9 @@ hs_cell_parse_introduce_ack(const uint8_t *payload, size_t payload_len) * do a special case. */ if (payload_len <= 1) { if (payload_len == 0) { - ret = HS_CELL_INTRO_ACK_SUCCESS; + ret = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS; } else { - ret = HS_CELL_INTRO_ACK_FAILURE; + ret = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID; } goto end; } diff --git a/src/feature/hs/hs_cell.h b/src/feature/hs/hs_cell.h index abdaba4fba..9569de535e 100644 --- a/src/feature/hs/hs_cell.h +++ b/src/feature/hs/hs_cell.h @@ -16,19 +16,6 @@ * 3.2.2 of the specification). Below this value, the cell must be padded. */ #define HS_CELL_INTRODUCE1_MIN_SIZE 246 -/* Status code of an INTRODUCE_ACK cell. */ -typedef enum { - HS_CELL_INTRO_ACK_SUCCESS = 0x0000, /* Cell relayed to service. */ - HS_CELL_INTRO_ACK_FAILURE = 0x0001, /* Service ID not recognized */ - HS_CELL_INTRO_ACK_BADFMT = 0x0002, /* Bad message format */ - HS_CELL_INTRO_ACK_NORELAY = 0x0003, /* Can't relay cell to service */ -} hs_cell_introd_ack_status_t; - -/* Onion key type found in the INTRODUCE1 cell. */ -typedef enum { - HS_CELL_ONION_KEY_TYPE_NTOR = 1, -} hs_cell_onion_key_type_t; - /* This data structure contains data that we need to build an INTRODUCE1 cell * used by the INTRODUCE1 build function. */ typedef struct hs_cell_introduce1_data_t { diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index bd43ef6132..2a5765aec2 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -47,6 +47,8 @@ * public key to hs_client_service_authorization_t *. */ static digest256map_t *client_auths = NULL; +#include "trunnel/hs/cell_introduce1.h" + /* Return a human-readable string for the client fetch status code. */ static const char * fetch_status_to_string(hs_client_fetch_status_t status) @@ -1067,23 +1069,21 @@ handle_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, status = hs_cell_parse_introduce_ack(payload, payload_len); switch (status) { - case HS_CELL_INTRO_ACK_SUCCESS: + case TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS: ret = 0; handle_introduce_ack_success(circ); goto end; - case HS_CELL_INTRO_ACK_FAILURE: - case HS_CELL_INTRO_ACK_BADFMT: - case HS_CELL_INTRO_ACK_NORELAY: + case TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID: + case TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT: + /* It is possible that the intro point can send us an unknown status code + * for the NACK that we do not know about like a new code for instance. + * Just fallthrough so we can note down the NACK and re-extend. */ + default: handle_introduce_ack_bad(circ, status); /* We are going to see if we have to close the circuits (IP and RP) or we * can re-extend to a new intro point. */ ret = close_or_reextend_intro_circ(circ); break; - default: - log_info(LD_PROTOCOL, "Unknown INTRODUCE_ACK status code %u from %s", - status, - safe_str_client(extend_info_describe(circ->build_state->chosen_exit))); - break; } end: diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index b28a5c2b80..7717ed53d4 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -78,7 +78,7 @@ verify_establish_intro_cell(const trn_cell_establish_intro_t *cell, /* We only reach this function if the first byte of the cell is 0x02 which * means that auth_key_type is of ed25519 type, hence this check should * always pass. See hs_intro_received_establish_intro(). */ - if (BUG(cell->auth_key_type != HS_INTRO_AUTH_KEY_TYPE_ED25519)) { + if (BUG(cell->auth_key_type != TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519)) { return -1; } @@ -318,10 +318,10 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request, * ESTABLISH_INTRO and pass it to the appropriate cell handler */ const uint8_t first_byte = request[0]; switch (first_byte) { - case HS_INTRO_AUTH_KEY_TYPE_LEGACY0: - case HS_INTRO_AUTH_KEY_TYPE_LEGACY1: + case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0: + case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1: return rend_mid_establish_intro_legacy(circ, request, request_len); - case HS_INTRO_AUTH_KEY_TYPE_ED25519: + case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519: return handle_establish_intro(circ, request, request_len); default: log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, @@ -339,7 +339,7 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request, * Return 0 on success else a negative value on error which will close the * circuit. */ static int -send_introduce_ack_cell(or_circuit_t *circ, hs_intro_ack_status_t status) +send_introduce_ack_cell(or_circuit_t *circ, uint16_t status) { int ret = -1; uint8_t *encoded_cell = NULL; @@ -399,7 +399,7 @@ validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell) /* The auth key of an INTRODUCE1 should be of type ed25519 thus leading to a * known fixed length as well. */ if (trn_cell_introduce1_get_auth_key_type(cell) != - HS_INTRO_AUTH_KEY_TYPE_ED25519) { + TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Rejecting invalid INTRODUCE1 cell auth key type. " "Responding with NACK."); @@ -436,7 +436,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, int ret = -1; or_circuit_t *service_circ; trn_cell_introduce1_t *parsed_cell; - hs_intro_ack_status_t status = HS_INTRO_ACK_STATUS_SUCCESS; + uint16_t status = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS; tor_assert(client_circ); tor_assert(request); @@ -451,14 +451,14 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, "Rejecting %s INTRODUCE1 cell. Responding with NACK.", cell_size == -1 ? "invalid" : "truncated"); /* Inform client that the INTRODUCE1 has a bad format. */ - status = HS_INTRO_ACK_STATUS_BAD_FORMAT; + status = TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT; goto send_ack; } /* Once parsed validate the cell format. */ if (validate_introduce1_parsed_cell(parsed_cell) < 0) { /* Inform client that the INTRODUCE1 has bad format. */ - status = HS_INTRO_ACK_STATUS_BAD_FORMAT; + status = TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT; goto send_ack; } @@ -475,7 +475,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, "Responding with NACK.", safe_str(b64_key), client_circ->p_circ_id); /* Inform the client that we don't know the requested service ID. */ - status = HS_INTRO_ACK_STATUS_UNKNOWN_ID; + status = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID; goto send_ack; } } @@ -486,13 +486,14 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, RELAY_COMMAND_INTRODUCE2, (char *) request, request_len, NULL)) { log_warn(LD_PROTOCOL, "Unable to send INTRODUCE2 cell to the service."); - /* Inform the client that we can't relay the cell. */ - status = HS_INTRO_ACK_STATUS_CANT_RELAY; + /* Inform the client that we can't relay the cell. Use the unknown ID + * status code since it means that we do not know the service. */ + status = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID; goto send_ack; } /* Success! Send an INTRODUCE_ACK success status onto the client circuit. */ - status = HS_INTRO_ACK_STATUS_SUCCESS; + status = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS; ret = 0; send_ack: diff --git a/src/feature/hs/hs_intropoint.h b/src/feature/hs/hs_intropoint.h index 659a9ad052..e82575f052 100644 --- a/src/feature/hs/hs_intropoint.h +++ b/src/feature/hs/hs_intropoint.h @@ -12,21 +12,6 @@ #include "lib/crypt_ops/crypto_curve25519.h" #include "feature/nodelist/torcert.h" -/* Authentication key type in an ESTABLISH_INTRO cell. */ -typedef enum { - HS_INTRO_AUTH_KEY_TYPE_LEGACY0 = 0x00, - HS_INTRO_AUTH_KEY_TYPE_LEGACY1 = 0x01, - HS_INTRO_AUTH_KEY_TYPE_ED25519 = 0x02, -} hs_intro_auth_key_type_t; - -/* INTRODUCE_ACK status code. */ -typedef enum { - HS_INTRO_ACK_STATUS_SUCCESS = 0x0000, - HS_INTRO_ACK_STATUS_UNKNOWN_ID = 0x0001, - HS_INTRO_ACK_STATUS_BAD_FORMAT = 0x0002, - HS_INTRO_ACK_STATUS_CANT_RELAY = 0x0003, -} hs_intro_ack_status_t; - /* Object containing introduction point common data between the service and * the client side. */ typedef struct hs_intropoint_t { |