From 8ccfd4a51ad55e9834cffcc91cbaa13e1f19c8ff Mon Sep 17 00:00:00 2001
From: David Goulet <dgoulet@torproject.org>
Date: Wed, 17 Feb 2021 08:39:12 -0500
Subject: hs-v2: Warn of v2 obsolete if configured

For a user using "HiddenServiceVersion 2", a log warning is emitted indicating
that v2 is now obsolete instead of a confusing message saying that the version
is not supported.

Also, if an introduction point gets a legacy (v2) ESTABLISH_INTRO, we'll
simply close the circuit without emitting a protocol warning log onto the
relay.

Related to #40266

Signed-off-by: David Goulet <dgoulet@torproject.org>
---
 src/feature/hs/hs_config.c     | 6 ++++++
 src/feature/hs/hs_intropoint.c | 5 +++++
 2 files changed, 11 insertions(+)

(limited to 'src')

diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c
index e2e1756f21..75c417c3ef 100644
--- a/src/feature/hs/hs_config.c
+++ b/src/feature/hs/hs_config.c
@@ -436,6 +436,12 @@ config_generic_service(const hs_opts_t *hs_opts,
   /* Protocol version for the service. */
   if (hs_opts->HiddenServiceVersion == -1) {
     /* No value was set; stay with the default. */
+  } else if (hs_opts->HiddenServiceVersion == 2) {
+    log_warn(LD_CONFIG, "Onion services version 2 are obsolete. Please see "
+                        "https://blog.torproject.org/v2-deprecation-timeline "
+                        "for more details and for instructions on how to "
+                        "transition to version 3.");
+    goto err;
   } else if (CHECK_OOB(hs_opts, HiddenServiceVersion,
                        HS_VERSION_MIN, HS_VERSION_MAX)) {
     goto err;
diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c
index 7ae6deffa2..d567201c77 100644
--- a/src/feature/hs/hs_intropoint.c
+++ b/src/feature/hs/hs_intropoint.c
@@ -512,6 +512,11 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request,
    * ESTABLISH_INTRO and pass it to the appropriate cell handler */
   const uint8_t first_byte = request[0];
   switch (first_byte) {
+    case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0:
+    case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1:
+      /* Likely version 2 onion service which is now obsolete. Avoid a
+       * protocol warning considering they still exists on the network. */
+      goto err;
     case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519:
       return handle_establish_intro(circ, request, request_len);
     default:
-- 
cgit v1.2.3-54-g00ecf