Commit 6bacc3c7 authored by David Goulet's avatar David Goulet 🐼
Browse files

hs: Change trunnel prop224 cell's namespace



One of the goals of this change is to have trunnel API/ABI being more explicit
so we namespace them with "trn_*". Furthermore, we can now create
hs_cells.[ch] without having to confuse it with trunnel which used to be
"hs_cell_*" before that change.

Here are the perl line that were used for this rename:

  perl -i -pe 's/cell_extension/trn_cell_extension/g;' src/*/*.[ch]
  perl -i -pe 's/cell_extension/trn_cell_extension/g;' src/trunnel/hs/*.trunnel
  perl -i -pe 's/hs_cell_/trn_cell_/g;' src/*/*.[ch]
  perl -i -pe 's/hs_cell_/trn_cell_/g;' src/trunnel/hs/*.trunnel

  And then "./scripts/codegen/run_trunnel.sh" with trunnel commit id
  613fb1b98e58504e2b84ef56b1602b6380629043.

Fixes #21919

Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
parent 01fc93ff
Loading
Loading
Loading
Loading
+1 −1
Original line number Diff line number Diff line
@@ -31,7 +31,7 @@
#    define IS_LITTLE_ENDIAN
#  endif
#else
# if defined(__FreeBSD__) || defined(__NetBSD__) || defined(OpenBSD)
# if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
#  include <sys/endian.h>
# else
#  include <endian.h>
+45 −45
Original line number Diff line number Diff line
@@ -43,16 +43,16 @@ get_auth_key_from_cell(ed25519_public_key_t *auth_key_out,
  switch (cell_type) {
  case RELAY_COMMAND_ESTABLISH_INTRO:
  {
    const hs_cell_establish_intro_t *c_cell = cell;
    key_array = hs_cell_establish_intro_getconstarray_auth_key(c_cell);
    auth_key_len = hs_cell_establish_intro_getlen_auth_key(c_cell);
    const trn_cell_establish_intro_t *c_cell = cell;
    key_array = trn_cell_establish_intro_getconstarray_auth_key(c_cell);
    auth_key_len = trn_cell_establish_intro_getlen_auth_key(c_cell);
    break;
  }
  case RELAY_COMMAND_INTRODUCE1:
  {
    const hs_cell_introduce1_t *c_cell = cell;
    key_array = hs_cell_introduce1_getconstarray_auth_key(cell);
    auth_key_len = hs_cell_introduce1_getlen_auth_key(c_cell);
    const trn_cell_introduce1_t *c_cell = cell;
    key_array = trn_cell_introduce1_getconstarray_auth_key(cell);
    auth_key_len = trn_cell_introduce1_getlen_auth_key(c_cell);
    break;
  }
  default:
@@ -68,7 +68,7 @@ get_auth_key_from_cell(ed25519_public_key_t *auth_key_out,
/** We received an ESTABLISH_INTRO <b>cell</b>. Verify its signature and MAC,
 *  given <b>circuit_key_material</b>. Return 0 on success else -1 on error. */
STATIC int
verify_establish_intro_cell(const hs_cell_establish_intro_t *cell,
verify_establish_intro_cell(const trn_cell_establish_intro_t *cell,
                            const uint8_t *circuit_key_material,
                            size_t circuit_key_material_len)
{
@@ -82,8 +82,8 @@ verify_establish_intro_cell(const hs_cell_establish_intro_t *cell,
  /* Make sure the auth key length is of the right size for this type. For
   * EXTRA safety, we check both the size of the array and the length which
   * must be the same. Safety first!*/
  if (hs_cell_establish_intro_getlen_auth_key(cell) != ED25519_PUBKEY_LEN ||
      hs_cell_establish_intro_get_auth_key_len(cell) != ED25519_PUBKEY_LEN) {
  if (trn_cell_establish_intro_getlen_auth_key(cell) != ED25519_PUBKEY_LEN ||
      trn_cell_establish_intro_get_auth_key_len(cell) != ED25519_PUBKEY_LEN) {
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
           "ESTABLISH_INTRO auth key length is invalid");
    return -1;
@@ -94,13 +94,13 @@ verify_establish_intro_cell(const hs_cell_establish_intro_t *cell,
  /* Verify the sig */
  {
    ed25519_signature_t sig_struct;
    const uint8_t *sig_array = hs_cell_establish_intro_getconstarray_sig(cell);
    const uint8_t *sig_array = trn_cell_establish_intro_getconstarray_sig(cell);

    /* Make sure the signature length is of the right size. For EXTRA safety,
     * we check both the size of the array and the length which must be the
     * same. Safety first!*/
    if (hs_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) ||
        hs_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) {
    if (trn_cell_establish_intro_getlen_sig(cell) != sizeof(sig_struct.sig) ||
        trn_cell_establish_intro_get_sig_len(cell) != sizeof(sig_struct.sig)) {
      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
             "ESTABLISH_INTRO sig len is invalid");
      return -1;
@@ -147,21 +147,21 @@ hs_intro_send_intro_established_cell,(or_circuit_t *circ))
  int ret;
  uint8_t *encoded_cell = NULL;
  ssize_t encoded_len, result_len;
  hs_cell_intro_established_t *cell;
  cell_extension_t *ext;
  trn_cell_intro_established_t *cell;
  trn_cell_extension_t *ext;

  tor_assert(circ);

  /* Build the cell payload. */
  cell = hs_cell_intro_established_new();
  ext = cell_extension_new();
  cell_extension_set_num(ext, 0);
  hs_cell_intro_established_set_extensions(cell, ext);
  cell = trn_cell_intro_established_new();
  ext = trn_cell_extension_new();
  trn_cell_extension_set_num(ext, 0);
  trn_cell_intro_established_set_extensions(cell, ext);
  /* Encode the cell to binary format. */
  encoded_len = hs_cell_intro_established_encoded_len(cell);
  encoded_len = trn_cell_intro_established_encoded_len(cell);
  tor_assert(encoded_len > 0);
  encoded_cell = tor_malloc_zero(encoded_len);
  result_len = hs_cell_intro_established_encode(encoded_cell, encoded_len,
  result_len = trn_cell_intro_established_encode(encoded_cell, encoded_len,
                                                cell);
  tor_assert(encoded_len == result_len);

@@ -170,7 +170,7 @@ hs_intro_send_intro_established_cell,(or_circuit_t *circ))
                                     (char *) encoded_cell, encoded_len,
                                     NULL);
  /* On failure, the above function will close the circuit. */
  hs_cell_intro_established_free(cell);
  trn_cell_intro_established_free(cell);
  tor_free(encoded_cell);
  return ret;
}
@@ -180,7 +180,7 @@ hs_intro_send_intro_established_cell,(or_circuit_t *circ))
 *  establish an intro point. */
static int
handle_verified_establish_intro_cell(or_circuit_t *circ,
                               const hs_cell_establish_intro_t *parsed_cell)
                               const trn_cell_establish_intro_t *parsed_cell)
{
  /* Get the auth key of this intro point */
  ed25519_public_key_t auth_key;
@@ -210,7 +210,7 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request,
                       size_t request_len)
{
  int cell_ok, retval = -1;
  hs_cell_establish_intro_t *parsed_cell = NULL;
  trn_cell_establish_intro_t *parsed_cell = NULL;

  tor_assert(circ);
  tor_assert(request);
@@ -224,7 +224,7 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request,
  }

  /* Parse the cell */
  ssize_t parsing_result = hs_cell_establish_intro_parse(&parsed_cell,
  ssize_t parsing_result = trn_cell_establish_intro_parse(&parsed_cell,
                                                         request, request_len);
  if (parsing_result < 0) {
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
@@ -259,7 +259,7 @@ handle_establish_intro(or_circuit_t *circ, const uint8_t *request,
  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);

 done:
  hs_cell_establish_intro_free(parsed_cell);
  trn_cell_establish_intro_free(parsed_cell);
  return retval;
}

@@ -339,28 +339,28 @@ send_introduce_ack_cell(or_circuit_t *circ, hs_intro_ack_status_t status)
  int ret = -1;
  uint8_t *encoded_cell = NULL;
  ssize_t encoded_len, result_len;
  hs_cell_introduce_ack_t *cell;
  cell_extension_t *ext;
  trn_cell_introduce_ack_t *cell;
  trn_cell_extension_t *ext;

  tor_assert(circ);

  /* Setup the INTRODUCE_ACK cell. We have no extensions so the N_EXTENSIONS
   * field is set to 0 by default with a new object. */
  cell = hs_cell_introduce_ack_new();
  ret = hs_cell_introduce_ack_set_status(cell, status);
  cell = trn_cell_introduce_ack_new();
  ret = trn_cell_introduce_ack_set_status(cell, status);
  /* We have no cell extensions in an INTRODUCE_ACK cell. */
  ext = cell_extension_new();
  cell_extension_set_num(ext, 0);
  hs_cell_introduce_ack_set_extensions(cell, ext);
  ext = trn_cell_extension_new();
  trn_cell_extension_set_num(ext, 0);
  trn_cell_introduce_ack_set_extensions(cell, ext);
  /* A wrong status is a very bad code flow error as this value is controlled
   * by the code in this file and not an external input. This means we use a
   * code that is not known by the trunnel ABI. */
  tor_assert(ret == 0);
  /* Encode the payload. We should never fail to get the encoded length. */
  encoded_len = hs_cell_introduce_ack_encoded_len(cell);
  encoded_len = trn_cell_introduce_ack_encoded_len(cell);
  tor_assert(encoded_len > 0);
  encoded_cell = tor_malloc_zero(encoded_len);
  result_len = hs_cell_introduce_ack_encode(encoded_cell, encoded_len, cell);
  result_len = trn_cell_introduce_ack_encode(encoded_cell, encoded_len, cell);
  tor_assert(encoded_len == result_len);

  ret = relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
@@ -368,7 +368,7 @@ send_introduce_ack_cell(or_circuit_t *circ, hs_intro_ack_status_t status)
                                     (char *) encoded_cell, encoded_len,
                                     NULL);
  /* On failure, the above function will close the circuit. */
  hs_cell_introduce_ack_free(cell);
  trn_cell_introduce_ack_free(cell);
  tor_free(encoded_cell);
  return ret;
}
@@ -376,7 +376,7 @@ send_introduce_ack_cell(or_circuit_t *circ, hs_intro_ack_status_t status)
/* Validate a parsed INTRODUCE1 <b>cell</b>. Return 0 if valid or else a
 * negative value for an invalid cell that should be NACKed. */
STATIC int
validate_introduce1_parsed_cell(const hs_cell_introduce1_t *cell)
validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell)
{
  size_t legacy_key_id_len;
  const uint8_t *legacy_key_id;
@@ -385,29 +385,29 @@ validate_introduce1_parsed_cell(const hs_cell_introduce1_t *cell)

  /* This code path SHOULD NEVER be reached if the cell is a legacy type so
   * safety net here. The legacy ID must be zeroes in this case. */
  legacy_key_id_len = hs_cell_introduce1_getlen_legacy_key_id(cell);
  legacy_key_id = hs_cell_introduce1_getconstarray_legacy_key_id(cell);
  legacy_key_id_len = trn_cell_introduce1_getlen_legacy_key_id(cell);
  legacy_key_id = trn_cell_introduce1_getconstarray_legacy_key_id(cell);
  if (BUG(!tor_mem_is_zero((char *) legacy_key_id, legacy_key_id_len))) {
    goto invalid;
  }

  /* The auth key of an INTRODUCE1 should be of type ed25519 thus leading to a
   * known fixed length as well. */
  if (hs_cell_introduce1_get_auth_key_type(cell) !=
  if (trn_cell_introduce1_get_auth_key_type(cell) !=
      HS_INTRO_AUTH_KEY_TYPE_ED25519) {
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
           "Rejecting invalid INTRODUCE1 cell auth key type. "
           "Responding with NACK.");
    goto invalid;
  }
  if (hs_cell_introduce1_get_auth_key_len(cell) != ED25519_PUBKEY_LEN ||
      hs_cell_introduce1_getlen_auth_key(cell) != ED25519_PUBKEY_LEN) {
  if (trn_cell_introduce1_get_auth_key_len(cell) != ED25519_PUBKEY_LEN ||
      trn_cell_introduce1_getlen_auth_key(cell) != ED25519_PUBKEY_LEN) {
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
           "Rejecting invalid INTRODUCE1 cell auth key length. "
           "Responding with NACK.");
    goto invalid;
  }
  if (hs_cell_introduce1_getlen_encrypted(cell) == 0) {
  if (trn_cell_introduce1_getlen_encrypted(cell) == 0) {
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
           "Rejecting invalid INTRODUCE1 cell encrypted length. "
           "Responding with NACK.");
@@ -430,7 +430,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
{
  int ret = -1;
  or_circuit_t *service_circ;
  hs_cell_introduce1_t *parsed_cell;
  trn_cell_introduce1_t *parsed_cell;
  hs_intro_ack_status_t status = HS_INTRO_ACK_STATUS_SUCCESS;

  tor_assert(client_circ);
@@ -439,7 +439,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
  /* Parse cell. Note that we can only parse the non encrypted section for
   * which we'll use the authentication key to find the service introduction
   * circuit and relay the cell on it. */
  ssize_t cell_size = hs_cell_introduce1_parse(&parsed_cell, request,
  ssize_t cell_size = trn_cell_introduce1_parse(&parsed_cell, request,
                                               request_len);
  if (cell_size < 0) {
    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
@@ -505,7 +505,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request,
    circuit_mark_for_close(TO_CIRCUIT(client_circ), END_CIRC_REASON_INTERNAL);
  }
 done:
  hs_cell_introduce1_free(parsed_cell);
  trn_cell_introduce1_free(parsed_cell);
  return ret;
}

+2 −2
Original line number Diff line number Diff line
@@ -41,7 +41,7 @@ int hs_intro_circuit_is_suitable_for_establish_intro(const or_circuit_t *circ);
#include "hs/cell_introduce1.h"

STATIC int
verify_establish_intro_cell(const hs_cell_establish_intro_t *out,
verify_establish_intro_cell(const trn_cell_establish_intro_t *out,
                            const uint8_t *circuit_key_material,
                            size_t circuit_key_material_len);

@@ -52,7 +52,7 @@ get_auth_key_from_cell(ed25519_public_key_t *auth_key_out,
STATIC int introduce1_cell_is_legacy(const uint8_t *request);
STATIC int handle_introduce1(or_circuit_t *client_circ,
                             const uint8_t *request, size_t request_len);
STATIC int validate_introduce1_parsed_cell(const hs_cell_introduce1_t *cell);
STATIC int validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell);
STATIC int circuit_is_suitable_for_introduce1(const or_circuit_t *circ);

#endif /* HS_INTROPOINT_PRIVATE */
+21 −21
Original line number Diff line number Diff line
@@ -27,7 +27,7 @@
 *  bytes written, or a negative integer if there was an error. */
ssize_t
get_establish_intro_payload(uint8_t *buf_out, size_t buf_out_len,
                            const hs_cell_establish_intro_t *cell)
                            const trn_cell_establish_intro_t *cell)
{
  ssize_t bytes_used = 0;

@@ -35,31 +35,31 @@ get_establish_intro_payload(uint8_t *buf_out, size_t buf_out_len,
    return -1;
  }

  bytes_used = hs_cell_establish_intro_encode(buf_out, buf_out_len,
  bytes_used = trn_cell_establish_intro_encode(buf_out, buf_out_len,
                                              cell);
  return bytes_used;
}

/* Set the cell extensions of <b>cell</b>. */
static void
set_cell_extensions(hs_cell_establish_intro_t *cell)
set_trn_cell_extensions(trn_cell_establish_intro_t *cell)
{
  cell_extension_t *cell_extensions = cell_extension_new();
  trn_cell_extension_t *trn_cell_extensions = trn_cell_extension_new();

  /* For now, we don't use extensions at all. */
  cell_extensions->num = 0; /* It's already zeroed, but be explicit. */
  hs_cell_establish_intro_set_extensions(cell, cell_extensions);
  trn_cell_extensions->num = 0; /* It's already zeroed, but be explicit. */
  trn_cell_establish_intro_set_extensions(cell, trn_cell_extensions);
}

/** Given the circuit handshake info in <b>circuit_key_material</b>, create and
 *  return an ESTABLISH_INTRO cell. Return NULL if something went wrong.  The
 *  returned cell is allocated on the heap and it's the responsibility of the
 *  caller to free it. */
hs_cell_establish_intro_t *
trn_cell_establish_intro_t *
generate_establish_intro_cell(const uint8_t *circuit_key_material,
                              size_t circuit_key_material_len)
{
  hs_cell_establish_intro_t *cell = NULL;
  trn_cell_establish_intro_t *cell = NULL;
  ssize_t encoded_len;

  log_warn(LD_GENERAL,
@@ -72,31 +72,31 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material,
    goto err;
  }

  cell = hs_cell_establish_intro_new();
  cell = trn_cell_establish_intro_new();

  /* Set AUTH_KEY_TYPE: 2 means ed25519 */
  hs_cell_establish_intro_set_auth_key_type(cell, AUTH_KEY_ED25519);
  trn_cell_establish_intro_set_auth_key_type(cell, AUTH_KEY_ED25519);

  /* Set AUTH_KEY_LEN field */
  /* Must also set byte-length of AUTH_KEY to match */
  int auth_key_len = ED25519_PUBKEY_LEN;
  hs_cell_establish_intro_set_auth_key_len(cell, auth_key_len);
  hs_cell_establish_intro_setlen_auth_key(cell, auth_key_len);
  trn_cell_establish_intro_set_auth_key_len(cell, auth_key_len);
  trn_cell_establish_intro_setlen_auth_key(cell, auth_key_len);

  /* Set AUTH_KEY field */
  uint8_t *auth_key_ptr = hs_cell_establish_intro_getarray_auth_key(cell);
  uint8_t *auth_key_ptr = trn_cell_establish_intro_getarray_auth_key(cell);
  memcpy(auth_key_ptr, key_struct.pubkey.pubkey, auth_key_len);

  /* No cell extensions needed */
  set_cell_extensions(cell);
  set_trn_cell_extensions(cell);

  /* Set signature size.
     We need to do this up here, because _encode() needs it and we need to call
     _encode() to calculate the MAC and signature.
  */
  int sig_len = ED25519_SIG_LEN;
  hs_cell_establish_intro_set_sig_len(cell, sig_len);
  hs_cell_establish_intro_setlen_sig(cell, sig_len);
  trn_cell_establish_intro_set_sig_len(cell, sig_len);
  trn_cell_establish_intro_setlen_sig(cell, sig_len);

  /* XXX How to make this process easier and nicer? */

@@ -107,7 +107,7 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material,
    uint8_t cell_bytes_tmp[RELAY_PAYLOAD_SIZE] = {0};
    uint8_t mac[TRUNNEL_SHA3_256_LEN];

    encoded_len = hs_cell_establish_intro_encode(cell_bytes_tmp,
    encoded_len = trn_cell_establish_intro_encode(cell_bytes_tmp,
                                                 sizeof(cell_bytes_tmp),
                                                 cell);
    if (encoded_len < 0) {
@@ -126,7 +126,7 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material,
                          (ED25519_SIG_LEN + 2 + TRUNNEL_SHA3_256_LEN));
    /* Write the MAC to the cell */
    uint8_t *handshake_ptr =
      hs_cell_establish_intro_getarray_handshake_mac(cell);
      trn_cell_establish_intro_getarray_handshake_mac(cell);
    memcpy(handshake_ptr, mac, sizeof(mac));
  }

@@ -137,7 +137,7 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material,
    uint8_t cell_bytes_tmp[RELAY_PAYLOAD_SIZE] = {0};
    ed25519_signature_t sig;

    encoded_len = hs_cell_establish_intro_encode(cell_bytes_tmp,
    encoded_len = trn_cell_establish_intro_encode(cell_bytes_tmp,
                                                 sizeof(cell_bytes_tmp),
                                                 cell);
    if (encoded_len < 0) {
@@ -158,7 +158,7 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material,
    }

    /* And write the signature to the cell */
    uint8_t *sig_ptr = hs_cell_establish_intro_getarray_sig(cell);
    uint8_t *sig_ptr = trn_cell_establish_intro_getarray_sig(cell);
    memcpy(sig_ptr, sig.sig, sig_len);
  }

@@ -166,7 +166,7 @@ generate_establish_intro_cell(const uint8_t *circuit_key_material,
  return cell;

 err:
  hs_cell_establish_intro_free(cell);
  trn_cell_establish_intro_free(cell);
  return NULL;
}
+2 −2
Original line number Diff line number Diff line
@@ -16,12 +16,12 @@
 * hs_service.o ends up with no symbols in libor.a which makes clang throw a
 * warning at compile time. See #21825. */

hs_cell_establish_intro_t *
trn_cell_establish_intro_t *
generate_establish_intro_cell(const uint8_t *circuit_key_material,
                              size_t circuit_key_material_len);
ssize_t
get_establish_intro_payload(uint8_t *buf, size_t buf_len,
                            const hs_cell_establish_intro_t *cell);
                            const trn_cell_establish_intro_t *cell);

#endif /* TOR_HS_SERVICE_H */
Loading