1. 22 May, 2019 4 commits
    • David Goulet's avatar
      sendme: Properly record SENDMEs on both edges · 3835a3ac
      David Goulet authored and Nick Mathewson's avatar Nick Mathewson committed
      
      
      Turns out that we were only recording the "b_digest" but to have
      bidirectionnal authenticated SENDMEs, we need to use the "f_digest" in the
      forward cell situation.
      
      Because of the cpath refactoring, this commit plays with the crypt_path_ and
      relay_crypto_t API a little bit in order to respect the abstractions.
      
      Previously, we would record the cell digest as the SENDME digest in the
      decrypt cell function but to avoid code duplication (both directions needs to
      record), we now do that right after iff the cell is recognized (at the edge).
      It is now done in circuit_receive_relay_cell() instead.
      
      We now also record the cell digest as the SENDME digest in both relay cell
      encryption functions since they are split depending on the direction.
      relay_encrypt_cell_outbound() and relay_encrypt_cell_inbound() need to
      consider recording the cell digest depending on their direction (f vs b
      digest).
      
      Fixes #30428
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      3835a3ac
    • David Goulet's avatar
      sendme: Never fallback to v0 if unknown version · 44265dd6
      David Goulet authored and Nick Mathewson's avatar Nick Mathewson committed
      
      
      There was a missing cell version check against our max supported version. In
      other words, we do not fallback to v0 anymore in case we do know the SENDME
      version.
      
      We can either handle it or not, never fallback to the unauthenticated version
      in order to avoid gaming the authenticated logic.
      
      Add a unit tests making sure we properly test that and also test that we can
      always handle the default emit and accepted versions.
      
      Fixes #30428
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      44265dd6
    • David Goulet's avatar
      sendme: Validate v1 SENDMEs on both client and exit side · 69e0d5bf
      David Goulet authored and Nick Mathewson's avatar Nick Mathewson committed
      
      
      The validation of the SENDME cell is now done as the very first thing when
      receiving it for both client and exit. On failure to validate, the circuit is
      closed as detailed in the specification.
      
      Part of #30428
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      69e0d5bf
    • David Goulet's avatar
      sendme: Record cell digest on both client and exit · 59b9eecc
      David Goulet authored and Nick Mathewson's avatar Nick Mathewson committed
      
      
      It turns out that only the exit side is validating the authenticated SENDME v1
      logic and never the client side. Which means that if a client ever uploaded
      data towards an exit, the authenticated SENDME logic wouldn't apply.
      
      For this to work, we have to record the cell digest client side as well which
      introduced a new function that supports both type of edges.
      
      This also removes a test that is not valid anymore which was that we didn't
      allow cell recording on an origin circuit (client).
      
      Part of #30428
      
      Signed-off-by: David Goulet's avatarDavid Goulet <dgoulet@torproject.org>
      59b9eecc
  2. 15 May, 2019 25 commits
  3. 14 May, 2019 2 commits
  4. 13 May, 2019 9 commits