Commit 6d71eda2 authored by George Kadianakis's avatar George Kadianakis
Browse files

prop224: Rename auth_required HS desc field to intro_auth_required.

And remove "password" type from the list of intro auths.
parent efa5bbab
Loading
Loading
Loading
Loading
+18 −19
Original line number Diff line number Diff line
@@ -27,7 +27,7 @@
#define str_lifetime "descriptor-lifetime"
/* Constant string value for the encrypted part of the descriptor. */
#define str_create2_formats "create2-formats"
#define str_auth_required "authentication-required"
#define str_intro_auth_required "intro-auth-required"
#define str_single_onion "single-onion-service"
#define str_intro_point "introduction-point"
#define str_ip_auth_key "auth-key"
@@ -44,8 +44,7 @@
static const struct {
  hs_desc_auth_type_t type;
  const char *identifier;
} auth_types[] = {
  { HS_DESC_AUTH_PASSWORD, "password" },
} intro_auth_types[] = {
  { HS_DESC_AUTH_ED25519, "ed25519" },
  /* Indicate end of array. */
  { 0, NULL }
@@ -65,7 +64,7 @@ static token_rule_t hs_desc_v3_token_table[] = {
/* Descriptor ruleset for the encrypted section. */
static token_rule_t hs_desc_encrypted_v3_token_table[] = {
  T1_START(str_create2_formats, R3_CREATE2_FORMATS, CONCAT_ARGS, NO_OBJ),
  T01(str_auth_required, R3_AUTHENTICATION_REQUIRED, ARGS, NO_OBJ),
  T01(str_intro_auth_required, R3_INTRO_AUTH_REQUIRED, ARGS, NO_OBJ),
  T01(str_single_onion, R3_SINGLE_ONION_SERVICE, ARGS, NO_OBJ),
  END_OF_TABLE
};
@@ -123,9 +122,9 @@ desc_encrypted_data_free_contents(hs_desc_encrypted_data_t *desc)
    return;
  }

  if (desc->auth_types) {
    SMARTLIST_FOREACH(desc->auth_types, char *, a, tor_free(a));
    smartlist_free(desc->auth_types);
  if (desc->intro_auth_types) {
    SMARTLIST_FOREACH(desc->intro_auth_types, char *, a, tor_free(a));
    smartlist_free(desc->intro_auth_types);
  }
  if (desc->intro_points) {
    SMARTLIST_FOREACH(desc->intro_points, hs_desc_intro_point_t *, ip,
@@ -649,12 +648,12 @@ encode_encrypted_data(const hs_descriptor_t *desc,
    smartlist_add_asprintf(lines, "%s %d\n", str_create2_formats,
                           ONION_HANDSHAKE_TYPE_NTOR);

    if (desc->encrypted_data.auth_types &&
        smartlist_len(desc->encrypted_data.auth_types)) {
    if (desc->encrypted_data.intro_auth_types &&
        smartlist_len(desc->encrypted_data.intro_auth_types)) {
      /* Put the authentication-required line. */
      char *buf = smartlist_join_strings(desc->encrypted_data.auth_types, " ",
                                         0, NULL);
      smartlist_add_asprintf(lines, "%s %s\n", str_auth_required, buf);
      char *buf = smartlist_join_strings(desc->encrypted_data.intro_auth_types,
                                         " ", 0, NULL);
      smartlist_add_asprintf(lines, "%s %s\n", str_intro_auth_required, buf);
      tor_free(buf);
    }

@@ -894,14 +893,14 @@ decode_auth_type(hs_desc_encrypted_data_t *desc, const char *list)
  tor_assert(desc);
  tor_assert(list);

  desc->auth_types = smartlist_new();
  smartlist_split_string(desc->auth_types, list, " ", 0, 0);
  desc->intro_auth_types = smartlist_new();
  smartlist_split_string(desc->intro_auth_types, list, " ", 0, 0);

  /* Validate the types that we at least know about one. */
  SMARTLIST_FOREACH_BEGIN(desc->auth_types, const char *, auth) {
    for (int idx = 0; auth_types[idx].identifier; idx++) {
      if (!strncmp(auth, auth_types[idx].identifier,
                   strlen(auth_types[idx].identifier))) {
  SMARTLIST_FOREACH_BEGIN(desc->intro_auth_types, const char *, auth) {
    for (int idx = 0; intro_auth_types[idx].identifier; idx++) {
      if (!strncmp(auth, intro_auth_types[idx].identifier,
                   strlen(intro_auth_types[idx].identifier))) {
        match = 1;
        break;
      }
@@ -1572,7 +1571,7 @@ desc_decode_encrypted_v3(const hs_descriptor_t *desc,
  }

  /* Authentication type. It's optional but only once. */
  tok = find_opt_by_keyword(tokens, R3_AUTHENTICATION_REQUIRED);
  tok = find_opt_by_keyword(tokens, R3_INTRO_AUTH_REQUIRED);
  if (tok) {
    if (!decode_auth_type(desc_encrypted_out, tok->args[0])) {
      log_warn(LD_REND, "Service descriptor authentication type has "
+2 −3
Original line number Diff line number Diff line
@@ -68,8 +68,7 @@

/* Type of authentication in the descriptor. */
typedef enum {
  HS_DESC_AUTH_PASSWORD = 1,
  HS_DESC_AUTH_ED25519  = 2,
  HS_DESC_AUTH_ED25519 = 1
} hs_desc_auth_type_t;

/* Type of encryption key in the descriptor. */
@@ -132,7 +131,7 @@ typedef struct hs_desc_encrypted_data_t {

  /* A list of authentication types that a client must at least support one
   * in order to contact the service. Contains NULL terminated strings. */
  smartlist_t *auth_types;
  smartlist_t *intro_auth_types;

  /* Is this descriptor a single onion service? */
  unsigned int single_onion_service : 1;
+1 −1
Original line number Diff line number Diff line
@@ -157,7 +157,7 @@ typedef enum {
  R3_SUPERENCRYPTED,
  R3_SIGNATURE,
  R3_CREATE2_FORMATS,
  R3_AUTHENTICATION_REQUIRED,
  R3_INTRO_AUTH_REQUIRED,
  R3_SINGLE_ONION_SERVICE,
  R3_INTRODUCTION_POINT,
  R3_INTRO_AUTH_KEY,
+2 −2
Original line number Diff line number Diff line
@@ -93,8 +93,8 @@ helper_build_hs_desc(uint64_t revision_counter, uint32_t lifetime,

  /* Setup encrypted data section. */
  desc->encrypted_data.create2_ntor = 1;
  desc->encrypted_data.auth_types = smartlist_new();
  smartlist_add(desc->encrypted_data.auth_types, tor_strdup("ed25519"));
  desc->encrypted_data.intro_auth_types = smartlist_new();
  smartlist_add(desc->encrypted_data.intro_auth_types, tor_strdup("ed25519"));
  desc->encrypted_data.intro_points = smartlist_new();
  /* Add an intro point. */
  smartlist_add(desc->encrypted_data.intro_points,
+13 −10
Original line number Diff line number Diff line
@@ -105,9 +105,9 @@ helper_build_hs_desc(unsigned int no_ip, ed25519_public_key_t *signing_pubkey)

  /* Setup encrypted data section. */
  desc->encrypted_data.create2_ntor = 1;
  desc->encrypted_data.auth_types = smartlist_new();
  desc->encrypted_data.intro_auth_types = smartlist_new();
  desc->encrypted_data.single_onion_service = 1;
  smartlist_add(desc->encrypted_data.auth_types, tor_strdup("ed25519"));
  smartlist_add(desc->encrypted_data.intro_auth_types, tor_strdup("ed25519"));
  desc->encrypted_data.intro_points = smartlist_new();
  if (!no_ip) {
    /* Add four intro points. */
@@ -157,14 +157,17 @@ helper_compare_hs_desc(const hs_descriptor_t *desc1,
             desc2->encrypted_data.create2_ntor);

  /* Authentication type. */
  tt_int_op(!!desc1->encrypted_data.auth_types, ==,
            !!desc2->encrypted_data.auth_types);
  if (desc1->encrypted_data.auth_types && desc2->encrypted_data.auth_types) {
    tt_int_op(smartlist_len(desc1->encrypted_data.auth_types), ==,
              smartlist_len(desc2->encrypted_data.auth_types));
    for (int i = 0; i < smartlist_len(desc1->encrypted_data.auth_types); i++) {
      tt_str_op(smartlist_get(desc1->encrypted_data.auth_types, i), OP_EQ,
                smartlist_get(desc2->encrypted_data.auth_types, i));
  tt_int_op(!!desc1->encrypted_data.intro_auth_types, ==,
            !!desc2->encrypted_data.intro_auth_types);
  if (desc1->encrypted_data.intro_auth_types &&
      desc2->encrypted_data.intro_auth_types) {
    tt_int_op(smartlist_len(desc1->encrypted_data.intro_auth_types), ==,
              smartlist_len(desc2->encrypted_data.intro_auth_types));
    for (int i = 0;
         i < smartlist_len(desc1->encrypted_data.intro_auth_types);
         i++) {
      tt_str_op(smartlist_get(desc1->encrypted_data.intro_auth_types, i),OP_EQ,
                smartlist_get(desc2->encrypted_data.intro_auth_types, i));
    }
  }