Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #33650
Closed (moved) (moved)
Open
Issue created Mar 19, 2020 by Roger Dingledine@arma

Verify that intro2 cell extensions actually work

In the future we're going to want to transport end-to-end tokens, proofs of work, or other blobs from client to onion service. We should make sure that we can actually add these into the cells without anything going wrong, like surprising asserts or surprising length enforcement.

(Now is the time to notice if things will go wrong, so we can fix them and deploy that fix, and then people will have upgraded by the time we're ready to actually use them.)

So: let's make a branch that adds "hi mom" on the client side, and reads it out again on the service side.

In spelunking through the code and the spec, I found that modern intro2 cells have an "extensions" field inside their encrypted component, which seems perfectly suited for transporting arbitrary blobs from client to service. Here's how we set it currently on the client side:

  /* Set extension data. None are used. */
  ext = trn_cell_extension_new();
  tor_assert(ext);
  trn_cell_extension_set_num(ext, 0);
  trn_cell_introduce_encrypted_set_extensions(enc_cell, ext);

So that 0 needs to become a 1, and then we need something new that makes and sets a new extension in ext (modeled maybe on build_establish_intro_dos_extension(), and something on the receiving end that invokes trn_cell_extension_parse() and reads it out to us.

I am optimistic, because this thing is encrypted, so the intro point in the middle can't be looking at it very carefully. But if we have bugs on the client side or the service side, or surprise length enforcement in the middle, now is a great time to notice and fix them.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking