Channel: Expose our view of whether the clock is skewed, and the age

of a channel. At first I wanted to have this information not be a part of channels at all, but it is a fairly tiny amount of data, and the alternatives are pretty crufty.

Channel: Expose our view of whether the clock is skewed, and the age
7656ab09 · Nick Mathewson · d81de158 · 7656ab09 · 7656ab09 · 7656ab09
Commit 7656ab09 authored 2 years ago by Nick Mathewson
--- a/crates/tor-proto/src/channel.rs
+++ b/crates/tor-proto/src/channel.rs
@@ -64,11 +64,12 @@ mod unique_id;

 use crate::channel::reactor::{BoxedChannelSink, BoxedChannelStream, CtrlMsg, Reactor};
 pub use crate::channel::unique_id::UniqId;
-use crate::circuit;
 use crate::circuit::celltypes::CreateResponse;
 use crate::util::ts::OptTimestamp;
+use crate::{circuit, ClockSkew};
 use crate::{Error, Result};
 use std::pin::Pin;
+use std::time::Duration;
 use tor_cell::chancell::{msg, ChanCell, CircId};
 use tor_error::internal;
 use tor_linkspec::{ChanTarget, OwnedChanTarget};
@@ -135,6 +136,11 @@ pub(crate) struct ChannelDetails {
    /// If calling `time_since_update` returns None,
    /// this channel is still in use by at least one circuit.
    unused_since: OptTimestamp,
+    /// The declared clock skew on this channel, at the time when this channel was
+    /// created.
+    clock_skew: ClockSkew,
+    /// The time when this channel was successfully completed
+    opened_at: coarsetime::Instant,
 }

 impl Sink<ChanCell> for Channel {
@@ -239,6 +245,7 @@ impl Channel {
        stream: BoxedChannelStream,
        unique_id: UniqId,
        peer_id: OwnedChanTarget,
+        clock_skew: ClockSkew,
    ) -> (Self, reactor::Reactor) {
        use circmap::{CircIdRange, CircMap};
        let circmap = CircMap::new(CircIdRange::High);
@@ -254,6 +261,8 @@ impl Channel {
            peer_id,
            closed,
            unused_since,
+            clock_skew,
+            opened_at: coarsetime::Instant::now(),
        };
        let details = Arc::new(details);

@@ -298,6 +307,17 @@ impl Channel {
        &self.details.peer_id
    }

+    /// Return the amount of time that has passed since this channel became open.
+    pub fn age(&self) -> Duration {
+        self.details.opened_at.elapsed().into()
+    }
+
+    /// Return a ClockSkew declaring how much clock skew the other side of this channel
+    /// claimed that we had when we negotiated the connection.
+    pub fn clock_skew(&self) -> ClockSkew {
+        self.details.clock_skew
+    }
+
    /// Return an error if this channel is somehow mismatched with the
    /// given target.
    pub fn check_match<T: ChanTarget + ?Sized>(&self, target: &T) -> Result<()> {
@@ -461,6 +481,8 @@ pub(crate) mod test {
            peer_id,
            closed: AtomicBool::new(false),
            unused_since,
+            clock_skew: ClockSkew::None,
+            opened_at: coarsetime::Instant::now(),
        })
    }


--- a/crates/tor-proto/src/channel/handshake.rs
+++ b/crates/tor-proto/src/channel/handshake.rs
@@ -89,6 +89,8 @@ pub struct VerifiedChannel<T: AsyncRead + AsyncWrite + Send + Unpin + 'static> {
    ed25519_id: Ed25519Identity,
    /// Validated RSA identity for this peer.
    rsa_id: RsaIdentity,
+    /// Validated clock skew for this peer.
+    clock_skew: ClockSkew,
 }

 /// Convert a CodecError to an Error, under the context that it occurs while
@@ -269,6 +271,10 @@ impl<T: AsyncRead + AsyncWrite + Send + Unpin + 'static> UnverifiedChannel<T> {
    ///
    /// Note that the skew reported by this function might not be "true": the
    /// relay might have its clock set wrong, or it might be lying to us.
+    ///
+    /// The clock skew reported here is not yet authenticated; if you need to
+    /// make sure that the skew is authenticated, use
+    /// [`Channel::clock_skew`](super::Channel::clock_skew) instead.
    pub fn clock_skew(&self) -> ClockSkew {
        self.clock_skew
    }
@@ -481,6 +487,7 @@ impl<T: AsyncRead + AsyncWrite + Send + Unpin + 'static> UnverifiedChannel<T> {
            target_addr: self.target_addr,
            ed25519_id,
            rsa_id,
+            clock_skew: self.clock_skew,
        })
    }
 }
@@ -526,6 +533,7 @@ impl<T: AsyncRead + AsyncWrite + Send + Unpin + 'static> VerifiedChannel<T> {
            Box::new(tls_stream),
            self.unique_id,
            peer_id,
+            self.clock_skew,
        ))
    }
 }
@@ -980,6 +988,7 @@ pub(super) mod test {
                target_addr: Some(peer_addr),
                ed25519_id,
                rsa_id,
+                clock_skew: ClockSkew::None,
            };

            let (_chan, _reactor) = ver.finish().await.unwrap();

--- a/crates/tor-proto/src/channel/reactor.rs
+++ b/crates/tor-proto/src/channel/reactor.rs
@@ -442,6 +442,7 @@ pub(crate) mod test {
            Box::new(recv2),
            unique_id,
            dummy_target,
+            crate::ClockSkew::None,
        );
        (chan, reactor, recv1, send2)
    }

--- a/doc/semver_status.md
+++ b/doc/semver_status.md
@@ -26,6 +26,10 @@ MODIFIED: Added `reset()` method to RetrySchedule.

 MODIFIED: Added a new variant in tor_circmgr::Error.

+### tor-proto
+
+MODIFIED: New accessors in tor_proto::Channel.
+
 ### tor-rtmock

 MODIFIED: Added add_blackhole to MockNetwork.