Skip to content

Stop requiring the caller to supply `AuthClient`s.

gabi-250 requested to merge gabi-250/arti:hsdesc-encoder-client-auth into main
  • Add an encode-decode test for descriptors with client auth.

    This adds a test for an encode -> decode -> encode flow for a hidden service descriptor with client authorization enabled.

  • Use constants instead of magic numbers.

  • Stop requiring the caller to supply AuthClients.

    AuthClients were originally meant to represent parsed auth-client lines. In !1070 (merged), this struct was repurposed for representing individual authorized clients in the HS descriptor encoder. However, hidden services will likely use a list of public keys to represent the authorized clients rather than a list of AuthClients, as the information from an AuthClient (client_id, iv, encrypted_cookie) likely won't be immediately available to the hidden service.

    This change updates the HS descriptor encoder to represent authorized clients as a list of curve25519::PublicKeys. As such, it is now the responsibility of the encoder to create the client_id, iv, and encrypted_cookie using the available keys, the unencrypted descriptor cookie, and HS subcredential.

Merge request reports

Loading