hs-v3: Rename client_sk to client_auth_sk

Signed-off-by: David Goulet <dgoulet@torproject.org>

hs-v3: Rename client_sk to client_auth_sk
Signed-off-by: David Goulet <dgoulet@torproject.org>
9f975e99 · haxxpop · David Goulet · b61403c7 · 9f975e99 · 9f975e99
Commit 9f975e99 authored May 22, 2018 by haxxpop Committed by David Goulet Sep 07, 2018
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -1233,7 +1233,7 @@ hs_client_decode_descriptor(const char *desc_str,
  uint8_t subcredential[DIGEST256_LEN];
  ed25519_public_key_t blinded_pubkey;
  hs_client_service_authorization_t *client_auth = NULL;
-  curve25519_secret_key_t *client_sk = NULL;
+  curve25519_secret_key_t *client_auht_sk = NULL;

  tor_assert(desc_str);
  tor_assert(service_identity_pk);
@@ -1242,7 +1242,7 @@ hs_client_decode_descriptor(const char *desc_str,
  /* Check if we have a client authorization for this service in the map. */
  client_auth = find_client_auth(service_identity_pk);
  if (client_auth) {
-    client_sk = &client_auth->enc_seckey;
+    client_auht_sk = &client_auth->enc_seckey;
  }

  /* Create subcredential for this HS so that we can decrypt */
@@ -1254,7 +1254,8 @@ hs_client_decode_descriptor(const char *desc_str,
  }

  /* Parse descriptor */
-  ret = hs_desc_decode_descriptor(desc_str, subcredential, client_sk, desc);
+  ret = hs_desc_decode_descriptor(desc_str, subcredential,
+                                  client_auht_sk, desc);
  memwipe(subcredential, 0, sizeof(subcredential));
  if (ret < 0) {
    log_warn(LD_GENERAL, "Could not parse received descriptor as client.");

--- a/src/feature/hs/hs_descriptor.c
+++ b/src/feature/hs/hs_descriptor.c
@@ -1408,7 +1408,7 @@ encrypted_data_length_is_valid(size_t len)
 static int
 decrypt_descriptor_cookie(const hs_descriptor_t *desc,
                          const hs_desc_authorized_client_t *client,
-                          const curve25519_secret_key_t *client_sk,
+                          const curve25519_secret_key_t *client_auth_sk,
                          uint8_t **descriptor_cookie_out)
 {
  int ret = -1;
@@ -1421,15 +1421,15 @@ decrypt_descriptor_cookie(const hs_descriptor_t *desc,

  tor_assert(desc);
  tor_assert(client);
-  tor_assert(client_sk);
+  tor_assert(client_auth_sk);
  tor_assert(!tor_mem_is_zero(
        (char *) &desc->superencrypted_data.auth_ephemeral_pubkey,
        sizeof(desc->superencrypted_data.auth_ephemeral_pubkey)));
-  tor_assert(!tor_mem_is_zero((char *) client_sk,
-                              sizeof(*client_sk)));
+  tor_assert(!tor_mem_is_zero((char *) client_auth_sk,
+                              sizeof(*client_auth_sk)));

  /* Calculate x25519(client_x, hs_Y) */
-  curve25519_handshake(secret_seed, client_sk,
+  curve25519_handshake(secret_seed, client_auth_sk,
                       &desc->superencrypted_data.auth_ephemeral_pubkey);

  /* Calculate KEYS = KDF(SECRET_SEED, 40) */
@@ -1440,7 +1440,7 @@ decrypt_descriptor_cookie(const hs_descriptor_t *desc,

  /* If the client id of auth client is not the same as the calculcated
   * client id, it means that this auth client is invaild according to the
-   * client secret key client_sk. */
+   * client secret key client_auth_sk. */
  if (tor_memneq(client->client_id, keystream, HS_DESC_CLIENT_ID_LEN)) {
    goto done;
  }
@@ -1630,7 +1630,7 @@ desc_decrypt_superencrypted(const hs_descriptor_t *desc, char **decrypted_out)
 * decrypted_out is set to NULL. */
 static size_t
 desc_decrypt_encrypted(const hs_descriptor_t *desc,
-                       const curve25519_secret_key_t *client_sk,
+                       const curve25519_secret_key_t *client_auth_sk,
                       char **decrypted_out)
 {
  size_t encrypted_len = 0;
@@ -1643,12 +1643,12 @@ desc_decrypt_encrypted(const hs_descriptor_t *desc,

  /* If the client secret key is provided, try to find a valid descriptor
   * cookie. Otherwise, leave it NULL. */
-  if (client_sk) {
+  if (client_auth_sk) {
    SMARTLIST_FOREACH_BEGIN(desc->superencrypted_data.clients,
                            hs_desc_authorized_client_t *, client) {
      /* If we can decrypt the descriptor cookie successfully, we will use that
       * descriptor cookie and break from the loop. */
-      if (!decrypt_descriptor_cookie(desc, client, client_sk,
+      if (!decrypt_descriptor_cookie(desc, client, client_auth_sk,
                                     &descriptor_cookie)) {
        break;
      }
@@ -2253,7 +2253,7 @@ desc_decode_superencrypted_v3(const hs_descriptor_t *desc,
 * success else -1. */
 static int
 desc_decode_encrypted_v3(const hs_descriptor_t *desc,
-                         const curve25519_secret_key_t *client_sk,
+                         const curve25519_secret_key_t *client_auth_sk,
                         hs_desc_encrypted_data_t *desc_encrypted_out)
 {
  int ret = -1;
@@ -2268,7 +2268,7 @@ desc_decode_encrypted_v3(const hs_descriptor_t *desc,

  /* Decrypt the encrypted data that is located in the superencrypted section
   * in the descriptor as a blob of bytes. */
-  message_len = desc_decrypt_encrypted(desc, client_sk, &message);
+  message_len = desc_decrypt_encrypted(desc, client_auth_sk, &message);
  if (!message_len) {
    log_warn(LD_REND, "Service descriptor decryption failed.");
    goto err;
@@ -2353,7 +2353,7 @@ desc_decode_encrypted_v3(const hs_descriptor_t *desc,
 static int
  (*decode_encrypted_handlers[])(
      const hs_descriptor_t *desc,
-      const curve25519_secret_key_t *client_sk,
+      const curve25519_secret_key_t *client_auth_sk,
      hs_desc_encrypted_data_t *desc_encrypted) =
 {
  /* v0 */ NULL, /* v1 */ NULL, /* v2 */ NULL,
@@ -2365,7 +2365,7 @@ static int
 * negative value on error. */
 int
 hs_desc_decode_encrypted(const hs_descriptor_t *desc,
-                         const curve25519_secret_key_t *client_sk,
+                         const curve25519_secret_key_t *client_auth_sk,
                         hs_desc_encrypted_data_t *desc_encrypted)
 {
  int ret;
@@ -2391,7 +2391,8 @@ hs_desc_decode_encrypted(const hs_descriptor_t *desc,
  tor_assert(decode_encrypted_handlers[version]);

  /* Run the version specific plaintext decoder. */
-  ret = decode_encrypted_handlers[version](desc, client_sk, desc_encrypted);
+  ret = decode_encrypted_handlers[version](desc, client_auth_sk,
+                                           desc_encrypted);
  if (ret < 0) {
    goto err;
  }
@@ -2547,7 +2548,7 @@ hs_desc_decode_plaintext(const char *encoded,
 int
 hs_desc_decode_descriptor(const char *encoded,
                          const uint8_t *subcredential,
-                          const curve25519_secret_key_t *client_sk,
+                          const curve25519_secret_key_t *client_auth_sk,
                          hs_descriptor_t **desc_out)
 {
  int ret = -1;
@@ -2575,7 +2576,7 @@ hs_desc_decode_descriptor(const char *encoded,
    goto err;
  }

-  ret = hs_desc_decode_encrypted(desc, client_sk, &desc->encrypted_data);
+  ret = hs_desc_decode_encrypted(desc, client_auth_sk, &desc->encrypted_data);
  if (ret < 0) {
    goto err;
  }

--- a/src/feature/hs/hs_descriptor.h
+++ b/src/feature/hs/hs_descriptor.h
@@ -277,14 +277,14 @@ MOCK_DECL(int,

 int hs_desc_decode_descriptor(const char *encoded,
                              const uint8_t *subcredential,
-                              const curve25519_secret_key_t *client_sk,
+                              const curve25519_secret_key_t *client_auth_sk,
                              hs_descriptor_t **desc_out);
 int hs_desc_decode_plaintext(const char *encoded,
                             hs_desc_plaintext_data_t *plaintext);
 int hs_desc_decode_superencrypted(const hs_descriptor_t *desc,
                                 hs_desc_superencrypted_data_t *desc_out);
 int hs_desc_decode_encrypted(const hs_descriptor_t *desc,
-                             const curve25519_secret_key_t *client_sk,
+                             const curve25519_secret_key_t *client_auth_sk,
                             hs_desc_encrypted_data_t *desc_out);

 size_t hs_desc_obj_size(const hs_descriptor_t *data);

--- a/src/test/test_hs_descriptor.c
+++ b/src/test/test_hs_descriptor.c
@@ -867,7 +867,7 @@ test_build_authorized_client(void *arg)
  hs_desc_authorized_client_t *desc_client = NULL;
  uint8_t descriptor_cookie[HS_DESC_DESCRIPTOR_COOKIE_LEN];
  curve25519_secret_key_t auth_ephemeral_sk;
-  curve25519_secret_key_t client_sk;
+  curve25519_secret_key_t client_auth_sk;
  curve25519_public_key_t client_pk;
  const char ephemeral_sk_b16[] =
    "d023b674d993a5c8446bd2ca97e9961149b3c0e88c7dc14e8777744dd3468d6a";
@@ -882,9 +882,9 @@ test_build_authorized_client(void *arg)
  ret = curve25519_secret_key_generate(&auth_ephemeral_sk, 0);
  tt_int_op(ret, OP_EQ, 0);

-  ret = curve25519_secret_key_generate(&client_sk, 0);
+  ret = curve25519_secret_key_generate(&client_auth_sk, 0);
  tt_int_op(ret, OP_EQ, 0);
-  curve25519_public_key_generate(&client_pk, &client_sk);
+  curve25519_public_key_generate(&client_pk, &client_auth_sk);

  desc_client = tor_malloc_zero(sizeof(hs_desc_authorized_client_t));