[tor-commits] [tor/master] hs-v3: Decrypt pending descriptors when we get new client auth creds.
dgoulet at torproject.org
dgoulet at torproject.org
Tue Nov 19 14:32:30 UTC 2019
commit ce422a9d4a6f170b35f54545eface216f87c7089
Author: George Kadianakis <desnacked at riseup.net>
Date: Mon Jun 3 16:18:32 2019 +0300
hs-v3: Decrypt pending descriptors when we get new client auth creds.
---
src/feature/control/control_hs.c | 6 ++++--
src/feature/hs/hs_cache.c | 4 ++++
src/feature/hs/hs_client.c | 19 +++++++++++++++----
src/feature/hs/hs_client.h | 8 ++++++--
4 files changed, 29 insertions(+), 8 deletions(-)
diff --git a/src/feature/control/control_hs.c b/src/feature/control/control_hs.c
index aa7400c0c..9f9e709c3 100644
--- a/src/feature/control/control_hs.c
+++ b/src/feature/control/control_hs.c
@@ -140,8 +140,10 @@ handle_control_onion_client_auth_add(control_connection_t *conn,
if (BUG(register_status == REGISTER_FAIL_BAD_ADDRESS)) {
/* It's a bug because the service addr has already been validated above */
control_printf_endreply(conn, 512, "Invalid v3 address \"%s\"", hsaddress);
- } else if (register_status == REGISTER_FAIL_ALREADY_EXISTS) {
- control_printf_endreply(conn, 551, "Client already exists");
+ } else if (register_status == REGISTER_SUCCESS_ALREADY_EXISTS) {
+ control_printf_endreply(conn, 251,"Client for onion existed and replaced");
+ } else if (register_status == REGISTER_SUCCESS_ALSO_DECRYPTED) {
+ control_printf_endreply(conn, 252,"Registered client and decrypted desc");
} else if (register_status == REGISTER_SUCCESS) {
control_printf_endreply(conn, 250, "OK");
} else {
diff --git a/src/feature/hs/hs_cache.c b/src/feature/hs/hs_cache.c
index 49d5ade41..9cbef2fa4 100644
--- a/src/feature/hs/hs_cache.c
+++ b/src/feature/hs/hs_cache.c
@@ -954,6 +954,10 @@ hs_cache_client_new_auth_parse(const ed25519_public_key_t *service_pk)
tor_assert(service_pk);
+ if (!hs_cache_v3_client) {
+ return false;
+ }
+
cached_desc = lookup_v3_desc_as_client(service_pk->pubkey);
if (cached_desc == NULL || cached_desc->desc != NULL) {
/* No entry for that service or the descriptor is already decoded. */
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 9edfd1367..34574e4bd 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -1453,6 +1453,8 @@ hs_client_register_auth_status_t
hs_client_register_auth_credentials(hs_client_service_authorization_t *creds)
{
ed25519_public_key_t service_identity_pk;
+ hs_client_service_authorization_t *old_creds = NULL;
+ hs_client_register_auth_status_t retval = REGISTER_SUCCESS;
tor_assert(creds);
@@ -1466,13 +1468,22 @@ hs_client_register_auth_credentials(hs_client_service_authorization_t *creds)
return REGISTER_FAIL_BAD_ADDRESS;
}
- if (digest256map_get(client_auths, service_identity_pk.pubkey)) {
- client_service_authorization_free(creds);
- return REGISTER_FAIL_ALREADY_EXISTS;
+ old_creds = digest256map_get(client_auths, service_identity_pk.pubkey);
+ if (old_creds) {
+ digest256map_remove(client_auths, service_identity_pk.pubkey);
+ client_service_authorization_free(old_creds);
+ retval = REGISTER_SUCCESS_ALREADY_EXISTS;
}
digest256map_set(client_auths, service_identity_pk.pubkey, creds);
- return REGISTER_SUCCESS;
+
+ /** Now that we set the new credentials, also try to decrypt any cached
+ * descriptors. */
+ if (hs_cache_client_new_auth_parse(&service_identity_pk)) {
+ retval = REGISTER_SUCCESS_ALSO_DECRYPTED;
+ }
+
+ return retval;
}
/** Remove client auth credentials for the service <b>hs_address</b>. */
diff --git a/src/feature/hs/hs_client.h b/src/feature/hs/hs_client.h
index b0122aa14..a756408e5 100644
--- a/src/feature/hs/hs_client.h
+++ b/src/feature/hs/hs_client.h
@@ -35,8 +35,12 @@ typedef enum {
typedef enum {
/* We successfuly registered these credentials */
REGISTER_SUCCESS,
- /* We failed to register these credentials, because they already exist. */
- REGISTER_FAIL_ALREADY_EXISTS,
+ /* We successfully registered these credentials, but had to replace some
+ * existing ones. */
+ REGISTER_SUCCESS_ALREADY_EXISTS,
+ /* We successfuly registered these credentials, and also decrypted a cached
+ * descriptor. */
+ REGISTER_SUCCESS_ALSO_DECRYPTED,
/* We failed to register these credentials, because of a bad HS address. */
REGISTER_FAIL_BAD_ADDRESS,
} hs_client_register_auth_status_t;
More information about the tor-commits
mailing list