commit a702e92c82c627280c4c9f1d2f3b183b01d78226 Author: teor teor@riseup.net Date: Fri May 15 14:59:10 2020 +1000
protover: Add defines for recent protocol versions
Also update the protover/supported_protocols test.
Part of 33226. --- src/core/or/protover.h | 24 +++++++++++- src/core/or/versions.c | 43 +++++++++++++-------- src/test/test_protover.c | 97 ++++++++++++++++++++++++++++++++---------------- 3 files changed, 114 insertions(+), 50 deletions(-)
diff --git a/src/core/or/protover.h b/src/core/or/protover.h index 9509f3e8a..2950147d1 100644 --- a/src/core/or/protover.h +++ b/src/core/or/protover.h @@ -22,12 +22,32 @@ struct smartlist_t; /// `FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS` #define FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS "0.2.9.3-alpha"
-/** The protover version number that signifies HSDir support for HSv3 */ -#define PROTOVER_HSDIR_V3 2 +/** The protover version number that signifies ed25519 link handshake support + */ +#define PROTOVER_LINKAUTH_ED25519_HANDSHAKE 3 + +/** The protover version number that signifies extend2 cell support */ +#define PROTOVER_RELAY_EXTEND2 2 +/** The protover version number where relays can accept IPv6 connections */ +#define PROTOVER_RELAY_ACCEPT_IPV6 2 +/** The protover version number where relays can initiate IPv6 extends */ +#define PROTOVER_RELAY_EXTEND_IPV6 3 +/** The protover version number where relays can consider IPv6 connections + * canonical */ +#define PROTOVER_RELAY_CANONICAL_IPV6 3 + /** The protover version number that signifies HSv3 intro point support */ #define PROTOVER_HS_INTRO_V3 4 +/** The protover version number where intro points support denial of service + * resistance */ +#define PROTOVER_HS_INTRO_DOS 5 + /** The protover version number that signifies HSv3 rendezvous point support */ #define PROTOVER_HS_RENDEZVOUS_POINT_V3 2 + +/** The protover version number that signifies HSDir support for HSv3 */ +#define PROTOVER_HSDIR_V3 2 + /** The protover that signals support for HS circuit setup padding machines */ #define PROTOVER_HS_SETUP_PADDING 2
diff --git a/src/core/or/versions.c b/src/core/or/versions.c index a8dfe7e61..410a009ba 100644 --- a/src/core/or/versions.c +++ b/src/core/or/versions.c @@ -435,34 +435,45 @@ memoize_protover_summary(protover_summary_flags_t *out, memset(out, 0, sizeof(*out)); out->protocols_known = 1;
+ out->supports_ed25519_link_handshake_compat = + protocol_list_supports_protocol(protocols, PRT_LINKAUTH, + PROTOVER_LINKAUTH_ED25519_HANDSHAKE); + out->supports_ed25519_link_handshake_any = + protocol_list_supports_protocol_or_later( + protocols, + PRT_LINKAUTH, + PROTOVER_LINKAUTH_ED25519_HANDSHAKE); + out->supports_extend2_cells = - protocol_list_supports_protocol(protocols, PRT_RELAY, 2); + protocol_list_supports_protocol(protocols, PRT_RELAY, + PROTOVER_RELAY_EXTEND2); out->supports_accepting_ipv6_extends = ( - protocol_list_supports_protocol(protocols, PRT_RELAY, 2) || - protocol_list_supports_protocol(protocols, PRT_RELAY, 3)); + protocol_list_supports_protocol(protocols, PRT_RELAY, + PROTOVER_RELAY_ACCEPT_IPV6) || + protocol_list_supports_protocol(protocols, PRT_RELAY, + PROTOVER_RELAY_EXTEND_IPV6)); out->supports_initiating_ipv6_extends = - protocol_list_supports_protocol(protocols, PRT_RELAY, 3); + protocol_list_supports_protocol(protocols, PRT_RELAY, + PROTOVER_RELAY_EXTEND_IPV6); out->supports_canonical_ipv6_conns = - protocol_list_supports_protocol(protocols, PRT_RELAY, 3); - - out->supports_ed25519_link_handshake_compat = - protocol_list_supports_protocol(protocols, PRT_LINKAUTH, 3); - out->supports_ed25519_link_handshake_any = - protocol_list_supports_protocol_or_later(protocols, PRT_LINKAUTH, 3); + protocol_list_supports_protocol(protocols, PRT_RELAY, + PROTOVER_RELAY_CANONICAL_IPV6);
out->supports_ed25519_hs_intro = - protocol_list_supports_protocol(protocols, PRT_HSINTRO, 4); + protocol_list_supports_protocol(protocols, PRT_HSINTRO, + PROTOVER_HS_INTRO_V3); out->supports_establish_intro_dos_extension = - protocol_list_supports_protocol(protocols, PRT_HSINTRO, 5); - - out->supports_v3_hsdir = - protocol_list_supports_protocol(protocols, PRT_HSDIR, - PROTOVER_HSDIR_V3); + protocol_list_supports_protocol(protocols, PRT_HSINTRO, + PROTOVER_HS_INTRO_DOS);
out->supports_v3_rendezvous_point = protocol_list_supports_protocol(protocols, PRT_HSREND, PROTOVER_HS_RENDEZVOUS_POINT_V3);
+ out->supports_v3_hsdir = + protocol_list_supports_protocol(protocols, PRT_HSDIR, + PROTOVER_HSDIR_V3); + out->supports_hs_setup_padding = protocol_list_supports_protocol(protocols, PRT_PADDING, PROTOVER_HS_SETUP_PADDING); diff --git a/src/test/test_protover.c b/src/test/test_protover.c index c33fbcae2..40b08d2ce 100644 --- a/src/test/test_protover.c +++ b/src/test/test_protover.c @@ -15,6 +15,8 @@
#include "feature/dirauth/dirvote.h"
+#include "feature/relay/relay_handshake.h" + static void test_protover_parse(void *arg) { @@ -409,23 +411,21 @@ test_protover_supports_version(void *arg) * Hard-coded here, because they are not in the code, or not exposed in the * headers. */ #define PROTOVER_LINKAUTH_V1 1 -#define PROTOVER_LINKAUTH_V3 3 - +#define PROTOVER_LINKAUTH_V2 2 #define PROTOVER_RELAY_V1 1 -#define PROTOVER_RELAY_V2 2
+/* Deprecated HSIntro versions */ +#define PROTOVER_HS_INTRO_DEPRECATED_1 1 +#define PROTOVER_HS_INTRO_DEPRECATED_2 2 /* Highest supported HSv2 introduce protocol version. - * Hard-coded here, because it does not appear anywhere in the code. * It's not clear if we actually support version 2, see #25068. */ -#define PROTOVER_HSINTRO_V2 3 +#define PROTOVER_HS_INTRO_V2 3
-/* HSv2 Rend and HSDir protocol versions. - * Hard-coded here, because they do not appear anywhere in the code. */ +/* HSv2 Rend and HSDir protocol versions. */ #define PROTOVER_HS_RENDEZVOUS_POINT_V2 1 #define PROTOVER_HSDIR_V2 1
-/* DirCache, Desc, Microdesc, and Cons protocol versions. - * Hard-coded here, because they do not appear anywhere in the code. */ +/* DirCache, Desc, Microdesc, and Cons protocol versions. */ #define PROTOVER_DIRCACHE_V1 1 #define PROTOVER_DIRCACHE_V2 2
@@ -438,6 +438,10 @@ test_protover_supports_version(void *arg) #define PROTOVER_CONS_V1 1 #define PROTOVER_CONS_V2 2
+#define PROTOVER_PADDING_V1 1 + +#define PROTOVER_FLOWCTRL_V1 1 + /* Make sure we haven't forgotten any supported protocols */ static void test_protover_supported_protocols(void *arg) @@ -452,24 +456,27 @@ test_protover_supported_protocols(void *arg) PRT_LINK, MAX_LINK_PROTO)); for (uint16_t i = 0; i < MAX_PROTOCOLS_TO_TEST; i++) { - if (is_or_protocol_version_known(i)) { - tt_assert(protocol_list_supports_protocol(supported_protocols, + tt_int_op(protocol_list_supports_protocol(supported_protocols, PRT_LINK, - i)); - } + i), + OP_EQ, + is_or_protocol_version_known(i)); }
-#ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS - /* Legacy LinkAuth does not appear anywhere in the code. */ - tt_assert(protocol_list_supports_protocol(supported_protocols, + /* Legacy LinkAuth is only supported on OpenSSL and similar. */ + tt_int_op(protocol_list_supports_protocol(supported_protocols, PRT_LINKAUTH, - PROTOVER_LINKAUTH_V1)); -#endif /* defined(HAVE_WORKING_TOR_TLS_GET_TLSSECRETS) */ - /* Latest LinkAuth is not exposed in the headers. */ - tt_assert(protocol_list_supports_protocol(supported_protocols, - PRT_LINKAUTH, - PROTOVER_LINKAUTH_V3)); - /* Is there any way to test for new LinkAuth? */ + PROTOVER_LINKAUTH_V1), + OP_EQ, + authchallenge_type_is_supported(AUTHTYPE_RSA_SHA256_TLSSECRET)); + /* LinkAuth=2 is unused */ + tt_assert(!protocol_list_supports_protocol(supported_protocols, + PRT_LINKAUTH, + PROTOVER_LINKAUTH_V2)); + tt_assert( + protocol_list_supports_protocol(supported_protocols, + PRT_LINKAUTH, + PROTOVER_LINKAUTH_ED25519_HANDSHAKE));
/* Relay protovers do not appear anywhere in the code. */ tt_assert(protocol_list_supports_protocol(supported_protocols, @@ -477,20 +484,38 @@ test_protover_supported_protocols(void *arg) PROTOVER_RELAY_V1)); tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_RELAY, - PROTOVER_RELAY_V2)); - /* Is there any way to test for new Relay? */ + PROTOVER_RELAY_EXTEND2)); + tt_assert(protocol_list_supports_protocol(supported_protocols, + PRT_RELAY, + PROTOVER_RELAY_ACCEPT_IPV6)); + tt_assert(protocol_list_supports_protocol(supported_protocols, + PRT_RELAY, + PROTOVER_RELAY_EXTEND_IPV6)); + tt_assert(protocol_list_supports_protocol(supported_protocols, + PRT_RELAY, + PROTOVER_RELAY_CANONICAL_IPV6));
+ /* These HSIntro versions are deprecated */ + tt_assert(!protocol_list_supports_protocol(supported_protocols, + PRT_HSINTRO, + PROTOVER_HS_INTRO_DEPRECATED_1)); + tt_assert(!protocol_list_supports_protocol(supported_protocols, + PRT_HSINTRO, + PROTOVER_HS_INTRO_DEPRECATED_2)); /* We could test legacy HSIntro by calling rend_service_update_descriptor(), * and checking the protocols field. But that's unlikely to change, so * we just use a hard-coded value. */ tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_HSINTRO, - PROTOVER_HSINTRO_V2)); + PROTOVER_HS_INTRO_V2)); /* Test for HSv3 HSIntro */ tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_HSINTRO, PROTOVER_HS_INTRO_V3)); - /* Is there any way to test for new HSIntro? */ + /* Test for HSIntro DoS */ + tt_assert(protocol_list_supports_protocol(supported_protocols, + PRT_HSINTRO, + PROTOVER_HS_INTRO_DOS));
/* Legacy HSRend does not appear anywhere in the code. */ tt_assert(protocol_list_supports_protocol(supported_protocols, @@ -500,7 +525,6 @@ test_protover_supported_protocols(void *arg) tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_HSREND, PROTOVER_HS_RENDEZVOUS_POINT_V3)); - /* Is there any way to test for new HSRend? */
/* Legacy HSDir does not appear anywhere in the code. */ tt_assert(protocol_list_supports_protocol(supported_protocols, @@ -510,7 +534,6 @@ test_protover_supported_protocols(void *arg) tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_HSDIR, PROTOVER_HSDIR_V3)); - /* Is there any way to test for new HSDir? */
/* No DirCache versions appear anywhere in the code. */ tt_assert(protocol_list_supports_protocol(supported_protocols, @@ -519,7 +542,6 @@ test_protover_supported_protocols(void *arg) tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_DIRCACHE, PROTOVER_DIRCACHE_V2)); - /* Is there any way to test for new DirCache? */
/* No Desc versions appear anywhere in the code. */ tt_assert(protocol_list_supports_protocol(supported_protocols, @@ -537,7 +559,6 @@ test_protover_supported_protocols(void *arg) tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_MICRODESC, PROTOVER_MICRODESC_V2)); - /* Is there any way to test for new Microdesc? */
/* No Cons versions appear anywhere in the code. */ tt_assert(protocol_list_supports_protocol(supported_protocols, @@ -546,7 +567,19 @@ test_protover_supported_protocols(void *arg) tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_CONS, PROTOVER_CONS_V2)); - /* Is there any way to test for new Cons? */ + + /* Padding=1 is deprecated. */ + tt_assert(!protocol_list_supports_protocol(supported_protocols, + PRT_PADDING, + PROTOVER_PADDING_V1)); + tt_assert(protocol_list_supports_protocol(supported_protocols, + PRT_PADDING, + PROTOVER_HS_SETUP_PADDING)); + + /* FlowCtrl */ + tt_assert(protocol_list_supports_protocol(supported_protocols, + PRT_FLOWCTRL, + PROTOVER_FLOWCTRL_V1));
done: ;