commit ce422a9d4a6f170b35f54545eface216f87c7089 Author: George Kadianakis desnacked@riseup.net Date: Mon Jun 3 16:18:32 2019 +0300

hs-v3: Decrypt pending descriptors when we get new client auth creds. --- src/feature/control/control_hs.c | 6 ++++-- src/feature/hs/hs_cache.c | 4 ++++ src/feature/hs/hs_client.c | 19 +++++++++++++++---- src/feature/hs/hs_client.h | 8 ++++++-- 4 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/src/feature/control/control_hs.c b/src/feature/control/control_hs.c index aa7400c0c..9f9e709c3 100644 --- a/src/feature/control/control_hs.c +++ b/src/feature/control/control_hs.c @@ -140,8 +140,10 @@ handle_control_onion_client_auth_add(control_connection_t *conn, if (BUG(register_status == REGISTER_FAIL_BAD_ADDRESS)) { /* It's a bug because the service addr has already been validated above */ control_printf_endreply(conn, 512, "Invalid v3 address "%s"", hsaddress); - } else if (register_status == REGISTER_FAIL_ALREADY_EXISTS) { - control_printf_endreply(conn, 551, "Client already exists"); + } else if (register_status == REGISTER_SUCCESS_ALREADY_EXISTS) { + control_printf_endreply(conn, 251,"Client for onion existed and replaced"); + } else if (register_status == REGISTER_SUCCESS_ALSO_DECRYPTED) { + control_printf_endreply(conn, 252,"Registered client and decrypted desc"); } else if (register_status == REGISTER_SUCCESS) { control_printf_endreply(conn, 250, "OK"); } else { diff --git a/src/feature/hs/hs_cache.c b/src/feature/hs/hs_cache.c index 49d5ade41..9cbef2fa4 100644 --- a/src/feature/hs/hs_cache.c +++ b/src/feature/hs/hs_cache.c @@ -954,6 +954,10 @@ hs_cache_client_new_auth_parse(const ed25519_public_key_t *service_pk)

tor_assert(service_pk);

+ if (!hs_cache_v3_client) { + return false; + } + cached_desc = lookup_v3_desc_as_client(service_pk->pubkey); if (cached_desc == NULL || cached_desc->desc != NULL) { /* No entry for that service or the descriptor is already decoded. */ diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 9edfd1367..34574e4bd 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -1453,6 +1453,8 @@ hs_client_register_auth_status_t hs_client_register_auth_credentials(hs_client_service_authorization_t *creds) { ed25519_public_key_t service_identity_pk; + hs_client_service_authorization_t *old_creds = NULL; + hs_client_register_auth_status_t retval = REGISTER_SUCCESS;

tor_assert(creds);

@@ -1466,13 +1468,22 @@ hs_client_register_auth_credentials(hs_client_service_authorization_t *creds) return REGISTER_FAIL_BAD_ADDRESS; }

- if (digest256map_get(client_auths, service_identity_pk.pubkey)) { - client_service_authorization_free(creds); - return REGISTER_FAIL_ALREADY_EXISTS; + old_creds = digest256map_get(client_auths, service_identity_pk.pubkey); + if (old_creds) { + digest256map_remove(client_auths, service_identity_pk.pubkey); + client_service_authorization_free(old_creds); + retval = REGISTER_SUCCESS_ALREADY_EXISTS; }

digest256map_set(client_auths, service_identity_pk.pubkey, creds); - return REGISTER_SUCCESS; + + /** Now that we set the new credentials, also try to decrypt any cached + * descriptors. */ + if (hs_cache_client_new_auth_parse(&service_identity_pk)) { + retval = REGISTER_SUCCESS_ALSO_DECRYPTED; + } + + return retval; }

/** Remove client auth credentials for the service <b>hs_address</b>. */ diff --git a/src/feature/hs/hs_client.h b/src/feature/hs/hs_client.h index b0122aa14..a756408e5 100644 --- a/src/feature/hs/hs_client.h +++ b/src/feature/hs/hs_client.h @@ -35,8 +35,12 @@ typedef enum { typedef enum { /* We successfuly registered these credentials */ REGISTER_SUCCESS, - /* We failed to register these credentials, because they already exist. */ - REGISTER_FAIL_ALREADY_EXISTS, + /* We successfully registered these credentials, but had to replace some + * existing ones. */ + REGISTER_SUCCESS_ALREADY_EXISTS, + /* We successfuly registered these credentials, and also decrypted a cached + * descriptor. */ + REGISTER_SUCCESS_ALSO_DECRYPTED, /* We failed to register these credentials, because of a bad HS address. */ REGISTER_FAIL_BAD_ADDRESS, } hs_client_register_auth_status_t;