1
#![cfg_attr(docsrs, feature(doc_cfg))]
2
#![doc = include_str!("../README.md")]
3
// @@ begin lint list maintained by maint/add_warning @@
4
#![allow(renamed_and_removed_lints)] // @@REMOVE_WHEN(ci_arti_stable)
5
#![allow(unknown_lints)] // @@REMOVE_WHEN(ci_arti_nightly)
6
#![warn(missing_docs)]
7
#![warn(noop_method_call)]
8
#![warn(unreachable_pub)]
9
#![warn(clippy::all)]
10
#![deny(clippy::await_holding_lock)]
11
#![deny(clippy::cargo_common_metadata)]
12
#![deny(clippy::cast_lossless)]
13
#![deny(clippy::checked_conversions)]
14
#![warn(clippy::cognitive_complexity)]
15
#![deny(clippy::debug_assert_with_mut_call)]
16
#![deny(clippy::exhaustive_enums)]
17
#![deny(clippy::exhaustive_structs)]
18
#![deny(clippy::expl_impl_clone_on_copy)]
19
#![deny(clippy::fallible_impl_from)]
20
#![deny(clippy::implicit_clone)]
21
#![deny(clippy::large_stack_arrays)]
22
#![warn(clippy::manual_ok_or)]
23
#![deny(clippy::missing_docs_in_private_items)]
24
#![warn(clippy::needless_borrow)]
25
#![warn(clippy::needless_pass_by_value)]
26
#![warn(clippy::option_option)]
27
#![deny(clippy::print_stderr)]
28
#![deny(clippy::print_stdout)]
29
#![warn(clippy::rc_buffer)]
30
#![deny(clippy::ref_option_ref)]
31
#![warn(clippy::semicolon_if_nothing_returned)]
32
#![warn(clippy::trait_duplication_in_bounds)]
33
#![deny(clippy::unchecked_time_subtraction)]
34
#![deny(clippy::unnecessary_wraps)]
35
#![warn(clippy::unseparated_literal_suffix)]
36
#![deny(clippy::unwrap_used)]
37
#![deny(clippy::mod_module_files)]
38
#![allow(clippy::let_unit_value)] // This can reasonably be done for explicitness
39
#![allow(clippy::uninlined_format_args)]
40
#![allow(clippy::significant_drop_in_scrutinee)] // arti/-/merge_requests/588/#note_2812945
41
#![allow(clippy::result_large_err)] // temporary workaround for arti#587
42
#![allow(clippy::needless_raw_string_hashes)] // complained-about code is fine, often best
43
#![allow(clippy::needless_lifetimes)] // See arti#1765
44
#![allow(mismatched_lifetime_syntaxes)] // temporary workaround for arti#2060
45
#![allow(clippy::collapsible_if)] // See arti#2342
46
#![deny(clippy::unused_async)]
47
#![deny(clippy::string_slice)] // See arti#2571
48
//! <!-- @@ end lint list maintained by maint/add_warning @@ -->
49

            
50
#![allow(non_upper_case_globals)]
51
#![allow(clippy::upper_case_acronyms)]
52

            
53
use std::sync::Arc;
54

            
55
use caret::caret_int;
56

            
57
use thiserror::Error;
58
use tor_basic_utils::intern::InternCache;
59

            
60
pub mod named;
61

            
62
caret_int! {
63
    /// A recognized subprotocol.
64
    ///
65
    /// These names are kept in sync with the names used in consensus
66
    /// documents; the values are kept in sync with the values in the
67
    /// cbor document format in the walking onions proposal.
68
    ///
69
    /// For the full semantics of each subprotocol, see tor-spec.txt.
70
    #[derive(Hash,Ord,PartialOrd)]
71
    pub struct ProtoKind(u8) {
72
        /// Initiating and receiving channels, and getting cells on them.
73
        Link = 0,
74
        /// Different kinds of authenticate cells
75
        LinkAuth = 1,
76
        /// CREATE cells, CREATED cells, and the encryption that they
77
        /// create.
78
        Relay = 2,
79
        /// Serving and fetching network directory documents.
80
        DirCache = 3,
81
        /// Serving onion service descriptors
82
        HSDir = 4,
83
        /// Providing an onion service introduction point
84
        HSIntro = 5,
85
        /// Providing an onion service rendezvous point
86
        HSRend = 6,
87
        /// Describing a relay's functionality using router descriptors.
88
        Desc = 7,
89
        /// Describing a relay's functionality using microdescriptors.
90
        Microdesc = 8,
91
        /// Describing the network as a consensus directory document.
92
        Cons = 9,
93
        /// Sending and accepting circuit-level padding
94
        Padding = 10,
95
        /// Improved means of flow control on circuits.
96
        FlowCtrl = 11,
97
        /// Multi-path circuit support.
98
        Conflux = 12,
99
    }
100
}
101

            
102
/// How many recognized protocols are there?
103
const N_RECOGNIZED: usize = 13;
104

            
105
/// Maximum allowable value for a protocol's version field.
106
const MAX_VER: usize = 63;
107

            
108
/// A specific, named subversion of a protocol.
109
#[derive(Eq, PartialEq, Copy, Clone, Debug)]
110
pub struct NamedSubver {
111
    /// The protocol in question
112
    ///
113
    /// Must be in-range for ProtoKind (0..N_RECOGNIZED).
114
    kind: ProtoKind,
115
    /// The version of the protocol
116
    ///
117
    /// Must be in 1..=MAX_VER
118
    version: u8,
119
}
120

            
121
impl NamedSubver {
122
    /// Create a new NamedSubver.
123
    ///
124
    /// # Panics
125
    ///
126
    /// Panics if `kind` is unrecognized or `version` is invalid.
127
    const fn new(kind: ProtoKind, version: u8) -> Self {
128
        assert!((kind.0 as usize) < N_RECOGNIZED);
129
        assert!((version as usize) <= MAX_VER);
130
        Self { kind, version }
131
    }
132
}
133

            
134
/// A subprotocol capability as represented by a (kind, version) tuple.
135
///
136
/// Does not necessarily represent a real subprotocol capability;
137
/// this type is meant for use in other pieces of the protocol.
138
///
139
/// # Ordering
140
///
141
/// Instances of `NumberedSubver` are sorted in lexicographic order by
142
/// their (kind, version) tuples.
143
//
144
// TODO: As with most other types in the crate, we should decide how to rename them as as part
145
// of #1934.
146
#[derive(Clone, Copy, Debug, Ord, PartialOrd, Eq, PartialEq)]
147
pub struct NumberedSubver {
148
    /// The protocol in question
149
    kind: ProtoKind,
150
    /// The version of the protocol
151
    version: u8,
152
}
153

            
154
impl NumberedSubver {
155
    /// Construct a new [`NumberedSubver`]
156
460
    pub fn new(kind: impl Into<ProtoKind>, version: u8) -> Self {
157
460
        Self {
158
460
            kind: kind.into(),
159
460
            version,
160
460
        }
161
460
    }
162
    /// Return the ProtoKind and version for this [`NumberedSubver`].
163
    pub fn into_parts(self) -> (ProtoKind, u8) {
164
        (self.kind, self.version)
165
    }
166
}
167
impl From<NamedSubver> for NumberedSubver {
168
512
    fn from(value: NamedSubver) -> Self {
169
512
        Self {
170
512
            kind: value.kind,
171
512
            version: value.version,
172
512
        }
173
512
    }
174
}
175

            
176
#[cfg(feature = "tor-bytes")]
177
impl tor_bytes::Readable for NumberedSubver {
178
512
    fn take_from(b: &mut tor_bytes::Reader<'_>) -> tor_bytes::Result<Self> {
179
512
        let kind = b.take_u8()?;
180
512
        let version = b.take_u8()?;
181
448
        Ok(Self::new(kind, version))
182
512
    }
183
}
184

            
185
#[cfg(feature = "tor-bytes")]
186
impl tor_bytes::Writeable for NumberedSubver {
187
4
    fn write_onto<B: tor_bytes::Writer + ?Sized>(&self, b: &mut B) -> tor_bytes::EncodeResult<()> {
188
4
        b.write_u8(self.kind.into());
189
4
        b.write_u8(self.version);
190
4
        Ok(())
191
4
    }
192
}
193

            
194
/// Representation for a known or unknown protocol.
195
#[derive(Eq, PartialEq, Clone, Debug, Hash, Ord, PartialOrd)]
196
enum Protocol {
197
    /// A known protocol; represented by one of ProtoKind.
198
    ///
199
    /// ProtoKind must always be in the range 0..N_RECOGNIZED.
200
    Proto(ProtoKind),
201
    /// An unknown protocol; represented by its name.
202
    Unrecognized(String),
203
}
204

            
205
impl Protocol {
206
    /// Return true iff `s` is the name of a protocol we do not recognize.
207
678
    fn is_unrecognized(&self, s: &str) -> bool {
208
678
        match self {
209
678
            Protocol::Unrecognized(s2) => s2 == s,
210
            _ => false,
211
        }
212
678
    }
213
    /// Return a string representation of this protocol.
214
1220
    fn to_str(&self) -> &str {
215
1220
        match self {
216
            Protocol::Proto(k) => k.to_str().unwrap_or("<bug>"),
217
1220
            Protocol::Unrecognized(s) => s,
218
        }
219
1220
    }
220
}
221

            
222
/// Representation of a set of versions supported by a protocol.
223
///
224
/// For now, we only use this type for unrecognized protocols.
225
#[derive(Debug, Clone, PartialEq, Eq, Hash, Ord, PartialOrd)]
226
struct SubprotocolEntry {
227
    /// Which protocol's versions does this describe?
228
    proto: Protocol,
229
    /// A bit-vector defining which versions are supported.  If bit
230
    /// `(1<<i)` is set, then protocol version `i` is supported.
231
    supported: u64,
232
}
233

            
234
/// A set of supported or required subprotocol versions.
235
///
236
/// This type supports both recognized subprotocols (listed in ProtoKind),
237
/// and unrecognized subprotocols (stored by name).
238
///
239
/// To construct an instance, use the FromStr trait:
240
/// ```
241
/// use tor_protover::Protocols;
242
/// let p: Result<Protocols,_> = "Link=1-3 LinkAuth=2-3 Relay=1-2".parse();
243
/// ```
244
///
245
/// # Implementation notes
246
///
247
/// Because the number of distinct `Protocols` sets at any given time
248
/// is much smaller than the number of relays, this type is interned in order to
249
/// save memory and copying time.
250
///
251
/// This type is an Arc internally; it is cheap to clone.
252
#[derive(Debug, Clone, Default, Eq, PartialEq, Hash)]
253
#[cfg_attr(
254
    feature = "serde",
255
    derive(serde_with::DeserializeFromStr, serde_with::SerializeDisplay)
256
)]
257
pub struct Protocols(Arc<ProtocolsInner>);
258

            
259
/// Inner representation of Protocols.
260
///
261
/// We make this a separate type so that we can intern it inside an Arc.
262
#[derive(Default, Clone, Debug, Eq, PartialEq, Hash)]
263
struct ProtocolsInner {
264
    /// A mapping from protocols' integer encodings to bit-vectors.
265
    recognized: [u64; N_RECOGNIZED],
266
    /// A vector of unrecognized protocol versions,
267
    /// in sorted order.
268
    ///
269
    /// Every entry in this list has supported != 0.
270
    unrecognized: Vec<SubprotocolEntry>,
271
}
272

            
273
/// An InternCache of ProtocolsInner.
274
///
275
/// We intern ProtocolsInner objects because:
276
///  - There are very few _distinct_ values in any given set of relays.
277
///  - Every relay has one.
278
///  - We often want to copy them when we're remembering information about circuits.
279
static PROTOCOLS: InternCache<ProtocolsInner> = InternCache::new();
280

            
281
impl From<ProtocolsInner> for Protocols {
282
633488
    fn from(value: ProtocolsInner) -> Self {
283
        // TODO: Use Intern more natively.
284
633488
        Protocols(PROTOCOLS.intern(value).into())
285
633488
    }
286
}
287

            
288
impl Protocols {
289
    /// Return a new empty set of protocol versions.
290
    ///
291
    /// # Warning
292
    ///
293
    /// To the extend possible, avoid using empty lists to represent the capabilities
294
    /// of an unknown target.  Instead, if there is a consensus present, use the
295
    /// `required-relay-protocols` field of the consensus.
296
384
    pub fn new() -> Self {
297
384
        Protocols::default()
298
384
    }
299

            
300
    /// Helper: return true iff this protocol set contains the
301
    /// version `ver` of the protocol represented by the integer `proto`.
302
1562832
    fn supports_recognized_ver(&self, proto: usize, ver: u8) -> bool {
303
1562832
        if usize::from(ver) > MAX_VER {
304
2
            return false;
305
1562830
        }
306
1562830
        if proto >= self.0.recognized.len() {
307
            return false;
308
1562830
        }
309
1562830
        (self.0.recognized[proto] & (1 << ver)) != 0
310
1562832
    }
311
    /// Helper: return true iff this protocol set contains version
312
    /// `ver` of the unrecognized protocol represented by the string
313
    /// `proto`.
314
    ///
315
    /// Requires that `proto` is not the name of a recognized protocol.
316
10
    fn supports_unrecognized_ver(&self, proto: &str, ver: u8) -> bool {
317
10
        if usize::from(ver) > MAX_VER {
318
2
            return false;
319
8
        }
320
8
        let ent = self
321
8
            .0
322
8
            .unrecognized
323
8
            .iter()
324
12
            .find(|ent| ent.proto.is_unrecognized(proto));
325
8
        match ent {
326
4
            Some(e) => (e.supported & (1 << ver)) != 0,
327
4
            None => false,
328
        }
329
10
    }
330

            
331
    /// Return true if this list of protocols is empty.
332
960
    pub fn is_empty(&self) -> bool {
333
10127
        self.0.recognized.iter().all(|v| *v == 0)
334
640
            && self.0.unrecognized.iter().all(|p| p.supported == 0)
335
960
    }
336

            
337
    // TODO: Combine these next two functions into one by using a trait.
338
    /// Check whether a known protocol version is supported.
339
    ///
340
    /// ```
341
    /// use tor_protover::*;
342
    /// let protos: Protocols = "Link=1-3 HSDir=2,4-5".parse().unwrap();
343
    ///
344
    /// assert!(protos.supports_known_subver(ProtoKind::Link, 2));
345
    /// assert!(protos.supports_known_subver(ProtoKind::HSDir, 4));
346
    /// assert!(! protos.supports_known_subver(ProtoKind::HSDir, 3));
347
    /// assert!(! protos.supports_known_subver(ProtoKind::LinkAuth, 3));
348
    /// ```
349
1562700
    pub fn supports_known_subver(&self, proto: ProtoKind, ver: u8) -> bool {
350
1562700
        self.supports_recognized_ver(proto.get() as usize, ver)
351
1562700
    }
352
    /// Check whether a protocol version identified by a string is supported.
353
    ///
354
    /// ```
355
    /// use tor_protover::*;
356
    /// let protos: Protocols = "Link=1-3 Foobar=7".parse().unwrap();
357
    ///
358
    /// assert!(protos.supports_subver("Link", 2));
359
    /// assert!(protos.supports_subver("Foobar", 7));
360
    /// assert!(! protos.supports_subver("Link", 5));
361
    /// assert!(! protos.supports_subver("Foobar", 6));
362
    /// assert!(! protos.supports_subver("Wombat", 3));
363
    /// ```
364
142
    pub fn supports_subver(&self, proto: &str, ver: u8) -> bool {
365
142
        match ProtoKind::from_name(proto) {
366
132
            Some(p) => self.supports_recognized_ver(p.get() as usize, ver),
367
10
            None => self.supports_unrecognized_ver(proto, ver),
368
        }
369
142
    }
370

            
371
    /// Check whether a protocol version is supported.
372
    ///
373
    /// ```
374
    /// use tor_protover::*;
375
    /// let protos: Protocols = "Link=1-5 Desc=2-4".parse().unwrap();
376
    /// assert!(protos.supports_named_subver(named::DESC_FAMILY_IDS)); // Desc=4
377
    /// assert!(! protos.supports_named_subver(named::CONFLUX_BASE)); // Conflux=1
378
    /// ```
379
1562112
    pub fn supports_named_subver(&self, protover: NamedSubver) -> bool {
380
1562112
        self.supports_known_subver(protover.kind, protover.version)
381
1562112
    }
382

            
383
    /// Check whether a numbered subprotocol capability is supported.
384
    ///
385
    /// ```
386
    /// use tor_protover::*;
387
    /// let protos: Protocols = "Link=1-5 Desc=2-4".parse().unwrap();
388
    /// assert!(protos.supports_numbered_subver(NumberedSubver::new(ProtoKind::Desc, 4)));
389
    /// assert!(! protos.supports_numbered_subver(NumberedSubver::new(ProtoKind::Conflux, 1)));
390
    /// ```
391
576
    pub fn supports_numbered_subver(&self, protover: NumberedSubver) -> bool {
392
576
        self.supports_known_subver(protover.kind, protover.version)
393
576
    }
394

            
395
    /// Return a Protocols holding every protocol flag that is present in `self`
396
    /// but not `other`.
397
    ///
398
    /// ```
399
    /// use tor_protover::*;
400
    /// let protos: Protocols = "Desc=2-4 Microdesc=1-5".parse().unwrap();
401
    /// let protos2: Protocols = "Desc=3 Microdesc=3".parse().unwrap();
402
    /// assert_eq!(protos.difference(&protos2),
403
    ///            "Desc=2,4 Microdesc=1-2,4-5".parse().unwrap());
404
    /// ```
405
1036
    pub fn difference(&self, other: &Protocols) -> Protocols {
406
1036
        let mut r = ProtocolsInner::default();
407

            
408
13468
        for i in 0..N_RECOGNIZED {
409
13468
            r.recognized[i] = self.0.recognized[i] & !other.0.recognized[i];
410
13468
        }
411
        // This is not super efficient, but we don't have to do it often.
412
1040
        for ent in self.0.unrecognized.iter() {
413
80
            let mut ent = ent.clone();
414
87
            if let Some(other_ent) = other.0.unrecognized.iter().find(|e| e.proto == ent.proto) {
415
4
                ent.supported &= !other_ent.supported;
416
76
            }
417
80
            if ent.supported != 0 {
418
78
                r.unrecognized.push(ent);
419
78
            }
420
        }
421
1036
        Protocols::from(r)
422
1036
    }
423

            
424
    /// Return a Protocols holding every protocol flag that is present in `self`
425
    /// or `other` or both.
426
    ///
427
    /// ```
428
    /// use tor_protover::*;
429
    /// let protos: Protocols = "Desc=2-4 Microdesc=1-5".parse().unwrap();
430
    /// let protos2: Protocols = "Desc=3 Microdesc=10".parse().unwrap();
431
    /// assert_eq!(protos.union(&protos2),
432
    ///            "Desc=2-4 Microdesc=1-5,10".parse().unwrap());
433
    /// ```
434
332
    pub fn union(&self, other: &Protocols) -> Protocols {
435
332
        let mut r = (*self.0).clone();
436
4316
        for i in 0..N_RECOGNIZED {
437
4316
            r.recognized[i] |= other.0.recognized[i];
438
4316
        }
439
336
        for ent in other.0.unrecognized.iter() {
440
26
            if let Some(my_ent) = r.unrecognized.iter_mut().find(|e| e.proto == ent.proto) {
441
4
                my_ent.supported |= ent.supported;
442
12
            } else {
443
12
                r.unrecognized.push(ent.clone());
444
12
            }
445
        }
446
332
        r.unrecognized.sort();
447
332
        Protocols::from(r)
448
332
    }
449

            
450
    /// Return a Protocols holding every protocol flag that is present in both `self`
451
    /// and `other`.
452
    ///
453
    /// ```
454
    /// use tor_protover::*;
455
    /// let protos: Protocols = "Desc=2-4 Microdesc=1-5".parse().unwrap();
456
    /// let protos2: Protocols = "Desc=3 Microdesc=10".parse().unwrap();
457
    /// assert_eq!(protos.intersection(&protos2),
458
    ///            "Desc=3".parse().unwrap());
459
    /// ```
460
12
    pub fn intersection(&self, other: &Protocols) -> Protocols {
461
12
        let mut r = ProtocolsInner::default();
462
156
        for i in 0..N_RECOGNIZED {
463
156
            r.recognized[i] = self.0.recognized[i] & other.0.recognized[i];
464
156
        }
465
16
        for ent in self.0.unrecognized.iter() {
466
23
            if let Some(other_ent) = other.0.unrecognized.iter().find(|e| e.proto == ent.proto) {
467
4
                let supported = ent.supported & other_ent.supported;
468
4
                if supported != 0 {
469
4
                    r.unrecognized.push(SubprotocolEntry {
470
4
                        proto: ent.proto.clone(),
471
4
                        supported,
472
4
                    });
473
4
                }
474
12
            }
475
        }
476
12
        r.unrecognized.sort();
477
12
        Protocols::from(r)
478
12
    }
479
}
480

            
481
impl ProtocolsInner {
482
    /// Parsing helper: Try to add a new entry `ent` to this set of protocols.
483
    ///
484
    /// Uses `foundmask`, a bit mask saying which recognized protocols
485
    /// we've already found entries for.  Returns an error if `ent` is
486
    /// for a protocol we've already added.
487
    ///
488
    /// Does not preserve sorting order; the caller must call `self.unrecognized.sort()` before returning.
489
480348
    fn add(&mut self, foundmask: &mut u64, ent: SubprotocolEntry) -> Result<(), ParseError> {
490
480348
        match ent.proto {
491
478756
            Protocol::Proto(k) => {
492
478756
                let idx = k.get() as usize;
493
478756
                assert!(idx < N_RECOGNIZED); // guaranteed by invariant on Protocol::Proto
494
478756
                let bit = 1 << u64::from(k.get());
495
478756
                if (*foundmask & bit) != 0 {
496
4
                    return Err(ParseError::Duplicate);
497
478752
                }
498
478752
                *foundmask |= bit;
499
478752
                self.recognized[idx] = ent.supported;
500
            }
501
1592
            Protocol::Unrecognized(ref s) => {
502
1592
                if self
503
1592
                    .unrecognized
504
1592
                    .iter()
505
1617
                    .any(|ent| ent.proto.is_unrecognized(s))
506
                {
507
2
                    return Err(ParseError::Duplicate);
508
1590
                }
509
1590
                if ent.supported != 0 {
510
1590
                    self.unrecognized.push(ent);
511
1590
                }
512
            }
513
        }
514
480342
        Ok(())
515
480348
    }
516
}
517

            
518
/// An error representing a failure to parse a set of protocol versions.
519
#[derive(Error, Debug, PartialEq, Eq, Clone)]
520
#[non_exhaustive]
521
pub enum ParseError {
522
    /// A protocol version was not in the range 1..=63.
523
    #[error("Protocol version out of range")]
524
    OutOfRange,
525
    /// Some subprotocol or protocol version appeared more than once.
526
    #[error("Duplicate protocol entry")]
527
    Duplicate,
528
    /// The list of protocol versions was malformed in some other way.
529
    #[error("Malformed protocol entry")]
530
    Malformed,
531
}
532

            
533
/// Helper: return a new u64 in which bits `lo` through `hi` inclusive
534
/// are set to 1, and all the other bits are set to 0.
535
///
536
/// In other words, `bitrange(a,b)` is how we represent the range of
537
/// versions `a-b` in a protocol version bitmask.
538
///
539
/// ```ignore
540
/// # use tor_protover::bitrange;
541
/// assert_eq!(bitrange(0, 5), 0b111111);
542
/// assert_eq!(bitrange(2, 5), 0b111100);
543
/// assert_eq!(bitrange(2, 7), 0b11111100);
544
/// ```
545
488048
fn bitrange(lo: u64, hi: u64) -> u64 {
546
488048
    assert!(lo <= hi && lo <= 63 && hi <= 63);
547
488048
    let mut mask = !0;
548
488048
    mask <<= 63 - hi;
549
488048
    mask >>= 63 - hi + lo;
550
488048
    mask <<= lo;
551
488048
    mask
552
488048
}
553

            
554
/// Helper: return true if the provided string is a valid "integer"
555
/// in the form accepted by the protover spec.  This is stricter than
556
/// rust's integer parsing format.
557
976118
fn is_good_number(n: &str) -> bool {
558
995029
    n.chars().all(|ch| ch.is_ascii_digit()) && !n.starts_with('0')
559
976118
}
560

            
561
/// A single SubprotocolEntry is parsed from a string of the format
562
/// Name=Versions, where Versions is a comma-separated list of
563
/// integers or ranges of integers.
564
impl std::str::FromStr for SubprotocolEntry {
565
    type Err = ParseError;
566

            
567
480378
    fn from_str(s: &str) -> Result<Self, ParseError> {
568
        // split the string on the =.
569
480378
        let (name, versions) = s.split_once('=').ok_or(ParseError::Malformed)?;
570

            
571
        // Look up the protocol by name.
572
480376
        let proto = match ProtoKind::from_name(name) {
573
478782
            Some(p) => Protocol::Proto(p),
574
1594
            None => Protocol::Unrecognized(name.to_string()),
575
        };
576
480376
        if versions.is_empty() {
577
            // We need to handle this case specially, since otherwise
578
            // it would be treated below as a single empty value, which
579
            // would be rejected.
580
2
            return Ok(SubprotocolEntry {
581
2
                proto,
582
2
                supported: 0,
583
2
            });
584
480374
        }
585
        // Construct a bitmask based on the comma-separated versions.
586
480374
        let mut supported = 0_u64;
587
488064
        for ent in versions.split(',') {
588
            // Find and parse lo and hi for a single range of versions.
589
            // (If this is not a range, but rather a single version v,
590
            // treat it as if it were a range v-v.)
591
488064
            let (lo_s, hi_s) = ent.split_once('-').unwrap_or((ent, ent));
592

            
593
488064
            if !is_good_number(lo_s) {
594
10
                return Err(ParseError::Malformed);
595
488054
            }
596
488054
            if !is_good_number(hi_s) {
597
2
                return Err(ParseError::Malformed);
598
488052
            }
599
488052
            let lo: u64 = lo_s.parse().map_err(|_| ParseError::Malformed)?;
600
488050
            let hi: u64 = hi_s.parse().map_err(|_| ParseError::Malformed)?;
601
            // Make sure that lo and hi are in-bounds and consistent.
602
488046
            if lo > (MAX_VER as u64) || hi > (MAX_VER as u64) {
603
6
                return Err(ParseError::OutOfRange);
604
488040
            }
605
488040
            if lo > hi {
606
2
                return Err(ParseError::Malformed);
607
488038
            }
608
488038
            let mask = bitrange(lo, hi);
609
            // Make sure that no version is included twice.
610
488038
            if (supported & mask) != 0 {
611
2
                return Err(ParseError::Duplicate);
612
488036
            }
613
            // Add the appropriate bits to the mask.
614
488036
            supported |= mask;
615
        }
616
480346
        Ok(SubprotocolEntry { proto, supported })
617
480378
    }
618
}
619

            
620
/// A Protocols set can be parsed from a string according to the
621
/// format used in Tor consensus documents.
622
///
623
/// A protocols set is represented by a space-separated list of
624
/// entries.  Each entry is of the form `Name=Versions`, where `Name`
625
/// is the name of a protocol, and `Versions` is a comma-separated
626
/// list of version numbers and version ranges.  Each version range is
627
/// a pair of integers separated by `-`.
628
///
629
/// No protocol name may be listed twice.  No version may be listed
630
/// twice for a single protocol.  All versions must be in range 0
631
/// through 63 inclusive.
632
impl std::str::FromStr for Protocols {
633
    type Err = ParseError;
634

            
635
599370
    fn from_str(s: &str) -> Result<Self, ParseError> {
636
599370
        let mut result = ProtocolsInner::default();
637
599370
        let mut foundmask = 0_u64;
638
768192
        for ent in s.split(' ') {
639
768192
            if ent.is_empty() {
640
287814
                continue;
641
480378
            }
642

            
643
480378
            let s: SubprotocolEntry = ent.parse()?;
644
480348
            result.add(&mut foundmask, s)?;
645
        }
646
599334
        result.unrecognized.sort();
647
599334
        Ok(result.into())
648
599370
    }
649
}
650

            
651
/// Given a bitmask, return a list of the bits set in the mask, as a
652
/// String in the format expected by Tor consensus documents.
653
///
654
/// This implementation constructs ranges greedily.  For example, the
655
/// bitmask `0b0111011` will be represented as `0-1,3-5`, and not
656
/// `0,1,3,4,5` or `0,1,3-5`.
657
///
658
/// ```ignore
659
/// # use tor_protover::dumpmask;
660
/// assert_eq!(dumpmask(0b111111), "0-5");
661
/// assert_eq!(dumpmask(0b111100), "2-5");
662
/// assert_eq!(dumpmask(0b11111100), "2-7");
663
/// ```
664
28568
fn dumpmask(mut mask: u64) -> String {
665
    /// Helper: push a range (which may be a singleton) onto `v`.
666
28638
    fn append(v: &mut Vec<String>, lo: u32, hi: u32) {
667
28638
        if lo == hi {
668
13518
            v.push(lo.to_string());
669
15120
        } else {
670
15120
            v.push(format!("{}-{}", lo, hi));
671
15120
        }
672
28638
    }
673
    // We'll be building up our result here, then joining it with
674
    // commas.
675
28568
    let mut result = Vec::new();
676
    // This implementation is a little tricky, but it should be more
677
    // efficient than a raw search.  Basically, we're using the
678
    // function u64::trailing_zeros to count how large each range of
679
    // 1s or 0s is, and then shifting by that amount.
680

            
681
    // How many bits have we already shifted `mask`?
682
28568
    let mut shift = 0;
683
57204
    while mask != 0 {
684
28638
        let zeros = mask.trailing_zeros();
685
28638
        mask >>= zeros;
686
28638
        shift += zeros;
687
28638
        let ones = mask.trailing_ones();
688
28638
        append(&mut result, shift, shift + ones - 1);
689
28638
        shift += ones;
690
28638
        if ones == 64 {
691
            // We have to do this check to avoid overflow when formatting
692
            // the range `0-63`.
693
2
            break;
694
28636
        }
695
28636
        mask >>= ones;
696
    }
697
28568
    result.join(",")
698
28568
}
699

            
700
/// The Display trait formats a protocol set in the format expected by Tor
701
/// consensus documents.
702
///
703
/// ```
704
/// use tor_protover::*;
705
/// let protos: Protocols = "Link=1,2,3 Foobar=7 Relay=2".parse().unwrap();
706
/// assert_eq!(format!("{}", protos),
707
///            "Foobar=7 Link=1-3 Relay=2");
708
/// ```
709
impl std::fmt::Display for Protocols {
710
4170
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
711
4170
        let mut entries = Vec::new();
712
54210
        for (idx, mask) in self.0.recognized.iter().enumerate() {
713
54210
            if *mask != 0 {
714
27338
                let pk: ProtoKind = (idx as u8).into();
715
27338
                entries.push(format!("{}={}", pk, dumpmask(*mask)));
716
27448
            }
717
        }
718
4170
        for ent in &self.0.unrecognized {
719
1220
            if ent.supported != 0 {
720
1220
                entries.push(format!(
721
1220
                    "{}={}",
722
1220
                    ent.proto.to_str(),
723
1220
                    dumpmask(ent.supported)
724
1220
                ));
725
1220
            }
726
        }
727
        // This sort is required.
728
4170
        entries.sort();
729
4170
        write!(f, "{}", entries.join(" "))
730
4170
    }
731
}
732

            
733
impl FromIterator<NamedSubver> for Protocols {
734
1298
    fn from_iter<T: IntoIterator<Item = NamedSubver>>(iter: T) -> Self {
735
1298
        let mut r = ProtocolsInner::default();
736
2395
        for named_subver in iter {
737
2394
            let proto_idx = usize::from(named_subver.kind.get());
738
2394
            let proto_ver = named_subver.version;
739

            
740
            // These are guaranteed by invariants on NamedSubver.
741
2394
            assert!(proto_idx < N_RECOGNIZED);
742
2394
            assert!(usize::from(proto_ver) <= MAX_VER);
743
2394
            r.recognized[proto_idx] |= 1_u64 << proto_ver;
744
        }
745
1298
        Protocols::from(r)
746
1298
    }
747
}
748

            
749
/// Documentation: when is a protocol "supported"?
750
///
751
/// Arti should consider itself to "support" a protocol if, _as built_,
752
/// it implements the protocol completely.
753
///
754
/// Just having the protocol listed among the [`named`]
755
/// protocols is not enough, and neither is an incomplete
756
/// or uncompliant implementation.
757
///
758
/// Similarly, if the protocol is not compiled in,
759
/// it is not technically _supported_.
760
///
761
/// When in doubt, ask yourself:
762
/// - If another Tor implementation believed that we implemented this protocol,
763
///   and began to speak it to us, would we be able to do so?
764
/// - If the protocol were required,
765
///   would this software as built actually meet that requirement?
766
///
767
/// If either answer is no, the protocol is not supported.
768
pub mod doc_supported {}
769

            
770
/// Documentation about changing lists of supported versions.
771
///
772
/// # Warning
773
///
774
/// You need to be extremely careful when removing
775
/// _any_ entry from a list of supported protocols.
776
///
777
/// If you remove an entry while it still appears as "recommended" in the consensus,
778
/// you'll cause all the instances without it to warn.
779
///
780
/// If you remove an entry while it still appears as "required" in the
781
///  consensus, you'll cause all the instances without it to refuse to connect
782
/// to the network, and shut down.
783
///
784
/// If you need to remove a version from a list of supported protocols,
785
/// you need to make sure that it is not listed in the _current consensuses_:
786
/// just removing it from the list that the authorities vote for is NOT ENOUGH.
787
/// You need to remove it from the required list,
788
/// and THEN let the authorities upgrade and vote on new
789
/// consensuses without it. Only once those consensuses are out is it safe to
790
/// remove from the list of required protocols.
791
///
792
/// ## Example
793
///
794
/// One concrete example of a very dangerous race that could occur:
795
///
796
/// Suppose that the client supports protocols "HsDir=1-2" and the consensus
797
/// requires protocols "HsDir=1-2".  If the client supported protocol list is
798
/// then changed to "HSDir=2", while the consensus stills lists "HSDir=1-2",
799
/// then these clients, even very recent ones, will shut down because they
800
/// don't support "HSDir=1".
801
///
802
/// And so, changes need to be done in strict sequence as described above.
803
pub mod doc_changing {}
804

            
805
#[cfg(test)]
806
mod test {
807
    // @@ begin test lint list maintained by maint/add_warning @@
808
    #![allow(clippy::bool_assert_comparison)]
809
    #![allow(clippy::clone_on_copy)]
810
    #![allow(clippy::dbg_macro)]
811
    #![allow(clippy::mixed_attributes_style)]
812
    #![allow(clippy::print_stderr)]
813
    #![allow(clippy::print_stdout)]
814
    #![allow(clippy::single_char_pattern)]
815
    #![allow(clippy::unwrap_used)]
816
    #![allow(clippy::unchecked_time_subtraction)]
817
    #![allow(clippy::useless_vec)]
818
    #![allow(clippy::needless_pass_by_value)]
819
    #![allow(clippy::string_slice)] // See arti#2571
820
    //! <!-- @@ end test lint list maintained by maint/add_warning @@ -->
821
    use std::str::FromStr;
822

            
823
    use super::*;
824

            
825
    #[test]
826
    fn test_bitrange() {
827
        assert_eq!(0b1, bitrange(0, 0));
828
        assert_eq!(0b10, bitrange(1, 1));
829
        assert_eq!(0b11, bitrange(0, 1));
830
        assert_eq!(0b1111110000000, bitrange(7, 12));
831
        assert_eq!(!0, bitrange(0, 63));
832
    }
833

            
834
    #[test]
835
    fn test_dumpmask() {
836
        assert_eq!("", dumpmask(0));
837
        assert_eq!("0-5", dumpmask(0b111111));
838
        assert_eq!("4-5", dumpmask(0b110000));
839
        assert_eq!("1,4-5", dumpmask(0b110010));
840
        assert_eq!("0-63", dumpmask(!0));
841
    }
842

            
843
    #[test]
844
    fn test_canonical() -> Result<(), ParseError> {
845
        fn t(orig: &str, canonical: &str) -> Result<(), ParseError> {
846
            let protos: Protocols = orig.parse()?;
847
            let enc = format!("{}", protos);
848
            assert_eq!(enc, canonical);
849
            Ok(())
850
        }
851

            
852
        t("", "")?;
853
        t(" ", "")?;
854
        t("Link=5,6,7,9 Relay=4-7,2", "Link=5-7,9 Relay=2,4-7")?;
855
        t("FlowCtrl= Padding=8,7 Desc=1-5,6-8", "Desc=1-8 Padding=7-8")?;
856
        t("Zelda=7 Gannon=3,6 Link=4", "Gannon=3,6 Link=4 Zelda=7")?;
857

            
858
        Ok(())
859
    }
860

            
861
    #[test]
862
    fn test_invalid() {
863
        fn t(s: &str) -> ParseError {
864
            let protos: Result<Protocols, ParseError> = s.parse();
865
            assert!(protos.is_err());
866
            protos.err().unwrap()
867
        }
868

            
869
        assert_eq!(t("Link=1-100"), ParseError::OutOfRange);
870
        assert_eq!(t("Zelda=100"), ParseError::OutOfRange);
871
        assert_eq!(t("Link=100-200"), ParseError::OutOfRange);
872

            
873
        assert_eq!(t("Link=1,1"), ParseError::Duplicate);
874
        assert_eq!(t("Link=1 Link=1"), ParseError::Duplicate);
875
        assert_eq!(t("Link=1 Link=3"), ParseError::Duplicate);
876
        assert_eq!(t("Zelda=1 Zelda=3"), ParseError::Duplicate);
877

            
878
        assert_eq!(t("Link=Zelda"), ParseError::Malformed);
879
        assert_eq!(t("Link=6-2"), ParseError::Malformed);
880
        assert_eq!(t("Link=6-"), ParseError::Malformed);
881
        assert_eq!(t("Link=6-,2"), ParseError::Malformed);
882
        assert_eq!(t("Link=1,,2"), ParseError::Malformed);
883
        assert_eq!(t("Link=6-frog"), ParseError::Malformed);
884
        assert_eq!(t("Link=gannon-9"), ParseError::Malformed);
885
        assert_eq!(t("Link Zelda"), ParseError::Malformed);
886

            
887
        assert_eq!(t("Link=01"), ParseError::Malformed);
888
        assert_eq!(t("Link=waffle"), ParseError::Malformed);
889
        assert_eq!(t("Link=1_1"), ParseError::Malformed);
890
    }
891

            
892
    #[test]
893
    fn test_supports() -> Result<(), ParseError> {
894
        let p: Protocols = "Link=4,5-7 Padding=2 Lonk=1-3,5".parse()?;
895

            
896
        assert!(p.supports_known_subver(ProtoKind::Padding, 2));
897
        assert!(!p.supports_known_subver(ProtoKind::Padding, 1));
898
        assert!(p.supports_known_subver(ProtoKind::Link, 6));
899
        assert!(!p.supports_known_subver(ProtoKind::Link, 255));
900
        assert!(!p.supports_known_subver(ProtoKind::Cons, 1));
901
        assert!(!p.supports_known_subver(ProtoKind::Cons, 0));
902
        assert!(p.supports_subver("Link", 6));
903
        assert!(!p.supports_subver("link", 6));
904
        assert!(!p.supports_subver("Cons", 0));
905
        assert!(p.supports_subver("Lonk", 3));
906
        assert!(!p.supports_subver("Lonk", 4));
907
        assert!(!p.supports_subver("lonk", 3));
908
        assert!(!p.supports_subver("Lonk", 64));
909

            
910
        Ok(())
911
    }
912

            
913
    #[test]
914
    fn test_difference() -> Result<(), ParseError> {
915
        let p1: Protocols = "Link=1-10 Desc=5-10 Relay=1,3,5,7,9 Other=7-60 Mine=1-20".parse()?;
916
        let p2: Protocols = "Link=3-4 Desc=1-6 Relay=2-6 Other=8 Theirs=20".parse()?;
917

            
918
        assert_eq!(
919
            p1.difference(&p2),
920
            Protocols::from_str("Link=1-2,5-10 Desc=7-10 Relay=1,7,9 Other=7,9-60 Mine=1-20")?
921
        );
922
        assert_eq!(
923
            p2.difference(&p1),
924
            Protocols::from_str("Desc=1-4 Relay=2,4,6 Theirs=20")?,
925
        );
926

            
927
        let nil = Protocols::default();
928
        assert_eq!(p1.difference(&nil), p1);
929
        assert_eq!(p2.difference(&nil), p2);
930
        assert_eq!(nil.difference(&p1), nil);
931
        assert_eq!(nil.difference(&p2), nil);
932

            
933
        Ok(())
934
    }
935

            
936
    #[test]
937
    fn test_union() -> Result<(), ParseError> {
938
        let p1: Protocols = "Link=1-10 Desc=5-10 Relay=1,3,5,7,9 Other=7-60 Mine=1-20".parse()?;
939
        let p2: Protocols = "Link=3-4 Desc=1-6 Relay=2-6 Other=2,8 Theirs=20".parse()?;
940

            
941
        assert_eq!(
942
            p1.union(&p2),
943
            Protocols::from_str(
944
                "Link=1-10 Desc=1-10 Relay=1-7,9 Other=2,7-60 Theirs=20 Mine=1-20"
945
            )?
946
        );
947
        assert_eq!(
948
            p2.union(&p1),
949
            Protocols::from_str(
950
                "Link=1-10 Desc=1-10 Relay=1-7,9 Other=2,7-60 Theirs=20 Mine=1-20"
951
            )?
952
        );
953

            
954
        let nil = Protocols::default();
955
        assert_eq!(p1.union(&nil), p1);
956
        assert_eq!(p2.union(&nil), p2);
957
        assert_eq!(nil.union(&p1), p1);
958
        assert_eq!(nil.union(&p2), p2);
959

            
960
        Ok(())
961
    }
962

            
963
    #[test]
964
    fn test_intersection() -> Result<(), ParseError> {
965
        let p1: Protocols = "Link=1-10 Desc=5-10 Relay=1,3,5,7,9 Other=7-60 Mine=1-20".parse()?;
966
        let p2: Protocols = "Link=3-4 Desc=1-6 Relay=2-6 Other=2,8 Theirs=20".parse()?;
967

            
968
        assert_eq!(
969
            p1.intersection(&p2),
970
            Protocols::from_str("Link=3-4 Desc=5-6 Relay=3,5 Other=8")?
971
        );
972
        assert_eq!(
973
            p2.intersection(&p1),
974
            Protocols::from_str("Link=3-4 Desc=5-6 Relay=3,5 Other=8")?
975
        );
976

            
977
        let nil = Protocols::default();
978
        assert_eq!(p1.intersection(&nil), nil);
979
        assert_eq!(p2.intersection(&nil), nil);
980
        assert_eq!(nil.intersection(&p1), nil);
981
        assert_eq!(nil.intersection(&p2), nil);
982

            
983
        Ok(())
984
    }
985

            
986
    #[test]
987
    fn from_iter() {
988
        use named as n;
989
        let empty: [NamedSubver; 0] = [];
990
        let prs: Protocols = empty.iter().copied().collect();
991
        assert_eq!(prs, Protocols::default());
992
        let prs: Protocols = empty.into_iter().collect();
993
        assert_eq!(prs, Protocols::default());
994

            
995
        let prs = [
996
            n::LINK_V3,
997
            n::HSDIR_V3,
998
            n::LINK_V4,
999
            n::LINK_V5,
            n::CONFLUX_BASE,
        ]
        .into_iter()
        .collect::<Protocols>();
        assert_eq!(prs, "Link=3-5 HSDir=2 Conflux=1".parse().unwrap());
    }
    #[test]
    fn order_numbered_subvers() {
        // We rely on this sort order elsewhere in our protocol.
        assert!(NumberedSubver::new(5, 7) < NumberedSubver::new(7, 5));
        assert!(NumberedSubver::new(7, 5) < NumberedSubver::new(7, 6));
        assert!(NumberedSubver::new(7, 6) < NumberedSubver::new(8, 6));
    }
}