Tor  0.4.6.0-alpha-dev
hs_circuit.c
Go to the documentation of this file.
1 /* Copyright (c) 2017-2020, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_circuit.c
6  **/
7 
8 #define HS_CIRCUIT_PRIVATE
9 
10 #include "core/or/or.h"
11 #include "app/config/config.h"
12 #include "core/crypto/hs_ntor.h"
13 #include "core/or/circuitbuild.h"
14 #include "core/or/circuitlist.h"
15 #include "core/or/circuituse.h"
16 #include "core/or/policies.h"
17 #include "core/or/relay.h"
18 #include "core/or/crypt_path.h"
19 #include "core/or/extendinfo.h"
20 #include "feature/client/circpathbias.h"
21 #include "feature/hs/hs_cell.h"
22 #include "feature/hs/hs_circuit.h"
23 #include "feature/hs/hs_ob.h"
25 #include "feature/hs/hs_client.h"
26 #include "feature/hs/hs_ident.h"
27 #include "feature/hs/hs_metrics.h"
28 #include "feature/hs/hs_service.h"
33 #include "feature/stats/rephist.h"
37 
38 /* Trunnel. */
39 #include "trunnel/ed25519_cert.h"
40 #include "trunnel/hs/cell_common.h"
41 #include "trunnel/hs/cell_establish_intro.h"
42 
44 #include "core/or/crypt_path_st.h"
47 
48 /** A circuit is about to become an e2e rendezvous circuit. Check
49  * <b>circ_purpose</b> and ensure that it's properly set. Return true iff
50  * circuit purpose is properly set, otherwise return false. */
51 static int
52 circuit_purpose_is_correct_for_rend(unsigned int circ_purpose,
53  int is_service_side)
54 {
55  if (is_service_side) {
56  if (circ_purpose != CIRCUIT_PURPOSE_S_CONNECT_REND) {
57  log_warn(LD_BUG,
58  "HS e2e circuit setup with wrong purpose (%d)", circ_purpose);
59  return 0;
60  }
61  }
62 
63  if (!is_service_side) {
64  if (circ_purpose != CIRCUIT_PURPOSE_C_REND_READY &&
66  log_warn(LD_BUG,
67  "Client e2e circuit setup with wrong purpose (%d)", circ_purpose);
68  return 0;
69  }
70  }
71 
72  return 1;
73 }
74 
75 /** Create and return a crypt path for the final hop of a v3 prop224 rendezvous
76  * circuit. Initialize the crypt path crypto using the output material from the
77  * ntor key exchange at <b>ntor_key_seed</b>.
78  *
79  * If <b>is_service_side</b> is set, we are the hidden service and the final
80  * hop of the rendezvous circuit is the client on the other side. */
81 static crypt_path_t *
82 create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len,
83  int is_service_side)
84 {
85  uint8_t keys[HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN];
86  crypt_path_t *cpath = NULL;
87 
88  /* Do the key expansion */
89  if (hs_ntor_circuit_key_expansion(ntor_key_seed, seed_len,
90  keys, sizeof(keys)) < 0) {
91  goto err;
92  }
93 
94  /* Setup the cpath */
95  cpath = tor_malloc_zero(sizeof(crypt_path_t));
96  cpath->magic = CRYPT_PATH_MAGIC;
97 
98  if (cpath_init_circuit_crypto(cpath, (char*)keys, sizeof(keys),
99  is_service_side, 1) < 0) {
100  tor_free(cpath);
101  goto err;
102  }
103 
104  err:
105  memwipe(keys, 0, sizeof(keys));
106  return cpath;
107 }
108 
109 /** We are a v2 legacy HS client: Create and return a crypt path for the hidden
110  * service on the other side of the rendezvous circuit <b>circ</b>. Initialize
111  * the crypt path crypto using the body of the RENDEZVOUS1 cell at
112  * <b>rend_cell_body</b> (which must be at least DH1024_KEY_LEN+DIGEST_LEN
113  * bytes).
114  */
115 static crypt_path_t *
116 create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
117 {
118  crypt_path_t *hop = NULL;
119  char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
120 
121  /* first DH1024_KEY_LEN bytes are g^y from the service. Finish the dh
122  * handshake...*/
123  tor_assert(circ->build_state);
125  hop = circ->build_state->pending_final_cpath;
126 
128  if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->rend_dh_handshake_state,
129  (char*)rend_cell_body, DH1024_KEY_LEN,
130  keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
131  log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
132  goto err;
133  }
134  /* ... and set up cpath. */
136  keys+DIGEST_LEN, sizeof(keys)-DIGEST_LEN,
137  0, 0) < 0)
138  goto err;
139 
140  /* Check whether the digest is right... */
141  if (tor_memneq(keys, rend_cell_body+DH1024_KEY_LEN, DIGEST_LEN)) {
142  log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
143  goto err;
144  }
145 
146  /* clean up the crypto stuff we just made */
147  crypto_dh_free(hop->rend_dh_handshake_state);
148  hop->rend_dh_handshake_state = NULL;
149 
150  goto done;
151 
152  err:
153  hop = NULL;
154 
155  done:
156  memwipe(keys, 0, sizeof(keys));
157  return hop;
158 }
159 
160 /** Append the final <b>hop</b> to the cpath of the rend <b>circ</b>, and mark
161  * <b>circ</b> ready for use to transfer HS relay cells. */
162 static void
164  int is_service_side)
165 {
166  tor_assert(circ);
167  tor_assert(hop);
168 
169  /* Notify the circuit state machine that we are splicing this circuit */
170  int new_circ_purpose = is_service_side ?
172  circuit_change_purpose(TO_CIRCUIT(circ), new_circ_purpose);
173 
174  /* All is well. Extend the circuit. */
175  hop->state = CPATH_STATE_OPEN;
176  /* Set the windows to default. */
179 
180  /* Now that this circuit has finished connecting to its destination,
181  * make sure circuit_get_open_circ_or_launch is willing to return it
182  * so we can actually use it. */
183  circ->hs_circ_has_timed_out = 0;
184 
185  /* Append the hop to the cpath of this circuit */
186  cpath_extend_linked_list(&circ->cpath, hop);
187 
188  /* In legacy code, 'pending_final_cpath' points to the final hop we just
189  * appended to the cpath. We set the original pointer to NULL so that we
190  * don't double free it. */
191  if (circ->build_state) {
192  circ->build_state->pending_final_cpath = NULL;
193  }
194 
195  /* Finally, mark circuit as ready to be used for client streams */
196  if (!is_service_side) {
198  }
199 }
200 
201 /** For a given circuit and a service introduction point object, register the
202  * intro circuit to the circuitmap. This supports legacy intro point. */
203 static void
205  origin_circuit_t *circ)
206 {
207  tor_assert(ip);
208  tor_assert(circ);
209 
210  if (ip->base.is_only_legacy) {
212  ip->legacy_key_digest);
213  } else {
215  &ip->auth_key_kp.pubkey);
216  }
217 }
218 
219 /** Return the number of opened introduction circuit for the given circuit that
220  * is matching its identity key. */
221 static unsigned int
223  const hs_service_descriptor_t *desc)
224 {
225  unsigned int count = 0;
226 
227  tor_assert(service);
228  tor_assert(desc);
229 
230  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
231  const hs_service_intro_point_t *, ip) {
232  const circuit_t *circ;
234  if (ocirc == NULL) {
235  continue;
236  }
237  circ = TO_CIRCUIT(ocirc);
240  /* Having a circuit not for the requested service is really bad. */
242  &ocirc->hs_ident->identity_pk));
243  /* Only count opened circuit and skip circuit that will be closed. */
244  if (!circ->marked_for_close && circ->state == CIRCUIT_STATE_OPEN) {
245  count++;
246  }
247  } DIGEST256MAP_FOREACH_END;
248  return count;
249 }
250 
251 /** From a given service, rendezvous cookie and handshake info, create a
252  * rendezvous point circuit identifier. This can't fail. */
255  const uint8_t *rendezvous_cookie,
256  const curve25519_public_key_t *server_pk,
257  const hs_ntor_rend_cell_keys_t *keys)
258 {
259  hs_ident_circuit_t *ident;
260  uint8_t handshake_info[CURVE25519_PUBKEY_LEN + DIGEST256_LEN];
261 
262  tor_assert(service);
263  tor_assert(rendezvous_cookie);
264  tor_assert(server_pk);
265  tor_assert(keys);
266 
267  ident = hs_ident_circuit_new(&service->keys.identity_pk);
268  /* Copy the RENDEZVOUS_COOKIE which is the unique identifier. */
269  memcpy(ident->rendezvous_cookie, rendezvous_cookie,
270  sizeof(ident->rendezvous_cookie));
271  /* Build the HANDSHAKE_INFO which looks like this:
272  * SERVER_PK [32 bytes]
273  * AUTH_INPUT_MAC [32 bytes]
274  */
275  memcpy(handshake_info, server_pk->public_key, CURVE25519_PUBKEY_LEN);
276  memcpy(handshake_info + CURVE25519_PUBKEY_LEN, keys->rend_cell_auth_mac,
277  DIGEST256_LEN);
278  tor_assert(sizeof(ident->rendezvous_handshake_info) ==
279  sizeof(handshake_info));
280  memcpy(ident->rendezvous_handshake_info, handshake_info,
281  sizeof(ident->rendezvous_handshake_info));
282  /* Finally copy the NTOR_KEY_SEED for e2e encryption on the circuit. */
283  tor_assert(sizeof(ident->rendezvous_ntor_key_seed) ==
284  sizeof(keys->ntor_key_seed));
285  memcpy(ident->rendezvous_ntor_key_seed, keys->ntor_key_seed,
286  sizeof(ident->rendezvous_ntor_key_seed));
287  return ident;
288 }
289 
290 /** From a given service and service intro point, create an introduction point
291  * circuit identifier. This can't fail. */
292 static hs_ident_circuit_t *
294  const hs_service_intro_point_t *ip)
295 {
296  hs_ident_circuit_t *ident;
297 
298  tor_assert(service);
299  tor_assert(ip);
300 
301  ident = hs_ident_circuit_new(&service->keys.identity_pk);
302  ed25519_pubkey_copy(&ident->intro_auth_pk, &ip->auth_key_kp.pubkey);
303 
304  return ident;
305 }
306 
307 /** For a given introduction point and an introduction circuit, send the
308  * ESTABLISH_INTRO cell. The service object is used for logging. This can fail
309  * and if so, the circuit is closed and the intro point object is flagged
310  * that the circuit is not established anymore which is important for the
311  * retry mechanism. */
312 static void
315 {
316  ssize_t cell_len;
317  uint8_t payload[RELAY_PAYLOAD_SIZE];
318 
319  tor_assert(service);
320  tor_assert(ip);
321  tor_assert(circ);
322 
323  /* Encode establish intro cell. */
325  &service->config, ip, payload);
326  if (cell_len < 0) {
327  log_warn(LD_REND, "Unable to encode ESTABLISH_INTRO cell for service %s "
328  "on circuit %u. Closing circuit.",
329  safe_str_client(service->onion_address),
330  TO_CIRCUIT(circ)->n_circ_id);
331  goto err;
332  }
333 
334  /* Send the cell on the circuit. */
335  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
336  RELAY_COMMAND_ESTABLISH_INTRO,
337  (char *) payload, cell_len,
338  circ->cpath->prev) < 0) {
339  log_info(LD_REND, "Unable to send ESTABLISH_INTRO cell for service %s "
340  "on circuit %u.",
341  safe_str_client(service->onion_address),
342  TO_CIRCUIT(circ)->n_circ_id);
343  /* On error, the circuit has been closed. */
344  goto done;
345  }
346 
347  /* Record the attempt to use this circuit. */
349  goto done;
350 
351  err:
352  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
353  done:
354  memwipe(payload, 0, sizeof(payload));
355 }
356 
357 /** Return a string constant describing the anonymity of service. */
358 static const char *
360 {
361  if (service->config.is_single_onion) {
362  return "single onion";
363  } else {
364  return "hidden";
365  }
366 }
367 
368 /** For a given service, the ntor onion key and a rendezvous cookie, launch a
369  * circuit to the rendezvous point specified by the link specifiers. On
370  * success, a circuit identifier is attached to the circuit with the needed
371  * data. This function will try to open a circuit for a maximum value of
372  * MAX_REND_FAILURES then it will give up. */
373 MOCK_IMPL(STATIC void,
375  const hs_service_intro_point_t *ip,
377 {
378  int circ_needs_uptime;
379  time_t now = time(NULL);
380  extend_info_t *info = NULL;
381  origin_circuit_t *circ;
382 
383  tor_assert(service);
384  tor_assert(ip);
385  tor_assert(data);
386 
387  circ_needs_uptime = hs_service_requires_uptime_circ(service->config.ports);
388 
389  /* Get the extend info data structure for the chosen rendezvous point
390  * specified by the given link specifiers. */
392  &data->onion_pk,
393  service->config.is_single_onion);
394  if (info == NULL) {
395  /* We are done here, we can't extend to the rendezvous point. */
396  log_fn(LOG_PROTOCOL_WARN, LD_REND,
397  "Not enough info to open a circuit to a rendezvous point for "
398  "%s service %s.",
400  safe_str_client(service->onion_address));
401  goto end;
402  }
403 
404  for (int i = 0; i < MAX_REND_FAILURES; i++) {
406  if (circ_needs_uptime) {
407  circ_flags |= CIRCLAUNCH_NEED_UPTIME;
408  }
409  /* Firewall and policies are checked when getting the extend info.
410  *
411  * We only use a one-hop path on the first attempt. If the first attempt
412  * fails, we use a 3-hop path for reachability / reliability.
413  * See the comment in retry_service_rendezvous_point() for details. */
414  if (service->config.is_single_onion && i == 0) {
415  circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
416  }
417 
419  circ_flags);
420  if (circ != NULL) {
421  /* Stop retrying, we have a circuit! */
422  break;
423  }
424  }
425  if (circ == NULL) {
426  log_warn(LD_REND, "Giving up on launching a rendezvous circuit to %s "
427  "for %s service %s",
428  safe_str_client(extend_info_describe(info)),
430  safe_str_client(service->onion_address));
431  goto end;
432  }
433  /* Update metrics with this new rendezvous circuit launched. */
435 
436  log_info(LD_REND, "Rendezvous circuit launched to %s with cookie %s "
437  "for %s service %s",
438  safe_str_client(extend_info_describe(info)),
439  safe_str_client(hex_str((const char *) data->rendezvous_cookie,
440  REND_COOKIE_LEN)),
442  safe_str_client(service->onion_address));
443  tor_assert(circ->build_state);
444  /* Rendezvous circuit have a specific timeout for the time spent on trying
445  * to connect to the rendezvous point. */
447 
448  /* Create circuit identifier and key material. */
449  {
451  curve25519_keypair_t ephemeral_kp;
452  /* No need for extra strong, this is only for this circuit life time. This
453  * key will be used for the RENDEZVOUS1 cell that will be sent on the
454  * circuit once opened. */
455  curve25519_keypair_generate(&ephemeral_kp, 0);
456  if (hs_ntor_service_get_rendezvous1_keys(&ip->auth_key_kp.pubkey,
457  &ip->enc_key_kp,
458  &ephemeral_kp, &data->client_pk,
459  &keys) < 0) {
460  /* This should not really happened but just in case, don't make tor
461  * freak out, close the circuit and move on. */
462  log_info(LD_REND, "Unable to get RENDEZVOUS1 key material for "
463  "service %s",
464  safe_str_client(service->onion_address));
465  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
466  goto end;
467  }
468  circ->hs_ident = create_rp_circuit_identifier(service,
469  data->rendezvous_cookie,
470  &ephemeral_kp.pubkey, &keys);
471  memwipe(&ephemeral_kp, 0, sizeof(ephemeral_kp));
472  memwipe(&keys, 0, sizeof(keys));
473  tor_assert(circ->hs_ident);
474  }
475 
476  end:
477  extend_info_free(info);
478 }
479 
480 /** Return true iff the given service rendezvous circuit circ is allowed for a
481  * relaunch to the rendezvous point. */
482 static int
484 {
485  tor_assert(circ);
486  /* This is initialized when allocating an origin circuit. */
487  tor_assert(circ->build_state);
489 
490  /* XXX: Retrying under certain condition. This is related to #22455. */
491 
492  /* Avoid to relaunch twice a circuit to the same rendezvous point at the
493  * same time. */
495  log_info(LD_REND, "Rendezvous circuit to %s has already been retried. "
496  "Skipping retry.",
497  safe_str_client(
499  goto disallow;
500  }
501 
502  /* We check failure_count >= hs_get_service_max_rend_failures()-1 below, and
503  * the -1 is because we increment the failure count for our current failure
504  * *after* this clause. */
505  int max_rend_failures = hs_get_service_max_rend_failures() - 1;
506 
507  /* A failure count that has reached maximum allowed or circuit that expired,
508  * we skip relaunching. */
509  if (circ->build_state->failure_count > max_rend_failures ||
510  circ->build_state->expiry_time <= time(NULL)) {
511  log_info(LD_REND, "Attempt to build a rendezvous circuit to %s has "
512  "failed with %d attempts and expiry time %ld. "
513  "Giving up building.",
514  safe_str_client(
516  circ->build_state->failure_count,
517  (long int) circ->build_state->expiry_time);
518  goto disallow;
519  }
520 
521  /* Allowed to relaunch. */
522  return 1;
523  disallow:
524  return 0;
525 }
526 
527 /** Retry the rendezvous point of circ by launching a new circuit to it. */
528 static void
530 {
531  int flags = 0;
532  origin_circuit_t *new_circ;
533  cpath_build_state_t *bstate;
534 
535  tor_assert(circ);
536  /* This is initialized when allocating an origin circuit. */
537  tor_assert(circ->build_state);
539 
540  /* Ease our life. */
541  bstate = circ->build_state;
542 
543  log_info(LD_REND, "Retrying rendezvous point circuit to %s",
544  safe_str_client(extend_info_describe(bstate->chosen_exit)));
545 
546  /* Get the current build state flags for the next circuit. */
547  flags |= (bstate->need_uptime) ? CIRCLAUNCH_NEED_UPTIME : 0;
548  flags |= (bstate->need_capacity) ? CIRCLAUNCH_NEED_CAPACITY : 0;
549  flags |= (bstate->is_internal) ? CIRCLAUNCH_IS_INTERNAL : 0;
550 
551  /* We do NOT add the onehop tunnel flag even though it might be a single
552  * onion service. The reason is that if we failed once to connect to the RP
553  * with a direct connection, we consider that chances are that we will fail
554  * again so try a 3-hop circuit and hope for the best. Because the service
555  * has no anonymity (single onion), this change of behavior won't affect
556  * security directly. */
557 
559  bstate->chosen_exit, flags);
560  if (new_circ == NULL) {
561  log_warn(LD_REND, "Failed to launch rendezvous circuit to %s",
562  safe_str_client(extend_info_describe(bstate->chosen_exit)));
563  goto done;
564  }
565 
566  /* Transfer build state information to the new circuit state in part to
567  * catch any other failures. */
568  new_circ->build_state->failure_count = bstate->failure_count+1;
569  new_circ->build_state->expiry_time = bstate->expiry_time;
570  new_circ->hs_ident = hs_ident_circuit_dup(circ->hs_ident);
571 
572  done:
573  return;
574 }
575 
576 /** Using the given descriptor intro point ip, the node of the
577  * rendezvous point rp_node and the service's subcredential, populate the
578  * already allocated intro1_data object with the needed key material and link
579  * specifiers.
580  *
581  * Return 0 on success or a negative value if we couldn't properly filled the
582  * introduce1 data from the RP node. In other word, it means the RP node is
583  * unusable to use in the introduction. */
584 static int
586  const node_t *rp_node,
587  const hs_subcredential_t *subcredential,
588  hs_cell_introduce1_data_t *intro1_data)
589 {
590  int ret = -1;
591  smartlist_t *rp_lspecs;
592 
593  tor_assert(ip);
594  tor_assert(rp_node);
595  tor_assert(subcredential);
596  tor_assert(intro1_data);
597 
598  /* Build the link specifiers from the node at the end of the rendezvous
599  * circuit that we opened for this introduction. */
600  rp_lspecs = node_get_link_specifier_smartlist(rp_node, 0);
601  if (smartlist_len(rp_lspecs) == 0) {
602  /* We can't rendezvous without link specifiers. */
603  smartlist_free(rp_lspecs);
604  goto end;
605  }
606 
607  /* Populate the introduce1 data object. */
608  memset(intro1_data, 0, sizeof(hs_cell_introduce1_data_t));
609  if (ip->legacy.key != NULL) {
610  intro1_data->is_legacy = 1;
611  intro1_data->legacy_key = ip->legacy.key;
612  }
613  intro1_data->auth_pk = &ip->auth_key_cert->signed_key;
614  intro1_data->enc_pk = &ip->enc_key;
615  intro1_data->subcredential = subcredential;
616  intro1_data->link_specifiers = rp_lspecs;
617  intro1_data->onion_pk = node_get_curve25519_onion_key(rp_node);
618  if (intro1_data->onion_pk == NULL) {
619  /* We can't rendezvous without the curve25519 onion key. */
620  goto end;
621  }
622  /* Success, we have valid introduce data. */
623  ret = 0;
624 
625  end:
626  return ret;
627 }
628 
629 /** Helper: cleanup function for client circuit. This is for every HS version.
630  * It is called from hs_circ_cleanup_on_close() entry point. */
631 static void
633 {
634  tor_assert(circ);
635 
636  if (circuit_is_hs_v3(circ)) {
638  }
639  /* It is possible the circuit has an HS purpose but no identifier (rend_data
640  * or hs_ident). Thus possible that this passes through. */
641 }
642 
643 /** Helper: cleanup function for client circuit. This is for every HS version.
644  * It is called from hs_circ_cleanup_on_free() entry point. */
645 static void
647 {
648  tor_assert(circ);
649 
650  if (circuit_is_hs_v2(circ)) {
652  } else if (circuit_is_hs_v3(circ)) {
654  }
655  /* It is possible the circuit has an HS purpose but no identifier (rend_data
656  * or hs_ident). Thus possible that this passes through. */
657 }
658 
659 /* ========== */
660 /* Public API */
661 /* ========== */
662 
663 /** Return an introduction point circuit matching the given intro point object.
664  * NULL is returned is no such circuit can be found. */
667 {
668  tor_assert(ip);
669 
670  if (ip->base.is_only_legacy) {
672  } else {
674  &ip->auth_key_kp.pubkey);
675  }
676 }
677 
678 /** Return an introduction point established circuit matching the given intro
679  * point object. The circuit purpose has to be CIRCUIT_PURPOSE_S_INTRO. NULL
680  * is returned is no such circuit can be found. */
683 {
684  origin_circuit_t *circ;
685 
686  tor_assert(ip);
687 
688  if (ip->base.is_only_legacy) {
690  } else {
692  &ip->auth_key_kp.pubkey);
693  }
694 
695  /* Only return circuit if it is established. */
696  return (circ && TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO) ?
697  circ : NULL;
698 }
699 
700 /** Called when we fail building a rendezvous circuit at some point other than
701  * the last hop: launches a new circuit to the same rendezvous point. This
702  * supports legacy service.
703  *
704  * We currently relaunch connections to rendezvous points if:
705  * - A rendezvous circuit timed out before connecting to RP.
706  * - The rendezvous circuit failed to connect to the RP.
707  *
708  * We avoid relaunching a connection to this rendezvous point if:
709  * - We have already tried MAX_REND_FAILURES times to connect to this RP,
710  * - We've been trying to connect to this RP for more than MAX_REND_TIMEOUT
711  * seconds, or
712  * - We've already retried this specific rendezvous circuit.
713  */
714 void
716 {
717  tor_assert(circ);
719 
720  /* Check if we are allowed to relaunch to the rendezvous point of circ. */
722  goto done;
723  }
724 
725  /* Flag the circuit that we are relaunching, to avoid to relaunch twice a
726  * circuit to the same rendezvous point at the same time. */
728 
729  /* Legacy services don't have a hidden service ident. */
730  if (circ->hs_ident) {
732  } else {
734  }
735 
736  done:
737  return;
738 }
739 
740 /** For a given service and a service intro point, launch a circuit to the
741  * extend info ei. If the service is a single onion, and direct_conn is true,
742  * a one-hop circuit will be requested.
743  *
744  * Return 0 if the circuit was successfully launched and tagged
745  * with the correct identifier. On error, a negative value is returned. */
746 int
748  const hs_service_intro_point_t *ip,
749  extend_info_t *ei,
750  bool direct_conn)
751 {
752  /* Standard flags for introduction circuit. */
753  int ret = -1, circ_flags = CIRCLAUNCH_NEED_UPTIME | CIRCLAUNCH_IS_INTERNAL;
754  origin_circuit_t *circ;
755 
756  tor_assert(service);
757  tor_assert(ip);
758  tor_assert(ei);
759 
760  /* Update circuit flags in case of a single onion service that requires a
761  * direct connection. */
762  tor_assert_nonfatal(ip->circuit_retries > 0);
763  /* Only single onion services can make direct conns */
764  if (BUG(!service->config.is_single_onion && direct_conn)) {
765  goto end;
766  }
767  /* We only use a one-hop path on the first attempt. If the first attempt
768  * fails, we use a 3-hop path for reachability / reliability.
769  * (Unlike v2, retries is incremented by the caller before it calls this
770  * function.) */
771  if (direct_conn && ip->circuit_retries == 1) {
772  circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
773  }
774 
775  log_info(LD_REND, "Launching a circuit to intro point %s for service %s.",
776  safe_str_client(extend_info_describe(ei)),
777  safe_str_client(service->onion_address));
778 
779  /* Note down the launch for the retry period. Even if the circuit fails to
780  * be launched, we still want to respect the retry period to avoid stress on
781  * the circuit subsystem. */
782  service->state.num_intro_circ_launched++;
784  ei, circ_flags);
785  if (circ == NULL) {
786  goto end;
787  }
788 
789  /* Setup the circuit identifier and attach it to it. */
790  circ->hs_ident = create_intro_circuit_identifier(service, ip);
791  tor_assert(circ->hs_ident);
792  /* Register circuit in the global circuitmap. */
793  register_intro_circ(ip, circ);
794 
795  /* Success. */
796  ret = 0;
797  end:
798  return ret;
799 }
800 
801 /** Called when a service introduction point circuit is done building. Given
802  * the service and intro point object, this function will send the
803  * ESTABLISH_INTRO cell on the circuit. Return 0 on success. Return 1 if the
804  * circuit has been repurposed to General because we already have too many
805  * opened. */
806 int
809  const hs_service_descriptor_t *desc,
810  origin_circuit_t *circ)
811 {
812  int ret = 0;
813  unsigned int num_intro_circ, num_needed_circ;
814 
815  tor_assert(service);
816  tor_assert(ip);
817  tor_assert(desc);
818  tor_assert(circ);
819 
820  /* Count opened circuits that have sent ESTABLISH_INTRO cells or are already
821  * established introduction circuits */
822  num_intro_circ = count_opened_desc_intro_point_circuits(service, desc);
823  num_needed_circ = service->config.num_intro_points;
824  if (num_intro_circ > num_needed_circ) {
825  /* There are too many opened valid intro circuit for what the service
826  * needs so repurpose this one. */
827 
828  /* XXX: Legacy code checks options->ExcludeNodes and if not NULL it just
829  * closes the circuit. I have NO idea why it does that so it hasn't been
830  * added here. I can only assume in case our ExcludeNodes list changes but
831  * in that case, all circuit are flagged unusable (config.c). --dgoulet */
832 
833  log_info(LD_CIRC | LD_REND, "Introduction circuit just opened but we "
834  "have enough for service %s. Repurposing "
835  "it to general and leaving internal.",
836  safe_str_client(service->onion_address));
838  /* Remove it from the circuitmap. */
840  /* Cleaning up the hidden service identifier and repurpose. */
841  hs_ident_circuit_free(circ->hs_ident);
842  circ->hs_ident = NULL;
843  if (circuit_should_use_vanguards(TO_CIRCUIT(circ)->purpose))
845  else
847 
848  /* Inform that this circuit just opened for this new purpose. */
849  circuit_has_opened(circ);
850  /* This return value indicate to the caller that the IP object should be
851  * removed from the service because it's corresponding circuit has just
852  * been repurposed. */
853  ret = 1;
854  goto done;
855  }
856 
857  log_info(LD_REND, "Introduction circuit %u established for service %s.",
858  TO_CIRCUIT(circ)->n_circ_id,
859  safe_str_client(service->onion_address));
861 
862  /* Time to send an ESTABLISH_INTRO cell on this circuit. On error, this call
863  * makes sure the circuit gets closed. */
864  send_establish_intro(service, ip, circ);
865 
866  done:
867  return ret;
868 }
869 
870 /** Called when a service rendezvous point circuit is done building. Given the
871  * service and the circuit, this function will send a RENDEZVOUS1 cell on the
872  * circuit using the information in the circuit identifier. If the cell can't
873  * be sent, the circuit is closed. */
874 void
876  origin_circuit_t *circ)
877 {
878  size_t payload_len;
879  uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
880 
881  tor_assert(service);
882  tor_assert(circ);
883  tor_assert(circ->hs_ident);
884 
885  /* Some useful logging. */
886  log_info(LD_REND, "Rendezvous circuit %u has opened with cookie %s "
887  "for service %s",
888  TO_CIRCUIT(circ)->n_circ_id,
889  hex_str((const char *) circ->hs_ident->rendezvous_cookie,
891  safe_str_client(service->onion_address));
893 
894  /* This can't fail. */
895  payload_len = hs_cell_build_rendezvous1(
897  sizeof(circ->hs_ident->rendezvous_cookie),
899  sizeof(circ->hs_ident->rendezvous_handshake_info),
900  payload);
901 
902  /* Pad the payload with random bytes so it matches the size of a legacy cell
903  * which is normally always bigger. Also, the size of a legacy cell is
904  * always smaller than the RELAY_PAYLOAD_SIZE so this is safe. */
905  if (payload_len < HS_LEGACY_RENDEZVOUS_CELL_SIZE) {
906  crypto_rand((char *) payload + payload_len,
907  HS_LEGACY_RENDEZVOUS_CELL_SIZE - payload_len);
908  payload_len = HS_LEGACY_RENDEZVOUS_CELL_SIZE;
909  }
910 
911  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
912  RELAY_COMMAND_RENDEZVOUS1,
913  (const char *) payload, payload_len,
914  circ->cpath->prev) < 0) {
915  /* On error, circuit is closed. */
916  log_warn(LD_REND, "Unable to send RENDEZVOUS1 cell on circuit %u "
917  "for service %s",
918  TO_CIRCUIT(circ)->n_circ_id,
919  safe_str_client(service->onion_address));
920  goto done;
921  }
922 
923  /* Setup end-to-end rendezvous circuit between the client and us. */
926  sizeof(circ->hs_ident->rendezvous_ntor_key_seed),
927  1) < 0) {
928  log_warn(LD_GENERAL, "Failed to setup circ");
929  goto done;
930  }
931 
932  done:
933  memwipe(payload, 0, sizeof(payload));
934 }
935 
936 /** Circ has been expecting an INTRO_ESTABLISHED cell that just arrived. Handle
937  * the INTRO_ESTABLISHED cell payload of length payload_len arriving on the
938  * given introduction circuit circ. The service is only used for logging
939  * purposes. Return 0 on success else a negative value. */
940 int
942  const hs_service_intro_point_t *ip,
943  origin_circuit_t *circ,
944  const uint8_t *payload, size_t payload_len)
945 {
946  int ret = -1;
947 
948  tor_assert(service);
949  tor_assert(ip);
950  tor_assert(circ);
951  tor_assert(payload);
952 
953  if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)) {
954  goto done;
955  }
956 
957  /* Try to parse the payload into a cell making sure we do actually have a
958  * valid cell. For a legacy node, it's an empty payload so as long as we
959  * have the cell, we are good. */
960  if (!ip->base.is_only_legacy &&
961  hs_cell_parse_intro_established(payload, payload_len) < 0) {
962  log_warn(LD_REND, "Unable to parse the INTRO_ESTABLISHED cell on "
963  "circuit %u for service %s",
964  TO_CIRCUIT(circ)->n_circ_id,
965  safe_str_client(service->onion_address));
966  goto done;
967  }
968 
969  /* Switch the purpose to a fully working intro point. */
971  /* Getting a valid INTRODUCE_ESTABLISHED means we've successfully used the
972  * circuit so update our pathbias subsystem. */
974  /* Success. */
975  ret = 0;
976 
977  done:
978  return ret;
979 }
980 
981 /**
982  * Go into <b>data</b> and add the right subcredential to be able to handle
983  * this incoming cell.
984  *
985  * <b>desc_subcred</b> is the subcredential of the descriptor that corresponds
986  * to the intro point that received this intro request. This subcredential
987  * should be used if we are not an onionbalance instance.
988  *
989  * Return 0 if everything went well, or -1 in case of internal error.
990  */
991 static int
994  const hs_subcredential_t *desc_subcred)
995 {
996  /* Handle the simple case first: We are not an onionbalance instance and we
997  * should just use the regular descriptor subcredential */
998  if (!hs_ob_service_is_instance(service)) {
999  data->n_subcredentials = 1;
1000  data->subcredentials = desc_subcred;
1001  return 0;
1002  }
1003 
1004  /* This should not happen since we should have made onionbalance
1005  * subcredentials when we created our descriptors. */
1006  if (BUG(!service->state.ob_subcreds)) {
1007  return -1;
1008  }
1009 
1010  /* We are an onionbalance instance: */
1011  data->n_subcredentials = service->state.n_ob_subcreds;
1012  data->subcredentials = service->state.ob_subcreds;
1013 
1014  return 0;
1015 }
1016 
1017 /** We just received an INTRODUCE2 cell on the established introduction circuit
1018  * circ. Handle the INTRODUCE2 payload of size payload_len for the given
1019  * circuit and service. This cell is associated with the intro point object ip
1020  * and the subcredential. Return 0 on success else a negative value. */
1021 int
1023  const origin_circuit_t *circ,
1025  const hs_subcredential_t *subcredential,
1026  const uint8_t *payload, size_t payload_len)
1027 {
1028  int ret = -1;
1029  time_t elapsed;
1031 
1032  tor_assert(service);
1033  tor_assert(circ);
1034  tor_assert(ip);
1035  tor_assert(subcredential);
1036  tor_assert(payload);
1037 
1038  /* Populate the data structure with everything we need for the cell to be
1039  * parsed, decrypted and key material computed correctly. */
1040  data.auth_pk = &ip->auth_key_kp.pubkey;
1041  data.enc_kp = &ip->enc_key_kp;
1042  data.payload = payload;
1043  data.payload_len = payload_len;
1044  data.link_specifiers = smartlist_new();
1045  data.replay_cache = ip->replay_cache;
1046 
1048  &data, subcredential)) {
1049  goto done;
1050  }
1051 
1052  if (hs_cell_parse_introduce2(&data, circ, service) < 0) {
1053  goto done;
1054  }
1055 
1056  /* Check whether we've seen this REND_COOKIE before to detect repeats. */
1059  data.rendezvous_cookie, sizeof(data.rendezvous_cookie),
1060  &elapsed)) {
1061  /* A Tor client will send a new INTRODUCE1 cell with the same REND_COOKIE
1062  * as its previous one if its intro circ times out while in state
1063  * CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT. If we received the first
1064  * INTRODUCE1 cell (the intro-point relay converts it into an INTRODUCE2
1065  * cell), we are already trying to connect to that rend point (and may
1066  * have already succeeded); drop this cell. */
1067  log_info(LD_REND, "We received an INTRODUCE2 cell with same REND_COOKIE "
1068  "field %ld seconds ago. Dropping cell.",
1069  (long int) elapsed);
1070  goto done;
1071  }
1072 
1073  /* At this point, we just confirmed that the full INTRODUCE2 cell is valid
1074  * so increment our counter that we've seen one on this intro point. */
1075  ip->introduce2_count++;
1076 
1077  /* Launch rendezvous circuit with the onion key and rend cookie. */
1078  launch_rendezvous_point_circuit(service, ip, &data);
1079  /* Success. */
1080  ret = 0;
1081 
1082  done:
1083  link_specifier_smartlist_free(data.link_specifiers);
1084  memwipe(&data, 0, sizeof(data));
1085  return ret;
1086 }
1087 
1088 /** Circuit <b>circ</b> just finished the rend ntor key exchange. Use the key
1089  * exchange output material at <b>ntor_key_seed</b> and setup <b>circ</b> to
1090  * serve as a rendezvous end-to-end circuit between the client and the
1091  * service. If <b>is_service_side</b> is set, then we are the hidden service
1092  * and the other side is the client.
1093  *
1094  * Return 0 if the operation went well; in case of error return -1. */
1095 int
1097  const uint8_t *ntor_key_seed, size_t seed_len,
1098  int is_service_side)
1099 {
1100  if (BUG(!circuit_purpose_is_correct_for_rend(TO_CIRCUIT(circ)->purpose,
1101  is_service_side))) {
1102  return -1;
1103  }
1104 
1105  crypt_path_t *hop = create_rend_cpath(ntor_key_seed, seed_len,
1106  is_service_side);
1107  if (!hop) {
1108  log_warn(LD_REND, "Couldn't get v3 %s cpath!",
1109  is_service_side ? "service-side" : "client-side");
1110  return -1;
1111  }
1112 
1113  finalize_rend_circuit(circ, hop, is_service_side);
1114 
1115  return 0;
1116 }
1117 
1118 /** We are a v2 legacy HS client and we just received a RENDEZVOUS1 cell
1119  * <b>rend_cell_body</b> on <b>circ</b>. Finish up the DH key exchange and then
1120  * extend the crypt path of <b>circ</b> so that the hidden service is on the
1121  * other side. */
1122 int
1124  const uint8_t *rend_cell_body)
1125 {
1126 
1128  TO_CIRCUIT(circ)->purpose, 0))) {
1129  return -1;
1130  }
1131 
1132  crypt_path_t *hop = create_rend_cpath_legacy(circ, rend_cell_body);
1133  if (!hop) {
1134  log_warn(LD_GENERAL, "Couldn't get v2 cpath.");
1135  return -1;
1136  }
1137 
1138  finalize_rend_circuit(circ, hop, 0);
1139 
1140  return 0;
1141 }
1142 
1143 /** Given the introduction circuit intro_circ, the rendezvous circuit
1144  * rend_circ, a descriptor intro point object ip and the service's
1145  * subcredential, send an INTRODUCE1 cell on intro_circ.
1146  *
1147  * This will also setup the circuit identifier on rend_circ containing the key
1148  * material for the handshake and e2e encryption. Return 0 on success else
1149  * negative value. Because relay_send_command_from_edge() closes the circuit
1150  * on error, it is possible that intro_circ is closed on error. */
1151 int
1153  origin_circuit_t *rend_circ,
1154  const hs_desc_intro_point_t *ip,
1155  const hs_subcredential_t *subcredential)
1156 {
1157  int ret = -1;
1158  ssize_t payload_len;
1159  uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
1160  hs_cell_introduce1_data_t intro1_data;
1161 
1162  tor_assert(intro_circ);
1163  tor_assert(rend_circ);
1164  tor_assert(ip);
1165  tor_assert(subcredential);
1166 
1167  /* It is undefined behavior in hs_cell_introduce1_data_clear() if intro1_data
1168  * has been declared on the stack but not initialized. Here, we set it to 0.
1169  */
1170  memset(&intro1_data, 0, sizeof(hs_cell_introduce1_data_t));
1171 
1172  /* This takes various objects in order to populate the introduce1 data
1173  * object which is used to build the content of the cell. */
1174  const node_t *exit_node = build_state_get_exit_node(rend_circ->build_state);
1175  if (exit_node == NULL) {
1176  log_info(LD_REND, "Unable to get rendezvous point for circuit %u. "
1177  "Failing.", TO_CIRCUIT(intro_circ)->n_circ_id);
1178  goto done;
1179  }
1180 
1181  /* We should never select an invalid rendezvous point in theory but if we
1182  * do, this function will fail to populate the introduce data. */
1183  if (setup_introduce1_data(ip, exit_node, subcredential, &intro1_data) < 0) {
1184  log_warn(LD_REND, "Unable to setup INTRODUCE1 data. The chosen rendezvous "
1185  "point is unusable. Closing circuit.");
1186  goto close;
1187  }
1188 
1189  /* Final step before we encode a cell, we setup the circuit identifier which
1190  * will generate both the rendezvous cookie and client keypair for this
1191  * connection. Those are put in the ident. */
1192  intro1_data.rendezvous_cookie = rend_circ->hs_ident->rendezvous_cookie;
1193  intro1_data.client_kp = &rend_circ->hs_ident->rendezvous_client_kp;
1194 
1195  memcpy(intro_circ->hs_ident->rendezvous_cookie,
1196  rend_circ->hs_ident->rendezvous_cookie,
1197  sizeof(intro_circ->hs_ident->rendezvous_cookie));
1198 
1199  /* From the introduce1 data object, this will encode the INTRODUCE1 cell
1200  * into payload which is then ready to be sent as is. */
1201  payload_len = hs_cell_build_introduce1(&intro1_data, payload);
1202  if (BUG(payload_len < 0)) {
1203  goto close;
1204  }
1205 
1206  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(intro_circ),
1207  RELAY_COMMAND_INTRODUCE1,
1208  (const char *) payload, payload_len,
1209  intro_circ->cpath->prev) < 0) {
1210  /* On error, circuit is closed. */
1211  log_warn(LD_REND, "Unable to send INTRODUCE1 cell on circuit %u.",
1212  TO_CIRCUIT(intro_circ)->n_circ_id);
1213  goto done;
1214  }
1215 
1216  /* Success. */
1217  ret = 0;
1218  goto done;
1219 
1220  close:
1221  circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
1222  done:
1223  hs_cell_introduce1_data_clear(&intro1_data);
1224  memwipe(payload, 0, sizeof(payload));
1225  return ret;
1226 }
1227 
1228 /** Send an ESTABLISH_RENDEZVOUS cell along the rendezvous circuit circ. On
1229  * success, 0 is returned else -1 and the circuit is marked for close. */
1230 int
1232 {
1233  ssize_t cell_len = 0;
1234  uint8_t cell[RELAY_PAYLOAD_SIZE] = {0};
1235 
1236  tor_assert(circ);
1238 
1239  log_info(LD_REND, "Send an ESTABLISH_RENDEZVOUS cell on circuit %u",
1240  TO_CIRCUIT(circ)->n_circ_id);
1241 
1242  /* Set timestamp_dirty, because circuit_expire_building expects it,
1243  * and the rend cookie also means we've used the circ. */
1244  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
1245 
1246  /* We've attempted to use this circuit. Probe it if we fail */
1248 
1249  /* Generate the RENDEZVOUS_COOKIE and place it in the identifier so we can
1250  * complete the handshake when receiving the acknowledgement. */
1252  /* Generate the client keypair. No need to be extra strong, not long term */
1254 
1255  cell_len =
1257  cell);
1258  if (BUG(cell_len < 0)) {
1259  goto err;
1260  }
1261 
1262  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
1263  RELAY_COMMAND_ESTABLISH_RENDEZVOUS,
1264  (const char *) cell, cell_len,
1265  circ->cpath->prev) < 0) {
1266  /* Circuit has been marked for close */
1267  log_warn(LD_REND, "Unable to send ESTABLISH_RENDEZVOUS cell on "
1268  "circuit %u", TO_CIRCUIT(circ)->n_circ_id);
1269  memwipe(cell, 0, cell_len);
1270  goto err;
1271  }
1272 
1273  memwipe(cell, 0, cell_len);
1274  return 0;
1275  err:
1276  return -1;
1277 }
1278 
1279 /** Circuit cleanup strategy:
1280  *
1281  * What follows is a series of functions that notifies the HS subsystem of 3
1282  * different circuit cleanup phase: close, free and repurpose.
1283  *
1284  * Tor can call any of those in any orders so they have to be safe between
1285  * each other. In other words, the free should never depend on close to be
1286  * called before.
1287  *
1288  * The "on_close()" is called from circuit_mark_for_close() which is
1289  * considered the tor fast path and thus as little work as possible should
1290  * done in that function. Currently, we only remove the circuit from the HS
1291  * circuit map and move on.
1292  *
1293  * The "on_free()" is called from circuit circuit_free_() and it is very
1294  * important that at the end of the function, no state or objects related to
1295  * this circuit remains alive.
1296  *
1297  * The "on_repurpose()" is called from circuit_change_purpose() for which we
1298  * simply remove it from the HS circuit map. We do not have other cleanup
1299  * requirements after that.
1300  *
1301  * NOTE: The onion service code, specifically the service code, cleans up
1302  * lingering objects or state if any of its circuit disappear which is why
1303  * our cleanup strategy doesn't involve any service specific actions. As long
1304  * as the circuit is removed from the HS circuit map, it won't be used.
1305  */
1306 
1307 /** We are about to close this <b>circ</b>. Clean it up from any related HS
1308  * data structures. This function can be called multiple times safely for the
1309  * same circuit. */
1310 void
1312 {
1313  tor_assert(circ);
1314 
1317  }
1318 
1320  if (circuit_is_hs_v3(circ)) {
1322  }
1323  }
1324 
1325  /* On close, we simply remove it from the circuit map. It can not be used
1326  * anymore. We keep this code path fast and lean. */
1327 
1328  if (circ->hs_token) {
1330  }
1331 }
1332 
1333 /** We are about to free this <b>circ</b>. Clean it up from any related HS
1334  * data structures. This function can be called multiple times safely for the
1335  * same circuit. */
1336 void
1338 {
1339  tor_assert(circ);
1340 
1341  /* NOTE: Bulk of the work of cleaning up a circuit is done here. */
1342 
1345  }
1346 
1347  /* We have no assurance that the given HS circuit has been closed before and
1348  * thus removed from the HS map. This actually happens in unit tests. */
1349  if (circ->hs_token) {
1351  }
1352 }
1353 
1354 /** We are about to repurpose this <b>circ</b>. Clean it up from any related
1355  * HS data structures. This function can be called multiple times safely for
1356  * the same circuit. */
1357 void
1359 {
1360  tor_assert(circ);
1361 
1362  /* On repurpose, we simply remove it from the circuit map but we do not do
1363  * the on_free actions since we don't treat a repurpose as something we need
1364  * to report in the client cache failure. */
1365 
1366  if (circ->hs_token) {
1368  }
1369 }
1370 
1371 /** Return true iff the given established client rendezvous circuit was sent
1372  * into the INTRODUCE1 cell. This is called so we can take a decision on
1373  * expiring or not the circuit.
1374  *
1375  * The caller MUST make sure the circuit is an established client rendezvous
1376  * circuit (purpose: CIRCUIT_PURPOSE_C_REND_READY).
1377  *
1378  * This function supports all onion service versions. */
1379 bool
1381 {
1382  tor_assert(circ);
1383  /* This can only be called for a rendezvous circuit that is an established
1384  * confirmed rendezsvous circuit but without an introduction ACK. */
1386 
1387  /* The v2 and v3 circuit are handled differently:
1388  *
1389  * v2: A circ's pending_final_cpath field is non-NULL iff it is a rend circ
1390  * and we have tried to send an INTRODUCE1 cell specifying it. Thus, if the
1391  * pending_final_cpath field *is* NULL, then we want to not spare it.
1392  *
1393  * v3: When the INTRODUCE1 cell is sent, the introduction encryption public
1394  * key is copied in the rendezvous circuit hs identifier. If it is a valid
1395  * key, we know that this circuit is waiting the ACK on the introduction
1396  * circuit. We want to _not_ spare the circuit if the key was never set. */
1397 
1398  if (circ->rend_data) {
1399  /* v2. */
1400  if (circ->build_state && circ->build_state->pending_final_cpath != NULL) {
1401  return true;
1402  }
1403  } else if (circ->hs_ident) {
1404  /* v3. */
1406  return true;
1407  }
1408  } else {
1409  /* A circuit with an HS purpose without an hs_ident or rend_data in theory
1410  * can not happen. In case, scream loudly and return false to the caller
1411  * that the rendezvous was not sent in the INTRO1 cell. */
1413  }
1414 
1415  /* The rendezvous has not been specified in the INTRODUCE1 cell. */
1416  return false;
1417 }
log_fn
#define log_fn(severity, domain, args,...)
Definition: log.h:283
hs_circuit_setup_e2e_rend_circ
int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, const uint8_t *ntor_key_seed, size_t seed_len, int is_service_side)
Definition: hs_circuit.c:1096
hs_service_t::config
hs_service_config_t config
Definition: hs_service.h:316
tor_free
#define tor_free(p)
Definition: malloc.h:52
circuit_purpose_is_hs_client
bool circuit_purpose_is_hs_client(const uint8_t purpose)
Definition: circuituse.c:1996
hs_service.h
Header file containing service data for the HS subsystem.
CURVE25519_PUBKEY_LEN
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20
hs_service_intro_point_t::base
hs_intropoint_t base
Definition: hs_service.h:47
MAX_REND_FAILURES
#define MAX_REND_FAILURES
Definition: hs_common.h:47
hex_str
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
CIRCUIT_STATE_OPEN
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
circuit_t::purpose
uint8_t purpose
Definition: circuit_st.h:111
circuit_t::marked_for_close
uint16_t marked_for_close
Definition: circuit_st.h:189
hs_ident.h
Header file containing circuit and connection identifier data for the whole HS subsystem.
memwipe
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
get_service_anonymity_string
static const char * get_service_anonymity_string(const hs_service_t *service)
Definition: hs_circuit.c:359
CIRCUIT_PURPOSE_C_GENERAL
#define CIRCUIT_PURPOSE_C_GENERAL
Definition: circuitlist.h:72
hs_cell_build_rendezvous1
ssize_t hs_cell_build_rendezvous1(const uint8_t *rendezvous_cookie, size_t rendezvous_cookie_len, const uint8_t *rendezvous_handshake_info, size_t rendezvous_handshake_info_len, uint8_t *cell_out)
Definition: hs_cell.c:971
MOCK_IMPL
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
hs_circ_service_rp_has_opened
void hs_circ_service_rp_has_opened(const hs_service_t *service, origin_circuit_t *circ)
Definition: hs_circuit.c:875
hs_cell_introduce1_data_t::legacy_key
const crypto_pk_t * legacy_key
Definition: hs_cell.h:28
crypt_path_t::package_window
int package_window
Definition: crypt_path_st.h:78
crypt_path_t::rend_circ_nonce
char rend_circ_nonce[DIGEST_LEN]
Definition: crypt_path_st.h:58
hs_client_circuit_cleanup_on_free
void hs_client_circuit_cleanup_on_free(const circuit_t *circ)
Definition: hs_client.c:1900
CIRCLAUNCH_NEED_CAPACITY
#define CIRCLAUNCH_NEED_CAPACITY
Definition: circuituse.h:43
tor_assert
#define tor_assert(expr)
Definition: util_bug.h:102
LD_BUG
#define LD_BUG
Definition: log.h:86
ed25519_pubkey_eq
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
Definition: crypto_ed25519.c:642
hs_circ_send_establish_rendezvous
int hs_circ_send_establish_rendezvous(origin_circuit_t *circ)
Definition: hs_circuit.c:1231
cpath_build_state_st.h
Circuit-build-stse structure.
hs_ident_circuit_t::identity_pk
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
circuituse.h
Header file for circuituse.c.
LD_GENERAL
#define LD_GENERAL
Definition: log.h:62
RELAY_PAYLOAD_SIZE
#define RELAY_PAYLOAD_SIZE
Definition: or.h:606
crypt_path_t::state
uint8_t state
Definition: crypt_path_st.h:68
describe.h
Header file for describe.c.
rend_service_relaunch_rendezvous
void rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc)
Definition: rendservice.c:3024
cpath_build_state_t::is_internal
unsigned int is_internal
Definition: cpath_build_state_st.h:26
pathbias_count_use_attempt
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:604
circuit_purpose_is_hs_service
bool circuit_purpose_is_hs_service(const uint8_t purpose)
Definition: circuituse.c:2004
hs_cell_introduce2_data_t::link_specifiers
smartlist_t * link_specifiers
Definition: hs_cell.h:82
setup_introduce1_data
static int setup_introduce1_data(const hs_desc_intro_point_t *ip, const node_t *rp_node, const hs_subcredential_t *subcredential, hs_cell_introduce1_data_t *intro1_data)
Definition: hs_circuit.c:585
replaycache_add_test_and_elapsed
int replaycache_add_test_and_elapsed(replaycache_t *r, const void *data, size_t len, time_t *elapsed)
Definition: replaycache.c:195
CIRCUIT_PURPOSE_C_REND_JOINED
#define CIRCUIT_PURPOSE_C_REND_JOINED
Definition: circuitlist.h:90
hs_cell_introduce1_data_clear
void hs_cell_introduce1_data_clear(hs_cell_introduce1_data_t *data)
Definition: hs_cell.c:1128
ed25519_pubkey_copy
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
Definition: crypto_ed25519.c:654
hs_service_intropoints_t::map
digest256map_t * map
Definition: hs_service.h:104
create_intro_circuit_identifier
static hs_ident_circuit_t * create_intro_circuit_identifier(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:293
hs_metrics_new_rdv
#define hs_metrics_new_rdv(i)
Definition: hs_metrics.h:57
hs_service_config_t::is_single_onion
unsigned int is_single_onion
Definition: hs_service.h:246
hs_cell_introduce2_data_t::subcredentials
const struct hs_subcredential_t * subcredentials
Definition: hs_cell.h:67
hs_service_circuit_cleanup_on_close
void hs_service_circuit_cleanup_on_close(const circuit_t *circ)
Definition: hs_service.c:3600
hs_cell_build_establish_rendezvous
ssize_t hs_cell_build_establish_rendezvous(const uint8_t *rendezvous_cookie, uint8_t *cell_out)
Definition: hs_cell.c:1049
smartlist_new
smartlist_t * smartlist_new(void)
Definition: smartlist_core.c:26
hs_cell_introduce2_data_t::rendezvous_cookie
uint8_t rendezvous_cookie[REND_COOKIE_LEN]
Definition: hs_cell.h:78
hs_desc_intro_point_t::auth_key_cert
tor_cert_t * auth_key_cert
Definition: hs_descriptor.h:111
hs_circ_service_get_intro_circ
origin_circuit_t * hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:666
crypt_path.h
Header file for crypt_path.c.
circuit_is_hs_v2
bool circuit_is_hs_v2(const circuit_t *circ)
Definition: circuituse.c:2019
crypt_path_t
Definition: crypt_path_st.h:47
send_establish_intro
static void send_establish_intro(const hs_service_t *service, hs_service_intro_point_t *ip, origin_circuit_t *circ)
Definition: hs_circuit.c:313
hs_metrics.h
Header for feature/hs/hs_metrics.c.
hs_cell_introduce1_data_t::subcredential
const struct hs_subcredential_t * subcredential
Definition: hs_cell.h:34
hs_cell_introduce2_data_t::payload
const uint8_t * payload
Definition: hs_cell.h:69
extend_info_describe
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:224
hs_circ_handle_introduce2
int hs_circ_handle_introduce2(const hs_service_t *service, const origin_circuit_t *circ, hs_service_intro_point_t *ip, const hs_subcredential_t *subcredential, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:1022
hs_service_t::state
hs_service_state_t state
Definition: hs_service.h:310
hs_cell.h
Header file containing cell data for the whole HS subsystem.
hs_desc_intro_point_t::legacy
struct hs_desc_intro_point_t::@16 legacy
origin_circuit_t::hs_service_side_rend_circ_has_been_relaunched
unsigned int hs_service_side_rend_circ_has_been_relaunched
Definition: origin_circuit_st.h:219
circuit_t::hs_token
struct hs_token_t * hs_token
Definition: circuit_st.h:216
hs_circ_launch_intro_point
int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, extend_info_t *ei, bool direct_conn)
Definition: hs_circuit.c:747
hs_cell_introduce1_data_t::auth_pk
const ed25519_public_key_t * auth_pk
Definition: hs_cell.h:30
hs_circ_send_introduce1
int hs_circ_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ, const hs_desc_intro_point_t *ip, const hs_subcredential_t *subcredential)
Definition: hs_circuit.c:1152
rend_client_circuit_cleanup_on_free
void rend_client_circuit_cleanup_on_free(const circuit_t *circ)
Definition: rendclient.c:1264
origin_circuit_t::hs_circ_has_timed_out
unsigned int hs_circ_has_timed_out
Definition: origin_circuit_st.h:207
hs_cell_introduce2_data_t::enc_kp
const curve25519_keypair_t * enc_kp
Definition: hs_cell.h:59
hs_service_state_t::replay_cache_rend_cookie
replaycache_t * replay_cache_rend_cookie
Definition: hs_service.h:284
CIRCUIT_PURPOSE_C_ESTABLISH_REND
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND
Definition: circuitlist.h:83
hs_client.h
Header file containing client data for the HS subsystem.
crypto_util.h
Common functions for cryptographic routines.
hs_circ_retry_service_rendezvous_point
void hs_circ_retry_service_rendezvous_point(origin_circuit_t *circ)
Definition: hs_circuit.c:715
LD_CIRC
#define LD_CIRC
Definition: log.h:82
hs_intropoint_t::is_only_legacy
unsigned int is_only_legacy
Definition: hs_intropoint.h:19
HS_REND_COOKIE_LEN
#define HS_REND_COOKIE_LEN
Definition: hs_ident.h:30
hs_circuitmap_get_intro_circ_v2_service_side
origin_circuit_t * hs_circuitmap_get_intro_circ_v2_service_side(const uint8_t *digest)
Definition: hs_circuitmap.c:400
hs_circuitmap_remove_circuit
void hs_circuitmap_remove_circuit(circuit_t *circ)
Definition: hs_circuitmap.c:571
cpath_build_state_t::failure_count
int failure_count
Definition: cpath_build_state_st.h:39
hs_service_intro_point_t::enc_key_kp
curve25519_keypair_t enc_key_kp
Definition: hs_service.h:58
hs_circ_cleanup_on_free
void hs_circ_cleanup_on_free(circuit_t *circ)
Definition: hs_circuit.c:1337
circuitlist.h
Header file for circuitlist.c.
hs_desc_intro_point_t::enc_key
curve25519_public_key_t enc_key
Definition: hs_descriptor.h:114
crypt_path_st.h
Path structures for origin circuits.
circuit_log_path
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
Definition: circuitbuild.c:352
DIGEST_LEN
#define DIGEST_LEN
Definition: digest_sizes.h:20
finalize_rend_circuit
static void finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop, int is_service_side)
Definition: hs_circuit.c:163
MAX_REND_TIMEOUT
#define MAX_REND_TIMEOUT
Definition: hs_common.h:50
can_relaunch_service_rendezvous_point
static int can_relaunch_service_rendezvous_point(const origin_circuit_t *circ)
Definition: hs_circuit.c:483
hs_cell_introduce1_data_t::link_specifiers
smartlist_t * link_specifiers
Definition: hs_cell.h:42
count_opened_desc_intro_point_circuits
static unsigned int count_opened_desc_intro_point_circuits(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_circuit.c:222
cleanup_on_free_client_circ
static void cleanup_on_free_client_circ(circuit_t *circ)
Definition: hs_circuit.c:646
cpath_build_state_t::chosen_exit
extend_info_t * chosen_exit
Definition: cpath_build_state_st.h:20
hs_cell_parse_introduce2
ssize_t hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, const origin_circuit_t *circ, const hs_service_t *service)
Definition: hs_cell.c:829
crypt_path_t::deliver_window
int deliver_window
Definition: crypt_path_st.h:80
DH1024_KEY_LEN
#define DH1024_KEY_LEN
Definition: dh_sizes.h:20
circuit_is_hs_v3
bool circuit_is_hs_v3(const circuit_t *circ)
Definition: circuituse.c:2027
hs_ident_circuit_t::intro_auth_pk
ed25519_public_key_t intro_auth_pk
Definition: hs_ident.h:51
circuit_try_attaching_streams
void circuit_try_attaching_streams(origin_circuit_t *circ)
Definition: circuituse.c:1768
hs_cell_introduce2_data_t::n_subcredentials
size_t n_subcredentials
Definition: hs_cell.h:63
tor_memneq
#define tor_memneq(a, b, sz)
Definition: di_ops.h:21
tor_assert_nonfatal_unreached
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:176
node_t
Definition: node_st.h:34
origin_circuit_t
Definition: origin_circuit_st.h:79
hs_ob_service_is_instance
bool hs_ob_service_is_instance(const hs_service_t *service)
Definition: hs_ob.c:201
crypto_dh.h
Headers for crypto_dh.c.
hs_desc_intro_point_t::key
crypto_pk_t * key
Definition: hs_descriptor.h:126
register_intro_circ
static void register_intro_circ(const hs_service_intro_point_t *ip, origin_circuit_t *circ)
Definition: hs_circuit.c:204
CIRCLAUNCH_ONEHOP_TUNNEL
#define CIRCLAUNCH_ONEHOP_TUNNEL
Definition: circuituse.h:39
hs_cell_introduce2_data_t
Definition: hs_cell.h:50
hs_cell_introduce2_data_t::auth_pk
const ed25519_public_key_t * auth_pk
Definition: hs_cell.h:55
CIRCUIT_PURPOSE_HS_VANGUARDS
#define CIRCUIT_PURPOSE_HS_VANGUARDS
Definition: circuitlist.h:132
crypt_path_t::rend_dh_handshake_state
struct crypto_dh_t * rend_dh_handshake_state
Definition: crypt_path_st.h:55
REND_COOKIE_LEN
#define REND_COOKIE_LEN
Definition: or.h:400
hs_service_intro_point_t::legacy_key_digest
uint8_t legacy_key_digest[DIGEST_LEN]
Definition: hs_service.h:65
LD_REND
#define LD_REND
Definition: log.h:84
hs_service_intro_point_t::introduce2_count
uint64_t introduce2_count
Definition: hs_service.h:68
hs_circ_service_get_established_intro_circ
origin_circuit_t * hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:682
hs_ntor_circuit_key_expansion
int hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len, uint8_t *keys_out, size_t keys_out_len)
Definition: hs_ntor.c:615
circuit_change_purpose
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Definition: circuituse.c:3101
curve25519_keypair_generate
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
Definition: crypto_curve25519.c:190
circuit_has_opened
void circuit_has_opened(origin_circuit_t *circ)
Definition: circuituse.c:1693
circuit_t
Definition: circuit_st.h:61
nodelist.h
Header file for nodelist.c.
cpath_extend_linked_list
void cpath_extend_linked_list(crypt_path_t **head_ptr, crypt_path_t *new_hop)
Definition: crypt_path.c:45
hs_cell_introduce1_data_t::client_kp
const curve25519_keypair_t * client_kp
Definition: hs_cell.h:40
hs_cell_introduce2_data_t::payload_len
size_t payload_len
Definition: hs_cell.h:71
hs_cell_introduce1_data_t::enc_pk
const curve25519_public_key_t * enc_pk
Definition: hs_cell.h:32
rendservice.h
Header file for rendservice.c.
DIGEST256_LEN
#define DIGEST256_LEN
Definition: digest_sizes.h:23
extendinfo.h
Header for core/or/extendinfo.c.
hs_service_keys_t::identity_pk
ed25519_public_key_t identity_pk
Definition: hs_service.h:179
hs_service_config_t::num_intro_points
unsigned int num_intro_points
Definition: hs_service.h:231
pathbias_mark_use_success
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:661
CIRCWINDOW_START
#define CIRCWINDOW_START
Definition: or.h:502
LOG_INFO
#define LOG_INFO
Definition: log.h:45
crypto_rand.h
Common functions for using (pseudo-)random number generators.
HS_LEGACY_RENDEZVOUS_CELL_SIZE
#define HS_LEGACY_RENDEZVOUS_CELL_SIZE
Definition: hs_common.h:131
hs_get_service_max_rend_failures
int hs_get_service_max_rend_failures(void)
Definition: hs_common.c:235
get_subcredential_for_handling_intro2_cell
static int get_subcredential_for_handling_intro2_cell(const hs_service_t *service, hs_cell_introduce2_data_t *data, const hs_subcredential_t *desc_subcred)
Definition: hs_circuit.c:992
origin_circuit_t::build_state
cpath_build_state_t * build_state
Definition: origin_circuit_st.h:123
hs_cell_introduce2_data_t::replay_cache
replaycache_t * replay_cache
Definition: hs_cell.h:84
circuitbuild.h
Header file for circuitbuild.c.
CIRCUIT_PURPOSE_S_REND_JOINED
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:112
hs_service_t
Definition: hs_service.h:300
launch_rendezvous_point_circuit
STATIC void launch_rendezvous_point_circuit(const hs_service_t *service, const hs_service_intro_point_t *ip, const hs_cell_introduce2_data_t *data)
Definition: hs_circuit.c:376
curve25519_public_key_is_ok
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
Definition: crypto_curve25519.c:132
hs_service_t::keys
hs_service_keys_t keys
Definition: hs_service.h:313
crypto_dh_compute_secret
ssize_t crypto_dh_compute_secret(int severity, crypto_dh_t *dh, const char *pubkey, size_t pubkey_len, char *secret_out, size_t secret_bytes_out)
Definition: crypto_dh.c:79
CIRCLAUNCH_IS_INTERNAL
#define CIRCLAUNCH_IS_INTERNAL
Definition: circuituse.h:46
hs_service_state_t::num_intro_circ_launched
unsigned int num_intro_circ_launched
Definition: hs_service.h:277
hs_cell_build_establish_intro
ssize_t hs_cell_build_establish_intro(const char *circ_nonce, const hs_service_config_t *service_config, const hs_service_intro_point_t *ip, uint8_t *cell_out)
Definition: hs_cell.c:614
curve25519_public_key_t
Definition: crypto_curve25519.h:24
create_rp_circuit_identifier
STATIC hs_ident_circuit_t * create_rp_circuit_identifier(const hs_service_t *service, const uint8_t *rendezvous_cookie, const curve25519_public_key_t *server_pk, const hs_ntor_rend_cell_keys_t *keys)
Definition: hs_circuit.c:254
cpath_init_circuit_crypto
int cpath_init_circuit_crypto(crypt_path_t *cpath, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3)
Definition: crypt_path.c:151
create_rend_cpath_legacy
static crypt_path_t * create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
Definition: hs_circuit.c:116
hs_cell_introduce1_data_t::onion_pk
const curve25519_public_key_t * onion_pk
Definition: hs_cell.h:36
CIRCLAUNCH_NEED_UPTIME
#define CIRCLAUNCH_NEED_UPTIME
Definition: circuituse.h:41
origin_circuit_t::cpath
crypt_path_t * cpath
Definition: origin_circuit_st.h:129
hs_circ_service_intro_has_opened
int hs_circ_service_intro_has_opened(hs_service_t *service, hs_service_intro_point_t *ip, const hs_service_descriptor_t *desc, origin_circuit_t *circ)
Definition: hs_circuit.c:807
cpath_build_state_t::need_capacity
unsigned int need_capacity
Definition: cpath_build_state_st.h:24
relay.h
Header file for relay.c.
hs_cell_introduce2_data_t::onion_pk
curve25519_public_key_t onion_pk
Definition: hs_cell.h:76
hs_cell_introduce1_data_t
Definition: hs_cell.h:23
CIRCUIT_PURPOSE_C_REND_READY
#define CIRCUIT_PURPOSE_C_REND_READY
Definition: circuitlist.h:85
hs_cell_parse_intro_established
ssize_t hs_cell_parse_intro_established(const uint8_t *payload, size_t payload_len)
Definition: hs_cell.c:738
CIRCUIT_PURPOSE_S_CONNECT_REND
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Definition: circuitlist.h:109
cpath_build_state_t::need_uptime
unsigned int need_uptime
Definition: cpath_build_state_st.h:22
crypt_path_t::prev
struct crypt_path_t * prev
Definition: crypt_path_st.h:75
hs_get_extend_info_from_lspecs
extend_info_t * hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, const curve25519_public_key_t *onion_key, int direct_conn)
Definition: hs_common.c:1722
hs_cell_introduce1_data_t::is_legacy
unsigned int is_legacy
Definition: hs_cell.h:25
hs_subcredential_t
Definition: hs_ntor.h:43
hs_ident_circuit_t
Definition: hs_ident.h:42
hs_circuit_setup_e2e_rend_circ_legacy_client
int hs_circuit_setup_e2e_rend_circ_legacy_client(origin_circuit_t *circ, const uint8_t *rend_cell_body)
Definition: hs_circuit.c:1123
hs_service_requires_uptime_circ
int hs_service_requires_uptime_circ(const smartlist_t *ports)
Definition: hs_common.c:1139
circuit_should_use_vanguards
int circuit_should_use_vanguards(uint8_t purpose)
Definition: circuituse.c:2044
CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Definition: circuitlist.h:103
CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
Definition: circuitlist.h:88
hs_service_intro_point_t::auth_key_kp
ed25519_keypair_t auth_key_kp
Definition: hs_service.h:55
hs_service_descriptor_t
Definition: hs_service.h:130
hs_cell_introduce1_data_t::rendezvous_cookie
const uint8_t * rendezvous_cookie
Definition: hs_cell.h:38
hs_service_intro_point_t::replay_cache
replaycache_t * replay_cache
Definition: hs_service.h:85
origin_circuit_t::rend_data
rend_data_t * rend_data
Definition: origin_circuit_st.h:132
hs_cell_build_introduce1
ssize_t hs_cell_build_introduce1(const hs_cell_introduce1_data_t *data, uint8_t *cell_out)
Definition: hs_cell.c:1006
CIRCUIT_PURPOSE_S_INTRO
#define CIRCUIT_PURPOSE_S_INTRO
Definition: circuitlist.h:106
hs_client_circuit_cleanup_on_close
void hs_client_circuit_cleanup_on_close(const circuit_t *circ)
Definition: hs_client.c:1869
hs_ident_circuit_t::rendezvous_cookie
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
Definition: hs_ident.h:60
node_st.h
Node information structure.
hs_service_config_t::ports
smartlist_t * ports
Definition: hs_service.h:214
hs_ntor_rend_cell_keys_t
Definition: hs_ntor.h:30
hs_ob.h
Header file for the specific code for onion balance.
policies.h
Header file for policies.c.
hs_circuitmap_get_intro_circ_v3_service_side
origin_circuit_t * hs_circuitmap_get_intro_circ_v3_service_side(const ed25519_public_key_t *auth_key)
Definition: hs_circuitmap.c:375
hs_ntor.h
Header for hs_ntor.c.
hs_circuitmap.h
Header file for hs_circuitmap.c.
hs_ident_circuit_dup
hs_ident_circuit_t * hs_ident_circuit_dup(const hs_ident_circuit_t *src)
Definition: hs_ident.c:37
hs_ident_circuit_t::rendezvous_handshake_info
uint8_t rendezvous_handshake_info[CURVE25519_PUBKEY_LEN+DIGEST256_LEN]
Definition: hs_ident.h:68
config.h
Header file for config.c.
cpath_build_state_t
Definition: cpath_build_state_st.h:16
hs_service_intro_point_t::circuit_retries
uint32_t circuit_retries
Definition: hs_service.h:80
cpath_build_state_t::expiry_time
time_t expiry_time
Definition: cpath_build_state_st.h:41
hs_service_t::onion_address
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
Definition: hs_service.h:303
node_get_curve25519_onion_key
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:1936
circuit_purpose_is_correct_for_rend
static int circuit_purpose_is_correct_for_rend(unsigned int circ_purpose, int is_service_side)
Definition: hs_circuit.c:52
build_state_get_exit_node
const node_t * build_state_get_exit_node(cpath_build_state_t *state)
Definition: circuitbuild.c:2482
retry_service_rendezvous_point
static void retry_service_rendezvous_point(const origin_circuit_t *circ)
Definition: hs_circuit.c:529
cleanup_on_close_client_circ
static void cleanup_on_close_client_circ(circuit_t *circ)
Definition: hs_circuit.c:632
create_rend_cpath
static crypt_path_t * create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len, int is_service_side)
Definition: hs_circuit.c:82
origin_circuit_t::hs_ident
struct hs_ident_circuit_t * hs_ident
Definition: origin_circuit_st.h:136
TO_CIRCUIT
#define TO_CIRCUIT(x)
Definition: or.h:965
crypto_rand
void crypto_rand(char *to, size_t n)
Definition: crypto_rand.c:477
hs_circuitmap_register_intro_circ_v2_service_side
void hs_circuitmap_register_intro_circ_v2_service_side(origin_circuit_t *circ, const uint8_t *digest)
Definition: hs_circuitmap.c:521
tor_cert_t::signed_key
ed25519_public_key_t signed_key
Definition: torcert.h:32
hs_cell_introduce2_data_t::client_pk
curve25519_public_key_t client_pk
Definition: hs_cell.h:80
hs_service_descriptor_t::intro_points
hs_service_intropoints_t intro_points
Definition: hs_service.h:163
STATIC
#define STATIC
Definition: testsupport.h:32
hs_circ_handle_intro_established
int hs_circ_handle_intro_established(const hs_service_t *service, const hs_service_intro_point_t *ip, origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:941
cpath_build_state_t::pending_final_cpath
crypt_path_t * pending_final_cpath
Definition: cpath_build_state_st.h:34
hs_ident_circuit_t::rendezvous_ntor_key_seed
uint8_t rendezvous_ntor_key_seed[DIGEST256_LEN]
Definition: hs_ident.h:76
hs_circ_is_rend_sent_in_intro1
bool hs_circ_is_rend_sent_in_intro1(const origin_circuit_t *circ)
Definition: hs_circuit.c:1380
hs_circuit.h
Header file containing circuit data for the whole HS subsystem.
hs_circ_cleanup_on_close
void hs_circ_cleanup_on_close(circuit_t *circ)
Definition: hs_circuit.c:1311
hs_ident_circuit_new
hs_ident_circuit_t * hs_ident_circuit_new(const ed25519_public_key_t *identity_pk)
Definition: hs_ident.c:16
hs_service_intro_point_t
Definition: hs_service.h:45
origin_circuit_st.h
Origin circuit structure.
hs_desc_intro_point_t
Definition: hs_descriptor.h:99
circuit_launch_by_extend_info
origin_circuit_t * circuit_launch_by_extend_info(uint8_t purpose, extend_info_t *extend_info, int flags)
Definition: circuituse.c:2121
smartlist_t
Definition: smartlist_core.h:26
rendclient.h
Header file for rendclient.c.
circuit_t::state
uint8_t state
Definition: circuit_st.h:110
circuit_initial_package_window
int32_t circuit_initial_package_window(void)
Definition: circuitlist.c:977
hs_ident_circuit_t::intro_enc_pk
curve25519_public_key_t intro_enc_pk
Definition: hs_ident.h:55
rephist.h
Header file for rephist.c.
hs_circ_cleanup_on_repurpose
void hs_circ_cleanup_on_repurpose(circuit_t *circ)
Definition: hs_circuit.c:1358
hs_ident_circuit_t::rendezvous_client_kp
curve25519_keypair_t rendezvous_client_kp
Definition: hs_ident.h:72
curve25519_keypair_t
Definition: crypto_curve25519.h:38
extend_info_t
Definition: extend_info_st.h:27
hs_circuitmap_register_intro_circ_v3_service_side
void hs_circuitmap_register_intro_circ_v3_service_side(origin_circuit_t *circ, const ed25519_public_key_t *auth_key)
Definition: hs_circuitmap.c:532
or.h
Master header file for Tor-specific functionality.
LD_PROTOCOL
#define LD_PROTOCOL
Definition: log.h:72