tor  0.4.2.0-alpha-dev
hs_circuit.c
Go to the documentation of this file.
1 /* Copyright (c) 2017-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
8 #define HS_CIRCUIT_PRIVATE
9 
10 #include "core/or/or.h"
11 #include "app/config/config.h"
12 #include "core/crypto/hs_ntor.h"
13 #include "core/or/circuitbuild.h"
14 #include "core/or/circuitlist.h"
15 #include "core/or/circuituse.h"
16 #include "core/or/policies.h"
17 #include "core/or/relay.h"
18 #include "core/or/crypt_path.h"
19 #include "feature/client/circpathbias.h"
20 #include "feature/hs/hs_cell.h"
21 #include "feature/hs/hs_circuit.h"
23 #include "feature/hs/hs_ident.h"
24 #include "feature/hs/hs_service.h"
28 #include "feature/stats/rephist.h"
32 
33 /* Trunnel. */
34 #include "trunnel/ed25519_cert.h"
35 #include "trunnel/hs/cell_common.h"
36 #include "trunnel/hs/cell_establish_intro.h"
37 
38 #include "core/or/cpath_build_state_st.h"
39 #include "core/or/crypt_path_st.h"
40 #include "feature/nodelist/node_st.h"
41 #include "core/or/origin_circuit_st.h"
42 
43 /* A circuit is about to become an e2e rendezvous circuit. Check
44  * <b>circ_purpose</b> and ensure that it's properly set. Return true iff
45  * circuit purpose is properly set, otherwise return false. */
46 static int
47 circuit_purpose_is_correct_for_rend(unsigned int circ_purpose,
48  int is_service_side)
49 {
50  if (is_service_side) {
51  if (circ_purpose != CIRCUIT_PURPOSE_S_CONNECT_REND) {
52  log_warn(LD_BUG,
53  "HS e2e circuit setup with wrong purpose (%d)", circ_purpose);
54  return 0;
55  }
56  }
57 
58  if (!is_service_side) {
59  if (circ_purpose != CIRCUIT_PURPOSE_C_REND_READY &&
61  log_warn(LD_BUG,
62  "Client e2e circuit setup with wrong purpose (%d)", circ_purpose);
63  return 0;
64  }
65  }
66 
67  return 1;
68 }
69 
70 /* Create and return a crypt path for the final hop of a v3 prop224 rendezvous
71  * circuit. Initialize the crypt path crypto using the output material from the
72  * ntor key exchange at <b>ntor_key_seed</b>.
73  *
74  * If <b>is_service_side</b> is set, we are the hidden service and the final
75  * hop of the rendezvous circuit is the client on the other side. */
76 static crypt_path_t *
77 create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len,
78  int is_service_side)
79 {
80  uint8_t keys[HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN];
81  crypt_path_t *cpath = NULL;
82 
83  /* Do the key expansion */
84  if (hs_ntor_circuit_key_expansion(ntor_key_seed, seed_len,
85  keys, sizeof(keys)) < 0) {
86  goto err;
87  }
88 
89  /* Setup the cpath */
90  cpath = tor_malloc_zero(sizeof(crypt_path_t));
91  cpath->magic = CRYPT_PATH_MAGIC;
92 
93  if (cpath_init_circuit_crypto(cpath, (char*)keys, sizeof(keys),
94  is_service_side, 1) < 0) {
95  tor_free(cpath);
96  goto err;
97  }
98 
99  err:
100  memwipe(keys, 0, sizeof(keys));
101  return cpath;
102 }
103 
104 /* We are a v2 legacy HS client: Create and return a crypt path for the hidden
105  * service on the other side of the rendezvous circuit <b>circ</b>. Initialize
106  * the crypt path crypto using the body of the RENDEZVOUS1 cell at
107  * <b>rend_cell_body</b> (which must be at least DH1024_KEY_LEN+DIGEST_LEN
108  * bytes).
109  */
110 static crypt_path_t *
111 create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body)
112 {
113  crypt_path_t *hop = NULL;
114  char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN];
115 
116  /* first DH1024_KEY_LEN bytes are g^y from the service. Finish the dh
117  * handshake...*/
118  tor_assert(circ->build_state);
120  hop = circ->build_state->pending_final_cpath;
121 
123  if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->rend_dh_handshake_state,
124  (char*)rend_cell_body, DH1024_KEY_LEN,
125  keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) {
126  log_warn(LD_GENERAL, "Couldn't complete DH handshake.");
127  goto err;
128  }
129  /* ... and set up cpath. */
131  keys+DIGEST_LEN, sizeof(keys)-DIGEST_LEN,
132  0, 0) < 0)
133  goto err;
134 
135  /* Check whether the digest is right... */
136  if (tor_memneq(keys, rend_cell_body+DH1024_KEY_LEN, DIGEST_LEN)) {
137  log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
138  goto err;
139  }
140 
141  /* clean up the crypto stuff we just made */
142  crypto_dh_free(hop->rend_dh_handshake_state);
143  hop->rend_dh_handshake_state = NULL;
144 
145  goto done;
146 
147  err:
148  hop = NULL;
149 
150  done:
151  memwipe(keys, 0, sizeof(keys));
152  return hop;
153 }
154 
155 /* Append the final <b>hop</b> to the cpath of the rend <b>circ</b>, and mark
156  * <b>circ</b> ready for use to transfer HS relay cells. */
157 static void
158 finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop,
159  int is_service_side)
160 {
161  tor_assert(circ);
162  tor_assert(hop);
163 
164  /* Notify the circuit state machine that we are splicing this circuit */
165  int new_circ_purpose = is_service_side ?
167  circuit_change_purpose(TO_CIRCUIT(circ), new_circ_purpose);
168 
169  /* All is well. Extend the circuit. */
170  hop->state = CPATH_STATE_OPEN;
171  /* Set the windows to default. */
174 
175  /* Now that this circuit has finished connecting to its destination,
176  * make sure circuit_get_open_circ_or_launch is willing to return it
177  * so we can actually use it. */
178  circ->hs_circ_has_timed_out = 0;
179 
180  /* Append the hop to the cpath of this circuit */
181  cpath_extend_linked_list(&circ->cpath, hop);
182 
183  /* In legacy code, 'pending_final_cpath' points to the final hop we just
184  * appended to the cpath. We set the original pointer to NULL so that we
185  * don't double free it. */
186  if (circ->build_state) {
187  circ->build_state->pending_final_cpath = NULL;
188  }
189 
190  /* Finally, mark circuit as ready to be used for client streams */
191  if (!is_service_side) {
193  }
194 }
195 
196 /* For a given circuit and a service introduction point object, register the
197  * intro circuit to the circuitmap. This supports legacy intro point. */
198 static void
199 register_intro_circ(const hs_service_intro_point_t *ip,
200  origin_circuit_t *circ)
201 {
202  tor_assert(ip);
203  tor_assert(circ);
204 
205  if (ip->base.is_only_legacy) {
206  hs_circuitmap_register_intro_circ_v2_service_side(circ,
207  ip->legacy_key_digest);
208  } else {
209  hs_circuitmap_register_intro_circ_v3_service_side(circ,
210  &ip->auth_key_kp.pubkey);
211  }
212 }
213 
214 /* Return the number of opened introduction circuit for the given circuit that
215  * is matching its identity key. */
216 static unsigned int
217 count_opened_desc_intro_point_circuits(const hs_service_t *service,
218  const hs_service_descriptor_t *desc)
219 {
220  unsigned int count = 0;
221 
222  tor_assert(service);
223  tor_assert(desc);
224 
225  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
226  const hs_service_intro_point_t *, ip) {
227  const circuit_t *circ;
228  const origin_circuit_t *ocirc = hs_circ_service_get_intro_circ(ip);
229  if (ocirc == NULL) {
230  continue;
231  }
232  circ = TO_CIRCUIT(ocirc);
235  /* Having a circuit not for the requested service is really bad. */
236  tor_assert(ed25519_pubkey_eq(&service->keys.identity_pk,
237  &ocirc->hs_ident->identity_pk));
238  /* Only count opened circuit and skip circuit that will be closed. */
239  if (!circ->marked_for_close && circ->state == CIRCUIT_STATE_OPEN) {
240  count++;
241  }
242  } DIGEST256MAP_FOREACH_END;
243  return count;
244 }
245 
246 /* From a given service, rendezvous cookie and handshake info, create a
247  * rendezvous point circuit identifier. This can't fail. */
248 STATIC hs_ident_circuit_t *
249 create_rp_circuit_identifier(const hs_service_t *service,
250  const uint8_t *rendezvous_cookie,
251  const curve25519_public_key_t *server_pk,
252  const hs_ntor_rend_cell_keys_t *keys)
253 {
254  hs_ident_circuit_t *ident;
255  uint8_t handshake_info[CURVE25519_PUBKEY_LEN + DIGEST256_LEN];
256 
257  tor_assert(service);
258  tor_assert(rendezvous_cookie);
259  tor_assert(server_pk);
260  tor_assert(keys);
261 
262  ident = hs_ident_circuit_new(&service->keys.identity_pk);
263  /* Copy the RENDEZVOUS_COOKIE which is the unique identifier. */
264  memcpy(ident->rendezvous_cookie, rendezvous_cookie,
265  sizeof(ident->rendezvous_cookie));
266  /* Build the HANDSHAKE_INFO which looks like this:
267  * SERVER_PK [32 bytes]
268  * AUTH_INPUT_MAC [32 bytes]
269  */
270  memcpy(handshake_info, server_pk->public_key, CURVE25519_PUBKEY_LEN);
271  memcpy(handshake_info + CURVE25519_PUBKEY_LEN, keys->rend_cell_auth_mac,
272  DIGEST256_LEN);
273  tor_assert(sizeof(ident->rendezvous_handshake_info) ==
274  sizeof(handshake_info));
275  memcpy(ident->rendezvous_handshake_info, handshake_info,
276  sizeof(ident->rendezvous_handshake_info));
277  /* Finally copy the NTOR_KEY_SEED for e2e encryption on the circuit. */
278  tor_assert(sizeof(ident->rendezvous_ntor_key_seed) ==
279  sizeof(keys->ntor_key_seed));
280  memcpy(ident->rendezvous_ntor_key_seed, keys->ntor_key_seed,
281  sizeof(ident->rendezvous_ntor_key_seed));
282  return ident;
283 }
284 
285 /* From a given service and service intro point, create an introduction point
286  * circuit identifier. This can't fail. */
287 static hs_ident_circuit_t *
288 create_intro_circuit_identifier(const hs_service_t *service,
289  const hs_service_intro_point_t *ip)
290 {
291  hs_ident_circuit_t *ident;
292 
293  tor_assert(service);
294  tor_assert(ip);
295 
296  ident = hs_ident_circuit_new(&service->keys.identity_pk);
297  ed25519_pubkey_copy(&ident->intro_auth_pk, &ip->auth_key_kp.pubkey);
298 
299  return ident;
300 }
301 
302 /* For a given introduction point and an introduction circuit, send the
303  * ESTABLISH_INTRO cell. The service object is used for logging. This can fail
304  * and if so, the circuit is closed and the intro point object is flagged
305  * that the circuit is not established anymore which is important for the
306  * retry mechanism. */
307 static void
308 send_establish_intro(const hs_service_t *service,
310 {
311  ssize_t cell_len;
312  uint8_t payload[RELAY_PAYLOAD_SIZE];
313 
314  tor_assert(service);
315  tor_assert(ip);
316  tor_assert(circ);
317 
318  /* Encode establish intro cell. */
319  cell_len = hs_cell_build_establish_intro(circ->cpath->prev->rend_circ_nonce,
320  &service->config, ip, payload);
321  if (cell_len < 0) {
322  log_warn(LD_REND, "Unable to encode ESTABLISH_INTRO cell for service %s "
323  "on circuit %u. Closing circuit.",
324  safe_str_client(service->onion_address),
325  TO_CIRCUIT(circ)->n_circ_id);
326  goto err;
327  }
328 
329  /* Send the cell on the circuit. */
330  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
331  RELAY_COMMAND_ESTABLISH_INTRO,
332  (char *) payload, cell_len,
333  circ->cpath->prev) < 0) {
334  log_info(LD_REND, "Unable to send ESTABLISH_INTRO cell for service %s "
335  "on circuit %u.",
336  safe_str_client(service->onion_address),
337  TO_CIRCUIT(circ)->n_circ_id);
338  /* On error, the circuit has been closed. */
339  goto done;
340  }
341 
342  /* Record the attempt to use this circuit. */
344  goto done;
345 
346  err:
347  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
348  done:
349  memwipe(payload, 0, sizeof(payload));
350 }
351 
352 /* Return a string constant describing the anonymity of service. */
353 static const char *
354 get_service_anonymity_string(const hs_service_t *service)
355 {
356  if (service->config.is_single_onion) {
357  return "single onion";
358  } else {
359  return "hidden";
360  }
361 }
362 
363 /* For a given service, the ntor onion key and a rendezvous cookie, launch a
364  * circuit to the rendezvous point specified by the link specifiers. On
365  * success, a circuit identifier is attached to the circuit with the needed
366  * data. This function will try to open a circuit for a maximum value of
367  * MAX_REND_FAILURES then it will give up. */
368 static void
369 launch_rendezvous_point_circuit(const hs_service_t *service,
370  const hs_service_intro_point_t *ip,
371  const hs_cell_introduce2_data_t *data)
372 {
373  int circ_needs_uptime;
374  time_t now = time(NULL);
375  extend_info_t *info = NULL;
376  origin_circuit_t *circ;
377 
378  tor_assert(service);
379  tor_assert(ip);
380  tor_assert(data);
381 
382  circ_needs_uptime = hs_service_requires_uptime_circ(service->config.ports);
383 
384  /* Get the extend info data structure for the chosen rendezvous point
385  * specified by the given link specifiers. */
386  info = hs_get_extend_info_from_lspecs(data->link_specifiers,
387  &data->onion_pk,
388  service->config.is_single_onion);
389  if (info == NULL) {
390  /* We are done here, we can't extend to the rendezvous point. */
391  log_fn(LOG_PROTOCOL_WARN, LD_REND,
392  "Not enough info to open a circuit to a rendezvous point for "
393  "%s service %s.",
394  get_service_anonymity_string(service),
395  safe_str_client(service->onion_address));
396  goto end;
397  }
398 
399  for (int i = 0; i < MAX_REND_FAILURES; i++) {
401  if (circ_needs_uptime) {
402  circ_flags |= CIRCLAUNCH_NEED_UPTIME;
403  }
404  /* Firewall and policies are checked when getting the extend info.
405  *
406  * We only use a one-hop path on the first attempt. If the first attempt
407  * fails, we use a 3-hop path for reachability / reliability.
408  * See the comment in retry_service_rendezvous_point() for details. */
409  if (service->config.is_single_onion && i == 0) {
410  circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
411  }
412 
414  circ_flags);
415  if (circ != NULL) {
416  /* Stop retrying, we have a circuit! */
417  break;
418  }
419  }
420  if (circ == NULL) {
421  log_warn(LD_REND, "Giving up on launching a rendezvous circuit to %s "
422  "for %s service %s",
423  safe_str_client(extend_info_describe(info)),
424  get_service_anonymity_string(service),
425  safe_str_client(service->onion_address));
426  goto end;
427  }
428  log_info(LD_REND, "Rendezvous circuit launched to %s with cookie %s "
429  "for %s service %s",
430  safe_str_client(extend_info_describe(info)),
431  safe_str_client(hex_str((const char *) data->rendezvous_cookie,
432  REND_COOKIE_LEN)),
433  get_service_anonymity_string(service),
434  safe_str_client(service->onion_address));
435  tor_assert(circ->build_state);
436  /* Rendezvous circuit have a specific timeout for the time spent on trying
437  * to connect to the rendezvous point. */
439 
440  /* Create circuit identifier and key material. */
441  {
443  curve25519_keypair_t ephemeral_kp;
444  /* No need for extra strong, this is only for this circuit life time. This
445  * key will be used for the RENDEZVOUS1 cell that will be sent on the
446  * circuit once opened. */
447  curve25519_keypair_generate(&ephemeral_kp, 0);
448  if (hs_ntor_service_get_rendezvous1_keys(&ip->auth_key_kp.pubkey,
449  &ip->enc_key_kp,
450  &ephemeral_kp, &data->client_pk,
451  &keys) < 0) {
452  /* This should not really happened but just in case, don't make tor
453  * freak out, close the circuit and move on. */
454  log_info(LD_REND, "Unable to get RENDEZVOUS1 key material for "
455  "service %s",
456  safe_str_client(service->onion_address));
457  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
458  goto end;
459  }
460  circ->hs_ident = create_rp_circuit_identifier(service,
461  data->rendezvous_cookie,
462  &ephemeral_kp.pubkey, &keys);
463  memwipe(&ephemeral_kp, 0, sizeof(ephemeral_kp));
464  memwipe(&keys, 0, sizeof(keys));
465  tor_assert(circ->hs_ident);
466  }
467 
468  end:
469  extend_info_free(info);
470 }
471 
472 /* Return true iff the given service rendezvous circuit circ is allowed for a
473  * relaunch to the rendezvous point. */
474 static int
475 can_relaunch_service_rendezvous_point(const origin_circuit_t *circ)
476 {
477  tor_assert(circ);
478  /* This is initialized when allocating an origin circuit. */
479  tor_assert(circ->build_state);
481 
482  /* XXX: Retrying under certain condition. This is related to #22455. */
483 
484  /* Avoid to relaunch twice a circuit to the same rendezvous point at the
485  * same time. */
487  log_info(LD_REND, "Rendezvous circuit to %s has already been retried. "
488  "Skipping retry.",
489  safe_str_client(
491  goto disallow;
492  }
493 
494  /* We check failure_count >= hs_get_service_max_rend_failures()-1 below, and
495  * the -1 is because we increment the failure count for our current failure
496  * *after* this clause. */
497  int max_rend_failures = hs_get_service_max_rend_failures() - 1;
498 
499  /* A failure count that has reached maximum allowed or circuit that expired,
500  * we skip relaunching. */
501  if (circ->build_state->failure_count > max_rend_failures ||
502  circ->build_state->expiry_time <= time(NULL)) {
503  log_info(LD_REND, "Attempt to build a rendezvous circuit to %s has "
504  "failed with %d attempts and expiry time %ld. "
505  "Giving up building.",
506  safe_str_client(
508  circ->build_state->failure_count,
509  (long int) circ->build_state->expiry_time);
510  goto disallow;
511  }
512 
513  /* Allowed to relaunch. */
514  return 1;
515  disallow:
516  return 0;
517 }
518 
519 /* Retry the rendezvous point of circ by launching a new circuit to it. */
520 static void
521 retry_service_rendezvous_point(const origin_circuit_t *circ)
522 {
523  int flags = 0;
524  origin_circuit_t *new_circ;
525  cpath_build_state_t *bstate;
526 
527  tor_assert(circ);
528  /* This is initialized when allocating an origin circuit. */
529  tor_assert(circ->build_state);
531 
532  /* Ease our life. */
533  bstate = circ->build_state;
534 
535  log_info(LD_REND, "Retrying rendezvous point circuit to %s",
536  safe_str_client(extend_info_describe(bstate->chosen_exit)));
537 
538  /* Get the current build state flags for the next circuit. */
539  flags |= (bstate->need_uptime) ? CIRCLAUNCH_NEED_UPTIME : 0;
540  flags |= (bstate->need_capacity) ? CIRCLAUNCH_NEED_CAPACITY : 0;
541  flags |= (bstate->is_internal) ? CIRCLAUNCH_IS_INTERNAL : 0;
542 
543  /* We do NOT add the onehop tunnel flag even though it might be a single
544  * onion service. The reason is that if we failed once to connect to the RP
545  * with a direct connection, we consider that chances are that we will fail
546  * again so try a 3-hop circuit and hope for the best. Because the service
547  * has no anonymity (single onion), this change of behavior won't affect
548  * security directly. */
549 
551  bstate->chosen_exit, flags);
552  if (new_circ == NULL) {
553  log_warn(LD_REND, "Failed to launch rendezvous circuit to %s",
554  safe_str_client(extend_info_describe(bstate->chosen_exit)));
555  goto done;
556  }
557 
558  /* Transfer build state information to the new circuit state in part to
559  * catch any other failures. */
560  new_circ->build_state->failure_count = bstate->failure_count+1;
561  new_circ->build_state->expiry_time = bstate->expiry_time;
562  new_circ->hs_ident = hs_ident_circuit_dup(circ->hs_ident);
563 
564  done:
565  return;
566 }
567 
568 /* Using the given descriptor intro point ip, the node of the
569  * rendezvous point rp_node and the service's subcredential, populate the
570  * already allocated intro1_data object with the needed key material and link
571  * specifiers.
572  *
573  * Return 0 on success or a negative value if we couldn't properly filled the
574  * introduce1 data from the RP node. In other word, it means the RP node is
575  * unusable to use in the introduction. */
576 static int
577 setup_introduce1_data(const hs_desc_intro_point_t *ip,
578  const node_t *rp_node,
579  const uint8_t *subcredential,
580  hs_cell_introduce1_data_t *intro1_data)
581 {
582  int ret = -1;
583  smartlist_t *rp_lspecs;
584 
585  tor_assert(ip);
586  tor_assert(rp_node);
587  tor_assert(subcredential);
588  tor_assert(intro1_data);
589 
590  /* Build the link specifiers from the node at the end of the rendezvous
591  * circuit that we opened for this introduction. */
592  rp_lspecs = node_get_link_specifier_smartlist(rp_node, 0);
593  if (smartlist_len(rp_lspecs) == 0) {
594  /* We can't rendezvous without link specifiers. */
595  smartlist_free(rp_lspecs);
596  goto end;
597  }
598 
599  /* Populate the introduce1 data object. */
600  memset(intro1_data, 0, sizeof(hs_cell_introduce1_data_t));
601  if (ip->legacy.key != NULL) {
602  intro1_data->is_legacy = 1;
603  intro1_data->legacy_key = ip->legacy.key;
604  }
605  intro1_data->auth_pk = &ip->auth_key_cert->signed_key;
606  intro1_data->enc_pk = &ip->enc_key;
607  intro1_data->subcredential = subcredential;
608  intro1_data->link_specifiers = rp_lspecs;
609  intro1_data->onion_pk = node_get_curve25519_onion_key(rp_node);
610  if (intro1_data->onion_pk == NULL) {
611  /* We can't rendezvous without the curve25519 onion key. */
612  goto end;
613  }
614  /* Success, we have valid introduce data. */
615  ret = 0;
616 
617  end:
618  return ret;
619 }
620 
621 /* ========== */
622 /* Public API */
623 /* ========== */
624 
625 /* Return an introduction point circuit matching the given intro point object.
626  * NULL is returned is no such circuit can be found. */
628 hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
629 {
630  tor_assert(ip);
631 
632  if (ip->base.is_only_legacy) {
633  return hs_circuitmap_get_intro_circ_v2_service_side(ip->legacy_key_digest);
634  } else {
636  &ip->auth_key_kp.pubkey);
637  }
638 }
639 
640 /* Called when we fail building a rendezvous circuit at some point other than
641  * the last hop: launches a new circuit to the same rendezvous point. This
642  * supports legacy service.
643  *
644  * We currently relaunch connections to rendezvous points if:
645  * - A rendezvous circuit timed out before connecting to RP.
646  * - The rendezvous circuit failed to connect to the RP.
647  *
648  * We avoid relaunching a connection to this rendezvous point if:
649  * - We have already tried MAX_REND_FAILURES times to connect to this RP,
650  * - We've been trying to connect to this RP for more than MAX_REND_TIMEOUT
651  * seconds, or
652  * - We've already retried this specific rendezvous circuit.
653  */
654 void
655 hs_circ_retry_service_rendezvous_point(origin_circuit_t *circ)
656 {
657  tor_assert(circ);
659 
660  /* Check if we are allowed to relaunch to the rendezvous point of circ. */
661  if (!can_relaunch_service_rendezvous_point(circ)) {
662  goto done;
663  }
664 
665  /* Flag the circuit that we are relaunching, to avoid to relaunch twice a
666  * circuit to the same rendezvous point at the same time. */
668 
669  /* Legacy services don't have a hidden service ident. */
670  if (circ->hs_ident) {
671  retry_service_rendezvous_point(circ);
672  } else {
674  }
675 
676  done:
677  return;
678 }
679 
680 /* For a given service and a service intro point, launch a circuit to the
681  * extend info ei. If the service is a single onion, and direct_conn is true,
682  * a one-hop circuit will be requested.
683  *
684  * Return 0 if the circuit was successfully launched and tagged
685  * with the correct identifier. On error, a negative value is returned. */
686 int
687 hs_circ_launch_intro_point(hs_service_t *service,
688  const hs_service_intro_point_t *ip,
689  extend_info_t *ei,
690  bool direct_conn)
691 {
692  /* Standard flags for introduction circuit. */
693  int ret = -1, circ_flags = CIRCLAUNCH_NEED_UPTIME | CIRCLAUNCH_IS_INTERNAL;
694  origin_circuit_t *circ;
695 
696  tor_assert(service);
697  tor_assert(ip);
698  tor_assert(ei);
699 
700  /* Update circuit flags in case of a single onion service that requires a
701  * direct connection. */
702  tor_assert_nonfatal(ip->circuit_retries > 0);
703  /* Only single onion services can make direct conns */
704  if (BUG(!service->config.is_single_onion && direct_conn)) {
705  goto end;
706  }
707  /* We only use a one-hop path on the first attempt. If the first attempt
708  * fails, we use a 3-hop path for reachability / reliability.
709  * (Unlike v2, retries is incremented by the caller before it calls this
710  * function.) */
711  if (direct_conn && ip->circuit_retries == 1) {
712  circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
713  }
714 
715  log_info(LD_REND, "Launching a circuit to intro point %s for service %s.",
716  safe_str_client(extend_info_describe(ei)),
717  safe_str_client(service->onion_address));
718 
719  /* Note down the launch for the retry period. Even if the circuit fails to
720  * be launched, we still want to respect the retry period to avoid stress on
721  * the circuit subsystem. */
722  service->state.num_intro_circ_launched++;
724  ei, circ_flags);
725  if (circ == NULL) {
726  goto end;
727  }
728 
729  /* Setup the circuit identifier and attach it to it. */
730  circ->hs_ident = create_intro_circuit_identifier(service, ip);
731  tor_assert(circ->hs_ident);
732  /* Register circuit in the global circuitmap. */
733  register_intro_circ(ip, circ);
734 
735  /* Success. */
736  ret = 0;
737  end:
738  return ret;
739 }
740 
741 /* Called when a service introduction point circuit is done building. Given
742  * the service and intro point object, this function will send the
743  * ESTABLISH_INTRO cell on the circuit. Return 0 on success. Return 1 if the
744  * circuit has been repurposed to General because we already have too many
745  * opened. */
746 int
747 hs_circ_service_intro_has_opened(hs_service_t *service,
749  const hs_service_descriptor_t *desc,
750  origin_circuit_t *circ)
751 {
752  int ret = 0;
753  unsigned int num_intro_circ, num_needed_circ;
754 
755  tor_assert(service);
756  tor_assert(ip);
757  tor_assert(desc);
758  tor_assert(circ);
759 
760  /* Cound opened circuits that have sent ESTABLISH_INTRO cells or are already
761  * established introduction circuits */
762  num_intro_circ = count_opened_desc_intro_point_circuits(service, desc);
763  num_needed_circ = service->config.num_intro_points;
764  if (num_intro_circ > num_needed_circ) {
765  /* There are too many opened valid intro circuit for what the service
766  * needs so repurpose this one. */
767 
768  /* XXX: Legacy code checks options->ExcludeNodes and if not NULL it just
769  * closes the circuit. I have NO idea why it does that so it hasn't been
770  * added here. I can only assume in case our ExcludeNodes list changes but
771  * in that case, all circuit are flagged unusable (config.c). --dgoulet */
772 
773  log_info(LD_CIRC | LD_REND, "Introduction circuit just opened but we "
774  "have enough for service %s. Repurposing "
775  "it to general and leaving internal.",
776  safe_str_client(service->onion_address));
778  /* Remove it from the circuitmap. */
780  /* Cleaning up the hidden service identifier and repurpose. */
781  hs_ident_circuit_free(circ->hs_ident);
782  circ->hs_ident = NULL;
783  if (circuit_should_use_vanguards(TO_CIRCUIT(circ)->purpose))
785  else
787 
788  /* Inform that this circuit just opened for this new purpose. */
789  circuit_has_opened(circ);
790  /* This return value indicate to the caller that the IP object should be
791  * removed from the service because it's corresponding circuit has just
792  * been repurposed. */
793  ret = 1;
794  goto done;
795  }
796 
797  log_info(LD_REND, "Introduction circuit %u established for service %s.",
798  TO_CIRCUIT(circ)->n_circ_id,
799  safe_str_client(service->onion_address));
801 
802  /* Time to send an ESTABLISH_INTRO cell on this circuit. On error, this call
803  * makes sure the circuit gets closed. */
804  send_establish_intro(service, ip, circ);
805 
806  done:
807  return ret;
808 }
809 
810 /* Called when a service rendezvous point circuit is done building. Given the
811  * service and the circuit, this function will send a RENDEZVOUS1 cell on the
812  * circuit using the information in the circuit identifier. If the cell can't
813  * be sent, the circuit is closed. */
814 void
815 hs_circ_service_rp_has_opened(const hs_service_t *service,
816  origin_circuit_t *circ)
817 {
818  size_t payload_len;
819  uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
820 
821  tor_assert(service);
822  tor_assert(circ);
823  tor_assert(circ->hs_ident);
824 
825  /* Some useful logging. */
826  log_info(LD_REND, "Rendezvous circuit %u has opened with cookie %s "
827  "for service %s",
828  TO_CIRCUIT(circ)->n_circ_id,
829  hex_str((const char *) circ->hs_ident->rendezvous_cookie,
831  safe_str_client(service->onion_address));
833 
834  /* This can't fail. */
835  payload_len = hs_cell_build_rendezvous1(
836  circ->hs_ident->rendezvous_cookie,
837  sizeof(circ->hs_ident->rendezvous_cookie),
838  circ->hs_ident->rendezvous_handshake_info,
839  sizeof(circ->hs_ident->rendezvous_handshake_info),
840  payload);
841 
842  /* Pad the payload with random bytes so it matches the size of a legacy cell
843  * which is normally always bigger. Also, the size of a legacy cell is
844  * always smaller than the RELAY_PAYLOAD_SIZE so this is safe. */
845  if (payload_len < HS_LEGACY_RENDEZVOUS_CELL_SIZE) {
846  crypto_rand((char *) payload + payload_len,
847  HS_LEGACY_RENDEZVOUS_CELL_SIZE - payload_len);
848  payload_len = HS_LEGACY_RENDEZVOUS_CELL_SIZE;
849  }
850 
851  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
852  RELAY_COMMAND_RENDEZVOUS1,
853  (const char *) payload, payload_len,
854  circ->cpath->prev) < 0) {
855  /* On error, circuit is closed. */
856  log_warn(LD_REND, "Unable to send RENDEZVOUS1 cell on circuit %u "
857  "for service %s",
858  TO_CIRCUIT(circ)->n_circ_id,
859  safe_str_client(service->onion_address));
860  goto done;
861  }
862 
863  /* Setup end-to-end rendezvous circuit between the client and us. */
864  if (hs_circuit_setup_e2e_rend_circ(circ,
865  circ->hs_ident->rendezvous_ntor_key_seed,
866  sizeof(circ->hs_ident->rendezvous_ntor_key_seed),
867  1) < 0) {
868  log_warn(LD_GENERAL, "Failed to setup circ");
869  goto done;
870  }
871 
872  done:
873  memwipe(payload, 0, sizeof(payload));
874 }
875 
876 /* Circ has been expecting an INTRO_ESTABLISHED cell that just arrived. Handle
877  * the INTRO_ESTABLISHED cell payload of length payload_len arriving on the
878  * given introduction circuit circ. The service is only used for logging
879  * purposes. Return 0 on success else a negative value. */
880 int
881 hs_circ_handle_intro_established(const hs_service_t *service,
882  const hs_service_intro_point_t *ip,
883  origin_circuit_t *circ,
884  const uint8_t *payload, size_t payload_len)
885 {
886  int ret = -1;
887 
888  tor_assert(service);
889  tor_assert(ip);
890  tor_assert(circ);
891  tor_assert(payload);
892 
893  if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)) {
894  goto done;
895  }
896 
897  /* Try to parse the payload into a cell making sure we do actually have a
898  * valid cell. For a legacy node, it's an empty payload so as long as we
899  * have the cell, we are good. */
900  if (!ip->base.is_only_legacy &&
901  hs_cell_parse_intro_established(payload, payload_len) < 0) {
902  log_warn(LD_REND, "Unable to parse the INTRO_ESTABLISHED cell on "
903  "circuit %u for service %s",
904  TO_CIRCUIT(circ)->n_circ_id,
905  safe_str_client(service->onion_address));
906  goto done;
907  }
908 
909  /* Switch the purpose to a fully working intro point. */
911  /* Getting a valid INTRODUCE_ESTABLISHED means we've successfully used the
912  * circuit so update our pathbias subsystem. */
914  /* Success. */
915  ret = 0;
916 
917  done:
918  return ret;
919 }
920 
921 /* We just received an INTRODUCE2 cell on the established introduction circuit
922  * circ. Handle the INTRODUCE2 payload of size payload_len for the given
923  * circuit and service. This cell is associated with the intro point object ip
924  * and the subcredential. Return 0 on success else a negative value. */
925 int
926 hs_circ_handle_introduce2(const hs_service_t *service,
927  const origin_circuit_t *circ,
929  const uint8_t *subcredential,
930  const uint8_t *payload, size_t payload_len)
931 {
932  int ret = -1;
933  time_t elapsed;
935 
936  tor_assert(service);
937  tor_assert(circ);
938  tor_assert(ip);
939  tor_assert(subcredential);
940  tor_assert(payload);
941 
942  /* Populate the data structure with everything we need for the cell to be
943  * parsed, decrypted and key material computed correctly. */
944  data.auth_pk = &ip->auth_key_kp.pubkey;
945  data.enc_kp = &ip->enc_key_kp;
946  data.subcredential = subcredential;
947  data.payload = payload;
948  data.payload_len = payload_len;
949  data.link_specifiers = smartlist_new();
950  data.replay_cache = ip->replay_cache;
951 
952  if (hs_cell_parse_introduce2(&data, circ, service) < 0) {
953  goto done;
954  }
955 
956  /* Check whether we've seen this REND_COOKIE before to detect repeats. */
958  service->state.replay_cache_rend_cookie,
959  data.rendezvous_cookie, sizeof(data.rendezvous_cookie),
960  &elapsed)) {
961  /* A Tor client will send a new INTRODUCE1 cell with the same REND_COOKIE
962  * as its previous one if its intro circ times out while in state
963  * CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT. If we received the first
964  * INTRODUCE1 cell (the intro-point relay converts it into an INTRODUCE2
965  * cell), we are already trying to connect to that rend point (and may
966  * have already succeeded); drop this cell. */
967  log_info(LD_REND, "We received an INTRODUCE2 cell with same REND_COOKIE "
968  "field %ld seconds ago. Dropping cell.",
969  (long int) elapsed);
970  goto done;
971  }
972 
973  /* At this point, we just confirmed that the full INTRODUCE2 cell is valid
974  * so increment our counter that we've seen one on this intro point. */
975  ip->introduce2_count++;
976 
977  /* Launch rendezvous circuit with the onion key and rend cookie. */
978  launch_rendezvous_point_circuit(service, ip, &data);
979  /* Success. */
980  ret = 0;
981 
982  done:
983  link_specifier_smartlist_free(data.link_specifiers);
984  memwipe(&data, 0, sizeof(data));
985  return ret;
986 }
987 
988 /* Circuit <b>circ</b> just finished the rend ntor key exchange. Use the key
989  * exchange output material at <b>ntor_key_seed</b> and setup <b>circ</b> to
990  * serve as a rendezvous end-to-end circuit between the client and the
991  * service. If <b>is_service_side</b> is set, then we are the hidden service
992  * and the other side is the client.
993  *
994  * Return 0 if the operation went well; in case of error return -1. */
995 int
996 hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ,
997  const uint8_t *ntor_key_seed, size_t seed_len,
998  int is_service_side)
999 {
1000  if (BUG(!circuit_purpose_is_correct_for_rend(TO_CIRCUIT(circ)->purpose,
1001  is_service_side))) {
1002  return -1;
1003  }
1004 
1005  crypt_path_t *hop = create_rend_cpath(ntor_key_seed, seed_len,
1006  is_service_side);
1007  if (!hop) {
1008  log_warn(LD_REND, "Couldn't get v3 %s cpath!",
1009  is_service_side ? "service-side" : "client-side");
1010  return -1;
1011  }
1012 
1013  finalize_rend_circuit(circ, hop, is_service_side);
1014 
1015  return 0;
1016 }
1017 
1018 /* We are a v2 legacy HS client and we just received a RENDEZVOUS1 cell
1019  * <b>rend_cell_body</b> on <b>circ</b>. Finish up the DH key exchange and then
1020  * extend the crypt path of <b>circ</b> so that the hidden service is on the
1021  * other side. */
1022 int
1023 hs_circuit_setup_e2e_rend_circ_legacy_client(origin_circuit_t *circ,
1024  const uint8_t *rend_cell_body)
1025 {
1026 
1027  if (BUG(!circuit_purpose_is_correct_for_rend(
1028  TO_CIRCUIT(circ)->purpose, 0))) {
1029  return -1;
1030  }
1031 
1032  crypt_path_t *hop = create_rend_cpath_legacy(circ, rend_cell_body);
1033  if (!hop) {
1034  log_warn(LD_GENERAL, "Couldn't get v2 cpath.");
1035  return -1;
1036  }
1037 
1038  finalize_rend_circuit(circ, hop, 0);
1039 
1040  return 0;
1041 }
1042 
1043 /* Given the introduction circuit intro_circ, the rendezvous circuit
1044  * rend_circ, a descriptor intro point object ip and the service's
1045  * subcredential, send an INTRODUCE1 cell on intro_circ.
1046  *
1047  * This will also setup the circuit identifier on rend_circ containing the key
1048  * material for the handshake and e2e encryption. Return 0 on success else
1049  * negative value. Because relay_send_command_from_edge() closes the circuit
1050  * on error, it is possible that intro_circ is closed on error. */
1051 int
1052 hs_circ_send_introduce1(origin_circuit_t *intro_circ,
1053  origin_circuit_t *rend_circ,
1054  const hs_desc_intro_point_t *ip,
1055  const uint8_t *subcredential)
1056 {
1057  int ret = -1;
1058  ssize_t payload_len;
1059  uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
1060  hs_cell_introduce1_data_t intro1_data;
1061 
1062  tor_assert(intro_circ);
1063  tor_assert(rend_circ);
1064  tor_assert(ip);
1065  tor_assert(subcredential);
1066 
1067  /* It is undefined behavior in hs_cell_introduce1_data_clear() if intro1_data
1068  * has been declared on the stack but not initialized. Here, we set it to 0.
1069  */
1070  memset(&intro1_data, 0, sizeof(hs_cell_introduce1_data_t));
1071 
1072  /* This takes various objects in order to populate the introduce1 data
1073  * object which is used to build the content of the cell. */
1074  const node_t *exit_node = build_state_get_exit_node(rend_circ->build_state);
1075  if (exit_node == NULL) {
1076  log_info(LD_REND, "Unable to get rendezvous point for circuit %u. "
1077  "Failing.", TO_CIRCUIT(intro_circ)->n_circ_id);
1078  goto done;
1079  }
1080 
1081  /* We should never select an invalid rendezvous point in theory but if we
1082  * do, this function will fail to populate the introduce data. */
1083  if (setup_introduce1_data(ip, exit_node, subcredential, &intro1_data) < 0) {
1084  log_warn(LD_REND, "Unable to setup INTRODUCE1 data. The chosen rendezvous "
1085  "point is unusable. Closing circuit.");
1086  goto close;
1087  }
1088 
1089  /* Final step before we encode a cell, we setup the circuit identifier which
1090  * will generate both the rendezvous cookie and client keypair for this
1091  * connection. Those are put in the ident. */
1092  intro1_data.rendezvous_cookie = rend_circ->hs_ident->rendezvous_cookie;
1093  intro1_data.client_kp = &rend_circ->hs_ident->rendezvous_client_kp;
1094 
1095  memcpy(intro_circ->hs_ident->rendezvous_cookie,
1096  rend_circ->hs_ident->rendezvous_cookie,
1097  sizeof(intro_circ->hs_ident->rendezvous_cookie));
1098 
1099  /* From the introduce1 data object, this will encode the INTRODUCE1 cell
1100  * into payload which is then ready to be sent as is. */
1101  payload_len = hs_cell_build_introduce1(&intro1_data, payload);
1102  if (BUG(payload_len < 0)) {
1103  goto close;
1104  }
1105 
1106  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(intro_circ),
1107  RELAY_COMMAND_INTRODUCE1,
1108  (const char *) payload, payload_len,
1109  intro_circ->cpath->prev) < 0) {
1110  /* On error, circuit is closed. */
1111  log_warn(LD_REND, "Unable to send INTRODUCE1 cell on circuit %u.",
1112  TO_CIRCUIT(intro_circ)->n_circ_id);
1113  goto done;
1114  }
1115 
1116  /* Success. */
1117  ret = 0;
1118  goto done;
1119 
1120  close:
1121  circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
1122  done:
1123  hs_cell_introduce1_data_clear(&intro1_data);
1124  memwipe(payload, 0, sizeof(payload));
1125  return ret;
1126 }
1127 
1128 /* Send an ESTABLISH_RENDEZVOUS cell along the rendezvous circuit circ. On
1129  * success, 0 is returned else -1 and the circuit is marked for close. */
1130 int
1131 hs_circ_send_establish_rendezvous(origin_circuit_t *circ)
1132 {
1133  ssize_t cell_len = 0;
1134  uint8_t cell[RELAY_PAYLOAD_SIZE] = {0};
1135 
1136  tor_assert(circ);
1138 
1139  log_info(LD_REND, "Send an ESTABLISH_RENDEZVOUS cell on circuit %u",
1140  TO_CIRCUIT(circ)->n_circ_id);
1141 
1142  /* Set timestamp_dirty, because circuit_expire_building expects it,
1143  * and the rend cookie also means we've used the circ. */
1144  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
1145 
1146  /* We've attempted to use this circuit. Probe it if we fail */
1148 
1149  /* Generate the RENDEZVOUS_COOKIE and place it in the identifier so we can
1150  * complete the handshake when receiving the acknowledgement. */
1151  crypto_rand((char *) circ->hs_ident->rendezvous_cookie, HS_REND_COOKIE_LEN);
1152  /* Generate the client keypair. No need to be extra strong, not long term */
1153  curve25519_keypair_generate(&circ->hs_ident->rendezvous_client_kp, 0);
1154 
1155  cell_len =
1156  hs_cell_build_establish_rendezvous(circ->hs_ident->rendezvous_cookie,
1157  cell);
1158  if (BUG(cell_len < 0)) {
1159  goto err;
1160  }
1161 
1162  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
1163  RELAY_COMMAND_ESTABLISH_RENDEZVOUS,
1164  (const char *) cell, cell_len,
1165  circ->cpath->prev) < 0) {
1166  /* Circuit has been marked for close */
1167  log_warn(LD_REND, "Unable to send ESTABLISH_RENDEZVOUS cell on "
1168  "circuit %u", TO_CIRCUIT(circ)->n_circ_id);
1169  memwipe(cell, 0, cell_len);
1170  goto err;
1171  }
1172 
1173  memwipe(cell, 0, cell_len);
1174  return 0;
1175  err:
1176  return -1;
1177 }
1178 
1179 /* We are about to close or free this <b>circ</b>. Clean it up from any
1180  * related HS data structures. This function can be called multiple times
1181  * safely for the same circuit. */
1182 void
1183 hs_circ_cleanup(circuit_t *circ)
1184 {
1185  tor_assert(circ);
1186 
1187  /* If it's a service-side intro circ, notify the HS subsystem for the intro
1188  * point circuit closing so it can be dealt with cleanly. */
1190  circ->purpose == CIRCUIT_PURPOSE_S_INTRO) {
1191  hs_service_intro_circ_has_closed(TO_ORIGIN_CIRCUIT(circ));
1192  }
1193 
1194  /* Clear HS circuitmap token for this circ (if any). Very important to be
1195  * done after the HS subsystem has been notified of the close else the
1196  * circuit will not be found.
1197  *
1198  * We do this at the close if possible because from that point on, the
1199  * circuit is good as dead. We can't rely on removing it in the circuit
1200  * free() function because we open a race window between the close and free
1201  * where we can't register a new circuit for the same intro point. */
1202  if (circ->hs_token) {
1204  }
1205 }
#define RELAY_PAYLOAD_SIZE
Definition: or.h:605
#define CIRCLAUNCH_ONEHOP_TUNNEL
Definition: circuituse.h:39
#define CIRCLAUNCH_IS_INTERNAL
Definition: circuituse.h:46
ed25519_public_key_t signed_key
Definition: torcert.h:25
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
Definition: circuitlist.h:87
unsigned int hs_circ_has_timed_out
Common functions for using (pseudo-)random number generators.
Definition: node_st.h:28
Header file containing service data for the HS subsytem.
Headers for crypto_dh.c.
void cpath_extend_linked_list(crypt_path_t **head_ptr, crypt_path_t *new_hop)
Definition: crypt_path.c:44
void circuit_try_attaching_streams(origin_circuit_t *circ)
Definition: circuituse.c:1759
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:204
uint16_t marked_for_close
Definition: circuit_st.h:178
void rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc)
Definition: rendservice.c:3016
#define LD_GENERAL
Definition: log.h:60
struct crypto_dh_t * rend_dh_handshake_state
Definition: crypt_path_st.h:50
crypt_path_t * pending_final_cpath
#define CIRCLAUNCH_NEED_UPTIME
Definition: circuituse.h:41
#define LOG_INFO
Definition: log.h:43
Header file for describe.c.
Header file for nodelist.c.
#define CIRCWINDOW_START
Definition: or.h:501
crypt_path_t * cpath
#define MAX_REND_TIMEOUT
Definition: hs_common.h:49
unsigned int hs_service_side_rend_circ_has_been_relaunched
#define TO_CIRCUIT(x)
Definition: or.h:951
#define CIRCUIT_PURPOSE_C_REND_READY
Definition: circuitlist.h:84
Header file for config.c.
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Definition: circuitlist.h:102
struct hs_token_t * hs_token
Definition: circuit_st.h:205
#define tor_free(p)
Definition: malloc.h:52
int replaycache_add_test_and_elapsed(replaycache_t *r, const void *data, size_t len, time_t *elapsed)
Definition: replaycache.c:195
uint8_t purpose
Definition: circuit_st.h:100
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:57
#define MAX_REND_FAILURES
Definition: hs_common.h:46
int circuit_should_use_vanguards(uint8_t purpose)
Definition: circuituse.c:1997
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Header file for policies.c.
origin_circuit_t * hs_circuitmap_get_intro_circ_v3_service_side(const ed25519_public_key_t *auth_key)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
int32_t circuit_initial_package_window(void)
Definition: circuitlist.c:970
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:1889
Common functions for cryptographic routines.
tor_assert(buffer)
#define LD_CIRC
Definition: log.h:80
uint8_t state
Definition: circuit_st.h:99
#define DIGEST_LEN
Definition: digest_sizes.h:20
Header file containing cell data for the whole HS subsytem.
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
Master header file for Tor-specific functionality.
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:31
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
Header file for circuitbuild.c.
Header file for rephist.c.
Header file containing circuit and connection identifier data for the whole HS subsytem.
char rend_circ_nonce[DIGEST_LEN]
Definition: crypt_path_st.h:53
Header file for circuituse.c.
const node_t * build_state_get_exit_node(cpath_build_state_t *state)
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND
Definition: circuitlist.h:82
Header file for hs_circuitmap.c.
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Definition: circuitlist.h:108
#define LD_REND
Definition: log.h:82
Header file for circuitlist.c.
Header file for rendservice.c.
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
Definition: circuitbuild.c:357
int cpath_init_circuit_crypto(crypt_path_t *cpath, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3)
Definition: crypt_path.c:150
#define CIRCLAUNCH_NEED_CAPACITY
Definition: circuituse.h:43
void hs_circuitmap_remove_circuit(circuit_t *circ)
#define CIRCUIT_PURPOSE_S_INTRO
Definition: circuitlist.h:105
#define DH1024_KEY_LEN
Definition: dh_sizes.h:20
#define CIRCUIT_PURPOSE_HS_VANGUARDS
Definition: circuitlist.h:129
Header file containing circuit data for the whole HS subsytem.
struct crypt_path_t * prev
Definition: crypt_path_st.h:70
cpath_build_state_t * build_state
origin_circuit_t * TO_ORIGIN_CIRCUIT(circuit_t *x)
Definition: circuitlist.c:163
void circuit_has_opened(origin_circuit_t *circ)
Definition: circuituse.c:1685
Header file for crypt_path.c.
struct hs_ident_circuit_t * hs_ident
origin_circuit_t * circuit_launch_by_extend_info(uint8_t purpose, extend_info_t *extend_info, int flags)
Definition: circuituse.c:2067
int hs_get_service_max_rend_failures(void)
Definition: hs_common.c:231
Header file for relay.c.
int hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len, uint8_t *keys_out, size_t keys_out_len)
Definition: hs_ntor.c:589
#define CIRCUIT_PURPOSE_C_REND_JOINED
Definition: circuitlist.h:89
uint8_t state
Definition: crypt_path_st.h:63
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
#define log_fn(severity, domain, args,...)
Definition: log.h:274
#define CIRCUIT_PURPOSE_C_GENERAL
Definition: circuitlist.h:71
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:604
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Definition: circuituse.c:3061
#define REND_COOKIE_LEN
Definition: or.h:399
extend_info_t * chosen_exit
ssize_t crypto_dh_compute_secret(int severity, crypto_dh_t *dh, const char *pubkey, size_t pubkey_len, char *secret_out, size_t secret_bytes_out)
Definition: crypto_dh.c:79
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:111
#define LD_PROTOCOL
Definition: log.h:70
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:661
#define LD_BUG
Definition: log.h:84
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20