Tor  0.4.7.0-alpha-dev
hs_circuit.c
Go to the documentation of this file.
1 /* Copyright (c) 2017-2021, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
4 /**
5  * \file hs_circuit.c
6  **/
7 
8 #define HS_CIRCUIT_PRIVATE
9 
10 #include "core/or/or.h"
11 #include "app/config/config.h"
12 #include "core/crypto/hs_ntor.h"
13 #include "core/or/circuitbuild.h"
14 #include "core/or/circuitlist.h"
15 #include "core/or/circuituse.h"
16 #include "core/or/policies.h"
17 #include "core/or/relay.h"
18 #include "core/or/crypt_path.h"
19 #include "core/or/extendinfo.h"
20 #include "feature/client/circpathbias.h"
21 #include "feature/hs/hs_cell.h"
22 #include "feature/hs/hs_circuit.h"
23 #include "feature/hs/hs_ob.h"
25 #include "feature/hs/hs_client.h"
26 #include "feature/hs/hs_ident.h"
27 #include "feature/hs/hs_metrics.h"
28 #include "feature/hs/hs_service.h"
31 #include "feature/stats/rephist.h"
35 
36 /* Trunnel. */
37 #include "trunnel/ed25519_cert.h"
38 #include "trunnel/hs/cell_common.h"
39 #include "trunnel/hs/cell_establish_intro.h"
40 
42 #include "core/or/crypt_path_st.h"
45 
46 /** A circuit is about to become an e2e rendezvous circuit. Check
47  * <b>circ_purpose</b> and ensure that it's properly set. Return true iff
48  * circuit purpose is properly set, otherwise return false. */
49 static int
50 circuit_purpose_is_correct_for_rend(unsigned int circ_purpose,
51  int is_service_side)
52 {
53  if (is_service_side) {
54  if (circ_purpose != CIRCUIT_PURPOSE_S_CONNECT_REND) {
55  log_warn(LD_BUG,
56  "HS e2e circuit setup with wrong purpose (%d)", circ_purpose);
57  return 0;
58  }
59  }
60 
61  if (!is_service_side) {
62  if (circ_purpose != CIRCUIT_PURPOSE_C_REND_READY &&
64  log_warn(LD_BUG,
65  "Client e2e circuit setup with wrong purpose (%d)", circ_purpose);
66  return 0;
67  }
68  }
69 
70  return 1;
71 }
72 
73 /** Create and return a crypt path for the final hop of a v3 prop224 rendezvous
74  * circuit. Initialize the crypt path crypto using the output material from the
75  * ntor key exchange at <b>ntor_key_seed</b>.
76  *
77  * If <b>is_service_side</b> is set, we are the hidden service and the final
78  * hop of the rendezvous circuit is the client on the other side. */
79 static crypt_path_t *
80 create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len,
81  int is_service_side)
82 {
83  uint8_t keys[HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN];
84  crypt_path_t *cpath = NULL;
85 
86  /* Do the key expansion */
87  if (hs_ntor_circuit_key_expansion(ntor_key_seed, seed_len,
88  keys, sizeof(keys)) < 0) {
89  goto err;
90  }
91 
92  /* Setup the cpath */
93  cpath = tor_malloc_zero(sizeof(crypt_path_t));
94  cpath->magic = CRYPT_PATH_MAGIC;
95 
96  if (cpath_init_circuit_crypto(cpath, (char*)keys, sizeof(keys),
97  is_service_side, 1) < 0) {
98  tor_free(cpath);
99  goto err;
100  }
101 
102  err:
103  memwipe(keys, 0, sizeof(keys));
104  return cpath;
105 }
106 
107 /** Append the final <b>hop</b> to the cpath of the rend <b>circ</b>, and mark
108  * <b>circ</b> ready for use to transfer HS relay cells. */
109 static void
111  int is_service_side)
112 {
113  tor_assert(circ);
114  tor_assert(hop);
115 
116  /* Notify the circuit state machine that we are splicing this circuit */
117  int new_circ_purpose = is_service_side ?
119  circuit_change_purpose(TO_CIRCUIT(circ), new_circ_purpose);
120 
121  /* All is well. Extend the circuit. */
122  hop->state = CPATH_STATE_OPEN;
123  /* Set the windows to default. */
126 
127  /* Now that this circuit has finished connecting to its destination,
128  * make sure circuit_get_open_circ_or_launch is willing to return it
129  * so we can actually use it. */
130  circ->hs_circ_has_timed_out = 0;
131 
132  /* Append the hop to the cpath of this circuit */
133  cpath_extend_linked_list(&circ->cpath, hop);
134 
135  /* Finally, mark circuit as ready to be used for client streams */
136  if (!is_service_side) {
138  }
139 }
140 
141 /** For a given circuit and a service introduction point object, register the
142  * intro circuit to the circuitmap. */
143 static void
145  origin_circuit_t *circ)
146 {
147  tor_assert(ip);
148  tor_assert(circ);
149 
151  &ip->auth_key_kp.pubkey);
152 }
153 
154 /** Return the number of opened introduction circuit for the given circuit that
155  * is matching its identity key. */
156 static unsigned int
158  const hs_service_descriptor_t *desc)
159 {
160  unsigned int count = 0;
161 
162  tor_assert(service);
163  tor_assert(desc);
164 
165  DIGEST256MAP_FOREACH(desc->intro_points.map, key,
166  const hs_service_intro_point_t *, ip) {
167  const circuit_t *circ;
169  if (ocirc == NULL) {
170  continue;
171  }
172  circ = TO_CIRCUIT(ocirc);
175  /* Having a circuit not for the requested service is really bad. */
177  &ocirc->hs_ident->identity_pk));
178  /* Only count opened circuit and skip circuit that will be closed. */
179  if (!circ->marked_for_close && circ->state == CIRCUIT_STATE_OPEN) {
180  count++;
181  }
182  } DIGEST256MAP_FOREACH_END;
183  return count;
184 }
185 
186 /** From a given service, rendezvous cookie and handshake info, create a
187  * rendezvous point circuit identifier. This can't fail. */
190  const uint8_t *rendezvous_cookie,
191  const curve25519_public_key_t *server_pk,
192  const hs_ntor_rend_cell_keys_t *keys)
193 {
194  hs_ident_circuit_t *ident;
195  uint8_t handshake_info[CURVE25519_PUBKEY_LEN + DIGEST256_LEN];
196 
197  tor_assert(service);
198  tor_assert(rendezvous_cookie);
199  tor_assert(server_pk);
200  tor_assert(keys);
201 
202  ident = hs_ident_circuit_new(&service->keys.identity_pk);
203  /* Copy the RENDEZVOUS_COOKIE which is the unique identifier. */
204  memcpy(ident->rendezvous_cookie, rendezvous_cookie,
205  sizeof(ident->rendezvous_cookie));
206  /* Build the HANDSHAKE_INFO which looks like this:
207  * SERVER_PK [32 bytes]
208  * AUTH_INPUT_MAC [32 bytes]
209  */
210  memcpy(handshake_info, server_pk->public_key, CURVE25519_PUBKEY_LEN);
211  memcpy(handshake_info + CURVE25519_PUBKEY_LEN, keys->rend_cell_auth_mac,
212  DIGEST256_LEN);
213  tor_assert(sizeof(ident->rendezvous_handshake_info) ==
214  sizeof(handshake_info));
215  memcpy(ident->rendezvous_handshake_info, handshake_info,
216  sizeof(ident->rendezvous_handshake_info));
217  /* Finally copy the NTOR_KEY_SEED for e2e encryption on the circuit. */
218  tor_assert(sizeof(ident->rendezvous_ntor_key_seed) ==
219  sizeof(keys->ntor_key_seed));
220  memcpy(ident->rendezvous_ntor_key_seed, keys->ntor_key_seed,
221  sizeof(ident->rendezvous_ntor_key_seed));
222  return ident;
223 }
224 
225 /** From a given service and service intro point, create an introduction point
226  * circuit identifier. This can't fail. */
227 static hs_ident_circuit_t *
229  const hs_service_intro_point_t *ip)
230 {
231  hs_ident_circuit_t *ident;
232 
233  tor_assert(service);
234  tor_assert(ip);
235 
236  ident = hs_ident_circuit_new(&service->keys.identity_pk);
237  ed25519_pubkey_copy(&ident->intro_auth_pk, &ip->auth_key_kp.pubkey);
238 
239  return ident;
240 }
241 
242 /** For a given introduction point and an introduction circuit, send the
243  * ESTABLISH_INTRO cell. The service object is used for logging. This can fail
244  * and if so, the circuit is closed and the intro point object is flagged
245  * that the circuit is not established anymore which is important for the
246  * retry mechanism. */
247 static void
250 {
251  ssize_t cell_len;
252  uint8_t payload[RELAY_PAYLOAD_SIZE];
253 
254  tor_assert(service);
255  tor_assert(ip);
256  tor_assert(circ);
257 
258  /* Encode establish intro cell. */
260  &service->config, ip, payload);
261  if (cell_len < 0) {
262  log_warn(LD_REND, "Unable to encode ESTABLISH_INTRO cell for service %s "
263  "on circuit %u. Closing circuit.",
264  safe_str_client(service->onion_address),
265  TO_CIRCUIT(circ)->n_circ_id);
266  goto err;
267  }
268 
269  /* Send the cell on the circuit. */
270  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
271  RELAY_COMMAND_ESTABLISH_INTRO,
272  (char *) payload, cell_len,
273  circ->cpath->prev) < 0) {
274  log_info(LD_REND, "Unable to send ESTABLISH_INTRO cell for service %s "
275  "on circuit %u.",
276  safe_str_client(service->onion_address),
277  TO_CIRCUIT(circ)->n_circ_id);
278  /* On error, the circuit has been closed. */
279  goto done;
280  }
281 
282  /* Record the attempt to use this circuit. */
284  goto done;
285 
286  err:
287  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
288  done:
289  memwipe(payload, 0, sizeof(payload));
290 }
291 
292 /** Return a string constant describing the anonymity of service. */
293 static const char *
295 {
296  if (service->config.is_single_onion) {
297  return "single onion";
298  } else {
299  return "hidden";
300  }
301 }
302 
303 /** For a given service, the ntor onion key and a rendezvous cookie, launch a
304  * circuit to the rendezvous point specified by the link specifiers. On
305  * success, a circuit identifier is attached to the circuit with the needed
306  * data. This function will try to open a circuit for a maximum value of
307  * MAX_REND_FAILURES then it will give up. */
308 MOCK_IMPL(STATIC void,
310  const hs_service_intro_point_t *ip,
312 {
313  int circ_needs_uptime;
314  time_t now = time(NULL);
315  extend_info_t *info = NULL;
316  origin_circuit_t *circ;
317 
318  tor_assert(service);
319  tor_assert(ip);
320  tor_assert(data);
321 
322  circ_needs_uptime = hs_service_requires_uptime_circ(service->config.ports);
323 
324  /* Get the extend info data structure for the chosen rendezvous point
325  * specified by the given link specifiers. */
327  &data->onion_pk,
328  service->config.is_single_onion);
329  if (info == NULL) {
330  /* We are done here, we can't extend to the rendezvous point. */
331  log_fn(LOG_PROTOCOL_WARN, LD_REND,
332  "Not enough info to open a circuit to a rendezvous point for "
333  "%s service %s.",
335  safe_str_client(service->onion_address));
336  goto end;
337  }
338 
339  for (int i = 0; i < MAX_REND_FAILURES; i++) {
341  if (circ_needs_uptime) {
342  circ_flags |= CIRCLAUNCH_NEED_UPTIME;
343  }
344  /* Firewall and policies are checked when getting the extend info.
345  *
346  * We only use a one-hop path on the first attempt. If the first attempt
347  * fails, we use a 3-hop path for reachability / reliability.
348  * See the comment in retry_service_rendezvous_point() for details. */
349  if (service->config.is_single_onion && i == 0) {
350  circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
351  }
352 
354  circ_flags);
355  if (circ != NULL) {
356  /* Stop retrying, we have a circuit! */
357  break;
358  }
359  }
360  if (circ == NULL) {
361  log_warn(LD_REND, "Giving up on launching a rendezvous circuit to %s "
362  "for %s service %s",
363  safe_str_client(extend_info_describe(info)),
365  safe_str_client(service->onion_address));
366  goto end;
367  }
368  /* Update metrics with this new rendezvous circuit launched. */
370 
371  log_info(LD_REND, "Rendezvous circuit launched to %s with cookie %s "
372  "for %s service %s",
373  safe_str_client(extend_info_describe(info)),
374  safe_str_client(hex_str((const char *) data->rendezvous_cookie,
375  REND_COOKIE_LEN)),
377  safe_str_client(service->onion_address));
378  tor_assert(circ->build_state);
379  /* Rendezvous circuit have a specific timeout for the time spent on trying
380  * to connect to the rendezvous point. */
382 
383  /* Create circuit identifier and key material. */
384  {
386  curve25519_keypair_t ephemeral_kp;
387  /* No need for extra strong, this is only for this circuit life time. This
388  * key will be used for the RENDEZVOUS1 cell that will be sent on the
389  * circuit once opened. */
390  curve25519_keypair_generate(&ephemeral_kp, 0);
391  if (hs_ntor_service_get_rendezvous1_keys(&ip->auth_key_kp.pubkey,
392  &ip->enc_key_kp,
393  &ephemeral_kp, &data->client_pk,
394  &keys) < 0) {
395  /* This should not really happened but just in case, don't make tor
396  * freak out, close the circuit and move on. */
397  log_info(LD_REND, "Unable to get RENDEZVOUS1 key material for "
398  "service %s",
399  safe_str_client(service->onion_address));
400  circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
401  goto end;
402  }
403  circ->hs_ident = create_rp_circuit_identifier(service,
404  data->rendezvous_cookie,
405  &ephemeral_kp.pubkey, &keys);
406  memwipe(&ephemeral_kp, 0, sizeof(ephemeral_kp));
407  memwipe(&keys, 0, sizeof(keys));
408  tor_assert(circ->hs_ident);
409  }
410 
411  end:
412  extend_info_free(info);
413 }
414 
415 /** Return true iff the given service rendezvous circuit circ is allowed for a
416  * relaunch to the rendezvous point. */
417 static int
419 {
420  tor_assert(circ);
421  /* This is initialized when allocating an origin circuit. */
422  tor_assert(circ->build_state);
424 
425  /* XXX: Retrying under certain condition. This is related to #22455. */
426 
427  /* Avoid to relaunch twice a circuit to the same rendezvous point at the
428  * same time. */
430  log_info(LD_REND, "Rendezvous circuit to %s has already been retried. "
431  "Skipping retry.",
432  safe_str_client(
434  goto disallow;
435  }
436 
437  /* We check failure_count >= hs_get_service_max_rend_failures()-1 below, and
438  * the -1 is because we increment the failure count for our current failure
439  * *after* this clause. */
440  int max_rend_failures = hs_get_service_max_rend_failures() - 1;
441 
442  /* A failure count that has reached maximum allowed or circuit that expired,
443  * we skip relaunching. */
444  if (circ->build_state->failure_count > max_rend_failures ||
445  circ->build_state->expiry_time <= time(NULL)) {
446  log_info(LD_REND, "Attempt to build a rendezvous circuit to %s has "
447  "failed with %d attempts and expiry time %ld. "
448  "Giving up building.",
449  safe_str_client(
451  circ->build_state->failure_count,
452  (long int) circ->build_state->expiry_time);
453  goto disallow;
454  }
455 
456  /* Allowed to relaunch. */
457  return 1;
458  disallow:
459  return 0;
460 }
461 
462 /** Retry the rendezvous point of circ by launching a new circuit to it. */
463 static void
465 {
466  int flags = 0;
467  origin_circuit_t *new_circ;
468  cpath_build_state_t *bstate;
469 
470  tor_assert(circ);
471  /* This is initialized when allocating an origin circuit. */
472  tor_assert(circ->build_state);
474 
475  /* Ease our life. */
476  bstate = circ->build_state;
477 
478  log_info(LD_REND, "Retrying rendezvous point circuit to %s",
479  safe_str_client(extend_info_describe(bstate->chosen_exit)));
480 
481  /* Get the current build state flags for the next circuit. */
482  flags |= (bstate->need_uptime) ? CIRCLAUNCH_NEED_UPTIME : 0;
483  flags |= (bstate->need_capacity) ? CIRCLAUNCH_NEED_CAPACITY : 0;
484  flags |= (bstate->is_internal) ? CIRCLAUNCH_IS_INTERNAL : 0;
485 
486  /* We do NOT add the onehop tunnel flag even though it might be a single
487  * onion service. The reason is that if we failed once to connect to the RP
488  * with a direct connection, we consider that chances are that we will fail
489  * again so try a 3-hop circuit and hope for the best. Because the service
490  * has no anonymity (single onion), this change of behavior won't affect
491  * security directly. */
492 
494  bstate->chosen_exit, flags);
495  if (new_circ == NULL) {
496  log_warn(LD_REND, "Failed to launch rendezvous circuit to %s",
497  safe_str_client(extend_info_describe(bstate->chosen_exit)));
498  goto done;
499  }
500 
501  /* Transfer build state information to the new circuit state in part to
502  * catch any other failures. */
503  new_circ->build_state->failure_count = bstate->failure_count+1;
504  new_circ->build_state->expiry_time = bstate->expiry_time;
505  new_circ->hs_ident = hs_ident_circuit_dup(circ->hs_ident);
506 
507  done:
508  return;
509 }
510 
511 /** Using the given descriptor intro point ip, the node of the
512  * rendezvous point rp_node and the service's subcredential, populate the
513  * already allocated intro1_data object with the needed key material and link
514  * specifiers.
515  *
516  * Return 0 on success or a negative value if we couldn't properly filled the
517  * introduce1 data from the RP node. In other word, it means the RP node is
518  * unusable to use in the introduction. */
519 static int
521  const node_t *rp_node,
522  const hs_subcredential_t *subcredential,
523  hs_cell_introduce1_data_t *intro1_data)
524 {
525  int ret = -1;
526  smartlist_t *rp_lspecs;
527 
528  tor_assert(ip);
529  tor_assert(rp_node);
530  tor_assert(subcredential);
531  tor_assert(intro1_data);
532 
533  /* Build the link specifiers from the node at the end of the rendezvous
534  * circuit that we opened for this introduction. */
535  rp_lspecs = node_get_link_specifier_smartlist(rp_node, 0);
536  if (smartlist_len(rp_lspecs) == 0) {
537  /* We can't rendezvous without link specifiers. */
538  smartlist_free(rp_lspecs);
539  goto end;
540  }
541 
542  /* Populate the introduce1 data object. */
543  memset(intro1_data, 0, sizeof(hs_cell_introduce1_data_t));
544  intro1_data->auth_pk = &ip->auth_key_cert->signed_key;
545  intro1_data->enc_pk = &ip->enc_key;
546  intro1_data->subcredential = subcredential;
547  intro1_data->link_specifiers = rp_lspecs;
548  intro1_data->onion_pk = node_get_curve25519_onion_key(rp_node);
549  if (intro1_data->onion_pk == NULL) {
550  /* We can't rendezvous without the curve25519 onion key. */
551  goto end;
552  }
553  /* Success, we have valid introduce data. */
554  ret = 0;
555 
556  end:
557  return ret;
558 }
559 
560 /** Helper: cleanup function for client circuit. This is for every HS version.
561  * It is called from hs_circ_cleanup_on_close() entry point. */
562 static void
564 {
565  tor_assert(circ);
566 
567  if (circuit_is_hs_v3(circ)) {
569  }
570  /* It is possible the circuit has an HS purpose but no identifier (hs_ident).
571  * Thus possible that this passes through. */
572 }
573 
574 /** Helper: cleanup function for client circuit. This is for every HS version.
575  * It is called from hs_circ_cleanup_on_free() entry point. */
576 static void
578 {
579  tor_assert(circ);
580 
581  if (circuit_is_hs_v3(circ)) {
583  }
584  /* It is possible the circuit has an HS purpose but no identifier (hs_ident).
585  * Thus possible that this passes through. */
586 }
587 
588 /* ========== */
589 /* Public API */
590 /* ========== */
591 
592 /** Return an introduction point circuit matching the given intro point object.
593  * NULL is returned is no such circuit can be found. */
596 {
597  tor_assert(ip);
598 
600 }
601 
602 /** Return an introduction point established circuit matching the given intro
603  * point object. The circuit purpose has to be CIRCUIT_PURPOSE_S_INTRO. NULL
604  * is returned is no such circuit can be found. */
607 {
608  origin_circuit_t *circ;
609 
610  tor_assert(ip);
611 
613 
614  /* Only return circuit if it is established. */
615  return (circ && TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO) ?
616  circ : NULL;
617 }
618 
619 /** Called when we fail building a rendezvous circuit at some point other than
620  * the last hop: launches a new circuit to the same rendezvous point.
621  *
622  * We currently relaunch connections to rendezvous points if:
623  * - A rendezvous circuit timed out before connecting to RP.
624  * - The rendezvous circuit failed to connect to the RP.
625  *
626  * We avoid relaunching a connection to this rendezvous point if:
627  * - We have already tried MAX_REND_FAILURES times to connect to this RP,
628  * - We've been trying to connect to this RP for more than MAX_REND_TIMEOUT
629  * seconds, or
630  * - We've already retried this specific rendezvous circuit.
631  */
632 void
634 {
635  tor_assert(circ);
637 
638  /* Check if we are allowed to relaunch to the rendezvous point of circ. */
640  goto done;
641  }
642 
643  /* Flag the circuit that we are relaunching, to avoid to relaunch twice a
644  * circuit to the same rendezvous point at the same time. */
646 
647  /* Legacy services don't have a hidden service ident. */
648  if (circ->hs_ident) {
650  }
651 
652  done:
653  return;
654 }
655 
656 /** For a given service and a service intro point, launch a circuit to the
657  * extend info ei. If the service is a single onion, and direct_conn is true,
658  * a one-hop circuit will be requested.
659  *
660  * Return 0 if the circuit was successfully launched and tagged
661  * with the correct identifier. On error, a negative value is returned. */
662 int
664  const hs_service_intro_point_t *ip,
665  extend_info_t *ei,
666  bool direct_conn)
667 {
668  /* Standard flags for introduction circuit. */
669  int ret = -1, circ_flags = CIRCLAUNCH_NEED_UPTIME | CIRCLAUNCH_IS_INTERNAL;
670  origin_circuit_t *circ;
671 
672  tor_assert(service);
673  tor_assert(ip);
674  tor_assert(ei);
675 
676  /* Update circuit flags in case of a single onion service that requires a
677  * direct connection. */
678  tor_assert_nonfatal(ip->circuit_retries > 0);
679  /* Only single onion services can make direct conns */
680  if (BUG(!service->config.is_single_onion && direct_conn)) {
681  goto end;
682  }
683  /* We only use a one-hop path on the first attempt. If the first attempt
684  * fails, we use a 3-hop path for reachability / reliability. */
685  if (direct_conn && ip->circuit_retries == 1) {
686  circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
687  }
688 
689  log_info(LD_REND, "Launching a circuit to intro point %s for service %s.",
690  safe_str_client(extend_info_describe(ei)),
691  safe_str_client(service->onion_address));
692 
693  /* Note down the launch for the retry period. Even if the circuit fails to
694  * be launched, we still want to respect the retry period to avoid stress on
695  * the circuit subsystem. */
696  service->state.num_intro_circ_launched++;
698  ei, circ_flags);
699  if (circ == NULL) {
700  goto end;
701  }
702 
703  /* Setup the circuit identifier and attach it to it. */
704  circ->hs_ident = create_intro_circuit_identifier(service, ip);
705  tor_assert(circ->hs_ident);
706  /* Register circuit in the global circuitmap. */
707  register_intro_circ(ip, circ);
708 
709  /* Success. */
710  ret = 0;
711  end:
712  return ret;
713 }
714 
715 /** Called when a service introduction point circuit is done building. Given
716  * the service and intro point object, this function will send the
717  * ESTABLISH_INTRO cell on the circuit. Return 0 on success. Return 1 if the
718  * circuit has been repurposed to General because we already have too many
719  * opened. */
720 int
723  const hs_service_descriptor_t *desc,
724  origin_circuit_t *circ)
725 {
726  int ret = 0;
727  unsigned int num_intro_circ, num_needed_circ;
728 
729  tor_assert(service);
730  tor_assert(ip);
731  tor_assert(desc);
732  tor_assert(circ);
733 
734  /* Count opened circuits that have sent ESTABLISH_INTRO cells or are already
735  * established introduction circuits */
736  num_intro_circ = count_opened_desc_intro_point_circuits(service, desc);
737  num_needed_circ = service->config.num_intro_points;
738  if (num_intro_circ > num_needed_circ) {
739  /* There are too many opened valid intro circuit for what the service
740  * needs so repurpose this one. */
741 
742  /* XXX: Legacy code checks options->ExcludeNodes and if not NULL it just
743  * closes the circuit. I have NO idea why it does that so it hasn't been
744  * added here. I can only assume in case our ExcludeNodes list changes but
745  * in that case, all circuit are flagged unusable (config.c). --dgoulet */
746 
747  log_info(LD_CIRC | LD_REND, "Introduction circuit just opened but we "
748  "have enough for service %s. Repurposing "
749  "it to general and leaving internal.",
750  safe_str_client(service->onion_address));
752  /* Remove it from the circuitmap. */
754  /* Cleaning up the hidden service identifier and repurpose. */
755  hs_ident_circuit_free(circ->hs_ident);
756  circ->hs_ident = NULL;
757  if (circuit_should_use_vanguards(TO_CIRCUIT(circ)->purpose))
759  else
761 
762  /* Inform that this circuit just opened for this new purpose. */
763  circuit_has_opened(circ);
764  /* This return value indicate to the caller that the IP object should be
765  * removed from the service because it's corresponding circuit has just
766  * been repurposed. */
767  ret = 1;
768  goto done;
769  }
770 
771  log_info(LD_REND, "Introduction circuit %u established for service %s.",
772  TO_CIRCUIT(circ)->n_circ_id,
773  safe_str_client(service->onion_address));
775 
776  /* Time to send an ESTABLISH_INTRO cell on this circuit. On error, this call
777  * makes sure the circuit gets closed. */
778  send_establish_intro(service, ip, circ);
779 
780  done:
781  return ret;
782 }
783 
784 /** Called when a service rendezvous point circuit is done building. Given the
785  * service and the circuit, this function will send a RENDEZVOUS1 cell on the
786  * circuit using the information in the circuit identifier. If the cell can't
787  * be sent, the circuit is closed. */
788 void
790  origin_circuit_t *circ)
791 {
792  size_t payload_len;
793  uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
794 
795  tor_assert(service);
796  tor_assert(circ);
797  tor_assert(circ->hs_ident);
798 
799  /* Some useful logging. */
800  log_info(LD_REND, "Rendezvous circuit %u has opened with cookie %s "
801  "for service %s",
802  TO_CIRCUIT(circ)->n_circ_id,
803  hex_str((const char *) circ->hs_ident->rendezvous_cookie,
805  safe_str_client(service->onion_address));
807 
808  /* This can't fail. */
809  payload_len = hs_cell_build_rendezvous1(
811  sizeof(circ->hs_ident->rendezvous_cookie),
813  sizeof(circ->hs_ident->rendezvous_handshake_info),
814  payload);
815 
816  /* Pad the payload with random bytes so it matches the size of a legacy cell
817  * which is normally always bigger. Also, the size of a legacy cell is
818  * always smaller than the RELAY_PAYLOAD_SIZE so this is safe. */
819  if (payload_len < HS_LEGACY_RENDEZVOUS_CELL_SIZE) {
820  crypto_rand((char *) payload + payload_len,
821  HS_LEGACY_RENDEZVOUS_CELL_SIZE - payload_len);
822  payload_len = HS_LEGACY_RENDEZVOUS_CELL_SIZE;
823  }
824 
825  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
826  RELAY_COMMAND_RENDEZVOUS1,
827  (const char *) payload, payload_len,
828  circ->cpath->prev) < 0) {
829  /* On error, circuit is closed. */
830  log_warn(LD_REND, "Unable to send RENDEZVOUS1 cell on circuit %u "
831  "for service %s",
832  TO_CIRCUIT(circ)->n_circ_id,
833  safe_str_client(service->onion_address));
834  goto done;
835  }
836 
837  /* Setup end-to-end rendezvous circuit between the client and us. */
840  sizeof(circ->hs_ident->rendezvous_ntor_key_seed),
841  1) < 0) {
842  log_warn(LD_GENERAL, "Failed to setup circ");
843  goto done;
844  }
845 
846  done:
847  memwipe(payload, 0, sizeof(payload));
848 }
849 
850 /** Circ has been expecting an INTRO_ESTABLISHED cell that just arrived. Handle
851  * the INTRO_ESTABLISHED cell payload of length payload_len arriving on the
852  * given introduction circuit circ. The service is only used for logging
853  * purposes. Return 0 on success else a negative value. */
854 int
856  const hs_service_intro_point_t *ip,
857  origin_circuit_t *circ,
858  const uint8_t *payload, size_t payload_len)
859 {
860  int ret = -1;
861 
862  tor_assert(service);
863  tor_assert(ip);
864  tor_assert(circ);
865  tor_assert(payload);
866 
867  if (BUG(TO_CIRCUIT(circ)->purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO)) {
868  goto done;
869  }
870 
871  /* Try to parse the payload into a cell making sure we do actually have a
872  * valid cell. */
873  if (hs_cell_parse_intro_established(payload, payload_len) < 0) {
874  log_warn(LD_REND, "Unable to parse the INTRO_ESTABLISHED cell on "
875  "circuit %u for service %s",
876  TO_CIRCUIT(circ)->n_circ_id,
877  safe_str_client(service->onion_address));
878  goto done;
879  }
880 
881  /* Switch the purpose to a fully working intro point. */
883  /* Getting a valid INTRODUCE_ESTABLISHED means we've successfully used the
884  * circuit so update our pathbias subsystem. */
886  /* Success. */
887  ret = 0;
888 
889  done:
890  return ret;
891 }
892 
893 /**
894  * Go into <b>data</b> and add the right subcredential to be able to handle
895  * this incoming cell.
896  *
897  * <b>desc_subcred</b> is the subcredential of the descriptor that corresponds
898  * to the intro point that received this intro request. This subcredential
899  * should be used if we are not an onionbalance instance.
900  *
901  * Return 0 if everything went well, or -1 in case of internal error.
902  */
903 static int
906  const hs_subcredential_t *desc_subcred)
907 {
908  /* Handle the simple case first: We are not an onionbalance instance and we
909  * should just use the regular descriptor subcredential */
910  if (!hs_ob_service_is_instance(service)) {
911  data->n_subcredentials = 1;
912  data->subcredentials = desc_subcred;
913  return 0;
914  }
915 
916  /* This should not happen since we should have made onionbalance
917  * subcredentials when we created our descriptors. */
918  if (BUG(!service->state.ob_subcreds)) {
919  return -1;
920  }
921 
922  /* We are an onionbalance instance: */
923  data->n_subcredentials = service->state.n_ob_subcreds;
924  data->subcredentials = service->state.ob_subcreds;
925 
926  return 0;
927 }
928 
929 /** We just received an INTRODUCE2 cell on the established introduction circuit
930  * circ. Handle the INTRODUCE2 payload of size payload_len for the given
931  * circuit and service. This cell is associated with the intro point object ip
932  * and the subcredential. Return 0 on success else a negative value. */
933 int
935  const origin_circuit_t *circ,
937  const hs_subcredential_t *subcredential,
938  const uint8_t *payload, size_t payload_len)
939 {
940  int ret = -1;
941  time_t elapsed;
943 
944  tor_assert(service);
945  tor_assert(circ);
946  tor_assert(ip);
947  tor_assert(subcredential);
948  tor_assert(payload);
949 
950  /* Populate the data structure with everything we need for the cell to be
951  * parsed, decrypted and key material computed correctly. */
952  data.auth_pk = &ip->auth_key_kp.pubkey;
953  data.enc_kp = &ip->enc_key_kp;
954  data.payload = payload;
955  data.payload_len = payload_len;
957  data.replay_cache = ip->replay_cache;
958 
960  &data, subcredential)) {
961  goto done;
962  }
963 
964  if (hs_cell_parse_introduce2(&data, circ, service) < 0) {
965  goto done;
966  }
967 
968  /* Check whether we've seen this REND_COOKIE before to detect repeats. */
971  data.rendezvous_cookie, sizeof(data.rendezvous_cookie),
972  &elapsed)) {
973  /* A Tor client will send a new INTRODUCE1 cell with the same REND_COOKIE
974  * as its previous one if its intro circ times out while in state
975  * CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT. If we received the first
976  * INTRODUCE1 cell (the intro-point relay converts it into an INTRODUCE2
977  * cell), we are already trying to connect to that rend point (and may
978  * have already succeeded); drop this cell. */
979  log_info(LD_REND, "We received an INTRODUCE2 cell with same REND_COOKIE "
980  "field %ld seconds ago. Dropping cell.",
981  (long int) elapsed);
982  goto done;
983  }
984 
985  /* At this point, we just confirmed that the full INTRODUCE2 cell is valid
986  * so increment our counter that we've seen one on this intro point. */
987  ip->introduce2_count++;
988 
989  /* Launch rendezvous circuit with the onion key and rend cookie. */
990  launch_rendezvous_point_circuit(service, ip, &data);
991  /* Success. */
992  ret = 0;
993 
994  done:
995  link_specifier_smartlist_free(data.link_specifiers);
996  memwipe(&data, 0, sizeof(data));
997  return ret;
998 }
999 
1000 /** Circuit <b>circ</b> just finished the rend ntor key exchange. Use the key
1001  * exchange output material at <b>ntor_key_seed</b> and setup <b>circ</b> to
1002  * serve as a rendezvous end-to-end circuit between the client and the
1003  * service. If <b>is_service_side</b> is set, then we are the hidden service
1004  * and the other side is the client.
1005  *
1006  * Return 0 if the operation went well; in case of error return -1. */
1007 int
1009  const uint8_t *ntor_key_seed, size_t seed_len,
1010  int is_service_side)
1011 {
1012  if (BUG(!circuit_purpose_is_correct_for_rend(TO_CIRCUIT(circ)->purpose,
1013  is_service_side))) {
1014  return -1;
1015  }
1016 
1017  crypt_path_t *hop = create_rend_cpath(ntor_key_seed, seed_len,
1018  is_service_side);
1019  if (!hop) {
1020  log_warn(LD_REND, "Couldn't get v3 %s cpath!",
1021  is_service_side ? "service-side" : "client-side");
1022  return -1;
1023  }
1024 
1025  finalize_rend_circuit(circ, hop, is_service_side);
1026 
1027  return 0;
1028 }
1029 
1030 /** Given the introduction circuit intro_circ, the rendezvous circuit
1031  * rend_circ, a descriptor intro point object ip and the service's
1032  * subcredential, send an INTRODUCE1 cell on intro_circ.
1033  *
1034  * This will also setup the circuit identifier on rend_circ containing the key
1035  * material for the handshake and e2e encryption. Return 0 on success else
1036  * negative value. Because relay_send_command_from_edge() closes the circuit
1037  * on error, it is possible that intro_circ is closed on error. */
1038 int
1040  origin_circuit_t *rend_circ,
1041  const hs_desc_intro_point_t *ip,
1042  const hs_subcredential_t *subcredential)
1043 {
1044  int ret = -1;
1045  ssize_t payload_len;
1046  uint8_t payload[RELAY_PAYLOAD_SIZE] = {0};
1047  hs_cell_introduce1_data_t intro1_data;
1048 
1049  tor_assert(intro_circ);
1050  tor_assert(rend_circ);
1051  tor_assert(ip);
1052  tor_assert(subcredential);
1053 
1054  /* It is undefined behavior in hs_cell_introduce1_data_clear() if intro1_data
1055  * has been declared on the stack but not initialized. Here, we set it to 0.
1056  */
1057  memset(&intro1_data, 0, sizeof(hs_cell_introduce1_data_t));
1058 
1059  /* This takes various objects in order to populate the introduce1 data
1060  * object which is used to build the content of the cell. */
1061  const node_t *exit_node = build_state_get_exit_node(rend_circ->build_state);
1062  if (exit_node == NULL) {
1063  log_info(LD_REND, "Unable to get rendezvous point for circuit %u. "
1064  "Failing.", TO_CIRCUIT(intro_circ)->n_circ_id);
1065  goto done;
1066  }
1067 
1068  /* We should never select an invalid rendezvous point in theory but if we
1069  * do, this function will fail to populate the introduce data. */
1070  if (setup_introduce1_data(ip, exit_node, subcredential, &intro1_data) < 0) {
1071  log_info(LD_REND, "Unable to setup INTRODUCE1 data. The chosen rendezvous "
1072  "point is unusable. Closing circuit.");
1073  goto close;
1074  }
1075 
1076  /* Final step before we encode a cell, we setup the circuit identifier which
1077  * will generate both the rendezvous cookie and client keypair for this
1078  * connection. Those are put in the ident. */
1079  intro1_data.rendezvous_cookie = rend_circ->hs_ident->rendezvous_cookie;
1080  intro1_data.client_kp = &rend_circ->hs_ident->rendezvous_client_kp;
1081 
1082  memcpy(intro_circ->hs_ident->rendezvous_cookie,
1083  rend_circ->hs_ident->rendezvous_cookie,
1084  sizeof(intro_circ->hs_ident->rendezvous_cookie));
1085 
1086  /* From the introduce1 data object, this will encode the INTRODUCE1 cell
1087  * into payload which is then ready to be sent as is. */
1088  payload_len = hs_cell_build_introduce1(&intro1_data, payload);
1089  if (BUG(payload_len < 0)) {
1090  goto close;
1091  }
1092 
1093  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(intro_circ),
1094  RELAY_COMMAND_INTRODUCE1,
1095  (const char *) payload, payload_len,
1096  intro_circ->cpath->prev) < 0) {
1097  /* On error, circuit is closed. */
1098  log_warn(LD_REND, "Unable to send INTRODUCE1 cell on circuit %u.",
1099  TO_CIRCUIT(intro_circ)->n_circ_id);
1100  goto done;
1101  }
1102 
1103  /* Success. */
1104  ret = 0;
1105  goto done;
1106 
1107  close:
1108  circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
1109  done:
1110  hs_cell_introduce1_data_clear(&intro1_data);
1111  memwipe(payload, 0, sizeof(payload));
1112  return ret;
1113 }
1114 
1115 /** Send an ESTABLISH_RENDEZVOUS cell along the rendezvous circuit circ. On
1116  * success, 0 is returned else -1 and the circuit is marked for close. */
1117 int
1119 {
1120  ssize_t cell_len = 0;
1121  uint8_t cell[RELAY_PAYLOAD_SIZE] = {0};
1122 
1123  tor_assert(circ);
1125 
1126  log_info(LD_REND, "Send an ESTABLISH_RENDEZVOUS cell on circuit %u",
1127  TO_CIRCUIT(circ)->n_circ_id);
1128 
1129  /* Set timestamp_dirty, because circuit_expire_building expects it,
1130  * and the rend cookie also means we've used the circ. */
1131  TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
1132 
1133  /* We've attempted to use this circuit. Probe it if we fail */
1135 
1136  /* Generate the RENDEZVOUS_COOKIE and place it in the identifier so we can
1137  * complete the handshake when receiving the acknowledgement. */
1139  /* Generate the client keypair. No need to be extra strong, not long term */
1141 
1142  cell_len =
1144  cell);
1145  if (BUG(cell_len < 0)) {
1146  goto err;
1147  }
1148 
1149  if (relay_send_command_from_edge(CONTROL_CELL_ID, TO_CIRCUIT(circ),
1150  RELAY_COMMAND_ESTABLISH_RENDEZVOUS,
1151  (const char *) cell, cell_len,
1152  circ->cpath->prev) < 0) {
1153  /* Circuit has been marked for close */
1154  log_warn(LD_REND, "Unable to send ESTABLISH_RENDEZVOUS cell on "
1155  "circuit %u", TO_CIRCUIT(circ)->n_circ_id);
1156  memwipe(cell, 0, cell_len);
1157  goto err;
1158  }
1159 
1160  memwipe(cell, 0, cell_len);
1161  return 0;
1162  err:
1163  return -1;
1164 }
1165 
1166 /** Circuit cleanup strategy:
1167  *
1168  * What follows is a series of functions that notifies the HS subsystem of 3
1169  * different circuit cleanup phase: close, free and repurpose.
1170  *
1171  * Tor can call any of those in any orders so they have to be safe between
1172  * each other. In other words, the free should never depend on close to be
1173  * called before.
1174  *
1175  * The "on_close()" is called from circuit_mark_for_close() which is
1176  * considered the tor fast path and thus as little work as possible should
1177  * done in that function. Currently, we only remove the circuit from the HS
1178  * circuit map and move on.
1179  *
1180  * The "on_free()" is called from circuit circuit_free_() and it is very
1181  * important that at the end of the function, no state or objects related to
1182  * this circuit remains alive.
1183  *
1184  * The "on_repurpose()" is called from circuit_change_purpose() for which we
1185  * simply remove it from the HS circuit map. We do not have other cleanup
1186  * requirements after that.
1187  *
1188  * NOTE: The onion service code, specifically the service code, cleans up
1189  * lingering objects or state if any of its circuit disappear which is why
1190  * our cleanup strategy doesn't involve any service specific actions. As long
1191  * as the circuit is removed from the HS circuit map, it won't be used.
1192  */
1193 
1194 /** We are about to close this <b>circ</b>. Clean it up from any related HS
1195  * data structures. This function can be called multiple times safely for the
1196  * same circuit. */
1197 void
1199 {
1200  tor_assert(circ);
1201 
1204  }
1205 
1207  if (circuit_is_hs_v3(circ)) {
1209  }
1210  }
1211 
1212  /* On close, we simply remove it from the circuit map. It can not be used
1213  * anymore. We keep this code path fast and lean. */
1214 
1215  if (circ->hs_token) {
1217  }
1218 }
1219 
1220 /** We are about to free this <b>circ</b>. Clean it up from any related HS
1221  * data structures. This function can be called multiple times safely for the
1222  * same circuit. */
1223 void
1225 {
1226  tor_assert(circ);
1227 
1228  /* NOTE: Bulk of the work of cleaning up a circuit is done here. */
1229 
1232  }
1233 
1234  /* We have no assurance that the given HS circuit has been closed before and
1235  * thus removed from the HS map. This actually happens in unit tests. */
1236  if (circ->hs_token) {
1238  }
1239 }
1240 
1241 /** We are about to repurpose this <b>circ</b>. Clean it up from any related
1242  * HS data structures. This function can be called multiple times safely for
1243  * the same circuit. */
1244 void
1246 {
1247  tor_assert(circ);
1248 
1249  /* On repurpose, we simply remove it from the circuit map but we do not do
1250  * the on_free actions since we don't treat a repurpose as something we need
1251  * to report in the client cache failure. */
1252 
1253  if (circ->hs_token) {
1255  }
1256 }
1257 
1258 /** Return true iff the given established client rendezvous circuit was sent
1259  * into the INTRODUCE1 cell. This is called so we can take a decision on
1260  * expiring or not the circuit.
1261  *
1262  * The caller MUST make sure the circuit is an established client rendezvous
1263  * circuit (purpose: CIRCUIT_PURPOSE_C_REND_READY).
1264  *
1265  * This function supports all onion service versions. */
1266 bool
1268 {
1269  tor_assert(circ);
1270  /* This can only be called for a rendezvous circuit that is an established
1271  * confirmed rendezsvous circuit but without an introduction ACK. */
1273 
1274  /* When the INTRODUCE1 cell is sent, the introduction encryption public
1275  * key is copied in the rendezvous circuit hs identifier. If it is a valid
1276  * key, we know that this circuit is waiting the ACK on the introduction
1277  * circuit. We want to _not_ spare the circuit if the key was never set. */
1278 
1279  if (circ->hs_ident) {
1280  /* v3. */
1282  return true;
1283  }
1284  } else {
1285  /* A circuit with an HS purpose without an hs_ident in theory can not
1286  * happen. In case, scream loudly and return false to the caller that the
1287  * rendezvous was not sent in the INTRO1 cell. */
1289  }
1290 
1291  /* The rendezvous has not been specified in the INTRODUCE1 cell. */
1292  return false;
1293 }
const char * hex_str(const char *from, size_t fromlen)
Definition: binascii.c:34
void pathbias_count_use_attempt(origin_circuit_t *circ)
Definition: circpathbias.c:604
void pathbias_mark_use_success(origin_circuit_t *circ)
Definition: circpathbias.c:661
void circuit_log_path(int severity, unsigned int domain, origin_circuit_t *circ)
Definition: circuitbuild.c:351
const node_t * build_state_get_exit_node(cpath_build_state_t *state)
Header file for circuitbuild.c.
int32_t circuit_initial_package_window(void)
Definition: circuitlist.c:975
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_S_CONNECT_REND
Definition: circuitlist.h:107
#define CIRCUIT_STATE_OPEN
Definition: circuitlist.h:32
#define CIRCUIT_PURPOSE_C_REND_JOINED
Definition: circuitlist.h:88
#define CIRCUIT_PURPOSE_S_INTRO
Definition: circuitlist.h:104
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
Definition: circuitlist.h:86
#define CIRCUIT_PURPOSE_S_REND_JOINED
Definition: circuitlist.h:110
#define CIRCUIT_PURPOSE_C_REND_READY
Definition: circuitlist.h:83
#define CIRCUIT_PURPOSE_S_ESTABLISH_INTRO
Definition: circuitlist.h:101
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND
Definition: circuitlist.h:81
#define CIRCUIT_PURPOSE_C_GENERAL
Definition: circuitlist.h:70
#define CIRCUIT_PURPOSE_HS_VANGUARDS
Definition: circuitlist.h:131
bool circuit_is_hs_v3(const circuit_t *circ)
Definition: circuituse.c:2006
bool circuit_purpose_is_hs_service(const uint8_t purpose)
Definition: circuituse.c:1991
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Definition: circuituse.c:3074
int circuit_should_use_vanguards(uint8_t purpose)
Definition: circuituse.c:2023
void circuit_has_opened(origin_circuit_t *circ)
Definition: circuituse.c:1680
bool circuit_purpose_is_hs_client(const uint8_t purpose)
Definition: circuituse.c:1983
origin_circuit_t * circuit_launch_by_extend_info(uint8_t purpose, extend_info_t *extend_info, int flags)
Definition: circuituse.c:2100
void circuit_try_attaching_streams(origin_circuit_t *circ)
Definition: circuituse.c:1755
Header file for circuituse.c.
#define CIRCLAUNCH_NEED_CAPACITY
Definition: circuituse.h:43
#define CIRCLAUNCH_ONEHOP_TUNNEL
Definition: circuituse.h:39
#define CIRCLAUNCH_IS_INTERNAL
Definition: circuituse.h:46
#define CIRCLAUNCH_NEED_UPTIME
Definition: circuituse.h:41
Header file for config.c.
Circuit-build-stse structure.
int cpath_init_circuit_crypto(crypt_path_t *cpath, const char *key_data, size_t key_data_len, int reverse, int is_hs_v3)
Definition: crypt_path.c:147
void cpath_extend_linked_list(crypt_path_t **head_ptr, crypt_path_t *new_hop)
Definition: crypt_path.c:41
Header file for crypt_path.c.
Path structures for origin circuits.
int curve25519_keypair_generate(curve25519_keypair_t *keypair_out, int extra_strong)
int curve25519_public_key_is_ok(const curve25519_public_key_t *key)
Headers for crypto_dh.c.
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
void crypto_rand(char *to, size_t n)
Definition: crypto_rand.c:477
Common functions for using (pseudo-)random number generators.
void memwipe(void *mem, uint8_t byte, size_t sz)
Definition: crypto_util.c:55
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
Definition: describe.c:224
Header file for describe.c.
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Header for core/or/extendinfo.c.
ssize_t hs_cell_build_establish_rendezvous(const uint8_t *rendezvous_cookie, uint8_t *cell_out)
Definition: hs_cell.c:985
ssize_t hs_cell_parse_intro_established(const uint8_t *payload, size_t payload_len)
Definition: hs_cell.c:677
ssize_t hs_cell_build_establish_intro(const char *circ_nonce, const hs_service_config_t *service_config, const hs_service_intro_point_t *ip, uint8_t *cell_out)
Definition: hs_cell.c:563
void hs_cell_introduce1_data_clear(hs_cell_introduce1_data_t *data)
Definition: hs_cell.c:1052
ssize_t hs_cell_build_rendezvous1(const uint8_t *rendezvous_cookie, size_t rendezvous_cookie_len, const uint8_t *rendezvous_handshake_info, size_t rendezvous_handshake_info_len, uint8_t *cell_out)
Definition: hs_cell.c:910
ssize_t hs_cell_build_introduce1(const hs_cell_introduce1_data_t *data, uint8_t *cell_out)
Definition: hs_cell.c:945
ssize_t hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, const origin_circuit_t *circ, const hs_service_t *service)
Definition: hs_cell.c:768
Header file containing cell data for the whole HS subsystem.
STATIC hs_ident_circuit_t * create_rp_circuit_identifier(const hs_service_t *service, const uint8_t *rendezvous_cookie, const curve25519_public_key_t *server_pk, const hs_ntor_rend_cell_keys_t *keys)
Definition: hs_circuit.c:189
void hs_circ_service_rp_has_opened(const hs_service_t *service, origin_circuit_t *circ)
Definition: hs_circuit.c:789
static int get_subcredential_for_handling_intro2_cell(const hs_service_t *service, hs_cell_introduce2_data_t *data, const hs_subcredential_t *desc_subcred)
Definition: hs_circuit.c:904
void hs_circ_cleanup_on_repurpose(circuit_t *circ)
Definition: hs_circuit.c:1245
static void cleanup_on_close_client_circ(circuit_t *circ)
Definition: hs_circuit.c:563
static void register_intro_circ(const hs_service_intro_point_t *ip, origin_circuit_t *circ)
Definition: hs_circuit.c:144
origin_circuit_t * hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:606
int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, extend_info_t *ei, bool direct_conn)
Definition: hs_circuit.c:663
static void finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop, int is_service_side)
Definition: hs_circuit.c:110
static hs_ident_circuit_t * create_intro_circuit_identifier(const hs_service_t *service, const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:228
STATIC void launch_rendezvous_point_circuit(const hs_service_t *service, const hs_service_intro_point_t *ip, const hs_cell_introduce2_data_t *data)
Definition: hs_circuit.c:311
static const char * get_service_anonymity_string(const hs_service_t *service)
Definition: hs_circuit.c:294
int hs_circ_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ, const hs_desc_intro_point_t *ip, const hs_subcredential_t *subcredential)
Definition: hs_circuit.c:1039
static void retry_service_rendezvous_point(const origin_circuit_t *circ)
Definition: hs_circuit.c:464
static crypt_path_t * create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len, int is_service_side)
Definition: hs_circuit.c:80
int hs_circ_service_intro_has_opened(hs_service_t *service, hs_service_intro_point_t *ip, const hs_service_descriptor_t *desc, origin_circuit_t *circ)
Definition: hs_circuit.c:721
static void cleanup_on_free_client_circ(circuit_t *circ)
Definition: hs_circuit.c:577
void hs_circ_cleanup_on_close(circuit_t *circ)
Definition: hs_circuit.c:1198
static void send_establish_intro(const hs_service_t *service, hs_service_intro_point_t *ip, origin_circuit_t *circ)
Definition: hs_circuit.c:248
int hs_circ_handle_introduce2(const hs_service_t *service, const origin_circuit_t *circ, hs_service_intro_point_t *ip, const hs_subcredential_t *subcredential, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:934
void hs_circ_retry_service_rendezvous_point(origin_circuit_t *circ)
Definition: hs_circuit.c:633
int hs_circ_handle_intro_established(const hs_service_t *service, const hs_service_intro_point_t *ip, origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
Definition: hs_circuit.c:855
static int can_relaunch_service_rendezvous_point(const origin_circuit_t *circ)
Definition: hs_circuit.c:418
static unsigned int count_opened_desc_intro_point_circuits(const hs_service_t *service, const hs_service_descriptor_t *desc)
Definition: hs_circuit.c:157
origin_circuit_t * hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip)
Definition: hs_circuit.c:595
bool hs_circ_is_rend_sent_in_intro1(const origin_circuit_t *circ)
Definition: hs_circuit.c:1267
static int circuit_purpose_is_correct_for_rend(unsigned int circ_purpose, int is_service_side)
Definition: hs_circuit.c:50
static int setup_introduce1_data(const hs_desc_intro_point_t *ip, const node_t *rp_node, const hs_subcredential_t *subcredential, hs_cell_introduce1_data_t *intro1_data)
Definition: hs_circuit.c:520
int hs_circ_send_establish_rendezvous(origin_circuit_t *circ)
Definition: hs_circuit.c:1118
int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, const uint8_t *ntor_key_seed, size_t seed_len, int is_service_side)
Definition: hs_circuit.c:1008
void hs_circ_cleanup_on_free(circuit_t *circ)
Definition: hs_circuit.c:1224
Header file containing circuit data for the whole HS subsystem.
void hs_circuitmap_remove_circuit(circuit_t *circ)
origin_circuit_t * hs_circuitmap_get_intro_circ_v3_service_side(const ed25519_public_key_t *auth_key)
void hs_circuitmap_register_intro_circ_v3_service_side(origin_circuit_t *circ, const ed25519_public_key_t *auth_key)
Header file for hs_circuitmap.c.
void hs_client_circuit_cleanup_on_close(const circuit_t *circ)
Definition: hs_client.c:1858
void hs_client_circuit_cleanup_on_free(const circuit_t *circ)
Definition: hs_client.c:1889
Header file containing client data for the HS subsystem.
int hs_get_service_max_rend_failures(void)
Definition: hs_common.c:233
extend_info_t * hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, const curve25519_public_key_t *onion_key, int direct_conn)
Definition: hs_common.c:1596
int hs_service_requires_uptime_circ(const smartlist_t *ports)
Definition: hs_common.c:1016
#define HS_LEGACY_RENDEZVOUS_CELL_SIZE
Definition: hs_common.h:128
#define MAX_REND_FAILURES
Definition: hs_common.h:44
#define MAX_REND_TIMEOUT
Definition: hs_common.h:47
hs_ident_circuit_t * hs_ident_circuit_dup(const hs_ident_circuit_t *src)
Definition: hs_ident.c:37
hs_ident_circuit_t * hs_ident_circuit_new(const ed25519_public_key_t *identity_pk)
Definition: hs_ident.c:16
Header file containing circuit and connection identifier data for the whole HS subsystem.
#define HS_REND_COOKIE_LEN
Definition: hs_ident.h:30
Header for feature/hs/hs_metrics.c.
#define hs_metrics_new_rdv(i)
Definition: hs_metrics.h:57
int hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len, uint8_t *keys_out, size_t keys_out_len)
Definition: hs_ntor.c:615
Header for hs_ntor.c.
bool hs_ob_service_is_instance(const hs_service_t *service)
Definition: hs_ob.c:201
Header file for the specific code for onion balance.
void hs_service_circuit_cleanup_on_close(const circuit_t *circ)
Definition: hs_service.c:3660
Header file containing service data for the HS subsystem.
#define log_fn(severity, domain, args,...)
Definition: log.h:283
#define LD_REND
Definition: log.h:84
#define LD_BUG
Definition: log.h:86
#define LD_GENERAL
Definition: log.h:62
#define LD_CIRC
Definition: log.h:82
#define LOG_INFO
Definition: log.h:45
#define tor_free(p)
Definition: malloc.h:52
Node information structure.
const curve25519_public_key_t * node_get_curve25519_onion_key(const node_t *node)
Definition: nodelist.c:2016
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define REND_COOKIE_LEN
Definition: or.h:341
#define TO_CIRCUIT(x)
Definition: or.h:845
#define RELAY_PAYLOAD_SIZE
Definition: or.h:486
#define CIRCWINDOW_START
Definition: or.h:382
Origin circuit structure.
Header file for policies.c.
Header file for relay.c.
Header file for rephist.c.
int replaycache_add_test_and_elapsed(replaycache_t *r, const void *data, size_t len, time_t *elapsed)
Definition: replaycache.c:195
smartlist_t * smartlist_new(void)
struct hs_token_t * hs_token
Definition: circuit_st.h:216
uint8_t state
Definition: circuit_st.h:110
uint16_t marked_for_close
Definition: circuit_st.h:189
uint8_t purpose
Definition: circuit_st.h:111
extend_info_t * chosen_exit
struct crypt_path_t * prev
Definition: crypt_path_st.h:75
uint8_t state
Definition: crypt_path_st.h:68
char rend_circ_nonce[DIGEST_LEN]
Definition: crypt_path_st.h:58
const ed25519_public_key_t * auth_pk
Definition: hs_cell.h:30
const struct hs_subcredential_t * subcredential
Definition: hs_cell.h:34
const curve25519_keypair_t * client_kp
Definition: hs_cell.h:40
const curve25519_public_key_t * enc_pk
Definition: hs_cell.h:32
const uint8_t * rendezvous_cookie
Definition: hs_cell.h:38
const curve25519_public_key_t * onion_pk
Definition: hs_cell.h:36
smartlist_t * link_specifiers
Definition: hs_cell.h:42
curve25519_public_key_t onion_pk
Definition: hs_cell.h:76
const ed25519_public_key_t * auth_pk
Definition: hs_cell.h:55
const curve25519_keypair_t * enc_kp
Definition: hs_cell.h:59
uint8_t rendezvous_cookie[REND_COOKIE_LEN]
Definition: hs_cell.h:78
replaycache_t * replay_cache
Definition: hs_cell.h:84
const struct hs_subcredential_t * subcredentials
Definition: hs_cell.h:67
const uint8_t * payload
Definition: hs_cell.h:69
curve25519_public_key_t client_pk
Definition: hs_cell.h:80
smartlist_t * link_specifiers
Definition: hs_cell.h:82
curve25519_public_key_t enc_key
tor_cert_t * auth_key_cert
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
Definition: hs_ident.h:60
ed25519_public_key_t intro_auth_pk
Definition: hs_ident.h:51
curve25519_keypair_t rendezvous_client_kp
Definition: hs_ident.h:72
curve25519_public_key_t intro_enc_pk
Definition: hs_ident.h:55
uint8_t rendezvous_ntor_key_seed[DIGEST256_LEN]
Definition: hs_ident.h:76
ed25519_public_key_t identity_pk
Definition: hs_ident.h:45
uint8_t rendezvous_handshake_info[CURVE25519_PUBKEY_LEN+DIGEST256_LEN]
Definition: hs_ident.h:68
unsigned int is_single_onion
Definition: hs_service.h:243
smartlist_t * ports
Definition: hs_service.h:214
unsigned int num_intro_points
Definition: hs_service.h:231
hs_service_intropoints_t intro_points
Definition: hs_service.h:163
ed25519_keypair_t auth_key_kp
Definition: hs_service.h:55
replaycache_t * replay_cache
Definition: hs_service.h:85
curve25519_keypair_t enc_key_kp
Definition: hs_service.h:58
digest256map_t * map
Definition: hs_service.h:104
ed25519_public_key_t identity_pk
Definition: hs_service.h:179
replaycache_t * replay_cache_rend_cookie
Definition: hs_service.h:281
unsigned int num_intro_circ_launched
Definition: hs_service.h:274
hs_service_state_t state
Definition: hs_service.h:307
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
Definition: hs_service.h:300
hs_service_config_t config
Definition: hs_service.h:313
hs_service_keys_t keys
Definition: hs_service.h:310
Definition: node_st.h:34
unsigned int hs_service_side_rend_circ_has_been_relaunched
struct hs_ident_circuit_t * hs_ident
crypt_path_t * cpath
cpath_build_state_t * build_state
unsigned int hs_circ_has_timed_out
ed25519_public_key_t signed_key
Definition: torcert.h:32
#define STATIC
Definition: testsupport.h:32
#define MOCK_IMPL(rv, funcname, arglist)
Definition: testsupport.h:133
#define tor_assert_nonfatal_unreached()
Definition: util_bug.h:176
#define tor_assert(expr)
Definition: util_bug.h:102
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20