9 #define HS_CLIENT_PRIVATE
21 #include "feature/client/circpathbias.h"
52 #include "trunnel/hs/cell_introduce1.h"
60 return "Internal error";
62 return "Descriptor fetch launched";
64 return "Already have descriptor";
66 return "No more HSDir available to query";
68 return "Fetching descriptors is not allowed";
70 return "Missing directory information";
72 return "Pending descriptor fetch";
74 return "(Unknown client fetch status code)";
114 time_t now = time(NULL);
127 if (!edge_conn->hs_ident ||
128 (service_identity_pk &&
137 } SMARTLIST_FOREACH_END(base_conn);
140 smartlist_free(conns);
146 cancel_descriptor_fetches(
void)
152 if (BUG(ident == NULL)) {
157 log_debug(
LD_REND,
"Marking for close a directory connection fetching "
158 "a hidden service descriptor for service %s.",
160 connection_mark_for_close(conn);
161 } SMARTLIST_FOREACH_END(conn);
164 smartlist_free(conns);
165 log_info(
LD_REND,
"Hidden service client descriptor fetches cancelled.");
185 if (edge_conn->hs_ident &&
187 service_identity_pk)) {
190 } SMARTLIST_FOREACH_END(conn);
192 smartlist_free(conns);
227 if (BUG(ident == NULL)) {
237 } SMARTLIST_FOREACH_END(conn);
240 smartlist_free(conns);
273 unsigned int count = 0;
274 smartlist_t *entry_conns = find_entry_conns(identity_pk);
278 connection_mark_unattached_ap(entry_conn, reason);
280 } SMARTLIST_FOREACH_END(entry_conn);
285 log_notice(
LD_REND,
"Closed %u streams for service %s.onion "
286 "for reason %s. Fetch status: %s.",
287 count, safe_str_client(onion_address),
293 smartlist_free(entry_conns);
309 if (edge_conn->hs_ident == NULL) {
346 } SMARTLIST_FOREACH_END(entry_conn);
349 smartlist_free(entry_conns);
381 current_time_period, &blinded_pubkey);
397 directory_request_free(req);
399 log_info(
LD_REND,
"Descriptor fetch request for service %s with blinded "
400 "key %s to directory %s",
402 safe_str_client(base64_blinded_pubkey),
410 memwipe(&blinded_pubkey, 0,
sizeof(blinded_pubkey));
411 memwipe(base64_blinded_pubkey, 0,
sizeof(base64_blinded_pubkey));
412 memwipe(&hs_conn_dir_ident, 0,
sizeof(hs_conn_dir_ident));
432 current_time_period, &blinded_pubkey);
440 0, 1, responsible_hsdirs);
442 log_debug(
LD_REND,
"Found %d responsible HSDirs and about to pick one.",
443 smartlist_len(responsible_hsdirs));
447 hsdir_rs =
hs_pick_hsdir(responsible_hsdirs, base64_blinded_pubkey, NULL);
465 log_info(
LD_REND,
"Couldn't pick a v3 hsdir.");
481 if (hsdirs != NULL) {
484 } SMARTLIST_FOREACH_END(hsdir);
533 &ip->auth_key_cert->signed_key)) {
537 } SMARTLIST_FOREACH_END(ip);
559 const link_specifier_t *, lspec) {
562 if (link_specifier_get_ls_type(lspec) != LS_LEGACY_ID) {
566 link_specifier_getconstarray_un_legacy_id(lspec),
573 } SMARTLIST_FOREACH_END(lspec);
574 } SMARTLIST_FOREACH_END(ip);
604 log_info(
LD_REND,
"Sending INTRODUCE1 cell to service %s on circuit %u",
605 safe_str_client(onion_address),
TO_CIRCUIT(intro_circ)->n_circ_id);
612 log_info(
LD_REND,
"Request to %s %s. Trying to fetch a new descriptor.",
613 safe_str_client(onion_address),
614 (desc) ?
"didn't have usable intro points" :
615 "didn't have a descriptor");
632 log_info(
LD_REND,
"Unable to find introduction point for service %s "
633 "while trying to send an INTRODUCE1 cell.",
634 safe_str_client(onion_address));
641 if (
TO_CIRCUIT(intro_circ)->marked_for_close) {
650 INTRO_POINT_FAILURE_GENERIC);
671 TO_CIRCUIT(intro_circ)->timestamp_dirty = time(NULL);
682 if (!
TO_CIRCUIT(intro_circ)->marked_for_close) {
683 circuit_mark_for_close(
TO_CIRCUIT(intro_circ), END_CIRC_REASON_INTERNAL);
685 circuit_mark_for_close(
TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL);
693 memwipe(onion_address, 0,
sizeof(onion_address));
726 log_info(
LD_REND,
"Could not match opened intro circuit with intro point.");
736 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
746 log_info(
LD_REND,
"Introduction circuit %u has opened. Attaching streams.",
779 log_info(
LD_REND,
"Rendezvous node %s did not support v3 after circuit "
785 log_info(
LD_REND,
"Rendezvous circuit has opened to %s.",
841 log_info(
LD_REND,
"Intro point with auth key %s had an error. Not usable",
846 log_info(
LD_REND,
"Intro point with auth key %s timed out. Not usable",
851 log_info(
LD_REND,
"Intro point with auth key %s unreachable. Not usable",
886 log_info(
LD_REND,
"Unable to randomly select an introduction point "
887 "for service %s because descriptor %s. We can't connect.",
888 safe_str_client(onion_address),
889 (desc) ?
"doesn't have any usable intro points"
890 :
"is missing (assuming v3 onion address)");
897 while (smartlist_len(usable_ips) != 0) {
904 ip = smartlist_get(usable_ips, idx);
918 log_info(
LD_REND,
"Unable to select introduction point with auth key %s "
919 "for service %s, because we could not extend to it.",
921 safe_str_client(onion_address));
934 extend_info_free(ei_excluded);
950 log_warn(
LD_REND,
"Every introduction point for service %s is in the "
951 "ExcludeNodes set and StrictNodes is set. We can't connect.",
952 safe_str_client(onion_address));
953 extend_info_free(ei);
956 log_fn(LOG_PROTOCOL_WARN,
LD_REND,
"Every introduction point for service "
957 "%s is unusable or we can't extend to it. We can't connect.",
958 safe_str_client(onion_address));
962 smartlist_free(usable_ips);
963 memwipe(onion_address, 0,
sizeof(onion_address));
987 &ip->auth_key_cert->signed_key);
993 } SMARTLIST_FOREACH_END(ip);
1020 SOCKS5_HS_REND_FAILED;
1043 code = SOCKS5_HS_INTRO_TIMEDOUT;
1089 if (!
TO_CIRCUIT(intro_circ)->marked_for_close) {
1092 circuit_mark_for_close(
TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
1100 circuit_mark_for_close(
TO_CIRCUIT(rend_circ), END_CIRC_REASON_FINISHED);
1116 log_info(
LD_REND,
"Received INTRODUCE_ACK ack! Informing rendezvous");
1122 if (rend_circ == NULL) {
1123 log_info(
LD_REND,
"Can't find any rendezvous circuit. Stopping");
1127 assert_circ_anonymity_ok(rend_circ,
get_options());
1141 TO_CIRCUIT(rend_circ)->timestamp_dirty = time(NULL);
1147 circuit_mark_for_close(
TO_CIRCUIT(intro_circ), END_CIRC_REASON_FINISHED);
1161 log_info(
LD_REND,
"Received INTRODUCE_ACK nack by %s. Reason: %u",
1172 INTRO_POINT_FAILURE_GENERIC);
1183 int status, ret = -1;
1193 case TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS:
1197 case TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID:
1198 case TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT:
1236 sizeof(handshake_info)) < 0) {
1244 if (hs_ntor_client_get_rendezvous1_keys(&ident->
intro_auth_pk,
1248 log_info(
LD_REND,
"Unable to compute the rendezvous keys.");
1255 log_info(
LD_REND,
"Invalid MAC in RENDEZVOUS2. Rejecting cell.");
1261 sizeof(keys.ntor_key_seed), 0) < 0) {
1262 log_info(
LD_REND,
"Unable to setup the e2e encryption.");
1270 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
1272 memwipe(&keys, 0,
sizeof(keys));
1290 log_warn(
LD_REND,
"We received an onion address for a hidden service "
1291 "descriptor but we are configured to not fetch.");
1300 log_info(
LD_REND,
"Can't fetch descriptor for service %s because we "
1301 "are missing a live consensus. Stalling connection.",
1308 log_info(
LD_REND,
"Can't fetch descriptor for service %s because we "
1309 "dont have enough descriptors. Stalling connection.",
1321 log_info(
LD_GENERAL,
"We would fetch a v3 hidden service descriptor "
1322 "but we already have a usable descriptor.");
1330 log_info(
LD_REND,
"Already a pending directory request. Waiting on it.");
1339 *status_out = status;
1356 client_service_authorization_free(auth);
1360 log_info(
LD_REND,
"Client onion service ephemeral authorization "
1361 "cache has been purged.");
1374 return digest256map_get(
client_auths, service_identity_pk->pubkey);
1383 time_t now = time(NULL);
1396 if (BUG(desc == NULL)) {
1401 log_info(
LD_REND,
"Hidden service descriptor is unusable. "
1402 "Closing streams.");
1407 connection_mark_unattached_ap(entry_conn,
1408 END_STREAM_REASON_RESOLVEFAILED);
1415 log_info(
LD_REND,
"Descriptor has arrived. Launching circuits.");
1420 } SMARTLIST_FOREACH_END(entry_conn);
1436 if (status == HS_DESC_DECODE_BAD_CLIENT_AUTH) {
1437 code = SOCKS5_HS_BAD_CLIENT_AUTH;
1438 }
else if (status == HS_DESC_DECODE_NEED_CLIENT_AUTH) {
1439 code = SOCKS5_HS_MISSING_CLIENT_AUTH;
1444 code = SOCKS5_GENERAL_ERROR;
1447 connection_mark_unattached_ap(entry_conn, END_STREAM_REASON_MISC);
1448 } SMARTLIST_FOREACH_END(entry_conn);
1465 switch (decode_status) {
1466 case HS_DESC_DECODE_OK:
1467 case HS_DESC_DECODE_NEED_CLIENT_AUTH:
1468 case HS_DESC_DECODE_BAD_CLIENT_AUTH:
1469 log_info(
LD_REND,
"Stored hidden service descriptor successfully.");
1471 if (decode_status == HS_DESC_DECODE_OK) {
1476 log_info(
LD_REND,
"Stored hidden service descriptor requires "
1477 "%s client authorization.",
1478 decode_status == HS_DESC_DECODE_NEED_CLIENT_AUTH ?
"missing"
1487 case HS_DESC_DECODE_ENCRYPTED_ERROR:
1488 case HS_DESC_DECODE_SUPERENC_ERROR:
1489 case HS_DESC_DECODE_PLAINTEXT_ERROR:
1490 case HS_DESC_DECODE_GENERIC_ERROR:
1492 log_info(
LD_REND,
"Failed to store hidden service descriptor. "
1493 "Descriptor decoding status: %d", decode_status);
1512 log_info(
LD_REND,
"Fetching hidden service v3 descriptor not found: "
1513 "Retrying at another directory.");
1523 SOCKS5_HS_NOT_FOUND;
1524 } SMARTLIST_FOREACH_END(entry_conn);
1533 log_warn(
LD_REND,
"Fetching v3 hidden service descriptor failed: "
1534 "http status 400 (%s). Dirserver didn't like our "
1535 "query? Retrying at another directory.",
1548 const int status_code)
1552 log_warn(
LD_REND,
"Fetching v3 hidden service descriptor failed: "
1553 "http status %d (%s) response unexpected from HSDir "
1554 "server %s'. Retrying at another directory.",
1571 char *full_fname = NULL;
1574 tor_asprintf(&fname,
"%s.auth_private", onion_address);
1591 char *full_fname = NULL;
1592 char *file_contents = NULL;
1600 log_warn(
LD_GENERAL,
"Can't register permanent client auth credentials "
1601 "for %s without ClientOnionAuthDir option. Discarding.",
1621 tor_asprintf(&file_contents,
"%s:descriptor:x25519:%s",
1624 log_warn(
LD_GENERAL,
"Failed to write client auth creds file for %s!",
1642 hs_client_register_auth_status_t
1647 hs_client_register_auth_status_t retval = REGISTER_SUCCESS;
1657 client_service_authorization_free(creds);
1658 return REGISTER_FAIL_BAD_ADDRESS;
1665 client_service_authorization_free(creds);
1666 return REGISTER_FAIL_PERMANENT_STORAGE;
1670 old_creds = digest256map_get(
client_auths, service_identity_pk.pubkey);
1672 digest256map_remove(
client_auths, service_identity_pk.pubkey);
1673 client_service_authorization_free(old_creds);
1674 retval = REGISTER_SUCCESS_ALREADY_EXISTS;
1677 digest256map_set(
client_auths, service_identity_pk.pubkey, creds);
1681 if (hs_cache_client_new_auth_parse(&service_identity_pk)) {
1682 retval = REGISTER_SUCCESS_AND_DECRYPTED;
1697 char *client_key_file_path = NULL;
1698 char *client_key_str = NULL;
1700 log_info(
LD_REND,
"Loading a client authorization key file %s...",
1704 log_notice(
LD_REND,
"Client authorization unrecognized filename %s. "
1705 "File must end in .auth_private. Ignoring.",
1714 client_key_str = read_file_to_str(client_key_file_path, 0, NULL);
1715 if (!client_key_str) {
1716 log_warn(
LD_REND,
"The file %s cannot be read.", filename);
1737 remove_client_auth_creds_file(
const char *filename)
1739 char *creds_file_path = NULL;
1745 log_warn(
LD_REND,
"Failed to remove client auth file (%s).",
1750 log_warn(
LD_REND,
"Successfully removed client auth file (%s).",
1771 log_warn(
LD_REND,
"Found permanent credential but no ClientOnionAuthDir "
1772 "configured. There is no file to be removed.");
1777 if (file_list == NULL) {
1778 log_warn(
LD_REND,
"Client authorization key directory %s can't be listed.",
1794 remove_client_auth_creds_file(filename);
1796 client_service_authorization_free(tmp_cred);
1800 client_service_authorization_free(tmp_cred);
1801 } SMARTLIST_FOREACH_END(filename);
1806 smartlist_free(file_list);
1811 hs_client_removal_auth_status_t
1817 return REMOVAL_SUCCESS_NOT_FOUND;
1821 return REMOVAL_BAD_ADDRESS;
1825 cred = digest256map_remove(
client_auths, service_identity_pk.pubkey);
1837 client_service_authorization_free(cred);
1838 return REMOVAL_SUCCESS;
1841 return REMOVAL_SUCCESS_NOT_FOUND;
1877 if (has_timed_out) {
1892 rend_intro_point_failure_t failure = INTRO_POINT_FAILURE_GENERIC;
1898 orig_circ = CONST_TO_ORIGIN_CIRCUIT(circ);
1903 if (has_timed_out) {
1904 failure = INTRO_POINT_FAILURE_TIMEOUT;
1909 log_info(
LD_REND,
"Failed v3 intro circ for service %s to intro point %s "
1910 "(awaiting ACK). Failure code: %d",
1922 failure = INTRO_POINT_FAILURE_UNREACHABLE;
1923 log_info(
LD_REND,
"Failed v3 intro circ for service %s to intro point %s "
1924 "(while building circuit). Marking as unreachable.",
1943 if (conn->hs_ident) {
1987 client_auth_sk, desc);
1988 memwipe(&subcredential, 0,
sizeof(subcredential));
1989 if (ret != HS_DESC_DECODE_OK) {
1996 tor_cert_t *cert = (*desc)->plaintext_data.signing_key_cert;
1999 log_warn(
LD_GENERAL,
"Descriptor signing key certificate signature "
2000 "doesn't validate with computed blinded key: %s",
2002 ret = HS_DESC_DECODE_GENERIC_ERROR;
2006 return HS_DESC_DECODE_OK;
2025 } SMARTLIST_FOREACH_END(ip);
2052 END_STREAM_REASON_RESOLVEFAILED);
2103 const uint8_t *payload,
size_t payload_len)
2111 log_warn(
LD_PROTOCOL,
"Got a RENDEZVOUS_ESTABLISHED but we were not "
2112 "expecting one. Closing circuit.");
2116 log_info(
LD_REND,
"Received an RENDEZVOUS_ESTABLISHED. This circuit is "
2117 "now ready for rendezvous.");
2122 TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
2136 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2149 memwipe(auth, 0,
sizeof(*auth));
2157 client_service_authorization_free_(auth);
2161 client_service_authorization_free_all(
void)
2175 const char *valid_extension =
".auth_private";
2181 if (!
strcmpend(filename, valid_extension) &&
2182 strlen(filename) != strlen(valid_extension)) {
2201 char *onion_address = NULL;
2202 char *auth_type = NULL;
2203 char *key_type = NULL;
2204 char *seckey_b32 = NULL;
2211 SPLIT_SKIP_SPACE, 0);
2213 if (smartlist_len(fields) != 4) {
2217 onion_address = smartlist_get(fields, 0);
2218 auth_type = smartlist_get(fields, 1);
2219 key_type = smartlist_get(fields, 2);
2220 seckey_b32 = smartlist_get(fields, 3);
2224 if (strcmp(auth_type,
"descriptor") || strcmp(key_type,
"x25519")) {
2229 log_warn(
LD_REND,
"Client authorization encoded base32 private key "
2230 "length is invalid: %s", seckey_b32);
2237 seckey_b32, strlen(seckey_b32)) !=
2239 log_warn(
LD_REND,
"Client authorization encoded base32 private key "
2240 "can't be decoded: %s", seckey_b32);
2246 log_warn(
LD_REND,
"Client authorization private key can't be all-zeroes");
2259 client_service_authorization_free(auth);
2263 memwipe(seckey_b32, 0, strlen(seckey_b32));
2267 smartlist_free(fields);
2280 digest256map_t *auths = digest256map_new();
2298 if (file_list == NULL) {
2299 log_warn(
LD_REND,
"Client authorization key directory %s can't be listed.",
2317 log_warn(
LD_REND,
"The onion address \"%s\" is invalid in "
2319 client_service_authorization_free(auth);
2323 if (digest256map_get(auths, identity_pk.pubkey)) {
2324 log_warn(
LD_REND,
"Duplicate authorization for the same hidden "
2325 "service address %s.",
2327 client_service_authorization_free(auth);
2331 digest256map_set(auths, identity_pk.pubkey, auth);
2332 log_info(
LD_REND,
"Loaded a client authorization key file %s.",
2334 } SMARTLIST_FOREACH_END(filename);
2342 smartlist_free(file_list);
2345 if (!validate_only && ret == 0) {
2346 client_service_authorization_free_all();
2367 const char *body,
const int status_code)
2375 entry_conns = find_entry_conns(&dir_conn->hs_ident->
identity_pk);
2377 switch (status_code) {
2393 smartlist_free(entry_conns);
2412 const uint8_t *payload,
size_t payload_len)
2420 log_warn(
LD_PROTOCOL,
"Unexpected INTRODUCE_ACK on circuit %u.",
2422 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2439 const uint8_t *payload,
size_t payload_len)
2450 log_warn(
LD_PROTOCOL,
"Unexpected RENDEZVOUS2 cell on circuit %u. "
2453 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL);
2457 log_info(
LD_REND,
"Got RENDEZVOUS2 cell from hidden service on circuit %u.",
2484 log_warn(
LD_REND,
"No usable introduction points left. Closing.");
2485 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL);
2490 log_info(
LD_REND,
"Re-extending circ %u, this time to %s.",
2499 TO_CIRCUIT(circ)->timestamp_dirty = time(NULL);
2502 log_info(
LD_REND,
"Closing intro circ %u (out of RELAY_EARLY cells).",
2504 circuit_mark_for_close(
TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED);
2510 extend_info_free(ei);
2542 circuit_mark_for_close(
TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
2552 client_service_authorization_free_all();
2562 cancel_descriptor_fetches();
2572 log_info(
LD_REND,
"Hidden service client state has been purged.");
2585 #ifdef TOR_UNIT_TESTS
2588 set_hs_client_auths_map(digest256map_t *map)
int base32_decode(char *dest, size_t destlen, const char *src, size_t srclen)
void base32_encode(char *dest, size_t destlen, const char *src, size_t srclen)
void pathbias_count_use_attempt(origin_circuit_t *circ)
void pathbias_mark_use_success(origin_circuit_t *circ)
const char * build_state_get_exit_nickname(cpath_build_state_t *state)
int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit_ei)
Header file for circuitbuild.c.
origin_circuit_t * circuit_get_next_intro_circ(const origin_circuit_t *start, bool want_client_circ)
Header file for circuitlist.c.
#define CIRCUIT_PURPOSE_C_REND_JOINED
#define CIRCUIT_IS_ORIGIN(c)
#define CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT
#define CIRCUIT_PURPOSE_C_REND_READY
#define CIRCUIT_PURPOSE_C_INTRODUCE_ACKED
#define CIRCUIT_PURPOSE_C_INTRODUCING
#define CIRCUIT_PURPOSE_C_ESTABLISH_REND
void circuit_change_purpose(circuit_t *circ, uint8_t new_purpose)
Header file for circuituse.c.
const or_options_t * get_options(void)
const char * safe_str_client_opts(const or_options_t *options, const char *address)
Header file for config.c.
void assert_connection_ok(connection_t *conn, time_t now)
const char * connection_describe_peer(const connection_t *conn)
Header file for connection.c.
void connection_ap_mark_as_waiting_for_renddesc(entry_connection_t *entry_conn)
entry_connection_t * EDGE_TO_ENTRY_CONN(edge_connection_t *c)
void connection_ap_attach_pending(int retry)
int connection_edge_is_rendezvous_stream(const edge_connection_t *conn)
edge_connection_t * TO_EDGE_CONN(connection_t *c)
entry_connection_t * TO_ENTRY_CONN(connection_t *c)
Header file for connection_edge.c.
#define AP_CONN_STATE_CIRCUIT_WAIT
#define AP_CONN_STATE_RENDDESC_WAIT
Circuit-build-stse structure.
void ed25519_pubkey_copy(ed25519_public_key_t *dest, const ed25519_public_key_t *src)
int ed25519_pubkey_eq(const ed25519_public_key_t *key1, const ed25519_public_key_t *key2)
Common functions for using (pseudo-)random number generators.
int crypto_rand_int(unsigned int max)
void memwipe(void *mem, uint8_t byte, size_t sz)
Common functions for cryptographic routines.
const char * extend_info_describe(const extend_info_t *ei)
const char * routerstatus_describe(const routerstatus_t *rs)
Header file for describe.c.
#define fast_memneq(a, b, c)
smartlist_t * tor_listdir(const char *dirname)
int check_private_dir(const char *dirname, cpd_check_t check, const char *effective_user)
Client/server directory connection structure.
void directory_request_set_resource(directory_request_t *req, const char *resource)
void directory_request_set_indirection(directory_request_t *req, dir_indirection_t indirection)
void directory_request_set_routerstatus(directory_request_t *req, const routerstatus_t *status)
directory_request_t * directory_request_new(uint8_t dir_purpose)
void directory_initiate_request(directory_request_t *request)
void directory_request_fetch_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident)
Header file for dirclient.c.
struct directory_request_t directory_request_t
dir_connection_t * TO_DIR_CONN(connection_t *c)
Header file for directory.c.
#define DIR_PURPOSE_HAS_FETCHED_HSDESC
#define DIR_PURPOSE_FETCH_HSDESC
Entry connection structure.
#define ENTRY_TO_EDGE_CONN(c)
const char * escaped(const char *s)
Header for core/or/extendinfo.c.
int write_str_to_file(const char *fname, const char *str, int bin)
int tor_unlink(const char *pathname)
void hs_cache_client_intro_state_purge(void)
hs_desc_decode_status_t hs_cache_store_as_client(const char *desc_str, const ed25519_public_key_t *identity_pk)
void hs_cache_remove_as_client(const ed25519_public_key_t *key)
const hs_descriptor_t * hs_cache_lookup_as_client(const ed25519_public_key_t *key)
void hs_cache_client_intro_state_note(const ed25519_public_key_t *service_pk, const ed25519_public_key_t *auth_key, rend_intro_point_failure_t failure)
const hs_cache_intro_state_t * hs_cache_client_intro_state_find(const ed25519_public_key_t *service_pk, const ed25519_public_key_t *auth_key)
void hs_cache_purge_as_client(void)
Header file for hs_cache.c.
int hs_cell_parse_introduce_ack(const uint8_t *payload, size_t payload_len)
int hs_cell_parse_rendezvous2(const uint8_t *payload, size_t payload_len, uint8_t *handshake_info, size_t handshake_info_len)
Header file containing cell data for the whole HS subsystem.
int hs_circ_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ, const hs_desc_intro_point_t *ip, const hs_subcredential_t *subcredential)
int hs_circ_send_establish_rendezvous(origin_circuit_t *circ)
int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, const uint8_t *ntor_key_seed, size_t seed_len, int is_service_side)
Header file containing circuit data for the whole HS subsystem.
void hs_circuitmap_register_rend_circ_client_side(origin_circuit_t *or_circ, const uint8_t *cookie)
origin_circuit_t * hs_circuitmap_get_established_rend_circ_client_side(const uint8_t *cookie)
origin_circuit_t * hs_circuitmap_get_rend_circ_client_side(const uint8_t *cookie)
Header file for hs_circuitmap.c.
static void client_desc_has_arrived(const smartlist_t *entry_conns)
int hs_client_receive_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static hs_client_fetch_status_t directory_launch_v3_desc_fetch(const ed25519_public_key_t *onion_identity_pk, const routerstatus_t *hsdir)
int hs_client_receive_rendezvous2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static void client_service_authorization_free_void(void *auth)
static bool intro_points_all_timed_out(const ed25519_public_key_t *service_pk)
static char * get_client_auth_creds_filename(const char *onion_address, const char *dir)
static void socks_mark_introduction_failed(entry_connection_t *conn, const ed25519_public_key_t *identity_pk)
static void client_dir_fetch_400(dir_connection_t *dir_conn, const char *reason)
int hs_config_client_authorization(const or_options_t *options, int validate_only)
digest256map_t * get_hs_client_auths_map(void)
hs_client_register_auth_status_t hs_client_register_auth_credentials(hs_client_service_authorization_t *creds)
void hs_client_note_connection_attempt_succeeded(const edge_connection_t *conn)
static void note_connection_attempt_succeeded(const hs_ident_edge_conn_t *hs_conn_ident)
STATIC void purge_ephemeral_client_auth(void)
static const hs_desc_intro_point_t * find_desc_intro_point_by_ident(const hs_ident_circuit_t *ident, const hs_descriptor_t *desc)
static void client_rendezvous_circ_has_opened(origin_circuit_t *circ)
static int send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ)
STATIC hs_client_service_authorization_t * parse_auth_file_content(const char *client_key_str)
static const char * fetch_status_to_string(hs_client_fetch_status_t status)
static digest256map_t * client_auths
STATIC extend_info_t * desc_intro_point_to_extend_info(const hs_desc_intro_point_t *ip)
static void handle_introduce_ack_success(origin_circuit_t *intro_circ)
void hs_client_circuit_cleanup_on_close(const circuit_t *circ)
STATIC extend_info_t * client_get_random_intro(const ed25519_public_key_t *service_pk)
static int handle_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
STATIC int handle_rendezvous2(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
static int setup_intro_circ_auth_key(origin_circuit_t *circ)
static int directory_request_is_pending(const ed25519_public_key_t *identity_pk)
int hs_client_any_intro_points_usable(const ed25519_public_key_t *service_pk, const hs_descriptor_t *desc)
STATIC routerstatus_t * pick_hsdir_v3(const ed25519_public_key_t *onion_identity_pk)
STATIC int auth_key_filename_is_valid(const char *filename)
static int store_permanent_client_auth_credentials(const hs_client_service_authorization_t *creds)
hs_client_removal_auth_status_t hs_client_remove_auth_credentials(const char *hsaddress)
static hs_client_service_authorization_t * find_client_auth(const ed25519_public_key_t *service_identity_pk)
void hs_client_launch_v3_desc_fetch(const ed25519_public_key_t *onion_identity_pk, const smartlist_t *hsdirs)
static void client_dir_fetch_404(dir_connection_t *dir_conn, const smartlist_t *entry_conns)
static hs_desc_intro_point_t * find_desc_intro_point_by_legacy_id(const char *legacy_id, const hs_descriptor_t *desc)
void hs_client_circuit_cleanup_on_free(const circuit_t *circ)
void hs_client_dir_info_changed(void)
STATIC hs_client_fetch_status_t fetch_v3_desc(const ed25519_public_key_t *onion_identity_pk)
int hs_client_reextend_intro_circuit(origin_circuit_t *circ)
int hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk)
void hs_client_free_all(void)
static void client_intro_circ_has_opened(origin_circuit_t *circ)
static void find_and_remove_client_auth_creds_file(const hs_client_service_authorization_t *cred)
static void mark_conn_as_waiting_for_circuit(connection_t *conn, time_t now)
static hs_client_service_authorization_t * get_creds_from_client_auth_filename(const char *filename, const or_options_t *options)
static void close_all_socks_conns_waiting_for_desc(const ed25519_public_key_t *identity_pk, hs_client_fetch_status_t status, int reason)
static int close_or_reextend_intro_circ(origin_circuit_t *intro_circ)
static void client_dir_fetch_200(dir_connection_t *dir_conn, const smartlist_t *entry_conns, const char *body)
void hs_client_purge_state(void)
STATIC void retry_all_socks_conn_waiting_for_desc(void)
void hs_client_close_intro_circuits_from_desc(const hs_descriptor_t *desc)
int hs_client_receive_rendezvous_acked(origin_circuit_t *circ, const uint8_t *payload, size_t payload_len)
int hs_client_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ)
hs_desc_decode_status_t hs_client_decode_descriptor(const char *desc_str, const ed25519_public_key_t *service_identity_pk, hs_descriptor_t **desc)
static void client_desc_missing_bad_client_auth(const smartlist_t *entry_conns, hs_desc_decode_status_t status)
static void handle_introduce_ack_bad(origin_circuit_t *circ, int status)
void hs_client_circuit_has_opened(origin_circuit_t *circ)
static void client_dir_fetch_unexpected(dir_connection_t *dir_conn, const char *reason, const int status_code)
void hs_client_dir_fetch_done(dir_connection_t *dir_conn, const char *reason, const char *body, const int status_code)
extend_info_t * hs_client_get_random_intro_from_edge(const edge_connection_t *edge_conn)
static int intro_circ_is_ok(const origin_circuit_t *circ)
static unsigned int can_client_refetch_desc(const ed25519_public_key_t *identity_pk, hs_client_fetch_status_t *status_out)
static int fetch_status_should_close_socks(hs_client_fetch_status_t status)
static void socks_mark_rend_circuit_timed_out(const origin_circuit_t *rend_circ)
static void flag_all_conn_wait_desc(const ed25519_public_key_t *service_identity_pk)
static void purge_hid_serv_request(const ed25519_public_key_t *identity_pk)
static int intro_point_is_usable(const ed25519_public_key_t *service_pk, const hs_desc_intro_point_t *ip)
Header file containing client data for the HS subsystem.
@ HS_CLIENT_FETCH_PENDING
@ HS_CLIENT_FETCH_MISSING_INFO
@ HS_CLIENT_FETCH_NO_HSDIRS
@ HS_CLIENT_FETCH_HAVE_DESC
@ HS_CLIENT_FETCH_NOT_ALLOWED
@ HS_CLIENT_FETCH_LAUNCHED
#define CLIENT_AUTH_FLAG_IS_PERMANENT
void hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, uint64_t time_period_num, int use_second_hsdir_index, int for_fetching, smartlist_t *responsible_dirs)
void hs_get_subcredential(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_subcredential_t *subcred_out)
uint64_t hs_get_time_period_num(time_t now)
void hs_purge_last_hid_serv_requests(void)
void hs_build_blinded_pubkey(const ed25519_public_key_t *pk, const uint8_t *secret, size_t secret_len, uint64_t time_period_num, ed25519_public_key_t *blinded_pk_out)
void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str)
void hs_build_address(const ed25519_public_key_t *key, uint8_t version, char *addr_out)
int hs_parse_address(const char *address, ed25519_public_key_t *key_out, uint8_t *checksum_out, uint8_t *version_out)
char * hs_path_from_filename(const char *directory, const char *filename)
routerstatus_t * hs_pick_hsdir(smartlist_t *responsible_dirs, const char *req_key_str, bool *is_rate_limited_out)
extend_info_t * hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, const curve25519_public_key_t *onion_key, int direct_conn)
#define HS_SERVICE_ADDR_LEN_BASE32
void hs_control_desc_event_requested(const ed25519_public_key_t *onion_pk, const char *base64_blinded_pk, const routerstatus_t *hsdir_rs)
void hs_control_desc_event_received(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest)
void hs_control_desc_event_failed(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest, const char *reason)
void hs_control_desc_event_content(const hs_ident_dir_conn_t *ident, const char *hsdir_id_digest, const char *body)
Header file containing control port event related code.
hs_desc_decode_status_t hs_desc_decode_descriptor(const char *encoded, const hs_subcredential_t *subcredential, const curve25519_secret_key_t *client_auth_sk, hs_descriptor_t **desc_out)
Header file for hs_descriptor.c.
void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk, const ed25519_public_key_t *blinded_pk, hs_ident_dir_conn_t *ident)
int hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident)
Header file containing circuit and connection identifier data for the whole HS subsystem.
int hs_ntor_client_rendezvous2_mac_is_good(const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys, const uint8_t *rcvd_mac)
#define log_fn(severity, domain, args,...)
#define MAP_DEL_CURRENT(keyvar)
#define DIGESTMAP_FOREACH_END
int usable_consensus_flavor(void)
Header file for microdesc.c.
networkstatus_t * networkstatus_get_reasonably_live_consensus(time_t now, int flavor)
Header file for networkstatus.c.
bool node_supports_v3_rendezvous_point(const node_t *node)
const node_t * node_get_by_id(const char *identity_digest)
int router_have_minimum_dir_info(void)
Header file for nodelist.c.
Master header file for Tor-specific functionality.
#define MAX_INTRO_POINT_REACHABILITY_FAILURES
Origin circuit structure.
int tor_asprintf(char **strp, const char *fmt,...)
const char * stream_end_reason_to_string(int reason)
Header file for reasons.c.
int routerset_contains_extendinfo(const routerset_t *set, const extend_info_t *ei)
Header file for routerset.c.
void smartlist_add_all(smartlist_t *s1, const smartlist_t *s2)
smartlist_t * smartlist_new(void)
void smartlist_add(smartlist_t *sl, void *element)
void smartlist_del(smartlist_t *sl, int idx)
#define SMARTLIST_FOREACH_BEGIN(sl, type, var)
#define SMARTLIST_FOREACH(sl, type, var, cmd)
int smartlist_split_string(smartlist_t *sl, const char *str, const char *sep, int flags, int max)
Client request structure.
int marked_for_close_orig_reason
time_t timestamp_last_read_allowed
uint16_t marked_for_close
time_t timestamp_last_write_allowed
extend_info_t * chosen_exit
char identity_digest[DIGEST_LEN]
struct edge_connection_t * next_stream
socks_request_t * socks_request
char identity_digest[DIGEST_LEN]
uint32_t unreachable_count
char onion_address[HS_SERVICE_ADDR_LEN_BASE32+1]
curve25519_secret_key_t enc_seckey
smartlist_t * intro_points
curve25519_public_key_t onion_key
curve25519_public_key_t enc_key
tor_cert_t * auth_key_cert
smartlist_t * link_specifiers
hs_desc_encrypted_data_t encrypted_data
hs_subcredential_t subcredential
hs_desc_plaintext_data_t plaintext_data
uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN]
ed25519_public_key_t intro_auth_pk
curve25519_keypair_t rendezvous_client_kp
curve25519_public_key_t intro_enc_pk
ed25519_public_key_t identity_pk
ed25519_public_key_t identity_pk
ed25519_public_key_t identity_pk
char * ClientOnionAuthDir
struct routerset_t * ExcludeNodes
struct hs_ident_circuit_t * hs_ident
edge_connection_t * p_streams
unsigned int remaining_relay_early_cells
cpath_build_state_t * build_state
socks5_reply_status_t socks_extended_error_code
ed25519_public_key_t signed_key
#define MOCK_IMPL(rv, funcname, arglist)
int tor_cert_checksig(tor_cert_t *cert, const ed25519_public_key_t *pubkey, time_t now)
const char * tor_cert_describe_signature_status(const tor_cert_t *cert)
#define tor_assert_nonfatal_unreached()
int strcmpend(const char *s1, const char *s2)
int fast_mem_is_zero(const char *mem, size_t len)
#define ED25519_BASE64_LEN
#define CURVE25519_PUBKEY_LEN
#define CURVE25519_SECKEY_LEN