tor  0.4.2.0-alpha-dev
hs_ident.h
Go to the documentation of this file.
1 /* Copyright (c) 2017-2019, The Tor Project, Inc. */
2 /* See LICENSE for licensing information */
3 
21 #ifndef TOR_HS_IDENT_H
22 #define TOR_HS_IDENT_H
23 
25 
26 #include "feature/hs/hs_common.h"
27 
28 /* Length of the rendezvous cookie that is used to connect circuits at the
29  * rendezvous point. */
30 #define HS_REND_COOKIE_LEN DIGEST_LEN
31 
32 /* Type of circuit an hs_ident_t object is associated with. */
33 typedef enum {
34  HS_IDENT_CIRCUIT_INTRO = 1,
35  HS_IDENT_CIRCUIT_RENDEZVOUS = 2,
36 } hs_ident_circuit_type_t;
37 
38 /* Client and service side circuit identifier that is used for hidden service
39  * circuit establishment. Not all fields contain data, it depends on the
40  * circuit purpose. This is attached to an origin_circuit_t. All fields are
41  * used by both client and service. */
42 typedef struct hs_ident_circuit_t {
43  /* (All circuit) The public key used to uniquely identify the service. It is
44  * the one found in the onion address. */
45  ed25519_public_key_t identity_pk;
46 
47  /* (All circuit) The type of circuit this identifier is attached to.
48  * Accessors of the fields in this object assert non fatal on this circuit
49  * type. In other words, if a rendezvous field is being accessed, the
50  * circuit type MUST BE of type HS_IDENT_CIRCUIT_RENDEZVOUS. This value is
51  * set when an object is initialized in its constructor. */
52  hs_ident_circuit_type_t circuit_type;
53 
54  /* (All circuit) Introduction point authentication key. It's also needed on
55  * the rendezvous circuit for the ntor handshake. It's used as the unique key
56  * of the introduction point so it should not be shared between multiple
57  * intro points. */
58  ed25519_public_key_t intro_auth_pk;
59 
60  /* (Only client rendezvous circuit) Introduction point encryption public
61  * key. We keep it in the rendezvous identifier for the ntor handshake. */
62  curve25519_public_key_t intro_enc_pk;
63 
64  /* (Only rendezvous circuit) Rendezvous cookie sent from the client to the
65  * service with an INTRODUCE1 cell and used by the service in an
66  * RENDEZVOUS1 cell. */
67  uint8_t rendezvous_cookie[HS_REND_COOKIE_LEN];
68 
69  /* (Only service rendezvous circuit) The HANDSHAKE_INFO needed in the
70  * RENDEZVOUS1 cell of the service. The construction is as follows:
71  * SERVER_PK [32 bytes]
72  * AUTH_MAC [32 bytes]
73  */
74  uint8_t rendezvous_handshake_info[CURVE25519_PUBKEY_LEN + DIGEST256_LEN];
75 
76  /* (Only client rendezvous circuit) Client ephemeral keypair needed for the
77  * e2e encryption with the service. */
78  curve25519_keypair_t rendezvous_client_kp;
79 
80  /* (Only rendezvous circuit) The NTOR_KEY_SEED needed for key derivation for
81  * the e2e encryption with the client on the circuit. */
82  uint8_t rendezvous_ntor_key_seed[DIGEST256_LEN];
83 
84  /* (Only rendezvous circuit) Number of streams associated with this
85  * rendezvous circuit. We track this because there is a check on a maximum
86  * value. */
87  uint64_t num_rdv_streams;
89 
90 /* Client and service side directory connection identifier used for a
91  * directory connection to identify which service is being queried. This is
92  * attached to a dir_connection_t. */
93 typedef struct hs_ident_dir_conn_t {
94  /* The public key used to uniquely identify the service. It is the one found
95  * in the onion address. */
96  ed25519_public_key_t identity_pk;
97 
98  /* The blinded public key used to uniquely identify the descriptor that this
99  * directory connection identifier is for. Only used by the service-side code
100  * to fine control descriptor uploads. */
101  ed25519_public_key_t blinded_pk;
102 
103  /* XXX: Client authorization. */
105 
106 /* Client and service side edge connection identifier used for an edge
107  * connection to identify which service is being queried. This is attached to
108  * a edge_connection_t. */
109 typedef struct hs_ident_edge_conn_t {
110  /* The public key used to uniquely identify the service. It is the one found
111  * in the onion address. */
112  ed25519_public_key_t identity_pk;
113 
114  /* The original virtual port that was used by the client to access the onion
115  * service, regardless of the internal port forwarding that might have
116  * happened on the service-side. */
117  uint16_t orig_virtual_port;
118  /* XXX: Client authorization. */
120 
121 /* Circuit identifier API. */
122 hs_ident_circuit_t *hs_ident_circuit_new(
123  const ed25519_public_key_t *identity_pk,
124  hs_ident_circuit_type_t circuit_type);
125 void hs_ident_circuit_free_(hs_ident_circuit_t *ident);
126 #define hs_ident_circuit_free(id) \
127  FREE_AND_NULL(hs_ident_circuit_t, hs_ident_circuit_free_, (id))
128 hs_ident_circuit_t *hs_ident_circuit_dup(const hs_ident_circuit_t *src);
129 
130 /* Directory connection identifier API. */
131 hs_ident_dir_conn_t *hs_ident_dir_conn_dup(const hs_ident_dir_conn_t *src);
132 void hs_ident_dir_conn_free_(hs_ident_dir_conn_t *ident);
133 #define hs_ident_dir_conn_free(id) \
134  FREE_AND_NULL(hs_ident_dir_conn_t, hs_ident_dir_conn_free_, (id))
135 void hs_ident_dir_conn_init(const ed25519_public_key_t *identity_pk,
136  const ed25519_public_key_t *blinded_pk,
137  hs_ident_dir_conn_t *ident);
138 
139 /* Edge connection identifier API. */
140 hs_ident_edge_conn_t *hs_ident_edge_conn_new(
141  const ed25519_public_key_t *identity_pk);
142 void hs_ident_edge_conn_free_(hs_ident_edge_conn_t *ident);
143 #define hs_ident_edge_conn_free(id) \
144  FREE_AND_NULL(hs_ident_edge_conn_t, hs_ident_edge_conn_free_, (id))
145 
146 /* Validators */
147 int hs_ident_intro_circ_is_valid(const hs_ident_circuit_t *ident);
148 
149 #endif /* !defined(TOR_HS_IDENT_H) */
150 
Header file containing common data for the whole HS subsytem.
#define DIGEST256_LEN
Definition: digest_sizes.h:23
Header for crypto_ed25519.c.
#define CURVE25519_PUBKEY_LEN
Definition: x25519_sizes.h:20